Mercurial > notdcc
diff dccd/work.c @ 0:c7f6b056b673
First import of vendor version
| author | Peter Gervai <grin@grin.hu> |
|---|---|
| date | Tue, 10 Mar 2009 13:49:58 +0100 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/dccd/work.c Tue Mar 10 13:49:58 2009 +0100 @@ -0,0 +1,3079 @@ +/* Distributed Checksum Clearinghouse + * + * work on a job in the server + * + * Copyright (c) 2008 by Rhyolite Software, LLC + * + * This agreement is not applicable to any entity which sells anti-spam + * solutions to others or provides an anti-spam solution as part of a + * security solution sold to other entities, or to a private network + * which employs the DCC or uses data provided by operation of the DCC + * but does not provide corresponding data to other users. + * + * Permission to use, copy, modify, and distribute this software without + * changes for any purpose with or without fee is hereby granted, provided + * that the above copyright notice and this permission notice appear in all + * copies and any distributed versions or copies are either unchanged + * or not called anything similar to "DCC" or "Distributed Checksum + * Clearinghouse". + * + * Parties not eligible to receive a license under this agreement can + * obtain a commercial license to use DCC by contacting Rhyolite Software + * at sales@rhyolite.com. + * + * A commercial license would be for Distributed Checksum and Reputation + * Clearinghouse software. That software includes additional features. This + * free license for Distributed ChecksumClearinghouse Software does not in any + * way grant permision to use Distributed Checksum and Reputation Clearinghouse + * software + * + * THE SOFTWARE IS PROVIDED "AS IS" AND RHYOLITE SOFTWARE, LLC DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL RHYOLITE SOFTWARE, LLC + * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES + * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, + * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, + * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * + * Rhyolite Software DCC 1.3.103-1.287 $Revision$ + */ + +#include "dccd_defs.h" + +typedef struct { + time_t us; + u_int ops; +} Q_DELAY_SEC; +static Q_DELAY_SEC q_delays[9]; +static Q_DELAY_SEC q_delays_sum; /* sum of all but q_delays[0] */ +static time_t q_delays_start; /* second for q_delayw[0] */ + +DCCD_STATS dccd_stats; + +u_char query_only; /* 1=treat reports as queries */ + +u_char grey_weak_body; /* 1=ignore bodies for greylisting */ +u_char grey_weak_ip; /* 1=a good triple whitelists addr */ + +static u_char ridc_get(QUEUE *); + + +/* report cache used to detect duplicate or retransmitted reports */ +static RIDC *ridc_newest, *ridc_oldest; +static RIDC **ridc_hash; +static int ridc_hash_len; + + +static inline RIDC ** +ridc_hash_fnc(DCC_HDR *hdr) +{ + u_int32_t sum; + + /* The client's (ID,RID,HID,PID) should be unique and constant for + * retransmissions of a single request. It should make a reasonable + * hash value. We cannot trust it entirely, if only because of + * anonymous clients */ + sum = hdr->sender; + sum += hdr->op_nums.h; + sum += hdr->op_nums.p; + sum += hdr->op_nums.r; + + return &ridc_hash[mhash(sum, ridc_hash_len)]; +} + + + +static void +ridc_ref(RIDC *ridc) +{ + ridc->last_used = db_time.tv_sec; + if (!ridc->newer) + return; /* it's already newest */ + + ridc->newer->older = ridc->older; + if (ridc->older) + ridc->older->newer = ridc->newer; + else + ridc_oldest = ridc->newer; + ridc->older = ridc_newest; + ridc->newer = 0; + ridc_newest->newer = ridc; + ridc_newest = ridc; +} + + + +/* get a free report cache block */ +static RIDC * +ridc_get_free(void) +{ + RIDC *ridc; + time_t stale = db_time.tv_sec - DCC_MAX_RETRANS_DELAY_SECS; + + for (ridc = ridc_oldest; ridc != 0; ridc = ridc->newer) { + if (ridc->last_used < stale) { + /* found one, so recycle it */ + if (ridc->fwd) + ridc->fwd->bak = ridc->bak; + if (ridc->bak) + ridc->bak->fwd = ridc->fwd; + else if (ridc->hash) + *ridc->hash = ridc->fwd; + ridc->bak = 0; + ridc_ref(ridc); + return ridc; + } + } + + /* there are no free blocks that are old enough to recycle */ + return 0; +} + + + +/* make some (more) RID blocks and (re)build the hash table */ +static void +ridc_make(void) +{ + int new_len, old_len, j; + RIDC *ridc, *ridc2, **ridch, **old_ridc_hash; + + new_len = queue_max; + ridc = dcc_malloc(new_len*sizeof(*ridc)); + if (!ridc) + dcc_logbad(EX_OSERR, "malloc(%d RIDC blocks) failed", + new_len); + memset(ridc, 0, new_len*sizeof(*ridc)); + for (j = 0; j < new_len; ++j, ++ridc) { /* make the new blocks oldest */ + if (!ridc_oldest) { + ridc_oldest = ridc_newest = ridc; + } else { + ridc_oldest->older = ridc; + ridc->newer = ridc_oldest; + ridc_oldest = ridc; + } + } + + /* rebuild and expand the hash table */ + old_len = ridc_hash_len; + ridc_hash_len += new_len; + old_ridc_hash = ridc_hash; + ridc_hash = dcc_malloc(ridc_hash_len*sizeof(*ridch)); + if (!ridc_hash) + dcc_logbad(EX_OSERR, "malloc(%d RIDC hash table) failed", + ridc_hash_len); + memset(ridc_hash, 0, ridc_hash_len*sizeof(*ridch)); + if (old_len != 0) { + do { + for (ridc = old_ridc_hash[--old_len]; + ridc != 0; + ridc = ridc2) { + ridch = ridc_hash_fnc(&ridc->hdr); + ridc2 = ridc->fwd; + ridc->bak = 0; + ridc->hash = ridch; + if ((ridc->fwd = *ridch) != 0) + ridc->fwd->bak = ridc; + *ridch = ridc; + } + } while (old_len != 0); + dcc_free(old_ridc_hash); + } +} + + + +/* get the report cache block for an operation */ +static u_char /* 0=new operation, 1=retransmission */ +ridc_get(QUEUE *q) +{ + RIDC *ridc, **ridch; + + for (;;) { + if (ridc_hash) { + /* look for the existing report cache block */ + ridch = ridc_hash_fnc(&q->pkt.hdr); + for (ridc = *ridch; ridc; ridc = ridc->fwd) { + /* Reports are relatively small, so we + * can afford to not trust the client's + * RID to be unique. Compare all but the + * client's transmission #. + * Also check client's UDP port # because + * it should be unchanged regardless of + * multi-homing. */ + if (ridc->clnt_port == q->clnt_su.ipv4.sin_port + && !memcmp(&ridc->hdr, &q->pkt.hdr, + sizeof(ridc->hdr) + - sizeof(ridc->hdr.op_nums.t))) { + /* found it, so make it newest */ + ridc_ref(ridc); + q->ridc = ridc; + return 1; + } + } + + /* the block does not already exist, so create it */ + ridc = ridc_get_free(); + if (ridc) + break; + } + /* we are out of report cache blocks, so make more */ + ridc_make(); + + /* re-hash because our previous pointer is invalid */ + } + + memcpy(&ridc->hdr, &q->pkt.hdr, sizeof(ridc->hdr)); + ridc->clnt_port = q->clnt_su.ipv4.sin_port; + ridc->op = DCC_OP_INVALID; + ridc->bad = 1; + ridc->len = 0; + ridc->hash = ridch; + ridc->fwd = *ridch; + if (ridc->fwd) + ridc->fwd->bak = ridc; + *ridch = ridc; + + q->ridc = ridc; + return 0; +} + + + +#define RIDC_BAD(q) {if ((q)->ridc) (q)->ridc->bad = 1;} + + +/* update the average queue delay at the start of a new second */ +static void +update_q_delay(void) +{ + time_t secs; + Q_DELAY_SEC *src, *tgt; + + secs = db_time.tv_sec - q_delays_start; + if (secs == 0) + return; + + /* At the start of a new second, + * forget the delays for old seconds we no longer care about + * and start accumulating delays for the new second + * Slide accumulated delays and total operations previous seconds. */ + q_delays_start = db_time.tv_sec; + q_delays_sum.us = 0; + q_delays_sum.ops = 0; + tgt = LAST(q_delays); + if (secs > 0 && secs < DIM(q_delays)) { + src = tgt - secs; + do { + q_delays_sum.us += (tgt->us = src->us); + q_delays_sum.ops += (tgt->ops = src->ops); + --tgt; + } while (src-- != &q_delays[0]); + } + memset(q_delays, 0, sizeof(q_delays[0]) * (tgt+1 - q_delays)); +} + + + +/* compute the average queue delay this client should see */ +static u_int +avg_q_delay_ms(const QUEUE *q) +{ + u_int ops; + time_t us; + + /* get the average service delay excluding per-client-ID delays */ + update_q_delay(); + ops = q_delays[0].ops + q_delays_sum.ops; + if (ops == 0) + us = 0; + else + us = (q_delays[0].us + q_delays_sum.us + ops/2) / ops; + + /* add the per-client-ID penalty */ + us += q->delay_us; + return (us + 500) / 1000; +} + + + +/* get a unique timestamp */ +static void +get_ts(DCC_TS *ts) /* put it here */ +{ + static struct timeval prev_time; + static int faked; + + /* if we have generated a lot of fake timestamps + * and our snapshot of the clock is old, + * then check the clock in the hope it has ticked */ + if (db_time.tv_usec <= prev_time.tv_usec + && db_time.tv_sec == prev_time.tv_sec + && faked > 100) { + faked = 0; + gettimeofday(&db_time, 0); + } + + /* Try to make the next timestamp unique, but only as long + * as time itself marches forward. This must work many times + * a second, or the resoltion of DCC timestaps. + * Worse, the increment can exhaust values from future seconds. + * Forget about it if the problem lasts for more than 5 minutes. */ + if (db_time.tv_sec > prev_time.tv_sec + || (db_time.tv_sec == prev_time.tv_sec + && db_time.tv_usec > prev_time.tv_usec) + || db_time.tv_sec < prev_time.tv_sec-5*60) { + /* either the current time is good enough or we must + * give up and use it to make the timestamp */ + prev_time = db_time; + faked = 0; + + } else { + /* fudge the previous timestamp to make it good enough */ + prev_time.tv_usec += DCC_TS_US_MULT; + if (prev_time.tv_usec >= DCC_US) { + prev_time.tv_usec -= DCC_US; + ++prev_time.tv_sec; + } + ++faked; + } + + dcc_timeval2ts(ts, &prev_time, 0); +} + + + +/* find database record for a server-ID + * use only db_sts.hash and db_sts.rcd2 + * put the result in db_sts.rcd2 */ +int /* -1=broken database 0=no record */ +find_srvr_rcd(const DCC_SUM sum, const char *str) +{ + DB_RCD_CK *found_ck; + DB_PTR prev; + int failsafe; + + switch (db_lookup(dcc_emsg, DCC_CK_SRVR_ID, sum, + 0, MAX_HASH_ENTRIES, + &db_sts.hash, &db_sts.rcd2, &found_ck)) { + case DB_FOUND_LATER: + case DB_FOUND_SYSERR: + DB_ERROR_MSG2(str, dcc_emsg); + return -1; + case DB_FOUND_IT: + /* look for a record that is neither obsolete nor deleted */ + for (failsafe = 0; failsafe < 20; ++failsafe) { + if (!DB_CK_OBS(found_ck) + && DB_TGTS_RCD(db_sts.rcd2.d.r) != 0) + return 1; + prev = DB_PTR_EX(found_ck->prev); + if (prev == DB_PTR_NULL) + return 0; + found_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev, + DCC_CK_SRVR_ID); + if (!found_ck) { + DB_ERROR_MSG2(str, dcc_emsg); + return -1; + } + } + break; + case DB_FOUND_EMPTY: + case DB_FOUND_CHAIN: + case DB_FOUND_INTRUDER: + break; + } + return 0; +} + + + +/* find the database record of the type of a server + * use only db_sts.hash and db_sts.rcd2 + * put the result in db_sts.rcd2 */ +int /* -1=broken database 0=no record */ +find_srvr_rcd_type(DCC_SRVR_ID tgt_id) +{ + DCC_SUM srvr_id_sum; + + if (db_failed_line) + return -1; + memset(srvr_id_sum, 0, sizeof(srvr_id_sum)); + srvr_id_sum[0] = DCC_CK_SRVR_ID; + srvr_id_sum[1] = tgt_id >> 8; + srvr_id_sum[2] = tgt_id; + return find_srvr_rcd(srvr_id_sum, "checking server-ID state"); +} + + + +/* find the server type in the table of IDs */ +ID_TBL * +find_srvr_type(DCC_SRVR_ID tgt_id) +{ + ID_TBL *tp; + DCC_SRVR_ID srvr_type; + + tp = find_id_tbl(tgt_id); + if (!tp) { + /* check the database if it is not in the table */ + if (0 >= find_srvr_rcd_type(tgt_id)) { + /* assume it is a simple server if there is + * no declaration in the database */ + srvr_type = DCC_ID_SRVR_SIMPLE; + } else { + srvr_type = DB_RCD_ID(db_sts.rcd2.d.r); + if (!DCC_ID_SRVR_TYPE(srvr_type)) + srvr_type = DCC_ID_SRVR_SIMPLE; + /* the free code knows nothing about reputations */ + if (srvr_type == DCC_ID_SRVR_REP_OK) + srvr_type = DCC_ID_SRVR_SIMPLE; + } + /* cache it in the table */ + tp = add_id_tbl(tgt_id); + tp->srvr_type = srvr_type; + } + return tp; +} + + + +/* refresh our claim to our server-ID or similar + * use only db_sts.hash and db_sts.rcd2 */ +void +refresh_srvr_rcd(const DCC_SUM sum, DCC_SRVR_ID val, const char *str) +{ + DCC_TS old; + DB_RCD rcd; + int i; + + /* add a new record + * only if no recent record of the right value exists */ + i = find_srvr_rcd(sum, str); + if (i < 0) + return; /* broken database */ + if (i > 0 + && DB_RCD_ID(db_sts.rcd2.d.r) == val) { + dcc_timeval2ts(&old, &db_time, -DCC_SRVR_ID_SECS/2); + if (!dcc_ts_older_ts(&db_sts.rcd2.d.r->ts, &old)) + return; + } + + memset(&rcd, 0, sizeof(rcd)); + get_ts(&rcd.ts); + rcd.srvr_id_auth = val; + DB_TGTS_RCD_SET(&rcd, 1); + rcd.fgs_num_cks = 1; + rcd.cks[0].type_fgs = DCC_CK_SRVR_ID; + memcpy(rcd.cks[0].sum, sum, sizeof(DCC_SUM)); + if (!db_add_rcd(dcc_emsg, &rcd)) + DB_ERROR_MSG2(str, dcc_emsg); +} + + + +static void +send_resp(const QUEUE *q, + DCC_HDR *hdr, /* length in host byte order */ + u_char no_msg) +{ + u_int save_len; + char ob[DCC_OPBUF]; + int len, i; + + len = hdr->len; + hdr->len = htons(len); + /* callers must have dealt with the variations due to versions */ + if (q->pkt.hdr.pkt_vers < DCC_PKT_VERSION_MIN) + hdr->pkt_vers = DCC_PKT_VERSION_MIN; + else if (q->pkt.hdr.pkt_vers > DCC_PKT_VERSION_MAX) + hdr->pkt_vers = DCC_PKT_VERSION_MAX; + else + hdr->pkt_vers = q->pkt.hdr.pkt_vers; + hdr->sender = htonl(my_srvr_id); + hdr->op_nums = q->pkt.hdr.op_nums; + if (q->passwd[0] != '\0') { + /* sign with the password that authenticated the client */ + dcc_sign(q->passwd, sizeof(q->passwd), hdr, len); +#ifdef DCC_PKT_VERSION8 + } else if (q->pkt.hdr.pkt_vers <= DCC_PKT_VERSION8) { + /* Sign old protocol responses with the client's transaction + * numbers if we do not have a good password. + * This happens with anonymous clients */ + dcc_sign((char *)&q->pkt.hdr.op_nums, + sizeof(q->pkt.hdr.op_nums), + hdr, len); +#endif + } else { + memset((char *)hdr + (len-sizeof(DCC_SIGNATURE)), 0, + sizeof(DCC_SIGNATURE)); + } + + if (q->ridc) { + save_len = len-sizeof(*hdr)-sizeof(DCC_SIGNATURE); + if (save_len > ISZ(q->ridc->result)) { + if (hdr->op == DCC_OP_ERROR) + save_len = sizeof(q->ridc->result); + else + dcc_logbad(EX_SOFTWARE, "RIDC buffer overflow"); + } + q->ridc->len = save_len; + memcpy(&q->ridc->result, hdr+1, save_len); + q->ridc->op = hdr->op; + q->ridc->bad = 0; + } + + i = sendto(q->sp->udp, hdr, len, 0, + &q->clnt_su.sa, DCC_SU_LEN(&q->clnt_su)); + if (i < 0) { + clnt_msg(q, "sendto(%s, %s): %s", + dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q), + ERROR_STR()); + } else if (len != i) { + clnt_msg(q, "sendto(%s, %s)=%d instead of %d", + dcc_hdr_op2str(ob, sizeof(ob), hdr), Q_CIP(q), + i, len); + } else if (!no_msg + && (dccd_tracemask & ((hdr->op == DCC_OP_ANSWER + || hdr->op == DCC_OP_NOP) + ? DCC_TRACE_QUERY_BIT + : DCC_TRACE_ADMN_BIT))) { + dcc_trace_msg("sent %s to %s for %s", + dcc_hdr_op2str(ob, sizeof(ob), hdr), + Q_CIP(q), qop2str(q)); + } + +} + + + +/* do not send an error response to a client */ +static void PATTRIB(2,3) +forget_error(const QUEUE *q, const char *p, ...) +{ + va_list args; + + RIDC_BAD(q); + + if ((!q->flags & Q_FG_BAD_PASSWD) + && !(q->rl->d.flags & RL_FG_BLS)) { + q->rl->d.flags |= RL_FG_BL_BAD; + ++dccd_stats.bad_op; + } + + va_start(args, p); + vclnt_msg(q, p, args); + va_end(args); +} + + + +/* send an error response to a client */ +static void +send_error(const QUEUE *q, const char *p, ...) +{ + DCC_ERROR buf; + int slen; + va_list args; + + + /* build and log the message */ + va_start(args, p); + slen = vsnprintf(buf.msg, sizeof(buf.msg), p, args); + if (slen > ISZ(buf.msg)-1) + slen = ISZ(buf.msg)-1; + va_end(args); + clnt_msg(q, "\"%s\" sent to %s", buf.msg, Q_CIP(q)); + + /* send it */ + buf.hdr.len = sizeof(buf)-sizeof(buf.msg)+slen+1; + buf.hdr.op = DCC_OP_ERROR; + send_resp(q, &buf.hdr, 1); + + ++dccd_stats.send_error; +} + + + +#define NORESP_EMSG(q) noresp_emsg(q, __LINE__) + +static void +noresp_emsg(const QUEUE *q, int linenum) +{ + dcc_error_msg("error near line %d in "DCC_VERSION" "__FILE__, linenum); + RIDC_BAD(q); +} + + + +/* tell client that a NOP or an administrative request was ok */ +static void +send_ok(QUEUE *q) +{ + DCC_OK buf; + time_t us; + + memset(&buf, 0, sizeof(buf)); + + buf.max_pkt_vers = max(min(q->pkt.hdr.pkt_vers, DCC_PKT_VERSION_MAX), + DCC_PKT_VERSION_MIN); + us = (q->delay_us + 500) / 1000; + buf.qdelay_ms = htons(us); + strncpy(buf.brand, brand, sizeof(buf.brand)); + buf.hdr.op = DCC_OP_OK; + buf.hdr.len = sizeof(buf); + + send_resp(q, &buf.hdr, 0); +} + + + +static void +repeat_resp(QUEUE *q) +{ + struct { + DCC_HDR hdr; + u_char b[sizeof(q->ridc->result)]; + } buf; + char ob[DCC_OPBUF]; + + ++dccd_stats.report_retrans; + + if (q->ridc->bad) { + TMSG1(RIDC, "repeat drop of %s", from_id_ip(q, 1)); + return; + } + + memcpy(&buf.hdr+1, &q->ridc->result, q->ridc->len); + buf.hdr.op = q->ridc->op; + buf.hdr.len = htons(q->ridc->len + + sizeof(buf.hdr) + sizeof(DCC_SIGNATURE)); + TMSG2(RIDC, "repeat previous answer of %s for %s", + dcc_hdr_op2str(ob, sizeof(ob), &buf.hdr), + from_id_ip(q, 1)); + buf.hdr.len = ntohs(buf.hdr.len); + send_resp(q, &buf.hdr, 0); +} + + + +/* find a checksum in the database + * use only db_sts.hash and db_sts.rcd2 + * put the result in db_sts.rcd2 */ +static u_char /* 0=broken database */ +get_ck_tgts(DCC_TGTS *tgtsp, + const DB_RCD_CK **pfound_ck, + u_char must_have_it, /* 1=database broken if cksum absent */ + DCC_CK_TYPES type, + const DCC_SUM sum) +{ + DB_RCD_CK *found_ck; + + switch (db_lookup(dcc_emsg, type, sum, 0, MAX_HASH_ENTRIES, + &db_sts.hash, &db_sts.rcd2, &found_ck)) { + case DB_FOUND_LATER: + case DB_FOUND_SYSERR: + DB_ERROR_MSG(dcc_emsg); + return 0; + case DB_FOUND_IT: + if (pfound_ck) + *pfound_ck = found_ck; + if (tgtsp) + *tgtsp = DB_TGTS_CK(found_ck); + break; + case DB_FOUND_EMPTY: + case DB_FOUND_CHAIN: + case DB_FOUND_INTRUDER: + if (must_have_it) { + db_error_msg(__LINE__,__FILE__, + "missing hash entry for %s %s ", + DB_TYPE2STR(type), + dcc_ck2str_err(type, sum, 0)); + return 0; + } + if (pfound_ck) + *pfound_ck = 0; + if (tgtsp) + *tgtsp = 0; + break; + } + return 1; +} + + + +/* see if a count just passed a multiple of a threshold and so is + * worth flooding or summarizing */ +static u_char /* 1=time to summarize this checksum */ +quick_sum_thold(DCC_CK_TYPES type, + DCC_TGTS rpt_tgts, /* targets in this report */ + DCC_TGTS ck_tgts) /* grand total */ +{ + static DCC_TGTS thold_mults[] = { + 1, 2, 3, 5, 10 + }; + DCC_TGTS thold; + DCC_TGTS mult, new_mult, old_mult; + int i; + + thold = flod_tholds[type]; + if (ck_tgts < thold + || thold >= DCC_TGTS_TOO_MANY) + return 0; + if (thold == 0) + return 1; + + new_mult = ck_tgts / thold; + old_mult = (ck_tgts - rpt_tgts) / thold; + for (i = 0; i < DIM(thold_mults); ++i) { + mult = thold_mults[i]; + if (old_mult < mult) + return (new_mult >= mult); + } + return 0; +} + + + +/* compute summarizable total for one checksum + * use db_sts.hash, db_sts.rcd2, and *rcd_st */ +static DCC_TGTS /* DCC_TGTS_INVALID=broken database */ +sum_total(DCC_CK_TYPES type, /* look for this */ + const DCC_SUM sum, + u_char must_have_it, + DB_STATE *rcd_st, /* starting here */ + const DB_RCD_CK *found_ck, + u_char *undelay_ok, /* 0=cannot undelay by clearing bit */ + DB_PTR *sum_oldest) +{ + DB_PTR prev; + DCC_TGTS rcd_tgts, sub_total; + int limit; + + if (!rcd_st) { + if (!get_ck_tgts(0, &found_ck, must_have_it, type, sum)) + return DCC_TGTS_INVALID; + if (!found_ck) + return 0; + rcd_st = &db_sts.rcd2; + } + + if (sum_oldest) + *sum_oldest = DB_PTR_MAX; + sub_total = 0; + for (limit = 10000; limit >= 0; --limit) { + /* stop adding reports at the first summary or + * compressed record in the hash chain */ + if (DB_RCD_SUMRY(rcd_st->d.r) + || DB_RCD_ID(rcd_st->d.r) == DCC_ID_COMP) + break; + + /* honor deletions */ + rcd_tgts = DB_TGTS_RCD(rcd_st->d.r); + if (rcd_tgts == 0) + break; + + /* We can only summarize our own delayed reports + * to keep loops in the flooding topology from + * inflating totals. */ + if (DB_RCD_DELAY(rcd_st->d.r) + && DB_RCD_ID(rcd_st->d.r) == my_srvr_id) { + if (sum_oldest) + *sum_oldest = rcd_st->s.rptr; + sub_total = db_sum_ck(sub_total, rcd_tgts, type); + /* if we summarize more than one record, + * then we cannot simply convert the record */ + if (undelay_ok + && db_sts.sumrcd.s.rptr != rcd_st->s.rptr) + *undelay_ok = 0; + } + prev = DB_PTR_EX(found_ck->prev); + if (prev == DB_PTR_NULL) + break; + rcd_st = &db_sts.rcd2; + found_ck = db_map_rcd_ck(dcc_emsg, rcd_st, prev, type); + if (!found_ck) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + } + + return sub_total; +} + + + +/* generate a summary record of checksum counts + * db_sts.sumrcd points to the record being summarize on entry + * On exit db_sts.sumrcd points to the same record or the original + * has been trashed and db_sts.sumrcd points to a moved copy. + * Use db_sts.rcd, db_sts.hash, db_sts.rcd2, db_sts.free, db_sts.tmp */ +static u_char /* 0=sick db, 1=ok, 2=moved rcd */ +summarize_rcd(u_char dly) /* 1=working on delayed records */ +{ + DB_RCD new; + DCC_TGTS rcd_tgts, ck_tgts, new_tgts, sub_total; + DCC_CK_TYPES type; + DB_RCD_CK *cur_ck, *new_ck; + int cur_num_cks; + u_char ck_needed; /* 0=junk cksum, 2=needed in new rcd */ + u_char rcd_needed; /* 1=have created rcd to add */ + u_char undelay_ok; /* 1=ok to remove delay bit */ + u_char move_ok; + DB_PTR sum_oldest; + DB_PTR rcd_pos; + + if (db_lock() < 0) + return 0; + + /* For each checksum whose flooding was delayed but is now needed, + * generate a fake record that will be flooded */ + cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); + cur_ck = db_sts.sumrcd.d.r->cks; + new_tgts = 0; + undelay_ok = (FLODS_OK() + && (DB_RCD_ID(db_sts.sumrcd.d.r) == my_srvr_id)); + move_ok = 1; + rcd_needed = 0; + new_ck = new.cks; + do { + /* Sum counts of all delayed reports for this checksum */ + type = DB_CK_TYPE(cur_ck); + if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) + continue; + + ck_needed = DB_CK_OBS(cur_ck) ? 0 : 1; + + /* skip trudging through the hash table to find the + * most recent instance of the checksum if we + * are dealing with a new record and so already + * have the most recent instance. */ + sub_total = sum_total(type, cur_ck->sum, 1, + !dly ? &db_sts.sumrcd : 0, + cur_ck, &undelay_ok, &sum_oldest); + if (sub_total == DCC_TGTS_INVALID) + return 0; + + /* Deletions and summaries between our record and the start + * of the hash chain remove the need to flood this checkusm */ + if (sub_total == 0) { + /* skipping a checksum in the original + * record makes it impossible to move it */ + move_ok = 0; + continue; + } + + if (ck_needed == 1) { + ck_tgts = DB_TGTS_CK(cur_ck); + if (dly) { + /* Flood only 1 summary per delay period */ + if ((flod_mmaps == 0 + || sum_oldest <= flod_mmaps->delay_pos) + && ck_tgts >= flod_tholds[type]) + ck_needed = 2; + } else { + /* We are considering the need for a summary + * based on a report just received from a client + * or by flooding */ + if (quick_sum_thold(type, sub_total, ck_tgts)) + ck_needed = 2; + } + } + + if (new_ck != new.cks) { + /* We have already begun a summary record. */ + + if (sub_total == new_tgts) { + /* extend it with this checksum even if we do + * not really need to flood this checksum */ + new_ck->type_fgs = type; + memcpy(new_ck->sum, cur_ck->sum, + sizeof(new_ck->sum)); + ++new.fgs_num_cks; + ++new_ck; + if (ck_needed == 2) + rcd_needed = 1; + continue; + } + /* We cannot extend the current summary record. */ + + /* If we don't really need the checksum, + * then forget the checksum. */ + if (ck_needed != 2) { + /* skipping a checksum in the original + * record makes it impossible to move */ + move_ok = 0; + continue; + } + + /* Add the current summary record to the database if + * it is needed. */ + if (rcd_needed) { + if (!db_add_rcd(dcc_emsg, &new)) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + } + /* start a new summary with this checksum. */ + rcd_needed = 0; + /* having added one summary record, + * we cannot undelay or move the original record */ + undelay_ok = 0; + } + + /* start a new summary record */ + new.srvr_id_auth = my_srvr_id; + get_ts(&new.ts); + new_tgts = sub_total; + DB_TGTS_RCD_SET(&new, new_tgts); + new.fgs_num_cks = DB_RCD_FG_SUMRY+1; + new_ck = new.cks; + new_ck->type_fgs = type; + memcpy(new_ck->sum, cur_ck->sum, sizeof(new_ck->sum)); + ++new_ck; + if (ck_needed == 2) + rcd_needed = 1; + } while (++cur_ck, --cur_num_cks > 0); + + /* finished if nothing more to summarize */ + if (!rcd_needed) { + return 1; + } + + /* Add the last summary record */ + if (undelay_ok) { + /* If possible, instead of adding a new record, + * change the preceding record to not be delayed + * That is possible if the preceding record has + * not yet been passed by the flooding */ + if (db_sts.sumrcd.s.rptr >= oflods_max_cur_pos + && oflods_max_cur_pos != 0) { + db_sts.sumrcd.d.r->fgs_num_cks &= ~DB_RCD_FG_DELAY; + SET_FLUSH_RCD_HDR(&db_sts.sumrcd, 1); + return 1; + } + + /* failing that, try to move the record by making a new copy + * and deleting the original */ + if (move_ok) { + /* make the new record */ + memcpy(&new, db_sts.sumrcd.d.r, DB_RCD_LEN(&new)); + new.fgs_num_cks &= ~DB_RCD_FG_DELAY; + + /* delete the old record */ + DB_TGTS_RCD_SET(db_sts.sumrcd.d.r, 0); + + /* adjust the totals in the old record so + * that the totals in the new record will be right */ + rcd_tgts = DB_TGTS_RCD(&new); + cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); + cur_ck = db_sts.sumrcd.d.r->cks; + do { + new_tgts = DB_TGTS_CK(cur_ck); + if (new_tgts >= DCC_TGTS_TOO_MANY) + continue; + if (new_tgts != 0) + new_tgts -= rcd_tgts; + DB_TGTS_CK_SET(cur_ck, new_tgts); + } while (++cur_ck, --cur_num_cks > 0); + SET_FLUSH_RCD_HDR(&db_sts.sumrcd, 1); + + rcd_pos = db_add_rcd(dcc_emsg, &new); + if (rcd_pos == DB_PTR_NULL) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + if (!db_map_rcd(dcc_emsg, &db_sts.sumrcd, rcd_pos, 0)) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + return 1; + } + } + + if (!db_add_rcd(dcc_emsg, &new)) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + + return 1; +} + + + +/* generate a delayed summary for checksums in a record if necessary + * The target record is specified by db_sts.sumrcd. It might be changed + * Use db_sts.hash and db_sts.rcd2 */ +u_char +summarize_dly(void) +{ + DCC_CK_TYPES type; + const DB_RCD_CK *cur_ck; + int cur_num_cks; + DCC_TGTS ck_tgts; + + /* look for a checksum that could be summarized */ + cur_num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); + cur_ck = db_sts.sumrcd.d.r->cks; + do { + type = DB_CK_TYPE(cur_ck); + if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) + continue; + + if (!get_ck_tgts(&ck_tgts, 0, 1, type, cur_ck->sum)) + return 0; + + /* nothing to do if the checksum has already been summarized */ + if (DB_RCD_SUMRY(db_sts.rcd2.d.r)) + continue; + + /* spam reports are ignored or not delayed */ + if (ck_tgts == DCC_TGTS_TOO_MANY) + continue; + + /* Generate a summary for a bulk checksum + * Records that are marked "delayed" are not flooded. + * If a summary record is not synthesized and if the delay + * marking not removed (instead of synthesizing a summary), + * then the counts for a checksum will not be flooded. */ + + if (ck_tgts >= flod_tholds[type]) + return summarize_rcd(1); + } while (++cur_ck, --cur_num_cks > 0); + + return 1; +} + + + +/* See if passing on a flooded report would be worthwhile. It is worthwhile + * to pass on reports of spam that have not been flooded recently + * and of checksums that not yet or just barely reached spam. + * + * db_sts.sumrcd points to the new record */ +static u_char /* 0=sick database */ +flod_worth(u_char *pflod, /* set =1 if report should be flooded */ + const DB_RCD_CK *ck, + DCC_CK_TYPES type) +{ + DCC_TS past; + DCC_TGTS total; + int limit; + DB_PTR prev; + + /* if the total with the new report is small, + * then we should flood it */ + total = DB_TGTS_CK(ck); + if (total < REFLOOD_THRESHOLD) { + /* but only if it is not trivial. + * our neighbors should not send trivial reports, + * but bugs happen */ + if (total >= BULK_THRESHOLD/2) + *pflod = 1; + return 1; + } + + /* Look for a recent report for this checksum that has been + * or will be flooded. If we find one, and if the total + * including it is large enough, we may not need to flood + * the incoming report. If the total is too small, we + * must flood the report. */ + dcc_timeval2ts(&past, &db_time, -summarize_delay_secs); + for (limit = 20; limit >= 0; --limit) { + prev = DB_PTR_EX(ck->prev); + if (prev == DB_PTR_NULL) + break; + ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd2, prev, type); + if (!ck) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + + /* if the previous total was small, + * then we must flood the new report */ + total = DB_TGTS_CK(ck); + if (total < REFLOOD_THRESHOLD*4) { + *pflod = 1; + return 1; + } + + /* The old total is large. + * If this found old report is not very old and good, + * we will flood it and so the newest needed not be flooded + * and can be marked obsolete. */ + if (!DB_CK_OBS(ck) + && dcc_ts_newer_ts(&db_sts.rcd2.d.r->ts, &past)) + return 1; + } + + /* flood this one if we can't find a recent preceding report */ + *pflod = 1; + return 1; +} + + + +/* Add a record and deal with delaying its flooding. + * We will delay flooding it if its totals are not interesting. + * db_sts.sumrcd points to the new record on exit + * Use db_sts.rcd, db_sts.hash, db_sts.rcd2, db_sts.free, db_sts.tmp + * the database must be locked */ +u_char /* 1=ok, delayed or not, 0=failure */ +add_dly_rcd(DB_RCD *new_rcd, u_char flod_in) +{ + DB_PTR rcd_pos; + int num_cks; + DB_RCD_CK *new_ck; + DCC_CK_TYPES type; + DCC_TGTS rpt_tgts, ck_tgts; + u_char flod_out; /* 0=flooded in but not worth flooding out */ + u_char useful = 0; /* 1=worth delaying */ + u_char summarize = 0; + + /* put the record in the database */ + rcd_pos = db_add_rcd(dcc_emsg, new_rcd); + if (rcd_pos == DB_PTR_NULL) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + if (!db_map_rcd(dcc_emsg, &db_sts.sumrcd, rcd_pos, 0)) { + DB_ERROR_MSG(dcc_emsg); + return 0; + } + + /* delete requests should not be delayed */ + rpt_tgts = DB_TGTS_RCD_RAW(db_sts.sumrcd.d.r); + if (rpt_tgts == DCC_TGTS_DEL) + return 1; + + /* we always consider flooding our own reports + * and the greylist thresholds are zilch */ + flod_out = !flod_in || grey_on; + + for (num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r), + new_ck = db_sts.sumrcd.d.r->cks; + num_cks > 0; + ++new_ck, --num_cks) { + /* ingore already obsolete reports of spam */ + if (DB_CK_OBS(new_ck)) + continue; + /* ignore checksums we won't keep and so won't be flooded */ + type = DB_CK_TYPE(new_ck); + if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) + continue; + + /* Server-ID declarations cannot be summarized and should + * not be delayed. */ + if (type == DCC_CK_SRVR_ID) { + flod_out = 1; + break; + } + + ck_tgts = DB_TGTS_CK(new_ck); + if (ck_tgts == DCC_TGTS_TOO_MANY) { + /* This checksum has a total of TOO_MANY and so + * either the report has a target count of TOO_MANY + * or is a report of a checksum already known to + * be spam. Since this report of this checksum + * was not marked obsolete as it was linked into the + * database, it should not be delayed. */ + if (rpt_tgts == DCC_TGTS_TOO_MANY) { + /* if the report is of spam, then all of its + * individual checksum totals will be + * DCC_TGTS_TOO_MANY. The checksums will be + * obsolete, not kept, or the same as this. + * There will be no reputation checksums. */ + return 1; + } + /* it is worth sending on even if was not ours */ + flod_out = 1; + continue; + } + + /* This report has some potential value and should be delayed + * instead of forgotten */ + useful = 1; + + /* Summarize our records for the checksums in this record + * if we just passed the threshold for one checksum. */ + if (!summarize + && quick_sum_thold(type, rpt_tgts, ck_tgts)) + summarize = 1; + + /* If this is an incoming flooded checksum, + * then pass it on if it is novel (has a low total) + * or if we have not passed it on recently. */ + if (!flod_out + && !flod_worth(&flod_out, new_ck, type)) + return 0; /* broken database */ + } + + /* Reports that are reports of spam or "trimmed" or "obsolete" + * noise should not be summarized or marked to be delayed. + * They will be flooded or skipped by the flooder */ + if (!useful) + return 1; + + if (!flod_in) { + /* Delay and sooner or later summarize our own + * reports of non-spam */ + db_sts.sumrcd.d.r->fgs_num_cks |= DB_RCD_FG_DELAY; + + } else if (!flod_out) { + /* We are dealing with a report flooded in from another + * server that is not (yet?) worth flooding out. + * We can't delay it, because we can't delay reports from + * other servers, because we cannot summarize them. + * Summarizing other servers' reports would allow + * loops in the flooding topology to inflate the totals. + * So mark it to be expired but not delayed. */ + for (num_cks = DB_NUM_CKS(db_sts.sumrcd.d.r), + new_ck = db_sts.sumrcd.d.r->cks; + num_cks > 0; + ++new_ck, --num_cks) { + new_ck->type_fgs |= DB_CK_FG_OBS; + } + } + + /* If this record pushed us past a threshold for at least one + * checksum, then try to generate a summary of our own previously + * delayed reports even if this record was not our own. */ + if (summarize + && !summarize_rcd(0)) + return 0; + + return 1; +} + + + +/* the database must be locked */ +static u_char +add_del(const DCC_CK *del_ck) +{ + DB_RCD del_rcd; + + memset(&del_rcd, 0, sizeof(del_rcd)); + get_ts(&del_rcd.ts); + DB_TGTS_RCD_SET(&del_rcd, DCC_TGTS_DEL); + del_rcd.srvr_id_auth = my_srvr_id; + del_rcd.fgs_num_cks = 1; + del_rcd.cks[0].type_fgs = del_ck->type; + memcpy(del_rcd.cks[0].sum, del_ck->sum, sizeof(del_rcd.cks[0].sum)); + if (!db_add_rcd(dcc_emsg, &del_rcd)) { + DB_ERROR_MSG2("add delete", dcc_emsg); + return 0; + } + + return 1; +} + + + +static const DCC_CK * +start_work(QUEUE *q) +{ + const DCC_CK *ck, *ck_lim; + DCC_CK_TYPES type, prev_type; + int num_cks; + + num_cks = q->pkt_len - (sizeof(q->pkt.r) - sizeof(q->pkt.r.cks)); + if (num_cks < 0 + || num_cks > ISZ(q->pkt.r.cks) + || num_cks % sizeof(DCC_CK) != 0) { + forget_error(q, "packet length %d wrong for %s", + q->pkt_len, from_id_ip(q, 1)); + return 0; + } + num_cks /= sizeof(DCC_CK); + + /* send previous answer if this is a retransmission */ + if (ridc_get(q)) { + repeat_resp(q); + return 0; + } + + if (db_failed_line) /* be silent while database bad */ + return 0; + + ck = q->pkt.r.cks; + ck_lim = &q->pkt.r.cks[num_cks]; + + /* check each checksum */ + for (prev_type = DCC_CK_INVALID; ck < ck_lim; ++ck, prev_type = type) { + if (ck->len != sizeof(*ck)) { + forget_error(q, "unknown checksum length %d%s", + ck->len, from_id_ip(q, 0)); + return 0; + } + /* requiring that the checksums be ordered makes it easy + * to check for duplicates and for bogus long packets */ + type = ck->type; + if (!DCC_CK_OK_DCC_CLNT(grey_on, type)) { + forget_error(q, "unknown checksum %s%s", + DB_TYPE2STR(type), from_id_ip(q, 0)); + return 0; + } + if (prev_type >= type) { + forget_error(q, "out of order %s checksum%s", + DB_TYPE2STR(ck->type), from_id_ip(q, 0)); + return 0; + } + } + + if (db_lock() < 0) { + NORESP_EMSG(q); + return 0; + } + + return ck_lim; +} + + + +/* send the response and release q */ +static void +fin_work(const QUEUE *q, DCC_HDR *answer) +{ + int delay_us; + + /* send the response */ + answer->op = DCC_OP_ANSWER; + send_resp(q, answer, 0); + + /* update the average queue delay, unless it is crazy */ + gettimeofday(&db_time, 0); + delay_us = tv_diff2us(&db_time, &q->answer); + if (delay_us < 0) + return; + + update_q_delay(); + q_delays[0].us += delay_us; + ++q_delays[0].ops; +} + + + +/* use only db_sts.hash and db_sts.rcd2 + * release q on failure */ +static u_char +make_answer(QUEUE *q, + const DCC_CK *ck_lim, + u_char have_rcd, /* db_sts.sumrcd.d.r is new record */ + DCC_ANSWER *answer, + DCC_TGTS gross_tgts, /* total for this report, maybe MANY */ + DCC_TGTS* max_tgts) /* statistics */ +{ + const DCC_CK *ck; + DCC_TGTS c_tgts; /* current count with this report */ + DCC_TGTS p_tgts; /* count before this report */ + DCC_ANSWER_BODY_CKS *b; + DCC_CK_TYPES type; + const DB_RCD_CK *rcd_ck, *prev_rcd_ck; + int num_rcd_cks; + DB_PTR prev; + *max_tgts = 0; + + if (have_rcd) { + rcd_ck = db_sts.sumrcd.d.r->cks; + num_rcd_cks = DB_NUM_CKS(db_sts.sumrcd.d.r); + } else { + num_rcd_cks = 0; + rcd_ck = 0; + } + b = answer->b; + for (ck = q->pkt.r.cks; ck < ck_lim; ++ck) { + type = ck->type; + if (num_rcd_cks > 0 + && type == DB_CK_TYPE(rcd_ck)) { + /* try to copy answer from report's new record */ + c_tgts = DB_TGTS_CK(rcd_ck); + if (c_tgts < DCC_TGTS_TOO_MANY) { + p_tgts = c_tgts - gross_tgts; + } else if (prev = DB_PTR_EX(rcd_ck->prev), + prev == DB_PTR_NULL) { + p_tgts = 0; + } else { + prev_rcd_ck = db_map_rcd_ck(dcc_emsg, + &db_sts.rcd2, + prev, type); + if (!prev_rcd_ck) { + DB_ERROR_MSG(dcc_emsg); + RIDC_BAD(q); + return 0; + } + p_tgts = DB_TGTS_CK(prev_rcd_ck); + } + --num_rcd_cks; + ++rcd_ck; + + } else { + if (!get_ck_tgts(&p_tgts, 0, 0, type, ck->sum)) { + NORESP_EMSG(q); + return 0; + } + if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) { + /* uninteresting checksums have no value + * unless they are whitelisted */ + c_tgts = p_tgts; + if (p_tgts == 0) + p_tgts = DCC_TGTS_INVALID; + } else { + c_tgts = db_sum_ck(p_tgts, gross_tgts, type); + } + } + + b->c = htonl(c_tgts); + b->p = htonl(p_tgts); +#ifdef DCC_PKT_VERSION5 + if (q->pkt.hdr.pkt_vers <= DCC_PKT_VERSION5) + b = (DCC_ANSWER_BODY_CKS *)&b->p; + else +#endif + ++b; + + if (*max_tgts < c_tgts + && c_tgts <= DCC_TGTS_OK2) { + *max_tgts = c_tgts; + /* Complain about failures to whitelist by + * trusted clients. The main use of this is + * to detect whitelisting failures of IP addresses + * such as 127.0.0.1 for reputations, and those + * matter only for known clients. */ + if ((p_tgts >= DCC_TGTS_OK) + && !(q->flags & Q_FG_UNTRUSTED)) + TMSG4(WLIST, "%s whitelisted %s %s%s", + qop2str(q), + DB_TYPE2STR(type), + dcc_ck2str_err(type, ck->sum, 0), + from_id_ip(q, 0)); + } + } + answer->hdr.len = (sizeof(*answer) - sizeof(answer->b) + + ((char *)b - (char *)answer->b)); + return 1; +} + + + +/* release q on failure + * the database must be locked */ +static u_char +do_report(QUEUE *q, + DCC_TGTS tgts0, const DCC_CK *ck_lim, + DCC_ANSWER *answer, + DCC_TGTS *max_tgts) +{ + const DCC_CK *ck; + DCC_TGTS tgts; + DCC_TGTS gross_tgts; /* DCC_TGTS_TOO_MANY if spam */ + DB_PTR rcd_pos; + DB_RCD new; + DB_RCD_CK *new_ck; + DCC_CK_TYPES type; + char tgts_buf[DCC_XHDR_MAX_TGTS_LEN]; + + tgts = tgts0; + if (tgts & (DCC_TGTS_SPAM | DCC_TGTS_REP_SPAM)) { + tgts &= DCC_TGTS_MASK; + if (tgts == 0) + tgts = 1; + gross_tgts = DCC_TGTS_TOO_MANY; + } else if (tgts == DCC_TGTS_TOO_MANY) { + tgts = 1; + gross_tgts = DCC_TGTS_TOO_MANY; + } else if (tgts > DCC_TGTS_RPT_MAX) { + forget_error(q, "bogus target count %s%s", + dcc_tgts2str(tgts_buf, sizeof(tgts_buf), + tgts, grey_on), + from_id_ip(q, 0)); + return 0; + } else { + gross_tgts = tgts; + } + + if (gross_tgts < 10) { + ; + } else if (gross_tgts == DCC_TGTS_TOO_MANY) { + ++dccd_stats.reportmany; + } else if (gross_tgts > 1000) { + ++dccd_stats.report1000; + } else if (gross_tgts > 100) { + ++dccd_stats.report100; + } else if (gross_tgts > 10) { + ++dccd_stats.report10; + } + + /* Get ready to add the report to the database, + * and as a side effect, find the data to answer the query. + * Start by creating the record to add to the database. */ + get_ts(&new.ts); + new.srvr_id_auth = my_srvr_id; + DB_TGTS_RCD_SET(&new, gross_tgts); + + /* copy checksums to the new record */ + new.fgs_num_cks = 0; + new_ck = new.cks; + for (ck = q->pkt.r.cks; ck < ck_lim; ++ck) { + type = ck->type; + if (DB_TEST_NOKEEP(db_parms.nokeep_cks, type)) + continue; + memcpy(new_ck->sum, ck->sum, sizeof(new_ck->sum)); + new_ck->type_fgs = type; + ++new_ck; + ++new.fgs_num_cks; + } + + if (!(q->flags & Q_FG_RPT_OK)) { + /* finished if this is a query */ + return make_answer(q, ck_lim, 0, answer, gross_tgts, + max_tgts); + } + + if (new.fgs_num_cks == 0) { + rcd_pos = DB_PTR_NULL; + } else { + /* Add the record to the database. + * That will update the totals for each checksum */ + if (!add_dly_rcd(&new, 0)) { + NORESP_EMSG(q); + return 0; + } + rcd_pos = db_sts.sumrcd.s.rptr; + } + + /* generate the response, perhaps from the new record */ + return make_answer(q, ck_lim, rcd_pos!=DB_PTR_NULL, answer, gross_tgts, + max_tgts); +} + + + +/* process a single real request */ +void +do_work(QUEUE *q) +{ + const DCC_CK *ck_lim; + DCC_ANSWER answer; + DCC_TGTS max_tgts, tgts; + + ck_lim = start_work(q); + if (!ck_lim) + return; + + tgts = 0; + switch (q->pkt.hdr.op) { + case DCC_OP_QUERY: + ++dccd_stats.queries; + q->flags &= ~Q_FG_RPT_OK; + break; + + case DCC_OP_REPORT: + if (!(q->flags & Q_FG_RPT_OK)) { + ++dccd_stats.report_reject; + clnt_msg(q, "treat %s as query", from_id_ip(q, 1)); + ++dccd_stats.queries; + } else { + tgts = ntohl(q->pkt.r.tgts); + ++dccd_stats.reports; + } + break; + + case DCC_OP_INVALID: + case DCC_OP_NOP: + case DCC_OP_ANSWER: + case DCC_OP_ADMN: + case DCC_OP_OK: + case DCC_OP_ERROR: + case DCC_OP_DELETE: + case DCC_OP_GREY_REPORT: + case DCC_OP_GREY_QUERY: + case DCC_OP_GREY_SPAM: + case DCC_OP_GREY_WHITE: + dcc_logbad(EX_SOFTWARE, "impossible queued operation"); + break; + } + + if (!do_report(q, tgts, ck_lim, &answer, + &max_tgts)) { + /* ensure that the clock ticks so rate limits don't stick */ + gettimeofday(&db_time, 0); + } else { + /* notice the size of our answer */ + if (max_tgts == DCC_TGTS_OK || max_tgts == DCC_TGTS_OK2) { + ++dccd_stats.respwhite; + } else if (max_tgts == DCC_TGTS_TOO_MANY) { + ++dccd_stats.respmany; + } else if (max_tgts > 1000) { + ++dccd_stats.resp1000; + } else if (max_tgts > 100) { + ++dccd_stats.resp100; + } else if (max_tgts > 10) { + ++dccd_stats.resp10; + } + + fin_work(q, &answer.hdr); + } +} + + + +/* return 0 for a new embargo, + * embargo count for an existing embargo, + * DCC_TGTS_TOO_MANY no embargo + * DCC_TGTS_OK a newly expired embargo + * DCC_TGTS_INVALID broken database */ +static DCC_TGTS +search_grey(const DCC_CK *req_ck3, /* triple checksum */ + const DCC_CK *req_ckb, /* body seen with it */ + u_char body_known) +{ + DB_RCD_CK *ck3, *ckb; + DB_PTR prev3; + DCC_TS old_ts; + DCC_TGTS result_tgts; + int i; + + /* look for the triple checksum */ + switch (db_lookup(dcc_emsg, DCC_CK_GREY3, req_ck3->sum, + 0, MAX_HASH_ENTRIES, + &db_sts.hash, &db_sts.rcd, &ck3)) { + case DB_FOUND_EMPTY: + case DB_FOUND_CHAIN: + case DB_FOUND_INTRUDER: + return 0; + + case DB_FOUND_IT: + /* We found the triple checksum. + * If it is marked ok (MANY) or deleted, + * then we have our answer */ + result_tgts = DB_TGTS_CK(ck3); + if (result_tgts == DCC_TGTS_TOO_MANY || result_tgts == 0) + return result_tgts; + + /* Otherwise look for a report of the triple with + * the right body checksum that is old enough. */ + result_tgts = 0; + dcc_timeval2ts(&old_ts, &db_time, -grey_embargo); + for (;;) { + ckb = db_sts.rcd.d.r->cks; + for (i = DB_NUM_CKS(db_sts.rcd.d.r); + i > 0; + --i, ++ckb) { + /* try the next report in the database + * if it has the wrong body checksum + * + * If we are weak on bodies, + * act as if all reports of the triple checksums + * are with the right body checksum. */ + if (!grey_weak_body && req_ckb) { + if (DB_CK_TYPE(ckb) != DCC_CK_BODY) + continue; + if (memcmp(req_ckb->sum, ckb->sum, + sizeof(DCC_SUM))) + break; + } + + /* We found the right body checksum in + * chain of the triple checksum + * or we don't care. + * + * If the report is old enough, then + * the embargo is over. */ + if (dcc_ts_newer_ts(&old_ts, + &db_sts.rcd.d.r->ts)) + return DCC_TGTS_OK; + + /* If it is not old enough, + * then we know this is not a new embargo for + * this body (i.e. the reported target count + * will be >0) and we must keep looking for an + * old enough report with the body checksum. */ + ++result_tgts; + break; + } + + /* If we know the body checksum is not in the database, + * then there is no profit in looking at other reports + * of the triple checksum to try to find an old enough + * report that is with the right body checksum. + * We know this is a new embargo. */ + if (!body_known) + return 0; + + /* If we reach the end of the chain of the + * triple checksum without finding an old + * enough report for the right body, + * then the embargo is not over. */ + prev3 = DB_PTR_EX(ck3->prev); + if (prev3 == DB_PTR_NULL) + return result_tgts; + + /* examine the timestamp of the preceding report + * of the triple */ + ck3 = db_map_rcd_ck(dcc_emsg, &db_sts.rcd, + prev3, DCC_CK_GREY3); + if (!ck3) + return DCC_TGTS_INVALID; + } + break; + + case DB_FOUND_LATER: + case DB_FOUND_SYSERR: + DB_ERROR_MSG(dcc_emsg); + return DCC_TGTS_INVALID; + } + return DCC_TGTS_INVALID; +} + + + +void +do_grey(QUEUE *q) +{ + DCC_OPS op; + DB_RCD new; + const DCC_CK *req, *req_lim; + const DCC_CK *req_ck_ip, *req_ck_triple, *req_ck_msg, *req_ck_body; + u_char body_known; + DB_RCD_CK *new_ck, *found_ck; + DCC_GREY_ANSWER resp; + DCC_TGTS tgts; + DCC_TGTS ip_tgts; /* existing count for DCC_CK_IP */ + DCC_TGTS triple_tgts; /* " count for GREY_TRIPLE */ + DCC_TGTS msg_tgts; /* " count for GREY_MSG */ + DCC_TGTS eff_msg_tgts; /* effective value: 0=reported to DCC */ + DCC_TGTS new_msg_tgts; /* value after this */ + DCC_TGTS result_tgts; /* no embargo, ending, whitelist or # */ + + TMSG1(QUERY, "received %s", op_id_ip(q)); + if (!ck_clnt_id(q)) + return; + if (q->flags & Q_FG_UNTRUSTED) { + anon_msg("drop %s", from_id_ip(q, 1)); + return; + } + + /* an embargo of 0 seconds means we should only collect names */ + op = q->pkt.hdr.op; + if (op == DCC_OP_GREY_REPORT && grey_embargo == 0) + op = DCC_OP_GREY_WHITE; + + req_lim = start_work(q); + if (!req_lim) + return; + + /* Require + * the body checksum, + * the checksum of the (body,sender,target), + * and the checksum of the (source,sender,target) triple. + * Allow other checksums for whitelisting. */ + ip_tgts = 0; + body_known = grey_weak_body; + req_ck_ip = 0; + req_ck_body = 0; + req_ck_triple = 0; + req_ck_msg = 0; + msg_tgts = eff_msg_tgts = 0; + for (req = q->pkt.r.cks; req < req_lim; ++req) { + /* Note our main checksums of the greylist triple and + * the message body. Search the database for it later */ + if (DCC_CK_IS_GREY_TRIPLE(1, req->type)) { + req_ck_triple = req; + continue; + } + + if (!DCC_CK_OK_GREY_CLNT(req->type)) + continue; /* ignore unknown checksums */ + switch (req->type) { + case DCC_CK_IP: + req_ck_ip = req; + break; + case DCC_CK_BODY: + req_ck_body = req; + break; + case DCC_CK_GREY_MSG: + req_ck_msg = req; + break; + } + /* check for whitelisting and whether this is a new embargo */ + switch (db_lookup(dcc_emsg, req->type, req->sum, + 0, MAX_HASH_ENTRIES, + &db_sts.hash, &db_sts.rcd, &found_ck)) { + case DB_FOUND_LATER: + case DB_FOUND_SYSERR: + DB_ERROR_MSG(dcc_emsg); + RIDC_BAD(q); + return; + case DB_FOUND_IT: + /* ignore deleted checksums */ + tgts = DB_TGTS_CK(found_ck); + if (tgts == 0) + continue; + + /* honor whitelisting */ + if (tgts == DCC_TGTS_GREY_WHITE + && op != DCC_OP_GREY_WHITE) { + op = DCC_OP_GREY_WHITE; + ++dccd_stats.respwhite; + } + + switch (req->type) { + case DCC_CK_BODY: + /* notice if the target body exists at all */ + body_known = 1; + break; + case DCC_CK_GREY_MSG: + msg_tgts = tgts; + if (msg_tgts != DCC_TGTS_TOO_MANY) { + /* this is an old embargo that has + * already been reported by the client + * to a normal DCC server */ + eff_msg_tgts = 1; + } + break; + case DCC_CK_IP: + ip_tgts = tgts; + break; + default: + break; + } + break; + case DB_FOUND_EMPTY: + case DB_FOUND_CHAIN: + case DB_FOUND_INTRUDER: + break; + } + } + if (!req_ck_triple) { + send_error(q, "missing %s checksum for %s", + DB_TYPE2STR(DCC_CK_GREY3), qop2str(q)); + return; + } + if (op == DCC_OP_GREY_REPORT && !grey_weak_body) { + if (!req_ck_body) { + send_error(q, "missing body checksum for %s", + qop2str(q)); + return; + } + if (!req_ck_msg) { + send_error(q, "missing %s checksum for %s", + DB_TYPE2STR(DCC_CK_GREY_MSG), qop2str(q)); + return; + } + } + + /* decide if the embargo should end */ + triple_tgts = search_grey(req_ck_triple, req_ck_body, body_known); + if (triple_tgts == DCC_TGTS_INVALID) { + NORESP_EMSG(q); /* broken database */ + return; + } + /* End existing embargo on a newly whitelisted sender so its + * messages are logged. + * Quietly prevent future embargos of whitelisted senders that have + * not been greylisted. + * Honor grey_weak_ip whitelisting even after it is turned off */ + if (triple_tgts >= DCC_TGTS_TOO_MANY) { + result_tgts = triple_tgts; + } else if (op == DCC_OP_GREY_WHITE) { + result_tgts = eff_msg_tgts ? DCC_TGTS_OK : DCC_TGTS_TOO_MANY; + } else if (ip_tgts == DCC_TGTS_TOO_MANY) { + result_tgts = DCC_TGTS_TOO_MANY; + } else { + result_tgts = triple_tgts; + } + + if (op == DCC_OP_GREY_QUERY) { + ++dccd_stats.queries; + + } else if (!(q->flags & Q_FG_RPT_OK)) { + ++dccd_stats.report_reject; + clnt_msg(q, "treat %s as query", from_id_ip(q, 1)); + ++dccd_stats.queries; + + } else { + /* add a report for this message */ + ++dccd_stats.reports; + new.srvr_id_auth = my_srvr_id; + new_ck = new.cks; + new.fgs_num_cks = 0; + if (result_tgts < DCC_TGTS_TOO_MANY) { + if (req_ck_body) { + new_ck->type_fgs = DCC_CK_BODY; + memcpy(new_ck->sum, req_ck_body->sum, + sizeof(new_ck->sum)); + ++new.fgs_num_cks; + ++new_ck; + } + new_msg_tgts = 1; + DB_TGTS_RCD_SET(&new, 1); + } else { + /* embargo now ending (DCC_TGTS_TOO_OK) + * or no embargo (DCC_TGTS_TOO_MANY) */ + if (grey_weak_ip && req_ck_ip) { + new_ck->type_fgs = DCC_CK_IP; + memcpy(new_ck->sum, req_ck_ip->sum, + sizeof(new_ck->sum)); + ++new.fgs_num_cks; + ++new_ck; + } + new_msg_tgts = 0; + DB_TGTS_RCD_SET(&new, DCC_TGTS_TOO_MANY); + } + + /* Include the GREY_MSG checksum in the database + * record for a new embargo. + * The message checksum lets an SMTP server report an + * embargoed message to the DCC before the embargo is over, + * but not report it more than once even if more than one + * SMTP client retransmits the message. + * + * If the GREY_MSG checksum does not exist in the + * database, then tell the DCC client the message is new + * and should be reported to the DCC server. We must put the + * the _GREY_MSG into the database so we will recognize + * the message as not new when it is retransmitted. + * + * If the GREY_MSG checksum exists and is not MANY, + * then we may have a retransmission of the message + * from another IP address. + * We need to tell the DCC client to not report to the + * DCC server. The new value for the CK_GREY_MSG checksum + * should be whatever we are using for the triple checksum. + * + * If the existing count for the GREY_MSG checksum is + * MANY, and the new value for triple checksum is not MANY, + * then we have a new copy of the message and a new embargo. + * We have a spammer with multiple senders instead of a + * legitimate multihomed SMTP client. We need to tell the + * DCC client to report to the DCC server. To remember + * that we told the DCC client to report to the DCC server, + * we must first delete the existing MANY report of the + * GREY_MSG checksum. */ + if (eff_msg_tgts != new_msg_tgts + && req_ck_msg) { + if (msg_tgts == DCC_TGTS_TOO_MANY + && !add_del(req_ck_msg)) { + NORESP_EMSG(q); + return; + } + new_ck->type_fgs = DCC_CK_GREY_MSG; + memcpy(new_ck->sum, req_ck_msg->sum, + sizeof(new_ck->sum)); + ++new.fgs_num_cks; + ++new_ck; + } + + /* Add the triple checksum if we are not whitelisting + * by the IP address + * or triple checksum is not new. + * We do not want to leave any dangling triples in the + * database */ + if (!(grey_weak_ip && req_ck_ip) + || result_tgts != DCC_TGTS_TOO_MANY) { + new_ck->type_fgs = DCC_CK_GREY3; + memcpy(new_ck->sum, req_ck_triple->sum, + sizeof(new_ck->sum)); + ++new.fgs_num_cks; + } + + get_ts(&new.ts); + if (!db_add_rcd(dcc_emsg, &new)) { + DB_ERROR_MSG(dcc_emsg); + RIDC_BAD(q); + return; + } + } + + /* In the result sent to the DCC client, + * the triple checksum is preceeded by the message checksum + * with a count of 0 if this is a new embargo. + * Targets of messages of new embargos should be counted among + * total targets in reports sent to DCC servers. After they + * have been included in such an early report to a DCC server, + * they should never be included again, except for bad reputations. */ + resp.msg = htonl(eff_msg_tgts); + + /* Answer SMTP DATA command greylist operations with the target + * count of the triple checksum: + * DCC_TGTS_OK if the embargo is just now being removed + * DCC_TGTS_TOO_MANY if there is no current embargo + * DCC_TGTS_GREY_WHITE if whitelisted. + * embargo # otherwise */ + resp.triple = htonl(result_tgts); + resp.hdr.len = sizeof(resp); + + fin_work(q, &resp.hdr); +} + + + +static time_t +picky_time(const QUEUE *q) +{ + time_t ts, delta; + + /* If the request arrived while we were asleep, then the client's + * timestamp ought to be smaller than when select() finished and + * we think the request arrived. */ + ts = ntohl(q->pkt.d.date); + delta = ts - q->answer.tv_sec; + if (delta <= 0) + return delta; + + /* If the request arrived while we were handling some other request, + * then its timestamp can be larger than the select() wake-up time + * but should not be in the future. */ + delta = ts - db_time.tv_sec; + if (delta < 0) + delta = 0; + return delta; +} + + + +static u_char /* 0=refuse the bad guy, 1=continue */ +picky_admn(const QUEUE *q, u_char any_id, u_char any_time) +{ + time_t delta; + + if ((q->flags & Q_FG_UNTRUSTED) + || (q->clnt_id != my_srvr_id && !any_id)) { + forget_error(q, "drop %s", from_id_ip(q, 1)); + return 0; + } + + if (any_id && any_time) + return 1; + + /* Demand a current timestamp to guard against replay attacks. + * This requires that administrators have clocks close to servers', + * and that network and server delays be reasonable. */ + delta = picky_time(q); + if (delta < -MAX_CMD_CLOCK_SKEW || delta > MAX_CMD_CLOCK_SKEW) { + send_error(q, "drop %s; timestamp off by %d seconds", + qop2str(q), (int)delta); + return 0; + } + + return 1; +} + + + +/* the database must be locked */ +static u_char /* 1=ok, 0=error sent to client */ +delete_sub(QUEUE *q, DCC_CK *del_ck, + u_char grey_spam) +{ + DB_RCD_CK *rcd_ck; + char buf[80]; + DB_PTR prev; + DCC_TGTS tgts; + + buf[0] = '\0'; + switch (db_lookup(dcc_emsg, del_ck->type, del_ck->sum, + 0, MAX_HASH_ENTRIES, + &db_sts.hash, &db_sts.rcd, &rcd_ck)) { + case DB_FOUND_EMPTY: + case DB_FOUND_CHAIN: + case DB_FOUND_INTRUDER: + /* finished if we have not greylisted the spammer */ + if (grey_spam) + return 1; + + /* ordinary deletions need a delete request added + * to the database and flooded */ + snprintf(buf, sizeof(buf), "\"%s %s\" not found to delete", + DB_TYPE2STR(del_ck->type), + dcc_ck2str_err(del_ck->type, del_ck->sum, 0)); + + if (del_ck->type == DCC_CK_SRVR_ID) { + send_error(q, "%s", buf); + return 0; + } + break; + + case DB_FOUND_IT: + tgts = DB_TGTS_CK(rcd_ck); + /* handle an ordinary delete request */ + if (!grey_spam) { + if (tgts == 0) + snprintf(buf, sizeof(buf), + "%s %s already deleted", + DB_TYPE2STR(del_ck->type), + dcc_ck2str_err(del_ck->type, + del_ck->sum, 0)); + break; + } + /* We are deleting a greylist checksum. + * If we are deleting very new greylist records, + * we can cheat and avoid adding to the database + * by scribbling over the records. + * If there is an older record that might have been flooded, + * we must add a delete request to the database + * that will itself be flooded. */ + for (;;) { + /* finished if the target has already been deleted */ + if (tgts == 0) + return 1; + if (db_sts.rcd.s.rptr < oflods_max_cur_pos + || oflods_max_cur_pos == 0) { + /* We need to add a delete request, because + * the record might have been flooded */ + break; + } + prev = DB_PTR_EX(rcd_ck->prev); + /* try to delete the entire greylist entry + * starting with the target triple checksum */ + do { + /* only if the embargo is not over */ + if (DB_TGTS_CK(rcd_ck) >= DCC_TGTS_TOO_MANY) + goto need_rcd; + DB_TGTS_CK_SET(rcd_ck, 0); + } while (--rcd_ck >= db_sts.rcd.d.r->cks); + DB_TGTS_RCD_SET(db_sts.rcd.d.r, 0); + SET_FLUSH_RCD_HDR(&db_sts.rcd, 1); + + /* stop after the last record */ + if (prev == DB_PTR_NULL) + return 1; + + rcd_ck = db_map_rcd_ck(dcc_emsg, &db_sts.rcd, + prev, del_ck->type); + if (!rcd_ck) { + NORESP_EMSG(q); + return 0; + } + tgts = DB_TGTS_CK(rcd_ck); + } +need_rcd:; + break; + + case DB_FOUND_LATER: + case DB_FOUND_SYSERR: + DB_ERROR_MSG(dcc_emsg); + RIDC_BAD(q); + return 0; + } + + /* Add the delete request to the database even if the + * checksum seems deleted or absent so that we will + * flood the delete request. This is required to ensure that + * records get deleted when they are created at one DCC server + * and deleted at another. */ + if (!add_del(del_ck)) + BUFCPY(buf, dcc_emsg); + + if (buf[0] != '\0') { + send_error(q, "%s", buf); + return 0; + } + + TMSG3(ADMN, "deleted %s %s%s", + DB_TYPE2STR(del_ck->type), + dcc_ck2str_err(del_ck->type, del_ck->sum, 0), + from_id_ip(q, 0)); + return 1; +} + + + +void +do_delete(QUEUE *q) +{ + if (!ck_clnt_srvr_id(q)) + return; + if (!picky_admn(q, 0, 0)) + return; + /* if we've already answered, then just repeat ourselves */ + if (ridc_get(q)) { + repeat_resp(q); + return; + } + + dcc_error_msg("received %s", op_id_ip(q)); + ++dccd_stats.admin; + + if (q->pkt_len != sizeof(q->pkt.d)) { + send_error(q, "wrong packet length %d for %s", + q->pkt_len, qop2str(q)); + return; + } + if (q->pkt.d.ck.len != sizeof(q->pkt.d.ck)) { + send_error(q, "unknown checksum length %d", q->pkt.d.ck.len); + return; + } + if (!DCC_CK_OK_DB(grey_on, q->pkt.d.ck.type)) { + send_error(q, "unknown checkksum type %d", q->pkt.d.ck.type); + return; + } + + if (db_lock() < 0) { + NORESP_EMSG(q); + return; + } + if (delete_sub(q, &q->pkt.d.ck, 0)) { + /* We need to clean the database after a deletion + * to correct the totals of other checksums. + * Don't bother for reputations or server-ID declarations. */ + if (!DCC_CK_IS_REP_CMN(grey_on, q->pkt.d.ck.type) + && q->pkt.d.ck.type != DCC_CK_SRVR_ID) + need_del_dbclean = "checksum deleted"; + + send_ok(q); + } +} + + + +/* restore the embargo against a sender of spam */ +void +do_grey_spam(QUEUE *q) +{ + TMSG1(QUERY, "received %s", op_id_ip(q)); + if (!ck_clnt_id(q)) + return; + if (q->flags & Q_FG_UNTRUSTED) { + anon_msg("drop %s", from_id_ip(q, 1)); + return; + } + + /* require the checksum of the (source,sender,target) triple */ + if (q->pkt_len != sizeof(q->pkt.gs)) { + send_error(q, "wrong packet length %d for %s", + q->pkt_len, qop2str(q)); + return; + } + if (q->pkt.gs.triple.type != DCC_CK_GREY3) { + send_error(q, "%s instead of %s for %s", + DB_TYPE2STR(q->pkt.gs.msg.type), + DB_TYPE2STR(DCC_CK_GREY3), + qop2str(q)); + return; + } + if (q->pkt.gs.triple.len != sizeof(q->pkt.gs.triple)) { + send_error(q, "unknown triple checksum length %d", + q->pkt.gs.ip.len); + return; + } + if (q->pkt.gs.msg.type != DCC_CK_GREY_MSG) { + send_error(q, "%s instead of %s for %s", + DB_TYPE2STR(q->pkt.gs.msg.type), + DB_TYPE2STR(DCC_CK_GREY_MSG), + qop2str(q)); + return; + } + if (q->pkt.gs.msg.len != sizeof(q->pkt.gs.msg)) { + send_error(q, "unknown msg checksum length %d", + q->pkt.gs.ip.len); + return; + } + if (q->pkt.gs.ip.type != DCC_CK_IP) { + send_error(q, "%s instead of %s for %s", + DB_TYPE2STR(q->pkt.gs.msg.type), + DB_TYPE2STR(DCC_CK_IP), + qop2str(q)); + return; + } + if (q->pkt.gs.ip.len != sizeof(q->pkt.gs.ip)) { + send_error(q, "unknown IP checksum length %d", + q->pkt.gs.ip.len); + return; + } + + if (db_lock() < 0) { + NORESP_EMSG(q); + return; + } + if (delete_sub(q, &q->pkt.gs.ip, 1) + && delete_sub(q, &q->pkt.gs.triple, 1) + && delete_sub(q, &q->pkt.gs.msg, 1)) + send_ok(q); +} + + + +static void +do_flod(QUEUE *q) +{ + DCC_ADMN_RESP check; + int print_len; + u_int32_t val, arg; + DCC_AOP_FLODS fop; + FLOD_MMAP *mp; + OFLOD_INFO *ofp; + u_char loaded, found_it; + + val = ntohl(q->pkt.ad.val1); + fop = val % 256; + arg = val / 256; + + if (fop != DCC_AOP_FLOD_LIST) { + if (!picky_admn(q, fop == DCC_AOP_FLOD_STATS, 0)) + return; + } + + switch (fop) { + case DCC_AOP_FLOD_CHECK: + /* `cdcc "flood check"` forces occasional defenses of + * our server-ID */ + if (host_id_next > db_time.tv_sec + 60) + host_id_next = db_time.tv_sec; + + next_flods_ck = 0; + if (0 >= check_load_ids(0)) { + dcc_error_msg("%s", dcc_emsg); + send_error(q, "%s", dcc_emsg); + return; + } + flod_stats_printf(check.val.string, sizeof(check.val.string), + (!FLODS_OK() || flods_st == FLODS_ST_OFF) + ? 0 + : (flods_st != FLODS_ST_ON) ? 1 + : 2, + oflods.total, oflods.open, iflods.open); + check.hdr.len = (strlen(check.val.string) + + sizeof(check)-sizeof(check.val)); + check.hdr.op = DCC_OP_ADMN; + send_resp(q, &check.hdr, 0); + flods_ck(1); + check_blacklist_file(); + return; + + case DCC_AOP_FLOD_SHUTDOWN: + if (ridc_get(q)) { + repeat_resp(q); + return; + } + ++flods_off; + flods_stop("shutdown flooding", 0); + send_ok(q); + return; + + case DCC_AOP_FLOD_HALT: + if (ridc_get(q)) { + repeat_resp(q); + return; + } + ++flods_off; + flods_stop("stop flooding", 1); + send_ok(q); + return; + + case DCC_AOP_FLOD_RESUME: + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (0 >= check_load_ids(0)) { + dcc_error_msg("%s", dcc_emsg); + send_error(q, "%s", dcc_emsg); + return; + } + if (flods_off) { + flods_off = 0; + flods_restart("resume flooding", 0); + } + send_ok(q); + flods_ck(0); + return; + + case DCC_AOP_FLOD_REWIND: + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (flod_mmaps) { + loaded = 0; + } else if (!load_flod(0)) { + send_error(q, "too busy to rewind floods"); + return; + } else { + loaded = 1; + } + found_it = (arg == DCC_ID_INVALID); + for (mp = flod_mmaps->mmaps; + mp <= LAST(flod_mmaps->mmaps); + ++mp) { + if (arg == DCC_ID_INVALID + || mp->rem_id == arg) { + mp->flags |= FLODMAP_FG_NEED_REWIND; + mp->flags &= ~FLODMAP_FG_FFWD_IN; + dcc_trace_msg("rewind flood from server-ID %d", + arg); + found_it = 1; + } + } + if (!found_it) { + send_error(q, "unknown server-ID %d for %s", + arg, qop2str(q)); + } else { + send_ok(q); + flods_ck(0); + } + if (loaded) + oflods_clear(); + return; + + case DCC_AOP_FLOD_LIST: + loaded = !flod_mmaps && load_flod(0); + if (flod_mmaps) { + print_len = flods_list(check.val.string, + sizeof(check.val.string), + (q->flags & Q_FG_UNTRUSTED)!=0); + } else { + /* it is not an error if map is locked, because + * dbclean uses this operation to see if we are + * listening */ + print_len = snprintf(check.val.string, + ISZ(check.val.string), + "too busy to list floods"); + if (print_len > ISZ(check.val.string)) + print_len = ISZ(check.val.string); + } + check.hdr.len = (print_len + + sizeof(check)-sizeof(check.val)); + check.hdr.op = DCC_OP_ADMN; + send_resp(q, &check.hdr, 0); + if (loaded) + oflods_clear(); + return; + + case DCC_AOP_FLOD_STATS: + case DCC_AOP_FLOD_STATS_CLEAR: + print_len = flod_stats(check.val.string, + sizeof(check.val.string), + arg, + fop == DCC_AOP_FLOD_STATS_CLEAR); + if (print_len < 0) { + send_error(q, "too busy to find flood stats"); + return; + } + check.hdr.len = print_len + sizeof(check)-sizeof(check.val); + check.hdr.op = DCC_OP_ADMN; + send_resp(q, &check.hdr, 0); + flods_ck(0); + return; + + case DCC_AOP_FLOD_FFWD_IN: + case DCC_AOP_FLOD_FFWD_OUT: + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (flod_mmaps) { + loaded = 0; + } else if (!load_flod(0)) { + send_error(q, "too busy to fast-forward floods"); + return; + } else { + loaded = 1; + } + ofp = oflods.infos; + for (;;) { + mp = ofp->mp; + if (mp->rem_id == arg) { + /* found the target */ + if (fop == DCC_AOP_FLOD_FFWD_OUT) { + ofp->cur_pos = db_csize; + if (ofp->soc < 0) + mp->confirm_pos = db_csize; + dcc_trace_msg("fast forward flood to" + " server-ID %d", + arg); + } else { + mp->flags |= FLODMAP_FG_FFWD_IN; + mp->flags &= ~FLODMAP_FG_NEED_REWIND; + } + send_ok(q); + if (!loaded) + flods_ck(0); + break; + } + if (++ofp > LAST(oflods.infos)) { + send_error(q, "unknown server-ID %d for %s", + arg, qop2str(q)); + break; + } + } + if (loaded) + oflods_clear(); + return; + } + + send_error(q, "unrecognized %s value %d", qop2str(q), fop); +} + + + +void +stats_clear(void) +{ + OFLOD_INFO *ofp; + + memset(&dccd_stats, 0, sizeof(dccd_stats)); + for (ofp = oflods.infos; ofp <= LAST(oflods.infos); ++ofp) { + if (ofp->rem_hostname[0] == '\0') + continue; + + /* The counts reported to `cdcc stats` are sums + * of the dccd_stats and ofp->cnts values. Bias + * the dccd_stats values by the current ofp->cnts values + * so the reported counts will be zero. When the flooding + * connection is closed, the ofp->cnts values will be added + * to the dccd_stats values. */ + dccd_stats.iflod_total -= ofp->cnts.total; + dccd_stats.iflod_accepted -= ofp->cnts.accepted; + dccd_stats.iflod_stale -= ofp->lc.stale.cur; + dccd_stats.iflod_dup -= ofp->lc.dup.cur; + dccd_stats.iflod_wlist -= ofp->lc.wlist.cur; + dccd_stats.iflod_not_deleted -= ofp->lc.not_deleted.cur; + } + + q_delays_start = 0; + + memset(&db_stats, 0, sizeof(db_stats)); + dccd_stats.reset = db_time; +} + + + +static u_char /* 1=sent 0=something wrong */ +stats_send(QUEUE *q) +{ + DCC_ADMN_RESP stats; + char tbuf[80]; + OFLOD_INFO *ofp; + IFLOD_INFO *ifp; + int oflods_connecting, iflods_connecting; + SCNTR iflod_total, iflod_accepted, iflod_stale; + SCNTR iflod_dup, iflod_wlist, iflod_not_deleted; + char flod_buf[60]; + char clients_reset[40], reset_buf[36], now_buf[20]; + int clients; + int age; + const char *client_ovf; + int blen, plen, len; + + tbuf[0] = '\0'; + if (dccd_tracemask & DCC_TRACE_ADMN_BIT) + strcat(tbuf, "ADMN "); + if (dccd_tracemask & DCC_TRACE_ANON_BIT) + strcat(tbuf, "ANON "); + if (dccd_tracemask & DCC_TRACE_CLNT_BIT) + strcat(tbuf, "CLNT "); + if (dccd_tracemask & DCC_TRACE_RLIM_BIT) + strcat(tbuf, "RLIM "); + if (dccd_tracemask & DCC_TRACE_QUERY_BIT) + strcat(tbuf, "QUERY "); + if (dccd_tracemask & DCC_TRACE_RIDC_BIT) + strcat(tbuf, "RIDC "); + if (dccd_tracemask & DCC_TRACE_FLOD_BIT) + strcat(tbuf, "FLOOD "); + if (dccd_tracemask & DCC_TRACE_FLOD2_BIT) + strcat(tbuf, "FLOOD2 "); + if (dccd_tracemask & DCC_TRACE_IDS_BIT) + strcat(tbuf, "IDS "); + if (dccd_tracemask & DCC_TRACE_BL_BIT) + strcat(tbuf, "BL "); + if (dccd_tracemask & DCC_TRACE_DB_BIT) + strcat(tbuf, "DB "); + if (dccd_tracemask & DCC_TRACE_WLIST_BIT) + strcat(tbuf, "WLIST "); + + clients = clients_get(0, 0, 0, 0, 0, 0, 0); + if (clients >= 0) { + client_ovf = ""; + } else { + client_ovf = ">"; + clients = -clients; + } + age = db_time.tv_sec - clients_cleared; + if (age <= 24*60*60) { + dcc_time2str(clients_reset, sizeof(clients_reset), + "since %X", clients_cleared); + } else if (age <= 3*24*60*60) { + snprintf(clients_reset, sizeof(clients_reset), + "in %d hours", (age + 60*60/2) / (60*60)); + } else { + snprintf(clients_reset, sizeof(clients_reset), + "in %d days", (age + 24*60*60/2) / (24*60*60)); + } + + oflods_connecting = 0; + iflod_total = dccd_stats.iflod_total; + iflod_accepted = dccd_stats.iflod_accepted; + iflod_stale = dccd_stats.iflod_stale; + iflod_dup = dccd_stats.iflod_dup; + iflod_wlist = dccd_stats.iflod_wlist; + iflod_not_deleted = dccd_stats.iflod_not_deleted; + for (ofp = oflods.infos; ofp <= LAST(oflods.infos); ++ofp) { + if (ofp->soc >= 0 && !(ofp->flags & OFLOD_FG_CONNECTED)) + ++oflods_connecting; + iflod_total += ofp->cnts.total; + iflod_accepted += ofp->cnts.accepted; + iflod_stale += ofp->lc.stale.cur; + iflod_dup += ofp->lc.dup.cur; + iflod_wlist += ofp->lc.wlist.cur; + iflod_not_deleted += ofp->lc.not_deleted.cur; + } + iflods_connecting = 0; + for (ifp = iflods.infos; ifp <= LAST(iflods.infos); ++ifp) { + if (ifp->soc >= 0 && !(ifp->flags & IFLOD_FG_VERS_CK)) + ++iflods_connecting; + } + dcc_time2str(reset_buf, sizeof(reset_buf),"%b %d %X", + dccd_stats.reset.tv_sec); + dcc_time2str(now_buf, sizeof(now_buf), "%b %d %X %Z", + db_time.tv_sec); + + blen = min(sizeof(stats.val.string), ntohl(q->pkt.ad.val1)); + plen = snprintf(stats.val.string, blen, + " version "DCC_VERSION" %s%s%stracing %s\n" + "%7d hash entries %6d used "L_DWPAT(9)" DB bytes\n" + "%5d ms delay "L_DPAT" NOPs "L_DPAT"" + " ADMN "L_DPAT" query %s%d clients %s\n", + + db_minimum_map ? "DB UNLOCKED " : "", + query_only ? "Q-mode " : "", + grey_on ? "greylist " : "", + tbuf[0] ? tbuf : "nothing", + + HADDR2LEN(db_hash_len), HADDR2LEN(db_hash_used), db_csize, + + avg_q_delay_ms(q), + + dccd_stats.nops, dccd_stats.admin, dccd_stats.queries, + client_ovf, clients, clients_reset); + if (plen >= blen) + plen = blen-1; + blen -= plen; + + if (grey_on) { + len = snprintf(&stats.val.string[plen], blen, + L_DWPAT(7)" reports "L_DWPAT(2)" whitelisted\n", + + dccd_stats.reports, + dccd_stats.respwhite); + + } else { + len = snprintf(&stats.val.string[plen], blen, + L_DWPAT(8)" reports " + L_DWPAT(7)">10 " + L_DWPAT(7)">100 " + L_DWPAT(7)">1000 " + L_DWPAT(7)" many\n" + " answers "L_DWPAT(7)">10 " + L_DWPAT(7)">100 " + L_DWPAT(7)">1000 " + L_DWPAT(7)" many\n", + + dccd_stats.reports, + (dccd_stats.report10 + dccd_stats.report100 + + dccd_stats.report1000 + dccd_stats.reportmany), + (dccd_stats.report100 + dccd_stats.report1000 + + dccd_stats.reportmany), + dccd_stats.report1000 + dccd_stats.reportmany, + dccd_stats.reportmany, + + (dccd_stats.resp10 + dccd_stats.resp100 + + dccd_stats.resp1000 + dccd_stats.respmany), + dccd_stats.resp100 + dccd_stats.resp1000 + dccd_stats.respmany, + dccd_stats.resp1000 + dccd_stats.respmany, + dccd_stats.respmany); + } + if (len >= blen) + len = blen-1; + blen -= len; + plen += len; + + len = snprintf(&stats.val.string[plen], blen, + L_DWPAT(8)" bad op " + L_DWPAT(4)" passwd " + L_DWPAT(6)" blist " + L_DWPAT(4)" reject " + L_DWPAT(6)" retrans\n", + dccd_stats.bad_op, dccd_stats.bad_passwd, dccd_stats.blist, + dccd_stats.send_error, dccd_stats.report_retrans); + if (len >= blen) + len = blen-1; + blen -= len; + plen += len; + + if (!grey_on) { + len = snprintf(&stats.val.string[plen], blen, + L_DWPAT(8)" answers rate-limited " + L_DWPAT(4)" anon " + L_DWPAT(5)" reports rejected\n", + dccd_stats.rl, dccd_stats.anon_rl, dccd_stats.report_reject); + if (len >= blen) + len = blen-1; + blen -= len; + plen += len; + } + + len = snprintf(&stats.val.string[plen], blen, + " %s " + L_DWPAT(8)" total flooded in\n" + L_DWPAT(8)" accepted " + L_DWPAT(6)" stale " + L_DWPAT(8)" dup " + L_DWPAT(5)" white " + L_DPAT" delete\n" + L_DWPAT(8)" reports added between %s and %s", + flod_stats_printf(flod_buf, sizeof(flod_buf), + (db_minimum_map || flods_st == FLODS_ST_OFF) ? 0 + : (flods_st != FLODS_ST_ON) ? 1 + : 2, + oflods.total, + oflods.open - oflods_connecting, + iflods.open - iflods_connecting), + iflod_total, + iflod_accepted, iflod_stale, iflod_dup, + iflod_wlist, iflod_not_deleted, + + dccd_stats.adds+db_stats.adds, reset_buf, now_buf); + if (len >= blen) + len = blen-1; + blen -= len; + plen += len; + + stats.hdr.len = plen + sizeof(stats)-sizeof(stats.val); + stats.hdr.op = DCC_OP_ADMN; + send_resp(q, &stats.hdr, 0); + return 1; +} + + + +void +timestamp_send(const QUEUE *q) +{ + time_t delta; + DCC_ADMN_RESP msg; + int blen, plen; + + delta = picky_time(q); + + blen = min(sizeof(msg.val.string), ntohl(q->pkt.ad.val1)); + if (delta < -MAX_CMD_CLOCK_SKEW || delta > MAX_CMD_CLOCK_SKEW) { + if (delta < -MAX_FLOD_CLOCK_SKEW + || delta > MAX_FLOD_CLOCK_SKEW) { + plen = snprintf(msg.val.string, blen, + " clocks differ by about %d seconds" + "\n which is more than the" + " maximum allowed for flooding, %d", + (int)delta, MAX_FLOD_CLOCK_SKEW); + } else { + plen = snprintf(msg.val.string, blen, + " clocks differ by about %d seconds" + "\n which is more than the" + " maximum allowed for commands, %d", + (int)delta, MAX_CMD_CLOCK_SKEW); + } + } else { + plen = snprintf(msg.val.string, blen, + " clocks differ by about %d seconds", + (int)delta); + } + + msg.hdr.len = plen + sizeof(msg)-sizeof(msg.val); + msg.hdr.op = DCC_OP_ADMN; + send_resp(q, &msg.hdr, 0); +} + + + +void +do_nop(QUEUE *q) +{ + /* respond immediately to even anonymous NOPs so that clients + * that are confused about passwords and whether they are anonymous + * do not retransmit unnecessarily */ + TMSG1(ADMN, "received %s", op_id_ip(q)); + ++dccd_stats.nops; + + if (!ck_clnt_srvr_id(q)) { + ++q->rl->d.nops; + return; + } + + ++q->rl->d.nops; + send_ok(q); +} + + + +/* deal with an adminstative request */ +void +do_admn(QUEUE *q) +{ + u_int32_t val1; + DCC_ADMN_RESP resp; + int len, offset; + u_int32_t adelay_ms; + struct in6_addr addr6, mask6; + const struct in6_addr *addr6p, *mask6p; + + val1 = ntohl(q->pkt.ad.val1); + TMSG3(ADMN, "received val2=%#x val3=%#x in %s", + q->pkt.ad.val2, q->pkt.ad.val3, op_id_ip(q)); + ++dccd_stats.admin; + + if (!ck_clnt_srvr_id(q)) + return; + + if (q->pkt_len != DCC_ADMN_REQ_MIN_SIZE + && (q->pkt_len != (DCC_ADMN_REQ_MIN_SIZE + + sizeof(DCC_AOP_CLIENTS_CIDR)) + || (q->pkt.ad.aop != DCC_AOP_CLIENTS + && q->pkt.ad.aop != DCC_AOP_CLIENTS_ID))) { + send_error(q, "%s size = %d", qop2str(q), q->pkt_len); + return; + } + + switch ((DCC_AOPS)q->pkt.ad.aop) { + case DCC_AOP_STOP: /* stop gracefully */ + if (!picky_admn(q, 0, 0)) + return; + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (!stopint) { + stopint = -1; + next_flods_ck = 0; + } + send_ok(q); + /* fsync() or let the database be wrong if asked */ + if (val1 != 0) + stop_mode = val1; + return; + + case DCC_AOP_DB_UNLOAD: + if (!picky_admn(q, 0, 0)) + return; + /* repeat previous answer to repeated question */ + if (ridc_get(q)) { + repeat_resp(q); + return; + } + /* unlike dbclean, dblist starts looking at the data + * immediately, so we cannot answer before flushing */ + if (val1 == 0) { + dcc_trace_msg("database flush started"); + rel_db_states(); + db_minimum_map = 1; + db_unload(0, 0); + dcc_trace_msg("database flushed; buffering off"); + } else { + db_minimum_map = 0; + dcc_trace_msg("database buffering on"); + } + send_ok(q); + return; + + case DCC_AOP_FLOD: /* control flooding */ + do_flod(q); + return; + + case DCC_AOP_DB_CLEAN: /* start switch to new database */ + if (!picky_admn(q, 0, 0)) + return; + /* repeat previous answer to repeated question */ + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (!flods_off || oflods.total != 0) { + send_error(q, "flooding not stopped before %s", + qop2str(q)); + return; + } + send_ok(q); /* asnwer now before we stall */ + dcc_trace_msg("database cleaning begun"); + next_flods_ck = 0; + /* don't start our own cleaning */ + del_dbclean_next = db_time.tv_sec + DEL_DBCLEAN_SECS; + dbclean_limit = db_time.tv_sec + dbclean_limit_secs; + /* Dbclean expects us to remove its separate hold on flooding + * so that it will not need to talk to us after telling us + * to close the old database. This because we might stall + * on some systems with lame mmap() support including BSD/OS, + * for minutes in close(). + * It might be nice to be able to turn off flooding before + * dbclean is run and have it remain off when dbclean + * finishes. However, the need for that that is very rare + * and there are mysterious cases where flooding gets + * turned off by dbclean and never restored. */ + flods_off = 0; + /* release and unmap buffers, possibly stalling */ + db_minimum_map = 1; + rel_db_states(); + db_unload(0, 0); + return; + + case DCC_AOP_DB_NEW: /* finish switch to new database */ + if (!picky_admn(q, 0, 0)) + return; + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (!db_minimum_map) { + send_error(q, "%s received before %s", + qop2str(q), + dcc_aop2str(0, 0, DCC_AOP_DB_CLEAN, 0)); + return; + } + /* send "ok" now because we may stall waiting to reopen */ + send_ok(q); + db_close(1); + dccd_stats.adds += db_stats.adds; + if (!dccd_db_open(DB_OPEN_LOCK_WAIT)) + dcc_logbad(dcc_ex_code, + "could not restart database %s: %s", + db_nm, dcc_emsg); + dcc_trace_msg(DCC_VERSION" database %s reopened with %s", + db_nm, db_window_size_str); + flods_off = 0; + flods_restart("database reopened", 0); + next_flods_ck = 0; /* possibly reap dbclean child */ + if (0 >= check_load_ids(2)) + dcc_error_msg("%s", dcc_emsg); + return; + + case DCC_AOP_STATS: /* return counters */ + /* we cannot just repeat ourselves for retransmissions, + * because the answer is too big to save */ + stats_send(q); + return; + + case DCC_AOP_STATS_CLEAR: /* return and then zero counters */ + if (!picky_admn(q, 0, 0)) + return; + /* we cannot just repeat ourselves for retransmissions, + * because the answer is too big to save */ + if (stats_send(q)) { + clients_clear(); + stats_clear(); + } + return; + + case DCC_AOP_TRACE_ON: + case DCC_AOP_TRACE_OFF: + if (!picky_admn(q, 0, 0)) + return; + /* it is idempotent, but suppress duplicate trace messages */ + if (ridc_get(q)) { + repeat_resp(q); + return; + } + /* log trace changes even when tracing is off */ + if (!(DCC_TRACE_ADMN_BIT & dccd_tracemask)) + dcc_trace_msg("received %s", op_id_ip(q)); + if ((val1 & ~DCC_TRACE_BITS) != 0 || val1 == 0) { + send_error(q, "invalid trace bits %#x", val1); + return; + } + if (q->pkt.ad.aop == DCC_AOP_TRACE_OFF) { + dccd_tracemask &= ~val1; + } else { + dccd_tracemask |= val1; + /* do not suppress the next duplicated flood message */ + if (val1 & DCC_TRACE_FLOD_BIT) + flod_trace_gen = db_time.tv_sec; + } + send_ok(q); + return; + + case DCC_AOP_CLIENTS: + case DCC_AOP_CLIENTS_ID: + if (!picky_admn(q, 1, 1)) + return; + /* we cannot just repeat ourselves for retransmissions, + * because the answer is too big to save */ + offset = (val1 >> 16) + (((u_int)q->pkt.ad.val4) << 16); + val1 &= 0xffff; + len = q->pkt.ad.val2; + if (q->pkt_len == (DCC_ADMN_REQ_MIN_SIZE + + sizeof(DCC_AOP_CLIENTS_CIDR))) { + memcpy(&addr6, &q->pkt.ad.val5[0], sizeof(addr6)); + dcc_bits2mask(&mask6, q->pkt.ad.val5[sizeof(addr6)]); + addr6p = &addr6; + mask6p = &mask6; + } else { + mask6p = 0; + addr6p = 0; + } + if (q->pkt.ad.aop == DCC_AOP_CLIENTS) + clients_get(&resp.val, &len, offset, + val1, q->pkt.ad.val3, addr6p, mask6p); + else + clients_get_id(&resp.val, &len, offset, + val1, q->pkt.ad.val3, addr6p, mask6p); + resp.hdr.len = len + sizeof(resp)-sizeof(resp.val); + resp.hdr.op = DCC_OP_ADMN; + send_resp(q, &resp.hdr, 0); + return; + + case DCC_AOP_ANON_DELAY: + /* get and set the anonymous client delay + * + * repeat answer to identical question */ + if (ridc_get(q)) { + repeat_resp(q); + return; + } + if (anon_off) + adelay_ms = DCC_ANON_DELAY_FOREVER; + else + adelay_ms = anon_delay_us/1000; + resp.val.anon_delay.delay[0] = adelay_ms>>8; + resp.val.anon_delay.delay[1] = adelay_ms; + if (anon_delay_inflate == DCC_ANON_INFLATE_OFF) { + resp.val.anon_delay.inflate[0] = 0; + resp.val.anon_delay.inflate[1] = 0; + resp.val.anon_delay.inflate[2] = 0; + resp.val.anon_delay.inflate[3] = 0; + } else { + resp.val.anon_delay.inflate[0] = anon_delay_inflate>>24; + resp.val.anon_delay.inflate[1] = anon_delay_inflate>>16; + resp.val.anon_delay.inflate[2] = anon_delay_inflate>>8; + resp.val.anon_delay.inflate[3] = anon_delay_inflate; + } + adelay_ms = (q->pkt.ad.val2<<8) + q->pkt.ad.val3; + if (adelay_ms != DCC_NO_ANON_DELAY + && picky_admn(q, 0, 0)) { + if (adelay_ms == DCC_ANON_DELAY_FOREVER) { + anon_off = 1; + } else { + anon_off = 0; + if (adelay_ms > DCC_ANON_DELAY_MAX/1000) + adelay_ms = DCC_ANON_DELAY_MAX/1000; + anon_delay_us = adelay_ms*1000; + if (val1 == 0) + val1 = DCC_ANON_INFLATE_OFF; + anon_delay_inflate = val1; + } + } + resp.hdr.len = (sizeof(resp)-sizeof(resp.val) + + sizeof(resp.val.anon_delay)); + resp.hdr.op = DCC_OP_ADMN; + send_resp(q, &resp.hdr, 0); + return; + + case DCC_AOP_CLOCK_CHECK: + timestamp_send(q); + return; + + case DCC_AOP_OK: + case DCC_AOP_unused1: + default: + break; + } + + send_error(q, "invalid %s", qop2str(q)); +}