system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-09 04:36:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Vendor import of ntp-4.2.8p11.

Browse Source
This commit is contained in:
Xin LI 2018-02-28 06:23:12 +00:00
parent 07ac48c364
commit d14ac12f87
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/ntp/dist/; revision=330102
svn path=/vendor/ntp/4.2.8p11/; revision=330103; tag=vendor/ntp/4.2.8p11
340 changed files with 19223 additions and 11697 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
ChangeLog
View File

@ -1,6 +1,107 @@
---
(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p10)
* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
* Fix trivial warnings from 'make check'. perlinger@ntp.org
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.
---
(4.2.8p10) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <perlinger@ntp.org>

2
Makefile.am
View File

@ -5,10 +5,10 @@ NULL =
# moved sntp first to get libtool and libevent built.
SUBDIRS = \
sntp \
scripts \
include \
libntp \
sntp \
libparse \
ntpd \
ntpdate \

3
Makefile.in
View File

@ -99,6 +99,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -523,10 +524,10 @@ NULL =
# moved sntp first to get libtool and libevent built.
SUBDIRS = \
sntp \
scripts \
include \
libntp \
sntp \
libparse \
ntpd \
ntpdate \

333
NEWS
View File

@ -1,4 +1,331 @@
--
NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
NOTE: this NEWS file will be undergoing more revisions.
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
provides 65 other non-security fixes and improvements:
* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved
association (LOW/MED)
Date Resolved: Stable (4.2.8p11) 27 Feb 2018
References: Sec 3454 / CVE-2018-7185 / VU#961909
Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between
2.9 and 6.8.
CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could
score between 2.6 and 3.1
Summary:
The NTP Protocol allows for both non-authenticated and
authenticated associations, in client/server, symmetric (peer),
and several broadcast modes. In addition to the basic NTP
operational modes, symmetric mode and broadcast servers can
support an interleaved mode of operation. In ntp-4.2.8p4 a bug
was inadvertently introduced into the protocol engine that
allows a non-authenticated zero-origin (reset) packet to reset
an authenticated interleaved peer association. If an attacker
can send a packet with a zero-origin timestamp and the source
IP address of the "other side" of an interleaved association,
the 'victim' ntpd will reset its association. The attacker must
continue sending these packets in order to maintain the
disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6,
interleave mode could be entered dynamically. As of ntp-4.2.8p7,
interleaved mode must be explicitly configured/enabled.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p11, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
If you are unable to upgrade to 4.2.8p11 or later and have
'peer HOST xleave' lines in your ntp.conf file, remove the
'xleave' option.
Have enough sources of time.
Properly monitor your ntpd instances.
If ntpd stops running, auto-restart it without -g .
Credit:
This weakness was discovered by Miroslav Lichvar of Red Hat.
* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad
state (LOW/MED)
Date Resolved: Stable (4.2.8p11) 27 Feb 2018
References: Sec 3453 / CVE-2018-7184 / VU#961909
Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Could score between 2.9 and 6.8.
CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Could score between 2.6 and 6.0.
Summary:
The fix for NtpBug2952 was incomplete, and while it fixed one
problem it created another. Specifically, it drops bad packets
before updating the "received" timestamp. This means a
third-party can inject a packet with a zero-origin timestamp,
meaning the sender wants to reset the association, and the
transmit timestamp in this bogus packet will be saved as the
most recent "received" timestamp. The real remote peer does
not know this value and this will disrupt the association until
the association resets.
Mitigation:
Implement BCP-38.
Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Use authentication with 'peer' mode.
Have enough sources of time.
Properly monitor your ntpd instances.
If ntpd stops running, auto-restart it without -g .
Credit:
This weakness was discovered by Miroslav Lichvar of Red Hat.
* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive
peering (LOW)
Date Resolved: Stable (4.2.8p11) 27 Feb 2018
References: Sec 3415 / CVE-2018-7170 / VU#961909
Sec 3012 / CVE-2016-1549 / VU#718152
Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary:
ntpd can be vulnerable to Sybil attacks. If a system is set up to
use a trustedkey and if one is not using the feature introduced in
ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to
specify which IPs can serve time, a malicious authenticated peer
-- i.e. one where the attacker knows the private symmetric key --
can create arbitrarily-many ephemeral associations in order to win
the clock selection of ntpd and modify a victim's clock. Three
additional protections are offered in ntp-4.2.8p11. One is the
new 'noepeer' directive, which disables symmetric passive
ephemeral peering. Another is the new 'ippeerlimit' directive,
which limits the number of peers that can be created from an IP.
The third extends the functionality of the 4th field in the
ntp.keys file to include specifying a subnet range.
Mitigation:
Implement BCP-38.
Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Use the 'noepeer' directive to prohibit symmetric passive
ephemeral associations.
Use the 'ippeerlimit' directive to limit the number of peers
that can be created from an IP.
Use the 4th argument in the ntp.keys file to limit the IPs and
subnets that can be time servers.
Have enough sources of time.
Properly monitor your ntpd instances.
If ntpd stops running, auto-restart it without -g .
Credit:
This weakness was reported as Bug 3012 by Matthew Van Gundy of
Cisco ASIG, and separately by Stefan Moser as Bug 3415.
* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium)
Date Resolved: 27 Feb 2018
References: Sec 3414 / CVE-2018-7183 / VU#961909
Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary:
ntpq is a monitoring and control program for ntpd. decodearr()
is an internal function of ntpq that is used to -- wait for it --
decode an array in a response string when formatted data is being
displayed. This is a problem in affected versions of ntpq if a
maliciously-altered ntpd returns an array result that will trip this
bug, or if a bad actor is able to read an ntpq request on its way to
a remote ntpd server and forge and send a response before the remote
ntpd sends its response. It's potentially possible that the
malicious data could become injectable/executable code.
Mitigation:
Implement BCP-38.
Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Credit:
This weakness was discovered by Michael Macnair of Thales e-Security.
* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined
behavior and information leak (Info/Medium)
Date Resolved: 27 Feb 2018
References: Sec 3412 / CVE-2018-7182 / VU#961909
Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0 if C:N
Summary:
ctl_getitem() is used by ntpd to process incoming mode 6 packets.
A malicious mode 6 packet can be sent to an ntpd instance, and
if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will
cause ctl_getitem() to read past the end of its buffer.
Mitigation:
Implement BCP-38.
Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Have enough sources of time.
Properly monitor your ntpd instances.
If ntpd stops running, auto-restart it without -g .
Credit:
This weakness was discovered by Yihan Lian of Qihoo 360.
* NTP Bug 3012: Sybil vulnerability: ephemeral association attack
Also see Bug 3415, above.
Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016
Date Resolved: Stable (4.2.8p11) 27 Feb 2018
References: Sec 3012 / CVE-2016-1549 / VU#718152
Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11.
CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary:
ntpd can be vulnerable to Sybil attacks. If a system is set up
to use a trustedkey and if one is not using the feature
introduced in ntp-4.2.8p6 allowing an optional 4th field in the
ntp.keys file to specify which IPs can serve time, a malicious
authenticated peer -- i.e. one where the attacker knows the
private symmetric key -- can create arbitrarily-many ephemeral
associations in order to win the clock selection of ntpd and
modify a victim's clock. Two additional protections are
offered in ntp-4.2.8p11. One is the 'noepeer' directive, which
disables symmetric passive ephemeral peering. The other extends
the functionality of the 4th field in the ntp.keys file to
include specifying a subnet range.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or
the NTP Public Services Project Download Page.
Use the 'noepeer' directive to prohibit symmetric passive
ephemeral associations.
Use the 'ippeerlimit' directive to limit the number of peer
associations from an IP.
Use the 4th argument in the ntp.keys file to limit the IPs
and subnets that can be time servers.
Properly monitor your ntpd instances.
Credit:
This weakness was discovered by Matthew Van Gundy of Cisco ASIG.
* Bug fixes:
[Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
[Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
[Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
[Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
[Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
[Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
[Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
[Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
[Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
[Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
[Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
[Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
[Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
[Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
[Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
[Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
[Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
[Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
[Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
[Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
[Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
[Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
[Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
[Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
[Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
[Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
[Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
[Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
[Bug 2900] libntp build order problem. HStenn.
[Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
[Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
[Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
[Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
Use strlcpy() to copy strings, not memcpy(). HStenn.
Typos. HStenn.
test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
Fix trivial warnings from 'make check'. perlinger@ntp.org
Fix bug in the override portion of the compiler hardening macro. HStenn.
record_raw_stats(): Log entire packet. Log writes. HStenn.
AES-128-CMAC support. BInglis, HStenn, JPerlinger.
sntp: tweak key file logging. HStenn.
sntp: pkt_output(): Improve debug output. HStenn.
update-leap: updates from Paul McMath.
When using pkg-config, report --modversion. HStenn.
Clean up libevent configure checks. HStenn.
sntp: show the IP of who sent us a crypto-NAK. HStenn.
Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
authistrustedip() - use it in more places. HStenn, JPerlinger.
New sysstats: sys_lamport, sys_tsrounding. HStenn.
Update ntp.keys .../N documentation. HStenn.
Distribute testconf.yml. HStenn.
Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
Rename the configuration flag fifo variables. HStenn.
Improve saveconfig output. HStenn.
Decode restrict flags on receive() debug output. HStenn.
Decode interface flags on receive() debug output. HStenn.
Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
Update the documentation in ntp.conf.def . HStenn.
restrictions() must return restrict flags and ippeerlimit. HStenn.
Update ntpq peer documentation to describe the 'p' type. HStenn.
Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
Provide dump_restricts() for debugging. HStenn.
Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Other items:
* update-leap needs the following perl modules:
Net::SSLeay
IO::Socket::SSL
* New sysstats variables: sys_lamport, sys_tsrounding
See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding"
sys_lamport counts the number of observed Lamport violations, while
sys_tsrounding counts observed timestamp rounding events.
* New ntp.conf items:
- restrict ... noepeer
- restrict ... ippeerlimit N
The 'noepeer' directive will disallow all ephemeral/passive peer
requests.
The 'ippeerlimit' directive limits the number of time associations
for each IP in the designated set of addresses. This limit does not
apply to explicitly-configured associations. A value of -1, the current
default, means an unlimited number of associations may connect from a
single IP. 0 means "none", etc. Ordinarily the only way multiple
associations would come from the same IP would be if the remote side
was using a proxy. But a trusted machine might become compromised,
in which case an attacker might spin up multiple authenticated sessions
from different ports. This directive should be helpful in this case.
* New ntp.keys feature: Each IP in the optional list of IPs in the 4th
field may contain a /subnetbits specification, which identifies the
scope of IPs that may use this key. This IP/subnet restriction can be
used to limit the IPs that may use the key in most all situations where
a key is used.
--
NTP 4.2.8p10 (Harlan Stenn <stenn@ntp.org>, 2017/03/21)
Focus: Security, Bug fixes, enhancements.
@ -960,7 +1287,7 @@ following 9 low- and medium-severity vulnerabilities:
Implement BCP-38.
Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your =ntpd= instances
Properly monitor your ntpd instances
Credit: This weakness was discovered by Stephen Gray and
Matthew Van Gundy of Cisco ASIG.
@ -1029,7 +1356,7 @@ following 9 low- and medium-severity vulnerabilities:
Implement BCP-38.
Upgrade to 4.2.8p7, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Properly monitor your =ntpd= instances
Properly monitor your ntpd instances
Credit: This weakness was discovered by Yihan Lian of the Cloud
Security Team, Qihoo 360.
@ -1266,7 +1593,7 @@ following 1 low- and 8 medium-severity vulnerabilities:
Configure 'ntpd' to get time from multiple sources.
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Monitor your 'ntpd= instances.
Monitor your 'ntpd' instances.
Credit: This weakness was discovered by Matthey Van Gundy and
Jonathan Gardner of Cisco ASIG.

1
aclocal.m4 vendored
View File

@ -1339,6 +1339,7 @@ m4_include([sntp/m4/ltoptions.m4])
m4_include([sntp/m4/ltsugar.m4])
m4_include([sntp/m4/ltversion.m4])
m4_include([sntp/m4/lt~obsolete.m4])
m4_include([sntp/m4/ntp_af_unspec.m4])
m4_include([sntp/m4/ntp_cacheversion.m4])
m4_include([sntp/m4/ntp_compiler.m4])
m4_include([sntp/m4/ntp_crosscompile.m4])

2
adjtimed/Makefile.in
View File

@ -108,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -952,7 +953,6 @@ install-exec-hook:
#
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

2
clockstuff/Makefile.in
View File

@ -101,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -793,7 +794,6 @@ uninstall-am:
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

84
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p10.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11.
#
# Report bugs to <http://bugs.ntp.org./>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p10'
PACKAGE_STRING='ntp 4.2.8p10'
PACKAGE_VERSION='4.2.8p11'
PACKAGE_STRING='ntp 4.2.8p11'
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./'
@ -944,6 +944,7 @@ ac_user_opts='
enable_option_checking
enable_silent_rules
enable_dependency_tracking
with_hardenfile
with_locfile
enable_shared
enable_static
@ -1613,7 +1614,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ntp 4.2.8p10 to adapt to many kinds of systems.
\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1683,7 +1684,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p10:";;
short | recursive ) echo "Configuration of ntp 4.2.8p11:";;
esac
cat <<\_ACEOF
@ -1699,6 +1700,7 @@ Optional Features and Packages:
do not reject slow dependency extractors
--disable-dependency-tracking
speeds up one-time build
--with-hardenfile=XXX os-specific or "/dev/null"
--with-locfile=XXX os-specific or "legacy"
--enable-shared[=PKGS] build shared libraries [default=no]
--enable-static[=PKGS] build static libraries [default=yes]
@ -1921,7 +1923,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ntp configure 4.2.8p10
ntp configure 4.2.8p11
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2630,7 +2632,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p10, which was
It was created by ntp $as_me 4.2.8p11, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -3631,7 +3633,7 @@ fi
# Define the identity of the package.
PACKAGE='ntp'
VERSION='4.2.8p10'
VERSION='4.2.8p11'
cat >>confdefs.h <<_ACEOF
@ -6581,11 +6583,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
$as_echo_n "checking for compile/link hardening flags... " >&6; }
# Check whether --with-locfile was given.
if test "${with_locfile+set}" = set; then :
withval=$with_locfile;
# Check whether --with-hardenfile was given.
if test "${with_hardenfile+set}" = set; then :
withval=$with_hardenfile;
else
with_locfile=no
with_hardenfile=no
fi
@ -6593,12 +6595,12 @@ fi
( \
SENTINEL_DIR="$PWD" && \
cd $srcdir/sntp && \
case "$with_locfile" in \
case "$with_hardenfile" in \
yes|no|'') \
scripts/genHardFlags -d "$SENTINEL_DIR" \
;; \
*) \
scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_locfile" \
scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_hardenfile" \
;; \
esac \
) > genHardFlags.i 2> genHardFlags.err
@ -15937,8 +15939,13 @@ $as_echo_n "checking if libevent $ntp_libevent_min_version or later is installed
if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent
then
ntp_use_local_libevent=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5
$as_echo "$as_me: Using the installed libevent" >&6;}
ntp_libevent_version="`$PKG_CONFIG --modversion libevent`"
case "$ntp_libevent_version" in
*.*) ;;
*) ntp_libevent_version='(unknown)' ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5
$as_echo "yes, version $ntp_libevent_version" >&6; }
CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent`
# HMS: I hope the following is accurate.
@ -15966,8 +15973,6 @@ $as_echo "$as_me: Using the installed libevent" >&6;}
LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads"
esac
LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
ntp_use_local_libevent=yes
# HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS
@ -26468,6 +26473,36 @@ fi
done
# We could do a cv check here, but is it worth it?
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <sys/socket.h>
#ifndef AF_UNSPEC
#include "Bletch: AF_UNSPEC is undefined!"
#endif
#if AF_UNSPEC != 0
#include "Bletch: AF_UNSPEC != 0"
#endif
int
main ()
{
{ $as_echo "$as_me:${as_lineno-$LINENO}: AF_UNSPEC is zero, as expected." >&5
$as_echo "$as_me: AF_UNSPEC is zero, as expected." >&6;}
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
$as_echo_n "checking return type of signal handlers... " >&6; }
if ${ac_cv_type_signal+:} false; then :
@ -30114,8 +30149,13 @@ $as_echo_n "checking pkg-config for $pkg... " >&6; }
VER_SUFFIX=o
ntp_openssl=yes
ntp_openssl_from_pkg_config=yes
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`"
case "$ntp_openssl_version" in
*.*) ;;
*) ntp_openssl_version='(unknown)' ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5
$as_echo "yes, version $ntp_openssl_version" >&6; }
break
fi
@ -33924,7 +33964,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ntp $as_me 4.2.8p10, which was
This file was extended by ntp $as_me 4.2.8p11, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -33991,7 +34031,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ntp config.status 4.2.8p10
ntp config.status 4.2.8p11
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

2
configure.ac
View File

@ -528,6 +528,8 @@ AC_CHECK_HEADERS([sys/timex.h], [], [], [
#endif
])
NTP_AF_UNSPEC
AC_TYPE_SIGNAL
AC_TYPE_OFF_T
AC_STRUCT_TM dnl defines TM_IN_SYS_TIME used by refclock_parse.c

4
html/access.html
View File

@ -19,7 +19,7 @@ color: #FF0000;
<p><img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a></p>
<p>The skunk watches for intruders and sprays.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->11-Sep-2010 05:53<!-- #EndDate -->
<!-- #BeginDate format:En2m -->26-Jul-2017 20:10<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -32,7 +32,7 @@ color: #FF0000;
<p>The ACL is specified as a list of <tt>restrict</tt> commands in the following format:</p>
<p><tt>restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></p>
<p>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the <tt><i>address</i></tt> is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 and IPv6 default entries. <tt>restrict source</tt> configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptable, and removed when the association is demobilized.</p>
<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p>
<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p>
<p>An example may clarify how it works. Our campus has two class-B networks, 128.4 for the ECE and CIS departments and 128.175 for the rest of campus. Let's assume (not true!) that subnet 128.4.1 homes critical services like class rosters and spread sheets. A suitable ACL might look like this:</p>
<pre>
restrict default nopeer # deny new associations

182
html/accopt.html
View File

@ -3,89 +3,185 @@
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>Access Control Commands and Options</title>
<!-- Changed by: Harlan &, 13-Nov-2014 -->
<title>Access Control Commands and Options</title> <!-- Changed by: Harlan
&, 13-Nov-2014 -->
<link href="scripts/style.css" type="text/css" rel="stylesheet">
<style type="text/css">
<!--
<style1 {
color: #FF0000;
font-weight: bold;
}
-->
color: #FF0000; font-weight: bold; } -->
</style>
</head>
<body>
<h3>Access Control Commands and Options</h3>
<img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<img src="pic/pogo6.gif" alt="gif"
align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>,
Walt Kelly</a>
<p>The skunk watches for intruders and sprays.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->13-Nov-2014 03:00<!-- #EndDate -->
UTC</p>
<p>Last update: <!-- #BeginDate format:En2m -->7-Jan-2018 23:56<!-- #EndDate
--> UTC</p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/command.txt"></script>
<script type="text/javascript" language="javascript" src="scripts/accopt.txt"></script>
<script type="text/javascript" language="javascript"
src="scripts/command.txt"></script>
<script type="text/javascript" language="javascript"
src="scripts/accopt.txt"></script>
<hr>
<h4>Commands and Options</h4>
<p>Unless noted otherwise, further information about these ccommands is on the <a href="accopt.html">Access Control Support</a> page.</p>
<p>Unless noted otherwise, further information about these ccommands is on
the <a href="accopt.html">Access Control Support</a> page.</p>
<dl>
<dt id="discard"><tt>discard [ average <i>avg</i> ][ minimum <i>min</i> ] [ monitor <i>prob</i> ]</tt></dt>
<dd>Set the parameters of the rate control facility which protects the server from client abuse. If the <tt>limited</tt> flag is present in the ACL, packets that violate these limits are discarded. If, in addition, the <tt>kod</tt> flag is present, a kiss-o'-death packet is returned. See the <a href="rate.html">Rate Management</a> page for further information. The options are:
<dt id="discard"><tt>discard [ average <i>avg</i> ][ minimum <i>min</i> ]
[ monitor <i>prob</i> ]</tt></dt>
<dd>Set the parameters of the rate control facility which protects the
server from client abuse. If the <tt>limited</tt> flag is present in the
ACL, packets that violate these limits are discarded. If, in addition,
the <tt>kod</tt> flag is present, a kiss-o'-death packet is
returned. See the <a href="rate.html">Rate Management</a> page for
further information. The options are:
<dl>
<dt><tt>average <i>avg</i></tt></dt>
<dd>Specify the minimum average interpacket spacing (minimum average headway
time) in log<sub>2</sub> s with default 3.</dd>
<dd>Specify the minimum average interpacket spacing (minimum average
headway time) in log<sub>2</sub> s with default 3.</dd>
<dt><tt>minimum <i>min</i></tt></dt>
<dd>Specify the minimum interpacket spacing (guard time) in seconds with default 2.</dd>
<dd>Specify the minimum interpacket spacing (guard time) in seconds
with default 2.</dd>
<dt><tt>monitor</tt></dt>
<dd>Specify the probability of being recorded for packets that overflow the MRU list size limit set by <tt>mru maxmem</tt> or <tt>mru maxdepth</tt>. This is a performance optimization for servers with aggregate arrivals of 1000 packets per second or more.</dd>
<dd>Specify the probability of being recorded for packets that
overflow the MRU list size limit set by <tt>mru maxmem</tt>
or <tt>mru maxdepth</tt>. This is a performance optimization for
servers with aggregate arrivals of 1000 packets per second or
more.</dd>
</dl>
</dd>
<dt id="restrict"><tt>restrict default [<i>flag</i>][...]<br>
restrict source [<i>flag</i>][...]<br>
restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></dt>
<dd>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the <tt><i>address</i></tt> is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 and IPv6 default entries. <tt>restrict source</tt> configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptible, and removed when the association is demobilized.</dd>
<dd>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server. One or more of the following flags may be specified:</dd>
<dt id="restrict"><tt>restrict [-4 | -6] default [ippeerlimit <i>num</i>]
[<i>flag</i>][...]<br> restrict source [ippeerlimit <i>num</i>]
[<i>flag</i>][...]<br> restrict <i>address</i> [mask <i>mask</i>]
[ippeerlimit <i>num</i>] [<i>flag</i>][...]</tt></dt>
<dd>The <tt><i>address</i></tt> argument expressed in IPv4 or IPv6 numeric
address form is the address of a host or network. Alternatively,
the <tt><i>address</i></tt> argument can be a valid host DNS
name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6
numeric address form defaults to all mask bits on, meaning that
the <tt><i>address</i></tt> is treated as the address of an individual
host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and
address :: mask :: for IPv6) is always the first entry in the
list. <tt>restrict default</tt>, with no mask option, modifies both IPv4
and IPv6 default entries. <tt>restrict source</tt> configures a template
restriction automatically added at runtime for each association, whether
configured, ephemeral, or preemptible, and removed when the association
is demobilized.</dd>
<dd>The optional <tt>ippeerlimit</tt> takes a numeric argument that
indicates how many incoming (at present) peer requests will be permitted
for each IP, regardless of whether or not the request comes from an
authenticated source. A value of -1 means "unlimited", which is the
current default. A value of 0 means "none". Ordinarily one would
expect at most 1 of these sessions to exist per IP, however if the
remote side is operating thru a proxy there would be one association for
each remote peer at that IP.</dd>
<dd>Some flags have the effect to deny service, some have the effect to
enable service and some are conditioned by other flags. The flags are
not orthogonal, in that more restrictive flags will often make less
restrictive ones redundant. The flags that deny service are classed in
two categories, those that restrict time service and those that restrict
informational queries and attempts to do run-time reconfiguration of the
server. One or more of the following flags may be specified:</dd>
<dd>
<dl>
<dt><tt>flake</tt></dt>
<dd>Discard received NTP packets with probability 0.1; that is, on average drop one packet in ten. This is for testing and amusement. The name comes from Bob Braden's <i>flakeway</i>, which once did a similar thing for early Internet testing.</dd>
<dd>Discard received NTP packets with probability 0.1; that is, on
average drop one packet in ten. This is for testing and
amusement. The name comes from Bob Braden's <i>flakeway</i>, which
once did a similar thing for early Internet testing.</dd>
<dt><tt>ignore</tt></dt>
<dd>Deny packets of all kinds, including <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
<dd>Deny packets of all kinds, including <tt>ntpq</tt>
and <tt>ntpdc</tt> queries.</dd>
<dt><tt>kod</tt></dt>
<dd>Send a kiss-o'-death (KoD) packet if the <tt>limited</tt> flag is present and a packet violates the rate limits established by the <tt>discard</tt> command. KoD packets are themselves rate limited for each source address separately. If the <tt>kod</tt> flag is used in a restriction which does not have the <tt>limited</tt> flag, no KoD responses will result.</dd>
<dd>Send a kiss-o'-death (KoD) packet if the <tt>limited</tt> flag is
present and a packet violates the rate limits established by
the <tt>discard</tt> command. KoD packets are themselves rate
limited for each source address separately. If the <tt>kod</tt> flag
is used in a restriction which does not have the <tt>limited</tt>
flag, no KoD responses will result.</dd>
<dt id="limited"><tt>limited</tt></dt>
<dd>Deny time service if the packet violates the rate limits established by the <tt>discard</tt> command. This does not apply to <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
<dd>Deny time service if the packet violates the rate limits
established by the <tt>discard</tt> command. This does not apply
to <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
<dt><tt>lowpriotrap</tt></dt>
<dd>Declare traps set by matching hosts to be low priority. The number of traps a server can maintain is limited (the current limit is 3). Traps are usually assigned on a first come, first served basis, with later trap requestors being denied service. This flag modifies the assignment algorithm by allowing low priority traps to be overridden by later requests for normal priority traps.</dd>
<dd>Declare traps set by matching hosts to be low priority. The number
of traps a server can maintain is limited (the current limit is
3). Traps are usually assigned on a first come, first served basis,
with later trap requestors being denied service. This flag modifies
the assignment algorithm by allowing low priority traps to be
overridden by later requests for normal priority traps.</dd>
<dt><tt>mssntp</tt></dt>
<dd>Enable Microsoft Windows MS-SNTP authentication using Active Directory services. <span class="style1"><b>Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</b></span></dd>
<dd>Enable Microsoft Windows MS-SNTP authentication using Active
Directory services. <span class="style1"><b>Note: Potential users
should be aware that these services involve a TCP connection to
another process that could potentially block, denying services to
other users. Therefore, this flag should be used only for a
dedicated server with no clients other than MS-SNTP.</b></span></dd>
<dt><tt>noepeer</tt></dt>
<dd>Deny packets that would mobilize an ephemeral peering association,
even if authenticated.</dd>
<dt><tt>nomodify</tt></dt>
<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to modify the state of the server (i.e., run time reconfiguration). Queries which return information are permitted.</dd>
<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries which attempt to
modify the state of the server (i.e., run time
reconfiguration). Queries which return information are
permitted.</dd>
<dt><tt>noquery</tt></dt>
<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not affected.</dd>
<dd>Deny <tt>ntpq</tt> and <tt>ntpdc</tt> queries. Time service is not
affected.</dd>
<dt><tt>nopeer</tt></dt>
<dd>Deny packets that might mobilize an association unless authenticated. This includes broadcast, symmetric-active and manycast server packets when a configured association does not exist. It also includes <tt>pool</tt> associations, so if you want to use servers from a <tt>pool</tt> directive and also want to use <tt>nopeer</tt> by default, you'll want a <tt>"restrict source ..."</tt> line as well that does <i>not</i> include the <tt>nopeer</tt> directive. Note that this flag does not apply to packets that do not attempt to mobilize an association. </dd>
<dd>Deny packets that might mobilize an association unless
authenticated. This includes broadcast, symmetric-active and
manycast server packets when a configured association does not
exist. It also includes <tt>pool</tt> associations, so if you want
to use servers from a <tt>pool</tt> directive and also want to
use <tt>nopeer</tt> by default, you'll want a <tt>"restrict source
..."</tt> line as well that does <i>not</i> include
the <tt>nopeer</tt> directive. Note that this flag does not apply
to packets that do not attempt to mobilize an association. </dd>
<dt><tt>noserve</tt></dt>
<dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt> queries.</dd>
<dd>Deny all packets except <tt>ntpq</tt> and <tt>ntpdc</tt>
queries.</dd>
<dt><tt>notrap</tt></dt>
<dd>Decline to provide mode 6 control message trap service to matching hosts. The trap service is a subsystem of the <tt>ntpdc</tt> control message protocol which is intended for use by remote event logging programs.</dd>
<dd>Decline to provide mode 6 control message trap service to matching
hosts. The trap service is a subsystem of the <tt>ntpdc</tt> control
message protocol which is intended for use by remote event logging
programs.</dd>
<dt><tt>notrust</tt></dt>
<dd>Deny packets that are not cryptographically authenticated. Note carefully how this flag interacts with the <tt>auth</tt> option of the <tt>enable</tt> and <tt>disable</tt> commands. If <tt>auth</tt> is enabled, which is the default, authentication is required for all packets that might mobilize an association. If <tt>auth</tt> is disabled, but the <tt>notrust</tt> flag is not present, an association can be mobilized whether or not authenticated. If <tt>auth</tt> is disabled, but the <tt>notrust</tt> flag is present, authentication is required only for the specified address/mask range. </dd>
<dd>Deny packets that are not cryptographically authenticated. Note
carefully how this flag interacts with the <tt>auth</tt> option of
the <tt>enable</tt> and <tt>disable</tt> commands. If <tt>auth</tt>
is enabled, which is the default, authentication is required for all
packets that might mobilize an association. If <tt>auth</tt> is
disabled, but the <tt>notrust</tt> flag is not present, an
association can be mobilized whether or not
authenticated. If <tt>auth</tt> is disabled, but
the <tt>notrust</tt> flag is present, authentication is required
only for the specified address/mask range. </dd>
<dt><tt>ntpport</tt></dt>
<dd>This is actually a match algorithm modifier, rather than a restriction
flag. Its presence causes the restriction entry to be matched only if the
source port in the packet is the standard NTP UDP port (123). A restrict line
containing <tt>ntpport</tt> is considered more specific than one with the
same address and mask, but lacking <tt>ntpport</tt>.</dd>
<dd>This is actually a match algorithm modifier, rather than a
restriction flag. Its presence causes the restriction entry to be
matched only if the source port in the packet is the standard NTP
UDP port (123). A restrict line containing <tt>ntpport</tt> is
considered more specific than one with the same address and mask,
but lacking <tt>ntpport</tt>.</dd>
<dt><tt>version</tt></dt>
<dd>Deny packets that do not match the current NTP version.</dd>
</dl>
</dd>
<dd>Default restriction list entries with the flags <tt>ignore, ntpport</tt>, for each of the local host's interface addresses are inserted into the table at startup to prevent the server from attempting to synchronize to its own time. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted).</dd>
<dd>Default restriction list entries with the flags <tt>ignore,
ntpport</tt>, for each of the local host's interface addresses are
inserted into the table at startup to prevent the server from
attempting to synchronize to its own time. A default entry is also
always present, though if it is otherwise unconfigured; no flags are
associated with the default entry (i.e., everything besides your own
NTP server is unrestricted).</dd>
</dl>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
<script type="text/javascript" language="javascript"
src="scripts/footer.txt"></script>
</body>
</html>

38
html/authentic.html
View File

@ -46,14 +46,40 @@ required.</p>
<p>By default, the client sends non-authenticated packets and the server responds with non-authenticated packets. If the client sends authenticated packets, the server responds with authenticated packets if correct, or a crypto-NAK packet if not. In the case of unsolicited packets which might consume significant resources, such as broadcast or symmetric mode packets, authentication is required, unless overridden by a <tt>disable auth</tt> command. In the current climate of targeted broadcast or &quot;letterbomb&quot; attacks, defeating this requirement would be decidedly dangerous. In any case, the <tt>notrust </tt>flag, described on the <a href="authopt.html">Access Control Options</a> page, can be used to disable access to all but correctly authenticated clients.</p>
<h4 id="symm">Symmetric Key Cryptography</h4>
<p>The original NTPv3 specification (RFC-1305), as well as the current NTPv4 specification (RFC-5905), allows any one of possibly 65,534 message digest keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association. The servers and clients involved must agree on the key ID, key type and key to authenticate NTP packets.</p>
<p>The message digest is a cryptographic hash computed by an algorithm such as MD5 or SHA. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p>
<p>The message digest is a cryptographic hash computed by an algorithm such as MD5, SHA, or AES-128 CMAC. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p>
<p>Keys and related information are specified in a keys file, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can be constructed and edited using an ordinary text editor.</p>
<p> Each line of the keys file consists of three or four fields: a key ID in the range 1 to 65,534, inclusive, a key type, a message digest key consisting of a printable ASCII string less than 40 characters or a 40-character hex digit string, and an optional comma-separated list of IPs that are allowed to serve time. If the OpenSSL library is installed, the key type can be any message digest algorithm supported by the library. If the OpenSSL library is not installed, the only permitted key type is MD5.</p>
<div align="center">
<p><img src="pic/sx5.gif" alt="gif"></p>
<p>Figure 1. Typical Symmetric Key File</p>
</div>
<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be change to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
<table>
<caption style="caption-side: bottom;">
Figure 1. Typical Symmetric Key File
</caption>
<tr><td style="border: 1px solid black; border-spacing: 0;">
<pre style="color:grey;">
# ntpkey_MD5key_bk.ntp.org.3595864945
# Thu Dec 12 19:22:25 2013
1 MD5 L";Nw&lt;`.I&lt;f4U0)247"i # MD5 key
2 MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~ # MD5 key
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
5 MD5 B;fxlKgr/&amp;4ZTbL6=RxA # MD5 key
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
10 MD5 2late4Me # MD5 key
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
</pre></td></tr></table>
<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be changed to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
<p>When <tt>ntpd</tt> is started, it reads the keys file specified by the <tt>keys</tt> command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpq</tt> or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p>
<h4 id="windows">Microsoft Windows Authentication</h4>
<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft Windows MS-SNTP authentication using Active Directory services. This support was contributed by the Samba Team and is still in development. It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> command described on the <a href="accopt.html#restrict">Access Control Options</a> page. <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></p>

4
html/drivers/driver18.html
View File

@ -10,7 +10,7 @@
<h3>NIST/USNO/PTB Modem Time Services</h3>
<p>Author: David L. Mills (mills@udel.edu)<br>
Last update:
<!-- #BeginDate format:En2m -->1-Dec-2012 10:44<!-- #EndDate -->
<!-- #BeginDate format:En2m -->12-Oct-2017 08:13<!-- #EndDate -->
UTC</p>
<hr>
<h4>Synopsis</h4>
@ -43,7 +43,7 @@
...</tt></p>
<p><tt>MJD</tt>, <tt>YR</tt>, <tt>ST</tt>, <tt>UT1</tt> and <tt>UTC(NIST)</tt> are not used by this driver. The <tt>&lt;OTM&gt;</tt> on-time character &quot;<tt>*</tt>&quot; changes to &quot;<tt>#</tt>&quot;&nbsp;when the delay correction is valid.</p>
<p><a href="http://tycho.usno.navy.mil">US Naval Observatory (USNO)</a></p>
<p>Phone: (202) 762-1594 (Washington, DC); (719) 567-6742 (Boulder, CO)</p>
<p>Phone: (202) 762-1594 (Washington, DC); (719) 567-6743 (Colorado Springs, CO)</p>
<p><a href="http://tycho.usno.navy.mil/modem_time.html">Data Format</a> (two lines, repeating at one-second intervals)</p>
<p><tt>jjjjj nnn hhmmss UTC</tt></p>
<p>* on-time character for previous timecode message<br>

5
html/drivers/driver40-ja.html
View File

@ -16,7 +16,7 @@
<body>
<h3>JJY Receivers</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->08-May-2016 00:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->12-Oct-2017 09:05<!-- #EndDate -->
UTC &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="driver40.html">ENGLISH英語</a> &nbsp; <a href="driver40-ja.html">JAPANESE日本語</a></p>
<hr>
<h4>Synopsis</h4>
@ -146,7 +146,8 @@
</li>
<li>
<p><a name="mode-3">エコー計測器 &nbsp; LT-2000</a> &nbsp; <a href="http://www.clock.co.jp/">http://www.clock.co.jp/</a> (日本語)</p><br>
<p><a name="mode-3">エコー計測器 &nbsp; LT-2000</a> &nbsp; <!-- a href="http://www.clock.co.jp/" --></p><br>
<p>エコー計測器株式会社は解散しました。2015年7月に、一部の事業は、フレックタイム株式会社に継承されました。</p><br>
<dl>
<dt>NTPの設定 ( ntp.conf )</dt>
<dd><br>

5
html/drivers/driver40.html
View File

@ -16,7 +16,7 @@
<body>
<h3>JJY Receivers</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->08-May-2016 00:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->12-Oct-2017 09:05<!-- #EndDate -->
UTC &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="driver40.html">ENGLISH</a> &nbsp; <a href="driver40-ja.html">JAPANESE</a></p>
<hr>
<h4>Synopsis</h4>
@ -145,7 +145,8 @@
</li>
<li>
<p><a name="mode-3">Echo Keisokuki Co.,Ltd. &nbsp; LT-2000</a> &nbsp; <a href="http://www.clock.co.jp/">http://www.clock.co.jp/</a> (Japanese only)</p><br>
<p><a name="mode-3">Echo Keisokuki Co.,Ltd. &nbsp; LT-2000</a> &nbsp; <!-- a href="http://www.clock.co.jp/" --></p><br>
<p>Echo Keisokuki was dissolved. Some business of the company was taken over by FreqTime Co., Ltd. in July, 2015.</p><br>
<dl>
<dt>NTP configuration ( ntp.conf )</dt>
<dd><br>

464
html/keygen.html
View File

@ -1,116 +1,354 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>ntp-keygen - generate public and private keys</title>
<link href="scripts/style.css" type="text/css" rel="stylesheet">
</head>
<body>
<h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
<p>Alice holds the key.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->10-Mar-2014 05:11<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
<h4>Table of Contents</h4>
<ul>
<li class="inline"><a href="#synop">Synopsis</a></li>
<li class="inline"><a href="#descrip">Description</a></li>
<li class="inline"><a href="#run">Running the program</a></li>
<li class="inline"><a href="#cmd">Command Line Options</a></li>
<li class="inline"><a href="#rand">Random Seed File</a></li>
<li class="inline"><a href="#fmt">Cryptographic Data Files</a></li>
<li class="inline"><a href="#bug">Bugs</a></li>
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
<p id="intro"><tt>ntp-keygen [ -deGHIMPT ] [ -b <i>modulus</i> ] [ -c [ RSA-MD2 | RSA-MD5 | RSA-SHA
| RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ]
[ -C <i>cipher</i> ] [-i <i>group</i> ] [ -l <em>days</em>]
[ -m <i>modulus</i> ] [ -p <i>passwd1</i> ] [ -q <i>passwd2</i> ]
[ -S [ RSA | DSA ] ] [ -s <i>host</i> ] [ -V <i>nkeys</i> ]</tt></p>
<h4 id="descrip">Description</h4>
<p>This program generates cryptographic data files used by the NTPv4 authentication and identity schemes. It can generate message digest keys used in symmetric key cryptography and, if the OpenSSL software library has been installed, it can generate host keys, sign keys, certificates, and identity keys and parameters used by the Autokey public key cryptography. The message digest keys file is generated in a format compatible with NTPv3. All other files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites.</p>
<p>When used to generate message digest keys, the program produces a file containing
ten pseudo-random printable ASCII strings suitable for the MD5 message digest algorithm included in the distribution. If the OpenSSL library is installed, it produces an additional ten hex-encoded random bit strings suitable for the SHA1 and other message digest algorithms. The message digest keys file must be distributed and stored using secure means beyond the scope of NTP itself. Besides the keys used for ordinary NTP associations, additional keys can be defined as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
<p>The remaining generated files are compatible with other OpenSSL applications and other Public Key Infrastructure (PKI) resources. Certificates generated by this program are compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identity keys are probably not compatible with anything other than Autokey.</p>
<p>Some files used by this program are encrypted using a private password. The <tt>-p</tt> option specifies the password for local encrypted files and the <tt>-q</tt> option the password for encrypted files sent to remote sites. If no password is specified, the host name returned by the Unix <tt>gethostname()</tt> function, normally the DNS name of the host, is used.</p>
<p>The <tt>pw</tt> option of the <tt>crypto</tt> configuration command specifies the read password for previously encrypted local files. This must match the local password used by this program. If not specified, the host name is used. Thus, if files are generated by this program without password, they can be read back by <tt>ntpd</tt> without password, but only on the same host.</p>
<p>Normally, encrypted files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page. The symmetric keys file, normally called <tt>ntp.keys</tt>, is usually installed in <tt>/etc</tt>. Other files and links are usually installed in <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks and cannot be changed by shared clients. The location of the keys directory can be changed by the <tt>keysdir</tt> configuration command in such cases. Normally, this is in <tt>/etc</tt>.</p>
<p>This program directs commentary and error messages to the standard error stream <tt>stderr</tt> and remote files to the standard output stream <tt>stdout</tt> where they can be piped to other applications or redirected to files. The names used for generated files and links all begin with the string <tt>ntpkey</tt> and include the file type, generating host and filestamp, as described in the <a href="#fmt">Cryptographic Data Files</a> section below</p>
<h4 id="run">Running the Program</h4>
<p>To test and gain experience with Autokey concepts, log in as root and change to the keys directory, usually <tt>/usr/local/etc</tt>. When run for the first time, or if all files with names beginning <tt>ntpkey</tt> have been removed, use the <tt>ntp-keygen </tt>command without arguments to generate a default RSA host key and matching RSA-MD5 certificate with expiration date one year hence. If run again without options, the program uses the existing keys and parameters and generates only a new certificate with new expiration date one year hence.</p>
<p>Run the command on as many hosts as necessary. Designate one of them as the trusted host (TH) using <tt>ntp-keygen</tt> with the <tt>-T</tt> option and configure it to synchronize from reliable Internet servers. Then configure the other hosts to synchronize to the TH directly or indirectly. A certificate trail is created when Autokey asks the immediately ascendant host towards the TH to sign its certificate, which is then provided to the immediately descendant host on request. All group hosts should have acyclic certificate trails ending on the TH.</p>
<p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. A different sign key can be assigned using the <tt>-S</tt> option and this can be either RSA or DSA type. By default, the signature message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified using the <tt>-c</tt> option.</p>
<dd>The rules say cryptographic media should be generated with proventic filestamps, which means the host should already be synchronized before this program is run. This of course creates a chicken-and-egg problem when the host is started for the first time. Accordingly, the host time should be set by some other means, such as eyeball-and-wristwatch, at least so that the certificate lifetime is within the current year. After that and when the host is synchronized to a proventic source, the certificate should be re-generated.</dd>
<p>Additional information on trusted groups and identity schemes is on the <a href="autokey.html">Autokey Public-Key Authentication</a> page.</p>
<h4 id="cmd">Command Line Options</h4>
<dl>
<dt><tt>-b <i>modulus</i></tt></dt>
<dd>Set the modulus for generating identity keys to <i>modulus</i> bits. The modulus defaults to 256, but can be set from 256 (32 octets) to 2048 (256 octets). Use the larger moduli with caution, as this can consume considerable computing resources and increases the size of authenticated packets.</dd>
<dt><tt>-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]</tt></dt>
<dd>Select certificate digital signature and message digest scheme. Note that RSA schemes must be used with an RSA sign key and DSA schemes must be used with a DSA sign key. The default without this option is <tt>RSA-MD5</tt>. If compatibility with FIPS 140-2 is required, either the <tt>DSA-SHA</tt> or <tt>DSA-SHA1</tt> scheme must be used.</dd>
<dt><tt>-C <i>cipher</i></tt></dt>
<dd>Select the OpenSSL cipher to use for password-protected keys. The <tt>openssl -h</tt> command provided with OpenSSL displays available ciphers. The default without this option is <tt>des-ede3-cbc</tt>.</dd>
<dt><tt>-d</tt></dt>
<dd>Enable debugging. This option displays the cryptographic data produced for eye-friendly billboards.</dd>
<dt><tt>-e</tt></dt>
<dd>Extract the IFF or GQ public parameters from the <tt>IFFkey</tt> or <tt>GQkey</tt> keys file previously specified. Send the unencrypted data to the standard output stream <tt>stdout</tt>.</dd>
<dt><tt>-G</tt></dt>
<dd>Generate a new encrypted GQ key file for the Guillou-Quisquater (GQ) identity scheme. This option is mutually exclusive with the <tt>-I</tt> and <tt>-V</tt> options.</dd>
<dt><tt>-H</tt></dt>
<dd>Generate a new encrypted RSA public/private host key file.</dd>
<dt><tt>-i <i>group</i></tt></dt>
<dd>Set the optional Autokey group name to <tt><i>group</i></tt>. This is used in the identity scheme parameter file names. In that role, the default is the host name if no group is provided. The group name, if specified using <tt>-i</tt> or using <tt>-s</tt> following an <tt>@</tt> character, is also used in certificate subject and issuer names in the form <tt><i>host</i>@<i>group</i></tt> and should match the group specified via <tt>crypto ident</tt> or <tt>server ident</tt> in ntpd's configuration file.</dd>
<dt><tt>-I</tt></dt>
<dd>Generate a new encrypted IFF key file for the Schnorr (IFF) identity scheme. This option is mutually exclusive with the <tt>-G</tt> and <tt>-V</tt> options.</dd>
<dt><tt>-l <i>days</i></tt></dt>
<dd>Set the lifetime for certificates to <tt><i>days</i></tt>. The default lifetime is one year (365 d).</dd>
<dt><tt>-m <i>modulus</i></tt></dt>
<dd>Set the modulus for generating files to <i>modulus</i> bits. The modulus defaults to 512, but can be set from 256 (32 octets) to 2048 (256 octets). Use the larger moduli with caution, as this can consume considerable computing resources and increases the size of authenticated packets.</dd>
<dt><tt>-M</tt></dt>
<dd>Generate a new keys file containing 10 MD5 keys and 10 SHA keys. An MD5 key is a string of 20 random printable ASCII characters, while a SHA key is a string of 40 random hex digits. The file can be edited using a text editor to change the key type or key content. This option is mutually exclusive with all other option.</dd>
<dt><tt>-P</tt></dt>
<dd>Generate a new private certificate used by the PC identity scheme. By default, the program generates public certificates. Note: the PC identity scheme is not recommended for new installations.</dd>
<dt><tt>-p <i>passwd</i></tt></dt>
<dd>Set the password for reading and writing encrypted files to <tt><i>passwd.</i></tt> These include the host, sign and identify key files. By default, the password is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dt><tt>-q <i>passwd</i></tt></dt>
<dd>Set the password for writing encrypted IFF, GQ and MV identity files redirected to <tt>stdout</tt> to <tt><i>passwd.</i></tt> In effect, these files are decrypted with the <tt>-p</tt> password, then encrypted with the <tt>-q</tt> password. By default, the password is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
<dt><tt>-S [ RSA | DSA ]</tt></dt>
<dd>Generate a new encrypted public/private sign key file of the specified type. By default, the sign key is
the host key and has the same type. If compatibly with FIPS 140-2 is required,
the sign key type must be <tt>DSA</tt>.</dd>
<dt><tt>-s <i>host</i>[@<i>group</i>]</tt></dt>
<dd>Specify the Autokey host name, where <tt><i>host</i></tt> is the host name and <tt><i>group</i></tt> is the optional group name. The host name, and if provided, group name are used in <tt><i>host</i>@<i>group</i></tt> form as certificate subject and issuer. Specifying <tt>-s @<i>group</i></tt> is allowed, and results in leaving the host name unchanged, as with <tt>-i <i>group</i></tt>. The group name, or if no group is provided, the host name are also used in the file names of IFF, GQ, and MV identity scheme parameter files. If <tt><i>host</i></tt> is not specified, the default host name is the string returned by the <tt>gethostname()</tt> routine.</dd>
<dt><tt>-T</tt></dt>
<dd>Generate a trusted certificate. By default, the program generates nontrusted certificates.</dd>
<dt><tt>-V <i>nkeys</i></tt></dt>
<dd>Generate <tt>nkeys</tt> encrypted server keys for the Mu-Varadharajan (MV) identity scheme. This option is mutually exclusive with the <tt>-I</tt> and <tt>-G</tt> options. Note: support for this option should be considered a work in progress.</dd>
</dl>
<h4 id="rand">Random Seed File</h4>
<p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports <tt>ssh</tt>, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the <tt>ntp-keygen</tt> program or <tt>ntpd</tt> daemon.</p>
<p>The OpenSSL library looks for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library looks for the <tt>.rnd</tt> file in the user home directory. Since both the <tt>ntp-keygen</tt> program and <tt>ntpd</tt> daemon must run as root, the logical place to put this file is in <tt>/.rnd</tt> or <tt>/root/.rnd</tt>. If the file is not available or cannot be written, the program exits with a message to the system log.</p>
<h4 id="fmt">Cryptographic Data Files</h4>
<p>File and link names are in the form <tt>ntpkey_<i>key</i>_<i>name</i>.<i>fstamp</i></tt>, where <tt><i>key</i></tt> is the key or parameter type, <tt><i>name</i></tt> is the host or group name and <tt><i>fstamp</i></tt> is the filestamp (NTP seconds) when the file was created). By convention, <em><tt>key</tt></em> names in generated file names include both upper and lower case characters, while <em><tt>key</tt></em> names in generated link names include only lower case characters. The filestamp is not used in generated link names.</p>
<p>The <em><tt>key</tt></em> name is a string defining the cryptographic key type. Key types include public/private keys <tt>host</tt> and <tt>sign</tt>, certificate <tt>cert</tt> and several challenge/response key types. By convention, client files used for challenges have a <tt>par</tt> subtype, as in the IFF challenge <tt>IFFpar</tt>, while server files for responses have a <tt>key</tt> subtype, as in the GQ response <tt>GQkey</tt>.</p>
<p>All files begin with two nonencrypted lines. The first line contains the file name in the format <tt>ntpkey_<i>key</i>_<i>host</i>.<i>fstamp</i></tt>. The second line contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are ignored.</p>
<p>The remainder of the file contains cryptographic data encoded first using ASN.1 rules, then encrypted using the DES-CBC algorithm with given password and finally written in PEM-encoded printable ASCII text preceded and followed by MIME content identifier lines.</p>
<p>The format of the symmetric keys file, ordinarily named <tt>ntp.keys,</tt> is somewhat different than the other files in the interest of backward compatibility. Ordinarily, the file is generated by this program, but it can be constructed and edited using an ordinary text editor.</p>
<div align="center">
<p><img src="pic/sx5.gif" alt="gif"></p>
<p>Figure 1. Typical Symmetric Key File</p>
</div>
<p>Figure 1 shows a typical symmetric keys file used by the reference implementation. Each line of the file contains three fields, first an integer between 1 and 65534, inclusive, representing the key identifier used in the <tt>server</tt> and <tt>peer</tt> configuration commands. Next is the key type for the message digest algorithm, which in the absence of the OpenSSL library must be <tt>MD5</tt> to designate the MD5 message digest algorithm. If the OpenSSL library is installed, the key type can be any message digest algorithm supported by that library. However, if compatibility with FIPS 140-2 is required, the key type must be either <tt>SHA</tt> or <tt>SHA1</tt>. The key type can be changed using an ASCII text editor.</p>
<p> An MD5 key consists of a printable ASCII string less than or equal to 16 characters and terminated by whitespace or a # character. An OpenSSL key consists of a hex-encoded ASCII string of 40 characters, which is truncated as necessary.</p>
<p>Note that the keys used by the <tt>ntpq</tt> and <tt>ntpdc</tt> programs are checked against passwords requested by the programs and entered by hand, so it is generally appropriate to specify these keys in human readable ASCII format.</p>
<p>The <tt>ntp-keygen</tt> program generates a MD5 symmetric keys file <tt>ntpkey_MD5key_<i>hostname.filestamp</i></tt>. Since the file contains private shared keys, it should be visible only to root and distributed by secure means to other subnet hosts. The NTP daemon loads the file <tt>ntp.keys</tt>, so <tt>ntp-keygen</tt> installs a soft link from this name to the generated file. Subsequently, similar soft links must be installed by manual or automated means on the other subnet hosts. While this file is not used with the Autokey Version 2 protocol, it is needed to authenticate some remote configuration commands used by the <a href="ntpq.html"><tt>ntpq</tt></a> and <a href="ntpdc.html"><tt>ntpdc</tt></a> utilities.</p>
<h4 id="bug">Bugs</h4>
<p>It can take quite a while to generate some cryptographic values, from one to several minutes with modern architectures such as UltraSPARC and up to tens of minutes to an hour with older architectures such as SPARC IPC.</p>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
</body>
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<meta name="generator" content="HTML Tidy, see www.w3.org">
<title>ntp-keygen - generate public and private keys</title>
<link href="scripts/style.css" type="text/css" rel="stylesheet">
</head>
<body>
<h3><tt>ntp-keygen</tt> - generate public and private keys</h3>
<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
<p>Alice holds the key.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->11-Jan-2018 11:55<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
<script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
<h4>Table of Contents</h4>
<ul>
<li class="inline"><a href="#synop">Synopsis</a></li>
<li class="inline"><a href="#descrip">Description</a></li>
<li class="inline"><a href="#run">Running the program</a></li>
<li class="inline"><a href="#cmd">Command Line Options</a></li>
<li class="inline"><a href="#rand">Random Seed File</a></li>
<li class="inline"><a href="#fmt">Cryptographic Data Files</a></li>
<li class="inline"><a href="#bug">Bugs</a></li>
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
<p id="intro"><tt>ntp-keygen [ -deGHIMPT ] [ -b <i>modulus</i> ] [ -c [ RSA-MD2 | RSA-MD5 | RSA-SHA
| RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ]
[ -C <i>cipher</i> ] [-i <i>group</i> ] [ -l <em>days</em>]
[ -m <i>modulus</i> ] [ -p <i>passwd1</i> ] [ -q <i>passwd2</i> ]
[ -S [ RSA | DSA ] ] [ -s <i>host</i> ] [ -V <i>nkeys</i> ]</tt></p>
<h4 id="descrip">Description</h4>
<p>This program generates cryptographic data files used by the NTPv4
authentication and identity schemes. It can generate message digest keys
used in symmetric key cryptography and, if the OpenSSL software library
has been installed, it can generate host keys, sign keys, certificates,
and identity keys and parameters used by the Autokey public key
cryptography. The message digest keys file is generated in a format
compatible with NTPv3. All other files are in PEM-encoded printable ASCII
format so they can be embedded as MIME attachments in mail to other
sites.</p>
<p>When used to generate message digest keys, the program produces a file
containing ten pseudo-random printable ASCII strings suitable for the MD5
message digest algorithm included in the distribution. If the OpenSSL
library is installed, it produces an additional ten hex-encoded random bit
strings suitable for the SHA1, AES-128 CMAC, and other message digest
algorithms. The message digest keys file must be distributed and stored
using secure means beyond the scope of NTP itself. Besides the keys used
for ordinary NTP associations, additional keys can be defined as passwords
for the <tt><a href="ntpq.html">ntpq</a></tt>
and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
<p>The remaining generated files are compatible with other OpenSSL
applications and other Public Key Infrastructure (PKI)
resources. Certificates generated by this program are compatible with
extant industry practice, although some users might find the
interpretation of X509v3 extension fields somewhat liberal. However,
the identity keys are probably not compatible with anything other than
Autokey.</p>
<p>Some files used by this program are encrypted using a private
password. The <tt>-p</tt> option specifies the password for local
encrypted files and the <tt>-q</tt> option the password for encrypted
files sent to remote sites. If no password is specified, the host name
returned by the Unix <tt>gethostname()</tt> function, normally the DNS
name of the host, is used.</p>
<p>The <tt>pw</tt> option of the <tt>crypto</tt> configuration command
specifies the read password for previously encrypted local files.
This must match the local password used by this program. If not
specified, the host name is used. Thus, if files are generated by
this program without password, they can be read back by <tt>ntpd</tt>
without password, but only on the same host.</p>
<p>Normally, encrypted files for each host are generated by that host
and used only by that host, although exceptions exist as noted later
on this page. The symmetric keys file, normally
called <tt>ntp.keys</tt>, is usually installed in <tt>/etc</tt>.
Other files and links are usually installed
in <tt>/usr/local/etc</tt>, which is normally in a shared filesystem
in NFS-mounted networks and cannot be changed by shared clients. The
location of the keys directory can be changed by the <tt>keysdir</tt>
configuration command in such cases. Normally, this is
in <tt>/etc</tt>.</p>
<p>This program directs commentary and error messages to the standard
error stream <tt>stderr</tt> and remote files to the standard output
stream <tt>stdout</tt> where they can be piped to other applications
or redirected to files. The names used for generated files and links
all begin with the string <tt>ntpkey</tt> and include the file type,
generating host and filestamp, as described in
the <a href="#fmt">Cryptographic Data Files</a> section below</p>
<h4 id="run">Running the Program</h4>
<p>To test and gain experience with Autokey concepts, log in as root and
change to the keys directory, usually <tt>/usr/local/etc</tt>. When
run for the first time, or if all files with names
beginning <tt>ntpkey</tt> have been removed, use
the <tt>ntp-keygen</tt> command without arguments to generate a
default RSA host key and matching RSA-MD5 certificate with expiration
date one year hence. If run again without options, the program uses
the existing keys and parameters and generates only a new certificate
with new expiration date one year hence.</p>
<p>Run the command on as many hosts as necessary. Designate one of them
as the trusted host (TH) using <tt>ntp-keygen</tt> with
the <tt>-T</tt> option and configure it to synchronize from reliable
Internet servers. Then configure the other hosts to synchronize to
the TH directly or indirectly. A certificate trail is created when
Autokey asks the immediately ascendant host towards the TH to sign its
certificate, which is then provided to the immediately descendant host
on request. All group hosts should have acyclic certificate trails
ending on the TH.</p>
<p>The host key is used to encrypt the cookie when required and so must
be RSA type. By default, the host key is also the sign key used to
encrypt signatures. A different sign key can be assigned using
the <tt>-S</tt> option and this can be either RSA or DSA type. By
default, the signature message digest type is MD5, but any combination
of sign key type and message digest type supported by the OpenSSL
library can be specified using the <tt>-c</tt> option.</p>
<p>The rules say cryptographic media should be generated with proventic
filestamps, which means the host should already be synchronized before
this program is run. This of course creates a chicken-and-egg problem
when the host is started for the first time. Accordingly, the host
time should be set by some other means, such as
eyeball-and-wristwatch, at least so that the certificate lifetime is
within the current year. After that and when the host is synchronized
to a proventic source, the certificate should be re-generated.</p>
<p>Additional information on trusted groups and identity schemes is on
the <a href="autokey.html">Autokey Public-Key Authentication</a>
page.</p>
<h4 id="cmd">Command Line Options</h4>
<dl>
<dt><tt>-b <i>modulus</i></tt></dt>
<dd>Set the modulus for generating identity keys to <i>modulus</i>
bits. The modulus defaults to 256, but can be set from 256 (32
octets) to 2048 (256 octets). Use the larger moduli with caution,
as this can consume considerable computing resources and increases
the size of authenticated packets.</dd>
<dt><tt>-c [ RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ]</tt></dt>
<dd>Select certificate digital signature and message digest scheme.
Note that RSA schemes must be used with an RSA sign key and DSA
schemes must be used with a DSA sign key. The default without this
option is <tt>RSA-MD5</tt>. If compatibility with FIPS 140-2 is
required, either the <tt>DSA-SHA</tt> or <tt>DSA-SHA1</tt> scheme
must be used.</dd>
<dt><tt>-C <i>cipher</i></tt></dt>
<dd>Select the OpenSSL cipher to use for password-protected keys.
The <tt>openssl -h</tt> command provided with OpenSSL displays
available ciphers. The default without this option
is <tt>des-ede3-cbc</tt>.</dd>
<dt><tt>-d</tt></dt>
<dd>Enable debugging. This option displays the cryptographic data
produced for eye-friendly billboards.</dd>
<dt><tt>-e</tt></dt>
<dd>Extract the IFF or GQ public parameters from the <tt>IFFkey</tt>
or <tt>GQkey</tt> keys file previously specified. Send the
unencrypted data to the standard output stream <tt>stdout</tt>.</dd>
<dt><tt>-G</tt></dt>
<dd>Generate a new encrypted GQ key file for the Guillou-Quisquater
(GQ) identity scheme. This option is mutually exclusive with
the <tt>-I</tt> and <tt>-V</tt> options.</dd>
<dt><tt>-H</tt></dt>
<dd>Generate a new encrypted RSA public/private host key file.</dd>
<dt><tt>-i <i>group</i></tt></dt>
<dd>Set the optional Autokey group name to <tt><i>group</i></tt>. This
is used in the identity scheme parameter file names. In that role,
the default is the host name if no group is provided. The group
name, if specified using <tt>-i</tt> or using <tt>-s</tt> following
an <tt>@</tt> character, is also used in certificate subject and
issuer names in the form <tt><i>host</i>@<i>group</i></tt> and
should match the group specified via <tt>crypto ident</tt>
or <tt>server ident</tt> in ntpd's configuration file.</dd>
<dt><tt>-I</tt></dt>
<dd>Generate a new encrypted IFF key file for the Schnorr (IFF)
identity scheme. This option is mutually exclusive with
the <tt>-G</tt> and <tt>-V</tt> options.</dd>
<dt><tt>-l <i>days</i></tt></dt>
<dd>Set the lifetime for certificates to <tt><i>days</i></tt>. The
default lifetime is one year (365 d).</dd>
<dt><tt>-m <i>modulus</i></tt></dt>
<dd>Set the modulus for generating files to <i>modulus</i> bits. The
modulus defaults to 512, but can be set from 256 (32 octets) to 2048
(256 octets). Use the larger moduli with caution, as this can
consume considerable computing resources and increases the size of
authenticated packets.</dd>
<dt><tt>-M</tt></dt>
<dd>Generate a new keys file containing 10 MD5 keys and 10 SHA keys.
An MD5 key is a string of 20 random printable ASCII characters,
while a SHA key is a string of 40 random hex digits. The file can be
edited using a text editor to change the key type or key content.
This option is mutually exclusive with all other options.</dd>
<dt><tt>-P</tt></dt>
<dd>Generate a new private certificate used by the PC identity scheme.
By default, the program generates public certificates. Note: the PC
identity scheme is not recommended for new installations.</dd>
<dt><tt>-p <i>passwd</i></tt></dt>
<dd>Set the password for reading and writing encrypted files
to <tt><i>passwd</i></tt>. These include the host, sign and
identify key files. By default, the password is the string returned
by the Unix <tt>gethostname()</tt> routine.</dd>
<dt><tt>-q <i>passwd</i></tt></dt>
<dd>Set the password for writing encrypted IFF, GQ and MV identity
files redirected to <tt>stdout</tt> to <tt><i>passwd</i></tt>=. In
effect, these files are decrypted with the <tt>-p</tt> password,
then encrypted with the <tt>-q</tt> password. By default, the
password is the string returned by the Unix <tt>gethostname()</tt>
routine.</dd>
<dt><tt>-S [ RSA | DSA ]</tt></dt>
<dd>Generate a new encrypted public/private sign key file of the
specified type. By default, the sign key is the host key and has
the same type. If compatibly with FIPS 140-2 is required, the sign
key type must be <tt>DSA</tt>.</dd>
<dt><tt>-s <i>host</i>[@<i>group</i>]</tt></dt>
<dd>Specify the Autokey host name, where <tt><i>host</i></tt> is the
host name and <tt><i>group</i></tt> is the optional group name. The
host name, and if provided, group name are used
in <tt><i>host</i>@<i>group</i></tt> form as certificate subject and
issuer. Specifying <tt>-s @<i>group</i></tt> is allowed, and
results in leaving the host name unchanged, as
with <tt>-i <i>group</i></tt>. The group name, or if no group is
provided, the host name are also used in the file names of IFF, GQ,
and MV identity scheme parameter files. If <tt><i>host</i></tt> is
not specified, the default host name is the string returned by
the <tt>gethostname()</tt> routine.</dd>
<dt><tt>-T</tt></dt>
<dd>Generate a trusted certificate. By default, the program generates
nontrusted certificates.</dd>
<dt><tt>-V <i>nkeys</i></tt></dt>
<dd>Generate <tt>nkeys</tt> encrypted server keys for the
Mu-Varadharajan (MV) identity scheme. This option is mutually
exclusive with the <tt>-I</tt> and <tt>-G</tt> options. Note:
support for this option should be considered a work in
progress.</dd>
</dl>
<h4 id="rand">Random Seed File</h4>
<p>All cryptographically sound key generation schemes must have means to
randomize the entropy seed used to initialize the internal
pseudo-random number generator used by the OpenSSL library routines.
If a site supports <tt>ssh</tt>, it is very likely that means to do
this are already available. The entropy seed used by the OpenSSL
library is contained in a file, usually called <tt>.rnd</tt>, which
must be available when starting the <tt>ntp-keygen</tt> program
or <tt>ntpd</tt> daemon.</p>
<p>The OpenSSL library looks for the file using the path specified by
the <tt>RANDFILE</tt> environment variable in the user home directory,
whether root or some other user. If the <tt>RANDFILE</tt> environment
variable is not present, the library looks for the <tt>.rnd</tt> file
in the user home directory. Since both the <tt>ntp-keygen</tt>
program and <tt>ntpd</tt> daemon must run as root, the logical place
to put this file is in <tt>/.rnd</tt> or <tt>/root/.rnd</tt>. If the
file is not available or cannot be written, the program exits with a
message to the system log.</p>
<h4 id="fmt">Cryptographic Data Files</h4>
<p>File and link names are in the
form <tt>ntpkey_<i>key</i>_<i>name</i>.<i>fstamp</i></tt>,
where <tt><i>key</i></tt> is the key or parameter
type, <tt><i>name</i></tt> is the host or group name
and <tt><i>fstamp</i></tt> is the filestamp (NTP seconds) when the
file was created). By convention, <em><tt>key</tt></em> names in
generated file names include both upper and lower case characters,
while <em><tt>key</tt></em> names in generated link names include only
lower case characters. The filestamp is not used in generated link
names.</p>
<p>The <em><tt>key</tt></em> name is a string defining the cryptographic
key type. Key types include public/private keys <tt>host</tt>
and <tt>sign</tt>, certificate <tt>cert</tt> and several
challenge/response key types. By convention, client files used for
challenges have a <tt>par</tt> subtype, as in the IFF
challenge <tt>IFFpar</tt>, while server files for responses have
a <tt>key</tt> subtype, as in the GQ response <tt>GQkey</tt>.</p>
<p>All files begin with two nonencrypted lines. The first line contains
the file name in the
format <tt>ntpkey_<i>key</i>_<i>host</i>.<i>fstamp</i></tt>. The second
line contains the datestamp in conventional Unix <tt>date</tt> format.
Lines beginning with <tt>#</tt> are ignored.</p>
<p>The remainder of the file contains cryptographic data encoded first
using ASN.1 rules, then encrypted using the DES-CBC algorithm with
given password and finally written in PEM-encoded printable ASCII text
preceded and followed by MIME content identifier lines.</p>
<p>The format of the symmetric keys file, ordinarily
named <tt>ntp.keys,</tt> is somewhat different than the other files in
the interest of backward compatibility. Ordinarily, the file is
generated by this program, but it can be constructed and edited using
an ordinary text editor.</p>
<table>
<caption style="caption-side: bottom;">
Figure 1. Typical Symmetric Key File
</caption>
<tr><td style="border: 1px solid black; border-spacing: 0;">
<pre style="color:grey;">
# ntpkey_MD5key_bk.ntp.org.3595864945
# Thu Dec 12 19:22:25 2013
1 MD5 L";Nw&lt;`.I&lt;f4U0)247"i # MD5 key
2 MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~ # MD5 key
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
5 MD5 B;fxlKgr/&amp;4ZTbL6=RxA # MD5 key
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
8 MD5 45:V,r4]l6y^JH6.Sh?F # MD5 key
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
10 MD5 2late4Me # MD5 key
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
21 MD5 sampo 10.1.2.3/24
</pre></td></tr></table>
<p>Figure 1 shows a typical symmetric keys file used by the reference
implementation. Each line of the file contains three or four fields,
first an integer between 1 and 65534, inclusive, representing the key
identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
commands. Second is the key type for the message digest algorithm,
which in the absence of the OpenSSL library must be <tt>MD5</tt> to
designate the MD5 message digest algorithm. If the OpenSSL library is
installed, the key type can be any message digest algorithm supported
by that library. However, if compatibility with FIPS 140-2 is
required, the key type must be either <tt>SHA</tt> or <tt>SHA1</tt>.
The key type can be changed using an ASCII text editor.</p>
<p>The third field is the key.</p>
<p>An MD5 key consists of a printable ASCII string less than or equal to
16 characters and terminated by whitespace or a # character. An
OpenSSL key consists of a hex-encoded ASCII string of 40 characters,
which is truncated as necessary.</p>
<p>Note that the keys used by the <tt>ntpq</tt> and <tt>ntpdc</tt>
programs are checked against passwords requested by the programs and
entered by hand, so it is generally appropriate to specify these keys
in human readable ASCII format.</p>
<p>The optional fourth field is one or more IPs, with each IP separated
with a comma. An IP may end with an optional <tt>/subnetbits</tt>
suffix, which limits the acceptance of the key identifier to packets
claiming to be from the described IP space.</p>
<p>The <tt>ntp-keygen</tt> program generates a MD5 symmetric keys
file <tt>ntpkey_MD5key_<i>hostname.filestamp</i></tt>. Since the file
contains private shared keys, it should be visible only to root and
distributed by secure means to other subnet hosts. The NTP daemon
loads the file <tt>ntp.keys</tt>, so <tt>ntp-keygen</tt> installs a
soft link from this name to the generated file. Subsequently, similar
soft links must be installed by manual or automated means on the other
subnet hosts. While this file is not used with the Autokey Version 2
protocol, it is needed to authenticate some remote configuration
commands used by the <a href="ntpq.html"><tt>ntpq</tt></a>
and <a href="ntpdc.html"><tt>ntpdc</tt></a> utilities.</p>
<h4 id="bug">Bugs</h4>
<p>It can take quite a while to generate some cryptographic values.</p>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
</body>
</html>

12
html/miscopt.html
View File

@ -3,7 +3,6 @@
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<title>Miscellaneous Commands and Options</title>
<!-- Changed by: Harlan Stenn, 17-Nov-2015 -->
<link href="scripts/style.css" type="text/css" rel="stylesheet">
</head>
<body>
@ -11,7 +10,7 @@
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>We have three, now looking for more.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->9-Nov-2016 12:26<!-- #EndDate -->
<!-- #BeginDate format:En2m -->14-Oct-2017 08:34<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -105,7 +104,10 @@
<dt id="nonvolatile"><tt>nonvolatile <i>threshold</i></tt></dt>
<dd>Specify the <i><tt>threshold</tt></i> in seconds to write the frequency file, with default of 1e-7 (0.1 PPM). The frequency file is inspected each hour. If the difference between the current frequency and the last value written exceeds the threshold, the file is written and the <tt><em>threshold</em></tt> becomes the new threshold value. If the threshold is not exceeded, it is reduced by half. This is intended to reduce the frequency of unnecessary file writes for embedded systems with nonvolatile memory.</dd>
<dt id="phone"><tt>phone <i>dial</i> ...</tt></dt>
<dd>This command is used in conjunction with the ACTS modem driver (type 18). The arguments consist of a maximum of 10 telephone numbers used to dial USNO, NIST or European time services. The Hayes command ATDT&nbsp;is normally prepended to the number, which can contain other modem control codes as well.</dd>
<dd>This command is used in conjunction with the ACTS modem driver (type 18) or the JJY driver (type 40 mode 100 - 180).
For the ACTS modem driver (type 18), the arguments consist of a maximum of 10 telephone numbers used to dial USNO, NIST or European time services.
For the JJY driver (type 40 mode 100 - 180), the argument is one telephone number used to dial the telephone JJY service.
The Hayes command ATDT&nbsp;is normally prepended to the number, which can contain other modem control codes as well.</dd>
<dt id="reset"><tt>reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer]</tt></dt>
<dd>Reset one or more groups of counters maintained by ntpd and exposed by <tt>ntpq</tt> and <tt>ntpdc</tt>.</dd>
<dt id="rlimit"><tt>rlimit [memlock <i>Nmegabytes</i> | stacksize <i>N4kPages</i> | filenum <i>Nfiledescriptors</i>]</tt></dt>
@ -145,10 +147,12 @@
<dd>Specifies the stepout threshold in seconds. The default without this command is 300 s. Since this option also affects the training and startup intervals, it should not be set less than the default. Further details are on the <a href="clock.html">Clock State Machine</a> page.</dd>
</dl>
</dd>
<dt id="tos"><tt>tos [bcpollbstep <i>poll-gate</i> | beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> | orphanwait <em>delay</em>]</tt></dt>
<dt id="tos"><tt>tos [basedate <i>date<i> | bcpollbstep <i>poll-gate</i> | beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> | orphanwait <em>delay</em>]</tt></dt>
<dd>This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:</dd>
<dd>
<dl>
<dt><tt>basedate <i>date</i></tt></dt>
<dd>Set NTP era anchor. <tt><i>date</i></tt> is either a date in ISO8601 format (<i>YYYY-MM-DD<i>) or an integer giving the days since 1900-01-01, the start of the NTP epoch. <tt>ntpd</tt> will clamp the system time to an era starting with the begin of this this day (00:00:00Z), covering a range of 2<sup>32</sup> seconds or roughly 136 years. The default is the begin of the UNIX epoch, 1970-01-01.</dd>
<dt><tt>bcpollbstep <i>poll-gate</i></tt></dt>
<dd>This option will cause the client to delay believing backward time steps from a broadcast server for <tt>bcpollbstep</tt> poll intervals. NTP Broadcast networks are expected to be trusted, and if the server's time gets stepped backwards then it's desireable that the clients follow this change as soon as possible. However, in spite of various protections built-in to the broadcast protocol, it is possible that an attacker could perform a carefully-constructed replay attack and cause clients to erroneously step their clocks backward. If the risk of a successful broadcast replay attack is greater than the risk of the clients being out of sync in the event that there is a backward step on the broadcast time servers, this option may be used to cause the clients to delay beliveving backward time steps until <i>poll-gate</i> consecutive polls have been received. The default is 0, which means the client will accept these steps upon receipt. Any value from 0 to 4 can be specified.</dd>
<dt><tt>beacon <i>beacon</i></tt></dt>

28
html/monopt.html
View File

@ -11,7 +11,7 @@
<img src="pic/pogo8.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html"></a> from <i>Pogo</i>, Walt Kelly</a>
<p>Pig was hired to watch the logs.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->14-Feb-2016 09:38<!-- #EndDate -->
<!-- #BeginDate format:En2m -->7-Dec-2017 10:17<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
@ -341,8 +341,10 @@
the <a href="decode.html">Event Messages and Status Words</a> page.</dd>
<dt><tt>rawstats</tt></dt>
<dd>Record timestamp statistics. Each NTP packet received appends one line to
the <tt>rawstats</tt> file set:</dd>
the <tt>rawstats</tt> file set. As of ntp-4.2.8p11, each NTP packet written appends one line to the <tt>rawstats</tt> file set, as well. The format of this line is:</dd>
<dd><tt>56285 54575.160 128.4.1.1 192.168.1.5 3565350574.400229473 3565350574.442385200 3565350574.442436000 3565350575.154505763 0 4 4 1 8 -21 0.000000 0.000320 .PPS.</tt></dd>
<dd><tt>56285 54575.160 128.4.1.1 192.168.1.5 3565350574.400229473 3565350574.442385200 3565350574.442436000 3565350575.154505763 0 4 4 1 8 -21 0.000000 0.000320 .PPS. 4: 0000</tt></dd>
</tt></dd>
<dd>
<table width="100%" border="1" cellspacing="2" cellpadding="2">
<tr>
@ -431,9 +433,23 @@
<td>total dispersion to the primary reference clock</td>
</tr>
<tr>
<td><tt>PPS.</tt></td>
<td>IP or text</td>
<td>refid, association ID</td>
<td><tt>.PPS.</tt></td>
<td>REFID</td>
<td>system peer, association ID</td>
</tr>
<tr>
<td></td>
<td></td>
<td>If there is data beyond the base packet:</td>
</tr>
<tr>
<td><tt>4:</tt></td>
<td>Integer</td>
<td>Length, in bytes</td>
</tr>
<tr>
<td><tt>0000</tt></td>
<td>Hex data</td>
</tr>
</table>
</dd>
@ -516,7 +532,7 @@
</table>
</dd>
<dt><tt>timingstats</tt></dt>
<dd>(Only available when the deamon is compiled with process time debugging
<dd>(Only available when the daemon is compiled with process time debugging
support (--enable-debug-timing - costs performance). Record processing time
statistics for various selected code paths.</dd>
<dd><tt>53876 36.920 10.0.3.5 1 0.000014592 input processing delay</tt></dd>

17
html/ntpq.html
View File

@ -11,7 +11,7 @@
<img src="pic/bustardfly.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>A typical NTP monitoring packet</p>
<p>Last update:
<!-- #BeginDate format:En2m -->31-Jan-2014 06:54<!-- #EndDate -->
<!-- #BeginDate format:En2m -->24-Jan-2018 08:35<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>More Help</h4>
@ -71,7 +71,7 @@
<dt id="keyid"><tt>keyid <i>keyid</i></tt></dt>
<dd>This command specifies the key number to be used to authenticate configuration requests. This must correspond to a key ID configured in <tt>ntp.conf</tt> for this purpose.</dd>
<dt id="keytype"><tt>keytype</tt></dt>
<dd>Specify the digest algorithm to use for authenticated requests, with default <tt>MD5</tt>. If the OpenSSL library is installed, digest can be be any message digest algorithm supported by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5</tt>, <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>.</dd>
<dd>Specify the digest algorithm to use for authenticated requests, with default <tt>MD5</tt>. If the OpenSSL library is installed, digest can be be any message digest algorithm supported by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5</tt>, <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt>, <tt>SHA1</tt>, and <tt>AES128CMAC</tt>.</dd>
<dt id="ntpversion"><tt>ntpversion 1 | 2 | 3 | 4</tt></dt>
<dd>Sets the NTP version number which <tt>ntpq</tt> claims in packets. Defaults to 2, Note that mode-6 control messages (and modes, for that matter) didn't exist in NTP version 1.</dd>
<dt id="passwd"><tt>passwd</tt></dt>
@ -232,9 +232,16 @@
</tr>
<tr>
<td><tt>t</tt></td>
<td><tt>u</tt>: unicast or manycast client, <tt>b</tt>:
broadcast or multicast client, <tt>l</tt>: local (reference clock), <tt>s</tt>: symmetric (peer), <tt>A</tt>: manycast server, <tt>B</tt>:
broadcast server, <tt>M</tt>: multicast server</td>
<td>
<tt>u</tt>: unicast or manycast client,
<tt>b</tt>: broadcast or multicast client,
<tt>p</tt>: pool source,
<tt>l</tt>: local (reference clock),
<tt>s</tt>: symmetric (peer),
<tt>A</tt>: manycast server,
<tt>B</tt>: broadcast server,
<tt>M</tt>: multicast server
</td>
</tr>
<tr>
<td><tt>when</tt></td>

1
include/Makefile.in
View File

@ -100,6 +100,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \

1
include/isc/Makefile.in
View File

@ -100,6 +100,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \

68
include/ntp.h
View File

@ -553,11 +553,13 @@ struct pkt {
l_fp rec; /* receive time stamp */
l_fp xmt; /* transmit time stamp */
#define MIN_V4_PKT_LEN (12 * sizeof(u_int32)) /* min header length */
#define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */
#define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */
#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */
#define MIN_V4_PKT_LEN (12 * sizeof(u_int32)) /* min header length */
#define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */
#define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */
#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */
#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* SHA */
#define KEY_MAC_LEN sizeof(u_int32) /* key ID in MAC */
#define MAX_MDG_LEN (MAX_MAC_LEN-KEY_MAC_LEN) /* max. digest len */
/*
* The length of the packet less MAC must be a multiple of 64
@ -822,11 +824,12 @@ typedef struct res_addr6_tag {
typedef struct restrict_u_tag restrict_u;
struct restrict_u_tag {
restrict_u * link; /* link to next entry */
u_int32 count; /* number of packets matched */
u_short flags; /* accesslist flags */
u_short mflags; /* match flags */
u_long expire; /* valid until time */
restrict_u * link; /* link to next entry */
u_int32 count; /* number of packets matched */
u_short rflags; /* restrict (accesslist) flags */
u_short mflags; /* match flags */
short ippeerlimit; /* IP peer limit */
u_long expire; /* valid until time */
union { /* variant starting here */
res_addr4 v4;
res_addr6 v6;
@ -837,28 +840,40 @@ struct restrict_u_tag {
#define V6_SIZEOF_RESTRICT_U (offsetof(restrict_u, u) \
+ sizeof(res_addr6))
typedef struct r4addr_tag r4addr;
struct r4addr_tag {
u_short rflags; /* match flags */
short ippeerlimit; /* IP peer limit */
};
char *build_iflags(u_int32 flags);
char *build_mflags(u_short mflags);
char *build_rflags(u_short rflags);
/*
* Access flags
* Restrict (Access) flags (rflags)
*/
#define RES_IGNORE 0x0001 /* ignore packet */
#define RES_DONTSERVE 0x0002 /* access denied */
#define RES_DONTTRUST 0x0004 /* authentication required */
#define RES_VERSION 0x0008 /* version mismatch */
#define RES_NOPEER 0x0010 /* new association denied */
#define RES_LIMITED 0x0020 /* packet rate exceeded */
#define RES_NOEPEER 0x0020 /* new ephemeral association denied */
#define RES_LIMITED 0x0040 /* packet rate exceeded */
#define RES_FLAGS (RES_IGNORE | RES_DONTSERVE |\
RES_DONTTRUST | RES_VERSION |\
RES_NOPEER | RES_LIMITED)
RES_NOPEER | RES_NOEPEER | RES_LIMITED)
#define RES_NOQUERY 0x0040 /* mode 6/7 packet denied */
#define RES_NOMODIFY 0x0080 /* mode 6/7 modify denied */
#define RES_NOTRAP 0x0100 /* mode 6/7 set trap denied */
#define RES_LPTRAP 0x0200 /* mode 6/7 low priority trap */
#define RES_NOQUERY 0x0080 /* mode 6/7 packet denied */
#define RES_NOMODIFY 0x0100 /* mode 6/7 modify denied */
#define RES_NOTRAP 0x0200 /* mode 6/7 set trap denied */
#define RES_LPTRAP 0x0400 /* mode 6/7 low priority trap */
#define RES_KOD 0x0400 /* send kiss of death packet */
#define RES_MSSNTP 0x0800 /* enable MS-SNTP authentication */
#define RES_FLAKE 0x1000 /* flakeway - drop 10% */
#define RES_NOMRULIST 0x2000 /* mode 6 mrulist denied */
#define RES_KOD 0x0800 /* send kiss of death packet */
#define RES_MSSNTP 0x1000 /* enable MS-SNTP authentication */
#define RES_FLAKE 0x2000 /* flakeway - drop 10% */
#define RES_NOMRULIST 0x4000 /* mode 6 mrulist denied */
#define RES_UNUSED 0x8000 /* Unused flag bits */
#define RES_ALLFLAGS (RES_FLAGS | RES_NOQUERY | \
RES_NOMODIFY | RES_NOTRAP | \
@ -867,7 +882,7 @@ struct restrict_u_tag {
RES_NOMRULIST)
/*
* Match flags
* Match flags (mflags)
*/
#define RESM_INTERFACE 0x1000 /* this is an interface */
#define RESM_NTPONLY 0x2000 /* match source port 123 */
@ -876,10 +891,13 @@ struct restrict_u_tag {
/*
* Restriction configuration ops
*/
#define RESTRICT_FLAGS 1 /* add flags to restrict entry */
#define RESTRICT_UNFLAG 2 /* remove flags from restrict entry */
#define RESTRICT_REMOVE 3 /* remove a restrict entry */
#define RESTRICT_REMOVEIF 4 /* remove an interface restrict entry */
typedef enum
restrict_ops {
RESTRICT_FLAGS = 1, /* add rflags to restrict entry */
RESTRICT_UNFLAG, /* remove rflags from restrict entry */
RESTRICT_REMOVE, /* remove a restrict entry */
RESTRICT_REMOVEIF, /* remove an interface restrict entry */
} restrict_op;
/*
* Endpoint structure for the select algorithm

23
include/ntp_calendar.h
View File

@ -382,6 +382,29 @@ ntpcal_weekday_le(int32_t /* rdn */, int32_t /* dow */);
extern int32_t
ntpcal_weekday_lt(int32_t /* rdn */, int32_t /* dow */);
/*
* handling of base date spec
*/
extern int32_t
basedate_eval_buildstamp(void);
extern int32_t
basedate_eval_string(const char *str);
extern int32_t
basedate_set_day(int32_t dayno);
extern uint32_t
basedate_get_day(void);
extern time_t
basedate_get_eracenter(void);
extern time_t
basedate_get_erabase(void);
/*
* Additional support stuff for Ed Rheingold's calendrical calculations
*/

21
include/ntp_config.h
View File

@ -54,7 +54,15 @@ typedef struct int_range_tag {
int last;
} int_range;
/* Structure for storing an attribute-value pair */
/* generic list node */
typedef struct any_node_tag any_node;
struct any_node_tag {
any_node * link;
};
typedef DECL_FIFO_ANCHOR(any_node) any_node_fifo;
/* Structure for storing an attribute-value pair */
typedef struct attr_val_tag attr_val;
struct attr_val_tag {
attr_val * link;
@ -102,8 +110,9 @@ struct restrict_node_tag {
restrict_node * link;
address_node * addr;
address_node * mask;
int_fifo * flags;
int_fifo * flag_tok_fifo;
int line_no;
short ippeerlimit;
};
typedef DECL_FIFO_ANCHOR(restrict_node) restrict_fifo;
@ -267,8 +276,12 @@ typedef struct settrap_parms_tag {
const char * token_name(int token);
/* generic fifo routines for structs linked by 1st member */
void* append_gen_fifo(void *fifo, void *entry);
typedef void (*fifo_deleter)(void*);
void * destroy_gen_fifo(void *fifo, fifo_deleter func);
void * append_gen_fifo(void *fifo, void *entry);
void * concat_gen_fifos(void *first, void *second);
#define DESTROY_G_FIFO(pf, func) \
((pf) = destroy_gen_fifo((pf), (fifo_deleter)(func)))
#define APPEND_G_FIFO(pf, pe) \
((pf) = append_gen_fifo((pf), (pe)))
#define CONCAT_G_FIFOS(first, second) \
@ -288,11 +301,13 @@ attr_val *create_attr_ival(int attr, int value);
attr_val *create_attr_uval(int attr, u_int value);
attr_val *create_attr_rangeval(int attr, int first, int last);
attr_val *create_attr_sval(int attr, const char *s);
void destroy_attr_val(attr_val *node);
filegen_node *create_filegen_node(int filegen_token,
attr_val_fifo *options);
string_node *create_string_node(char *str);
restrict_node *create_restrict_node(address_node *addr,
address_node *mask,
short ippeerlimit,
int_fifo *flags, int line_no);
int_node *create_int_node(int val);
addr_opts_node *create_addr_opts_node(address_node *addr,

1
include/ntp_fp.h
View File

@ -364,6 +364,7 @@ extern void init_systime (void);
extern void get_systime (l_fp *);
extern int step_systime (double);
extern int adj_systime (double);
extern int clamp_systime (void);
extern struct tm * ntp2unix_tm (u_int32 ntp, int local);

8
include/ntp_keyacc.h
View File

@ -8,12 +8,18 @@ typedef struct keyaccess KeyAccT;
struct keyaccess {
KeyAccT * next;
sockaddr_u addr;
unsigned int subnetbits;
};
extern KeyAccT* keyacc_new_push(KeyAccT *head, const sockaddr_u *addr);
extern KeyAccT* keyacc_new_push(KeyAccT *head, const sockaddr_u *addr,
unsigned int subnetbits);
extern KeyAccT* keyacc_pop_free(KeyAccT *head);
extern KeyAccT* keyacc_all_free(KeyAccT *head);
extern int keyacc_contains(const KeyAccT *head, const sockaddr_u *addr,
int res_on_empty_list);
/* public for testability: */
extern int keyacc_amatch(const sockaddr_u *,const sockaddr_u *,
unsigned int mbits);
#endif /* NTP_KEYACC_H */

9
include/ntp_request.h
View File

@ -141,7 +141,7 @@ struct req_pkt {
req_data_u u; /* data area */
l_fp tstamp; /* time stamp, for authentication */
keyid_t keyid; /* (optional) encryption key */
char mac[MAX_MAC_LEN-sizeof(keyid_t)]; /* (optional) auth code */
char mac[MAX_MDG_LEN]; /* (optional) auth code */
};
/*
@ -151,7 +151,7 @@ struct req_pkt {
struct req_pkt_tail {
l_fp tstamp; /* time stamp, for authentication */
keyid_t keyid; /* (optional) encryption key */
char mac[MAX_MAC_LEN-sizeof(keyid_t)]; /* (optional) auth code */
char mac[MAX_MDG_LEN]; /* (optional) auth code */
};
/* MODE_PRIVATE request packet header length before optional items. */
@ -513,6 +513,8 @@ struct info_sys_stats {
u_int32 badauth; /* bad authentication */
u_int32 received; /* packets received */
u_int32 limitrejected; /* rate exceeded */
u_int32 lamport; /* Lamport violations */
u_int32 tsrounding; /* Timestamp rounding errors */
};
@ -652,7 +654,7 @@ struct info_restrict {
u_int32 addr; /* match address */
u_int32 mask; /* match mask */
u_int32 count; /* number of packets matched */
u_short flags; /* restrict flags */
u_short rflags; /* restrict flags */
u_short mflags; /* match flags */
u_int v6_flag; /* is this v6 or not */
u_int unused1; /* unused, padding for addr6 */
@ -667,6 +669,7 @@ struct info_restrict {
struct conf_restrict {
u_int32 addr; /* match address */
u_int32 mask; /* match mask */
short ippeerlimit; /* ip peer limit */
u_short flags; /* restrict flags */
u_short mflags; /* match flags */
u_int v6_flag; /* is this v6 or not */

4
include/ntp_stdlib.h
View File

@ -97,8 +97,8 @@ extern void auth_prealloc_symkeys(int);
extern int ymd2yd (int, int, int);
/* a_md5encrypt.c */
extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t);
extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t);
extern int MD5authdecrypt (int, const u_char *, size_t, u_int32 *, size_t, size_t);
extern size_t MD5authencrypt (int, const u_char *, size_t, u_int32 *, size_t);
extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, KeyAccT *c);
extern u_int32 addr2refid (sockaddr_u *);

42
include/ntpd.h
View File

@ -168,19 +168,19 @@ extern void mon_clearinterface(endpt *interface);
/* ntp_peer.c */
extern void init_peer (void);
extern struct peer *findexistingpeer(sockaddr_u *, const char *,
struct peer *, int, u_char);
struct peer *, int, u_char, int *);
extern struct peer *findpeer (struct recvbuf *, int, int *);
extern struct peer *findpeerbyassoc(associd_t);
extern void set_peerdstadr (struct peer *, endpt *);
extern struct peer *newpeer (sockaddr_u *, const char *,
endpt *, u_char, u_char,
u_char, u_char, u_int, u_char, u_int32,
extern struct peer *newpeer (sockaddr_u *, const char *, endpt *,
int, u_char, u_char, u_char, u_char,
u_int, u_char, u_int32,
keyid_t, const char *);
extern void peer_all_reset (void);
extern void peer_clr_stats (void);
extern struct peer *peer_config(sockaddr_u *, const char *,
endpt *, u_char, u_char,
u_char, u_char, u_int, u_int32,
extern struct peer *peer_config(sockaddr_u *, const char *, endpt *,
int, u_char, u_char, u_char, u_char,
u_int, u_int32,
keyid_t, const char *);
extern void peer_reset (struct peer *);
extern void refresh_all_peerinterfaces(void);
@ -257,10 +257,11 @@ extern void reset_auth_stats(void);
/* ntp_restrict.c */
extern void init_restrict (void);
extern u_short restrictions (sockaddr_u *);
extern void hack_restrict (int, sockaddr_u *, sockaddr_u *,
u_short, u_short, u_long);
extern void restrictions (sockaddr_u *, r4addr *);
extern void hack_restrict (restrict_op, sockaddr_u *, sockaddr_u *,
short, u_short, u_short, u_long);
extern void restrict_source (sockaddr_u *, int, u_long);
extern void dump_restricts (void);
/* ntp_timer.c */
extern void init_timer (void);
@ -288,7 +289,7 @@ extern void record_loop_stats (double, double, double, double, int);
extern void record_clock_stats (sockaddr_u *, const char *);
extern int mprintf_clock_stats(sockaddr_u *, const char *, ...)
NTP_PRINTF(2, 3);
extern void record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int ppoll, int precision, double root_delay, double root_dispersion, u_int32 refid);
extern void record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int ppoll, int precision, double root_delay, double root_dispersion, u_int32 refid, int len, u_char *extra);
extern void check_leap_file (int is_daily_check, u_int32 ntptime, const time_t * systime);
extern void record_crypto_stats (sockaddr_u *, const char *);
#ifdef DEBUG
@ -500,18 +501,19 @@ extern u_int sys_ttlmax; /* max ttl mapping vector index */
/*
* Statistics counters
*/
extern u_long sys_stattime; /* time since reset */
extern u_long sys_received; /* packets received */
extern u_long sys_processed; /* packets for this host */
extern u_long sys_restricted; /* restricted packets */
extern u_long sys_badauth; /* bad authentication */
extern u_long sys_badlength; /* bad length or format */
extern u_long sys_declined; /* declined */
extern u_long sys_kodsent; /* KoD sent */
extern u_long sys_lamport; /* Lamport violation */
extern u_long sys_limitrejected; /* rate exceeded */
extern u_long sys_newversion; /* current version */
extern u_long sys_oldversion; /* old version */
extern u_long sys_processed; /* packets for this host */
extern u_long sys_received; /* packets received */
extern u_long sys_restricted; /* access denied */
extern u_long sys_badlength; /* bad length or format */
extern u_long sys_badauth; /* bad authentication */
extern u_long sys_declined; /* declined */
extern u_long sys_limitrejected; /* rate exceeded */
extern u_long sys_kodsent; /* KoD sent */
extern u_long sys_stattime; /* time since reset */
extern u_long sys_tsrounding; /* timestamp rounding errors */
/* ntp_request.c */
extern keyid_t info_auth_keyid; /* keyid used to authenticate requests */

5
include/recvbuff.h
View File

@ -39,9 +39,10 @@ extern HANDLE get_recv_buff_event(void);
/*
* the maximum length NTP packet contains the NTP header, one Autokey
* request, one Autokey response and the MAC. Assuming certificates don't
* get too big, the maximum packet length is set arbitrarily at 1000.
* get too big, the maximum packet length is set arbitrarily at 1200.
* (was 1000, but that bumps on 2048 RSA keys)
*/
#define RX_BUFF_SIZE 1000 /* hail Mary */
#define RX_BUFF_SIZE 1200 /* hail Mary */
typedef struct recvbuf recvbuf_t;

22
include/ssl_applink.c
View File

@ -27,10 +27,10 @@
#endif
#ifdef WRAP_DBG_MALLOC
void *wrap_dbg_malloc(size_t s, const char *f, int l);
void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l);
void wrap_dbg_free(void *p);
void wrap_dbg_free_ex(void *p, const char *f, int l);
static void *wrap_dbg_malloc(size_t s, const char *f, int l);
static void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l);
static void wrap_dbg_free(void *p);
static void wrap_dbg_free_ex(void *p, const char *f, int l);
#endif
@ -42,17 +42,21 @@ void
ssl_applink(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
# ifdef WRAP_DBG_MALLOC
CRYPTO_set_mem_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free_ex);
# else
OPENSSL_malloc_init();
# endif
#else
# else
# ifdef WRAP_DBG_MALLOC
CRYPTO_set_mem_ex_functions(wrap_dbg_malloc, wrap_dbg_realloc, wrap_dbg_free);
# else
CRYPTO_malloc_init();
# endif
#endif /* OpenSSL version cascade */
}
#else /* !OPENSSL || !SYS_WINNT */
@ -66,7 +70,7 @@ ssl_applink(void)
* for DEBUG malloc/realloc/free (lacking block type).
* Simple wrappers convert.
*/
void *wrap_dbg_malloc(size_t s, const char *f, int l)
static void *wrap_dbg_malloc(size_t s, const char *f, int l)
{
void *ret;
@ -74,7 +78,7 @@ void *wrap_dbg_malloc(size_t s, const char *f, int l)
return ret;
}
void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l)
static void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l)
{
void *ret;
@ -82,12 +86,12 @@ void *wrap_dbg_realloc(void *p, size_t s, const char *f, int l)
return ret;
}
void wrap_dbg_free(void *p)
static void wrap_dbg_free(void *p)
{
_free_dbg(p, _NORMAL_BLOCK);
}
void wrap_dbg_free_ex(void *p, const char *f, int l)
static void wrap_dbg_free_ex(void *p, const char *f, int l)
{
(void)f;
(void)l;

1
kernel/Makefile.in
View File

@ -99,6 +99,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \

1
kernel/sys/Makefile.in
View File

@ -100,6 +100,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \

1
libntp/Makefile.in
View File

@ -101,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \

248
libntp/a_md5encrypt.c
View File

@ -11,6 +11,177 @@
#include "ntp.h"
#include "ntp_md5.h" /* provides OpenSSL digest API */
#include "isc/string.h"
#ifdef OPENSSL
# include "openssl/cmac.h"
# define CMAC "AES128CMAC"
# define AES_128_KEY_SIZE 16
#endif
typedef struct {
const void * buf;
size_t len;
} robuffT;
typedef struct {
void * buf;
size_t len;
} rwbuffT;
#ifdef OPENSSL
static size_t
cmac_ctx_size(
CMAC_CTX * ctx)
{
size_t mlen = 0;
if (ctx) {
EVP_CIPHER_CTX * cctx;
if (NULL != (cctx = CMAC_CTX_get0_cipher_ctx (ctx)))
mlen = EVP_CIPHER_CTX_block_size(cctx);
}
return mlen;
}
#endif /*OPENSSL*/
static size_t
make_mac(
const rwbuffT * digest,
int ktype,
const robuffT * key,
const robuffT * msg)
{
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was created.
*/
size_t retlen = 0;
#ifdef OPENSSL
INIT_SSL();
/* Check if CMAC key type specific code required */
if (ktype == NID_cmac) {
CMAC_CTX * ctx = NULL;
void const * keyptr = key->buf;
u_char keybuf[AES_128_KEY_SIZE];
/* adjust key size (zero padded buffer) if necessary */
if (AES_128_KEY_SIZE > key->len) {
memcpy(keybuf, keyptr, key->len);
memset((keybuf + key->len), 0,
(AES_128_KEY_SIZE - key->len));
keyptr = keybuf;
}
if (NULL == (ctx = CMAC_CTX_new())) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s CTX new failed.", CMAC);
goto cmac_fail;
}
if (!CMAC_Init(ctx, keyptr, AES_128_KEY_SIZE, EVP_aes_128_cbc(), NULL)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Init failed.", CMAC);
goto cmac_fail;
}
if (cmac_ctx_size(ctx) > digest->len) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s buf too small.", CMAC);
goto cmac_fail;
}
if (!CMAC_Update(ctx, msg->buf, msg->len)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Update failed.", CMAC);
goto cmac_fail;
}
if (!CMAC_Final(ctx, digest->buf, &retlen)) {
msyslog(LOG_ERR, "MAC encrypt: CMAC %s Final failed.", CMAC);
retlen = 0;
}
cmac_fail:
if (ctx)
CMAC_CTX_cleanup(ctx);
}
else { /* generic MAC handling */
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
u_int uilen = 0;
if ( ! ctx) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest CTX new failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* make sure MD5 is allowd */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
/* [Bug 3457] DON'T use plain EVP_DigestInit! It would
* kill the flags! */
if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(ktype), NULL)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Init failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if ((size_t)EVP_MD_CTX_size(ctx) > digest->len) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s buf too small.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if (!EVP_DigestUpdate(ctx, key->buf, (u_int)key->len)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Update key failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if (!EVP_DigestUpdate(ctx, msg->buf, (u_int)msg->len)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Update data failed.",
OBJ_nid2sn(ktype));
goto mac_fail;
}
if (!EVP_DigestFinal(ctx, digest->buf, &uilen)) {
msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Final failed.",
OBJ_nid2sn(ktype));
uilen = 0;
}
mac_fail:
retlen = (size_t)uilen;
if (ctx)
EVP_MD_CTX_free(ctx);
}
#else /* !OPENSSL follows */
if (ktype == NID_md5)
{
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
uint uilen = 0;
if (digest->len < 16) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small.");
}
else if ( ! ctx) {
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest CTX new failed.");
}
else {
EVP_DigestInit(ctx, EVP_get_digestbynid(ktype));
EVP_DigestUpdate(ctx, key->buf, key->len);
EVP_DigestUpdate(ctx, msg->buf, msg->len);
EVP_DigestFinal(ctx, digest->buf, &uilen);
}
if (ctx)
EVP_MD_CTX_free(ctx);
retlen = (size_t)uilen;
}
else
{
msyslog(LOG_ERR, "MAC encrypt: invalid key type %d" , ktype);
}
#endif /* !OPENSSL */
return retlen;
}
/*
* MD5authencrypt - generate message digest
*
@ -20,36 +191,23 @@ size_t
MD5authencrypt(
int type, /* hash algorithm */
const u_char * key, /* key pointer */
size_t klen, /* key length */
u_int32 * pkt, /* packet pointer */
size_t length /* packet length */
)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX *ctx;
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
robuffT msgb = { pkt, length };
size_t dlen = 0;
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was creaded.
*/
INIT_SSL();
ctx = EVP_MD_CTX_new();
if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) {
msyslog(LOG_ERR,
"MAC encrypt: digest init failed");
EVP_MD_CTX_free(ctx);
return (0);
}
EVP_DigestUpdate(ctx, key, cache_secretsize);
EVP_DigestUpdate(ctx, (u_char *)pkt, length);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
dlen = make_mac(&digb, type, &keyb, &msgb);
/* If the MAC is longer than the MAX then truncate it. */
if (len > MAX_MAC_LEN - 4)
len = MAX_MAC_LEN - 4;
memmove((u_char *)pkt + length + 4, digest, len);
return (len + 4);
if (dlen > MAX_MDG_LEN)
dlen = MAX_MDG_LEN;
memcpy((u_char *)pkt + length + KEY_MAC_LEN, digest, dlen);
return (dlen + KEY_MAC_LEN);
}
@ -62,41 +220,30 @@ int
MD5authdecrypt(
int type, /* hash algorithm */
const u_char * key, /* key pointer */
size_t klen, /* key length */
u_int32 * pkt, /* packet pointer */
size_t length, /* packet length */
size_t size /* MAC size */
)
{
u_char digest[EVP_MAX_MD_SIZE];
u_int len;
EVP_MD_CTX *ctx;
rwbuffT digb = { digest, sizeof(digest) };
robuffT keyb = { key, klen };
robuffT msgb = { pkt, length };
size_t dlen = 0;
/*
* Compute digest of key concatenated with packet. Note: the
* key type and digest type have been verified when the key
* was created.
*/
INIT_SSL();
ctx = EVP_MD_CTX_new();
if (!(ctx && EVP_DigestInit(ctx, EVP_get_digestbynid(type)))) {
msyslog(LOG_ERR,
"MAC decrypt: digest init failed");
EVP_MD_CTX_free(ctx);
return (0);
}
EVP_DigestUpdate(ctx, key, cache_secretsize);
EVP_DigestUpdate(ctx, (u_char *)pkt, length);
EVP_DigestFinal(ctx, digest, &len);
EVP_MD_CTX_free(ctx);
dlen = make_mac(&digb, type, &keyb, &msgb);
/* If the MAC is longer than the MAX then truncate it. */
if (len > MAX_MAC_LEN - 4)
len = MAX_MAC_LEN - 4;
if (size != (size_t)len + 4) {
if (dlen > MAX_MDG_LEN)
dlen = MAX_MDG_LEN;
if (size != (size_t)dlen + KEY_MAC_LEN) {
msyslog(LOG_ERR,
"MAC decrypt: MAC length error");
return (0);
}
return !isc_tsmemcmp(digest, (u_char *)pkt + length + 4, len);
return !isc_tsmemcmp(digest,
(u_char *)pkt + length + KEY_MAC_LEN, dlen);
}
/*
@ -108,7 +255,7 @@ MD5authdecrypt(
u_int32
addr2refid(sockaddr_u *addr)
{
u_char digest[20];
u_char digest[EVP_MAX_MD_SIZE];
u_int32 addr_refid;
EVP_MD_CTX *ctx;
u_int len;
@ -119,11 +266,12 @@ addr2refid(sockaddr_u *addr)
INIT_SSL();
ctx = EVP_MD_CTX_new();
EVP_MD_CTX_init(ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* MD5 is not used as a crypto hash here. */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
# endif
/* [Bug 3457] DON'T use plain EVP_DigestInit! It would kill the
* flags! */
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) {
msyslog(LOG_ERR,
"MD5 init failed");

4
libntp/adjtime.c
View File

@ -314,7 +314,7 @@ adjtime (struct timeval *delta, struct timeval *olddelta)
/*
* Get the current clock period (nanoseconds)
*/
if (ClockPeriod (CLOCK_REALTIME, 0, &period, 0) < 0)
if (ClockPeriod (CLOCK_REALTIME, 0, &period, 0) == -1)
return -1;
/*
@ -354,7 +354,7 @@ adjtime (struct timeval *delta, struct timeval *olddelta)
adj.tick_count = 0;
}
if (ClockAdjust (CLOCK_REALTIME, &adj, &oldadj) < 0)
if (ClockAdjust (CLOCK_REALTIME, &adj, &oldadj) == -1)
return -1;
/*

126
libntp/authkeys.c
View File

@ -114,13 +114,16 @@ KeyAccT *cache_keyacclist; /* key access list */
KeyAccT*
keyacc_new_push(
KeyAccT * head,
const sockaddr_u * addr
const sockaddr_u * addr,
unsigned int subnetbits
)
{
KeyAccT * node = emalloc(sizeof(KeyAccT));
memcpy(&node->addr, addr, sizeof(sockaddr_u));
node->subnetbits = subnetbits;
node->next = head;
return node;
}
@ -165,7 +168,8 @@ keyacc_contains(
{
if (head) {
do {
if (SOCK_EQ(&head->addr, addr))
if (keyacc_amatch(&head->addr, addr,
head->subnetbits))
return TRUE;
} while (NULL != (head = head->next));
return FALSE;
@ -174,6 +178,98 @@ keyacc_contains(
}
}
#if CHAR_BIT != 8
# error "don't know how to handle bytes with that bit size"
#endif
/* ----------------------------------------------------------------- */
/* check two addresses for a match, taking a prefix length into account
* when doing the compare.
*
* The ISC lib contains a similar function with not entirely specified
* semantics, so it seemed somewhat cleaner to do this from scratch.
*
* Note 1: It *is* assumed that the addresses are stored in network byte
* order, that is, most significant byte first!
*
* Note 2: "no address" compares unequal to all other addresses, even to
* itself. This has the same semantics as NaNs have for floats: *any*
* relational or equality operation involving a NaN returns FALSE, even
* equality with itself. "no address" is either a NULL pointer argument
* or an address of type AF_UNSPEC.
*/
int/*BOOL*/
keyacc_amatch(
const sockaddr_u * a1,
const sockaddr_u * a2,
unsigned int mbits
)
{
const uint8_t * pm1;
const uint8_t * pm2;
uint8_t msk;
unsigned int len;
/* 1st check: If any address is not an address, it's inequal. */
if ( !a1 || (AF_UNSPEC == AF(a1)) ||
!a2 || (AF_UNSPEC == AF(a2)) )
return FALSE;
/* We could check pointers for equality here and shortcut the
* other checks if we find object identity. But that use case is
* too rare to care for it.
*/
/* 2nd check: Address families must be the same. */
if (AF(a1) != AF(a2))
return FALSE;
/* type check: address family determines buffer & size */
switch (AF(a1)) {
case AF_INET:
/* IPv4 is easy: clamp size, get byte pointers */
if (mbits > sizeof(NSRCADR(a1)) * 8)
mbits = sizeof(NSRCADR(a1)) * 8;
pm1 = (const void*)&NSRCADR(a1);
pm2 = (const void*)&NSRCADR(a2);
break;
case AF_INET6:
/* IPv6 is slightly different: Both scopes must match,
* too, before we even consider doing a match!
*/
if ( ! SCOPE_EQ(a1, a2))
return FALSE;
if (mbits > sizeof(NSRCADR6(a1)) * 8)
mbits = sizeof(NSRCADR6(a1)) * 8;
pm1 = (const void*)&NSRCADR6(a1);
pm2 = (const void*)&NSRCADR6(a2);
break;
default:
/* don't know how to compare that!?! */
return FALSE;
}
/* Split bit length into byte length and partial byte mask.
* Note that the byte mask extends from the MSB of a byte down,
* and that zero shift (--> mbits % 8 == 0) results in an
* all-zero mask.
*/
msk = 0xFFu ^ (0xFFu >> (mbits & 7));
len = mbits >> 3;
/* 3rd check: Do memcmp() over full bytes, if any */
if (len && memcmp(pm1, pm2, len))
return FALSE;
/* 4th check: compare last incomplete byte, if any */
if (msk && ((pm1[len] ^ pm2[len]) & msk))
return FALSE;
/* If none of the above failed, we're successfully through. */
return TRUE;
}
/*
* init_auth - initialize internal data
@ -316,6 +412,10 @@ auth_log2(size_t x)
return (u_short)r;
}
int/*BOOL*/
ipaddr_match_masked(const sockaddr_u *,const sockaddr_u *,
unsigned int mbits);
static void
authcache_flush_id(
keyid_t id
@ -617,20 +717,19 @@ authistrusted(
{
symkey * sk;
/* That specific key was already used to authenticate the
* packet. Therefore, the key *must* exist... There's a chance
* that is not trusted, though.
*/
if (keyno == cache_keyid) {
return (KEY_TRUSTED & cache_flags) &&
keyacc_contains(cache_keyacclist, sau, TRUE);
} else {
}
if (NULL != (sk = auth_findkey(keyno))) {
authkeyuncached++;
sk = auth_findkey(keyno);
INSIST(NULL != sk);
return (KEY_TRUSTED & sk->flags) &&
keyacc_contains(sk->keyacclist, sau, TRUE);
}
authkeynotfound++;
return FALSE;
}
/* Note: There are two locations below where 'strncpy()' is used. While
@ -795,7 +894,9 @@ authencrypt(
return 0;
}
return MD5authencrypt(cache_type, cache_secret, pkt, length);
return MD5authencrypt(cache_type,
cache_secret, cache_secretsize,
pkt, length);
}
@ -822,6 +923,7 @@ authdecrypt(
return FALSE;
}
return MD5authdecrypt(cache_type, cache_secret, pkt, length,
size);
return MD5authdecrypt(cache_type,
cache_secret, cache_secretsize,
pkt, length, size);
}

52
libntp/authreadkeys.c
View File

@ -5,8 +5,8 @@
#include <stdio.h>
#include <ctype.h>
#include "ntpd.h" /* Only for DPRINTF */
#include "ntp_fp.h"
//#include "ntpd.h" /* Only for DPRINTF */
//#include "ntp_fp.h"
#include "ntp.h"
#include "ntp_syslog.h"
#include "ntp_stdlib.h"
@ -148,6 +148,7 @@ authreadkeys(
u_int nerr;
KeyDataT *list = NULL;
KeyDataT *next = NULL;
/*
* Open file. Complain and return if it can't be opened.
*/
@ -220,7 +221,8 @@ authreadkeys(
log_maybe(NULL,
"authreadkeys: invalid type for key %d",
keyno);
} else if (EVP_get_digestbynid(keytype) == NULL) {
} else if (NID_cmac != keytype &&
EVP_get_digestbynid(keytype) == NULL) {
log_maybe(NULL,
"authreadkeys: no algorithm for key %d",
keyno);
@ -295,28 +297,62 @@ authreadkeys(
}
token = nexttok(&line);
DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL"));
if (token != NULL) { /* A comma-separated IP access list */
char *tp = token;
while (tp) {
char *i;
char *snp; /* subnet text pointer */
unsigned int snbits;
sockaddr_u addr;
i = strchr(tp, (int)',');
if (i)
if (i) {
*i = '\0';
DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp));
}
snp = strchr(tp, (int)'/');
if (snp) {
char *sp;
*snp++ = '\0';
snbits = 0;
sp = snp;
while (*sp != '\0') {
if (!isdigit((unsigned char)*sp))
break;
if (snbits > 1000)
break; /* overflow */
snbits = 10 * snbits + (*sp++ - '0'); /* ascii dependent */
}
if (*sp != '\0') {
log_maybe(&nerr,
"authreadkeys: Invalid character in subnet specification for <%s/%s> in key %d",
sp, snp, keyno);
goto nextip;
}
} else {
snbits = UINT_MAX;
}
if (is_ip_address(tp, AF_UNSPEC, &addr)) {
next->keyacclist = keyacc_new_push(
next->keyacclist, &addr);
/* Make sure that snbits is valid for addr */
if ((snbits < UINT_MAX) &&
( (IS_IPV4(&addr) && snbits > 32) ||
(IS_IPV6(&addr) && snbits > 128))) {
log_maybe(NULL,
"authreadkeys: excessive subnet mask <%s/%s> for key %d",
tp, snp, keyno);
}
next->keyacclist = keyacc_new_push(
next->keyacclist, &addr, snbits);
} else {
log_maybe(&nerr,
"authreadkeys: invalid IP address <%s> for key %d",
tp, keyno);
}
nextip:
if (i) {
tp = i + 1;
} else {

5
libntp/libssl_compat.c
View File

@ -74,7 +74,10 @@ sslshimBN_GENCB_free(
EVP_MD_CTX*
sslshim_EVP_MD_CTX_new(void)
{
return calloc(1, sizeof(EVP_MD_CTX));
EVP_MD_CTX * ctx;
if (NULL != (ctx = calloc(1, sizeof(EVP_MD_CTX))))
EVP_MD_CTX_init(ctx);
return ctx;
}
void

109
libntp/ntp_calendar.c
View File

@ -1825,4 +1825,113 @@ isocal_date_to_ntp(
return isocal_date_to_ntp64(id).d_s.lo;
}
/*
* ====================================================================
* 'basedate' support functions
* ====================================================================
*/
static int32_t s_baseday = NTP_TO_UNIX_DAYS;
int32_t
basedate_eval_buildstamp(void)
{
struct calendar jd;
int32_t ed;
if (!ntpcal_get_build_date(&jd))
return NTP_TO_UNIX_DAYS;
/* The time zone of the build stamp is unspecified; we remove
* one day to provide a certain slack. And in case somebody
* fiddled with the system clock, we make sure we do not go
* before the UNIX epoch (1970-01-01). It's probably not possible
* to do this to the clock on most systems, but there are other
* ways to tweak the build stamp.
*/
jd.monthday -= 1;
ed = ntpcal_date_to_rd(&jd) - DAY_NTP_STARTS;
return (ed < NTP_TO_UNIX_DAYS) ? NTP_TO_UNIX_DAYS : ed;
}
int32_t
basedate_eval_string(
const char * str
)
{
u_short y,m,d;
u_long ned;
int rc, nc;
size_t sl;
sl = strlen(str);
rc = sscanf(str, "%4hu-%2hu-%2hu%n", &y, &m, &d, &nc);
if (rc == 3 && (size_t)nc == sl) {
if (m >= 1 && m <= 12 && d >= 1 && d <= 31)
return ntpcal_edate_to_eradays(y-1, m-1, d)
- DAY_NTP_STARTS;
goto buildstamp;
}
rc = scanf(str, "%lu%n", &ned, &nc);
if (rc == 1 && (size_t)nc == sl) {
if (ned <= INT32_MAX)
return (int32_t)ned;
goto buildstamp;
}
buildstamp:
msyslog(LOG_WARNING,
"basedate string \"%s\" invalid, build date substituted!",
str);
return basedate_eval_buildstamp();
}
uint32_t
basedate_get_day(void)
{
return s_baseday;
}
int32_t
basedate_set_day(
int32_t day
)
{
struct calendar jd;
int32_t retv;
if (day < NTP_TO_UNIX_DAYS) {
msyslog(LOG_WARNING,
"baseday_set_day: invalid day (%lu), UNIX epoch substituted",
(unsigned long)day);
day = NTP_TO_UNIX_DAYS;
}
retv = s_baseday;
s_baseday = day;
ntpcal_rd_to_date(&jd, day + DAY_NTP_STARTS);
msyslog(LOG_INFO, "basedate set to %04hu-%02hu-%02hu",
jd.year, (u_short)jd.month, (u_short)jd.monthday);
return retv;
}
time_t
basedate_get_eracenter(void)
{
time_t retv;
retv = (time_t)(s_baseday - NTP_TO_UNIX_DAYS);
retv *= SECSPERDAY;
retv += (UINT32_C(1) << 31);
return retv;
}
time_t
basedate_get_erabase(void)
{
time_t retv;
retv = (time_t)(s_baseday - NTP_TO_UNIX_DAYS);
retv *= SECSPERDAY;
return retv;
}
/* -*-EOF-*- */

114
libntp/ssl_init.c
View File

@ -5,7 +5,7 @@
* Moved from ntpd/ntp_crypto.c crypto_setup()
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
# include <config.h>
#endif
#include <ctype.h>
#include <ntp.h>
@ -13,11 +13,15 @@
#include <lib_strbuf.h>
#ifdef OPENSSL
#include "openssl/crypto.h"
#include "openssl/err.h"
#include "openssl/evp.h"
#include "openssl/opensslv.h"
#include "libssl_compat.h"
# include "openssl/cmac.h"
# include "openssl/crypto.h"
# include "openssl/err.h"
# include "openssl/evp.h"
# include "openssl/opensslv.h"
# include "libssl_compat.h"
# define CMAC_LENGTH 16
# define CMAC "AES128CMAC"
int ssl_init_done;
@ -26,8 +30,9 @@ int ssl_init_done;
static void
atexit_ssl_cleanup(void)
{
if (!ssl_init_done)
if (!ssl_init_done) {
return;
}
ssl_init_done = FALSE;
EVP_cleanup();
@ -63,7 +68,7 @@ void
ssl_check_version(void)
{
u_long v;
v = OpenSSL_version_num();
if ((v ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) {
msyslog(LOG_WARNING,
@ -77,6 +82,8 @@ ssl_check_version(void)
INIT_SSL();
}
#else /* !OPENSSL */
# define MD5_LENGTH 16
#endif /* OPENSSL */
@ -88,61 +95,95 @@ ssl_check_version(void)
*/
int
keytype_from_text(
const char *text,
size_t *pdigest_len
const char * text,
size_t * pdigest_len
)
{
int key_type;
u_int digest_len;
#ifdef OPENSSL
#ifdef OPENSSL /* --*-- OpenSSL code --*-- */
const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t);
u_char digest[EVP_MAX_MD_SIZE];
char * upcased;
char * pch;
EVP_MD const * md;
/*
* OpenSSL digest short names are capitalized, so uppercase the
* digest name before passing to OBJ_sn2nid(). If it is not
* recognized but begins with 'M' use NID_md5 to be consistent
* with past behavior.
* recognized but matches our CMAC string use NID_cmac, or if
* it begins with 'M' or 'm' use NID_md5 to be consistent with
* past behavior.
*/
INIT_SSL();
/* get name in uppercase */
LIB_GETBUF(upcased);
strlcpy(upcased, text, LIB_BUFLENGTH);
for (pch = upcased; '\0' != *pch; pch++)
for (pch = upcased; '\0' != *pch; pch++) {
*pch = (char)toupper((unsigned char)*pch);
}
key_type = OBJ_sn2nid(upcased);
if (!key_type && !strncmp(CMAC, upcased, strlen(CMAC) + 1)) {
key_type = NID_cmac;
if (debug) {
fprintf(stderr, "%s:%d:%s():%s:key\n",
__FILE__, __LINE__, __func__, CMAC);
}
}
#else
key_type = 0;
#endif
if (!key_type && 'm' == tolower((unsigned char)text[0]))
if (!key_type && 'm' == tolower((unsigned char)text[0])) {
key_type = NID_md5;
}
if (!key_type)
if (!key_type) {
return 0;
}
if (NULL != pdigest_len) {
#ifdef OPENSSL
EVP_MD_CTX *ctx;
md = EVP_get_digestbynid(key_type);
digest_len = (md) ? EVP_MD_size(md) : 0;
ctx = EVP_MD_CTX_new();
EVP_DigestInit(ctx, EVP_get_digestbynid(key_type));
EVP_DigestFinal(ctx, digest, &digest_len);
EVP_MD_CTX_free(ctx);
if (digest_len > max_digest_len) {
if (!md || digest_len <= 0) {
if (key_type == NID_cmac) {
digest_len = CMAC_LENGTH;
if (debug) {
fprintf(stderr, "%s:%d:%s():%s:len\n",
__FILE__, __LINE__, __func__, CMAC);
}
} else {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
"key type %s is not supported by OpenSSL\n",
keytype_name(key_type));
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu",
keytype_name(key_type), digest_len,
max_digest_len);
"key type %s is not supported by OpenSSL\n",
keytype_name(key_type));
return 0;
}
}
if (digest_len > max_digest_len) {
fprintf(stderr,
"key type %s %u octet digests are too big, max %lu\n",
keytype_name(key_type), digest_len,
max_digest_len);
msyslog(LOG_ERR,
"key type %s %u octet digests are too big, max %lu",
keytype_name(key_type), digest_len,
max_digest_len);
return 0;
}
#else
digest_len = 16;
digest_len = MD5_LENGTH;
#endif
*pdigest_len = digest_len;
}
@ -167,8 +208,18 @@ keytype_name(
#ifdef OPENSSL
INIT_SSL();
name = OBJ_nid2sn(nid);
if (NULL == name)
if (NID_cmac == nid) {
name = CMAC;
if (debug) {
fprintf(stderr, "%s:%d:%s():%s:nid\n",
__FILE__, __LINE__, __func__, CMAC);
}
} else
if (NULL == name) {
name = unknown_type;
}
#else /* !OPENSSL follows */
if (NID_md5 == nid)
name = "MD5";
@ -203,3 +254,4 @@ getpass_keytype(
return getpass(pass_prompt);
}

284
libntp/statestr.c
View File

@ -22,64 +22,65 @@
*/
struct codestring {
int code;
const char * const string;
const char * const string1;
const char * const string0;
};
/*
* Leap status (leap)
*/
static const struct codestring leap_codes[] = {
{ LEAP_NOWARNING, "leap_none" },
{ LEAP_ADDSECOND, "leap_add_sec" },
{ LEAP_DELSECOND, "leap_del_sec" },
{ LEAP_NOTINSYNC, "leap_alarm" },
{ -1, "leap" }
{ LEAP_NOWARNING, "leap_none", 0 },
{ LEAP_ADDSECOND, "leap_add_sec", 0 },
{ LEAP_DELSECOND, "leap_del_sec", 0 },
{ LEAP_NOTINSYNC, "leap_alarm", 0 },
{ -1, "leap", 0 }
};
/*
* Clock source status (sync)
*/
static const struct codestring sync_codes[] = {
{ CTL_SST_TS_UNSPEC, "sync_unspec" },
{ CTL_SST_TS_ATOM, "sync_pps" },
{ CTL_SST_TS_LF, "sync_lf_radio" },
{ CTL_SST_TS_HF, "sync_hf_radio" },
{ CTL_SST_TS_UHF, "sync_uhf_radio" },
{ CTL_SST_TS_LOCAL, "sync_local" },
{ CTL_SST_TS_NTP, "sync_ntp" },
{ CTL_SST_TS_UDPTIME, "sync_other" },
{ CTL_SST_TS_WRSTWTCH, "sync_wristwatch" },
{ CTL_SST_TS_TELEPHONE, "sync_telephone" },
{ -1, "sync" }
{ CTL_SST_TS_UNSPEC, "sync_unspec", 0 },
{ CTL_SST_TS_ATOM, "sync_pps", 0 },
{ CTL_SST_TS_LF, "sync_lf_radio", 0 },
{ CTL_SST_TS_HF, "sync_hf_radio", 0 },
{ CTL_SST_TS_UHF, "sync_uhf_radio", 0 },
{ CTL_SST_TS_LOCAL, "sync_local", 0 },
{ CTL_SST_TS_NTP, "sync_ntp", 0 },
{ CTL_SST_TS_UDPTIME, "sync_other", 0 },
{ CTL_SST_TS_WRSTWTCH, "sync_wristwatch", 0 },
{ CTL_SST_TS_TELEPHONE, "sync_telephone", 0 },
{ -1, "sync", 0 }
};
/*
* Peer selection status (sel)
*/
static const struct codestring select_codes[] = {
{ CTL_PST_SEL_REJECT, "sel_reject" },
{ CTL_PST_SEL_SANE, "sel_falsetick" },
{ CTL_PST_SEL_CORRECT, "sel_excess" },
{ CTL_PST_SEL_SELCAND, "sel_outlier" },
{ CTL_PST_SEL_SYNCCAND, "sel_candidate" },
{ CTL_PST_SEL_EXCESS, "sel_backup" },
{ CTL_PST_SEL_SYSPEER, "sel_sys.peer" },
{ CTL_PST_SEL_PPS, "sel_pps.peer" },
{ -1, "sel" }
{ CTL_PST_SEL_REJECT, "sel_reject", 0 },
{ CTL_PST_SEL_SANE, "sel_falsetick", 0 },
{ CTL_PST_SEL_CORRECT, "sel_excess", 0 },
{ CTL_PST_SEL_SELCAND, "sel_outlier", 0 },
{ CTL_PST_SEL_SYNCCAND, "sel_candidate", 0 },
{ CTL_PST_SEL_EXCESS, "sel_backup", 0 },
{ CTL_PST_SEL_SYSPEER, "sel_sys.peer", 0 },
{ CTL_PST_SEL_PPS, "sel_pps.peer", 0 },
{ -1, "sel", 0 }
};
/*
* Clock status (clk)
*/
static const struct codestring clock_codes[] = {
{ CTL_CLK_OKAY, "clk_unspec" },
{ CTL_CLK_NOREPLY, "clk_no_reply" },
{ CTL_CLK_BADFORMAT, "clk_bad_format" },
{ CTL_CLK_FAULT, "clk_fault" },
{ CTL_CLK_PROPAGATION, "clk_bad_signal" },
{ CTL_CLK_BADDATE, "clk_bad_date" },
{ CTL_CLK_BADTIME, "clk_bad_time" },
{ -1, "clk" }
{ CTL_CLK_OKAY, "clk_unspec", 0 },
{ CTL_CLK_NOREPLY, "clk_no_reply", 0 },
{ CTL_CLK_BADFORMAT, "clk_bad_format", 0 },
{ CTL_CLK_FAULT, "clk_fault", 0 },
{ CTL_CLK_PROPAGATION, "clk_bad_signal", 0 },
{ CTL_CLK_BADDATE, "clk_bad_date", 0 },
{ CTL_CLK_BADTIME, "clk_bad_time", 0 },
{ -1, "clk", 0 }
};
@ -88,20 +89,20 @@ static const struct codestring clock_codes[] = {
* Flash bits -- see ntpq.c tstflags & tstflagnames
*/
static const struct codestring flash_codes[] = {
{ TEST1, "pkt_dup" },
{ TEST2, "pkt_bogus" },
{ TEST3, "pkt_unsync" },
{ TEST4, "pkt_denied" },
{ TEST5, "pkt_auth" },
{ TEST6, "pkt_stratum" },
{ TEST7, "pkt_header" },
{ TEST8, "pkt_autokey" },
{ TEST9, "pkt_crypto" },
{ TEST10, "peer_stratum" },
{ TEST11, "peer_dist" },
{ TEST12, "peer_loop" },
{ TEST13, "peer_unreach" },
{ -1, "flash" }
{ TEST1, "pkt_dup", 0 },
{ TEST2, "pkt_bogus", 0 },
{ TEST3, "pkt_unsync", 0 },
{ TEST4, "pkt_denied", 0 },
{ TEST5, "pkt_auth", 0 },
{ TEST6, "pkt_stratum", 0 },
{ TEST7, "pkt_header", 0 },
{ TEST8, "pkt_autokey", 0 },
{ TEST9, "pkt_crypto", 0 },
{ TEST10, "peer_stratum", 0 },
{ TEST11, "peer_dist", 0 },
{ TEST12, "peer_loop", 0 },
{ TEST13, "peer_unreach", 0 },
{ -1, "flash", 0 }
};
#endif
@ -110,56 +111,56 @@ static const struct codestring flash_codes[] = {
* System events (sys)
*/
static const struct codestring sys_codes[] = {
{ EVNT_UNSPEC, "unspecified" },
{ EVNT_NSET, "freq_not_set" },
{ EVNT_FSET, "freq_set" },
{ EVNT_SPIK, "spike_detect" },
{ EVNT_FREQ, "freq_mode" },
{ EVNT_SYNC, "clock_sync" },
{ EVNT_SYSRESTART, "restart" },
{ EVNT_SYSFAULT, "panic_stop" },
{ EVNT_NOPEER, "no_sys_peer" },
{ EVNT_ARMED, "leap_armed" },
{ EVNT_DISARMED, "leap_disarmed" },
{ EVNT_LEAP, "leap_event" },
{ EVNT_CLOCKRESET, "clock_step" },
{ EVNT_KERN, "kern" },
{ EVNT_TAI, "TAI" },
{ EVNT_LEAPVAL, "stale_leapsecond_values" },
{ -1, "" }
{ EVNT_UNSPEC, "unspecified", 0 },
{ EVNT_NSET, "freq_not_set", 0 },
{ EVNT_FSET, "freq_set", 0 },
{ EVNT_SPIK, "spike_detect", 0 },
{ EVNT_FREQ, "freq_mode", 0 },
{ EVNT_SYNC, "clock_sync", 0 },
{ EVNT_SYSRESTART, "restart", 0 },
{ EVNT_SYSFAULT, "panic_stop", 0 },
{ EVNT_NOPEER, "no_sys_peer", 0 },
{ EVNT_ARMED, "leap_armed", 0 },
{ EVNT_DISARMED, "leap_disarmed", 0 },
{ EVNT_LEAP, "leap_event", 0 },
{ EVNT_CLOCKRESET, "clock_step", 0 },
{ EVNT_KERN, "kern", 0 },
{ EVNT_TAI, "TAI", 0 },
{ EVNT_LEAPVAL, "stale_leapsecond_values", 0 },
{ -1, "", 0 }
};
/*
* Peer events (peer)
*/
static const struct codestring peer_codes[] = {
{ PEVNT_MOBIL & ~PEER_EVENT, "mobilize" },
{ PEVNT_DEMOBIL & ~PEER_EVENT, "demobilize" },
{ PEVNT_UNREACH & ~PEER_EVENT, "unreachable" },
{ PEVNT_REACH & ~PEER_EVENT, "reachable" },
{ PEVNT_RESTART & ~PEER_EVENT, "restart" },
{ PEVNT_REPLY & ~PEER_EVENT, "no_reply" },
{ PEVNT_RATE & ~PEER_EVENT, "rate_exceeded" },
{ PEVNT_DENY & ~PEER_EVENT, "access_denied" },
{ PEVNT_ARMED & ~PEER_EVENT, "leap_armed" },
{ PEVNT_NEWPEER & ~PEER_EVENT, "sys_peer" },
{ PEVNT_CLOCK & ~PEER_EVENT, "clock_event" },
{ PEVNT_AUTH & ~PEER_EVENT, "bad_auth" },
{ PEVNT_POPCORN & ~PEER_EVENT, "popcorn" },
{ PEVNT_XLEAVE & ~PEER_EVENT, "interleave_mode" },
{ PEVNT_XERR & ~PEER_EVENT, "interleave_error" },
{ -1, "" }
{ PEVNT_MOBIL & ~PEER_EVENT, "mobilize", 0 },
{ PEVNT_DEMOBIL & ~PEER_EVENT, "demobilize", 0 },
{ PEVNT_UNREACH & ~PEER_EVENT, "unreachable", 0 },
{ PEVNT_REACH & ~PEER_EVENT, "reachable", 0 },
{ PEVNT_RESTART & ~PEER_EVENT, "restart", 0 },
{ PEVNT_REPLY & ~PEER_EVENT, "no_reply", 0 },
{ PEVNT_RATE & ~PEER_EVENT, "rate_exceeded", 0 },
{ PEVNT_DENY & ~PEER_EVENT, "access_denied", 0 },
{ PEVNT_ARMED & ~PEER_EVENT, "leap_armed", 0 },
{ PEVNT_NEWPEER & ~PEER_EVENT, "sys_peer", 0 },
{ PEVNT_CLOCK & ~PEER_EVENT, "clock_event", 0 },
{ PEVNT_AUTH & ~PEER_EVENT, "bad_auth", 0 },
{ PEVNT_POPCORN & ~PEER_EVENT, "popcorn", 0 },
{ PEVNT_XLEAVE & ~PEER_EVENT, "interleave_mode", 0 },
{ PEVNT_XERR & ~PEER_EVENT, "interleave_error", 0 },
{ -1, "", 0 }
};
/*
* Peer status bits
*/
static const struct codestring peer_st_bits[] = {
{ CTL_PST_CONFIG, "conf" },
{ CTL_PST_AUTHENABLE, "authenb" },
{ CTL_PST_AUTHENTIC, "auth" },
{ CTL_PST_REACH, "reach" },
{ CTL_PST_BCAST, "bcast" },
{ CTL_PST_CONFIG, "conf", 0 },
{ CTL_PST_AUTHENABLE, "authenb", 0 },
{ CTL_PST_AUTHENTIC, "auth", 0 },
{ CTL_PST_REACH, "reach", 0 },
{ CTL_PST_BCAST, "bcast", 0 },
/* not used with getcode(), no terminating entry needed */
};
@ -167,9 +168,9 @@ static const struct codestring peer_st_bits[] = {
* Restriction match bits
*/
static const struct codestring res_match_bits[] = {
{ RESM_NTPONLY, "ntpport" },
{ RESM_INTERFACE, "interface" },
{ RESM_SOURCE, "source" },
{ RESM_NTPONLY, "ntpport", 0 },
{ RESM_INTERFACE, "interface", 0 },
{ RESM_SOURCE, "source", 0 },
/* not used with getcode(), no terminating entry needed */
};
@ -177,18 +178,19 @@ static const struct codestring res_match_bits[] = {
* Restriction access bits
*/
static const struct codestring res_access_bits[] = {
{ RES_IGNORE, "ignore" },
{ RES_DONTSERVE, "noserve" },
{ RES_DONTTRUST, "notrust" },
{ RES_NOQUERY, "noquery" },
{ RES_NOMODIFY, "nomodify" },
{ RES_NOPEER, "nopeer" },
{ RES_NOTRAP, "notrap" },
{ RES_LPTRAP, "lptrap" },
{ RES_LIMITED, "limited" },
{ RES_VERSION, "version" },
{ RES_KOD, "kod" },
{ RES_FLAKE, "flake" },
{ RES_IGNORE, "ignore", 0 },
{ RES_DONTSERVE, "noserve", "serve" },
{ RES_DONTTRUST, "notrust", "trust" },
{ RES_NOQUERY, "noquery", "query" },
{ RES_NOMODIFY, "nomodify", 0 },
{ RES_NOPEER, "nopeer", "peer" },
{ RES_NOEPEER, "noepeer", "epeer" },
{ RES_NOTRAP, "notrap", "trap" },
{ RES_LPTRAP, "lptrap", 0 },
{ RES_LIMITED, "limited", 0 },
{ RES_VERSION, "version", 0 },
{ RES_KOD, "kod", 0 },
{ RES_FLAKE, "flake", 0 },
/* not used with getcode(), no terminating entry needed */
};
@ -197,23 +199,23 @@ static const struct codestring res_access_bits[] = {
* Crypto events (cryp)
*/
static const struct codestring crypto_codes[] = {
{ XEVNT_OK & ~CRPT_EVENT, "success" },
{ XEVNT_LEN & ~CRPT_EVENT, "bad_field_format_or_length" },
{ XEVNT_TSP & ~CRPT_EVENT, "bad_timestamp" },
{ XEVNT_FSP & ~CRPT_EVENT, "bad_filestamp" },
{ XEVNT_PUB & ~CRPT_EVENT, "bad_or_missing_public_key" },
{ XEVNT_MD & ~CRPT_EVENT, "unsupported_digest_type" },
{ XEVNT_KEY & ~CRPT_EVENT, "unsupported_identity_type" },
{ XEVNT_SGL & ~CRPT_EVENT, "bad_signature_length" },
{ XEVNT_SIG & ~CRPT_EVENT, "signature_not_verified" },
{ XEVNT_VFY & ~CRPT_EVENT, "certificate_not_verified" },
{ XEVNT_PER & ~CRPT_EVENT, "host_certificate_expired" },
{ XEVNT_CKY & ~CRPT_EVENT, "bad_or_missing_cookie" },
{ XEVNT_DAT & ~CRPT_EVENT, "bad_or_missing_leapseconds" },
{ XEVNT_CRT & ~CRPT_EVENT, "bad_or_missing_certificate" },
{ XEVNT_ID & ~CRPT_EVENT, "bad_or_missing_group key" },
{ XEVNT_ERR & ~CRPT_EVENT, "protocol_error" },
{ -1, "" }
{ XEVNT_OK & ~CRPT_EVENT, "success", 0 },
{ XEVNT_LEN & ~CRPT_EVENT, "bad_field_format_or_length", 0 },
{ XEVNT_TSP & ~CRPT_EVENT, "bad_timestamp", 0 },
{ XEVNT_FSP & ~CRPT_EVENT, "bad_filestamp", 0 },
{ XEVNT_PUB & ~CRPT_EVENT, "bad_or_missing_public_key", 0 },
{ XEVNT_MD & ~CRPT_EVENT, "unsupported_digest_type", 0 },
{ XEVNT_KEY & ~CRPT_EVENT, "unsupported_identity_type", 0 },
{ XEVNT_SGL & ~CRPT_EVENT, "bad_signature_length", 0 },
{ XEVNT_SIG & ~CRPT_EVENT, "signature_not_verified", 0 },
{ XEVNT_VFY & ~CRPT_EVENT, "certificate_not_verified", 0 },
{ XEVNT_PER & ~CRPT_EVENT, "host_certificate_expired", 0 },
{ XEVNT_CKY & ~CRPT_EVENT, "bad_or_missing_cookie", 0 },
{ XEVNT_DAT & ~CRPT_EVENT, "bad_or_missing_leapseconds", 0 },
{ XEVNT_CRT & ~CRPT_EVENT, "bad_or_missing_certificate", 0 },
{ XEVNT_ID & ~CRPT_EVENT, "bad_or_missing_group key", 0 },
{ XEVNT_ERR & ~CRPT_EVENT, "protocol_error", 0 },
{ -1, "", 0 }
};
#endif /* AUTOKEY */
@ -223,52 +225,52 @@ static const struct codestring crypto_codes[] = {
*/
static const struct codestring k_st_bits[] = {
# ifdef STA_PLL
{ STA_PLL, "pll" },
{ STA_PLL, "pll", 0 },
# endif
# ifdef STA_PPSFREQ
{ STA_PPSFREQ, "ppsfreq" },
{ STA_PPSFREQ, "ppsfreq", 0 },
# endif
# ifdef STA_PPSTIME
{ STA_PPSTIME, "ppstime" },
{ STA_PPSTIME, "ppstime", 0 },
# endif
# ifdef STA_FLL
{ STA_FLL, "fll" },
{ STA_FLL, "fll", 0 },
# endif
# ifdef STA_INS
{ STA_INS, "ins" },
{ STA_INS, "ins", 0 },
# endif
# ifdef STA_DEL
{ STA_DEL, "del" },
{ STA_DEL, "del", 0 },
# endif
# ifdef STA_UNSYNC
{ STA_UNSYNC, "unsync" },
{ STA_UNSYNC, "unsync", 0 },
# endif
# ifdef STA_FREQHOLD
{ STA_FREQHOLD, "freqhold" },
{ STA_FREQHOLD, "freqhold", 0 },
# endif
# ifdef STA_PPSSIGNAL
{ STA_PPSSIGNAL, "ppssignal" },
{ STA_PPSSIGNAL, "ppssignal", 0 },
# endif
# ifdef STA_PPSJITTER
{ STA_PPSJITTER, "ppsjitter" },
{ STA_PPSJITTER, "ppsjitter", 0 },
# endif
# ifdef STA_PPSWANDER
{ STA_PPSWANDER, "ppswander" },
{ STA_PPSWANDER, "ppswander", 0 },
# endif
# ifdef STA_PPSERROR
{ STA_PPSERROR, "ppserror" },
{ STA_PPSERROR, "ppserror", 0 },
# endif
# ifdef STA_CLOCKERR
{ STA_CLOCKERR, "clockerr" },
{ STA_CLOCKERR, "clockerr", 0 },
# endif
# ifdef STA_NANO
{ STA_NANO, "nano" },
{ STA_NANO, "nano", 0 },
# endif
# ifdef STA_MODE
{ STA_MODE, "mode=fll" },
{ STA_MODE, "mode=fll", 0 },
# endif
# ifdef STA_CLK
{ STA_CLK, "src=B" },
{ STA_CLK, "src=B", 0 },
# endif
/* not used with getcode(), no terminating entry needed */
};
@ -292,12 +294,12 @@ getcode(
while (codetab->code != -1) {
if (codetab->code == code)
return codetab->string;
return codetab->string1;
codetab++;
}
LIB_GETBUF(buf);
snprintf(buf, LIB_BUFLENGTH, "%s_%d", codetab->string, code);
snprintf(buf, LIB_BUFLENGTH, "%s_%d", codetab->string1, code);
return buf;
}
@ -354,10 +356,18 @@ decode_bitflags(
sep = "";
for (b = 0; b < tab_ct; b++) {
const char * flagstr;
if (tab[b].code & bits) {
flagstr = tab[b].string1;
} else {
flagstr = tab[b].string0;
}
if (flagstr) {
size_t avail = lim - pch;
rc = snprintf(pch, avail, "%s%s", sep,
tab[b].string);
flagstr);
if ((size_t)rc >= avail)
goto toosmall;
pch += rc;

338
libntp/systime.c
View File

@ -5,8 +5,10 @@
*
*/
#include <config.h>
#include <math.h>
#include "ntp.h"
#include "ntpd.h"
#include "ntp_syslog.h"
#include "ntp_stdlib.h"
#include "ntp_random.h"
@ -14,6 +16,7 @@
#include "timevalops.h"
#include "timespecops.h"
#include "ntp_calendar.h"
#include "lib_strbuf.h"
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
@ -28,6 +31,9 @@
int allow_panic = FALSE; /* allow panic correction (-g) */
int enable_panic_check = TRUE; /* Can we check allow_panic's state? */
u_long sys_lamport; /* Lamport violation */
u_long sys_tsrounding; /* timestamp rounding errors */
#ifndef USE_COMPILETIME_PIVOT
# define USE_COMPILETIME_PIVOT 1
#endif
@ -110,7 +116,10 @@ set_sys_fuzz(
sys_fuzz = fuzz_val;
INSIST(sys_fuzz >= 0);
INSIST(sys_fuzz <= 1.0);
sys_fuzz_nsec = (long)(sys_fuzz * 1e9 + 0.5);
/* [Bug 3450] ensure nsec fuzz >= sys_fuzz to reduce chance of
* short-falling fuzz advance
*/
sys_fuzz_nsec = (long)ceil(sys_fuzz * 1e9);
}
@ -168,13 +177,10 @@ get_systime(
static struct timespec ts_last; /* last sampled os time */
static struct timespec ts_prev; /* prior os time */
static l_fp lfp_prev; /* prior result */
static double dfuzz_prev; /* prior fuzz */
struct timespec ts; /* seconds and nanoseconds */
struct timespec ts_min; /* earliest permissible */
struct timespec ts_lam; /* lamport fictional increment */
struct timespec ts_prev_log; /* for msyslog only */
double dfuzz;
double ddelta;
l_fp result;
l_fp lfpfuzz;
l_fp lfpdelta;
@ -191,8 +197,10 @@ get_systime(
* introduce small steps backward. It should not be an issue on
* systems where get_ostime() results in a true syscall.)
*/
if (cmp_tspec(add_tspec_ns(ts, 50000000), ts_last) < 0)
if (cmp_tspec(add_tspec_ns(ts, 50000000), ts_last) < 0) {
lamport_violated = 1;
sys_lamport++;
}
ts_last = ts;
/*
@ -216,21 +224,16 @@ get_systime(
if (!lamport_violated)
ts = ts_min;
}
ts_prev_log = ts_prev;
ts_prev = ts;
} else {
/*
* Quiet "ts_prev_log.tv_sec may be used uninitialized"
* warning from x86 gcc 4.5.2.
*/
ZERO(ts_prev_log);
}
/* convert from timespec to l_fp fixed-point */
result = tspec_stamp_to_lfp(ts);
/*
* Add in the fuzz.
* Add in the fuzz. 'ntp_random()' returns [0..2**31-1] so we
* must scale up the result by 2.0 to cover the full fractional
* range.
*/
dfuzz = ntp_random() * 2. / FRAC * sys_fuzz;
DTOLFP(dfuzz, &lfpfuzz);
@ -240,30 +243,34 @@ get_systime(
* Ensure result is strictly greater than prior result (ignoring
* sys_residual's effect for now) once sys_fuzz has been
* determined.
*
* [Bug 3450] Rounding errors and time slew can lead to a
* violation of the expected postcondition. This is bound to
* happen from time to time (depending on state of the random
* generator, the current slew and the closeness of system time
* stamps drawn) and does not warrant a syslog entry. Instead it
* makes much more sense to ensure the postcondition and hop
* along silently.
*/
if (!USING_SIGIO()) {
if (!L_ISZERO(&lfp_prev) && !lamport_violated) {
if (!L_ISGTU(&result, &lfp_prev) &&
sys_fuzz > 0.) {
msyslog(LOG_ERR, "ts_prev %s ts_min %s",
tspectoa(ts_prev_log),
tspectoa(ts_min));
msyslog(LOG_ERR, "ts %s", tspectoa(ts));
msyslog(LOG_ERR, "sys_fuzz %ld nsec, prior fuzz %.9f",
sys_fuzz_nsec, dfuzz_prev);
msyslog(LOG_ERR, "this fuzz %.9f",
dfuzz);
lfpdelta = lfp_prev;
L_SUB(&lfpdelta, &result);
LFPTOD(&lfpdelta, ddelta);
msyslog(LOG_ERR,
"prev get_systime 0x%x.%08x is %.9f later than 0x%x.%08x",
lfp_prev.l_ui, lfp_prev.l_uf,
ddelta, result.l_ui, result.l_uf);
if ( !L_ISZERO(&lfp_prev)
&& !lamport_violated
&& (sys_fuzz > 0.0)
) {
lfpdelta = result;
L_SUB(&lfpdelta, &lfp_prev);
L_SUBUF(&lfpdelta, 1);
if (lfpdelta.l_i < 0)
{
L_NEG(&lfpdelta);
DPRINTF(1, ("get_systime: postcond failed by %s secs, fixed\n",
lfptoa(&lfpdelta, 9)));
result = lfp_prev;
L_ADDUF(&result, 1);
sys_tsrounding++;
}
}
lfp_prev = result;
dfuzz_prev = dfuzz;
if (lamport_violated)
lamport_violated = FALSE;
}
@ -362,105 +369,16 @@ adj_systime(
}
#endif
/*
* step_systime - step the system clock.
* helper to keep utmp/wtmp up to date
*/
int
step_systime(
double step
static void
update_uwtmp(
struct timeval timetv,
struct timeval tvlast
)
{
time_t pivot; /* for ntp era unfolding */
struct timeval timetv, tvlast, tvdiff;
struct timespec timets;
struct calendar jd;
l_fp fp_ofs, fp_sys; /* offset and target system time in FP */
/*
* Get pivot time for NTP era unfolding. Since we don't step
* very often, we can afford to do the whole calculation from
* scratch. And we're not in the time-critical path yet.
*/
#if SIZEOF_TIME_T > 4
/*
* This code makes sure the resulting time stamp for the new
* system time is in the 2^32 seconds starting at 1970-01-01,
* 00:00:00 UTC.
*/
pivot = 0x80000000;
#if USE_COMPILETIME_PIVOT
/*
* Add the compile time minus 10 years to get a possible target
* area of (compile time - 10 years) to (compile time + 126
* years). This should be sufficient for a given binary of
* NTPD.
*/
if (ntpcal_get_build_date(&jd)) {
jd.year -= 10;
pivot += ntpcal_date_to_time(&jd);
} else {
msyslog(LOG_ERR,
"step-systime: assume 1970-01-01 as build date");
}
#else
UNUSED_LOCAL(jd);
#endif /* USE_COMPILETIME_PIVOT */
#else
UNUSED_LOCAL(jd);
/* This makes sure the resulting time stamp is on or after
* 1969-12-31/23:59:59 UTC and gives us additional two years,
* from the change of NTP era in 2036 to the UNIX rollover in
* 2038. (Minus one second, but that won't hurt.) We *really*
* need a longer 'time_t' after that! Or a different baseline,
* but that would cause other serious trouble, too.
*/
pivot = 0x7FFFFFFF;
#endif
/* get the complete jump distance as l_fp */
DTOLFP(sys_residual, &fp_sys);
DTOLFP(step, &fp_ofs);
L_ADD(&fp_ofs, &fp_sys);
/* ---> time-critical path starts ---> */
/* get the current time as l_fp (without fuzz) and as struct timeval */
get_ostime(&timets);
fp_sys = tspec_stamp_to_lfp(timets);
tvlast.tv_sec = timets.tv_sec;
tvlast.tv_usec = (timets.tv_nsec + 500) / 1000;
/* get the target time as l_fp */
L_ADD(&fp_sys, &fp_ofs);
/* unfold the new system time */
timetv = lfp_stamp_to_tval(fp_sys, &pivot);
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "step-systime: %m");
if (enable_panic_check && allow_panic) {
msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
}
return FALSE;
}
/* <--- time-critical path ended with 'ntp_set_tod()' <--- */
sys_residual = 0;
lamport_violated = (step < 0);
if (step_callback)
(*step_callback)();
#ifdef NEED_HPUX_ADJTIME
/*
* CHECKME: is this correct when called by ntpdate?????
*/
_clear_adjtime();
#endif
struct timeval tvdiff;
/*
* FreeBSD, for example, has:
* struct utmp {
@ -589,6 +507,83 @@ step_systime(
#endif /* UPDATE_WTMPX */
}
}
/*
* step_systime - step the system clock.
*/
int
step_systime(
double step
)
{
time_t pivot; /* for ntp era unfolding */
struct timeval timetv, tvlast;
struct timespec timets;
l_fp fp_ofs, fp_sys; /* offset and target system time in FP */
/*
* Get pivot time for NTP era unfolding. Since we don't step
* very often, we can afford to do the whole calculation from
* scratch. And we're not in the time-critical path yet.
*/
#if SIZEOF_TIME_T > 4
pivot = basedate_get_eracenter();
#else
/* This makes sure the resulting time stamp is on or after
* 1969-12-31/23:59:59 UTC and gives us additional two years,
* from the change of NTP era in 2036 to the UNIX rollover in
* 2038. (Minus one second, but that won't hurt.) We *really*
* need a longer 'time_t' after that! Or a different baseline,
* but that would cause other serious trouble, too.
*/
pivot = 0x7FFFFFFF;
#endif
/* get the complete jump distance as l_fp */
DTOLFP(sys_residual, &fp_sys);
DTOLFP(step, &fp_ofs);
L_ADD(&fp_ofs, &fp_sys);
/* ---> time-critical path starts ---> */
/* get the current time as l_fp (without fuzz) and as struct timeval */
get_ostime(&timets);
fp_sys = tspec_stamp_to_lfp(timets);
tvlast.tv_sec = timets.tv_sec;
tvlast.tv_usec = (timets.tv_nsec + 500) / 1000;
/* get the target time as l_fp */
L_ADD(&fp_sys, &fp_ofs);
/* unfold the new system time */
timetv = lfp_stamp_to_tval(fp_sys, &pivot);
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "step-systime: %m");
if (enable_panic_check && allow_panic) {
msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
}
return FALSE;
}
/* <--- time-critical path ended with 'ntp_set_tod()' <--- */
sys_residual = 0;
lamport_violated = (step < 0);
if (step_callback)
(*step_callback)();
#ifdef NEED_HPUX_ADJTIME
/*
* CHECKME: is this correct when called by ntpdate?????
*/
_clear_adjtime();
#endif
update_uwtmp(timetv, tvlast);
if (enable_panic_check && allow_panic) {
msyslog(LOG_ERR, "step_systime: allow_panic is TRUE!");
INSIST(!allow_panic);
@ -596,4 +591,93 @@ step_systime(
return TRUE;
}
static const char *
tv_fmt_libbuf(
const struct timeval * ptv
)
{
char * retv;
vint64 secs;
ntpcal_split dds;
struct calendar jd;
secs = time_to_vint64(&ptv->tv_sec);
dds = ntpcal_daysplit(&secs);
ntpcal_daysplit_to_date(&jd, &dds, DAY_UNIX_STARTS);
LIB_GETBUF(retv);
snprintf(retv, LIB_BUFLENGTH,
"%04hu-%02hu-%02hu/%02hu:%02hu:%02hu.%06u",
jd.year, (u_short)jd.month, (u_short)jd.monthday,
(u_short)jd.hour, (u_short)jd.minute, (u_short)jd.second,
(u_int)ptv->tv_usec);
return retv;
}
int /*BOOL*/
clamp_systime(void)
{
#if SIZEOF_TIME_T > 4
struct timeval timetv, tvlast;
struct timespec timets;
uint32_t tdiff;
timetv.tv_sec = basedate_get_erabase();
/* ---> time-critical path starts ---> */
/* get the current time as l_fp (without fuzz) and as struct timeval */
get_ostime(&timets);
tvlast.tv_sec = timets.tv_sec;
tvlast.tv_usec = (timets.tv_nsec + 500) / 1000;
if (tvlast.tv_usec >= 1000000) {
tvlast.tv_usec -= 1000000;
tvlast.tv_sec += 1;
}
timetv.tv_usec = tvlast.tv_usec;
tdiff = (uint32_t)(tvlast.tv_sec & UINT32_MAX) -
(uint32_t)(timetv.tv_sec & UINT32_MAX);
timetv.tv_sec += tdiff;
if (timetv.tv_sec != tvlast.tv_sec) {
/* now set new system time */
if (ntp_set_tod(&timetv, NULL) != 0) {
msyslog(LOG_ERR, "clamp-systime: %m");
return FALSE;
}
} else {
msyslog(LOG_INFO,
"clamp-systime: clock (%s) in allowed range",
tv_fmt_libbuf(&timetv));
return FALSE;
}
/* <--- time-critical path ended with 'ntp_set_tod()' <--- */
sys_residual = 0;
lamport_violated = (timetv.tv_sec < tvlast.tv_sec);
if (step_callback)
(*step_callback)();
# ifdef NEED_HPUX_ADJTIME
/*
* CHECKME: is this correct when called by ntpdate?????
*/
_clear_adjtime();
# endif
update_uwtmp(timetv, tvlast);
msyslog(LOG_WARNING,
"clamp-systime: clock stepped from %s to %s!",
tv_fmt_libbuf(&tvlast), tv_fmt_libbuf(&timetv));
return TRUE;
#else
return 0;
#endif
}
#endif /* !SIM */

2
libntp/work_thread.c
View File

@ -27,7 +27,7 @@
#define CHILD_GONE_RESP CHILD_EXIT_REQ
/* Queue size increments:
* The request queue grows a bit faster than the response queue -- the
* deamon can push requests and pull results faster on avarage than the
* daemon can push requests and pull results faster on avarage than the
* worker can process requests and push results... If this really pays
* off is debatable.
*/

2
libparse/Makefile.in
View File

@ -102,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -1007,7 +1008,6 @@ check-libparse: $(noinst_LIBRARIES)
@: do-nothing action to avoid default SCCS get
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

2
ntpd/Makefile.in
View File

@ -109,6 +109,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -1856,7 +1857,6 @@ check-libopts: ../sntp/libopts/libopts.la
-cd ../sntp/libopts && $(MAKE) $(AM_MAKEFLAGS) libopts.la
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

16
ntpd/complete.conf.in
View File

@ -46,14 +46,14 @@ manycastserver 224.0.1.1 ff05::101
multicastclient 224.0.1.1 ff05::101
mru maxage 64 mindepth 600 initalloc 600 initmem 16 incalloc 99 incmem 4 maxdepth 1024 maxmem 4096
discard minimum 1 average 3 monitor 3000
restrict default
restrict default nomodify limited kod noserve nomrulist
restrict source
restrict source nomodify limited kod
restrict trusted.host.name.example.com. nomodify
restrict [fe80::1] mask [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
restrict 127.0.0.1 mask 255.255.255.255
restrict ::1
restrict default ippeerlimit -1
restrict default ippeerlimit 0 nomodify limited kod noserve nomrulist
restrict source ippeerlimit 1
restrict source ippeerlimit 2 nomodify limited kod
restrict trusted.host.name.example.com. ippeerlimit -1 nomodify
restrict [fe80::1] mask [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ippeerlimit -1
restrict 127.0.0.1 mask 255.255.255.255 ippeerlimit -1
restrict ::1 ippeerlimit -1
interface drop ipv6
interface ignore ipv4
interface drop wildcard

290
ntpd/invoke-ntp.conf.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
#
# It has been AutoGen-ed March 21, 2017 at 10:44:16 AM by AutoGen 5.18.5
# It has been AutoGen-ed February 27, 2018 at 05:14:34 PM by AutoGen 5.18.5
# From the definitions ntp.conf.def
# and the template file agtexi-file.tpl
@end ignore
@ -1462,7 +1462,7 @@ The
@code{monitor}
subcommand specifies the probability of discard
for packets that overflow the rate-control window.
@item @code{restrict} @code{address} @code{[@code{mask} @kbd{mask}]} @code{[@kbd{flag} @kbd{...}]}
@item @code{restrict} @code{address} @code{[@code{mask} @kbd{mask}]} @code{[@code{ippeerlimit} @kbd{int}]} @code{[@kbd{flag} @kbd{...}]}
The
@kbd{address}
argument expressed in
@ -1486,6 +1486,15 @@ Note that text string
@code{default},
with no mask option, may
be used to indicate the default entry.
The
@code{ippeerlimit}
directive limits the number of peer requests for each IP to
@kbd{int},
where a value of -1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
@code{flag}
always
@ -1536,6 +1545,18 @@ basis, with later trap requestors being denied service.
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
@item @code{noepeer}
Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
@file{ntp.keys}
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
@code{noepeer}
to become the default in ntp-4.4.
@item @code{nomodify}
Deny
@code{ntpq(1ntpqmdoc)}
@ -1553,10 +1574,10 @@ and
queries.
Time service is not affected.
@item @code{nopeer}
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
@code{pool}
associations, so if you want to use servers from a
@ -1564,8 +1585,9 @@ associations, so if you want to use servers from a
directive and also want to use
@code{nopeer}
by default, you'll want a
@code{restrict source ...} @code{line} @code{as} @code{well} @code{that} @code{does}
@item not
@code{restrict source ...}
line as well that does
@emph{not}
include the
@code{nopeer}
directive.
@ -1937,9 +1959,10 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
@end table
@subsubsection Manycast Options
@table @asis
@item @code{tos} @code{[@code{ceiling} @kbd{ceiling} | @code{cohort} @code{@{} @code{0} | @code{1} @code{@}} | @code{floor} @kbd{floor} | @code{minclock} @kbd{minclock} | @code{minsane} @kbd{minsane}]}
@ -2255,7 +2278,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
@file{/usr/share/doc/ntp}).
@file{/usr/share/doc/ntp} @file{).}
@item @code{stratum} @kbd{int}
Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
@ -2516,6 +2539,69 @@ This option is useful for sites that run
@code{ntpd(1ntpdmdoc)}
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
@item @code{interface} @code{[@code{listen} | @code{ignore} | @code{drop}]} @code{[@code{all} | @code{ipv4} | @code{ipv6} | @code{wildcard} @kbd{name} | @kbd{address} @code{[@code{/} @kbd{prefixlen}]}]}
The
@code{interface}
directive controls which network addresses
@code{ntpd(1ntpdmdoc)}
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
@kbd{prefixlen}
determines how many bits must match for this rule to apply.
@code{ignore}
prevents opening matching addresses,
@code{drop}
causes
@code{ntpd(1ntpdmdoc)}
to open the address and drop all received packets without examination.
Multiple
@code{interface}
directives can be used.
The last rule which matches a particular address determines the action for it.
@code{interface}
directives are disabled if any
@code{-I},
@code{--interface},
@code{-L},
or
@code{--novirtualips}
command-line options are specified in the configuration file,
all available network addresses are opened.
The
@code{nic}
directive is an alias for
@code{interface}.
@item @code{leapfile} @kbd{leapfile}
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
@code{https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list}
or
@code{ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list}.
The
@code{leapfile}
is scanned when
@code{ntpd(1ntpdmdoc)}
processes the
@code{leapfile} @code{directive} @code{or} @code{when}
@code{ntpd} @code{detects} @code{that} @code{the}
@kbd{leapfile}
has changed.
@code{ntpd}
checks once a day to see if the
@kbd{leapfile}
has changed.
The
@code{update-leap(1update_leapmdoc)}
script can be run to see if the
@kbd{leapfile}
should be updated.
@item @code{leapsmearinterval} @kbd{seconds}
This EXPERIMENTAL option is only available if
@code{ntpd(1ntpdmdoc)}
@ -2606,6 +2692,146 @@ facility.
This is the same operation as the
@code{-l}
command line option.
@item @code{mru} @code{[@code{maxdepth} @kbd{count} | @code{maxmem} @kbd{kilobytes} | @code{mindepth} @kbd{count} | @code{maxage} @kbd{seconds} | @code{initialloc} @kbd{count} | @code{initmem} @kbd{kilobytes} | @code{incalloc} @kbd{count} | @code{incmem} @kbd{kilobytes}]}
Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
@table @asis
@item @code{maxdepth} @kbd{count}
@item @code{maxmem} @kbd{kilobytes}
Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
@code{incalloc}
entries or
@code{incmem}
kilobytes larger.
As with all of the
@code{mru}
options offered in units of entries or kilobytes, if both
@code{maxdepth}
and
@code{maxmem} @code{are} @code{used,} @code{the} @code{last} @code{one} @code{used} @code{controls.}
The default is 1024 kilobytes.
@item @code{mindepth} @kbd{count}
Lower limit on the MRU list size.
When the MRU list has fewer than
@code{mindepth}
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
@item @code{maxage} @kbd{seconds}
Once the MRU list has
@code{mindepth}
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
@code{maxage}
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
@code{maxdepth} @code{/} @code{moxmem}.
The default is 64 seconds.
@item @code{initalloc} @kbd{count}
@item @code{initmem} @kbd{kilobytes}
Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
@item @code{incalloc} @kbd{count}
@item @code{incmem} @kbd{kilobytes}
Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
@end table
@item @code{nonvolatile} @kbd{threshold}
Specify the
@kbd{threshold}
delta in seconds before an hourly change to the
@code{driftfile}
(frequency file) will be written, with a default value of 1e-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
@code{threshold}
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
@item @code{phone} @kbd{dial} @kbd{...}
This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 - 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 - 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
@item @code{reset} @code{[@code{allpeers}]} @code{[@code{auth}]} @code{[@code{ctl}]} @code{[@code{io}]} @code{[@code{mem}]} @code{[@code{sys}]} @code{[@code{timer}]}
Reset one or more groups of counters maintained by
@code{ntpd}
and exposed by
@code{ntpq}
and
@code{ntpdc}.
@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]}
@table @asis
@item @code{memlock} @kbd{Nmegabytes}
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
@code{-i}
option).
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
@item @code{stacksize} @kbd{N4kPages}
Specifies the maximum size of the process stack on systems with the
@code{mlockall()}
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
@item @code{filenum} @kbd{Nfiledescriptors}
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
@end table
@item @code{saveconfigdir} @kbd{directory_path}
Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
@code{saveconfig}
command.
If
@code{saveconfigdir}
does not appear in the configuration file,
@code{saveconfig}
requests are rejected by
@code{ntpd}.
@item @code{saveconfig} @kbd{filename}
Write the current configuration, including any runtime
modifications given with
@code{:config}
or
@code{config-from-file}
to the
@code{ntpd}
host's
@kbd{filename}
in the
@code{saveconfigdir}.
This command will be rejected unless the
@code{saveconfigdir}
directive appears in
.Cm ntpd 's
configuration file.
@kbd{filename}
can use
@code{strftime(3)}
format directives to substitute the current date and time,
for example,
@code{saveconfig\ ntp-%Y%m%d-%H%M%S.conf}.
The filename used is stored in the system variable
@code{savedconfig}.
Authentication is required.
@item @code{setvar} @kbd{variable} @code{[@code{default}]}
This command adds an additional system variable.
These
@ -2638,6 +2864,10 @@ holds
the names of all peer variables and the
@code{clock_var_list}
holds the names of the reference clock variables.
@item @code{sysinfo}
Display operational summary.
@item @code{sysstats}
Show statistics counters maintained in the protocol module.
@item @code{tinker} @code{[@code{allan} @kbd{allan} | @code{dispersion} @kbd{dispersion} | @code{freq} @kbd{freq} | @code{huffpuff} @kbd{huffpuff} | @code{panic} @kbd{panic} | @code{step} @kbd{step} | @code{stepback} @kbd{stepback} | @code{stepfwd} @kbd{stepfwd} | @code{stepout} @kbd{stepout}]}
This command can be used to alter several system variables in
very exceptional circumstances.
@ -2715,27 +2945,18 @@ be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
@end table
@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]}
@table @asis
@item @code{memlock} @kbd{Nmegabytes}
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
@code{-i}
option).
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
@item @code{stacksize} @kbd{N4kPages}
Specifies the maximum size of the process stack on systems with the
@code{mlockall()}
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
@item @code{filenum} @kbd{Nfiledescriptors}
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
@end table
@item @code{writevar} @kbd{assocID\ name} @kbd{=} @kbd{value} @kbd{[,...]}
Write (create or update) the specified variables.
If the
@code{assocID}
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
@code{assocID}
is required, as the same name can occur in both name spaces.
@item @code{trap} @kbd{host_address} @code{[@code{port} @kbd{port_number}]} @code{[@code{interface} @kbd{interface_address}]}
This command configures a trap receiver at the given host
address and port number for sending messages with the specified
@ -2747,6 +2968,13 @@ message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
@item @code{ttl} @kbd{hop} @kbd{...}
This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
@code{manycast}
mode these values are used in-turn in an expanding-ring search.
The default is eight multiples of 32 starting at 31.
The trap receiver will generally log event messages and other
information from the server in a log file.

14
ntpd/invoke-ntp.keys.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
#
# It has been AutoGen-ed March 21, 2017 at 10:31:04 AM by AutoGen 5.18.5
# It has been AutoGen-ed February 27, 2018 at 05:14:37 PM by AutoGen 5.18.5
# From the definitions ntp.keys.def
# and the template file agtexi-file.tpl
@end ignore
@ -45,16 +45,24 @@ where
is a positive integer (between 1 and 65534),
@kbd{type}
is the message digest algorithm,
and
@kbd{key}
is the key itself, and
@kbd{opt_IP_list}
is an optional comma-separated list of IPs
where the
@kbd{keyno}
should be trusted.
that are allowed to serve time.
Each IP in
@kbd{opt_IP_list}
may contain an optional
@code{/subnetbits}
specification which identifies the number of bits for
the desired subnet of trust.
If
@kbd{opt_IP_list}
is empty,
any properly-authenticated server message will be
any properly-authenticated message will be
accepted.
The

4
ntpd/invoke-ntpd.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
#
# It has been AutoGen-ed March 21, 2017 at 10:44:20 AM by AutoGen 5.18.5
# It has been AutoGen-ed February 27, 2018 at 05:14:39 PM by AutoGen 5.18.5
# From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -142,7 +142,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpd - NTP daemon program - Ver. 4.2.8p10-beta
ntpd - NTP daemon program - Ver. 4.2.8p11
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ]
Flg Arg Option-Name Description

2
ntpd/keyword-gen-utd
View File

@ -1 +1 @@
* Generated 2016-11-09 11:39:28 UTC diff_ignore_line
* Generated 2018-01-14 03:53:33 UTC diff_ignore_line

4
ntpd/keyword-gen.c
View File

@ -153,11 +153,15 @@ struct key_tok ntp_keywords[] = {
{ "orphan", T_Orphan, FOLLBY_TOKEN },
{ "orphanwait", T_Orphanwait, FOLLBY_TOKEN },
{ "nonvolatile", T_Nonvolatile, FOLLBY_TOKEN },
{ "basedate", T_Basedate, FOLLBY_STRING },
/* access_control_flag */
{ "default", T_Default, FOLLBY_TOKEN },
{ "source", T_Source, FOLLBY_TOKEN },
{ "epeer", T_Epeer, FOLLBY_TOKEN },
{ "noepeer", T_Noepeer, FOLLBY_TOKEN },
{ "flake", T_Flake, FOLLBY_TOKEN },
{ "ignore", T_Ignore, FOLLBY_TOKEN },
{ "ippeerlimit", T_Ippeerlimit, FOLLBY_TOKEN },
{ "limited", T_Limited, FOLLBY_TOKEN },
{ "mssntp", T_Mssntp, FOLLBY_TOKEN },
{ "kod", T_Kod, FOLLBY_TOKEN },

340
ntpd/ntp.conf.5man
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5man "21 Mar 2017" "4.2.8p10-beta" "File Formats"
.TH ntp.conf 5man "27 Feb 2018" "4.2.8p11" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-UAaqtC/ag-6AaisC)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:30:48 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -1665,7 +1665,7 @@ The
subcommand specifies the probability of discard
for packets that overflow the rate-control window.
.TP 7
.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
The
\f\*[I-Font]address\f[]
argument expressed in
@ -1689,6 +1689,15 @@ Note that text string
\f\*[B-Font]default\f[],
with no mask option, may
be used to indicate the default entry.
The
\f\*[B-Font]ippeerlimit\f[]
directive limits the number of peer requests for each IP to
\f\*[I-Font]int\f[],
where a value of \-1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
\f\*[B-Font]flag\f[]
always
@ -1744,6 +1753,19 @@ This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
.TP 7
.NOP \f\*[B-Font]noepeer\f[]
Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
\fIntp.keys\f[]
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
\f\*[B-Font]noepeer\f[]
to become the default in ntp-4.4.
.TP 7
.NOP \f\*[B-Font]nomodify\f[]
Deny
\fCntpq\f[]\fR(1ntpqmdoc)\f[]
@ -1763,10 +1785,10 @@ queries.
Time service is not affected.
.TP 7
.NOP \f\*[B-Font]nopeer\f[]
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
\f\*[B-Font]pool\f[]
associations, so if you want to use servers from a
@ -1774,9 +1796,9 @@ associations, so if you want to use servers from a
directive and also want to use
\f\*[B-Font]nopeer\f[]
by default, you'll want a
\f\*[B-Font]restrict source ...\f[] \f\*[B-Font]line\f[] \f\*[B-Font]as\f[] \f\*[B-Font]well\f[] \f\*[B-Font]that\f[] \f\*[B-Font]does\f[]
.TP 7
.NOP not
\f\*[B-Font]restrict source ...\f[]
line as well that does
\fInot\f[]
include the
\f\*[B-Font]nopeer\f[]
directive.
@ -2186,11 +2208,11 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.PP
.SS Manycast Options
.RS
.TP 7
.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
This command affects the clock selection and clustering
@ -2260,7 +2282,7 @@ In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
.RE
.PP
.SH Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
@ -2427,7 +2449,6 @@ option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
.SS Reference Clock Commands
.RS
.TP 7
.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
This command can be used to configure reference clocks in
@ -2528,7 +2549,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
\fI/usr/share/doc/ntp\f[]).
\fI/usr/share/doc/ntp\f[] \fI).\f[]
.TP 7
.NOP \f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]
Specifies the stratum number assigned to the driver, an integer
@ -2576,9 +2597,8 @@ Further information on the
command can be found in
\fIMonitoring\f[] \fIOptions\f[].
.RE
.RE
.PP
.SH Miscellaneous Options
.RS
.TP 7
.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
The broadcast and multicast modes require a special calibration
@ -2817,6 +2837,71 @@ This option is useful for sites that run
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
.TP 7
.NOP \f\*[B-Font]interface\f[] [\f\*[B-Font]listen\f[] | \f\*[B-Font]ignore\f[] | \f\*[B-Font]drop\f[]] [\f\*[B-Font]all\f[] | \f\*[B-Font]ipv4\f[] | \f\*[B-Font]ipv6\f[] | \f\*[B-Font]wildcard\f[] \f\*[I-Font]name\f[] | \f\*[I-Font]address\f[] [\f\*[B-Font]/\f[] \f\*[I-Font]prefixlen\f[]]]
The
\f\*[B-Font]interface\f[]
directive controls which network addresses
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
\f\*[I-Font]prefixlen\f[]
determines how many bits must match for this rule to apply.
\f\*[B-Font]ignore\f[]
prevents opening matching addresses,
\f\*[B-Font]drop\f[]
causes
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
to open the address and drop all received packets without examination.
Multiple
\f\*[B-Font]interface\f[]
directives can be used.
The last rule which matches a particular address determines the action for it.
\f\*[B-Font]interface\f[]
directives are disabled if any
\f\*[B-Font]\-I\f[],
\f\*[B-Font]\-\-interface\f[],
\f\*[B-Font]\-L\f[],
or
\f\*[B-Font]\-\-novirtualips\f[]
command-line options are specified in the configuration file,
all available network addresses are opened.
The
\f\*[B-Font]nic\f[]
directive is an alias for
\f\*[B-Font]interface\f[].
.TP 7
.NOP \f\*[B-Font]leapfile\f[] \f\*[I-Font]leapfile\f[]
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
\f[C]https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list\f[]
or
\f[C]ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list\f[].
The
\f\*[B-Font]leapfile\f[]
is scanned when
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
processes the
\f\*[B-Font]leapfile\f[] \f\*[B-Font]directive\f[] \f\*[B-Font]or\f[] \f\*[B-Font]when\f[]
\f\*[B-Font]ntpd\f[] \f\*[B-Font]detects\f[] \f\*[B-Font]that\f[] \f\*[B-Font]the\f[]
\f\*[I-Font]leapfile\f[]
has changed.
\f\*[B-Font]ntpd\f[]
checks once a day to see if the
\f\*[I-Font]leapfile\f[]
has changed.
The
\fCupdate-leap\f[]\fR(1update_leapmdoc)\f[]
script can be run to see if the
\f\*[I-Font]leapfile\f[]
should be updated.
.TP 7
.NOP \f\*[B-Font]leapsmearinterval\f[] \f\*[I-Font]seconds\f[]
This EXPERIMENTAL option is only available if
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
@ -2922,6 +3007,164 @@ This is the same operation as the
\f\*[B-Font]\-l\f[]
command line option.
.TP 7
.NOP \f\*[B-Font]mru\f[] [\f\*[B-Font]maxdepth\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]maxmem\f[] \f\*[I-Font]kilobytes\f[] | \f\*[B-Font]mindepth\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]maxage\f[] \f\*[I-Font]seconds\f[] | \f\*[B-Font]initialloc\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]initmem\f[] \f\*[I-Font]kilobytes\f[] | \f\*[B-Font]incalloc\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]incmem\f[] \f\*[I-Font]kilobytes\f[]]
Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
.RS
.TP 7
.NOP \f\*[B-Font]maxdepth\f[] \f\*[I-Font]count\f[]
.TP 7
.NOP \f\*[B-Font]maxmem\f[] \f\*[I-Font]kilobytes\f[]
Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
\f\*[B-Font]incalloc\f[]
entries or
\f\*[B-Font]incmem\f[]
kilobytes larger.
As with all of the
\f\*[B-Font]mru\f[]
options offered in units of entries or kilobytes, if both
\f\*[B-Font]maxdepth\f[]
and
\f\*[B-Font]maxmem\f[] \f\*[B-Font]are\f[] \f\*[B-Font]used,\f[] \f\*[B-Font]the\f[] \f\*[B-Font]last\f[] \f\*[B-Font]one\f[] \f\*[B-Font]used\f[] \f\*[B-Font]controls.\f[]
The default is 1024 kilobytes.
.TP 7
.NOP \f\*[B-Font]mindepth\f[] \f\*[I-Font]count\f[]
Lower limit on the MRU list size.
When the MRU list has fewer than
\f\*[B-Font]mindepth\f[]
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
.TP 7
.NOP \f\*[B-Font]maxage\f[] \f\*[I-Font]seconds\f[]
Once the MRU list has
\f\*[B-Font]mindepth\f[]
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
\f\*[B-Font]maxage\f[]
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
\f\*[B-Font]maxdepth\f[] \f\*[B-Font]/\f[] \f\*[B-Font]moxmem\f[].
The default is 64 seconds.
.TP 7
.NOP \f\*[B-Font]initalloc\f[] \f\*[I-Font]count\f[]
.TP 7
.NOP \f\*[B-Font]initmem\f[] \f\*[I-Font]kilobytes\f[]
Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
.TP 7
.NOP \f\*[B-Font]incalloc\f[] \f\*[I-Font]count\f[]
.TP 7
.NOP \f\*[B-Font]incmem\f[] \f\*[I-Font]kilobytes\f[]
Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
.RE
.TP 7
.NOP \f\*[B-Font]nonvolatile\f[] \f\*[I-Font]threshold\f[]
Specify the
\f\*[I-Font]threshold\f[]
delta in seconds before an hourly change to the
\f\*[B-Font]driftfile\f[]
(frequency file) will be written, with a default value of 1e-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
\f\*[B-Font]threshold\f[]
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
.TP 7
.NOP \f\*[B-Font]phone\f[] \f\*[I-Font]dial\f[] \f\*[I-Font]...\f[]
This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 \- 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 \- 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
.TP 7
.NOP \f\*[B-Font]reset\f[] [\f\*[B-Font]allpeers\f[]] [\f\*[B-Font]auth\f[]] [\f\*[B-Font]ctl\f[]] [\f\*[B-Font]io\f[]] [\f\*[B-Font]mem\f[]] [\f\*[B-Font]sys\f[]] [\f\*[B-Font]timer\f[]]
Reset one or more groups of counters maintained by
\f\*[B-Font]ntpd\f[]
and exposed by
\f\*[B-Font]ntpq\f[]
and
\f\*[B-Font]ntpdc\f[].
.TP 7
.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
.RS
.TP 7
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
\fBmlockall\f[]\fR()\f[]
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.TP 7
.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.RE
.TP 7
.NOP \f\*[B-Font]saveconfigdir\f[] \f\*[I-Font]directory_path\f[]
Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
\f\*[B-Font]saveconfig\f[]
command.
If
\f\*[B-Font]saveconfigdir\f[]
does not appear in the configuration file,
\f\*[B-Font]saveconfig\f[]
requests are rejected by
\f\*[B-Font]ntpd\f[].
.TP 7
.NOP \f\*[B-Font]saveconfig\f[] \f\*[I-Font]filename\f[]
Write the current configuration, including any runtime
modifications given with
\f\*[B-Font]:config\f[]
or
\f\*[B-Font]config-from-file\f[]
to the
\f\*[B-Font]ntpd\f[]
host's
\f\*[I-Font]filename\f[]
in the
\f\*[B-Font]saveconfigdir\f[].
This command will be rejected unless the
\f\*[B-Font]saveconfigdir\f[]
directive appears in
.Cm ntpd 's
configuration file.
\f\*[I-Font]filename\f[]
can use
\fCstrftime\f[]\fR(3)\f[]
format directives to substitute the current date and time,
for example,
\f\*[B-Font]saveconfig\ ntp-%Y%m%d-%H%M%S.conf\f[].
The filename used is stored in the system variable
\f\*[B-Font]savedconfig\f[].
Authentication is required.
.TP 7
.NOP \f\*[B-Font]setvar\f[] \f\*[I-Font]variable\f[] [\f\*[B-Font]default\f[]]
This command adds an additional system variable.
These
@ -2955,6 +3198,12 @@ the names of all peer variables and the
\fIclock_var_list\f[]
holds the names of the reference clock variables.
.TP 7
.NOP \f\*[B-Font]sysinfo\f[]
Display operational summary.
.TP 7
.NOP \f\*[B-Font]sysstats\f[]
Show statistics counters maintained in the protocol module.
.TP 7
.NOP \f\*[B-Font]tinker\f[] [\f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] | \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] | \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] | \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] | \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] | \f\*[B-Font]step\f[] \f\*[I-Font]step\f[] | \f\*[B-Font]stepback\f[] \f\*[I-Font]stepback\f[] | \f\*[B-Font]stepfwd\f[] \f\*[I-Font]stepfwd\f[] | \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]]
This command can be used to alter several system variables in
very exceptional circumstances.
@ -3044,30 +3293,18 @@ If set to zero, the stepout
pulses will not be suppressed.
.RE
.TP 7
.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
.RS
.TP 7
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
\fBmlockall\f[]\fR()\f[]
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.TP 7
.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.RE
.NOP \f\*[B-Font]writevar\f[] \f\*[I-Font]assocID\ name\f[] \f\*[I-Font]=\f[] \f\*[I-Font]value\f[] \f\*[I-Font][,...]\f[]
Write (create or update) the specified variables.
If the
\f\*[B-Font]assocID\f[]
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
\f\*[B-Font]assocID\f[]
is required, as the same name can occur in both name spaces.
.TP 7
.NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]]
This command configures a trap receiver at the given host
@ -3080,6 +3317,14 @@ message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
.TP 7
.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[]
This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
\f\*[B-Font]manycast\f[]
mode these values are used in-turn in an expanding-ring search.
The default is eight multiples of 32 starting at 31.
.sp \n(Ppu
.ne 2
@ -3097,9 +3342,8 @@ In manycast mode these values are used in turn in
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
.RE
.PP
.SH "OPTIONS"
.RS
.TP
.NOP \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
@ -3111,7 +3355,7 @@ Pass the extended usage information through a pager.
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.RE
.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
@ -3122,7 +3366,6 @@ by loading values from environment variables named:
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
.RS
.TP 15
.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
@ -3146,10 +3389,9 @@ RSA public key
.TP 15
.NOP \fIntp_dh\f[]
Diffie-Hellman agreement parameters
.RE
.PP
.SH "EXIT STATUS"
One of the following exit values will be returned:
.RS
.TP
.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
@ -3160,7 +3402,7 @@ The operation failed or the command syntax was not valid.
.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.RE
.PP
.SH "SEE ALSO"
\fCntpd\f[]\fR(1ntpdmdoc)\f[],
\fCntpdc\f[]\fR(1ntpdcmdoc)\f[],

342
ntpd/ntp.conf.5mdoc
View File

@ -1,9 +1,9 @@
.Dd March 21 2017
.Dd February 27 2018
.Dt NTP_CONF 5mdoc File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:31:09 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -1532,6 +1532,7 @@ subcommand specifies the probability of discard
for packets that overflow the rate\-control window.
.It Xo Ic restrict address
.Op Cm mask Ar mask
.Op Cm ippeerlimit Ar int
.Op Ar flag ...
.Xc
The
@ -1557,6 +1558,15 @@ Note that text string
.Cm default ,
with no mask option, may
be used to indicate the default entry.
The
.Cm ippeerlimit
directive limits the number of peer requests for each IP to
.Ar int ,
where a value of \-1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
.Cm flag
always
@ -1607,6 +1617,18 @@ basis, with later trap requestors being denied service.
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
.It Cm noepeer
Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
.Pa ntp.keys
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
.Cm noepeer
to become the default in ntp\-4.4.
.It Cm nomodify
Deny
.Xr ntpq 1ntpqmdoc
@ -1624,10 +1646,10 @@ and
queries.
Time service is not affected.
.It Cm nopeer
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
.Cm pool
associations, so if you want to use servers from a
@ -1635,8 +1657,9 @@ associations, so if you want to use servers from a
directive and also want to use
.Cm nopeer
by default, you'll want a
.Cm "restrict source ..." line as well that does
.It not
.Cm "restrict source ..."
line as well that does
.Em not
include the
.Cm nopeer
directive.
@ -2011,9 +2034,10 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.El
.Ss Manycast Options
.Bl -tag -width indent
.It Xo Ic tos
@ -2359,7 +2383,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
.Pa /usr/share/doc/ntp ) .
.Pa /usr/share/doc/ntp ).
.It Cm stratum Ar int
Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
@ -2637,6 +2661,79 @@ This option is useful for sites that run
.Xr ntpd 1ntpdmdoc
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
.It Xo Ic interface
.Oo
.Cm listen | Cm ignore | Cm drop
.Oc
.Oo
.Cm all | Cm ipv4 | Cm ipv6 | Cm wildcard
.Ar name | Ar address
.Oo Cm / Ar prefixlen
.Oc
.Oc
.Xc
The
.Cm interface
directive controls which network addresses
.Xr ntpd 1ntpdmdoc
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
.Ar prefixlen
determines how many bits must match for this rule to apply.
.Cm ignore
prevents opening matching addresses,
.Cm drop
causes
.Xr ntpd 1ntpdmdoc
to open the address and drop all received packets without examination.
Multiple
.Cm interface
directives can be used.
The last rule which matches a particular address determines the action for it.
.Cm interface
directives are disabled if any
.Fl I ,
.Fl \-interface ,
.Fl L ,
or
.Fl \-novirtualips
command\-line options are specified in the configuration file,
all available network addresses are opened.
The
.Cm nic
directive is an alias for
.Cm interface .
.It Ic leapfile Ar leapfile
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
.Li https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap\-seconds.list
or
.Li ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap\-seconds.list .
The
.Cm leapfile
is scanned when
.Xr ntpd 1ntpdmdoc
processes the
.Cm leapfile directive or when
.Cm ntpd detects that the
.Ar leapfile
has changed.
.Cm ntpd
checks once a day to see if the
.Ar leapfile
has changed.
The
.Xr update\-leap 1update_leapmdoc
script can be run to see if the
.Ar leapfile
should be updated.
.It Ic leapsmearinterval Ar seconds
This EXPERIMENTAL option is only available if
.Xr ntpd 1ntpdmdoc
@ -2741,6 +2838,181 @@ facility.
This is the same operation as the
.Fl l
command line option.
.It Xo Ic mru
.Oo
.Cm maxdepth Ar count | Cm maxmem Ar kilobytes |
.Cm mindepth Ar count | Cm maxage Ar seconds |
.Cm initialloc Ar count | Cm initmem Ar kilobytes |
.Cm incalloc Ar count | Cm incmem Ar kilobytes
.Oc
.Xc
Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
.Bl -tag -width indent
.It Ic maxdepth Ar count
.It Ic maxmem Ar kilobytes
Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
.Cm incalloc
entries or
.Cm incmem
kilobytes larger.
As with all of the
.Cm mru
options offered in units of entries or kilobytes, if both
.Cm maxdepth
and
.Cm maxmem are used, the last one used controls.
The default is 1024 kilobytes.
.It Cm mindepth Ar count
Lower limit on the MRU list size.
When the MRU list has fewer than
.Cm mindepth
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
.It Cm maxage Ar seconds
Once the MRU list has
.Cm mindepth
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
.Cm maxage
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
.Cm maxdepth / moxmem .
The default is 64 seconds.
.It Cm initalloc Ar count
.It Cm initmem Ar kilobytes
Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
.It Cm incalloc Ar count
.It Cm incmem Ar kilobytes
Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
.El
.It Ic nonvolatile Ar threshold
Specify the
.Ar threshold
delta in seconds before an hourly change to the
.Cm driftfile
(frequency file) will be written, with a default value of 1e\-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
.Cm threshold
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
.It Ic phone Ar dial ...
This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 \- 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 \- 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
.It Xo Ic reset
.Oo
.Ic allpeers
.Oc
.Oo
.Ic auth
.Oc
.Oo
.Ic ctl
.Oc
.Oo
.Ic io
.Oc
.Oo
.Ic mem
.Oc
.Oo
.Ic sys
.Oc
.Oo
.Ic timer
.Oc
.Xc
Reset one or more groups of counters maintained by
.Cm ntpd
and exposed by
.Cm ntpq
and
.Cm ntpdc .
.It Xo Ic rlimit
.Oo
.Cm memlock Ar Nmegabytes |
.Cm stacksize Ar N4kPages
.Cm filenum Ar Nfiledescriptors
.Oc
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.It Cm filenum Ar Nfiledescriptors
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.El
.It Ic saveconfigdir Ar directory_path
Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
.Cm saveconfig
command.
If
.Cm saveconfigdir
does not appear in the configuration file,
.Cm saveconfig
requests are rejected by
.Cm ntpd .
.It Ic saveconfig Ar filename
Write the current configuration, including any runtime
modifications given with
.Cm :config
or
.Cm config\-from\-file
to the
.Cm ntpd
host's
.Ar filename
in the
.Cm saveconfigdir .
This command will be rejected unless the
.Cm saveconfigdir
directive appears in
.Cm ntpd 's
configuration file.
.Ar filename
can use
.Xr strftime 3
format directives to substitute the current date and time,
for example,
.Cm saveconfig\ ntp\-%Y%m%d\-%H%M%S.conf .
The filename used is stored in the system variable
.Cm savedconfig .
Authentication is required.
.It Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
These
@ -2779,6 +3051,10 @@ holds
the names of all peer variables and the
.Va clock_var_list
holds the names of the reference clock variables.
.It Cm sysinfo
Display operational summary.
.It Cm sysstats
Show statistics counters maintained in the protocol module.
.It Xo Ic tinker
.Oo
.Cm allan Ar allan |
@ -2868,33 +3144,18 @@ be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
.El
.It Xo Ic rlimit
.Oo
.Cm memlock Ar Nmegabytes |
.Cm stacksize Ar N4kPages
.Cm filenum Ar Nfiledescriptors
.Oc
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.It Cm filenum Ar Nfiledescriptors
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.El
.It Cm writevar Ar assocID\ name = value [,...]
Write (create or update) the specified variables.
If the
.Cm assocID
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
.Cm assocID
is required, as the same name can occur in both name spaces.
.It Xo Ic trap Ar host_address
.Op Cm port Ar port_number
.Op Cm interface Ar interface_address
@ -2909,6 +3170,13 @@ message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
.It Cm ttl Ar hop ...
This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
.Cm manycast
mode these values are used in\-turn in an expanding\-ring search.
The default is eight multiples of 32 starting at 31.
.Pp
The trap receiver will generally log event messages and other
information from the server in a log file.

338
ntpd/ntp.conf.def
View File

@ -1534,6 +1534,7 @@ subcommand specifies the probability of discard
for packets that overflow the rate-control window.
.It Xo Ic restrict address
.Op Cm mask Ar mask
.Op Cm ippeerlimit Ar int
.Op Ar flag ...
.Xc
The
@ -1559,6 +1560,15 @@ Note that text string
.Cm default ,
with no mask option, may
be used to indicate the default entry.
The
.Cm ippeerlimit
directive limits the number of peer requests for each IP to
.Ar int ,
where a value of -1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
.Cm flag
always
@ -1609,6 +1619,18 @@ basis, with later trap requestors being denied service.
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
.It Cm noepeer
Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
.Pa ntp.keys
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
.Cm noepeer
to become the default in ntp-4.4.
.It Cm nomodify
Deny
.Xr ntpq 1ntpqmdoc
@ -1626,10 +1648,10 @@ and
queries.
Time service is not affected.
.It Cm nopeer
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
.Cm pool
associations, so if you want to use servers from a
@ -1637,8 +1659,9 @@ associations, so if you want to use servers from a
directive and also want to use
.Cm nopeer
by default, you'll want a
.Cm "restrict source ..." line as well that does
.It not
.Cm "restrict source ..."
line as well that does
.Em not
include the
.Cm nopeer
directive.
@ -2013,9 +2036,10 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.El
.Ss Manycast Options
.Bl -tag -width indent
.It Xo Ic tos
@ -2361,7 +2385,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
.Pa /usr/share/doc/ntp ) .
.Pa /usr/share/doc/ntp ).
.It Cm stratum Ar int
Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
@ -2639,6 +2663,79 @@ This option is useful for sites that run
.Xr ntpd 1ntpdmdoc
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
.It Xo Ic interface
.Oo
.Cm listen | Cm ignore | Cm drop
.Oc
.Oo
.Cm all | Cm ipv4 | Cm ipv6 | Cm wildcard
.Ar name | Ar address
.Oo Cm / Ar prefixlen
.Oc
.Oc
.Xc
The
.Cm interface
directive controls which network addresses
.Xr ntpd 1ntpdmdoc
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
.Ar prefixlen
determines how many bits must match for this rule to apply.
.Cm ignore
prevents opening matching addresses,
.Cm drop
causes
.Xr ntpd 1ntpdmdoc
to open the address and drop all received packets without examination.
Multiple
.Cm interface
directives can be used.
The last rule which matches a particular address determines the action for it.
.Cm interface
directives are disabled if any
.Fl I ,
.Fl -interface ,
.Fl L ,
or
.Fl -novirtualips
command-line options are specified in the configuration file,
all available network addresses are opened.
The
.Cm nic
directive is an alias for
.Cm interface .
.It Ic leapfile Ar leapfile
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
.Li https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list
or
.Li ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list .
The
.Cm leapfile
is scanned when
.Xr ntpd 1ntpdmdoc
processes the
.Cm leapfile directive or when
.Cm ntpd detects that the
.Ar leapfile
has changed.
.Cm ntpd
checks once a day to see if the
.Ar leapfile
has changed.
The
.Xr update-leap 1update_leapmdoc
script can be run to see if the
.Ar leapfile
should be updated.
.It Ic leapsmearinterval Ar seconds
This EXPERIMENTAL option is only available if
.Xr ntpd 1ntpdmdoc
@ -2743,6 +2840,181 @@ facility.
This is the same operation as the
.Fl l
command line option.
.It Xo Ic mru
.Oo
.Cm maxdepth Ar count | Cm maxmem Ar kilobytes |
.Cm mindepth Ar count | Cm maxage Ar seconds |
.Cm initialloc Ar count | Cm initmem Ar kilobytes |
.Cm incalloc Ar count | Cm incmem Ar kilobytes
.Oc
.Xc
Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
.Bl -tag -width indent
.It Ic maxdepth Ar count
.It Ic maxmem Ar kilobytes
Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
.Cm incalloc
entries or
.Cm incmem
kilobytes larger.
As with all of the
.Cm mru
options offered in units of entries or kilobytes, if both
.Cm maxdepth
and
.Cm maxmem are used, the last one used controls.
The default is 1024 kilobytes.
.It Cm mindepth Ar count
Lower limit on the MRU list size.
When the MRU list has fewer than
.Cm mindepth
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
.It Cm maxage Ar seconds
Once the MRU list has
.Cm mindepth
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
.Cm maxage
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
.Cm maxdepth / moxmem .
The default is 64 seconds.
.It Cm initalloc Ar count
.It Cm initmem Ar kilobytes
Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
.It Cm incalloc Ar count
.It Cm incmem Ar kilobytes
Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
.El
.It Ic nonvolatile Ar threshold
Specify the
.Ar threshold
delta in seconds before an hourly change to the
.Cm driftfile
(frequency file) will be written, with a default value of 1e-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
.Cm threshold
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
.It Ic phone Ar dial ...
This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 - 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 - 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
.It Xo Ic reset
.Oo
.Ic allpeers
.Oc
.Oo
.Ic auth
.Oc
.Oo
.Ic ctl
.Oc
.Oo
.Ic io
.Oc
.Oo
.Ic mem
.Oc
.Oo
.Ic sys
.Oc
.Oo
.Ic timer
.Oc
.Xc
Reset one or more groups of counters maintained by
.Cm ntpd
and exposed by
.Cm ntpq
and
.Cm ntpdc .
.It Xo Ic rlimit
.Oo
.Cm memlock Ar Nmegabytes |
.Cm stacksize Ar N4kPages
.Cm filenum Ar Nfiledescriptors
.Oc
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.It Cm filenum Ar Nfiledescriptors
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.El
.It Ic saveconfigdir Ar directory_path
Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
.Cm saveconfig
command.
If
.Cm saveconfigdir
does not appear in the configuration file,
.Cm saveconfig
requests are rejected by
.Cm ntpd .
.It Ic saveconfig Ar filename
Write the current configuration, including any runtime
modifications given with
.Cm :config
or
.Cm config-from-file
to the
.Cm ntpd
host's
.Ar filename
in the
.Cm saveconfigdir .
This command will be rejected unless the
.Cm saveconfigdir
directive appears in
.Cm ntpd 's
configuration file.
.Ar filename
can use
.Xr strftime 3
format directives to substitute the current date and time,
for example,
.Cm saveconfig\ ntp-%Y%m%d-%H%M%S.conf .
The filename used is stored in the system variable
.Cm savedconfig .
Authentication is required.
.It Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
These
@ -2781,6 +3053,10 @@ holds
the names of all peer variables and the
.Va clock_var_list
holds the names of the reference clock variables.
.It Cm sysinfo
Display operational summary.
.It Cm sysstats
Show statistics counters maintained in the protocol module.
.It Xo Ic tinker
.Oo
.Cm allan Ar allan |
@ -2870,33 +3146,18 @@ be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
.El
.It Xo Ic rlimit
.Oo
.Cm memlock Ar Nmegabytes |
.Cm stacksize Ar N4kPages
.Cm filenum Ar Nfiledescriptors
.Oc
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.It Cm filenum Ar Nfiledescriptors
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.El
.It Cm writevar Ar assocID\ name = value [,...]
Write (create or update) the specified variables.
If the
.Cm assocID
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
.Cm assocID
is required, as the same name can occur in both name spaces.
.It Xo Ic trap Ar host_address
.Op Cm port Ar port_number
.Op Cm interface Ar interface_address
@ -2911,6 +3172,13 @@ message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
.It Cm ttl Ar hop ...
This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
.Cm manycast
mode these values are used in-turn in an expanding-ring search.
The default is eight multiples of 32 starting at 31.
.Pp
The trap receiver will generally log event messages and other
information from the server in a log file.

356
ntpd/ntp.conf.html
View File

@ -33,9 +33,9 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program.
<p>This document applies to version 4.2.8p10 of <code>ntp.conf</code>.
<p>This document applies to version 4.2.8p11 of <code>ntp.conf</code>.
<div class="shortcontents">
<div class="shortcontents">
<h2>Short Contents</h2>
<ul>
<a href="#Top">NTP's Configuration File User Manual</a>
@ -1467,7 +1467,7 @@ The
<code>monitor</code>
subcommand specifies the probability of discard
for packets that overflow the rate-control window.
<br><dt><code>restrict</code> <code>address</code> <code>[mask </code><kbd>mask</kbd><code>]</code> <code>[</code><kbd>flag</kbd> <kbd>...</kbd><code>]</code><dd>The
<br><dt><code>restrict</code> <code>address</code> <code>[mask </code><kbd>mask</kbd><code>]</code> <code>[ippeerlimit </code><kbd>int</kbd><code>]</code> <code>[</code><kbd>flag</kbd> <kbd>...</kbd><code>]</code><dd>The
<kbd>address</kbd>
argument expressed in
dotted-quad form is the address of a host or network.
@ -1490,6 +1490,15 @@ Note that text string
<code>default</code>,
with no mask option, may
be used to indicate the default entry.
The
<code>ippeerlimit</code>
directive limits the number of peer requests for each IP to
<kbd>int</kbd>,
where a value of -1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
<code>flag</code>
always
@ -1536,6 +1545,17 @@ basis, with later trap requestors being denied service.
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
<br><dt><code>noepeer</code><dd>Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
<span class="file">ntp.keys</span>
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
<code>noepeer</code>
to become the default in ntp-4.4.
<br><dt><code>nomodify</code><dd>Deny
<code>ntpq(1ntpqmdoc)</code>
and
@ -1550,10 +1570,10 @@ and
<code>ntpdc(1ntpdcmdoc)</code>
queries.
Time service is not affected.
<br><dt><code>nopeer</code><dd>Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
<br><dt><code>nopeer</code><dd>Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
<code>pool</code>
associations, so if you want to use servers from a
@ -1561,8 +1581,10 @@ associations, so if you want to use servers from a
directive and also want to use
<code>nopeer</code>
by default, you'll want a
<code>restrict source ...</code> <code>line</code> <code>as</code> <code>well</code> <code>that</code> <code>does</code>
<br><dt>not<dd>include the
<code>restrict source ...</code>
line as well that does
<em>not</em>
include the
<code>nopeer</code>
directive.
<br><dt><code>noserve</code><dd>Deny all packets except
@ -1938,13 +1960,14 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
to any number of poll intervals between 0 and 4.
</dl>
<h5 class="subsubsection">Manycast Options</h5>
<dl>
<dl>
<dt><code>tos</code> <code>[ceiling </code><kbd>ceiling</kbd><code> | cohort { 0 | 1 } | floor </code><kbd>floor</kbd><code> | minclock </code><kbd>minclock</kbd><code> | minsane </code><kbd>minsane</kbd><code>]</code><dd>This command affects the clock selection and clustering
algorithms.
It can be used to select the quality and
@ -1952,7 +1975,7 @@ quantity of peers used to synchronize the system clock
and is most useful in manycast mode.
The variables operate
as follows:
<dl>
<dl>
<dt><code>ceiling</code> <kbd>ceiling</kbd><dd>Peers with strata above
<code>ceiling</code>
will be discarded if there are at least
@ -1994,14 +2017,14 @@ Byzantine agreement,
should be at least 4 in order to detect and discard
a single falseticker.
</dl>
<br><dt><code>ttl</code> <kbd>hop</kbd> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing
<br><dt><code>ttl</code> <kbd>hop</kbd> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing
order, up to 8 values can be specified.
In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
</dl>
<div class="node">
<div class="node">
<p><hr>
<a name="Reference-Clock-Support"></a>
<br>
@ -2009,7 +2032,7 @@ multiples of 32 starting at 31.
<h4 class="subsection">Reference Clock Support</h4>
<p>The NTP Version 4 daemon supports some three dozen different radio,
<p>The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
used for backup or when no other clock source is available.
Detailed descriptions of individual device drivers and options can
@ -2046,7 +2069,7 @@ page
provided in
<span class="file">/usr/share/doc/ntp</span>).
<p>A reference clock will generally (though not always) be a radio
<p>A reference clock will generally (though not always) be a radio
timecode receiver which is synchronized to a source of standard
time such as the services offered by the NRC in Canada and NIST and
USNO in the US.
@ -2062,7 +2085,7 @@ or the hardware port has not been appropriately configured results
in a scalding remark to the system log file, but is otherwise non
hazardous.
<p>For the purposes of configuration,
<p>For the purposes of configuration,
<code>ntpd(1ntpdmdoc)</code>
treats
reference clocks in a manner analogous to normal NTP peers as much
@ -2083,7 +2106,7 @@ While it may seem overkill, it is in fact
sometimes useful to configure multiple reference clocks of the same
type, in which case the unit numbers must be unique.
<p>The
<p>The
<code>server</code>
command is used to configure a reference
clock, where the
@ -2121,7 +2144,7 @@ meaning only for selected clock drivers.
See the individual clock
driver document pages for additional information.
<p>The
<p>The
<code>fudge</code>
command is used to provide additional
information for individual clock drivers and normally follows
@ -2143,7 +2166,7 @@ in the
<code>fudge</code>
command as well.
<p>The stratum number of a reference clock is by default zero.
<p>The stratum number of a reference clock is by default zero.
Since the
<code>ntpd(1ntpdmdoc)</code>
daemon adds one to the stratum of each
@ -2166,11 +2189,11 @@ these options apply to all clock drivers.
<h5 class="subsubsection">Reference Clock Commands</h5>
<dl>
<dl>
<dt><code>server</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[prefer]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[minpoll </code><kbd>int</kbd><code>]</code> <code>[maxpoll </code><kbd>int</kbd><code>]</code><dd>This command can be used to configure reference clocks in
special ways.
The options are interpreted as follows:
<dl>
<dl>
<dt><code>prefer</code><dd>Marks the reference clock as preferred.
All other things being
equal, this host will be chosen for synchronization among a set of
@ -2203,7 +2226,7 @@ defaults to 10 (17.1 m) and
defaults to 14 (4.5 h).
The allowable range is 4 (16 s) to 17 (36.4 h) inclusive.
</dl>
<br><dt><code>fudge</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[time1 </code><kbd>sec</kbd><code>]</code> <code>[time2 </code><kbd>sec</kbd><code>]</code> <code>[stratum </code><kbd>int</kbd><code>]</code> <code>[refid </code><kbd>string</kbd><code>]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[flag1 0 | 1]</code> <code>[flag2 0 | 1]</code> <code>[flag3 0 | 1]</code> <code>[flag4 0 | 1]</code><dd>This command can be used to configure reference clocks in
<br><dt><code>fudge</code> <code>127.127.</code><kbd>t</kbd>.<kbd>u</kbd> <code>[time1 </code><kbd>sec</kbd><code>]</code> <code>[time2 </code><kbd>sec</kbd><code>]</code> <code>[stratum </code><kbd>int</kbd><code>]</code> <code>[refid </code><kbd>string</kbd><code>]</code> <code>[mode </code><kbd>int</kbd><code>]</code> <code>[flag1 0 | 1]</code> <code>[flag2 0 | 1]</code> <code>[flag3 0 | 1]</code> <code>[flag4 0 | 1]</code><dd>This command can be used to configure reference clocks in
special ways.
It must immediately follow the
<code>server</code>
@ -2214,7 +2237,7 @@ is possible at run time using the
program.
The options are interpreted as
follows:
<dl>
<dl>
<dt><code>time1</code> <kbd>sec</kbd><dd>Specifies a constant to be added to the time offset produced by
the driver, a fixed-point decimal number in seconds.
This is used
@ -2251,7 +2274,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
<span class="file">/usr/share/doc/ntp</span>).
<span class="file">/usr/share/doc/ntp</span> <span class="file">).</span>
<br><dt><code>stratum</code> <kbd>int</kbd><dd>Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
This number overrides the default stratum number
@ -2285,8 +2308,8 @@ Further information on the
command can be found in
<a href="#Monitoring-Options">Monitoring Options</a>.
</dl>
</dl>
<div class="node">
</dl>
<div class="node">
<p><hr>
<a name="Miscellaneous-Options"></a>
<br>
@ -2294,7 +2317,7 @@ command can be found in
<h4 class="subsection">Miscellaneous Options</h4>
<dl>
<dl>
<dt><code>broadcastdelay</code> <kbd>seconds</kbd><dd>The broadcast and multicast modes require a special calibration
to determine the network delay between the local and remote
servers.
@ -2327,7 +2350,7 @@ frequency of zero and creates the file when writing it for the first time.
If this command is not given, the daemon will always start with an initial
frequency of zero.
<p>The file format consists of a single line containing a single
<p>The file format consists of a single line containing a single
floating point number, which records the frequency offset measured
in parts-per-million (PPM).
The file is updated by first writing
@ -2347,7 +2370,7 @@ Note that all of these flags
can be controlled remotely using the
<code>ntpdc(1ntpdcmdoc)</code>
utility program.
<dl>
<dl>
<dt><code>auth</code><dd>Enables the server to synchronize with unconfigured peers only if the
peer has been correctly authenticated using either public key or
private key cryptography.
@ -2482,7 +2505,7 @@ The
default for this flag is
<code>enable</code>.
</dl>
<br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
<br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
to be included from a separate file.
Include files may
be nested to a depth of five; upon reaching the end of any
@ -2492,6 +2515,67 @@ This option is useful for sites that run
<code>ntpd(1ntpdmdoc)</code>
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
<br><dt><code>interface</code> <code>[listen | ignore | drop]</code> <code>[all | ipv4 | ipv6 | wildcard </code><kbd>name</kbd><code> | </code><kbd>address</kbd><code> [/ </code><kbd>prefixlen</kbd><code>]]</code><dd>The
<code>interface</code>
directive controls which network addresses
<code>ntpd(1ntpdmdoc)</code>
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
<kbd>prefixlen</kbd>
determines how many bits must match for this rule to apply.
<code>ignore</code>
prevents opening matching addresses,
<code>drop</code>
causes
<code>ntpd(1ntpdmdoc)</code>
to open the address and drop all received packets without examination.
Multiple
<code>interface</code>
directives can be used.
The last rule which matches a particular address determines the action for it.
<code>interface</code>
directives are disabled if any
<code>-I</code>,
<code>--interface</code>,
<code>-L</code>,
or
<code>--novirtualips</code>
command-line options are specified in the configuration file,
all available network addresses are opened.
The
<code>nic</code>
directive is an alias for
<code>interface</code>.
<br><dt><code>leapfile</code> <kbd>leapfile</kbd><dd>This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
<code>https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list</code>
or
<code>ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list</code>.
The
<code>leapfile</code>
is scanned when
<code>ntpd(1ntpdmdoc)</code>
processes the
<code>leapfile</code> <code>directive</code> <code>or</code> <code>when</code>
<code>ntpd</code> <code>detects</code> <code>that</code> <code>the</code>
<kbd>leapfile</kbd>
has changed.
<code>ntpd</code>
checks once a day to see if the
<kbd>leapfile</kbd>
has changed.
The
<code>update-leap(1update_leapmdoc)</code>
script can be run to see if the
<kbd>leapfile</kbd>
should be updated.
<br><dt><code>leapsmearinterval</code> <kbd>seconds</kbd><dd>This EXPERIMENTAL option is only available if
<code>ntpd(1ntpdmdoc)</code>
was built with the
@ -2543,7 +2627,7 @@ and
status messages
(<code>status</code>).
<p>Configuration keywords are formed by concatenating the message class with
<p>Configuration keywords are formed by concatenating the message class with
the event class.
The
<code>all</code>
@ -2555,20 +2639,20 @@ keyword to enable/disable all
messages of the respective message class.
Thus, a minimal log configuration
could look like this:
<pre class="verbatim">
logconfig =syncstatus +sysevents
</pre>
<pre class="verbatim">
logconfig =syncstatus +sysevents
</pre>
<p>This would just list the synchronizations state of
<p>This would just list the synchronizations state of
<code>ntpd(1ntpdmdoc)</code>
and the major system events.
For a simple reference server, the
following minimum message configuration could be useful:
<pre class="verbatim">
logconfig =syncall +clockall
</pre>
<pre class="verbatim">
logconfig =syncall +clockall
</pre>
<p>This configuration will list all clock information and
<p>This configuration will list all clock information and
synchronization information.
All other events and messages about
peers, system events and so on is suppressed.
@ -2579,6 +2663,129 @@ facility.
This is the same operation as the
<code>-l</code>
command line option.
<br><dt><code>mru</code> <code>[maxdepth </code><kbd>count</kbd><code> | maxmem </code><kbd>kilobytes</kbd><code> | mindepth </code><kbd>count</kbd><code> | maxage </code><kbd>seconds</kbd><code> | initialloc </code><kbd>count</kbd><code> | initmem </code><kbd>kilobytes</kbd><code> | incalloc </code><kbd>count</kbd><code> | incmem </code><kbd>kilobytes</kbd><code>]</code><dd>Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
<dl>
<dt><code>maxdepth</code> <kbd>count</kbd><br><dt><code>maxmem</code> <kbd>kilobytes</kbd><dd>Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
<code>incalloc</code>
entries or
<code>incmem</code>
kilobytes larger.
As with all of the
<code>mru</code>
options offered in units of entries or kilobytes, if both
<code>maxdepth</code>
and
<code>maxmem</code> <code>are</code> <code>used,</code> <code>the</code> <code>last</code> <code>one</code> <code>used</code> <code>controls.</code>
The default is 1024 kilobytes.
<br><dt><code>mindepth</code> <kbd>count</kbd><dd>Lower limit on the MRU list size.
When the MRU list has fewer than
<code>mindepth</code>
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
<br><dt><code>maxage</code> <kbd>seconds</kbd><dd>Once the MRU list has
<code>mindepth</code>
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
<code>maxage</code>
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
<code>maxdepth</code> <code>/</code> <code>moxmem</code>.
The default is 64 seconds.
<br><dt><code>initalloc</code> <kbd>count</kbd><br><dt><code>initmem</code> <kbd>kilobytes</kbd><dd>Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
<br><dt><code>incalloc</code> <kbd>count</kbd><br><dt><code>incmem</code> <kbd>kilobytes</kbd><dd>Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
</dl>
<br><dt><code>nonvolatile</code> <kbd>threshold</kbd><dd>Specify the
<kbd>threshold</kbd>
delta in seconds before an hourly change to the
<code>driftfile</code>
(frequency file) will be written, with a default value of 1e-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
<code>threshold</code>
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
<br><dt><code>phone</code> <kbd>dial</kbd> <kbd>...</kbd><dd>This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 - 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 - 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
<br><dt><code>reset</code> <code>[allpeers]</code> <code>[auth]</code> <code>[ctl]</code> <code>[io]</code> <code>[mem]</code> <code>[sys]</code> <code>[timer]</code><dd>Reset one or more groups of counters maintained by
<code>ntpd</code>
and exposed by
<code>ntpq</code>
and
<code>ntpdc</code>.
<br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
<dl>
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
<code>-i</code>
option).
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
<br><dt><code>stacksize</code> <kbd>N4kPages</kbd><dd>Specifies the maximum size of the process stack on systems with the
<code>mlockall()</code>
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
<br><dt><code>filenum</code> <kbd>Nfiledescriptors</kbd><dd>Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
</dl>
<br><dt><code>saveconfigdir</code> <kbd>directory_path</kbd><dd>Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
<code>saveconfig</code>
command.
If
<code>saveconfigdir</code>
does not appear in the configuration file,
<code>saveconfig</code>
requests are rejected by
<code>ntpd</code>.
<br><dt><code>saveconfig</code> <kbd>filename</kbd><dd>Write the current configuration, including any runtime
modifications given with
<code>:config</code>
or
<code>config-from-file</code>
to the
<code>ntpd</code>
host's
<kbd>filename</kbd>
in the
<code>saveconfigdir</code>.
This command will be rejected unless the
<code>saveconfigdir</code>
directive appears in
.Cm ntpd 's
configuration file.
<kbd>filename</kbd>
can use
<code>strftime(3)</code>
format directives to substitute the current date and time,
for example,
<code>saveconfig\ ntp-%Y%m%d-%H%M%S.conf</code>.
The filename used is stored in the system variable
<code>savedconfig</code>.
Authentication is required.
<br><dt><code>setvar</code> <kbd>variable</kbd> <code>[default]</code><dd>This command adds an additional system variable.
These
variables can be used to distribute additional information such as
@ -2610,6 +2817,8 @@ holds
the names of all peer variables and the
<code>clock_var_list</code>
holds the names of the reference clock variables.
<br><dt><code>sysinfo</code><dd>Display operational summary.
<br><dt><code>sysstats</code><dd>Show statistics counters maintained in the protocol module.
<br><dt><code>tinker</code> <code>[allan </code><kbd>allan</kbd><code> | dispersion </code><kbd>dispersion</kbd><code> | freq </code><kbd>freq</kbd><code> | huffpuff </code><kbd>huffpuff</kbd><code> | panic </code><kbd>panic</kbd><code> | step </code><kbd>step</kbd><code> | stepback </code><kbd>stepback</kbd><code> | stepfwd </code><kbd>stepfwd</kbd><code> | stepout </code><kbd>stepout</kbd><code>]</code><dd>This command can be used to alter several system variables in
very exceptional circumstances.
It should occur in the
@ -2627,8 +2836,8 @@ for them.
Emphasis added: twisters are on their own and can expect
no help from the support group.
<p>The variables operate as follows:
<dl>
<p>The variables operate as follows:
<dl>
<dt><code>allan</code> <kbd>allan</kbd><dd>The argument becomes the new value for the minimum Allan
intercept, which is a parameter of the PLL/FLL clock discipline
algorithm.
@ -2677,25 +2886,18 @@ be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
</dl>
<br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
<dl>
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
<code>-i</code>
option).
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
<br><dt><code>stacksize</code> <kbd>N4kPages</kbd><dd>Specifies the maximum size of the process stack on systems with the
<code>mlockall()</code>
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
<br><dt><code>filenum</code> <kbd>Nfiledescriptors</kbd><dd>Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
</dl>
<br><dt><code>trap</code> <kbd>host_address</kbd> <code>[port </code><kbd>port_number</kbd><code>]</code> <code>[interface </code><kbd>interface_address</kbd><code>]</code><dd>This command configures a trap receiver at the given host
<br><dt><code>writevar</code> <kbd>assocID\ name</kbd> <kbd>=</kbd> <kbd>value</kbd> <kbd>[,...]</kbd><dd>Write (create or update) the specified variables.
If the
<code>assocID</code>
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
<code>assocID</code>
is required, as the same name can occur in both name spaces.
<br><dt><code>trap</code> <kbd>host_address</kbd> <code>[port </code><kbd>port_number</kbd><code>]</code> <code>[interface </code><kbd>interface_address</kbd><code>]</code><dd>This command configures a trap receiver at the given host
address and port number for sending messages with the specified
local interface address.
If the port number is unspecified, a value
@ -2704,9 +2906,15 @@ If the interface address is not specified, the
message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
interface used may vary from time to time with routing changes.
<br><dt><code>ttl</code> <kbd>hop</kbd> <kbd>...</kbd><dd>This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
<code>manycast</code>
mode these values are used in-turn in an expanding-ring search.
The default is eight multiples of 32 starting at 31.
<p>The trap receiver will generally log event messages and other
<p>The trap receiver will generally log event messages and other
information from the server in a log file.
While such monitor
programs may also request their own trap dynamically, configuring a
@ -2720,11 +2928,11 @@ The default is eight multiples of 32 starting at
31.
</dl>
<p>This section was generated by <strong>AutoGen</strong>,
<p>This section was generated by <strong>AutoGen</strong>,
using the <code>agtexi-cmd</code> template and the option descriptions for the <code>ntp.conf</code> program.
This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
<ul class="menu">
<ul class="menu">
<li><a accesskey="1" href="#ntp_002econf-Files">ntp.conf Files</a>: Files
<li><a accesskey="2" href="#ntp_002econf-See-Also">ntp.conf See Also</a>: See Also
<li><a accesskey="3" href="#ntp_002econf-Bugs">ntp.conf Bugs</a>: Bugs
@ -2739,14 +2947,14 @@ This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
<h4 class="subsection">ntp.conf Files</h4>
<dl>
<dl>
<dt><span class="file">/etc/ntp.conf</span><dd>the default name of the configuration file
<br><dt><span class="file">ntp.keys</span><dd>private MD5 keys
<br><dt><span class="file">ntpkey</span><dd>RSA private key
<br><dt><span class="file">ntpkey_</span><kbd>host</kbd><dd>RSA public key
<br><dt><span class="file">ntp_dh</span><dd>Diffie-Hellman agreement parameters
</dl>
<div class="node">
<div class="node">
<p><hr>
<a name="ntp_002econf-See-Also"></a>
<br>
@ -2754,11 +2962,11 @@ This software is released under the NTP license, &lt;http://ntp.org/license&gt;.
<h4 class="subsection">ntp.conf See Also</h4>
<p><code>ntpd(1ntpdmdoc)</code>,
<p><code>ntpd(1ntpdmdoc)</code>,
<code>ntpdc(1ntpdcmdoc)</code>,
<code>ntpq(1ntpqmdoc)</code>
<p>In addition to the manual pages provided,
<p>In addition to the manual pages provided,
comprehensive documentation is available on the world wide web
at
<code>http://www.ntp.org/</code>.
@ -2766,7 +2974,7 @@ A snapshot of this documentation is available in HTML format in
<span class="file">/usr/share/doc/ntp</span>.
<br>
<p><br>
<p><br>
David L. Mills, <em>Network Time Protocol (Version 4)</em>, RFC5905
<div class="node">
<p><hr>
@ -2776,11 +2984,11 @@ David L. Mills, <em>Network Time Protocol (Version 4)</em>, RFC5905
<h4 class="subsection">ntp.conf Bugs</h4>
<p>The syntax checking is not picky; some combinations of
<p>The syntax checking is not picky; some combinations of
ridiculous and even hilarious options and modes may not be
detected.
<p>The
<p>The
<span class="file">ntpkey_</span><kbd>host</kbd>
files are really digital
certificates.
@ -2794,7 +3002,7 @@ services when they become universally available.
<h4 class="subsection">ntp.conf Notes</h4>
<p>This document was derived from FreeBSD.
<p>This document was derived from FreeBSD.
</body></html>

340
ntpd/ntp.conf.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntp.conf 5 "21 Mar 2017" "4.2.8p10-beta" "File Formats"
.TH ntp.conf 5 "27 Feb 2018" "4.2.8p11" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-UAaqtC/ag-6AaisC)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:30:48 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl
.SH NAME
@ -1665,7 +1665,7 @@ The
subcommand specifies the probability of discard
for packets that overflow the rate-control window.
.TP 7
.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]]
The
\f\*[I-Font]address\f[]
argument expressed in
@ -1689,6 +1689,15 @@ Note that text string
\f\*[B-Font]default\f[],
with no mask option, may
be used to indicate the default entry.
The
\f\*[B-Font]ippeerlimit\f[]
directive limits the number of peer requests for each IP to
\f\*[I-Font]int\f[],
where a value of \-1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
\f\*[B-Font]flag\f[]
always
@ -1744,6 +1753,19 @@ This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
.TP 7
.NOP \f\*[B-Font]noepeer\f[]
Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
\fIntp.keys\f[]
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
\f\*[B-Font]noepeer\f[]
to become the default in ntp-4.4.
.TP 7
.NOP \f\*[B-Font]nomodify\f[]
Deny
\fCntpq\f[]\fR(@NTPQ_MS@)\f[]
@ -1763,10 +1785,10 @@ queries.
Time service is not affected.
.TP 7
.NOP \f\*[B-Font]nopeer\f[]
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
\f\*[B-Font]pool\f[]
associations, so if you want to use servers from a
@ -1774,9 +1796,9 @@ associations, so if you want to use servers from a
directive and also want to use
\f\*[B-Font]nopeer\f[]
by default, you'll want a
\f\*[B-Font]restrict source ...\f[] \f\*[B-Font]line\f[] \f\*[B-Font]as\f[] \f\*[B-Font]well\f[] \f\*[B-Font]that\f[] \f\*[B-Font]does\f[]
.TP 7
.NOP not
\f\*[B-Font]restrict source ...\f[]
line as well that does
\fInot\f[]
include the
\f\*[B-Font]nopeer\f[]
directive.
@ -2186,11 +2208,11 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.PP
.SS Manycast Options
.RS
.TP 7
.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]]
This command affects the clock selection and clustering
@ -2260,7 +2282,7 @@ In manycast mode these values are used in turn
in an expanding-ring search.
The default is eight
multiples of 32 starting at 31.
.RE
.PP
.SH Reference Clock Support
The NTP Version 4 daemon supports some three dozen different radio,
satellite and modem reference clocks plus a special pseudo-clock
@ -2427,7 +2449,6 @@ option is used for this purpose.
Except where noted,
these options apply to all clock drivers.
.SS Reference Clock Commands
.RS
.TP 7
.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]]
This command can be used to configure reference clocks in
@ -2528,7 +2549,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
\fI/usr/share/doc/ntp\f[]).
\fI/usr/share/doc/ntp\f[] \fI).\f[]
.TP 7
.NOP \f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]
Specifies the stratum number assigned to the driver, an integer
@ -2576,9 +2597,8 @@ Further information on the
command can be found in
\fIMonitoring\f[] \fIOptions\f[].
.RE
.RE
.PP
.SH Miscellaneous Options
.RS
.TP 7
.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[]
The broadcast and multicast modes require a special calibration
@ -2817,6 +2837,71 @@ This option is useful for sites that run
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
.TP 7
.NOP \f\*[B-Font]interface\f[] [\f\*[B-Font]listen\f[] | \f\*[B-Font]ignore\f[] | \f\*[B-Font]drop\f[]] [\f\*[B-Font]all\f[] | \f\*[B-Font]ipv4\f[] | \f\*[B-Font]ipv6\f[] | \f\*[B-Font]wildcard\f[] \f\*[I-Font]name\f[] | \f\*[I-Font]address\f[] [\f\*[B-Font]/\f[] \f\*[I-Font]prefixlen\f[]]]
The
\f\*[B-Font]interface\f[]
directive controls which network addresses
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
\f\*[I-Font]prefixlen\f[]
determines how many bits must match for this rule to apply.
\f\*[B-Font]ignore\f[]
prevents opening matching addresses,
\f\*[B-Font]drop\f[]
causes
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
to open the address and drop all received packets without examination.
Multiple
\f\*[B-Font]interface\f[]
directives can be used.
The last rule which matches a particular address determines the action for it.
\f\*[B-Font]interface\f[]
directives are disabled if any
\f\*[B-Font]\-I\f[],
\f\*[B-Font]\-\-interface\f[],
\f\*[B-Font]\-L\f[],
or
\f\*[B-Font]\-\-novirtualips\f[]
command-line options are specified in the configuration file,
all available network addresses are opened.
The
\f\*[B-Font]nic\f[]
directive is an alias for
\f\*[B-Font]interface\f[].
.TP 7
.NOP \f\*[B-Font]leapfile\f[] \f\*[I-Font]leapfile\f[]
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
\f[C]https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list\f[]
or
\f[C]ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list\f[].
The
\f\*[B-Font]leapfile\f[]
is scanned when
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
processes the
\f\*[B-Font]leapfile\f[] \f\*[B-Font]directive\f[] \f\*[B-Font]or\f[] \f\*[B-Font]when\f[]
\f\*[B-Font]ntpd\f[] \f\*[B-Font]detects\f[] \f\*[B-Font]that\f[] \f\*[B-Font]the\f[]
\f\*[I-Font]leapfile\f[]
has changed.
\f\*[B-Font]ntpd\f[]
checks once a day to see if the
\f\*[I-Font]leapfile\f[]
has changed.
The
\fCupdate-leap\f[]\fR(1update_leapmdoc)\f[]
script can be run to see if the
\f\*[I-Font]leapfile\f[]
should be updated.
.TP 7
.NOP \f\*[B-Font]leapsmearinterval\f[] \f\*[I-Font]seconds\f[]
This EXPERIMENTAL option is only available if
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
@ -2922,6 +3007,164 @@ This is the same operation as the
\f\*[B-Font]\-l\f[]
command line option.
.TP 7
.NOP \f\*[B-Font]mru\f[] [\f\*[B-Font]maxdepth\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]maxmem\f[] \f\*[I-Font]kilobytes\f[] | \f\*[B-Font]mindepth\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]maxage\f[] \f\*[I-Font]seconds\f[] | \f\*[B-Font]initialloc\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]initmem\f[] \f\*[I-Font]kilobytes\f[] | \f\*[B-Font]incalloc\f[] \f\*[I-Font]count\f[] | \f\*[B-Font]incmem\f[] \f\*[I-Font]kilobytes\f[]]
Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
.RS
.TP 7
.NOP \f\*[B-Font]maxdepth\f[] \f\*[I-Font]count\f[]
.TP 7
.NOP \f\*[B-Font]maxmem\f[] \f\*[I-Font]kilobytes\f[]
Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
\f\*[B-Font]incalloc\f[]
entries or
\f\*[B-Font]incmem\f[]
kilobytes larger.
As with all of the
\f\*[B-Font]mru\f[]
options offered in units of entries or kilobytes, if both
\f\*[B-Font]maxdepth\f[]
and
\f\*[B-Font]maxmem\f[] \f\*[B-Font]are\f[] \f\*[B-Font]used,\f[] \f\*[B-Font]the\f[] \f\*[B-Font]last\f[] \f\*[B-Font]one\f[] \f\*[B-Font]used\f[] \f\*[B-Font]controls.\f[]
The default is 1024 kilobytes.
.TP 7
.NOP \f\*[B-Font]mindepth\f[] \f\*[I-Font]count\f[]
Lower limit on the MRU list size.
When the MRU list has fewer than
\f\*[B-Font]mindepth\f[]
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
.TP 7
.NOP \f\*[B-Font]maxage\f[] \f\*[I-Font]seconds\f[]
Once the MRU list has
\f\*[B-Font]mindepth\f[]
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
\f\*[B-Font]maxage\f[]
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
\f\*[B-Font]maxdepth\f[] \f\*[B-Font]/\f[] \f\*[B-Font]moxmem\f[].
The default is 64 seconds.
.TP 7
.NOP \f\*[B-Font]initalloc\f[] \f\*[I-Font]count\f[]
.TP 7
.NOP \f\*[B-Font]initmem\f[] \f\*[I-Font]kilobytes\f[]
Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
.TP 7
.NOP \f\*[B-Font]incalloc\f[] \f\*[I-Font]count\f[]
.TP 7
.NOP \f\*[B-Font]incmem\f[] \f\*[I-Font]kilobytes\f[]
Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
.RE
.TP 7
.NOP \f\*[B-Font]nonvolatile\f[] \f\*[I-Font]threshold\f[]
Specify the
\f\*[I-Font]threshold\f[]
delta in seconds before an hourly change to the
\f\*[B-Font]driftfile\f[]
(frequency file) will be written, with a default value of 1e-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
\f\*[B-Font]threshold\f[]
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
.TP 7
.NOP \f\*[B-Font]phone\f[] \f\*[I-Font]dial\f[] \f\*[I-Font]...\f[]
This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 \- 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 \- 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
.TP 7
.NOP \f\*[B-Font]reset\f[] [\f\*[B-Font]allpeers\f[]] [\f\*[B-Font]auth\f[]] [\f\*[B-Font]ctl\f[]] [\f\*[B-Font]io\f[]] [\f\*[B-Font]mem\f[]] [\f\*[B-Font]sys\f[]] [\f\*[B-Font]timer\f[]]
Reset one or more groups of counters maintained by
\f\*[B-Font]ntpd\f[]
and exposed by
\f\*[B-Font]ntpq\f[]
and
\f\*[B-Font]ntpdc\f[].
.TP 7
.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
.RS
.TP 7
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
\fBmlockall\f[]\fR()\f[]
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.TP 7
.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.RE
.TP 7
.NOP \f\*[B-Font]saveconfigdir\f[] \f\*[I-Font]directory_path\f[]
Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
\f\*[B-Font]saveconfig\f[]
command.
If
\f\*[B-Font]saveconfigdir\f[]
does not appear in the configuration file,
\f\*[B-Font]saveconfig\f[]
requests are rejected by
\f\*[B-Font]ntpd\f[].
.TP 7
.NOP \f\*[B-Font]saveconfig\f[] \f\*[I-Font]filename\f[]
Write the current configuration, including any runtime
modifications given with
\f\*[B-Font]:config\f[]
or
\f\*[B-Font]config-from-file\f[]
to the
\f\*[B-Font]ntpd\f[]
host's
\f\*[I-Font]filename\f[]
in the
\f\*[B-Font]saveconfigdir\f[].
This command will be rejected unless the
\f\*[B-Font]saveconfigdir\f[]
directive appears in
.Cm ntpd 's
configuration file.
\f\*[I-Font]filename\f[]
can use
\fCstrftime\f[]\fR(3)\f[]
format directives to substitute the current date and time,
for example,
\f\*[B-Font]saveconfig\ ntp-%Y%m%d-%H%M%S.conf\f[].
The filename used is stored in the system variable
\f\*[B-Font]savedconfig\f[].
Authentication is required.
.TP 7
.NOP \f\*[B-Font]setvar\f[] \f\*[I-Font]variable\f[] [\f\*[B-Font]default\f[]]
This command adds an additional system variable.
These
@ -2955,6 +3198,12 @@ the names of all peer variables and the
\fIclock_var_list\f[]
holds the names of the reference clock variables.
.TP 7
.NOP \f\*[B-Font]sysinfo\f[]
Display operational summary.
.TP 7
.NOP \f\*[B-Font]sysstats\f[]
Show statistics counters maintained in the protocol module.
.TP 7
.NOP \f\*[B-Font]tinker\f[] [\f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] | \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] | \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] | \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] | \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] | \f\*[B-Font]step\f[] \f\*[I-Font]step\f[] | \f\*[B-Font]stepback\f[] \f\*[I-Font]stepback\f[] | \f\*[B-Font]stepfwd\f[] \f\*[I-Font]stepfwd\f[] | \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]]
This command can be used to alter several system variables in
very exceptional circumstances.
@ -3044,30 +3293,18 @@ If set to zero, the stepout
pulses will not be suppressed.
.RE
.TP 7
.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]]
.RS
.TP 7
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
\f\*[B-Font]\-i\f[]
option).
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.TP 7
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
Specifies the maximum size of the process stack on systems with the
\fBmlockall\f[]\fR()\f[]
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.TP 7
.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.RE
.NOP \f\*[B-Font]writevar\f[] \f\*[I-Font]assocID\ name\f[] \f\*[I-Font]=\f[] \f\*[I-Font]value\f[] \f\*[I-Font][,...]\f[]
Write (create or update) the specified variables.
If the
\f\*[B-Font]assocID\f[]
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
\f\*[B-Font]assocID\f[]
is required, as the same name can occur in both name spaces.
.TP 7
.NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]]
This command configures a trap receiver at the given host
@ -3080,6 +3317,14 @@ message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
.TP 7
.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[]
This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
\f\*[B-Font]manycast\f[]
mode these values are used in-turn in an expanding-ring search.
The default is eight multiples of 32 starting at 31.
.sp \n(Ppu
.ne 2
@ -3097,9 +3342,8 @@ In manycast mode these values are used in turn in
an expanding-ring search.
The default is eight multiples of 32 starting at
31.
.RE
.PP
.SH "OPTIONS"
.RS
.TP
.NOP \f\*[B-Font]\-\-help\f[]
Display usage information and exit.
@ -3111,7 +3355,7 @@ Pass the extended usage information through a pager.
Output version of program and exit. The default mode is `v', a simple
version. The `c' mode will print copyright information and `n' will
print the full copyright notice.
.RE
.PP
.SH "OPTION PRESETS"
Any option that is not marked as \fInot presettable\fP may be preset
by loading values from environment variables named:
@ -3122,7 +3366,6 @@ by loading values from environment variables named:
.SH "ENVIRONMENT"
See \fBOPTION PRESETS\fP for configuration environment variables.
.SH FILES
.RS
.TP 15
.NOP \fI/etc/ntp.conf\f[]
the default name of the configuration file
@ -3146,10 +3389,9 @@ RSA public key
.TP 15
.NOP \fIntp_dh\f[]
Diffie-Hellman agreement parameters
.RE
.PP
.SH "EXIT STATUS"
One of the following exit values will be returned:
.RS
.TP
.NOP 0 " (EXIT_SUCCESS)"
Successful program execution.
@ -3160,7 +3402,7 @@ The operation failed or the command syntax was not valid.
.NOP 70 " (EX_SOFTWARE)"
libopts had an internal operational error. Please report
it to autogen-users@lists.sourceforge.net. Thank you.
.RE
.PP
.SH "SEE ALSO"
\fCntpd\f[]\fR(@NTPD_MS@)\f[],
\fCntpdc\f[]\fR(@NTPDC_MS@)\f[],

342
ntpd/ntp.conf.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd March 21 2017
.Dd February 27 2018
.Dt NTP_CONF 5 File Formats
.Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:31:09 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME
@ -1532,6 +1532,7 @@ subcommand specifies the probability of discard
for packets that overflow the rate\-control window.
.It Xo Ic restrict address
.Op Cm mask Ar mask
.Op Cm ippeerlimit Ar int
.Op Ar flag ...
.Xc
The
@ -1557,6 +1558,15 @@ Note that text string
.Cm default ,
with no mask option, may
be used to indicate the default entry.
The
.Cm ippeerlimit
directive limits the number of peer requests for each IP to
.Ar int ,
where a value of \-1 means "unlimited", the current default.
A value of 0 means "none".
There would usually be at most 1 peering request per IP,
but if the remote peering requests are behind a proxy
there could well be more than 1 per IP.
In the current implementation,
.Cm flag
always
@ -1607,6 +1617,18 @@ basis, with later trap requestors being denied service.
This flag
modifies the assignment algorithm by allowing low priority traps to
be overridden by later requests for normal priority traps.
.It Cm noepeer
Deny ephemeral peer requests,
even if they come from an authenticated source.
Note that the ability to use a symmetric key for authentication may be restricted to
one or more IPs or subnets via the third field of the
.Pa ntp.keys
file.
This restriction is not enabled by default,
to maintain backward compatability.
Expect
.Cm noepeer
to become the default in ntp\-4.4.
.It Cm nomodify
Deny
.Xr ntpq @NTPQ_MS@
@ -1624,10 +1646,10 @@ and
queries.
Time service is not affected.
.It Cm nopeer
Deny packets which would result in mobilizing a new association.
This
includes broadcast and symmetric active packets when a configured
association does not exist.
Deny unauthenticated packets which would result in mobilizing a new association.
This includes
broadcast and symmetric active packets
when a configured association does not exist.
It also includes
.Cm pool
associations, so if you want to use servers from a
@ -1635,8 +1657,9 @@ associations, so if you want to use servers from a
directive and also want to use
.Cm nopeer
by default, you'll want a
.Cm "restrict source ..." line as well that does
.It not
.Cm "restrict source ..."
line as well that does
.Em not
include the
.Cm nopeer
directive.
@ -2011,9 +2034,10 @@ there is clear benefit to having the clients notice this change
as soon as possible.
Attacks such as replay attacks can happen, however,
and even though there are a number of protections built in to
broadcast mode, attempts to perform a replay attack are possible.
broadcast mode, attempts to perform a replay attack are possible.
This value defaults to 0, but can be changed
to any number of poll intervals between 0 and 4.
.El
.Ss Manycast Options
.Bl -tag -width indent
.It Xo Ic tos
@ -2359,7 +2383,7 @@ specific drivers in the
page
(available as part of the HTML documentation
provided in
.Pa /usr/share/doc/ntp ) .
.Pa /usr/share/doc/ntp ).
.It Cm stratum Ar int
Specifies the stratum number assigned to the driver, an integer
between 0 and 15.
@ -2637,6 +2661,79 @@ This option is useful for sites that run
.Xr ntpd @NTPD_MS@
on multiple hosts, with (mostly) common options (e.g., a
restriction list).
.It Xo Ic interface
.Oo
.Cm listen | Cm ignore | Cm drop
.Oc
.Oo
.Cm all | Cm ipv4 | Cm ipv6 | Cm wildcard
.Ar name | Ar address
.Oo Cm / Ar prefixlen
.Oc
.Oc
.Xc
The
.Cm interface
directive controls which network addresses
.Xr ntpd @NTPD_MS@
opens, and whether input is dropped without processing.
The first parameter determines the action for addresses
which match the second parameter.
The second parameter specifies a class of addresses,
or a specific interface name,
or an address.
In the address case,
.Ar prefixlen
determines how many bits must match for this rule to apply.
.Cm ignore
prevents opening matching addresses,
.Cm drop
causes
.Xr ntpd @NTPD_MS@
to open the address and drop all received packets without examination.
Multiple
.Cm interface
directives can be used.
The last rule which matches a particular address determines the action for it.
.Cm interface
directives are disabled if any
.Fl I ,
.Fl \-interface ,
.Fl L ,
or
.Fl \-novirtualips
command\-line options are specified in the configuration file,
all available network addresses are opened.
The
.Cm nic
directive is an alias for
.Cm interface .
.It Ic leapfile Ar leapfile
This command loads the IERS leapseconds file and initializes the
leapsecond values for the next leapsecond event, leapfile expiration
time, and TAI offset.
The file can be obtained directly from the IERS at
.Li https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap\-seconds.list
or
.Li ftp://hpiers.obspm.fr/iers/bul/bulc/ntp/leap\-seconds.list .
The
.Cm leapfile
is scanned when
.Xr ntpd @NTPD_MS@
processes the
.Cm leapfile directive or when
.Cm ntpd detects that the
.Ar leapfile
has changed.
.Cm ntpd
checks once a day to see if the
.Ar leapfile
has changed.
The
.Xr update\-leap 1update_leapmdoc
script can be run to see if the
.Ar leapfile
should be updated.
.It Ic leapsmearinterval Ar seconds
This EXPERIMENTAL option is only available if
.Xr ntpd @NTPD_MS@
@ -2741,6 +2838,181 @@ facility.
This is the same operation as the
.Fl l
command line option.
.It Xo Ic mru
.Oo
.Cm maxdepth Ar count | Cm maxmem Ar kilobytes |
.Cm mindepth Ar count | Cm maxage Ar seconds |
.Cm initialloc Ar count | Cm initmem Ar kilobytes |
.Cm incalloc Ar count | Cm incmem Ar kilobytes
.Oc
.Xc
Controls size limite of the monitoring facility's Most Recently Used
(MRU) list
of client addresses, which is also used by the
rate control facility.
.Bl -tag -width indent
.It Ic maxdepth Ar count
.It Ic maxmem Ar kilobytes
Equivalent upper limits on the size of the MRU list, in terms of entries or kilobytes.
The acutal limit will be up to
.Cm incalloc
entries or
.Cm incmem
kilobytes larger.
As with all of the
.Cm mru
options offered in units of entries or kilobytes, if both
.Cm maxdepth
and
.Cm maxmem are used, the last one used controls.
The default is 1024 kilobytes.
.It Cm mindepth Ar count
Lower limit on the MRU list size.
When the MRU list has fewer than
.Cm mindepth
entries, existing entries are never removed to make room for newer ones,
regardless of their age.
The default is 600 entries.
.It Cm maxage Ar seconds
Once the MRU list has
.Cm mindepth
entries and an additional client is to ba added to the list,
if the oldest entry was updated more than
.Cm maxage
seconds ago, that entry is removed and its storage is reused.
If the oldest entry was updated more recently the MRU list is grown,
subject to
.Cm maxdepth / moxmem .
The default is 64 seconds.
.It Cm initalloc Ar count
.It Cm initmem Ar kilobytes
Initial memory allocation at the time the monitoringfacility is first enabled,
in terms of the number of entries or kilobytes.
The default is 4 kilobytes.
.It Cm incalloc Ar count
.It Cm incmem Ar kilobytes
Size of additional memory allocations when growing the MRU list, in entries or kilobytes.
The default is 4 kilobytes.
.El
.It Ic nonvolatile Ar threshold
Specify the
.Ar threshold
delta in seconds before an hourly change to the
.Cm driftfile
(frequency file) will be written, with a default value of 1e\-7 (0.1 PPM).
The frequency file is inspected each hour.
If the difference between the current frequency and the last value written
exceeds the threshold, the file is written and the
.Cm threshold
becomes the new threshold value.
If the threshold is not exceeeded, it is reduced by half.
This is intended to reduce the number of file writes
for embedded systems with nonvolatile memory.
.It Ic phone Ar dial ...
This command is used in conjunction with
the ACTS modem driver (type 18)
or the JJY driver (type 40, mode 100 \- 180).
For the ACTS modem driver (type 18), the arguments consist of
a maximum of 10 telephone numbers used to dial USNO, NIST, or European
time service.
For the JJY driver (type 40 mode 100 \- 180), the argument is
one telephone number used to dial the telephone JJY service.
The Hayes command ATDT is normally prepended to the number.
The number can contain other modem control codes as well.
.It Xo Ic reset
.Oo
.Ic allpeers
.Oc
.Oo
.Ic auth
.Oc
.Oo
.Ic ctl
.Oc
.Oo
.Ic io
.Oc
.Oo
.Ic mem
.Oc
.Oo
.Ic sys
.Oc
.Oo
.Ic timer
.Oc
.Xc
Reset one or more groups of counters maintained by
.Cm ntpd
and exposed by
.Cm ntpq
and
.Cm ntpdc .
.It Xo Ic rlimit
.Oo
.Cm memlock Ar Nmegabytes |
.Cm stacksize Ar N4kPages
.Cm filenum Ar Nfiledescriptors
.Oc
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.It Cm filenum Ar Nfiledescriptors
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.El
.It Ic saveconfigdir Ar directory_path
Specify the directory in which to write configuration snapshots
requested with
.Cm ntpq 's
.Cm saveconfig
command.
If
.Cm saveconfigdir
does not appear in the configuration file,
.Cm saveconfig
requests are rejected by
.Cm ntpd .
.It Ic saveconfig Ar filename
Write the current configuration, including any runtime
modifications given with
.Cm :config
or
.Cm config\-from\-file
to the
.Cm ntpd
host's
.Ar filename
in the
.Cm saveconfigdir .
This command will be rejected unless the
.Cm saveconfigdir
directive appears in
.Cm ntpd 's
configuration file.
.Ar filename
can use
.Xr strftime 3
format directives to substitute the current date and time,
for example,
.Cm saveconfig\ ntp\-%Y%m%d\-%H%M%S.conf .
The filename used is stored in the system variable
.Cm savedconfig .
Authentication is required.
.It Ic setvar Ar variable Op Cm default
This command adds an additional system variable.
These
@ -2779,6 +3051,10 @@ holds
the names of all peer variables and the
.Va clock_var_list
holds the names of the reference clock variables.
.It Cm sysinfo
Display operational summary.
.It Cm sysstats
Show statistics counters maintained in the protocol module.
.It Xo Ic tinker
.Oo
.Cm allan Ar allan |
@ -2868,33 +3144,18 @@ be set to any positive number in seconds.
If set to zero, the stepout
pulses will not be suppressed.
.El
.It Xo Ic rlimit
.Oo
.Cm memlock Ar Nmegabytes |
.Cm stacksize Ar N4kPages
.Cm filenum Ar Nfiledescriptors
.Oc
.Xc
.Bl -tag -width indent
.It Cm memlock Ar Nmegabytes
Specify the number of megabytes of memory that should be
allocated and locked.
Probably only available under Linux, this option may be useful
when dropping root (the
.Fl i
option).
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
-1 means "do not lock the process into memory".
0 means "lock whatever memory the process wants into memory".
.It Cm stacksize Ar N4kPages
Specifies the maximum size of the process stack on systems with the
.Fn mlockall
function.
Defaults to 50 4k pages (200 4k pages in OpenBSD).
.It Cm filenum Ar Nfiledescriptors
Specifies the maximum number of file descriptors ntpd may have open at once.
Defaults to the system default.
.El
.It Cm writevar Ar assocID\ name = value [,...]
Write (create or update) the specified variables.
If the
.Cm assocID
is zero, the variablea re from the
system variables
name space, otherwise they are from the
peer variables
name space.
The
.Cm assocID
is required, as the same name can occur in both name spaces.
.It Xo Ic trap Ar host_address
.Op Cm port Ar port_number
.Op Cm interface Ar interface_address
@ -2909,6 +3170,13 @@ message is sent with a source address of the local interface the
message is sent through.
Note that on a multihomed host the
interface used may vary from time to time with routing changes.
.It Cm ttl Ar hop ...
This command specifies a list of TTL values in increasing order.
Up to 8 values can be specified.
In
.Cm manycast
mode these values are used in\-turn in an expanding\-ring search.
The default is eight multiples of 32 starting at 31.
.Pp
The trap receiver will generally log event messages and other
information from the server in a log file.

16
ntpd/ntp.keys.5man
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5man "21 Mar 2017" "4.2.8p10" "File Formats"
.TH ntp.keys 5man "27 Feb 2018" "4.2.8p11" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:10 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME
@ -76,16 +76,24 @@ where
is a positive integer (between 1 and 65534),
\f\*[I-Font]type\f[]
is the message digest algorithm,
and
\f\*[I-Font]key\f[]
is the key itself, and
\f\*[I-Font]opt_IP_list\f[]
is an optional comma-separated list of IPs
where the
\f\*[I-Font]keyno\f[]
should be trusted.
that are allowed to serve time.
Each IP in
\f\*[I-Font]opt_IP_list\f[]
may contain an optional
\f\*[B-Font]/subnetbits\f[]
specification which identifies the number of bits for
the desired subnet of trust.
If
\f\*[I-Font]opt_IP_list\f[]
is empty,
any properly-authenticated server message will be
any properly-authenticated message will be
accepted.
.sp \n(Ppu
.ne 2

16
ntpd/ntp.keys.5mdoc
View File

@ -1,9 +1,9 @@
.Dd March 21 2017
.Dd February 27 2018
.Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:22 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
@ -51,16 +51,24 @@ where
is a positive integer (between 1 and 65534),
.Ar type
is the message digest algorithm,
and
.Ar key
is the key itself, and
.Ar opt_IP_list
is an optional comma\-separated list of IPs
where the
.Ar keyno
should be trusted.
that are allowed to serve time.
Each IP in
.Ar opt_IP_list
may contain an optional
.Cm /subnetbits
specification which identifies the number of bits for
the desired subnet of trust.
If
.Ar opt_IP_list
is empty,
any properly\-authenticated server message will be
any properly\-authenticated message will be
accepted.
.Pp
The

12
ntpd/ntp.keys.def
View File

@ -50,16 +50,24 @@ where
is a positive integer (between 1 and 65534),
.Ar type
is the message digest algorithm,
and
.Ar key
is the key itself, and
.Ar opt_IP_list
is an optional comma-separated list of IPs
where the
.Ar keyno
should be trusted.
that are allowed to serve time.
Each IP in
.Ar opt_IP_list
may contain an optional
.Cm /subnetbits
specification which identifies the number of bits for
the desired subnet of trust.
If
.Ar opt_IP_list
is empty,
any properly-authenticated server message will be
any properly-authenticated message will be
accepted.
.Pp
The

14
ntpd/ntp.keys.html
View File

@ -33,7 +33,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program.
<p>This document applies to version 4.2.8p10 of <code>ntp.keys</code>.
<p>This document applies to version 4.2.8p11 of <code>ntp.keys</code>.
<div class="shortcontents">
<h2>Short Contents</h2>
@ -100,16 +100,24 @@ Key entries use a fixed format of the form
is a positive integer (between 1 and 65534),
<kbd>type</kbd>
is the message digest algorithm,
and
<kbd>key</kbd>
is the key itself, and
<kbd>opt_IP_list</kbd>
is an optional comma-separated list of IPs
where the
<kbd>keyno</kbd>
should be trusted.
that are allowed to serve time.
Each IP in
<kbd>opt_IP_list</kbd>
may contain an optional
<code>/subnetbits</code>
specification which identifies the number of bits for
the desired subnet of trust.
If
<kbd>opt_IP_list</kbd>
is empty,
any properly-authenticated server message will be
any properly-authenticated message will be
accepted.
<p>The

16
ntpd/ntp.keys.man.in
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5 "21 Mar 2017" "4.2.8p10" "File Formats"
.TH ntp.keys 5 "27 Feb 2018" "4.2.8p11" "File Formats"
.\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:10 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl
.Sh NAME
@ -76,16 +76,24 @@ where
is a positive integer (between 1 and 65534),
\f\*[I-Font]type\f[]
is the message digest algorithm,
and
\f\*[I-Font]key\f[]
is the key itself, and
\f\*[I-Font]opt_IP_list\f[]
is an optional comma-separated list of IPs
where the
\f\*[I-Font]keyno\f[]
should be trusted.
that are allowed to serve time.
Each IP in
\f\*[I-Font]opt_IP_list\f[]
may contain an optional
\f\*[B-Font]/subnetbits\f[]
specification which identifies the number of bits for
the desired subnet of trust.
If
\f\*[I-Font]opt_IP_list\f[]
is empty,
any properly-authenticated server message will be
any properly-authenticated message will be
accepted.
.sp \n(Ppu
.ne 2

16
ntpd/ntp.keys.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd March 21 2017
.Dd February 27 2018
.Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:22 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl
.Sh NAME
@ -51,16 +51,24 @@ where
is a positive integer (between 1 and 65534),
.Ar type
is the message digest algorithm,
and
.Ar key
is the key itself, and
.Ar opt_IP_list
is an optional comma\-separated list of IPs
where the
.Ar keyno
should be trusted.
that are allowed to serve time.
Each IP in
.Ar opt_IP_list
may contain an optional
.Cm /subnetbits
specification which identifies the number of bits for
the desired subnet of trust.
If
.Ar opt_IP_list
is empty,
any properly\-authenticated server message will be
any properly\-authenticated message will be
accepted.
.Pp
The

493
ntpd/ntp_config.c
View File

@ -149,9 +149,9 @@ typedef struct peer_resolved_ctx_tag {
extern int yydebug; /* ntp_parser.c (.y) */
config_tree cfgt; /* Parser output stored here */
struct config_tree_tag *cfg_tree_history; /* History of configs */
char *sys_phone[MAXPHONE] = {NULL}; /* ACTS phone numbers */
char * sys_phone[MAXPHONE] = {NULL}; /* ACTS phone numbers */
char default_keysdir[] = NTP_KEYSDIR;
char *keysdir = default_keysdir; /* crypto keys directory */
char * keysdir = default_keysdir; /* crypto keys directory */
char * saveconfigdir;
#if defined(HAVE_SCHED_SETSCHEDULER)
int config_priority_override = 0;
@ -312,6 +312,7 @@ static void config_monitor(config_tree *);
static void config_rlimit(config_tree *);
static void config_system_opts(config_tree *);
static void config_tinker(config_tree *);
static int config_tos_clock(config_tree *);
static void config_tos(config_tree *);
static void config_vars(config_tree *);
@ -363,6 +364,8 @@ static u_int32 get_match(const char *, struct masks *);
static u_int32 get_logmask(const char *);
static int/*BOOL*/ is_refclk_addr(const address_node * addr);
static void appendstr(char *, size_t, char *);
#ifndef SIM
static int getnetnum(const char *num, sockaddr_u *addr, int complain,
@ -528,7 +531,7 @@ dump_config_tree(
setvar_node *setv_node;
nic_rule_node *rule_node;
int_node *i_n;
int_node *flags;
int_node *flag_tok_fifo;
int_node *counter_set;
string_node *str_node;
@ -554,7 +557,10 @@ dump_config_tree(
ptree->source.value.s);
}
/* For options I didn't find documentation I'll just output its name and the cor. value */
/*
* For options without documentation we just output the name
* and its data value
*/
atrv = HEAD_PFIFO(ptree->vars);
for ( ; atrv != NULL; atrv = atrv->link) {
switch (atrv->type) {
@ -722,6 +728,21 @@ dump_config_tree(
token_name(atrv->type));
break;
#endif
case T_Integer:
if (atrv->attr == T_Basedate) {
struct calendar jd;
ntpcal_rd_to_date(&jd, atrv->value.i + DAY_NTP_STARTS);
fprintf(df, " %s \"%04hu-%02hu-%02hu\"",
keyword(atrv->attr), jd.year,
(u_short)jd.month,
(u_short)jd.monthday);
} else {
fprintf(df, " %s %d",
keyword(atrv->attr),
atrv->value.i);
}
break;
case T_Double:
fprintf(df, " %s %s",
keyword(atrv->attr),
@ -904,30 +925,52 @@ dump_config_tree(
fprintf(df, "\n");
}
for (rest_node = HEAD_PFIFO(ptree->restrict_opts);
rest_node != NULL;
rest_node = rest_node->link) {
int is_default = 0;
if (NULL == rest_node->addr) {
s = "default";
flags = HEAD_PFIFO(rest_node->flags);
for ( ; flags != NULL; flags = flags->link)
if (T_Source == flags->i) {
/* Don't need to set is_default=1 here */
flag_tok_fifo = HEAD_PFIFO(rest_node->flag_tok_fifo);
for ( ; flag_tok_fifo != NULL; flag_tok_fifo = flag_tok_fifo->link) {
if (T_Source == flag_tok_fifo->i) {
s = "source";
break;
}
}
}
} else {
s = rest_node->addr->address;
const char *ap = rest_node->addr->address;
const char *mp = "";
if (rest_node->mask)
mp = rest_node->mask->address;
if ( rest_node->addr->type == AF_INET
&& !strcmp(ap, "0.0.0.0")
&& !strcmp(mp, "0.0.0.0")) {
is_default = 1;
s = "-4 default";
} else if ( rest_node->mask
&& rest_node->mask->type == AF_INET6
&& !strcmp(ap, "::")
&& !strcmp(mp, "::")) {
is_default = 1;
s = "-6 default";
} else {
s = ap;
}
}
fprintf(df, "restrict %s", s);
if (rest_node->mask != NULL)
if (rest_node->mask != NULL && !is_default)
fprintf(df, " mask %s",
rest_node->mask->address);
flags = HEAD_PFIFO(rest_node->flags);
for ( ; flags != NULL; flags = flags->link)
if (T_Source != flags->i)
fprintf(df, " %s", keyword(flags->i));
fprintf(df, " ippeerlimit %d", rest_node->ippeerlimit);
flag_tok_fifo = HEAD_PFIFO(rest_node->flag_tok_fifo);
for ( ; flag_tok_fifo != NULL; flag_tok_fifo = flag_tok_fifo->link)
if (T_Source != flag_tok_fifo->i)
fprintf(df, " %s", keyword(flag_tok_fifo->i));
fprintf(df, "\n");
}
@ -1057,11 +1100,45 @@ concat_gen_fifos(
return pf1;
}
void*
destroy_gen_fifo(
void *fifo,
fifo_deleter func
)
{
any_node * np = NULL;
any_node_fifo * pf1 = fifo;
if (pf1 != NULL) {
if (!func)
func = free;
for (;;) {
UNLINK_FIFO(np, *pf1, link);
if (np == NULL)
break;
(*func)(np);
}
free(pf1);
}
return NULL;
}
/* FUNCTIONS FOR CREATING NODES ON THE SYNTAX TREE
* -----------------------------------------------
*/
void
destroy_attr_val(
attr_val * av
)
{
if (av) {
if (T_String == av->type)
free(av->value.s);
free(av);
}
}
attr_val *
create_attr_dval(
int attr,
@ -1402,7 +1479,8 @@ restrict_node *
create_restrict_node(
address_node * addr,
address_node * mask,
int_fifo * flags,
short ippeerlimit,
int_fifo * flag_tok_fifo,
int line_no
)
{
@ -1411,7 +1489,8 @@ create_restrict_node(
my_node = emalloc_zero(sizeof(*my_node));
my_node->addr = addr;
my_node->mask = mask;
my_node->flags = flags;
my_node->ippeerlimit = ippeerlimit;
my_node->flag_tok_fifo = flag_tok_fifo;
my_node->line_no = line_no;
return my_node;
@ -1428,7 +1507,7 @@ destroy_restrict_node(
*/
destroy_address_node(my_node->addr);
destroy_address_node(my_node->mask);
destroy_int_fifo(my_node->flags);
destroy_int_fifo(my_node->flag_tok_fifo);
free(my_node);
}
@ -1484,9 +1563,7 @@ destroy_attr_val_fifo(
UNLINK_FIFO(av, *av_fifo, link);
if (av == NULL)
break;
if (T_String == av->type)
free(av->value.s);
free(av);
destroy_attr_val(av);
}
free(av_fifo);
}
@ -2009,6 +2086,35 @@ free_config_auth(
#endif /* FREE_CFG_T */
/* Configure low-level clock-related parameters. Return TRUE if the
* clock might need adjustment like era-checking after the call, FALSE
* otherwise.
*/
static int/*BOOL*/
config_tos_clock(
config_tree *ptree
)
{
int ret;
attr_val * tos;
ret = FALSE;
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
switch(tos->attr) {
default:
break;
case T_Basedate:
basedate_set_day(tos->value.i);
ret = TRUE;
break;
}
}
return ret;
}
static void
config_tos(
config_tree *ptree
@ -2034,12 +2140,16 @@ config_tos(
/* -*- phase one: inspect / sanitize the values */
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
val = tos->value.d;
/* not all attributes are doubles (any more), so loading
* 'val' in all cases is not a good idea: It should be
* done as needed in every case processed here.
*/
switch(tos->attr) {
default:
break;
case T_Bcpollbstep:
val = tos->value.d;
if (val > 4) {
msyslog(LOG_WARNING,
"Using maximum bcpollbstep ceiling %d, %d requested",
@ -2054,6 +2164,7 @@ config_tos(
break;
case T_Ceiling:
val = tos->value.d;
if (val > STRATUM_UNSPEC - 1) {
msyslog(LOG_WARNING,
"Using maximum tos ceiling %d, %d requested",
@ -2068,18 +2179,21 @@ config_tos(
break;
case T_Minclock:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
l_minclock = (int)tos->value.d;
break;
case T_Maxclock:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
l_maxclock = (int)tos->value.d;
break;
case T_Minsane:
val = tos->value.d;
if ((int)tos->value.d < 1)
tos->value.d = 1;
l_minsane = (int)tos->value.d;
@ -2097,7 +2211,6 @@ config_tos(
/* -*- phase two: forward the values to the protocol machinery */
tos = HEAD_PFIFO(ptree->orphan_cmds);
for (; tos != NULL; tos = tos->link) {
val = tos->value.d;
switch(tos->attr) {
default:
@ -2150,8 +2263,11 @@ config_tos(
case T_Beacon:
item = PROTO_BEACON;
break;
case T_Basedate:
continue; /* SKIP proto-config for this! */
}
proto_config(item, 0, val, NULL);
proto_config(item, 0, tos->value.d, NULL);
}
}
@ -2348,7 +2464,7 @@ config_access(
static int warned_signd;
attr_val * my_opt;
restrict_node * my_node;
int_node * curr_flag;
int_node * curr_tok_fifo;
sockaddr_u addr;
sockaddr_u mask;
struct addrinfo hints;
@ -2356,8 +2472,9 @@ config_access(
struct addrinfo * pai;
int rc;
int restrict_default;
u_short flags;
u_short rflags;
u_short mflags;
short ippeerlimit;
int range_err;
const char * signd_warning =
#ifdef HAVE_NTP_SIGND
@ -2476,17 +2593,23 @@ config_access(
/* Configure the restrict options */
my_node = HEAD_PFIFO(ptree->restrict_opts);
for (; my_node != NULL; my_node = my_node->link) {
/* Grab the ippeerlmit */
ippeerlimit = my_node->ippeerlimit;
DPRINTF(1, ("config_access: top-level node %p: ippeerlimit %d\n", my_node, ippeerlimit));
/* Parse the flags */
flags = 0;
rflags = 0;
mflags = 0;
curr_flag = HEAD_PFIFO(my_node->flags);
for (; curr_flag != NULL; curr_flag = curr_flag->link) {
switch (curr_flag->i) {
curr_tok_fifo = HEAD_PFIFO(my_node->flag_tok_fifo);
for (; curr_tok_fifo != NULL; curr_tok_fifo = curr_tok_fifo->link) {
switch (curr_tok_fifo->i) {
default:
fatal_error("config-access: flag-type-token=%d", curr_flag->i);
fatal_error("config_access: flag-type-token=%d", curr_tok_fifo->i);
case T_Ntpport:
mflags |= RESM_NTPONLY;
@ -2497,71 +2620,75 @@ config_access(
break;
case T_Flake:
flags |= RES_FLAKE;
rflags |= RES_FLAKE;
break;
case T_Ignore:
flags |= RES_IGNORE;
rflags |= RES_IGNORE;
break;
case T_Kod:
flags |= RES_KOD;
rflags |= RES_KOD;
break;
case T_Mssntp:
flags |= RES_MSSNTP;
rflags |= RES_MSSNTP;
break;
case T_Limited:
flags |= RES_LIMITED;
rflags |= RES_LIMITED;
break;
case T_Lowpriotrap:
flags |= RES_LPTRAP;
rflags |= RES_LPTRAP;
break;
case T_Nomodify:
flags |= RES_NOMODIFY;
rflags |= RES_NOMODIFY;
break;
case T_Nomrulist:
flags |= RES_NOMRULIST;
rflags |= RES_NOMRULIST;
break;
case T_Noepeer:
rflags |= RES_NOEPEER;
break;
case T_Nopeer:
flags |= RES_NOPEER;
rflags |= RES_NOPEER;
break;
case T_Noquery:
flags |= RES_NOQUERY;
rflags |= RES_NOQUERY;
break;
case T_Noserve:
flags |= RES_DONTSERVE;
rflags |= RES_DONTSERVE;
break;
case T_Notrap:
flags |= RES_NOTRAP;
rflags |= RES_NOTRAP;
break;
case T_Notrust:
flags |= RES_DONTTRUST;
rflags |= RES_DONTTRUST;
break;
case T_Version:
flags |= RES_VERSION;
rflags |= RES_VERSION;
break;
}
}
if ((RES_MSSNTP & flags) && !warned_signd) {
if ((RES_MSSNTP & rflags) && !warned_signd) {
warned_signd = 1;
fprintf(stderr, "%s\n", signd_warning);
msyslog(LOG_WARNING, "%s", signd_warning);
}
/* It would be swell if we could identify the line number */
if ((RES_KOD & flags) && !(RES_LIMITED & flags)) {
if ((RES_KOD & rflags) && !(RES_LIMITED & rflags)) {
const char *kod_where = (my_node->addr)
? my_node->addr->address
: (mflags & RESM_SOURCE)
@ -2589,10 +2716,10 @@ config_access(
restrict_default = 1;
} else {
/* apply "restrict source ..." */
DPRINTF(1, ("restrict source template mflags %x flags %x\n",
mflags, flags));
hack_restrict(RESTRICT_FLAGS, NULL,
NULL, mflags, flags, 0);
DPRINTF(1, ("restrict source template ippeerlimit %d mflags %x rflags %x\n",
ippeerlimit, mflags, rflags));
hack_restrict(RESTRICT_FLAGS, NULL, NULL,
ippeerlimit, mflags, rflags, 0);
continue;
}
} else {
@ -2661,15 +2788,15 @@ config_access(
if (restrict_default) {
AF(&addr) = AF_INET;
AF(&mask) = AF_INET;
hack_restrict(RESTRICT_FLAGS, &addr,
&mask, mflags, flags, 0);
hack_restrict(RESTRICT_FLAGS, &addr, &mask,
ippeerlimit, mflags, rflags, 0);
AF(&addr) = AF_INET6;
AF(&mask) = AF_INET6;
}
do {
hack_restrict(RESTRICT_FLAGS, &addr,
&mask, mflags, flags, 0);
hack_restrict(RESTRICT_FLAGS, &addr, &mask,
ippeerlimit, mflags, rflags, 0);
if (pai != NULL &&
NULL != (pai = pai->ai_next)) {
INSIST(pai->ai_addr != NULL);
@ -2720,6 +2847,9 @@ config_rlimit(
case T_Memlock:
/* What if we HAVE_OPT(SAVECONFIGQUIT) ? */
if (HAVE_OPT( SAVECONFIGQUIT )) {
break;
}
if (rlimit_av->value.i == -1) {
# if defined(HAVE_MLOCKALL)
if (cur_memlock != 0) {
@ -3006,17 +3136,17 @@ apply_enable_disable(
int enable
)
{
attr_val *curr_flag;
attr_val *curr_tok_fifo;
int option;
#ifdef BC_LIST_FRAMEWORK_NOT_YET_USED
bc_entry *pentry;
#endif
for (curr_flag = HEAD_PFIFO(fifo);
curr_flag != NULL;
curr_flag = curr_flag->link) {
for (curr_tok_fifo = HEAD_PFIFO(fifo);
curr_tok_fifo != NULL;
curr_tok_fifo = curr_tok_fifo->link) {
option = curr_flag->value.i;
option = curr_tok_fifo->value.i;
switch (option) {
default:
@ -3851,6 +3981,9 @@ config_peers(
* If we have a numeric address, we can safely
* proceed in the mainline with it. Otherwise, hand
* the hostname off to the blocking child.
*
* Note that if we're told to add the peer here, we
* do that regardless of ippeerlimit.
*/
if (is_ip_address(*cmdline_servers, AF_UNSPEC,
&peeraddr)) {
@ -3862,6 +3995,7 @@ config_peers(
&peeraddr,
NULL,
NULL,
-1,
MODE_CLIENT,
NTP_VERSION,
0,
@ -3912,6 +4046,7 @@ config_peers(
&peeraddr,
curr_peer->addr->address,
NULL,
-1,
hmode,
curr_peer->peerversion,
curr_peer->minpoll,
@ -3935,6 +4070,7 @@ config_peers(
&peeraddr,
NULL,
NULL,
-1,
hmode,
curr_peer->peerversion,
curr_peer->minpoll,
@ -4035,6 +4171,7 @@ peer_name_resolved(
&peeraddr,
NULL,
NULL,
-1,
ctx->hmode,
ctx->version,
ctx->minpoll,
@ -4113,7 +4250,7 @@ config_unpeers(
if (rc > 0) {
DPRINTF(1, ("unpeer: searching for %s\n",
stoa(&peeraddr)));
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
if (p != NULL) {
msyslog(LOG_NOTICE, "unpeered %s",
stoa(&peeraddr));
@ -4193,7 +4330,7 @@ unpeer_name_resolved(
memcpy(&peeraddr, res->ai_addr, res->ai_addrlen);
DPRINTF(1, ("unpeer: searching for peer %s\n",
stoa(&peeraddr)));
peer = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
peer = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
if (peer != NULL) {
af = AF(&peeraddr);
fam_spec = (AF_INET6 == af)
@ -4420,6 +4557,15 @@ config_ntpd(
int/*BOOL*/ input_from_files
)
{
/* [Bug 3435] check and esure clock sanity if configured from
* file and clock sanity parameters (-> basedate) are given. Do
* this ASAP, so we don't disturb the closed loop controller.
*/
if (input_from_files) {
if (config_tos_clock(ptree))
clamp_systime();
}
config_nic_rules(ptree, input_from_files);
config_monitor(ptree);
config_auth(ptree);
@ -4444,6 +4590,12 @@ config_ntpd(
config_fudge(ptree);
config_reset_counters(ptree);
#ifdef DEBUG
if (debug > 1) {
dump_restricts();
}
#endif
#ifdef TEST_BLOCKING_WORKER
{
struct addrinfo hints;
@ -5043,6 +5195,9 @@ ntp_rlimit(
switch (rl_what) {
# ifdef RLIMIT_MEMLOCK
case RLIMIT_MEMLOCK:
if (HAVE_OPT( SAVECONFIGQUIT )) {
break;
}
/*
* The default RLIMIT_MEMLOCK is very low on Linux systems.
* Unless we increase this limit malloc calls are likely to
@ -5104,3 +5259,217 @@ ntp_rlimit(
}
}
#endif /* HAVE_SETRLIMIT */
char *
build_iflags(u_int32 iflags)
{
static char ifs[1024];
ifs[0] = '\0';
if (iflags & INT_UP) {
iflags &= ~INT_UP;
appendstr(ifs, sizeof ifs, "up");
}
if (iflags & INT_PPP) {
iflags &= ~INT_PPP;
appendstr(ifs, sizeof ifs, "ppp");
}
if (iflags & INT_LOOPBACK) {
iflags &= ~INT_LOOPBACK;
appendstr(ifs, sizeof ifs, "loopback");
}
if (iflags & INT_BROADCAST) {
iflags &= ~INT_BROADCAST;
appendstr(ifs, sizeof ifs, "broadcast");
}
if (iflags & INT_MULTICAST) {
iflags &= ~INT_MULTICAST;
appendstr(ifs, sizeof ifs, "multicast");
}
if (iflags & INT_BCASTOPEN) {
iflags &= ~INT_BCASTOPEN;
appendstr(ifs, sizeof ifs, "bcastopen");
}
if (iflags & INT_MCASTOPEN) {
iflags &= ~INT_MCASTOPEN;
appendstr(ifs, sizeof ifs, "mcastopen");
}
if (iflags & INT_WILDCARD) {
iflags &= ~INT_WILDCARD;
appendstr(ifs, sizeof ifs, "wildcard");
}
if (iflags & INT_MCASTIF) {
iflags &= ~INT_MCASTIF;
appendstr(ifs, sizeof ifs, "MCASTif");
}
if (iflags & INT_PRIVACY) {
iflags &= ~INT_PRIVACY;
appendstr(ifs, sizeof ifs, "IPv6privacy");
}
if (iflags & INT_BCASTXMIT) {
iflags &= ~INT_BCASTXMIT;
appendstr(ifs, sizeof ifs, "bcastxmit");
}
if (iflags) {
char string[10];
snprintf(string, sizeof string, "%0x", iflags);
appendstr(ifs, sizeof ifs, string);
}
return ifs;
}
char *
build_mflags(u_short mflags)
{
static char mfs[1024];
mfs[0] = '\0';
if (mflags & RESM_NTPONLY) {
mflags &= ~RESM_NTPONLY;
appendstr(mfs, sizeof mfs, "ntponly");
}
if (mflags & RESM_SOURCE) {
mflags &= ~RESM_SOURCE;
appendstr(mfs, sizeof mfs, "source");
}
if (mflags) {
char string[10];
snprintf(string, sizeof string, "%0x", mflags);
appendstr(mfs, sizeof mfs, string);
}
return mfs;
}
char *
build_rflags(u_short rflags)
{
static char rfs[1024];
rfs[0] = '\0';
if (rflags & RES_FLAKE) {
rflags &= ~RES_FLAKE;
appendstr(rfs, sizeof rfs, "flake");
}
if (rflags & RES_IGNORE) {
rflags &= ~RES_IGNORE;
appendstr(rfs, sizeof rfs, "ignore");
}
if (rflags & RES_KOD) {
rflags &= ~RES_KOD;
appendstr(rfs, sizeof rfs, "kod");
}
if (rflags & RES_MSSNTP) {
rflags &= ~RES_MSSNTP;
appendstr(rfs, sizeof rfs, "mssntp");
}
if (rflags & RES_LIMITED) {
rflags &= ~RES_LIMITED;
appendstr(rfs, sizeof rfs, "limited");
}
if (rflags & RES_LPTRAP) {
rflags &= ~RES_LPTRAP;
appendstr(rfs, sizeof rfs, "lptrap");
}
if (rflags & RES_NOMODIFY) {
rflags &= ~RES_NOMODIFY;
appendstr(rfs, sizeof rfs, "nomodify");
}
if (rflags & RES_NOMRULIST) {
rflags &= ~RES_NOMRULIST;
appendstr(rfs, sizeof rfs, "nomrulist");
}
if (rflags & RES_NOEPEER) {
rflags &= ~RES_NOEPEER;
appendstr(rfs, sizeof rfs, "noepeer");
}
if (rflags & RES_NOPEER) {
rflags &= ~RES_NOPEER;
appendstr(rfs, sizeof rfs, "nopeer");
}
if (rflags & RES_NOQUERY) {
rflags &= ~RES_NOQUERY;
appendstr(rfs, sizeof rfs, "noquery");
}
if (rflags & RES_DONTSERVE) {
rflags &= ~RES_DONTSERVE;
appendstr(rfs, sizeof rfs, "dontserve");
}
if (rflags & RES_NOTRAP) {
rflags &= ~RES_NOTRAP;
appendstr(rfs, sizeof rfs, "notrap");
}
if (rflags & RES_DONTTRUST) {
rflags &= ~RES_DONTTRUST;
appendstr(rfs, sizeof rfs, "notrust");
}
if (rflags & RES_VERSION) {
rflags &= ~RES_VERSION;
appendstr(rfs, sizeof rfs, "version");
}
if (rflags) {
char string[10];
snprintf(string, sizeof string, "%0x", rflags);
appendstr(rfs, sizeof rfs, string);
}
if ('\0' == rfs[0]) {
appendstr(rfs, sizeof rfs, "(none)");
}
return rfs;
}
static void
appendstr(
char *string,
size_t s,
char *new
)
{
if (*string != '\0') {
(void)strlcat(string, ",", s);
}
(void)strlcat(string, new, s);
return;
}

490
ntpd/ntp_control.c
View File

@ -176,56 +176,58 @@ static const struct ctl_proc control_codes[] = {
#define CS_SS_LIMITED 41
#define CS_SS_KODSENT 42
#define CS_SS_PROCESSED 43
#define CS_PEERADR 44
#define CS_PEERMODE 45
#define CS_BCASTDELAY 46
#define CS_AUTHDELAY 47
#define CS_AUTHKEYS 48
#define CS_AUTHFREEK 49
#define CS_AUTHKLOOKUPS 50
#define CS_AUTHKNOTFOUND 51
#define CS_AUTHKUNCACHED 52
#define CS_AUTHKEXPIRED 53
#define CS_AUTHENCRYPTS 54
#define CS_AUTHDECRYPTS 55
#define CS_AUTHRESET 56
#define CS_K_OFFSET 57
#define CS_K_FREQ 58
#define CS_K_MAXERR 59
#define CS_K_ESTERR 60
#define CS_K_STFLAGS 61
#define CS_K_TIMECONST 62
#define CS_K_PRECISION 63
#define CS_K_FREQTOL 64
#define CS_K_PPS_FREQ 65
#define CS_K_PPS_STABIL 66
#define CS_K_PPS_JITTER 67
#define CS_K_PPS_CALIBDUR 68
#define CS_K_PPS_CALIBS 69
#define CS_K_PPS_CALIBERRS 70
#define CS_K_PPS_JITEXC 71
#define CS_K_PPS_STBEXC 72
#define CS_SS_LAMPORT 44
#define CS_SS_TSROUNDING 45
#define CS_PEERADR 46
#define CS_PEERMODE 47
#define CS_BCASTDELAY 48
#define CS_AUTHDELAY 49
#define CS_AUTHKEYS 50
#define CS_AUTHFREEK 51
#define CS_AUTHKLOOKUPS 52
#define CS_AUTHKNOTFOUND 53
#define CS_AUTHKUNCACHED 54
#define CS_AUTHKEXPIRED 55
#define CS_AUTHENCRYPTS 56
#define CS_AUTHDECRYPTS 57
#define CS_AUTHRESET 58
#define CS_K_OFFSET 59
#define CS_K_FREQ 60
#define CS_K_MAXERR 61
#define CS_K_ESTERR 62
#define CS_K_STFLAGS 63
#define CS_K_TIMECONST 64
#define CS_K_PRECISION 65
#define CS_K_FREQTOL 66
#define CS_K_PPS_FREQ 67
#define CS_K_PPS_STABIL 68
#define CS_K_PPS_JITTER 69
#define CS_K_PPS_CALIBDUR 70
#define CS_K_PPS_CALIBS 71
#define CS_K_PPS_CALIBERRS 72
#define CS_K_PPS_JITEXC 73
#define CS_K_PPS_STBEXC 74
#define CS_KERN_FIRST CS_K_OFFSET
#define CS_KERN_LAST CS_K_PPS_STBEXC
#define CS_IOSTATS_RESET 73
#define CS_TOTAL_RBUF 74
#define CS_FREE_RBUF 75
#define CS_USED_RBUF 76
#define CS_RBUF_LOWATER 77
#define CS_IO_DROPPED 78
#define CS_IO_IGNORED 79
#define CS_IO_RECEIVED 80
#define CS_IO_SENT 81
#define CS_IO_SENDFAILED 82
#define CS_IO_WAKEUPS 83
#define CS_IO_GOODWAKEUPS 84
#define CS_TIMERSTATS_RESET 85
#define CS_TIMER_OVERRUNS 86
#define CS_TIMER_XMTS 87
#define CS_FUZZ 88
#define CS_WANDER_THRESH 89
#define CS_LEAPSMEARINTV 90
#define CS_LEAPSMEAROFFS 91
#define CS_IOSTATS_RESET 75
#define CS_TOTAL_RBUF 76
#define CS_FREE_RBUF 77
#define CS_USED_RBUF 78
#define CS_RBUF_LOWATER 79
#define CS_IO_DROPPED 80
#define CS_IO_IGNORED 81
#define CS_IO_RECEIVED 82
#define CS_IO_SENT 83
#define CS_IO_SENDFAILED 84
#define CS_IO_WAKEUPS 85
#define CS_IO_GOODWAKEUPS 86
#define CS_TIMERSTATS_RESET 87
#define CS_TIMER_OVERRUNS 88
#define CS_TIMER_XMTS 89
#define CS_FUZZ 90
#define CS_WANDER_THRESH 91
#define CS_LEAPSMEARINTV 92
#define CS_LEAPSMEAROFFS 93
#define CS_MAX_NOAUTOKEY CS_LEAPSMEAROFFS
#ifdef AUTOKEY
#define CS_FLAGS (1 + CS_MAX_NOAUTOKEY)
@ -376,55 +378,57 @@ static const struct ctl_var sys_var[] = {
{ CS_SS_LIMITED, RO, "ss_limited" }, /* 41 */
{ CS_SS_KODSENT, RO, "ss_kodsent" }, /* 42 */
{ CS_SS_PROCESSED, RO, "ss_processed" }, /* 43 */
{ CS_PEERADR, RO, "peeradr" }, /* 44 */
{ CS_PEERMODE, RO, "peermode" }, /* 45 */
{ CS_BCASTDELAY, RO, "bcastdelay" }, /* 46 */
{ CS_AUTHDELAY, RO, "authdelay" }, /* 47 */
{ CS_AUTHKEYS, RO, "authkeys" }, /* 48 */
{ CS_AUTHFREEK, RO, "authfreek" }, /* 49 */
{ CS_AUTHKLOOKUPS, RO, "authklookups" }, /* 50 */
{ CS_AUTHKNOTFOUND, RO, "authknotfound" }, /* 51 */
{ CS_AUTHKUNCACHED, RO, "authkuncached" }, /* 52 */
{ CS_AUTHKEXPIRED, RO, "authkexpired" }, /* 53 */
{ CS_AUTHENCRYPTS, RO, "authencrypts" }, /* 54 */
{ CS_AUTHDECRYPTS, RO, "authdecrypts" }, /* 55 */
{ CS_AUTHRESET, RO, "authreset" }, /* 56 */
{ CS_K_OFFSET, RO, "koffset" }, /* 57 */
{ CS_K_FREQ, RO, "kfreq" }, /* 58 */
{ CS_K_MAXERR, RO, "kmaxerr" }, /* 59 */
{ CS_K_ESTERR, RO, "kesterr" }, /* 60 */
{ CS_K_STFLAGS, RO, "kstflags" }, /* 61 */
{ CS_K_TIMECONST, RO, "ktimeconst" }, /* 62 */
{ CS_K_PRECISION, RO, "kprecis" }, /* 63 */
{ CS_K_FREQTOL, RO, "kfreqtol" }, /* 64 */
{ CS_K_PPS_FREQ, RO, "kppsfreq" }, /* 65 */
{ CS_K_PPS_STABIL, RO, "kppsstab" }, /* 66 */
{ CS_K_PPS_JITTER, RO, "kppsjitter" }, /* 67 */
{ CS_K_PPS_CALIBDUR, RO, "kppscalibdur" }, /* 68 */
{ CS_K_PPS_CALIBS, RO, "kppscalibs" }, /* 69 */
{ CS_K_PPS_CALIBERRS, RO, "kppscaliberrs" }, /* 70 */
{ CS_K_PPS_JITEXC, RO, "kppsjitexc" }, /* 71 */
{ CS_K_PPS_STBEXC, RO, "kppsstbexc" }, /* 72 */
{ CS_IOSTATS_RESET, RO, "iostats_reset" }, /* 73 */
{ CS_TOTAL_RBUF, RO, "total_rbuf" }, /* 74 */
{ CS_FREE_RBUF, RO, "free_rbuf" }, /* 75 */
{ CS_USED_RBUF, RO, "used_rbuf" }, /* 76 */
{ CS_RBUF_LOWATER, RO, "rbuf_lowater" }, /* 77 */
{ CS_IO_DROPPED, RO, "io_dropped" }, /* 78 */
{ CS_IO_IGNORED, RO, "io_ignored" }, /* 79 */
{ CS_IO_RECEIVED, RO, "io_received" }, /* 80 */
{ CS_IO_SENT, RO, "io_sent" }, /* 81 */
{ CS_IO_SENDFAILED, RO, "io_sendfailed" }, /* 82 */
{ CS_IO_WAKEUPS, RO, "io_wakeups" }, /* 83 */
{ CS_IO_GOODWAKEUPS, RO, "io_goodwakeups" }, /* 84 */
{ CS_TIMERSTATS_RESET, RO, "timerstats_reset" },/* 85 */
{ CS_TIMER_OVERRUNS, RO, "timer_overruns" }, /* 86 */
{ CS_TIMER_XMTS, RO, "timer_xmts" }, /* 87 */
{ CS_FUZZ, RO, "fuzz" }, /* 88 */
{ CS_WANDER_THRESH, RO, "clk_wander_threshold" }, /* 89 */
{ CS_SS_LAMPORT, RO, "ss_lamport" }, /* 44 */
{ CS_SS_TSROUNDING, RO, "ss_tsrounding" }, /* 45 */
{ CS_PEERADR, RO, "peeradr" }, /* 46 */
{ CS_PEERMODE, RO, "peermode" }, /* 47 */
{ CS_BCASTDELAY, RO, "bcastdelay" }, /* 48 */
{ CS_AUTHDELAY, RO, "authdelay" }, /* 49 */
{ CS_AUTHKEYS, RO, "authkeys" }, /* 50 */
{ CS_AUTHFREEK, RO, "authfreek" }, /* 51 */
{ CS_AUTHKLOOKUPS, RO, "authklookups" }, /* 52 */
{ CS_AUTHKNOTFOUND, RO, "authknotfound" }, /* 53 */
{ CS_AUTHKUNCACHED, RO, "authkuncached" }, /* 54 */
{ CS_AUTHKEXPIRED, RO, "authkexpired" }, /* 55 */
{ CS_AUTHENCRYPTS, RO, "authencrypts" }, /* 56 */
{ CS_AUTHDECRYPTS, RO, "authdecrypts" }, /* 57 */
{ CS_AUTHRESET, RO, "authreset" }, /* 58 */
{ CS_K_OFFSET, RO, "koffset" }, /* 59 */
{ CS_K_FREQ, RO, "kfreq" }, /* 60 */
{ CS_K_MAXERR, RO, "kmaxerr" }, /* 61 */
{ CS_K_ESTERR, RO, "kesterr" }, /* 62 */
{ CS_K_STFLAGS, RO, "kstflags" }, /* 63 */
{ CS_K_TIMECONST, RO, "ktimeconst" }, /* 64 */
{ CS_K_PRECISION, RO, "kprecis" }, /* 65 */
{ CS_K_FREQTOL, RO, "kfreqtol" }, /* 66 */
{ CS_K_PPS_FREQ, RO, "kppsfreq" }, /* 67 */
{ CS_K_PPS_STABIL, RO, "kppsstab" }, /* 68 */
{ CS_K_PPS_JITTER, RO, "kppsjitter" }, /* 69 */
{ CS_K_PPS_CALIBDUR, RO, "kppscalibdur" }, /* 70 */
{ CS_K_PPS_CALIBS, RO, "kppscalibs" }, /* 71 */
{ CS_K_PPS_CALIBERRS, RO, "kppscaliberrs" }, /* 72 */
{ CS_K_PPS_JITEXC, RO, "kppsjitexc" }, /* 73 */
{ CS_K_PPS_STBEXC, RO, "kppsstbexc" }, /* 74 */
{ CS_IOSTATS_RESET, RO, "iostats_reset" }, /* 75 */
{ CS_TOTAL_RBUF, RO, "total_rbuf" }, /* 76 */
{ CS_FREE_RBUF, RO, "free_rbuf" }, /* 77 */
{ CS_USED_RBUF, RO, "used_rbuf" }, /* 78 */
{ CS_RBUF_LOWATER, RO, "rbuf_lowater" }, /* 79 */
{ CS_IO_DROPPED, RO, "io_dropped" }, /* 80 */
{ CS_IO_IGNORED, RO, "io_ignored" }, /* 81 */
{ CS_IO_RECEIVED, RO, "io_received" }, /* 82 */
{ CS_IO_SENT, RO, "io_sent" }, /* 83 */
{ CS_IO_SENDFAILED, RO, "io_sendfailed" }, /* 84 */
{ CS_IO_WAKEUPS, RO, "io_wakeups" }, /* 85 */
{ CS_IO_GOODWAKEUPS, RO, "io_goodwakeups" }, /* 86 */
{ CS_TIMERSTATS_RESET, RO, "timerstats_reset" },/* 87 */
{ CS_TIMER_OVERRUNS, RO, "timer_overruns" }, /* 88 */
{ CS_TIMER_XMTS, RO, "timer_xmts" }, /* 89 */
{ CS_FUZZ, RO, "fuzz" }, /* 90 */
{ CS_WANDER_THRESH, RO, "clk_wander_threshold" }, /* 91 */
{ CS_LEAPSMEARINTV, RO, "leapsmearinterval" }, /* 90 */
{ CS_LEAPSMEAROFFS, RO, "leapsmearoffset" }, /* 91 */
{ CS_LEAPSMEARINTV, RO, "leapsmearinterval" }, /* 92 */
{ CS_LEAPSMEAROFFS, RO, "leapsmearoffset" }, /* 93 */
#ifdef AUTOKEY
{ CS_FLAGS, RO, "flags" }, /* 1 + CS_MAX_NOAUTOKEY */
@ -436,7 +440,7 @@ static const struct ctl_var sys_var[] = {
{ CS_IDENT, RO, "ident" }, /* 7 + CS_MAX_NOAUTOKEY */
{ CS_DIGEST, RO, "digest" }, /* 8 + CS_MAX_NOAUTOKEY */
#endif /* AUTOKEY */
{ 0, EOV, "" } /* 87/95 */
{ 0, EOV, "" } /* 94/102 */
};
static struct ctl_var *ext_sys_var = NULL;
@ -1264,7 +1268,7 @@ process_control(
rbufp->recv_length, properlen, res_keyid,
maclen));
if (!authistrusted(res_keyid))
if (!authistrustedip(res_keyid, &rbufp->recv_srcadr))
DPRINTF(3, ("invalid keyid %08x\n", res_keyid));
else if (authdecrypt(res_keyid, (u_int32 *)pkt,
rbufp->recv_length - maclen,
@ -1472,6 +1476,89 @@ ctl_flushpkt(
}
/* --------------------------------------------------------------------
* block transfer API -- stream string/data fragments into xmit buffer
* without additional copying
*/
/* buffer descriptor: address & size of fragment
* 'buf' may only be NULL when 'len' is zero!
*/
typedef struct {
const void *buf;
size_t len;
} CtlMemBufT;
/* put ctl data in a gather-style operation */
static void
ctl_putdata_ex(
const CtlMemBufT * argv,
size_t argc,
int/*BOOL*/ bin /* set to 1 when data is binary */
)
{
const char * src_ptr;
size_t src_len, cur_len, add_len, argi;
/* text / binary preprocessing, possibly create new linefeed */
if (bin) {
add_len = 0;
} else {
datanotbinflag = TRUE;
add_len = 3;
if (datasent) {
*datapt++ = ',';
datalinelen++;
/* sum up total length */
for (argi = 0, src_len = 0; argi < argc; ++argi)
src_len += argv[argi].len;
/* possibly start a new line, assume no size_t overflow */
if ((src_len + datalinelen + 1) >= MAXDATALINELEN) {
*datapt++ = '\r';
*datapt++ = '\n';
datalinelen = 0;
} else {
*datapt++ = ' ';
datalinelen++;
}
}
}
/* now stream out all buffers */
for (argi = 0; argi < argc; ++argi) {
src_ptr = argv[argi].buf;
src_len = argv[argi].len;
if ( ! (src_ptr && src_len))
continue;
cur_len = (size_t)(dataend - datapt);
while ((src_len + add_len) > cur_len) {
/* Not enough room in this one, flush it out. */
if (src_len < cur_len)
cur_len = src_len;
memcpy(datapt, src_ptr, cur_len);
datapt += cur_len;
datalinelen += cur_len;
src_ptr += cur_len;
src_len -= cur_len;
ctl_flushpkt(CTL_MORE);
cur_len = (size_t)(dataend - datapt);
}
memcpy(datapt, src_ptr, src_len);
datapt += src_len;
datalinelen += src_len;
datasent = TRUE;
}
}
/*
* ctl_putdata - write data into the packet, fragmenting and starting
* another if this one is full.
@ -1483,53 +1570,13 @@ ctl_putdata(
int bin /* set to 1 when data is binary */
)
{
int overhead;
unsigned int currentlen;
overhead = 0;
if (!bin) {
datanotbinflag = TRUE;
overhead = 3;
if (datasent) {
*datapt++ = ',';
datalinelen++;
if ((dlen + datalinelen + 1) >= MAXDATALINELEN) {
*datapt++ = '\r';
*datapt++ = '\n';
datalinelen = 0;
} else {
*datapt++ = ' ';
datalinelen++;
}
}
}
/*
* Save room for trailing junk
*/
while (dlen + overhead + datapt > dataend) {
/*
* Not enough room in this one, flush it out.
*/
currentlen = MIN(dlen, (unsigned int)(dataend - datapt));
memcpy(datapt, dp, currentlen);
datapt += currentlen;
dp += currentlen;
dlen -= currentlen;
datalinelen += currentlen;
ctl_flushpkt(CTL_MORE);
}
memcpy(datapt, dp, dlen);
datapt += dlen;
datalinelen += dlen;
datasent = TRUE;
CtlMemBufT args[1];
args[0].buf = dp;
args[0].len = dlen;
ctl_putdata_ex(args, 1, bin);
}
/*
* ctl_putstr - write a tagged string into the response packet
* in the form:
@ -1546,16 +1593,21 @@ ctl_putstr(
size_t len
)
{
char buffer[512];
int rc;
INSIST(len < sizeof(buffer));
if (len)
rc = snprintf(buffer, sizeof(buffer), "%s=\"%.*s\"", tag, (int)len, data);
else
rc = snprintf(buffer, sizeof(buffer), "%s", tag);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
CtlMemBufT args[4];
args[0].buf = tag;
args[0].len = strlen(tag);
if (data && len) {
args[1].buf = "=\"";
args[1].len = 2;
args[2].buf = data;
args[2].len = len;
args[3].buf = "\"";
args[3].len = 1;
ctl_putdata_ex(args, 4, FALSE);
} else {
ctl_putdata_ex(args, 1, FALSE);
}
}
@ -1575,16 +1627,19 @@ ctl_putunqstr(
size_t len
)
{
char buffer[512];
int rc;
INSIST(len < sizeof(buffer));
if (len)
rc = snprintf(buffer, sizeof(buffer), "%s=%.*s", tag, (int)len, data);
else
rc = snprintf(buffer, sizeof(buffer), "%s", tag);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
CtlMemBufT args[3];
args[0].buf = tag;
args[0].len = strlen(tag);
if (data && len) {
args[1].buf = "=";
args[1].len = 1;
args[2].buf = data;
args[2].len = len;
ctl_putdata_ex(args, 3, FALSE);
} else {
ctl_putdata_ex(args, 1, FALSE);
}
}
@ -1599,14 +1654,14 @@ ctl_putdblf(
double d
)
{
char buffer[200];
char buffer[40];
int rc;
rc = snprintf(buffer, sizeof(buffer),
(use_f ? "%s=%.*f" : "%s=%.*g"),
tag, precision, d);
(use_f ? "%.*f" : "%.*g"),
precision, d);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
/*
@ -1618,12 +1673,12 @@ ctl_putuint(
u_long uval
)
{
char buffer[200];
char buffer[24]; /* needs to fit for 64 bits! */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%s=%lu", tag, uval);
rc = snprintf(buffer, sizeof(buffer), "%lu", uval);
INSIST(rc >= 0 && rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
/*
@ -1637,17 +1692,16 @@ ctl_putcal(
const struct calendar *pcal
)
{
char buffer[100];
char buffer[16];
int rc;
rc = snprintf(buffer, sizeof(buffer),
"%s=%04d%02d%02d%02d%02d",
tag,
"%04d%02d%02d%02d%02d",
pcal->year, pcal->month, pcal->monthday,
pcal->hour, pcal->minute
);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
#endif
@ -1660,23 +1714,21 @@ ctl_putfs(
tstamp_t uval
)
{
char buffer[200];
struct tm *tm = NULL;
time_t fstamp;
int rc;
char buffer[16];
int rc;
fstamp = (time_t)uval - JAN_1970;
tm = gmtime(&fstamp);
time_t fstamp = (time_t)uval - JAN_1970;
struct tm *tm = gmtime(&fstamp);
if (NULL == tm)
return;
rc = snprintf(buffer, sizeof(buffer),
"%s=%04d%02d%02d%02d%02d",
tag,
"%04d%02d%02d%02d%02d",
tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
tm->tm_hour, tm->tm_min);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1690,12 +1742,12 @@ ctl_puthex(
u_long uval
)
{
char buffer[200];
char buffer[24]; /* must fit 64bit int! */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%s=0x%lx", tag, uval);
rc = snprintf(buffer, sizeof(buffer), "0x%lx", uval);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1708,12 +1760,12 @@ ctl_putint(
long ival
)
{
char buffer[200];
char buffer[24]; /*must fit 64bit int */
int rc;
rc = snprintf(buffer, sizeof(buffer), "%s=%ld", tag, ival);
rc = snprintf(buffer, sizeof(buffer), "%ld", ival);
INSIST(rc >= 0 && rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1726,14 +1778,14 @@ ctl_putts(
l_fp *ts
)
{
char buffer[200];
char buffer[24];
int rc;
rc = snprintf(buffer, sizeof(buffer),
"%s=0x%08lx.%08lx",
tag, (u_long)ts->l_ui, (u_long)ts->l_uf);
"0x%08lx.%08lx",
(u_long)ts->l_ui, (u_long)ts->l_uf);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, buffer, rc);
}
@ -1748,16 +1800,12 @@ ctl_putadr(
)
{
const char *cq;
char buffer[200];
int rc;
if (NULL == addr)
cq = numtoa(addr32);
else
cq = stoa(addr);
rc = snprintf(buffer, sizeof(buffer), "%s=%s", tag, cq);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, 0);
ctl_putunqstr(tag, cq, strlen(cq));
}
@ -1770,8 +1818,7 @@ ctl_putrefid(
u_int32 refid
)
{
char buffer[128];
int rc, i;
size_t nc;
union {
uint32_t w;
@ -1779,13 +1826,10 @@ ctl_putrefid(
} bytes;
bytes.w = refid;
for (i = 0; i < sizeof(bytes.b); ++i)
if (bytes.b[i] && !isprint(bytes.b[i]))
bytes.b[i] = '.';
rc = snprintf(buffer, sizeof(buffer), "%s=%.*s",
tag, (int)sizeof(bytes.b), bytes.b);
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
ctl_putdata(buffer, (u_int)rc, FALSE);
for (nc = 0; nc < sizeof(bytes.b) && bytes.b[nc]; ++nc)
if (!isprint(bytes.b[nc]))
bytes.b[nc] = '.';
ctl_putunqstr(tag, (const char*)bytes.b, nc);
}
@ -1805,21 +1849,16 @@ ctl_putarray(
cp = buffer;
ep = buffer + sizeof(buffer);
rc = snprintf(cp, (size_t)(ep - cp), "%s=", tag);
INSIST(rc >= 0 && rc < (ep - cp));
cp += rc;
i = start;
i = start;
do {
if (i == 0)
i = NTP_SHIFT;
i--;
rc = snprintf(cp, (size_t)(ep - cp), " %.2f", arr[i] * 1e3);
INSIST(rc >= 0 && rc < (ep - cp));
INSIST(rc >= 0 && (size_t)rc < (size_t)(ep - cp));
cp += rc;
} while (i != start);
ctl_putdata(buffer, (u_int)(cp - buffer), 0);
ctl_putunqstr(tag, buffer, (size_t)(cp - buffer));
}
/*
@ -2183,6 +2222,14 @@ ctl_putsys(
ctl_putuint(sys_var[varid].text, sys_limitrejected);
break;
case CS_SS_LAMPORT:
ctl_putuint(sys_var[varid].text, sys_lamport);
break;
case CS_SS_TSROUNDING:
ctl_putuint(sys_var[varid].text, sys_tsrounding);
break;
case CS_SS_KODSENT:
ctl_putuint(sys_var[varid].text, sys_kodsent);
break;
@ -3095,7 +3142,9 @@ ctl_getitem(
const char *sp1 = reqpt;
const char *sp2 = v->text;
while ((sp1 != tp) && (*sp1 == *sp2)) {
/* [Bug 3412] do not compare past NUL byte in name */
while ( (sp1 != tp)
&& ('\0' != *sp2) && (*sp1 == *sp2)) {
++sp1;
++sp2;
}
@ -3594,7 +3643,13 @@ static u_int32 derive_nonce(
}
ctx = EVP_MD_CTX_new();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
# else
EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
# endif
EVP_DigestUpdate(ctx, salt, sizeof(salt));
EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i));
EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f));
@ -4373,6 +4428,7 @@ send_restrict_entry(
while (sent[which])
which = (which + 1) % COUNTOF(sent);
/* XXX: Numbers? Really? */
switch (which) {
case 0:
@ -4395,7 +4451,7 @@ send_restrict_entry(
case 3:
snprintf(tag, sizeof(tag), flags_fmt, idx);
match_str = res_match_flags(pres->mflags);
access_str = res_access_flags(pres->flags);
access_str = res_access_flags(pres->rflags);
if ('\0' == match_str[0]) {
pch = access_str;
} else {

12
ntpd/ntp_crypto.c
View File

@ -268,7 +268,13 @@ session_key(
break;
}
ctx = EVP_MD_CTX_new();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_get_digestbynid(crypto_nid), NULL);
# else
EVP_DigestInit(ctx, EVP_get_digestbynid(crypto_nid));
# endif
EVP_DigestUpdate(ctx, (u_char *)header, hdlen);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);
@ -2087,7 +2093,13 @@ bighash(
ptr = emalloc(len);
BN_bn2bin(bn, ptr);
ctx = EVP_MD_CTX_new();
# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
/* [Bug 3457] set flags and don't kill them again */
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
# else
EVP_DigestInit(ctx, EVP_md5());
# endif
EVP_DigestUpdate(ctx, ptr, len);
EVP_DigestFinal(ctx, dgst, &len);
EVP_MD_CTX_free(ctx);

70
ntpd/ntp_io.c
View File

@ -1043,7 +1043,7 @@ remove_interface(
/* remove restrict interface entry */
SET_HOSTMASK(&resmask, AF(&ep->sin));
hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask,
RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
-3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
}
@ -1600,7 +1600,7 @@ set_wildcard_reuse(
if (fd != INVALID_SOCKET) {
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
(char *)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"set_wildcard_reuse: setsockopt(SO_REUSEADDR, %s) failed: %m",
on ? "on" : "off");
@ -2093,7 +2093,7 @@ create_interface(
*/
SET_HOSTMASK(&resmask, AF(&iface->sin));
hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask,
RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
-4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0);
/*
* set globals with the first found
@ -2156,7 +2156,7 @@ set_excladdruse(
#endif
failed = setsockopt(fd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE,
(char *)&one, sizeof(one));
(void *)&one, sizeof(one));
if (!failed)
return;
@ -2210,7 +2210,7 @@ set_reuseaddr(
if (ep->fd != INVALID_SOCKET) {
if (setsockopt(ep->fd, SOL_SOCKET, SO_REUSEADDR,
(char *)&flag, sizeof(flag))) {
(void *)&flag, sizeof(flag))) {
msyslog(LOG_ERR, "set_reuseaddr: setsockopt(%s, SO_REUSEADDR, %s) failed: %m",
stoa(&ep->sin), flag ? "on" : "off");
}
@ -2253,7 +2253,7 @@ socket_broadcast_enable(
if (IS_IPV4(baddr)) {
/* if this interface can support broadcast, set SO_BROADCAST */
if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST,
(char *)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt(SO_BROADCAST) enable failure on address %s: %m",
stoa(baddr));
@ -2284,7 +2284,7 @@ socket_broadcast_disable(
int off = 0; /* This seems to be OK as an int */
if (IS_IPV4(baddr) && setsockopt(iface->fd, SOL_SOCKET,
SO_BROADCAST, (char *)&off, sizeof(off)))
SO_BROADCAST, (void *)&off, sizeof(off)))
msyslog(LOG_ERR,
"setsockopt(SO_BROADCAST) disable failure on address %s: %m",
stoa(baddr));
@ -2365,7 +2365,7 @@ enable_multicast_if(
*/
if (setsockopt(iface->fd, IPPROTO_IP,
IP_MULTICAST_LOOP,
SETSOCKOPT_ARG_CAST &off,
(void *)&off,
sizeof(off))) {
msyslog(LOG_ERR,
@ -2384,7 +2384,7 @@ enable_multicast_if(
*/
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_MULTICAST_LOOP,
(char *) &off6, sizeof(off6))) {
(void *) &off6, sizeof(off6))) {
msyslog(LOG_ERR,
"setsockopt IPV6_MULTICAST_LOOP failed: %m on socket %d, addr %s for multicast address %s",
@ -2426,7 +2426,7 @@ socket_multicast_enable(
if (setsockopt(iface->fd,
IPPROTO_IP,
IP_ADD_MEMBERSHIP,
(char *)&mreq,
(void *)&mreq,
sizeof(mreq))) {
DPRINTF(2, (
"setsockopt IP_ADD_MEMBERSHIP failed: %m on socket %d, addr %s for %x / %x (%s)",
@ -2456,7 +2456,7 @@ socket_multicast_enable(
mreq6.ipv6mr_interface = iface->ifindex;
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_JOIN_GROUP, (char *)&mreq6,
IPV6_JOIN_GROUP, (void *)&mreq6,
sizeof(mreq6))) {
DPRINTF(2, (
"setsockopt IPV6_JOIN_GROUP failed: %m on socket %d, addr %s for interface %u (%s)",
@ -2510,7 +2510,7 @@ socket_multicast_disable(
mreq.imr_multiaddr = SOCK_ADDR4(maddr);
mreq.imr_interface = SOCK_ADDR4(&iface->sin);
if (setsockopt(iface->fd, IPPROTO_IP,
IP_DROP_MEMBERSHIP, (char *)&mreq,
IP_DROP_MEMBERSHIP, (void *)&mreq,
sizeof(mreq))) {
msyslog(LOG_ERR,
@ -2534,7 +2534,7 @@ socket_multicast_disable(
mreq6.ipv6mr_interface = iface->ifindex;
if (setsockopt(iface->fd, IPPROTO_IPV6,
IPV6_LEAVE_GROUP, (char *)&mreq6,
IPV6_LEAVE_GROUP, (void *)&mreq6,
sizeof(mreq6))) {
msyslog(LOG_ERR,
@ -2730,6 +2730,7 @@ io_multicast_add(
if (ep->fd != INVALID_SOCKET) {
ep->ignore_packets = ISC_FALSE;
ep->flags |= INT_MCASTIF;
ep->ifindex = SCOPE(addr);
strlcpy(ep->name, "multicast", sizeof(ep->name));
DPRINT_INTERFACE(2, (ep, "multicast add ", "\n"));
@ -2895,7 +2896,7 @@ open_socket(
if (isc_win32os_versioncheck(5, 1, 0, 0) < 0) /* before 5.1 */
#endif
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
(char *)((turn_off_reuse)
(void *)((turn_off_reuse)
? &off
: &on),
sizeof(on))) {
@ -2923,7 +2924,7 @@ open_socket(
*/
if (IS_IPV4(addr)) {
#if defined(IPPROTO_IP) && defined(IP_TOS)
if (setsockopt(fd, IPPROTO_IP, IP_TOS, (char*)&qos,
if (setsockopt(fd, IPPROTO_IP, IP_TOS, (void *)&qos,
sizeof(qos)))
msyslog(LOG_ERR,
"setsockopt IP_TOS (%02x) fails on address %s: %m",
@ -2938,7 +2939,7 @@ open_socket(
*/
if (IS_IPV6(addr)) {
#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (char*)&qos,
if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, (void *)&qos,
sizeof(qos)))
msyslog(LOG_ERR,
"setsockopt IPV6_TCLASS (%02x) fails on address %s: %m",
@ -2947,14 +2948,14 @@ open_socket(
#ifdef IPV6_V6ONLY
if (isc_net_probe_ipv6only() == ISC_R_SUCCESS
&& setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt IPV6_V6ONLY on fails on address %s: %m",
stoa(addr));
#endif
#ifdef IPV6_BINDV6ONLY
if (setsockopt(fd, IPPROTO_IPV6, IPV6_BINDV6ONLY,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_ERR,
"setsockopt IPV6_BINDV6ONLY on fails on address %s: %m",
stoa(addr));
@ -3006,7 +3007,7 @@ open_socket(
#ifdef HAVE_TIMESTAMP
{
if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_TIMESTAMP on fails on address %s: %m",
stoa(addr));
@ -3018,7 +3019,7 @@ open_socket(
#ifdef HAVE_TIMESTAMPNS
{
if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_TIMESTAMPNS on fails on address %s: %m",
stoa(addr));
@ -3030,7 +3031,7 @@ open_socket(
#ifdef HAVE_BINTIME
{
if (setsockopt(fd, SOL_SOCKET, SO_BINTIME,
(char*)&on, sizeof(on)))
(void *)&on, sizeof(on)))
msyslog(LOG_DEBUG,
"setsockopt SO_BINTIME on fails on address %s: %m",
stoa(addr));
@ -3091,6 +3092,7 @@ sendpkt(
int cc;
int rc;
u_char cttl;
l_fp fp_zero = { 0, 0 };
ismcast = IS_MCAST(dest);
if (!ismcast)
@ -3174,6 +3176,19 @@ sendpkt(
if (ismcast)
src = src->mclink;
} while (ismcast && src != NULL);
/* HMS: pkt->rootdisp is usually random here */
record_raw_stats(src ? &src->sin : NULL, dest,
&pkt->org, &pkt->rec, &pkt->xmt, &fp_zero,
PKT_MODE(pkt->li_vn_mode),
PKT_VERSION(pkt->li_vn_mode),
PKT_LEAP(pkt->li_vn_mode),
pkt->stratum,
pkt->ppoll, pkt->precision,
pkt->rootdelay, pkt->rootdisp, pkt->refid,
len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
return;
}
@ -3960,6 +3975,17 @@ findlocalinterface(
DPRINTF(4, ("Finding interface for addr %s in list of addresses\n",
stoa(addr)));
/* [Bug 3437] The dummy POOL peer comes in with an AF of
* zero. This is bound to fail, but on the way to nowhere it
* triggers a security incident on SELinux.
*
* Checking the condition and failing early is probably a good
* advice, and even saves us some syscalls in that case.
* Thanks to Miroslav Lichvar for finding this.
*/
if (AF_UNSPEC == AF(addr))
return NULL;
s = socket(AF(addr), SOCK_DGRAM, 0);
if (INVALID_SOCKET == s)
return NULL;
@ -3972,7 +3998,7 @@ findlocalinterface(
on = 1;
if (SOCKET_ERROR == setsockopt(s, SOL_SOCKET,
SO_BROADCAST,
(char *)&on,
(void *)&on,
sizeof(on))) {
closesocket(s);
return NULL;

2177
ntpd/ntp_keyword.h
View File

File diff suppressed because it is too large Load Diff

22
ntpd/ntp_leapsec.c
View File

@ -743,14 +743,24 @@ add_range(
const leap_info_t * pi)
{
/* If the table is full, make room by throwing out the oldest
* entry. But remember the accumulated leap seconds! Likewise,
* assume a positive leap insertion if this is the first entry
* in the table. This is not necessarily the best of all ideas,
* but it helps a great deal if a system does not have a leap
* table and gets updated from an upstream server.
* entry. But remember the accumulated leap seconds!
*
* Setting the first entry is a bit tricky, too: Simply assuming
* it is an insertion is wrong if the first entry is a dynamic
* leap second removal. So we decide on the sign -- if the first
* entry has a negative offset, we assume that it is a leap
* second removal. In both cases the table base offset is set
* accordingly to reflect the decision.
*
* In practice starting with a removal can only happen if the
* first entry is a dynamic request without having a leap file
* for the history proper.
*/
if (pt->head.size == 0) {
pt->head.base_tai = pi->taiof - 1;
if (pi->taiof >= 0)
pt->head.base_tai = pi->taiof - 1;
else
pt->head.base_tai = pi->taiof + 1;
} else if (pt->head.size >= MAX_HIST) {
pt->head.size = MAX_HIST - 1;
pt->head.base_tai = pt->info[pt->head.size].taiof;

2810
ntpd/ntp_parser.c
View File

File diff suppressed because it is too large Load Diff

766
ntpd/ntp_parser.h
View File

@ -30,8 +30,8 @@
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
#ifndef YY_YY_Y_TAB_H_INCLUDED
# define YY_YY_Y_TAB_H_INCLUDED
#ifndef YY_YY_NTP_PARSER_H_INCLUDED
# define YY_YY_NTP_PARSER_H_INCLUDED
/* Debug traces. */
#ifndef YYDEBUG
# define YYDEBUG 1
@ -54,193 +54,197 @@ extern int yydebug;
T_Autokey = 264,
T_Automax = 265,
T_Average = 266,
T_Bclient = 267,
T_Bcpollbstep = 268,
T_Beacon = 269,
T_Broadcast = 270,
T_Broadcastclient = 271,
T_Broadcastdelay = 272,
T_Burst = 273,
T_Calibrate = 274,
T_Ceiling = 275,
T_Clockstats = 276,
T_Cohort = 277,
T_ControlKey = 278,
T_Crypto = 279,
T_Cryptostats = 280,
T_Ctl = 281,
T_Day = 282,
T_Default = 283,
T_Digest = 284,
T_Disable = 285,
T_Discard = 286,
T_Dispersion = 287,
T_Double = 288,
T_Driftfile = 289,
T_Drop = 290,
T_Dscp = 291,
T_Ellipsis = 292,
T_Enable = 293,
T_End = 294,
T_False = 295,
T_File = 296,
T_Filegen = 297,
T_Filenum = 298,
T_Flag1 = 299,
T_Flag2 = 300,
T_Flag3 = 301,
T_Flag4 = 302,
T_Flake = 303,
T_Floor = 304,
T_Freq = 305,
T_Fudge = 306,
T_Host = 307,
T_Huffpuff = 308,
T_Iburst = 309,
T_Ident = 310,
T_Ignore = 311,
T_Incalloc = 312,
T_Incmem = 313,
T_Initalloc = 314,
T_Initmem = 315,
T_Includefile = 316,
T_Integer = 317,
T_Interface = 318,
T_Intrange = 319,
T_Io = 320,
T_Ipv4 = 321,
T_Ipv4_flag = 322,
T_Ipv6 = 323,
T_Ipv6_flag = 324,
T_Kernel = 325,
T_Key = 326,
T_Keys = 327,
T_Keysdir = 328,
T_Kod = 329,
T_Mssntp = 330,
T_Leapfile = 331,
T_Leapsmearinterval = 332,
T_Limited = 333,
T_Link = 334,
T_Listen = 335,
T_Logconfig = 336,
T_Logfile = 337,
T_Loopstats = 338,
T_Lowpriotrap = 339,
T_Manycastclient = 340,
T_Manycastserver = 341,
T_Mask = 342,
T_Maxage = 343,
T_Maxclock = 344,
T_Maxdepth = 345,
T_Maxdist = 346,
T_Maxmem = 347,
T_Maxpoll = 348,
T_Mdnstries = 349,
T_Mem = 350,
T_Memlock = 351,
T_Minclock = 352,
T_Mindepth = 353,
T_Mindist = 354,
T_Minimum = 355,
T_Minpoll = 356,
T_Minsane = 357,
T_Mode = 358,
T_Mode7 = 359,
T_Monitor = 360,
T_Month = 361,
T_Mru = 362,
T_Multicastclient = 363,
T_Nic = 364,
T_Nolink = 365,
T_Nomodify = 366,
T_Nomrulist = 367,
T_None = 368,
T_Nonvolatile = 369,
T_Nopeer = 370,
T_Noquery = 371,
T_Noselect = 372,
T_Noserve = 373,
T_Notrap = 374,
T_Notrust = 375,
T_Ntp = 376,
T_Ntpport = 377,
T_NtpSignDsocket = 378,
T_Orphan = 379,
T_Orphanwait = 380,
T_PCEdigest = 381,
T_Panic = 382,
T_Peer = 383,
T_Peerstats = 384,
T_Phone = 385,
T_Pid = 386,
T_Pidfile = 387,
T_Pool = 388,
T_Port = 389,
T_Preempt = 390,
T_Prefer = 391,
T_Protostats = 392,
T_Pw = 393,
T_Randfile = 394,
T_Rawstats = 395,
T_Refid = 396,
T_Requestkey = 397,
T_Reset = 398,
T_Restrict = 399,
T_Revoke = 400,
T_Rlimit = 401,
T_Saveconfigdir = 402,
T_Server = 403,
T_Setvar = 404,
T_Source = 405,
T_Stacksize = 406,
T_Statistics = 407,
T_Stats = 408,
T_Statsdir = 409,
T_Step = 410,
T_Stepback = 411,
T_Stepfwd = 412,
T_Stepout = 413,
T_Stratum = 414,
T_String = 415,
T_Sys = 416,
T_Sysstats = 417,
T_Tick = 418,
T_Time1 = 419,
T_Time2 = 420,
T_Timer = 421,
T_Timingstats = 422,
T_Tinker = 423,
T_Tos = 424,
T_Trap = 425,
T_True = 426,
T_Trustedkey = 427,
T_Ttl = 428,
T_Type = 429,
T_U_int = 430,
T_UEcrypto = 431,
T_UEcryptonak = 432,
T_UEdigest = 433,
T_Unconfig = 434,
T_Unpeer = 435,
T_Version = 436,
T_WanderThreshold = 437,
T_Week = 438,
T_Wildcard = 439,
T_Xleave = 440,
T_Year = 441,
T_Flag = 442,
T_EOC = 443,
T_Simulate = 444,
T_Beep_Delay = 445,
T_Sim_Duration = 446,
T_Server_Offset = 447,
T_Duration = 448,
T_Freq_Offset = 449,
T_Wander = 450,
T_Jitter = 451,
T_Prop_Delay = 452,
T_Proc_Delay = 453
T_Basedate = 267,
T_Bclient = 268,
T_Bcpollbstep = 269,
T_Beacon = 270,
T_Broadcast = 271,
T_Broadcastclient = 272,
T_Broadcastdelay = 273,
T_Burst = 274,
T_Calibrate = 275,
T_Ceiling = 276,
T_Clockstats = 277,
T_Cohort = 278,
T_ControlKey = 279,
T_Crypto = 280,
T_Cryptostats = 281,
T_Ctl = 282,
T_Day = 283,
T_Default = 284,
T_Digest = 285,
T_Disable = 286,
T_Discard = 287,
T_Dispersion = 288,
T_Double = 289,
T_Driftfile = 290,
T_Drop = 291,
T_Dscp = 292,
T_Ellipsis = 293,
T_Enable = 294,
T_End = 295,
T_Epeer = 296,
T_False = 297,
T_File = 298,
T_Filegen = 299,
T_Filenum = 300,
T_Flag1 = 301,
T_Flag2 = 302,
T_Flag3 = 303,
T_Flag4 = 304,
T_Flake = 305,
T_Floor = 306,
T_Freq = 307,
T_Fudge = 308,
T_Host = 309,
T_Huffpuff = 310,
T_Iburst = 311,
T_Ident = 312,
T_Ignore = 313,
T_Incalloc = 314,
T_Incmem = 315,
T_Initalloc = 316,
T_Initmem = 317,
T_Includefile = 318,
T_Integer = 319,
T_Interface = 320,
T_Intrange = 321,
T_Io = 322,
T_Ippeerlimit = 323,
T_Ipv4 = 324,
T_Ipv4_flag = 325,
T_Ipv6 = 326,
T_Ipv6_flag = 327,
T_Kernel = 328,
T_Key = 329,
T_Keys = 330,
T_Keysdir = 331,
T_Kod = 332,
T_Mssntp = 333,
T_Leapfile = 334,
T_Leapsmearinterval = 335,
T_Limited = 336,
T_Link = 337,
T_Listen = 338,
T_Logconfig = 339,
T_Logfile = 340,
T_Loopstats = 341,
T_Lowpriotrap = 342,
T_Manycastclient = 343,
T_Manycastserver = 344,
T_Mask = 345,
T_Maxage = 346,
T_Maxclock = 347,
T_Maxdepth = 348,
T_Maxdist = 349,
T_Maxmem = 350,
T_Maxpoll = 351,
T_Mdnstries = 352,
T_Mem = 353,
T_Memlock = 354,
T_Minclock = 355,
T_Mindepth = 356,
T_Mindist = 357,
T_Minimum = 358,
T_Minpoll = 359,
T_Minsane = 360,
T_Mode = 361,
T_Mode7 = 362,
T_Monitor = 363,
T_Month = 364,
T_Mru = 365,
T_Multicastclient = 366,
T_Nic = 367,
T_Nolink = 368,
T_Nomodify = 369,
T_Nomrulist = 370,
T_None = 371,
T_Nonvolatile = 372,
T_Noepeer = 373,
T_Nopeer = 374,
T_Noquery = 375,
T_Noselect = 376,
T_Noserve = 377,
T_Notrap = 378,
T_Notrust = 379,
T_Ntp = 380,
T_Ntpport = 381,
T_NtpSignDsocket = 382,
T_Orphan = 383,
T_Orphanwait = 384,
T_PCEdigest = 385,
T_Panic = 386,
T_Peer = 387,
T_Peerstats = 388,
T_Phone = 389,
T_Pid = 390,
T_Pidfile = 391,
T_Pool = 392,
T_Port = 393,
T_Preempt = 394,
T_Prefer = 395,
T_Protostats = 396,
T_Pw = 397,
T_Randfile = 398,
T_Rawstats = 399,
T_Refid = 400,
T_Requestkey = 401,
T_Reset = 402,
T_Restrict = 403,
T_Revoke = 404,
T_Rlimit = 405,
T_Saveconfigdir = 406,
T_Server = 407,
T_Setvar = 408,
T_Source = 409,
T_Stacksize = 410,
T_Statistics = 411,
T_Stats = 412,
T_Statsdir = 413,
T_Step = 414,
T_Stepback = 415,
T_Stepfwd = 416,
T_Stepout = 417,
T_Stratum = 418,
T_String = 419,
T_Sys = 420,
T_Sysstats = 421,
T_Tick = 422,
T_Time1 = 423,
T_Time2 = 424,
T_Timer = 425,
T_Timingstats = 426,
T_Tinker = 427,
T_Tos = 428,
T_Trap = 429,
T_True = 430,
T_Trustedkey = 431,
T_Ttl = 432,
T_Type = 433,
T_U_int = 434,
T_UEcrypto = 435,
T_UEcryptonak = 436,
T_UEdigest = 437,
T_Unconfig = 438,
T_Unpeer = 439,
T_Version = 440,
T_WanderThreshold = 441,
T_Week = 442,
T_Wildcard = 443,
T_Xleave = 444,
T_Year = 445,
T_Flag = 446,
T_EOC = 447,
T_Simulate = 448,
T_Beep_Delay = 449,
T_Sim_Duration = 450,
T_Server_Offset = 451,
T_Duration = 452,
T_Freq_Offset = 453,
T_Wander = 454,
T_Jitter = 455,
T_Prop_Delay = 456,
T_Proc_Delay = 457
};
#endif
/* Tokens. */
@ -253,200 +257,204 @@ extern int yydebug;
#define T_Autokey 264
#define T_Automax 265
#define T_Average 266
#define T_Bclient 267
#define T_Bcpollbstep 268
#define T_Beacon 269
#define T_Broadcast 270
#define T_Broadcastclient 271
#define T_Broadcastdelay 272
#define T_Burst 273
#define T_Calibrate 274
#define T_Ceiling 275
#define T_Clockstats 276
#define T_Cohort 277
#define T_ControlKey 278
#define T_Crypto 279
#define T_Cryptostats 280
#define T_Ctl 281
#define T_Day 282
#define T_Default 283
#define T_Digest 284
#define T_Disable 285
#define T_Discard 286
#define T_Dispersion 287
#define T_Double 288
#define T_Driftfile 289
#define T_Drop 290
#define T_Dscp 291
#define T_Ellipsis 292
#define T_Enable 293
#define T_End 294
#define T_False 295
#define T_File 296
#define T_Filegen 297
#define T_Filenum 298
#define T_Flag1 299
#define T_Flag2 300
#define T_Flag3 301
#define T_Flag4 302
#define T_Flake 303
#define T_Floor 304
#define T_Freq 305
#define T_Fudge 306
#define T_Host 307
#define T_Huffpuff 308
#define T_Iburst 309
#define T_Ident 310
#define T_Ignore 311
#define T_Incalloc 312
#define T_Incmem 313
#define T_Initalloc 314
#define T_Initmem 315
#define T_Includefile 316
#define T_Integer 317
#define T_Interface 318
#define T_Intrange 319
#define T_Io 320
#define T_Ipv4 321
#define T_Ipv4_flag 322
#define T_Ipv6 323
#define T_Ipv6_flag 324
#define T_Kernel 325
#define T_Key 326
#define T_Keys 327
#define T_Keysdir 328
#define T_Kod 329
#define T_Mssntp 330
#define T_Leapfile 331
#define T_Leapsmearinterval 332
#define T_Limited 333
#define T_Link 334
#define T_Listen 335
#define T_Logconfig 336
#define T_Logfile 337
#define T_Loopstats 338
#define T_Lowpriotrap 339
#define T_Manycastclient 340
#define T_Manycastserver 341
#define T_Mask 342
#define T_Maxage 343
#define T_Maxclock 344
#define T_Maxdepth 345
#define T_Maxdist 346
#define T_Maxmem 347
#define T_Maxpoll 348
#define T_Mdnstries 349
#define T_Mem 350
#define T_Memlock 351
#define T_Minclock 352
#define T_Mindepth 353
#define T_Mindist 354
#define T_Minimum 355
#define T_Minpoll 356
#define T_Minsane 357
#define T_Mode 358
#define T_Mode7 359
#define T_Monitor 360
#define T_Month 361
#define T_Mru 362
#define T_Multicastclient 363
#define T_Nic 364
#define T_Nolink 365
#define T_Nomodify 366
#define T_Nomrulist 367
#define T_None 368
#define T_Nonvolatile 369
#define T_Nopeer 370
#define T_Noquery 371
#define T_Noselect 372
#define T_Noserve 373
#define T_Notrap 374
#define T_Notrust 375
#define T_Ntp 376
#define T_Ntpport 377
#define T_NtpSignDsocket 378
#define T_Orphan 379
#define T_Orphanwait 380
#define T_PCEdigest 381
#define T_Panic 382
#define T_Peer 383
#define T_Peerstats 384
#define T_Phone 385
#define T_Pid 386
#define T_Pidfile 387
#define T_Pool 388
#define T_Port 389
#define T_Preempt 390
#define T_Prefer 391
#define T_Protostats 392
#define T_Pw 393
#define T_Randfile 394
#define T_Rawstats 395
#define T_Refid 396
#define T_Requestkey 397
#define T_Reset 398
#define T_Restrict 399
#define T_Revoke 400
#define T_Rlimit 401
#define T_Saveconfigdir 402
#define T_Server 403
#define T_Setvar 404
#define T_Source 405
#define T_Stacksize 406
#define T_Statistics 407
#define T_Stats 408
#define T_Statsdir 409
#define T_Step 410
#define T_Stepback 411
#define T_Stepfwd 412
#define T_Stepout 413
#define T_Stratum 414
#define T_String 415
#define T_Sys 416
#define T_Sysstats 417
#define T_Tick 418
#define T_Time1 419
#define T_Time2 420
#define T_Timer 421
#define T_Timingstats 422
#define T_Tinker 423
#define T_Tos 424
#define T_Trap 425
#define T_True 426
#define T_Trustedkey 427
#define T_Ttl 428
#define T_Type 429
#define T_U_int 430
#define T_UEcrypto 431
#define T_UEcryptonak 432
#define T_UEdigest 433
#define T_Unconfig 434
#define T_Unpeer 435
#define T_Version 436
#define T_WanderThreshold 437
#define T_Week 438
#define T_Wildcard 439
#define T_Xleave 440
#define T_Year 441
#define T_Flag 442
#define T_EOC 443
#define T_Simulate 444
#define T_Beep_Delay 445
#define T_Sim_Duration 446
#define T_Server_Offset 447
#define T_Duration 448
#define T_Freq_Offset 449
#define T_Wander 450
#define T_Jitter 451
#define T_Prop_Delay 452
#define T_Proc_Delay 453
#define T_Basedate 267
#define T_Bclient 268
#define T_Bcpollbstep 269
#define T_Beacon 270
#define T_Broadcast 271
#define T_Broadcastclient 272
#define T_Broadcastdelay 273
#define T_Burst 274
#define T_Calibrate 275
#define T_Ceiling 276
#define T_Clockstats 277
#define T_Cohort 278
#define T_ControlKey 279
#define T_Crypto 280
#define T_Cryptostats 281
#define T_Ctl 282
#define T_Day 283
#define T_Default 284
#define T_Digest 285
#define T_Disable 286
#define T_Discard 287
#define T_Dispersion 288
#define T_Double 289
#define T_Driftfile 290
#define T_Drop 291
#define T_Dscp 292
#define T_Ellipsis 293
#define T_Enable 294
#define T_End 295
#define T_Epeer 296
#define T_False 297
#define T_File 298
#define T_Filegen 299
#define T_Filenum 300
#define T_Flag1 301
#define T_Flag2 302
#define T_Flag3 303
#define T_Flag4 304
#define T_Flake 305
#define T_Floor 306
#define T_Freq 307
#define T_Fudge 308
#define T_Host 309
#define T_Huffpuff 310
#define T_Iburst 311
#define T_Ident 312
#define T_Ignore 313
#define T_Incalloc 314
#define T_Incmem 315
#define T_Initalloc 316
#define T_Initmem 317
#define T_Includefile 318
#define T_Integer 319
#define T_Interface 320
#define T_Intrange 321
#define T_Io 322
#define T_Ippeerlimit 323
#define T_Ipv4 324
#define T_Ipv4_flag 325
#define T_Ipv6 326
#define T_Ipv6_flag 327
#define T_Kernel 328
#define T_Key 329
#define T_Keys 330
#define T_Keysdir 331
#define T_Kod 332
#define T_Mssntp 333
#define T_Leapfile 334
#define T_Leapsmearinterval 335
#define T_Limited 336
#define T_Link 337
#define T_Listen 338
#define T_Logconfig 339
#define T_Logfile 340
#define T_Loopstats 341
#define T_Lowpriotrap 342
#define T_Manycastclient 343
#define T_Manycastserver 344
#define T_Mask 345
#define T_Maxage 346
#define T_Maxclock 347
#define T_Maxdepth 348
#define T_Maxdist 349
#define T_Maxmem 350
#define T_Maxpoll 351
#define T_Mdnstries 352
#define T_Mem 353
#define T_Memlock 354
#define T_Minclock 355
#define T_Mindepth 356
#define T_Mindist 357
#define T_Minimum 358
#define T_Minpoll 359
#define T_Minsane 360
#define T_Mode 361
#define T_Mode7 362
#define T_Monitor 363
#define T_Month 364
#define T_Mru 365
#define T_Multicastclient 366
#define T_Nic 367
#define T_Nolink 368
#define T_Nomodify 369
#define T_Nomrulist 370
#define T_None 371
#define T_Nonvolatile 372
#define T_Noepeer 373
#define T_Nopeer 374
#define T_Noquery 375
#define T_Noselect 376
#define T_Noserve 377
#define T_Notrap 378
#define T_Notrust 379
#define T_Ntp 380
#define T_Ntpport 381
#define T_NtpSignDsocket 382
#define T_Orphan 383
#define T_Orphanwait 384
#define T_PCEdigest 385
#define T_Panic 386
#define T_Peer 387
#define T_Peerstats 388
#define T_Phone 389
#define T_Pid 390
#define T_Pidfile 391
#define T_Pool 392
#define T_Port 393
#define T_Preempt 394
#define T_Prefer 395
#define T_Protostats 396
#define T_Pw 397
#define T_Randfile 398
#define T_Rawstats 399
#define T_Refid 400
#define T_Requestkey 401
#define T_Reset 402
#define T_Restrict 403
#define T_Revoke 404
#define T_Rlimit 405
#define T_Saveconfigdir 406
#define T_Server 407
#define T_Setvar 408
#define T_Source 409
#define T_Stacksize 410
#define T_Statistics 411
#define T_Stats 412
#define T_Statsdir 413
#define T_Step 414
#define T_Stepback 415
#define T_Stepfwd 416
#define T_Stepout 417
#define T_Stratum 418
#define T_String 419
#define T_Sys 420
#define T_Sysstats 421
#define T_Tick 422
#define T_Time1 423
#define T_Time2 424
#define T_Timer 425
#define T_Timingstats 426
#define T_Tinker 427
#define T_Tos 428
#define T_Trap 429
#define T_True 430
#define T_Trustedkey 431
#define T_Ttl 432
#define T_Type 433
#define T_U_int 434
#define T_UEcrypto 435
#define T_UEcryptonak 436
#define T_UEdigest 437
#define T_Unconfig 438
#define T_Unpeer 439
#define T_Version 440
#define T_WanderThreshold 441
#define T_Week 442
#define T_Wildcard 443
#define T_Xleave 444
#define T_Year 445
#define T_Flag 446
#define T_EOC 447
#define T_Simulate 448
#define T_Beep_Delay 449
#define T_Sim_Duration 450
#define T_Server_Offset 451
#define T_Duration 452
#define T_Freq_Offset 453
#define T_Wander 454
#define T_Jitter 455
#define T_Prop_Delay 456
#define T_Proc_Delay 457
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE
{
#line 51 "ntp_parser.y" /* yacc.c:1909 */
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */
char * String;
double Double;
@ -465,7 +473,7 @@ union YYSTYPE
script_info * Sim_script;
script_info_fifo * Sim_script_fifo;
#line 469 "ntp_parser.h" /* yacc.c:1909 */
#line 477 "ntp_parser.h" /* yacc.c:1909 */
};
typedef union YYSTYPE YYSTYPE;
@ -478,4 +486,4 @@ extern YYSTYPE yylval;
int yyparse (void);
#endif /* !YY_YY_Y_TAB_H_INCLUDED */
#endif /* !YY_YY_NTP_PARSER_H_INCLUDED */

79
ntpd/ntp_parser.y
View File

@ -77,6 +77,7 @@
%token <Integer> T_Autokey
%token <Integer> T_Automax
%token <Integer> T_Average
%token <Integer> T_Basedate
%token <Integer> T_Bclient
%token <Integer> T_Bcpollbstep
%token <Integer> T_Beacon
@ -105,6 +106,7 @@
%token <Integer> T_Ellipsis /* "..." not "ellipsis" */
%token <Integer> T_Enable
%token <Integer> T_End
%token <Integer> T_Epeer
%token <Integer> T_False
%token <Integer> T_File
%token <Integer> T_Filegen
@ -131,6 +133,7 @@
%token <Integer> T_Interface
%token <Integer> T_Intrange /* not a token */
%token <Integer> T_Io
%token <Integer> T_Ippeerlimit
%token <Integer> T_Ipv4
%token <Integer> T_Ipv4_flag
%token <Integer> T_Ipv6
@ -180,6 +183,7 @@
%token <Integer> T_Nomrulist
%token <Integer> T_None
%token <Integer> T_Nonvolatile
%token <Integer> T_Noepeer
%token <Integer> T_Nopeer
%token <Integer> T_Noquery
%token <Integer> T_Noselect
@ -276,6 +280,7 @@
%type <Address_node> address
%type <Integer> address_fam
%type <Address_fifo> address_list
%type <Integer> basedate
%type <Integer> boolean
%type <Integer> client_type
%type <Integer> counter_set_keyword
@ -302,6 +307,7 @@
%type <Integer> interface_command
%type <Integer> interface_nic
%type <Address_node> ip_address
%type <Integer> res_ippeerlimit
%type <Integer> link_nolink
%type <Attr_val> log_config_command
%type <Attr_val_fifo> log_config_list
@ -570,12 +576,13 @@ authentication_command
{ cfgt.auth.revoke = $2; }
| T_Trustedkey integer_list_range
{
cfgt.auth.trusted_key_list = $2;
// if (!cfgt.auth.trusted_key_list)
// cfgt.auth.trusted_key_list = $2;
// else
// LINK_SLIST(cfgt.auth.trusted_key_list, $2, link);
/* [Bug 948] leaves it open if appending or
* replacing the trusted key list is the right
* way. In any case, either alternative should
* be coded correctly!
*/
DESTROY_G_FIFO(cfgt.auth.trusted_key_list, destroy_attr_val); /* remove for append */
CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, $2);
}
| T_NtpSignDsocket T_String
{ cfgt.auth.ntp_signd_socket = $2; }
@ -643,6 +650,8 @@ tos_option
{ $$ = create_attr_dval($1, $2); }
| T_Cohort boolean
{ $$ = create_attr_dval($1, (double)$2); }
| basedate
{ $$ = create_attr_ival(T_Basedate, $1); }
;
tos_option_int_keyword
@ -795,31 +804,31 @@ access_control_command
{
CONCAT_G_FIFOS(cfgt.mru_opts, $2);
}
| T_Restrict address ac_flag_list
| T_Restrict address res_ippeerlimit ac_flag_list
{
restrict_node *rn;
rn = create_restrict_node($2, NULL, $3,
rn = create_restrict_node($2, NULL, $3, $4,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict address T_Mask ip_address ac_flag_list
| T_Restrict address T_Mask ip_address res_ippeerlimit ac_flag_list
{
restrict_node *rn;
rn = create_restrict_node($2, $4, $5,
rn = create_restrict_node($2, $4, $5, $6,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Default ac_flag_list
| T_Restrict T_Default res_ippeerlimit ac_flag_list
{
restrict_node *rn;
rn = create_restrict_node(NULL, NULL, $3,
rn = create_restrict_node(NULL, NULL, $3, $4,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Ipv4_flag T_Default ac_flag_list
| T_Restrict T_Ipv4_flag T_Default res_ippeerlimit ac_flag_list
{
restrict_node *rn;
@ -830,11 +839,11 @@ access_control_command
create_address_node(
estrdup("0.0.0.0"),
AF_INET),
$4,
$4, $5,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Ipv6_flag T_Default ac_flag_list
| T_Restrict T_Ipv6_flag T_Default res_ippeerlimit ac_flag_list
{
restrict_node *rn;
@ -845,21 +854,42 @@ access_control_command
create_address_node(
estrdup("::"),
AF_INET6),
$4,
$4, $5,
lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
| T_Restrict T_Source ac_flag_list
| T_Restrict T_Source res_ippeerlimit ac_flag_list
{
restrict_node * rn;
APPEND_G_FIFO($3, create_int_node($2));
APPEND_G_FIFO($4, create_int_node($2));
rn = create_restrict_node(
NULL, NULL, $3, lex_current()->curpos.nline);
NULL, NULL, $3, $4, lex_current()->curpos.nline);
APPEND_G_FIFO(cfgt.restrict_opts, rn);
}
;
res_ippeerlimit
: /* empty ippeerlimit defaults to -1 (unlimited) */
{ $$ = -1; }
| T_Ippeerlimit T_Integer
{
if (($2 < -1) || ($2 > 100)) {
struct FILE_INFO * ip_ctx;
ip_ctx = lex_current();
msyslog(LOG_ERR,
"Unreasonable ippeerlimit value (%d) in %s line %d, column %d. Using 0.",
$2,
ip_ctx->fname,
ip_ctx->errpos.nline,
ip_ctx->errpos.ncol);
$2 = 0;
}
$$ = $2;
}
;
ac_flag_list
: /* empty list is allowed */
{ $$ = NULL; }
@ -871,12 +901,14 @@ ac_flag_list
;
access_control_flag
: T_Flake
: T_Epeer
| T_Flake
| T_Ignore
| T_Kod
| T_Mssntp
| T_Limited
| T_Lowpriotrap
| T_Noepeer
| T_Nomodify
| T_Nomrulist
| T_Nopeer
@ -1270,6 +1302,10 @@ drift_parm
APPEND_G_FIFO(cfgt.vars, av);
av = create_attr_dval(T_WanderThreshold, $2);
APPEND_G_FIFO(cfgt.vars, av);
msyslog(LOG_WARNING,
"'driftfile FILENAME WanderValue' is deprecated, "
"please use separate 'driftfile FILENAME' and "
"'nonvolatile WanderValue' lines instead.");
} else {
YYFREE($1);
yyerror("driftfile remote configuration ignored");
@ -1507,6 +1543,9 @@ number
| T_Double
;
basedate
: T_Basedate T_String
{ $$ = basedate_eval_string($2); YYFREE($2); }
/* Simulator Configuration Commands
* --------------------------------

61
ntpd/ntp_peer.c
View File

@ -117,7 +117,7 @@ static struct peer * findexistingpeer_name(const char *, u_short,
struct peer *, int);
static struct peer * findexistingpeer_addr(sockaddr_u *,
struct peer *, int,
u_char);
u_char, int *);
static void free_peer(struct peer *, int);
static void getmorepeermem(void);
static int score(struct peer *);
@ -203,17 +203,18 @@ findexistingpeer_addr(
sockaddr_u * addr,
struct peer * start_peer,
int mode,
u_char cast_flags
u_char cast_flags,
int * ip_count
)
{
struct peer *peer;
DPRINTF(2, ("findexistingpeer_addr(%s, %s, %d, 0x%x)\n",
DPRINTF(2, ("findexistingpeer_addr(%s, %s, %d, 0x%x, %p)\n",
sptoa(addr),
(start_peer)
? sptoa(&start_peer->srcadr)
: "NULL",
mode, (u_int)cast_flags));
mode, (u_int)cast_flags, ip_count));
/*
* start_peer is included so we can locate instances of the
@ -234,6 +235,11 @@ findexistingpeer_addr(
DPRINTF(3, ("%s %s %d %d 0x%x 0x%x ", sptoa(addr),
sptoa(&peer->srcadr), mode, peer->hmode,
(u_int)cast_flags, (u_int)peer->cast_flags));
if (ip_count) {
if (SOCK_EQ(addr, &peer->srcadr)) {
(*ip_count)++;
}
}
if ((-1 == mode || peer->hmode == mode ||
((MDF_BCLNT & peer->cast_flags) &&
(MDF_BCLNT & cast_flags))) &&
@ -258,7 +264,8 @@ findexistingpeer(
const char * hostname,
struct peer * start_peer,
int mode,
u_char cast_flags
u_char cast_flags,
int * ip_count
)
{
if (hostname != NULL)
@ -266,7 +273,7 @@ findexistingpeer(
start_peer, mode);
else
return findexistingpeer_addr(addr, start_peer, mode,
cast_flags);
cast_flags, ip_count);
}
@ -561,6 +568,7 @@ peer_config(
sockaddr_u * srcadr,
const char * hostname,
endpt * dstadr,
int ippeerlimit,
u_char hmode,
u_char version,
u_char minpoll,
@ -611,7 +619,7 @@ peer_config(
flags |= FLAG_IBURST;
if ((MDF_ACAST | MDF_POOL) & cast_flags)
flags &= ~FLAG_PREEMPT;
return newpeer(srcadr, hostname, dstadr, hmode, version,
return newpeer(srcadr, hostname, dstadr, ippeerlimit, hmode, version,
minpoll, maxpoll, flags, cast_flags, ttl, key, ident);
}
@ -753,6 +761,7 @@ newpeer(
sockaddr_u * srcadr,
const char * hostname,
endpt * dstadr,
int ippeerlimit,
u_char hmode,
u_char version,
u_char minpoll,
@ -766,6 +775,8 @@ newpeer(
{
struct peer * peer;
u_int hash;
int ip_count = 0;
DEBUG_REQUIRE(srcadr);
@ -799,11 +810,11 @@ newpeer(
*/
if (dstadr != NULL) {
peer = findexistingpeer(srcadr, hostname, NULL, hmode,
cast_flags);
cast_flags, &ip_count);
while (peer != NULL) {
if (peer->dstadr == dstadr ||
((MDF_BCLNT & cast_flags) &&
(MDF_BCLNT & peer->cast_flags)))
if ( peer->dstadr == dstadr
|| ( (MDF_BCLNT & cast_flags)
&& (MDF_BCLNT & peer->cast_flags)))
break;
if (dstadr == ANY_INTERFACE_CHOOSE(srcadr) &&
@ -811,12 +822,12 @@ newpeer(
break;
peer = findexistingpeer(srcadr, hostname, peer,
hmode, cast_flags);
hmode, cast_flags, &ip_count);
}
} else {
/* no endpt address given */
peer = findexistingpeer(srcadr, hostname, NULL, hmode,
cast_flags);
cast_flags, &ip_count);
}
/*
@ -833,6 +844,30 @@ newpeer(
return NULL;
}
DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n",
(hostname)
? hostname
: stoa(srcadr),
ip_count));
/* Check ippeerlimit wrt ip_count */
if (ippeerlimit > -1) {
if (ip_count + 1 > ippeerlimit) {
DPRINTF(2, ("newpeer(%s) denied - ippeerlimit %d\n",
(hostname)
? hostname
: stoa(srcadr),
ippeerlimit));
return NULL;
}
} else {
DPRINTF(1, ("newpeer(%s) - ippeerlimit %d ignored\n",
(hostname)
? hostname
: stoa(srcadr),
ippeerlimit));
}
/*
* Allocate a new peer structure. Some dirt here, since some of
* the initialization requires knowlege of our system state.

423
ntpd/ntp_proto.c
View File

@ -1,7 +1,8 @@
/*
* ntp_proto.c - NTP version 4 protocol machinery
*
* ATTENTION: Get approval from Dave Mills on all changes to this file!
* ATTENTION: Get approval from Harlan on all changes to this file!
* (Harlan will be discussing these changes with Dave Mills.)
*
*/
#ifdef HAVE_CONFIG_H
@ -37,29 +38,34 @@
#define AUTH(x, y) ((x) ? (y) == AUTH_OK \
: (y) == AUTH_OK || (y) == AUTH_NONE)
#define AUTH_NONE 0 /* authentication not required */
#define AUTH_OK 1 /* authentication OK */
#define AUTH_ERROR 2 /* authentication error */
#define AUTH_CRYPTO 3 /* crypto_NAK */
typedef enum
auth_state {
AUTH_UNKNOWN = -1, /* Unknown */
AUTH_NONE, /* authentication not required */
AUTH_OK, /* authentication OK */
AUTH_ERROR, /* authentication error */
AUTH_CRYPTO /* crypto_NAK */
} auth_code;
/*
* Set up Kiss Code values
*/
enum kiss_codes {
typedef enum
kiss_codes {
NOKISS, /* No Kiss Code */
RATEKISS, /* Rate limit Kiss Code */
DENYKISS, /* Deny Kiss */
RSTRKISS, /* Restricted Kiss */
XKISS, /* Experimental Kiss */
UNKNOWNKISS /* Unknown Kiss Code */
};
XKISS /* Experimental Kiss */
} kiss_code;
enum nak_error_codes {
typedef enum
nak_error_codes {
NONAK, /* No NAK seen */
INVALIDNAK, /* NAK cannot be used */
VALIDNAK /* NAK is valid */
};
} nak_code;
/*
* traffic shaping parameters
@ -182,7 +188,7 @@ int unpeer_digest_early = 1; /* bad digest (TEST5) */
int dynamic_interleave = DYNAMIC_INTERLEAVE; /* Bug 2978 mitigation */
int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
enum nak_error_codes valid_NAK(struct peer *peer, struct recvbuf *rbufp, u_char hismode);
nak_code valid_NAK (struct peer *peer, struct recvbuf *rbufp, u_char hismode);
static double root_distance (struct peer *);
static void clock_combine (peer_select *, int, int);
static void peer_xmit (struct peer *);
@ -260,19 +266,16 @@ kiss_code_check(
return (RSTRKISS);
} else if(memcmp(&refid,"X", 1) == 0) {
return (XKISS);
} else {
return (UNKNOWNKISS);
}
} else {
return (NOKISS);
}
return (NOKISS);
}
/*
* Check that NAK is valid
*/
enum nak_error_codes
nak_code
valid_NAK(
struct peer *peer,
struct recvbuf *rbufp,
@ -583,14 +586,15 @@ receive(
u_char hisleap; /* packet leap indicator */
u_char hismode; /* packet mode */
u_char hisstratum; /* packet stratum */
r4addr r4a; /* address restrictions */
u_short restrict_mask; /* restrict bits */
const char *hm_str; /* hismode string */
const char *am_str; /* association match string */
int kissCode = NOKISS; /* Kiss Code */
int has_mac; /* length of MAC field */
int authlen; /* offset of MAC field */
int is_authentic = AUTH_NONE; /* cryptosum ok */
int crypto_nak_test; /* result of crypto-NAK check */
auth_code is_authentic = AUTH_UNKNOWN; /* Was AUTH_NONE */
nak_code crypto_nak_test; /* result of crypto-NAK check */
int retcode = AM_NOMATCH; /* match code */
keyid_t skeyid = 0; /* key IDs */
u_int32 opcode = 0; /* extension field opcode */
@ -611,6 +615,13 @@ receive(
static unsigned char zero_key[16];
#endif /* HAVE_NTP_SIGND */
/*
* Note that there are many places we do not call record_raw_stats().
*
* We only want to call it *after* we've sent a response, or perhaps
* when we've decided to drop a packet.
*/
/*
* Monitor the packet and get restrictions. Note that the packet
* length for control and private mode packets must be checked
@ -626,25 +637,33 @@ receive(
sys_badlength++;
return; /* bogus port */
}
restrict_mask = restrictions(&rbufp->recv_srcadr);
restrictions(&rbufp->recv_srcadr, &r4a);
restrict_mask = r4a.rflags;
pkt = &rbufp->recv_pkt;
DPRINTF(2, ("receive: at %ld %s<-%s flags %x restrict %03x org %#010x.%08x xmt %#010x.%08x\n",
current_time, stoa(&rbufp->dstadr->sin),
stoa(&rbufp->recv_srcadr), rbufp->dstadr->flags,
restrict_mask, ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
hisversion = PKT_VERSION(pkt->li_vn_mode);
hisleap = PKT_LEAP(pkt->li_vn_mode);
hismode = (int)PKT_MODE(pkt->li_vn_mode);
hisstratum = PKT_TO_STRATUM(pkt->stratum);
DPRINTF(2, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n",
current_time, stoa(&rbufp->dstadr->sin),
stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode,
build_iflags(rbufp->dstadr->flags),
build_rflags(restrict_mask),
ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
/* See basic mode and broadcast checks, below */
INSIST(0 != hisstratum);
if (restrict_mask & RES_IGNORE) {
DPRINTF(2, ("receive: drop: RES_IGNORE\n"));
sys_restricted++;
return; /* ignore everything */
}
if (hismode == MODE_PRIVATE) {
if (!ntp_mode7 || (restrict_mask & RES_NOQUERY)) {
DPRINTF(2, ("receive: drop: RES_NOQUERY\n"));
sys_restricted++;
return; /* no query private */
}
@ -654,6 +673,7 @@ receive(
}
if (hismode == MODE_CONTROL) {
if (restrict_mask & RES_NOQUERY) {
DPRINTF(2, ("receive: drop: RES_NOQUERY\n"));
sys_restricted++;
return; /* no query control */
}
@ -661,6 +681,7 @@ receive(
return;
}
if (restrict_mask & RES_DONTSERVE) {
DPRINTF(2, ("receive: drop: RES_DONTSERVE\n"));
sys_restricted++;
return; /* no time serve */
}
@ -671,11 +692,24 @@ receive(
*/
if (restrict_mask & RES_FLAKE) {
if ((double)ntp_random() / 0x7fffffff < .1) {
DPRINTF(2, ("receive: drop: RES_FLAKE\n"));
sys_restricted++;
return; /* no flakeway */
}
}
/*
** Format Layer Checks
**
** Validate the packet format. The packet size, packet header,
** and any extension field lengths are checked. We identify
** the beginning of the MAC, to identify the upper limit of
** of the hash computation.
**
** In case of a format layer check violation, the packet is
** discarded with no further processing.
*/
/*
* Version check must be after the query packets, since they
* intentionally use an early version.
@ -686,6 +720,7 @@ receive(
&& hisversion >= NTP_OLDVERSION) {
sys_oldversion++; /* previous version */
} else {
DPRINTF(2, ("receive: drop: RES_VERSION\n"));
sys_badlength++;
return; /* old version */
}
@ -700,6 +735,7 @@ receive(
if (hisversion == NTP_OLDVERSION) {
hismode = MODE_CLIENT;
} else {
DPRINTF(2, ("receive: drop: MODE_UNSPEC\n"));
sys_badlength++;
return; /* invalid mode */
}
@ -716,6 +752,16 @@ receive(
* is a runt and discarded forthwith. If greater than 6, an
* extension field is present, so we subtract the length of the
* field and go around again.
*
* Note the above description is lame. We should/could also check
* the two bytes that make up the EF type and subtype, and then
* check the two bytes that tell us the EF length. A legacy MAC
* has a 4 byte keyID, and for conforming symmetric keys its value
* must be <= 64k, meaning the top two bytes will always be zero.
* Since the EF Type of 0 is reserved/unused, there's no way a
* conforming legacy MAC could ever be misinterpreted as an EF.
*
* There is more, but this isn't the place to document it.
*/
authlen = LEN_PKT_NOMAC;
@ -728,9 +774,14 @@ receive(
#endif /*AUTOKEY */
if (has_mac % 4 != 0 || has_mac < (int)MIN_MAC_LEN) {
DPRINTF(2, ("receive: drop: bad post-packet length\n"));
sys_badlength++;
return; /* bad length */
}
/*
* This next test is clearly wrong - it needlessly
* prohibits short EFs (which don't yet exist)
*/
if (has_mac <= (int)MAX_MAC_LEN) {
skeyid = ntohl(((u_int32 *)pkt)[authlen / 4]);
break;
@ -741,6 +792,7 @@ receive(
if ( len % 4 != 0
|| len < 4
|| (int)len + authlen > rbufp->recv_length) {
DPRINTF(2, ("receive: drop: bad EF length\n"));
sys_badlength++;
return; /* bad length */
}
@ -757,6 +809,7 @@ receive(
if ( hostlen >= sizeof(hostname)
|| hostlen > len -
offsetof(struct exten, pkt)) {
DPRINTF(2, ("receive: drop: bad autokey hostname length\n"));
sys_badlength++;
return; /* bad length */
}
@ -764,6 +817,7 @@ receive(
hostname[hostlen] = '\0';
groupname = strchr(hostname, '@');
if (groupname == NULL) {
DPRINTF(2, ("receive: drop: empty autokey groupname\n"));
sys_declined++;
return;
}
@ -779,14 +833,27 @@ receive(
* If has_mac is < 0 we had a malformed packet.
*/
if (has_mac < 0) {
DPRINTF(2, ("receive: drop: post-packet under-read\n"));
sys_badlength++;
return; /* bad length */
}
/*
* If authentication required, a MAC must be present.
** Packet Data Verification Layer
**
** This layer verifies the packet data content. If
** authentication is required, a MAC must be present.
** If a MAC is present, it must validate.
** Crypto-NAK? Look - a shiny thing!
**
** If authentication fails, we're done.
*/
/*
* If authentication is explicitly required, a MAC must be present.
*/
if (restrict_mask & RES_DONTTRUST && has_mac == 0) {
DPRINTF(2, ("receive: drop: RES_DONTTRUST\n"));
sys_restricted++;
return; /* access denied */
}
@ -803,9 +870,12 @@ receive(
if ( !(restrict_mask & RES_KOD)
|| MODE_BROADCAST == hismode
|| MODE_SERVER == hismode) {
if (MODE_SERVER == hismode)
if (MODE_SERVER == hismode) {
DPRINTF(1, ("Possibly self-induced rate limiting of MODE_SERVER from %s\n",
stoa(&rbufp->recv_srcadr)));
} else {
DPRINTF(2, ("receive: drop: RES_KOD\n"));
}
return; /* rate exceeded */
}
if (hismode == MODE_CLIENT)
@ -837,6 +907,7 @@ receive(
* multicaster, the broadcast address is null, so we use the
* unicast address anyway. Don't ask.
*/
peer = findpeer(rbufp, hismode, &retcode);
dstadr_sin = &rbufp->dstadr->sin;
NTOHL_FP(&pkt->org, &p_org);
@ -921,6 +992,14 @@ receive(
#endif /* HAVE_NTP_SIGND */
} else {
/*
* has_mac is not 0
* Not a VALID_NAK
* Not an MS-SNTP SIGND packet
*
* So there is a MAC here.
*/
restrict_mask &= ~RES_MSSNTP;
#ifdef AUTOKEY
/*
@ -956,6 +1035,7 @@ receive(
* % can't happen
*/
if (has_mac < (int)MAX_MD5_LEN) {
DPRINTF(2, ("receive: drop: MD5 digest too short\n"));
sys_badauth++;
return;
}
@ -972,6 +1052,7 @@ receive(
if ( crypto_flags
&& rbufp->dstadr ==
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
DPRINTF(2, ("receive: drop: BCAST from wildcard\n"));
sys_restricted++;
return; /* no wildcard */
}
@ -1033,6 +1114,80 @@ receive(
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
}
/*
* Bug 3454:
*
* Now come at this from a different perspective:
* - If we expect a MAC and it's not there, we drop it.
* - If we expect one keyID and get another, we drop it.
* - If we have a MAC ahd it hasn't been validated yet, try.
* - if the provided MAC doesn't validate, we drop it.
*
* There might be more to this.
*/
if (0 != peer && 0 != peer->keyid) {
/* Should we msyslog() any of these? */
/*
* This should catch:
* - no keyID where one is expected,
* - different keyID than what we expect.
*/
if (peer->keyid != skeyid) {
DPRINTF(2, ("receive: drop: Wanted keyID %d, got %d from %s\n",
peer->keyid, skeyid,
stoa(&rbufp->recv_srcadr)));
sys_restricted++;
return; /* drop: access denied */
}
/*
* if has_mac != 0 ...
* - If it has not yet been validated, do so.
* (under what circumstances might that happen?)
* - if missing or bad MAC, log and drop.
*/
if (0 != has_mac) {
if (is_authentic == AUTH_UNKNOWN) {
/* How can this happen? */
DPRINTF(2, ("receive: 3454 check: AUTH_UNKNOWN from %s\n",
stoa(&rbufp->recv_srcadr)));
if (!authdecrypt(skeyid, (u_int32 *)pkt, authlen,
has_mac)) {
/* MAC invalid or not found */
is_authentic = AUTH_ERROR;
} else {
is_authentic = AUTH_OK;
}
}
if (is_authentic != AUTH_OK) {
DPRINTF(2, ("receive: drop: missing or bad MAC from %s\n",
stoa(&rbufp->recv_srcadr)));
sys_restricted++;
return; /* drop: access denied */
}
}
}
/**/
/*
** On-Wire Protocol Layer
**
** Verify protocol operations consistent with the on-wire protocol.
** The protocol discards bogus and duplicate packets as well as
** minimizes disruptions doe to protocol restarts and dropped
** packets. The operations are controlled by two timestamps:
** the transmit timestamp saved in the client state variables,
** and the origin timestamp in the server packet header. The
** comparison of these two timestamps is called the loopback test.
** The transmit timestamp functions as a nonce to verify that the
** response corresponds to the original request. The transmit
** timestamp also serves to discard replays of the most recent
** packet. Upon failure of either test, the packet is discarded
** with no further action.
*/
/*
* The association matching rules are implemented by a set of
* routines and an association table. A packet matching an
@ -1050,6 +1205,8 @@ receive(
* an ordinary client, simply toss a server mode packet back
* over the fence. If a manycast client, we have to work a
* little harder.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_FXMIT:
@ -1058,6 +1215,21 @@ receive(
* send a crypto-NAK.
*/
if (!(rbufp->dstadr->flags & INT_MCASTOPEN)) {
/* HMS: would be nice to log FAST_XMIT|BADAUTH|RESTRICTED */
record_raw_stats(&rbufp->recv_srcadr,
&rbufp->dstadr->sin,
&p_org, &p_rec, &p_xmt, &rbufp->recv_time,
PKT_LEAP(pkt->li_vn_mode),
PKT_VERSION(pkt->li_vn_mode),
PKT_MODE(pkt->li_vn_mode),
PKT_TO_STRATUM(pkt->stratum),
pkt->ppoll,
pkt->precision,
FPTOD(NTOHS_FP(pkt->rootdelay)),
FPTOD(NTOHS_FP(pkt->rootdisp)),
pkt->refid,
rbufp->recv_length - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_SERVER, skeyid,
@ -1067,8 +1239,10 @@ receive(
restrict_mask);
sys_badauth++;
} else {
DPRINTF(2, ("receive: AM_FXMIT drop: !mcast restricted\n"));
sys_restricted++;
}
return; /* hooray */
}
@ -1077,6 +1251,7 @@ receive(
* configured as a manycast server.
*/
if (!sys_manycastserver) {
DPRINTF(2, ("receive: AM_FXMIT drop: Not manycastserver\n"));
sys_restricted++;
return; /* not enabled */
}
@ -1086,6 +1261,7 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, NULL)) {
DPRINTF(2, ("receive: AM_FXMIT drop: empty groupname\n"));
sys_declined++;
return;
}
@ -1100,6 +1276,7 @@ receive(
|| sys_stratum >= hisstratum
|| (!sys_cohort && sys_stratum == hisstratum + 1)
|| rbufp->dstadr->addr_refid == pkt->refid) {
DPRINTF(2, ("receive: AM_FXMIT drop: LEAP_NOTINSYNC || stratum || loop\n"));
sys_declined++;
return; /* no help */
}
@ -1108,9 +1285,24 @@ receive(
* Respond only if authentication succeeds. Don't do a
* crypto-NAK, as that would not be useful.
*/
if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic))
if (AUTH(restrict_mask & RES_DONTTRUST, is_authentic)) {
record_raw_stats(&rbufp->recv_srcadr,
&rbufp->dstadr->sin,
&p_org, &p_rec, &p_xmt, &rbufp->recv_time,
PKT_LEAP(pkt->li_vn_mode),
PKT_VERSION(pkt->li_vn_mode),
PKT_MODE(pkt->li_vn_mode),
PKT_TO_STRATUM(pkt->stratum),
pkt->ppoll,
pkt->precision,
FPTOD(NTOHS_FP(pkt->rootdelay)),
FPTOD(NTOHS_FP(pkt->rootdisp)),
pkt->refid,
rbufp->recv_length - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
fast_xmit(rbufp, MODE_SERVER, skeyid,
restrict_mask);
}
return; /* hooray */
/*
@ -1131,6 +1323,8 @@ receive(
* There is an implosion hazard at the manycast client, since
* the manycast servers send the server packet immediately. If
* the guy is already here, don't fire up a duplicate.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_MANYCAST:
@ -1139,18 +1333,23 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, NULL)) {
DPRINTF(2, ("receive: AM_MANYCAST drop: empty groupname\n"));
sys_declined++;
return;
}
#endif /* AUTOKEY */
if ((peer2 = findmanycastpeer(rbufp)) == NULL) {
DPRINTF(2, ("receive: AM_MANYCAST drop: No manycast peer\n"));
sys_restricted++;
return; /* not enabled */
}
if (!AUTH( (!(peer2->cast_flags & MDF_POOL)
&& sys_authenticate)
|| (restrict_mask & (RES_NOPEER |
RES_DONTTRUST)), is_authentic)) {
RES_DONTTRUST)), is_authentic)
/* MC: RES_NOEPEER? */
) {
DPRINTF(2, ("receive: AM_MANYCAST drop: bad auth || (NOPEER|DONTTRUST)\n"));
sys_restricted++;
return; /* access denied */
}
@ -1162,15 +1361,17 @@ receive(
if ( hisleap == LEAP_NOTINSYNC
|| hisstratum < sys_floor
|| hisstratum >= sys_ceiling) {
DPRINTF(2, ("receive: AM_MANYCAST drop: unsync/stratum\n"));
sys_declined++;
return; /* no help */
}
peer = newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr,
MODE_CLIENT, hisversion, peer2->minpoll,
peer2->maxpoll, FLAG_PREEMPT |
(FLAG_IBURST & peer2->flags), MDF_UCAST |
MDF_UCLNT, 0, skeyid, sys_ident);
r4a.ippeerlimit, MODE_CLIENT, hisversion,
peer2->minpoll, peer2->maxpoll,
FLAG_PREEMPT | (FLAG_IBURST & peer2->flags),
MDF_UCAST | MDF_UCLNT, 0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_MANYCAST drop: duplicate\n"));
sys_declined++;
return; /* ignore duplicate */
}
@ -1197,6 +1398,8 @@ receive(
* the packet is authentic and we are enabled as broadcast
* client, mobilize a broadcast client association. We don't
* kiss any frogs here.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_NEWBCL:
@ -1205,16 +1408,21 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, sys_ident)) {
DPRINTF(2, ("receive: AM_NEWBCL drop: groupname mismatch\n"));
sys_declined++;
return;
}
#endif /* AUTOKEY */
if (sys_bclient == 0) {
DPRINTF(2, ("receive: AM_NEWBCL drop: not a bclient\n"));
sys_restricted++;
return; /* not enabled */
}
if (!AUTH(sys_authenticate | (restrict_mask &
(RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
(RES_NOPEER | RES_DONTTRUST)), is_authentic)
/* NEWBCL: RES_NOEPEER? */
) {
DPRINTF(2, ("receive: AM_NEWBCL drop: AUTH failed\n"));
sys_restricted++;
return; /* access denied */
}
@ -1226,6 +1434,7 @@ receive(
if ( hisleap == LEAP_NOTINSYNC
|| hisstratum < sys_floor
|| hisstratum >= sys_ceiling) {
DPRINTF(2, ("receive: AM_NEWBCL drop: Unsync or bad stratum\n"));
sys_declined++;
return; /* no help */
}
@ -1237,6 +1446,7 @@ receive(
*/
if ( crypto_flags && skeyid > NTP_MAXKEY
&& (opcode & 0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
DPRINTF(2, ("receive: AM_NEWBCL drop: Autokey but not CRYPTO_ASSOC\n"));
sys_declined++;
return; /* protocol error */
}
@ -1267,6 +1477,7 @@ receive(
*/
if (crypto_flags && skeyid > NTP_MAXKEY) {
sys_restricted++;
DPRINTF(2, ("receive: AM_NEWBCL drop: Autokey but not 2-way\n"));
return; /* no autokey */
}
#endif /* AUTOKEY */
@ -1275,11 +1486,12 @@ receive(
* Do not execute the volley. Start out in
* broadcast client mode.
*/
peer = newpeer(&rbufp->recv_srcadr, NULL,
match_ep, MODE_BCLIENT, hisversion,
pkt->ppoll, pkt->ppoll, FLAG_PREEMPT,
MDF_BCLNT, 0, skeyid, sys_ident);
peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep,
r4a.ippeerlimit, MODE_BCLIENT, hisversion,
pkt->ppoll, pkt->ppoll,
FLAG_PREEMPT, MDF_BCLNT, 0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_NEWBCL drop: duplicate\n"));
sys_restricted++;
return; /* ignore duplicate */
@ -1299,10 +1511,12 @@ receive(
* is fixed at this value.
*/
peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep,
MODE_CLIENT, hisversion, pkt->ppoll, pkt->ppoll,
r4a.ippeerlimit, MODE_CLIENT, hisversion,
pkt->ppoll, pkt->ppoll,
FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
0, skeyid, sys_ident);
if (NULL == peer) {
DPRINTF(2, ("receive: AM_NEWBCL drop: empty newpeer() failed\n"));
sys_restricted++;
return; /* ignore duplicate */
}
@ -1316,8 +1530,11 @@ receive(
/*
* This is the first packet received from a symmetric active
* peer. If the packet is authentic and the first he sent,
* mobilize a passive association. If not, kiss the frog.
* peer. If the packet is authentic, the first he sent, and
* RES_NOEPEER is not enabled, mobilize a passive association
* If not, kiss the frog.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_NEWPASS:
@ -1326,38 +1543,42 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, sys_ident)) {
DPRINTF(2, ("receive: AM_NEWPASS drop: Autokey group mismatch\n"));
sys_declined++;
return;
}
#endif /* AUTOKEY */
if (!AUTH(sys_authenticate | (restrict_mask &
(RES_NOPEER | RES_DONTTRUST)), is_authentic)) {
/*
* If authenticated but cannot mobilize an
* association, send a symmetric passive
* response without mobilizing an association.
* This is for drat broken Windows clients. See
* Microsoft KB 875424 for preferred workaround.
*/
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
restrict_mask);
return; /* hooray */
}
if (is_authentic == AUTH_ERROR) {
fast_xmit(rbufp, MODE_ACTIVE, 0,
restrict_mask);
sys_restricted++;
return;
(RES_NOPEER | RES_DONTTRUST)), is_authentic)
) {
if (0 == (restrict_mask & RES_NOEPEER)) {
/*
* If authenticated but cannot mobilize an
* association, send a symmetric passive
* response without mobilizing an association.
* This is for drat broken Windows clients. See
* Microsoft KB 875424 for preferred workaround.
*/
if (AUTH(restrict_mask & RES_DONTTRUST,
is_authentic)) {
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
restrict_mask);
return; /* hooray */
}
if (is_authentic == AUTH_ERROR) {
fast_xmit(rbufp, MODE_ACTIVE, 0,
restrict_mask);
sys_restricted++;
return;
}
}
/* [Bug 2941]
* If we got here, the packet isn't part of an
* existing association, it isn't correctly
* authenticated, and it didn't meet either of
* the previous two special cases so we should
* just drop it on the floor. For example,
* existing association, either isn't correctly
* authenticated or it is but we are refusing
* ephemeral peer requests, and it didn't meet
* either of the previous two special cases so we
* should just drop it on the floor. For example,
* crypto-NAKs (is_authentic == AUTH_CRYPTO)
* will make it this far. This is just
* debug-printed and not logged to avoid log
@ -1384,18 +1605,21 @@ receive(
*/
if ( hisleap != LEAP_NOTINSYNC
&& (hisstratum < sys_floor || hisstratum >= sys_ceiling)) {
DPRINTF(2, ("receive: AM_NEWPASS drop: Autokey group mismatch\n"));
sys_declined++;
return; /* no help */
}
/*
* The message is correctly authenticated and allowed.
* Mobilize a symmetric passive association.
* Mobilize a symmetric passive association, if we won't
* exceed the ippeerlimit.
*/
if ((peer = newpeer(&rbufp->recv_srcadr, NULL,
rbufp->dstadr, MODE_PASSIVE, hisversion, pkt->ppoll,
NTP_MAXDPOLL, 0, MDF_UCAST, 0, skeyid,
sys_ident)) == NULL) {
if ((peer = newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr,
r4a.ippeerlimit, MODE_PASSIVE, hisversion,
pkt->ppoll, NTP_MAXDPOLL, 0, MDF_UCAST, 0,
skeyid, sys_ident)) == NULL) {
DPRINTF(2, ("receive: AM_NEWPASS drop: newpeer() failed\n"));
sys_declined++;
return; /* ignore duplicate */
}
@ -1404,6 +1628,8 @@ receive(
/*
* Process regular packet. Nothing special.
*
* There are cases here where we do not call record_raw_stats().
*/
case AM_PROCPKT:
@ -1412,6 +1638,7 @@ receive(
* Do not respond if not the same group.
*/
if (group_test(groupname, peer->ident)) {
DPRINTF(2, ("receive: AM_PROCPKT drop: Autokey group mismatch\n"));
sys_declined++;
return;
}
@ -1437,7 +1664,7 @@ receive(
/* This is noteworthy, not error-worthy */
if (pkt->ppoll != peer->ppoll) {
msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %ud to %ud",
msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %u to %u",
stoa(&rbufp->recv_srcadr),
peer->ppoll, pkt->ppoll);
}
@ -1445,7 +1672,7 @@ receive(
/* This is error-worthy */
if (pkt->ppoll < peer->minpoll ||
pkt->ppoll > peer->maxpoll ) {
msyslog(LOG_INFO, "receive: broadcast poll of %ud from %s is out-of-range (%d to %d)!",
msyslog(LOG_INFO, "receive: broadcast poll of %u from %s is out-of-range (%d to %d)!",
pkt->ppoll, stoa(&rbufp->recv_srcadr),
peer->minpoll, peer->maxpoll);
++bail;
@ -1520,6 +1747,7 @@ receive(
}
if (bail) {
DPRINTF(2, ("receive: AM_PROCPKT drop: bail\n"));
peer->timelastrec = current_time;
sys_declined++;
return;
@ -1535,6 +1763,7 @@ receive(
* attempt to deny service, just ignore it.
*/
case AM_ERR:
DPRINTF(2, ("receive: AM_ERR drop.\n"));
sys_declined++;
return;
@ -1542,6 +1771,7 @@ receive(
* For everything else there is the bit bucket.
*/
default:
DPRINTF(2, ("receive: default drop.\n"));
sys_declined++;
return;
}
@ -1555,6 +1785,7 @@ receive(
if ( is_authentic != AUTH_CRYPTO
&& ( ((peer->flags & FLAG_SKEY) && skeyid <= NTP_MAXKEY)
|| (!(peer->flags & FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
DPRINTF(2, ("receive: drop: Autokey but wrong/bad auth\n"));
sys_badauth++;
return;
}
@ -1575,9 +1806,12 @@ receive(
* A KoD packet we pay attention to cannot have a 0 transmit
* timestamp.
*/
kissCode = kiss_code_check(hisleap, hisstratum, hismode, pkt->refid);
if (L_ISZERO(&p_xmt)) {
peer->flash |= TEST3; /* unsynch */
if (STRATUM_UNSPEC == hisstratum) { /* KoD packet */
if (kissCode != NOKISS) { /* KoD packet */
peer->bogusorg++; /* for TEST2 or TEST3 */
msyslog(LOG_INFO,
"receive: Unexpected zero transmit timestamp in KoD from %s",
@ -1591,6 +1825,7 @@ receive(
* the most recent packet, authenticated or not.
*/
} else if (L_ISEQU(&peer->xmt, &p_xmt)) {
DPRINTF(2, ("receive: drop: Duplicate xmit\n"));
peer->flash |= TEST1; /* duplicate */
peer->oldpkt++;
return;
@ -1601,13 +1836,13 @@ receive(
* see if this is an interleave broadcast packet until after
* we've validated the MAC that SHOULD be provided.
*
* hisstratum should never be 0.
* hisstratum cannot be 0 - see assertion above.
* If hisstratum is 15, then we'll advertise as UNSPEC but
* at least we'll be able to sync with the broadcast server.
*/
} else if (hismode == MODE_BROADCAST) {
if ( 0 == hisstratum
|| STRATUM_UNSPEC <= hisstratum) {
/* 0 is unexpected too, and impossible */
if (STRATUM_UNSPEC <= hisstratum) {
/* Is this a ++sys_declined or ??? */
msyslog(LOG_INFO,
"receive: Unexpected stratum (%d) in broadcast from %s",
@ -1628,7 +1863,7 @@ receive(
* (nonzero) org, rec, and xmt timestamps set to the xmt timestamp
* that we have previously sent out. Watch interleave mode.
*/
} else if (STRATUM_UNSPEC == hisstratum) {
} else if (kissCode != NOKISS) {
DEBUG_INSIST(!L_ISZERO(&p_xmt));
if ( L_ISZERO(&p_org) /* We checked p_xmt above */
|| L_ISZERO(&p_rec)) {
@ -1675,7 +1910,8 @@ receive(
* should 'aorg' be all-zero because this really was the original
* transmit timestamp, we'll ignore this reply. There is a window
* of one nanosecond once every 136 years' time where this is
* possible. We currently ignore this situation.
* possible. We currently ignore this situation, as a completely
* zero timestamp is (quietly?) disallowed.
*
* Otherwise, check for bogus packet in basic mode.
* If it is bogus, switch to interleaved mode and resynchronize,
@ -1684,11 +1920,11 @@ receive(
*
* This could also mean somebody is forging packets claiming to
* be from us, attempting to cause our server to KoD us.
*
* We have earlier asserted that hisstratum cannot be 0.
* If hisstratum is STRATUM_UNSPEC, it means he's not sync'd.
*/
} else if (peer->flip == 0) {
INSIST(0 != hisstratum);
INSIST(STRATUM_UNSPEC != hisstratum);
if (0) {
} else if (L_ISZERO(&p_org)) {
const char *action;
@ -1767,10 +2003,13 @@ receive(
*/
} else if ( !L_ISZERO(&peer->dst)
&& !L_ISEQU(&p_org, &peer->dst)) {
DPRINTF(2, ("receive: drop: Bogus packet in interleaved symmetric mode\n"));
peer->bogusorg++;
peer->flags |= FLAG_XBOGUS;
peer->flash |= TEST2; /* bogus */
#ifdef BUG3453
return; /* Bogus packet, we are done */
#endif
}
/**/
@ -1788,6 +2027,7 @@ receive(
if (unpeer_crypto_nak_early) {
unpeer(peer);
}
DPRINTF(2, ("receive: drop: PREEMPT crypto_NAK\n"));
return;
}
#ifdef AUTOKEY
@ -1795,6 +2035,7 @@ receive(
peer_clear(peer, "AUTH");
}
#endif /* AUTOKEY */
DPRINTF(2, ("receive: drop: crypto_NAK\n"));
return;
/*
@ -1832,6 +2073,7 @@ receive(
peer_clear(peer, "AUTH");
}
#endif /* AUTOKEY */
DPRINTF(2, ("receive: drop: Bad or missing AUTH\n"));
return;
}
@ -1901,11 +2143,9 @@ receive(
/*
* Check for any kiss codes. Note this is only used when a server
* responds to a packet request
* responds to a packet request.
*/
kissCode = kiss_code_check(hisleap, hisstratum, hismode, pkt->refid);
/*
* Check to see if this is a RATE Kiss Code
* Currently this kiss code will accept whatever poll
@ -2204,11 +2444,12 @@ process_packet(
/*
* Capture the header values in the client/peer association..
*/
record_raw_stats(&peer->srcadr, peer->dstadr ?
&peer->dstadr->sin : NULL,
record_raw_stats(&peer->srcadr,
peer->dstadr ? &peer->dstadr->sin : NULL,
&p_org, &p_rec, &p_xmt, &peer->dst,
pleap, pversion, pmode, pstratum, pkt->ppoll, pkt->precision,
p_del, p_disp, pkt->refid);
p_del, p_disp, pkt->refid,
len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten);
peer->leap = pleap;
peer->stratum = min(pstratum, STRATUM_UNSPEC);
peer->pmode = pmode;
@ -4301,6 +4542,7 @@ pool_xmit(
int rc;
struct interface * lcladr;
sockaddr_u * rmtadr;
r4addr r4a;
int restrict_mask;
struct peer * p;
l_fp xmt_tx;
@ -4337,11 +4579,12 @@ pool_xmit(
/* copy_addrinfo_list ai_addr points to a sockaddr_u */
rmtadr = (sockaddr_u *)(void *)pool->ai->ai_addr;
pool->ai = pool->ai->ai_next;
p = findexistingpeer(rmtadr, NULL, NULL, MODE_CLIENT, 0);
p = findexistingpeer(rmtadr, NULL, NULL, MODE_CLIENT, 0, NULL);
} while (p != NULL && pool->ai != NULL);
if (p != NULL)
return; /* out of addresses, re-query DNS next poll */
restrict_mask = restrictions(rmtadr);
restrictions(rmtadr, &r4a);
restrict_mask = r4a.rflags;
if (RES_FLAGS & restrict_mask)
restrict_source(rmtadr, 0,
current_time + POOL_SOLICIT_WINDOW + 1);
@ -4932,4 +5175,6 @@ proto_clr_stats(void)
sys_badauth = 0;
sys_limitrejected = 0;
sys_kodsent = 0;
sys_lamport = 0;
sys_tsrounding = 0;
}

22
ntpd/ntp_refclock.c
View File

@ -1044,7 +1044,7 @@ refclock_control(
clktype = (u_char)REFCLOCKTYPE(srcadr);
unit = REFCLOCKUNIT(srcadr);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0, NULL);
if (NULL == peer)
return;
@ -1155,7 +1155,7 @@ refclock_buginfo(
clktype = (u_char) REFCLOCKTYPE(srcadr);
unit = REFCLOCKUNIT(srcadr);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0);
peer = findexistingpeer(srcadr, NULL, NULL, -1, 0, NULL);
if (NULL == peer || NULL == peer->procptr)
return;
@ -1247,16 +1247,24 @@ refclock_params(
/*
* If flag3 is lit, select the kernel PPS if we can.
*
* Note: EOPNOTSUPP is the only 'legal' error code we deal with;
* it is part of the 'if we can' strategy. Any other error
* indicates something more sinister and makes this function fail.
*/
if (mode & CLK_FLAG3) {
if (time_pps_kcbind(ap->handle, PPS_KC_HARDPPS,
ap->pps_params.mode & ~PPS_TSFMT_TSPEC,
PPS_TSFMT_TSPEC) < 0) {
msyslog(LOG_ERR,
"refclock_params: time_pps_kcbind: %m");
return (0);
PPS_TSFMT_TSPEC) < 0)
{
if (errno != EOPNOTSUPP) {
msyslog(LOG_ERR,
"refclock_params: time_pps_kcbind: %m");
return (0);
}
} else {
hardpps_enable = 1;
}
hardpps_enable = 1;
}
return (1);
}

51
ntpd/ntp_request.c
View File

@ -87,7 +87,7 @@ static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *);
static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_unrestrict (sockaddr_u *, endpt *, struct req_pkt *);
static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, int);
static void do_restrict (sockaddr_u *, endpt *, struct req_pkt *, restrict_op);
static void mon_getlist (sockaddr_u *, endpt *, struct req_pkt *);
static void reset_stats (sockaddr_u *, endpt *, struct req_pkt *);
static void reset_peer (sockaddr_u *, endpt *, struct req_pkt *);
@ -582,6 +582,7 @@ process_private(
* him. If the wrong key was used, or packet doesn't
* have mac, return.
*/
/* XXX: Use authistrustedip(), or equivalent. */
if (!INFO_IS_AUTH(inpkt->auth_seq) || !info_auth_keyid
|| ntohl(tailinpkt->keyid) != info_auth_keyid) {
DPRINTF(5, ("failed auth %d info_auth_keyid %u pkt keyid %u maclen %lu\n",
@ -837,7 +838,7 @@ peer_info (
#endif
datap += item_sz;
pp = findexistingpeer(&addr, NULL, NULL, -1, 0);
pp = findexistingpeer(&addr, NULL, NULL, -1, 0, NULL);
if (NULL == pp)
continue;
if (IS_IPV6(srcadr)) {
@ -981,7 +982,7 @@ peer_stats (
datap += item_sz;
pp = findexistingpeer(&addr, NULL, NULL, -1, 0);
pp = findexistingpeer(&addr, NULL, NULL, -1, 0, NULL);
if (NULL == pp)
continue;
@ -1150,6 +1151,8 @@ sys_stats(
ss->badauth = htonl((u_int32)sys_badauth);
ss->limitrejected = htonl((u_int32)sys_limitrejected);
ss->received = htonl((u_int32)sys_received);
ss->lamport = htonl((u_int32)sys_lamport);
ss->tsrounding = htonl((u_int32)sys_tsrounding);
(void) more_pkt();
flush_pkt();
}
@ -1366,10 +1369,13 @@ do_conf(
*
* - minpoll/maxpoll, but they are treated properly
* for all cases internally. Checking not necessary.
*
* Note that we ignore any previously-specified ippeerlimit.
* If we're told to create the peer, we create the peer.
*/
/* finally create the peer */
if (peer_config(&peeraddr, NULL, NULL,
if (peer_config(&peeraddr, NULL, NULL, -1,
temp_cp.hmode, temp_cp.version, temp_cp.minpoll,
temp_cp.maxpoll, fl, temp_cp.ttl, temp_cp.keyid,
NULL) == 0)
@ -1449,7 +1455,7 @@ do_unconf(
p = NULL;
do {
p = findexistingpeer(
&peeraddr, NULL, p, -1, 0);
&peeraddr, NULL, p, -1, 0, NULL);
} while (p && !(FLAG_CONFIG & p->flags));
if (!loops && !p) {
@ -1653,7 +1659,7 @@ list_restrict4(
pir->v6_flag = 0;
pir->mask = htonl(res->u.v4.mask);
pir->count = htonl(res->count);
pir->flags = htons(res->flags);
pir->rflags = htons(res->rflags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
@ -1684,7 +1690,7 @@ list_restrict6(
pir->mask6 = res->u.v6.mask;
pir->v6_flag = 1;
pir->count = htonl(res->count);
pir->flags = htons(res->flags);
pir->rflags = htons(res->rflags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
@ -1773,7 +1779,7 @@ do_restrict(
sockaddr_u *srcadr,
endpt *inter,
struct req_pkt *inpkt,
int op
restrict_op op
)
{
char * datap;
@ -1784,6 +1790,18 @@ do_restrict(
sockaddr_u matchmask;
int bad;
switch(op) {
case RESTRICT_FLAGS:
case RESTRICT_UNFLAG:
case RESTRICT_REMOVE:
case RESTRICT_REMOVEIF:
break;
default:
req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
return;
}
/*
* Do a check of the flags to make sure that only
* the NTPPORT flag is set, if any. If not, complain
@ -1797,7 +1815,7 @@ do_restrict(
return;
}
bad = FALSE;
bad = 0;
while (items-- > 0 && !bad) {
memcpy(&cr, datap, item_sz);
cr.flags = ntohs(cr.flags);
@ -1837,6 +1855,7 @@ do_restrict(
memcpy(&cr, datap, item_sz);
cr.flags = ntohs(cr.flags);
cr.mflags = ntohs(cr.mflags);
cr.ippeerlimit = ntohs(cr.ippeerlimit);
if (client_v6_capable && cr.v6_flag) {
AF(&matchaddr) = AF_INET6;
AF(&matchmask) = AF_INET6;
@ -1849,7 +1868,7 @@ do_restrict(
NSRCADR(&matchmask) = cr.mask;
}
hack_restrict(op, &matchaddr, &matchmask, cr.mflags,
cr.flags, 0);
cr.ippeerlimit, cr.flags, 0);
datap += item_sz;
}
@ -1975,7 +1994,7 @@ reset_peer(
#ifdef ISC_PLATFORM_HAVESALEN
peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
#endif
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
if (NULL == p)
bad++;
datap += item_sz;
@ -2008,10 +2027,10 @@ reset_peer(
#ifdef ISC_PLATFORM_HAVESALEN
peeraddr.sa.sa_len = SOCKLEN(&peeraddr);
#endif
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0);
p = findexistingpeer(&peeraddr, NULL, NULL, -1, 0, NULL);
while (p != NULL) {
peer_reset(p);
p = findexistingpeer(&peeraddr, NULL, p, -1, 0);
p = findexistingpeer(&peeraddr, NULL, p, -1, 0, NULL);
}
datap += item_sz;
}
@ -2492,7 +2511,7 @@ get_clock_info(
while (items-- > 0 && ic) {
NSRCADR(&addr) = *clkaddr++;
if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) {
req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
return;
}
@ -2556,7 +2575,7 @@ set_clock_fudge(
#endif
SET_PORT(&addr, NTP_PORT);
if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) {
req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
return;
}
@ -2631,7 +2650,7 @@ get_clkbug_info(
while (items-- > 0 && ic) {
NSRCADR(&addr) = *clkaddr++;
if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
findexistingpeer(&addr, NULL, NULL, -1, 0, NULL)) {
req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA);
return;
}

197
ntpd/ntp_restrict.c
View File

@ -86,6 +86,8 @@ static u_long res_limited_refcnt;
/*
* Our default entries.
*
* We can make this cleaner with c99 support: see init_restrict().
*/
static restrict_u restrict_def4;
static restrict_u restrict_def6;
@ -94,8 +96,9 @@ static restrict_u restrict_def6;
* "restrict source ..." enabled knob and restriction bits.
*/
static int restrict_source_enabled;
static u_short restrict_source_flags;
static u_short restrict_source_rflags;
static u_short restrict_source_mflags;
static short restrict_source_ippeerlimit;
/*
* private functions
@ -111,8 +114,81 @@ static restrict_u * match_restrict6_addr(const struct in6_addr *,
static restrict_u * match_restrict_entry(const restrict_u *, int);
static int res_sorts_before4(restrict_u *, restrict_u *);
static int res_sorts_before6(restrict_u *, restrict_u *);
static char * roptoa(restrict_op op);
void dump_restricts(void);
/*
* dump_restrict - spit out a restrict_u
*/
static void
dump_restrict(
restrict_u * res,
int is_ipv6
)
{
char as[INET6_ADDRSTRLEN];
char ms[INET6_ADDRSTRLEN];
if (is_ipv6) {
inet_ntop(AF_INET6, &res->u.v6.addr, as, sizeof as);
inet_ntop(AF_INET6, &res->u.v6.mask, ms, sizeof ms);
} else {
struct in_addr sia = { htonl(res->u.v4.addr) };
struct in_addr sim = { htonl(res->u.v4.mask) };
inet_ntop(AF_INET, &sia, as, sizeof as);
inet_ntop(AF_INET, &sim, ms, sizeof ms);
}
mprintf("restrict node at %p: %s/%s count %d, rflags %05x, mflags %05x, ippeerlimit %d, expire %lu, next %p\n",
res, as, ms, res->count, res->rflags, res->mflags,
res->ippeerlimit, res->expire, res->link);
return;
}
/*
* dump_restricts - spit out the 'restrict' lines
*/
void
dump_restricts(void)
{
int defaultv4_done = 0;
int defaultv6_done = 0;
restrict_u * res;
restrict_u * next;
mprintf("dump_restrict: restrict_def4: %p\n", &restrict_def4);
/* Spit out 'restrict {,-4,-6} default ...' lines, if needed */
for (res = &restrict_def4; res != NULL; res = next) {
dump_restrict(res, 0);
next = res->link;
}
mprintf("dump_restrict: restrict_def6: %p\n", &restrict_def6);
for (res = &restrict_def6; res != NULL; res = next) {
dump_restrict(res, 1);
next = res->link;
}
/* Spit out the IPv4 list */
mprintf("dump_restrict: restrictlist4: %p\n", &restrictlist4);
for (res = restrictlist4; res != NULL; res = next) {
dump_restrict(res, 0);
next = res->link;
}
/* Spit out the IPv6 list */
mprintf("dump_restrict: restrictlist6: %p\n", &restrictlist6);
for (res = restrictlist6; res != NULL; res = next) {
dump_restrict(res, 1);
next = res->link;
}
return;
}
/*
* init_restrict - initialize the restriction data structures
*/
@ -147,6 +223,10 @@ init_restrict(void)
* behavior as but reversed implementation compared to the docs.
*
*/
restrict_def4.ippeerlimit = -1; /* Cleaner if we have C99 */
restrict_def6.ippeerlimit = -1; /* Cleaner if we have C99 */
LINK_SLIST(restrictlist4, &restrict_def4, link);
LINK_SLIST(restrictlist6, &restrict_def6, link);
restrictcount = 2;
@ -215,7 +295,7 @@ free_res(
restrict_u * unlinked;
restrictcount--;
if (RES_LIMITED & res->flags)
if (RES_LIMITED & res->rflags)
dec_res_limited();
if (v6)
@ -265,14 +345,21 @@ match_restrict4_addr(
restrict_u * next;
for (res = restrictlist4; res != NULL; res = next) {
struct in_addr sia = { htonl(res->u.v4.addr) };
next = res->link;
if (res->expire &&
res->expire <= current_time)
free_res(res, v6);
if (res->u.v4.addr == (addr & res->u.v4.mask)
&& (!(RESM_NTPONLY & res->mflags)
|| NTP_PORT == port))
DPRINTF(2, ("match_restrict4_addr: Checking %s, port %d ... ",
inet_ntoa(sia), port));
if ( res->expire
&& res->expire <= current_time)
free_res(res, v6); /* zeroes the contents */
if ( res->u.v4.addr == (addr & res->u.v4.mask)
&& ( !(RESM_NTPONLY & res->mflags)
|| NTP_PORT == port)) {
DPRINTF(2, ("MATCH: ippeerlimit %d\n", res->ippeerlimit));
break;
}
DPRINTF(2, ("doesn't match: ippeerlimit %d\n", res->ippeerlimit));
}
return res;
}
@ -410,19 +497,25 @@ res_sorts_before6(
/*
* restrictions - return restrictions for this host
* restrictions - return restrictions for this host in *r4a
*/
u_short
void
restrictions(
sockaddr_u *srcadr
sockaddr_u *srcadr,
r4addr *r4a
)
{
restrict_u *match;
struct in6_addr *pin6;
u_short flags;
REQUIRE(NULL != r4a);
res_calls++;
flags = 0;
r4a->rflags = RES_IGNORE;
r4a->ippeerlimit = 0;
DPRINTF(1, ("restrictions: looking up %s\n", stoa(srcadr)));
/* IPv4 source address */
if (IS_IPV4(srcadr)) {
/*
@ -430,8 +523,11 @@ restrictions(
* (this should be done early in the receive process,
* not later!)
*/
if (IN_CLASSD(SRCADR(srcadr)))
return (int)RES_IGNORE;
if (IN_CLASSD(SRCADR(srcadr))) {
DPRINTF(1, ("restrictions: srcadr %s is multicast\n", stoa(srcadr)));
r4a->ippeerlimit = 2; /* XXX: we should use a better value */
return;
}
match = match_restrict4_addr(SRCADR(srcadr),
SRCPORT(srcadr));
@ -448,7 +544,8 @@ restrictions(
res_not_found++;
else
res_found++;
flags = match->flags;
r4a->rflags = match->rflags;
r4a->ippeerlimit = match->ippeerlimit;
}
/* IPv6 source address */
@ -461,7 +558,7 @@ restrictions(
* not later!)
*/
if (IN6_IS_ADDR_MULTICAST(pin6))
return (int)RES_IGNORE;
return;
match = match_restrict6_addr(pin6, SRCPORT(srcadr));
INSIST(match != NULL);
@ -470,9 +567,29 @@ restrictions(
res_not_found++;
else
res_found++;
flags = match->flags;
r4a->rflags = match->rflags;
r4a->ippeerlimit = match->ippeerlimit;
}
return;
}
/*
* roptoa - convert a restrict_op to a string
*/
char *
roptoa(restrict_op op) {
static char sb[30];
switch(op) {
case RESTRICT_FLAGS: return "RESTRICT_FLAGS";
case RESTRICT_UNFLAG: return "RESTRICT_UNFLAGS";
case RESTRICT_REMOVE: return "RESTRICT_REMOVE";
case RESTRICT_REMOVEIF: return "RESTRICT_REMOVEIF";
default:
snprintf(sb, sizeof sb, "**RESTRICT_#%d**", op);
return sb;
}
return (flags);
}
@ -481,11 +598,12 @@ restrictions(
*/
void
hack_restrict(
int op,
restrict_op op,
sockaddr_u * resaddr,
sockaddr_u * resmask,
short ippeerlimit,
u_short mflags,
u_short flags,
u_short rflags,
u_long expire
)
{
@ -494,14 +612,15 @@ hack_restrict(
restrict_u * res;
restrict_u ** plisthead;
DPRINTF(1, ("restrict: op %d addr %s mask %s mflags %08x flags %08x\n",
op, stoa(resaddr), stoa(resmask), mflags, flags));
DPRINTF(1, ("hack_restrict: op %s addr %s mask %s ippeerlimit %d mflags %08x rflags %08x\n",
roptoa(op), stoa(resaddr), stoa(resmask), ippeerlimit, mflags, rflags));
if (NULL == resaddr) {
REQUIRE(NULL == resmask);
REQUIRE(RESTRICT_FLAGS == op);
restrict_source_flags = flags;
restrict_source_rflags = rflags;
restrict_source_mflags = mflags;
restrict_source_ippeerlimit = ippeerlimit;
restrict_source_enabled = 1;
return;
}
@ -538,8 +657,9 @@ hack_restrict(
} else /* not IPv4 nor IPv6 */
REQUIRE(0);
match.flags = flags;
match.rflags = rflags;
match.mflags = mflags;
match.ippeerlimit = ippeerlimit;
match.expire = expire;
res = match_restrict_entry(&match, v6);
@ -547,7 +667,7 @@ hack_restrict(
case RESTRICT_FLAGS:
/*
* Here we add bits to the flags. If this is a
* Here we add bits to the rflags. If this is a
* new restriction add it.
*/
if (NULL == res) {
@ -569,26 +689,29 @@ hack_restrict(
: res_sorts_before4(res, L_S_S_CUR()),
link, restrict_u);
restrictcount++;
if (RES_LIMITED & flags)
if (RES_LIMITED & rflags)
inc_res_limited();
} else {
if ((RES_LIMITED & flags) &&
!(RES_LIMITED & res->flags))
if ( (RES_LIMITED & rflags)
&& !(RES_LIMITED & res->rflags))
inc_res_limited();
res->flags |= flags;
res->rflags |= rflags;
}
res->ippeerlimit = match.ippeerlimit;
break;
case RESTRICT_UNFLAG:
/*
* Remove some bits from the flags. If we didn't
* Remove some bits from the rflags. If we didn't
* find this one, just return.
*/
if (res != NULL) {
if ((RES_LIMITED & res->flags)
&& (RES_LIMITED & flags))
if ( (RES_LIMITED & res->rflags)
&& (RES_LIMITED & rflags))
dec_res_limited();
res->flags &= ~flags;
res->rflags &= ~rflags;
}
break;
@ -639,7 +762,7 @@ restrict_source(
SET_HOSTMASK(&onesmask, AF(addr));
if (farewell) {
hack_restrict(RESTRICT_REMOVE, addr, &onesmask,
0, 0, 0);
-2, 0, 0, 0);
DPRINTF(1, ("restrict_source: %s removed", stoa(addr)));
return;
}
@ -672,8 +795,8 @@ restrict_source(
return;
hack_restrict(RESTRICT_FLAGS, addr, &onesmask,
restrict_source_mflags, restrict_source_flags,
expire);
restrict_source_ippeerlimit, restrict_source_mflags,
restrict_source_rflags, expire);
DPRINTF(1, ("restrict_source: %s host restriction added\n",
stoa(addr)));
}

1
ntpd/ntp_scanner.c
View File

@ -167,6 +167,7 @@ lex_getch(
stream->backch = EOF;
if (stream->fpi)
conf_file_sum += ch;
stream->curpos.ncol++;
} else if (stream->fpi) {
/* fetch next 7-bit ASCII char (or EOF) from file */
while ((ch = fgetc(stream->fpi)) != EOF && ch > SCHAR_MAX)

20
ntpd/ntp_util.c
View File

@ -666,6 +666,8 @@ mprintf_clock_stats(
* peer ip address
* IP address
* t1 t2 t3 t4 timestamps
* leap, version, mode, stratum, ppoll, precision, root delay, root dispersion, REFID
* length and hex dump of any EFs and any legacy MAC.
*/
void
record_raw_stats(
@ -683,7 +685,9 @@ record_raw_stats(
int precision,
double root_delay, /* seconds */
double root_dispersion,/* seconds */
u_int32 refid
u_int32 refid,
int len,
u_char *extra
)
{
l_fp now;
@ -697,13 +701,23 @@ record_raw_stats(
day = now.l_ui / 86400 + MJD_1900;
now.l_ui %= 86400;
if (rawstats.fp != NULL) {
fprintf(rawstats.fp, "%lu %s %s %s %s %s %s %s %d %d %d %d %d %d %.6f %.6f %s\n",
fprintf(rawstats.fp, "%lu %s %s %s %s %s %s %s %d %d %d %d %d %d %.6f %.6f %s",
day, ulfptoa(&now, 3),
stoa(srcadr), dstadr ? stoa(dstadr) : "-",
srcadr ? stoa(srcadr) : "-",
dstadr ? stoa(dstadr) : "-",
ulfptoa(t1, 9), ulfptoa(t2, 9),
ulfptoa(t3, 9), ulfptoa(t4, 9),
leap, version, mode, stratum, ppoll, precision,
root_delay, root_dispersion, refid_str(refid, stratum));
if (len > 0) {
int i;
fprintf(rawstats.fp, " %d: ", len);
for (i = 0; i < len; ++i) {
fprintf(rawstats.fp, "%02x", extra[i]);
}
}
fprintf(rawstats.fp, "\n");
fflush(rawstats.fp);
}
}

14
ntpd/ntpd-opts.c
View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:42:12 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:13:19 PM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpd options
*/
static char const ntpd_opt_strs[3132] =
/* 0 */ "ntpd 4.2.8p10\n"
/* 0 */ "ntpd 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3132] =
/* 2901 */ "output version information and exit\0"
/* 2937 */ "version\0"
/* 2945 */ "NTPD\0"
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p10\n"
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0"
/* 3082 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 3116 */ "\n\0"
/* 3118 */ "ntpd 4.2.8p10";
/* 3118 */ "ntpd 4.2.8p11";
/**
* ipv4 option description with
@ -1529,7 +1529,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdOptions.pzCopyright */
puts(_("ntpd 4.2.8p10\n\
puts(_("ntpd 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -1670,7 +1670,7 @@ implied warranty.\n"));
puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p10\n\
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n"));
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */
puts(_("ntpd 4.2.8p10"));
puts(_("ntpd 4.2.8p11"));
/* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

6
ntpd/ntpd-opts.h
View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:42:11 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:13:17 PM by AutoGen 5.18.5
* From the definitions ntpd-opts.def
* and the template file options
*
@ -106,9 +106,9 @@ typedef enum {
/** count of all options for ntpd */
#define OPTION_CT 38
/** ntpd version */
#define NTPD_VERSION "4.2.8p10"
#define NTPD_VERSION "4.2.8p11"
/** Full ntpd version text */
#define NTPD_FULL_VERSION "ntpd 4.2.8p10"
#define NTPD_FULL_VERSION "ntpd 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

6
ntpd/ntpd.1ntpdman
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd 1ntpdman "21 Mar 2017" "4.2.8p10" "User Commands"
.TH ntpd 1ntpdman "27 Feb 2018" "4.2.8p11" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-wcairs/ag-fdaWls)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:13 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

4
ntpd/ntpd.1ntpdmdoc
View File

@ -1,9 +1,9 @@
.Dd March 21 2017
.Dd February 27 2018
.Dt NTPD 1ntpdmdoc User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:23 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

15
ntpd/ntpd.c
View File

@ -313,11 +313,16 @@ my_pthread_warmup(void)
#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \
defined(PTHREAD_STACK_MIN)
rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN);
if (0 != rc)
msyslog(LOG_ERR,
"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
strerror(rc));
{
size_t ssmin = 32*1024; /* 32kB should be minimum */
if (ssmin < PTHREAD_STACK_MIN)
ssmin = PTHREAD_STACK_MIN;
rc = pthread_attr_setstacksize(&thr_attr, ssmin);
if (0 != rc)
msyslog(LOG_ERR,
"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
strerror(rc));
}
#endif
rc = pthread_create(
&thread, &thr_attr, my_pthread_warmup_worker, NULL);

4
ntpd/ntpd.html
View File

@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography.
<p>This document applies to version 4.2.8p10 of <code>ntpd</code>.
<p>This document applies to version 4.2.8p11 of <code>ntpd</code>.
<ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0.
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p10-beta
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p10
Usage: ntpd [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... \
[ &lt;server1&gt; ... &lt;serverN&gt; ]
Flg Arg Option-Name Description

6
ntpd/ntpd.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpd @NTPD_MS@ "21 Mar 2017" "4.2.8p10" "User Commands"
.TH ntpd @NTPD_MS@ "27 Feb 2018" "4.2.8p11" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-wcairs/ag-fdaWls)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:13 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

4
ntpd/ntpd.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd March 21 2017
.Dd February 27 2018
.Dt NTPD @NTPD_MS@ User Commands
.Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:23 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl
.Sh NAME

1
ntpd/ntpsim.c
View File

@ -79,6 +79,7 @@ void create_server_associations(void)
NULL,
loopback_interface,
MODE_CLIENT,
-1,
NTP_VERSION,
NTP_MINDPOLL,
NTP_MAXDPOLL,

4
ntpd/refclock_gpsdjson.c
View File

@ -1891,7 +1891,7 @@ gpsd_init_socket(
*/
ov = 1;
rc = setsockopt(up->fdt, IPPROTO_TCP, TCP_NODELAY,
(char*)&ov, sizeof(ov));
(void *)&ov, sizeof(ov));
if (-1 == rc) {
if (syslogok(pp, up))
msyslog(LOG_INFO,
@ -1999,7 +1999,7 @@ gpsd_test_socket(
/* check for socket error */
ec = 0;
lc = sizeof(ec);
rc = getsockopt(up->fdt, SOL_SOCKET, SO_ERROR, &ec, &lc);
rc = getsockopt(up->fdt, SOL_SOCKET, SO_ERROR, (void *)&ec, &lc);
if (-1 == rc || 0 != ec) {
const char *errtxt;
if (0 == ec)

28
ntpd/refclock_jjy.c
View File

@ -110,6 +110,11 @@
/* [Fix] C-DEX JST2000 */
/* Thanks to Mr. Kuramatsu for the report and the patch. */
/* */
/* 2017/04/30 */
/* [Change] Avoid a wrong report of the coverity static analysis */
/* tool. ( The code is harmless and has no bug. ) */
/* teljjy_conn_send() */
/* */
/**********************************************************************/
#ifdef HAVE_CONFIG_H
@ -393,6 +398,7 @@ struct refclock refclock_jjy = {
#define JJY_CLOCKSTATS_MARK_ATTENTION 5
#define JJY_CLOCKSTATS_MARK_WARNING 6
#define JJY_CLOCKSTATS_MARK_ERROR 7
#define JJY_CLOCKSTATS_MARK_BUG 8
/* Local constants definition for the clockstats messages */
@ -3299,6 +3305,7 @@ teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *u
const char * pCmd ;
int i, iLen, iNextClockState ;
char sLog [ 120 ] ;
DEBUG_TELJJY_PRINTF( "teljjy_conn_send" ) ;
@ -3327,8 +3334,8 @@ teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *u
/* Loopback character comes */
#ifdef DEBUG
if ( debug ) {
printf( "refclock_jjy.c : teljjy_conn_send : iLoopbackCount=%d\n",
up->iLoopbackCount ) ;
printf( "refclock_jjy.c : teljjy_conn_send : iClockCommandSeq=%d iLoopbackCount=%d\n",
up->iClockCommandSeq, up->iLoopbackCount ) ;
}
#endif
@ -3351,8 +3358,18 @@ teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *u
if ( teljjy_command_sequence[up->iClockCommandSeq].iExpectedReplyType == TELJJY_REPLY_LOOPBACK ) {
/* Loopback character and timestamp */
gettimeofday( &(up->sendTime[up->iLoopbackCount]), NULL ) ;
up->bLoopbackMode = TRUE ;
if ( up->iLoopbackCount < MAX_LOOPBACK ) {
gettimeofday( &(up->sendTime[up->iLoopbackCount]), NULL ) ;
up->bLoopbackMode = TRUE ;
} else {
/* This else-block is never come. */
/* This code avoid wrong report of the coverity static analysis scan tool. */
snprintf( sLog, sizeof(sLog)-1, "refclock_jjy.c ; teljjy_conn_send ; iClockCommandSeq=%d iLoopbackCount=%d MAX_LOOPBACK=%d",
up->iClockCommandSeq, up->iLoopbackCount, MAX_LOOPBACK ) ;
jjy_write_clockstats( peer, JJY_CLOCKSTATS_MARK_BUG, sLog ) ;
msyslog ( LOG_ERR, "%s", sLog ) ;
up->bLoopbackMode = FALSE ;
}
} else {
/* Regular command */
up->bLoopbackMode = FALSE ;
@ -4383,6 +4400,9 @@ jjy_write_clockstats ( struct peer *peer, int iMark, const char *pData )
case JJY_CLOCKSTATS_MARK_ERROR :
pMark = "-X- " ;
break ;
case JJY_CLOCKSTATS_MARK_BUG :
pMark = "!!! " ;
break ;
default :
pMark = "" ;
break ;

130
ntpd/refclock_palisade.c
View File

@ -80,10 +80,6 @@ extern int async_write(int, const void *, unsigned int);
#endif
#include "refclock_palisade.h"
/* Table to get from month to day of the year */
const int days_of_year [12] = {
0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
};
#ifdef DEBUG
const char * Tracking_Status[15][15] = {
@ -107,7 +103,7 @@ struct refclock refclock_palisade = {
NOFLAGS /* not used */
};
int day_of_year (char *dt);
static int decode_date(struct refclockproc *pp, const char *cp);
/* Extract the clock type from the mode setting */
#define CLK_TYPE(x) ((int)(((x)->ttl) & 0x7F))
@ -226,7 +222,7 @@ init_thunderbolt (
sendetx (&tx, fd);
/* activate packets 0x8F-AB and 0x8F-AC */
sendsupercmd (&tx, 0x8F, 0xA5);
sendsupercmd (&tx, 0x8E, 0xA5);
sendint (&tx, 0x5);
sendetx (&tx, fd);
@ -400,33 +396,78 @@ palisade_shutdown (
}
/*
* unpack_date - get day and year from date
* unpack helpers
*/
int
day_of_year (
char * dt
)
static inline uint8_t
get_u8(
const char *cp)
{
int day, mon, year;
mon = dt[1];
/* Check month is inside array bounds */
if ((mon < 1) || (mon > 12))
return -1;
day = dt[0] + days_of_year[mon - 1];
year = getint((u_char *) (dt + 2));
if ( !(year % 4) && ((year % 100) ||
(!(year % 100) && !(year%400)))
&&(mon > 2))
day ++; /* leap year and March or later */
return day;
return ((const u_char*)cp)[0];
}
static inline uint16_t
get_u16(
const char *cp)
{
return ((uint16_t)get_u8(cp) << 8) | get_u8(cp + 1);
}
/*
* unpack & fix date (the receiver provides a valid time for 1024 weeks
* after 1997-12-14 and therefore folds back in 2017, 2037,...)
*
* Returns -1 on error, day-of-month + (month * 32) othertwise.
*/
int
decode_date(
struct refclockproc *pp,
const char *cp)
{
static int32_t s_baseday = 0;
struct calendar jd;
int32_t rd;
if (0 == s_baseday) {
if (!ntpcal_get_build_date(&jd)) {
jd.year = 2015;
jd.month = 1;
jd.monthday = 1;
}
s_baseday = ntpcal_date_to_rd(&jd);
}
/* get date fields and convert to RDN */
jd.monthday = get_u8 ( cp );
jd.month = get_u8 (cp + 1);
jd.year = get_u16(cp + 2);
rd = ntpcal_date_to_rd(&jd);
/* for the paranoid: do reverse calculation and cross-check */
ntpcal_rd_to_date(&jd, rd);
if ((jd.monthday != get_u8 ( cp )) ||
(jd.month != get_u8 (cp + 1)) ||
(jd.year != get_u16(cp + 2)) )
return - 1;
/* calculate cycle shift to base day and calculate re-folded
* date
*
* One could do a proper modulo calculation here, but a counting
* loop is probably faster for the next few rollovers...
*/
while (rd < s_baseday)
rd += 7*1024;
ntpcal_rd_to_date(&jd, rd);
/* fill refclock structure & indicate success */
pp->day = jd.yearday;
pp->year = jd.year;
return ((int)jd.month << 5) | jd.monthday;
}
/*
* TSIP_decode - decode the TSIP data packets
@ -441,7 +482,8 @@ TSIP_decode (
double secs;
double secfrac;
unsigned short event = 0;
int mmday;
struct palisade_unit *up;
struct refclockproc *pp;
@ -535,16 +577,16 @@ TSIP_decode (
pp->minute = secint / 60;
secint %= 60;
pp->second = secint % 60;
if ((pp->day = day_of_year(&mb(11))) < 0) break;
pp->year = getint((u_char *) &mb(13));
mmday = decode_date(pp, &mb(11));
if (mmday < 0)
break;
#ifdef DEBUG
if (debug > 1)
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d UTC %02d\n",
up->unit, mb(0) & 0xff, event, pp->hour, pp->minute,
pp->second, pp->nsec, mb(12), mb(11), pp->year, GPS_UTC_Offset);
pp->second, pp->nsec, (mmday >> 5), (mmday & 31), pp->year, GPS_UTC_Offset);
#endif
/* Only use this packet when no
* 8F-AD's are being received
@ -584,7 +626,11 @@ TSIP_decode (
break;
}
up->month = mb(15);
mmday = decode_date(pp, &mb(14));
if (mmday < 0)
break;
up->month = (mmday >> 5); /* Save for LEAP check */
if ( (up->leap_status & PALISADE_LEAP_PENDING) &&
/* Avoid early announce: https://bugs.ntp.org/2773 */
(6 == up->month || 12 == up->month) ) {
@ -612,19 +658,15 @@ TSIP_decode (
pp->nsec = (long) (getdbl((u_char *) &mb(3))
* 1000000000);
if ((pp->day = day_of_year(&mb(14))) < 0)
break;
pp->year = getint((u_char *) &mb(16));
pp->hour = mb(11);
pp->minute = mb(12);
pp->second = mb(13);
up->month = mb(14); /* Save for LEAP check */
#ifdef DEBUG
if (debug > 1)
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d UTC %02x %s\n",
up->unit, mb(0) & 0xff, event, pp->hour, pp->minute,
pp->second, pp->nsec, mb(15), mb(14), pp->year,
pp->second, pp->nsec, (mmday >> 5), (mmday & 31), pp->year,
mb(19), *Tracking_Status[st]);
#endif
return 1;
@ -750,17 +792,17 @@ TSIP_decode (
printf (" Time is from GPS\n\n");
#endif
if ((pp->day = day_of_year(&mb(13))) < 0)
mmday = decode_date(pp, &mb(13));
if (mmday < 0)
break;
tow = getlong((u_char *) &mb(1));
#ifdef DEBUG
if (debug > 1) {
printf("pp->day: %d\n", pp->day);
printf("TOW: %ld\n", tow);
printf("DAY: %d\n", mb(13));
printf("DAY: %d\n", (mmday & 31));
}
#endif
pp->year = getint((u_char *) &mb(15));
pp->hour = mb(12);
pp->minute = mb(11);
pp->second = mb(10);
@ -768,7 +810,9 @@ TSIP_decode (
#ifdef DEBUG
if (debug > 1)
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d ",up->unit, mb(0) & 0xff, event, pp->hour, pp->minute, pp->second, pp->nsec, mb(14), mb(13), pp->year);
printf("TSIP_decode: unit %d: %02X #%d %02d:%02d:%02d.%09ld %02d/%02d/%04d ",
up->unit, mb(0) & 0xff, event, pp->hour, pp->minute, pp->second,
pp->nsec, (mmday >> 5), (mmday & 31), pp->year);
#endif
return 1;
break;

13
ntpd/refclock_parse.c
View File

@ -3614,7 +3614,9 @@ parse_control(
}
else
{
int count = tmpctl.parseformat.parse_count - 1;
int count = tmpctl.parseformat.parse_count;
if (count)
--count;
start = tt = add_var(&out->kv_list, 80, RO|DEF);
tt = ap(start, 80, tt, "refclock_format=\"");
@ -3780,9 +3782,14 @@ parse_process(
}
else
{
unsigned int count = tmpctl.parsegettc.parse_count;
if (count)
--count;
ERR(ERR_BADDATA)
msyslog(LOG_WARNING, "PARSE receiver #%d: FAILED TIMECODE: \"%s\" (check receiver configuration / wiring)",
CLK_UNIT(parse->peer), mkascii(buffer, sizeof buffer, tmpctl.parsegettc.parse_buffer, (unsigned)(tmpctl.parsegettc.parse_count - 1)));
msyslog(LOG_WARNING, "PARSE receiver #%d: FAILED TIMECODE: \"%s\" (check receiver configuration / wiring)",
CLK_UNIT(parse->peer),
mkascii(buffer, sizeof(buffer),
tmpctl.parsegettc.parse_buffer, count));
}
/* copy status to show only changes in case of failures */
parse->timedata.parse_status = parsetime->parse_status;

2
ntpdate/Makefile.in
View File

@ -106,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -974,7 +975,6 @@ install-exec-hook:
#
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

2
ntpdc/Makefile.in
View File

@ -107,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
@ -1246,7 +1247,6 @@ check-libopts: ../sntp/libopts/libopts.la
-cd ../sntp/libopts && $(MAKE) $(AM_MAKEFLAGS) libopts.la
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a

4
ntpdc/invoke-ntpdc.texi
View File

@ -6,7 +6,7 @@
#
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
#
# It has been AutoGen-ed March 21, 2017 at 10:44:50 AM by AutoGen 5.18.5
# It has been AutoGen-ed February 27, 2018 at 05:15:06 PM by AutoGen 5.18.5
# From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl
@end ignore
@ -76,7 +76,7 @@ with a status code of 0.
@exampleindent 0
@example
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p10-beta
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution

19
ntpdc/layout.std
View File

@ -168,7 +168,7 @@ offsetof(v6_flag) = 56
offsetof(unused4) = 60
offsetof(peer6) = 64
sizeof(struct info_sys_stats) = 44
sizeof(struct info_sys_stats) = 52
offsetof(timeup) = 0
offsetof(timereset) = 4
offsetof(denied) = 8
@ -180,6 +180,8 @@ offsetof(processed) = 28
offsetof(badauth) = 32
offsetof(received) = 36
offsetof(limitrejected) = 40
offsetof(lamport) = 44
offsetof(tsrounding) = 48
sizeof(struct old_info_sys_stats) = 40
offsetof(timeup) = 0
@ -260,21 +262,22 @@ sizeof(struct info_restrict) = 56
offsetof(addr) = 0
offsetof(mask) = 4
offsetof(count) = 8
offsetof(flags) = 12
offsetof(rflags) = 12
offsetof(mflags) = 14
offsetof(v6_flag) = 16
offsetof(unused1) = 20
offsetof(addr6) = 24
offsetof(mask6) = 40
sizeof(struct conf_restrict) = 48
sizeof(struct conf_restrict) = 52
offsetof(addr) = 0
offsetof(mask) = 4
offsetof(flags) = 8
offsetof(mflags) = 10
offsetof(v6_flag) = 12
offsetof(addr6) = 16
offsetof(mask6) = 32
offsetof(ippeerlimit) = 8
offsetof(flags) = 10
offsetof(mflags) = 12
offsetof(v6_flag) = 16
offsetof(addr6) = 20
offsetof(mask6) = 36
sizeof(struct info_monitor_1) = 72
offsetof(avg_int) = 0

14
ntpdc/ntpdc-opts.c
View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
*
* It has been AutoGen-ed March 21, 2017 at 10:44:44 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
* static const strings for ntpdc options
*/
static char const ntpdc_opt_strs[1914] =
/* 0 */ "ntpdc 4.2.8p10\n"
/* 0 */ "ntpdc 4.2.8p11\n"
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n"
@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1914] =
/* 1695 */ "no-load-opts\0"
/* 1708 */ "no\0"
/* 1711 */ "NTPDC\0"
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p10\n"
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1848 */ "$HOME\0"
/* 1854 */ ".\0"
/* 1856 */ ".ntprc\0"
/* 1863 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1897 */ "\n\0"
/* 1899 */ "ntpdc 4.2.8p10";
/* 1899 */ "ntpdc 4.2.8p11";
/**
* ipv4 option description with
@ -796,7 +796,7 @@ static void bogus_function(void) {
translate option names.
*/
/* referenced via ntpdcOptions.pzCopyright */
puts(_("ntpdc 4.2.8p10\n\
puts(_("ntpdc 4.2.8p11\n\
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\
@ -862,14 +862,14 @@ implied warranty.\n"));
puts(_("load options from a config file"));
/* referenced via ntpdcOptions.pzUsageTitle */
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p10\n\
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpdcOptions.pzExplain */
puts(_("\n"));
/* referenced via ntpdcOptions.pzFullVersion */
puts(_("ntpdc 4.2.8p10"));
puts(_("ntpdc 4.2.8p11"));
/* referenced via ntpdcOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>"));

6
ntpdc/ntpdc-opts.h
View File

@ -1,7 +1,7 @@
/*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
*
* It has been AutoGen-ed March 21, 2017 at 10:44:43 AM by AutoGen 5.18.5
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def
* and the template file options
*
@ -83,9 +83,9 @@ typedef enum {
/** count of all options for ntpdc */
#define OPTION_CT 15
/** ntpdc version */
#define NTPDC_VERSION "4.2.8p10"
#define NTPDC_VERSION "4.2.8p11"
/** Full ntpdc version text */
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p10"
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p11"
/**
* Interface defines for all options. Replace "n" with the UPPER_CASED

6
ntpdc/ntpdc.1ntpdcman
View File

@ -10,11 +10,11 @@
.ds B-Font B
.ds I-Font I
.ds R-Font R
.TH ntpdc 1ntpdcman "21 Mar 2017" "4.2.8p10" "User Commands"
.TH ntpdc 1ntpdcman "27 Feb 2018" "4.2.8p11" "User Commands"
.\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-T2aicv/ag-q4aGav)
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS)
.\"
.\" It has been AutoGen-ed March 21, 2017 at 10:44:50 AM by AutoGen 5.18.5
.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl
.SH NAME

Some files were not shown because too many files have changed in this diff Show More