1 /*
2 * ntp_timer.c - event timer support routines
3 */
4 #ifdef HAVE_CONFIG_H
5 # include <config.h>
6 #endif
7
8 #include "ntp_machine.h"
9 #include "ntpd.h"
10 #include "ntp_stdlib.h"
11 #include "ntp_calendar.h"
12 #include "ntp_leapsec.h"
13
14 #if defined(HAVE_IO_COMPLETION_PORT)
15 # include "ntp_iocompletionport.h"
16 # include "ntp_timer.h"
17 #endif
18
19 #include <stdio.h>
20 #include <signal.h>
21 #ifdef HAVE_SYS_SIGNAL_H
22 # include <sys/signal.h>
23 #endif
24 #ifdef HAVE_UNISTD_H
25 # include <unistd.h>
26 #endif
27
28 #ifdef KERNEL_PLL
29 #include "ntp_syscall.h"
30 #endif /* KERNEL_PLL */
31
32 #ifdef AUTOKEY
33 #include <openssl/rand.h>
34 #endif /* AUTOKEY */
35
36
37 /* TC_ERR represents the timer_create() error return value. */
38 #ifdef SYS_VXWORKS
39 #define TC_ERR ERROR
40 #else
41 #define TC_ERR (-1)
42 #endif
43
44
45 static void check_leapsec(u_int32, const time_t*, int/*BOOL*/);
46
47 /*
48 * These routines provide support for the event timer. The timer is
49 * implemented by a signal routine which sets a flag once every
50 * second, and a timer routine which is called when the mainline code
51 * gets around to seeing the flag. The timer routine dispatches the
52 * clock adjustment code if its time has come, then searches the timer
53 * queue for expiries which are dispatched to the transmit procedure.
54 * Finally, we call the hourly procedure to do cleanup and print a
55 * message.
56 */
57
58 /*
59 * Initializing flag. All async routines watch this and only do their
60 * thing when it is clear.
61 */
62 int initializing;
63
64 /*
65 * Alarm flag. The mainline code imports this.
66 */
67 volatile int alarm_flag;
68
69 /*
70 * The counters and timeouts
71 */
72 u_long endpt_scan_timer; /* interface update timer */
73 static u_long adjust_timer; /* second timer */
74 static u_long stats_timer; /* stats timer */
75 static u_long leapf_timer; /* Report leapfile problems once/day */
76 static u_long huffpuff_timer; /* huff-n'-puff timer */
77 static u_long worker_idle_timer;/* next check for idle intres */
78 int endpt_scan_period; /* init_io() sets def. 301s */
79 u_long leapsec; /* seconds to next leap (proximity class) */
80 int leapdif; /* TAI difference step at next leap second*/
81 u_long orphwait; /* orphan wait time */
82 #ifdef AUTOKEY
83 static u_long revoke_timer; /* keys revoke timer */
84 static u_long keys_timer; /* session key timer */
85 u_char sys_revoke = KEY_REVOKE; /* keys revoke timeout (log2 s) */
86 u_char sys_automax = NTP_AUTOMAX; /* key list timeout (log2 s) */
87 #endif /* AUTOKEY */
88
89 /*
90 * Statistics counter for the interested.
91 */
92 volatile u_long alarm_overflow;
93
94 u_long current_time; /* seconds since startup */
95
96 /*
97 * Stats. Number of overflows and number of calls to transmit().
98 */
99 u_long timer_timereset;
100 u_long timer_overflows;
101 u_long timer_xmtcalls;
102
103 #if defined(VMS)
104 static int vmstimer[2]; /* time for next timer AST */
105 static int vmsinc[2]; /* timer increment */
106 #endif /* VMS */
107
108 #ifdef SYS_WINNT
109 HANDLE WaitableTimerHandle;
110 #else
111 static RETSIGTYPE alarming (int);
112 #endif /* SYS_WINNT */
113
114 #if !defined(VMS)
115 # if !defined SYS_WINNT || defined(SYS_CYGWIN32)
116 # ifdef HAVE_TIMER_CREATE
117 static timer_t timer_id;
118 typedef struct itimerspec intervaltimer;
119 # define itv_frac tv_nsec
120 # else
121 typedef struct itimerval intervaltimer;
122 # define itv_frac tv_usec
123 # endif
124 intervaltimer itimer;
125 # endif
126 #endif
127
128 #if !defined(SYS_WINNT) && !defined(VMS)
129 void set_timer_or_die(const intervaltimer *);
130 #endif
131
132
133 #if !defined(SYS_WINNT) && !defined(VMS)
134 void
set_timer_or_die(const intervaltimer * ptimer)135 set_timer_or_die(
136 const intervaltimer * ptimer
137 )
138 {
139 const char * setfunc;
140 int rc;
141
142 # ifdef HAVE_TIMER_CREATE
143 setfunc = "timer_settime";
144 rc = timer_settime(timer_id, 0, &itimer, NULL);
145 # else
146 setfunc = "setitimer";
147 rc = setitimer(ITIMER_REAL, &itimer, NULL);
148 # endif
149 if (-1 == rc) {
150 msyslog(LOG_ERR, "interval timer %s failed, %m",
151 setfunc);
152 exit(1);
153 }
154 }
155 #endif /* !SYS_WINNT && !VMS */
156
157
158 /*
159 * reinit_timer - reinitialize interval timer after a clock step.
160 */
161 void
reinit_timer(void)162 reinit_timer(void)
163 {
164 #if !defined(SYS_WINNT) && !defined(VMS)
165 ZERO(itimer);
166 # ifdef HAVE_TIMER_CREATE
167 timer_gettime(timer_id, &itimer);
168 # else
169 getitimer(ITIMER_REAL, &itimer);
170 # endif
171 if (itimer.it_value.tv_sec < 0 ||
172 itimer.it_value.tv_sec > (1 << EVENT_TIMEOUT))
173 itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT);
174 if (itimer.it_value.itv_frac < 0)
175 itimer.it_value.itv_frac = 0;
176 if (0 == itimer.it_value.tv_sec &&
177 0 == itimer.it_value.itv_frac)
178 itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT);
179 itimer.it_interval.tv_sec = (1 << EVENT_TIMEOUT);
180 itimer.it_interval.itv_frac = 0;
181 set_timer_or_die(&itimer);
182 # endif /* VMS */
183 }
184
185
186 /*
187 * init_timer - initialize the timer data structures
188 */
189 void
init_timer(void)190 init_timer(void)
191 {
192 /*
193 * Initialize...
194 */
195 alarm_flag = FALSE;
196 alarm_overflow = 0;
197 adjust_timer = 1;
198 stats_timer = SECSPERHR;
199 leapf_timer = SECSPERDAY;
200 huffpuff_timer = 0;
201 endpt_scan_timer = 0;
202 current_time = 0;
203 timer_overflows = 0;
204 timer_xmtcalls = 0;
205 timer_timereset = 0;
206
207 #ifndef SYS_WINNT
208 /*
209 * Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT
210 * seconds from now and they continue on every 2**EVENT_TIMEOUT
211 * seconds.
212 */
213 # ifndef VMS
214 # ifdef HAVE_TIMER_CREATE
215 if (TC_ERR == timer_create(CLOCK_REALTIME, NULL, &timer_id)) {
216 msyslog(LOG_ERR, "timer_create failed, %m");
217 exit(1);
218 }
219 # endif
220 signal_no_reset(SIGALRM, alarming);
221 itimer.it_interval.tv_sec =
222 itimer.it_value.tv_sec = (1 << EVENT_TIMEOUT);
223 itimer.it_interval.itv_frac = itimer.it_value.itv_frac = 0;
224 set_timer_or_die(&itimer);
225 # else /* VMS follows */
226 vmsinc[0] = 10000000; /* 1 sec */
227 vmsinc[1] = 0;
228 lib$emul(&(1<<EVENT_TIMEOUT), &vmsinc, &0, &vmsinc);
229
230 sys$gettim(&vmstimer); /* that's "now" as abstime */
231
232 lib$addx(&vmsinc, &vmstimer, &vmstimer);
233 sys$setimr(0, &vmstimer, alarming, alarming, 0);
234 # endif /* VMS */
235 #else /* SYS_WINNT follows */
236 /*
237 * Set up timer interrupts for every 2**EVENT_TIMEOUT seconds
238 * Under Windows/NT,
239 */
240
241 WaitableTimerHandle = CreateWaitableTimer(NULL, FALSE, NULL);
242 if (WaitableTimerHandle == NULL) {
243 msyslog(LOG_ERR, "CreateWaitableTimer failed: %m");
244 exit(1);
245 }
246 else {
247 DWORD Period;
248 LARGE_INTEGER DueTime;
249 BOOL rc;
250
251 Period = (1 << EVENT_TIMEOUT) * 1000;
252 DueTime.QuadPart = Period * 10000ll;
253 rc = SetWaitableTimer(WaitableTimerHandle, &DueTime,
254 Period, NULL, NULL, FALSE);
255 if (!rc) {
256 msyslog(LOG_ERR, "SetWaitableTimer failed: %m");
257 exit(1);
258 }
259 }
260
261 #endif /* SYS_WINNT */
262 }
263
264
265 /*
266 * intres_timeout_req(s) is invoked in the parent to schedule an idle
267 * timeout to fire in s seconds, if not reset earlier by a call to
268 * intres_timeout_req(0), which clears any pending timeout. When the
269 * timeout expires, worker_idle_timer_fired() is invoked (again, in the
270 * parent).
271 *
272 * sntp and ntpd each provide implementations adapted to their timers.
273 */
274 void
intres_timeout_req(u_int seconds)275 intres_timeout_req(
276 u_int seconds /* 0 cancels */
277 )
278 {
279 #if defined(HAVE_DROPROOT) && defined(NEED_EARLY_FORK)
280 if (droproot) {
281 worker_idle_timer = 0;
282 return;
283 }
284 #endif
285 if (0 == seconds) {
286 worker_idle_timer = 0;
287 return;
288 }
289 worker_idle_timer = current_time + seconds;
290 }
291
292
293 /*
294 * timer - event timer
295 */
296 void
timer(void)297 timer(void)
298 {
299 struct peer* p;
300 struct peer* next_peer;
301 l_fp now;
302 time_t tnow;
303
304 /*
305 * The basic timerevent is one second. This is used to adjust the
306 * system clock in time and frequency, implement the kiss-o'-death
307 * function and the association polling function.
308 */
309 current_time++;
310 if (adjust_timer <= current_time) {
311 adjust_timer += 1;
312 adj_host_clock();
313 #ifdef REFCLOCK
314 for (p = peer_list; p != NULL; p = next_peer) {
315 next_peer = p->p_link;
316 if (FLAG_REFCLOCK & p->flags)
317 refclock_timer(p);
318 }
319 #endif /* REFCLOCK */
320 }
321
322 /*
323 * Now dispatch any peers whose event timer has expired. Be
324 * careful here, since the peer structure might go away as the
325 * result of the call.
326 */
327 for (p = peer_list; p != NULL; p = next_peer) {
328 next_peer = p->p_link;
329
330 /*
331 * Restrain the non-burst packet rate not more
332 * than one packet every 16 seconds. This is
333 * usually tripped using iburst and minpoll of
334 * 128 s or less.
335 */
336 if (p->throttle > 0) {
337 p->throttle--;
338 }
339 if (p->nextdate <= current_time) {
340 #ifdef REFCLOCK
341 if (FLAG_REFCLOCK & p->flags) {
342 refclock_transmit(p);
343 } else
344 #endif /* REFCLOCK */
345 {
346 transmit(p);
347 }
348 }
349 }
350
351 /*
352 * Orphan mode is active when enabled and when no servers less
353 * than the orphan stratum are available. A server with no other
354 * synchronization source is an orphan. It shows offset zero and
355 * reference ID the loopback address.
356 *
357 * [bug 3644] If the orphan stratum is >= STRATUM_UNSPEC, we
358 * have to do it a bit different. 'clock_select()' simply
359 * tiptoed home, but since we're unsync'd and have no peer, we
360 * should eventually declare we're out of sync. Otherwise we
361 * would persistently claim we're good, and we're everything but
362 * that...
363 *
364 * XXX: do we want to log an event about this?
365 */
366 if (sys_peer == NULL && current_time > orphwait) {
367 if (sys_orphan < STRATUM_UNSPEC) {
368 if (sys_leap == LEAP_NOTINSYNC) {
369 set_sys_leap(LEAP_NOWARNING);
370 #ifdef AUTOKEY
371 if (crypto_flags)
372 crypto_update();
373 #endif /* AUTOKEY */
374 }
375 sys_stratum = (u_char)sys_orphan;
376 }
377 else {
378 if (sys_leap != LEAP_NOTINSYNC) {
379 set_sys_leap(LEAP_NOTINSYNC);
380 msyslog(LOG_WARNING, "%s",
381 "no peer for too long, server running free now");
382 }
383 sys_stratum = STRATUM_UNSPEC;
384 }
385 if (sys_stratum > 1)
386 sys_refid = htonl(LOOPBACKADR);
387 else
388 memcpy(&sys_refid, "ORPH", 4);
389 sys_offset = 0;
390 sys_rootdelay = 0;
391 sys_rootdisp = 0;
392 }
393
394 get_systime(&now);
395 time(&tnow);
396
397 /*
398 * Leapseconds. Get time and defer to worker if either something
399 * is imminent or every 8th second.
400 */
401 if (leapsec > LSPROX_NOWARN || 0 == (current_time & 7))
402 check_leapsec( now.l_ui
403 , &tnow
404 , (sys_leap == LEAP_NOTINSYNC));
405 if (sys_leap != LEAP_NOTINSYNC) {
406 if (leapsec >= LSPROX_ANNOUNCE && leapdif) {
407 if (leapdif > 0) {
408 set_sys_leap(LEAP_ADDSECOND);
409 } else {
410 set_sys_leap(LEAP_DELSECOND);
411 }
412 } else {
413 set_sys_leap(LEAP_NOWARNING);
414 }
415 }
416
417 /*
418 * Update huff-n'-puff filter.
419 */
420 if (huffpuff_timer <= current_time) {
421 huffpuff_timer += HUFFPUFF;
422 huffpuff();
423 }
424
425 #ifdef AUTOKEY
426 /*
427 * Garbage collect expired keys.
428 */
429 if (keys_timer <= current_time) {
430 keys_timer += (1UL << sys_automax);
431 auth_agekeys();
432 }
433
434 /*
435 * Generate new private value. This causes all associations
436 * to regenerate cookies.
437 */
438 if (revoke_timer && revoke_timer <= current_time) {
439 revoke_timer += (1UL << sys_revoke);
440 RAND_bytes((u_char *)&sys_private, sizeof(sys_private));
441 }
442 #endif /* AUTOKEY */
443
444 /*
445 * Network interface rescan timer
446 */
447 if (endpt_scan_timer && endpt_scan_timer <= current_time) {
448 if (no_periodic_scan) {
449 endpt_scan_timer = 0;
450 DPRINTF(2, ("timer: network interface rescan disabled\n"));
451 } else {
452 endpt_scan_timer = current_time
453 + endpt_scan_period;
454 DPRINTF(2, ("timer: network interface rescan in %d seconds\n", endpt_scan_period));
455 }
456 interface_update(NULL, NULL);
457 }
458
459 if (worker_idle_timer && worker_idle_timer <= current_time) {
460 worker_idle_timer_fired();
461 }
462 /*
463 * Finally, write hourly stats and do the hourly
464 * and daily leapfile checks.
465 */
466 if (stats_timer <= current_time) {
467 stats_timer += SECSPERHR;
468 write_stats();
469 if (leapf_timer <= current_time) {
470 leapf_timer += SECSPERDAY;
471 check_leap_file(TRUE, now.l_ui, &tnow);
472 } else {
473 check_leap_file(FALSE, now.l_ui, &tnow);
474 }
475 }
476 }
477
478
479 #ifndef SYS_WINNT
480 /*
481 * alarming - tell the world we've been alarmed
482 */
483 static RETSIGTYPE
alarming(int sig)484 alarming(
485 int sig
486 )
487 {
488 # ifdef DEBUG
489 const char *msg = "alarming: initializing TRUE\n";
490 # endif
491
492 if (!initializing) {
493 if (alarm_flag) {
494 alarm_overflow++;
495 # ifdef DEBUG
496 msg = "alarming: overflow\n";
497 # endif
498 } else {
499 # ifndef VMS
500 alarm_flag++;
501 # else
502 /* VMS AST routine, increment is no good */
503 alarm_flag = 1;
504 # endif
505 # ifdef DEBUG
506 msg = "alarming: normal\n";
507 # endif
508 }
509 }
510 # ifdef VMS
511 lib$addx(&vmsinc, &vmstimer, &vmstimer);
512 sys$setimr(0, &vmstimer, alarming, alarming, 0);
513 # endif
514 # ifdef DEBUG
515 if (debug >= 4)
516 (void)(-1 == write(1, msg, strlen(msg)));
517 # endif
518 }
519 #endif /* SYS_WINNT */
520
521
522 /*
523 * timer_clr_stats - clear timer module stat counters
524 */
525 void
timer_clr_stats(void)526 timer_clr_stats(void)
527 {
528 timer_overflows = 0;
529 timer_xmtcalls = 0;
530 timer_timereset = current_time;
531 }
532
533
534 static void
check_leap_sec_in_progress(const leap_result_t * lsdata)535 check_leap_sec_in_progress(
536 const leap_result_t *lsdata
537 )
538 {
539 int prv_leap_sec_in_progress = leap_sec_in_progress;
540
541 leap_sec_in_progress = lsdata->tai_diff && (lsdata->ddist < 3);
542
543 /* if changed we have to update the leap bits sent to clients */
544 if (leap_sec_in_progress != prv_leap_sec_in_progress) {
545 set_sys_leap(sys_leap);
546 }
547 }
548
549
550 static void
check_leapsec(u_int32 now,const time_t * tpiv,int reset)551 check_leapsec(
552 u_int32 now,
553 const time_t * tpiv,
554 int/*BOOL*/ reset
555 )
556 {
557 static const char leapmsg_p_step[] =
558 "Positive leap second, stepped backward.";
559 static const char leapmsg_p_slew[] =
560 "Positive leap second, no step correction. "
561 "System clock will be inaccurate for a long time.";
562
563 static const char leapmsg_n_step[] =
564 "Negative leap second, stepped forward.";
565 static const char leapmsg_n_slew[] =
566 "Negative leap second, no step correction. "
567 "System clock will be inaccurate for a long time.";
568
569 leap_result_t lsdata;
570 u_int32 lsprox;
571 #ifdef AUTOKEY
572 int/*BOOL*/ update_autokey = FALSE;
573 #endif
574
575 #ifndef SYS_WINNT /* WinNT port has its own leap second handling */
576 # ifdef KERNEL_PLL
577 leapsec_electric(pll_control && kern_enable);
578 # else
579 leapsec_electric(0);
580 # endif
581 #endif /* !SYS_WINNT */
582
583 #ifdef LEAP_SMEAR
584 leap_smear.enabled = leap_smear_intv != 0;
585 #endif
586 if (reset) {
587 lsprox = LSPROX_NOWARN;
588 leapsec_reset_frame();
589 ZERO(lsdata);
590 } else {
591 int fired;
592
593 fired = leapsec_query(&lsdata, now, tpiv);
594
595 DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X),"
596 " tai_diff %i, ddist %u\n",
597 fired, now, now, lsdata.tai_diff, lsdata.ddist));
598
599 #ifdef LEAP_SMEAR
600 leap_smear.in_progress = FALSE;
601 leap_smear.doffset = 0.0;
602
603 if (leap_smear.enabled) {
604 if (lsdata.tai_diff) {
605 if (0 == leap_smear.interval) {
606 leap_smear.interval = leap_smear_intv;
607 leap_smear.intv_end = lsdata.ttime.Q_s;
608 leap_smear.intv_start = leap_smear.intv_end - leap_smear.interval;
609 DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n",
610 leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end));
611 }
612 } else {
613 if (leap_smear.interval) {
614 DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n"));
615 leap_smear.interval = 0;
616 }
617 }
618
619 if (leap_smear.interval) {
620 double dtemp = now;
621
622 if (dtemp >= leap_smear.intv_start && dtemp <= leap_smear.intv_end) {
623 double leap_smear_time = dtemp - leap_smear.intv_start;
624 #if 0
625 /* linear interpolation */
626 leap_smear.doffset = -(leap_smear_time * lsdata.tai_diff / leap_smear.interval);
627 #else
628 /* Google approach : lie(t) = (1.0 - cos(pi * t / w)) / 2.0 */
629 leap_smear.doffset = -((double) lsdata.tai_diff - cos( M_PI * leap_smear_time / leap_smear.interval)) / 2.0;
630 #endif
631 /*
632 * TODO see if we're inside an inserted leap second, so we need to compute
633 * leap_smear.doffset = 1.0 - leap_smear.doffset
634 */
635 leap_smear.in_progress = TRUE;
636 DPRINTF(1, ("*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n",
637 leap_smear.intv_start, leap_smear.intv_end, leap_smear.interval,
638 now, leap_smear_time, leap_smear.doffset));
639
640 }
641 }
642 } else {
643 leap_smear.interval = 0;
644 }
645 /*
646 * Update the current leap smear offset, eventually 0.0 if outside smear interval.
647 */
648 DTOLFP(leap_smear.doffset, &leap_smear.offset);
649 #endif /* LEAP_SMEAR */
650
651 if (fired) {
652 /* Full hit. Eventually step the clock, but always
653 * announce the leap event has happened.
654 */
655 const char *leapmsg = NULL;
656 double lswarp = lsdata.warped;
657 if (lswarp < 0.0) {
658 if (clock_max_back > 0.0 &&
659 clock_max_back < -lswarp) {
660 step_systime(lswarp);
661 leapmsg = leapmsg_p_step;
662 } else {
663 leapmsg = leapmsg_p_slew;
664 }
665 } else if (lswarp > 0.0) {
666 if (clock_max_fwd > 0.0 &&
667 clock_max_fwd < lswarp) {
668 step_systime(lswarp);
669 leapmsg = leapmsg_n_step;
670 } else {
671 leapmsg = leapmsg_n_slew;
672 }
673 }
674 if (leapmsg) {
675 msyslog(LOG_NOTICE, "%s", leapmsg);
676 }
677 report_event(EVNT_LEAP, NULL, NULL);
678 #ifdef AUTOKEY
679 update_autokey = TRUE;
680 #endif
681 lsprox = LSPROX_NOWARN;
682 leapsec = LSPROX_NOWARN;
683 sys_tai = lsdata.tai_offs;
684 } else {
685 #ifdef AUTOKEY
686 update_autokey = (sys_tai != (u_int)lsdata.tai_offs);
687 #endif
688 lsprox = lsdata.proximity;
689 sys_tai = lsdata.tai_offs;
690 }
691 }
692
693 /* We guard against panic alarming during the red alert phase.
694 * Strange and evil things might happen if we go from stone cold
695 * to piping hot in one step. If things are already that wobbly,
696 * we let the normal clock correction take over, even if a jump
697 * is involved.
698 * Also make sure the alarming events are edge-triggered, that is,
699 * created only when the threshold is crossed.
700 */
701 if ( (leapsec > 0 || lsprox < LSPROX_ALERT)
702 && leapsec < lsprox) {
703 if ( leapsec < LSPROX_SCHEDULE
704 && lsprox >= LSPROX_SCHEDULE) {
705 if (lsdata.dynamic)
706 report_event(PEVNT_ARMED, sys_peer, NULL);
707 else
708 report_event(EVNT_ARMED, NULL, NULL);
709 }
710 leapsec = lsprox;
711 }
712 if (leapsec > lsprox) {
713 if ( leapsec >= LSPROX_SCHEDULE
714 && lsprox < LSPROX_SCHEDULE) {
715 report_event(EVNT_DISARMED, NULL, NULL);
716 }
717 leapsec = lsprox;
718 }
719
720 if (leapsec >= LSPROX_SCHEDULE) {
721 leapdif = lsdata.tai_diff;
722 } else {
723 leapdif = 0;
724 }
725 check_leap_sec_in_progress(&lsdata);
726
727 #ifdef AUTOKEY
728 if (update_autokey) {
729 crypto_update_taichange();
730 }
731 #endif
732 }
733