2 * ntp_io.c - input/output routines for ntpd. The socket-opening code
3 * was shamelessly stolen from ntpd.
14 # if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE)
15 # define FNM_CASEFOLD FNM_IGNORECASE
18 #ifdef HAVE_SYS_PARAM_H
19 # include <sys/param.h>
21 #ifdef HAVE_SYS_IOCTL_H
22 # include <sys/ioctl.h>
24 #ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */
25 # include <sys/sockio.h>
31 #include "ntp_machine.h"
35 #include "ntp_lists.h"
36 #include "ntp_refclock.h"
37 #include "ntp_stdlib.h"
38 #include "ntp_worker.h"
39 #include "ntp_request.h"
40 #include "ntp_assert.h"
41 #include "timevalops.h"
42 #include "timespecops.h"
43 #include "ntpd-opts.h"
46 /* Don't include ISC's version of IPv6 variables and structures */
49 #include <isc/interfaceiter.h>
50 #include <isc/netaddr.h>
51 #include <isc/result.h>
52 #include <isc/sockaddr.h>
58 #ifdef HAS_ROUTING_SOCKET
59 # include <net/route.h>
60 # ifdef HAVE_RTNETLINK
61 # include <linux/rtnetlink.h>
66 * setsockopt does not always have the same arg declaration
67 * across all platforms. If it's not defined we make it empty
70 #ifndef SETSOCKOPT_ARG_CAST
71 #define SETSOCKOPT_ARG_CAST
74 extern int listen_to_virtual_ips;
77 #define IPTOS_DSCP_EF 0xb8
79 int qos = IPTOS_DSCP_EF; /* QoS RFC3246 */
82 /* TODO burnicki: This should be moved to ntp_timer.c, but if we do so
83 * we get a linker error. Since we're running out of time before the leap
84 * second occurs, we let it here where it just works.
92 typedef struct nic_rule_tag nic_rule;
96 nic_rule_action action;
97 nic_rule_match match_type;
104 * NIC rule listhead. Entries are added at the head so that the first
105 * match in the list is the last matching rule specified.
107 nic_rule *nic_rule_list;
110 #if defined(SO_BINTIME) && defined(SCM_BINTIME) && defined(CMSG_FIRSTHDR)
111 # define HAVE_PACKET_TIMESTAMP
112 # define HAVE_BINTIME
113 # ifdef BINTIME_CTLMSGBUF_SIZE
114 # define CMSG_BUFSIZE BINTIME_CTLMSGBUF_SIZE
116 # define CMSG_BUFSIZE 1536 /* moderate default */
118 #elif defined(SO_TIMESTAMPNS) && defined(SCM_TIMESTAMPNS) && defined(CMSG_FIRSTHDR)
119 # define HAVE_PACKET_TIMESTAMP
120 # define HAVE_TIMESTAMPNS
121 # ifdef TIMESTAMPNS_CTLMSGBUF_SIZE
122 # define CMSG_BUFSIZE TIMESTAMPNS_CTLMSGBUF_SIZE
124 # define CMSG_BUFSIZE 1536 /* moderate default */
126 #elif defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP) && defined(CMSG_FIRSTHDR)
127 # define HAVE_PACKET_TIMESTAMP
128 # define HAVE_TIMESTAMP
129 # ifdef TIMESTAMP_CTLMSGBUF_SIZE
130 # define CMSG_BUFSIZE TIMESTAMP_CTLMSGBUF_SIZE
132 # define CMSG_BUFSIZE 1536 /* moderate default */
135 /* fill in for old/other timestamp interfaces */
138 #if defined(SYS_WINNT)
139 #include "win32_io.h"
140 #include <isc/win32os.h>
144 * We do asynchronous input using the SIGIO facility. A number of
145 * recvbuf buffers are preallocated for input. In the signal
146 * handler we poll to see which sockets are ready and read the
147 * packets from them into the recvbuf's along with a time stamp and
148 * an indication of the source host and the interface it was received
149 * through. This allows us to get as accurate receive time stamps
150 * as possible independent of other processing going on.
152 * We watch the number of recvbufs available to the signal handler
153 * and allocate more when this number drops below the low water
154 * mark. If the signal handler should run out of buffers in the
155 * interim it will drop incoming frames, the idea being that it is
156 * better to drop a packet than to be inaccurate.
161 * Other statistics of possible interest
163 volatile u_long packets_dropped; /* total number of packets dropped on reception */
164 volatile u_long packets_ignored; /* packets received on wild card interface */
165 volatile u_long packets_received; /* total number of packets received */
166 u_long packets_sent; /* total number of packets sent */
167 u_long packets_notsent; /* total number of packets which couldn't be sent */
169 volatile u_long handler_calls; /* number of calls to interrupt handler */
170 volatile u_long handler_pkts; /* number of pkts received by handler */
171 u_long io_timereset; /* time counters were reset */
176 endpt * any_interface; /* wildcard ipv4 interface */
177 endpt * any6_interface; /* wildcard ipv6 interface */
178 endpt * loopback_interface; /* loopback ipv4 interface */
180 isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */
181 u_int sys_ifnum; /* next .ifnum to assign */
182 int ninterfaces; /* Total number of interfaces */
184 int disable_dynamic_updates; /* scan interfaces once only */
188 * Refclock stuff. We keep a chain of structures with data concerning
189 * the guys we are doing I/O for.
191 static struct refclockio *refio;
192 #endif /* REFCLOCK */
195 * File descriptor masks etc. for call to select
196 * Not needed for I/O Completion Ports or anything outside this file
198 static fd_set activefds;
199 static int maxactivefd;
202 * bit alternating value to detect verified interfaces during an update cycle
204 static u_short sys_interphase = 0;
206 static endpt * new_interface(endpt *);
207 static void add_interface(endpt *);
208 static int update_interfaces(u_short, interface_receiver_t,
210 static void remove_interface(endpt *);
211 static endpt * create_interface(u_short, endpt *);
213 static int is_wildcard_addr (const sockaddr_u *);
216 * Multicast functions
218 static isc_boolean_t addr_ismulticast (sockaddr_u *);
219 static isc_boolean_t is_anycast (sockaddr_u *,
223 * Not all platforms support multicast
226 static isc_boolean_t socket_multicast_enable (endpt *, sockaddr_u *);
227 static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *);
231 static void interface_dump (const endpt *);
232 static void sockaddr_dump (const sockaddr_u *);
233 static void print_interface (const endpt *, const char *, const char *);
234 #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0)
236 #define DPRINT_INTERFACE(level, args) do {} while (0)
239 typedef struct vsock vsock_t;
240 enum desc_type { FD_TYPE_SOCKET, FD_TYPE_FILE };
250 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
252 * async notification processing (e. g. routing sockets)
255 * support for receiving data on fd that is not a refclock or a socket
256 * like e. g. routing sockets
258 struct asyncio_reader {
259 struct asyncio_reader *link; /* the list this is being kept in */
260 SOCKET fd; /* fd to be read */
261 void *data; /* possibly local data */
262 void (*receiver)(struct asyncio_reader *); /* input handler */
265 struct asyncio_reader *asyncio_reader_list;
267 static void delete_asyncio_reader (struct asyncio_reader *);
268 static struct asyncio_reader *new_asyncio_reader (void);
269 static void add_asyncio_reader (struct asyncio_reader *, enum desc_type);
270 static void remove_asyncio_reader (struct asyncio_reader *);
272 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */
274 static void init_async_notifications (void);
276 static int addr_eqprefix (const sockaddr_u *, const sockaddr_u *,
278 static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *,
279 const sockaddr_u *, const sockaddr_u *);
280 static int create_sockets (u_short);
281 static SOCKET open_socket (sockaddr_u *, int, int, endpt *);
282 static void set_reuseaddr (int);
283 static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *);
285 #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
286 static char * fdbits (int, const fd_set *);
288 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
289 static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *);
292 typedef struct remaddr remaddr_t;
300 remaddr_t * remoteaddr_list;
301 endpt * ep_list; /* complete endpt list */
302 endpt * mc4_list; /* IPv4 mcast-capable unicast endpts */
303 endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */
305 static endpt * wildipv4;
306 static endpt * wildipv6;
309 int accept_wildcard_if_for_winnt;
311 const int accept_wildcard_if_for_winnt = FALSE;
314 static void add_fd_to_list (SOCKET, enum desc_type);
315 static endpt * find_addr_in_list (sockaddr_u *);
316 static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32);
317 static void delete_addr_from_list (sockaddr_u *);
318 static void delete_interface_from_list(endpt *);
319 static void close_and_delete_fd_from_list(SOCKET);
320 static void add_addr_to_list (sockaddr_u *, endpt *);
321 static void create_wildcards (u_short);
322 static endpt * findlocalinterface (sockaddr_u *, int, int);
323 static endpt * findclosestinterface (sockaddr_u *, int);
325 static const char * action_text (nic_rule_action);
327 static nic_rule_action interface_action(char *, sockaddr_u *, u_int32);
328 static void convert_isc_if (isc_interface_t *,
330 static void calc_addr_distance(sockaddr_u *,
333 static int cmp_addr_distance(const sockaddr_u *,
337 * Routines to read the ntp packets
339 #if !defined(HAVE_IO_COMPLETION_PORT)
340 static inline int read_network_packet (SOCKET, struct interface *, l_fp);
341 static void ntpd_addremove_io_fd (int, int, int);
342 static void input_handler_scan (const l_fp*, const fd_set*);
343 static int/*BOOL*/ sanitize_fdset (int errc);
345 static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp);
347 #ifdef HAVE_SIGNALED_IO
348 static void input_handler (l_fp*);
353 #ifndef HAVE_IO_COMPLETION_PORT
362 if (fd < 0 || fd >= FD_SETSIZE) {
364 "Too many sockets in use, FD_SETSIZE %d exceeded by fd %d",
370 FD_SET(fd, &activefds);
371 maxactivefd = max(fd, maxactivefd);
373 FD_CLR(fd, &activefds);
374 if (maxactivefd && fd == maxactivefd) {
375 for (i = maxactivefd - 1; i >= 0; i--)
376 if (FD_ISSET(i, &activefds)) {
380 INSIST(fd != maxactivefd);
384 #endif /* !HAVE_IO_COMPLETION_PORT */
389 * collect timing information for various processing
390 * paths. currently we only pass them on to the file
391 * for later processing. this could also do histogram
392 * based analysis in other to reduce the load (and skew)
393 * dur to the file output
396 collect_timing(struct recvbuf *rb, const char *tag, int count, l_fp *dts)
400 snprintf(buf, sizeof(buf), "%s %d %s %s",
402 ? ((rb->dstadr != NULL)
403 ? stoa(&rb->recv_srcadr)
406 count, lfptoa(dts, 9), tag);
407 record_timing_stats(buf);
412 * About dynamic interfaces, sockets, reception and more...
414 * the code solves following tasks:
416 * - keep a current list of active interfaces in order
417 * to bind to to the interface address on NTP_PORT so that
418 * all wild and specific bindings for NTP_PORT are taken by ntpd
419 * to avoid other daemons messing with the time or sockets.
420 * - all interfaces keep a list of peers that are referencing
421 * the interface in order to quickly re-assign the peers to
422 * new interface in case an interface is deleted (=> gone from system or
424 * - have a preconfigured socket ready with the right local address
425 * for transmission and reception
426 * - have an address list for all destination addresses used within ntpd
427 * to find the "right" preconfigured socket.
428 * - facilitate updating the internal interface list with respect to
429 * the current kernel state
433 * - mapping of multicast addresses to the interface affected is not always
434 * one to one - especially on hosts with multiple interfaces
435 * the code here currently allocates a separate interface entry for those
436 * multicast addresses
437 * iff it is able to bind to a *new* socket with the multicast address (flags |= MCASTIF)
438 * in case of failure the multicast address is bound to an existing interface.
439 * - on some systems it is perfectly legal to assign the same address to
440 * multiple interfaces. Therefore this code does not keep a list of interfaces
441 * but a list of interfaces that represent a unique address as determined by the kernel
442 * by the procedure in findlocalinterface. Thus it is perfectly legal to see only
443 * one representative of a group of real interfaces if they share the same address.
445 * Frank Kardel 20050910
449 * init_io - initialize I/O module.
454 /* Init buffer free list and stat counters */
455 init_recvbuff(RECV_INIT);
456 /* update interface every 5 minutes as default */
457 interface_interval = 300;
460 addremove_io_fd = &ntpd_addremove_io_fd;
463 #if defined(SYS_WINNT)
464 init_io_completion_port();
465 #elif defined(HAVE_SIGNALED_IO)
466 (void) set_signal(input_handler);
472 ntpd_addremove_io_fd(
480 #ifdef HAVE_SIGNALED_IO
483 #endif /* not HAVE_SIGNALED_IO */
485 maintain_activefds(fd, remove_it);
490 * io_open_sockets - call socket creation routine
493 io_open_sockets(void)
495 static int already_opened;
497 if (already_opened || HAVE_OPT( SAVECONFIGQUIT ))
506 create_sockets(NTP_PORT);
509 init_async_notifications();
511 DPRINTF(3, ("io_open_sockets: maxactivefd %d\n", maxactivefd));
517 * function to dump the contents of the interface structure
518 * for debugging use only.
521 interface_dump(const endpt *itf)
523 printf("Dumping interface: %p\n", itf);
524 printf("fd = %d\n", itf->fd);
525 printf("bfd = %d\n", itf->bfd);
526 printf("sin = %s,\n", stoa(&itf->sin));
527 sockaddr_dump(&itf->sin);
528 printf("bcast = %s,\n", stoa(&itf->bcast));
529 sockaddr_dump(&itf->bcast);
530 printf("mask = %s,\n", stoa(&itf->mask));
531 sockaddr_dump(&itf->mask);
532 printf("name = %s\n", itf->name);
533 printf("flags = 0x%08x\n", itf->flags);
534 printf("last_ttl = %d\n", itf->last_ttl);
535 printf("addr_refid = %08x\n", itf->addr_refid);
536 printf("num_mcast = %d\n", itf->num_mcast);
537 printf("received = %ld\n", itf->received);
538 printf("sent = %ld\n", itf->sent);
539 printf("notsent = %ld\n", itf->notsent);
540 printf("ifindex = %u\n", itf->ifindex);
541 printf("peercnt = %u\n", itf->peercnt);
542 printf("phase = %u\n", itf->phase);
546 * sockaddr_dump - hex dump the start of a sockaddr_u
549 sockaddr_dump(const sockaddr_u *psau)
551 /* Limit the size of the sockaddr_in6 hex dump */
552 const int maxsize = min(32, sizeof(psau->sa6));
556 /* XXX: Should we limit maxsize based on psau->saX.sin_family? */
557 cp = (const void *)&psau->sa6;
559 for(i = 0; i < maxsize; i++) {
560 printf("%02x", *cp++);
568 * print_interface - helper to output debug information
571 print_interface(const endpt *iface, const char *pfx, const char *sfx)
573 printf("%sinterface #%d: fd=%d, bfd=%d, name=%s, flags=0x%x, ifindex=%u, sin=%s",
582 if (AF_INET == iface->family) {
583 if (iface->flags & INT_BROADCAST)
584 printf(", bcast=%s", stoa(&iface->bcast));
585 printf(", mask=%s", stoa(&iface->mask));
588 (iface->ignore_packets)
592 if (debug > 4) /* in-depth debugging only */
593 interface_dump(iface);
597 #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
599 * create an asyncio_reader structure
601 static struct asyncio_reader *
602 new_asyncio_reader(void)
604 struct asyncio_reader *reader;
606 reader = emalloc_zero(sizeof(*reader));
607 reader->fd = INVALID_SOCKET;
616 delete_asyncio_reader(
617 struct asyncio_reader *reader
624 * add asynchio_reader
628 struct asyncio_reader * reader,
631 LINK_SLIST(asyncio_reader_list, reader, link);
632 add_fd_to_list(reader->fd, type);
636 * remove asynchio_reader
639 remove_asyncio_reader(
640 struct asyncio_reader *reader
643 struct asyncio_reader *unlinked;
645 UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link,
646 struct asyncio_reader);
648 if (reader->fd != INVALID_SOCKET)
649 close_and_delete_fd_from_list(reader->fd);
651 reader->fd = INVALID_SOCKET;
653 #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */
656 /* compare two sockaddr prefixes */
659 const sockaddr_u * a,
660 const sockaddr_u * b,
666 isc_sockaddr_t isc_sa;
669 memcpy(&isc_sa.type, a, min(sizeof(isc_sa.type), sizeof(*a)));
670 isc_netaddr_fromsockaddr(&isc_a, &isc_sa);
673 memcpy(&isc_sa.type, b, min(sizeof(isc_sa.type), sizeof(*b)));
674 isc_netaddr_fromsockaddr(&isc_b, &isc_sa);
676 return (int)isc_netaddr_eqprefix(&isc_a, &isc_b,
683 const sockaddr_u * a,
684 const sockaddr_u * a_mask,
685 const sockaddr_u * b,
686 const sockaddr_u * b_mask
690 const u_int32 * pa_limit;
695 REQUIRE(AF(a) == AF(a_mask));
696 REQUIRE(AF(b) == AF(b_mask));
698 * With address and mask families verified to match, comparing
699 * the masks also validates the address's families match.
701 if (!SOCK_EQ(a_mask, b_mask))
705 loops = sizeof(NSRCADR6(a)) / sizeof(*pa);
706 pa = (const void *)&NSRCADR6(a);
707 pb = (const void *)&NSRCADR6(b);
708 pm = (const void *)&NSRCADR6(a_mask);
710 loops = sizeof(NSRCADR(a)) / sizeof(*pa);
711 pa = (const void *)&NSRCADR(a);
712 pb = (const void *)&NSRCADR(b);
713 pm = (const void *)&NSRCADR(a_mask);
715 for (pa_limit = pa + loops; pa < pa_limit; pa++, pb++, pm++)
716 if ((*pa & *pm) != (*pb & *pm))
724 * interface list enumerator - visitor pattern
728 interface_receiver_t receiver,
732 interface_info_t ifi;
734 ifi.action = IFS_EXISTS;
735 for (ifi.ep = ep_list; ifi.ep != NULL; ifi.ep = ifi.ep->elink)
736 (*receiver)(data, &ifi);
740 * do standard initialization of interface structure
748 ep->fd = INVALID_SOCKET;
749 ep->bfd = INVALID_SOCKET;
750 ep->phase = sys_interphase;
755 * create new interface structure initialize from
756 * template structure or via standard initialization
759 static struct interface *
761 struct interface *interface
764 struct interface * iface;
766 iface = emalloc(sizeof(*iface));
768 if (NULL == interface)
769 init_interface(iface);
770 else /* use the template */
771 memcpy(iface, interface, sizeof(*iface));
773 /* count every new instance of an interface in the system */
774 iface->ifnum = sys_ifnum++;
775 iface->starttime = current_time;
777 # ifdef HAVE_IO_COMPLETION_PORT
778 if (!io_completion_port_add_interface(iface)) {
779 msyslog(LOG_EMERG, "cannot register interface with IO engine -- will exit now");
788 * return interface storage into free memory pool
795 # ifdef HAVE_IO_COMPLETION_PORT
796 io_completion_port_remove_interface(ep);
803 * link interface into list of known interfaces
810 endpt ** pmclisthead;
818 int ep_univ_iid; /* iface ID from MAC address */
819 int scan_univ_iid; /* see RFC 4291 */
820 int ep_privacy; /* random local iface ID */
821 int scan_privacy; /* see RFC 4941 */
824 /* Calculate the refid */
825 ep->addr_refid = addr2refid(&ep->sin);
826 /* link at tail so ntpdc -c ifstats index increases each row */
827 LINK_TAIL_SLIST(ep_list, ep, elink, endpt);
830 /* the rest is for enabled multicast-capable addresses only */
831 if (ep->ignore_packets || !(INT_MULTICAST & ep->flags) ||
832 INT_LOOPBACK & ep->flags)
834 # ifndef INCLUDE_IPV6_MULTICAST_SUPPORT
835 if (AF_INET6 == ep->family)
838 pmclisthead = (AF_INET == ep->family)
842 if (AF_INET6 == ep->family) {
844 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) ||
845 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin));
846 ep_univ_iid = IS_IID_UNIV(&ep->sin);
847 ep_privacy = !!(INT_PRIVACY & ep->flags);
853 DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n",
855 (ep_local) ? " link/scope-local" : "",
856 (ep_univ_iid) ? " univ-IID" : "",
857 (ep_privacy) ? " privacy" : ""));
859 * If we have multiple local addresses on the same network
860 * interface, and some are link- or site-local, do not multicast
861 * out from the link-/site-local addresses by default, to avoid
862 * duplicate manycastclient associations between v6 peers using
863 * link-local and global addresses. link-local can still be
864 * chosen using "nic ignore myv6globalprefix::/64".
865 * Similarly, if we have multiple global addresses from the same
866 * prefix on the same network interface, multicast from one,
867 * preferring EUI-64, then static, then least RFC 4941 privacy
870 for (scan = *pmclisthead; scan != NULL; scan = scan_next) {
871 scan_next = scan->mclink;
872 if (ep->family != scan->family)
874 if (strcmp(ep->name, scan->name))
876 same_subnet = addr_samesubnet(&ep->sin, &ep->mask,
877 &scan->sin, &scan->mask);
878 if (AF_INET6 == ep->family) {
881 IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) ||
882 IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr));
883 scan_univ_iid = IS_IID_UNIV(addr);
884 scan_privacy = !!(INT_PRIVACY & scan->flags);
887 scan_univ_iid = FALSE;
888 scan_privacy = FALSE;
890 DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n",
892 (scan_local) ? " link/scope-local" : "",
893 (scan_univ_iid) ? " univ-IID" : "",
894 (scan_privacy) ? " privacy" : ""));
895 if ((ep_local && !scan_local) || (same_subnet &&
896 ((ep_privacy && !scan_privacy) ||
897 (!ep_univ_iid && scan_univ_iid)))) {
898 DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n",
906 if ((scan_local && !ep_local) || (same_subnet &&
907 ((scan_privacy && !ep_privacy) ||
908 (!scan_univ_iid && ep_univ_iid)))) {
909 UNLINK_SLIST(unlinked, *pmclisthead,
910 scan, mclink, endpt);
911 DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n",
915 stoa(&scan->sin), stoa(&ep->sin)));
919 * Add link/site local at the tail of the multicast-
920 * capable unicast interfaces list, so that ntpd will
921 * send from global addresses before link-/site-local
925 LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt);
927 LINK_SLIST(*pmclisthead, ep, mclink);
928 DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n",
933 (AF_INET == ep->family)
937 if (INVALID_SOCKET == ep->fd)
941 * select the local address from which to send to multicast.
943 switch (AF(&ep->sin)) {
946 rc = setsockopt(ep->fd, IPPROTO_IP,
948 (void *)&NSRCADR(&ep->sin),
949 sizeof(NSRCADR(&ep->sin)));
952 "setsockopt IP_MULTICAST_IF %s fails: %m",
956 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
958 rc = setsockopt(ep->fd, IPPROTO_IPV6,
960 (void *)&ep->ifindex,
961 sizeof(ep->ifindex));
962 /* do not complain if bound addr scope is ifindex */
963 if (rc && ep->ifindex != SCOPE(&ep->sin))
965 "setsockopt IPV6_MULTICAST_IF %u for %s fails: %m",
966 ep->ifindex, stoa(&ep->sin));
975 * remove interface from known interface list and clean up
976 * associated resources
984 endpt ** pmclisthead;
987 UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt);
988 if (!ep->ignore_packets && INT_MULTICAST & ep->flags) {
989 pmclisthead = (AF_INET == ep->family)
992 UNLINK_SLIST(unlinked, *pmclisthead, ep, mclink, endpt);
993 DPRINTF(4, ("%s %s IPv%s multicast-capable unicast local address list\n",
998 (AF_INET == ep->family)
1002 delete_interface_from_list(ep);
1004 if (ep->fd != INVALID_SOCKET) {
1006 "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs",
1014 current_time - ep->starttime);
1015 # ifdef HAVE_IO_COMPLETION_PORT
1016 io_completion_port_remove_socket(ep->fd, ep);
1018 close_and_delete_fd_from_list(ep->fd);
1019 ep->fd = INVALID_SOCKET;
1022 if (ep->bfd != INVALID_SOCKET) {
1024 "stop listening for broadcasts to %s on interface #%d %s",
1025 stoa(&ep->bcast), ep->ifnum, ep->name);
1026 # ifdef HAVE_IO_COMPLETION_PORT
1027 io_completion_port_remove_socket(ep->bfd, ep);
1029 close_and_delete_fd_from_list(ep->bfd);
1030 ep->bfd = INVALID_SOCKET;
1032 # ifdef HAVE_IO_COMPLETION_PORT
1033 io_completion_port_remove_interface(ep);
1037 mon_clearinterface(ep);
1039 /* remove restrict interface entry */
1040 SET_HOSTMASK(&resmask, AF(&ep->sin));
1041 hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask,
1042 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
1051 msyslog(LOG_INFO, "%s on %d %s %s",
1052 (ep->ignore_packets)
1054 : "Listen normally",
1067 #ifdef INCLUDE_IPV6_SUPPORT
1070 sockaddr_u wildaddr;
1071 nic_rule_action action;
1072 struct interface * wildif;
1075 * silence "potentially uninitialized" warnings from VC9
1076 * failing to follow the logic. Ideally action could remain
1077 * uninitialized, and the memset be the first statement under
1078 * the first if (v4wild).
1080 action = ACTION_LISTEN;
1083 #ifdef INCLUDE_IPV6_SUPPORT
1085 * create pseudo-interface with wildcard IPv6 address
1087 v6wild = ipv6_works;
1089 /* set wildaddr to the v6 wildcard address :: */
1091 AF(&wildaddr) = AF_INET6;
1092 SET_ADDR6N(&wildaddr, in6addr_any);
1093 SET_PORT(&wildaddr, port);
1094 SET_SCOPE(&wildaddr, 0);
1096 /* check for interface/nic rules affecting the wildcard */
1097 action = interface_action(NULL, &wildaddr, 0);
1098 v6wild = (ACTION_IGNORE != action);
1101 wildif = new_interface(NULL);
1103 strlcpy(wildif->name, "v6wildcard", sizeof(wildif->name));
1104 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin));
1105 wildif->family = AF_INET6;
1106 AF(&wildif->mask) = AF_INET6;
1107 SET_ONESMASK(&wildif->mask);
1109 wildif->flags = INT_UP | INT_WILDCARD;
1110 wildif->ignore_packets = (ACTION_DROP == action);
1112 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif);
1114 if (wildif->fd != INVALID_SOCKET) {
1116 any6_interface = wildif;
1117 add_addr_to_list(&wildif->sin, wildif);
1118 add_interface(wildif);
1119 log_listen_address(wildif);
1122 "unable to bind to wildcard address %s - another process may be running - EXITING",
1123 stoa(&wildif->sin));
1126 DPRINT_INTERFACE(2, (wildif, "created ", "\n"));
1131 * create pseudo-interface with wildcard IPv4 address
1133 v4wild = ipv4_works;
1135 /* set wildaddr to the v4 wildcard address 0.0.0.0 */
1136 AF(&wildaddr) = AF_INET;
1137 SET_ADDR4N(&wildaddr, INADDR_ANY);
1138 SET_PORT(&wildaddr, port);
1140 /* check for interface/nic rules affecting the wildcard */
1141 action = interface_action(NULL, &wildaddr, 0);
1142 v4wild = (ACTION_IGNORE != action);
1145 wildif = new_interface(NULL);
1147 strlcpy(wildif->name, "v4wildcard", sizeof(wildif->name));
1148 memcpy(&wildif->sin, &wildaddr, sizeof(wildif->sin));
1149 wildif->family = AF_INET;
1150 AF(&wildif->mask) = AF_INET;
1151 SET_ONESMASK(&wildif->mask);
1153 wildif->flags = INT_BROADCAST | INT_UP | INT_WILDCARD;
1154 wildif->ignore_packets = (ACTION_DROP == action);
1157 * enable multicast reception on the broadcast socket
1159 AF(&wildif->bcast) = AF_INET;
1160 SET_ADDR4N(&wildif->bcast, INADDR_ANY);
1161 SET_PORT(&wildif->bcast, port);
1163 wildif->fd = open_socket(&wildif->sin, 0, 1, wildif);
1165 if (wildif->fd != INVALID_SOCKET) {
1167 any_interface = wildif;
1169 add_addr_to_list(&wildif->sin, wildif);
1170 add_interface(wildif);
1171 log_listen_address(wildif);
1174 "unable to bind to wildcard address %s - another process may be running - EXITING",
1175 stoa(&wildif->sin));
1178 DPRINT_INTERFACE(2, (wildif, "created ", "\n"));
1184 * add_nic_rule() -- insert a rule entry at the head of nic_rule_list.
1188 nic_rule_match match_type,
1189 const char * if_name, /* interface name or numeric address */
1191 nic_rule_action action
1195 isc_boolean_t is_ip;
1197 rule = emalloc_zero(sizeof(*rule));
1198 rule->match_type = match_type;
1199 rule->prefixlen = prefixlen;
1200 rule->action = action;
1202 if (MATCH_IFNAME == match_type) {
1203 REQUIRE(NULL != if_name);
1204 rule->if_name = estrdup(if_name);
1205 } else if (MATCH_IFADDR == match_type) {
1206 REQUIRE(NULL != if_name);
1207 /* set rule->addr */
1208 is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr);
1211 REQUIRE(NULL == if_name);
1213 LINK_SLIST(nic_rule_list, rule, next);
1220 nic_rule_action action
1228 t = "ERROR"; /* quiet uninit warning */
1229 DPRINTF(1, ("fatal: unknown nic_rule_action %d\n",
1252 static nic_rule_action
1255 sockaddr_u * if_addr,
1263 DPRINTF(4, ("interface_action: interface %s ",
1264 (if_name != NULL) ? if_name : "wildcard"));
1266 iswildcard = is_wildcard_addr(if_addr);
1267 isloopback = !!(INT_LOOPBACK & if_flags);
1270 * Find any matching NIC rule from --interface / -I or ntp.conf
1271 * interface/nic rules.
1273 for (rule = nic_rule_list; rule != NULL; rule = rule->next) {
1275 switch (rule->match_type) {
1278 /* loopback and wildcard excluded from "all" */
1279 if (isloopback || iswildcard)
1281 DPRINTF(4, ("nic all %s\n",
1282 action_text(rule->action)));
1283 return rule->action;
1286 if (IS_IPV4(if_addr)) {
1287 DPRINTF(4, ("nic ipv4 %s\n",
1288 action_text(rule->action)));
1289 return rule->action;
1294 if (IS_IPV6(if_addr)) {
1295 DPRINTF(4, ("nic ipv6 %s\n",
1296 action_text(rule->action)));
1297 return rule->action;
1301 case MATCH_WILDCARD:
1303 DPRINTF(4, ("nic wildcard %s\n",
1304 action_text(rule->action)));
1305 return rule->action;
1310 if (rule->prefixlen != -1) {
1311 if (addr_eqprefix(if_addr, &rule->addr,
1314 DPRINTF(4, ("subnet address match - %s\n",
1315 action_text(rule->action)));
1316 return rule->action;
1319 if (SOCK_EQ(if_addr, &rule->addr)) {
1321 DPRINTF(4, ("address match - %s\n",
1322 action_text(rule->action)));
1323 return rule->action;
1329 #if defined(HAVE_FNMATCH) && defined(FNM_CASEFOLD)
1330 && !fnmatch(rule->if_name, if_name, FNM_CASEFOLD)
1332 && !strcasecmp(if_name, rule->if_name)
1336 DPRINTF(4, ("interface name match - %s\n",
1337 action_text(rule->action)));
1338 return rule->action;
1345 * Unless explicitly disabled such as with "nic ignore ::1"
1346 * listen on loopback addresses. Since ntpq and ntpdc query
1347 * "localhost" by default, which typically resolves to ::1 and
1348 * 127.0.0.1, it's useful to default to listening on both.
1351 DPRINTF(4, ("default loopback listen\n"));
1352 return ACTION_LISTEN;
1356 * Treat wildcard addresses specially. If there is no explicit
1357 * "nic ... wildcard" or "nic ... 0.0.0.0" or "nic ... ::" rule
1361 DPRINTF(4, ("default wildcard drop\n"));
1366 * Check for "virtual IP" (colon in the interface name) after
1367 * the rules so that "ntpd --interface eth0:1 -novirtualips"
1368 * does indeed listen on eth0:1's addresses.
1370 if (!listen_to_virtual_ips && if_name != NULL
1371 && (strchr(if_name, ':') != NULL)) {
1373 DPRINTF(4, ("virtual ip - ignore\n"));
1374 return ACTION_IGNORE;
1378 * If there are no --interface/-I command-line options and no
1379 * interface/nic rules in ntp.conf, the default action is to
1380 * listen. In the presence of rules from either, the default
1381 * is to ignore. This implements ntpd's traditional listen-
1382 * every default with no interface listen configuration, and
1383 * ensures a single -I eth0 or "nic listen eth0" means do not
1384 * listen on any other addresses.
1386 if (NULL == nic_rule_list) {
1387 DPRINTF(4, ("default listen\n"));
1388 return ACTION_LISTEN;
1391 DPRINTF(4, ("implicit ignore\n"));
1392 return ACTION_IGNORE;
1398 isc_interface_t *isc_if,
1403 const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0,
1404 0, 0, 0, 0, 0, 0, 0, 1};
1406 strlcpy(itf->name, isc_if->name, sizeof(itf->name));
1407 itf->ifindex = isc_if->ifindex;
1408 itf->family = (u_short)isc_if->af;
1409 AF(&itf->sin) = itf->family;
1410 AF(&itf->mask) = itf->family;
1411 AF(&itf->bcast) = itf->family;
1412 SET_PORT(&itf->sin, port);
1413 SET_PORT(&itf->mask, port);
1414 SET_PORT(&itf->bcast, port);
1416 if (IS_IPV4(&itf->sin)) {
1417 NSRCADR(&itf->sin) = isc_if->address.type.in.s_addr;
1418 NSRCADR(&itf->mask) = isc_if->netmask.type.in.s_addr;
1420 if (isc_if->flags & INTERFACE_F_BROADCAST) {
1421 itf->flags |= INT_BROADCAST;
1422 NSRCADR(&itf->bcast) =
1423 isc_if->broadcast.type.in.s_addr;
1426 #ifdef INCLUDE_IPV6_SUPPORT
1427 else if (IS_IPV6(&itf->sin)) {
1428 SET_ADDR6N(&itf->sin, isc_if->address.type.in6);
1429 SET_ADDR6N(&itf->mask, isc_if->netmask.type.in6);
1431 SET_SCOPE(&itf->sin, isc_if->address.zone);
1433 #endif /* INCLUDE_IPV6_SUPPORT */
1436 /* Process the rest of the flags */
1439 ((INTERFACE_F_UP & isc_if->flags)
1441 | ((INTERFACE_F_LOOPBACK & isc_if->flags)
1443 | ((INTERFACE_F_POINTTOPOINT & isc_if->flags)
1445 | ((INTERFACE_F_MULTICAST & isc_if->flags)
1446 ? INT_MULTICAST : 0)
1447 | ((INTERFACE_F_PRIVACY & isc_if->flags)
1452 * Clear the loopback flag if the address is not localhost.
1453 * http://bugs.ntp.org/1683
1455 if (INT_LOOPBACK & itf->flags) {
1456 if (AF_INET == itf->family) {
1457 if (127 != (SRCADR(&itf->sin) >> 24))
1458 itf->flags &= ~INT_LOOPBACK;
1460 if (memcmp(v6loop, NSRCADR6(&itf->sin),
1461 sizeof(NSRCADR6(&itf->sin))))
1462 itf->flags &= ~INT_LOOPBACK;
1471 * some OSes have been observed to keep
1472 * cached routes even when more specific routes
1474 * this can be mitigated by re-binding
1479 struct interface * interface
1482 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
1483 if (interface->fd != INVALID_SOCKET) {
1484 int bcast = (interface->flags & INT_BCASTXMIT) != 0;
1485 /* as we forcibly close() the socket remove the
1486 broadcast permission indication */
1488 socket_broadcast_disable(interface, &interface->sin);
1490 close_and_delete_fd_from_list(interface->fd);
1492 /* create new socket picking up a new first hop binding
1493 at connect() time */
1494 interface->fd = open_socket(&interface->sin,
1495 bcast, 0, interface);
1497 * reset TTL indication so TTL is is set again
1500 interface->last_ttl = 0;
1501 return (interface->fd != INVALID_SOCKET);
1503 return 0; /* invalid sockets are not refreshable */
1504 #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
1505 return (interface->fd != INVALID_SOCKET);
1506 #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
1510 * interface_update - externally callable update function
1514 interface_receiver_t receiver,
1517 int new_interface_found;
1519 if (disable_dynamic_updates)
1523 new_interface_found = update_interfaces(NTP_PORT, receiver, data);
1526 if (!new_interface_found)
1530 msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver");
1532 interrupt_worker_sleep();
1537 * sau_from_netaddr() - convert network address on-wire formats.
1538 * Convert from libisc's isc_netaddr_t to NTP's sockaddr_u
1543 const isc_netaddr_t *pna
1547 AF(psau) = (u_short)pna->family;
1548 switch (pna->family) {
1551 memcpy(&psau->sa4.sin_addr, &pna->type.in,
1552 sizeof(psau->sa4.sin_addr));
1556 memcpy(&psau->sa6.sin6_addr, &pna->type.in6,
1557 sizeof(psau->sa6.sin6_addr));
1565 const sockaddr_u *psau
1568 if (IS_IPV4(psau) && !NSRCADR(psau))
1571 #ifdef INCLUDE_IPV6_SUPPORT
1572 if (IS_IPV6(psau) && S_ADDR6_EQ(psau, &in6addr_any))
1580 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
1582 * enable/disable re-use of wildcard address socket
1590 struct interface *any;
1591 SOCKET fd = INVALID_SOCKET;
1593 any = ANY_INTERFACE_BYFAM(family);
1597 if (fd != INVALID_SOCKET) {
1598 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
1599 (char *)&on, sizeof(on)))
1601 "set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m",
1604 DPRINTF(4, ("set SO_REUSEADDR to %s on %s\n",
1609 #endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */
1612 static isc_boolean_t
1619 #if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6)
1620 struct in6_ifreq ifr6;
1623 if (psau->sa.sa_family != AF_INET6)
1625 if ((fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0)
1628 memcpy(&ifr6.ifr_addr, &psau->sa6, sizeof(ifr6.ifr_addr));
1629 strlcpy(ifr6.ifr_name, name, sizeof(ifr6.ifr_name));
1630 if (ioctl(fd, SIOCGIFAFLAG_IN6, &ifr6) < 0) {
1635 if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0)
1637 #endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */
1641 static isc_boolean_t
1647 #ifdef IN6_IFF_ANYCAST
1648 return check_flags6(psau, name, IN6_IFF_ANYCAST);
1654 static isc_boolean_t
1663 #ifdef IN6_IFF_DEPARTED
1664 flags6 |= IN6_IFF_DEPARTED;
1666 #ifdef IN6_IFF_DETACHED
1667 flags6 |= IN6_IFF_DETACHED;
1669 #ifdef IN6_IFF_TENTATIVE
1670 flags6 |= IN6_IFF_TENTATIVE;
1672 return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE;
1676 * update_interface strategy
1678 * toggle configuration phase
1681 * forall currently existing interfaces
1682 * if address is known:
1683 * drop socket - rebind again
1685 * if address is NOT known:
1686 * attempt to create a new interface entry
1689 * forall currently known non MCAST and WILDCARD interfaces
1690 * if interface does not match configuration phase (not seen in phase 1):
1691 * remove interface from known interface list
1692 * forall peers associated with this interface
1693 * disconnect peer from this interface
1696 * attempt to re-assign interfaces to peers
1703 interface_receiver_t receiver,
1707 isc_mem_t * mctx = (void *)-1;
1708 interface_info_t ifi;
1709 isc_interfaceiter_t * iter;
1710 isc_result_t result;
1711 isc_interface_t isc_if;
1712 int new_interface_found;
1713 unsigned int family;
1718 DPRINTF(3, ("update_interfaces(%d)\n", port));
1721 * phase one - scan interfaces
1722 * - create those that are not found
1723 * - update those that are found
1726 new_interface_found = FALSE;
1728 result = isc_interfaceiter_create(mctx, &iter);
1730 if (result != ISC_R_SUCCESS)
1734 * Toggle system interface scan phase to find untouched
1735 * interfaces to be deleted.
1737 sys_interphase ^= 0x1;
1739 for (result = isc_interfaceiter_first(iter);
1740 ISC_R_SUCCESS == result;
1741 result = isc_interfaceiter_next(iter)) {
1743 result = isc_interfaceiter_current(iter, &isc_if);
1745 if (result != ISC_R_SUCCESS)
1748 /* See if we have a valid family to use */
1749 family = isc_if.address.family;
1750 if (AF_INET != family && AF_INET6 != family)
1752 if (AF_INET == family && !ipv4_works)
1754 if (AF_INET6 == family && !ipv6_works)
1757 /* create prototype */
1758 init_interface(&enumep);
1760 convert_isc_if(&isc_if, &enumep, port);
1762 DPRINT_INTERFACE(4, (&enumep, "examining ", "\n"));
1765 * Check if and how we are going to use the interface.
1767 switch (interface_action(enumep.name, &enumep.sin,
1771 DPRINTF(4, ("ignoring interface %s (%s) - by nic rules\n",
1772 enumep.name, stoa(&enumep.sin)));
1776 DPRINTF(4, ("listen interface %s (%s) - by nic rules\n",
1777 enumep.name, stoa(&enumep.sin)));
1778 enumep.ignore_packets = ISC_FALSE;
1782 DPRINTF(4, ("drop on interface %s (%s) - by nic rules\n",
1783 enumep.name, stoa(&enumep.sin)));
1784 enumep.ignore_packets = ISC_TRUE;
1788 /* interfaces must be UP to be usable */
1789 if (!(enumep.flags & INT_UP)) {
1790 DPRINTF(4, ("skipping interface %s (%s) - DOWN\n",
1791 enumep.name, stoa(&enumep.sin)));
1796 * skip any interfaces UP and bound to a wildcard
1797 * address - some dhcp clients produce that in the
1800 if (is_wildcard_addr(&enumep.sin))
1803 if (is_anycast(&enumep.sin, isc_if.name))
1807 * skip any address that is an invalid state to be used
1809 if (!is_valid(&enumep.sin, isc_if.name))
1813 * map to local *address* in order to map all duplicate
1814 * interfaces to an endpt structure with the appropriate
1815 * socket. Our name space is (ip-address), NOT
1816 * (interface name, ip-address).
1818 ep = getinterface(&enumep.sin, INT_WILDCARD);
1820 if (ep != NULL && refresh_interface(ep)) {
1822 * found existing and up to date interface -
1825 if (ep->phase != sys_interphase) {
1827 * On a new round we reset the name so
1828 * the interface name shows up again if
1829 * this address is no longer shared.
1830 * We reset ignore_packets from the
1831 * new prototype to respect any runtime
1832 * changes to the nic rules.
1834 strlcpy(ep->name, enumep.name,
1836 ep->ignore_packets =
1837 enumep.ignore_packets;
1839 /* name collision - rename interface */
1840 strlcpy(ep->name, "*multiple*",
1844 DPRINT_INTERFACE(4, (ep, "updating ",
1847 if (ep->ignore_packets !=
1848 enumep.ignore_packets) {
1850 * We have conflicting configurations
1851 * for the interface address. This is
1852 * caused by using -I <interfacename>
1853 * for an interface that shares its
1854 * address with other interfaces. We
1855 * can not disambiguate incoming
1856 * packets delivered to this socket
1857 * without extra syscalls/features.
1858 * These are not (commonly) available.
1859 * Note this is a more unusual
1860 * configuration where several
1861 * interfaces share an address but
1862 * filtering via interface name is
1863 * attempted. We resolve the
1864 * configuration conflict by disabling
1865 * the processing of received packets.
1866 * This leads to no service on the
1867 * interface address where the conflict
1871 "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED",
1872 enumep.name, ep->name,
1875 ep->ignore_packets = ISC_TRUE;
1878 ep->phase = sys_interphase;
1880 ifi.action = IFS_EXISTS;
1882 if (receiver != NULL)
1883 (*receiver)(data, &ifi);
1886 * This is new or refreshing failed - add to
1887 * our interface list. If refreshing failed we
1888 * will delete the interface structure in phase
1889 * 2 as the interface was not marked current.
1890 * We can bind to the address as the refresh
1891 * code already closed the offending socket
1893 ep = create_interface(port, &enumep);
1896 ifi.action = IFS_CREATED;
1898 if (receiver != NULL)
1899 (*receiver)(data, &ifi);
1901 new_interface_found = TRUE;
1904 " new - created\n"));
1907 (&enumep, "updating ",
1908 " new - creation FAILED"));
1911 "failed to init interface for address %s",
1918 isc_interfaceiter_destroy(&iter);
1921 * phase 2 - delete gone interfaces - reassigning peers to
1924 for (ep = ep_list; ep != NULL; ep = next_ep) {
1925 next_ep = ep->elink;
1928 * if phase does not match sys_phase this interface was
1929 * not enumerated during the last interface scan - so it
1930 * is gone and will be deleted here unless it did not
1931 * originate from interface enumeration (INT_WILDCARD,
1934 if (((INT_WILDCARD | INT_MCASTIF) & ep->flags) ||
1935 ep->phase == sys_interphase)
1938 DPRINT_INTERFACE(3, (ep, "updating ",
1939 "GONE - deleting\n"));
1940 remove_interface(ep);
1942 ifi.action = IFS_DELETED;
1944 if (receiver != NULL)
1945 (*receiver)(data, &ifi);
1947 /* disconnect peers from deleted endpt. */
1948 while (ep->peers != NULL)
1949 set_peerdstadr(ep->peers, NULL);
1952 * update globals in case we lose
1953 * a loopback interface
1955 if (ep == loopback_interface)
1956 loopback_interface = NULL;
1958 delete_interface(ep);
1962 * phase 3 - re-configure as the world has possibly changed
1964 * never ever make this conditional again - it is needed to track
1965 * routing updates. see bug #2506
1967 refresh_all_peerinterfaces();
1969 if (broadcast_client_enabled)
1977 * Check multicast interfaces and try to join multicast groups if
1980 for (ep = ep_list; ep != NULL; ep = ep->elink) {
1983 if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags))
1986 /* Find remote address that was linked to this interface */
1987 for (entry = remoteaddr_list;
1989 entry = entry->link) {
1990 if (entry->ep == ep) {
1991 if (socket_multicast_enable(ep, &entry->addr)) {
1993 "Joined %s socket to multicast group %s",
1995 stoa(&entry->addr));
2003 return new_interface_found;
2008 * create_sockets - create a socket for each interface plus a default
2009 * socket for when we don't know where to send
2016 #ifndef HAVE_IO_COMPLETION_PORT
2018 * I/O Completion Ports don't care about the select and FD_SET
2021 FD_ZERO(&activefds);
2024 DPRINTF(2, ("create_sockets(%d)\n", port));
2026 create_wildcards(port);
2028 update_interfaces(port, NULL, NULL);
2031 * Now that we have opened all the sockets, turn off the reuse
2032 * flag for security.
2036 DPRINTF(2, ("create_sockets: Total interfaces = %d\n", ninterfaces));
2042 * create_interface - create a new interface for a given prototype
2043 * binding the socket.
2045 static struct interface *
2048 struct interface * protot
2053 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET)
2055 remaddr_t * next_entry;
2057 DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin),
2060 /* build an interface */
2061 iface = new_interface(protot);
2066 iface->fd = open_socket(&iface->sin, 0, 0, iface);
2068 if (iface->fd != INVALID_SOCKET)
2069 log_listen_address(iface);
2071 if ((INT_BROADCAST & iface->flags)
2072 && iface->bfd != INVALID_SOCKET)
2073 msyslog(LOG_INFO, "Listening on broadcast address %s#%d",
2074 stoa((&iface->bcast)), port);
2076 if (INVALID_SOCKET == iface->fd
2077 && INVALID_SOCKET == iface->bfd) {
2078 msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d",
2081 stoa((&iface->sin)),
2083 delete_interface(iface);
2088 * Blacklist our own addresses, no use talking to ourself
2090 SET_HOSTMASK(&resmask, AF(&iface->sin));
2091 hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
2092 RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
2095 * set globals with the first found
2096 * loopback interface of the appropriate class
2098 if (NULL == loopback_interface && AF_INET == iface->family
2099 && (INT_LOOPBACK & iface->flags))
2100 loopback_interface = iface;
2103 * put into our interface list
2105 add_addr_to_list(&iface->sin, iface);
2106 add_interface(iface);
2108 #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET)
2110 * Join any previously-configured compatible multicast groups.
2112 if (INT_MULTICAST & iface->flags &&
2113 !((INT_LOOPBACK | INT_WILDCARD) & iface->flags) &&
2114 !iface->ignore_packets) {
2115 for (entry = remoteaddr_list;
2117 entry = next_entry) {
2118 next_entry = entry->link;
2119 if (AF(&iface->sin) != AF(&entry->addr) ||
2120 !IS_MCAST(&entry->addr))
2122 if (socket_multicast_enable(iface,
2125 "Joined %s socket to multicast group %s",
2127 stoa(&entry->addr));
2130 "Failed to join %s socket to multicast group %s",
2132 stoa(&entry->addr));
2135 #endif /* MCAST && MCAST_NONEWSOCKET */
2137 DPRINT_INTERFACE(2, (iface, "created ", "\n"));
2142 #ifdef SO_EXCLUSIVEADDRUSE
2154 failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
2155 (char *)&one, sizeof(one));
2162 * Prior to Windows XP setting SO_EXCLUSIVEADDRUSE can fail with
2163 * error WSAINVAL depending on service pack level and whether
2164 * the user account is in the Administrators group. Do not
2165 * complain if it fails that way on versions prior to XP (5.1).
2167 err = GetLastError();
2169 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0 /* < 5.1/XP */
2170 && WSAEINVAL == err)
2176 "setsockopt(%d, SO_EXCLUSIVEADDRUSE, on): %m",
2179 #endif /* SO_EXCLUSIVEADDRUSE */
2183 * set_reuseaddr() - set/clear REUSEADDR on all sockets
2184 * NB possible hole - should we be doing this on broadcast
2192 #ifndef SO_EXCLUSIVEADDRUSE
2195 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2196 if (ep->flags & INT_WILDCARD)
2200 * if ep->fd is INVALID_SOCKET, we might have a adapter
2201 * configured but not present
2203 DPRINTF(4, ("setting SO_REUSEADDR on %.16s@%s to %s\n",
2204 ep->name, stoa(&ep->sin),
2205 flag ? "on" : "off"));
2207 if (ep->fd != INVALID_SOCKET) {
2208 if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR,
2209 (char *)&flag, sizeof(flag))) {
2210 msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m",
2211 stoa(&ep->sin), flag ? "on" : "off");
2215 #endif /* ! SO_EXCLUSIVEADDRUSE */
2219 * This is just a wrapper around an internal function so we can
2220 * make other changes as necessary later on
2224 struct interface * iface,
2228 #ifdef OPEN_BCAST_SOCKET
2229 socket_broadcast_enable(iface, iface->fd, baddr);
2233 #ifdef OPEN_BCAST_SOCKET
2235 * Enable a broadcast address to a given socket
2236 * The socket is in the ep_list all we need to do is enable
2237 * broadcasting. It is not this function's job to select the socket
2239 static isc_boolean_t
2240 socket_broadcast_enable(
2241 struct interface * iface,
2249 if (IS_IPV4(baddr)) {
2250 /* if this interface can support broadcast, set SO_BROADCAST */
2251 if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST,
2252 (char *)&on, sizeof(on)))
2254 "setsockopt(SO_BROADCAST) enable failure on address %s: %m",
2257 DPRINTF(2, ("Broadcast enabled on socket %d for address %s\n",
2260 iface->flags |= INT_BCASTXMIT;
2264 #endif /* SO_BROADCAST */
2267 #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
2269 * Remove a broadcast address from a given socket
2270 * The socket is in the ep_list all we need to do is disable
2271 * broadcasting. It is not this function's job to select the socket
2273 static isc_boolean_t
2274 socket_broadcast_disable(
2275 struct interface * iface,
2280 int off = 0; /* This seems to be OK as an int */
2282 if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET,
2283 SO_BROADCAST, (char *)&off, sizeof(off)))
2285 "setsockopt(SO_BROADCAST) disable failure on address %s: %m",
2288 iface->flags &= ~INT_BCASTXMIT;
2292 #endif /* SO_BROADCAST */
2294 #endif /* OS_MISSES_SPECIFIC_ROUTE_UPDATES */
2296 #endif /* OPEN_BCAST_SOCKET */
2299 * return the broadcast client flag value
2302 get_broadcastclient_flag(void)
2304 return (broadcast_client_enabled);
2308 * Check to see if the address is a multicast address
2310 static isc_boolean_t
2315 isc_boolean_t result;
2317 #ifndef INCLUDE_IPV6_MULTICAST_SUPPORT
2319 * If we don't have IPV6 support any IPV6 addr is not multicast
2325 result = IS_MCAST(maddr);
2328 DPRINTF(4, ("address %s is not multicast\n",
2335 * Multicast servers need to set the appropriate Multicast interface
2336 * socket option in order for it to know which interface to use for
2337 * send the multicast packet.
2340 enable_multicast_if(
2341 struct interface * iface,
2346 #ifdef IP_MULTICAST_LOOP
2347 TYPEOF_IP_MULTICAST_LOOP off = 0;
2349 #if defined(INCLUDE_IPV6_MULTICAST_SUPPORT) && defined(IPV6_MULTICAST_LOOP)
2353 REQUIRE(AF(maddr) == AF(&iface->sin));
2355 switch (AF(&iface->sin)) {
2358 #ifdef IP_MULTICAST_LOOP
2360 * Don't send back to itself, but allow failure to set
2362 if (setsockopt(iface->fd, IPPROTO_IP,
2364 SETSOCKOPT_ARG_CAST &off,
2368 "setsockopt IP_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
2369 iface->fd, stoa(&iface->sin),
2376 #ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2377 #ifdef IPV6_MULTICAST_LOOP
2379 * Don't send back to itself, but allow failure to set
2381 if (setsockopt(iface->fd, IPPROTO_IPV6,
2382 IPV6_MULTICAST_LOOP,
2383 (char *) &off6, sizeof(off6))) {
2386 "setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
2387 iface->fd, stoa(&iface->sin),
2394 #endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2401 * Add a multicast address to a given socket
2402 * The socket is in the ep_list all we need to do is enable
2403 * multicasting. It is not this function's job to select the socket
2406 static isc_boolean_t
2407 socket_multicast_enable(
2412 struct ip_mreq mreq;
2413 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2414 struct ipv6_mreq mreq6;
2416 switch (AF(maddr)) {
2420 mreq.imr_multiaddr = SOCK_ADDR4(maddr);
2421 mreq.imr_interface.s_addr = htonl(INADDR_ANY);
2422 if (setsockopt(iface->fd,
2428 "setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2429 iface->fd, stoa(&iface->sin),
2430 mreq.imr_multiaddr.s_addr,
2431 mreq.imr_interface.s_addr,
2435 DPRINTF(4, ("Added IPv4 multicast membership on socket %d, addr %s for %x / %x (%s)\n",
2436 iface->fd, stoa(&iface->sin),
2437 mreq.imr_multiaddr.s_addr,
2438 mreq.imr_interface.s_addr, stoa(maddr)));
2442 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2444 * Enable reception of multicast packets.
2445 * If the address is link-local we can get the
2446 * interface index from the scope id. Don't do this
2447 * for other types of multicast addresses. For now let
2448 * the kernel figure it out.
2451 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2452 mreq6.ipv6mr_interface = iface->ifindex;
2454 if (setsockopt(iface->fd, IPPROTO_IPV6,
2455 IPV6_JOIN_GROUP, (char *)&mreq6,
2458 "setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
2459 iface->fd, stoa(&iface->sin),
2460 mreq6.ipv6mr_interface, stoa(maddr)));
2463 DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n",
2464 iface->fd, stoa(&iface->sin),
2465 mreq6.ipv6mr_interface, stoa(maddr)));
2468 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2470 iface->flags |= INT_MCASTOPEN;
2479 * Remove a multicast address from a given socket
2480 * The socket is in the ep_list all we need to do is disable
2481 * multicasting. It is not this function's job to select the socket
2484 static isc_boolean_t
2485 socket_multicast_disable(
2486 struct interface * iface,
2490 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2491 struct ipv6_mreq mreq6;
2493 struct ip_mreq mreq;
2497 if (find_addr_in_list(maddr) == NULL) {
2498 DPRINTF(4, ("socket_multicast_disable(%s): not found\n",
2503 switch (AF(maddr)) {
2506 mreq.imr_multiaddr = SOCK_ADDR4(maddr);
2507 mreq.imr_interface = SOCK_ADDR4(&iface->sin);
2508 if (setsockopt(iface->fd, IPPROTO_IP,
2509 IP_DROP_MEMBERSHIP, (char *)&mreq,
2513 "setsockopt IP_DROP_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
2514 iface->fd, stoa(&iface->sin),
2515 SRCADR(maddr), SRCADR(&iface->sin),
2521 # ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
2523 * Disable reception of multicast packets
2524 * If the address is link-local we can get the
2525 * interface index from the scope id. Don't do this
2526 * for other types of multicast addresses. For now let
2527 * the kernel figure it out.
2529 mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr);
2530 mreq6.ipv6mr_interface = iface->ifindex;
2532 if (setsockopt(iface->fd, IPPROTO_IPV6,
2533 IPV6_LEAVE_GROUP, (char *)&mreq6,
2537 "setsockopt IPV6_LEAVE_GROUP failure: %m on socket %d, addr %s for %d (%s)",
2538 iface->fd, stoa(&iface->sin),
2539 iface->ifindex, stoa(maddr));
2545 # endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
2549 if (!iface->num_mcast)
2550 iface->flags &= ~INT_MCASTOPEN;
2557 * io_setbclient - open the broadcast client sockets
2562 #ifdef OPEN_BCAST_SOCKET
2563 struct interface * interf;
2569 for (interf = ep_list;
2571 interf = interf->elink) {
2573 if (interf->flags & (INT_WILDCARD | INT_LOOPBACK))
2576 /* use only allowed addresses */
2577 if (interf->ignore_packets)
2580 /* Need a broadcast-capable interface */
2581 if (!(interf->flags & INT_BROADCAST))
2584 /* Only IPv4 addresses are valid for broadcast */
2585 REQUIRE(IS_IPV4(&interf->bcast));
2587 /* Do we already have the broadcast address open? */
2588 if (interf->flags & INT_BCASTOPEN) {
2590 * account for already open interfaces to avoid
2591 * misleading warning below
2598 * Try to open the broadcast address
2600 interf->family = AF_INET;
2601 interf->bfd = open_socket(&interf->bcast, 1, 0, interf);
2604 * If we succeeded then we use it otherwise enable
2605 * broadcast on the interface address
2607 if (interf->bfd != INVALID_SOCKET) {
2609 interf->flags |= INT_BCASTOPEN;
2611 "Listen for broadcasts to %s on interface #%d %s",
2612 stoa(&interf->bcast), interf->ifnum, interf->name);
2613 } else switch (errno) {
2614 /* Silently ignore EADDRINUSE as we probably
2615 * opened the socket already for an address in
2616 * the same network */
2618 /* Some systems cannot bind a socket to a broadcast
2619 * address, as that is not a valid host address. */
2621 # ifdef SYS_WINNT /*TODO: use for other systems, too? */
2622 /* avoid recurrence here -- if we already have a
2623 * regular socket, it's quite useless to try this
2626 if (interf->fd != INVALID_SOCKET) {
2627 interf->flags |= INT_BCASTOPEN;
2635 "failed to listen for broadcasts to %s on interface #%d %s",
2636 stoa(&interf->bcast), interf->ifnum, interf->name);
2642 broadcast_client_enabled = ISC_TRUE;
2643 DPRINTF(1, ("io_setbclient: listening to %d broadcast addresses\n", nif));
2646 broadcast_client_enabled = ISC_FALSE;
2648 "Unable to listen for broadcasts, no broadcast interfaces available");
2652 "io_setbclient: Broadcast Client disabled by build");
2653 #endif /* OPEN_BCAST_SOCKET */
2657 * io_unsetbclient - close the broadcast client sockets
2660 io_unsetbclient(void)
2664 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2665 if (INT_WILDCARD & ep->flags)
2667 if (!(INT_BCASTOPEN & ep->flags))
2670 if (ep->bfd != INVALID_SOCKET) {
2671 /* destroy broadcast listening socket */
2673 "stop listening for broadcasts to %s on interface #%d %s",
2674 stoa(&ep->bcast), ep->ifnum, ep->name);
2675 # ifdef HAVE_IO_COMPLETION_PORT
2676 io_completion_port_remove_socket(ep->bfd, ep);
2678 close_and_delete_fd_from_list(ep->bfd);
2679 ep->bfd = INVALID_SOCKET;
2681 ep->flags &= ~INT_BCASTOPEN;
2683 broadcast_client_enabled = ISC_FALSE;
2687 * io_multicast_add() - add multicast group address
2699 * Check to see if this is a multicast address
2701 if (!addr_ismulticast(addr))
2704 /* If we already have it we can just return */
2705 if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) {
2707 "Duplicate request found for multicast address %s",
2712 # ifndef MULTICAST_NONEWSOCKET
2713 ep = new_interface(NULL);
2716 * Open a new socket for the multicast address
2719 SET_PORT(&ep->sin, NTP_PORT);
2720 ep->family = AF(&ep->sin);
2721 AF(&ep->mask) = ep->family;
2722 SET_ONESMASK(&ep->mask);
2725 ep->bfd = INVALID_SOCKET;
2726 ep->fd = open_socket(&ep->sin, 0, 0, ep);
2727 if (ep->fd != INVALID_SOCKET) {
2728 ep->ignore_packets = ISC_FALSE;
2729 ep->flags |= INT_MCASTIF;
2731 strlcpy(ep->name, "multicast", sizeof(ep->name));
2732 DPRINT_INTERFACE(2, (ep, "multicast add ", "\n"));
2734 log_listen_address(ep);
2736 /* bind failed, re-use wildcard interface */
2737 delete_interface(ep);
2741 else if (IS_IPV6(addr))
2747 /* HACK ! -- stuff in an address */
2748 /* because we don't bind addr? DH */
2751 "multicast address %s using wildcard interface #%d %s",
2752 stoa(addr), ep->ifnum, ep->name);
2755 "No multicast socket available to use for address %s",
2760 { /* in place of the { following for in #else clause */
2762 # else /* MULTICAST_NONEWSOCKET follows */
2764 * For the case where we can't use a separate socket (Windows)
2765 * join each applicable endpoint socket to the group address.
2771 for (ep = ep_list; ep != NULL; ep = ep->elink) {
2772 if (ep->ignore_packets || AF(&ep->sin) != AF(addr) ||
2773 !(INT_MULTICAST & ep->flags) ||
2774 (INT_LOOPBACK | INT_WILDCARD) & ep->flags)
2777 # endif /* MULTICAST_NONEWSOCKET */
2778 if (socket_multicast_enable(ep, addr))
2780 "Joined %s socket to multicast group %s",
2785 add_addr_to_list(addr, one_ep);
2786 #else /* !MCAST follows*/
2788 "Can not add multicast address %s: no multicast support",
2796 * io_multicast_del() - delete multicast group address
2807 * Check to see if this is a multicast address
2809 if (!addr_ismulticast(addr)) {
2810 msyslog(LOG_ERR, "invalid multicast address %s",
2816 * Disable reception of multicast packets
2818 while ((iface = find_flagged_addr_in_list(addr, INT_MCASTOPEN))
2820 socket_multicast_disable(iface, addr);
2822 delete_addr_from_list(addr);
2824 #else /* not MCAST */
2826 "Can not delete multicast address %s: no multicast support",
2828 #endif /* not MCAST */
2833 * open_socket - open a socket, returning the file descriptor
2847 * int is OK for REUSEADR per
2848 * http://www.kohala.com/start/mcast.api.txt
2853 if (IS_IPV6(addr) && !ipv6_works)
2854 return INVALID_SOCKET;
2856 /* create a datagram (UDP) socket */
2857 fd = socket(AF(addr), SOCK_DGRAM, 0);
2858 if (INVALID_SOCKET == fd) {
2859 errval = socket_errno();
2861 "socket(AF_INET%s, SOCK_DGRAM, 0) failed on address %s: %m",
2862 IS_IPV6(addr) ? "6" : "", stoa(addr));
2864 if (errval == EPROTONOSUPPORT ||
2865 errval == EAFNOSUPPORT ||
2866 errval == EPFNOSUPPORT)
2867 return (INVALID_SOCKET);
2871 "unexpected socket() error %m code %d (not EPROTONOSUPPORT nor EAFNOSUPPORT nor EPFNOSUPPORT) - exiting",
2877 connection_reset_fix(fd, addr);
2880 * Fixup the file descriptor for some systems
2881 * See bug #530 for details of the issue.
2886 * set SO_REUSEADDR since we will be binding the same port
2887 * number on each interface according to turn_off_reuse.
2888 * This is undesirable on Windows versions starting with
2889 * Windows XP (numeric version 5.1).
2892 if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */
2894 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
2895 (char *)((turn_off_reuse)
2901 "setsockopt SO_REUSEADDR %s fails for address %s: %m",
2907 return INVALID_SOCKET;
2909 #ifdef SO_EXCLUSIVEADDRUSE
2911 * setting SO_EXCLUSIVEADDRUSE on the wildcard we open
2912 * first will cause more specific binds to fail.
2914 if (!(interf->flags & INT_WILDCARD))
2915 set_excladdruse(fd);
2919 * IPv4 specific options go here
2921 if (IS_IPV4(addr)) {
2922 #if defined(IPPROTO_IP) && defined(IP_TOS)
2923 if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos,
2926 "setsockopt IP_TOS (%02x) fails on address %s: %m",
2928 #endif /* IPPROTO_IP && IP_TOS */
2930 socket_broadcast_enable(interf, fd, addr);
2934 * IPv6 specific options go here
2936 if (IS_IPV6(addr)) {
2937 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
2938 if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos,
2941 "setsockopt IPV6_TCLASS (%02x) fails on address %s: %m",
2943 #endif /* IPPROTO_IPV6 && IPV6_TCLASS */
2945 if (isc_net_probe_ipv6only() == ISC_R_SUCCESS
2946 && setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
2947 (char*)&on, sizeof(on)))
2949 "setsockopt IPV6_V6ONLY on fails on address %s: %m",
2952 #ifdef IPV6_BINDV6ONLY
2953 if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY,
2954 (char*)&on, sizeof(on)))
2956 "setsockopt IPV6_BINDV6ONLY on fails on address %s: %m",
2961 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
2963 * some OSes don't allow binding to more specific
2964 * addresses if a wildcard address already bound
2965 * to the port and SO_REUSEADDR is not set
2967 if (!is_wildcard_addr(addr))
2968 set_wildcard_reuse(AF(addr), 1);
2972 * bind the local address.
2974 errval = bind(fd, &addr->sa, SOCKLEN(addr));
2976 #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND
2977 if (!is_wildcard_addr(addr))
2978 set_wildcard_reuse(AF(addr), 0);
2983 * Don't log this under all conditions
2985 if (turn_off_reuse == 0
2991 "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m",
2992 fd, IS_IPV6(addr) ? "6" : "",
2993 stoa(addr), SRCPORT(addr),
2994 IS_MCAST(addr) ? " (multicast)" : "",
3000 return INVALID_SOCKET;
3003 #ifdef HAVE_TIMESTAMP
3005 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP,
3006 (char*)&on, sizeof(on)))
3008 "setsockopt SO_TIMESTAMP on fails on address %s: %m",
3011 DPRINTF(4, ("setsockopt SO_TIMESTAMP enabled on fd %d address %s\n",
3015 #ifdef HAVE_TIMESTAMPNS
3017 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS,
3018 (char*)&on, sizeof(on)))
3020 "setsockopt SO_TIMESTAMPNS on fails on address %s: %m",
3023 DPRINTF(4, ("setsockopt SO_TIMESTAMPNS enabled on fd %d address %s\n",
3029 if (setsockopt(fd, SOL_SOCKET, SO_BINTIME,
3030 (char*)&on, sizeof(on)))
3032 "setsockopt SO_BINTIME on fails on address %s: %m",
3035 DPRINTF(4, ("setsockopt SO_BINTIME enabled on fd %d address %s\n",
3040 DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n",
3041 fd, IS_IPV6(addr) ? "6" : "", stoa(addr),
3042 SCOPE(addr), SRCPORT(addr), interf->flags));
3044 make_socket_nonblocking(fd);
3046 #ifdef HAVE_SIGNALED_IO
3047 init_socket_sig(fd);
3048 #endif /* not HAVE_SIGNALED_IO */
3050 add_fd_to_list(fd, FD_TYPE_SOCKET);
3052 #if !defined(SYS_WINNT) && !defined(VMS)
3053 DPRINTF(4, ("flags for fd %d: 0x%x\n", fd,
3054 fcntl(fd, F_GETFL, 0)));
3055 #endif /* SYS_WINNT || VMS */
3057 #if defined(HAVE_IO_COMPLETION_PORT)
3059 * Add the socket to the completion port
3061 if (!io_completion_port_add_socket(fd, interf, bcast)) {
3062 msyslog(LOG_ERR, "unable to set up io completion port - EXITING");
3071 /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */
3073 * sendpkt - send a packet to the specified destination. Maintain a
3074 * send error cache so that only the first consecutive error for a
3075 * destination is logged.
3080 struct interface * ep,
3092 ismcast = IS_MCAST(dest);
3096 src = (IS_IPV4(dest))
3102 * unbound peer - drop request and wait for better
3103 * network conditions
3105 DPRINTF(2, ("%ssendpkt(dst=%s, ttl=%d, len=%d): no interface - IGNORED\n",
3106 ismcast ? "\tMCAST\t***** " : "",
3107 stoa(dest), ttl, len));
3112 DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n",
3113 ismcast ? "\tMCAST\t***** " : "", src->fd,
3114 stoa(dest), stoa(&src->sin), ttl, len));
3117 * for the moment we use the bcast option to set multicast ttl
3119 if (ismcast && ttl > 0 && ttl != src->last_ttl) {
3121 * set the multicast ttl for outgoing packets
3123 switch (AF(&src->sin)) {
3127 rc = setsockopt(src->fd, IPPROTO_IP,
3133 # ifdef INCLUDE_IPV6_SUPPORT
3135 rc = setsockopt(src->fd, IPPROTO_IPV6,
3136 IPV6_MULTICAST_HOPS,
3140 # endif /* INCLUDE_IPV6_SUPPORT */
3147 src->last_ttl = ttl;
3150 "setsockopt IP_MULTICAST_TTL/IPV6_MULTICAST_HOPS fails on address %s: %m",
3156 cc = simulate_server(dest, src, pkt);
3157 #elif defined(HAVE_IO_COMPLETION_PORT)
3158 cc = io_completion_port_sendto(src, src->fd, pkt,
3159 (size_t)len, (sockaddr_u *)&dest->sa);
3161 cc = sendto(src->fd, (char *)pkt, (u_int)len, 0,
3162 &dest->sa, SOCKLEN(dest));
3173 } while (ismcast && src != NULL);
3177 #if !defined(HAVE_IO_COMPLETION_PORT)
3178 #if !defined(HAVE_SIGNALED_IO)
3180 * fdbits - generate ascii representation of fd_set (FAU debug support)
3181 * HFDF format - highest fd first.
3189 static char buffer[256];
3190 char * buf = buffer;
3192 count = min(count, 255);
3194 while (count >= 0) {
3195 *buf++ = FD_ISSET(count, set) ? '#' : '-';
3206 * Routine to read the refclock packets for a specific interface
3207 * Return the number of bytes read. That way we know if we should
3208 * read it again or go on to the next one if no bytes returned
3211 read_refclock_packet(
3213 struct refclockio * rp,
3221 struct recvbuf * rb;
3223 rb = get_free_recv_buffer();
3227 * No buffer space available - just drop the packet
3229 char buf[RX_BUFF_SIZE];
3231 buflen = read(fd, buf, sizeof buf);
3236 /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
3237 * to buffer overrun and memory corruption
3239 if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space))
3240 read_count = sizeof(rb->recv_space);
3242 read_count = (u_int)rp->datalen;
3244 buflen = read(fd, (char *)&rb->recv_space, read_count);
3245 } while (buflen < 0 && EINTR == errno);
3248 saved_errno = errno;
3250 errno = saved_errno;
3255 * Got one. Mark how and when it got here,
3256 * put it on the full list and do bookkeeping.
3258 rb->recv_length = buflen;
3259 rb->recv_peer = rp->srcclock;
3263 rb->receiver = rp->clock_recv;
3265 consumed = indicate_refclock_packet(rp, rb);
3273 #endif /* REFCLOCK */
3276 #ifdef HAVE_PACKET_TIMESTAMP
3278 * extract timestamps from control message buffer
3282 struct recvbuf * rb,
3283 struct msghdr * msghdr,
3287 struct cmsghdr * cmsghdr;
3289 struct bintime * btp;
3291 #ifdef HAVE_TIMESTAMPNS
3292 struct timespec * tsp;
3294 #ifdef HAVE_TIMESTAMP
3295 struct timeval * tvp;
3297 unsigned long ticks;
3305 cmsghdr = CMSG_FIRSTHDR(msghdr);
3306 while (cmsghdr != NULL) {
3307 switch (cmsghdr->cmsg_type)
3311 #endif /* HAVE_BINTIME */
3312 #ifdef HAVE_TIMESTAMPNS
3313 case SCM_TIMESTAMPNS:
3314 #endif /* HAVE_TIMESTAMPNS */
3315 #ifdef HAVE_TIMESTAMP
3317 #endif /* HAVE_TIMESTAMP */
3318 #if defined(HAVE_BINTIME) || defined (HAVE_TIMESTAMPNS) || defined(HAVE_TIMESTAMP)
3319 switch (cmsghdr->cmsg_type)
3323 btp = (struct bintime *)CMSG_DATA(cmsghdr);
3325 * bintime documentation is at http://phk.freebsd.dk/pubs/timecounter.pdf
3327 nts.l_i = btp->sec + JAN_1970;
3328 nts.l_uf = (u_int32)(btp->frac >> 32);
3329 if (sys_tick > measured_tick &&
3331 ticks = (unsigned long)(nts.l_uf / (unsigned long)(sys_tick * FRAC));
3332 nts.l_uf = (unsigned long)(ticks * (unsigned long)(sys_tick * FRAC));
3334 DPRINTF(4, ("fetch_timestamp: system bintime network time stamp: %ld.%09lu\n",
3335 btp->sec, (unsigned long)((nts.l_uf / FRAC) * 1e9)));
3337 #endif /* HAVE_BINTIME */
3338 #ifdef HAVE_TIMESTAMPNS
3339 case SCM_TIMESTAMPNS:
3340 tsp = UA_PTR(struct timespec, CMSG_DATA(cmsghdr));
3341 if (sys_tick > measured_tick &&
3343 ticks = (unsigned long)((tsp->tv_nsec * 1e-9) /
3345 tsp->tv_nsec = (long)(ticks * 1e9 *
3348 DPRINTF(4, ("fetch_timestamp: system nsec network time stamp: %ld.%09ld\n",
3349 tsp->tv_sec, tsp->tv_nsec));
3350 nts = tspec_stamp_to_lfp(*tsp);
3352 #endif /* HAVE_TIMESTAMPNS */
3353 #ifdef HAVE_TIMESTAMP
3355 tvp = (struct timeval *)CMSG_DATA(cmsghdr);
3356 if (sys_tick > measured_tick &&
3358 ticks = (unsigned long)((tvp->tv_usec * 1e-6) /
3360 tvp->tv_usec = (long)(ticks * 1e6 *
3363 DPRINTF(4, ("fetch_timestamp: system usec network time stamp: %jd.%06ld\n",
3364 (intmax_t)tvp->tv_sec, (long)tvp->tv_usec));
3365 nts = tval_stamp_to_lfp(*tvp);
3367 #endif /* HAVE_TIMESTAMP */
3369 fuzz = ntp_random() * 2. / FRAC * sys_fuzz;
3370 DTOLFP(fuzz, &lfpfuzz);
3371 L_ADD(&nts, &lfpfuzz);
3375 collect_timing(rb, "input processing delay", 1,
3377 DPRINTF(4, ("fetch_timestamp: timestamp delta: %s (incl. fuzz)\n",
3379 #endif /* DEBUG_TIMING */
3380 ts = nts; /* network time stamp */
3382 #endif /* HAVE_BINTIME || HAVE_TIMESTAMPNS || HAVE_TIMESTAMP */
3385 DPRINTF(4, ("fetch_timestamp: skipping control message 0x%x\n",
3386 cmsghdr->cmsg_type));
3388 cmsghdr = CMSG_NXTHDR(msghdr, cmsghdr);
3392 #endif /* HAVE_PACKET_TIMESTAMP */
3396 * Routine to read the network NTP packets for a specific interface
3397 * Return the number of bytes read. That way we know if we should
3398 * read it again or go on to the next one if no bytes returned
3401 read_network_packet(
3403 struct interface * itf,
3407 GETSOCKNAME_SOCKLEN_TYPE fromlen;
3409 register struct recvbuf *rb;
3410 #ifdef HAVE_PACKET_TIMESTAMP
3411 struct msghdr msghdr;
3413 char control[CMSG_BUFSIZE];
3417 * Get a buffer and read the frame. If we
3418 * haven't got a buffer, or this is received
3419 * on a disallowed socket, just dump the
3423 rb = get_free_recv_buffer();
3424 if (NULL == rb || itf->ignore_packets) {
3425 char buf[RX_BUFF_SIZE];
3431 fromlen = sizeof(from);
3432 buflen = recvfrom(fd, buf, sizeof(buf), 0,
3433 &from.sa, &fromlen);
3434 DPRINTF(4, ("%s on (%lu) fd=%d from %s\n",
3435 (itf->ignore_packets)
3438 free_recvbuffs(), fd, stoa(&from)));
3439 if (itf->ignore_packets)
3446 fromlen = sizeof(rb->recv_srcadr);
3448 #ifndef HAVE_PACKET_TIMESTAMP
3449 rb->recv_length = recvfrom(fd, (char *)&rb->recv_space,
3450 sizeof(rb->recv_space), 0,
3451 &rb->recv_srcadr.sa, &fromlen);
3453 iovec.iov_base = &rb->recv_space;
3454 iovec.iov_len = sizeof(rb->recv_space);
3455 msghdr.msg_name = &rb->recv_srcadr;
3456 msghdr.msg_namelen = fromlen;
3457 msghdr.msg_iov = &iovec;
3458 msghdr.msg_iovlen = 1;
3459 msghdr.msg_control = (void *)&control;
3460 msghdr.msg_controllen = sizeof(control);
3461 msghdr.msg_flags = 0;
3462 rb->recv_length = recvmsg(fd, &msghdr, 0);
3465 buflen = rb->recv_length;
3467 if (buflen == 0 || (buflen == -1 &&
3468 (EWOULDBLOCK == errno
3475 } else if (buflen < 0) {
3476 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: %m",
3477 stoa(&rb->recv_srcadr), fd);
3478 DPRINTF(5, ("read_network_packet: fd=%d dropped (bad recvfrom)\n",
3484 DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n",
3485 fd, buflen, stoa(&rb->recv_srcadr)));
3487 #ifdef ENABLE_BUG3020_FIX
3488 if (ISREFCLOCKADR(&rb->recv_srcadr)) {
3489 msyslog(LOG_ERR, "recvfrom(%s) fd=%d: refclock srcadr on a network interface!",
3490 stoa(&rb->recv_srcadr), fd);
3491 DPRINTF(1, ("read_network_packet: fd=%d dropped (refclock srcadr))\n",
3500 ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1
3503 if (AF_INET6 == itf->family) {
3504 DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n",
3505 stoa(&rb->recv_srcadr),
3506 IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)),
3508 !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
3511 if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr))
3512 && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin))
3515 DPRINTF(2, ("DROPPING that packet\n"));
3519 DPRINTF(2, ("processing that packet\n"));
3523 * Got one. Mark how and when it got here,
3524 * put it on the full list and do bookkeeping.
3528 #ifdef HAVE_PACKET_TIMESTAMP
3529 /* pick up a network time stamp if possible */
3530 ts = fetch_timestamp(rb, &msghdr, ts);
3533 rb->receiver = receive;
3535 add_full_recv_buffer(rb);
3543 * attempt to handle io (select()/signaled IO)
3548 # ifndef HAVE_SIGNALED_IO
3553 * Use select() on all on all input fd's for unlimited
3554 * time. select() will terminate on SIGALARM or on the
3555 * reception of input. Using select() means we can't do
3556 * robust signal handling and we get a potential race
3557 * between checking for alarms and doing the select().
3558 * Mostly harmless, I think.
3561 * On VMS, I suspect that select() can't be interrupted
3562 * by a "signal" either, so I take the easy way out and
3563 * have select() time out after one second.
3564 * System clock updates really aren't time-critical,
3565 * and - lacking a hardware reference clock - I have
3566 * yet to learn about anything else that is.
3570 # if !defined(VMS) && !defined(SYS_VXWORKS)
3571 nfound = select(maxactivefd + 1, &rdfdes, NULL,
3573 # else /* VMS, VxWorks */
3574 /* make select() wake up after one second */
3579 nfound = select(maxactivefd + 1,
3580 &rdfdes, NULL, NULL,
3583 # endif /* VMS, VxWorks */
3584 if (nfound < 0 && sanitize_fdset(errno)) {
3589 nfound = select(maxactivefd + 1,
3590 &rdfdes, NULL, NULL,
3599 input_handler_scan(&ts, &rdfdes);
3600 } else if (nfound == -1 && errno != EINTR) {
3601 msyslog(LOG_ERR, "select() error: %m");
3604 else if (debug > 4) {
3605 msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
3607 DPRINTF(3, ("select() returned %d: %m\n", nfound));
3610 # else /* HAVE_SIGNALED_IO */
3612 # endif /* HAVE_SIGNALED_IO */
3615 #ifdef HAVE_SIGNALED_IO
3617 * input_handler - receive packets asynchronously
3619 * ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed!
3627 struct timeval tvzero;
3633 * Do a poll to see who has data
3637 tvzero.tv_sec = tvzero.tv_usec = 0;
3639 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
3640 if (n < 0 && sanitize_fdset(errno)) {
3642 tvzero.tv_sec = tvzero.tv_usec = 0;
3643 n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
3646 input_handler_scan(cts, &fds);
3648 #endif /* HAVE_SIGNALED_IO */
3652 * Try to sanitize the global FD set
3654 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
3663 # ifndef HAVE_SIGNALED_IO
3665 * extended FAU debugging output
3667 if (errc != EINTR) {
3669 "select(%d, %s, 0L, 0L, &0.0) error: %m",
3671 fdbits(maxactivefd, &activefds));
3678 /* if we have oviously bad FDs, try to sanitize the FD set. */
3679 for (j = 0, maxscan = 0; j <= maxactivefd; j++) {
3680 if (FD_ISSET(j, &activefds)) {
3681 if (-1 != read(j, &b, 0)) {
3685 # ifndef HAVE_SIGNALED_IO
3687 "Removing bad file descriptor %d from select set",
3690 FD_CLR(j, &activefds);
3693 if (maxactivefd != maxscan)
3694 maxactivefd = maxscan;
3699 * scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'.
3701 * SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
3714 l_fp ts; /* Timestamp at BOselect() gob */
3716 #if defined(DEBUG_TIMING)
3717 l_fp ts_e; /* Timestamp at EOselect() gob */
3721 struct refclockio *rp;
3725 #ifdef HAS_ROUTING_SOCKET
3726 struct asyncio_reader * asyncio_reader;
3727 struct asyncio_reader * next_asyncio_reader;
3735 * Check out the reference clocks first, if any
3738 for (rp = refio; rp != NULL; rp = rp->next) {
3741 if (!FD_ISSET(fd, pfds))
3743 buflen = read_refclock_packet(fd, rp, ts);
3745 * The first read must succeed after select() indicates
3746 * readability, or we've reached a permanent EOF.
3747 * http://bugs.ntp.org/1732 reported ntpd munching CPU
3748 * after a USB GPS was unplugged because select was
3749 * indicating EOF but ntpd didn't remove the descriptor
3750 * from the activefds set.
3752 if (buflen < 0 && EAGAIN != errno) {
3753 saved_errno = errno;
3754 clk = refnumtoa(&rp->srcclock->srcadr);
3755 errno = saved_errno;
3756 msyslog(LOG_ERR, "%s read: %m", clk);
3757 maintain_activefds(fd, TRUE);
3758 } else if (0 == buflen) {
3759 clk = refnumtoa(&rp->srcclock->srcadr);
3760 msyslog(LOG_ERR, "%s read EOF", clk);
3761 maintain_activefds(fd, TRUE);
3763 /* drain any remaining refclock input */
3765 buflen = read_refclock_packet(fd, rp, ts);
3766 } while (buflen > 0);
3769 #endif /* REFCLOCK */
3772 * Loop through the interfaces looking for data to read.
3774 for (ep = ep_list; ep != NULL; ep = ep->elink) {
3775 for (doing = 0; doing < 2; doing++) {
3779 if (!(ep->flags & INT_BCASTOPEN))
3785 if (FD_ISSET(fd, pfds))
3787 buflen = read_network_packet(
3789 } while (buflen > 0);
3790 /* Check more interfaces */
3794 #ifdef HAS_ROUTING_SOCKET
3796 * scan list of asyncio readers - currently only used for routing sockets
3798 asyncio_reader = asyncio_reader_list;
3800 while (asyncio_reader != NULL) {
3801 /* callback may unlink and free asyncio_reader */
3802 next_asyncio_reader = asyncio_reader->link;
3803 if (FD_ISSET(asyncio_reader->fd, pfds))
3804 (*asyncio_reader->receiver)(asyncio_reader);
3805 asyncio_reader = next_asyncio_reader;
3807 #endif /* HAS_ROUTING_SOCKET */
3810 * Check for a response from a blocking child
3812 for (idx = 0; idx < blocking_children_alloc; idx++) {
3813 c = blocking_children[idx];
3814 if (NULL == c || -1 == c->resp_read_pipe)
3816 if (FD_ISSET(c->resp_read_pipe, pfds)) {
3817 ++c->resp_ready_seen;
3818 ++blocking_child_ready_seen;
3822 /* We've done our work */
3823 #if defined(DEBUG_TIMING)
3826 * (ts_e - ts) is the amount of time we spent
3827 * processing this gob of file descriptors. Log
3831 collect_timing(NULL, "input handler", 1, &ts_e);
3834 "input_handler: Processed a gob of fd's in %s msec",
3836 #endif /* DEBUG_TIMING */
3838 #endif /* !HAVE_IO_COMPLETION_PORT */
3841 * find an interface suitable for the src address
3844 select_peerinterface(
3846 sockaddr_u * srcadr,
3854 wild = ANY_INTERFACE_CHOOSE(srcadr);
3857 * Initialize the peer structure and dance the interface jig.
3858 * Reference clocks step the loopback waltz, the others
3859 * squaredance around the interface list looking for a buddy. If
3860 * the dance peters out, there is always the wildcard interface.
3861 * This might happen in some systems and would preclude proper
3862 * operation with public key cryptography.
3864 if (ISREFCLOCKADR(srcadr)) {
3865 ep = loopback_interface;
3866 } else if (peer->cast_flags &
3867 (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) {
3868 ep = findbcastinter(srcadr);
3870 DPRINTF(4, ("Found *-cast interface %s for address %s\n",
3871 stoa(&ep->sin), stoa(srcadr)));
3873 DPRINTF(4, ("No *-cast local address found for address %s\n",
3881 * If it is a multicast address, findbcastinter() may not find
3882 * it. For unicast, we get to find the interface when dstadr is
3883 * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either
3884 * way, try a little harder.
3887 ep = findinterface(srcadr);
3889 * we do not bind to the wildcard interfaces for output
3890 * as our (network) source address would be undefined and
3891 * crypto will not work without knowing the own transmit address
3893 if (ep != NULL && INT_WILDCARD & ep->flags)
3894 if (!accept_wildcard_if_for_winnt)
3896 #else /* SIM follows */
3897 ep = loopback_interface;
3905 * findinterface - find local interface corresponding to address
3914 iface = findlocalinterface(addr, INT_WILDCARD, 0);
3916 if (NULL == iface) {
3917 DPRINTF(4, ("Found no interface for address %s - returning wildcard\n",
3920 iface = ANY_INTERFACE_CHOOSE(addr);
3922 DPRINTF(4, ("Found interface #%d %s for address %s\n",
3923 iface->ifnum, iface->name, stoa(addr)));
3929 * findlocalinterface - find local interface corresponding to addr,
3930 * which does not have any of flags set. If bast is nonzero, addr is
3931 * a broadcast address.
3933 * This code attempts to find the local sending address for an outgoing
3934 * address by connecting a new socket to destinationaddress:NTP_PORT
3935 * and reading the sockname of the resulting connect.
3936 * the complicated sequence simulates the routing table lookup
3937 * for to first hop without duplicating any of the routing logic into
3938 * ntpd. preferably we would have used an API call - but its not there -
3939 * so this is the best we can do here short of duplicating to entire routing
3940 * logic in ntpd which would be a silly and really unportable thing to do.
3950 GETSOCKNAME_SOCKLEN_TYPE sockaddrlen;
3957 DPRINTF(4, ("Finding interface for addr %s in list of addresses\n",
3960 s = socket(AF(addr), SOCK_DGRAM, 0);
3961 if (INVALID_SOCKET == s)
3965 * If we are looking for broadcast interface we need to set this
3966 * socket to allow broadcast
3970 if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET,
3979 rtn = connect(s, &addr->sa, SOCKLEN(addr));
3980 if (SOCKET_ERROR == rtn) {
3985 sockaddrlen = sizeof(saddr);
3986 rtn = getsockname(s, &saddr.sa, &sockaddrlen);
3988 if (SOCKET_ERROR == rtn)
3991 DPRINTF(4, ("findlocalinterface: kernel maps %s to %s\n",
3992 stoa(addr), stoa(&saddr)));
3994 iface = getinterface(&saddr, flags);
3997 * if we didn't find an exact match on saddr, find the closest
3998 * available local address. This handles the case of the
3999 * address suggested by the kernel being excluded by nic rules
4000 * or the user's -I and -L options to ntpd.
4001 * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683
4002 * for more background.
4004 if (NULL == iface || iface->ignore_packets)
4005 iface = findclosestinterface(&saddr,
4006 flags | INT_LOOPBACK);
4008 /* Don't use an interface which will ignore replies */
4009 if (iface != NULL && iface->ignore_packets)
4017 * findclosestinterface
4019 * If there are -I/--interface or -L/novirtualips command-line options,
4020 * or "nic" or "interface" rules in ntp.conf, findlocalinterface() may
4021 * find the kernel's preferred local address for a given peer address is
4022 * administratively unavailable to ntpd, and punt to this routine's more
4025 * Find the numerically closest local address to the one connect()
4026 * suggested. This matches an address on the same subnet first, as
4027 * needed by Bug 1184, and provides a consistent choice if there are
4028 * multiple feasible local addresses, regardless of the order ntpd
4032 findclosestinterface(
4039 sockaddr_u addr_dist;
4040 sockaddr_u min_dist;
4042 ZERO_SOCK(&min_dist);
4045 for (ep = ep_list; ep != NULL; ep = ep->elink) {
4046 if (ep->ignore_packets ||
4047 AF(addr) != ep->family ||
4051 calc_addr_distance(&addr_dist, addr, &ep->sin);
4052 if (NULL == winner ||
4053 -1 == cmp_addr_distance(&addr_dist, &min_dist)) {
4054 min_dist = addr_dist;
4059 DPRINTF(4, ("findclosestinterface(%s) failed\n",
4062 DPRINTF(4, ("findclosestinterface(%s) -> %s\n",
4063 stoa(addr), stoa(&winner->sin)));
4070 * calc_addr_distance - calculate the distance between two addresses,
4071 * the absolute value of the difference between
4072 * the addresses numerically, stored as an address.
4077 const sockaddr_u * a1,
4078 const sockaddr_u * a2
4088 REQUIRE(AF(a1) == AF(a2));
4093 /* v4 can be done a bit simpler */
4097 v4dist = (a1val > a2val)
4100 SET_ADDR4(dist, v4dist);
4105 found_greater = FALSE;
4106 a1_greater = FALSE; /* suppress pot. uninit. warning */
4107 for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) {
4108 if (!found_greater &&
4109 NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) {
4110 found_greater = TRUE;
4111 a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]);
4113 if (!found_greater) {
4114 NSRCADR6(dist)[i] = 0;
4117 NSRCADR6(dist)[i] = NSRCADR6(a1)[i] -
4120 NSRCADR6(dist)[i] = NSRCADR6(a2)[i] -
4128 * cmp_addr_distance - compare two address distances, returning -1, 0,
4129 * 1 to indicate their relationship.
4133 const sockaddr_u * d1,
4134 const sockaddr_u * d2
4139 REQUIRE(AF(d1) == AF(d2));
4142 if (SRCADR(d1) < SRCADR(d2))
4144 else if (SRCADR(d1) == SRCADR(d2))
4150 for (i = 0; i < (int)sizeof(NSRCADR6(d1)); i++) {
4151 if (NSRCADR6(d1)[i] < NSRCADR6(d2)[i])
4153 else if (NSRCADR6(d1)[i] > NSRCADR6(d2)[i])
4163 * fetch an interface structure the matches the
4164 * address and has the given flags NOT set
4174 iface = find_addr_in_list(addr);
4176 if (iface != NULL && (iface->flags & flags))
4184 * findbcastinter - find broadcast interface corresponding to address
4194 #if !defined(MPE) && (defined(SIOCGIFCONF) || defined(SYS_WINNT))
4195 DPRINTF(4, ("Finding broadcast/multicast interface for addr %s in list of addresses\n",
4198 iface = findlocalinterface(addr, INT_LOOPBACK | INT_WILDCARD,
4200 if (iface != NULL) {
4201 DPRINTF(4, ("Easily found bcast-/mcast- interface index #%d %s\n",
4202 iface->ifnum, iface->name));
4207 * plan B - try to find something reasonable in our lists in
4208 * case kernel lookup doesn't help
4210 for (iface = ep_list; iface != NULL; iface = iface->elink) {
4211 if (iface->flags & INT_WILDCARD)
4214 /* Don't bother with ignored interfaces */
4215 if (iface->ignore_packets)
4219 * First look if this is the correct family
4221 if(AF(&iface->sin) != AF(addr))
4224 /* Skip the loopback addresses */
4225 if (iface->flags & INT_LOOPBACK)
4229 * If we are looking to match a multicast address and
4230 * this interface is one...
4232 if (addr_ismulticast(addr)
4233 && (iface->flags & INT_MULTICAST)) {
4234 #ifdef INCLUDE_IPV6_SUPPORT
4236 * ...it is the winner unless we're looking for
4237 * an interface to use for link-local multicast
4238 * and its address is not link-local.
4241 && IN6_IS_ADDR_MC_LINKLOCAL(PSOCK_ADDR6(addr))
4242 && !IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&iface->sin)))
4249 * We match only those interfaces marked as
4250 * broadcastable and either the explicit broadcast
4251 * address or the network portion of the IP address.
4254 if (IS_IPV4(addr)) {
4255 if (SOCK_EQ(&iface->bcast, addr))
4258 if ((NSRCADR(&iface->sin) & NSRCADR(&iface->mask))
4259 == (NSRCADR(addr) & NSRCADR(&iface->mask)))
4262 #ifdef INCLUDE_IPV6_SUPPORT
4263 else if (IS_IPV6(addr)) {
4264 if (SOCK_EQ(&iface->bcast, addr))
4267 if (SOCK_EQ(netof(&iface->sin), netof(addr)))
4272 #endif /* SIOCGIFCONF */
4273 if (NULL == iface) {
4274 DPRINTF(4, ("No bcast interface found for %s\n",
4276 iface = ANY_INTERFACE_CHOOSE(addr);
4278 DPRINTF(4, ("Found bcast-/mcast- interface index #%d %s\n",
4279 iface->ifnum, iface->name));
4287 * io_clr_stats - clear I/O module statistics
4292 packets_dropped = 0;
4293 packets_ignored = 0;
4294 packets_received = 0;
4296 packets_notsent = 0;
4300 io_timereset = current_time;
4306 * io_addclock - add a reference clock to the list and arrange that we
4307 * get SIGIO interrupts from it.
4311 struct refclockio *rio
4317 * Stuff the I/O structure in the list and mark the descriptor
4318 * in use. There is a harmless (I hope) race condition here.
4322 # ifdef HAVE_SIGNALED_IO
4323 if (init_clock_sig(rio)) {
4327 # elif defined(HAVE_IO_COMPLETION_PORT)
4328 if (!io_completion_port_add_clock_io(rio)) {
4337 LINK_SLIST(refio, rio, next);
4342 add_fd_to_list(rio->fd, FD_TYPE_FILE);
4350 * io_closeclock - close the clock in the I/O structure given
4354 struct refclockio *rio
4357 struct refclockio *unlinked;
4362 * Remove structure from the list
4364 rio->active = FALSE;
4365 UNLINK_SLIST(unlinked, refio, rio, next, struct refclockio);
4366 if (NULL != unlinked) {
4367 /* Close the descriptor. The order of operations is
4368 * important here in case of async / overlapped IO:
4369 * only after we have removed the clock from the
4370 * IO completion port we can be sure no further
4371 * input is queued. So...
4372 * - we first disable feeding to the queu by removing
4373 * the clock from the IO engine
4374 * - close the file (which brings down any IO on it)
4375 * - clear the buffer from results for this fd
4377 # ifdef HAVE_IO_COMPLETION_PORT
4378 io_completion_port_remove_clock_io(rio);
4380 close_and_delete_fd_from_list(rio->fd);
4381 purge_recv_buffers_for_fd(rio->fd);
4387 #endif /* REFCLOCK */
4391 * On NT a SOCKET is an unsigned int so we cannot possibly keep it in
4392 * an array. So we use one of the ISC_LIST functions to hold the
4393 * socket value and use that when we want to enumerate it.
4395 * This routine is called by the forked intres child process to close
4396 * all open sockets. On Windows there's no need as intres runs in
4397 * the same process as a thread.
4408 * In the child process we do not maintain activefds and
4409 * maxactivefd. Zeroing maxactivefd disables code which
4410 * maintains it in close_and_delete_fd_from_list().
4414 while (fd_list != NULL)
4415 close_and_delete_fd_from_list(fd_list->fd);
4419 #endif /* !SYS_WINNT */
4423 * Add and delete functions for the list of open sockets
4431 vsock_t *lsock = emalloc(sizeof(*lsock));
4436 LINK_SLIST(fd_list, lsock, link);
4437 maintain_activefds(fd, 0);
4442 close_and_delete_fd_from_list(
4448 UNLINK_EXPR_SLIST(lsock, fd_list, fd ==
4449 UNLINK_EXPR_SLIST_CURRENT()->fd, link, vsock_t);
4454 switch (lsock->type) {
4456 case FD_TYPE_SOCKET:
4457 closesocket(lsock->fd);
4461 closeserial((int)lsock->fd);
4466 "internal error - illegal descriptor type %d - EXITING",
4473 * remove from activefds
4475 maintain_activefds(fd, 1);
4488 if (find_addr_in_list(addr) == NULL) {
4490 /* not there yet - add to list */
4491 laddr = emalloc(sizeof(*laddr));
4492 laddr->addr = *addr;
4495 LINK_SLIST(remoteaddr_list, laddr, link);
4497 DPRINTF(4, ("Added addr %s to list of addresses\n",
4501 DPRINTF(4, ("WARNING: Attempt to add duplicate addr %s to address list\n",
4508 delete_addr_from_list(
4512 remaddr_t *unlinked;
4514 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, SOCK_EQ(addr,
4515 &(UNLINK_EXPR_SLIST_CURRENT()->addr)), link, remaddr_t);
4517 if (unlinked != NULL) {
4518 DPRINTF(4, ("Deleted addr %s from list of addresses\n",
4526 delete_interface_from_list(
4530 remaddr_t *unlinked;
4533 UNLINK_EXPR_SLIST(unlinked, remoteaddr_list, iface ==
4534 UNLINK_EXPR_SLIST_CURRENT()->ep, link,
4537 if (unlinked == NULL)
4539 DPRINTF(4, ("Deleted addr %s for interface #%d %s from list of addresses\n",
4540 stoa(&unlinked->addr), iface->ifnum,
4547 static struct interface *
4554 DPRINTF(4, ("Searching for addr %s in list of addresses - ",
4557 for (entry = remoteaddr_list;
4559 entry = entry->link)
4560 if (SOCK_EQ(&entry->addr, addr)) {
4561 DPRINTF(4, ("FOUND\n"));
4565 DPRINTF(4, ("NOT FOUND\n"));
4571 * Find the given address with the all given flags set in the list
4574 find_flagged_addr_in_list(
4581 DPRINTF(4, ("Finding addr %s with flags %d in list: ",
4582 stoa(addr), flags));
4584 for (entry = remoteaddr_list;
4586 entry = entry->link)
4588 if (SOCK_EQ(&entry->addr, addr)
4589 && (entry->ep->flags & flags) == flags) {
4591 DPRINTF(4, ("FOUND\n"));
4595 DPRINTF(4, ("NOT FOUND\n"));
4611 #ifdef HAS_ROUTING_SOCKET
4612 # ifndef UPDATE_GRACE
4613 # define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */
4617 process_routing_msgs(struct asyncio_reader *reader)
4621 #ifdef HAVE_RTNETLINK
4622 struct nlmsghdr *nh;
4624 struct rt_msghdr rtm;
4628 if (disable_dynamic_updates) {
4630 * discard ourselves if we are not needed any more
4631 * usually happens when running unprivileged
4633 remove_asyncio_reader(reader);
4634 delete_asyncio_reader(reader);
4638 cnt = read(reader->fd, buffer, sizeof(buffer));
4641 if (errno == ENOBUFS) {
4643 "routing socket reports: %m");
4646 "routing socket reports: %m - disabling");
4647 remove_asyncio_reader(reader);
4648 delete_asyncio_reader(reader);
4654 * process routing message
4656 #ifdef HAVE_RTNETLINK
4657 for (nh = UA_PTR(struct nlmsghdr, buffer);
4659 nh = NLMSG_NEXT(nh, cnt)) {
4660 msg_type = nh->nlmsg_type;
4663 (p + sizeof(struct rt_msghdr)) <= (buffer + cnt);
4664 p += rtm.rtm_msglen) {
4665 memcpy(&rtm, p, sizeof(rtm));
4666 if (rtm.rtm_version != RTM_VERSION) {
4668 "version mismatch (got %d - expected %d) on routing socket - disabling",
4669 rtm.rtm_version, RTM_VERSION);
4671 remove_asyncio_reader(reader);
4672 delete_asyncio_reader(reader);
4675 msg_type = rtm.rtm_type;
4702 #ifdef RTM_IFANNOUNCE
4703 case RTM_IFANNOUNCE:
4718 * we are keen on new and deleted addresses and
4719 * if an interface goes up and down or routing
4722 DPRINTF(3, ("routing message op = %d: scheduling interface update\n",
4724 timer_interfacetimeout(current_time + UPDATE_GRACE);
4726 #ifdef HAVE_RTNETLINK
4728 /* end of multipart message */
4733 * the rest doesn't bother us.
4735 DPRINTF(4, ("routing message op = %d: ignored\n",
4743 * set up routing notifications
4746 init_async_notifications()
4748 struct asyncio_reader *reader;
4749 #ifdef HAVE_RTNETLINK
4750 int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
4751 struct sockaddr_nl sa;
4753 int fd = socket(PF_ROUTE, SOCK_RAW, 0);
4757 "unable to open routing socket (%m) - using polled interface update");
4762 #ifdef HAVE_RTNETLINK
4764 sa.nl_family = PF_NETLINK;
4765 sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR
4766 | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE
4767 | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE
4768 | RTMGRP_IPV6_MROUTE;
4769 if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
4771 "bind failed on routing socket (%m) - using polled interface update");
4775 make_socket_nonblocking(fd);
4776 #if defined(HAVE_SIGNALED_IO)
4777 init_socket_sig(fd);
4778 #endif /* HAVE_SIGNALED_IO */
4780 reader = new_asyncio_reader();
4783 reader->receiver = process_routing_msgs;
4785 add_asyncio_reader(reader, FD_TYPE_SOCKET);
4787 "Listening on routing socket on fd #%d for interface updates",
4791 /* HAS_ROUTING_SOCKET not defined */
4793 init_async_notifications(void)
projects / FreeBSD / releng / 10.2.git / blob