Add new monotonic_now() wrapper so that timeouts are unaffected by

system clock changes
2025-03-03 18:52:00 +00:00 · 2014-03-13 23:50:09 +08:00 · 2014-03-13 23:50:09 +08:00 · e767bbb41f
commit e767bbb41f
parent 2b599df57a
9 changed files with 61 additions and 9 deletions
--- a/common-kex.c
+++ b/common-kex.c
@ -270,7 +270,7 @@ static void kexinitialise() {

 	ses.kexstate.our_first_follows_matches = 0;

-	ses.kexstate.lastkextime = time(NULL);
+	ses.kexstate.lastkextime = monotonic_now();

 }

--- a/common-session.c
+++ b/common-session.c
@ -397,8 +397,7 @@ void send_msg_ignore() {
 static void checktimeouts() {

 	time_t now;
-
-	now = time(NULL);
+	now = monotonic_now();
 	
 	if (ses.connect_time != 0 && now - ses.connect_time >= AUTH_TIMEOUT) {
 			dropbear_close("Timeout before auth");
--- a/configure.ac
+++ b/configure.ac
@ -361,6 +361,10 @@ AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
 AC_CHECK_FUNCS(logout updwtmp logwtmp)

+# OS X monotonic time
+AC_CHECK_HEADERS([mach/mach_time.h])
+AC_CHECK_FUNCS(mach_absolute_time)
+
 AC_ARG_ENABLE(bundled-libtom,
 [  --enable-bundled-libtom       Force using bundled libtomcrypt/libtommath even if a system version exists.
  --disable-bundled-libtom      Force using system libtomcrypt/libtommath, fail if it does not exist.
--- a/dbutil.c
+++ b/dbutil.c
@ -48,6 +48,19 @@
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */

+#include "config.h"
+
+#ifdef __linux__
+#define _GNU_SOURCE
+/* To call clock_gettime() directly */
+#include <sys/syscall.h>
+#endif /* __linux */
+
+#ifdef HAVE_MACH_MACH_TIME_H
+#include <mach/mach_time.h>
+#include <mach/mach.h>
+#endif
+
 #include "includes.h"
 #include "dbutil.h"
 #include "buffer.h"
@ -932,3 +945,33 @@ int constant_time_memcmp(const void* a, const void *b, size_t n)
 	return c;
 }

+time_t monotonic_now() {
+
+#if defined(__linux__) && defined(SYS_clock_gettime)
+	/* CLOCK_MONOTONIC_COARSE was added in Linux 2.6.32. Probably cheaper. */
+#ifndef CLOCK_MONOTONIC_COARSE
+#define CLOCK_MONOTONIC_COARSE 6
+#endif
+	static clockid_t clock_source = CLOCK_MONOTONIC_COARSE;
+	struct timespec ts;
+
+	if (syscall(SYS_clock_gettime, clock_source, &ts) == EINVAL) {
+		clock_source = CLOCK_MONOTONIC;
+		syscall(SYS_clock_gettime, CLOCK_MONOTONIC, &ts);
+	}
+	return ts.tv_sec;
+#elif defined(HAVE_MACH_ABSOLUTE_TIME)
+	/* OS X, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */
+	mach_timebase_info_data_t timebase_info;
+	if (timebase_info.denom == 0) {
+		mach_timebase_info(&timebase_info);
+	}
+	return mach_absolute_time() * timebase_info.numer / timebase_info.denom
+		/ 1e9;
+#else 
+	/* Fallback for everything else - this will sometimes go backwards */
+	return time(NULL);
+#endif
+
+}
+
--- a/dbutil.h
+++ b/dbutil.h
@ -106,4 +106,9 @@ int m_str_to_uint(const char* str, unsigned int *val);
 /* Returns 0 if a and b have the same contents */
 int constant_time_memcmp(const void* a, const void *b, size_t n);

+/* Returns a time in seconds that doesn't go backwards - does not correspond to
+a real-world clock */
+time_t monotonic_now();
+
+
 #endif /* _DBUTIL_H_ */
--- a/packet.c
+++ b/packet.c
@ -151,7 +151,7 @@ void write_packet() {
 	}

 #endif
-	now = time(NULL);
+	now = monotonic_now();
 	ses.last_trx_packet_time = now;

 	if (!all_ignore) {
--- a/process-packet.c
+++ b/process-packet.c
@ -52,7 +52,7 @@ void process_packet() {

 	ses.lastpacket = type;

-	ses.last_packet_time = time(NULL);
+	ses.last_packet_time = monotonic_now();

 	/* These packets we can receive at any time */
 	switch(type) {
--- a/session.h
+++ b/session.h
@ -106,7 +106,8 @@ struct sshsession {

 	time_t connect_time; /* time the connection was established
 							(cleared after auth once we're not
-							respecting AUTH_TIMEOUT any more) */
+							respecting AUTH_TIMEOUT any more).
+							A monotonic time, not realworld */

 	int sock_in;
 	int sock_out;
@ -147,10 +148,10 @@ struct sshsession {
 						   race-free signal handling */
 						
 	time_t last_trx_packet_time; /* time of the last packet transmission, for
-							keepalive purposes */
+							keepalive purposes. Not real-world clock */

 	time_t last_packet_time; /* time of the last packet transmission or receive, for
-								idle timeout purposes */
+								idle timeout purposes. Not real-world clock */


 	/* KEX/encryption related */
--- a/svr-session.c
+++ b/svr-session.c
@ -95,7 +95,7 @@ void svr_session(int sock, int childpipe) {
 	chaninitialise(svr_chantypes);
 	svr_chansessinitialise();

-	ses.connect_time = time(NULL);
+	ses.connect_time = monotonic_now();

 	/* for logging the remote address */
 	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);