1 /* $OpenBSD: client.c,v 1.69 2006/06/04 18:58:13 otto Exp $ */
2
3 /*
4 * Copyright (c) 2007, 2009, 2010 Thorsten Glaser <tg@mirbsd.org>
5 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
6 * Copyright (c) 2004 Alexander Guy <alexander.guy@andern.org>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
17 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
18 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21 #include <sys/param.h>
22 #include <errno.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <time.h>
26 #include <unistd.h>
27
28 #include "ntpd.h"
29
30 __RCSID("$MirOS: src/usr.sbin/ntpd/client.c,v 1.20 2011/10/04 10:04:15 tg Exp $");
31
32 #ifdef DDEBUG
33 #define log_reply log_info
34 #else
35 #define log_reply log_debug
36 #endif
37
38 int client_update(struct ntp_peer *, int);
39 void set_deadline(struct ntp_peer *, time_t);
40
41 void
set_next(struct ntp_peer * p,time_t t)42 set_next(struct ntp_peer *p, time_t t)
43 {
44 p->next = time(NULL) + t;
45 p->deadline = 0;
46 }
47
48 void
set_deadline(struct ntp_peer * p,time_t t)49 set_deadline(struct ntp_peer *p, time_t t)
50 {
51 p->deadline = time(NULL) + t;
52 p->next = 0;
53 }
54
55 int
client_peer_init(struct ntp_peer * p)56 client_peer_init(struct ntp_peer *p)
57 {
58 if ((p->query = calloc(1, sizeof(struct ntp_query))) == NULL)
59 fatal("client_peer_init calloc");
60 p->query->fd = -1;
61 p->query->msg.status = MODE_CLIENT | (NTP_VERSION << 3);
62 p->state = STATE_NONE;
63 p->shift = 0;
64 p->trustlevel = TRUSTLEVEL_PATHETIC;
65 p->lasterror = 0;
66
67 return (client_addr_init(p));
68 }
69
70 int
client_addr_init(struct ntp_peer * p)71 client_addr_init(struct ntp_peer *p)
72 {
73 struct sockaddr_in *sa_in;
74 struct sockaddr_in6 *sa_in6;
75 struct ntp_addr *h;
76
77 for (h = p->addr; h != NULL; h = h->next) {
78 switch (h->ss.ss_family) {
79 case AF_INET:
80 sa_in = (struct sockaddr_in *)&h->ss;
81 if (ntohs(sa_in->sin_port) == 0)
82 sa_in->sin_port = htons(123);
83 p->state = STATE_DNS_DONE;
84 break;
85 case AF_INET6:
86 sa_in6 = (struct sockaddr_in6 *)&h->ss;
87 if (ntohs(sa_in6->sin6_port) == 0)
88 sa_in6->sin6_port = htons(123);
89 p->state = STATE_DNS_DONE;
90 break;
91 default:
92 fatal("king bula sez: wrong AF in client_addr_init");
93 /* NOTREACHED */
94 }
95 }
96
97 p->query->fd = -1;
98 set_next(p, 0);
99
100 return (0);
101 }
102
103 int
client_nextaddr(struct ntp_peer * p)104 client_nextaddr(struct ntp_peer *p)
105 {
106 close(p->query->fd);
107 p->query->fd = -1;
108
109 if (p->addr_head.a == NULL) {
110 priv_host_dns(p->addr_head.name, p->id);
111 p->state = STATE_DNS_INPROGRESS;
112 return (-1);
113 }
114
115 if ((p->addr = p->addr->next) == NULL)
116 p->addr = p->addr_head.a;
117
118 p->shift = 0;
119 p->trustlevel = TRUSTLEVEL_PATHETIC;
120
121 return (0);
122 }
123
124 int
client_query(struct ntp_peer * p)125 client_query(struct ntp_peer *p)
126 {
127 int tos = IPTOS_LOWDELAY;
128 int result;
129
130 if (p->addr == NULL && client_nextaddr(p) == -1) {
131 set_next(p, error_interval());
132 return (0);
133 }
134
135 if (p->state < STATE_DNS_DONE || p->addr == NULL)
136 return (-1);
137
138 if (p->query->fd == -1) {
139 struct sockaddr *sa = (struct sockaddr *)&p->addr->ss;
140
141 if ((p->query->fd = socket(p->addr->ss.ss_family, SOCK_DGRAM,
142 0)) == -1) {
143 if (errno == EAFNOSUPPORT) {
144 log_warn("client_query socket");
145 client_nextaddr(p);
146 set_next(p, error_interval());
147 return (-1);
148 }
149 fatal("client_query socket");
150 }
151
152 if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
153 if (errno == ECONNREFUSED || errno == ENETUNREACH ||
154 errno == EHOSTUNREACH) {
155 client_nextaddr(p);
156 set_next(p, error_interval());
157 return (-1);
158 } else
159 fatal("client_query connect");
160 }
161 if (p->addr->ss.ss_family == AF_INET && setsockopt(p->query->fd,
162 IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
163 log_warn("setsockopt IPTOS_LOWDELAY");
164 }
165
166 /*
167 * Send out a random 64-bit number as our transmit time. The NTP
168 * server will copy said number into the originate field on the
169 * response that it sends us. This is totally legal per the SNTP spec.
170 *
171 * The impact of this is two fold: we no longer send out the current
172 * system time for the world to see (which may aid an attacker), and
173 * it gives us a (not very secure) way of knowing that we're not
174 * getting spoofed by an attacker that can't capture our traffic
175 * but can spoof packets from the NTP server we're communicating with.
176 *
177 * Save the real transmit timestamp locally.
178 */
179
180 p->query->msg.xmttime.int_partl = arc4random();
181 p->query->msg.xmttime.fractionl = arc4random();
182 p->query->xmttime = gettime();
183
184 if ((result = ntp_sendmsg(p->query->fd, NULL, &p->query->msg,
185 NTP_MSGSIZE_NOAUTH, 0)) < 0) {
186 set_next(p, INTERVAL_QUERY_PATHETIC);
187 if (result == -2) {
188 /*
189 * got EINVAL in sendto(), probably the local socket
190 * address got invalidated -> force re-connect()
191 */
192 close(p->query->fd);
193 p->query->fd = -1;
194 }
195 return (-1);
196 }
197
198 p->state = STATE_QUERY_SENT;
199 set_deadline(p, QUERYTIME_MAX);
200
201 return (0);
202 }
203
204 int
client_dispatch(struct ntp_peer * p,u_int8_t settime,uint8_t trace)205 client_dispatch(struct ntp_peer *p, u_int8_t settime, uint8_t trace)
206 {
207 char buf[NTP_MSGSIZE];
208 ssize_t size;
209 struct ntp_msg msg;
210 double T1, T2, T3, T4;
211 time_t interval;
212
213 if ((size = recvfrom(p->query->fd, &buf, sizeof(buf), 0,
214 NULL, NULL)) == -1) {
215 if (errno == EHOSTUNREACH || errno == EHOSTDOWN ||
216 errno == ENETUNREACH || errno == ENETDOWN ||
217 errno == ECONNREFUSED || errno == EADDRNOTAVAIL) {
218 client_log_error(p, "recvfrom", errno);
219 set_next(p, error_interval());
220 return (0);
221 } else
222 fatal("recvfrom");
223 }
224
225 T4 = gettime();
226
227 ntp_getmsg((struct sockaddr *)&p->addr->ss, buf, size, &msg);
228
229 if (msg.orgtime.int_partl != p->query->msg.xmttime.int_partl ||
230 msg.orgtime.fractionl != p->query->msg.xmttime.fractionl)
231 return (0);
232
233 if ((msg.status & LI_ALARM) == LI_ALARM || msg.stratum == 0 ||
234 msg.stratum > NTP_MAXSTRATUM) {
235 interval = error_interval();
236 set_next(p, interval);
237 log_info("reply from %s: not synced, next query %ds",
238 log_sockaddr((struct sockaddr *)&p->addr->ss),
239 (int)interval);
240 return (0);
241 }
242
243 /**
244 * From RFC 2030 (with a correction to the delay math) and rdate(8):
245 *
246 * Timestamp Name ID When Generated
247 * ------------------------------------------------------------
248 * Originate Timestamp T1 time request sent by client
249 * Receive Timestamp T2 time request received by server
250 * Transmit Timestamp T3 time reply sent by server
251 * Destination Timestamp T4 time reply received by client
252 *
253 * The roundtrip delay d, local clock offset t, and adjustment
254 * error v are defined as:
255 *
256 * d = (T4 - T1) - (T3 - T2)
257 * t = ((T2 - T1) + (T3 - T4)) / 2
258 * v = |(T2 - T1) - (T3 - T4)|
259 */
260
261 T1 = p->query->xmttime;
262 T2 = lfp_to_d(msg.rectime);
263 T3 = lfp_to_d(msg.xmttime);
264
265 p->reply[p->shift].offset = ((T2 - T1) + (T3 - T4)) / 2;
266 p->reply[p->shift].delay = (T4 - T1) - (T3 - T2);
267 if (p->reply[p->shift].delay < DELAY_NEGLIGEE) {
268 interval = error_interval();
269 set_next(p, interval);
270 log_info("reply from %s: negative delay %fs, "
271 "next query %ds",
272 log_sockaddr((struct sockaddr *)&p->addr->ss),
273 p->reply[p->shift].delay, (int)interval);
274 return (0);
275 }
276 p->reply[p->shift].error = (T2 - T1) - (T3 - T4);
277 if (p->reply[p->shift].error < 0)
278 p->reply[p->shift].error = -p->reply[p->shift].error;
279 p->reply[p->shift].rcvd = time(NULL);
280 p->reply[p->shift].good = 1;
281
282 p->reply[p->shift].status.leap = (msg.status & LIMASK);
283 p->reply[p->shift].status.precision = msg.precision;
284 p->reply[p->shift].status.rootdelay = sfp_to_d(msg.rootdelay);
285 p->reply[p->shift].status.rootdispersion = sfp_to_d(msg.dispersion);
286 p->reply[p->shift].status.refid = msg.refid;
287 p->reply[p->shift].status.refid4 = htonl(msg.xmttime.fractionl);
288 p->reply[p->shift].status.reftime = lfp_to_d(msg.reftime);
289 p->reply[p->shift].status.poll = msg.ppoll;
290 p->reply[p->shift].status.stratum = msg.stratum - p->stratum_offset;
291
292 if (p->trustlevel < TRUSTLEVEL_PATHETIC)
293 interval = scale_interval(INTERVAL_QUERY_PATHETIC);
294 else if (p->trustlevel < TRUSTLEVEL_AGRESSIVE)
295 interval = scale_interval(INTERVAL_QUERY_AGRESSIVE);
296 else
297 interval = scale_interval(INTERVAL_QUERY_NORMAL);
298
299 set_next(p, interval);
300 p->state = STATE_REPLY_RECEIVED;
301
302 if (trace > 1)
303 log_info("rcvd str %d dst %3d ofs %6.1f srv %s",
304 msg.stratum, (int)((p->reply[p->shift].delay + .0005) * 1000.),
305 p->reply[p->shift].offset * 1000.,
306 log_sockaddr((struct sockaddr *)&p->addr->ss));
307
308 /* every received reply which we do not discard increases trust */
309 if (p->trustlevel < TRUSTLEVEL_MAX &&
310 ++p->trustlevel == TRUSTLEVEL_BADPEER)
311 chpeertrust(p, true);
312
313 log_reply("reply from %s: offset %fs delay %fs, "
314 "next query %ds", log_sockaddr((struct sockaddr *)&p->addr->ss),
315 p->reply[p->shift].offset, p->reply[p->shift].delay,
316 (int)interval);
317
318 client_update(p, trace);
319 if (settime)
320 priv_settime(p->reply[p->shift].offset);
321
322 if (++p->shift >= OFFSET_ARRAY_SIZE)
323 p->shift = 0;
324
325 return (0);
326 }
327
328 int
client_update(struct ntp_peer * p,int trace)329 client_update(struct ntp_peer *p, int trace)
330 {
331 int i, best = 0, good = 0;
332
333 /*
334 * clock filter
335 * find the offset which arrived with the lowest delay
336 * use that as the peer update
337 * invalidate it and all older ones
338 */
339
340 for (i = 0; good == 0 && i < OFFSET_ARRAY_SIZE; i++)
341 if (p->reply[i].good) {
342 good++;
343 best = i;
344 }
345
346 for (; i < OFFSET_ARRAY_SIZE; i++)
347 if (p->reply[i].good) {
348 good++;
349 if (p->reply[i].delay < p->reply[best].delay)
350 best = i;
351 }
352
353 if (trace > 2)
354 log_info("client_update, %d good, best = %3dms delay", good,
355 (int)((p->reply[best].delay + .0005) * 1000.));
356
357 if (good < OFFSET_ARRAY_SIZE)
358 return (-1);
359
360 memcpy(&p->update, &p->reply[best], sizeof(p->update));
361 if (priv_adjtime() == 0) {
362 for (i = 0; i < OFFSET_ARRAY_SIZE; i++)
363 if (p->reply[i].rcvd <= p->reply[best].rcvd)
364 p->reply[i].good = 0;
365 }
366 return (0);
367 }
368
369 void
client_log_error(struct ntp_peer * peer,const char * operation,int error)370 client_log_error(struct ntp_peer *peer, const char *operation, int error)
371 {
372 const char *address;
373
374 address = log_sockaddr((struct sockaddr *)&peer->addr->ss);
375 if (peer->lasterror == error) {
376 log_debug("%s %s: %s", operation, address, strerror(error));
377 return;
378 }
379 peer->lasterror = error;
380 log_warn("%s %s", operation, address);
381 }
382