Compare revisions

Eric S. Raymond · Eric S. Raymond · b0661b79 · b0661b79 · b0661b79 · b0661b79
--- a/include/ntp.h
+++ b/include/ntp.h
@@ -615,11 +615,11 @@ struct pkt {
 */
 #define	PROTO_BROADCLIENT	1	/* (not used) */
 #define	PROTO_PRECISION		2	/* (not used) */
-#define	PROTO_AUTHENTICATE	3
+#define	PROTO_AUTHENTICATE	3	/* (not used) */
 #define	PROTO_BROADDELAY	4	/* (not used) */
 #define	PROTO_AUTHDELAY		5
-#define PROTO_MULTICAST_ADD	6
-#define PROTO_MULTICAST_DEL	7
+#define PROTO_MULTICAST_ADD	6	/* (not used) */
+#define PROTO_MULTICAST_DEL	7	/* (not used) */
 #define PROTO_NTP		8
 #define PROTO_KERNEL		9
 #define PROTO_MONITOR		10
@@ -672,6 +672,7 @@ struct pkt {

 /*
 * Default parameters.  We use these in the absence of something better.
+ * (Historical relic - muliticast mode has been removed for security reasons.)
 */
 #define INADDR_NTP	0xe0000101	/* NTP multicast address 224.0.1.1 */

@@ -695,28 +696,25 @@ struct mon_data {

 /*
 * Values for cast_flags in mon_entry and struct peer.  mon_entry uses
- * only the first three, MDF_UCAST, MDF_MCAST, and MDF_BCAST.
+ * only MDF_UCAST and MDF_BCAST.
 */
 #define	MDF_UCAST	0x01	/* unicast client */
-#define	MDF_MCAST	0x02	/* multicast server */
+#define	MDF_MCAST	0x02	/* multicast server (not used) */
 #define	MDF_BCAST	0x04	/* broadcast server */
 #define	MDF_POOL	0x08	/* pool client solicitor */
-#define MDF_ACAST	0x10	/* manycast client solicitor */
+#define MDF_ACAST	0x10	/* manycast client solicitor (not used) */
 #define	MDF_BCLNT	0x20	/* eph. broadcast/multicast client (not used) */
 #define MDF_UCLNT	0x40	/* preemptible manycast or pool client */
 /*
- * In the context of struct peer in ntpd, three of the cast_flags bits
+ * In the context of struct peer in ntpd, one cast_flags bit
 * represent configured associations which never receive packets, and
- * whose reach is always 0: MDF_BCAST, MDF_MCAST, and MDF_ACAST.  The
- * last can be argued as responses are received, but those responses do
- * not affect the MDF_ACAST association's reach register, rather they
- * (may) result in mobilizing ephemeral MDF_ACLNT associations.
+ * whose reach is always 0: MDF_BCAST
 */
-#define MDF_TXONLY_MASK	(MDF_BCAST | MDF_MCAST | MDF_ACAST | MDF_POOL)
+#define MDF_TXONLY_MASK	(MDF_BCAST | MDF_POOL)
 /*
 * manycastclient-like solicitor association cast_flags bits
 */
-#define MDF_SOLICIT_MASK	(MDF_ACAST | MDF_POOL)
+#define MDF_SOLICIT_MASK	MDF_POOL
 /*
 * Values used with mon_enabled to indicate reason for enabling monitoring
 */

--- a/include/ntpd.h
+++ b/include/ntpd.h
@@ -186,7 +186,6 @@ extern	void	init_proto	(const bool);
 extern	void	set_sys_tick_precision(double);
 extern	void	proto_config	(int, u_long, double);
 extern	void	proto_clr_stats (void);
-extern  void    proto_dump(FILE *);

 /* ntp_refclock.c */
 #ifdef	REFCLOCK
@@ -398,7 +397,6 @@ extern int	sys_minclock;		/* minimum candidates */
 /*
 * Nonspecified system state variables.
 */
-extern bool	sys_authenticate;	/* requre authentication for config */
 extern l_fp	sys_authdelay;		/* authentication delay */
 extern u_long 	sys_epoch;		/* last clock update time */
 extern keyid_t	sys_private;		/* private value for session seed */

--- a/ntpd/ntp_config.c
+++ b/ntpd/ntp_config.c
@@ -225,13 +225,6 @@ static void free_config_ttl(config_tree *);
 static void free_config_unpeers(config_tree *);
 static void free_config_vars(config_tree *);

-static void destroy_address_fifo(address_fifo *);
-#define FREE_ADDRESS_FIFO(pf)			\
-	do {					\
-		destroy_address_fifo(pf);	\
-		(pf) = NULL;			\
-	} while (0)
-       void free_all_config_trees(void);	/* atexit() */
 static void free_config_tree(config_tree *ptree);

 static void destroy_restrict_node(restrict_node *my_node);
@@ -1137,25 +1130,6 @@ create_addr_opts_node(
 * ------------------------------------------
 */

-static void
-destroy_address_fifo(
-	address_fifo *	pfifo
-	)
-{
-	address_node *	addr_node;
-
-	if (pfifo != NULL) {
-		for (;;) {
-			UNLINK_FIFO(addr_node, *pfifo, link);
-			if (addr_node == NULL)
-				break;
-			destroy_address_node(addr_node);
-		}
-		free(pfifo);
-	}
-}
-
-
 static void
 config_auth(
 	config_tree *ptree
@@ -2690,18 +2664,12 @@ peer_config(
 	 */
 	switch (hmode) {
 	case MODE_BROADCAST:
-
-	    if (IS_MCAST(srcadr))
-			cast_flags = MDF_MCAST;
-		else
-			cast_flags = MDF_BCAST;
+		cast_flags = MDF_BCAST;
 		break;

 	case MODE_CLIENT:
 		if (hostname != NULL && SOCK_UNSPEC(srcadr))
 			cast_flags = MDF_POOL;
-		else if (IS_MCAST(srcadr))
-			cast_flags = MDF_ACAST;
 		else
 			cast_flags = MDF_UCAST;
 		break;
@@ -2720,7 +2688,7 @@ peer_config(
 	ctl->flags |= FLAG_CONFIG;
 	if (mode_ntpdate)
 		ctl->flags |= FLAG_IBURST;
-	if ((MDF_ACAST | MDF_POOL) & cast_flags)
+	if (MDF_POOL & cast_flags)
 		ctl->flags &= ~FLAG_PREEMPT;
 	return newpeer(srcadr, hostname, dstadr, hmode, ctl->version,
 		       ctl->minpoll, ctl->maxpoll, ctl->flags,

--- a/ntpd/ntp_control.c
+++ b/ntpd/ntp_control.c
@@ -697,7 +697,7 @@ ctl_error(
 	/*
 	 * send packet and bump counters
 	 */
-	if (res_authenticate && sys_authenticate) {
+	if (res_authenticate) {
 		maclen = authencrypt(res_keyid, (uint32_t *)&rpkt,
 				     CTL_HEADER_LEN);
 		sendpkt(rmt_addr, lcl_inter, -2, &rpkt,	CTL_HEADER_LEN + maclen);
@@ -803,8 +803,7 @@ process_control(
 	properlen = (properlen + 7) & ~7;
 	maclen = rbufp->recv_length - properlen;
 	if ((rbufp->recv_length & 3) == 0 &&
-	    maclen >= MIN_MAC_LEN && maclen <= MAX_MAC_LEN &&
-	    sys_authenticate) {
+	    maclen >= MIN_MAC_LEN && maclen <= MAX_MAC_LEN) {
 		res_authenticate = true;
 		pkid = (void *)((char *)pkt + properlen);
 		res_keyid = ntohl(*pkid);
@@ -970,7 +969,7 @@ ctl_flushpkt(
 			(res_opcode & CTL_OP_MASK);
 	rpkt.count = htons((u_short)dlen);
 	rpkt.offset = htons((u_short)res_offset);
-	if (res_authenticate && sys_authenticate) {
+	if (res_authenticate) {
 		totlen = sendlen;
 		/*
 		 * If we are going to authenticate, then there

--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
@@ -2422,9 +2422,7 @@ read_network_packet(
 	 * put it on the full list and do bookkeeping.
 	 */
 	rb->dstadr = itf;
-	rb->cast_flags = (uint8_t)(((rb->dstadr->flags &
-				     INT_MCASTOPEN) && rb->fd == rb->dstadr->fd) ? MDF_MCAST
-				   : rb->fd == rb->dstadr->bfd ? MDF_BCAST : MDF_UCAST);
+	rb->cast_flags = (uint8_t)(rb->fd == rb->dstadr->bfd ? MDF_BCAST : MDF_UCAST);
 	rb->fd = fd;
 #ifdef USE_PACKET_TIMESTAMP
 	/* pick up a network time stamp if possible */
@@ -2685,8 +2683,7 @@ select_peerinterface(
 	 */
 	if (IS_PEER_REFCLOCK(peer)) {
 		ep = loopback_interface;
-	} else if (peer->cast_flags &
-		   (MDF_BCLNT | MDF_ACAST | MDF_MCAST | MDF_BCAST)) {
+	} else if (peer->cast_flags & MDF_BCAST) {
 		ep = findbcastinter(srcadr);
 		if (ep != NULL)
 			DPRINTF(4, ("Found *-cast interface %s for address %s\n",

--- a/ntpd/ntp_parser.y
+++ b/ntpd/ntp_parser.y
@@ -1082,8 +1082,7 @@ system_option
 	;

 system_option_flag_keyword
-	:	T_Auth
-	|	T_Calibrate
+	:	T_Calibrate
 	|	T_Kernel
 	|	T_Monitor
 	|	T_Ntp

--- a/ntpd/ntp_peer.c
+++ b/ntpd/ntp_peer.c
@@ -216,12 +216,8 @@ findexistingpeer_addr(
 	/*
 	 * start_peer is included so we can locate instances of the
 	 * same peer through different interfaces in the hash table.
-	 * Without MDF_BCLNT, a match requires the same mode and remote
-	 * address.  MDF_BCLNT associations start out as MODE_CLIENT
-	 * if broadcastdelay is not specified, and switch to
-	 * MODE_BCLIENT after estimating the one-way delay.  Duplicate
-	 * associations are expanded in definition to match any other
-	 * MDF_BCLNT with the same srcadr (remote, unicast address).
+	 * A match requires the same mode and remote
+	 * address. 
 	 */
 	if (NULL == start_peer)
 		peer = peer_hash[NTP_HASH_ADDR(addr)];
@@ -232,9 +228,7 @@ findexistingpeer_addr(
 		DPRINTF(3, ("%s %s %d %d 0x%x 0x%x ", sockporttoa(addr),
 			sockporttoa(&peer->srcadr), mode, peer->hmode,
 			(u_int)cast_flags, (u_int)peer->cast_flags));
-		if ((-1 == mode || peer->hmode == mode ||
-		     ((MDF_BCLNT & peer->cast_flags) &&
-		      (MDF_BCLNT & cast_flags))) &&
+		if ((-1 == mode || peer->hmode == mode) &&
 		    ADDR_PORT_EQ(addr, &peer->srcadr)) {
 			DPRINTF(3, ("found.\n"));
 			break;
@@ -571,7 +565,6 @@ peer_refresh_interface(
 	)
 {
 	endpt *	niface;
-	endpt *	piface;

 	niface = select_peerinterface(p, &p->srcadr, NULL);

@@ -595,16 +588,7 @@ peer_refresh_interface(
 		DPRINTF(4, ("<NONE>\n"));
 	}

-	piface = p->dstadr;
 	set_peerdstadr(p, niface);
-	if (p->dstadr != NULL) {
-		/*
-		 * clear crypto if we change the local address
-		 */
-		if (p->dstadr != piface && !(MDF_ACAST & p->cast_flags)
-		    && MODE_BROADCAST != p->pmode)
-		    peer_clear(p, "XFAC", false);
-	}
 }


@@ -761,9 +745,7 @@ newpeer(
 	peer->keyid = key;
 	peer->precision = sys_precision;
 	peer->hpoll = peer->minpoll;
-	if (cast_flags & MDF_ACAST)
-		peer_clear(peer, "ACST", initializing);
-	else if (cast_flags & MDF_POOL)
+	if (cast_flags & MDF_POOL)
 		peer_clear(peer, "POOL", initializing);
 	else if (cast_flags & MDF_BCAST)
 		peer_clear(peer, "BCST", initializing);

--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -74,7 +74,6 @@ bool leap_sec_in_progress;
 /*
 * Nonspecified system state variables
 */
-bool	sys_authenticate;	/* require authentication for config */
 l_fp	sys_authdelay;		/* authentication delay */
 double	sys_offset;	/* current local clock offset */
 double	sys_mindisp = MINDISPERSE; /* minimum distance (s) */
@@ -403,8 +402,7 @@ i_require_authentication(
        bool peer_has_key = peer != NULL && peer->keyid != 0;
        bool wants_association =
            PKT_MODE(pkt->li_vn_mode) == MODE_BROADCAST ||
-            (peer == NULL && PKT_MODE(pkt->li_vn_mode == MODE_ACTIVE)) ||
-            (peer != NULL && peer->cast_flags & MDF_ACAST);
+            (peer == NULL && PKT_MODE(pkt->li_vn_mode == MODE_ACTIVE));
        bool restrict_nopeer =
            (restrict_mask & RES_NOPEER) &&
            wants_association;
@@ -803,7 +801,7 @@ receive(
 		handle_manycast(rbufp, restrict_mask, pkt, peer, authenticated);
 		break;
 	    default:
-		/* Everything else is for broadcast or multicast modes,
+		/* Everything else is for broadcast modes,
 		   which are a security nightmare.  So they go to the
 		   bit bucket until this improves.
 		*/
@@ -837,7 +835,7 @@ transmit(
 	 * In broadcast mode the poll interval is never changed from
 	 * minpoll.
 	 */
-	if (peer->cast_flags & (MDF_BCAST | MDF_MCAST)) {
+	if (peer->cast_flags & MDF_BCAST) {
 		peer->outdate = current_time;
 		if (sys_leap != LEAP_NOTINSYNC)
 			peer_xmit(peer);
@@ -845,36 +843,6 @@ transmit(
 		return;
 	}

-	/*
-	 * In manycast mode we start with unity ttl. The ttl is
-	 * increased by one for each poll until either sys_maxclock
-	 * servers have been found or the maximum ttl is reached. When
-	 * sys_maxclock servers are found we stop polling until one or
-	 * more servers have timed out or until less than sys_minclock
-	 * associations turn up. In this case additional better servers
-	 * are dragged in and preempt the existing ones.  Once every
-	 * sys_beacon seconds we are to transmit unconditionally, but
-	 * this code is not quite right -- peer->unreach counts polls
-	 * and is being compared with sys_beacon, so the beacons happen
-	 * every sys_beacon polls.
-	 */
-	if (peer->cast_flags & MDF_ACAST) {
-		peer->outdate = current_time;
-		if (peer->unreach > sys_beacon) {
-			peer->unreach = 0;
-			peer->ttl = 0;
-			peer_xmit(peer);
-		} else if (sys_survivors < sys_minclock ||
-		    peer_associations < sys_maxclock) {
-			if (peer->ttl < (uint32_t)sys_ttlmax)
-				peer->ttl++;
-			peer_xmit(peer);
-		}
-		peer->unreach++;
-		poll_update(peer, hpoll);
-		return;
-	}
-
 	/*
 	 * Pool associations transmit unicast solicitations when there
 	 * are less than a hard limit of 2 * sys_maxclock associations,
@@ -2795,7 +2763,6 @@ init_proto(const bool verbose)
 	get_systime(&dummy);
 	sys_survivors = 0;
 	sys_manycastserver = 0;
-	sys_authenticate = true;
 	sys_stattime = current_time;
 	orphwait = current_time + sys_orphwait;
 	proto_clr_stats();
@@ -2830,10 +2797,6 @@ proto_config(
 	/*
 	 * enable and disable commands - arguments are Boolean.
 	 */
-	case PROTO_AUTHENTICATE: /* authentication (auth) */
-		sys_authenticate = (bool)value;
-		break;
-
 #ifdef REFCLOCK
 	case PROTO_CAL:		/* refclock calibrate (calibrate) */
 		cal_enable = value;
@@ -2949,8 +2912,3 @@ proto_clr_stats(void)
 	sys_kodsent = 0;
 }

-void proto_dump(FILE *fp)
-{
-    /* must cover at least anything that can be set on the command line */
-    fprintf(fp, "%sable auth;\n", sys_authenticate ? "en" : "dis");
-}
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -792,7 +792,6 @@ ntpdmain(

     	/* use this to test if option setting gives expected results */
 	if (dumpopts) {
-	    proto_dump(stdout);
 	    if (explicit_config)
 		fprintf(stdout, "conffile \"%s\";\n", explicit_config);
 	    fprintf(stdout, "#debug = %d\n", debug);
No results found