1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Kay Sievers, Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <arpa/inet.h>
30 #include <netinet/in.h>
31 #include <netinet/ip.h>
32 #include <sys/timerfd.h>
33 #include <sys/timex.h>
34 #include <sys/socket.h>
36 #include <sys/prctl.h>
37 #include <sys/types.h>
42 #include "sparse-endian.h"
44 #include "socket-util.h"
46 #include "ratelimit.h"
48 #include "conf-parser.h"
50 #include "sd-resolve.h"
51 #include "sd-daemon.h"
52 #include "sd-network.h"
53 #include "event-util.h"
54 #include "network-util.h"
55 #include "capability.h"
56 #include "timesyncd.h"
58 #define TIME_T_MAX (time_t)((1UL << ((sizeof(time_t) << 3) - 1)) - 1)
61 #define ADJ_SETOFFSET 0x0100 /* add 'time' to current time */
64 /* expected accuracy of time synchronization; used to adjust the poll interval */
65 #define NTP_ACCURACY_SEC 0.2
68 * "A client MUST NOT under any conditions use a poll interval less
71 #define NTP_POLL_INTERVAL_MIN_SEC 32
72 #define NTP_POLL_INTERVAL_MAX_SEC 2048
75 * Maximum delta in seconds which the system clock is gradually adjusted
76 * (slew) to approach the network time. Deltas larger that this are set by
77 * letting the system time jump. The kernel's limit for adjtime is 0.5s.
79 #define NTP_MAX_ADJUST 0.4
81 /* NTP protocol, packet header */
82 #define NTP_LEAP_PLUSSEC 1
83 #define NTP_LEAP_MINUSSEC 2
84 #define NTP_LEAP_NOTINSYNC 3
85 #define NTP_MODE_CLIENT 3
86 #define NTP_MODE_SERVER 4
87 #define NTP_FIELD_LEAP(f) (((f) >> 6) & 3)
88 #define NTP_FIELD_VERSION(f) (((f) >> 3) & 7)
89 #define NTP_FIELD_MODE(f) ((f) & 7)
90 #define NTP_FIELD(l, v, m) (((l) << 6) | ((v) << 3) | (m))
93 * "NTP timestamps are represented as a 64-bit unsigned fixed-point number,
94 * in seconds relative to 0h on 1 January 1900."
96 #define OFFSET_1900_1970 2208988800UL
98 #define RETRY_USEC (30*USEC_PER_SEC)
99 #define RATELIMIT_INTERVAL_USEC (10*USEC_PER_SEC)
100 #define RATELIMIT_BURST 10
102 #define TIMEOUT_USEC (10*USEC_PER_SEC)
109 struct ntp_ts_short {
119 struct ntp_ts_short root_delay;
120 struct ntp_ts_short root_dispersion;
122 struct ntp_ts reference_time;
123 struct ntp_ts origin_time;
124 struct ntp_ts recv_time;
125 struct ntp_ts trans_time;
128 static void manager_free(Manager *m);
129 DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
130 #define _cleanup_manager_free_ _cleanup_(manager_freep)
132 static int manager_arm_timer(Manager *m, usec_t next);
133 static int manager_clock_watch_setup(Manager *m);
134 static int manager_connect(Manager *m);
135 static void manager_disconnect(Manager *m);
137 static double ntp_ts_to_d(const struct ntp_ts *ts) {
138 return be32toh(ts->sec) + ((double)be32toh(ts->frac) / UINT_MAX);
141 static double ts_to_d(const struct timespec *ts) {
142 return ts->tv_sec + (1.0e-9 * ts->tv_nsec);
145 static double tv_to_d(const struct timeval *tv) {
146 return tv->tv_sec + (1.0e-6 * tv->tv_usec);
149 static double square(double d) {
153 static int manager_timeout(sd_event_source *source, usec_t usec, void *userdata) {
154 _cleanup_free_ char *pretty = NULL;
155 Manager *m = userdata;
158 assert(m->current_server_name);
159 assert(m->current_server_address);
161 sockaddr_pretty(&m->current_server_address->sockaddr.sa, m->current_server_address->socklen, true, &pretty);
162 log_info("Timed out waiting for reply from %s (%s).", strna(pretty), m->current_server_name->string);
164 return manager_connect(m);
167 static int manager_send_request(Manager *m) {
168 _cleanup_free_ char *pretty = NULL;
169 struct ntp_msg ntpmsg = {
171 * "The client initializes the NTP message header, sends the request
172 * to the server, and strips the time of day from the Transmit
173 * Timestamp field of the reply. For this purpose, all the NTP
174 * header fields are set to 0, except the Mode, VN, and optional
175 * Transmit Timestamp fields."
177 .field = NTP_FIELD(0, 4, NTP_MODE_CLIENT),
183 assert(m->current_server_name);
184 assert(m->current_server_address);
186 m->event_timeout = sd_event_source_unref(m->event_timeout);
189 * Set transmit timestamp, remember it; the server will send that back
190 * as the origin timestamp and we have an indication that this is the
191 * matching answer to our request.
193 * The actual value does not matter, We do not care about the correct
194 * NTP UINT_MAX fraction; we just pass the plain nanosecond value.
196 assert_se(clock_gettime(CLOCK_MONOTONIC, &m->trans_time_mon) >= 0);
197 assert_se(clock_gettime(CLOCK_REALTIME, &m->trans_time) >= 0);
198 ntpmsg.trans_time.sec = htobe32(m->trans_time.tv_sec + OFFSET_1900_1970);
199 ntpmsg.trans_time.frac = htobe32(m->trans_time.tv_nsec);
201 sockaddr_pretty(&m->current_server_address->sockaddr.sa, m->current_server_address->socklen, true, &pretty);
203 len = sendto(m->server_socket, &ntpmsg, sizeof(ntpmsg), MSG_DONTWAIT, &m->current_server_address->sockaddr.sa, m->current_server_address->socklen);
204 if (len == sizeof(ntpmsg)) {
206 log_debug("Sent NTP request to %s (%s).", strna(pretty), m->current_server_name->string);
208 log_debug("Sending NTP request to %s (%s) failed: %m", strna(pretty), m->current_server_name->string);
209 return manager_connect(m);
212 /* re-arm timer with increasing timeout, in case the packets never arrive back */
213 if (m->retry_interval > 0) {
214 if (m->retry_interval < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
215 m->retry_interval *= 2;
217 m->retry_interval = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
219 r = manager_arm_timer(m, m->retry_interval);
221 log_error("Failed to rearm timer: %s", strerror(-r));
225 r = sd_event_add_time(
229 now(CLOCK_MONOTONIC) + TIMEOUT_USEC, 0,
232 log_error("Failed to arm timeout timer: %s", strerror(-r));
239 static int manager_timer(sd_event_source *source, usec_t usec, void *userdata) {
240 Manager *m = userdata;
244 return manager_send_request(m);
247 static int manager_arm_timer(Manager *m, usec_t next) {
251 assert(m->event_receive);
254 m->event_timer = sd_event_source_unref(m->event_timer);
258 if (m->event_timer) {
259 r = sd_event_source_set_time(m->event_timer, now(CLOCK_MONOTONIC) + next);
263 return sd_event_source_set_enabled(m->event_timer, SD_EVENT_ONESHOT);
266 return sd_event_add_time(
270 now(CLOCK_MONOTONIC) + next, 0,
274 static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
275 Manager *m = userdata;
280 manager_clock_watch_setup(m);
282 /* skip our own jumps */
289 log_info("System time changed. Resyncing.");
290 m->poll_resync = true;
291 return manager_send_request(m);
294 /* wake up when the system time changes underneath us */
295 static int manager_clock_watch_setup(Manager *m) {
297 struct itimerspec its = {
298 .it_value.tv_sec = TIME_T_MAX
305 m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
306 safe_close(m->clock_watch_fd);
308 m->clock_watch_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
309 if (m->clock_watch_fd < 0) {
310 log_error("Failed to create timerfd: %m");
314 if (timerfd_settime(m->clock_watch_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
315 log_error("Failed to set up timerfd: %m");
319 r = sd_event_add_io(m->event, &m->event_clock_watch, m->clock_watch_fd, EPOLLIN, manager_clock_watch, m);
321 log_error("Failed to create clock watch event source: %s", strerror(-r));
328 static int manager_adjust_clock(Manager *m, double offset, int leap_sec) {
329 struct timex tmx = {};
335 * For small deltas, tell the kernel to gradually adjust the system
336 * clock to the NTP time, larger deltas are just directly set.
338 * Clear STA_UNSYNC, it will enable the kernel's 11-minute mode, which
339 * syncs the system time periodically to the hardware clock.
341 if (fabs(offset) < NTP_MAX_ADJUST) {
342 tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_OFFSET | ADJ_TIMECONST | ADJ_MAXERROR | ADJ_ESTERROR;
343 tmx.status = STA_PLL;
344 tmx.offset = offset * NSEC_PER_SEC;
345 tmx.constant = log2i(m->poll_interval_usec / USEC_PER_SEC) - 4;
348 log_debug(" adjust (slew): %+.3f sec\n", offset);
350 tmx.modes = ADJ_SETOFFSET | ADJ_NANO;
352 /* ADJ_NANO uses nanoseconds in the microseconds field */
353 tmx.time.tv_sec = (long)offset;
354 tmx.time.tv_usec = (offset - tmx.time.tv_sec) * NSEC_PER_SEC;
356 /* the kernel expects -0.3s as {-1, 7000.000.000} */
357 if (tmx.time.tv_usec < 0) {
358 tmx.time.tv_sec -= 1;
359 tmx.time.tv_usec += NSEC_PER_SEC;
363 log_debug(" adjust (jump): %+.3f sec\n", offset);
368 tmx.status |= STA_INS;
371 tmx.status |= STA_DEL;
375 r = clock_adjtime(CLOCK_REALTIME, &tmx);
379 m->drift_ppm = tmx.freq / 65536;
381 log_debug(" status : %04i %s\n"
382 " time now : %li.%03lli\n"
384 " offset : %+.3f sec\n"
385 " freq offset : %+li (%i ppm)\n",
386 tmx.status, tmx.status & STA_UNSYNC ? "" : "sync",
387 tmx.time.tv_sec, tmx.time.tv_usec / NSEC_PER_MSEC,
389 (double)tmx.offset / NSEC_PER_SEC,
390 tmx.freq, m->drift_ppm);
395 static bool manager_sample_spike_detection(Manager *m, double offset, double delay) {
396 unsigned int i, idx_cur, idx_new, idx_min;
404 /* ignore initial sample */
405 if (m->packet_count == 1)
408 /* store the current data in our samples array */
409 idx_cur = m->samples_idx;
410 idx_new = (idx_cur + 1) % ELEMENTSOF(m->samples);
411 m->samples_idx = idx_new;
412 m->samples[idx_new].offset = offset;
413 m->samples[idx_new].delay = delay;
415 /* calculate new jitter value from the RMS differences relative to the lowest delay sample */
416 jitter = m->samples_jitter;
417 for (idx_min = idx_cur, i = 0; i < ELEMENTSOF(m->samples); i++)
418 if (m->samples[i].delay > 0 && m->samples[i].delay < m->samples[idx_min].delay)
422 for (i = 0; i < ELEMENTSOF(m->samples); i++)
423 j += square(m->samples[i].offset - m->samples[idx_min].offset);
424 m->samples_jitter = sqrt(j / (ELEMENTSOF(m->samples) - 1));
426 /* ignore samples when resyncing */
430 /* always accept offset if we are farther off than the round-trip delay */
431 if (fabs(offset) > delay)
434 /* we need a few samples before looking at them */
435 if (m->packet_count < 4)
438 /* do not accept anything worse than the maximum possible error of the best sample */
439 if (fabs(offset) > m->samples[idx_min].delay)
442 /* compare the difference between the current offset to the previous offset and jitter */
443 return fabs(offset - m->samples[idx_cur].offset) > 3 * jitter;
446 static void manager_adjust_poll(Manager *m, double offset, bool spike) {
449 if (m->poll_resync) {
450 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
451 m->poll_resync = false;
455 /* set to minimal poll interval */
456 if (!spike && fabs(offset) > NTP_ACCURACY_SEC) {
457 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
461 /* increase polling interval */
462 if (fabs(offset) < NTP_ACCURACY_SEC * 0.25) {
463 if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
464 m->poll_interval_usec *= 2;
468 /* decrease polling interval */
469 if (spike || fabs(offset) > NTP_ACCURACY_SEC * 0.75) {
470 if (m->poll_interval_usec > NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC)
471 m->poll_interval_usec /= 2;
476 static bool sockaddr_equal(union sockaddr_union *a, union sockaddr_union *b) {
480 if (a->sa.sa_family != b->sa.sa_family)
483 if (a->sa.sa_family == AF_INET)
484 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
486 if (a->sa.sa_family == AF_INET6)
487 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
492 static int manager_receive_response(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
493 Manager *m = userdata;
494 struct ntp_msg ntpmsg;
498 .iov_len = sizeof(ntpmsg),
501 struct cmsghdr cmsghdr;
502 uint8_t buf[CMSG_SPACE(sizeof(struct timeval))];
504 union sockaddr_union server_addr;
505 struct msghdr msghdr = {
508 .msg_control = &control,
509 .msg_controllen = sizeof(control),
510 .msg_name = &server_addr,
511 .msg_namelen = sizeof(server_addr),
513 struct cmsghdr *cmsg;
514 struct timespec now_ts;
515 struct timeval *recv_time;
517 double origin, receive, trans, dest;
518 double delay, offset;
526 if (revents & (EPOLLHUP|EPOLLERR)) {
527 log_warning("Server connection returned error.");
528 return manager_connect(m);
531 len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
536 log_warning("Error receiving message. Disconnecting.");
537 return manager_connect(m);
540 if (iov.iov_len < sizeof(struct ntp_msg)) {
541 log_warning("Invalid response from server. Disconnecting.");
542 return manager_connect(m);
545 if (!m->current_server_name ||
546 !m->current_server_address ||
547 !sockaddr_equal(&server_addr, &m->current_server_address->sockaddr)) {
548 log_debug("Response from unknown server.");
553 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
554 if (cmsg->cmsg_level != SOL_SOCKET)
557 switch (cmsg->cmsg_type) {
559 recv_time = (struct timeval *) CMSG_DATA(cmsg);
564 log_error("Invalid packet timestamp.");
569 log_debug("Unexpected reply. Ignoring.");
573 /* check our "time cookie" (we just stored nanoseconds in the fraction field) */
574 if (be32toh(ntpmsg.origin_time.sec) != m->trans_time.tv_sec + OFFSET_1900_1970 ||
575 be32toh(ntpmsg.origin_time.frac) != m->trans_time.tv_nsec) {
576 log_debug("Invalid reply; not our transmit time. Ignoring.");
580 m->event_timeout = sd_event_source_unref(m->event_timeout);
582 if (be32toh(ntpmsg.recv_time.sec) < TIME_EPOCH + OFFSET_1900_1970 ||
583 be32toh(ntpmsg.trans_time.sec) < TIME_EPOCH + OFFSET_1900_1970) {
584 log_debug("Invalid reply, returned times before epoch. Ignoring.");
585 return manager_connect(m);
588 if (NTP_FIELD_LEAP(ntpmsg.field) == NTP_LEAP_NOTINSYNC) {
589 log_debug("Server is not synchronized. Disconnecting.");
590 return manager_connect(m);
593 if (!IN_SET(NTP_FIELD_VERSION(ntpmsg.field), 3, 4)) {
594 log_debug("Response NTPv%d. Disconnecting.", NTP_FIELD_VERSION(ntpmsg.field));
595 return manager_connect(m);
598 if (NTP_FIELD_MODE(ntpmsg.field) != NTP_MODE_SERVER) {
599 log_debug("Unsupported mode %d. Disconnecting.", NTP_FIELD_MODE(ntpmsg.field));
600 return manager_connect(m);
605 m->retry_interval = 0;
607 /* announce leap seconds */
608 if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_PLUSSEC)
610 else if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_MINUSSEC)
616 * "Timestamp Name ID When Generated
617 * ------------------------------------------------------------
618 * Originate Timestamp T1 time request sent by client
619 * Receive Timestamp T2 time request received by server
620 * Transmit Timestamp T3 time reply sent by server
621 * Destination Timestamp T4 time reply received by client
623 * The round-trip delay, d, and system clock offset, t, are defined as:
624 * d = (T4 - T1) - (T3 - T2) t = ((T2 - T1) + (T3 - T4)) / 2"
626 assert_se(clock_gettime(CLOCK_MONOTONIC, &now_ts) >= 0);
627 origin = tv_to_d(recv_time) - (ts_to_d(&now_ts) - ts_to_d(&m->trans_time_mon)) + OFFSET_1900_1970;
628 receive = ntp_ts_to_d(&ntpmsg.recv_time);
629 trans = ntp_ts_to_d(&ntpmsg.trans_time);
630 dest = tv_to_d(recv_time) + OFFSET_1900_1970;
632 offset = ((receive - origin) + (trans - dest)) / 2;
633 delay = (dest - origin) - (trans - receive);
635 spike = manager_sample_spike_detection(m, offset, delay);
637 manager_adjust_poll(m, offset, spike);
639 log_debug("NTP response:\n"
644 " precision : %.6f sec (%d)\n"
645 " reference : %.4s\n"
650 " offset : %+.3f sec\n"
651 " delay : %+.3f sec\n"
652 " packet count : %"PRIu64"\n"
654 " poll interval: %llu\n",
655 NTP_FIELD_LEAP(ntpmsg.field),
656 NTP_FIELD_VERSION(ntpmsg.field),
657 NTP_FIELD_MODE(ntpmsg.field),
659 exp2(ntpmsg.precision), ntpmsg.precision,
660 ntpmsg.stratum == 1 ? ntpmsg.refid : "n/a",
661 origin - OFFSET_1900_1970,
662 receive - OFFSET_1900_1970,
663 trans - OFFSET_1900_1970,
664 dest - OFFSET_1900_1970,
667 m->samples_jitter, spike ? " spike" : "",
668 m->poll_interval_usec / USEC_PER_SEC);
671 r = manager_adjust_clock(m, offset, leap_sec);
673 log_error("Failed to call clock_adjtime(): %m");
676 log_info("interval/delta/delay/jitter/drift %llus/%+.3fs/%.3fs/%.3fs/%+ippm%s",
677 m->poll_interval_usec / USEC_PER_SEC, offset, delay, m->samples_jitter, m->drift_ppm,
678 spike ? " (ignored)" : "");
680 r = manager_arm_timer(m, m->poll_interval_usec);
682 log_error("Failed to rearm timer: %s", strerror(-r));
689 static int manager_listen_setup(Manager *m) {
690 union sockaddr_union addr = {};
691 static const int tos = IPTOS_LOWDELAY;
692 static const int on = 1;
697 assert(m->server_socket < 0);
698 assert(!m->event_receive);
699 assert(m->current_server_address);
701 addr.sa.sa_family = m->current_server_address->sockaddr.sa.sa_family;
703 m->server_socket = socket(addr.sa.sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
704 if (m->server_socket < 0)
707 r = bind(m->server_socket, &addr.sa, m->current_server_address->socklen);
711 r = setsockopt(m->server_socket, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on));
715 setsockopt(m->server_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
717 return sd_event_add_io(m->event, &m->event_receive, m->server_socket, EPOLLIN, manager_receive_response, m);
720 static int manager_begin(Manager *m) {
721 _cleanup_free_ char *pretty = NULL;
725 assert_return(m->current_server_name, -EHOSTUNREACH);
726 assert_return(m->current_server_address, -EHOSTUNREACH);
728 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
730 sockaddr_pretty(&m->current_server_address->sockaddr.sa, m->current_server_address->socklen, true, &pretty);
731 log_info("Using NTP server %s (%s).", strna(pretty), m->current_server_name->string);
732 sd_notifyf(false, "STATUS=Using Time Server %s (%s).", strna(pretty), m->current_server_name->string);
734 r = manager_listen_setup(m);
736 log_warning("Failed to setup connection socket: %s", strerror(-r));
740 r = manager_clock_watch_setup(m);
744 return manager_send_request(m);
747 static void server_name_flush_addresses(ServerName *n) {
752 while ((a = n->addresses)) {
753 LIST_REMOVE(addresses, n->addresses, a);
758 static void manager_flush_names(Manager *m) {
763 while ((n = m->servers)) {
764 LIST_REMOVE(names, m->servers, n);
766 server_name_flush_addresses(n);
771 static int manager_resolve_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
772 Manager *m = userdata;
773 ServerAddress *a, *last = NULL;
777 assert(m->current_server_name);
779 m->resolve_query = sd_resolve_query_unref(m->resolve_query);
782 log_info("Failed to resolve %s: %s", m->current_server_name->string, gai_strerror(ret));
785 return manager_connect(m);
788 server_name_flush_addresses(m->current_server_name);
790 for (; ai; ai = ai->ai_next) {
791 _cleanup_free_ char *pretty = NULL;
794 assert(ai->ai_addrlen >= offsetof(struct sockaddr, sa_data));
795 assert(ai->ai_addrlen <= sizeof(union sockaddr_union));
797 if (!IN_SET(ai->ai_addr->sa_family, AF_INET, AF_INET6)) {
798 log_warning("Unsuitable address protocol for %s", m->current_server_name->string);
802 a = new0(ServerAddress, 1);
806 memcpy(&a->sockaddr, ai->ai_addr, ai->ai_addrlen);
807 a->socklen = ai->ai_addrlen;
809 LIST_INSERT_AFTER(addresses, m->current_server_name->addresses, last, a);
812 sockaddr_pretty(&a->sockaddr.sa, a->socklen, true, &pretty);
813 log_debug("Resolved address %s for %s.", pretty, m->current_server_name->string);
816 if (!m->current_server_name->addresses) {
817 log_error("Failed to find suitable address for host %s.", m->current_server_name->string);
820 return manager_connect(m);
823 m->current_server_address = m->current_server_name->addresses;
825 return manager_begin(m);
828 static int manager_retry(sd_event_source *source, usec_t usec, void *userdata) {
829 Manager *m = userdata;
833 return manager_connect(m);
836 static int manager_connect(Manager *m) {
838 struct addrinfo hints = {
839 .ai_flags = AI_NUMERICSERV|AI_ADDRCONFIG,
840 .ai_socktype = SOCK_DGRAM,
846 manager_disconnect(m);
848 m->event_retry = sd_event_source_unref(m->event_retry);
849 if (!ratelimit_test(&m->ratelimit)) {
850 log_debug("Slowing down attempts to contact servers.");
852 r = sd_event_add_time(m->event, &m->event_retry, CLOCK_MONOTONIC, now(CLOCK_MONOTONIC) + RETRY_USEC, 0, manager_retry, m);
854 log_error("Failed to create retry timer: %s", strerror(-r));
861 /* If we already are operating on some address, switch to the
863 if (m->current_server_address && m->current_server_address->addresses_next)
864 m->current_server_address = m->current_server_address->addresses_next;
866 /* Hmm, we are through all addresses, let's look for the next host instead */
867 m->current_server_address = NULL;
869 if (m->current_server_name && m->current_server_name->names_next)
870 m->current_server_name = m->current_server_name->names_next;
873 m->current_server_name = NULL;
874 log_debug("No server found.");
878 m->current_server_name = m->servers;
881 /* Tell the resolver to reread /etc/resolv.conf, in
882 * case it changed. */
885 r = sd_resolve_getaddrinfo(m->resolve, &m->resolve_query, m->current_server_name->string, "123", &hints, manager_resolve_handler, m);
887 log_error("Failed to create resolver: %s", strerror(-r));
894 r = manager_begin(m);
901 static int manager_add_server(Manager *m, const char *server) {
902 ServerName *n, *tail;
907 n = new0(ServerName, 1);
911 n->string = strdup(server);
917 LIST_FIND_TAIL(names, m->servers, tail);
918 LIST_INSERT_AFTER(names, m->servers, tail, n);
923 static int manager_add_server_string(Manager *m, const char *string) {
931 FOREACH_WORD_QUOTED(w, l, string, state) {
937 r = manager_add_server(m, t);
939 log_error("Failed to add server %s to configuration, ignoring: %s", t, strerror(-r));
945 static void manager_disconnect(Manager *m) {
948 m->resolve_query = sd_resolve_query_unref(m->resolve_query);
950 m->event_timer = sd_event_source_unref(m->event_timer);
952 m->event_receive = sd_event_source_unref(m->event_receive);
953 m->server_socket = safe_close(m->server_socket);
955 m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
956 m->clock_watch_fd = safe_close(m->clock_watch_fd);
958 m->event_timeout = sd_event_source_unref(m->event_timeout);
960 sd_notifyf(false, "STATUS=Idle.");
963 static int manager_new(Manager **ret) {
964 _cleanup_manager_free_ Manager *m = NULL;
967 m = new0(Manager, 1);
971 m->server_socket = m->clock_watch_fd = -1;
973 RATELIMIT_INIT(m->ratelimit, RATELIMIT_INTERVAL_USEC, RATELIMIT_BURST);
975 r = sd_event_default(&m->event);
979 sd_event_set_watchdog(m->event, true);
981 sd_event_add_signal(m->event, NULL, SIGTERM, NULL, NULL);
982 sd_event_add_signal(m->event, NULL, SIGINT, NULL, NULL);
984 r = sd_resolve_default(&m->resolve);
988 r = sd_resolve_attach_event(m->resolve, m->event, 0);
992 r = manager_clock_watch_setup(m);
1002 static void manager_free(Manager *m) {
1006 manager_disconnect(m);
1007 manager_flush_names(m);
1009 sd_event_source_unref(m->event_retry);
1011 sd_event_source_unref(m->network_event_source);
1012 sd_network_monitor_unref(m->network_monitor);
1014 sd_resolve_unref(m->resolve);
1015 sd_event_unref(m->event);
1020 int config_parse_servers(
1022 const char *filename,
1024 const char *section,
1025 unsigned section_line,
1032 Manager *m = userdata;
1038 manager_flush_names(m);
1039 manager_add_server_string(m, rvalue);
1044 static int manager_parse_config_file(Manager *m) {
1045 static const char fn[] = "/etc/systemd/timesyncd.conf";
1046 _cleanup_fclose_ FILE *f = NULL;
1051 f = fopen(fn, "re");
1053 if (errno == ENOENT)
1056 log_warning("Failed to open configuration file %s: %m", fn);
1060 r = config_parse(NULL, fn, f, "Time\0", config_item_perf_lookup,
1061 (void*) timesyncd_gperf_lookup, false, false, m);
1063 log_warning("Failed to parse configuration file: %s", strerror(-r));
1068 static bool network_is_online(void) {
1069 _cleanup_free_ char *state = NULL;
1072 r = sd_network_get_operational_state(&state);
1073 if (r >= 0 && (streq("routable", state) || streq("degraded", state)))
1079 static int manager_network_event_handler(sd_event_source *s, int fd, uint32_t revents,
1081 Manager *m = userdata;
1082 bool connected, online;
1087 /* check if the machine is online */
1088 online = network_is_online();
1090 /* check if the client is currently connected */
1091 connected = (m->server_socket != -1);
1093 if (connected && !online) {
1094 log_info("No network connectivity. Suspending.");
1095 manager_disconnect(m);
1096 } else if (!connected && online) {
1097 log_info("Network connectivity detected. Resuming.");
1098 if (m->current_server_address) {
1099 r = manager_begin(m);
1103 r = manager_connect(m);
1109 sd_network_monitor_flush(m->network_monitor);
1114 static int manager_network_monitor_listen(Manager *m) {
1115 _cleanup_event_source_unref_ sd_event_source *event_source = NULL;
1116 _cleanup_network_monitor_unref_ sd_network_monitor *monitor = NULL;
1119 r = sd_network_monitor_new(NULL, &monitor);
1123 fd = sd_network_monitor_get_fd(monitor);
1127 events = sd_network_monitor_get_events(monitor);
1131 r = sd_event_add_io(m->event, &event_source, fd, events,
1132 &manager_network_event_handler, m);
1136 m->network_monitor = monitor;
1137 m->network_event_source = event_source;
1139 event_source = NULL;
1144 static int drop_privileges(void) {
1145 static const cap_value_t bits[] = {
1149 _cleanup_cap_free_ cap_t d = NULL;
1150 const char *name = "systemd-timesync";
1155 /* Unfortunately we cannot leave privilege dropping to PID 1
1156 * here, since we want to run as user but want to keep te
1157 * CAP_SYS_TIME capability. Since file capabilities have been
1158 * introduced this cannot be done across exec() anymore,
1159 * unless our binary has the capability configured in the file
1160 * system, which we want to avoid. */
1162 r = get_user_creds(&name, &uid, &gid, NULL, NULL);
1164 log_error("Cannot resolve user name %s: %s", name, strerror(-r));
1168 if (setresgid(gid, gid, gid) < 0) {
1169 log_error("Failed change group ID: %m");
1173 if (setgroups(0, NULL) < 0) {
1174 log_error("Failed to drop auxiliary groups list: %m");
1178 if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
1179 log_error("Failed to enable keep capabilities flag: %m");
1183 r = setresuid(uid, uid, uid);
1185 log_error("Failed change user ID: %m");
1189 if (prctl(PR_SET_KEEPCAPS, 0) < 0) {
1190 log_error("Failed to disable keep capabilities flag: %m");
1194 r = capability_bounding_set_drop(~(1ULL << CAP_SYS_TIME), true);
1196 log_error("Failed to drop capabilities: %s", strerror(-r));
1204 if (cap_set_flag(d, CAP_EFFECTIVE, ELEMENTSOF(bits), bits, CAP_SET) < 0 ||
1205 cap_set_flag(d, CAP_PERMITTED, ELEMENTSOF(bits), bits, CAP_SET) < 0) {
1206 log_error("Failed to enable capabilities bits: %m");
1210 if (cap_set_proc(d) < 0) {
1211 log_error("Failed to increase capabilities: %m");
1218 int main(int argc, char *argv[]) {
1219 _cleanup_manager_free_ Manager *m = NULL;
1223 log_error("This program does not take arguments.");
1224 return EXIT_FAILURE;
1227 log_set_target(LOG_TARGET_AUTO);
1228 log_set_facility(LOG_CRON);
1229 log_parse_environment();
1234 r = drop_privileges();
1238 assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
1240 r = manager_new(&m);
1242 log_error("Failed to allocate manager: %s", strerror(-r));
1246 manager_add_server_string(m, NTP_SERVERS);
1247 manager_parse_config_file(m);
1249 r = manager_network_monitor_listen(m);
1251 log_error("Failed to listen to networkd events: %s", strerror(-r));
1255 log_debug("systemd-timesyncd running as pid %lu", (unsigned long) getpid());
1256 sd_notify(false, "READY=1");
1258 if (network_is_online()) {
1259 r = manager_connect(m);
1264 r = sd_event_loop(m->event);
1266 log_error("Failed to run event loop: %s", strerror(-r));
1270 sd_event_get_exit_code(m->event, &r);
1273 sd_notify(false, "STATUS=Shutting down...");
1275 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;