/*
 * NTP client/server, based on OpenNTPD 3.9p1
 *
 * Author: Adam Tkac <vonsch@gmail.com>
 *
 * Licensed under GPLv2, see file LICENSE in this source tree.
 */
#include "libbb.h"
#include <netinet/ip.h> /* For IPTOS_LOWDELAY definition */
#ifndef IPTOS_LOWDELAY
# define IPTOS_LOWDELAY 0x10
#endif
#ifndef IP_PKTINFO
# error "Sorry, your kernel has to support IP_PKTINFO"
#endif


/* Sync to peers every N secs */
#define INTERVAL_QUERY_NORMAL    30
#define INTERVAL_QUERY_PATHETIC  60
#define INTERVAL_QUERY_AGRESSIVE  5

/* Bad if *less than* TRUSTLEVEL_BADPEER */
#define TRUSTLEVEL_BADPEER        6
#define TRUSTLEVEL_PATHETIC       2
#define TRUSTLEVEL_AGRESSIVE      8
#define TRUSTLEVEL_MAX           10

#define QSCALE_OFF_MIN         0.05
#define QSCALE_OFF_MAX         0.50

/* Single query might take N secs max */
#define QUERYTIME_MAX            15
/* Min offset for settime at start. "man ntpd" says it's 128 ms */
#define STEPTIME_MIN_OFFSET   0.128

typedef struct {
        uint32_t int_partl;
        uint32_t fractionl;
} l_fixedpt_t;

typedef struct {
        uint16_t int_parts;
        uint16_t fractions;
} s_fixedpt_t;

enum {
        NTP_DIGESTSIZE     = 16,
        NTP_MSGSIZE_NOAUTH = 48,
        NTP_MSGSIZE        = (NTP_MSGSIZE_NOAUTH + 4 + NTP_DIGESTSIZE),
};

typedef struct {
        uint8_t     m_status;     /* status of local clock and leap info */
        uint8_t     m_stratum;    /* stratum level */
        uint8_t     m_ppoll;      /* poll value */
        int8_t      m_precision_exp;
        s_fixedpt_t m_rootdelay;
        s_fixedpt_t m_dispersion;
        uint32_t    m_refid;
        l_fixedpt_t m_reftime;
        l_fixedpt_t m_orgtime;
        l_fixedpt_t m_rectime;
        l_fixedpt_t m_xmttime;
        uint32_t    m_keyid;
        uint8_t     m_digest[NTP_DIGESTSIZE];
} msg_t;

enum {
        NTP_VERSION     = 4,
        NTP_MAXSTRATUM  = 15,

        /* Status Masks */
        MODE_MASK       = (7 << 0),
        VERSION_MASK    = (7 << 3),
        VERSION_SHIFT   = 3,
        LI_MASK         = (3 << 6),

        /* Leap Second Codes (high order two bits of m_status) */
        LI_NOWARNING    = (0 << 6),    /* no warning */
        LI_PLUSSEC      = (1 << 6),    /* add a second (61 seconds) */
        LI_MINUSSEC     = (2 << 6),    /* minus a second (59 seconds) */
        LI_ALARM        = (3 << 6),    /* alarm condition */

        /* Mode values */
        MODE_RES0       = 0,    /* reserved */
        MODE_SYM_ACT    = 1,    /* symmetric active */
        MODE_SYM_PAS    = 2,    /* symmetric passive */
        MODE_CLIENT     = 3,    /* client */
        MODE_SERVER     = 4,    /* server */
        MODE_BROADCAST  = 5,    /* broadcast */
        MODE_RES1       = 6,    /* reserved for NTP control message */
        MODE_RES2       = 7,    /* reserved for private use */
};

#define OFFSET_1900_1970 2208988800UL  /* 1970 - 1900 in seconds */

typedef struct {
        double   d_offset;
        double   d_delay;
        //UNUSED: double d_error;
        time_t   d_rcv_time;
        uint32_t d_refid4;
        uint8_t  d_leap;
        uint8_t  d_stratum;
        uint8_t  d_good;
} datapoint_t;

#define NUM_DATAPOINTS  8
typedef struct {
        len_and_sockaddr *p_lsa;
        char             *p_dotted;
        /* When to send new query (if p_fd == -1)
         * or when receive times out (if p_fd >= 0): */
        time_t           next_action_time;
        int              p_fd;
        uint8_t          p_datapoint_idx;
        uint8_t          p_trustlevel;
        double           p_xmttime;
        datapoint_t      update;
        datapoint_t      p_datapoint[NUM_DATAPOINTS];
        msg_t            p_xmt_msg;
} peer_t;

enum {
        OPT_n = (1 << 0),
        OPT_q = (1 << 1),
        OPT_N = (1 << 2),
        OPT_x = (1 << 3),
        /* Insert new options above this line. */
        /* Non-compat options: */
        OPT_p = (1 << 4),
        OPT_l = (1 << 5) * ENABLE_FEATURE_NTPD_SERVER,
};


struct globals {
        /* total round trip delay to currently selected reference clock */
        double   rootdelay;
        /* reference timestamp: time when the system clock was last set or corrected */
        double   reftime;
        llist_t  *ntp_peers;
#if ENABLE_FEATURE_NTPD_SERVER
        int      listen_fd;
#endif
        unsigned verbose;
        unsigned peer_cnt;
        unsigned scale;
        uint32_t refid;
        uint32_t refid4;
        uint8_t  synced;
        uint8_t  leap;
#define G_precision_exp -6
//      int8_t   precision_exp;
        uint8_t  stratum;
        uint8_t  time_was_stepped;
        uint8_t  first_adj_done;
};
#define G (*ptr_to_globals)

static const int const_IPTOS_LOWDELAY = IPTOS_LOWDELAY;


static void
set_next(peer_t *p, unsigned t)
{
        p->next_action_time = time(NULL) + t;
}

static void
add_peers(char *s)
{
        peer_t *p;

        p = xzalloc(sizeof(*p));
        p->p_lsa = xhost2sockaddr(s, 123);
        p->p_dotted = xmalloc_sockaddr2dotted_noport(&p->p_lsa->u.sa);
        p->p_fd = -1;
        p->p_xmt_msg.m_status = MODE_CLIENT | (NTP_VERSION << 3);
        p->p_trustlevel = TRUSTLEVEL_PATHETIC;
        p->next_action_time = time(NULL); /* = set_next(p, 0); */

        llist_add_to(&G.ntp_peers, p);
        G.peer_cnt++;
}

static double
gettime1900d(void)
{
        struct timeval tv;
        gettimeofday(&tv, NULL); /* never fails */
        return (tv.tv_sec + 1.0e-6 * tv.tv_usec + OFFSET_1900_1970);
}

static void
d_to_tv(double d, struct timeval *tv)
{
        tv->tv_sec = (long)d;
        tv->tv_usec = (d - tv->tv_sec) * 1000000;
}

static double
lfp_to_d(l_fixedpt_t lfp)
{
        double ret;
        lfp.int_partl = ntohl(lfp.int_partl);
        lfp.fractionl = ntohl(lfp.fractionl);
        ret = (double)lfp.int_partl + ((double)lfp.fractionl / UINT_MAX);
        return ret;
}

#if 0 //UNUSED
static double
sfp_to_d(s_fixedpt_t sfp)
{
        double ret;
        sfp.int_parts = ntohs(sfp.int_parts);
        sfp.fractions = ntohs(sfp.fractions);
        ret = (double)sfp.int_parts + ((double)sfp.fractions / USHRT_MAX);
        return ret;
}
#endif

#if ENABLE_FEATURE_NTPD_SERVER
static l_fixedpt_t
d_to_lfp(double d)
{
        l_fixedpt_t lfp;
        lfp.int_partl = (uint32_t)d;
        lfp.fractionl = (uint32_t)((d - lfp.int_partl) * UINT_MAX);
        lfp.int_partl = htonl(lfp.int_partl);
        lfp.fractionl = htonl(lfp.fractionl);
        return lfp;
}

static s_fixedpt_t
d_to_sfp(double d)
{
        s_fixedpt_t sfp;
        sfp.int_parts = (uint16_t)d;
        sfp.fractions = (uint16_t)((d - sfp.int_parts) * USHRT_MAX);
        sfp.int_parts = htons(sfp.int_parts);
        sfp.fractions = htons(sfp.fractions);
        return sfp;
}
#endif

static unsigned
error_interval(void)
{
        unsigned interval, r;
        interval = INTERVAL_QUERY_PATHETIC * QSCALE_OFF_MAX / QSCALE_OFF_MIN;
        r = (unsigned)random() % (unsigned)(interval / 10);
        return (interval + r);
}

static int
do_sendto(int fd,
                const struct sockaddr *from, const struct sockaddr *to, socklen_t addrlen,
                msg_t *msg, ssize_t len)
{
        ssize_t ret;

        errno = 0;
        if (!from) {
                ret = sendto(fd, msg, len, MSG_DONTWAIT, to, addrlen);
        } else {
                ret = send_to_from(fd, msg, len, MSG_DONTWAIT, to, from, addrlen);
        }
        if (ret != len) {
                bb_perror_msg("send failed");
                return -1;
        }
        return 0;
}

static int
send_query_to_peer(peer_t *p)
{
        // Why do we need to bind()?
        // See what happens when we don't bind:
        //
        // socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
        // setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
        // gettimeofday({1259071266, 327885}, NULL) = 0
        // sendto(3, "xxx", 48, MSG_DONTWAIT, {sa_family=AF_INET, sin_port=htons(123), sin_addr=inet_addr("10.34.32.125")}, 16) = 48
        // ^^^ we sent it from some source port picked by kernel.
        // time(NULL)              = 1259071266
        // write(2, "ntpd: entering poll 15 secs\n", 28) = 28
        // poll([{fd=3, events=POLLIN}], 1, 15000) = 1 ([{fd=3, revents=POLLIN}])
        // recv(3, "yyy", 68, MSG_DONTWAIT) = 48
        // ^^^ this recv will receive packets to any local port!
        //
        // Uncomment this and use strace to see it in action:
#define PROBE_LOCAL_ADDR // { len_and_sockaddr lsa; lsa.len = LSA_SIZEOF_SA; getsockname(p->query.fd, &lsa.u.sa, &lsa.len); }

        if (p->p_fd == -1) {
                int fd, family;
                len_and_sockaddr *local_lsa;

                family = p->p_lsa->u.sa.sa_family;
                p->p_fd = fd = xsocket_type(&local_lsa, family, SOCK_DGRAM);
                /* local_lsa has "null" address and port 0 now.
                 * bind() ensures we have a *particular port* selected by kernel
                 * and remembered in p->p_fd, thus later recv(p->p_fd)
                 * receives only packets sent to this port.
                 */
                PROBE_LOCAL_ADDR
                xbind(fd, &local_lsa->u.sa, local_lsa->len);
                PROBE_LOCAL_ADDR
#if ENABLE_FEATURE_IPV6
                if (family == AF_INET)
#endif
                        setsockopt(fd, IPPROTO_IP, IP_TOS, &const_IPTOS_LOWDELAY, sizeof(const_IPTOS_LOWDELAY));
                free(local_lsa);
        }

        /*
         * Send out a random 64-bit number as our transmit time.  The NTP
         * server will copy said number into the originate field on the
         * response that it sends us.  This is totally legal per the SNTP spec.
         *
         * The impact of this is two fold: we no longer send out the current
         * system time for the world to see (which may aid an attacker), and
         * it gives us a (not very secure) way of knowing that we're not
         * getting spoofed by an attacker that can't capture our traffic
         * but can spoof packets from the NTP server we're communicating with.
         *
         * Save the real transmit timestamp locally.
         */
        p->p_xmt_msg.m_xmttime.int_partl = random();
        p->p_xmt_msg.m_xmttime.fractionl = random();
        p->p_xmttime = gettime1900d();

        if (do_sendto(p->p_fd, /*from:*/ NULL, /*to:*/ &p->p_lsa->u.sa, /*addrlen:*/ p->p_lsa->len,
                        &p->p_xmt_msg, NTP_MSGSIZE_NOAUTH) == -1
        ) {
                close(p->p_fd);
                p->p_fd = -1;
                set_next(p, INTERVAL_QUERY_PATHETIC);
                return -1;
        }

        if (G.verbose)
                bb_error_msg("sent query to %s", p->p_dotted);
        set_next(p, QUERYTIME_MAX);

        return 0;
}


/* Time is stepped only once, when the first packet from a peer is received.
 */
static void
step_time_once(double offset)
{
        double dtime;
        llist_t *item;
        struct timeval tv;
        char buf[80];
        time_t tval;

        if (G.time_was_stepped)
                goto bail;
        G.time_was_stepped = 1;

        /* if the offset is small, don't step, slew (later) */
        if (offset < STEPTIME_MIN_OFFSET && offset > -STEPTIME_MIN_OFFSET)
                goto bail;

        gettimeofday(&tv, NULL); /* never fails */
        dtime = offset + tv.tv_sec;
        dtime += 1.0e-6 * tv.tv_usec;
        d_to_tv(dtime, &tv);

        if (settimeofday(&tv, NULL) == -1)
                bb_perror_msg_and_die("settimeofday");

        tval = tv.tv_sec;
        strftime(buf, sizeof(buf), "%a %b %e %H:%M:%S %Z %Y", localtime(&tval));

        bb_error_msg("setting clock to %s (offset %fs)", buf, offset);

        for (item = G.ntp_peers; item != NULL; item = item->link) {
                peer_t *p = (peer_t *) item->data;
                p->next_action_time -= (time_t)offset;
        }

 bail:
        if (option_mask32 & OPT_q)
                exit(0);
}


/* Time is periodically slewed when we collect enough
 * good data points.
 */
static int
compare_offsets(const void *aa, const void *bb)
{
        const peer_t *const *a = aa;
        const peer_t *const *b = bb;
        if ((*a)->update.d_offset < (*b)->update.d_offset)
                return -1;
        return ((*a)->update.d_offset > (*b)->update.d_offset);
}
static unsigned
updated_scale(double offset)
{
        if (offset < 0)
                offset = -offset;
        if (offset > QSCALE_OFF_MAX)
                return 1;
        if (offset < QSCALE_OFF_MIN)
                return QSCALE_OFF_MAX / QSCALE_OFF_MIN;
        return QSCALE_OFF_MAX / offset;
}
static void
slew_time(void)
{
        llist_t *item;
        double offset_median;
        struct timeval tv;

        {
                peer_t **peers = xzalloc(sizeof(peers[0]) * G.peer_cnt);
                unsigned goodpeer_cnt = 0;
                unsigned middle;

                for (item = G.ntp_peers; item != NULL; item = item->link) {
                        peer_t *p = (peer_t *) item->data;
                        if (p->p_trustlevel < TRUSTLEVEL_BADPEER)
                                continue;
                        if (!p->update.d_good) {
                                free(peers);
                                return;
                        }
                        peers[goodpeer_cnt++] = p;
                }

                if (goodpeer_cnt == 0) {
                        free(peers);
                        goto clear_good;
                }

                qsort(peers, goodpeer_cnt, sizeof(peers[0]), compare_offsets);

                middle = goodpeer_cnt / 2;
                if (middle != 0 && (goodpeer_cnt & 1) == 0) {
                        offset_median = (peers[middle-1]->update.d_offset + peers[middle]->update.d_offset) / 2;
                        G.rootdelay = (peers[middle-1]->update.d_delay + peers[middle]->update.d_delay) / 2;
                        G.stratum = 1 + MAX(peers[middle-1]->update.d_stratum, peers[middle]->update.d_stratum);
                } else {
                        offset_median = peers[middle]->update.d_offset;
                        G.rootdelay = peers[middle]->update.d_delay;
                        G.stratum = 1 + peers[middle]->update.d_stratum;
                }
                G.leap = peers[middle]->update.d_leap;
                G.refid4 = peers[middle]->update.d_refid4;
                G.refid =
#if ENABLE_FEATURE_IPV6
                        peers[middle]->p_lsa->u.sa.sa_family != AF_INET ?
                                G.refid4 :
#endif
                                peers[middle]->p_lsa->u.sin.sin_addr.s_addr;
                free(peers);
        }
//TODO: if (offset_median > BIG) step_time(offset_median)?

        G.scale = updated_scale(offset_median);

        bb_error_msg("adjusting clock by %fs, our stratum is %u, time scale %u",
                        offset_median, G.stratum, G.scale);

        errno = 0;
        d_to_tv(offset_median, &tv);
        if (adjtime(&tv, &tv) == -1)
                bb_perror_msg_and_die("adjtime failed");
        if (G.verbose >= 2)
                bb_error_msg("old adjust: %d.%06u", (int)tv.tv_sec, (unsigned)tv.tv_usec);

        if (G.first_adj_done) {
                uint8_t synced = (tv.tv_sec == 0 && tv.tv_usec == 0);
                if (synced != G.synced) {
                        G.synced = synced;
                        bb_error_msg("clock is %ssynced", synced ? "" : "un");
                }
        }
        G.first_adj_done = 1;

        G.reftime = gettime1900d();

 clear_good:
        for (item = G.ntp_peers; item != NULL; item = item->link) {
                peer_t *p = (peer_t *) item->data;
                p->update.d_good = 0;
        }
}

static void
update_peer_data(peer_t *p)
{
        /* Clock filter.
         * Find the datapoint with the lowest delay.
         * Use that as the peer update.
         * Invalidate it and all older ones.
         */
        int i;
        int best = -1;
        int good = 0;

        for (i = 0; i < NUM_DATAPOINTS; i++) {
                if (p->p_datapoint[i].d_good) {
                        good++;
                        if (best < 0 || p->p_datapoint[i].d_delay < p->p_datapoint[best].d_delay)
                                best = i;
                }
        }

        if (good < 8) //FIXME: was it meant to be NUM_DATAPOINTS, not 8?
                return;

        p->update = p->p_datapoint[best]; /* struct copy */
        slew_time();

        for (i = 0; i < NUM_DATAPOINTS; i++)
                if (p->p_datapoint[i].d_rcv_time <= p->p_datapoint[best].d_rcv_time)
                        p->p_datapoint[i].d_good = 0;
}

static unsigned
scale_interval(unsigned requested)
{
        unsigned interval, r;
        interval = requested * G.scale;
        r = (unsigned)random() % (unsigned)(MAX(5, interval / 10));
        return (interval + r);
}
static void
recv_and_process_peer_pkt(peer_t *p)
{
        ssize_t     size;
        msg_t       msg;
        double      T1, T2, T3, T4;
        unsigned    interval;
        datapoint_t *datapoint;

        /* We can recvfrom here and check from.IP, but some multihomed
         * ntp servers reply from their *other IP*.
         * TODO: maybe we should check at least what we can: from.port == 123?
         */
        size = recv(p->p_fd, &msg, sizeof(msg), MSG_DONTWAIT);
        if (size == -1) {
                bb_perror_msg("recv(%s) error", p->p_dotted);
                if (errno == EHOSTUNREACH || errno == EHOSTDOWN
                 || errno == ENETUNREACH || errno == ENETDOWN
                 || errno == ECONNREFUSED || errno == EADDRNOTAVAIL
                 || errno == EAGAIN
                ) {
//TODO: always do this?
                        set_next(p, error_interval());
                        goto close_sock;
                }
                xfunc_die();
        }

        if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE) {
                bb_error_msg("malformed packet received from %s", p->p_dotted);
                goto bail;
        }

        if (msg.m_orgtime.int_partl != p->p_xmt_msg.m_xmttime.int_partl
         || msg.m_orgtime.fractionl != p->p_xmt_msg.m_xmttime.fractionl
        ) {
                goto bail;
        }

        if ((msg.m_status & LI_ALARM) == LI_ALARM
         || msg.m_stratum == 0
         || msg.m_stratum > NTP_MAXSTRATUM
        ) {
// TODO: stratum 0 responses may have commands in 32-bit m_refid field:
// "DENY", "RSTR" - peer does not like us at all
// "RATE" - peer is overloaded, reduce polling freq
                interval = error_interval();
                bb_error_msg("reply from %s: not synced, next query in %us", p->p_dotted, interval);
                goto close_sock;
        }

        /*
         * From RFC 2030 (with a correction to the delay math):
         *
         * Timestamp Name          ID   When Generated
         * ------------------------------------------------------------
         * Originate Timestamp     T1   time request sent by client
         * Receive Timestamp       T2   time request received by server
         * Transmit Timestamp      T3   time reply sent by server
         * Destination Timestamp   T4   time reply received by client
         *
         * The roundtrip delay and local clock offset are defined as
         *
         * delay = (T4 - T1) - (T3 - T2); offset = ((T2 - T1) + (T3 - T4)) / 2
         */
        T1 = p->p_xmttime;
        T2 = lfp_to_d(msg.m_rectime);
        T3 = lfp_to_d(msg.m_xmttime);
        T4 = gettime1900d();

        datapoint = &p->p_datapoint[p->p_datapoint_idx];

        datapoint->d_offset = ((T2 - T1) + (T3 - T4)) / 2;
        datapoint->d_delay = (T4 - T1) - (T3 - T2);
        if (datapoint->d_delay < 0) {
                bb_error_msg("reply from %s: negative delay %f", p->p_dotted, datapoint->d_delay);
                interval = error_interval();
                set_next(p, interval);
                goto close_sock;
        }
        //UNUSED: datapoint->d_error = (T2 - T1) - (T3 - T4);
        datapoint->d_rcv_time = (time_t)(T4 - OFFSET_1900_1970); /* = time(NULL); */
        datapoint->d_good = 1;

        datapoint->d_leap = (msg.m_status & LI_MASK);
        //UNUSED: datapoint->o_precision = msg.m_precision_exp;
        //UNUSED: datapoint->o_rootdelay = sfp_to_d(msg.m_rootdelay);
        //UNUSED: datapoint->o_rootdispersion = sfp_to_d(msg.m_dispersion);
        //UNUSED: datapoint->d_refid = ntohl(msg.m_refid);
        datapoint->d_refid4 = msg.m_xmttime.fractionl;
        //UNUSED: datapoint->o_reftime = lfp_to_d(msg.m_reftime);
        //UNUSED: datapoint->o_poll = msg.m_ppoll;
        datapoint->d_stratum = msg.m_stratum;

        if (p->p_trustlevel < TRUSTLEVEL_PATHETIC)
                interval = scale_interval(INTERVAL_QUERY_PATHETIC);
        else if (p->p_trustlevel < TRUSTLEVEL_AGRESSIVE)
                interval = scale_interval(INTERVAL_QUERY_AGRESSIVE);
        else
                interval = scale_interval(INTERVAL_QUERY_NORMAL);

        set_next(p, interval);

        /* Every received reply which we do not discard increases trust */
        if (p->p_trustlevel < TRUSTLEVEL_MAX) {
                p->p_trustlevel++;
                if (p->p_trustlevel == TRUSTLEVEL_BADPEER)
                        bb_error_msg("peer %s now valid", p->p_dotted);
        }

        if (G.verbose)
                bb_error_msg("reply from %s: offset %f delay %f, next query in %us", p->p_dotted,
                        datapoint->d_offset, datapoint->d_delay, interval);

        update_peer_data(p);
//TODO: do it after all peers had a chance to return at least one reply?
        step_time_once(datapoint->d_offset);

        p->p_datapoint_idx++;
        if (p->p_datapoint_idx >= NUM_DATAPOINTS)
                p->p_datapoint_idx = 0;

 close_sock:
        /* We do not expect any more packets from this peer for now.
         * Closing the socket informs kernel about it.
         * We open a new socket when we send a new query.
         */
        close(p->p_fd);
        p->p_fd = -1;
 bail:
        return;
}

#if ENABLE_FEATURE_NTPD_SERVER
static void
recv_and_process_client_pkt(void /*int fd*/)
{
        ssize_t          size;
        uint8_t          version;
        double           rectime;
        len_and_sockaddr *to;
        struct sockaddr  *from;
        msg_t            msg;
        uint8_t          query_status;
        uint8_t          query_ppoll;
        l_fixedpt_t      query_xmttime;

        to = get_sock_lsa(G.listen_fd);
        from = xzalloc(to->len);

        size = recv_from_to(G.listen_fd, &msg, sizeof(msg), MSG_DONTWAIT, from, &to->u.sa, to->len);
        if (size != NTP_MSGSIZE_NOAUTH && size != NTP_MSGSIZE) {
                char *addr;
                if (size < 0) {
                        if (errno == EAGAIN)
                                goto bail;
                        bb_perror_msg_and_die("recv");
                }
                addr = xmalloc_sockaddr2dotted_noport(from);
                bb_error_msg("malformed packet received from %s: size %u", addr, (int)size);
                free(addr);
                goto bail;
        }

        query_status = msg.m_status;
        query_ppoll = msg.m_ppoll;
        query_xmttime = msg.m_xmttime;

        /* Build a reply packet */
        memset(&msg, 0, sizeof(msg));
        msg.m_status = G.synced ? G.leap : LI_ALARM;
        msg.m_status |= (query_status & VERSION_MASK);
        msg.m_status |= ((query_status & MODE_MASK) == MODE_CLIENT) ?
                         MODE_SERVER : MODE_SYM_PAS;
        msg.m_stratum = G.stratum;
        msg.m_ppoll = query_ppoll;
        msg.m_precision_exp = G_precision_exp;
        rectime = gettime1900d();
        msg.m_xmttime = msg.m_rectime = d_to_lfp(rectime);
        msg.m_reftime = d_to_lfp(G.reftime);
        //msg.m_xmttime = d_to_lfp(gettime1900d()); // = msg.m_rectime
        msg.m_orgtime = query_xmttime;
        msg.m_rootdelay = d_to_sfp(G.rootdelay);
        version = (query_status & VERSION_MASK); /* ... >> VERSION_SHIFT - done below instead */
        msg.m_refid = (version > (3 << VERSION_SHIFT)) ? G.refid4 : G.refid;

        /* We reply from the local address packet was sent to,
         * this makes to/from look swapped here: */
        do_sendto(G.listen_fd,
                /*from:*/ &to->u.sa, /*to:*/ from, /*addrlen:*/ to->len,
                &msg, size);

 bail:
        free(to);
        free(from);
}
#endif

/* Upstream ntpd's options:
 *
 * -4   Force DNS resolution of host names to the IPv4 namespace.
 * -6   Force DNS resolution of host names to the IPv6 namespace.
 * -a   Require cryptographic authentication for broadcast client,
 *      multicast client and symmetric passive associations.
 *      This is the default.
 * -A   Do not require cryptographic authentication for broadcast client,
 *      multicast client and symmetric passive associations.
 *      This is almost never a good idea.
 * -b   Enable the client to synchronize to broadcast servers.
 * -c conffile
 *      Specify the name and path of the configuration file,
 *      default /etc/ntp.conf
 * -d   Specify debugging mode. This option may occur more than once,
 *      with each occurrence indicating greater detail of display.
 * -D level
 *      Specify debugging level directly.
 * -f driftfile
 *      Specify the name and path of the frequency file.
 *      This is the same operation as the "driftfile FILE"
 *      configuration command.
 * -g   Normally, ntpd exits with a message to the system log
 *      if the offset exceeds the panic threshold, which is 1000 s
 *      by default. This option allows the time to be set to any value
 *      without restriction; however, this can happen only once.
 *      If the threshold is exceeded after that, ntpd will exit
 *      with a message to the system log. This option can be used
 *      with the -q and -x options. See the tinker command for other options.
 * -i jaildir
 *      Chroot the server to the directory jaildir. This option also implies
 *      that the server attempts to drop root privileges at startup
 *      (otherwise, chroot gives very little additional security).
 *      You may need to also specify a -u option.
 * -k keyfile
 *      Specify the name and path of the symmetric key file,
 *      default /etc/ntp/keys. This is the same operation
 *      as the "keys FILE" configuration command.
 * -l logfile
 *      Specify the name and path of the log file. The default
 *      is the system log file. This is the same operation as
 *      the "logfile FILE" configuration command.
 * -L   Do not listen to virtual IPs. The default is to listen.
 * -n   Don't fork.
 * -N   To the extent permitted by the operating system,
 *      run the ntpd at the highest priority.
 * -p pidfile
 *      Specify the name and path of the file used to record the ntpd
 *      process ID. This is the same operation as the "pidfile FILE"
 *      configuration command.
 * -P priority
 *      To the extent permitted by the operating system,
 *      run the ntpd at the specified priority.
 * -q   Exit the ntpd just after the first time the clock is set.
 *      This behavior mimics that of the ntpdate program, which is
 *      to be retired. The -g and -x options can be used with this option.
 *      Note: The kernel time discipline is disabled with this option.
 * -r broadcastdelay
 *      Specify the default propagation delay from the broadcast/multicast
 *      server to this client. This is necessary only if the delay
 *      cannot be computed automatically by the protocol.
 * -s statsdir
 *      Specify the directory path for files created by the statistics
 *      facility. This is the same operation as the "statsdir DIR"
 *      configuration command.
 * -t key
 *      Add a key number to the trusted key list. This option can occur
 *      more than once.
 * -u user[:group]
 *      Specify a user, and optionally a group, to switch to.
 * -v variable
 * -V variable
 *      Add a system variable listed by default.
 * -x   Normally, the time is slewed if the offset is less than the step
 *      threshold, which is 128 ms by default, and stepped if above
 *      the threshold. This option sets the threshold to 600 s, which is
 *      well within the accuracy window to set the clock manually.
 *      Note: since the slew rate of typical Unix kernels is limited
 *      to 0.5 ms/s, each second of adjustment requires an amortization
 *      interval of 2000 s. Thus, an adjustment as much as 600 s
 *      will take almost 14 days to complete. This option can be used
 *      with the -g and -q options. See the tinker command for other options.
 *      Note: The kernel time discipline is disabled with this option.
 */

/* By doing init in a separate function we decrease stack usage
 * in main loop.
 */
static NOINLINE void ntp_init(char **argv)
{
        unsigned opts;
        llist_t *peers;

        srandom(getpid());

        if (getuid())
                bb_error_msg_and_die(bb_msg_you_must_be_root);

        peers = NULL;
        opt_complementary = "dd:p::"; /* d: counter, p: list */
        opts = getopt32(argv,
                        "nqNx" /* compat */
                        "p:"IF_FEATURE_NTPD_SERVER("l") /* NOT compat */
                        "d" /* compat */
                        "46aAbgL", /* compat, ignored */
                        &peers, &G.verbose);
        if (!(opts & (OPT_p|OPT_l)))
                bb_show_usage();
        if (opts & OPT_x) /* disable stepping, only slew is allowed */
                G.time_was_stepped = 1;
        while (peers)
                add_peers(llist_pop(&peers));
        if (!(opts & OPT_n)) {
                bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO, argv);
                logmode = LOGMODE_NONE;
        }
#if ENABLE_FEATURE_NTPD_SERVER
        G.listen_fd = -1;
        if (opts & OPT_l) {
                G.listen_fd = create_and_bind_dgram_or_die(NULL, 123);
                socket_want_pktinfo(G.listen_fd);
                setsockopt(G.listen_fd, IPPROTO_IP, IP_TOS, &const_IPTOS_LOWDELAY, sizeof(const_IPTOS_LOWDELAY));
        }
#endif
        /* I hesitate to set -20 prio. -15 should be high enough for timekeeping */
        if (opts & OPT_N)
                setpriority(PRIO_PROCESS, 0, -15);

        /* Set some globals */
#if 0
        /* With constant b = 100, G.precision_exp is also constant -6.
         * Uncomment this and you'll see */
        {
                int prec = 0;
                int b;
# if 0
                struct timespec tp;
                /* We can use sys_clock_getres but assuming 10ms tick should be fine */
                clock_getres(CLOCK_REALTIME, &tp);
                tp.tv_sec = 0;
                tp.tv_nsec = 10000000;
                b = 1000000000 / tp.tv_nsec;  /* convert to Hz */
# else
                b = 100; /* b = 1000000000/10000000 = 100 */
# endif
                while (b > 1)
                        prec--, b >>= 1;
                //G.precision_exp = prec;
                bb_error_msg("G.precision_exp:%d", prec); /* -6 */
        }
#endif
        G.scale = 1;

        bb_signals((1 << SIGTERM) | (1 << SIGINT), record_signo);
        bb_signals((1 << SIGPIPE) | (1 << SIGHUP), SIG_IGN);
}

int ntpd_main(int argc UNUSED_PARAM, char **argv) MAIN_EXTERNALLY_VISIBLE;
int ntpd_main(int argc UNUSED_PARAM, char **argv)
{
        struct globals g;
        struct pollfd *pfd;
        peer_t **idx2peer;

        memset(&g, 0, sizeof(g));
        SET_PTR_TO_GLOBALS(&g);

        ntp_init(argv);

        {
                /* if ENABLE_FEATURE_NTPD_SERVER, + 1 for listen_fd: */
                unsigned cnt = g.peer_cnt + ENABLE_FEATURE_NTPD_SERVER;
                idx2peer = xzalloc(sizeof(idx2peer[0]) * cnt);
                pfd = xzalloc(sizeof(pfd[0]) * cnt);
        }

        while (!bb_got_signal) {
                llist_t *item;
                unsigned i, j;
                unsigned sent_cnt, trial_cnt;
                int nfds, timeout;
                time_t cur_time, nextaction;

                /* Nothing between here and poll() blocks for any significant time */

                cur_time = time(NULL);
                nextaction = cur_time + 3600;

                i = 0;
#if ENABLE_FEATURE_NTPD_SERVER
                if (g.listen_fd != -1) {
                        pfd[0].fd = g.listen_fd;
                        pfd[0].events = POLLIN;
                        i++;
                }
#endif
                /* Pass over peer list, send requests, time out on receives */
                sent_cnt = trial_cnt = 0;
                for (item = g.ntp_peers; item != NULL; item = item->link) {
                        peer_t *p = (peer_t *) item->data;

                        /* Overflow-safe "if (p->next_action_time <= cur_time) ..." */
                        if ((int)(cur_time - p->next_action_time) >= 0) {
                                if (p->p_fd == -1) {
                                        /* Time to send new req */
                                        trial_cnt++;
                                        if (send_query_to_peer(p) == 0)
                                                sent_cnt++;
                                } else {
                                        /* Timed out waiting for reply */
                                        close(p->p_fd);
                                        p->p_fd = -1;
                                        timeout = error_interval();
                                        bb_error_msg("timed out waiting for %s, "
                                                        "next query in %us", p->p_dotted, timeout);
                                        if (p->p_trustlevel >= TRUSTLEVEL_BADPEER) {
                                                p->p_trustlevel /= 2;
                                                if (p->p_trustlevel < TRUSTLEVEL_BADPEER)
                                                        bb_error_msg("peer %s now invalid", p->p_dotted);
                                        }
                                        set_next(p, timeout);
                                }
                        }

                        if (p->next_action_time < nextaction)
                                nextaction = p->next_action_time;

                        if (p->p_fd >= 0) {
                                /* Wait for reply from this peer */
                                pfd[i].fd = p->p_fd;
                                pfd[i].events = POLLIN;
                                idx2peer[i] = p;
                                i++;
                        }
                }

                if ((trial_cnt > 0 && sent_cnt == 0) || g.peer_cnt == 0)
                        step_time_once(0); /* no good peers, don't wait */

                timeout = nextaction - cur_time;
                if (timeout < 1)
                        timeout = 1;

                /* Here we may block */
                if (g.verbose >= 2)
                        bb_error_msg("poll %us, sockets:%u", timeout, i);
                nfds = poll(pfd, i, timeout * 1000);
                if (nfds <= 0)
                        continue;

                /* Process any received packets */
                j = 0;
#if ENABLE_FEATURE_NTPD_SERVER
                if (g.listen_fd != -1) {
                        if (pfd[0].revents /* & (POLLIN|POLLERR)*/) {
                                nfds--;
                                recv_and_process_client_pkt(/*g.listen_fd*/);
                        }
                        j = 1;
                }
#endif
                for (; nfds != 0 && j < i; j++) {
                        if (pfd[j].revents /* & (POLLIN|POLLERR)*/) {
                                nfds--;

                                recv_and_process_peer_pkt(idx2peer[j]);
                        }
                }
        } /* while (!bb_got_signal) */

        kill_myself_with_sig(bb_got_signal);
}