 @@ -1,14 +1,14 @@
-/*	$NetBSD: ntp_request.c,v 1.8.4.1 2009/12/09 04:48:24 snj Exp $	*/
+/*	$NetBSD: ntp_request.c,v 1.8.4.1.2.1 2014/01/06 19:24:39 bouyer Exp $	*/
 /*
  * ntp_request.c - respond to information requests
  */
 #ifdef HAVE_CONFIG_H
 # include <config.h>
 #endif
 #include "ntpd.h"
 #include "ntp_io.h"
 #include "ntp_request.h"
 #include "ntp_control.h"
 @@ -74,28 +74,27 @@ static	void	mem_stats	P((struct sockaddr
 static	void	io_stats	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	timer_stats	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	loop_info	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_conf		P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_unconf	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	set_sys_flag	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	clr_sys_flag	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	setclr_flags	P((struct sockaddr_storage *, struct interface *, struct req_pkt *, u_long));
 static	void	list_restrict	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_resaddflags	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_ressubflags	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_unrestrict	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_restrict	P((struct sockaddr_storage *, struct interface *, struct req_pkt *, int));
-static	void	mon_getlist_0	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
+static	void	mon_getlist	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	mon_getlist_1	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	reset_stats	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	reset_peer	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_key_reread	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	trust_key	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	untrust_key	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_trustkey	P((struct sockaddr_storage *, struct interface *, struct req_pkt *, u_long));
 static	void	get_auth_info	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	reset_auth_stats P((void));
 static	void	req_get_traps	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	req_set_trap	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	req_clr_trap	P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 static	void	do_setclr_trap	P((struct sockaddr_storage *, struct interface *, struct req_pkt *, int));
 static	void	set_request_keyid P((struct sockaddr_storage *, struct interface *, struct req_pkt *));
 @@ -135,28 +134,28 @@ static	struct req_proc ntp_codes[] = {
 	{ REQ_UNCONFIG,	    AUTH, v4sizeof(struct conf_unpeer),
 				sizeof(struct conf_unpeer), do_unconf },
 	{ REQ_SET_SYS_FLAG, AUTH, sizeof(struct conf_sys_flags),
 				sizeof(struct conf_sys_flags), set_sys_flag },
 	{ REQ_CLR_SYS_FLAG, AUTH, sizeof(struct conf_sys_flags),
 				sizeof(struct conf_sys_flags),  clr_sys_flag },
 	{ REQ_GET_RESTRICT,	NOAUTH,	0, 0,	list_restrict },
 	{ REQ_RESADDFLAGS, AUTH, v4sizeof(struct conf_restrict),
 				sizeof(struct conf_restrict), do_resaddflags },
 	{ REQ_RESSUBFLAGS, AUTH, v4sizeof(struct conf_restrict),
 				sizeof(struct conf_restrict), do_ressubflags },
 	{ REQ_UNRESTRICT, AUTH, v4sizeof(struct conf_restrict),
 				sizeof(struct conf_restrict), do_unrestrict },
-	{ REQ_MON_GETLIST,	NOAUTH,	0, 0,	mon_getlist_0 },
+	{ REQ_MON_GETLIST,	NOAUTH,	0, 0,	mon_getlist },
-	{ REQ_MON_GETLIST_1,	NOAUTH,	0, 0,	mon_getlist_1 },
+	{ REQ_MON_GETLIST_1,	NOAUTH,	0, 0,	mon_getlist },
 	{ REQ_RESET_STATS, AUTH, sizeof(struct reset_flags), 0, reset_stats },
 	{ REQ_RESET_PEER,  AUTH, v4sizeof(struct conf_unpeer),
 				sizeof(struct conf_unpeer), reset_peer },
 	{ REQ_REREAD_KEYS,	AUTH,	0, 0,	do_key_reread },
 	{ REQ_TRUSTKEY,   AUTH, sizeof(u_long), sizeof(u_long), trust_key },
 	{ REQ_UNTRUSTKEY, AUTH, sizeof(u_long), sizeof(u_long), untrust_key },
 	{ REQ_AUTHINFO,		NOAUTH,	0, 0,	get_auth_info },
 	{ REQ_TRAPS,		NOAUTH, 0, 0,	req_get_traps },
 	{ REQ_ADD_TRAP,	AUTH, v4sizeof(struct conf_trap),
 				sizeof(struct conf_trap), req_set_trap },
 	{ REQ_CLR_TRAP,	AUTH, v4sizeof(struct conf_trap),
 				sizeof(struct conf_trap), req_clr_trap },
 	{ REQ_REQUEST_KEY, AUTH, sizeof(u_long), sizeof(u_long),
 @@ -591,26 +590,29 @@ process_private(
 			msyslog(LOG_ERR, "process_private: bad pkt length %d",
 				rbufp->recv_length);
 			req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 			return;
+		}
 		if (!mod_okay || !authhavekey(info_auth_keyid)) {
 #ifdef DEBUG
 			if (debug > 4)
 			    printf("failed auth mod_okay %d\n", mod_okay);
 			msyslog(LOG_DEBUG,
 				"process_private: failed auth mod_okay %d\n",
 				mod_okay);
 #endif
 			if (!mod_okay) {
 				sys_restricted++;
+			}
 			req_ack(srcadr, inter, inpkt, INFO_ERR_AUTH);
 			return;
+		}
 		/*
 		 * calculate absolute time difference between xmit time stamp
 		 * and receive time stamp.  If too large, too bad.
 		 */
 		NTOHL_FP(&tailinpkt->tstamp, &ftmp);
 		L_SUB(&ftmp, &rbufp->recv_time);
 		LFPTOD(&ftmp, dtemp);
 		if (fabs(dtemp) >= INFO_TS_MAXSKEW) {
 			/*
 @@ -812,55 +814,62 @@ peer_list_sum(
+}
 /*
  * peer_info - send information for one or more peers
  */
 static void
 peer_info (
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct info_peer_list *ipl;
+	struct info_peer_list ipl;
 	register struct peer *pp;
 	register struct info_peer *ip;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	register int i, j;
 	struct sockaddr_storage addr;
 	extern struct peer *sys_peer;
 	l_fp ltmp;
 	memset((char *)&addr, 0, sizeof addr);
 	items = INFO_NITEMS(inpkt->err_nitems);
-	ipl = (struct info_peer_list *) inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz != sizeof(ipl)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	ip = (struct info_peer *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_peer));
 	while (items-- > 0 && ip != 0) {
 		memset(&ipl,0,sizeof(ipl));
 		memcpy(&ipl, datap, item_sz);
 		memset((char *)&addr, 0, sizeof(addr));
-		NSRCPORT(&addr) = ipl->port;
+		NSRCPORT(&addr) = ipl.port;
-		if (client_v6_capable && ipl->v6_flag != 0) {
+		if (client_v6_capable && ipl.v6_flag != 0) {
 			addr.ss_family = AF_INET6;
-			GET_INADDR6(addr) = ipl->addr6;
+			GET_INADDR6(addr) = ipl.addr6;
 		} else {
 			addr.ss_family = AF_INET;
-			GET_INADDR(addr) = ipl->addr;
+			GET_INADDR(addr) = ipl.addr;
+		}
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		addr.ss_len = SOCKLEN(&addr);
 #endif
-		ipl++;
+		datap += item_sz;
 		if ((pp = findexistingpeer(&addr, (struct peer *)0, -1)) == 0)
 		    continue;
 		if (pp->srcadr.ss_family == AF_INET6) {
 			if (pp->dstadr)
 				ip->dstadr6 = pp->cast_flags == MDF_BCAST ?
 					GET_INADDR6(pp->dstadr->bcast) :
 					GET_INADDR6(pp->dstadr->sin);
 			else
 				memset(&ip->dstadr6, 0, sizeof(ip->dstadr6));
 			ip->srcadr6 = GET_INADDR6(pp->srcadr);
 			ip->v6_flag = 1;
 		} else {
 @@ -944,61 +953,69 @@ peer_info (
+}
 /*
  * peer_stats - send statistics for one or more peers
  */
 static void
 peer_stats (
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct info_peer_list *ipl;
+	struct info_peer_list ipl;
 	register struct peer *pp;
 	register struct info_peer_stats *ip;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	struct sockaddr_storage addr;
 	extern struct peer *sys_peer;
 #ifdef DEBUG
 	if (debug)
 	     printf("peer_stats: called\n");
 #endif
 	items = INFO_NITEMS(inpkt->err_nitems);
-	ipl = (struct info_peer_list *) inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(ipl)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	ip = (struct info_peer_stats *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_peer_stats));
 	while (items-- > 0 && ip != 0) {
 		memset(&ipl,0,sizeof(ipl));
 		memcpy(&ipl, datap, item_sz);
 		memset((char *)&addr, 0, sizeof(addr));
-		NSRCPORT(&addr) = ipl->port;
+		NSRCPORT(&addr) = ipl.port;
-		if (client_v6_capable && ipl->v6_flag) {
+		if (client_v6_capable && ipl.v6_flag) {
 			addr.ss_family = AF_INET6;
-			GET_INADDR6(addr) = ipl->addr6;
+			GET_INADDR6(addr) = ipl.addr6;
 		} else {
 			addr.ss_family = AF_INET;
-			GET_INADDR(addr) = ipl->addr;
+			GET_INADDR(addr) = ipl.addr;
+		}
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		addr.ss_len = SOCKLEN(&addr);
 #endif
 #ifdef DEBUG
 		if (debug)
 		    printf("peer_stats: looking for %s, %d, %d\n", stoa(&addr),
-		    ipl->port, ((struct sockaddr_in6 *)&addr)->sin6_port);
+		    ipl.port, ((struct sockaddr_in6 *)&addr)->sin6_port);
 #endif
-		ipl = (struct info_peer_list *)((char *)ipl +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
 		if ((pp = findexistingpeer(&addr, (struct peer *)0, -1)) == 0)
 		    continue;
 #ifdef DEBUG
 		if (debug)
 		     printf("peer_stats: found %s\n", stoa(&addr));
 #endif
 		if (pp->srcadr.ss_family == AF_INET) {
 			if (pp->dstadr)
 				ip->dstadr = (pp->processed) ?
 					pp->cast_flags == MDF_BCAST ?
 					GET_INADDR(pp->dstadr->bcast):
 					pp->cast_flags ?
 @@ -1319,71 +1336,49 @@ loop_info(
 /*
  * do_conf - add a peer to the configuration list
  */
 static void
 do_conf(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
 	int items;
 	size_t item_sz;
 	char * datap;
 	u_int fl;
 	struct conf_peer *cp;
 	struct conf_peer temp_cp;
 	struct sockaddr_storage peeraddr;
 	struct sockaddr_in tmp_clock;
 	/*
 	 * Do a check of everything to see that it looks
 	 * okay.  If not, complain about it.  Note we are
 	 * very picky here.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_peer *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
-	memset(&temp_cp, 0, sizeof(struct conf_peer));
+	datap = inpkt->data;
-	memcpy(&temp_cp, (char *)cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	if (item_sz > sizeof(temp_cp)) {
 	fl = 0;
 	while (items-- > 0 && !fl) {
 		if (((temp_cp.version) > NTP_VERSION)
 		    || ((temp_cp.version) < NTP_OLDVERSION))
 		    fl = 1;
 		if (temp_cp.hmode != MODE_ACTIVE
 		    && temp_cp.hmode != MODE_CLIENT
 		    && temp_cp.hmode != MODE_BROADCAST)
 		    fl = 1;
 		if (temp_cp.flags & ~(CONF_FLAG_AUTHENABLE | CONF_FLAG_PREFER
 				  | CONF_FLAG_BURST | CONF_FLAG_IBURST | CONF_FLAG_SKEY))
 		    fl = 1;
 		cp = (struct conf_peer *)
 		    ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
 	if (fl) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	/*
 	 * Looks okay, try it out
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
 	cp = (struct conf_peer *)inpkt->data;
 	while (items-- > 0) {
 		memset(&temp_cp, 0, sizeof(struct conf_peer));
-		memcpy(&temp_cp, (char *)cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
+		memcpy(&temp_cp, datap, item_sz);
 		memset((char *)&peeraddr, 0, sizeof(struct sockaddr_storage));
 		fl = 0;
 		if (temp_cp.flags & CONF_FLAG_AUTHENABLE)
 			fl |= FLAG_AUTHENABLE;
 		if (temp_cp.flags & CONF_FLAG_PREFER)
 			fl |= FLAG_PREFER;
 		if (temp_cp.flags & CONF_FLAG_BURST)
 		    fl |= FLAG_BURST;
 		if (temp_cp.flags & CONF_FLAG_IBURST)
 		    fl |= FLAG_IBURST;
 		if (temp_cp.flags & CONF_FLAG_SKEY)
 			fl |= FLAG_SKEY;
 @@ -1411,28 +1406,27 @@ do_conf(
 		NSRCPORT(&peeraddr) = htons(NTP_PORT);
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		peeraddr.ss_len = SOCKLEN(&peeraddr);
 #endif
 		/* XXX W2DO? minpoll/maxpoll arguments ??? */
 		if (peer_config(&peeraddr, (struct interface *)0,
 		    temp_cp.hmode, temp_cp.version, temp_cp.minpoll,
 		    temp_cp.maxpoll, fl, temp_cp.ttl, temp_cp.keyid,
 		    NULL) == 0) {
 			req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 			return;
+		}
-		cp = (struct conf_peer *)
+		datap += item_sz;
 		    ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 #if 0
 /* XXX */
 /*
  * dns_a - Snarf DNS info for an association ID
  */
 static void
 dns_a(
 	struct sockaddr_storage *srcadr,
 @@ -1525,106 +1519,111 @@ dns_a(
+}
 #endif /* 0 */
 /*
  * do_unconf - remove a peer from the configuration list
  */
 static void
 do_unconf(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
 	register struct conf_unpeer *cp;
 	struct conf_unpeer temp_cp;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	register struct peer *peer;
 	struct sockaddr_storage peeraddr;
 	int bad, found;
 	/*
 	 * This is a bit unstructured, but I like to be careful.
 	 * We check to see that every peer exists and is actually
 	 * configured.  If so, we remove them.  If not, we return
 	 * an error.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_unpeer *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(temp_cp)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	bad = 0;
 	while (items-- > 0 && !bad) {
 		memset(&temp_cp, 0, sizeof(temp_cp));
 		memcpy(&temp_cp, datap, item_sz);
 		memset(&peeraddr, 0, sizeof(peeraddr));
 		memcpy(&temp_cp, cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
 		if (client_v6_capable && temp_cp.v6_flag != 0) {
 			peeraddr.ss_family = AF_INET6;
 			GET_INADDR6(peeraddr) = temp_cp.peeraddr6;
 		} else {
 			peeraddr.ss_family = AF_INET;
 			GET_INADDR(peeraddr) = temp_cp.peeraddr;
+		}
 		NSRCPORT(&peeraddr) = htons(NTP_PORT);
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		peeraddr.ss_len = SOCKLEN(&peeraddr);
 #endif
 		found = 0;
 		peer = (struct peer *)0;
 #ifdef DEBUG
 		if (debug)
 		     printf("searching for %s\n", stoa(&peeraddr));
 #endif
 		while (!found) {
 			peer = findexistingpeer(&peeraddr, peer, -1);
 			if (peer == (struct peer *)0)
 			    break;
 			if (peer->flags & FLAG_CONFIG)
 			    found = 1;
+		}
 		if (!found)
 		    bad = 1;
-		cp = (struct conf_unpeer *)
+		datap = inpkt->data;
 		    ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	if (bad) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
+	}
 	/*
 	 * Now do it in earnest.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_unpeer *)inpkt->data;
+	datap = inpkt->data;
 	while (items-- > 0) {
 		memset(&temp_cp, 0, sizeof(temp_cp));
 		memcpy(&temp_cp, datap, item_sz);
 		memset(&peeraddr, 0, sizeof(peeraddr));
 		memcpy(&temp_cp, cp, INFO_ITEMSIZE(inpkt->mbz_itemsize));
 		if (client_v6_capable && temp_cp.v6_flag != 0) {
 			peeraddr.ss_family = AF_INET6;
 			GET_INADDR6(peeraddr) = temp_cp.peeraddr6;
 		} else {
 			peeraddr.ss_family = AF_INET;
 			GET_INADDR(peeraddr) = temp_cp.peeraddr;
+		}
 		NSRCPORT(&peeraddr) = htons(NTP_PORT);
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		peeraddr.ss_len = SOCKLEN(&peeraddr);
 #endif
 		peer_unconfig(&peeraddr, (struct interface *)0, -1);
-		cp = (struct conf_unpeer *)
+		datap += item_sz;
 		    ((char *)cp + INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 /*
  * set_sys_flag - set system flags
  */
 static void
 set_sys_flag(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 @@ -1805,196 +1804,116 @@ do_unrestrict(
 /*
  * do_restrict - do the dirty stuff of dealing with restrictions
  */
 static void
 do_restrict(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt,
 	int op
+	)
+{
-	register struct conf_restrict *cr;
+	struct conf_restrict cr;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	struct sockaddr_storage matchaddr;
 	struct sockaddr_storage matchmask;
 	int bad;
 	/*
 	 * Do a check of the flags to make sure that only
 	 * the NTPPORT flag is set, if any.  If not, complain
 	 * about it.  Note we are very picky here.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cr = (struct conf_restrict *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(cr)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	bad = 0;
 	cr->flags = ntohs(cr->flags);
 	cr->mflags = ntohs(cr->mflags);
 	while (items-- > 0 && !bad) {
-		if (cr->mflags & ~(RESM_NTPONLY))
+		memcpy(&cr, datap, item_sz);
 		cr.flags = ntohs(cr.flags);
 		cr.mflags = ntohs(cr.mflags);
 		if (cr.mflags & ~(RESM_NTPONLY))
 		    bad |= 1;
-		if (cr->flags & ~(RES_ALLFLAGS))
+		if (cr.flags & ~(RES_ALLFLAGS))
 		    bad |= 2;
-		if (cr->mask != htonl(INADDR_ANY)) {
+		if (cr.mask != htonl(INADDR_ANY)) {
-			if (client_v6_capable && cr->v6_flag != 0) {
+			if (client_v6_capable && cr.v6_flag != 0) {
-				if (IN6_IS_ADDR_UNSPECIFIED(&cr->addr6))
+				if (IN6_IS_ADDR_UNSPECIFIED(&cr.addr6))
 					bad |= 4;
 			} else
-				if (cr->addr == htonl(INADDR_ANY))
+				if (cr.addr == htonl(INADDR_ANY))
 					bad |= 8;
+		}
-		cr = (struct conf_restrict *)((char *)cr +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	if (bad) {
 		msyslog(LOG_ERR, "do_restrict: bad = %#x", bad);
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	/*
 	 * Looks okay, try it out
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
 	cr = (struct conf_restrict *)inpkt->data;
 	memset((char *)&matchaddr, 0, sizeof(struct sockaddr_storage));
 	memset((char *)&matchmask, 0, sizeof(struct sockaddr_storage));
 	datap = inpkt->data;
 	while (items-- > 0) {
-		if (client_v6_capable && cr->v6_flag != 0) {
+		memcpy(&cr, datap, item_sz);
-			GET_INADDR6(matchaddr) = cr->addr6;
+		cr.flags = ntohs(cr.flags);
-			GET_INADDR6(matchmask) = cr->mask6;
+		cr.mflags = ntohs(cr.mflags);
 		if (client_v6_capable && cr.v6_flag != 0) {
 			GET_INADDR6(matchaddr) = cr.addr6;
 			GET_INADDR6(matchmask) = cr.mask6;
 			matchaddr.ss_family = AF_INET6;
 			matchmask.ss_family = AF_INET6;
 		} else {
-			GET_INADDR(matchaddr) = cr->addr;
+			GET_INADDR(matchaddr) = cr.addr;
-			GET_INADDR(matchmask) = cr->mask;
+			GET_INADDR(matchmask) = cr.mask;
 			matchaddr.ss_family = AF_INET;
 			matchmask.ss_family = AF_INET;
+		}
-		hack_restrict(op, &matchaddr, &matchmask, cr->mflags,
+		hack_restrict(op, &matchaddr, &matchmask, cr.mflags,
-			 cr->flags);
+			 cr.flags);
-		cr++;
+		datap += item_sz;
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 /*
  * mon_getlist - return monitor data
  */
 static void
-mon_getlist_0(
+mon_getlist(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct info_monitor *im;
+	req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 	register struct mon_data *md;
 	extern struct mon_data mon_mru_list;
 	extern int mon_enabled;
 #ifdef DEBUG
 	if (debug > 2)
 	    printf("wants monitor 0 list\n");
 #endif
 	if (!mon_enabled) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
 	im = (struct info_monitor *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_monitor));
 	for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0;
 	     md = md->mru_next) {
 		im->lasttime = htonl((u_int32)md->avg_interval);
 		im->firsttime = htonl((u_int32)(current_time - md->lasttime));
 		im->lastdrop = htonl((u_int32)md->drop_count);
 		im->count = htonl((u_int32)(md->count));
 		if (md->rmtadr.ss_family == AF_INET6) {
 			if (!client_v6_capable)
 				continue;
 			im->addr6 = GET_INADDR6(md->rmtadr);
 			im->v6_flag = 1;
 		} else {
 			im->addr = GET_INADDR(md->rmtadr);
 			if (client_v6_capable)
 				im->v6_flag = 0;
 		im->port = md->rmtport;
 		im->mode = md->mode;
 		im->version = md->version;
 		im = (struct info_monitor *)more_pkt();
 	flush_pkt();
 /*
  * mon_getlist - return monitor data
  */
 static void
 mon_getlist_1(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
 	register struct info_monitor_1 *im;
 	register struct mon_data *md;
 	extern struct mon_data mon_mru_list;
 	extern int mon_enabled;
 	if (!mon_enabled) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
 	im = (struct info_monitor_1 *)prepare_pkt(srcadr, inter, inpkt,
 	    v6sizeof(struct info_monitor_1));
 	for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0;
 	     md = md->mru_next) {
 		im->lasttime = htonl((u_int32)md->avg_interval);
 		im->firsttime = htonl((u_int32)(current_time - md->lasttime));
 		im->lastdrop = htonl((u_int32)md->drop_count);
 		im->count = htonl((u_int32)md->count);
 		if (md->rmtadr.ss_family == AF_INET6) {
 			if (!client_v6_capable)
 				continue;
 			im->addr6 = GET_INADDR6(md->rmtadr);
 			im->v6_flag = 1;
 			im->daddr6 = GET_INADDR6(md->interface->sin);
 		} else {
 			im->addr = GET_INADDR(md->rmtadr);
 			if (client_v6_capable)
 				im->v6_flag = 0;
 			im->daddr = (md->cast_flags == MDF_BCAST)
 				? GET_INADDR(md->interface->bcast)
 				: (md->cast_flags
 				? (GET_INADDR(md->interface->sin)
 				? GET_INADDR(md->interface->sin)
 				: GET_INADDR(md->interface->bcast))
 				: 4);
 		im->flags = htonl(md->cast_flags);
 		im->port = md->rmtport;
 		im->mode = md->mode;
 		im->version = md->version;
 		im = (struct info_monitor_1 *)more_pkt();
 	flush_pkt();
+}
 /*
  * Module entry points and the flags they correspond with
  */
 struct reset_entry {
 	int flag;		/* flag this corresponds to */
 	void (*handler) P((void)); /* routine to handle request */
 };
 struct reset_entry reset_entries[] = {
 	{ RESET_FLAG_ALLPEERS,	peer_all_reset },
 	{ RESET_FLAG_IO,	io_clr_stats },
 @@ -2043,91 +1962,99 @@ reset_stats(
+}
 /*
  * reset_peer - clear a peer's statistics
  */
 static void
 reset_peer(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 	struct req_pkt *inpkt
+	)
+{
-	register struct conf_unpeer *cp;
+	struct conf_unpeer cp;
 	register int items;
 	size_t item_sz;
 	char * datap;
 	register struct peer *peer;
 	struct sockaddr_storage peeraddr;
 	int bad;
 	/*
 	 * We check first to see that every peer exists.  If not,
 	 * we return an error.
 	 */
 	items = INFO_NITEMS(inpkt->err_nitems);
-	cp = (struct conf_unpeer *)inpkt->data;
+	item_sz = INFO_ITEMSIZE(inpkt->mbz_itemsize);
 	datap = inpkt->data;
 	if (item_sz > sizeof(cp)) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
 		return;
+	}
 	bad = 0;
 	while (items-- > 0 && !bad) {
 		memset(&cp,0,sizeof(cp));
 		memcpy(&cp, datap, item_sz);
 		memset((char *)&peeraddr, 0, sizeof(peeraddr));
-		if (client_v6_capable && cp->v6_flag != 0) {
+		if (client_v6_capable && cp.v6_flag != 0) {
-			GET_INADDR6(peeraddr) = cp->peeraddr6;
+			GET_INADDR6(peeraddr) = cp.peeraddr6;
 			peeraddr.ss_family = AF_INET6;
 		} else {
-			GET_INADDR(peeraddr) = cp->peeraddr;
+			GET_INADDR(peeraddr) = cp.peeraddr;
 			peeraddr.ss_family = AF_INET;
+		}
 		NSRCPORT(&peeraddr) = htons(NTP_PORT);
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		peeraddr.ss_len = SOCKLEN(&peeraddr);
 #endif
 		peer = findexistingpeer(&peeraddr, (struct peer *)0, -1);
 		if (peer == (struct peer *)0)
 		    bad++;
-		cp = (struct conf_unpeer *)((char *)cp +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	if (bad) {
 		req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
 		return;
+	}
 	/*
 	 * Now do it in earnest.
 	 */
-	items = INFO_NITEMS(inpkt->err_nitems);
+	datap = inpkt->data;
 	cp = (struct conf_unpeer *)inpkt->data;
 	while (items-- > 0) {
 		memset(&cp,0,sizeof(cp));
 		memcpy(&cp, datap, item_sz);
 		memset((char *)&peeraddr, 0, sizeof(peeraddr));
-		if (client_v6_capable && cp->v6_flag != 0) {
+		if (client_v6_capable && cp.v6_flag != 0) {
-			GET_INADDR6(peeraddr) = cp->peeraddr6;
+			GET_INADDR6(peeraddr) = cp.peeraddr6;
 			peeraddr.ss_family = AF_INET6;
 		} else {
-			GET_INADDR(peeraddr) = cp->peeraddr;
+			GET_INADDR(peeraddr) = cp.peeraddr;
 			peeraddr.ss_family = AF_INET;
+		}
 #ifdef HAVE_SA_LEN_IN_STRUCT_SOCKADDR
 		peeraddr.ss_len = SOCKLEN(&peeraddr);
 #endif
 		peer = findexistingpeer(&peeraddr, (struct peer *)0, -1);
 		while (peer != 0) {
 			peer_reset(peer);
 			peer = findexistingpeer(&peeraddr, (struct peer *)peer, -1);
+		}
-		cp = (struct conf_unpeer *)((char *)cp +
+		datap += item_sz;
 		    INFO_ITEMSIZE(inpkt->mbz_itemsize));
+	}
 	req_ack(srcadr, inter, inpkt, INFO_OKAY);
+}
 /*
  * do_key_reread - reread the encryption key file
  */
 static void
 do_key_reread(
 	struct sockaddr_storage *srcadr,
 	struct interface *inter,
 @@ -2826,27 +2753,27 @@ fill_info_if_stats(void *data, interface
 			return;
+		}
 		ifs->v6_flag = 1;
 		memcpy((char *)&ifs->unaddr.addr6, (char *)&CAST_V6(interface->sin)->sin6_addr, sizeof(struct in6_addr));
 		memcpy((char *)&ifs->unbcast.addr6, (char *)&CAST_V6(interface->bcast)->sin6_addr, sizeof(struct in6_addr));
 		memcpy((char *)&ifs->unmask.addr6, (char *)&CAST_V6(interface->mask)->sin6_addr, sizeof(struct in6_addr));
 	} else {
 		ifs->v6_flag = 0;
 		memcpy((char *)&ifs->unaddr.addr, (char *)&CAST_V4(interface->sin)->sin_addr, sizeof(struct in_addr));
 		memcpy((char *)&ifs->unbcast.addr, (char *)&CAST_V4(interface->bcast)->sin_addr, sizeof(struct in_addr));
 		memcpy((char *)&ifs->unmask.addr, (char *)&CAST_V4(interface->mask)->sin_addr, sizeof(struct in_addr));
+	}
 	ifs->v6_flag = htonl(ifs->v6_flag);
-	strcpy(ifs->name, interface->name);
+	strlcpy(ifs->name, interface->name, sizeof(ifs->name));
 	ifs->family = htons(interface->family);
 	ifs->flags = htonl(interface->flags);
 	ifs->last_ttl = htonl(interface->last_ttl);
 	ifs->num_mcast = htonl(interface->num_mcast);
 	ifs->received = htonl(interface->received);
 	ifs->sent = htonl(interface->sent);
 	ifs->notsent = htonl(interface->notsent);
 	ifs->scopeid = htonl(interface->scopeid);
 	ifs->ifindex = htonl(interface->ifindex);
 	ifs->ifnum = htonl(interface->ifnum);
 	ifs->uptime = htonl(current_time - interface->starttime);
 	ifs->ignore_packets = interface->ignore_packets;
 	ifs->peercnt = htonl(interface->peercnt);

 @@ -1,83 +1,118 @@
-# $NetBSD: ntp.conf,v 1.9 2007/02/10 19:36:56 reed Exp $
+# $NetBSD: ntp.conf,v 1.9.28.1 2014/01/06 19:24:39 bouyer Exp $
+#
 # NetBSD default Network Time Protocol (NTP) configuration file for ntpd
 # This file is intended to be both a usable default, and a Quick-Start
 # Guide. The directives and options listed here are not at all complete.
 # A great deal of additional documentation, including links to FAQS and
 # other guides, may be found on the official NTP web site, in particular
+#
 #	http://www.ntp.org/documentation.html
+#
 # Process ID file, so that the daemon can be signalled from scripts
 pidfile		/var/run/ntpd.pid
 # The correction calculated by ntpd(8) for the local system clock's
 # drift is stored here.
 driftfile	/var/db/ntp.drift
 # Suppress the syslog(3) message for each peer synchronization change.
 logconfig	-syncstatus
-# This will help minimize disruptions due to network congestion. Don't
+# Refuse to set the local clock if there are too few good peers or servers.
 # This may help minimize disruptions due to network congestion. Don't
 # do this if you configure only one server!
 tos		minsane 2
 # Access control restrictions.
 # See /usr/share/doc/html/ntp/accopt.html for syntax.
 # See <http://support.ntp.org/bin/view/Support/AccessRestrictions> for advice.
 # Last match wins.
+#
 # Some of the more common keywords are:
 #   ignore      Deny packets of all kinds.
 #   kod         Send "kiss-o'-death" packets if clients exceed rate
 #               limits.
 #   nomodify    Deny attempts to modify the state of the server via
 #               ntpq or ntpdc queries.
 #   noquery     Deny all ntpq and ntpdc queries.  Does not affect time
 #               synchronisation.
 #   nopeer      Prevent establishing an new peer association.
 #               Does not affect preconfigured peer associations.
 #               Does not affect client/server time synchronisation.
 #   noserve     Deny all time synchronisation.  Does not affect ntpq or
 #               ntpdc queries.
 #   notrap      Deny the trap subset of the ntpdc control message protocol.
 #   notrust     Deny packets that are not cryptographically authenticated.
+#
 # By default, either deny everything, or allow client/server time exchange
 # but deny configuration changes, queries, and peer associations that were not
 # explicitly configured.
 # (Uncomment one of the following "restrict default" lines.)
+#
 #restrict default ignore
 restrict default kod nopeer noquery
 # Fewer restrictions for the local subnet.
 # (Uncomment and adjust as appropriate.)
+#
 #restrict 192.0.2.0 mask 255.255.255.0 kod nomodify notrap nopeer
 #restrict 2001:db8:: mask ffff:ffff::  kod nomodify notrap nopeer
 # No restrictions for localhost.
+#
 restrict 127.0.0.1
 restrict ::1
 # Hereafter should be "server" or "peer" statements to configure other
-# hosts to exchange NTP packets with. Peers should be selected in such
+# hosts to exchange NTP packets with.
 # a way that the network path to them is symmetric (that is, the series
-# of links and routers used to get to the peer is the same one that the
+# See <http://support.ntp.org/bin/view/Support/DesigningYourNTPNetwork>
-# peer uses to get back. NTP assumes such symmetry in its network delay
+# and <http://support.ntp.org/bin/view/Support/SelectingOffsiteNTPServers>
-# calculation. NTP will apply an incorrect adjustment to timestamps
+# for advice.
 # received from the peer if the path is not symmetric. This can result
-# in clock skew (your system clock being maintained consistently wrong
+# Peers should be selected in such a way that the network path to them
-# by a certain amount).
+# is short, uncongested, and symmetric (that is, the series of links
 # and routers used to get to the peer is the same one that the peer
-# The best way to select symmetric peers is to make sure that the
+# uses to get back).  The best place to start looking for NTP peers for
-# network path to them is as short as possible (this reduces the chance
+# your system is within your own network, or at your Internet Service
-# that there is more than one network path between you and your peer).
+# Provider (ISP).
 # You can measure these distances with the traceroute(8)  program. The
 # best place to start looking for NTP peers for your system is within
 # your own network, or at your Internet Service Provider (ISP).
+#
 # Ideally, you should select at least three other systems to talk NTP
 # with, for an "what I tell you three times is true" effect.
+#
 # A "restrict" line for each configured peer or server might be necessary,
 # if the "restrict default" settings are very restrictive.  As a courtesy
 # to configured peers and servers, consider allowing them to query.
 #peer		an.ntp.peer.goes.here
 #server		an.ntp.server.goes.here
 #restrict	an.ntp.server.goes.here nomodify notrap
-# Public servers from the pool.ntp.org project. Volunteer's servers
+# The pool.ntp.org project coordinates public time servers provided by
-# are dynamically assigned to the CNAMES below via DNS round-robin.
+# volunteers.  See <http://www.pool.ntp.org>.  The *.netbsd.pool.ntp.org
 # servers are intended to be used by default on NetBSD hosts, but
 # servers that are closer to you are likely to be better.  Consider
 # using servers specific to your country, a nearby country, or your
 # continent.
+#
 # The pool.ntp.org project needs more volunteers! The only criteria to
 # join are a nailed-up connection and a static IP address. For details,
 # see the web page:
+#
-#	http://www.pool.ntp.org/
+#	http://www.pool.ntp.org/join.html
+#
-# The country codes can help you find servers that are net-wise close.
+server          0.netbsd.pool.ntp.org
-# As explained above, closer is better...
+restrict        0.netbsd.pool.ntp.org nomodify notrap
 server          1.netbsd.pool.ntp.org
-# Northern U.S.A
+restrict        1.netbsd.pool.ntp.org nomodify notrap
-#server		ca.pool.ntp.org
+server          2.netbsd.pool.ntp.org
-#server		us.pool.ntp.org
+restrict        2.netbsd.pool.ntp.org nomodify notrap
-#server		us.pool.ntp.org
+server          3.netbsd.pool.ntp.org
 restrict        3.netbsd.pool.ntp.org nomodify notrap
 # Northern Europe
 #server		de.pool.ntp.org
 #server		de.pool.ntp.org
 #server		dk.pool.ntp.org
 # Depending on the vagaries of DNS can occasionally pull in the same
 # server twice. The following CNAMES are guaranteed to be disjoint, at
 # least over some short interval.
 server		0.pool.ntp.org
 server		1.pool.ntp.org
 server		2.pool.ntp.org