1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2014 Kay Sievers
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 #include <arpa/inet.h>
30 #include <netinet/in.h>
31 #include <netinet/ip.h>
32 #include <sys/timerfd.h>
33 #include <sys/timex.h>
34 #include <sys/socket.h>
38 #include "sparse-endian.h"
40 #include "socket-util.h"
42 #include "sd-resolve.h"
43 #include "sd-daemon.h"
45 #define TIME_T_MAX (time_t)((1UL << ((sizeof(time_t) << 3) - 1)) - 1)
48 #define ADJ_SETOFFSET 0x0100 /* add 'time' to current time */
51 /* expected accuracy of time synchronization; used to adjust the poll interval */
52 #define NTP_ACCURACY_SEC 0.2
55 * "A client MUST NOT under any conditions use a poll interval less
58 #define NTP_POLL_INTERVAL_MIN_SEC 32
59 #define NTP_POLL_INTERVAL_MAX_SEC 2048
62 * Maximum delta in seconds which the system clock is gradually adjusted
63 * (slew) to approach the network time. Deltas larger that this are set by
64 * letting the system time jump. The kernel's limit for adjtime is 0.5s.
66 #define NTP_MAX_ADJUST 0.4
68 /* NTP protocol, packet header */
69 #define NTP_LEAP_PLUSSEC 1
70 #define NTP_LEAP_MINUSSEC 2
71 #define NTP_LEAP_NOTINSYNC 3
72 #define NTP_MODE_CLIENT 3
73 #define NTP_MODE_SERVER 4
74 #define NTP_FIELD_LEAP(f) (((f) >> 6) & 3)
75 #define NTP_FIELD_VERSION(f) (((f) >> 3) & 7)
76 #define NTP_FIELD_MODE(f) ((f) & 7)
77 #define NTP_FIELD(l, v, m) (((l) << 6) | ((v) << 3) | (m))
80 * "NTP timestamps are represented as a 64-bit unsigned fixed-point number,
81 * in seconds relative to 0h on 1 January 1900."
83 #define OFFSET_1900_1970 2208988800UL
100 struct ntp_ts_short root_delay;
101 struct ntp_ts_short root_dispersion;
103 struct ntp_ts reference_time;
104 struct ntp_ts origin_time;
105 struct ntp_ts recv_time;
106 struct ntp_ts trans_time;
109 typedef struct Manager Manager;
115 sd_resolve_query *resolve_query;
116 sd_event_source *event_receive;
118 union sockaddr_union server_addr;
119 socklen_t server_addr_length;
121 uint64_t packet_count;
123 /* last sent packet */
124 struct timespec trans_time_mon;
125 struct timespec trans_time;
126 usec_t retry_interval;
130 sd_event_source *event_timer;
131 usec_t poll_interval_usec;
139 unsigned int samples_idx;
140 double samples_jitter;
146 /* watch for time changes */
147 sd_event_source *event_clock_watch;
150 /* Handle SIGINT/SIGTERM */
151 sd_event_source *sigterm, *sigint;
154 static void manager_free(Manager *m);
155 DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
156 #define _cleanup_manager_free_ _cleanup_(manager_freep)
158 static int manager_arm_timer(Manager *m, usec_t next);
159 static int manager_clock_watch_setup(Manager *m);
161 static double ntp_ts_to_d(const struct ntp_ts *ts) {
162 return be32toh(ts->sec) + ((double)be32toh(ts->frac) / UINT_MAX);
165 static double ts_to_d(const struct timespec *ts) {
166 return ts->tv_sec + (1.0e-9 * ts->tv_nsec);
169 static double tv_to_d(const struct timeval *tv) {
170 return tv->tv_sec + (1.0e-6 * tv->tv_usec);
173 static double square(double d) {
177 static int manager_send_request(Manager *m) {
178 struct ntp_msg ntpmsg = {
180 * "The client initializes the NTP message header, sends the request
181 * to the server, and strips the time of day from the Transmit
182 * Timestamp field of the reply. For this purpose, all the NTP
183 * header fields are set to 0, except the Mode, VN, and optional
184 * Transmit Timestamp fields."
186 .field = NTP_FIELD(0, 4, NTP_MODE_CLIENT),
191 * Set transmit timestamp, remember it; the server will send that back
192 * as the origin timestamp and we have an indication that this is the
193 * matching answer to our request.
195 * The actual value does not matter, We do not care about the correct
196 * NTP UINT_MAX fraction; we just pass the plain nanosecond value.
198 assert_se(clock_gettime(CLOCK_MONOTONIC, &m->trans_time_mon) >= 0);
199 assert_se(clock_gettime(CLOCK_REALTIME, &m->trans_time) >= 0);
200 ntpmsg.trans_time.sec = htobe32(m->trans_time.tv_sec + OFFSET_1900_1970);
201 ntpmsg.trans_time.frac = htobe32(m->trans_time.tv_nsec);
203 len = sendto(m->server_socket, &ntpmsg, sizeof(ntpmsg), MSG_DONTWAIT, &m->server_addr.sa, m->server_addr_length);
204 if (len == sizeof(ntpmsg)) {
206 log_debug("Sent NTP request to: %s", m->server);
208 log_debug("Sending NTP request to %s failed: %m", m->server);
210 /* re-arm timer with incresing timeout, in case the packets never arrive back */
211 if (m->retry_interval > 0) {
212 if (m->retry_interval < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
213 m->retry_interval *= 2;
215 m->retry_interval = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
217 return manager_arm_timer(m, m->retry_interval);
220 static int manager_timer(sd_event_source *source, usec_t usec, void *userdata) {
221 Manager *m = userdata;
225 return manager_send_request(m);
228 static int manager_arm_timer(Manager *m, usec_t next) {
232 assert(m->event_receive);
235 m->event_timer = sd_event_source_unref(m->event_timer);
239 if (m->event_timer) {
240 r = sd_event_source_set_time(m->event_timer, now(CLOCK_MONOTONIC) + next);
244 return sd_event_source_set_enabled(m->event_timer, SD_EVENT_ONESHOT);
247 return sd_event_add_time(
251 now(CLOCK_MONOTONIC) + next, 0,
255 static int manager_clock_watch(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
256 Manager *m = userdata;
261 manager_clock_watch_setup(m);
263 /* skip our own jumps */
270 log_info("System time changed. Resyncing.");
271 m->poll_resync = true;
272 return manager_send_request(m);
275 /* wake up when the system time changes underneath us */
276 static int manager_clock_watch_setup(Manager *m) {
278 struct itimerspec its = {
279 .it_value.tv_sec = TIME_T_MAX
286 m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
287 m->clock_watch_fd = safe_close(m->clock_watch_fd);
289 m->clock_watch_fd = timerfd_create(CLOCK_REALTIME, TFD_NONBLOCK|TFD_CLOEXEC);
290 if (m->clock_watch_fd < 0) {
291 log_error("Failed to create timerfd: %m");
295 if (timerfd_settime(m->clock_watch_fd, TFD_TIMER_ABSTIME|TFD_TIMER_CANCEL_ON_SET, &its, NULL) < 0) {
296 log_error("Failed to set up timerfd: %m");
300 r = sd_event_add_io(m->event, &m->event_clock_watch, m->clock_watch_fd, EPOLLIN, manager_clock_watch, m);
302 log_error("Failed to create clock watch event source: %s", strerror(-r));
309 static int manager_adjust_clock(Manager *m, double offset, int leap_sec) {
310 struct timex tmx = {};
316 * For small deltas, tell the kernel to gradually adjust the system
317 * clock to the NTP time, larger deltas are just directly set.
319 * Clear STA_UNSYNC, it will enable the kernel's 11-minute mode, which
320 * syncs the system time periodically to the hardware clock.
322 if (fabs(offset) < NTP_MAX_ADJUST) {
323 tmx.modes = ADJ_STATUS | ADJ_NANO | ADJ_OFFSET | ADJ_TIMECONST | ADJ_MAXERROR | ADJ_ESTERROR;
324 tmx.status = STA_PLL;
325 tmx.offset = offset * NSEC_PER_SEC;
326 tmx.constant = log2i(m->poll_interval_usec / USEC_PER_SEC) - 4;
329 log_debug(" adjust (slew): %+.3f sec\n", offset);
331 tmx.modes = ADJ_SETOFFSET | ADJ_NANO;
333 /* ADJ_NANO uses nanoseconds in the microseconds field */
334 tmx.time.tv_sec = (long)offset;
335 tmx.time.tv_usec = (offset - tmx.time.tv_sec) * NSEC_PER_SEC;
337 /* the kernel expects -0.3s as {-1, 7000.000.000} */
338 if (tmx.time.tv_usec < 0) {
339 tmx.time.tv_sec -= 1;
340 tmx.time.tv_usec += NSEC_PER_SEC;
344 log_debug(" adjust (jump): %+.3f sec\n", offset);
349 tmx.status |= STA_INS;
352 tmx.status |= STA_DEL;
356 r = clock_adjtime(CLOCK_REALTIME, &tmx);
360 m->drift_ppm = tmx.freq / 65536;
362 log_debug(" status : %04i %s\n"
363 " time now : %li.%03lli\n"
365 " offset : %+.3f sec\n"
366 " freq offset : %+li (%i ppm)\n",
367 tmx.status, tmx.status & STA_UNSYNC ? "" : "sync",
368 tmx.time.tv_sec, tmx.time.tv_usec / NSEC_PER_MSEC,
370 (double)tmx.offset / NSEC_PER_SEC,
371 tmx.freq, m->drift_ppm);
376 static bool manager_sample_spike_detection(Manager *m, double offset, double delay) {
377 unsigned int i, idx_cur, idx_new, idx_min;
385 /* ignore initial sample */
386 if (m->packet_count == 1)
389 /* store the current data in our samples array */
390 idx_cur = m->samples_idx;
391 idx_new = (idx_cur + 1) % ELEMENTSOF(m->samples);
392 m->samples_idx = idx_new;
393 m->samples[idx_new].offset = offset;
394 m->samples[idx_new].delay = delay;
396 /* calculate new jitter value from the RMS differences relative to the lowest delay sample */
397 jitter = m->samples_jitter;
398 for (idx_min = idx_cur, i = 0; i < ELEMENTSOF(m->samples); i++)
399 if (m->samples[i].delay > 0 && m->samples[i].delay < m->samples[idx_min].delay)
403 for (i = 0; i < ELEMENTSOF(m->samples); i++)
404 j += square(m->samples[i].offset - m->samples[idx_min].offset);
405 m->samples_jitter = sqrt(j / (ELEMENTSOF(m->samples) - 1));
407 /* ignore samples when resyncing */
411 /* always accept offset if we are farther off than the round-trip delay */
412 if (fabs(offset) > delay)
415 /* we need a few samples before looking at them */
416 if (m->packet_count < 4)
419 /* do not accept anything worse than the maximum possible error of the best sample */
420 if (fabs(offset) > m->samples[idx_min].delay)
423 /* compare the difference between the current offset to the previous offset and jitter */
424 return fabs(offset - m->samples[idx_cur].offset) > 3 * jitter;
427 static void manager_adjust_poll(Manager *m, double offset, bool spike) {
430 if (m->poll_resync) {
431 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
432 m->poll_resync = false;
436 /* set to minimal poll interval */
437 if (!spike && fabs(offset) > NTP_ACCURACY_SEC) {
438 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
442 /* increase polling interval */
443 if (fabs(offset) < NTP_ACCURACY_SEC * 0.25) {
444 if (m->poll_interval_usec < NTP_POLL_INTERVAL_MAX_SEC * USEC_PER_SEC)
445 m->poll_interval_usec *= 2;
449 /* decrease polling interval */
450 if (spike || fabs(offset) > NTP_ACCURACY_SEC * 0.75) {
451 if (m->poll_interval_usec > NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC)
452 m->poll_interval_usec /= 2;
457 static bool sockaddr_equal(union sockaddr_union *a, union sockaddr_union *b) {
461 if (a->sa.sa_family != b->sa.sa_family)
464 if (a->sa.sa_family == AF_INET)
465 return a->in.sin_addr.s_addr == b->in.sin_addr.s_addr;
467 if (a->sa.sa_family == AF_INET6)
468 return memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)) == 0;
473 static int manager_receive_response(sd_event_source *source, int fd, uint32_t revents, void *userdata) {
474 Manager *m = userdata;
475 struct ntp_msg ntpmsg;
479 .iov_len = sizeof(ntpmsg),
482 struct cmsghdr cmsghdr;
483 uint8_t buf[CMSG_SPACE(sizeof(struct timeval))];
485 union sockaddr_union server_addr;
486 struct msghdr msghdr = {
489 .msg_control = &control,
490 .msg_controllen = sizeof(control),
491 .msg_name = &server_addr,
492 .msg_namelen = sizeof(server_addr),
494 struct cmsghdr *cmsg;
495 struct timespec now_ts;
496 struct timeval *recv_time;
498 double origin, receive, trans, dest;
499 double delay, offset;
504 if (revents & (EPOLLHUP|EPOLLERR)) {
505 log_debug("Server connection returned error.");
509 len = recvmsg(fd, &msghdr, MSG_DONTWAIT);
514 log_debug("Error receiving message. Disconnecting.");
518 if (iov.iov_len < sizeof(struct ntp_msg)) {
519 log_debug("Invalid response from server. Disconnecting.");
523 if (!sockaddr_equal(&server_addr, &m->server_addr)) {
524 log_debug("Response from unknown server. Disconnecting.");
529 for (cmsg = CMSG_FIRSTHDR(&msghdr); cmsg; cmsg = CMSG_NXTHDR(&msghdr, cmsg)) {
530 if (cmsg->cmsg_level != SOL_SOCKET)
533 switch (cmsg->cmsg_type) {
535 recv_time = (struct timeval *) CMSG_DATA(cmsg);
540 log_debug("Invalid packet timestamp. Disconnecting.");
545 log_debug("Unexpected reply. Ignoring.");
549 /* check our "time cookie" (we just stored nanoseconds in the fraction field) */
550 if (be32toh(ntpmsg.origin_time.sec) != m->trans_time.tv_sec + OFFSET_1900_1970 ||
551 be32toh(ntpmsg.origin_time.frac) != m->trans_time.tv_nsec) {
552 log_debug("Invalid reply; not our transmit time. Ignoring.");
556 if (NTP_FIELD_LEAP(ntpmsg.field) == NTP_LEAP_NOTINSYNC) {
557 log_debug("Server is not synchronized. Disconnecting.");
561 if (NTP_FIELD_VERSION(ntpmsg.field) != 4) {
562 log_debug("Response NTPv%d. Disconnecting.", NTP_FIELD_VERSION(ntpmsg.field));
566 if (NTP_FIELD_MODE(ntpmsg.field) != NTP_MODE_SERVER) {
567 log_debug("Unsupported mode %d. Disconnecting.", NTP_FIELD_MODE(ntpmsg.field));
573 m->retry_interval = 0;
575 /* announce leap seconds */
576 if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_PLUSSEC)
578 else if (NTP_FIELD_LEAP(ntpmsg.field) & NTP_LEAP_MINUSSEC)
584 * "Timestamp Name ID When Generated
585 * ------------------------------------------------------------
586 * Originate Timestamp T1 time request sent by client
587 * Receive Timestamp T2 time request received by server
588 * Transmit Timestamp T3 time reply sent by server
589 * Destination Timestamp T4 time reply received by client
591 * The round-trip delay, d, and system clock offset, t, are defined as:
592 * d = (T4 - T1) - (T3 - T2) t = ((T2 - T1) + (T3 - T4)) / 2"
594 assert_se(clock_gettime(CLOCK_MONOTONIC, &now_ts) >= 0);
595 origin = tv_to_d(recv_time) - (ts_to_d(&now_ts) - ts_to_d(&m->trans_time_mon)) + OFFSET_1900_1970;
596 receive = ntp_ts_to_d(&ntpmsg.recv_time);
597 trans = ntp_ts_to_d(&ntpmsg.trans_time);
598 dest = tv_to_d(recv_time) + OFFSET_1900_1970;
600 offset = ((receive - origin) + (trans - dest)) / 2;
601 delay = (dest - origin) - (trans - receive);
603 spike = manager_sample_spike_detection(m, offset, delay);
605 manager_adjust_poll(m, offset, spike);
607 log_debug("NTP response:\n"
612 " precision : %.6f sec (%d)\n"
613 " reference : %.4s\n"
618 " offset : %+.3f sec\n"
619 " delay : %+.3f sec\n"
620 " packet count : %"PRIu64"\n"
622 " poll interval: %llu\n",
623 NTP_FIELD_LEAP(ntpmsg.field),
624 NTP_FIELD_VERSION(ntpmsg.field),
625 NTP_FIELD_MODE(ntpmsg.field),
627 exp2(ntpmsg.precision), ntpmsg.precision,
628 ntpmsg.stratum == 1 ? ntpmsg.refid : "n/a",
629 origin - OFFSET_1900_1970,
630 receive - OFFSET_1900_1970,
631 trans - OFFSET_1900_1970,
632 dest - OFFSET_1900_1970,
635 m->samples_jitter, spike ? " spike" : "",
636 m->poll_interval_usec / USEC_PER_SEC);
639 r = manager_adjust_clock(m, offset, leap_sec);
641 log_error("Failed to call clock_adjtime(): %m");
644 log_info("%s: interval/delta/delay/jitter/drift %llus/%+.3fs/%.3fs/%.3fs/%+ippm%s",
645 m->server, m->poll_interval_usec / USEC_PER_SEC, offset, delay, m->samples_jitter, m->drift_ppm,
646 spike ? " (ignored)" : "");
648 return manager_arm_timer(m, m->poll_interval_usec);
651 static int manager_listen_setup(Manager *m) {
652 union sockaddr_union addr = {};
653 static const int tos = IPTOS_LOWDELAY;
654 static const int on = 1;
659 assert(m->server_socket < 0);
660 assert(!m->event_receive);
662 addr.sa.sa_family = m->server_addr.sa.sa_family;
664 m->server_socket = socket(addr.sa.sa_family, SOCK_DGRAM | SOCK_CLOEXEC, 0);
665 if (m->server_socket < 0)
668 r = bind(m->server_socket, &addr.sa, m->server_addr_length);
672 r = setsockopt(m->server_socket, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(on));
676 setsockopt(m->server_socket, IPPROTO_IP, IP_TOS, &tos, sizeof(tos));
678 return sd_event_add_io(m->event, &m->event_receive, m->server_socket, EPOLLIN, manager_receive_response, m);
681 static int manager_resolve_handler(sd_resolve_query *q, int ret, const struct addrinfo *ai, void *userdata) {
682 _cleanup_free_ char *pretty = NULL;
683 Manager *m = userdata;
689 m->resolve_query = sd_resolve_query_unref(m->resolve_query);
692 log_error("Failed to resolve %s: %s", m->server, gai_strerror(ret));
693 return -EHOSTUNREACH;
698 assert(ai->ai_addrlen >= offsetof(struct sockaddr, sa_data));
699 assert(ai->ai_addrlen <= sizeof(union sockaddr_union));
701 if (!IN_SET(ai->ai_addr->sa_family, AF_INET, AF_INET6)) {
702 log_warning("Failed to find IP address for %s", m->server);
703 return -EHOSTUNREACH;
706 memcpy(&m->server_addr, ai->ai_addr, ai->ai_addrlen);
707 m->server_addr_length = ai->ai_addrlen;
709 r = sockaddr_pretty(&m->server_addr.sa, m->server_addr_length, true, &pretty);
711 log_warning("Failed to decode address of %s: %s", m->server, strerror(-r));
715 log_debug("Connecting to NTP server %s.", pretty);
716 sd_notifyf(false, "STATUS=Using Time Server %s", pretty);
718 r = manager_listen_setup(m);
720 log_warning("Failed to setup connection socket: %s", strerror(-r));
724 r = manager_clock_watch_setup(m);
726 log_warning("Failed to setup clock watch: %s", strerror(-r));
730 return manager_send_request(m);
733 static int manager_connect(Manager *m, const char *server) {
735 struct addrinfo hints = {
736 .ai_flags = AI_NUMERICSERV|AI_ADDRCONFIG,
737 .ai_socktype = SOCK_DGRAM,
746 m->server = strdup(server);
750 m->poll_interval_usec = NTP_POLL_INTERVAL_MIN_SEC * USEC_PER_SEC;
752 return sd_resolve_getaddrinfo(m->resolve, &m->resolve_query, m->server, "123", &hints, manager_resolve_handler, m);
755 static void manager_disconnect(Manager *m) {
758 m->resolve_query = sd_resolve_query_unref(m->resolve_query);
760 m->event_timer = sd_event_source_unref(m->event_timer);
762 m->event_receive = sd_event_source_unref(m->event_receive);
763 m->server_socket = safe_close(m->server_socket);
765 zero(m->server_addr);
766 m->server_addr_length = 0;
771 m->event_clock_watch = sd_event_source_unref(m->event_clock_watch);
772 m->clock_watch_fd = safe_close(m->clock_watch_fd);
775 static int manager_new(Manager **ret) {
776 _cleanup_manager_free_ Manager *m = NULL;
779 m = new0(Manager, 1);
783 m->server_socket = m->clock_watch_fd = -1;
785 r = sd_event_default(&m->event);
789 sd_event_add_signal(m->event, &m->sigterm, SIGTERM, NULL, NULL);
790 sd_event_add_signal(m->event, &m->sigint, SIGINT, NULL, NULL);
792 r = sd_resolve_default(&m->resolve);
796 r = sd_resolve_attach_event(m->resolve, m->event, 0);
800 r = manager_clock_watch_setup(m);
810 static void manager_free(Manager *m) {
814 manager_disconnect(m);
816 sd_event_source_unref(m->sigint);
817 sd_event_source_unref(m->sigterm);
819 sd_resolve_unref(m->resolve);
820 sd_event_unref(m->event);
825 int main(int argc, char *argv[]) {
826 _cleanup_manager_free_ Manager *m = NULL;
829 log_set_target(LOG_TARGET_AUTO);
830 log_parse_environment();
833 assert_se(sigprocmask_many(SIG_BLOCK, SIGTERM, SIGINT, -1) == 0);
837 log_error("Failed to allocate manager: %s", strerror(-r));
841 sd_notify(false, "READY=1");
843 r = manager_connect(m, "time1.google.com");
845 log_error("Failed to initiate connection: %s", strerror(-r));
849 r = sd_event_loop(m->event);
851 log_error("Failed to run event loop: %s", strerror(-r));
855 sd_event_get_exit_code(m->event, &r);
858 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;