diff options
author | Alberto Gonzalez Iniesta <agi@inittab.org> | 2012-11-05 16:28:10 +0100 |
---|---|---|
committer | Alberto Gonzalez Iniesta <agi@inittab.org> | 2012-11-05 16:28:10 +0100 |
commit | d213c4e5576e2fd601679e0d7b2fb1262b807111 (patch) | |
tree | 5f0cc82bd0f11fb13b385417604d04c751245a92 /src/openvpn/otime.c | |
parent | 79c8d3ef7a938f86472e549ef64e1fb820dc80c4 (diff) | |
parent | 8dd0350e1607aa30f7a043c8d5ec7a7eeb874115 (diff) |
Merge tag 'upstream/2.3_rc1'
Upstream version 2.3_rc1
Diffstat (limited to 'src/openvpn/otime.c')
-rw-r--r-- | src/openvpn/otime.c | 201 |
1 files changed, 201 insertions, 0 deletions
diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c new file mode 100644 index 0000000..2c1e5b1 --- /dev/null +++ b/src/openvpn/otime.c @@ -0,0 +1,201 @@ +/* + * OpenVPN -- An application to securely tunnel IP networks + * over a single TCP/UDP port, with support for SSL/TLS-based + * session authentication and key exchange, + * packet encryption, packet authentication, and + * packet compression. + * + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program (see the file COPYING included with this + * distribution); if not, write to the Free Software Foundation, Inc., + * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#elif defined(_MSC_VER) +#include "config-msvc.h" +#endif + +#include "syshead.h" + +#include "otime.h" + +#include "memdbg.h" + +time_t now = 0; /* GLOBAL */ + +#if TIME_BACKTRACK_PROTECTION + +static time_t now_adj = 0; /* GLOBAL */ +time_t now_usec = 0; /* GLOBAL */ + +/* + * Try to filter out time instability caused by the system + * clock backtracking or jumping forward. + */ + +void +update_now (const time_t system_time) +{ + const int forward_threshold = 86400; /* threshold at which to dampen forward jumps */ + const int backward_trigger = 10; /* backward jump must be >= this many seconds before we adjust */ + time_t real_time = system_time + now_adj; + + if (real_time > now) + { + const time_t overshoot = real_time - now - 1; + if (overshoot > forward_threshold && now_adj >= overshoot) + { + now_adj -= overshoot; + real_time -= overshoot; + } + now = real_time; + } + else if (real_time < now - backward_trigger) + now_adj += (now - real_time); +} + +void +update_now_usec (struct timeval *tv) +{ + const time_t last = now; + update_now (tv->tv_sec); + if (now > last || (now == last && tv->tv_usec > now_usec)) + now_usec = tv->tv_usec; +} + +#endif /* TIME_BACKTRACK_PROTECTION */ + +/* + * Return a numerical string describing a struct timeval. + */ +const char * +tv_string (const struct timeval *tv, struct gc_arena *gc) +{ + struct buffer out = alloc_buf_gc (64, gc); + buf_printf (&out, "[%d/%d]", + (int) tv->tv_sec, + (int )tv->tv_usec); + return BSTR (&out); +} + +/* + * Return an ascii string describing an absolute + * date/time in a struct timeval. + * + */ +const char * +tv_string_abs (const struct timeval *tv, struct gc_arena *gc) +{ + return time_string ((time_t) tv->tv_sec, + (int) tv->tv_usec, + true, + gc); +} + +/* format a time_t as ascii, or use current time if 0 */ + +const char * +time_string (time_t t, int usec, bool show_usec, struct gc_arena *gc) +{ + struct buffer out = alloc_buf_gc (64, gc); + struct timeval tv; + + if (t) + { + tv.tv_sec = t; + tv.tv_usec = usec; + } + else + { + gettimeofday (&tv, NULL); + } + + t = tv.tv_sec; + buf_printf (&out, "%s", ctime(&t)); + buf_rmtail (&out, '\n'); + + if (show_usec && tv.tv_usec) + buf_printf (&out, " us=%d", (int)tv.tv_usec); + + return BSTR (&out); +} + +/* + * Limit the frequency of an event stream. + * + * Used to control maximum rate of new + * incoming connections. + */ + +struct frequency_limit * +frequency_limit_init (int max, int per) +{ + struct frequency_limit *f; + + ASSERT (max >= 0 && per >= 0); + + ALLOC_OBJ (f, struct frequency_limit); + f->max = max; + f->per = per; + f->n = 0; + f->reset = 0; + return f; +} + +void +frequency_limit_free (struct frequency_limit *f) +{ + free (f); +} + +bool +frequency_limit_event_allowed (struct frequency_limit *f) +{ + if (f->per) + { + bool ret; + if (now >= f->reset + f->per) + { + f->reset = now; + f->n = 0; + } + ret = (++f->n <= f->max); + return ret; + } + else + return true; +} + +#ifdef TIME_TEST +void +time_test (void) +{ + struct timeval tv; + time_t t; + int i; + for (i = 0; i < 10000; ++i) + { + t = time(NULL); + gettimeofday (&tv, NULL); +#if 1 + msg (M_INFO, "t=%u s=%u us=%u", + (unsigned int)t, + (unsigned int)tv.tv_sec, + (unsigned int)tv.tv_usec); +#endif + } +} +#endif |