1 /* $NetBSD: ntp_io.c,v 1.33 2024/08/18 20:47:17 christos Exp $ */
2
3 /*
4 * ntp_io.c - input/output routines for ntpd. The socket-opening code
5 * was shamelessly stolen from ntpd.
6 */
7
8 #ifdef HAVE_CONFIG_H
9 # include <config.h>
10 #endif
11
12 #include <stdio.h>
13 #include <signal.h>
14 #ifdef HAVE_FNMATCH_H
15 # include <fnmatch.h>
16 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE)
17 # define FNM_CASEFOLD FNM_IGNORECASE
18 # endif
19 #endif
20 #ifdef HAVE_SYS_PARAM_H
21 # include <sys/param.h>
22 #endif
23 #ifdef HAVE_SYS_IOCTL_H
24 # include <sys/ioctl.h>
25 #endif
26 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */
27 # include <sys/sockio.h>
28 #endif
29 #ifdef HAVE_SYS_UIO_H
30 # include <sys/uio.h>
31 #endif
32
33 #include "ntp_machine.h"
34 #include "ntpd.h"
35 #include "ntp_io.h"
36 #include "iosignal.h"
37 #include "ntp_lists.h"
38 #include "ntp_refclock.h"
39 #include "ntp_stdlib.h"
40 #include "ntp_worker.h"
41 #include "ntp_request.h"
42 #include "ntp_assert.h"
43 #include "timevalops.h"
44 #include "timespecops.h"
45 #include "ntpd-opts.h"
46 #include "safecast.h"
47
48 /* Don't include ISC's version of IPv6 variables and structures */
49 #define ISC_IPV6_H 1
50 #include <isc/mem.h>
51 #include <isc/interfaceiter.h>
52 #include <isc/netaddr.h>
53 #include <isc/result.h>
54 #include <isc/sockaddr.h>
55
56 #ifdef SIM
57 #include "ntpsim.h"
58 #endif
59
60 #ifdef HAS_ROUTING_SOCKET
61 # include <net/route.h>
62 # ifdef HAVE_RTNETLINK
63 # include <linux/rtnetlink.h>
64 # endif
65 #endif
66
67 /*
68 * setsockopt does not always have the same arg declaration
69 * across all platforms. If it's not defined we make it empty
70 */
71
72 #ifndef SETSOCKOPT_ARG_CAST
73 #define SETSOCKOPT_ARG_CAST
74 #endif
75
76 extern int listen_to_virtual_ips;
77
78 #ifndef IPTOS_DSCP_EF
79 #define IPTOS_DSCP_EF 0xb8
80 #endif
81 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */
82
83 #ifdef LEAP_SMEAR
84 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so
85 * we get a linker error. Since we're running out of time before the leap
86 * second occurs, we let it here where it just works.
87 */
88 int leap_smear_intv;
89 #endif
90
91 /*
92 * NIC rule entry
93 */
94 typedef struct nic_rule_tag nic_rule;
95
96 struct nic_rule_tag {
97 nic_rule * next;
98 nic_rule_action action;
99 nic_rule_match match_type;
100 char * if_name;
101 sockaddr_u addr;
102 int prefixlen;
103 };
104
105 /*
106 * NIC rule listhead. Entries are added at the head so that the first
107 * match in the list is the last matching rule specified.
108 */
109 nic_rule *nic_rule_list;
110
111
112 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR)
113 # define HAVE_PACKET_TIMESTAMP
114 # define HAVE_BINTIME
115 # ifdef BINTIME_CTLMSGBUF_SIZE
116 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE
117 # else
118 # define CMSG_BUFSIZE 1536 /* moderate default */
119 # endif
120 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR)
121 # define HAVE_PACKET_TIMESTAMP
122 # define HAVE_TIMESTAMPNS
123 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE
124 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE
125 # else
126 # define CMSG_BUFSIZE 1536 /* moderate default */
127 # endif
128 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR)
129 # define HAVE_PACKET_TIMESTAMP
130 # define HAVE_TIMESTAMP
131 # ifdef TIMESTAMP_CTLMSGBUF_SIZE
132 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE
133 # else
134 # define CMSG_BUFSIZE 1536 /* moderate default */
135 # endif
136 #else
137 /* fill in for old/other timestamp interfaces */
138 #endif
139
140 #if defined(SYS_WINNT)
141 #include "win32_io.h"
142 #include <isc/win32os.h>
143 #endif
144
145 /*
146 * We do asynchronous input using the SIGIO facility. A number of
147 * recvbuf buffers are preallocated for input. In the signal
148 * handler we poll to see which sockets are ready and read the
149 * packets from them into the recvbuf's along with a time stamp and
150 * an indication of the source host and the interface it was received
151 * through. This allows us to get as accurate receive time stamps
152 * as possible independent of other processing going on.
153 *
154 * We watch the number of recvbufs available to the signal handler
155 * and allocate more when this number drops below the low water
156 * mark. If the signal handler should run out of buffers in the
157 * interim it will drop incoming frames, the idea being that it is
158 * better to drop a packet than to be inaccurate.
159 */
160
161
162 /*
163 * Other statistics of possible interest
164 */
165 volatile u_long packets_dropped; /* total number of packets dropped on reception */
166 volatile u_long packets_ignored; /* packets received on wild card interface */
167 volatile u_long packets_received; /* total number of packets received */
168 u_long packets_sent; /* total number of packets sent */
169 u_long packets_notsent; /* total number of packets which couldn't be sent */
170
171 volatile u_long handler_calls; /* number of calls to interrupt handler */
172 volatile u_long handler_pkts; /* number of pkts received by handler */
173 u_long io_timereset; /* time counters were reset */
174
175 /*
176 * Interface stuff
177 */
178 endpt * any_interface; /* wildcard ipv4 interface */
179 endpt * any6_interface; /* wildcard ipv6 interface */
180 endpt * loopback_interface; /* loopback ipv4 interface */
181
182 static isc_boolean_t broadcast_client_enabled;
183 u_int sys_ifnum; /* next .ifnum to assign */
184 int ninterfaces; /* Total number of interfaces */
185
186 int no_periodic_scan; /* network endpoint scans */
187 int scan_addrs_once; /* because dropped privs */
188 int nonlocal_v4_addr_up; /* should we try IPv4 pool? */
189 int nonlocal_v6_addr_up; /* should we try IPv6 pool? */
190
191 #ifdef REFCLOCK
192 /*
193 * Refclock stuff. We keep a chain of structures with data concerning
194 * the guys we are doing I/O for.
195 */
196 static struct refclockio *refio;
197 #endif /* REFCLOCK */
198
199 /*
200 * File descriptor masks etc. for call to select
201 * Not needed for I/O Completion Ports or anything outside this file
202 */
203 static fd_set activefds;
204 static int maxactivefd;
205
206 /*
207 * bit alternating value to detect verified interfaces during an update cycle
208 */
209 static u_short sys_interphase = 0;
210
211 static endpt * new_interface(endpt *);
212 static void add_interface(endpt *);
213 static int update_interfaces(u_short, interface_receiver_t,
214 void *);
215 static void remove_interface(endpt *);
216 static endpt * create_interface(u_short, endpt *);
217
218 static inline int is_wildcard_addr(const sockaddr_u *psau);
219
220 /*
221 * Multicast functions
222 */
223 static isc_boolean_t addr_ismulticast (sockaddr_u *);
224 static isc_boolean_t is_anycast (sockaddr_u *,
225 const char *);
226
227 /*
228 * Not all platforms support multicast
229 */
230 #ifdef MCAST
231 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *);
232 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *);
233 #endif
234
235 #ifdef DEBUG
236 static void interface_dump (const endpt *);
237 static void print_interface (const endpt *, const char *, const char *);
238 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0)
239 #else
240 #define DPRINT_INTERFACE(level, args) do {} while (0)
241 #endif
242
243 typedef struct vsock vsock_t;
244 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE };
245
246 struct vsock {
247 vsock_t * link;
248 SOCKET fd;
249 enum desc_type type;
250 };
251
252 vsock_t *fd_list;
253
254 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
255 /*
256 * async notification processing (e. g. routing sockets)
257 */
258 /*
259 * support for receiving data on fd that is not a refclock or a socket
260 * like e. g. routing sockets
261 */
262 struct asyncio_reader {
263 struct asyncio_reader *link; /* the list this is being kept in */
264 SOCKET fd; /* fd to be read */
265 void *data; /* possibly local data */
266 void (*receiver)(struct asyncio_reader *); /* input handler */
267 };
268
269 struct asyncio_reader *asyncio_reader_list;
270
271 static void delete_asyncio_reader (struct asyncio_reader *);
272 static struct asyncio_reader *new_asyncio_reader (void);
273 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type);
274 static void remove_asyncio_reader (struct asyncio_reader *);
275
276 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */
277
278 static void init_async_notifications (void);
279
280 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *,
281 int);
282 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *,
283 const sockaddr_u *, const sockaddr_u *);
284 static int create_sockets (u_short);
285 static SOCKET open_socket (sockaddr_u *, int, int, endpt *);
286 static void set_reuseaddr (int);
287 static isc_boolean_t socket_broadcast_enable (endpt *, SOCKET, sockaddr_u *);
288
289 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
290 static char * fdbits (int, const fd_set *);
291 #endif
292 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
293 static isc_boolean_t socket_broadcast_disable (endpt *, sockaddr_u *);
294 #endif
295
296 typedef struct remaddr remaddr_t;
297
298 struct remaddr {
299 remaddr_t * link;
300 sockaddr_u addr;
301 endpt * ep;
302 };
303
304 remaddr_t * remoteaddr_list;
305 endpt * ep_list; /* complete endpt list */
306 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */
307 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */
308
309 static endpt * wildipv4;
310 static endpt * wildipv6;
311
312 #define RFC3927_ADDR 0xa9fe0000 /* 169.254. */
313 #define RFC3927_MASK 0xffff0000
314 #define IS_AUTOCONF(addr4) \
315 ((SRCADR(addr4) & RFC3927_MASK) == RFC3927_ADDR)
316
317 #ifdef SYS_WINNT
318 int accept_wildcard_if_for_winnt;
319 #else
320 const int accept_wildcard_if_for_winnt = FALSE;
321 #define init_io_completion_port() do {} while (FALSE)
322 #endif
323
324 static void add_fd_to_list (SOCKET, enum desc_type);
325 static endpt * find_addr_in_list (sockaddr_u *);
326 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32);
327 static void delete_addr_from_list (sockaddr_u *);
328 static void delete_interface_from_list(endpt *);
329 static void close_and_delete_fd_from_list(SOCKET, endpt *);
330 static void add_addr_to_list (sockaddr_u *, endpt *);
331 static void create_wildcards (u_short);
332 static endpt * findlocalinterface (sockaddr_u *, int, int);
333 static endpt * findclosestinterface (sockaddr_u *, int);
334 #ifdef DEBUG
335 static const char * action_text (nic_rule_action);
336 #endif
337 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32);
338 static void convert_isc_if (isc_interface_t *,
339 endpt *, u_short);
340 static void calc_addr_distance(sockaddr_u *,
341 const sockaddr_u *,
342 const sockaddr_u *);
343 static int cmp_addr_distance(const sockaddr_u *,
344 const sockaddr_u *);
345
346 /*
347 * Routines to read the ntp packets
348 */
349 #if !defined(HAVE_IO_COMPLETION_PORT)
350 static inline int read_network_packet (SOCKET, endpt *, l_fp);
351 static void ntpd_addremove_io_fd (int, int, int);
352 static void input_handler_scan (const l_fp*, const fd_set*);
353 static int/*BOOL*/ sanitize_fdset (int errc);
354 #ifdef REFCLOCK
355 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp);
356 #endif
357 #ifdef HAVE_SIGNALED_IO
358 static void input_handler (l_fp*);
359 #endif
360 #endif
361
362
363 #ifndef HAVE_IO_COMPLETION_PORT
364 void
maintain_activefds(int fd,int closing)365 maintain_activefds(
366 int fd,
367 int closing
368 )
369 {
370 int i;
371
372 if (fd < 0 || fd >= FD_SETSIZE) {
373 msyslog(LOG_ERR,
374 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d",
375 FD_SETSIZE, fd);
376 exit(1);
377 }
378
379 if (!closing) {
380 FD_SET(fd, &activefds);
381 maxactivefd = max(fd, maxactivefd);
382 } else {
383 FD_CLR(fd, &activefds);
384 if (maxactivefd && fd == maxactivefd) {
385 for (i = maxactivefd - 1; i >= 0; i--)
386 if (FD_ISSET(i, &activefds)) {
387 maxactivefd = i;
388 break;
389 }
390 INSIST(fd != maxactivefd);
391 }
392 }
393 }
394 #endif /* !HAVE_IO_COMPLETION_PORT */
395
396
397 #ifdef DEBUG_TIMING
398 /*
399 * collect timing information for various processing
400 * paths. currently we only pass them on to the file
401 * for later processing. this could also do histogram
402 * based analysis in other to reduce the load (and skew)
403 * dur to the file output
404 */
405 void
collect_timing(struct recvbuf * rb,const char * tag,int count,l_fp * dts)406 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts)
407 {
408 char buf[256];
409
410 snprintf(buf, sizeof(buf), "%s %d %s %s",
411 (rb != NULL)
412 ? ((rb->dstadr != NULL)
413 ? stoa(&rb->recv_srcadr)
414 : "-REFCLOCK-")
415 : "-",
416 count, lfptoa(dts, 9), tag);
417 record_timing_stats(buf);
418 }
419 #endif
420
421 /*
422 * About dynamic interfaces, sockets, reception and more...
423 *
424 * the code solves following tasks:
425 *
426 * - keep a current list of active interfaces in order
427 * to bind to to the interface address on NTP_PORT so that
428 * all wild and specific bindings for NTP_PORT are taken by ntpd
429 * to avoid other daemons messing with the time or sockets.
430 * - all interfaces keep a list of peers that are referencing
431 * the interface in order to quickly re-assign the peers to
432 * new interface in case an interface is deleted (=> gone from system or
433 * down)
434 * - have a preconfigured socket ready with the right local address
435 * for transmission and reception
436 * - have an address list for all destination addresses used within ntpd
437 * to find the "right" preconfigured socket.
438 * - facilitate updating the internal interface list with respect to
439 * the current kernel state
440 *
441 * special issues:
442 *
443 * - mapping of multicast addresses to the interface affected is not always
444 * one to one - especially on hosts with multiple interfaces
445 * the code here currently allocates a separate interface entry for those
446 * multicast addresses
447 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF)
448 * in case of failure the multicast address is bound to an existing interface.
449 * - on some systems it is perfectly legal to assign the same address to
450 * multiple interfaces. Therefore this code does not keep a list of interfaces
451 * but a list of interfaces that represent a unique address as determined by the kernel
452 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only
453 * one representative of a group of real interfaces if they share the same address.
454 *
455 * Frank Kardel 20050910
456 */
457
458 /*
459 * init_io - initialize I/O module.
460 */
461 void
init_io(void)462 init_io(void)
463 {
464 /* Init buffer free list and stat counters */
465 init_recvbuff(RECV_INIT);
466 endpt_scan_period = 301;
467
468 #ifdef WORK_PIPE
469 addremove_io_fd = &ntpd_addremove_io_fd;
470 #endif
471
472 init_io_completion_port();
473 #if defined(HAVE_SIGNALED_IO)
474 (void) set_signal(input_handler);
475 #endif
476 }
477
478
479 static void
ntpd_addremove_io_fd(int fd,int is_pipe,int remove_it)480 ntpd_addremove_io_fd(
481 int fd,
482 int is_pipe,
483 int remove_it
484 )
485 {
486 UNUSED_ARG(is_pipe);
487
488 #ifdef HAVE_SIGNALED_IO
489 if (!remove_it)
490 init_socket_sig(fd);
491 #endif /* not HAVE_SIGNALED_IO */
492
493 maintain_activefds(fd, remove_it);
494 }
495
496
497 /*
498 * io_open_sockets - call socket creation routine
499 */
500 void
io_open_sockets(void)501 io_open_sockets(void)
502 {
503 static int already_opened;
504
505 if (already_opened || HAVE_OPT( SAVECONFIGQUIT ))
506 return;
507
508 already_opened = 1;
509
510 /*
511 * Create the sockets
512 */
513 BLOCKIO();
514 create_sockets(NTP_PORT);
515 UNBLOCKIO();
516
517 init_async_notifications();
518
519 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd));
520 }
521
522
523 #ifdef DEBUG
524 /*
525 * function to dump the contents of the interface structure
526 * for debugging use only.
527 * We face a dilemma here -- sockets are FDs under POSIX and
528 * actually HANDLES under Windows. So we use '%lld' as format
529 * and cast the value to 'long long'; this should not hurt
530 * with UNIX-like systems and does not truncate values on Win64.
531 */
532 void
interface_dump(const endpt * itf)533 interface_dump(const endpt *itf)
534 {
535 printf("Dumping interface: %p\n", itf);
536 printf("fd = %lld\n", (long long)itf->fd);
537 printf("bfd = %lld\n", (long long)itf->bfd);
538 printf("sin = %s,\n", stoa(&itf->sin));
539 printf("bcast = %s,\n", stoa(&itf->bcast));
540 printf("mask = %s,\n", stoa(&itf->mask));
541 printf("name = %s\n", itf->name);
542 printf("flags = 0x%08x\n", itf->flags);
543 printf("last_ttl = %d\n", itf->last_ttl);
544 printf("addr_refid = %08x\n", itf->addr_refid);
545 printf("num_mcast = %d\n", itf->num_mcast);
546 printf("received = %ld\n", itf->received);
547 printf("sent = %ld\n", itf->sent);
548 printf("notsent = %ld\n", itf->notsent);
549 printf("ifindex = %u\n", itf->ifindex);
550 printf("peercnt = %u\n", itf->peercnt);
551 printf("phase = %u\n", itf->phase);
552 }
553
554
555 /*
556 * print_interface - helper to output debug information
557 */
558 static void
print_interface(const endpt * iface,const char * pfx,const char * sfx)559 print_interface(const endpt *iface, const char *pfx, const char *sfx)
560 {
561 printf("%sinterface #%d: fd=%lld, bfd=%lld, name=%s, flags=0x%x, ifindex=%u, sin=%s",
562 pfx,
563 iface->ifnum,
564 (long long)iface->fd,
565 (long long)iface->bfd,
566 iface->name,
567 iface->flags,
568 iface->ifindex,
569 stoa(&iface->sin));
570 if (AF_INET == iface->family) {
571 if (iface->flags & INT_BROADCAST)
572 printf(", bcast=%s", stoa(&iface->bcast));
573 printf(", mask=%s", stoa(&iface->mask));
574 }
575 printf(", %s:%s",
576 (iface->ignore_packets)
577 ? "Disabled"
578 : "Enabled",
579 sfx);
580 if (debug > 4) /* in-depth debugging only */
581 interface_dump(iface);
582 }
583 #endif
584
585 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
586 /*
587 * create an asyncio_reader structure
588 */
589 static struct asyncio_reader *
new_asyncio_reader(void)590 new_asyncio_reader(void)
591 {
592 struct asyncio_reader *reader;
593
594 reader = emalloc_zero(sizeof(*reader));
595 reader->fd = INVALID_SOCKET;
596
597 return reader;
598 }
599
600 /*
601 * delete a reader
602 */
603 static void
delete_asyncio_reader(struct asyncio_reader * reader)604 delete_asyncio_reader(
605 struct asyncio_reader *reader
606 )
607 {
608 free(reader);
609 }
610
611 /*
612 * add asynchio_reader
613 */
614 static void
add_asyncio_reader(struct asyncio_reader * reader,enum desc_type type)615 add_asyncio_reader(
616 struct asyncio_reader * reader,
617 enum desc_type type)
618 {
619 LINK_SLIST(asyncio_reader_list, reader, link);
620 add_fd_to_list(reader->fd, type);
621 }
622
623 /*
624 * remove asyncio_reader
625 */
626 static void
remove_asyncio_reader(struct asyncio_reader * reader)627 remove_asyncio_reader(
628 struct asyncio_reader *reader
629 )
630 {
631 struct asyncio_reader *unlinked;
632
633 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link,
634 struct asyncio_reader);
635
636 if (reader->fd != INVALID_SOCKET) {
637 close_and_delete_fd_from_list(reader->fd, NULL);
638 }
639 reader->fd = INVALID_SOCKET;
640 }
641 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */
642
643
644 /* compare two sockaddr prefixes */
645 static int
addr_eqprefix(const sockaddr_u * a,const sockaddr_u * b,int prefixlen)646 addr_eqprefix(
647 const sockaddr_u * a,
648 const sockaddr_u * b,
649 int prefixlen
650 )
651 {
652 isc_netaddr_t isc_a;
653 isc_netaddr_t isc_b;
654 isc_sockaddr_t isc_sa;
655
656 ZERO(isc_sa);
657 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a)));
658 isc_netaddr_fromsockaddr(&isc_a, &isc_sa);
659
660 ZERO(isc_sa);
661 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b)));
662 isc_netaddr_fromsockaddr(&isc_b, &isc_sa);
663
664 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b,
665 (u_int)prefixlen);
666 }
667
668
669 static int
addr_samesubnet(const sockaddr_u * a,const sockaddr_u * a_mask,const sockaddr_u * b,const sockaddr_u * b_mask)670 addr_samesubnet(
671 const sockaddr_u * a,
672 const sockaddr_u * a_mask,
673 const sockaddr_u * b,
674 const sockaddr_u * b_mask
675 )
676 {
677 const u_int32 * pa;
678 const u_int32 * pa_limit;
679 const u_int32 * pb;
680 const u_int32 * pm;
681 size_t loops;
682
683 REQUIRE(AF(a) == AF(a_mask));
684 REQUIRE(AF(b) == AF(b_mask));
685 /*
686 * With address and mask families verified to match, comparing
687 * the masks also validates the address's families match.
688 */
689 if (!SOCK_EQ(a_mask, b_mask))
690 return FALSE;
691
692 if (IS_IPV6(a)) {
693 loops = sizeof(NSRCADR6(a)) / sizeof(*pa);
694 pa = (const void *)&NSRCADR6(a);
695 pb = (const void *)&NSRCADR6(b);
696 pm = (const void *)&NSRCADR6(a_mask);
697 } else {
698 loops = sizeof(NSRCADR(a)) / sizeof(*pa);
699 pa = (const void *)&NSRCADR(a);
700 pb = (const void *)&NSRCADR(b);
701 pm = (const void *)&NSRCADR(a_mask);
702 }
703 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++)
704 if ((*pa & *pm) != (*pb & *pm))
705 return FALSE;
706
707 return TRUE;
708 }
709
710
711 /*
712 * interface list enumerator - visitor pattern
713 */
714 void
interface_enumerate(interface_receiver_t receiver,void * data)715 interface_enumerate(
716 interface_receiver_t receiver,
717 void * data
718 )
719 {
720 interface_info_t ifi;
721
722 ifi.action = IFS_EXISTS;
723 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink)
724 (*receiver)(data, &ifi);
725 }
726
727 /*
728 * do standard initialization of interface structure
729 */
730 static inline void
init_interface(endpt * ep)731 init_interface(
732 endpt *ep
733 )
734 {
735 ZERO(*ep);
736 ep->fd = INVALID_SOCKET;
737 ep->bfd = INVALID_SOCKET;
738 ep->phase = sys_interphase;
739 }
740
741
742 /*
743 * create new interface structure initialize from
744 * template structure or via standard initialization
745 * function
746 */
747 static endpt *
new_interface(endpt * protot)748 new_interface(
749 endpt *protot
750 )
751 {
752 endpt * iface;
753
754 iface = emalloc(sizeof(*iface));
755 if (NULL == protot) {
756 ZERO(*iface);
757 } else {
758 memcpy(iface, protot, sizeof(*iface));
759 }
760 /* count every new instance of an interface in the system */
761 iface->ifnum = sys_ifnum++;
762 iface->starttime = current_time;
763
764 # ifdef HAVE_IO_COMPLETION_PORT
765 if (!io_completion_port_add_interface(iface)) {
766 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now");
767 exit(1);
768 }
769 # endif
770 return iface;
771 }
772
773
774 /*
775 * return interface storage into free memory pool
776 */
777 static void
delete_interface(endpt * ep)778 delete_interface(
779 endpt *ep
780 )
781 {
782 # ifdef HAVE_IO_COMPLETION_PORT
783 io_completion_port_remove_interface(ep);
784 # endif
785 free(ep);
786 }
787
788
789 /*
790 * link interface into list of known interfaces
791 */
792 static void
add_interface(endpt * ep)793 add_interface(
794 endpt * ep
795 )
796 {
797 endpt ** pmclisthead;
798 endpt * scan;
799 endpt * scan_next;
800 int same_subnet;
801 int rc;
802
803 /* Calculate the refid */
804 ep->addr_refid = addr2refid(&ep->sin);
805 # ifdef WORDS_BIGENDIAN
806 if (IS_IPV6(&ep->sin)) {
807 ep->old_refid = BYTESWAP32(ep->addr_refid);
808 }
809 # endif
810 /* link at tail so ntpdc -c ifstats index increases each row */
811 LINK_TAIL_SLIST(ep_list, ep, elink, endpt);
812 ninterfaces++;
813 #ifdef MCAST
814 /* the rest is for enabled multicast-capable addresses only */
815 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) ||
816 INT_LOOPBACK & ep->flags)
817 return;
818 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT
819 if (AF_INET6 == ep->family)
820 return;
821 # endif
822 pmclisthead = (AF_INET == ep->family)
823 ? &mc4_list
824 : &mc6_list;
825
826 /*
827 * If we have multiple global addresses from the same prefix
828 * on the same network interface, multicast from one.
829 */
830 for (scan = *pmclisthead; scan != NULL; scan = scan_next) {
831 scan_next = scan->mclink;
832 if ( ep->family != scan->family
833 || ep->ifindex != scan->ifindex) {
834 continue;
835 }
836 same_subnet = addr_samesubnet(&ep->sin, &ep->mask,
837 &scan->sin, &scan->mask);
838 if (same_subnet) {
839 DPRINTF(4, ("did not add %s to multicast-capable list"
840 "which already has %s\n",
841 stoa(&ep->sin), stoa(&scan->sin)));
842 return;
843 }
844 }
845 LINK_SLIST(*pmclisthead, ep, mclink);
846 if (INVALID_SOCKET == ep->fd)
847 return;
848
849 /*
850 * select the local address from which to send to multicast.
851 */
852 switch (AF(&ep->sin)) {
853
854 case AF_INET :
855 rc = setsockopt(ep->fd, IPPROTO_IP,
856 IP_MULTICAST_IF,
857 (void *)&NSRCADR(&ep->sin),
858 sizeof(NSRCADR(&ep->sin)));
859 if (rc)
860 msyslog(LOG_ERR,
861 "setsockopt IP_MULTICAST_IF %s fails: %m",
862 stoa(&ep->sin));
863 break;
864
865 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
866 case AF_INET6 :
867 rc = setsockopt(ep->fd, IPPROTO_IPV6,
868 IPV6_MULTICAST_IF,
869 (void *)&ep->ifindex,
870 sizeof(ep->ifindex));
871 /* do not complain if bound addr scope is ifindex */
872 if (rc && ep->ifindex != SCOPE(&ep->sin))
873 msyslog(LOG_ERR,
874 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m",
875 ep->ifindex, stoa(&ep->sin));
876 break;
877 # endif
878 }
879 #endif /* MCAST */
880 }
881
882
883 /*
884 * remove interface from known interface list and clean up
885 * associated resources
886 */
887 static void
remove_interface(endpt * ep)888 remove_interface(
889 endpt * ep
890 )
891 {
892 endpt * unlinked;
893 endpt ** pmclisthead;
894 sockaddr_u resmask;
895 int/*BOOL*/ success;
896
897 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt);
898 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) {
899 pmclisthead = (AF_INET == ep->family)
900 ? &mc4_list
901 : &mc6_list;
902 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt);
903 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n",
904 stoa(&ep->sin),
905 (unlinked != NULL)
906 ? "removed from"
907 : "not found on",
908 (AF_INET == ep->family)
909 ? "4"
910 : "6"));
911 }
912 delete_interface_from_list(ep);
913
914 if (ep->fd != INVALID_SOCKET) {
915 msyslog(LOG_INFO,
916 "Deleting %d %s, [%s]:%hd, stats:"
917 " received=%ld, sent=%ld, dropped=%ld,"
918 " active_time=%ld secs",
919 ep->ifnum,
920 ep->name,
921 stoa(&ep->sin),
922 SRCPORT(&ep->sin),
923 ep->received,
924 ep->sent,
925 ep->notsent,
926 current_time - ep->starttime);
927 close_and_delete_fd_from_list(ep->fd, ep);
928 ep->fd = INVALID_SOCKET;
929 }
930
931 if (ep->bfd != INVALID_SOCKET) {
932 msyslog(LOG_INFO,
933 "stop listening for broadcasts to %s on interface #%d %s",
934 stoa(&ep->bcast), ep->ifnum, ep->name);
935 close_and_delete_fd_from_list(ep->bfd, ep);
936 ep->bfd = INVALID_SOCKET;
937 }
938 # ifdef HAVE_IO_COMPLETION_PORT
939 io_completion_port_remove_interface(ep);
940 # endif
941
942 ninterfaces--;
943 mon_clearinterface(ep);
944
945 /* remove restrict interface entry */
946 SET_HOSTMASK(&resmask, AF(&ep->sin));
947 success = hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 0,
948 RESM_NTPONLY | RESM_INTERFACE, 0, 0);
949 if (!success) {
950 msyslog(LOG_ERR,
951 "unable to remove self-restriction for %s",
952 stoa(&ep->sin));
953 }
954
955 }
956
957
958 static void
log_listen_address(endpt * ep)959 log_listen_address(
960 endpt * ep
961 )
962 {
963 msyslog(LOG_INFO, "%s on %d %s %s",
964 (ep->ignore_packets)
965 ? "Listen and drop"
966 : "Listen normally",
967 ep->ifnum,
968 ep->name,
969 sptoa(&ep->sin));
970 }
971
972
973 static void
create_wildcards(u_short port)974 create_wildcards(
975 u_short port
976 )
977 {
978 int v4wild;
979 #ifdef INCLUDE_IPV6_SUPPORT
980 int v6wild;
981 #endif
982 sockaddr_u wildaddr;
983 nic_rule_action action;
984 endpt * wildif;
985
986 /*
987 * silence "potentially uninitialized" warnings from VC9
988 * failing to follow the logic. Ideally action could remain
989 * uninitialized, and the memset be the first statement under
990 * the first if (v4wild).
991 */
992 action = ACTION_LISTEN;
993 ZERO(wildaddr);
994
995 #ifdef INCLUDE_IPV6_SUPPORT
996 /*
997 * create pseudo-interface with wildcard IPv6 address
998 */
999 v6wild = ipv6_works;
1000 if (v6wild) {
1001 /* set wildaddr to the v6 wildcard address :: */
1002 ZERO(wildaddr);
1003 AF(&wildaddr) = AF_INET6;
1004 SET_ADDR6N(&wildaddr, in6addr_any);
1005 SET_PORT(&wildaddr, port);
1006 SET_SCOPE(&wildaddr, 0);
1007
1008 /* check for interface/nic rules affecting the wildcard */
1009 action = interface_action(NULL, &wildaddr, 0);
1010 v6wild = (ACTION_IGNORE != action);
1011 }
1012 if (v6wild) {
1013 wildif = new_interface(NULL);
1014
1015 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name));
1016 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin));
1017 wildif->family = AF_INET6;
1018 AF(&wildif->mask) = AF_INET6;
1019 SET_ONESMASK(&wildif->mask);
1020
1021 wildif->flags = INT_UP | INT_WILDCARD;
1022 wildif->ignore_packets = (ACTION_DROP == action);
1023
1024 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif);
1025
1026 if (wildif->fd != INVALID_SOCKET) {
1027 wildipv6 = wildif;
1028 any6_interface = wildif;
1029 add_addr_to_list(&wildif->sin, wildif);
1030 add_interface(wildif);
1031 log_listen_address(wildif);
1032 } else {
1033 msyslog(LOG_ERR,
1034 "unable to bind to wildcard address %s - another process may be running - EXITING",
1035 stoa(&wildif->sin));
1036 exit(1);
1037 }
1038 DPRINT_INTERFACE(2, (wildif, "created ", "\n"));
1039 }
1040 #endif
1041
1042 /*
1043 * create pseudo-interface with wildcard IPv4 address
1044 */
1045 v4wild = ipv4_works;
1046 if (v4wild) {
1047 /* set wildaddr to the v4 wildcard address 0.0.0.0 */
1048 AF(&wildaddr) = AF_INET;
1049 SET_ADDR4N(&wildaddr, INADDR_ANY);
1050 SET_PORT(&wildaddr, port);
1051
1052 /* check for interface/nic rules affecting the wildcard */
1053 action = interface_action(NULL, &wildaddr, 0);
1054 v4wild = (ACTION_IGNORE != action);
1055 }
1056 if (v4wild) {
1057 wildif = new_interface(NULL);
1058
1059 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name));
1060 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin));
1061 wildif->family = AF_INET;
1062 AF(&wildif->mask) = AF_INET;
1063 SET_ONESMASK(&wildif->mask);
1064
1065 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD;
1066 wildif->ignore_packets = (ACTION_DROP == action);
1067 #if defined(MCAST)
1068 /*
1069 * enable multicast reception on the broadcast socket
1070 */
1071 AF(&wildif->bcast) = AF_INET;
1072 SET_ADDR4N(&wildif->bcast, INADDR_ANY);
1073 SET_PORT(&wildif->bcast, port);
1074 #endif /* MCAST */
1075 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif);
1076
1077 if (wildif->fd != INVALID_SOCKET) {
1078 wildipv4 = wildif;
1079 any_interface = wildif;
1080
1081 add_addr_to_list(&wildif->sin, wildif);
1082 add_interface(wildif);
1083 log_listen_address(wildif);
1084 } else {
1085 msyslog(LOG_ERR,
1086 "unable to bind to wildcard address %s - another process may be running - EXITING",
1087 stoa(&wildif->sin));
1088 exit(1);
1089 }
1090 DPRINT_INTERFACE(2, (wildif, "created ", "\n"));
1091 }
1092 }
1093
1094
1095 /*
1096 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list.
1097 */
1098 void
add_nic_rule(nic_rule_match match_type,const char * if_name,int prefixlen,nic_rule_action action)1099 add_nic_rule(
1100 nic_rule_match match_type,
1101 const char * if_name, /* interface name or numeric address */
1102 int prefixlen,
1103 nic_rule_action action
1104 )
1105 {
1106 nic_rule * rule;
1107 isc_boolean_t is_ip;
1108
1109 rule = emalloc_zero(sizeof(*rule));
1110 rule->match_type = match_type;
1111 rule->prefixlen = prefixlen;
1112 rule->action = action;
1113
1114 if (MATCH_IFNAME == match_type) {
1115 REQUIRE(NULL != if_name);
1116 rule->if_name = estrdup(if_name);
1117 } else if (MATCH_IFADDR == match_type) {
1118 REQUIRE(NULL != if_name);
1119 /* set rule->addr */
1120 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr);
1121 REQUIRE(is_ip);
1122 } else
1123 REQUIRE(NULL == if_name);
1124
1125 LINK_SLIST(nic_rule_list, rule, next);
1126 }
1127
1128
1129 #ifdef DEBUG
1130 static const char *
action_text(nic_rule_action action)1131 action_text(
1132 nic_rule_action action
1133 )
1134 {
1135 const char *t;
1136
1137 switch (action) {
1138
1139 default:
1140 t = "ERROR"; /* quiet uninit warning */
1141 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n",
1142 action));
1143 ENSURE(0);
1144 break;
1145
1146 case ACTION_LISTEN:
1147 t = "listen";
1148 break;
1149
1150 case ACTION_IGNORE:
1151 t = "ignore";
1152 break;
1153
1154 case ACTION_DROP:
1155 t = "drop";
1156 break;
1157 }
1158
1159 return t;
1160 }
1161 #endif /* DEBUG */
1162
1163
1164 static nic_rule_action
interface_action(char * if_name,sockaddr_u * if_addr,u_int32 if_flags)1165 interface_action(
1166 char * if_name,
1167 sockaddr_u * if_addr,
1168 u_int32 if_flags
1169 )
1170 {
1171 nic_rule * rule;
1172 int isloopback;
1173 int iswildcard;
1174
1175 DPRINTF(4, ("interface_action: interface %s ",
1176 (if_name != NULL) ? if_name : "wildcard"));
1177
1178 iswildcard = is_wildcard_addr(if_addr);
1179 isloopback = !!(INT_LOOPBACK & if_flags);
1180
1181 /*
1182 * Find any matching NIC rule from --interface / -I or ntp.conf
1183 * interface/nic rules.
1184 */
1185 for (rule = nic_rule_list; rule != NULL; rule = rule->next) {
1186
1187 switch (rule->match_type) {
1188
1189 case MATCH_ALL:
1190 /* loopback and wildcard excluded from "all" */
1191 if (isloopback || iswildcard)
1192 break;
1193 DPRINTF(4, ("nic all %s\n",
1194 action_text(rule->action)));
1195 return rule->action;
1196
1197 case MATCH_IPV4:
1198 if (IS_IPV4(if_addr)) {
1199 DPRINTF(4, ("nic ipv4 %s\n",
1200 action_text(rule->action)));
1201 return rule->action;
1202 }
1203 break;
1204
1205 case MATCH_IPV6:
1206 if (IS_IPV6(if_addr)) {
1207 DPRINTF(4, ("nic ipv6 %s\n",
1208 action_text(rule->action)));
1209 return rule->action;
1210 }
1211 break;
1212
1213 case MATCH_WILDCARD:
1214 if (iswildcard) {
1215 DPRINTF(4, ("nic wildcard %s\n",
1216 action_text(rule->action)));
1217 return rule->action;
1218 }
1219 break;
1220
1221 case MATCH_IFADDR:
1222 if (rule->prefixlen != -1) {
1223 if (addr_eqprefix(if_addr, &rule->addr,
1224 rule->prefixlen)) {
1225
1226 DPRINTF(4, ("subnet address match - %s\n",
1227 action_text(rule->action)));
1228 return rule->action;
1229 }
1230 } else
1231 if (SOCK_EQ(if_addr, &rule->addr)) {
1232
1233 DPRINTF(4, ("address match - %s\n",
1234 action_text(rule->action)));
1235 return rule->action;
1236 }
1237 break;
1238
1239 case MATCH_IFNAME:
1240 if (if_name != NULL
1241 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD)
1242 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD)
1243 #else
1244 && !strcasecmp(if_name, rule->if_name)
1245 #endif
1246 ) {
1247
1248 DPRINTF(4, ("interface name match - %s\n",
1249 action_text(rule->action)));
1250 return rule->action;
1251 }
1252 break;
1253 }
1254 }
1255
1256 /*
1257 * Unless explicitly disabled such as with "nic ignore ::1"
1258 * listen on loopback addresses. Since ntpq and ntpdc query
1259 * "localhost" by default, which typically resolves to ::1 and
1260 * 127.0.0.1, it's useful to default to listening on both.
1261 */
1262 if (isloopback) {
1263 DPRINTF(4, ("default loopback listen\n"));
1264 return ACTION_LISTEN;
1265 }
1266
1267 /*
1268 * Treat wildcard addresses specially. If there is no explicit
1269 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule
1270 * default to drop.
1271 */
1272 if (iswildcard) {
1273 DPRINTF(4, ("default wildcard drop\n"));
1274 return ACTION_DROP;
1275 }
1276
1277 /*
1278 * Check for "virtual IP" (colon in the interface name) after
1279 * the rules so that "ntpd --interface eth0:1 -novirtualips"
1280 * does indeed listen on eth0:1's addresses.
1281 */
1282 if (!listen_to_virtual_ips && if_name != NULL
1283 && (strchr(if_name, ':') != NULL)) {
1284
1285 DPRINTF(4, ("virtual ip - ignore\n"));
1286 return ACTION_IGNORE;
1287 }
1288
1289 /*
1290 * If there are no --interface/-I command-line options and no
1291 * interface/nic rules in ntp.conf, the default action is to
1292 * listen. In the presence of rules from either, the default
1293 * is to ignore. This implements ntpd's traditional listen-
1294 * every default with no interface listen configuration, and
1295 * ensures a single -I eth0 or "nic listen eth0" means do not
1296 * listen on any other addresses.
1297 */
1298 if (NULL == nic_rule_list) {
1299 DPRINTF(4, ("default listen\n"));
1300 return ACTION_LISTEN;
1301 }
1302
1303 DPRINTF(4, ("implicit ignore\n"));
1304 return ACTION_IGNORE;
1305 }
1306
1307
1308 static void
convert_isc_if(isc_interface_t * isc_if,endpt * itf,u_short port)1309 convert_isc_if(
1310 isc_interface_t *isc_if,
1311 endpt *itf,
1312 u_short port
1313 )
1314 {
1315 strlcpy(itf->name, isc_if->name, sizeof(itf->name));
1316 itf->ifindex = isc_if->ifindex;
1317 itf->family = (u_short)isc_if->af;
1318 AF(&itf->sin) = itf->family;
1319 AF(&itf->mask) = itf->family;
1320 AF(&itf->bcast) = itf->family;
1321 SET_PORT(&itf->sin, port);
1322 SET_PORT(&itf->mask, port);
1323 SET_PORT(&itf->bcast, port);
1324
1325 if (IS_IPV4(&itf->sin)) {
1326 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr;
1327 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr;
1328
1329 if (isc_if->flags & INTERFACE_F_BROADCAST) {
1330 itf->flags |= INT_BROADCAST;
1331 NSRCADR(&itf->bcast) =
1332 isc_if->broadcast.type.in.s_addr;
1333 }
1334 }
1335 #ifdef INCLUDE_IPV6_SUPPORT
1336 else if (IS_IPV6(&itf->sin)) {
1337 SET_ADDR6N(&itf->sin, isc_if->address.type.in6);
1338 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6);
1339
1340 SET_SCOPE(&itf->sin, isc_if->address.zone);
1341 }
1342 #endif /* INCLUDE_IPV6_SUPPORT */
1343
1344
1345 /* Process the rest of the flags */
1346
1347 itf->flags |=
1348 ((INTERFACE_F_UP & isc_if->flags)
1349 ? INT_UP : 0)
1350 | ((INTERFACE_F_LOOPBACK & isc_if->flags)
1351 ? INT_LOOPBACK : 0)
1352 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags)
1353 ? INT_PPP : 0)
1354 | ((INTERFACE_F_MULTICAST & isc_if->flags)
1355 ? INT_MULTICAST : 0)
1356 | ((INTERFACE_F_PRIVACY & isc_if->flags)
1357 ? INT_PRIVACY : 0)
1358 ;
1359
1360 /*
1361 * Clear the loopback flag if the address is not localhost.
1362 * http://bugs.ntp.org/1683
1363 */
1364 if ((INT_LOOPBACK & itf->flags) && !IS_LOOPBACK_ADDR(&itf->sin)) {
1365 itf->flags &= ~INT_LOOPBACK;
1366 }
1367 }
1368
1369
1370 /*
1371 * refresh_interface
1372 *
1373 * some OSes have been observed to keep
1374 * cached routes even when more specific routes
1375 * become available.
1376 * this can be mitigated by re-binding
1377 * the socket.
1378 */
1379 static int
refresh_interface(endpt * iface)1380 refresh_interface(
1381 endpt * iface
1382 )
1383 {
1384 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
1385 if (iface->fd != INVALID_SOCKET) {
1386 int bcast = (iface->flags & INT_BCASTXMIT) != 0;
1387 /* as we forcibly close() the socket remove the
1388 broadcast permission indication */
1389 if (bcast)
1390 socket_broadcast_disable(iface, &iface->sin);
1391
1392 close_and_delete_fd_from_list(iface->fd, iface);
1393
1394 /* create new socket picking up a new first hop binding
1395 at connect() time */
1396 iface->fd = open_socket(&iface->sin,
1397 bcast, 0, iface);
1398 /*
1399 * reset TTL indication so TTL is is set again
1400 * next time around
1401 */
1402 iface->last_ttl = 0;
1403 return (iface->fd != INVALID_SOCKET);
1404 } else
1405 return 0; /* invalid sockets are not refreshable */
1406 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
1407 return (iface->fd != INVALID_SOCKET);
1408 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
1409 }
1410
1411 /*
1412 * interface_update - externally callable update function
1413 */
1414 void
interface_update(interface_receiver_t receiver,void * data)1415 interface_update(
1416 interface_receiver_t receiver,
1417 void * data
1418 )
1419 {
1420 int new_interface_found;
1421
1422 if (scan_addrs_once) {
1423 return;
1424 }
1425 BLOCKIO();
1426 new_interface_found = update_interfaces(NTP_PORT, receiver, data);
1427 UNBLOCKIO();
1428
1429 if (!new_interface_found) {
1430 return;
1431 }
1432 #ifdef DEBUG
1433 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver");
1434 #endif
1435 interrupt_worker_sleep();
1436 }
1437
1438
1439 /*
1440 * sau_from_netaddr() - convert network address on-wire formats.
1441 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u
1442 */
1443 void
sau_from_netaddr(sockaddr_u * psau,const isc_netaddr_t * pna)1444 sau_from_netaddr(
1445 sockaddr_u *psau,
1446 const isc_netaddr_t *pna
1447 )
1448 {
1449 ZERO_SOCK(psau);
1450 AF(psau) = (u_short)pna->family;
1451 switch (pna->family) {
1452
1453 case AF_INET:
1454 psau->sa4.sin_addr = pna->type.in;
1455 break;
1456
1457 case AF_INET6:
1458 psau->sa6.sin6_addr = pna->type.in6;
1459 break;
1460 }
1461 }
1462
1463
1464 static int
is_wildcard_addr(const sockaddr_u * psau)1465 is_wildcard_addr(
1466 const sockaddr_u *psau
1467 )
1468 {
1469 if (IS_IPV4(psau) && !NSRCADR(psau))
1470 return 1;
1471
1472 #ifdef INCLUDE_IPV6_SUPPORT
1473 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any))
1474 return 1;
1475 #endif
1476
1477 return 0;
1478 }
1479
1480
1481 isc_boolean_t
is_linklocal(sockaddr_u * psau)1482 is_linklocal(
1483 sockaddr_u * psau
1484 )
1485 {
1486 struct in6_addr * p6addr;
1487
1488 if (IS_IPV6(psau)) {
1489 p6addr = &psau->sa6.sin6_addr;
1490 if ( IN6_IS_ADDR_LINKLOCAL(p6addr)
1491 || IN6_IS_ADDR_SITELOCAL(p6addr)) {
1492
1493 return TRUE;
1494 }
1495 } else if (IS_IPV4(psau)) {
1496 /* autoconf are link-local 169.254.0.0/16 */
1497 if (IS_AUTOCONF(psau)) {
1498 return TRUE;
1499 }
1500 }
1501 return FALSE;
1502 }
1503
1504
1505 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
1506 /*
1507 * enable/disable re-use of wildcard address socket
1508 */
1509 static void
set_wildcard_reuse(u_short family,int on)1510 set_wildcard_reuse(
1511 u_short family,
1512 int on
1513 )
1514 {
1515 endpt *any;
1516 SOCKET fd = INVALID_SOCKET;
1517
1518 any = ANY_INTERFACE_BYFAM(family);
1519 if (any != NULL)
1520 fd = any->fd;
1521
1522 if (fd != INVALID_SOCKET) {
1523 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
1524 (void *)&on, sizeof(on)))
1525 msyslog(LOG_ERR,
1526 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m",
1527 on ? "on" : "off");
1528
1529 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n",
1530 on ? "on" : "off",
1531 stoa(&any->sin)));
1532 }
1533 }
1534 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */
1535
1536 static isc_boolean_t
check_flags(sockaddr_u * psau,const char * name,u_int32 flags)1537 check_flags(
1538 sockaddr_u *psau,
1539 const char *name,
1540 u_int32 flags
1541 )
1542 {
1543 #if defined(SIOCGIFAFLAG_IN)
1544 struct ifreq ifr;
1545 int fd;
1546
1547 if (psau->sa.sa_family != AF_INET)
1548 return ISC_FALSE;
1549 if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
1550 return ISC_FALSE;
1551 ZERO(ifr);
1552 memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr));
1553 strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
1554 if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) {
1555 close(fd);
1556 return ISC_FALSE;
1557 }
1558 close(fd);
1559 if ((ifr.ifr_addrflags & flags) != 0)
1560 return ISC_TRUE;
1561 #endif /* SIOCGIFAFLAG_IN */
1562 return ISC_FALSE;
1563 }
1564
1565 static isc_boolean_t
check_flags6(sockaddr_u * psau,const char * name,u_int32 flags6)1566 check_flags6(
1567 sockaddr_u *psau,
1568 const char *name,
1569 u_int32 flags6
1570 )
1571 {
1572 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6)
1573 struct in6_ifreq ifr6;
1574 int fd;
1575
1576 if (psau->sa.sa_family != AF_INET6)
1577 return ISC_FALSE;
1578 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
1579 return ISC_FALSE;
1580 ZERO(ifr6);
1581 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr));
1582 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name));
1583 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) {
1584 close(fd);
1585 return ISC_FALSE;
1586 }
1587 close(fd);
1588 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0)
1589 return ISC_TRUE;
1590 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */
1591 return ISC_FALSE;
1592 }
1593
1594 static isc_boolean_t
is_anycast(sockaddr_u * psau,const char * name)1595 is_anycast(
1596 sockaddr_u *psau,
1597 const char *name
1598 )
1599 {
1600 #ifdef IN6_IFF_ANYCAST
1601 return check_flags6(psau, name, IN6_IFF_ANYCAST);
1602 #else
1603 return ISC_FALSE;
1604 #endif
1605 }
1606
1607 static isc_boolean_t
is_valid(sockaddr_u * psau,const char * name)1608 is_valid(
1609 sockaddr_u *psau,
1610 const char *name
1611 )
1612 {
1613 u_int32 flags;
1614
1615 flags = 0;
1616 switch (psau->sa.sa_family) {
1617 case AF_INET:
1618 #ifdef IN_IFF_DETACHED
1619 flags |= IN_IFF_DETACHED;
1620 #endif
1621 #ifdef IN_IFF_TENTATIVE
1622 flags |= IN_IFF_TENTATIVE;
1623 #endif
1624 return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
1625 case AF_INET6:
1626 #ifdef IN6_IFF_DEPARTED
1627 flags |= IN6_IFF_DEPARTED;
1628 #endif
1629 #ifdef IN6_IFF_DETACHED
1630 flags |= IN6_IFF_DETACHED;
1631 #endif
1632 #ifdef IN6_IFF_TENTATIVE
1633 flags |= IN6_IFF_TENTATIVE;
1634 #endif
1635 return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
1636 default:
1637 return ISC_FALSE;
1638 }
1639 }
1640
1641 /*
1642 * update_interface strategy
1643 *
1644 * toggle configuration phase
1645 *
1646 * Phase 1a:
1647 * forall currently existing interfaces
1648 * if address is known:
1649 * drop socket - rebind again
1650 *
1651 * if address is NOT known:
1652 * Add address to list of new addresses
1653 *
1654 * Phase 1b:
1655 * Scan the list of new addresses marking IPv6 link-local addresses
1656 * which also have a global v6 address using the same OS ifindex.
1657 * Attempt to create a new interface entry
1658 *
1659 * Phase 2:
1660 * forall currently known non MCAST and WILDCARD interfaces
1661 * if interface does not match configuration phase (not seen in phase 1):
1662 * remove interface from known interface list
1663 * forall peers associated with this interface
1664 * disconnect peer from this interface
1665 *
1666 * Phase 3:
1667 * attempt to re-assign interfaces to peers
1668 *
1669 */
1670
1671 static int
update_interfaces(u_short port,interface_receiver_t receiver,void * data)1672 update_interfaces(
1673 u_short port,
1674 interface_receiver_t receiver,
1675 void * data
1676 )
1677 {
1678 isc_mem_t * mctx = (void *)-1;
1679 interface_info_t ifi;
1680 isc_interfaceiter_t * iter;
1681 isc_result_t result;
1682 isc_interface_t isc_if;
1683 int new_interface_found;
1684 unsigned int family;
1685 endpt enumep;
1686 endpt * ep;
1687 endpt * next_ep;
1688 endpt * newaddrs;
1689 endpt * newaddrs_tail;
1690 endpt * ep2;
1691
1692 DPRINTF(3, ("update_interfaces(%d)\n", port));
1693
1694 /*
1695 * phase 1a - scan OS local addresses
1696 * - update those that ntpd already knows
1697 * - build a list of newly-discovered addresses.
1698 */
1699
1700 new_interface_found = FALSE;
1701 nonlocal_v4_addr_up = nonlocal_v6_addr_up = FALSE;
1702 iter = NULL;
1703 newaddrs = newaddrs_tail = NULL;
1704 result = isc_interfaceiter_create(mctx, &iter);
1705
1706 if (result != ISC_R_SUCCESS)
1707 return 0;
1708
1709 /*
1710 * Toggle system interface scan phase to find untouched
1711 * interfaces to be deleted.
1712 */
1713 sys_interphase ^= 0x1;
1714
1715 for (result = isc_interfaceiter_first(iter);
1716 ISC_R_SUCCESS == result;
1717 result = isc_interfaceiter_next(iter)) {
1718
1719 result = isc_interfaceiter_current(iter, &isc_if);
1720
1721 if (result != ISC_R_SUCCESS) {
1722 break;
1723 }
1724 /* See if we have a valid family to use */
1725 family = isc_if.address.family;
1726 if (AF_INET != family && AF_INET6 != family)
1727 continue;
1728 if (AF_INET == family && !ipv4_works)
1729 continue;
1730 if (AF_INET6 == family && !ipv6_works)
1731 continue;
1732
1733 /* create prototype */
1734 init_interface(&enumep);
1735
1736 convert_isc_if(&isc_if, &enumep, port);
1737
1738 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
1739
1740 /*
1741 * Check if and how we are going to use the interface.
1742 */
1743 switch (interface_action(enumep.name, &enumep.sin,
1744 enumep.flags)) {
1745
1746 case ACTION_IGNORE:
1747 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n",
1748 enumep.name, stoa(&enumep.sin)));
1749 continue;
1750
1751 case ACTION_LISTEN:
1752 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n",
1753 enumep.name, stoa(&enumep.sin)));
1754 enumep.ignore_packets = ISC_FALSE;
1755 break;
1756
1757 case ACTION_DROP:
1758 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n",
1759 enumep.name, stoa(&enumep.sin)));
1760 enumep.ignore_packets = ISC_TRUE;
1761 break;
1762 }
1763
1764 /* interfaces must be UP to be usable */
1765 if (!(enumep.flags & INT_UP)) {
1766 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n",
1767 enumep.name, stoa(&enumep.sin)));
1768 continue;
1769 }
1770
1771 /*
1772 * skip any interfaces UP and bound to a wildcard
1773 * address - some dhcp clients produce that in the
1774 * wild
1775 */
1776 if (is_wildcard_addr(&enumep.sin))
1777 continue;
1778
1779 if (is_anycast(&enumep.sin, isc_if.name))
1780 continue;
1781
1782 /*
1783 * skip any address that is an invalid state to be used
1784 */
1785 if (!is_valid(&enumep.sin, isc_if.name))
1786 continue;
1787
1788 /*
1789 * Keep track of having non-linklocal connectivity
1790 * for IPv4 and IPv6 so we don't solicit pool hosts
1791 * when it can't work.
1792 */
1793 if ( !(INT_LOOPBACK & enumep.flags)
1794 && !is_linklocal(&enumep.sin)) {
1795 if (IS_IPV6(&enumep.sin)) {
1796 nonlocal_v6_addr_up = TRUE;
1797 } else {
1798 nonlocal_v4_addr_up = TRUE;
1799 }
1800 }
1801 /*
1802 * map to local *address* in order to map all duplicate
1803 * interfaces to an endpt structure with the appropriate
1804 * socket. Our name space is (ip-address), NOT
1805 * (interface name, ip-address).
1806 */
1807 ep = getinterface(&enumep.sin, INT_WILDCARD);
1808
1809 if (NULL == ep) {
1810 ep = emalloc(sizeof(*ep));
1811 memcpy(ep, &enumep, sizeof(*ep));
1812 if (NULL != newaddrs_tail) {
1813 newaddrs_tail->elink = ep;
1814 newaddrs_tail = ep;
1815 } else {
1816 newaddrs_tail = newaddrs = ep;
1817 }
1818 continue;
1819 }
1820
1821 if (!refresh_interface(ep)) {
1822 /*
1823 * Refreshing failed, we will delete the endpt
1824 * in phase 2 because it was not marked current.
1825 * We can bind to the address as the refresh
1826 * code already closed the endpt's socket.
1827 */
1828 continue;
1829 }
1830 /*
1831 * found existing and up to date interface -
1832 * mark present.
1833 */
1834 if (ep->phase != sys_interphase) {
1835 /*
1836 * On a new round we reset the name so
1837 * the interface name shows up again if
1838 * this address is no longer shared.
1839 * We reset ignore_packets from the
1840 * new prototype to respect any runtime
1841 * changes to the nic rules.
1842 */
1843 strlcpy(ep->name, enumep.name, sizeof(ep->name));
1844 ep->ignore_packets = enumep.ignore_packets;
1845 } else {
1846 /*
1847 * DLH: else branch might be dead code from
1848 * when both address and name were compared.
1849 */
1850 msyslog(LOG_INFO, "%s on %u %s -> *multiple*",
1851 stoa(&ep->sin), ep->ifnum, ep->name);
1852 /* name collision - rename interface */
1853 strlcpy(ep->name, "*multiple*", sizeof(ep->name));
1854 }
1855
1856 DPRINT_INTERFACE(4, (ep, "updating ", " present\n"));
1857
1858 if (ep->ignore_packets != enumep.ignore_packets) {
1859 /*
1860 * We have conflicting configurations for the
1861 * address. This can happen with
1862 * -I <interfacename> on the command line for an
1863 * interface that shares its address with other
1864 * interfaces. We cannot disambiguate incoming
1865 * packets delivered to this socket without extra
1866 * syscalls/features. Note this is an unusual
1867 * configuration where several interfaces share
1868 * an address but filtering via interface name is
1869 * attempted. We resolve the config conflict by
1870 * disabling the processing of received packets.
1871 * This leads to no service on the address where
1872 * the conflict occurs.
1873 */
1874 msyslog(LOG_WARNING,
1875 "conflicting listen configuration between"
1876 " %s and %s for %s, disabled",
1877 enumep.name, ep->name, stoa(&enumep.sin));
1878
1879 ep->ignore_packets = TRUE;
1880 }
1881
1882 ep->phase = sys_interphase;
1883
1884 ifi.action = IFS_EXISTS;
1885 ifi.ep = ep;
1886 if (receiver != NULL) {
1887 (*receiver)(data, &ifi);
1888 }
1889 }
1890
1891 isc_interfaceiter_destroy(&iter);
1892
1893 /*
1894 * Phase 1b
1895 */
1896 for (ep = newaddrs; ep != NULL; ep = ep->elink) {
1897 if (IS_IPV6(&ep->sin) && is_linklocal(&ep->sin)) {
1898 for (ep2 = newaddrs; ep2 != NULL; ep2 = ep2->elink) {
1899 if ( IS_IPV6(&ep2->sin)
1900 && ep != ep2
1901 && !is_linklocal(&ep2->sin)) {
1902
1903 ep->flags |= INT_LL_OF_GLOB;
1904 break;
1905 }
1906 }
1907 }
1908 }
1909 for (ep2 = newaddrs; ep2 != NULL; ep2 = next_ep) {
1910 next_ep = ep2->elink;
1911 ep2->elink = NULL;
1912 ep = create_interface(port, ep2);
1913 if (ep != NULL) {
1914 ifi.action = IFS_CREATED;
1915 ifi.ep = ep;
1916 if (receiver != NULL) {
1917 (*receiver)(data, &ifi);
1918 }
1919 new_interface_found = TRUE;
1920 DPRINT_INTERFACE(3,
1921 (ep, "updating ", " new - created\n"));
1922 }
1923 else {
1924 DPRINT_INTERFACE(3,
1925 (ep, "updating ", " new - FAILED"));
1926
1927 msyslog(LOG_ERR,
1928 "cannot bind address %s",
1929 stoa(&ep->sin));
1930 }
1931 free(ep2);
1932 }
1933
1934 /*
1935 * phase 2 - delete gone interfaces - reassigning peers to
1936 * other interfaces
1937 */
1938 for (ep = ep_list; ep != NULL; ep = next_ep) {
1939 next_ep = ep->elink;
1940
1941 /*
1942 * if phase does not match sys_phase this interface was
1943 * not enumerated during the last interface scan - so it
1944 * is gone and will be deleted here unless it did not
1945 * originate from interface enumeration (INT_WILDCARD,
1946 * INT_MCASTIF).
1947 */
1948 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) ||
1949 ep->phase == sys_interphase)
1950 continue;
1951
1952 DPRINT_INTERFACE(3, (ep, "updating ",
1953 "GONE - deleting\n"));
1954 remove_interface(ep);
1955
1956 ifi.action = IFS_DELETED;
1957 ifi.ep = ep;
1958 if (receiver != NULL) {
1959 (*receiver)(data, &ifi);
1960 }
1961 /* disconnect peers from deleted endpt. */
1962 while (ep->peers != NULL) {
1963 set_peerdstadr(ep->peers, NULL);
1964 }
1965 /*
1966 * update globals in case we lose
1967 * a loopback interface
1968 */
1969 if (ep == loopback_interface) {
1970 loopback_interface = NULL;
1971 }
1972 delete_interface(ep);
1973 }
1974
1975 /*
1976 * phase 3 - re-configure as the world has possibly changed
1977 *
1978 * never ever make this conditional again - it is needed to track
1979 * routing updates. see bug #2506
1980 */
1981 refresh_all_peerinterfaces();
1982
1983 if (sys_bclient) {
1984 io_setbclient();
1985 }
1986 #ifdef MCAST
1987 /*
1988 * Check multicast interfaces and try to join multicast groups if
1989 * not joined yet.
1990 */
1991 for (ep = ep_list; ep != NULL; ep = ep->elink) {
1992 remaddr_t *entry;
1993
1994 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) {
1995 continue;
1996 }
1997 /* Find remote address that was linked to this interface */
1998 for (entry = remoteaddr_list;
1999 entry != NULL;
2000 entry = entry->link) {
2001 if (entry->ep == ep) {
2002 if (socket_multicast_enable(ep, &entry->addr)) {
2003 msyslog(LOG_INFO,
2004 "Joined %s socket to multicast group %s",
2005 stoa(&ep->sin),
2006 stoa(&entry->addr));
2007 }
2008 break;
2009 }
2010 }
2011 }
2012 #endif /* MCAST */
2013
2014 return new_interface_found;
2015 }
2016
2017
2018 /*
2019 * create_sockets - create a socket for each interface plus a default
2020 * socket for when we don't know where to send
2021 */
2022 static int
create_sockets(u_short port)2023 create_sockets(
2024 u_short port
2025 )
2026 {
2027 #ifndef HAVE_IO_COMPLETION_PORT
2028 /*
2029 * I/O Completion Ports don't care about the select and FD_SET
2030 */
2031 maxactivefd = 0;
2032 FD_ZERO(&activefds);
2033 #endif
2034
2035 DPRINTF(2, ("create_sockets(%d)\n", port));
2036
2037 create_wildcards(port);
2038
2039 update_interfaces(port, NULL, NULL);
2040
2041 /*
2042 * Now that we have opened all the sockets, turn off the reuse
2043 * flag for security.
2044 */
2045 set_reuseaddr(0);
2046
2047 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces));
2048
2049 return ninterfaces;
2050 }
2051
2052 /*
2053 * create_interface - create a new interface for a given prototype
2054 * binding the socket.
2055 */
2056 static endpt *
create_interface(u_short port,endpt * protot)2057 create_interface(
2058 u_short port,
2059 endpt * protot
2060 )
2061 {
2062 sockaddr_u resmask;
2063 endpt * iface;
2064 int/*BOOL*/ success;
2065 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET)
2066 remaddr_t * entry;
2067 remaddr_t * next_entry;
2068 #endif
2069 DPRINTF(2, ("create_interface(%s)\n", sptoa(&protot->sin)));
2070
2071 /* build an interface */
2072 iface = new_interface(protot);
2073
2074 /*
2075 * create socket
2076 */
2077 iface->fd = open_socket(&iface->sin, 0, 0, iface);
2078
2079 if (iface->fd != INVALID_SOCKET)
2080 log_listen_address(iface);
2081
2082 if ((INT_BROADCAST & iface->flags)
2083 && iface->bfd != INVALID_SOCKET)
2084 msyslog(LOG_INFO, "Listening on broadcast address %s",
2085 sptoa(&iface->bcast));
2086
2087 if (INVALID_SOCKET == iface->fd
2088 && INVALID_SOCKET == iface->bfd) {
2089 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s",
2090 iface->name,
2091 iface->ifnum,
2092 sptoa(&iface->sin));
2093 delete_interface(iface);
2094 return NULL;
2095 }
2096
2097 /*
2098 * Blacklist our own addresses, no use talking to ourself
2099 */
2100 SET_HOSTMASK(&resmask, AF(&iface->sin));
2101 success = hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
2102 -4, RESM_NTPONLY | RESM_INTERFACE,
2103 RES_IGNORE, 0);
2104 if (!success) {
2105 msyslog(LOG_ERR,
2106 "unable to self-restrict %s", stoa(&iface->sin));
2107 }
2108
2109 /*
2110 * set globals with the first found
2111 * loopback interface of the appropriate class
2112 */
2113 if (NULL == loopback_interface && AF_INET == iface->family
2114 && (INT_LOOPBACK & iface->flags))
2115 loopback_interface = iface;
2116
2117 /*
2118 * put into our interface list
2119 */
2120 add_addr_to_list(&iface->sin, iface);
2121 add_interface(iface);
2122
2123 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET)
2124 /*
2125 * Join any previously-configured compatible multicast groups.
2126 */
2127 if (INT_MULTICAST & iface->flags &&
2128 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) &&
2129 !iface->ignore_packets) {
2130 for (entry = remoteaddr_list;
2131 entry != NULL;
2132 entry = next_entry) {
2133 next_entry = entry->link;
2134 if (AF(&iface->sin) != AF(&entry->addr) ||
2135 !IS_MCAST(&entry->addr))
2136 continue;
2137 if (socket_multicast_enable(iface,
2138 &entry->addr))
2139 msyslog(LOG_INFO,
2140 "Joined %s socket to multicast group %s",
2141 stoa(&iface->sin),
2142 stoa(&entry->addr));
2143 else
2144 msyslog(LOG_ERR,
2145 "Failed to join %s socket to multicast group %s",
2146 stoa(&iface->sin),
2147 stoa(&entry->addr));
2148 }
2149 }
2150 #endif /* MCAST && MCAST_NONEWSOCKET */
2151
2152 DPRINT_INTERFACE(2, (iface, "created ", "\n"));
2153 return iface;
2154 }
2155
2156
2157 #ifdef DEBUG
2158 const char *
iflags_str(u_int32 iflags)2159 iflags_str(
2160 u_int32 iflags
2161 )
2162 {
2163 const size_t sz = LIB_BUFLENGTH;
2164 char * ifs;
2165
2166 LIB_GETBUF(ifs);
2167 ifs[0] = '\0';
2168
2169 if (iflags & INT_UP) {
2170 CLEAR_BIT_IF_DEBUG(INT_UP, iflags);
2171 append_flagstr(ifs, sz, "up");
2172 }
2173
2174 if (iflags & INT_PPP) {
2175 CLEAR_BIT_IF_DEBUG(INT_PPP, iflags);
2176 append_flagstr(ifs, sz, "ppp");
2177 }
2178
2179 if (iflags & INT_LOOPBACK) {
2180 CLEAR_BIT_IF_DEBUG(INT_LOOPBACK, iflags);
2181 append_flagstr(ifs, sz, "loopback");
2182 }
2183
2184 if (iflags & INT_BROADCAST) {
2185 CLEAR_BIT_IF_DEBUG(INT_BROADCAST, iflags);
2186 append_flagstr(ifs, sz, "broadcast");
2187 }
2188
2189 if (iflags & INT_MULTICAST) {
2190 CLEAR_BIT_IF_DEBUG(INT_MULTICAST, iflags);
2191 append_flagstr(ifs, sz, "multicast");
2192 }
2193
2194 if (iflags & INT_BCASTOPEN) {
2195 CLEAR_BIT_IF_DEBUG(INT_BCASTOPEN, iflags);
2196 append_flagstr(ifs, sz, "bcastopen");
2197 }
2198
2199 if (iflags & INT_MCASTOPEN) {
2200 CLEAR_BIT_IF_DEBUG(INT_MCASTOPEN, iflags);
2201 append_flagstr(ifs, sz, "mcastopen");
2202 }
2203
2204 if (iflags & INT_WILDCARD) {
2205 CLEAR_BIT_IF_DEBUG(INT_WILDCARD, iflags);
2206 append_flagstr(ifs, sz, "wildcard");
2207 }
2208
2209 if (iflags & INT_MCASTIF) {
2210 CLEAR_BIT_IF_DEBUG(INT_MCASTIF, iflags);
2211 append_flagstr(ifs, sz, "mcastif");
2212 }
2213
2214 if (iflags & INT_PRIVACY) {
2215 CLEAR_BIT_IF_DEBUG(INT_PRIVACY, iflags);
2216 append_flagstr(ifs, sz, "IPv6privacy");
2217 }
2218
2219 if (iflags & INT_BCASTXMIT) {
2220 CLEAR_BIT_IF_DEBUG(INT_BCASTXMIT, iflags);
2221 append_flagstr(ifs, sz, "bcastxmit");
2222 }
2223
2224 if (iflags & INT_LL_OF_GLOB) {
2225 CLEAR_BIT_IF_DEBUG(INT_LL_OF_GLOB, iflags);
2226 append_flagstr(ifs, sz, "linklocal-w-global");
2227 }
2228
2229 DEBUG_INVARIANT(!iflags);
2230
2231 return ifs;
2232 }
2233 #endif /* DEBUG */
2234
2235
2236 #ifdef SO_EXCLUSIVEADDRUSE
2237 static void
set_excladdruse(SOCKET fd)2238 set_excladdruse(
2239 SOCKET fd
2240 )
2241 {
2242 int one = 1;
2243 int failed;
2244 #ifdef SYS_WINNT
2245 DWORD err;
2246 #endif
2247
2248 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
2249 (void *)&one, sizeof(one));
2250
2251 if (!failed)
2252 return;
2253
2254 #ifdef SYS_WINNT
2255 /*
2256 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with
2257 * error WSAINVAL depending on service pack level and whether
2258 * the user account is in the Administrators group. Do not
2259 * complain if it fails that way on versions prior to XP (5.1).
2260 */
2261 err = GetLastError();
2262
2263 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */
2264 && WSAEINVAL == err)
2265 return;
2266
2267 SetLastError(err);
2268 #endif
2269 msyslog(LOG_ERR,
2270 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m",
2271 (int)fd);
2272 }
2273 #endif /* SO_EXCLUSIVEADDRUSE */
2274
2275
2276 /*
2277 * set_reuseaddr() - set/clear REUSEADDR on all sockets
2278 * NB possible hole - should we be doing this on broadcast
2279 * fd's also?
2280 */
2281 static void
set_reuseaddr(int flag)2282 set_reuseaddr(
2283 int flag
2284 )
2285 {
2286 #ifndef SO_EXCLUSIVEADDRUSE
2287 endpt *ep;
2288
2289 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2290 if (ep->flags & INT_WILDCARD)
2291 continue;
2292
2293 /*
2294 * if ep->fd is INVALID_SOCKET, we might have a adapter
2295 * configured but not present
2296 */
2297 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n",
2298 ep->name, stoa(&ep->sin),
2299 flag ? "on" : "off"));
2300
2301 if (ep->fd != INVALID_SOCKET) {
2302 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR,
2303 (void *)&flag, sizeof(flag))) {
2304 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m",
2305 stoa(&ep->sin), flag ? "on" : "off");
2306 }
2307 }
2308 }
2309 #endif /* ! SO_EXCLUSIVEADDRUSE */
2310 }
2311
2312 /*
2313 * This is just a wrapper around an internal function so we can
2314 * make other changes as necessary later on
2315 */
2316 void
enable_broadcast(endpt * iface,sockaddr_u * baddr)2317 enable_broadcast(
2318 endpt * iface,
2319 sockaddr_u * baddr
2320 )
2321 {
2322 #ifdef OPEN_BCAST_SOCKET
2323 socket_broadcast_enable(iface, iface->fd, baddr);
2324 #endif
2325 }
2326
2327 #ifdef OPEN_BCAST_SOCKET
2328 /*
2329 * Enable a broadcast address to a given socket
2330 * The socket is in the ep_list all we need to do is enable
2331 * broadcasting. It is not this function's job to select the socket
2332 */
2333 static isc_boolean_t
socket_broadcast_enable(endpt * iface,SOCKET fd,sockaddr_u * baddr)2334 socket_broadcast_enable(
2335 endpt * iface,
2336 SOCKET fd,
2337 sockaddr_u * baddr
2338 )
2339 {
2340 #ifdef SO_BROADCAST
2341 int on = 1;
2342
2343 if (IS_IPV4(baddr)) {
2344 /* if this interface can support broadcast, set SO_BROADCAST */
2345 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST,
2346 (void *)&on, sizeof(on)))
2347 msyslog(LOG_ERR,
2348 "setsockopt(SO_BROADCAST) enable failure on address %s: %m",
2349 stoa(baddr));
2350 else
2351 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n",
2352 fd, stoa(baddr)));
2353 }
2354 iface->flags |= INT_BCASTXMIT;
2355 return ISC_TRUE;
2356 #else
2357 return ISC_FALSE;
2358 #endif /* SO_BROADCAST */
2359 }
2360
2361 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
2362 /*
2363 * Remove a broadcast address from a given socket
2364 * The socket is in the ep_list all we need to do is disable
2365 * broadcasting. It is not this function's job to select the socket
2366 */
2367 static isc_boolean_t
socket_broadcast_disable(endpt * iface,sockaddr_u * baddr)2368 socket_broadcast_disable(
2369 endpt * iface,
2370 sockaddr_u * baddr
2371 )
2372 {
2373 #ifdef SO_BROADCAST
2374 int off = 0; /* This seems to be OK as an int */
2375
2376 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET,
2377 SO_BROADCAST, (void *)&off, sizeof(off)))
2378 msyslog(LOG_ERR,
2379 "setsockopt(SO_BROADCAST) disable failure on address %s: %m",
2380 stoa(baddr));
2381
2382 iface->flags &= ~INT_BCASTXMIT;
2383 return ISC_TRUE;
2384 #else
2385 return ISC_FALSE;
2386 #endif /* SO_BROADCAST */
2387 }
2388 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */
2389
2390 #endif /* OPEN_BCAST_SOCKET */
2391
2392
2393 /*
2394 * Check to see if the address is a multicast address
2395 */
2396 static isc_boolean_t
addr_ismulticast(sockaddr_u * maddr)2397 addr_ismulticast(
2398 sockaddr_u *maddr
2399 )
2400 {
2401 isc_boolean_t result;
2402
2403 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT
2404 /*
2405 * If we don't have IPV6 support any IPV6 addr is not multicast
2406 */
2407 if (IS_IPV6(maddr))
2408 result = ISC_FALSE;
2409 else
2410 #endif
2411 result = IS_MCAST(maddr);
2412
2413 if (!result)
2414 DPRINTF(4, ("address %s is not multicast\n",
2415 stoa(maddr)));
2416
2417 return result;
2418 }
2419
2420 /*
2421 * Multicast servers need to set the appropriate Multicast interface
2422 * socket option in order for it to know which interface to use for
2423 * send the multicast packet.
2424 */
2425 void
enable_multicast_if(endpt * iface,sockaddr_u * maddr)2426 enable_multicast_if(
2427 endpt * iface,
2428 sockaddr_u * maddr
2429 )
2430 {
2431 #ifdef MCAST
2432 #ifdef IP_MULTICAST_LOOP
2433 TYPEOF_IP_MULTICAST_LOOP off = 0;
2434 #endif
2435 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP)
2436 u_int off6 = 0;
2437 #endif
2438
2439 REQUIRE(AF(maddr) == AF(&iface->sin));
2440
2441 switch (AF(&iface->sin)) {
2442
2443 case AF_INET:
2444 #ifdef IP_MULTICAST_LOOP
2445 /*
2446 * Don't send back to itself, but allow failure to set
2447 */
2448 if (setsockopt(iface->fd, IPPROTO_IP,
2449 IP_MULTICAST_LOOP,
2450 (void *)&off,
2451 sizeof(off))) {
2452
2453 msyslog(LOG_ERR,
2454 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
2455 iface->fd, stoa(&iface->sin),
2456 stoa(maddr));
2457 }
2458 #endif
2459 break;
2460
2461 case AF_INET6:
2462 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2463 #ifdef IPV6_MULTICAST_LOOP
2464 /*
2465 * Don't send back to itself, but allow failure to set
2466 */
2467 if (setsockopt(iface->fd, IPPROTO_IPV6,
2468 IPV6_MULTICAST_LOOP,
2469 (void *) &off6, sizeof(off6))) {
2470
2471 msyslog(LOG_ERR,
2472 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
2473 iface->fd, stoa(&iface->sin),
2474 stoa(maddr));
2475 }
2476 #endif
2477 break;
2478 #else
2479 return;
2480 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2481 }
2482 return;
2483 #endif
2484 }
2485
2486 /*
2487 * Add a multicast address to a given socket
2488 * The socket is in the ep_list all we need to do is enable
2489 * multicasting. It is not this function's job to select the socket
2490 */
2491 #if defined(MCAST)
2492 static isc_boolean_t
socket_multicast_enable(endpt * iface,sockaddr_u * maddr)2493 socket_multicast_enable(
2494 endpt * iface,
2495 sockaddr_u * maddr
2496 )
2497 {
2498 struct ip_mreq mreq;
2499 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2500 struct ipv6_mreq mreq6;
2501 # endif
2502 switch (AF(maddr)) {
2503
2504 case AF_INET:
2505 ZERO(mreq);
2506 mreq.imr_multiaddr = SOCK_ADDR4(maddr);
2507 mreq.imr_interface.s_addr = htonl(INADDR_ANY);
2508 if (setsockopt(iface->fd,
2509 IPPROTO_IP,
2510 IP_ADD_MEMBERSHIP,
2511 (void *)&mreq,
2512 sizeof(mreq))) {
2513 DPRINTF(2, (
2514 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2515 iface->fd, stoa(&iface->sin),
2516 mreq.imr_multiaddr.s_addr,
2517 mreq.imr_interface.s_addr,
2518 stoa(maddr)));
2519 return ISC_FALSE;
2520 }
2521 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n",
2522 iface->fd, stoa(&iface->sin),
2523 mreq.imr_multiaddr.s_addr,
2524 mreq.imr_interface.s_addr, stoa(maddr)));
2525 break;
2526
2527 case AF_INET6:
2528 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2529 /*
2530 * Enable reception of multicast packets.
2531 * If the address is link-local we can get the
2532 * interface index from the scope id. Don't do this
2533 * for other types of multicast addresses. For now let
2534 * the kernel figure it out.
2535 */
2536 ZERO(mreq6);
2537 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2538 mreq6.ipv6mr_interface = iface->ifindex;
2539
2540 if (setsockopt(iface->fd, IPPROTO_IPV6,
2541 IPV6_JOIN_GROUP, (void *)&mreq6,
2542 sizeof(mreq6))) {
2543 DPRINTF(2, (
2544 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
2545 iface->fd, stoa(&iface->sin),
2546 mreq6.ipv6mr_interface, stoa(maddr)));
2547 return ISC_FALSE;
2548 }
2549 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n",
2550 iface->fd, stoa(&iface->sin),
2551 mreq6.ipv6mr_interface, stoa(maddr)));
2552 # else
2553 return ISC_FALSE;
2554 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2555 }
2556 iface->flags |= INT_MCASTOPEN;
2557 iface->num_mcast++;
2558
2559 return ISC_TRUE;
2560 }
2561 #endif /* MCAST */
2562
2563
2564 /*
2565 * Remove a multicast address from a given socket
2566 * The socket is in the ep_list all we need to do is disable
2567 * multicasting. It is not this function's job to select the socket
2568 */
2569 #ifdef MCAST
2570 static isc_boolean_t
socket_multicast_disable(endpt * iface,sockaddr_u * maddr)2571 socket_multicast_disable(
2572 endpt * iface,
2573 sockaddr_u * maddr
2574 )
2575 {
2576 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2577 struct ipv6_mreq mreq6;
2578 # endif
2579 struct ip_mreq mreq;
2580
2581 if (find_addr_in_list(maddr) == NULL) {
2582 DPRINTF(4, ("socket_multicast_disable(%s): not found\n",
2583 stoa(maddr)));
2584 return ISC_TRUE;
2585 }
2586
2587 switch (AF(maddr)) {
2588
2589 case AF_INET:
2590 ZERO(mreq);
2591 mreq.imr_multiaddr = SOCK_ADDR4(maddr);
2592 mreq.imr_interface = SOCK_ADDR4(&iface->sin);
2593 if (setsockopt(iface->fd, IPPROTO_IP,
2594 IP_DROP_MEMBERSHIP, (void *)&mreq,
2595 sizeof(mreq))) {
2596
2597 msyslog(LOG_ERR,
2598 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2599 iface->fd, stoa(&iface->sin),
2600 SRCADR(maddr), SRCADR(&iface->sin),
2601 stoa(maddr));
2602 return ISC_FALSE;
2603 }
2604 break;
2605 case AF_INET6:
2606 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2607 /*
2608 * Disable reception of multicast packets
2609 * If the address is link-local we can get the
2610 * interface index from the scope id. Don't do this
2611 * for other types of multicast addresses. For now let
2612 * the kernel figure it out.
2613 */
2614 ZERO(mreq6);
2615 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2616 mreq6.ipv6mr_interface = iface->ifindex;
2617
2618 if (setsockopt(iface->fd, IPPROTO_IPV6,
2619 IPV6_LEAVE_GROUP, (void *)&mreq6,
2620 sizeof(mreq6))) {
2621
2622 msyslog(LOG_ERR,
2623 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)",
2624 iface->fd, stoa(&iface->sin),
2625 iface->ifindex, stoa(maddr));
2626 return ISC_FALSE;
2627 }
2628 break;
2629 # else
2630 return ISC_FALSE;
2631 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2632 }
2633
2634 iface->num_mcast--;
2635 if (iface->num_mcast <= 0) {
2636 iface->flags &= ~INT_MCASTOPEN;
2637 }
2638 return ISC_TRUE;
2639 }
2640 #endif /* MCAST */
2641
2642
2643 /*
2644 * io_setbclient - open the broadcast client sockets
2645 */
2646 void
io_setbclient(void)2647 io_setbclient(void)
2648 {
2649 #ifdef OPEN_BCAST_SOCKET
2650 endpt * ep;
2651 unsigned int nif, ni4;
2652
2653 nif = ni4 = 0;
2654 set_reuseaddr(1);
2655
2656 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2657 /* count IPv4 interfaces. Needed later to decide
2658 * if we should log an error or not.
2659 */
2660 if (AF_INET == ep->family) {
2661 ++ni4;
2662 }
2663
2664 if (ep->flags & (INT_WILDCARD | INT_LOOPBACK))
2665 continue;
2666
2667 /* use only allowed addresses */
2668 if (ep->ignore_packets)
2669 continue;
2670
2671 /* Need a broadcast-capable interface */
2672 if (!(ep->flags & INT_BROADCAST))
2673 continue;
2674
2675 /* Only IPv4 addresses are valid for broadcast */
2676 REQUIRE(IS_IPV4(&ep->bcast));
2677
2678 /* Do we already have the broadcast address open? */
2679 if (ep->flags & INT_BCASTOPEN) {
2680 /*
2681 * account for already open interfaces to avoid
2682 * misleading warning below
2683 */
2684 nif++;
2685 continue;
2686 }
2687
2688 /*
2689 * Try to open the broadcast address
2690 */
2691 ep->family = AF_INET;
2692 ep->bfd = open_socket(&ep->bcast, 1, 0, ep);
2693
2694 /*
2695 * If we succeeded then we use it otherwise enable
2696 * broadcast on the interface address
2697 */
2698 if (ep->bfd != INVALID_SOCKET) {
2699 nif++;
2700 ep->flags |= INT_BCASTOPEN;
2701 msyslog(LOG_INFO,
2702 "Listen for broadcasts to %s on interface #%d %s",
2703 stoa(&ep->bcast), ep->ifnum, ep->name);
2704 } else switch (errno) {
2705 /* Silently ignore EADDRINUSE as we probably
2706 * opened the socket already for an address in
2707 * the same network */
2708 case EADDRINUSE:
2709 /* Some systems cannot bind a socket to a broadcast
2710 * address, as that is not a valid host address. */
2711 case EADDRNOTAVAIL:
2712 # ifdef SYS_WINNT /*TODO: use for other systems, too? */
2713 /* avoid recurrence here -- if we already have a
2714 * regular socket, it's quite useless to try this
2715 * again.
2716 */
2717 if (ep->fd != INVALID_SOCKET) {
2718 ep->flags |= INT_BCASTOPEN;
2719 nif++;
2720 }
2721 # endif
2722 break;
2723
2724 default:
2725 msyslog(LOG_INFO,
2726 "failed to listen for broadcasts to %s on interface #%d %s",
2727 stoa(&ep->bcast), ep->ifnum, ep->name);
2728 break;
2729 }
2730 }
2731 set_reuseaddr(0);
2732 if (nif != 0) {
2733 broadcast_client_enabled = ISC_TRUE;
2734 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif));
2735 } else {
2736 broadcast_client_enabled = ISC_FALSE;
2737 /* This is expected when having only IPv6 interfaces
2738 * and no IPv4 interfaces at all. We suppress the error
2739 * log in that case... everything else should work!
2740 */
2741 if (ni4) {
2742 msyslog(LOG_ERR,
2743 "Unable to listen for broadcasts, no broadcast interfaces available");
2744 }
2745 }
2746 #else
2747 msyslog(LOG_ERR,
2748 "io_setbclient: Broadcast Client disabled by build");
2749 #endif /* OPEN_BCAST_SOCKET */
2750 }
2751
2752
2753 /*
2754 * io_unsetbclient - close the broadcast client sockets
2755 */
2756 void
io_unsetbclient(void)2757 io_unsetbclient(void)
2758 {
2759 endpt *ep;
2760
2761 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2762 if (INT_WILDCARD & ep->flags)
2763 continue;
2764 if (!(INT_BCASTOPEN & ep->flags))
2765 continue;
2766
2767 if (ep->bfd != INVALID_SOCKET) {
2768 /* destroy broadcast listening socket */
2769 msyslog(LOG_INFO,
2770 "stop listening for broadcasts to %s on interface #%d %s",
2771 stoa(&ep->bcast), ep->ifnum, ep->name);
2772 close_and_delete_fd_from_list(ep->bfd, ep);
2773 ep->bfd = INVALID_SOCKET;
2774 }
2775 ep->flags &= ~INT_BCASTOPEN;
2776 }
2777 broadcast_client_enabled = ISC_FALSE;
2778 }
2779
2780
2781 /*
2782 * io_multicast_add() - add multicast group address
2783 */
2784 void
io_multicast_add(sockaddr_u * addr)2785 io_multicast_add(
2786 sockaddr_u *addr
2787 )
2788 {
2789 #ifdef MCAST
2790 endpt * ep;
2791 endpt * one_ep;
2792
2793 /*
2794 * Check to see if this is a multicast address
2795 */
2796 if (!addr_ismulticast(addr))
2797 return;
2798
2799 /* If we already have it we can just return */
2800 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) {
2801 return;
2802 }
2803
2804 # ifndef MULTICAST_NONEWSOCKET
2805 ep = new_interface(NULL);
2806
2807 /*
2808 * Open a new socket for the multicast address
2809 */
2810 ep->sin = *addr;
2811 SET_PORT(&ep->sin, NTP_PORT);
2812 ep->family = AF(&ep->sin);
2813 AF(&ep->mask) = ep->family;
2814 SET_ONESMASK(&ep->mask);
2815
2816 set_reuseaddr(1);
2817 ep->bfd = INVALID_SOCKET;
2818 ep->fd = open_socket(&ep->sin, 0, 0, ep);
2819 if (ep->fd != INVALID_SOCKET) {
2820 ep->ignore_packets = ISC_FALSE;
2821 ep->flags |= INT_MCASTIF;
2822 ep->ifindex = SCOPE(addr);
2823
2824 strlcpy(ep->name, "multicast", sizeof(ep->name));
2825 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n"));
2826 add_interface(ep);
2827 log_listen_address(ep);
2828 } else {
2829 /* bind failed, re-use wildcard interface */
2830 delete_interface(ep);
2831
2832 if (IS_IPV4(addr))
2833 ep = wildipv4;
2834 else if (IS_IPV6(addr))
2835 ep = wildipv6;
2836 else
2837 ep = NULL;
2838
2839 if (ep != NULL) {
2840 /* HACK ! -- stuff in an address */
2841 /* because we don't bind addr? DH */
2842 ep->bcast = *addr;
2843 msyslog(LOG_ERR,
2844 "multicast address %s using wildcard interface #%d %s",
2845 stoa(addr), ep->ifnum, ep->name);
2846 } else {
2847 msyslog(LOG_ERR,
2848 "No multicast socket available to use for address %s",
2849 stoa(addr));
2850 return;
2851 }
2852 }
2853 { /* in place of the { following for in #else clause */
2854 one_ep = ep;
2855 # else /* MULTICAST_NONEWSOCKET follows */
2856 /*
2857 * For the case where we can't use a separate socket (Windows)
2858 * join each applicable endpoint socket to the group address.
2859 */
2860 if (IS_IPV4(addr))
2861 one_ep = wildipv4;
2862 else
2863 one_ep = wildipv6;
2864 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2865 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) ||
2866 !(INT_MULTICAST & ep->flags) ||
2867 (INT_LOOPBACK | INT_WILDCARD) & ep->flags)
2868 continue;
2869 one_ep = ep;
2870 # endif /* MULTICAST_NONEWSOCKET */
2871 if (socket_multicast_enable(ep, addr))
2872 msyslog(LOG_INFO,
2873 "Joined %s socket to multicast group %s",
2874 stoa(&ep->sin),
2875 stoa(addr));
2876 }
2877
2878 add_addr_to_list(addr, one_ep);
2879 #else /* !MCAST follows*/
2880 msyslog(LOG_ERR,
2881 "Can not add multicast address %s: no multicast support",
2882 stoa(addr));
2883 #endif
2884 return;
2885 }
2886
2887
2888 /*
2889 * io_multicast_del() - delete multicast group address
2890 */
2891 void
2892 io_multicast_del(
2893 sockaddr_u * addr
2894 )
2895 {
2896 #ifdef MCAST
2897 endpt *iface;
2898
2899 /*
2900 * Check to see if this is a multicast address
2901 */
2902 if (!addr_ismulticast(addr)) {
2903 msyslog(LOG_ERR, "invalid multicast address %s",
2904 stoa(addr));
2905 return;
2906 }
2907
2908 /*
2909 * Disable reception of multicast packets
2910 */
2911 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN))
2912 != NULL)
2913 socket_multicast_disable(iface, addr);
2914
2915 delete_addr_from_list(addr);
2916
2917 #else /* not MCAST */
2918 msyslog(LOG_ERR,
2919 "Can not delete multicast address %s: no multicast support",
2920 stoa(addr));
2921 #endif /* not MCAST */
2922 }
2923
2924
2925 /*
2926 * open_socket - open a socket, returning the file descriptor
2927 */
2928
2929 static SOCKET
2930 open_socket(
2931 sockaddr_u * addr,
2932 int bcast,
2933 int turn_off_reuse,
2934 endpt * interf
2935 )
2936 {
2937 SOCKET fd;
2938 int errval;
2939 /*
2940 * int is OK for REUSEADR per
2941 * http://www.kohala.com/start/mcast.api.txt
2942 */
2943 int on = 1;
2944 int off = 0;
2945
2946 if (IS_IPV6(addr) && !ipv6_works)
2947 return INVALID_SOCKET;
2948
2949 /* create a datagram (UDP) socket */
2950 fd = socket(AF(addr), SOCK_DGRAM, 0);
2951 if (INVALID_SOCKET == fd) {
2952 errval = socket_errno();
2953 msyslog(LOG_ERR,
2954 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m",
2955 IS_IPV6(addr) ? "6" : "", stoa(addr));
2956
2957 if (errval == EPROTONOSUPPORT ||
2958 errval == EAFNOSUPPORT ||
2959 errval == EPFNOSUPPORT)
2960 return (INVALID_SOCKET);
2961
2962 errno = errval;
2963 msyslog(LOG_ERR,
2964 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting",
2965 errno);
2966 exit(1);
2967 }
2968
2969 #ifdef SYS_WINNT
2970 connection_reset_fix(fd, addr);
2971 #endif
2972 /*
2973 * Fixup the file descriptor for some systems
2974 * See bug #530 for details of the issue.
2975 */
2976 fd = move_fd(fd);
2977
2978 /*
2979 * set SO_REUSEADDR since we will be binding the same port
2980 * number on each interface according to turn_off_reuse.
2981 * This is undesirable on Windows versions starting with
2982 * Windows XP (numeric version 5.1).
2983 */
2984 #ifdef SYS_WINNT
2985 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */
2986 #endif
2987 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
2988 (void *)((turn_off_reuse)
2989 ? &off
2990 : &on),
2991 sizeof(on))) {
2992
2993 msyslog(LOG_ERR,
2994 "setsockopt SO_REUSEADDR %s fails for address %s: %m",
2995 (turn_off_reuse)
2996 ? "off"
2997 : "on",
2998 stoa(addr));
2999 closesocket(fd);
3000 return INVALID_SOCKET;
3001 }
3002 #ifdef SO_EXCLUSIVEADDRUSE
3003 /*
3004 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open
3005 * first will cause more specific binds to fail.
3006 */
3007 if (!(interf->flags & INT_WILDCARD))
3008 set_excladdruse(fd);
3009 #endif
3010
3011 /*
3012 * IPv4 specific options go here
3013 */
3014 if (IS_IPV4(addr)) {
3015 #if defined(IPPROTO_IP) && defined(IP_TOS)
3016 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos,
3017 sizeof(qos)))
3018 msyslog(LOG_ERR,
3019 "setsockopt IP_TOS (%02x) fails on address %s: %m",
3020 qos, stoa(addr));
3021 #endif /* IPPROTO_IP && IP_TOS */
3022 if (bcast)
3023 socket_broadcast_enable(interf, fd, addr);
3024 }
3025
3026 /*
3027 * IPv6 specific options go here
3028 */
3029 if (IS_IPV6(addr)) {
3030 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
3031 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos,
3032 sizeof(qos)))
3033 msyslog(LOG_ERR,
3034 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m",
3035 qos, stoa(addr));
3036 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */
3037 #ifdef IPV6_V6ONLY
3038 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS
3039 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
3040 (void *)&on, sizeof(on)))
3041 msyslog(LOG_ERR,
3042 "setsockopt IPV6_V6ONLY on fails on address %s: %m",
3043 stoa(addr));
3044 #endif
3045 #ifdef IPV6_BINDV6ONLY
3046 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY,
3047 (void *)&on, sizeof(on)))
3048 msyslog(LOG_ERR,
3049 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m",
3050 stoa(addr));
3051 #endif
3052 }
3053
3054 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
3055 /*
3056 * some OSes don't allow binding to more specific
3057 * addresses if a wildcard address already bound
3058 * to the port and SO_REUSEADDR is not set
3059 */
3060 if (!is_wildcard_addr(addr))
3061 set_wildcard_reuse(AF(addr), 1);
3062 #endif
3063
3064 /*
3065 * bind the local address.
3066 */
3067 errval = bind(fd, &addr->sa, SOCKLEN(addr));
3068
3069 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
3070 if (!is_wildcard_addr(addr))
3071 set_wildcard_reuse(AF(addr), 0);
3072 #endif
3073
3074 if (errval < 0) {
3075 /*
3076 * Don't log this under all conditions
3077 */
3078 if (turn_off_reuse == 0
3079 #ifdef DEBUG
3080 || debug > 1
3081 #endif
3082 ) {
3083 msyslog(LOG_ERR,
3084 "bind(%d) AF_INET%s %s%s flags 0x%x failed: %m",
3085 fd, IS_IPV6(addr) ? "6" : "",
3086 sptoa(addr),
3087 IS_MCAST(addr) ? " (multicast)" : "",
3088 interf->flags);
3089 }
3090
3091 closesocket(fd);
3092
3093 return INVALID_SOCKET;
3094 }
3095
3096 #ifdef HAVE_TIMESTAMP
3097 {
3098 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP,
3099 (void *)&on, sizeof(on)))
3100 msyslog(LOG_DEBUG,
3101 "setsockopt SO_TIMESTAMP on fails on address %s: %m",
3102 stoa(addr));
3103 else
3104 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n",
3105 fd, stoa(addr)));
3106 }
3107 #endif
3108 #ifdef HAVE_TIMESTAMPNS
3109 {
3110 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS,
3111 (void *)&on, sizeof(on)))
3112 msyslog(LOG_DEBUG,
3113 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m",
3114 stoa(addr));
3115 else
3116 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n",
3117 fd, stoa(addr)));
3118 }
3119 #endif
3120 #ifdef HAVE_BINTIME
3121 {
3122 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME,
3123 (void *)&on, sizeof(on)))
3124 msyslog(LOG_DEBUG,
3125 "setsockopt SO_BINTIME on fails on address %s: %m",
3126 stoa(addr));
3127 else
3128 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n",
3129 fd, stoa(addr)));
3130 }
3131 #endif
3132
3133 DPRINTF(4, ("bind(%d) addr %s, flags 0x%x\n",
3134 fd, sptoa(addr), interf->flags));
3135
3136 make_socket_nonblocking(fd);
3137
3138 #ifdef HAVE_SIGNALED_IO
3139 init_socket_sig(fd);
3140 #endif /* not HAVE_SIGNALED_IO */
3141
3142 add_fd_to_list(fd, FD_TYPE_SOCKET);
3143
3144 #if !defined(SYS_WINNT) && !defined(VMS)
3145 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd,
3146 fcntl(fd, F_GETFL, 0)));
3147 #endif /* SYS_WINNT || VMS */
3148
3149 #if defined(HAVE_IO_COMPLETION_PORT)
3150 /*
3151 * Add the socket to the completion port
3152 */
3153 if (!io_completion_port_add_socket(fd, interf, bcast)) {
3154 msyslog(LOG_ERR, "unable to set up io completion port - EXITING");
3155 exit(1);
3156 }
3157 #endif
3158 return fd;
3159 }
3160
3161
3162
3163 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */
3164 /*
3165 * sendpkt - send a packet to the specified destination from the given endpt
3166 * except for multicast, which may be sent from several addresses.
3167 */
3168 void
3169 sendpkt(
3170 sockaddr_u * dest,
3171 endpt * ep,
3172 int ttl,
3173 struct pkt * pkt,
3174 int len
3175 )
3176 {
3177 endpt * src;
3178 int ismcast;
3179 int cc;
3180 int rc;
3181 u_char cttl;
3182 l_fp fp_zero = { { 0 }, 0 };
3183 l_fp org, rec, xmt;
3184
3185 ismcast = IS_MCAST(dest);
3186 if (!ismcast) {
3187 src = ep;
3188 } else {
3189 #ifndef MCAST
3190 return;
3191 #endif
3192 src = (IS_IPV4(dest))
3193 ? mc4_list
3194 : mc6_list;
3195 }
3196
3197 if (NULL == src) {
3198 /*
3199 * unbound peer - drop request and wait for better
3200 * network conditions
3201 */
3202 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n",
3203 ismcast ? "\tMCAST\t***** " : "",
3204 stoa(dest), ttl, len));
3205 return;
3206 }
3207
3208 do {
3209 if (INT_LL_OF_GLOB & src->flags) {
3210 /* avoid duplicate multicasts on same IPv6 net */
3211 goto loop;
3212 }
3213 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n",
3214 ismcast ? "\tMCAST\t***** " : "", src->fd,
3215 stoa(dest), stoa(&src->sin), ttl, len));
3216 #ifdef MCAST
3217 if (ismcast && ttl > 0 && ttl != src->last_ttl) {
3218 /*
3219 * set the multicast ttl for outgoing packets
3220 */
3221 switch (AF(&src->sin)) {
3222
3223 case AF_INET :
3224 cttl = (u_char)ttl;
3225 rc = setsockopt(src->fd, IPPROTO_IP,
3226 IP_MULTICAST_TTL,
3227 (void *)&cttl,
3228 sizeof(cttl));
3229 break;
3230
3231 # ifdef INCLUDE_IPV6_SUPPORT
3232 case AF_INET6 :
3233 rc = setsockopt(src->fd, IPPROTO_IPV6,
3234 IPV6_MULTICAST_HOPS,
3235 (void *)&ttl,
3236 sizeof(ttl));
3237 break;
3238 # endif /* INCLUDE_IPV6_SUPPORT */
3239
3240 default:
3241 rc = 0;
3242 }
3243
3244 if (!rc)
3245 src->last_ttl = ttl;
3246 else
3247 msyslog(LOG_ERR,
3248 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m",
3249 stoa(&src->sin));
3250 }
3251 #endif /* MCAST */
3252
3253 #ifdef SIM
3254 cc = simulate_server(dest, src, pkt);
3255 #elif defined(HAVE_IO_COMPLETION_PORT)
3256 cc = io_completion_port_sendto(src, src->fd, pkt,
3257 (size_t)len, dest);
3258 #else
3259 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0,
3260 &dest->sa, SOCKLEN(dest));
3261 #endif
3262 if (cc == -1) {
3263 src->notsent++;
3264 packets_notsent++;
3265 } else {
3266 src->sent++;
3267 packets_sent++;
3268 }
3269 loop:
3270 if (ismcast)
3271 src = src->mclink;
3272 } while (ismcast && src != NULL);
3273
3274 /* HMS: pkt->rootdisp is usually random here */
3275 NTOHL_FP(&pkt->org, &org);
3276 NTOHL_FP(&pkt->rec, &rec);
3277 NTOHL_FP(&pkt->xmt, &xmt);
3278 record_raw_stats(src ? &src->sin : NULL, dest,
3279 &org, &rec, &xmt, &fp_zero,
3280 PKT_LEAP(pkt->li_vn_mode),
3281 PKT_VERSION(pkt->li_vn_mode),
3282 PKT_MODE(pkt->li_vn_mode),
3283 pkt->stratum,
3284 pkt->ppoll, pkt->precision,
3285 FPTOD(NTOHS_FP(pkt->rootdelay)),
3286 FPTOD(NTOHS_FP(pkt->rootdisp)), pkt->refid,
3287 len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
3288 }
3289
3290
3291 #if !defined(HAVE_IO_COMPLETION_PORT)
3292 #if !defined(HAVE_SIGNALED_IO)
3293 /*
3294 * fdbits - generate ascii representation of fd_set (FAU debug support)
3295 * HFDF format - highest fd first.
3296 */
3297 static char *
3298 fdbits(
3299 int count,
3300 const fd_set* set
3301 )
3302 {
3303 static char buffer[256];
3304 char * buf = buffer;
3305
3306 count = min(count, sizeof(buffer) - 1);
3307
3308 while (count >= 0) {
3309 *buf++ = FD_ISSET(count, set) ? '#' : '-';
3310 count--;
3311 }
3312 *buf = '\0';
3313
3314 return buffer;
3315 }
3316 #endif
3317
3318 #ifdef REFCLOCK
3319 /*
3320 * Routine to read the refclock packets for a specific interface
3321 * Return the number of bytes read. That way we know if we should
3322 * read it again or go on to the next one if no bytes returned
3323 */
3324 static inline int
3325 read_refclock_packet(
3326 SOCKET fd,
3327 struct refclockio * rp,
3328 l_fp ts
3329 )
3330 {
3331 u_int read_count;
3332 int buflen;
3333 int saved_errno;
3334 int consumed;
3335 struct recvbuf * rb;
3336
3337 rb = get_free_recv_buffer(TRUE);
3338
3339 if (NULL == rb) {
3340 /*
3341 * No buffer space available - just drop the 'packet'.
3342 * Since this is a non-blocking character stream we read
3343 * all data that we can.
3344 *
3345 * ...hmmmm... what about "tcflush(fd,TCIFLUSH)" here?!?
3346 */
3347 char buf[128];
3348 do
3349 buflen = read(fd, buf, sizeof(buf));
3350 while (buflen > 0);
3351 packets_dropped++;
3352 return (buflen);
3353 }
3354
3355 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
3356 * to buffer overrun and memory corruption
3357 */
3358 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space))
3359 read_count = sizeof(rb->recv_space);
3360 else
3361 read_count = (u_int)rp->datalen;
3362 do {
3363 buflen = read(fd, (char *)&rb->recv_space, read_count);
3364 } while (buflen < 0 && EINTR == errno);
3365
3366 if (buflen <= 0) {
3367 saved_errno = errno;
3368 freerecvbuf(rb);
3369 errno = saved_errno;
3370 return buflen;
3371 }
3372
3373 /*
3374 * Got one. Mark how and when it got here,
3375 * put it on the full list and do bookkeeping.
3376 */
3377 rb->recv_length = buflen;
3378 rb->recv_peer = rp->srcclock;
3379 rb->dstadr = NULL;
3380 rb->fd = fd;
3381 rb->recv_time = ts;
3382 rb->receiver = rp->clock_recv;
3383
3384 consumed = indicate_refclock_packet(rp, rb);
3385 if (!consumed) {
3386 rp->recvcount++;
3387 packets_received++;
3388 }
3389
3390 return buflen;
3391 }
3392 #endif /* REFCLOCK */
3393
3394
3395 #ifdef HAVE_PACKET_TIMESTAMP
3396 /*
3397 * extract timestamps from control message buffer
3398 */
3399 static l_fp
3400 fetch_timestamp(
3401 struct recvbuf * rb,
3402 struct msghdr * msghdr,
3403 l_fp ts
3404 )
3405 {
3406 struct cmsghdr * cmsghdr;
3407 unsigned long ticks;
3408 double fuzz;
3409 l_fp lfpfuzz;
3410 l_fp nts;
3411 #ifdef DEBUG_TIMING
3412 l_fp dts;
3413 #endif
3414
3415 cmsghdr = CMSG_FIRSTHDR(msghdr);
3416 while (cmsghdr != NULL) {
3417 switch (cmsghdr->cmsg_type)
3418 {
3419 #ifdef HAVE_BINTIME
3420 case SCM_BINTIME:
3421 #endif /* HAVE_BINTIME */
3422 #ifdef HAVE_TIMESTAMPNS
3423 case SCM_TIMESTAMPNS:
3424 #endif /* HAVE_TIMESTAMPNS */
3425 #ifdef HAVE_TIMESTAMP
3426 case SCM_TIMESTAMP:
3427 #endif /* HAVE_TIMESTAMP */
3428 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP)
3429 switch (cmsghdr->cmsg_type)
3430 {
3431 #ifdef HAVE_BINTIME
3432 case SCM_BINTIME:
3433 {
3434 struct bintime pbt;
3435 memcpy(&pbt, CMSG_DATA(cmsghdr), sizeof(pbt));
3436 /*
3437 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf
3438 */
3439 nts.l_i = pbt.sec + JAN_1970;
3440 nts.l_uf = (u_int32)(pbt.frac >> 32);
3441 if (sys_tick > measured_tick &&
3442 sys_tick > 1e-9) {
3443 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC));
3444 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC));
3445 }
3446 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n",
3447 (long)pbt.sec, (u_long)((nts.l_uf / FRAC) * 1e9)));
3448 }
3449 break;
3450 #endif /* HAVE_BINTIME */
3451 #ifdef HAVE_TIMESTAMPNS
3452 case SCM_TIMESTAMPNS:
3453 {
3454 struct timespec pts;
3455 memcpy(&pts, CMSG_DATA(cmsghdr), sizeof(pts));
3456 if (sys_tick > measured_tick &&
3457 sys_tick > 1e-9) {
3458 ticks = (unsigned long)((pts.tv_nsec * 1e-9) /
3459 sys_tick);
3460 pts.tv_nsec = (long)(ticks * 1e9 *
3461 sys_tick);
3462 }
3463 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n",
3464 pts.tv_sec, pts.tv_nsec));
3465 nts = tspec_stamp_to_lfp(pts);
3466 }
3467 break;
3468 #endif /* HAVE_TIMESTAMPNS */
3469 #ifdef HAVE_TIMESTAMP
3470 case SCM_TIMESTAMP:
3471 {
3472 struct timeval ptv;
3473 memcpy(&ptv, CMSG_DATA(cmsghdr), sizeof(ptv));
3474 if (sys_tick > measured_tick &&
3475 sys_tick > 1e-6) {
3476 ticks = (unsigned long)((ptv.tv_usec * 1e-6) /
3477 sys_tick);
3478 ptv.tv_usec = (long)(ticks * 1e6 *
3479 sys_tick);
3480 }
3481 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n",
3482 (intmax_t)ptv.tv_sec, (long)ptv.tv_usec));
3483 nts = tval_stamp_to_lfp(ptv);
3484 }
3485 break;
3486 #endif /* HAVE_TIMESTAMP */
3487 }
3488 fuzz = ntp_uurandom() * sys_fuzz;
3489 DTOLFP(fuzz, &lfpfuzz);
3490 L_ADD(&nts, &lfpfuzz);
3491 #ifdef DEBUG_TIMING
3492 dts = ts;
3493 L_SUB(&dts, &nts);
3494 collect_timing(rb, "input processing delay", 1,
3495 &dts);
3496 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n",
3497 lfptoa(&dts, 9)));
3498 #endif /* DEBUG_TIMING */
3499 ts = nts; /* network time stamp */
3500 break;
3501 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */
3502
3503 default:
3504 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n",
3505 cmsghdr->cmsg_type));
3506 }
3507 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr);
3508 }
3509 return ts;
3510 }
3511 #endif /* HAVE_PACKET_TIMESTAMP */
3512
3513
3514 /*
3515 * Routine to read the network NTP packets for a specific interface
3516 * Return the number of bytes read. That way we know if we should
3517 * read it again or go on to the next one if no bytes returned
3518 */
3519 static inline int
3520 read_network_packet(
3521 SOCKET fd,
3522 endpt * itf,
3523 l_fp ts
3524 )
3525 {
3526 GETSOCKNAME_SOCKLEN_TYPE fromlen;
3527 int buflen;
3528 register struct recvbuf *rb;
3529 #ifdef HAVE_PACKET_TIMESTAMP
3530 struct msghdr msghdr;
3531 struct iovec iovec;
3532 char control[CMSG_BUFSIZE];
3533 #endif
3534
3535 /*
3536 * Get a buffer and read the frame. If we haven't got a buffer,
3537 * or this is received on a disallowed socket, just dump the
3538 * packet.
3539 */
3540
3541 rb = itf->ignore_packets ? NULL : get_free_recv_buffer(FALSE);
3542 if (NULL == rb) {
3543 /* A partial read on a UDP socket truncates the data and
3544 * removes the message from the queue. So there's no
3545 * need to have a full buffer here on the stack.
3546 */
3547 char buf[16];
3548 sockaddr_u from;
3549
3550 if (rb != NULL)
3551 freerecvbuf(rb);
3552
3553 fromlen = sizeof(from);
3554 buflen = recvfrom(fd, buf, sizeof(buf), 0,
3555 &from.sa, &fromlen);
3556 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n",
3557 (itf->ignore_packets)
3558 ? "ignore"
3559 : "drop",
3560 free_recvbuffs(), fd, stoa(&from)));
3561 if (itf->ignore_packets)
3562 packets_ignored++;
3563 else
3564 packets_dropped++;
3565 return (buflen);
3566 }
3567
3568 fromlen = sizeof(rb->recv_srcadr);
3569
3570 #ifndef HAVE_PACKET_TIMESTAMP
3571 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space,
3572 sizeof(rb->recv_space), 0,
3573 &rb->recv_srcadr.sa, &fromlen);
3574 #else
3575 iovec.iov_base = &rb->recv_space;
3576 iovec.iov_len = sizeof(rb->recv_space);
3577 msghdr.msg_name = &rb->recv_srcadr;
3578 msghdr.msg_namelen = fromlen;
3579 msghdr.msg_iov = &iovec;
3580 msghdr.msg_iovlen = 1;
3581 msghdr.msg_control = (void *)&control;
3582 msghdr.msg_controllen = sizeof(control);
3583 msghdr.msg_flags = 0;
3584 rb->recv_length = recvmsg(fd, &msghdr, 0);
3585 #endif
3586
3587 buflen = rb->recv_length;
3588
3589 if (buflen == 0 || (buflen == -1 &&
3590 (EWOULDBLOCK == errno
3591 #ifdef EAGAIN
3592 || EAGAIN == errno
3593 #endif
3594 ))) {
3595 freerecvbuf(rb);
3596 return (buflen);
3597 } else if (buflen < 0) {
3598 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m",
3599 stoa(&rb->recv_srcadr), fd);
3600 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n",
3601 fd));
3602 freerecvbuf(rb);
3603 return (buflen);
3604 }
3605
3606 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n",
3607 fd, buflen, stoa(&rb->recv_srcadr)));
3608
3609 #ifdef ENABLE_BUG3020_FIX
3610 if (ISREFCLOCKADR(&rb->recv_srcadr)) {
3611 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!",
3612 stoa(&rb->recv_srcadr), fd);
3613 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n",
3614 fd));
3615 packets_dropped++;
3616 freerecvbuf(rb);
3617 return (buflen);
3618 }
3619 #endif
3620
3621 /*
3622 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
3623 */
3624
3625 if ( IS_IPV6(&rb->recv_srcadr)
3626 && IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
3627 && !(INT_LOOPBACK & itf->flags)) {
3628
3629 packets_dropped++;
3630 DPRINTF(2, ("DROPPING pkt with spoofed ::1 source on %s\n", latoa(itf)));
3631 freerecvbuf(rb);
3632 return -1;
3633 }
3634
3635 /*
3636 * Got one. Mark how and when it got here,
3637 * put it on the full list and do bookkeeping.
3638 */
3639 rb->dstadr = itf;
3640 rb->fd = fd;
3641 #ifdef HAVE_PACKET_TIMESTAMP
3642 /* pick up a network time stamp if possible */
3643 ts = fetch_timestamp(rb, &msghdr, ts);
3644 #endif
3645 rb->recv_time = ts;
3646 rb->receiver = receive;
3647
3648 add_full_recv_buffer(rb);
3649
3650 itf->received++;
3651 packets_received++;
3652 return (buflen);
3653 }
3654
3655 /*
3656 * attempt to handle io (select()/signaled IO)
3657 */
3658 void
3659 io_handler(void)
3660 {
3661 # ifndef HAVE_SIGNALED_IO
3662 fd_set rdfdes;
3663 int nfound;
3664
3665 /*
3666 * Use select() on all on all input fd's for unlimited
3667 * time. select() will terminate on SIGALARM or on the
3668 * reception of input. Using select() means we can't do
3669 * robust signal handling and we get a potential race
3670 * between checking for alarms and doing the select().
3671 * Mostly harmless, I think.
3672 */
3673 /*
3674 * On VMS, I suspect that select() can't be interrupted
3675 * by a "signal" either, so I take the easy way out and
3676 * have select() time out after one second.
3677 * System clock updates really aren't time-critical,
3678 * and - lacking a hardware reference clock - I have
3679 * yet to learn about anything else that is.
3680 */
3681 ++handler_calls;
3682 rdfdes = activefds;
3683 # if !defined(VMS) && !defined(SYS_VXWORKS)
3684 nfound = select(maxactivefd + 1, &rdfdes, NULL,
3685 NULL, NULL);
3686 # else /* VMS, VxWorks */
3687 /* make select() wake up after one second */
3688 {
3689 struct timeval t1;
3690 t1.tv_sec = 1;
3691 t1.tv_usec = 0;
3692 nfound = select(maxactivefd + 1,
3693 &rdfdes, NULL, NULL,
3694 &t1);
3695 }
3696 # endif /* VMS, VxWorks */
3697 if (nfound < 0 && sanitize_fdset(errno)) {
3698 struct timeval t1;
3699 t1.tv_sec = 0;
3700 t1.tv_usec = 0;
3701 rdfdes = activefds;
3702 nfound = select(maxactivefd + 1,
3703 &rdfdes, NULL, NULL,
3704 &t1);
3705 }
3706
3707 if (nfound > 0) {
3708 l_fp ts;
3709
3710 get_systime(&ts);
3711
3712 input_handler_scan(&ts, &rdfdes);
3713 } else if (nfound == -1 && errno != EINTR) {
3714 msyslog(LOG_ERR, "select() error: %m");
3715 }
3716 # ifdef DEBUG
3717 else if (debug > 4) {
3718 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
3719 } else {
3720 DPRINTF(3, ("select() returned %d: %m\n", nfound));
3721 }
3722 # endif /* DEBUG */
3723 # else /* HAVE_SIGNALED_IO */
3724 wait_for_signal();
3725 # endif /* HAVE_SIGNALED_IO */
3726 }
3727
3728 #ifdef HAVE_SIGNALED_IO
3729 /*
3730 * input_handler - receive packets asynchronously
3731 *
3732 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed!
3733 */
3734 static RETSIGTYPE
3735 input_handler(
3736 l_fp * cts
3737 )
3738 {
3739 int n;
3740 struct timeval tvzero;
3741 fd_set fds;
3742
3743 ++handler_calls;
3744
3745 /*
3746 * Do a poll to see who has data
3747 */
3748
3749 fds = activefds;
3750 tvzero.tv_sec = tvzero.tv_usec = 0;
3751
3752 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
3753 if (n < 0 && sanitize_fdset(errno)) {
3754 fds = activefds;
3755 tvzero.tv_sec = tvzero.tv_usec = 0;
3756 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
3757 }
3758 if (n > 0)
3759 input_handler_scan(cts, &fds);
3760 }
3761 #endif /* HAVE_SIGNALED_IO */
3762
3763
3764 /*
3765 * Try to sanitize the global FD set
3766 *
3767 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
3768 */
3769 static int/*BOOL*/
3770 sanitize_fdset(
3771 int errc
3772 )
3773 {
3774 int j, b, maxscan;
3775
3776 # ifndef HAVE_SIGNALED_IO
3777 /*
3778 * extended FAU debugging output
3779 */
3780 if (errc != EINTR) {
3781 msyslog(LOG_ERR,
3782 "select(%d, %s, 0L, 0L, &0.0) error: %m",
3783 maxactivefd + 1,
3784 fdbits(maxactivefd, &activefds));
3785 }
3786 # endif
3787
3788 if (errc != EBADF)
3789 return FALSE;
3790
3791 /* if we have oviously bad FDs, try to sanitize the FD set. */
3792 for (j = 0, maxscan = 0; j <= maxactivefd; j++) {
3793 if (FD_ISSET(j, &activefds)) {
3794 if (-1 != read(j, &b, 0)) {
3795 maxscan = j;
3796 continue;
3797 }
3798 # ifndef HAVE_SIGNALED_IO
3799 msyslog(LOG_ERR,
3800 "Removing bad file descriptor %d from select set",
3801 j);
3802 # endif
3803 FD_CLR(j, &activefds);
3804 }
3805 }
3806 if (maxactivefd != maxscan)
3807 maxactivefd = maxscan;
3808 return TRUE;
3809 }
3810
3811 /*
3812 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'.
3813 *
3814 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
3815 */
3816 static void
3817 input_handler_scan(
3818 const l_fp * cts,
3819 const fd_set * pfds
3820 )
3821 {
3822 int buflen;
3823 u_int idx;
3824 int doing;
3825 SOCKET fd;
3826 blocking_child *c;
3827 l_fp ts; /* Timestamp at BOselect() gob */
3828
3829 #if defined(DEBUG_TIMING)
3830 l_fp ts_e; /* Timestamp at EOselect() gob */
3831 #endif
3832 endpt * ep;
3833 #ifdef REFCLOCK
3834 struct refclockio *rp;
3835 int saved_errno;
3836 const char * clk;
3837 #endif
3838 #ifdef HAS_ROUTING_SOCKET
3839 struct asyncio_reader * asyncio_reader;
3840 struct asyncio_reader * next_asyncio_reader;
3841 #endif
3842
3843 ++handler_pkts;
3844 ts = *cts;
3845
3846 #ifdef REFCLOCK
3847 /*
3848 * Check out the reference clocks first, if any
3849 */
3850
3851 for (rp = refio; rp != NULL; rp = rp->next) {
3852 fd = rp->fd;
3853
3854 if (!FD_ISSET(fd, pfds))
3855 continue;
3856 buflen = read_refclock_packet(fd, rp, ts);
3857 /*
3858 * The first read must succeed after select() indicates
3859 * readability, or we've reached a permanent EOF.
3860 * http://bugs.ntp.org/1732 reported ntpd munching CPU
3861 * after a USB GPS was unplugged because select was
3862 * indicating EOF but ntpd didn't remove the descriptor
3863 * from the activefds set.
3864 */
3865 if (buflen < 0 && EAGAIN != errno) {
3866 saved_errno = errno;
3867 clk = refnumtoa(&rp->srcclock->srcadr);
3868 errno = saved_errno;
3869 msyslog(LOG_ERR, "%s read: %m", clk);
3870 maintain_activefds(fd, TRUE);
3871 } else if (0 == buflen) {
3872 clk = refnumtoa(&rp->srcclock->srcadr);
3873 msyslog(LOG_ERR, "%s read EOF", clk);
3874 maintain_activefds(fd, TRUE);
3875 } else {
3876 /* drain any remaining refclock input */
3877 do {
3878 buflen = read_refclock_packet(fd, rp, ts);
3879 } while (buflen > 0);
3880 }
3881 }
3882 #endif /* REFCLOCK */
3883
3884 /*
3885 * Loop through the interfaces looking for data to read.
3886 */
3887 for (ep = ep_list; ep != NULL; ep = ep->elink) {
3888 for (doing = 0; doing < 2; doing++) {
3889 if (!doing) {
3890 fd = ep->fd;
3891 } else {
3892 if (!(ep->flags & INT_BCASTOPEN))
3893 break;
3894 fd = ep->bfd;
3895 }
3896 if (fd < 0)
3897 continue;
3898 if (FD_ISSET(fd, pfds))
3899 do {
3900 buflen = read_network_packet(
3901 fd, ep, ts);
3902 } while (buflen > 0);
3903 /* Check more interfaces */
3904 }
3905 }
3906
3907 #ifdef HAS_ROUTING_SOCKET
3908 /*
3909 * scan list of asyncio readers - currently only used for routing sockets
3910 */
3911 asyncio_reader = asyncio_reader_list;
3912
3913 while (asyncio_reader != NULL) {
3914 /* callback may unlink and free asyncio_reader */
3915 next_asyncio_reader = asyncio_reader->link;
3916 if (FD_ISSET(asyncio_reader->fd, pfds))
3917 (*asyncio_reader->receiver)(asyncio_reader);
3918 asyncio_reader = next_asyncio_reader;
3919 }
3920 #endif /* HAS_ROUTING_SOCKET */
3921
3922 /*
3923 * Check for a response from a blocking child
3924 */
3925 for (idx = 0; idx < blocking_children_alloc; idx++) {
3926 c = blocking_children[idx];
3927 if (NULL == c || -1 == c->resp_read_pipe)
3928 continue;
3929 if (FD_ISSET(c->resp_read_pipe, pfds)) {
3930 ++c->resp_ready_seen;
3931 ++blocking_child_ready_seen;
3932 }
3933 }
3934
3935 /* We've done our work */
3936 #if defined(DEBUG_TIMING)
3937 get_systime(&ts_e);
3938 /*
3939 * (ts_e - ts) is the amount of time we spent
3940 * processing this gob of file descriptors. Log
3941 * it.
3942 */
3943 L_SUB(&ts_e, &ts);
3944 collect_timing(NULL, "input handler", 1, &ts_e);
3945 if (debug > 3)
3946 msyslog(LOG_DEBUG,
3947 "input_handler: Processed a gob of fd's in %s msec",
3948 lfptoms(&ts_e, 6));
3949 #endif /* DEBUG_TIMING */
3950 }
3951 #endif /* !HAVE_IO_COMPLETION_PORT */
3952
3953 /*
3954 * find an interface suitable for the src address
3955 */
3956 endpt *
3957 select_peerinterface(
3958 struct peer * peer,
3959 sockaddr_u * srcadr,
3960 endpt * dstadr
3961 )
3962 {
3963 endpt *ep;
3964 #ifndef SIM
3965 endpt *wild;
3966
3967 wild = ANY_INTERFACE_CHOOSE(srcadr);
3968
3969 /*
3970 * Initialize the peer structure and dance the interface jig.
3971 * Reference clocks step the loopback waltz, the others
3972 * squaredance around the interface list looking for a buddy. If
3973 * the dance peters out, there is always the wildcard interface.
3974 * This might happen in some systems and would preclude proper
3975 * operation with public key cryptography.
3976 */
3977 if (ISREFCLOCKADR(srcadr)) {
3978 ep = loopback_interface;
3979 } else if (peer->cast_flags &
3980 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) {
3981 ep = findbcastinter(srcadr);
3982 if (ep != NULL)
3983 DPRINTF(4, ("Found *-cast interface %s for address %s\n",
3984 stoa(&ep->sin), stoa(srcadr)));
3985 else
3986 DPRINTF(4, ("No *-cast local address found for address %s\n",
3987 stoa(srcadr)));
3988 } else {
3989 ep = dstadr;
3990 if (NULL == ep) {
3991 ep = wild;
3992 }
3993 }
3994 /*
3995 * If it is a multicast address, findbcastinter() may not find
3996 * it. For unicast, we get to find the interface when dstadr is
3997 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either
3998 * way, try a little harder.
3999 */
4000 if (wild == ep) {
4001 ep = findinterface(srcadr);
4002 }
4003 /*
4004 * we do not bind to the wildcard interfaces for output
4005 * as our (network) source address would be undefined and
4006 * crypto will not work without knowing the own transmit address
4007 */
4008 if (ep != NULL && (INT_WILDCARD & ep->flags)) {
4009 if (!accept_wildcard_if_for_winnt) {
4010 ep = NULL;
4011 }
4012 }
4013 #else /* SIM follows */
4014 ep = loopback_interface;
4015 #endif
4016
4017 return ep;
4018 }
4019
4020
4021 /*
4022 * findinterface - find local interface corresponding to address
4023 */
4024 endpt *
4025 findinterface(
4026 sockaddr_u *addr
4027 )
4028 {
4029 endpt *iface;
4030
4031 iface = findlocalinterface(addr, INT_WILDCARD, 0);
4032
4033 if (NULL == iface) {
4034 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n",
4035 stoa(addr)));
4036
4037 iface = ANY_INTERFACE_CHOOSE(addr);
4038 } else
4039 DPRINTF(4, ("Found interface #%d %s for address %s\n",
4040 iface->ifnum, iface->name, stoa(addr)));
4041
4042 return iface;
4043 }
4044
4045 /*
4046 * findlocalinterface - find local interface corresponding to addr,
4047 * which does not have any of flags set. If bcast is nonzero, addr is
4048 * a broadcast address.
4049 *
4050 * This code attempts to find the local sending address for an outgoing
4051 * address by connecting a new socket to destinationaddress:NTP_PORT
4052 * and reading the sockname of the resulting connect.
4053 * the complicated sequence simulates the routing table lookup
4054 * for to first hop without duplicating any of the routing logic into
4055 * ntpd. preferably we would have used an API call - but its not there -
4056 * so this is the best we can do here short of duplicating to entire routing
4057 * logic in ntpd which would be a silly and really unportable thing to do.
4058 *
4059 */
4060 static endpt *
4061 findlocalinterface(
4062 sockaddr_u * addr,
4063 int flags,
4064 int bcast
4065 )
4066 {
4067 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen;
4068 endpt * iface;
4069 sockaddr_u saddr;
4070 SOCKET s;
4071 int rtn;
4072 int on;
4073
4074 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n",
4075 stoa(addr)));
4076
4077 /* [Bug 3437] The prototype POOL peer can be AF_UNSPEC.
4078 * This is bound to fail, but on the way to nowhere it
4079 * triggers a security incident on SELinux.
4080 *
4081 * Checking the condition and failing early is probably good
4082 * advice, and even saves us some syscalls in that case.
4083 * Thanks to Miroslav Lichvar for finding this.
4084 */
4085 if (AF_UNSPEC == AF(addr)) {
4086 return NULL;
4087 }
4088 s = socket(AF(addr), SOCK_DGRAM, 0);
4089 if (INVALID_SOCKET == s) {
4090 return NULL;
4091 }
4092 /*
4093 * If we are looking for broadcast interface we need to set this
4094 * socket to allow broadcast
4095 */
4096 if (bcast) {
4097 on = 1;
4098 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET,
4099 SO_BROADCAST,
4100 (void *)&on,
4101 sizeof(on))) {
4102 closesocket(s);
4103 return NULL;
4104 }
4105 }
4106
4107 rtn = connect(s, &addr->sa, SOCKLEN(addr));
4108 if (SOCKET_ERROR == rtn) {
4109 closesocket(s);
4110 return NULL;
4111 }
4112
4113 sockaddrlen = sizeof(saddr);
4114 rtn = getsockname(s, &saddr.sa, &sockaddrlen);
4115 closesocket(s);
4116 if (SOCKET_ERROR == rtn)
4117 return NULL;
4118
4119 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n",
4120 stoa(addr), stoa(&saddr)));
4121
4122 iface = getinterface(&saddr, flags);
4123
4124 /*
4125 * if we didn't find an exact match on saddr, find the closest
4126 * available local address. This handles the case of the
4127 * address suggested by the kernel being excluded by nic rules
4128 * or the user's -I and -L options to ntpd.
4129 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683
4130 * for more background.
4131 */
4132 if (NULL == iface || iface->ignore_packets) {
4133 iface = findclosestinterface(&saddr,
4134 flags | INT_LOOPBACK);
4135 }
4136 /*
4137 * Don't select an interface which will ignore replies, or one
4138 * dedicated to multicast receive.
4139 */
4140 if ( iface != NULL
4141 && (iface->ignore_packets || (INT_MCASTIF & iface->flags))) {
4142 iface = NULL;
4143 }
4144 return iface;
4145 }
4146
4147
4148 /*
4149 * findclosestinterface
4150 *
4151 * If there are -I/--interface or -L/novirtualips command-line options,
4152 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may
4153 * find the kernel's preferred local address for a given peer address is
4154 * administratively unavailable to ntpd, and punt to this routine's more
4155 * expensive search.
4156 *
4157 * Find the numerically closest local address to the one connect()
4158 * suggested. This matches an address on the same subnet first, as
4159 * needed by Bug 1184, and provides a consistent choice if there are
4160 * multiple feasible local addresses, regardless of the order ntpd
4161 * enumerated them.
4162 */
4163 endpt *
4164 findclosestinterface(
4165 sockaddr_u * addr,
4166 int flags
4167 )
4168 {
4169 endpt * ep;
4170 endpt * winner;
4171 sockaddr_u addr_dist;
4172 sockaddr_u min_dist;
4173
4174 ZERO_SOCK(&min_dist);
4175 winner = NULL;
4176
4177 for (ep = ep_list; ep != NULL; ep = ep->elink) {
4178 if (ep->ignore_packets ||
4179 AF(addr) != ep->family ||
4180 flags & ep->flags)
4181 continue;
4182
4183 calc_addr_distance(&addr_dist, addr, &ep->sin);
4184 if (NULL == winner ||
4185 -1 == cmp_addr_distance(&addr_dist, &min_dist)) {
4186 min_dist = addr_dist;
4187 winner = ep;
4188 }
4189 }
4190 if (NULL == winner)
4191 DPRINTF(4, ("findclosestinterface(%s) failed\n",
4192 stoa(addr)));
4193 else
4194 DPRINTF(4, ("findclosestinterface(%s) -> %s\n",
4195 stoa(addr), stoa(&winner->sin)));
4196
4197 return winner;
4198 }
4199
4200
4201 /*
4202 * calc_addr_distance - calculate the distance between two addresses,
4203 * the absolute value of the difference between
4204 * the addresses numerically, stored as an address.
4205 */
4206 static void
4207 calc_addr_distance(
4208 sockaddr_u * dist,
4209 const sockaddr_u * a1,
4210 const sockaddr_u * a2
4211 )
4212 {
4213 u_char * pdist;
4214 const u_char * p1;
4215 const u_char * p2;
4216 size_t cb;
4217 int different;
4218 int a1_greater;
4219 u_int u;
4220
4221 REQUIRE(AF(a1) == AF(a2));
4222
4223 ZERO_SOCK(dist);
4224 AF(dist) = AF(a1);
4225
4226 if (IS_IPV4(a1)) {
4227 pdist = ( u_char *)&NSRCADR(dist);
4228 p1 = (const u_char *)&NSRCADR(a1);
4229 p2 = (const u_char *)&NSRCADR(a2);
4230 } else {
4231 pdist = ( u_char *)&NSRCADR(dist);
4232 p1 = (const u_char *)&NSRCADR(a1);
4233 p2 = (const u_char *)&NSRCADR(a2);
4234 }
4235 cb = SIZEOF_INADDR(AF(dist));
4236 different = FALSE;
4237 a1_greater = FALSE;
4238 for (u = 0; u < cb; u++) {
4239 if (!different && p1[u] != p2[u]) {
4240 a1_greater = (p1[u] > p2[u]);
4241 different = TRUE;
4242 }
4243 if (a1_greater) {
4244 pdist[u] = p1[u] - p2[u];
4245 } else {
4246 pdist[u] = p2[u] - p1[u];
4247 }
4248 }
4249 }
4250
4251
4252 /*
4253 * cmp_addr_distance - compare two address distances, returning -1, 0,
4254 * 1 to indicate their relationship.
4255 */
4256 static int
4257 cmp_addr_distance(
4258 const sockaddr_u * d1,
4259 const sockaddr_u * d2
4260 )
4261 {
4262 int i;
4263
4264 REQUIRE(AF(d1) == AF(d2));
4265
4266 if (IS_IPV4(d1)) {
4267 if (SRCADR(d1) < SRCADR(d2))
4268 return -1;
4269 else if (SRCADR(d1) == SRCADR(d2))
4270 return 0;
4271 else
4272 return 1;
4273 }
4274
4275 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) {
4276 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i])
4277 return -1;
4278 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i])
4279 return 1;
4280 }
4281
4282 return 0;
4283 }
4284
4285
4286
4287 /*
4288 * fetch an interface structure the matches the
4289 * address and has the given flags NOT set
4290 */
4291 endpt *
4292 getinterface(
4293 sockaddr_u * addr,
4294 u_int32 flags
4295 )
4296 {
4297 endpt *iface;
4298
4299 iface = find_addr_in_list(addr);
4300
4301 if (iface != NULL && (iface->flags & flags))
4302 iface = NULL;
4303
4304 return iface;
4305 }
4306
4307
4308 /*
4309 * findbcastinter - find broadcast interface corresponding to address
4310 */
4311 endpt *
4312 findbcastinter(
4313 sockaddr_u *addr
4314 )
4315 {
4316 endpt * iface;
4317
4318 iface = NULL;
4319 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT))
4320 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n",
4321 stoa(addr)));
4322
4323 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD,
4324 1);
4325 if (iface != NULL) {
4326 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n",
4327 iface->ifnum, iface->name));
4328 return iface;
4329 }
4330
4331 /*
4332 * plan B - try to find something reasonable in our lists in
4333 * case kernel lookup doesn't help
4334 */
4335 for (iface = ep_list; iface != NULL; iface = iface->elink) {
4336 if (iface->flags & INT_WILDCARD)
4337 continue;
4338
4339 /* Don't bother with ignored interfaces */
4340 if (iface->ignore_packets)
4341 continue;
4342
4343 /*
4344 * First look if this is the correct family
4345 */
4346 if(AF(&iface->sin) != AF(addr))
4347 continue;
4348
4349 /* Skip the loopback addresses */
4350 if (iface->flags & INT_LOOPBACK)
4351 continue;
4352
4353 /*
4354 * If we are looking to match a multicast address and
4355 * this interface is one...
4356 */
4357 if (addr_ismulticast(addr)
4358 && (iface->flags & INT_MULTICAST)) {
4359 #ifdef INCLUDE_IPV6_SUPPORT
4360 /*
4361 * ...it is the winner unless we're looking for
4362 * an interface to use for link-local multicast
4363 * and its address is not link-local.
4364 */
4365 if (IS_IPV6(addr)
4366 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr))
4367 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin)))
4368 continue;
4369 #endif
4370 break;
4371 }
4372
4373 /*
4374 * We match only those interfaces marked as
4375 * broadcastable and either the explicit broadcast
4376 * address or the network portion of the IP address.
4377 * Sloppy.
4378 */
4379 if (IS_IPV4(addr)) {
4380 if (SOCK_EQ(&iface->bcast, addr))
4381 break;
4382
4383 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask))
4384 == (NSRCADR(addr) & NSRCADR(&iface->mask)))
4385 break;
4386 }
4387 #ifdef INCLUDE_IPV6_SUPPORT
4388 else if (IS_IPV6(addr)) {
4389 if (SOCK_EQ(&iface->bcast, addr))
4390 break;
4391
4392 if (SOCK_EQ(netof(&iface->sin), netof(addr)))
4393 break;
4394 }
4395 #endif
4396 }
4397 #endif /* SIOCGIFCONF */
4398 if (NULL == iface) {
4399 DPRINTF(4, ("No bcast interface found for %s\n",
4400 stoa(addr)));
4401 iface = ANY_INTERFACE_CHOOSE(addr);
4402 } else {
4403 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n",
4404 iface->ifnum, iface->name));
4405 }
4406
4407 return iface;
4408 }
4409
4410
4411 /*
4412 * io_clr_stats - clear I/O module statistics
4413 */
4414 void
4415 io_clr_stats(void)
4416 {
4417 packets_dropped = 0;
4418 packets_ignored = 0;
4419 packets_received = 0;
4420 packets_sent = 0;
4421 packets_notsent = 0;
4422
4423 handler_calls = 0;
4424 handler_pkts = 0;
4425 io_timereset = current_time;
4426 }
4427
4428
4429 #ifdef REFCLOCK
4430 /*
4431 * io_addclock - add a reference clock to the list and arrange that we
4432 * get SIGIO interrupts from it.
4433 */
4434 int
4435 io_addclock(
4436 struct refclockio *rio
4437 )
4438 {
4439 BLOCKIO();
4440
4441 /*
4442 * Stuff the I/O structure in the list and mark the descriptor
4443 * in use. There is a harmless (I hope) race condition here.
4444 */
4445 rio->active = TRUE;
4446
4447 # ifdef HAVE_SIGNALED_IO
4448 if (init_clock_sig(rio)) {
4449 UNBLOCKIO();
4450 return 0;
4451 }
4452 # elif defined(HAVE_IO_COMPLETION_PORT)
4453 if (!io_completion_port_add_clock_io(rio)) {
4454 UNBLOCKIO();
4455 return 0;
4456 }
4457 # endif
4458
4459 /*
4460 * enqueue
4461 */
4462 LINK_SLIST(refio, rio, next);
4463
4464 /*
4465 * register fd
4466 */
4467 add_fd_to_list(rio->fd, FD_TYPE_FILE);
4468
4469 UNBLOCKIO();
4470 return 1;
4471 }
4472
4473
4474 /*
4475 * io_closeclock - close the clock in the I/O structure given
4476 */
4477 void
4478 io_closeclock(
4479 struct refclockio *rio
4480 )
4481 {
4482 struct refclockio *unlinked;
4483
4484 BLOCKIO();
4485
4486 /*
4487 * Remove structure from the list
4488 */
4489 rio->active = FALSE;
4490 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio);
4491 if (NULL != unlinked) {
4492 /* Close the descriptor. The order of operations is
4493 * important here in case of async / overlapped IO:
4494 * only after we have removed the clock from the
4495 * IO completion port we can be sure no further
4496 * input is queued. So...
4497 * - we first disable feeding to the queu by removing
4498 * the clock from the IO engine
4499 * - close the file (which brings down any IO on it)
4500 * - clear the buffer from results for this fd
4501 */
4502 # ifdef HAVE_IO_COMPLETION_PORT
4503 io_completion_port_remove_clock_io(rio);
4504 # endif
4505 close_and_delete_fd_from_list(rio->fd, NULL);
4506 purge_recv_buffers_for_fd(rio->fd);
4507 rio->fd = -1;
4508 }
4509
4510 UNBLOCKIO();
4511 }
4512 #endif /* REFCLOCK */
4513
4514
4515 /*
4516 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in
4517 * an array. So we use one of the ISC_LIST functions to hold the
4518 * socket value and use that when we want to enumerate it.
4519 *
4520 * This routine is called by the forked intres child process to close
4521 * all open sockets. On Windows there's no need as intres runs in
4522 * the same process as a thread.
4523 */
4524 #ifndef SYS_WINNT
4525 void
4526 kill_asyncio(
4527 int startfd
4528 )
4529 {
4530 BLOCKIO();
4531
4532 /*
4533 * In the child process we do not maintain activefds and
4534 * maxactivefd. Zeroing maxactivefd disables code which
4535 * maintains it in close_and_delete_fd_from_list().
4536 */
4537 maxactivefd = 0;
4538
4539 while (fd_list != NULL)
4540 close_and_delete_fd_from_list(fd_list->fd, NULL);
4541
4542 UNBLOCKIO();
4543 }
4544 #endif /* !SYS_WINNT */
4545
4546
4547 /*
4548 * Add and delete functions for the list of input file descriptors
4549 */
4550 static void
4551 add_fd_to_list(
4552 SOCKET fd,
4553 enum desc_type type
4554 )
4555 {
4556 vsock_t *lsock = emalloc(sizeof(*lsock));
4557
4558 lsock->fd = fd;
4559 lsock->type = type;
4560
4561 LINK_SLIST(fd_list, lsock, link);
4562 maintain_activefds(fd, 0);
4563 }
4564
4565
4566 static void
4567 close_and_delete_fd_from_list(
4568 SOCKET fd,
4569 endpt *ep /* req. if fd is in struct endpt */
4570 )
4571 {
4572 vsock_t *lsock;
4573
4574 UNLINK_EXPR_SLIST(lsock, fd_list, fd ==
4575 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t);
4576
4577 if (NULL == lsock)
4578 return;
4579
4580 switch (lsock->type) {
4581
4582 case FD_TYPE_SOCKET:
4583 #ifdef HAVE_IO_COMPLETION_PORT
4584 if (ep != NULL) {
4585 io_completion_port_remove_socket(fd, ep);
4586 }
4587 #endif
4588 closesocket(lsock->fd);
4589 break;
4590
4591 case FD_TYPE_FILE:
4592 closeserial((int)lsock->fd);
4593 break;
4594
4595 default:
4596 msyslog(LOG_ERR,
4597 "internal error - illegal descriptor type %d - EXITING",
4598 (int)lsock->type);
4599 exit(1);
4600 }
4601
4602 free(lsock);
4603 /*
4604 * remove from activefds
4605 */
4606 maintain_activefds(fd, 1);
4607 }
4608
4609
4610 static void
4611 add_addr_to_list(
4612 sockaddr_u * addr,
4613 endpt * ep
4614 )
4615 {
4616 remaddr_t *laddr;
4617
4618 #ifdef DEBUG
4619 if (find_addr_in_list(addr) == NULL) {
4620 #endif
4621 /* not there yet - add to list */
4622 laddr = emalloc(sizeof(*laddr));
4623 laddr->addr = *addr;
4624 laddr->ep = ep;
4625
4626 LINK_SLIST(remoteaddr_list, laddr, link);
4627
4628 DPRINTF(4, ("Added addr %s to list of addresses\n",
4629 stoa(addr)));
4630 #ifdef DEBUG
4631 } else
4632 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n",
4633 stoa(addr)));
4634 #endif
4635 }
4636
4637
4638 static void
4639 delete_addr_from_list(
4640 sockaddr_u *addr
4641 )
4642 {
4643 remaddr_t *unlinked;
4644
4645 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr,
4646 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t);
4647
4648 if (unlinked != NULL) {
4649 DPRINTF(4, ("Deleted addr %s from list of addresses\n",
4650 stoa(addr)));
4651 free(unlinked);
4652 }
4653 }
4654
4655
4656 static void
4657 delete_interface_from_list(
4658 endpt *iface
4659 )
4660 {
4661 remaddr_t *unlinked;
4662
4663 for (;;) {
4664 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface ==
4665 UNLINK_EXPR_SLIST_CURRENT()->ep, link,
4666 remaddr_t);
4667
4668 if (unlinked == NULL)
4669 break;
4670 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n",
4671 stoa(&unlinked->addr), iface->ifnum,
4672 iface->name));
4673 free(unlinked);
4674 }
4675 }
4676
4677
4678 static endpt *
4679 find_addr_in_list(
4680 sockaddr_u *addr
4681 )
4682 {
4683 remaddr_t *entry;
4684
4685 DPRINTF(4, ("Searching for addr %s in list of addresses - ",
4686 stoa(addr)));
4687
4688 for (entry = remoteaddr_list;
4689 entry != NULL;
4690 entry = entry->link)
4691 if (SOCK_EQ(&entry->addr, addr)) {
4692 DPRINTF(4, ("FOUND\n"));
4693 return entry->ep;
4694 }
4695
4696 DPRINTF(4, ("NOT FOUND\n"));
4697 return NULL;
4698 }
4699
4700
4701 /*
4702 * Find the given address with the all given flags set in the list
4703 */
4704 static endpt *
4705 find_flagged_addr_in_list(
4706 sockaddr_u * addr,
4707 u_int32 flags
4708 )
4709 {
4710 remaddr_t *entry;
4711
4712 DPRINTF(4, ("Finding addr %s with flags %d in list: ",
4713 stoa(addr), flags));
4714
4715 for (entry = remoteaddr_list;
4716 entry != NULL;
4717 entry = entry->link)
4718
4719 if (SOCK_EQ(&entry->addr, addr)
4720 && (entry->ep->flags & flags) == flags) {
4721
4722 DPRINTF(4, ("FOUND\n"));
4723 return entry->ep;
4724 }
4725
4726 DPRINTF(4, ("NOT FOUND\n"));
4727 return NULL;
4728 }
4729
4730
4731 const char *
4732 localaddrtoa(
4733 endpt *la
4734 )
4735 {
4736 return (NULL == la)
4737 ? "<null>"
4738 : stoa(&la->sin);
4739 }
4740
4741
4742 #ifdef HAS_ROUTING_SOCKET
4743 # ifndef UPDATE_GRACE
4744 # define UPDATE_GRACE 3 /* min. UPDATE_GRACE - 1 seconds before scanning */
4745 # endif
4746
4747 static void
4748 process_routing_msgs(struct asyncio_reader *reader)
4749 {
4750 static void * buffer;
4751 static size_t buffsz = 8192;
4752 int cnt, new, msg_type;
4753 socklen_t len;
4754 #ifdef HAVE_RTNETLINK
4755 struct nlmsghdr *nh;
4756 #else
4757 struct rt_msghdr rtm;
4758 char *p;
4759 char *endp;
4760 #endif
4761
4762 if (scan_addrs_once) {
4763 /*
4764 * discard ourselves if we are not needed any more
4765 * usually happens when running unprivileged
4766 */
4767 goto disable;
4768 }
4769
4770 if (NULL == buffer) {
4771 buffer = emalloc(buffsz);
4772 }
4773
4774 cnt = read(reader->fd, buffer, buffsz);
4775
4776 if (cnt < 0) {
4777 if (errno == ENOBUFS) {
4778 /* increase socket buffer by 25% */
4779 len = sizeof cnt;
4780 if (0 > getsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &cnt, &len) ||
4781 sizeof cnt != len) {
4782 msyslog(LOG_ERR,
4783 "routing getsockopt SO_RCVBUF %u %u: %m - disabling",
4784 (u_int)cnt, (u_int)sizeof cnt);
4785 goto disable;
4786 }
4787 new = cnt + (cnt / 4);
4788 if (0 > setsockopt(reader->fd, SOL_SOCKET, SO_RCVBUF, &new, sizeof new)) {
4789 msyslog(LOG_ERR,
4790 "routing setsockopt SO_RCVBUF %d -> %d: %m - disabling",
4791 cnt, new);
4792 goto disable;
4793 }
4794 } else {
4795 msyslog(LOG_ERR,
4796 "routing socket reports: %m - disabling");
4797 disable:
4798 remove_asyncio_reader(reader);
4799 delete_asyncio_reader(reader);
4800 return;
4801 }
4802 }
4803
4804 /*
4805 * process routing message
4806 */
4807 #ifdef HAVE_RTNETLINK
4808 for (nh = buffer; NLMSG_OK(nh, cnt); nh = NLMSG_NEXT(nh, cnt))
4809 {
4810 msg_type = nh->nlmsg_type;
4811 #else
4812 for (p = buffer, endp = p + cnt;
4813 (p + sizeof(struct rt_msghdr)) <= endp;
4814 p += rtm.rtm_msglen)
4815 {
4816 memcpy(&rtm, p, sizeof(rtm));
4817 if (rtm.rtm_version != RTM_VERSION) {
4818 msyslog(LOG_ERR,
4819 "version mismatch (got %d - expected %d) on routing socket - disabling",
4820 rtm.rtm_version, RTM_VERSION);
4821
4822 remove_asyncio_reader(reader);
4823 delete_asyncio_reader(reader);
4824 return;
4825 }
4826 msg_type = rtm.rtm_type;
4827 #endif /* !HAVE_RTNETLINK */
4828 switch (msg_type) {
4829 #ifdef RTM_NEWADDR
4830 case RTM_NEWADDR:
4831 #endif
4832 #ifdef RTM_DELADDR
4833 case RTM_DELADDR:
4834 #endif
4835 #ifdef RTM_ADD
4836 case RTM_ADD:
4837 #endif
4838 #ifdef RTM_DELETE
4839 case RTM_DELETE:
4840 #endif
4841 #ifdef RTM_REDIRECT
4842 case RTM_REDIRECT:
4843 #endif
4844 #ifdef RTM_CHANGE
4845 case RTM_CHANGE:
4846 #endif
4847 #ifdef RTM_IFINFO
4848 case RTM_IFINFO:
4849 #endif
4850 #ifdef RTM_NEWLINK
4851 case RTM_NEWLINK:
4852 #endif
4853 #ifdef RTM_DELLINK
4854 case RTM_DELLINK:
4855 #endif
4856 #ifdef RTM_NEWROUTE
4857 case RTM_NEWROUTE:
4858 #endif
4859 #ifdef RTM_DELROUTE
4860 case RTM_DELROUTE:
4861 #endif
4862 /*
4863 * we are keen on new and deleted addresses and
4864 * if an interface goes up and down or routing
4865 * changes
4866 */
4867 DPRINTF(3, ("routing message op = %d: scheduling interface update\n",
4868 msg_type));
4869 endpt_scan_timer = UPDATE_GRACE + current_time;
4870 break;
4871 #ifdef HAVE_RTNETLINK
4872 case NLMSG_DONE:
4873 /* end of multipart message */
4874 return;
4875 #endif
4876 default:
4877 /*
4878 * the rest doesn't bother us.
4879 */
4880 DPRINTF(4, ("routing message op = %d: ignored\n",
4881 msg_type));
4882 break;
4883 }
4884 }
4885 }
4886
4887 /*
4888 * set up routing notifications
4889 */
4890 static void
4891 init_async_notifications(void)
4892 {
4893 struct asyncio_reader *reader;
4894 #ifdef HAVE_RTNETLINK
4895 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
4896 struct sockaddr_nl sa;
4897 #else
4898 int fd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC);
4899 #ifdef SO_RERROR
4900 int on = 1;
4901 #endif
4902 #endif
4903 #ifdef RO_MSGFILTER
4904 unsigned char msgfilter[] = {
4905 #ifdef RTM_NEWADDR
4906 RTM_NEWADDR,
4907 #endif
4908 #ifdef RTM_DELADDR
4909 RTM_DELADDR,
4910 #endif
4911 #ifdef RTM_ADD
4912 RTM_ADD,
4913 #endif
4914 #ifdef RTM_DELETE
4915 RTM_DELETE,
4916 #endif
4917 #ifdef RTM_REDIRECT
4918 RTM_REDIRECT,
4919 #endif
4920 #ifdef RTM_CHANGE
4921 RTM_CHANGE,
4922 #endif
4923 #ifdef RTM_IFINFO
4924 RTM_IFINFO,
4925 #endif
4926 #ifdef RTM_NEWLINK
4927 RTM_NEWLINK,
4928 #endif
4929 #ifdef RTM_DELLINK
4930 RTM_DELLINK,
4931 #endif
4932 #ifdef RTM_NEWROUTE
4933 RTM_NEWROUTE,
4934 #endif
4935 #ifdef RTM_DELROUTE
4936 RTM_DELROUTE,
4937 #endif
4938 };
4939 #endif /* !RO_MSGFILTER */
4940
4941 if (fd < 0) {
4942 msyslog(LOG_ERR,
4943 "unable to open routing socket (%m) - using polled interface update");
4944 return;
4945 }
4946
4947 fd = move_fd(fd);
4948 #ifdef HAVE_RTNETLINK
4949 ZERO(sa);
4950 sa.nl_family = PF_NETLINK;
4951 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR
4952 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE
4953 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE
4954 | RTMGRP_IPV6_MROUTE;
4955 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
4956 msyslog(LOG_ERR,
4957 "bind failed on routing socket (%m) - using polled interface update");
4958 return;
4959 }
4960 #endif
4961 #ifdef RO_MSGFILTER
4962 if (setsockopt(fd, PF_ROUTE, RO_MSGFILTER,
4963 &msgfilter, sizeof(msgfilter)) == -1)
4964 msyslog(LOG_ERR, "RO_MSGFILTER: %m");
4965 #endif
4966 #ifdef SO_RERROR
4967 if (setsockopt(fd, SOL_SOCKET, SO_RERROR, &on, sizeof(on)) == -1)
4968 msyslog(LOG_ERR, "SO_RERROR: %m");
4969 #endif
4970 make_socket_nonblocking(fd);
4971 #if defined(HAVE_SIGNALED_IO)
4972 init_socket_sig(fd);
4973 #endif /* HAVE_SIGNALED_IO */
4974
4975 reader = new_asyncio_reader();
4976
4977 reader->fd = fd;
4978 reader->receiver = process_routing_msgs;
4979
4980 add_asyncio_reader(reader, FD_TYPE_SOCKET);
4981 msyslog(LOG_INFO,
4982 "Listening on routing socket on fd #%d for interface updates",
4983 fd);
4984 }
4985 #else
4986 /* HAS_ROUTING_SOCKET not defined */
4987 static void
4988 init_async_notifications(void)
4989 {
4990 }
4991 #endif
4992