In logic, when we want to switch phc, we should check if the new phc
index is valid instead of checking the previous one.
In reality, if we use linux team interface with activebackup mode. As
teamd is a userspace tool, it sets the new slave as active port after
receiving link change message. If we set current active port down and
another slave up. There is a race that we receive the new slave's link
up message while active port(ts_index) is still the old one. This means
we may use a link down interface as ts_index and get phc_index with -1.
If we update the p->phc_index to -1, there will be no possibility to
change it back to other value as we swith phc only when p->phc_index >= 0.
With this fix, we will not switch phc_index until receiving the real
active port(p->iface->ts_info.phc_index >= 0) update message.
Reported-by: Miroslav Lichvar <mlichvar@redhat.com>
Fixes: 536a71031d ("ptp4l: use ts label to get ts info")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
The manpage for recvmsg says -1 will be returned on error, Zero indicates an
"orderly shutdown", presumably only in case of stream sockets.
Further, UNIX Network Programming, Vol 1 says ".. a return value of 0 from
recvfrom is acceptable for a datagram protocol"
Such packets have been observed in the wild, aimed at PTP's multicast
address and port, possibly related to malformed management queries.
Patch to properly check return from recvmesg and not trigger the fault
codepath. Instead, such packets are treated as "Bad Message" the same as
non-zero but still too-short UDP payloads.
Signed-off-by: David Mirabito <davidjm@arista.com>
Adjust checks of logMessageInterval in received packet to prevent 1 of
type int being shifted by values >= 31.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
When inhibit_announce is set, ANNOUNCE_RECEIPT_TIMEOUT_EXPIRES event is
still sent once every state change. Avoid this by explicitly sending
EV_NONE instead.
[ RC - Simplify and keep all of the timer's state maintenance. ]
Signed-off-by: Vedang Patel <vedang.patel@intel.com>
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The "inhibit_announce" and "ignore_source_id" options were introduced
in order to support the automotive profile. That profile happens to
specify using the peer to peer delay mechanism, but there is no reason
to restrict them to that mechanism. As it now stands, enabling these
two options prevents E2E slaves from synchronizing. This patch fixes
the issue by checking the "ignore_source_id" option when accepting E2E
delay response messages.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
This config option will skip the source port identity verification in
the Sync and Follow_up messages. This option is needed when the announce
messages are disabled because the slave cannot know the identity of
master without announce messages.
This is required by Automotive Profile as part of skipping the Best
Master Clock Algorithm (BMCA).
Signed-off-by: Vedang Patel <vedang.patel@intel.com>
This option will accomplish 2 things. On the master, it will stop the
announce messages being sent (by disabling FD_MANNO_TIMER timer). On
slave, it will not configure announce message timeouts (by disabling
FD_ANNOUNCE_TIMEOUT timer).
This config option is needed for the Automotive profile as part of
skipping the Best Master Clock Algorithm (BMCA).
Signed-off-by: Vedang Patel <vedang.patel@intel.com>
This adds config option to specify static roles for master and slave
in the Best Master Clock Algorithm. This is the case for Automotive
Profile where networks are mostly static and role for each device is
known in advance.
masterOnly and slaveOnly will be used to determine the roles for the
devices. Since masterOnly is a per-port config and slaveOnly is a global
config option, role assignment will be slightly odd in case of bridges.
If slaveOnly is set to 1, all the ports will be in slave roles except
for the ones where masterOnly is set to 1. These ports will assume the
master role.
Two new FSMs which will be used for master and slave roles for this
config option have also been added.
Signed-off-by: Vedang Patel <vedang.patel@intel.com>
If set to 'true', this unconditionally sets the asCapable variable. The
usual checks will be applied to asCapable if it is set to 'auto'. The
default value is 'auto'.
This config option is needed by the Automotive Profile. The master will
be able to send out Sync Message as soon as the daemon is started.
Signed-off-by: Vedang Patel <vedang.patel@intel.com>
If foreign clock is NULL, both the clocks are obviously not equal. So,
return 0 in that case.
The above condition (fc == NULL) is not currently encountered. It will
be encoutered in the next few patches which implement static roles for
master and slave.
Signed-off-by: Vedang Patel <vedang.patel@intel.com>
Add attribute maxStepsRemoved which is included in IEEE1588-2017 (v2.1)
It is an optional attribute which can decide if an Announce message is
considered in the operation of the BMCA or not.
Signed-off-by: Anders Selhammer <anders.selhammer@est.tech>
In port_management_fill_response() the TLV descriptor leaked when
not responding.
In port_open() the port would leak with the unsupported management clock
type.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
When using peer to peer one step mode, the normal time stamp handling
of peer delay request messages is bypassed. The hardware subtracts
the ingress time stamp from the correction field and then adds the
egress time into the correction of the response. The configured
latency values are never applied since the hardware has no knowledge
of them. This patch adds in the correction values in this special
case.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
There are two aspects. First, on the receive path, we reply to
unicast peer delay requests in kind. That is, if the peer sends a
unicast delay request, then reply with unicast, too, since this is
obviously what the peer expects.
Second, if configured, we transmit peer delay requests to the
specified unicast peer address.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
All of the callers of transport_peer() use hard coded magic numbers.
This patch fixes them to use the corresponding enumerated values instead.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Consistenly use the pid_eq() and cid_eq() helper functions. Move the
functions into utils.h (making them inline functions) because they are
used in multiple source files.
Signed-off-by: Michael Walle <michael@walle.cc>
ptp4l runs clockcheck on an incoming PTP message before checking its
domain number. If the time on another domain is different, then
clockcheck will trigger spurious synchronization faults.
This patch reorders the logic so that clockcheck only runs on messages
in the same time domain.
Reported-By: Filip Perich <perich@google.com>
Signed-off-by: Cliff Spradlin <cspradlin@google.com>
With increasing unicast support, the code needs to identify unicast
messages more often. This patch replaces the open coded bit field
tests with a more readable in line helper function call.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
According to the standard, unicast Sync messages are to be sent with
the interval field set to 127. This patch adds a test to avoid
incorrectly adopting that value as a new interval.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Richard Hill reported an occasional NULL pointer deference in
port_delay_request() when in hybrid mode.
if (p->hybrid_e2e) {
struct ptp_message *dst = TAILQ_FIRST(&p->best->messages);
msg->address = dst->address;
...
}
The code assumes that the p->best->messages list can't be empty
because:
The function, port_delay_request(), is called only when
FD_DELAY_TIMER expires. That timer is only set by the function,
port_set_delay_tmo(), which is called:
1. from process_delay_resp(), but only when state is UNCALIBRATED
or SLAVE.
2. from port_e2e_transition(), but only when state is UNCALIBRATED
or SLAVE.
Looking at handle_state_decision_event(), a port can only enter
UNCALIBRATED or SLAVE when it has a valid foreign master record,
ie p->best->messages is not null.
A port also only clears p->best->messages when it leaves
UNCALIBRATED or SLAVE, at which point the FD_DELAY_TIMER is also
cleared.
*However* the p->best->messages list *can* be empty if the
FD_ANNOUNCE_TIMER and the FD_DELAY_TIMER expire at the same time. In
this case, the poll() call indicates events on both file descriptors.
The announce timeout is handled like this:
case FD_ANNOUNCE_TIMER:
case FD_SYNC_RX_TIMER:
if (p->best)
fc_clear(p->best);
So then the port_delay_request() call de-references the null
TAILQ_FIRST message pointer.
This patch fixes the issue by re-ordering the timer file descriptors
within the polling list.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Reported-by: Richard Hill <plonta@gmx.de>
According to 1588, PTP message loops are simply someone else's problem
with respect to transparent clocks. Since we are running the BMCA for
syntonization anyway, we might as well go ahead and implement the spanning
tree for PTP messages.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The E2E TC forwards Announce, Delay_Req, Delay_Resp, Management,
Signaling, and Sync messages, and drops P2P Delay messages.
This implementation tracks the GM using the BMCA in order
to syntonize (or possibly even synchronize) with it.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The P2P TC forwards Announce, Management, Signaling, and Sync
messages, consumes P2P Delay messages, and drops E2E Delay messages.
This implementation tracks the GM using the BMCA in order
to syntonize (or possibly even synchronize) with it.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
This patch adds code that sends an event messages received on one port out
all the other ports and calculates the residence time. The correction,
ingress port, and the original message are remembered in a TC transmit
descriptor. These descriptors are recycled in a memory pool in a similar
way to the message buffers.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The transparent clock code will want to set qualification timeouts and
perform end to end delay measurements. This patch exposes the needed
methods.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
When masterOnly is true, the port always returns NULL when computing
its best foreign master. As a result, the port will never enter the
SLAVE state, and the clock will ignore Announce messages received on
that port.
This attribute is specifically called out in G.8275.1 and G.8275.2,
and it is implied by the "master only" mode G.8265.1. In addition,
this option will probably appear in the next revision of IEEE 1588.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The Telecom Profiles G.8275.1 and G.8275.2 have invented a new
per-port and per-clock attribute, not in 1588, called "localPriority".
The use of this attribute is a distinguishing feature of the telecom
data set comparison algorithm.
This patch adds the attribute, hard coded to its default value.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
There is no need to keep two copies of the data set comparison
function. This patch adds a method that allows the port code to
obtain the function from the clock code.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The majority of the callers of transport_send() use hard coded magic
numbers. This patch fixes them to use the corresponding enumerated
values instead.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The PortAddress structure has no space for the actual address and should
be used only as a pointer to a larger buffer.
The issue was reported by gcc with enabled source fortification.
[ RC: Replace magic number with sizeof() macro. ]
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
This patch makes a number of subroutines into global functions in order
to share code with the TC implementations to come.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
This patch places the internal port data structure into a common header
for use by the original BC and the new TC code.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
When computing the next port state based on a FSM event, much of the logic
will stay the same for OC, BC, and TC nodes.
- handling a fault ASAP
- INITIALIZING state handling
- showing the transition in the log
- sending notifications
This patch moves this common code into a global port method, making it
available to future TC implementations.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
This paves the way to allow different implementations for the upcoming
Transparent Clock code.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
The 1588 standard defines one step operation for both Sync and
PDelay_Resp messages. Up until now, hardware with P2P one step has
been rare, and kernel support was lacking. This patch adds support of
the mode in anticipation of new kernel and hardware developments.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Vedang Patel
Hangbin Liu
David Mirabito via Linuxptp-devel
Miroslav Lichvar
Richard Cochran
Anders Selhammer
Rafaël Carré
Michael Walle