1 files changed, 106 insertions, 89 deletions
diff --git a/include/ntp.h b/include/ntp.h
index d7e87582d708..38343f23a705 100644
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -9,10 +9,9 @@
 
 #include <ntp_fp.h>
 #include <ntp_types.h>
+#include <ntp_lists.h>
 #include <ntp_stdlib.h>
-#ifdef OPENSSL
 #include <ntp_crypto.h>
-#endif /* OPENSSL */
 #include <ntp_random.h>
 #include <ntp_net.h>
 
@@ -90,12 +89,6 @@ typedef char s_char;
 #  undef SO_SNDBUF
 # endif
 #endif
-#ifndef TRUE
-# define TRUE 1
-#endif /* TRUE */
-#ifndef FALSE
-# define FALSE 0
-#endif /* FALSE */
 
 /*
  * NTP protocol parameters.  See section 3.2.6 of the specification.
@@ -113,7 +106,7 @@ typedef char s_char;
 #define NTP_MAXDPOLL	10	/* log2 default max poll (~17 m) */
 #define	NTP_MAXPOLL	17	/* log2 max poll interval (~36 h) */
 #define	NTP_RETRY	3	/* max packet retries */
-#define	NTP_MINPKT	1	/* log2 min interburst interval (2 s) */
+#define	NTP_MINPKT	2	/* guard time (s) */
 
 /*
  * Clock filter algorithm tuning parameters
@@ -127,7 +120,6 @@ typedef char s_char;
  */
 #define	NTP_MINCLOCK	3	/* min survivors */
 #define	NTP_MAXCLOCK	10	/* max candidates */
-#define	NTP_MAXASSOC	50	/* max associations */
 #define MINDISPERSE	.001	/* min distance */
 #define MAXDISTANCE	1.5	/* max root distance (select threshold) */
 #define CLOCK_SGATE	3.	/* popcorn spike gate */
@@ -136,6 +128,7 @@ typedef char s_char;
 #define MAX_TTL		8	/* max ttl mapping vector size */
 #define	BEACON		7200	/* manycast beacon interval */
 #define NTP_MAXEXTEN	2048	/* max extension field size */
+#define	NTP_ORPHWAIT	300	/* orphan wair (s) */
 
 /*
  * Miscellaneous stuff
@@ -145,7 +138,7 @@ typedef char s_char;
 /*
  * Limits of things
  */
-#define	MAXFILENAME	128	/* max length of file name */
+#define	MAXFILENAME	256	/* max length of file name */
 #define MAXHOSTNAME	512	/* max length of host/node name */
 #define NTP_MAXSTRLEN	256	/* max string length */
 
@@ -163,10 +156,9 @@ typedef char s_char;
 #define SQUARE(x) ((x) * (x))
 #define SQRT(x) (sqrt(x))
 #define DIFF(x, y) (SQUARE((x) - (y)))
-#define LOGTOD(a)	((a) < 0 ? 1. / (1L << -(a)) : \
-			    1L << (int)(a)) /* log2 to double */
+#define LOGTOD(a)	ldexp(1., (int)(a)) /* log2 to double */
 #define UNIVAR(x)	(SQUARE(.28867513 * LOGTOD(x))) /* std uniform distr */
-#define ULOGTOD(a)	(1L << (int)(a)) /* ulog2 to double */
+#define ULOGTOD(a)	ldexp(1., (int)(a)) /* ulog2 to double */
 
 #define	EVENT_TIMEOUT	0	/* one second, that is */
 
@@ -214,11 +206,12 @@ struct interface {
 #define	INT_LOOPBACK	0x004	/* the loopback interface */
 #define	INT_BROADCAST	0x008	/* can broadcast out this interface */
 #define INT_MULTICAST	0x010	/* can multicast out this interface */
-#define	INT_BCASTOPEN	0x020	/* broadcast socket is open */
+#define	INT_BCASTOPEN	0x020	/* broadcast receive socket is open */
 #define INT_MCASTOPEN	0x040	/* multicasting enabled */
 #define INT_WILDCARD	0x080	/* wildcard interface - usually skipped */
 #define INT_MCASTIF	0x100	/* bound directly to MCAST address */
 #define INT_PRIVACY	0x200	/* RFC 4941 IPv6 privacy address */
+#define INT_BCASTXMIT	0x400   /* socket setup to allow broadcasts */
 
 /*
  * Define flasher bits (tests 1 through 11 in packet procedure)
@@ -254,10 +247,14 @@ struct interface {
  * spec.
  */
 struct peer {
-	struct peer *next;	/* link pointer in peer hash */
-	struct peer *ass_next;	/* link pointer in associd hash */
+	struct peer *p_link;	/* link pointer in free & peer lists */
+	struct peer *adr_link;	/* link pointer in address hash */
+	struct peer *aid_link;	/* link pointer in associd hash */
 	struct peer *ilink;	/* list of peers for interface */
 	sockaddr_u srcadr;	/* address of remote host */
+	char *	hostname;	/* if non-NULL, remote name */
+	struct addrinfo *addrs;	/* hostname query result */
+	struct addrinfo *ai;	/* position within addrs */
 	endpt *	dstadr;		/* local address */
 	associd_t associd;	/* association ID */
 	u_char	version;	/* version number */
@@ -269,7 +266,8 @@ struct peer {
 	u_char	cast_flags;	/* additional flags */
 	u_char	last_event;	/* last peer error code */
 	u_char	num_events;	/* number of error events */
-	u_char	ttl;		/* ttl/refclock mode */
+	u_int32	ttl;		/* ttl/refclock mode */
+	char	*ident;		/* group identifier name */
 
 	/*
 	 * Variables used by reference clock support
@@ -298,7 +296,7 @@ struct peer {
 	 * Variables used by authenticated client
 	 */
 	keyid_t keyid;		/* current key ID */
-#ifdef OPENSSL
+#ifdef AUTOKEY
 #define clear_to_zero opcode
 	u_int32	opcode;		/* last request opcode */
 	associd_t assoc;	/* peer association ID */
@@ -326,9 +324,9 @@ struct peer {
 	int	keynumber;	/* current key number */
 	struct value encrypt;	/* send encrypt values */
 	struct value sndval;	/* send autokey values */
-#else /* OPENSSL */
+#else	/* !AUTOKEY follows */
 #define clear_to_zero status
-#endif /* OPENSSL */
+#endif	/* !AUTOKEY */
 
 	/*
 	 * Ephemeral state variables
@@ -357,7 +355,7 @@ struct peer {
 	double	jitter;		/* peer jitter (squares) */
 	double	disp;		/* peer dispersion */
 	double	xleave;		/* interleave delay */
-	double	bias;		/* bias for NIC asymmetry */
+	double	bias;		/* programmed offset bias */
 
 	/*
 	 * Variables used to correct for packet length and asymmetry.
@@ -379,8 +377,6 @@ struct peer {
 	int	throttle;	/* rate control */
 	u_long	outdate;	/* send time last packet */
 	u_long	nextdate;	/* send time next packet */
-	u_long	nextaction;	/* peer local activity timeout (refclocks) */
-	void (*action) (struct peer *); /* action timeout function */
 
 	/*
 	 * Statistic counters
@@ -413,7 +409,7 @@ struct peer {
  * function. MODE_CONTROL and MODE_PRIVATE can appear in packets,
  * but those never survive to the transition function.
  * is a
- */
+/ */
 #define	MODE_UNSPEC	0	/* unspecified (old version) */
 #define	MODE_ACTIVE	1	/* symmetric active mode */
 #define	MODE_PASSIVE	2	/* symmetric passive mode */
@@ -467,19 +463,13 @@ struct peer {
  */
 #define	CLEAR_TO_ZERO(p)	((char *)&((p)->clear_to_zero))
 #define	END_CLEAR_TO_ZERO(p)	((char *)&((p)->end_clear_to_zero))
-#define	LEN_CLEAR_TO_ZERO	(END_CLEAR_TO_ZERO((struct peer *)0) \
-				    - CLEAR_TO_ZERO((struct peer *)0))
+#define	LEN_CLEAR_TO_ZERO(p)	(END_CLEAR_TO_ZERO(p) - CLEAR_TO_ZERO(p))
 #define CRYPTO_TO_ZERO(p)	((char *)&((p)->clear_to_zero))
 #define END_CRYPTO_TO_ZERO(p)	((char *)&((p)->end_clear_to_zero))
 #define LEN_CRYPTO_TO_ZERO	(END_CRYPTO_TO_ZERO((struct peer *)0) \
 				    - CRYPTO_TO_ZERO((struct peer *)0))
 
 /*
- * Reference clock identifiers (for pps signal)
- */
-#define PPSREFID (u_int32)"PPS "	/* used when pps controls stratum>1 */
-
-/*
  * Reference clock types.  Added as necessary.
  */
 #define	REFCLK_NONE		0	/* unknown or missing */
@@ -526,7 +516,9 @@ struct peer {
 #define REFCLK_ZYFER		42	/* Zyfer GPStarplus receiver  */
 #define REFCLK_RIPENCC		43	/* RIPE NCC Trimble driver */
 #define REFCLK_NEOCLOCK4X	44	/* NeoClock4X DCF77 or TDF receiver */
-#define REFCLK_MAX		44	/* NeoClock4X DCF77 or TDF receiver */
+#define REFCLK_TSYNCPCI		45	/* Spectracom TSYNC PCI timing board */
+#define REFCLK_GPSDJSON		46
+#define REFCLK_MAX		46
 
 
 /*
@@ -564,13 +556,19 @@ struct pkt {
 	 * response, so the maximum total extension field length is 864
 	 * octets. But, to handle humungus certificates, the bank must
 	 * be broke.
+	 *
+	 * The different definitions of the 'exten' field are here for
+	 * the benefit of applications that want to send a packet from
+	 * an auto variable in the stack - not using the AUTOKEY version
+	 * saves 2KB of stack space. The receive buffer should ALWAYS be
+	 * big enough to hold a full extended packet if the extension
+	 * fields have to be parsed or skipped.
 	 */
-#ifdef OPENSSL
-	u_int32	exten[NTP_MAXEXTEN / 4]; /* max extension field */
-#else /* OPENSSL */
-	u_int32	exten[1];	/* misused */
-#endif /* OPENSSL */
-	u_char	mac[MAX_MAC_LEN]; /* mac */
+#ifdef AUTOKEY
+	u_int32	exten[(NTP_MAXEXTEN + MAX_MAC_LEN) / sizeof(u_int32)];
+#else	/* !AUTOKEY follows */
+	u_int32	exten[(MAX_MAC_LEN) / sizeof(u_int32)];
+#endif	/* !AUTOKEY */
 };
 
 /*
@@ -581,10 +579,11 @@ struct pkt {
 #define	PKT_LEAP(li_vn_mode)	((u_char)(((li_vn_mode) >> 6) & 0x3))
 
 /*
- * Stuff for putting things back into li_vn_mode
+ * Stuff for putting things back into li_vn_mode in packets and vn_mode
+ * in ntp_monitor.c's mon_entry.
  */
-#define	PKT_LI_VN_MODE(li, vn, md) \
-	((u_char)((((li) << 6) & 0xc0) | (((vn) << 3) & 0x38) | ((md) & 0x7)))
+#define VN_MODE(v, m)		((((v) & 7) << 3) | ((m) & 0x7))
+#define	PKT_LI_VN_MODE(l, v, m) ((((l) & 3) << 6) | VN_MODE((v), (m)))
 
 
 /*
@@ -622,7 +621,6 @@ struct pkt {
 #define	EVNT_KERN	13	/* kernel event */
 #define	EVNT_TAI	14	/* TAI */
 #define	EVNT_LEAPVAL	15	/* stale leapsecond values */
-#define	EVNT_CLKHOP	16	/* clockhop */
 
 /*
  * Peer event codes
@@ -642,7 +640,6 @@ struct pkt {
 #define	PEVNT_POPCORN	(13 | PEER_EVENT) /* popcorn */
 #define	PEVNT_XLEAVE	(14 | PEER_EVENT) /* interleave mode */
 #define	PEVNT_XERR	(15 | PEER_EVENT) /* interleave error */
-#define	PEVNT_TAI	(16 | PEER_EVENT) /* TAI */
 
 /*
  * Clock event codes
@@ -666,9 +663,9 @@ struct pkt {
  * To speed lookups, peers are hashed by the low order bits of the
  * remote IP address. These definitions relate to that.
  */
-#define	NTP_HASH_SIZE	128
-#define	NTP_HASH_MASK	(NTP_HASH_SIZE-1)
-#define	NTP_HASH_ADDR(src)	sock_hash(src)
+#define	NTP_HASH_SIZE		128
+#define	NTP_HASH_MASK		(NTP_HASH_SIZE-1)
+#define	NTP_HASH_ADDR(src)	(sock_hash(src) & NTP_HASH_MASK)
 
 /*
  * min, min3 and max.  Makes it easier to transliterate the spec without
@@ -704,16 +701,18 @@ struct pkt {
 #define PROTO_CALLDELAY		20
 #define PROTO_MINDISP		21
 #define PROTO_MAXDIST		22
-#define PROTO_ADJ		23
+	/* available		23 */
 #define	PROTO_MAXHOP		24
 #define	PROTO_BEACON		25
 #define	PROTO_ORPHAN		26
+#define	PROTO_ORPHWAIT		27
+#define	PROTO_MODE7		28
 
 /*
  * Configuration items for the loop filter
  */
-#define	LOOP_DRIFTINIT		1	/* set initial frequency offset */
-#define LOOP_DRIFTCOMP		2	/* set frequency offset */
+#define	LOOP_DRIFTINIT		1	/* iniitialize frequency */
+#define	LOOP_KERN_CLEAR		2	/* set initial frequency offset */
 #define LOOP_MAX		3	/* set step offset */
 #define LOOP_PANIC		4	/* set panic offseet */
 #define LOOP_PHI		5	/* set dispersion rate */
@@ -722,9 +721,9 @@ struct pkt {
 #define LOOP_ALLAN		8	/* set minimum Allan intercept */
 #define LOOP_HUFFPUFF		9	/* set huff-n'-puff filter length */
 #define LOOP_FREQ		10	/* set initial frequency */
-#define LOOP_KERN_CLEAR		11	/* reset kernel pll parameters */
-#define LOOP_CODEC		12	/* set audio codec frequency */
-#define	LOOP_LEAP		13	/* insert leap after second 23:59 */
+#define LOOP_CODEC		11	/* set audio codec frequency */
+#define	LOOP_LEAP		12	/* insert leap after second 23:59 */
+#define	LOOP_TICK		13	/* sim. low precision clock */
 
 /*
  * Configuration items for the stats printer
@@ -744,40 +743,51 @@ struct pkt {
 /*
  * Structure used optionally for monitoring when this is turned on.
  */
+typedef struct mon_data	mon_entry;
 struct mon_data {
-	struct mon_data *hash_next;	/* next structure in hash list */
-	struct mon_data *mru_next;	/* next structure in MRU list */
-	struct mon_data *mru_prev;	/* previous structure in MRU list */
-	int	flags;			/* restrict flags */
-	int	leak;			/* leaky bucket accumulator */
-	int	count;			/* total packet count */
-	u_long	firsttime;		/* first time found */
-	u_long	lasttime;		/* last time found */
-	sockaddr_u rmtadr;		/* address of remote host */
-	struct interface *interface;	/* interface on which this arrived */
-	u_short	rmtport;		/* remote port last came from */
-	u_char	mode;			/* packet mode */
-	u_char	version;		/* packet version */
-	u_char	cast_flags;		/* flags MDF_?CAST */
+	mon_entry *	hash_next;	/* next structure in hash list */
+	DECL_DLIST_LINK(mon_entry, mru);/* MRU list link pointers */
+	struct interface * lcladr;	/* address on which this arrived */
+	l_fp		first;		/* first time seen */
+	l_fp		last;		/* last time seen */
+	int		leak;		/* leaky bucket accumulator */
+	int		count;		/* total packet count */
+	u_short		flags;		/* restrict flags */
+	u_char		vn_mode;	/* packet mode & version */
+	u_char		cast_flags;	/* flags MDF_?CAST */
+	sockaddr_u	rmtadr;		/* address of remote host */
 };
 
 /*
- * Values for cast_flags
+ * Values for cast_flags in mon_entry and struct peer.  mon_entry uses
+ * only the first three, MDF_UCAST, MDF_MCAST, and MDF_BCAST.
  */
-#define	MDF_UCAST	0x01		/* unicast */
-#define	MDF_MCAST	0x02		/* multicast */
-#define	MDF_BCAST	0x04		/* broadcast */
-#define	MDF_LCAST	0x08		/* localcast */
-#define MDF_ACAST	0x10		/* manycast */
-#define	MDF_BCLNT	0x20		/* broadcast client */
-#define MDF_ACLNT	0x40		/* manycast client */
-
+#define	MDF_UCAST	0x01	/* unicast client */
+#define	MDF_MCAST	0x02	/* multicast server */
+#define	MDF_BCAST	0x04	/* broadcast server */
+#define	MDF_POOL	0x08	/* pool client solicitor */
+#define MDF_ACAST	0x10	/* manycast client solicitor */
+#define	MDF_BCLNT	0x20	/* eph. broadcast/multicast client */
+#define MDF_UCLNT	0x40	/* preemptible manycast or pool client */
+/*
+ * In the context of struct peer in ntpd, three of the cast_flags bits
+ * represent configured associations which never receive packets, and
+ * whose reach is always 0: MDF_BCAST, MDF_MCAST, and MDF_ACAST.  The
+ * last can be argued as responses are received, but those responses do
+ * not affect the MDF_ACAST association's reach register, rather they
+ * (may) result in mobilizing ephemeral MDF_ACLNT associations.
+ */
+#define MDF_TXONLY_MASK	(MDF_BCAST | MDF_MCAST | MDF_ACAST | MDF_POOL)
+/*
+ * manycastclient-like solicitor association cast_flags bits
+ */
+#define MDF_SOLICIT_MASK	(MDF_ACAST | MDF_POOL)
 /*
  * Values used with mon_enabled to indicate reason for enabling monitoring
  */
-#define MON_OFF    0x00			/* no monitoring */
-#define MON_ON     0x01			/* monitoring explicitly enabled */
-#define MON_RES    0x02			/* implicit monitoring for RES_LIMITED */
+#define MON_OFF		0x00		/* no monitoring */
+#define MON_ON		0x01		/* monitoring explicitly enabled */
+#define MON_RES		0x02		/* implicit monitoring for RES_LIMITED */
 /*
  * Structure used for restrictlist entries
  */
@@ -797,6 +807,7 @@ struct restrict_u_tag {
 	u_int32			count;	/* number of packets matched */
 	u_short			flags;	/* accesslist flags */
 	u_short			mflags;	/* match flags */
+	u_long			expire;	/* valid until time */
 	union {				/* variant starting here */
 		res_addr4 v4;
 		res_addr6 v6;
@@ -807,7 +818,6 @@ struct restrict_u_tag {
 #define	V6_SIZEOF_RESTRICT_U	(offsetof(restrict_u, u)	\
 				 + sizeof(res_addr6))
 
-
 /*
  * Access flags
  */
@@ -826,20 +836,23 @@ struct restrict_u_tag {
 #define	RES_NOTRAP		0x0100	/* mode 6/7 set trap denied */
 #define	RES_LPTRAP		0x0200	/* mode 6/7 low priority trap */
 
-#define RES_KOD			0x0400	/* send kiss of death packet */
+#define	RES_KOD			0x0400	/* send kiss of death packet */
 #define	RES_MSSNTP		0x0800	/* enable MS-SNTP authentication */
-#define RES_TIMEOUT		0x1000	/* timeout this entry */
+#define	RES_FLAKE		0x1000	/* flakeway - drop 10% */
+#define	RES_NOMRULIST		0x2000	/* mode 6 mrulist denied */
 
-#define	RES_ALLFLAGS		(RES_FLAGS | RES_NOQUERY |\
-				    RES_NOMODIFY | RES_NOTRAP |\
-				    RES_LPTRAP | RES_KOD |\
-				    RES_MSSNTP | RES_TIMEOUT)
+#define	RES_ALLFLAGS		(RES_FLAGS | RES_NOQUERY |	\
+				 RES_NOMODIFY | RES_NOTRAP |	\
+				 RES_LPTRAP | RES_KOD |		\
+				 RES_MSSNTP | RES_FLAKE |	\
+				 RES_NOMRULIST)
 
 /*
  * Match flags
  */
 #define	RESM_INTERFACE		0x1000	/* this is an interface */
-#define	RESM_NTPONLY		0x2000	/* match ntp port only */
+#define	RESM_NTPONLY		0x2000	/* match source port 123 */
+#define RESM_SOURCE		0x4000	/* from "restrict source" */
 
 /*
  * Restriction configuration ops
@@ -847,7 +860,7 @@ struct restrict_u_tag {
 #define	RESTRICT_FLAGS		1	/* add flags to restrict entry */
 #define	RESTRICT_UNFLAG		2	/* remove flags from restrict entry */
 #define	RESTRICT_REMOVE		3	/* remove a restrict entry */
-#define	RESTRICT_REMOVEIF       4	/* remove an interface restrict entry */
+#define	RESTRICT_REMOVEIF	4	/* remove an interface restrict entry */
 
 /*
  * Endpoint structure for the select algorithm
@@ -865,7 +878,7 @@ struct endpoint {
 #define AM_PROCPKT	1		/* server/symmetric packet */	
 #define AM_BCST		2		/* broadcast packet */	
 #define AM_FXMIT	3		/* client packet */
-#define AM_MANYCAST	4		/* manycast packet */
+#define AM_MANYCAST	4		/* manycast or pool */
 #define AM_NEWPASS	5		/* new passive */
 #define AM_NEWBCL	6		/* new broadcast */
 #define	AM_POSSBCL	7		/* discard broadcast */
@@ -875,4 +888,8 @@ struct endpoint {
 #define NETINFO_CONFIG_DIR "/config/ntp"
 #endif
 
+/* ntpq -c mrulist rows per request limit in ntpd */
+#define MRU_ROW_LIMIT	256
+/* similar datagrams per response limit for ntpd */
+#define MRU_FRAGS_LIMIT	128
 #endif /* NTP_H */