MFH
Sponsored by: The FreeBSD Foundation
This commit is contained in:
commit
f9421853ad
@ -26,7 +26,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd September 4, 2015
|
||||
.Dd January 23, 2016
|
||||
.Dt SETFACL 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -62,8 +62,9 @@ starting at position
|
||||
counting from zero.
|
||||
This option is only applicable to NFSv4 ACLs.
|
||||
.It Fl b
|
||||
Remove all ACL entries except for the three required entries
|
||||
(POSIX.1e ACLs) or six "canonical" entries (NFSv4 ACLs).
|
||||
Remove all ACL entries except for the ones synthesized
|
||||
from the file mode - the three mandatory entries in case
|
||||
of POSIX.1e ACL.
|
||||
If the POSIX.1e ACL contains a
|
||||
.Dq Li mask
|
||||
entry, the permissions of the
|
||||
|
48
bin/sh/cd.c
48
bin/sh/cd.c
@ -68,15 +68,13 @@ __FBSDID("$FreeBSD$");
|
||||
static int cdlogical(char *);
|
||||
static int cdphysical(char *);
|
||||
static int docd(char *, int, int);
|
||||
static char *getcomponent(void);
|
||||
static char *getcomponent(char **);
|
||||
static char *findcwd(char *);
|
||||
static void updatepwd(char *);
|
||||
static char *getpwd(void);
|
||||
static char *getpwd2(void);
|
||||
|
||||
static char *curdir = NULL; /* current working directory */
|
||||
static char *prevdir; /* previous working directory */
|
||||
static char *cdcomppath;
|
||||
|
||||
int
|
||||
cdcmd(int argc __unused, char **argv __unused)
|
||||
@ -112,11 +110,10 @@ cdcmd(int argc __unused, char **argv __unused)
|
||||
if (*dest == '\0')
|
||||
dest = ".";
|
||||
if (dest[0] == '-' && dest[1] == '\0') {
|
||||
dest = prevdir ? prevdir : curdir;
|
||||
if (dest)
|
||||
print = 1;
|
||||
else
|
||||
dest = ".";
|
||||
dest = bltinlookup("OLDPWD", 1);
|
||||
if (dest == NULL)
|
||||
error("OLDPWD not set");
|
||||
print = 1;
|
||||
}
|
||||
if (dest[0] == '/' ||
|
||||
(dest[0] == '.' && (dest[1] == '/' || dest[1] == '\0')) ||
|
||||
@ -179,6 +176,7 @@ cdlogical(char *dest)
|
||||
char *p;
|
||||
char *q;
|
||||
char *component;
|
||||
char *path;
|
||||
struct stat statb;
|
||||
int first;
|
||||
int badstat;
|
||||
@ -189,14 +187,14 @@ cdlogical(char *dest)
|
||||
* next time we get the value of the current directory.
|
||||
*/
|
||||
badstat = 0;
|
||||
cdcomppath = stsavestr(dest);
|
||||
path = stsavestr(dest);
|
||||
STARTSTACKSTR(p);
|
||||
if (*dest == '/') {
|
||||
STPUTC('/', p);
|
||||
cdcomppath++;
|
||||
path++;
|
||||
}
|
||||
first = 1;
|
||||
while ((q = getcomponent()) != NULL) {
|
||||
while ((q = getcomponent(&path)) != NULL) {
|
||||
if (q[0] == '\0' || (q[0] == '.' && q[1] == '\0'))
|
||||
continue;
|
||||
if (! first)
|
||||
@ -245,25 +243,25 @@ cdphysical(char *dest)
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the next component of the path name pointed to by cdcomppath.
|
||||
* This routine overwrites the string pointed to by cdcomppath.
|
||||
* Get the next component of the path name pointed to by *path.
|
||||
* This routine overwrites *path and the string pointed to by it.
|
||||
*/
|
||||
static char *
|
||||
getcomponent(void)
|
||||
getcomponent(char **path)
|
||||
{
|
||||
char *p;
|
||||
char *start;
|
||||
|
||||
if ((p = cdcomppath) == NULL)
|
||||
if ((p = *path) == NULL)
|
||||
return NULL;
|
||||
start = cdcomppath;
|
||||
start = *path;
|
||||
while (*p != '/' && *p != '\0')
|
||||
p++;
|
||||
if (*p == '\0') {
|
||||
cdcomppath = NULL;
|
||||
*path = NULL;
|
||||
} else {
|
||||
*p++ = '\0';
|
||||
cdcomppath = p;
|
||||
*path = p;
|
||||
}
|
||||
return start;
|
||||
}
|
||||
@ -274,6 +272,7 @@ findcwd(char *dir)
|
||||
{
|
||||
char *new;
|
||||
char *p;
|
||||
char *path;
|
||||
|
||||
/*
|
||||
* If our argument is NULL, we don't know the current directory
|
||||
@ -282,14 +281,14 @@ findcwd(char *dir)
|
||||
*/
|
||||
if (dir == NULL || curdir == NULL)
|
||||
return getpwd2();
|
||||
cdcomppath = stsavestr(dir);
|
||||
path = stsavestr(dir);
|
||||
STARTSTACKSTR(new);
|
||||
if (*dir != '/') {
|
||||
STPUTS(curdir, new);
|
||||
if (STTOPC(new) == '/')
|
||||
STUNPUTC(new);
|
||||
}
|
||||
while ((p = getcomponent()) != NULL) {
|
||||
while ((p = getcomponent(&path)) != NULL) {
|
||||
if (equal(p, "..")) {
|
||||
while (new > stackblock() && (STUNPUTC(new), *new) != '/');
|
||||
} else if (*p != '\0' && ! equal(p, ".")) {
|
||||
@ -311,14 +310,15 @@ findcwd(char *dir)
|
||||
static void
|
||||
updatepwd(char *dir)
|
||||
{
|
||||
char *prevdir;
|
||||
|
||||
hashcd(); /* update command hash table */
|
||||
|
||||
if (prevdir)
|
||||
ckfree(prevdir);
|
||||
setvar("PWD", dir, VEXPORT);
|
||||
setvar("OLDPWD", curdir, VEXPORT);
|
||||
prevdir = curdir;
|
||||
curdir = dir ? savestr(dir) : NULL;
|
||||
setvar("PWD", curdir, VEXPORT);
|
||||
setvar("OLDPWD", prevdir, VEXPORT);
|
||||
ckfree(prevdir);
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -91,13 +91,13 @@ struct worddest {
|
||||
static char *expdest; /* output of current string */
|
||||
static struct nodelist *argbackq; /* list of back quote expressions */
|
||||
|
||||
static char *argstr(char *, int, struct worddest *);
|
||||
static char *exptilde(char *, int);
|
||||
static char *expari(char *, int, struct worddest *);
|
||||
static const char *argstr(const char *, int, struct worddest *);
|
||||
static const char *exptilde(const char *, int);
|
||||
static const char *expari(const char *, int, struct worddest *);
|
||||
static void expbackq(union node *, int, int, struct worddest *);
|
||||
static void subevalvar_trim(char *, int, int, int);
|
||||
static int subevalvar_misc(char *, const char *, int, int, int);
|
||||
static char *evalvar(char *, int, struct worddest *);
|
||||
static void subevalvar_trim(const char *, int, int, int);
|
||||
static int subevalvar_misc(const char *, const char *, int, int, int);
|
||||
static const char *evalvar(const char *, int, struct worddest *);
|
||||
static int varisset(const char *, int);
|
||||
static void strtodest(const char *, int, int, int, struct worddest *);
|
||||
static void reprocess(int, int, int, int, struct worddest *);
|
||||
@ -262,8 +262,8 @@ expandarg(union node *arg, struct arglist *arglist, int flag)
|
||||
*
|
||||
* If EXP_SPLIT is set, dst receives any complete words produced.
|
||||
*/
|
||||
static char *
|
||||
argstr(char *p, int flag, struct worddest *dst)
|
||||
static const char *
|
||||
argstr(const char *p, int flag, struct worddest *dst)
|
||||
{
|
||||
char c;
|
||||
int quotes = flag & (EXP_GLOB | EXP_CASE); /* do CTLESC */
|
||||
@ -352,12 +352,15 @@ argstr(char *p, int flag, struct worddest *dst)
|
||||
* Perform tilde expansion, placing the result in the stack string and
|
||||
* returning the next position in the input string to process.
|
||||
*/
|
||||
static char *
|
||||
exptilde(char *p, int flag)
|
||||
static const char *
|
||||
exptilde(const char *p, int flag)
|
||||
{
|
||||
char c, *startp = p;
|
||||
char c;
|
||||
const char *startp = p;
|
||||
const char *user;
|
||||
struct passwd *pw;
|
||||
char *home;
|
||||
int len;
|
||||
|
||||
for (;;) {
|
||||
c = *p;
|
||||
@ -377,14 +380,17 @@ exptilde(char *p, int flag)
|
||||
case '\0':
|
||||
case '/':
|
||||
case CTLENDVAR:
|
||||
*p = '\0';
|
||||
if (*(startp+1) == '\0') {
|
||||
len = p - startp - 1;
|
||||
STPUTBIN(startp + 1, len, expdest);
|
||||
STACKSTRNUL(expdest);
|
||||
user = expdest - len;
|
||||
if (*user == '\0') {
|
||||
home = lookupvar("HOME");
|
||||
} else {
|
||||
pw = getpwnam(startp+1);
|
||||
pw = getpwnam(user);
|
||||
home = pw != NULL ? pw->pw_dir : NULL;
|
||||
}
|
||||
*p = c;
|
||||
STADJUST(-len, expdest);
|
||||
if (home == NULL || *home == '\0')
|
||||
return (startp);
|
||||
strtodest(home, flag, VSNORMAL, 1, NULL);
|
||||
@ -398,8 +404,8 @@ exptilde(char *p, int flag)
|
||||
/*
|
||||
* Expand arithmetic expression.
|
||||
*/
|
||||
static char *
|
||||
expari(char *p, int flag, struct worddest *dst)
|
||||
static const char *
|
||||
expari(const char *p, int flag, struct worddest *dst)
|
||||
{
|
||||
char *q, *start;
|
||||
arith_t result;
|
||||
@ -532,7 +538,7 @@ recordleft(const char *str, const char *loc, char *startp)
|
||||
}
|
||||
|
||||
static void
|
||||
subevalvar_trim(char *p, int strloc, int subtype, int startloc)
|
||||
subevalvar_trim(const char *p, int strloc, int subtype, int startloc)
|
||||
{
|
||||
char *startp;
|
||||
char *loc = NULL;
|
||||
@ -606,7 +612,7 @@ subevalvar_trim(char *p, int strloc, int subtype, int startloc)
|
||||
|
||||
|
||||
static int
|
||||
subevalvar_misc(char *p, const char *var, int subtype, int startloc,
|
||||
subevalvar_misc(const char *p, const char *var, int subtype, int startloc,
|
||||
int varflags)
|
||||
{
|
||||
char *startp;
|
||||
@ -645,12 +651,12 @@ subevalvar_misc(char *p, const char *var, int subtype, int startloc,
|
||||
* input string.
|
||||
*/
|
||||
|
||||
static char *
|
||||
evalvar(char *p, int flag, struct worddest *dst)
|
||||
static const char *
|
||||
evalvar(const char *p, int flag, struct worddest *dst)
|
||||
{
|
||||
int subtype;
|
||||
int varflags;
|
||||
char *var;
|
||||
const char *var;
|
||||
const char *val;
|
||||
int patloc;
|
||||
int c;
|
||||
|
@ -112,6 +112,8 @@ FILES+= local2.0
|
||||
FILES+= local3.0
|
||||
FILES+= local4.0
|
||||
FILES+= local5.0
|
||||
FILES+= local6.0
|
||||
FILES+= local7.0
|
||||
.if ${MK_NLS} != "no"
|
||||
FILES+= locale1.0
|
||||
.endif
|
||||
|
10
bin/sh/tests/builtins/local6.0
Normal file
10
bin/sh/tests/builtins/local6.0
Normal file
@ -0,0 +1,10 @@
|
||||
# $FreeBSD$
|
||||
|
||||
f() {
|
||||
local x
|
||||
readonly x=2
|
||||
}
|
||||
x=3
|
||||
f
|
||||
x=4
|
||||
[ "$x" = 4 ]
|
10
bin/sh/tests/builtins/local7.0
Normal file
10
bin/sh/tests/builtins/local7.0
Normal file
@ -0,0 +1,10 @@
|
||||
# $FreeBSD$
|
||||
|
||||
f() {
|
||||
local x
|
||||
readonly x=2
|
||||
}
|
||||
unset x
|
||||
f
|
||||
x=4
|
||||
[ "$x" = 4 ]
|
@ -802,6 +802,7 @@ poplocalvars(void)
|
||||
ckfree(lvp->text);
|
||||
optschanged();
|
||||
} else if ((lvp->flags & (VUNSET|VSTRFIXED)) == VUNSET) {
|
||||
vp->flags &= ~VREADONLY;
|
||||
(void)unsetvar(vp->text);
|
||||
} else {
|
||||
islocalevar = (vp->flags | lvp->flags) & VEXPORT &&
|
||||
|
@ -26,7 +26,7 @@ _libzpool= libzpool
|
||||
.endif
|
||||
.endif
|
||||
|
||||
.if ${MACHINE_CPUARCH} != "sparc64"
|
||||
.if ${MACHINE_CPUARCH} != "sparc64" && ${MACHINE_CPUARCH} != "riscv"
|
||||
_drti= drti
|
||||
_libdtrace= libdtrace
|
||||
.endif
|
||||
|
@ -443,6 +443,7 @@ mib_fetch_ifmib(struct mibif *ifp)
|
||||
size_t len;
|
||||
void *newmib;
|
||||
struct ifmibdata oldmib = ifp->mib;
|
||||
struct ifreq irr;
|
||||
|
||||
if (fetch_generic_mib(ifp, &oldmib) == -1)
|
||||
return (-1);
|
||||
@ -514,6 +515,18 @@ mib_fetch_ifmib(struct mibif *ifp)
|
||||
}
|
||||
|
||||
out:
|
||||
strncpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
|
||||
irr.ifr_buffer.buffer = MIBIF_PRIV(ifp)->alias;
|
||||
irr.ifr_buffer.length = sizeof(MIBIF_PRIV(ifp)->alias);
|
||||
if (ioctl(mib_netsock, SIOCGIFDESCR, &irr) == -1) {
|
||||
MIBIF_PRIV(ifp)->alias[0] = 0;
|
||||
if (errno != ENOMSG)
|
||||
syslog(LOG_WARNING, "SIOCGIFDESCR (%s): %m", ifp->name);
|
||||
} else if (irr.ifr_buffer.buffer == NULL) {
|
||||
MIBIF_PRIV(ifp)->alias[0] = 0;
|
||||
syslog(LOG_WARNING, "SIOCGIFDESCR (%s): too long (%zu)",
|
||||
ifp->name, irr.ifr_buffer.length);
|
||||
}
|
||||
ifp->mibtick = get_ticks();
|
||||
return (0);
|
||||
}
|
||||
|
@ -57,6 +57,9 @@
|
||||
#include "snmp_mibII.h"
|
||||
#include "mibII_tree.h"
|
||||
|
||||
/* maximum size of the interface alias */
|
||||
#define MIBIF_ALIAS_SIZE (64 + 1)
|
||||
|
||||
/*
|
||||
* Interface list and flags.
|
||||
*/
|
||||
@ -77,6 +80,9 @@ struct mibif_private {
|
||||
uint64_t hc_opackets;
|
||||
uint64_t hc_imcasts;
|
||||
uint64_t hc_ipackets;
|
||||
|
||||
/* this should be made public */
|
||||
char alias[MIBIF_ALIAS_SIZE];
|
||||
};
|
||||
#define MIBIF_PRIV(IFP) ((struct mibif_private *)((IFP)->private))
|
||||
|
||||
|
@ -528,7 +528,7 @@ op_ifxtable(struct snmp_context *ctx, struct snmp_value *value,
|
||||
break;
|
||||
|
||||
case LEAF_ifAlias:
|
||||
ret = string_get(value, "", -1);
|
||||
ret = string_get(value, MIBIF_PRIV(ifp)->alias, -1);
|
||||
break;
|
||||
|
||||
case LEAF_ifCounterDiscontinuityTime:
|
||||
|
@ -74,11 +74,13 @@
|
||||
* global header to prevent other C files from making the detour
|
||||
* through __c?zdi2() as well.
|
||||
*
|
||||
* This problem has only been observed on FreeBSD for sparc64 and
|
||||
* mips64 with GCC 4.2.1.
|
||||
* This problem has been observed on FreeBSD for sparc64 and
|
||||
* mips64 with GCC 4.2.1, and for riscv with GCC 5.2.0.
|
||||
* Presumably it's any version of GCC, and targeting an arch that
|
||||
* does not have dedicated bit counting instructions.
|
||||
*/
|
||||
#if defined(__FreeBSD__) && (defined(__sparc64__) || \
|
||||
defined(__mips_n64) || defined(__mips_o64))
|
||||
defined(__mips_n64) || defined(__mips_o64) || defined(__riscv__))
|
||||
si_int __clzsi2(si_int);
|
||||
si_int __ctzsi2(si_int);
|
||||
#define __builtin_clz __clzsi2
|
||||
|
@ -76,6 +76,10 @@ namespace __sanitizer {
|
||||
#elif defined(__powerpc64__)
|
||||
const unsigned struct_kernel_stat_sz = 144;
|
||||
const unsigned struct_kernel_stat64_sz = 104;
|
||||
#elif defined(__riscv__)
|
||||
/* RISCVTODO: check that these values are correct */
|
||||
const unsigned struct_kernel_stat_sz = 128;
|
||||
const unsigned struct_kernel_stat64_sz = 128;
|
||||
#elif defined(__mips__)
|
||||
#if SANITIZER_WORDSIZE == 64
|
||||
const unsigned struct_kernel_stat_sz = 216;
|
||||
@ -103,7 +107,7 @@ namespace __sanitizer {
|
||||
|
||||
#if SANITIZER_LINUX || SANITIZER_FREEBSD
|
||||
|
||||
#if defined(__powerpc64__)
|
||||
#if defined(__powerpc64__) || defined(__riscv__)
|
||||
const unsigned struct___old_kernel_stat_sz = 0;
|
||||
#else
|
||||
const unsigned struct___old_kernel_stat_sz = 32;
|
||||
@ -481,7 +485,7 @@ namespace __sanitizer {
|
||||
typedef long __sanitizer___kernel_off_t;
|
||||
#endif
|
||||
|
||||
#if defined(__powerpc__) || defined(__mips__)
|
||||
#if defined(__powerpc__) || defined(__mips__) || defined(__riscv__)
|
||||
typedef unsigned int __sanitizer___kernel_old_uid_t;
|
||||
typedef unsigned int __sanitizer___kernel_old_gid_t;
|
||||
#else
|
||||
|
@ -97,6 +97,12 @@
|
||||
#define LIBELF_BYTEORDER ELFDATA2MSB
|
||||
#define LIBELF_CLASS ELFCLASS32
|
||||
|
||||
#elif defined(__riscv64)
|
||||
|
||||
#define LIBELF_ARCH EM_RISCV
|
||||
#define LIBELF_BYTEORDER ELFDATA2LSB
|
||||
#define LIBELF_CLASS ELFCLASS64
|
||||
|
||||
#elif defined(__sparc__)
|
||||
|
||||
#define LIBELF_ARCH EM_SPARCV9
|
||||
|
6
contrib/gcc/config/riscv64/freebsd.h
Normal file
6
contrib/gcc/config/riscv64/freebsd.h
Normal file
@ -0,0 +1,6 @@
|
||||
/* $FreeBSD$ */
|
||||
|
||||
#undef INIT_SECTION_ASM_OP
|
||||
#undef FINI_SECTION_ASM_OP
|
||||
#define INIT_ARRAY_SECTION_ASM_OP "\t.section\t.init_array,\"aw\",%init_array"
|
||||
#define FINI_ARRAY_SECTION_ASM_OP "\t.section\t.fini_array,\"aw\",%fini_array"
|
1
contrib/gcc/config/riscv64/riscv64.h
Normal file
1
contrib/gcc/config/riscv64/riscv64.h
Normal file
@ -0,0 +1 @@
|
||||
/* $FreeBSD$ */
|
@ -253,6 +253,9 @@ typedef unsigned szind_t;
|
||||
# ifdef __powerpc__
|
||||
# define LG_QUANTUM 4
|
||||
# endif
|
||||
# ifdef __riscv__
|
||||
# define LG_QUANTUM 4
|
||||
# endif
|
||||
# ifdef __s390__
|
||||
# define LG_QUANTUM 4
|
||||
# endif
|
||||
|
@ -52,6 +52,9 @@
|
||||
#elif defined(__powerpc__)
|
||||
# define LG_SIZEOF_PTR 2
|
||||
#endif
|
||||
#ifdef __riscv__
|
||||
# define LG_SIZEOF_PTR 3
|
||||
#endif
|
||||
|
||||
#ifndef JEMALLOC_TLS_MODEL
|
||||
# define JEMALLOC_TLS_MODEL /* Default. */
|
||||
|
@ -295,6 +295,77 @@ enum {
|
||||
UNW_PPC_SPEFSCR = 112
|
||||
};
|
||||
|
||||
// 64-bit RISC-V registers
|
||||
enum {
|
||||
UNW_RISCV_X0 = 0,
|
||||
UNW_RISCV_X1 = 1,
|
||||
UNW_RISCV_RA = 1,
|
||||
UNW_RISCV_X2 = 2,
|
||||
UNW_RISCV_SP = 2,
|
||||
UNW_RISCV_X3 = 3,
|
||||
UNW_RISCV_X4 = 4,
|
||||
UNW_RISCV_X5 = 5,
|
||||
UNW_RISCV_X6 = 6,
|
||||
UNW_RISCV_X7 = 7,
|
||||
UNW_RISCV_X8 = 8,
|
||||
UNW_RISCV_X9 = 9,
|
||||
UNW_RISCV_X10 = 10,
|
||||
UNW_RISCV_X11 = 11,
|
||||
UNW_RISCV_X12 = 12,
|
||||
UNW_RISCV_X13 = 13,
|
||||
UNW_RISCV_X14 = 14,
|
||||
UNW_RISCV_X15 = 15,
|
||||
UNW_RISCV_X16 = 16,
|
||||
UNW_RISCV_X17 = 17,
|
||||
UNW_RISCV_X18 = 18,
|
||||
UNW_RISCV_X19 = 19,
|
||||
UNW_RISCV_X20 = 20,
|
||||
UNW_RISCV_X21 = 21,
|
||||
UNW_RISCV_X22 = 22,
|
||||
UNW_RISCV_X23 = 23,
|
||||
UNW_RISCV_X24 = 24,
|
||||
UNW_RISCV_X25 = 25,
|
||||
UNW_RISCV_X26 = 26,
|
||||
UNW_RISCV_X27 = 27,
|
||||
UNW_RISCV_X28 = 28,
|
||||
UNW_RISCV_X29 = 29,
|
||||
UNW_RISCV_X30 = 30,
|
||||
UNW_RISCV_X31 = 31,
|
||||
// reserved block
|
||||
UNW_RISCV_D0 = 64,
|
||||
UNW_RISCV_D1 = 65,
|
||||
UNW_RISCV_D2 = 66,
|
||||
UNW_RISCV_D3 = 67,
|
||||
UNW_RISCV_D4 = 68,
|
||||
UNW_RISCV_D5 = 69,
|
||||
UNW_RISCV_D6 = 70,
|
||||
UNW_RISCV_D7 = 71,
|
||||
UNW_RISCV_D8 = 72,
|
||||
UNW_RISCV_D9 = 73,
|
||||
UNW_RISCV_D10 = 74,
|
||||
UNW_RISCV_D11 = 75,
|
||||
UNW_RISCV_D12 = 76,
|
||||
UNW_RISCV_D13 = 77,
|
||||
UNW_RISCV_D14 = 78,
|
||||
UNW_RISCV_D15 = 79,
|
||||
UNW_RISCV_D16 = 80,
|
||||
UNW_RISCV_D17 = 81,
|
||||
UNW_RISCV_D18 = 82,
|
||||
UNW_RISCV_D19 = 83,
|
||||
UNW_RISCV_D20 = 84,
|
||||
UNW_RISCV_D21 = 85,
|
||||
UNW_RISCV_D22 = 86,
|
||||
UNW_RISCV_D23 = 87,
|
||||
UNW_RISCV_D24 = 88,
|
||||
UNW_RISCV_D25 = 89,
|
||||
UNW_RISCV_D26 = 90,
|
||||
UNW_RISCV_D27 = 91,
|
||||
UNW_RISCV_D28 = 92,
|
||||
UNW_RISCV_D29 = 93,
|
||||
UNW_RISCV_D30 = 94,
|
||||
UNW_RISCV_D31 = 95,
|
||||
};
|
||||
|
||||
// 64-bit ARM64 registers
|
||||
enum {
|
||||
UNW_ARM64_X0 = 0,
|
||||
|
@ -1024,6 +1024,264 @@ inline const char *Registers_ppc::getRegisterName(int regNum) {
|
||||
|
||||
}
|
||||
|
||||
/// Registers_riscv holds the register state of a thread in a 64-bit RISC-V
|
||||
/// process.
|
||||
class _LIBUNWIND_HIDDEN Registers_riscv {
|
||||
public:
|
||||
Registers_riscv();
|
||||
Registers_riscv(const void *registers);
|
||||
|
||||
bool validRegister(int num) const;
|
||||
uint64_t getRegister(int num) const;
|
||||
void setRegister(int num, uint64_t value);
|
||||
bool validFloatRegister(int num) const;
|
||||
double getFloatRegister(int num) const;
|
||||
void setFloatRegister(int num, double value);
|
||||
bool validVectorRegister(int num) const;
|
||||
v128 getVectorRegister(int num) const;
|
||||
void setVectorRegister(int num, v128 value);
|
||||
const char *getRegisterName(int num);
|
||||
void jumpto();
|
||||
static int lastDwarfRegNum() { return 95; }
|
||||
|
||||
uint64_t getSP() const { return _registers.__x[2]; }
|
||||
void setSP(uint64_t value) { _registers.__x[2] = value; }
|
||||
uint64_t getIP() const { return _registers.__x[1]; }
|
||||
void setIP(uint64_t value) { _registers.__x[1] = value; }
|
||||
|
||||
private:
|
||||
struct GPRs {
|
||||
uint64_t __x[32]; // x0-x31
|
||||
};
|
||||
|
||||
GPRs _registers;
|
||||
double _vectorHalfRegisters[32];
|
||||
// Currently only the lower double in 128-bit vectore registers
|
||||
// is perserved during unwinding. We could define new register
|
||||
// numbers (> 96) which mean whole vector registers, then this
|
||||
// struct would need to change to contain whole vector registers.
|
||||
};
|
||||
|
||||
inline Registers_riscv::Registers_riscv(const void *registers) {
|
||||
static_assert(sizeof(Registers_riscv) < sizeof(unw_context_t),
|
||||
"riscv registers do not fit into unw_context_t");
|
||||
memcpy(&_registers, registers, sizeof(_registers));
|
||||
static_assert(sizeof(GPRs) == 0x100,
|
||||
"expected VFP registers to be at offset 256");
|
||||
memcpy(_vectorHalfRegisters,
|
||||
static_cast<const uint8_t *>(registers) + sizeof(GPRs),
|
||||
sizeof(_vectorHalfRegisters));
|
||||
}
|
||||
|
||||
inline Registers_riscv::Registers_riscv() {
|
||||
memset(&_registers, 0, sizeof(_registers));
|
||||
memset(&_vectorHalfRegisters, 0, sizeof(_vectorHalfRegisters));
|
||||
}
|
||||
|
||||
inline bool Registers_riscv::validRegister(int regNum) const {
|
||||
if (regNum == UNW_REG_IP)
|
||||
return true;
|
||||
if (regNum == UNW_REG_SP)
|
||||
return true;
|
||||
if (regNum < 0)
|
||||
return false;
|
||||
if (regNum > 95)
|
||||
return false;
|
||||
if ((regNum > 31) && (regNum < 64))
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
inline uint64_t Registers_riscv::getRegister(int regNum) const {
|
||||
if (regNum == UNW_REG_IP)
|
||||
return _registers.__x[1];
|
||||
if (regNum == UNW_REG_SP)
|
||||
return _registers.__x[2];
|
||||
if ((regNum >= 0) && (regNum < 32))
|
||||
return _registers.__x[regNum];
|
||||
_LIBUNWIND_ABORT("unsupported riscv register");
|
||||
}
|
||||
|
||||
inline void Registers_riscv::setRegister(int regNum, uint64_t value) {
|
||||
if (regNum == UNW_REG_IP)
|
||||
_registers.__x[1] = value;
|
||||
else if (regNum == UNW_REG_SP)
|
||||
_registers.__x[2] = value;
|
||||
else if ((regNum >= 0) && (regNum < 32))
|
||||
_registers.__x[regNum] = value;
|
||||
else
|
||||
_LIBUNWIND_ABORT("unsupported riscv register");
|
||||
}
|
||||
|
||||
inline const char *Registers_riscv::getRegisterName(int regNum) {
|
||||
switch (regNum) {
|
||||
case UNW_REG_IP:
|
||||
return "ra";
|
||||
case UNW_REG_SP:
|
||||
return "sp";
|
||||
case UNW_RISCV_X0:
|
||||
return "x0";
|
||||
case UNW_RISCV_X1:
|
||||
return "ra";
|
||||
case UNW_RISCV_X2:
|
||||
return "sp";
|
||||
case UNW_RISCV_X3:
|
||||
return "x3";
|
||||
case UNW_RISCV_X4:
|
||||
return "x4";
|
||||
case UNW_RISCV_X5:
|
||||
return "x5";
|
||||
case UNW_RISCV_X6:
|
||||
return "x6";
|
||||
case UNW_RISCV_X7:
|
||||
return "x7";
|
||||
case UNW_RISCV_X8:
|
||||
return "x8";
|
||||
case UNW_RISCV_X9:
|
||||
return "x9";
|
||||
case UNW_RISCV_X10:
|
||||
return "x10";
|
||||
case UNW_RISCV_X11:
|
||||
return "x11";
|
||||
case UNW_RISCV_X12:
|
||||
return "x12";
|
||||
case UNW_RISCV_X13:
|
||||
return "x13";
|
||||
case UNW_RISCV_X14:
|
||||
return "x14";
|
||||
case UNW_RISCV_X15:
|
||||
return "x15";
|
||||
case UNW_RISCV_X16:
|
||||
return "x16";
|
||||
case UNW_RISCV_X17:
|
||||
return "x17";
|
||||
case UNW_RISCV_X18:
|
||||
return "x18";
|
||||
case UNW_RISCV_X19:
|
||||
return "x19";
|
||||
case UNW_RISCV_X20:
|
||||
return "x20";
|
||||
case UNW_RISCV_X21:
|
||||
return "x21";
|
||||
case UNW_RISCV_X22:
|
||||
return "x22";
|
||||
case UNW_RISCV_X23:
|
||||
return "x23";
|
||||
case UNW_RISCV_X24:
|
||||
return "x24";
|
||||
case UNW_RISCV_X25:
|
||||
return "x25";
|
||||
case UNW_RISCV_X26:
|
||||
return "x26";
|
||||
case UNW_RISCV_X27:
|
||||
return "x27";
|
||||
case UNW_RISCV_X28:
|
||||
return "x28";
|
||||
case UNW_RISCV_X29:
|
||||
return "x29";
|
||||
case UNW_RISCV_X30:
|
||||
return "x30";
|
||||
case UNW_RISCV_X31:
|
||||
return "x31";
|
||||
case UNW_RISCV_D0:
|
||||
return "d0";
|
||||
case UNW_RISCV_D1:
|
||||
return "d1";
|
||||
case UNW_RISCV_D2:
|
||||
return "d2";
|
||||
case UNW_RISCV_D3:
|
||||
return "d3";
|
||||
case UNW_RISCV_D4:
|
||||
return "d4";
|
||||
case UNW_RISCV_D5:
|
||||
return "d5";
|
||||
case UNW_RISCV_D6:
|
||||
return "d6";
|
||||
case UNW_RISCV_D7:
|
||||
return "d7";
|
||||
case UNW_RISCV_D8:
|
||||
return "d8";
|
||||
case UNW_RISCV_D9:
|
||||
return "d9";
|
||||
case UNW_RISCV_D10:
|
||||
return "d10";
|
||||
case UNW_RISCV_D11:
|
||||
return "d11";
|
||||
case UNW_RISCV_D12:
|
||||
return "d12";
|
||||
case UNW_RISCV_D13:
|
||||
return "d13";
|
||||
case UNW_RISCV_D14:
|
||||
return "d14";
|
||||
case UNW_RISCV_D15:
|
||||
return "d15";
|
||||
case UNW_RISCV_D16:
|
||||
return "d16";
|
||||
case UNW_RISCV_D17:
|
||||
return "d17";
|
||||
case UNW_RISCV_D18:
|
||||
return "d18";
|
||||
case UNW_RISCV_D19:
|
||||
return "d19";
|
||||
case UNW_RISCV_D20:
|
||||
return "d20";
|
||||
case UNW_RISCV_D21:
|
||||
return "d21";
|
||||
case UNW_RISCV_D22:
|
||||
return "d22";
|
||||
case UNW_RISCV_D23:
|
||||
return "d23";
|
||||
case UNW_RISCV_D24:
|
||||
return "d24";
|
||||
case UNW_RISCV_D25:
|
||||
return "d25";
|
||||
case UNW_RISCV_D26:
|
||||
return "d26";
|
||||
case UNW_RISCV_D27:
|
||||
return "d27";
|
||||
case UNW_RISCV_D28:
|
||||
return "d28";
|
||||
case UNW_RISCV_D29:
|
||||
return "d29";
|
||||
case UNW_RISCV_D30:
|
||||
return "d30";
|
||||
case UNW_RISCV_D31:
|
||||
return "d31";
|
||||
default:
|
||||
return "unknown register";
|
||||
}
|
||||
}
|
||||
|
||||
inline bool Registers_riscv::validFloatRegister(int regNum) const {
|
||||
if (regNum < UNW_RISCV_D0)
|
||||
return false;
|
||||
if (regNum > UNW_RISCV_D31)
|
||||
return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
inline double Registers_riscv::getFloatRegister(int regNum) const {
|
||||
assert(validFloatRegister(regNum));
|
||||
return _vectorHalfRegisters[regNum - UNW_RISCV_D0];
|
||||
}
|
||||
|
||||
inline void Registers_riscv::setFloatRegister(int regNum, double value) {
|
||||
assert(validFloatRegister(regNum));
|
||||
_vectorHalfRegisters[regNum - UNW_RISCV_D0] = value;
|
||||
}
|
||||
|
||||
inline bool Registers_riscv::validVectorRegister(int) const {
|
||||
return false;
|
||||
}
|
||||
|
||||
inline v128 Registers_riscv::getVectorRegister(int) const {
|
||||
_LIBUNWIND_ABORT("no riscv vector register support yet");
|
||||
}
|
||||
|
||||
inline void Registers_riscv::setVectorRegister(int, v128) {
|
||||
_LIBUNWIND_ABORT("no riscv vector register support yet");
|
||||
}
|
||||
|
||||
|
||||
/// Registers_arm64 holds the register state of a thread in a 64-bit arm
|
||||
/// process.
|
||||
|
@ -562,6 +562,10 @@ class UnwindCursor : public AbstractUnwindCursor{
|
||||
compact_unwind_encoding_t dwarfEncoding(Registers_or1k &) const {
|
||||
return 0;
|
||||
}
|
||||
|
||||
compact_unwind_encoding_t dwarfEncoding(Registers_riscv &) const {
|
||||
return 0;
|
||||
}
|
||||
#endif // _LIBUNWIND_SUPPORT_DWARF_UNWIND
|
||||
|
||||
|
||||
|
@ -478,4 +478,8 @@ DEFINE_LIBUNWIND_PRIVATE_FUNCTION(_ZN9libunwind14Registers_or1k6jumptoEv)
|
||||
l.jr r9
|
||||
l.nop
|
||||
|
||||
#elif defined(__riscv__)
|
||||
|
||||
/* RISCVTODO */
|
||||
|
||||
#endif
|
||||
|
@ -463,4 +463,9 @@ DEFINE_LIBUNWIND_FUNCTION(unw_getcontext)
|
||||
l.sw 116(r3), r29
|
||||
l.sw 120(r3), r30
|
||||
l.sw 124(r3), r31
|
||||
|
||||
#elif defined(__riscv__)
|
||||
|
||||
/* RISCVTODO */
|
||||
|
||||
#endif
|
||||
|
@ -74,7 +74,8 @@
|
||||
#define _LIBUNWIND_BUILD_ZERO_COST_APIS (defined(__i386__) || \
|
||||
defined(__x86_64__) || \
|
||||
defined(__arm__) || \
|
||||
defined(__aarch64__))
|
||||
defined(__aarch64__) || \
|
||||
defined(__riscv__))
|
||||
#define _LIBUNWIND_BUILD_SJLJ_APIS 0
|
||||
#define _LIBUNWIND_SUPPORT_FRAME_APIS (defined(__i386__) || \
|
||||
defined(__x86_64__))
|
||||
|
@ -66,6 +66,9 @@ _LIBUNWIND_EXPORT int unw_init_local(unw_cursor_t *cursor,
|
||||
context, LocalAddressSpace::sThisAddressSpace);
|
||||
#elif defined(__mips__)
|
||||
#warning The MIPS architecture is not supported.
|
||||
#elif defined(__riscv__)
|
||||
new ((void *)cursor) UnwindCursor<LocalAddressSpace, Registers_riscv>(
|
||||
context, LocalAddressSpace::sThisAddressSpace);
|
||||
#else
|
||||
#error Architecture not supported
|
||||
#endif
|
||||
|
@ -1,3 +1,37 @@
|
||||
---
|
||||
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
|
||||
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
|
||||
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
|
||||
* [Sec 2938] ntpq saveconfig command allows dangerous characters
|
||||
in filenames. perlinger@ntp.org
|
||||
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
|
||||
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
|
||||
list. perlinger@ntp.org
|
||||
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
|
||||
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
|
||||
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
|
||||
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
|
||||
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
|
||||
- applied patch by shenpeng11@huawei.com with minor adjustments
|
||||
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
|
||||
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
|
||||
* [Bug 2892] Several test cases assume IPv6 capabilities even when
|
||||
IPv6 is disabled in the build. perlinger@ntp.org
|
||||
- Found this already fixed, but validation led to cleanup actions.
|
||||
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
|
||||
- added limits to stack consumption, fixed some return code handling
|
||||
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
|
||||
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
|
||||
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
|
||||
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
|
||||
- integrated several patches from Havard Eidnes (he@uninett.no)
|
||||
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
|
||||
- implement 'auth_log2()' using integer bithack instead of float calculation
|
||||
* Make leapsec_query debug messages less verbose. Harlan Stenn.
|
||||
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
|
||||
|
||||
---
|
||||
(4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
@ -47,6 +81,7 @@
|
||||
lots of clients. perlinger@ntp.org
|
||||
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
|
||||
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
|
||||
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
|
||||
* Unity cleanup for FreeBSD-6.4. Harlan Stenn.
|
||||
* Unity test cleanup. Harlan Stenn.
|
||||
* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
|
||||
@ -55,9 +90,8 @@
|
||||
* Quiet a warning from clang. Harlan Stenn.
|
||||
* Update the NEWS file. Harlan Stenn.
|
||||
* Update scripts/calc_tickadj/Makefile.am. Harlan Stenn.
|
||||
|
||||
---
|
||||
(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org>
|
||||
(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
* [Sec 2899] CVE-2014-9297 perlinger@ntp.org
|
||||
* [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.
|
||||
|
File diff suppressed because it is too large
Load Diff
253
contrib/ntp/NEWS
253
contrib/ntp/NEWS
@ -1,5 +1,258 @@
|
||||
---
|
||||
|
||||
NTP 4.2.8p6
|
||||
|
||||
Focus: Security, Bug fixes, enhancements.
|
||||
|
||||
Severity: MEDIUM
|
||||
|
||||
In addition to bug fixes and enhancements, this release fixes the
|
||||
following X low- and Y medium-severity vulnerabilities:
|
||||
|
||||
* Potential Infinite Loop in 'ntpq'
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2548 / CVE-2015-8158
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
|
||||
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
|
||||
Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'.
|
||||
The loop's only stopping conditions are receiving a complete and
|
||||
correct response or hitting a small number of error conditions.
|
||||
If the packet contains incorrect values that don't trigger one of
|
||||
the error conditions, the loop continues to receive new packets.
|
||||
Note well, this is an attack against an instance of 'ntpq', not
|
||||
'ntpd', and this attack requires the attacker to do one of the
|
||||
following:
|
||||
* Own a malicious NTP server that the client trusts
|
||||
* Prevent a legitimate NTP server from sending packets to
|
||||
the 'ntpq' client
|
||||
* MITM the 'ntpq' communications between the 'ntpq' client
|
||||
and the NTP server
|
||||
Mitigation:
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page
|
||||
Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
|
||||
|
||||
* 0rigin: Zero Origin Timestamp Bypass
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2945 / CVE-2015-8138
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
|
||||
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
|
||||
(3.7 - LOW if you score AC:L)
|
||||
Summary: To distinguish legitimate peer responses from forgeries, a
|
||||
client attempts to verify a response packet by ensuring that the
|
||||
origin timestamp in the packet matches the origin timestamp it
|
||||
transmitted in its last request. A logic error exists that
|
||||
allows packets with an origin timestamp of zero to bypass this
|
||||
check whenever there is not an outstanding request to the server.
|
||||
Mitigation:
|
||||
Configure 'ntpd' to get time from multiple sources.
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page.
|
||||
Monitor your 'ntpd= instances.
|
||||
Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
|
||||
|
||||
* Stack exhaustion in recursive traversal of restriction list
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016
|
||||
References: Sec 2940 / CVE-2015-7978
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
|
||||
Summary: An unauthenticated 'ntpdc reslist' command can cause a
|
||||
segmentation fault in ntpd by exhausting the call stack.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
|
||||
If you must enable mode 7:
|
||||
configure the use of a 'requestkey' to control who can
|
||||
issue mode 7 requests.
|
||||
configure 'restrict noquery' to further limit mode 7
|
||||
requests to trusted sources.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Stephen Gray at Cisco ASIG.
|
||||
|
||||
* Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2942 / CVE-2015-7979
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:N/AC:M/Au:N/C:N/I:P/A:P) Base Score: 5.8
|
||||
Summary: An off-path attacker can send broadcast packets with bad
|
||||
authentication (wrong key, mismatched key, incorrect MAC, etc)
|
||||
to broadcast clients. It is observed that the broadcast client
|
||||
tears down the association with the broadcast server upon
|
||||
receiving just one bad packet.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page.
|
||||
Monitor your 'ntpd' instances.
|
||||
If this sort of attack is an active problem for you, you have
|
||||
deeper problems to investigate. In this case also consider
|
||||
having smaller NTP broadcast domains.
|
||||
Credit: This weakness was discovered by Aanchal Malhotra of Boston
|
||||
University.
|
||||
|
||||
* reslist NULL pointer dereference
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2939 / CVE-2015-7977
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
|
||||
Summary: An unauthenticated 'ntpdc reslist' command can cause a
|
||||
segmentation fault in ntpd by causing a NULL pointer dereference.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p6, or later, from NTP Project Download Page or
|
||||
the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
mode 7 is disabled by default. Don't enable it.
|
||||
If you must enable mode 7:
|
||||
configure the use of a 'requestkey' to control who can
|
||||
issue mode 7 requests.
|
||||
configure 'restrict noquery' to further limit mode 7
|
||||
requests to trusted sources.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Stephen Gray of Cisco ASIG.
|
||||
|
||||
* 'ntpq saveconfig' command allows dangerous characters in filenames.
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2938 / CVE-2015-7976
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
|
||||
Summary: The ntpq saveconfig command does not do adequate filtering
|
||||
of special characters from the supplied filename.
|
||||
Note well: The ability to use the saveconfig command is controlled
|
||||
by the 'restrict nomodify' directive, and the recommended default
|
||||
configuration is to disable this capability. If the ability to
|
||||
execute a 'saveconfig' is required, it can easily (and should) be
|
||||
limited and restricted to a known small number of IP addresses.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
use 'restrict default nomodify' in your 'ntp.conf' file.
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
build NTP with 'configure --disable-saveconfig' if you will
|
||||
never need this capability, or
|
||||
use 'restrict default nomodify' in your 'ntp.conf' file. Be
|
||||
careful about what IPs have the ability to send 'modify'
|
||||
requests to 'ntpd'.
|
||||
Monitor your ntpd instances.
|
||||
'saveconfig' requests are logged to syslog - monitor your syslog files.
|
||||
Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
|
||||
|
||||
* nextvar() missing length check in ntpq
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2937 / CVE-2015-7975
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
|
||||
If you score A:C, this becomes 4.0.
|
||||
CVSSv3: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Base Score 2.9, LOW
|
||||
Summary: ntpq may call nextvar() which executes a memcpy() into the
|
||||
name buffer without a proper length check against its maximum
|
||||
length of 256 bytes. Note well that we're taking about ntpq here.
|
||||
The usual worst-case effect of this vulnerability is that the
|
||||
specific instance of ntpq will crash and the person or process
|
||||
that did this will have stopped themselves.
|
||||
Mitigation:
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
If you have scripts that feed input to ntpq make sure there are
|
||||
some sanity checks on the input received from the "outside".
|
||||
This is potentially more dangerous if ntpq is run as root.
|
||||
Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG.
|
||||
|
||||
* Skeleton Key: Any trusted key system can serve time
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2936 / CVE-2015-7974
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:N/AC:H/Au:S/C:N/I:C/A:N) Base Score: 4.9
|
||||
Summary: Symmetric key encryption uses a shared trusted key. The
|
||||
reported title for this issue was "Missing key check allows
|
||||
impersonation between authenticated peers" and the report claimed
|
||||
"A key specified only for one server should only work to
|
||||
authenticate that server, other trusted keys should be refused."
|
||||
Except there has never been any correlation between this trusted
|
||||
key and server v. clients machines and there has never been any
|
||||
way to specify a key only for one server. We have treated this as
|
||||
an enhancement request, and ntp-4.2.8p6 includes other checks and
|
||||
tests to strengthen clients against attacks coming from broadcast
|
||||
servers.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
If this scenario represents a real or a potential issue for you,
|
||||
upgrade to 4.2.8p6, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page, and
|
||||
use the new field in the ntp.keys file that specifies the list
|
||||
of IPs that are allowed to serve time. Note that this alone
|
||||
will not protect against time packets with forged source IP
|
||||
addresses, however other changes in ntp-4.2.8p6 provide
|
||||
significant mitigation against broadcast attacks. MITM attacks
|
||||
are a different story.
|
||||
If you are unable to upgrade:
|
||||
Don't use broadcast mode if you cannot monitor your client
|
||||
servers.
|
||||
If you choose to use symmetric keys to authenticate time
|
||||
packets in a hostile environment where ephemeral time
|
||||
servers can be created, or if it is expected that malicious
|
||||
time servers will participate in an NTP broadcast domain,
|
||||
limit the number of participating systems that participate
|
||||
in the shared-key group.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Matt Street of Cisco ASIG.
|
||||
|
||||
* Deja Vu: Replay attack on authenticated broadcast mode
|
||||
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
|
||||
References: Sec 2935 / CVE-2015-7973
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
|
||||
4.3.0 up to, but not including 4.3.90
|
||||
CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
|
||||
Summary: If an NTP network is configured for broadcast operations then
|
||||
either a man-in-the-middle attacker or a malicious participant
|
||||
that has the same trusted keys as the victim can replay time packets.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
Don't use broadcast mode if you cannot monitor your client servers.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Aanchal Malhotra of Boston
|
||||
University.
|
||||
|
||||
Other fixes:
|
||||
|
||||
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
|
||||
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
|
||||
- applied patch by shenpeng11@huawei.com with minor adjustments
|
||||
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
|
||||
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
|
||||
* [Bug 2892] Several test cases assume IPv6 capabilities even when
|
||||
IPv6 is disabled in the build. perlinger@ntp.org
|
||||
- Found this already fixed, but validation led to cleanup actions.
|
||||
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
|
||||
- added limits to stack consumption, fixed some return code handling
|
||||
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
|
||||
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
|
||||
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
|
||||
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
|
||||
- integrated several patches from Havard Eidnes (he@uninett.no)
|
||||
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
|
||||
- implement 'auth_log2()' using integer bithack instead of float calculation
|
||||
* Make leapsec_query debug messages less verbose. Harlan Stenn.
|
||||
|
||||
---
|
||||
|
||||
NTP 4.2.8p5
|
||||
|
||||
Focus: Security, Bug fixes, enhancements.
|
||||
|
20
contrib/ntp/configure
vendored
20
contrib/ntp/configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p5.
|
||||
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p6.
|
||||
#
|
||||
# Report bugs to <http://bugs.ntp.org./>.
|
||||
#
|
||||
@ -590,8 +590,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='ntp'
|
||||
PACKAGE_TARNAME='ntp'
|
||||
PACKAGE_VERSION='4.2.8p5'
|
||||
PACKAGE_STRING='ntp 4.2.8p5'
|
||||
PACKAGE_VERSION='4.2.8p6'
|
||||
PACKAGE_STRING='ntp 4.2.8p6'
|
||||
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
|
||||
PACKAGE_URL='http://www.ntp.org./'
|
||||
|
||||
@ -1616,7 +1616,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures ntp 4.2.8p5 to adapt to many kinds of systems.
|
||||
\`configure' configures ntp 4.2.8p6 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1686,7 +1686,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of ntp 4.2.8p5:";;
|
||||
short | recursive ) echo "Configuration of ntp 4.2.8p6:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1919,7 +1919,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
ntp configure 4.2.8p5
|
||||
ntp configure 4.2.8p6
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@ -2749,7 +2749,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by ntp $as_me 4.2.8p5, which was
|
||||
It was created by ntp $as_me 4.2.8p6, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -3750,7 +3750,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='ntp'
|
||||
VERSION='4.2.8p5'
|
||||
VERSION='4.2.8p6'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@ -37840,7 +37840,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by ntp $as_me 4.2.8p5, which was
|
||||
This file was extended by ntp $as_me 4.2.8p6, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -37907,7 +37907,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
ntp config.status 4.2.8p5
|
||||
ntp config.status 4.2.8p6
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
@ -11,7 +11,7 @@
|
||||
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
|
||||
<p>We have three, now looking for more.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->17-Nov-2015 11:06<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->16-Jan-2016 13:08<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
@ -29,8 +29,9 @@
|
||||
<dd>The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version.</dd>
|
||||
<dt id="dscp"><tt>dscp <i>dscp</i></tt></dt>
|
||||
<dd>This command specifies the Differentiated Services Code Point (DSCP) value that is used in sent NTP packets. The default value is 46 for Expedited Forwarding (EF).</dd>
|
||||
<dt id="enable"><tt>enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</tt><br>
|
||||
<tt>disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</tt></dt>
|
||||
<dt id="enable"><tt>enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</tt></dt>
|
||||
|
||||
<dt><tt>disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</tt></dt>
|
||||
<dd>Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that most of these flags can be modified remotely using <a href="ntpq.html"><tt>ntpq</tt></a> utility program's <tt>:config</tt> and <tt>config-from-file</tt> commands.
|
||||
<dl>
|
||||
<dt><tt>auth</tt></dt>
|
||||
@ -50,6 +51,13 @@
|
||||
<dd>Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable.</dd>
|
||||
<dt><tt>stats</tt></dt>
|
||||
<dd>Enables the statistics facility. See the <a href="monopt.html">Monitoring Options</a> page for further information. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
|
||||
| unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early
|
||||
<dt><tt>unpeer_crypto_early</tt></dt>
|
||||
<dd>Enables the early resetting of an association in case of a crypto failure. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
|
||||
<dt><tt>unpeer_crypto_nak_early</tt></dt>
|
||||
<dd>Enables the early resetting of an association in case of a crypto_NAK message. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
|
||||
<dt><tt>unpeer_digest_early</tt></dt>
|
||||
<dd>Enables the early resetting of an association in case of an autokey digest failur. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
|
||||
</dl>
|
||||
</dd>
|
||||
<dt id="includefile"><tt>includefile <i>includefile</i></tt></dt>
|
||||
|
@ -36,6 +36,7 @@ noinst_HEADERS = \
|
||||
ntp_if.h \
|
||||
ntp_intres.h \
|
||||
ntp_io.h \
|
||||
ntp_keyacc.h \
|
||||
ntp_libopts.h \
|
||||
ntp_lineedit.h \
|
||||
ntp_lists.h \
|
||||
|
@ -521,6 +521,7 @@ noinst_HEADERS = \
|
||||
ntp_if.h \
|
||||
ntp_intres.h \
|
||||
ntp_io.h \
|
||||
ntp_keyacc.h \
|
||||
ntp_libopts.h \
|
||||
ntp_lineedit.h \
|
||||
ntp_lists.h \
|
||||
|
@ -350,6 +350,7 @@ struct peer {
|
||||
l_fp dst; /* destination timestamp */
|
||||
l_fp aorg; /* origin timestamp */
|
||||
l_fp borg; /* alternate origin timestamp */
|
||||
l_fp bxmt; /* most recent broadcast transmit timestamp */
|
||||
double offset; /* peer clock offset */
|
||||
double delay; /* peer roundtrip delay */
|
||||
double jitter; /* peer jitter (squares) */
|
||||
@ -382,7 +383,8 @@ struct peer {
|
||||
* Statistic counters
|
||||
*/
|
||||
u_long timereset; /* time stat counters were reset */
|
||||
u_long timereceived; /* last packet received time */
|
||||
u_long timelastrec; /* last packet received time */
|
||||
u_long timereceived; /* last (clean) packet received time */
|
||||
u_long timereachable; /* last reachable/unreachable time */
|
||||
|
||||
u_long sent; /* packets sent */
|
||||
@ -708,6 +710,9 @@ struct pkt {
|
||||
#define PROTO_ORPHAN 26
|
||||
#define PROTO_ORPHWAIT 27
|
||||
#define PROTO_MODE7 28
|
||||
#define PROTO_UECRYPTO 29
|
||||
#define PROTO_UECRYPTONAK 30
|
||||
#define PROTO_UEDIGEST 31
|
||||
|
||||
/*
|
||||
* Configuration items for the loop filter
|
||||
|
@ -40,6 +40,8 @@
|
||||
|
||||
#include "libntp.h" /* This needs Something above for GETDTABLESIZE */
|
||||
|
||||
#include "ntp_keyacc.h"
|
||||
|
||||
/*
|
||||
* Define FNDELAY and FASYNC using O_NONBLOCK and O_ASYNC if we need
|
||||
* to (and can). This is here initially for QNX, but may help for
|
||||
@ -83,7 +85,6 @@ typedef enum {
|
||||
extern int qos;
|
||||
SOCKET move_fd(SOCKET fd);
|
||||
isc_boolean_t get_broadcastclient_flag(void);
|
||||
extern int is_ip_address(const char *, u_short, sockaddr_u *);
|
||||
extern void sau_from_netaddr(sockaddr_u *, const isc_netaddr_t *);
|
||||
extern void add_nic_rule(nic_rule_match match_type,
|
||||
const char *if_name, int prefixlen,
|
||||
|
13
contrib/ntp/include/ntp_keyacc.h
Normal file
13
contrib/ntp/include/ntp_keyacc.h
Normal file
@ -0,0 +1,13 @@
|
||||
/*
|
||||
* ntp_keyacc.h - key access stuff
|
||||
*/
|
||||
#ifndef NTP_KEYACC_H
|
||||
#define NTP_KEYACC_H
|
||||
|
||||
typedef struct keyaccess KeyAccT;
|
||||
struct keyaccess {
|
||||
KeyAccT * next;
|
||||
sockaddr_u addr;
|
||||
};
|
||||
|
||||
#endif /* NTP_KEYACC_H */
|
@ -16,6 +16,7 @@
|
||||
#include "ntp_malloc.h"
|
||||
#include "ntp_string.h"
|
||||
#include "ntp_syslog.h"
|
||||
#include "ntp_keyacc.h"
|
||||
|
||||
#ifdef __GNUC__
|
||||
#define NTP_PRINTF(fmt, args) __attribute__((__format__(__printf__, fmt, args)))
|
||||
@ -69,6 +70,7 @@ extern int authdecrypt (keyid_t, u_int32 *, size_t, size_t);
|
||||
extern size_t authencrypt (keyid_t, u_int32 *, size_t);
|
||||
extern int authhavekey (keyid_t);
|
||||
extern int authistrusted (keyid_t);
|
||||
extern int authistrustedip (keyid_t, sockaddr_u *);
|
||||
extern int authreadkeys (const char *);
|
||||
extern void authtrust (keyid_t, u_long);
|
||||
extern int authusekey (keyid_t, int, const u_char *);
|
||||
@ -97,7 +99,7 @@ extern int ymd2yd (int, int, int);
|
||||
/* a_md5encrypt.c */
|
||||
extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t);
|
||||
extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t);
|
||||
extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t);
|
||||
extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, KeyAccT *c);
|
||||
extern u_int32 addr2refid (sockaddr_u *);
|
||||
|
||||
/* emalloc.c */
|
||||
@ -141,6 +143,7 @@ extern int atouint (const char *, u_long *);
|
||||
extern int hextoint (const char *, u_long *);
|
||||
extern const char * humanlogtime (void);
|
||||
extern const char * humantime (time_t);
|
||||
extern int is_ip_address (const char *, u_short, sockaddr_u *);
|
||||
extern char * mfptoa (u_int32, u_int32, short);
|
||||
extern char * mfptoms (u_int32, u_int32, short);
|
||||
extern const char * modetoa (size_t);
|
||||
|
@ -218,6 +218,7 @@ typedef uint16_t associd_t; /* association ID */
|
||||
#define ASSOCID_MAX USHRT_MAX
|
||||
typedef u_int32 keyid_t; /* cryptographic key ID */
|
||||
#define KEYID_T_MAX (0xffffffff)
|
||||
|
||||
typedef u_int32 tstamp_t; /* NTP seconds timestamp */
|
||||
|
||||
/*
|
||||
|
@ -60,33 +60,35 @@ typedef sema_type *sem_ref;
|
||||
#if defined(WORK_FORK)
|
||||
|
||||
typedef struct blocking_child_tag {
|
||||
int reusable;
|
||||
int pid;
|
||||
int req_write_pipe; /* parent */
|
||||
int resp_read_pipe;
|
||||
void * resp_read_ctx;
|
||||
int req_read_pipe; /* child */
|
||||
int resp_write_pipe;
|
||||
int ispipe;
|
||||
int reusable;
|
||||
int pid;
|
||||
int req_write_pipe; /* parent */
|
||||
int resp_read_pipe;
|
||||
void * resp_read_ctx;
|
||||
int req_read_pipe; /* child */
|
||||
int resp_write_pipe;
|
||||
int ispipe;
|
||||
volatile u_int resp_ready_seen; /* signal/scan */
|
||||
volatile u_int resp_ready_done; /* consumer/mainloop */
|
||||
} blocking_child;
|
||||
|
||||
#elif defined(WORK_THREAD)
|
||||
|
||||
typedef struct blocking_child_tag {
|
||||
/*
|
||||
* blocking workitems and blocking_responses are dynamically-sized
|
||||
* one-dimensional arrays of pointers to blocking worker requests and
|
||||
* responses.
|
||||
*
|
||||
* IMPORTANT: This structure is shared between threads, and all access
|
||||
* that is not atomic (especially queue operations) must hold the
|
||||
* 'accesslock' semaphore to avoid data races.
|
||||
*
|
||||
* The resource management (thread/semaphore creation/destruction)
|
||||
* functions and functions just testing a handle are safe because these
|
||||
* are only changed by the main thread when no worker is running on the
|
||||
* same data structure.
|
||||
*/
|
||||
/*
|
||||
* blocking workitems and blocking_responses are
|
||||
* dynamically-sized one-dimensional arrays of pointers to
|
||||
* blocking worker requests and responses.
|
||||
*
|
||||
* IMPORTANT: This structure is shared between threads, and all
|
||||
* access that is not atomic (especially queue operations) must
|
||||
* hold the 'accesslock' semaphore to avoid data races.
|
||||
*
|
||||
* The resource management (thread/semaphore
|
||||
* creation/destruction) functions and functions just testing a
|
||||
* handle are safe because these are only changed by the main
|
||||
* thread when no worker is running on the same data structure.
|
||||
*/
|
||||
int reusable;
|
||||
sem_ref accesslock; /* shared access lock */
|
||||
thr_ref thread_ref; /* thread 'handle' */
|
||||
@ -117,6 +119,8 @@ typedef struct blocking_child_tag {
|
||||
int resp_write_pipe; /* child */
|
||||
int ispipe;
|
||||
void * resp_read_ctx; /* child */
|
||||
volatile u_int resp_ready_seen; /* signal/scan */
|
||||
volatile u_int resp_ready_done; /* consumer/mainloop */
|
||||
#else
|
||||
sem_ref responses_pending; /* signalling */
|
||||
#endif
|
||||
@ -126,6 +130,10 @@ typedef struct blocking_child_tag {
|
||||
|
||||
#endif /* WORK_THREAD */
|
||||
|
||||
/* we need some global tag to indicate any blocking child may be ready: */
|
||||
extern volatile u_int blocking_child_ready_seen;/* signal/scan */
|
||||
extern volatile u_int blocking_child_ready_done;/* consumer/mainloop */
|
||||
|
||||
extern blocking_child ** blocking_children;
|
||||
extern size_t blocking_children_alloc;
|
||||
extern int worker_per_query; /* boolean */
|
||||
@ -139,6 +147,7 @@ extern int queue_blocking_response(blocking_child *,
|
||||
blocking_pipe_header *, size_t,
|
||||
const blocking_pipe_header *);
|
||||
extern void process_blocking_resp(blocking_child *);
|
||||
extern void harvest_blocking_responses(void);
|
||||
extern int send_blocking_req_internal(blocking_child *,
|
||||
blocking_pipe_header *,
|
||||
void *);
|
||||
|
@ -107,9 +107,9 @@ extern unsigned int splclock (void);
|
||||
/*
|
||||
* some constants useful for GPS time conversion
|
||||
*/
|
||||
#define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */
|
||||
#define GPSWRAP 990U /* assume week count less than this in the previous epoch */
|
||||
#define GPSWEEKS 1024U /* number of weeks until the GPS epch rolls over */
|
||||
#define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */
|
||||
#define GPSWRAP 990 /* assume week count less than this in the previous epoch */
|
||||
#define GPSWEEKS 1024 /* number of weeks until the GPS epch rolls over */
|
||||
|
||||
/*
|
||||
* state flags
|
||||
|
@ -70,6 +70,7 @@ libntp_a_SRCS = \
|
||||
humandate.c \
|
||||
icom.c \
|
||||
iosignal.c \
|
||||
is_ip_address.c \
|
||||
lib_strbuf.c \
|
||||
machines.c \
|
||||
mktime.c \
|
||||
|
@ -150,12 +150,12 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \
|
||||
calyearstart.c clocktime.c clocktypes.c decodenetnum.c \
|
||||
dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \
|
||||
hextoint.c hextolfp.c humandate.c icom.c iosignal.c \
|
||||
lib_strbuf.c machines.c mktime.c modetoa.c mstolfp.c msyslog.c \
|
||||
netof.c ntp_calendar.c ntp_crypto_rnd.c ntp_intres.c \
|
||||
ntp_libopts.c ntp_lineedit.c ntp_random.c ntp_rfc2553.c \
|
||||
ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \
|
||||
refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \
|
||||
socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
|
||||
is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \
|
||||
mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \
|
||||
ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \
|
||||
ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \
|
||||
prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \
|
||||
socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
|
||||
strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \
|
||||
vint64ops.c work_fork.c work_thread.c ymd2yd.c \
|
||||
$(srcdir)/../lib/isc/assertions.c \
|
||||
@ -207,21 +207,21 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \
|
||||
dolfptoa.$(OBJEXT) emalloc.$(OBJEXT) findconfig.$(OBJEXT) \
|
||||
getopt.$(OBJEXT) hextoint.$(OBJEXT) hextolfp.$(OBJEXT) \
|
||||
humandate.$(OBJEXT) icom.$(OBJEXT) iosignal.$(OBJEXT) \
|
||||
lib_strbuf.$(OBJEXT) machines.$(OBJEXT) mktime.$(OBJEXT) \
|
||||
modetoa.$(OBJEXT) mstolfp.$(OBJEXT) msyslog.$(OBJEXT) \
|
||||
netof.$(OBJEXT) ntp_calendar.$(OBJEXT) \
|
||||
ntp_crypto_rnd.$(OBJEXT) ntp_intres.$(OBJEXT) \
|
||||
ntp_libopts.$(OBJEXT) ntp_lineedit.$(OBJEXT) \
|
||||
ntp_random.$(OBJEXT) ntp_rfc2553.$(OBJEXT) \
|
||||
ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) numtohost.$(OBJEXT) \
|
||||
octtoint.$(OBJEXT) prettydate.$(OBJEXT) refidsmear.$(OBJEXT) \
|
||||
recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) snprintf.$(OBJEXT) \
|
||||
socket.$(OBJEXT) socktoa.$(OBJEXT) socktohost.$(OBJEXT) \
|
||||
ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \
|
||||
strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \
|
||||
timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \
|
||||
work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \
|
||||
$(am__objects_3) $(am__objects_1)
|
||||
is_ip_address.$(OBJEXT) lib_strbuf.$(OBJEXT) \
|
||||
machines.$(OBJEXT) mktime.$(OBJEXT) modetoa.$(OBJEXT) \
|
||||
mstolfp.$(OBJEXT) msyslog.$(OBJEXT) netof.$(OBJEXT) \
|
||||
ntp_calendar.$(OBJEXT) ntp_crypto_rnd.$(OBJEXT) \
|
||||
ntp_intres.$(OBJEXT) ntp_libopts.$(OBJEXT) \
|
||||
ntp_lineedit.$(OBJEXT) ntp_random.$(OBJEXT) \
|
||||
ntp_rfc2553.$(OBJEXT) ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) \
|
||||
numtohost.$(OBJEXT) octtoint.$(OBJEXT) prettydate.$(OBJEXT) \
|
||||
refidsmear.$(OBJEXT) recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) \
|
||||
snprintf.$(OBJEXT) socket.$(OBJEXT) socktoa.$(OBJEXT) \
|
||||
socktohost.$(OBJEXT) ssl_init.$(OBJEXT) statestr.$(OBJEXT) \
|
||||
strdup.$(OBJEXT) strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) \
|
||||
timetoa.$(OBJEXT) timevalops.$(OBJEXT) uglydate.$(OBJEXT) \
|
||||
vint64ops.$(OBJEXT) work_fork.$(OBJEXT) work_thread.$(OBJEXT) \
|
||||
ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1)
|
||||
am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4)
|
||||
libntp_a_OBJECTS = $(am_libntp_a_OBJECTS)
|
||||
libntpsim_a_AR = $(AR) $(ARFLAGS)
|
||||
@ -232,12 +232,12 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \
|
||||
calyearstart.c clocktime.c clocktypes.c decodenetnum.c \
|
||||
dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \
|
||||
hextoint.c hextolfp.c humandate.c icom.c iosignal.c \
|
||||
lib_strbuf.c machines.c mktime.c modetoa.c mstolfp.c msyslog.c \
|
||||
netof.c ntp_calendar.c ntp_crypto_rnd.c ntp_intres.c \
|
||||
ntp_libopts.c ntp_lineedit.c ntp_random.c ntp_rfc2553.c \
|
||||
ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \
|
||||
refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \
|
||||
socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
|
||||
is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \
|
||||
mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \
|
||||
ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \
|
||||
ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \
|
||||
prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \
|
||||
socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
|
||||
strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \
|
||||
vint64ops.c work_fork.c work_thread.c ymd2yd.c \
|
||||
$(srcdir)/../lib/isc/assertions.c \
|
||||
@ -660,6 +660,7 @@ libntp_a_SRCS = \
|
||||
humandate.c \
|
||||
icom.c \
|
||||
iosignal.c \
|
||||
is_ip_address.c \
|
||||
lib_strbuf.c \
|
||||
machines.c \
|
||||
mktime.c \
|
||||
@ -806,6 +807,7 @@ distclean-compile:
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inet_pton.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/interfaceiter.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iosignal.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_ip_address.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib_strbuf.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@
|
||||
|
@ -15,6 +15,7 @@
|
||||
#include "ntp_string.h"
|
||||
#include "ntp_malloc.h"
|
||||
#include "ntp_stdlib.h"
|
||||
#include "ntp_keyacc.h"
|
||||
|
||||
/*
|
||||
* Structure to store keys in in the hash table.
|
||||
@ -25,6 +26,7 @@ struct savekey {
|
||||
symkey * hlink; /* next in hash bucket */
|
||||
DECL_DLIST_LINK(symkey, llink); /* for overall & free lists */
|
||||
u_char * secret; /* shared secret */
|
||||
KeyAccT * keyacclist; /* Private key access list */
|
||||
u_long lifetime; /* remaining lifetime */
|
||||
keyid_t keyid; /* key identifier */
|
||||
u_short type; /* OpenSSL digest NID */
|
||||
@ -48,13 +50,13 @@ struct symkey_alloc_tag {
|
||||
symkey_alloc * authallocs;
|
||||
#endif /* DEBUG */
|
||||
|
||||
static inline u_short auth_log2(double x);
|
||||
static void auth_resize_hashtable(void);
|
||||
static void allocsymkey(symkey **, keyid_t, u_short,
|
||||
u_short, u_long, u_short, u_char *);
|
||||
static void freesymkey(symkey *, symkey **);
|
||||
static u_short auth_log2(size_t);
|
||||
static void auth_resize_hashtable(void);
|
||||
static void allocsymkey(symkey **, keyid_t, u_short, u_short,
|
||||
u_long, u_short, u_char *, KeyAccT *);
|
||||
static void freesymkey(symkey *, symkey **);
|
||||
#ifdef DEBUG
|
||||
static void free_auth_mem(void);
|
||||
static void free_auth_mem(void);
|
||||
#endif
|
||||
|
||||
symkey key_listhead; /* list of all in-use keys */;
|
||||
@ -97,6 +99,7 @@ u_char *cache_secret; /* secret */
|
||||
u_short cache_secretsize; /* secret length */
|
||||
int cache_type; /* OpenSSL digest NID */
|
||||
u_short cache_flags; /* flags that wave */
|
||||
KeyAccT *cache_keyacclist; /* key access list */
|
||||
|
||||
|
||||
/*
|
||||
@ -142,6 +145,7 @@ free_auth_mem(void)
|
||||
key_hash = NULL;
|
||||
cache_keyid = 0;
|
||||
cache_flags = 0;
|
||||
cache_keyacclist = NULL;
|
||||
for (alloc = authallocs; alloc != NULL; alloc = next_alloc) {
|
||||
next_alloc = alloc->link;
|
||||
free(alloc->mem);
|
||||
@ -210,10 +214,33 @@ auth_prealloc_symkeys(
|
||||
}
|
||||
|
||||
|
||||
static inline u_short
|
||||
auth_log2(double x)
|
||||
static u_short
|
||||
auth_log2(size_t x)
|
||||
{
|
||||
return (u_short)(log10(x) / log10(2));
|
||||
/*
|
||||
** bithack to calculate floor(log2(x))
|
||||
**
|
||||
** This assumes
|
||||
** - (sizeof(size_t) is a power of two
|
||||
** - CHAR_BITS is a power of two
|
||||
** - returning zero for arguments <= 0 is OK.
|
||||
**
|
||||
** Does only shifts, masks and sums in integer arithmetic in
|
||||
** log2(CHAR_BIT*sizeof(size_t)) steps. (that is, 5/6 steps for
|
||||
** 32bit/64bit size_t)
|
||||
*/
|
||||
int s;
|
||||
int r = 0;
|
||||
size_t m = ~(size_t)0;
|
||||
|
||||
for (s = sizeof(size_t) / 2 * CHAR_BIT; s != 0; s >>= 1) {
|
||||
m <<= s;
|
||||
if (x & m)
|
||||
r += s;
|
||||
else
|
||||
x <<= s;
|
||||
}
|
||||
return (u_short)r;
|
||||
}
|
||||
|
||||
|
||||
@ -234,7 +261,7 @@ auth_resize_hashtable(void)
|
||||
symkey * sk;
|
||||
|
||||
totalkeys = authnumkeys + authnumfreekeys;
|
||||
hashbits = auth_log2(totalkeys / 4.0) + 1;
|
||||
hashbits = auth_log2(totalkeys / 4) + 1;
|
||||
hashbits = max(4, hashbits);
|
||||
hashbits = min(15, hashbits);
|
||||
|
||||
@ -267,7 +294,8 @@ allocsymkey(
|
||||
u_short type,
|
||||
u_long lifetime,
|
||||
u_short secretsize,
|
||||
u_char * secret
|
||||
u_char * secret,
|
||||
KeyAccT * ka
|
||||
)
|
||||
{
|
||||
symkey * sk;
|
||||
@ -281,6 +309,7 @@ allocsymkey(
|
||||
sk->type = type;
|
||||
sk->secretsize = secretsize;
|
||||
sk->secret = secret;
|
||||
sk->keyacclist = ka;
|
||||
sk->lifetime = lifetime;
|
||||
LINK_SLIST(*bucket, sk, hlink);
|
||||
LINK_TAIL_DLIST(key_listhead, sk, llink);
|
||||
@ -412,6 +441,7 @@ authhavekey(
|
||||
cache_flags = sk->flags;
|
||||
cache_secret = sk->secret;
|
||||
cache_secretsize = sk->secretsize;
|
||||
cache_keyacclist = sk->keyacclist;
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
@ -451,6 +481,7 @@ authtrust(
|
||||
if (cache_keyid == id) {
|
||||
cache_flags = 0;
|
||||
cache_keyid = 0;
|
||||
cache_keyacclist = NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -480,7 +511,7 @@ authtrust(
|
||||
} else {
|
||||
lifetime = 0;
|
||||
}
|
||||
allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL);
|
||||
allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL, NULL);
|
||||
}
|
||||
|
||||
|
||||
@ -511,6 +542,49 @@ authistrusted(
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* authistrustedip - determine if the IP is OK for the keyid
|
||||
*/
|
||||
int
|
||||
authistrustedip(
|
||||
keyid_t keyno,
|
||||
sockaddr_u * sau
|
||||
)
|
||||
{
|
||||
symkey * sk;
|
||||
symkey ** bucket;
|
||||
KeyAccT * kal;
|
||||
KeyAccT * k;
|
||||
|
||||
if (keyno == cache_keyid)
|
||||
kal = cache_keyacclist;
|
||||
else {
|
||||
authkeyuncached++;
|
||||
bucket = &key_hash[KEYHASH(keyno)];
|
||||
for (sk = *bucket; sk != NULL; sk = sk->hlink) {
|
||||
if (keyno == sk->keyid)
|
||||
break;
|
||||
}
|
||||
if (NULL == sk || !(KEY_TRUSTED & sk->flags)) {
|
||||
INSIST(!"authistrustedip: keyid not found/trusted!");
|
||||
return FALSE;
|
||||
}
|
||||
kal = sk->keyacclist;
|
||||
}
|
||||
|
||||
if (NULL == kal)
|
||||
return TRUE;
|
||||
|
||||
for (k = kal; k; k = k->next) {
|
||||
if (SOCK_EQ(&k->addr, sau))
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/* Note: There are two locations below where 'strncpy()' is used. While
|
||||
* this function is a hazard by itself, it's essential that it is used
|
||||
* here. Bug 1243 involved that the secret was filled with NUL bytes
|
||||
@ -527,7 +601,8 @@ MD5auth_setkey(
|
||||
keyid_t keyno,
|
||||
int keytype,
|
||||
const u_char *key,
|
||||
size_t len
|
||||
size_t len,
|
||||
KeyAccT *ka
|
||||
)
|
||||
{
|
||||
symkey * sk;
|
||||
@ -553,6 +628,7 @@ MD5auth_setkey(
|
||||
sk->type = (u_short)keytype;
|
||||
secretsize = len;
|
||||
sk->secretsize = (u_short)secretsize;
|
||||
sk->keyacclist = ka;
|
||||
#ifndef DISABLE_BUG1243_FIX
|
||||
memcpy(sk->secret, key, secretsize);
|
||||
#else
|
||||
@ -563,6 +639,7 @@ MD5auth_setkey(
|
||||
if (cache_keyid == keyno) {
|
||||
cache_flags = 0;
|
||||
cache_keyid = 0;
|
||||
cache_keyacclist = NULL;
|
||||
}
|
||||
return;
|
||||
}
|
||||
@ -580,7 +657,7 @@ MD5auth_setkey(
|
||||
strncpy((char *)secret, (const char *)key, secretsize);
|
||||
#endif
|
||||
allocsymkey(bucket, keyno, 0, (u_short)keytype, 0,
|
||||
(u_short)secretsize, secret);
|
||||
(u_short)secretsize, secret, ka);
|
||||
#ifdef DEBUG
|
||||
if (debug >= 4) {
|
||||
size_t j;
|
||||
|
@ -5,10 +5,12 @@
|
||||
#include <stdio.h>
|
||||
#include <ctype.h>
|
||||
|
||||
#include "ntpd.h" /* Only for DPRINTF */
|
||||
#include "ntp_fp.h"
|
||||
#include "ntp.h"
|
||||
#include "ntp_syslog.h"
|
||||
#include "ntp_stdlib.h"
|
||||
#include "ntp_keyacc.h"
|
||||
|
||||
#ifdef OPENSSL
|
||||
#include "openssl/objects.h"
|
||||
@ -85,6 +87,7 @@ static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3);
|
||||
typedef struct keydata KeyDataT;
|
||||
struct keydata {
|
||||
KeyDataT *next; /* queue/stack link */
|
||||
KeyAccT *keyacclist; /* key access list */
|
||||
keyid_t keyid; /* stored key ID */
|
||||
u_short keytype; /* stored key type */
|
||||
u_short seclen; /* length of secret */
|
||||
@ -228,6 +231,7 @@ authreadkeys(
|
||||
len = strlen(token);
|
||||
if (len <= 20) { /* Bug 2537 */
|
||||
next = emalloc(sizeof(KeyDataT) + len);
|
||||
next->keyacclist = NULL;
|
||||
next->keyid = keyno;
|
||||
next->keytype = keytype;
|
||||
next->seclen = len;
|
||||
@ -257,11 +261,48 @@ authreadkeys(
|
||||
}
|
||||
len = jlim/2; /* hmmmm.... what about odd length?!? */
|
||||
next = emalloc(sizeof(KeyDataT) + len);
|
||||
next->keyacclist = NULL;
|
||||
next->keyid = keyno;
|
||||
next->keytype = keytype;
|
||||
next->seclen = len;
|
||||
memcpy(next->secbuf, keystr, len);
|
||||
}
|
||||
|
||||
token = nexttok(&line);
|
||||
DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL"));
|
||||
if (token != NULL) { /* A comma-separated IP access list */
|
||||
char *tp = token;
|
||||
|
||||
while (tp) {
|
||||
char *i;
|
||||
KeyAccT ka;
|
||||
|
||||
i = strchr(tp, (int)',');
|
||||
if (i)
|
||||
*i = '\0';
|
||||
DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp));
|
||||
|
||||
if (is_ip_address(tp, AF_UNSPEC, &ka.addr)) {
|
||||
KeyAccT *kap;
|
||||
|
||||
kap = emalloc(sizeof(KeyAccT));
|
||||
memcpy(kap, &ka, sizeof ka);
|
||||
kap->next = next->keyacclist;
|
||||
next->keyacclist = kap;
|
||||
} else {
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: invalid IP address <%s> for key %d",
|
||||
tp, keyno);
|
||||
}
|
||||
|
||||
if (i) {
|
||||
tp = i + 1;
|
||||
} else {
|
||||
tp = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
INSIST(NULL != next);
|
||||
next->next = list;
|
||||
list = next;
|
||||
@ -286,7 +327,7 @@ authreadkeys(
|
||||
while (NULL != (next = list)) {
|
||||
list = next->next;
|
||||
MD5auth_setkey(next->keyid, next->keytype,
|
||||
next->secbuf, next->seclen);
|
||||
next->secbuf, next->seclen, next->keyacclist);
|
||||
/* purge secrets from memory before free()ing it */
|
||||
memset(next, 0, sizeof(*next) + next->seclen);
|
||||
free(next);
|
||||
@ -297,6 +338,14 @@ authreadkeys(
|
||||
/* Mop up temporary storage before bailing out. */
|
||||
while (NULL != (next = list)) {
|
||||
list = next->next;
|
||||
|
||||
while (next->keyacclist) {
|
||||
KeyAccT *kap = next->keyacclist;
|
||||
|
||||
next->keyacclist = kap->next;
|
||||
free(kap);
|
||||
}
|
||||
|
||||
/* purge secrets from memory before free()ing it */
|
||||
memset(next, 0, sizeof(*next) + next->seclen);
|
||||
free(next);
|
||||
|
@ -29,6 +29,6 @@ authusekey(
|
||||
if (0 == len)
|
||||
return 0;
|
||||
|
||||
MD5auth_setkey(keyno, keytype, str, len);
|
||||
MD5auth_setkey(keyno, keytype, str, len, NULL);
|
||||
return 1;
|
||||
}
|
||||
|
129
contrib/ntp/libntp/is_ip_address.c
Normal file
129
contrib/ntp/libntp/is_ip_address.c
Normal file
@ -0,0 +1,129 @@
|
||||
/*
|
||||
* is_ip_address
|
||||
*
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include <config.h>
|
||||
#endif
|
||||
|
||||
#if 0
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
#ifdef HAVE_FNMATCH_H
|
||||
# include <fnmatch.h>
|
||||
# if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE)
|
||||
# define FNM_CASEFOLD FNM_IGNORECASE
|
||||
# endif
|
||||
#endif
|
||||
#ifdef HAVE_SYS_PARAM_H
|
||||
# include <sys/param.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_IOCTL_H
|
||||
# include <sys/ioctl.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */
|
||||
# include <sys/sockio.h>
|
||||
#endif
|
||||
#ifdef HAVE_SYS_UIO_H
|
||||
# include <sys/uio.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include "ntp_assert.h"
|
||||
#include "ntp_stdlib.h"
|
||||
#include "safecast.h"
|
||||
|
||||
#if 0
|
||||
#include "ntp_machine.h"
|
||||
#include "ntpd.h"
|
||||
#include "ntp_io.h"
|
||||
#include "iosignal.h"
|
||||
#include "ntp_lists.h"
|
||||
#include "ntp_refclock.h"
|
||||
#include "ntp_worker.h"
|
||||
#include "ntp_request.h"
|
||||
#include "timevalops.h"
|
||||
#include "timespecops.h"
|
||||
#include "ntpd-opts.h"
|
||||
#endif
|
||||
|
||||
/* Don't include ISC's version of IPv6 variables and structures */
|
||||
#define ISC_IPV6_H 1
|
||||
#include <isc/mem.h>
|
||||
#include <isc/interfaceiter.h>
|
||||
#include <isc/netaddr.h>
|
||||
#include <isc/result.h>
|
||||
#include <isc/sockaddr.h>
|
||||
|
||||
|
||||
/*
|
||||
* Code to tell if we have an IP address
|
||||
* If we have then return the sockaddr structure
|
||||
* and set the return value
|
||||
* see the bind9/getaddresses.c for details
|
||||
*/
|
||||
int
|
||||
is_ip_address(
|
||||
const char * host,
|
||||
u_short af,
|
||||
sockaddr_u * addr
|
||||
)
|
||||
{
|
||||
struct in_addr in4;
|
||||
struct addrinfo hints;
|
||||
struct addrinfo *result;
|
||||
struct sockaddr_in6 *resaddr6;
|
||||
char tmpbuf[128];
|
||||
char *pch;
|
||||
|
||||
REQUIRE(host != NULL);
|
||||
REQUIRE(addr != NULL);
|
||||
|
||||
ZERO_SOCK(addr);
|
||||
|
||||
/*
|
||||
* Try IPv4, then IPv6. In order to handle the extended format
|
||||
* for IPv6 scoped addresses (address%scope_ID), we'll use a local
|
||||
* working buffer of 128 bytes. The length is an ad-hoc value, but
|
||||
* should be enough for this purpose; the buffer can contain a string
|
||||
* of at least 80 bytes for scope_ID in addition to any IPv6 numeric
|
||||
* addresses (up to 46 bytes), the delimiter character and the
|
||||
* terminating NULL character.
|
||||
*/
|
||||
if (AF_UNSPEC == af || AF_INET == af)
|
||||
if (inet_pton(AF_INET, host, &in4) == 1) {
|
||||
AF(addr) = AF_INET;
|
||||
SET_ADDR4N(addr, in4.s_addr);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (AF_UNSPEC == af || AF_INET6 == af)
|
||||
if (sizeof(tmpbuf) > strlen(host)) {
|
||||
if ('[' == host[0]) {
|
||||
strlcpy(tmpbuf, &host[1], sizeof(tmpbuf));
|
||||
pch = strchr(tmpbuf, ']');
|
||||
if (pch != NULL)
|
||||
*pch = '\0';
|
||||
} else {
|
||||
strlcpy(tmpbuf, host, sizeof(tmpbuf));
|
||||
}
|
||||
ZERO(hints);
|
||||
hints.ai_family = AF_INET6;
|
||||
hints.ai_flags |= AI_NUMERICHOST;
|
||||
if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) {
|
||||
AF(addr) = AF_INET6;
|
||||
resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr);
|
||||
SET_ADDR6N(addr, resaddr6->sin6_addr);
|
||||
SET_SCOPE(addr, resaddr6->sin6_scope_id);
|
||||
|
||||
freeaddrinfo(result);
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
/*
|
||||
* If we got here it was not an IP address
|
||||
*/
|
||||
return FALSE;
|
||||
}
|
@ -27,6 +27,8 @@ blocking_child ** blocking_children;
|
||||
size_t blocking_children_alloc;
|
||||
int worker_per_query; /* boolean */
|
||||
int intres_req_pending;
|
||||
volatile u_int blocking_child_ready_seen;
|
||||
volatile u_int blocking_child_ready_done;
|
||||
|
||||
|
||||
#ifndef HAVE_IO_COMPLETION_PORT
|
||||
@ -262,6 +264,31 @@ process_blocking_resp(
|
||||
req_child_exit(c);
|
||||
}
|
||||
|
||||
void
|
||||
harvest_blocking_responses(void)
|
||||
{
|
||||
int idx;
|
||||
blocking_child* cp;
|
||||
u_int scseen, scdone;
|
||||
|
||||
scseen = blocking_child_ready_seen;
|
||||
scdone = blocking_child_ready_done;
|
||||
if (scdone != scseen) {
|
||||
blocking_child_ready_done = scseen;
|
||||
for (idx = 0; idx < blocking_children_alloc; idx++) {
|
||||
cp = blocking_children[idx];
|
||||
if (NULL == cp)
|
||||
continue;
|
||||
scseen = cp->resp_ready_seen;
|
||||
scdone = cp->resp_ready_done;
|
||||
if (scdone != scseen) {
|
||||
cp->resp_ready_done = scseen;
|
||||
process_blocking_resp(cp);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* blocking_child_common runs as a forked child or a thread
|
||||
|
@ -323,9 +323,18 @@ adj_systime(
|
||||
else
|
||||
quant = 1e-6;
|
||||
ticks = (long)(dtemp / quant + .5);
|
||||
adjtv.tv_usec = (long)(ticks * quant * 1e6);
|
||||
dtemp -= adjtv.tv_usec / 1e6;
|
||||
sys_residual = dtemp;
|
||||
adjtv.tv_usec = (long)(ticks * quant * 1.e6 + .5);
|
||||
/* The rounding in the conversions could us push over the
|
||||
* limits: make sure the result is properly normalised!
|
||||
* note: sign comes later, all numbers non-negative here.
|
||||
*/
|
||||
if (adjtv.tv_usec >= 1000000) {
|
||||
adjtv.tv_sec += 1;
|
||||
adjtv.tv_usec -= 1000000;
|
||||
dtemp -= 1.;
|
||||
}
|
||||
/* set the new residual with leftover from correction */
|
||||
sys_residual = dtemp - adjtv.tv_usec * 1.e-6;
|
||||
|
||||
/*
|
||||
* Convert to signed seconds and microseconds for the Unix
|
||||
|
@ -25,12 +25,37 @@
|
||||
|
||||
#define CHILD_EXIT_REQ ((blocking_pipe_header *)(intptr_t)-1)
|
||||
#define CHILD_GONE_RESP CHILD_EXIT_REQ
|
||||
/* Queue size increments:
|
||||
* The request queue grows a bit faster than the response queue -- the
|
||||
* deamon can push requests and pull results faster on avarage than the
|
||||
* worker can process requests and push results... If this really pays
|
||||
* off is debatable.
|
||||
*/
|
||||
#define WORKITEMS_ALLOC_INC 16
|
||||
#define RESPONSES_ALLOC_INC 4
|
||||
|
||||
/* Fiddle with min/max stack sizes. 64kB minimum seems to work, so we
|
||||
* set the maximum to 256kB. If the minimum goes below the
|
||||
* system-defined minimum stack size, we have to adjust accordingly.
|
||||
*/
|
||||
#ifndef THREAD_MINSTACKSIZE
|
||||
#define THREAD_MINSTACKSIZE (64U * 1024)
|
||||
# define THREAD_MINSTACKSIZE (64U * 1024)
|
||||
#endif
|
||||
#ifndef __sun
|
||||
#if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
|
||||
# undef THREAD_MINSTACKSIZE
|
||||
# define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef THREAD_MAXSTACKSIZE
|
||||
# define THREAD_MAXSTACKSIZE (256U * 1024)
|
||||
#endif
|
||||
#if THREAD_MAXSTACKSIZE < THREAD_MINSTACKSIZE
|
||||
# undef THREAD_MAXSTACKSIZE
|
||||
# define THREAD_MAXSTACKSIZE THREAD_MINSTACKSIZE
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
|
||||
@ -148,15 +173,19 @@ ensure_workitems_empty_slot(
|
||||
|
||||
size_t new_alloc;
|
||||
size_t slots_used;
|
||||
size_t sidx;
|
||||
|
||||
slots_used = c->head_workitem - c->tail_workitem;
|
||||
if (slots_used >= c->workitems_alloc) {
|
||||
new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC;
|
||||
c->workitems = erealloc(c->workitems, new_alloc * each);
|
||||
for (sidx = c->workitems_alloc; sidx < new_alloc; ++sidx)
|
||||
c->workitems[sidx] = NULL;
|
||||
c->tail_workitem = 0;
|
||||
c->head_workitem = c->workitems_alloc;
|
||||
c->workitems_alloc = new_alloc;
|
||||
}
|
||||
INSIST(NULL == c->workitems[c->head_workitem % c->workitems_alloc]);
|
||||
return (0 == slots_used);
|
||||
}
|
||||
|
||||
@ -180,15 +209,19 @@ ensure_workresp_empty_slot(
|
||||
|
||||
size_t new_alloc;
|
||||
size_t slots_used;
|
||||
size_t sidx;
|
||||
|
||||
slots_used = c->head_response - c->tail_response;
|
||||
if (slots_used >= c->responses_alloc) {
|
||||
new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC;
|
||||
c->responses = erealloc(c->responses, new_alloc * each);
|
||||
for (sidx = c->responses_alloc; sidx < new_alloc; ++sidx)
|
||||
c->responses[sidx] = NULL;
|
||||
c->tail_response = 0;
|
||||
c->head_response = c->responses_alloc;
|
||||
c->responses_alloc = new_alloc;
|
||||
}
|
||||
INSIST(NULL == c->responses[c->head_response % c->responses_alloc]);
|
||||
return (0 == slots_used);
|
||||
}
|
||||
|
||||
@ -478,11 +511,11 @@ start_blocking_thread_internal(
|
||||
# endif
|
||||
pthread_attr_t thr_attr;
|
||||
int rc;
|
||||
int saved_errno;
|
||||
int pipe_ends[2]; /* read then write */
|
||||
int is_pipe;
|
||||
int flags;
|
||||
size_t stacksize;
|
||||
size_t ostacksize;
|
||||
size_t nstacksize;
|
||||
sigset_t saved_sig_mask;
|
||||
|
||||
c->thread_ref = NULL;
|
||||
@ -522,21 +555,29 @@ start_blocking_thread_internal(
|
||||
pthread_attr_setdetachstate(&thr_attr, PTHREAD_CREATE_DETACHED);
|
||||
#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
|
||||
defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE)
|
||||
rc = pthread_attr_getstacksize(&thr_attr, &stacksize);
|
||||
if (-1 == rc) {
|
||||
rc = pthread_attr_getstacksize(&thr_attr, &ostacksize);
|
||||
if (0 != rc) {
|
||||
msyslog(LOG_ERR,
|
||||
"start_blocking_thread: pthread_attr_getstacksize %m");
|
||||
} else if (stacksize < THREAD_MINSTACKSIZE) {
|
||||
rc = pthread_attr_setstacksize(&thr_attr,
|
||||
THREAD_MINSTACKSIZE);
|
||||
if (-1 == rc)
|
||||
"start_blocking_thread: pthread_attr_getstacksize() -> %s",
|
||||
strerror(rc));
|
||||
} else {
|
||||
if (ostacksize < THREAD_MINSTACKSIZE)
|
||||
nstacksize = THREAD_MINSTACKSIZE;
|
||||
else if (ostacksize > THREAD_MAXSTACKSIZE)
|
||||
nstacksize = THREAD_MAXSTACKSIZE;
|
||||
else
|
||||
nstacksize = ostacksize;
|
||||
if (nstacksize != ostacksize)
|
||||
rc = pthread_attr_setstacksize(&thr_attr, nstacksize);
|
||||
if (0 != rc)
|
||||
msyslog(LOG_ERR,
|
||||
"start_blocking_thread: pthread_attr_setstacksize(0x%lx -> 0x%lx) %m",
|
||||
(u_long)stacksize,
|
||||
(u_long)THREAD_MINSTACKSIZE);
|
||||
"start_blocking_thread: pthread_attr_setstacksize(0x%lx -> 0x%lx) -> %s",
|
||||
(u_long)ostacksize, (u_long)nstacksize,
|
||||
strerror(rc));
|
||||
}
|
||||
#else
|
||||
UNUSED_ARG(stacksize);
|
||||
UNUSED_ARG(nstacksize);
|
||||
UNUSED_ARG(ostacksize);
|
||||
#endif
|
||||
#if defined(PTHREAD_SCOPE_SYSTEM) && defined(NEED_PTHREAD_SCOPE_SYSTEM)
|
||||
pthread_attr_setscope(&thr_attr, PTHREAD_SCOPE_SYSTEM);
|
||||
@ -545,12 +586,11 @@ start_blocking_thread_internal(
|
||||
block_thread_signals(&saved_sig_mask);
|
||||
rc = pthread_create(&c->thr_table[0], &thr_attr,
|
||||
&blocking_thread, c);
|
||||
saved_errno = errno;
|
||||
pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
|
||||
pthread_attr_destroy(&thr_attr);
|
||||
if (0 != rc) {
|
||||
errno = saved_errno;
|
||||
msyslog(LOG_ERR, "pthread_create() blocking child: %m");
|
||||
msyslog(LOG_ERR, "start_blocking_thread: pthread_create() -> %s",
|
||||
strerror(rc));
|
||||
exit(1);
|
||||
}
|
||||
c->thread_ref = &c->thr_table[0];
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
|
||||
#
|
||||
# It has been AutoGen-ed January 7, 2016 at 11:30:49 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed January 20, 2016 at 04:17:59 AM by AutoGen 5.18.5
|
||||
# From the definitions ntp.conf.def
|
||||
# and the template file agtexi-file.tpl
|
||||
@end ignore
|
||||
@ -2294,8 +2294,8 @@ otherwise, should be avoided.
|
||||
@item @code{dscp} @kbd{value}
|
||||
This option specifies the Differentiated Services Control Point (DSCP) value,
|
||||
a 6-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]}
|
||||
@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]}
|
||||
@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]}
|
||||
@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]}
|
||||
Provides a way to enable or disable various server options.
|
||||
Flags not mentioned are unaffected.
|
||||
Note that all of these flags
|
||||
@ -2367,6 +2367,67 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
@code{disable}.
|
||||
@item @code{unpeer_crypto_early}
|
||||
By default, if
|
||||
@code{ntpd(1ntpdmdoc)}
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
@code{peerstats}
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
@code{enable}.
|
||||
@item @code{unpeer_crypto_nak_early}
|
||||
By default, if
|
||||
@code{ntpd(1ntpdmdoc)}
|
||||
receives a crypto-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
@code{peerstats}
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
@code{enable}.
|
||||
@item @code{unpeer_digest_early}
|
||||
By default, if
|
||||
@code{ntpd(1ntpdmdoc)}
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
@code{peerstats}
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
@code{enable}.
|
||||
@end table
|
||||
@item @code{includefile} @kbd{includefile}
|
||||
This command allows additional configuration commands
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
|
||||
#
|
||||
# It has been AutoGen-ed January 7, 2016 at 11:30:52 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed January 20, 2016 at 04:18:02 AM by AutoGen 5.18.5
|
||||
# From the definitions ntp.keys.def
|
||||
# and the template file agtexi-file.tpl
|
||||
@end ignore
|
||||
@ -37,7 +37,7 @@ as the configuration file.
|
||||
Key entries use a fixed format of the form
|
||||
|
||||
@example
|
||||
@kbd{keyno} @kbd{type} @kbd{key}
|
||||
@kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list}
|
||||
@end example
|
||||
|
||||
where
|
||||
@ -47,7 +47,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
@kbd{key}
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
@kbd{opt_IP_list}
|
||||
is an optional comma-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
@kbd{opt_IP_list}
|
||||
is empty,
|
||||
any properly-authenticated server message will be
|
||||
accepted.
|
||||
|
||||
The
|
||||
@kbd{key}
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
|
||||
#
|
||||
# It has been AutoGen-ed January 7, 2016 at 11:30:54 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed January 20, 2016 at 04:18:04 AM by AutoGen 5.18.5
|
||||
# From the definitions ntpd-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -142,7 +142,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpd - NTP daemon program - Ver. 4.2.8p5
|
||||
ntpd - NTP daemon program - Ver. 4.2.8p6
|
||||
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
|
||||
[ <server1> ... <serverN> ]
|
||||
Flg Arg Option-Name Description
|
||||
|
@ -1 +1 @@
|
||||
* Generated 2015-06-25 03:57:00 UTC diff_ignore_line
|
||||
* Generated 2016-01-16 08:33:03 UTC diff_ignore_line
|
||||
|
@ -202,6 +202,9 @@ struct key_tok ntp_keywords[] = {
|
||||
{ "ntp", T_Ntp, FOLLBY_TOKEN },
|
||||
{ "mode7", T_Mode7, FOLLBY_TOKEN },
|
||||
{ "stats", T_Stats, FOLLBY_TOKEN },
|
||||
{ "unpeer_crypto_early", T_UEcrypto, FOLLBY_TOKEN },
|
||||
{ "unpeer_crypto_nak_early", T_UEcryptonak, FOLLBY_TOKEN },
|
||||
{ "unpeer_digest_early", T_UEdigest, FOLLBY_TOKEN },
|
||||
/* rlimit_option */
|
||||
{ "memlock", T_Memlock, FOLLBY_TOKEN },
|
||||
{ "stacksize", T_Stacksize, FOLLBY_TOKEN },
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntp.conf 5man "07 Jan 2016" "4.2.8p5" "File Formats"
|
||||
.TH ntp.conf 5man "20 Jan 2016" "4.2.8p6" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -2573,9 +2573,9 @@ otherwise, should be avoided.
|
||||
This option specifies the Differentiated Services Control Point (DSCP) value,
|
||||
a 6-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]]
|
||||
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]]
|
||||
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
|
||||
Provides a way to enable or disable various server options.
|
||||
Flags not mentioned are unaffected.
|
||||
Note that all of these flags
|
||||
@ -2655,6 +2655,70 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
\f\*[B-Font]disable\f[].
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]unpeer_crypto_early\f[]
|
||||
By default, if
|
||||
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
\f\*[B-Font]peerstats\f[]
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
\f\*[B-Font]enable\f[].
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[]
|
||||
By default, if
|
||||
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
|
||||
receives a crypto-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
\f\*[B-Font]peerstats\f[]
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
\f\*[B-Font]enable\f[].
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]unpeer_digest_early\f[]
|
||||
By default, if
|
||||
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
\f\*[B-Font]peerstats\f[]
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
\f\*[B-Font]enable\f[].
|
||||
.RE
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
|
||||
@ -3027,7 +3091,7 @@ RFC5905
|
||||
.SH "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH BUGS
|
||||
The syntax checking is not picky; some combinations of
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTP_CONF 5mdoc File Formats
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -2393,16 +2393,18 @@ a 6\-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
.Oo
|
||||
.Cm auth | Cm bclient |
|
||||
.Cm calibrate | Cm kernel |
|
||||
.Cm mode7 | monitor |
|
||||
.Cm ntp | Cm stats
|
||||
.Cm mode7 | Cm monitor |
|
||||
.Cm ntp | Cm stats |
|
||||
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
|
||||
.Oc
|
||||
.Xc
|
||||
.It Xo Ic disable
|
||||
.Oo
|
||||
.Cm auth | Cm bclient |
|
||||
.Cm calibrate | Cm kernel |
|
||||
.Cm mode7 | monitor |
|
||||
.Cm ntp | Cm stats
|
||||
.Cm mode7 | Cm monitor |
|
||||
.Cm ntp | Cm stats |
|
||||
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
|
||||
.Oc
|
||||
.Xc
|
||||
Provides a way to enable or disable various server options.
|
||||
@ -2476,6 +2478,67 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
.Ic disable .
|
||||
.It Cm unpeer_crypto_early
|
||||
By default, if
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.It Cm unpeer_crypto_nak_early
|
||||
By default, if
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
receives a crypto\-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto\-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.It Cm unpeer_digest_early
|
||||
By default, if
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.El
|
||||
.It Ic includefile Ar includefile
|
||||
This command allows additional configuration commands
|
||||
@ -2834,7 +2897,7 @@ A snapshot of this documentation is available in HTML format in
|
||||
.Sh "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh BUGS
|
||||
The syntax checking is not picky; some combinations of
|
||||
|
@ -2395,16 +2395,18 @@ a 6-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
.Oo
|
||||
.Cm auth | Cm bclient |
|
||||
.Cm calibrate | Cm kernel |
|
||||
.Cm mode7 | monitor |
|
||||
.Cm ntp | Cm stats
|
||||
.Cm mode7 | Cm monitor |
|
||||
.Cm ntp | Cm stats |
|
||||
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
|
||||
.Oc
|
||||
.Xc
|
||||
.It Xo Ic disable
|
||||
.Oo
|
||||
.Cm auth | Cm bclient |
|
||||
.Cm calibrate | Cm kernel |
|
||||
.Cm mode7 | monitor |
|
||||
.Cm ntp | Cm stats
|
||||
.Cm mode7 | Cm monitor |
|
||||
.Cm ntp | Cm stats |
|
||||
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
|
||||
.Oc
|
||||
.Xc
|
||||
Provides a way to enable or disable various server options.
|
||||
@ -2478,6 +2480,67 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
.Ic disable .
|
||||
.It Cm unpeer_crypto_early
|
||||
By default, if
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.It Cm unpeer_crypto_nak_early
|
||||
By default, if
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
receives a crypto-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.It Cm unpeer_digest_early
|
||||
By default, if
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.El
|
||||
.It Ic includefile Ar includefile
|
||||
This command allows additional configuration commands
|
||||
|
@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
|
||||
<p>This document describes the configuration file for the NTP Project's
|
||||
<code>ntpd</code> program.
|
||||
|
||||
<p>This document applies to version 4.2.8p5 of <code>ntp.conf</code>.
|
||||
<p>This document applies to version 4.2.8p6 of <code>ntp.conf</code>.
|
||||
|
||||
<div class="shortcontents">
|
||||
<h2>Short Contents</h2>
|
||||
@ -2288,7 +2288,7 @@ drift file is located in, and that file system links, symbolic or
|
||||
otherwise, should be avoided.
|
||||
<br><dt><code>dscp</code> <kbd>value</kbd><dd>This option specifies the Differentiated Services Control Point (DSCP) value,
|
||||
a 6-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
<br><dt><code>enable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</code><br><dt><code>disable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</code><dd>Provides a way to enable or disable various server options.
|
||||
<br><dt><code>enable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</code><br><dt><code>disable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</code><dd>Provides a way to enable or disable various server options.
|
||||
Flags not mentioned are unaffected.
|
||||
Note that all of these flags
|
||||
can be controlled remotely using the
|
||||
@ -2351,6 +2351,64 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
<code>disable</code>.
|
||||
<br><dt><code>unpeer_crypto_early</code><dd>By default, if
|
||||
<code>ntpd(1ntpdmdoc)</code>
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
<code>peerstats</code>
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
<code>enable</code>.
|
||||
<br><dt><code>unpeer_crypto_nak_early</code><dd>By default, if
|
||||
<code>ntpd(1ntpdmdoc)</code>
|
||||
receives a crypto-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
<code>peerstats</code>
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
<code>enable</code>.
|
||||
<br><dt><code>unpeer_digest_early</code><dd>By default, if
|
||||
<code>ntpd(1ntpdmdoc)</code>
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
<code>peerstats</code>
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
<code>enable</code>.
|
||||
</dl>
|
||||
<br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
|
||||
to be included from a separate file.
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats"
|
||||
.TH ntp.conf 5 "20 Jan 2016" "4.2.8p6" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -2573,9 +2573,9 @@ otherwise, should be avoided.
|
||||
This option specifies the Differentiated Services Control Point (DSCP) value,
|
||||
a 6-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]]
|
||||
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]]
|
||||
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
|
||||
Provides a way to enable or disable various server options.
|
||||
Flags not mentioned are unaffected.
|
||||
Note that all of these flags
|
||||
@ -2655,6 +2655,70 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
\f\*[B-Font]disable\f[].
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]unpeer_crypto_early\f[]
|
||||
By default, if
|
||||
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
\f\*[B-Font]peerstats\f[]
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
\f\*[B-Font]enable\f[].
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[]
|
||||
By default, if
|
||||
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
|
||||
receives a crypto-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
\f\*[B-Font]peerstats\f[]
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
\f\*[B-Font]enable\f[].
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]unpeer_digest_early\f[]
|
||||
By default, if
|
||||
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
\f\*[B-Font]peerstats\f[]
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
\f\*[B-Font]enable\f[].
|
||||
.RE
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
|
||||
@ -3027,7 +3091,7 @@ RFC5905
|
||||
.SH "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH BUGS
|
||||
The syntax checking is not picky; some combinations of
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTP_CONF 5 File Formats
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -2393,16 +2393,18 @@ a 6\-bit code. The default value is 46, signifying Expedited Forwarding.
|
||||
.Oo
|
||||
.Cm auth | Cm bclient |
|
||||
.Cm calibrate | Cm kernel |
|
||||
.Cm mode7 | monitor |
|
||||
.Cm ntp | Cm stats
|
||||
.Cm mode7 | Cm monitor |
|
||||
.Cm ntp | Cm stats |
|
||||
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
|
||||
.Oc
|
||||
.Xc
|
||||
.It Xo Ic disable
|
||||
.Oo
|
||||
.Cm auth | Cm bclient |
|
||||
.Cm calibrate | Cm kernel |
|
||||
.Cm mode7 | monitor |
|
||||
.Cm ntp | Cm stats
|
||||
.Cm mode7 | Cm monitor |
|
||||
.Cm ntp | Cm stats |
|
||||
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
|
||||
.Oc
|
||||
.Xc
|
||||
Provides a way to enable or disable various server options.
|
||||
@ -2476,6 +2478,67 @@ See the
|
||||
section for further information.
|
||||
The default for this flag is
|
||||
.Ic disable .
|
||||
.It Cm unpeer_crypto_early
|
||||
By default, if
|
||||
.Xr ntpd @NTPD_MS@
|
||||
receives an autokey packet that fails TEST9,
|
||||
a crypto failure,
|
||||
the association is immediately cleared.
|
||||
This is almost certainly a feature,
|
||||
but if, in spite of the current recommendation of not using autokey,
|
||||
you are
|
||||
.B still
|
||||
using autokey
|
||||
.B and
|
||||
you are seeing this sort of DoS attack
|
||||
disabling this flag will delay
|
||||
tearing down the association until the reachability counter
|
||||
becomes zero.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.It Cm unpeer_crypto_nak_early
|
||||
By default, if
|
||||
.Xr ntpd @NTPD_MS@
|
||||
receives a crypto\-NAK packet that
|
||||
passes the duplicate packet and origin timestamp checks
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery if a server key has changed,
|
||||
a properly forged and appropriately delivered crypto\-NAK packet
|
||||
can be used in a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.It Cm unpeer_digest_early
|
||||
By default, if
|
||||
.Xr ntpd @NTPD_MS@
|
||||
receives what should be an authenticated packet
|
||||
that passes other packet sanity checks but
|
||||
contains an invalid digest
|
||||
the association is immediately cleared.
|
||||
While this is generally a feature
|
||||
as it allows for quick recovery,
|
||||
if this type of packet is carefully forged and sent
|
||||
during an appropriate window it can be used for a DoS attack.
|
||||
If you have active noticable problems with this type of DoS attack
|
||||
then you should consider
|
||||
disabling this option.
|
||||
You can check your
|
||||
.Cm peerstats
|
||||
file for evidence of any of these attacks.
|
||||
The
|
||||
default for this flag is
|
||||
.Ic enable .
|
||||
.El
|
||||
.It Ic includefile Ar includefile
|
||||
This command allows additional configuration commands
|
||||
@ -2834,7 +2897,7 @@ A snapshot of this documentation is available in HTML format in
|
||||
.Sh "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh BUGS
|
||||
The syntax checking is not picky; some combinations of
|
||||
|
@ -1,8 +1,8 @@
|
||||
.TH ntp.keys 5man "07 Jan 2016" "4.2.8p5" "File Formats"
|
||||
.TH ntp.keys 5man "20 Jan 2016" "4.2.8p6" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:17:51 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agman-file.tpl
|
||||
.Sh NAME
|
||||
@ -66,7 +66,7 @@ Key entries use a fixed format of the form
|
||||
.ne 2
|
||||
|
||||
.in +4
|
||||
\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
|
||||
\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[]
|
||||
.in -4
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
@ -78,7 +78,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
\f\*[I-Font]key\f[]
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
\f\*[I-Font]opt_IP_list\f[]
|
||||
is an optional comma-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
\f\*[I-Font]opt_IP_list\f[]
|
||||
is empty,
|
||||
any properly-authenticated server message will be
|
||||
accepted.
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
|
||||
@ -160,7 +168,7 @@ the default name of the configuration file
|
||||
.SH "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH "BUGS"
|
||||
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTP_KEYS 5mdoc File Formats
|
||||
.Os SunOS 5.10
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:10 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agmdoc-file.tpl
|
||||
.Sh NAME
|
||||
@ -44,7 +44,7 @@ The key file uses the same comment conventions
|
||||
as the configuration file.
|
||||
Key entries use a fixed format of the form
|
||||
.Pp
|
||||
.D1 Ar keyno type key
|
||||
.D1 Ar keyno type key opt_IP_list
|
||||
.Pp
|
||||
where
|
||||
.Ar keyno
|
||||
@ -53,7 +53,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
.Ar key
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
.Ar opt_IP_list
|
||||
is an optional comma\-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
.Ar opt_IP_list
|
||||
is empty,
|
||||
any properly\-authenticated server message will be
|
||||
accepted.
|
||||
.Pp
|
||||
The
|
||||
.Ar key
|
||||
@ -147,7 +155,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
|
||||
.Sh "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh "BUGS"
|
||||
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
|
||||
|
@ -43,7 +43,7 @@ The key file uses the same comment conventions
|
||||
as the configuration file.
|
||||
Key entries use a fixed format of the form
|
||||
.Pp
|
||||
.D1 Ar keyno type key
|
||||
.D1 Ar keyno type key opt_IP_list
|
||||
.Pp
|
||||
where
|
||||
.Ar keyno
|
||||
@ -52,7 +52,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
.Ar key
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
.Ar opt_IP_list
|
||||
is an optional comma-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
.Ar opt_IP_list
|
||||
is empty,
|
||||
any properly-authenticated server message will be
|
||||
accepted.
|
||||
.Pp
|
||||
The
|
||||
.Ar key
|
||||
|
@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
|
||||
<p>This document describes the symmetric key file for the NTP Project's
|
||||
<code>ntpd</code> program.
|
||||
|
||||
<p>This document applies to version 4.2.8p5 of <code>ntp.keys</code>.
|
||||
<p>This document applies to version 4.2.8p6 of <code>ntp.keys</code>.
|
||||
|
||||
<div class="shortcontents">
|
||||
<h2>Short Contents</h2>
|
||||
@ -93,7 +93,7 @@ may be arbitrarily set in the keys file.
|
||||
as the configuration file.
|
||||
Key entries use a fixed format of the form
|
||||
|
||||
<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd>
|
||||
<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
|
||||
</pre>
|
||||
<p>where
|
||||
<kbd>keyno</kbd>
|
||||
@ -102,7 +102,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
<kbd>key</kbd>
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
<kbd>opt_IP_list</kbd>
|
||||
is an optional comma-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
<kbd>opt_IP_list</kbd>
|
||||
is empty,
|
||||
any properly-authenticated server message will be
|
||||
accepted.
|
||||
|
||||
<p>The
|
||||
<kbd>key</kbd>
|
||||
|
@ -1,8 +1,8 @@
|
||||
.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats"
|
||||
.TH ntp.keys 5 "20 Jan 2016" "4.2.8p6" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:17:51 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agman-file.tpl
|
||||
.Sh NAME
|
||||
@ -66,7 +66,7 @@ Key entries use a fixed format of the form
|
||||
.ne 2
|
||||
|
||||
.in +4
|
||||
\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[]
|
||||
\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[]
|
||||
.in -4
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
@ -78,7 +78,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
\f\*[I-Font]key\f[]
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
\f\*[I-Font]opt_IP_list\f[]
|
||||
is an optional comma-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
\f\*[I-Font]opt_IP_list\f[]
|
||||
is empty,
|
||||
any properly-authenticated server message will be
|
||||
accepted.
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
|
||||
@ -160,7 +168,7 @@ the default name of the configuration file
|
||||
.SH "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH "BUGS"
|
||||
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTP_KEYS 5 File Formats
|
||||
.Os SunOS 5.10
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:10 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agmdoc-file.tpl
|
||||
.Sh NAME
|
||||
@ -44,7 +44,7 @@ The key file uses the same comment conventions
|
||||
as the configuration file.
|
||||
Key entries use a fixed format of the form
|
||||
.Pp
|
||||
.D1 Ar keyno type key
|
||||
.D1 Ar keyno type key opt_IP_list
|
||||
.Pp
|
||||
where
|
||||
.Ar keyno
|
||||
@ -53,7 +53,15 @@ is a positive integer (between 1 and 65534),
|
||||
is the message digest algorithm,
|
||||
and
|
||||
.Ar key
|
||||
is the key itself.
|
||||
is the key itself, and
|
||||
.Ar opt_IP_list
|
||||
is an optional comma\-separated list of IPs
|
||||
that are allowed to serve time.
|
||||
If
|
||||
.Ar opt_IP_list
|
||||
is empty,
|
||||
any properly\-authenticated server message will be
|
||||
accepted.
|
||||
.Pp
|
||||
The
|
||||
.Ar key
|
||||
@ -147,7 +155,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
|
||||
.Sh "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh "BUGS"
|
||||
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org
|
||||
|
@ -53,6 +53,8 @@
|
||||
#include "ntp_parser.h"
|
||||
#include "ntpd-opts.h"
|
||||
|
||||
extern int yyparse(void);
|
||||
|
||||
/* Bug 2817 */
|
||||
#if defined(HAVE_SYS_MMAN_H)
|
||||
# include <sys/mman.h>
|
||||
@ -2981,6 +2983,18 @@ apply_enable_disable(
|
||||
proto_config(PROTO_FILEGEN, enable, 0., NULL);
|
||||
break;
|
||||
|
||||
case T_UEcrypto:
|
||||
proto_config(PROTO_UECRYPTO, enable, 0., NULL);
|
||||
break;
|
||||
|
||||
case T_UEcryptonak:
|
||||
proto_config(PROTO_UECRYPTONAK, enable, 0., NULL);
|
||||
break;
|
||||
|
||||
case T_UEdigest:
|
||||
proto_config(PROTO_UEDIGEST, enable, 0., NULL);
|
||||
break;
|
||||
|
||||
#ifdef BC_LIST_FRAMEWORK_NOT_YET_USED
|
||||
case T_Bc_bugXXXX:
|
||||
pentry = bc_list;
|
||||
|
@ -79,6 +79,7 @@ static void ctl_putarray (const char *, double *, int);
|
||||
static void ctl_putsys (int);
|
||||
static void ctl_putpeer (int, struct peer *);
|
||||
static void ctl_putfs (const char *, tstamp_t);
|
||||
static void ctl_printf (const char *, ...) NTP_PRINTF(1, 2);
|
||||
#ifdef REFCLOCK
|
||||
static void ctl_putclock (int, struct refclockstat *, int);
|
||||
#endif /* REFCLOCK */
|
||||
@ -115,6 +116,8 @@ static void unset_trap (struct recvbuf *, int);
|
||||
static struct ctl_trap *ctlfindtrap(sockaddr_u *,
|
||||
struct interface *);
|
||||
|
||||
int/*BOOL*/ is_safe_filename(const char * name);
|
||||
|
||||
static const struct ctl_proc control_codes[] = {
|
||||
{ CTL_OP_UNSPEC, NOAUTH, control_unspec },
|
||||
{ CTL_OP_READSTAT, NOAUTH, read_status },
|
||||
@ -877,10 +880,66 @@ ctl_error(
|
||||
CTL_HEADER_LEN);
|
||||
}
|
||||
|
||||
int/*BOOL*/
|
||||
is_safe_filename(const char * name)
|
||||
{
|
||||
/* We need a strict validation of filenames we should write: The
|
||||
* daemon might run with special permissions and is remote
|
||||
* controllable, so we better take care what we allow as file
|
||||
* name!
|
||||
*
|
||||
* The first character must be digit or a letter from the ASCII
|
||||
* base plane or a '_' ([_A-Za-z0-9]), the following characters
|
||||
* must be from [-._+A-Za-z0-9].
|
||||
*
|
||||
* We do not trust the character classification much here: Since
|
||||
* the NTP protocol makes no provisions for UTF-8 or local code
|
||||
* pages, we strictly require the 7bit ASCII code page.
|
||||
*
|
||||
* The following table is a packed bit field of 128 two-bit
|
||||
* groups. The LSB in each group tells us if a character is
|
||||
* acceptable at the first position, the MSB if the character is
|
||||
* accepted at any other position.
|
||||
*
|
||||
* This does not ensure that the file name is syntactically
|
||||
* correct (multiple dots will not work with VMS...) but it will
|
||||
* exclude potential globbing bombs and directory traversal. It
|
||||
* also rules out drive selection. (For systems that have this
|
||||
* notion, like Windows or VMS.)
|
||||
*/
|
||||
static const uint32_t chclass[8] = {
|
||||
0x00000000, 0x00000000,
|
||||
0x28800000, 0x000FFFFF,
|
||||
0xFFFFFFFC, 0xC03FFFFF,
|
||||
0xFFFFFFFC, 0x003FFFFF
|
||||
};
|
||||
|
||||
u_int widx, bidx, mask;
|
||||
if (!*name)
|
||||
return FALSE;
|
||||
|
||||
mask = 1u;
|
||||
while (0 != (widx = (u_char)*name++)) {
|
||||
bidx = (widx & 15) << 1;
|
||||
widx = widx >> 4;
|
||||
if (widx >= sizeof(chclass))
|
||||
return FALSE;
|
||||
if (0 == ((chclass[widx] >> bidx) & mask))
|
||||
return FALSE;
|
||||
mask |= 2u;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* save_config - Implements ntpq -c "saveconfig <filename>"
|
||||
* Writes current configuration including any runtime
|
||||
* changes by ntpq's :config or config-from-file
|
||||
*
|
||||
* Note: There should be no buffer overflow or truncation in the
|
||||
* processing of file names -- both cause security problems. This is bit
|
||||
* painful to code but essential here.
|
||||
*/
|
||||
void
|
||||
save_config(
|
||||
@ -908,24 +967,38 @@ save_config(
|
||||
"\\/" /* separator and critical char for POSIX */
|
||||
#endif
|
||||
;
|
||||
|
||||
|
||||
char reply[128];
|
||||
#ifdef SAVECONFIG
|
||||
static const char savedconfig_eq[] = "savedconfig=";
|
||||
|
||||
/* Build a safe open mode from the available mode flags. We want
|
||||
* to create a new file and write it in text mode (when
|
||||
* applicable -- only Windows does this...)
|
||||
*/
|
||||
static const int openmode = O_CREAT | O_TRUNC | O_WRONLY
|
||||
# if defined(O_EXCL) /* posix, vms */
|
||||
| O_EXCL
|
||||
# elif defined(_O_EXCL) /* windows is alway very special... */
|
||||
| _O_EXCL
|
||||
# endif
|
||||
# if defined(_O_TEXT) /* windows, again */
|
||||
| _O_TEXT
|
||||
#endif
|
||||
;
|
||||
|
||||
char filespec[128];
|
||||
char filename[128];
|
||||
char fullpath[512];
|
||||
const char savedconfig_eq[] = "savedconfig=";
|
||||
char savedconfig[sizeof(savedconfig_eq) + sizeof(filename)];
|
||||
time_t now;
|
||||
int fd;
|
||||
FILE *fptr;
|
||||
int prc;
|
||||
size_t reqlen;
|
||||
#endif
|
||||
|
||||
if (RES_NOMODIFY & restrict_mask) {
|
||||
snprintf(reply, sizeof(reply),
|
||||
"saveconfig prohibited by restrict ... nomodify");
|
||||
ctl_putdata(reply, strlen(reply), 0);
|
||||
ctl_printf("%s", "saveconfig prohibited by restrict ... nomodify");
|
||||
ctl_flushpkt(0);
|
||||
NLOG(NLOG_SYSINFO)
|
||||
msyslog(LOG_NOTICE,
|
||||
@ -937,9 +1010,7 @@ save_config(
|
||||
|
||||
#ifdef SAVECONFIG
|
||||
if (NULL == saveconfigdir) {
|
||||
snprintf(reply, sizeof(reply),
|
||||
"saveconfig prohibited, no saveconfigdir configured");
|
||||
ctl_putdata(reply, strlen(reply), 0);
|
||||
ctl_printf("%s", "saveconfig prohibited, no saveconfigdir configured");
|
||||
ctl_flushpkt(0);
|
||||
NLOG(NLOG_SYSINFO)
|
||||
msyslog(LOG_NOTICE,
|
||||
@ -948,21 +1019,79 @@ save_config(
|
||||
return;
|
||||
}
|
||||
|
||||
if (0 == reqend - reqpt)
|
||||
/* The length checking stuff gets serious. Do not assume a NUL
|
||||
* byte can be found, but if so, use it to calculate the needed
|
||||
* buffer size. If the available buffer is too short, bail out;
|
||||
* likewise if there is no file spec. (The latter will not
|
||||
* happen when using NTPQ, but there are other ways to craft a
|
||||
* network packet!)
|
||||
*/
|
||||
reqlen = (size_t)(reqend - reqpt);
|
||||
if (0 != reqlen) {
|
||||
char * nulpos = (char*)memchr(reqpt, 0, reqlen);
|
||||
if (NULL != nulpos)
|
||||
reqlen = (size_t)(nulpos - reqpt);
|
||||
}
|
||||
if (0 == reqlen)
|
||||
return;
|
||||
if (reqlen >= sizeof(filespec)) {
|
||||
ctl_printf("saveconfig exceeded maximum raw name length (%u)",
|
||||
(u_int)sizeof(filespec));
|
||||
ctl_flushpkt(0);
|
||||
msyslog(LOG_NOTICE,
|
||||
"saveconfig exceeded maximum raw name length from %s",
|
||||
stoa(&rbufp->recv_srcadr));
|
||||
return;
|
||||
}
|
||||
|
||||
strlcpy(filespec, reqpt, sizeof(filespec));
|
||||
time(&now);
|
||||
|
||||
/* copy data directly as we exactly know the size */
|
||||
memcpy(filespec, reqpt, reqlen);
|
||||
filespec[reqlen] = '\0';
|
||||
|
||||
/*
|
||||
* allow timestamping of the saved config filename with
|
||||
* strftime() format such as:
|
||||
* ntpq -c "saveconfig ntp-%Y%m%d-%H%M%S.conf"
|
||||
* XXX: Nice feature, but not too safe.
|
||||
* YYY: The check for permitted characters in file names should
|
||||
* weed out the worst. Let's hope 'strftime()' does not
|
||||
* develop pathological problems.
|
||||
*/
|
||||
time(&now);
|
||||
if (0 == strftime(filename, sizeof(filename), filespec,
|
||||
localtime(&now)))
|
||||
localtime(&now)))
|
||||
{
|
||||
/*
|
||||
* If we arrive here, 'strftime()' balked; most likely
|
||||
* the buffer was too short. (Or it encounterd an empty
|
||||
* format, or just a format that expands to an empty
|
||||
* string.) We try to use the original name, though this
|
||||
* is very likely to fail later if there are format
|
||||
* specs in the string. Note that truncation cannot
|
||||
* happen here as long as both buffers have the same
|
||||
* size!
|
||||
*/
|
||||
strlcpy(filename, filespec, sizeof(filename));
|
||||
}
|
||||
|
||||
/*
|
||||
* Check the file name for sanity. This might/will rule out file
|
||||
* names that would be legal but problematic, and it blocks
|
||||
* directory traversal.
|
||||
*/
|
||||
if (!is_safe_filename(filename)) {
|
||||
ctl_printf("saveconfig rejects unsafe file name '%s'",
|
||||
filename);
|
||||
ctl_flushpkt(0);
|
||||
msyslog(LOG_NOTICE,
|
||||
"saveconfig rejects unsafe file name from %s",
|
||||
stoa(&rbufp->recv_srcadr));
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* XXX: This next test may not be needed with is_safe_filename()
|
||||
*/
|
||||
|
||||
/* block directory/drive traversal */
|
||||
/* TALOS-CAN-0062: block directory traversal for VMS, too */
|
||||
@ -972,38 +1101,49 @@ save_config(
|
||||
ctl_putdata(reply, strlen(reply), 0);
|
||||
ctl_flushpkt(0);
|
||||
msyslog(LOG_NOTICE,
|
||||
"saveconfig with path from %s rejected",
|
||||
"saveconfig rejects unsafe file name from %s",
|
||||
stoa(&rbufp->recv_srcadr));
|
||||
return;
|
||||
}
|
||||
|
||||
snprintf(fullpath, sizeof(fullpath), "%s%s",
|
||||
saveconfigdir, filename);
|
||||
/* concatenation of directory and path can cause another
|
||||
* truncation...
|
||||
*/
|
||||
prc = snprintf(fullpath, sizeof(fullpath), "%s%s",
|
||||
saveconfigdir, filename);
|
||||
if (prc < 0 || prc >= sizeof(fullpath)) {
|
||||
ctl_printf("saveconfig exceeded maximum path length (%u)",
|
||||
(u_int)sizeof(fullpath));
|
||||
ctl_flushpkt(0);
|
||||
msyslog(LOG_NOTICE,
|
||||
"saveconfig exceeded maximum path length from %s",
|
||||
stoa(&rbufp->recv_srcadr));
|
||||
return;
|
||||
}
|
||||
|
||||
fd = open(fullpath, O_CREAT | O_TRUNC | O_WRONLY,
|
||||
S_IRUSR | S_IWUSR);
|
||||
fd = open(fullpath, openmode, S_IRUSR | S_IWUSR);
|
||||
if (-1 == fd)
|
||||
fptr = NULL;
|
||||
else
|
||||
fptr = fdopen(fd, "w");
|
||||
|
||||
if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) {
|
||||
snprintf(reply, sizeof(reply),
|
||||
"Unable to save configuration to file %s",
|
||||
filename);
|
||||
ctl_printf("Unable to save configuration to file '%s': %m",
|
||||
filename);
|
||||
msyslog(LOG_ERR,
|
||||
"saveconfig %s from %s failed", filename,
|
||||
stoa(&rbufp->recv_srcadr));
|
||||
} else {
|
||||
snprintf(reply, sizeof(reply),
|
||||
"Configuration saved to %s", filename);
|
||||
ctl_printf("Configuration saved to '%s'", filename);
|
||||
msyslog(LOG_NOTICE,
|
||||
"Configuration saved to %s (requested by %s)",
|
||||
"Configuration saved to '%s' (requested by %s)",
|
||||
fullpath, stoa(&rbufp->recv_srcadr));
|
||||
/*
|
||||
* save the output filename in system variable
|
||||
* savedconfig, retrieved with:
|
||||
* ntpq -c "rv 0 savedconfig"
|
||||
* Note: the way 'savedconfig' is defined makes overflow
|
||||
* checks unnecessary here.
|
||||
*/
|
||||
snprintf(savedconfig, sizeof(savedconfig), "%s%s",
|
||||
savedconfig_eq, filename);
|
||||
@ -1013,11 +1153,9 @@ save_config(
|
||||
if (NULL != fptr)
|
||||
fclose(fptr);
|
||||
#else /* !SAVECONFIG follows */
|
||||
snprintf(reply, sizeof(reply),
|
||||
"saveconfig unavailable, configured with --disable-saveconfig");
|
||||
#endif
|
||||
|
||||
ctl_putdata(reply, strlen(reply), 0);
|
||||
ctl_printf("%s",
|
||||
"saveconfig unavailable, configured with --disable-saveconfig");
|
||||
#endif
|
||||
ctl_flushpkt(0);
|
||||
}
|
||||
|
||||
@ -1761,6 +1899,29 @@ ctl_putarray(
|
||||
ctl_putdata(buffer, (unsigned)(cp - buffer), 0);
|
||||
}
|
||||
|
||||
/*
|
||||
* ctl_printf - put a formatted string into the data buffer
|
||||
*/
|
||||
static void
|
||||
ctl_printf(
|
||||
const char * fmt,
|
||||
...
|
||||
)
|
||||
{
|
||||
static const char * ellipsis = "[...]";
|
||||
va_list va;
|
||||
char fmtbuf[128];
|
||||
int rc;
|
||||
|
||||
va_start(va, fmt);
|
||||
rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va);
|
||||
va_end(va);
|
||||
if (rc < 0 || rc >= sizeof(fmtbuf))
|
||||
strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1,
|
||||
ellipsis);
|
||||
ctl_putdata(fmtbuf, strlen(fmtbuf), 0);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* ctl_putsys - output a system variable
|
||||
|
@ -269,7 +269,7 @@ session_key(
|
||||
memcpy(&keyid, dgst, 4);
|
||||
keyid = ntohl(keyid);
|
||||
if (lifetime != 0) {
|
||||
MD5auth_setkey(keyno, crypto_nid, dgst, len);
|
||||
MD5auth_setkey(keyno, crypto_nid, dgst, len, NULL);
|
||||
authtrust(keyno, lifetime);
|
||||
}
|
||||
DPRINTF(2, ("session_key: %s > %s %08x %08x hash %08x life %lu\n",
|
||||
|
@ -62,6 +62,9 @@
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SIGNALED_IO) && defined(DEBUG_TIMING)
|
||||
# undef DEBUG_TIMING
|
||||
#endif
|
||||
|
||||
/*
|
||||
* setsockopt does not always have the same arg declaration
|
||||
@ -280,9 +283,12 @@ static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *,
|
||||
const sockaddr_u *, const sockaddr_u *);
|
||||
static int create_sockets (u_short);
|
||||
static SOCKET open_socket (sockaddr_u *, int, int, endpt *);
|
||||
static char * fdbits (int, fd_set *);
|
||||
static void set_reuseaddr (int);
|
||||
static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *);
|
||||
|
||||
#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
|
||||
static char * fdbits (int, const fd_set *);
|
||||
#endif
|
||||
#ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
|
||||
static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *);
|
||||
#endif
|
||||
@ -337,12 +343,15 @@ static int cmp_addr_distance(const sockaddr_u *,
|
||||
#if !defined(HAVE_IO_COMPLETION_PORT)
|
||||
static inline int read_network_packet (SOCKET, struct interface *, l_fp);
|
||||
static void ntpd_addremove_io_fd (int, int, int);
|
||||
static input_handler_t input_handler;
|
||||
static void input_handler_scan (const l_fp*, const fd_set*);
|
||||
static int/*BOOL*/ sanitize_fdset (int errc);
|
||||
#ifdef REFCLOCK
|
||||
static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp);
|
||||
#endif
|
||||
#ifdef HAVE_SIGNALED_IO
|
||||
static void input_handler (l_fp*);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#ifndef HAVE_IO_COMPLETION_PORT
|
||||
@ -455,11 +464,9 @@ init_io(void)
|
||||
addremove_io_fd = &ntpd_addremove_io_fd;
|
||||
#endif
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
#if defined(SYS_WINNT)
|
||||
init_io_completion_port();
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_SIGNALED_IO)
|
||||
#elif defined(HAVE_SIGNALED_IO)
|
||||
(void) set_signal(input_handler);
|
||||
#endif
|
||||
}
|
||||
@ -475,7 +482,8 @@ ntpd_addremove_io_fd(
|
||||
UNUSED_ARG(is_pipe);
|
||||
|
||||
#ifdef HAVE_SIGNALED_IO
|
||||
init_socket_sig(fd);
|
||||
if (!remove_it)
|
||||
init_socket_sig(fd);
|
||||
#endif /* not HAVE_SIGNALED_IO */
|
||||
|
||||
maintain_activefds(fd, remove_it);
|
||||
@ -716,78 +724,6 @@ addr_samesubnet(
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Code to tell if we have an IP address
|
||||
* If we have then return the sockaddr structure
|
||||
* and set the return value
|
||||
* see the bind9/getaddresses.c for details
|
||||
*/
|
||||
int
|
||||
is_ip_address(
|
||||
const char * host,
|
||||
u_short af,
|
||||
sockaddr_u * addr
|
||||
)
|
||||
{
|
||||
struct in_addr in4;
|
||||
struct addrinfo hints;
|
||||
struct addrinfo *result;
|
||||
struct sockaddr_in6 *resaddr6;
|
||||
char tmpbuf[128];
|
||||
char *pch;
|
||||
|
||||
REQUIRE(host != NULL);
|
||||
REQUIRE(addr != NULL);
|
||||
|
||||
ZERO_SOCK(addr);
|
||||
|
||||
/*
|
||||
* Try IPv4, then IPv6. In order to handle the extended format
|
||||
* for IPv6 scoped addresses (address%scope_ID), we'll use a local
|
||||
* working buffer of 128 bytes. The length is an ad-hoc value, but
|
||||
* should be enough for this purpose; the buffer can contain a string
|
||||
* of at least 80 bytes for scope_ID in addition to any IPv6 numeric
|
||||
* addresses (up to 46 bytes), the delimiter character and the
|
||||
* terminating NULL character.
|
||||
*/
|
||||
if (AF_UNSPEC == af || AF_INET == af)
|
||||
if (inet_pton(AF_INET, host, &in4) == 1) {
|
||||
AF(addr) = AF_INET;
|
||||
SET_ADDR4N(addr, in4.s_addr);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (AF_UNSPEC == af || AF_INET6 == af)
|
||||
if (sizeof(tmpbuf) > strlen(host)) {
|
||||
if ('[' == host[0]) {
|
||||
strlcpy(tmpbuf, &host[1], sizeof(tmpbuf));
|
||||
pch = strchr(tmpbuf, ']');
|
||||
if (pch != NULL)
|
||||
*pch = '\0';
|
||||
} else {
|
||||
strlcpy(tmpbuf, host, sizeof(tmpbuf));
|
||||
}
|
||||
ZERO(hints);
|
||||
hints.ai_family = AF_INET6;
|
||||
hints.ai_flags |= AI_NUMERICHOST;
|
||||
if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) {
|
||||
AF(addr) = AF_INET6;
|
||||
resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr);
|
||||
SET_ADDR6N(addr, resaddr6->sin6_addr);
|
||||
SET_SCOPE(addr, resaddr6->sin6_scope_id);
|
||||
|
||||
freeaddrinfo(result);
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
/*
|
||||
* If we got here it was not an IP address
|
||||
*/
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* interface list enumerator - visitor pattern
|
||||
*/
|
||||
@ -2354,6 +2290,7 @@ get_broadcastclient_flag(void)
|
||||
{
|
||||
return (broadcast_client_enabled);
|
||||
}
|
||||
|
||||
/*
|
||||
* Check to see if the address is a multicast address
|
||||
*/
|
||||
@ -3204,15 +3141,15 @@ sendpkt(
|
||||
}
|
||||
|
||||
|
||||
#if !defined(HAVE_IO_COMPLETION_PORT)
|
||||
#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
|
||||
/*
|
||||
* fdbits - generate ascii representation of fd_set (FAU debug support)
|
||||
* HFDF format - highest fd first.
|
||||
*/
|
||||
static char *
|
||||
fdbits(
|
||||
int count,
|
||||
fd_set *set
|
||||
int count,
|
||||
const fd_set* set
|
||||
)
|
||||
{
|
||||
static char buffer[256];
|
||||
@ -3228,7 +3165,7 @@ fdbits(
|
||||
|
||||
return buffer;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef REFCLOCK
|
||||
/*
|
||||
@ -3265,7 +3202,7 @@ read_refclock_packet(
|
||||
/* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
|
||||
* to buffer overrun and memory corruption
|
||||
*/
|
||||
if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space))
|
||||
if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space))
|
||||
read_count = sizeof(rb->recv_space);
|
||||
else
|
||||
read_count = (u_int)rp->datalen;
|
||||
@ -3582,6 +3519,7 @@ io_handler(void)
|
||||
* and - lacking a hardware reference clock - I have
|
||||
* yet to learn about anything else that is.
|
||||
*/
|
||||
++handler_calls;
|
||||
rdfdes = activefds;
|
||||
# if !defined(VMS) && !defined(SYS_VXWORKS)
|
||||
nfound = select(maxactivefd + 1, &rdfdes, NULL,
|
||||
@ -3590,20 +3528,29 @@ io_handler(void)
|
||||
/* make select() wake up after one second */
|
||||
{
|
||||
struct timeval t1;
|
||||
|
||||
t1.tv_sec = 1;
|
||||
t1.tv_sec = 1;
|
||||
t1.tv_usec = 0;
|
||||
nfound = select(maxactivefd + 1,
|
||||
&rdfdes, NULL, NULL,
|
||||
&t1);
|
||||
}
|
||||
# endif /* VMS, VxWorks */
|
||||
if (nfound < 0 && sanitize_fdset(errno)) {
|
||||
struct timeval t1;
|
||||
t1.tv_sec = 0;
|
||||
t1.tv_usec = 0;
|
||||
rdfdes = activefds;
|
||||
nfound = select(maxactivefd + 1,
|
||||
&rdfdes, NULL, NULL,
|
||||
&t1);
|
||||
}
|
||||
|
||||
if (nfound > 0) {
|
||||
l_fp ts;
|
||||
|
||||
get_systime(&ts);
|
||||
|
||||
input_handler(&ts);
|
||||
input_handler_scan(&ts, &rdfdes);
|
||||
} else if (nfound == -1 && errno != EINTR) {
|
||||
msyslog(LOG_ERR, "select() error: %m");
|
||||
}
|
||||
@ -3619,27 +3566,110 @@ io_handler(void)
|
||||
# endif /* HAVE_SIGNALED_IO */
|
||||
}
|
||||
|
||||
#ifdef HAVE_SIGNALED_IO
|
||||
/*
|
||||
* input_handler - receive packets asynchronously
|
||||
*
|
||||
* ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed!
|
||||
*/
|
||||
static void
|
||||
static RETSIGTYPE
|
||||
input_handler(
|
||||
l_fp * cts
|
||||
)
|
||||
{
|
||||
int buflen;
|
||||
int n;
|
||||
struct timeval tvzero;
|
||||
fd_set fds;
|
||||
|
||||
++handler_calls;
|
||||
|
||||
/*
|
||||
* Do a poll to see who has data
|
||||
*/
|
||||
|
||||
fds = activefds;
|
||||
tvzero.tv_sec = tvzero.tv_usec = 0;
|
||||
|
||||
n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
|
||||
if (n < 0 && sanitize_fdset(errno)) {
|
||||
fds = activefds;
|
||||
tvzero.tv_sec = tvzero.tv_usec = 0;
|
||||
n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
|
||||
}
|
||||
if (n > 0)
|
||||
input_handler_scan(cts, &fds);
|
||||
}
|
||||
#endif /* HAVE_SIGNALED_IO */
|
||||
|
||||
|
||||
/*
|
||||
* Try to sanitize the global FD set
|
||||
*
|
||||
* SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
|
||||
*/
|
||||
static int/*BOOL*/
|
||||
sanitize_fdset(
|
||||
int errc
|
||||
)
|
||||
{
|
||||
int j, b, maxscan;
|
||||
|
||||
# ifndef HAVE_SIGNALED_IO
|
||||
/*
|
||||
* extended FAU debugging output
|
||||
*/
|
||||
if (errc != EINTR) {
|
||||
msyslog(LOG_ERR,
|
||||
"select(%d, %s, 0L, 0L, &0.0) error: %m",
|
||||
maxactivefd + 1,
|
||||
fdbits(maxactivefd, &activefds));
|
||||
}
|
||||
# endif
|
||||
|
||||
if (errc != EBADF)
|
||||
return FALSE;
|
||||
|
||||
/* if we have oviously bad FDs, try to sanitize the FD set. */
|
||||
for (j = 0, maxscan = 0; j <= maxactivefd; j++) {
|
||||
if (FD_ISSET(j, &activefds)) {
|
||||
if (-1 != read(j, &b, 0)) {
|
||||
maxscan = j;
|
||||
continue;
|
||||
}
|
||||
# ifndef HAVE_SIGNALED_IO
|
||||
msyslog(LOG_ERR,
|
||||
"Removing bad file descriptor %d from select set",
|
||||
j);
|
||||
# endif
|
||||
FD_CLR(j, &activefds);
|
||||
}
|
||||
}
|
||||
if (maxactivefd != maxscan)
|
||||
maxactivefd = maxscan;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/*
|
||||
* scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'.
|
||||
*
|
||||
* SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
|
||||
*/
|
||||
static void
|
||||
input_handler_scan(
|
||||
const l_fp * cts,
|
||||
const fd_set * pfds
|
||||
)
|
||||
{
|
||||
int buflen;
|
||||
u_int idx;
|
||||
int doing;
|
||||
SOCKET fd;
|
||||
blocking_child *c;
|
||||
struct timeval tvzero;
|
||||
l_fp ts; /* Timestamp at BOselect() gob */
|
||||
#ifdef DEBUG_TIMING
|
||||
|
||||
#if defined(DEBUG_TIMING)
|
||||
l_fp ts_e; /* Timestamp at EOselect() gob */
|
||||
#endif
|
||||
fd_set fds;
|
||||
size_t select_count;
|
||||
endpt * ep;
|
||||
#ifdef REFCLOCK
|
||||
struct refclockio *rp;
|
||||
@ -3651,99 +3681,43 @@ input_handler(
|
||||
struct asyncio_reader * next_asyncio_reader;
|
||||
#endif
|
||||
|
||||
handler_calls++;
|
||||
select_count = 0;
|
||||
|
||||
/*
|
||||
* If we have something to do, freeze a timestamp.
|
||||
* See below for the other cases (nothing left to do or error)
|
||||
*/
|
||||
ts = *cts;
|
||||
|
||||
/*
|
||||
* Do a poll to see who has data
|
||||
*/
|
||||
|
||||
fds = activefds;
|
||||
tvzero.tv_sec = tvzero.tv_usec = 0;
|
||||
|
||||
n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
|
||||
|
||||
/*
|
||||
* If there are no packets waiting just return
|
||||
*/
|
||||
if (n < 0) {
|
||||
int err = errno;
|
||||
int j, b, prior;
|
||||
/*
|
||||
* extended FAU debugging output
|
||||
*/
|
||||
if (err != EINTR)
|
||||
msyslog(LOG_ERR,
|
||||
"select(%d, %s, 0L, 0L, &0.0) error: %m",
|
||||
maxactivefd + 1,
|
||||
fdbits(maxactivefd, &activefds));
|
||||
if (err != EBADF)
|
||||
goto ih_return;
|
||||
for (j = 0, prior = 0; j <= maxactivefd; j++) {
|
||||
if (FD_ISSET(j, &activefds)) {
|
||||
if (-1 != read(j, &b, 0)) {
|
||||
prior = j;
|
||||
continue;
|
||||
}
|
||||
msyslog(LOG_ERR,
|
||||
"Removing bad file descriptor %d from select set",
|
||||
j);
|
||||
FD_CLR(j, &activefds);
|
||||
if (j == maxactivefd)
|
||||
maxactivefd = prior;
|
||||
}
|
||||
}
|
||||
goto ih_return;
|
||||
}
|
||||
else if (n == 0)
|
||||
goto ih_return;
|
||||
|
||||
++handler_pkts;
|
||||
ts = *cts;
|
||||
|
||||
#ifdef REFCLOCK
|
||||
/*
|
||||
* Check out the reference clocks first, if any
|
||||
*/
|
||||
|
||||
if (refio != NULL) {
|
||||
for (rp = refio; rp != NULL; rp = rp->next) {
|
||||
fd = rp->fd;
|
||||
|
||||
if (!FD_ISSET(fd, &fds))
|
||||
continue;
|
||||
++select_count;
|
||||
buflen = read_refclock_packet(fd, rp, ts);
|
||||
/*
|
||||
* The first read must succeed after select()
|
||||
* indicates readability, or we've reached
|
||||
* a permanent EOF. http://bugs.ntp.org/1732
|
||||
* reported ntpd munching CPU after a USB GPS
|
||||
* was unplugged because select was indicating
|
||||
* EOF but ntpd didn't remove the descriptor
|
||||
* from the activefds set.
|
||||
*/
|
||||
if (buflen < 0 && EAGAIN != errno) {
|
||||
saved_errno = errno;
|
||||
clk = refnumtoa(&rp->srcclock->srcadr);
|
||||
errno = saved_errno;
|
||||
msyslog(LOG_ERR, "%s read: %m", clk);
|
||||
maintain_activefds(fd, TRUE);
|
||||
} else if (0 == buflen) {
|
||||
clk = refnumtoa(&rp->srcclock->srcadr);
|
||||
msyslog(LOG_ERR, "%s read EOF", clk);
|
||||
maintain_activefds(fd, TRUE);
|
||||
} else {
|
||||
/* drain any remaining refclock input */
|
||||
do {
|
||||
buflen = read_refclock_packet(fd, rp, ts);
|
||||
} while (buflen > 0);
|
||||
}
|
||||
|
||||
for (rp = refio; rp != NULL; rp = rp->next) {
|
||||
fd = rp->fd;
|
||||
|
||||
if (!FD_ISSET(fd, pfds))
|
||||
continue;
|
||||
buflen = read_refclock_packet(fd, rp, ts);
|
||||
/*
|
||||
* The first read must succeed after select() indicates
|
||||
* readability, or we've reached a permanent EOF.
|
||||
* http://bugs.ntp.org/1732 reported ntpd munching CPU
|
||||
* after a USB GPS was unplugged because select was
|
||||
* indicating EOF but ntpd didn't remove the descriptor
|
||||
* from the activefds set.
|
||||
*/
|
||||
if (buflen < 0 && EAGAIN != errno) {
|
||||
saved_errno = errno;
|
||||
clk = refnumtoa(&rp->srcclock->srcadr);
|
||||
errno = saved_errno;
|
||||
msyslog(LOG_ERR, "%s read: %m", clk);
|
||||
maintain_activefds(fd, TRUE);
|
||||
} else if (0 == buflen) {
|
||||
clk = refnumtoa(&rp->srcclock->srcadr);
|
||||
msyslog(LOG_ERR, "%s read EOF", clk);
|
||||
maintain_activefds(fd, TRUE);
|
||||
} else {
|
||||
/* drain any remaining refclock input */
|
||||
do {
|
||||
buflen = read_refclock_packet(fd, rp, ts);
|
||||
} while (buflen > 0);
|
||||
}
|
||||
}
|
||||
#endif /* REFCLOCK */
|
||||
@ -3762,9 +3736,8 @@ input_handler(
|
||||
}
|
||||
if (fd < 0)
|
||||
continue;
|
||||
if (FD_ISSET(fd, &fds))
|
||||
if (FD_ISSET(fd, pfds))
|
||||
do {
|
||||
++select_count;
|
||||
buflen = read_network_packet(
|
||||
fd, ep, ts);
|
||||
} while (buflen > 0);
|
||||
@ -3781,10 +3754,8 @@ input_handler(
|
||||
while (asyncio_reader != NULL) {
|
||||
/* callback may unlink and free asyncio_reader */
|
||||
next_asyncio_reader = asyncio_reader->link;
|
||||
if (FD_ISSET(asyncio_reader->fd, &fds)) {
|
||||
++select_count;
|
||||
if (FD_ISSET(asyncio_reader->fd, pfds))
|
||||
(*asyncio_reader->receiver)(asyncio_reader);
|
||||
}
|
||||
asyncio_reader = next_asyncio_reader;
|
||||
}
|
||||
#endif /* HAS_ROUTING_SOCKET */
|
||||
@ -3796,26 +3767,14 @@ input_handler(
|
||||
c = blocking_children[idx];
|
||||
if (NULL == c || -1 == c->resp_read_pipe)
|
||||
continue;
|
||||
if (FD_ISSET(c->resp_read_pipe, &fds)) {
|
||||
select_count++;
|
||||
process_blocking_resp(c);
|
||||
if (FD_ISSET(c->resp_read_pipe, pfds)) {
|
||||
++c->resp_ready_seen;
|
||||
++blocking_child_ready_seen;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Done everything from that select.
|
||||
* If nothing to do, just return.
|
||||
* If an error occurred, complain and return.
|
||||
*/
|
||||
if (select_count == 0) { /* We really had nothing to do */
|
||||
#ifdef DEBUG
|
||||
if (debug)
|
||||
msyslog(LOG_DEBUG, "input_handler: select() returned 0");
|
||||
#endif /* DEBUG */
|
||||
goto ih_return;
|
||||
}
|
||||
/* We've done our work */
|
||||
#ifdef DEBUG_TIMING
|
||||
#if defined(DEBUG_TIMING)
|
||||
get_systime(&ts_e);
|
||||
/*
|
||||
* (ts_e - ts) is the amount of time we spent
|
||||
@ -3829,11 +3788,7 @@ input_handler(
|
||||
"input_handler: Processed a gob of fd's in %s msec",
|
||||
lfptoms(&ts_e, 6));
|
||||
#endif /* DEBUG_TIMING */
|
||||
/* We're done... */
|
||||
ih_return:
|
||||
return;
|
||||
}
|
||||
#endif /* !HAVE_IO_COMPLETION_PORT */
|
||||
|
||||
|
||||
/*
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,19 +1,19 @@
|
||||
/* A Bison parser, made by GNU Bison 3.0.2. */
|
||||
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
|
||||
|
||||
/* Bison interface for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
|
||||
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
||||
|
||||
@ -26,13 +26,13 @@
|
||||
special exception, which will cause the skeleton and the resulting
|
||||
Bison output files to be licensed under the GNU General Public
|
||||
License without this special exception.
|
||||
|
||||
|
||||
This special exception was added by the Free Software Foundation in
|
||||
version 2.2 of Bison. */
|
||||
|
||||
#ifndef YY_YY__NTPD_NTP_PARSER_H_INCLUDED
|
||||
# define YY_YY__NTPD_NTP_PARSER_H_INCLUDED
|
||||
/* Debug traces. */
|
||||
#ifndef YY_YY_NTP_PARSER_H_INCLUDED
|
||||
# define YY_YY_NTP_PARSER_H_INCLUDED
|
||||
/* Enabling traces. */
|
||||
#ifndef YYDEBUG
|
||||
# define YYDEBUG 1
|
||||
#endif
|
||||
@ -40,203 +40,207 @@
|
||||
extern int yydebug;
|
||||
#endif
|
||||
|
||||
/* Token type. */
|
||||
/* Tokens. */
|
||||
#ifndef YYTOKENTYPE
|
||||
# define YYTOKENTYPE
|
||||
enum yytokentype
|
||||
{
|
||||
T_Abbrev = 258,
|
||||
T_Age = 259,
|
||||
T_All = 260,
|
||||
T_Allan = 261,
|
||||
T_Allpeers = 262,
|
||||
T_Auth = 263,
|
||||
T_Autokey = 264,
|
||||
T_Automax = 265,
|
||||
T_Average = 266,
|
||||
T_Bclient = 267,
|
||||
T_Beacon = 268,
|
||||
T_Broadcast = 269,
|
||||
T_Broadcastclient = 270,
|
||||
T_Broadcastdelay = 271,
|
||||
T_Burst = 272,
|
||||
T_Calibrate = 273,
|
||||
T_Ceiling = 274,
|
||||
T_Clockstats = 275,
|
||||
T_Cohort = 276,
|
||||
T_ControlKey = 277,
|
||||
T_Crypto = 278,
|
||||
T_Cryptostats = 279,
|
||||
T_Ctl = 280,
|
||||
T_Day = 281,
|
||||
T_Default = 282,
|
||||
T_Digest = 283,
|
||||
T_Disable = 284,
|
||||
T_Discard = 285,
|
||||
T_Dispersion = 286,
|
||||
T_Double = 287,
|
||||
T_Driftfile = 288,
|
||||
T_Drop = 289,
|
||||
T_Dscp = 290,
|
||||
T_Ellipsis = 291,
|
||||
T_Enable = 292,
|
||||
T_End = 293,
|
||||
T_False = 294,
|
||||
T_File = 295,
|
||||
T_Filegen = 296,
|
||||
T_Filenum = 297,
|
||||
T_Flag1 = 298,
|
||||
T_Flag2 = 299,
|
||||
T_Flag3 = 300,
|
||||
T_Flag4 = 301,
|
||||
T_Flake = 302,
|
||||
T_Floor = 303,
|
||||
T_Freq = 304,
|
||||
T_Fudge = 305,
|
||||
T_Host = 306,
|
||||
T_Huffpuff = 307,
|
||||
T_Iburst = 308,
|
||||
T_Ident = 309,
|
||||
T_Ignore = 310,
|
||||
T_Incalloc = 311,
|
||||
T_Incmem = 312,
|
||||
T_Initalloc = 313,
|
||||
T_Initmem = 314,
|
||||
T_Includefile = 315,
|
||||
T_Integer = 316,
|
||||
T_Interface = 317,
|
||||
T_Intrange = 318,
|
||||
T_Io = 319,
|
||||
T_Ipv4 = 320,
|
||||
T_Ipv4_flag = 321,
|
||||
T_Ipv6 = 322,
|
||||
T_Ipv6_flag = 323,
|
||||
T_Kernel = 324,
|
||||
T_Key = 325,
|
||||
T_Keys = 326,
|
||||
T_Keysdir = 327,
|
||||
T_Kod = 328,
|
||||
T_Mssntp = 329,
|
||||
T_Leapfile = 330,
|
||||
T_Leapsmearinterval = 331,
|
||||
T_Limited = 332,
|
||||
T_Link = 333,
|
||||
T_Listen = 334,
|
||||
T_Logconfig = 335,
|
||||
T_Logfile = 336,
|
||||
T_Loopstats = 337,
|
||||
T_Lowpriotrap = 338,
|
||||
T_Manycastclient = 339,
|
||||
T_Manycastserver = 340,
|
||||
T_Mask = 341,
|
||||
T_Maxage = 342,
|
||||
T_Maxclock = 343,
|
||||
T_Maxdepth = 344,
|
||||
T_Maxdist = 345,
|
||||
T_Maxmem = 346,
|
||||
T_Maxpoll = 347,
|
||||
T_Mdnstries = 348,
|
||||
T_Mem = 349,
|
||||
T_Memlock = 350,
|
||||
T_Minclock = 351,
|
||||
T_Mindepth = 352,
|
||||
T_Mindist = 353,
|
||||
T_Minimum = 354,
|
||||
T_Minpoll = 355,
|
||||
T_Minsane = 356,
|
||||
T_Mode = 357,
|
||||
T_Mode7 = 358,
|
||||
T_Monitor = 359,
|
||||
T_Month = 360,
|
||||
T_Mru = 361,
|
||||
T_Multicastclient = 362,
|
||||
T_Nic = 363,
|
||||
T_Nolink = 364,
|
||||
T_Nomodify = 365,
|
||||
T_Nomrulist = 366,
|
||||
T_None = 367,
|
||||
T_Nonvolatile = 368,
|
||||
T_Nopeer = 369,
|
||||
T_Noquery = 370,
|
||||
T_Noselect = 371,
|
||||
T_Noserve = 372,
|
||||
T_Notrap = 373,
|
||||
T_Notrust = 374,
|
||||
T_Ntp = 375,
|
||||
T_Ntpport = 376,
|
||||
T_NtpSignDsocket = 377,
|
||||
T_Orphan = 378,
|
||||
T_Orphanwait = 379,
|
||||
T_Panic = 380,
|
||||
T_Peer = 381,
|
||||
T_Peerstats = 382,
|
||||
T_Phone = 383,
|
||||
T_Pid = 384,
|
||||
T_Pidfile = 385,
|
||||
T_Pool = 386,
|
||||
T_Port = 387,
|
||||
T_Preempt = 388,
|
||||
T_Prefer = 389,
|
||||
T_Protostats = 390,
|
||||
T_Pw = 391,
|
||||
T_Randfile = 392,
|
||||
T_Rawstats = 393,
|
||||
T_Refid = 394,
|
||||
T_Requestkey = 395,
|
||||
T_Reset = 396,
|
||||
T_Restrict = 397,
|
||||
T_Revoke = 398,
|
||||
T_Rlimit = 399,
|
||||
T_Saveconfigdir = 400,
|
||||
T_Server = 401,
|
||||
T_Setvar = 402,
|
||||
T_Source = 403,
|
||||
T_Stacksize = 404,
|
||||
T_Statistics = 405,
|
||||
T_Stats = 406,
|
||||
T_Statsdir = 407,
|
||||
T_Step = 408,
|
||||
T_Stepback = 409,
|
||||
T_Stepfwd = 410,
|
||||
T_Stepout = 411,
|
||||
T_Stratum = 412,
|
||||
T_String = 413,
|
||||
T_Sys = 414,
|
||||
T_Sysstats = 415,
|
||||
T_Tick = 416,
|
||||
T_Time1 = 417,
|
||||
T_Time2 = 418,
|
||||
T_Timer = 419,
|
||||
T_Timingstats = 420,
|
||||
T_Tinker = 421,
|
||||
T_Tos = 422,
|
||||
T_Trap = 423,
|
||||
T_True = 424,
|
||||
T_Trustedkey = 425,
|
||||
T_Ttl = 426,
|
||||
T_Type = 427,
|
||||
T_U_int = 428,
|
||||
T_Unconfig = 429,
|
||||
T_Unpeer = 430,
|
||||
T_Version = 431,
|
||||
T_WanderThreshold = 432,
|
||||
T_Week = 433,
|
||||
T_Wildcard = 434,
|
||||
T_Xleave = 435,
|
||||
T_Year = 436,
|
||||
T_Flag = 437,
|
||||
T_EOC = 438,
|
||||
T_Simulate = 439,
|
||||
T_Beep_Delay = 440,
|
||||
T_Sim_Duration = 441,
|
||||
T_Server_Offset = 442,
|
||||
T_Duration = 443,
|
||||
T_Freq_Offset = 444,
|
||||
T_Wander = 445,
|
||||
T_Jitter = 446,
|
||||
T_Prop_Delay = 447,
|
||||
T_Proc_Delay = 448
|
||||
};
|
||||
/* Put the tokens into the symbol table, so that GDB and other debuggers
|
||||
know about them. */
|
||||
enum yytokentype {
|
||||
T_Abbrev = 258,
|
||||
T_Age = 259,
|
||||
T_All = 260,
|
||||
T_Allan = 261,
|
||||
T_Allpeers = 262,
|
||||
T_Auth = 263,
|
||||
T_Autokey = 264,
|
||||
T_Automax = 265,
|
||||
T_Average = 266,
|
||||
T_Bclient = 267,
|
||||
T_Beacon = 268,
|
||||
T_Broadcast = 269,
|
||||
T_Broadcastclient = 270,
|
||||
T_Broadcastdelay = 271,
|
||||
T_Burst = 272,
|
||||
T_Calibrate = 273,
|
||||
T_Ceiling = 274,
|
||||
T_Clockstats = 275,
|
||||
T_Cohort = 276,
|
||||
T_ControlKey = 277,
|
||||
T_Crypto = 278,
|
||||
T_Cryptostats = 279,
|
||||
T_Ctl = 280,
|
||||
T_Day = 281,
|
||||
T_Default = 282,
|
||||
T_Digest = 283,
|
||||
T_Disable = 284,
|
||||
T_Discard = 285,
|
||||
T_Dispersion = 286,
|
||||
T_Double = 287,
|
||||
T_Driftfile = 288,
|
||||
T_Drop = 289,
|
||||
T_Dscp = 290,
|
||||
T_Ellipsis = 291,
|
||||
T_Enable = 292,
|
||||
T_End = 293,
|
||||
T_False = 294,
|
||||
T_File = 295,
|
||||
T_Filegen = 296,
|
||||
T_Filenum = 297,
|
||||
T_Flag1 = 298,
|
||||
T_Flag2 = 299,
|
||||
T_Flag3 = 300,
|
||||
T_Flag4 = 301,
|
||||
T_Flake = 302,
|
||||
T_Floor = 303,
|
||||
T_Freq = 304,
|
||||
T_Fudge = 305,
|
||||
T_Host = 306,
|
||||
T_Huffpuff = 307,
|
||||
T_Iburst = 308,
|
||||
T_Ident = 309,
|
||||
T_Ignore = 310,
|
||||
T_Incalloc = 311,
|
||||
T_Incmem = 312,
|
||||
T_Initalloc = 313,
|
||||
T_Initmem = 314,
|
||||
T_Includefile = 315,
|
||||
T_Integer = 316,
|
||||
T_Interface = 317,
|
||||
T_Intrange = 318,
|
||||
T_Io = 319,
|
||||
T_Ipv4 = 320,
|
||||
T_Ipv4_flag = 321,
|
||||
T_Ipv6 = 322,
|
||||
T_Ipv6_flag = 323,
|
||||
T_Kernel = 324,
|
||||
T_Key = 325,
|
||||
T_Keys = 326,
|
||||
T_Keysdir = 327,
|
||||
T_Kod = 328,
|
||||
T_Mssntp = 329,
|
||||
T_Leapfile = 330,
|
||||
T_Leapsmearinterval = 331,
|
||||
T_Limited = 332,
|
||||
T_Link = 333,
|
||||
T_Listen = 334,
|
||||
T_Logconfig = 335,
|
||||
T_Logfile = 336,
|
||||
T_Loopstats = 337,
|
||||
T_Lowpriotrap = 338,
|
||||
T_Manycastclient = 339,
|
||||
T_Manycastserver = 340,
|
||||
T_Mask = 341,
|
||||
T_Maxage = 342,
|
||||
T_Maxclock = 343,
|
||||
T_Maxdepth = 344,
|
||||
T_Maxdist = 345,
|
||||
T_Maxmem = 346,
|
||||
T_Maxpoll = 347,
|
||||
T_Mdnstries = 348,
|
||||
T_Mem = 349,
|
||||
T_Memlock = 350,
|
||||
T_Minclock = 351,
|
||||
T_Mindepth = 352,
|
||||
T_Mindist = 353,
|
||||
T_Minimum = 354,
|
||||
T_Minpoll = 355,
|
||||
T_Minsane = 356,
|
||||
T_Mode = 357,
|
||||
T_Mode7 = 358,
|
||||
T_Monitor = 359,
|
||||
T_Month = 360,
|
||||
T_Mru = 361,
|
||||
T_Multicastclient = 362,
|
||||
T_Nic = 363,
|
||||
T_Nolink = 364,
|
||||
T_Nomodify = 365,
|
||||
T_Nomrulist = 366,
|
||||
T_None = 367,
|
||||
T_Nonvolatile = 368,
|
||||
T_Nopeer = 369,
|
||||
T_Noquery = 370,
|
||||
T_Noselect = 371,
|
||||
T_Noserve = 372,
|
||||
T_Notrap = 373,
|
||||
T_Notrust = 374,
|
||||
T_Ntp = 375,
|
||||
T_Ntpport = 376,
|
||||
T_NtpSignDsocket = 377,
|
||||
T_Orphan = 378,
|
||||
T_Orphanwait = 379,
|
||||
T_Panic = 380,
|
||||
T_Peer = 381,
|
||||
T_Peerstats = 382,
|
||||
T_Phone = 383,
|
||||
T_Pid = 384,
|
||||
T_Pidfile = 385,
|
||||
T_Pool = 386,
|
||||
T_Port = 387,
|
||||
T_Preempt = 388,
|
||||
T_Prefer = 389,
|
||||
T_Protostats = 390,
|
||||
T_Pw = 391,
|
||||
T_Randfile = 392,
|
||||
T_Rawstats = 393,
|
||||
T_Refid = 394,
|
||||
T_Requestkey = 395,
|
||||
T_Reset = 396,
|
||||
T_Restrict = 397,
|
||||
T_Revoke = 398,
|
||||
T_Rlimit = 399,
|
||||
T_Saveconfigdir = 400,
|
||||
T_Server = 401,
|
||||
T_Setvar = 402,
|
||||
T_Source = 403,
|
||||
T_Stacksize = 404,
|
||||
T_Statistics = 405,
|
||||
T_Stats = 406,
|
||||
T_Statsdir = 407,
|
||||
T_Step = 408,
|
||||
T_Stepback = 409,
|
||||
T_Stepfwd = 410,
|
||||
T_Stepout = 411,
|
||||
T_Stratum = 412,
|
||||
T_String = 413,
|
||||
T_Sys = 414,
|
||||
T_Sysstats = 415,
|
||||
T_Tick = 416,
|
||||
T_Time1 = 417,
|
||||
T_Time2 = 418,
|
||||
T_Timer = 419,
|
||||
T_Timingstats = 420,
|
||||
T_Tinker = 421,
|
||||
T_Tos = 422,
|
||||
T_Trap = 423,
|
||||
T_True = 424,
|
||||
T_Trustedkey = 425,
|
||||
T_Ttl = 426,
|
||||
T_Type = 427,
|
||||
T_U_int = 428,
|
||||
T_UEcrypto = 429,
|
||||
T_UEcryptonak = 430,
|
||||
T_UEdigest = 431,
|
||||
T_Unconfig = 432,
|
||||
T_Unpeer = 433,
|
||||
T_Version = 434,
|
||||
T_WanderThreshold = 435,
|
||||
T_Week = 436,
|
||||
T_Wildcard = 437,
|
||||
T_Xleave = 438,
|
||||
T_Year = 439,
|
||||
T_Flag = 440,
|
||||
T_EOC = 441,
|
||||
T_Simulate = 442,
|
||||
T_Beep_Delay = 443,
|
||||
T_Sim_Duration = 444,
|
||||
T_Server_Offset = 445,
|
||||
T_Duration = 446,
|
||||
T_Freq_Offset = 447,
|
||||
T_Wander = 448,
|
||||
T_Jitter = 449,
|
||||
T_Prop_Delay = 450,
|
||||
T_Proc_Delay = 451
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
#define T_Abbrev 258
|
||||
@ -410,33 +414,37 @@ extern int yydebug;
|
||||
#define T_Ttl 426
|
||||
#define T_Type 427
|
||||
#define T_U_int 428
|
||||
#define T_Unconfig 429
|
||||
#define T_Unpeer 430
|
||||
#define T_Version 431
|
||||
#define T_WanderThreshold 432
|
||||
#define T_Week 433
|
||||
#define T_Wildcard 434
|
||||
#define T_Xleave 435
|
||||
#define T_Year 436
|
||||
#define T_Flag 437
|
||||
#define T_EOC 438
|
||||
#define T_Simulate 439
|
||||
#define T_Beep_Delay 440
|
||||
#define T_Sim_Duration 441
|
||||
#define T_Server_Offset 442
|
||||
#define T_Duration 443
|
||||
#define T_Freq_Offset 444
|
||||
#define T_Wander 445
|
||||
#define T_Jitter 446
|
||||
#define T_Prop_Delay 447
|
||||
#define T_Proc_Delay 448
|
||||
#define T_UEcrypto 429
|
||||
#define T_UEcryptonak 430
|
||||
#define T_UEdigest 431
|
||||
#define T_Unconfig 432
|
||||
#define T_Unpeer 433
|
||||
#define T_Version 434
|
||||
#define T_WanderThreshold 435
|
||||
#define T_Week 436
|
||||
#define T_Wildcard 437
|
||||
#define T_Xleave 438
|
||||
#define T_Year 439
|
||||
#define T_Flag 440
|
||||
#define T_EOC 441
|
||||
#define T_Simulate 442
|
||||
#define T_Beep_Delay 443
|
||||
#define T_Sim_Duration 444
|
||||
#define T_Server_Offset 445
|
||||
#define T_Duration 446
|
||||
#define T_Freq_Offset 447
|
||||
#define T_Wander 448
|
||||
#define T_Jitter 449
|
||||
#define T_Prop_Delay 450
|
||||
#define T_Proc_Delay 451
|
||||
|
||||
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
union YYSTYPE
|
||||
typedef union YYSTYPE
|
||||
{
|
||||
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */
|
||||
/* Line 2053 of yacc.c */
|
||||
#line 51 "../../ntpd/ntp_parser.y"
|
||||
|
||||
char * String;
|
||||
double Double;
|
||||
@ -455,15 +463,29 @@ union YYSTYPE
|
||||
script_info * Sim_script;
|
||||
script_info_fifo * Sim_script_fifo;
|
||||
|
||||
#line 459 "../../ntpd/ntp_parser.h" /* yacc.c:1909 */
|
||||
};
|
||||
|
||||
/* Line 2053 of yacc.c */
|
||||
#line 469 "ntp_parser.h"
|
||||
} YYSTYPE;
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
# define YYSTYPE_IS_DECLARED 1
|
||||
#endif
|
||||
|
||||
|
||||
extern YYSTYPE yylval;
|
||||
|
||||
#ifdef YYPARSE_PARAM
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void *YYPARSE_PARAM);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#else /* ! YYPARSE_PARAM */
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#endif /* ! YYPARSE_PARAM */
|
||||
|
||||
#endif /* !YY_YY__NTPD_NTP_PARSER_H_INCLUDED */
|
||||
#endif /* !YY_YY_NTP_PARSER_H_INCLUDED */
|
||||
|
@ -153,6 +153,19 @@ u_long sys_declined; /* declined */
|
||||
u_long sys_limitrejected; /* rate exceeded */
|
||||
u_long sys_kodsent; /* KoD sent */
|
||||
|
||||
/*
|
||||
* Mechanism knobs: how soon do we unpeer()?
|
||||
*
|
||||
* The default way is "on-receipt". If this was a packet from a
|
||||
* well-behaved source, on-receipt will offer the fastest recovery.
|
||||
* If this was from a DoS attack, the default way makes it easier
|
||||
* for a bad-guy to DoS us. So look and see what bites you harder
|
||||
* and choose according to your environment.
|
||||
*/
|
||||
int unpeer_crypto_early = 1; /* bad crypto (TEST9) */
|
||||
int unpeer_crypto_nak_early = 1; /* crypto_NAK (TEST5) */
|
||||
int unpeer_digest_early = 1; /* bad digest (TEST5) */
|
||||
|
||||
static int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
|
||||
static double root_distance (struct peer *);
|
||||
static void clock_combine (peer_select *, int, int);
|
||||
@ -1157,6 +1170,7 @@ receive(
|
||||
|
||||
} else {
|
||||
peer->delay = sys_bdelay;
|
||||
peer->bxmt = p_xmt;
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -1177,6 +1191,7 @@ receive(
|
||||
sys_restricted++;
|
||||
return; /* ignore duplicate */
|
||||
}
|
||||
peer->bxmt = p_xmt;
|
||||
#ifdef AUTOKEY
|
||||
if (skeyid > NTP_MAXKEY)
|
||||
crypto_recv(peer, rbufp);
|
||||
@ -1286,6 +1301,73 @@ receive(
|
||||
return;
|
||||
}
|
||||
#endif /* AUTOKEY */
|
||||
|
||||
if (MODE_BROADCAST == hismode) {
|
||||
u_char poll;
|
||||
int bail = 0;
|
||||
l_fp tdiff;
|
||||
|
||||
DPRINTF(2, ("receive: PROCPKT/BROADCAST: prev pkt %ld seconds ago, ppoll: %d, %d secs\n",
|
||||
(current_time - peer->timelastrec),
|
||||
peer->ppoll, (1 << peer->ppoll)
|
||||
));
|
||||
/* Things we can check:
|
||||
*
|
||||
* Did the poll interval change?
|
||||
* Is the poll interval in the packet in-range?
|
||||
* Did this packet arrive too soon?
|
||||
* Is the timestamp in this packet monotonic
|
||||
* with respect to the previous packet?
|
||||
*/
|
||||
|
||||
/* This is noteworthy, not error-worthy */
|
||||
if (pkt->ppoll != peer->ppoll) {
|
||||
msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %ud to %ud",
|
||||
stoa(&rbufp->recv_srcadr),
|
||||
peer->ppoll, pkt->ppoll);
|
||||
}
|
||||
|
||||
poll = min(peer->maxpoll,
|
||||
max(peer->minpoll, pkt->ppoll));
|
||||
|
||||
/* This is error-worthy */
|
||||
if (pkt->ppoll != poll) {
|
||||
msyslog(LOG_INFO, "receive: broadcast poll of %ud from %s is out-of-range (%d to %d)!",
|
||||
pkt->ppoll, stoa(&rbufp->recv_srcadr),
|
||||
peer->minpoll, peer->maxpoll);
|
||||
++bail;
|
||||
}
|
||||
|
||||
if ( (current_time - peer->timelastrec)
|
||||
< (1 << pkt->ppoll)) {
|
||||
msyslog(LOG_INFO, "receive: broadcast packet from %s arrived after %ld, not %d seconds!",
|
||||
stoa(&rbufp->recv_srcadr),
|
||||
(current_time - peer->timelastrec),
|
||||
(1 << pkt->ppoll)
|
||||
);
|
||||
++bail;
|
||||
}
|
||||
|
||||
tdiff = p_xmt;
|
||||
L_SUB(&tdiff, &peer->bxmt);
|
||||
if (tdiff.l_i < 0) {
|
||||
msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x",
|
||||
stoa(&rbufp->recv_srcadr),
|
||||
peer->bxmt.l_ui, peer->bxmt.l_uf,
|
||||
p_xmt.l_ui, p_xmt.l_uf
|
||||
);
|
||||
++bail;
|
||||
}
|
||||
|
||||
peer->bxmt = p_xmt;
|
||||
|
||||
if (bail) {
|
||||
peer->timelastrec = current_time;
|
||||
sys_declined++;
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
/*
|
||||
@ -1362,7 +1444,12 @@ receive(
|
||||
/*
|
||||
* Basic mode checks:
|
||||
*
|
||||
* If there is no origin timestamp, it's an initial packet.
|
||||
* If there is no origin timestamp, it's either an initial packet
|
||||
* or we've already received a response to our query. Of course,
|
||||
* should 'aorg' be all-zero because this really was the original
|
||||
* transmit timestamp, we'll drop the reply. There is a window of
|
||||
* one nanosecond once every 136 years' time where this is possible.
|
||||
* We currently ignore this situation.
|
||||
*
|
||||
* Otherwise, check for bogus packet in basic mode.
|
||||
* If it is bogus, switch to interleaved mode and resynchronize,
|
||||
@ -1375,7 +1462,8 @@ receive(
|
||||
} else if (peer->flip == 0) {
|
||||
if (0 < hisstratum && L_ISZERO(&p_org)) {
|
||||
L_CLR(&peer->aorg);
|
||||
} else if (!L_ISEQU(&p_org, &peer->aorg)) {
|
||||
} else if ( L_ISZERO(&peer->aorg)
|
||||
|| !L_ISEQU(&p_org, &peer->aorg)) {
|
||||
peer->bogusorg++;
|
||||
peer->flash |= TEST2; /* bogus */
|
||||
msyslog(LOG_INFO,
|
||||
@ -1424,7 +1512,9 @@ receive(
|
||||
peer->flash |= TEST5; /* bad auth */
|
||||
peer->badauth++;
|
||||
if (peer->flags & FLAG_PREEMPT) {
|
||||
unpeer(peer);
|
||||
if (unpeer_crypto_nak_early) {
|
||||
unpeer(peer);
|
||||
}
|
||||
return;
|
||||
}
|
||||
#ifdef AUTOKEY
|
||||
@ -1450,7 +1540,9 @@ receive(
|
||||
&& (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
|
||||
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
|
||||
if (peer->flags & FLAG_PREEMPT) {
|
||||
unpeer(peer);
|
||||
if (unpeer_digest_early) {
|
||||
unpeer(peer);
|
||||
}
|
||||
return;
|
||||
}
|
||||
#ifdef AUTOKEY
|
||||
@ -1505,12 +1597,47 @@ receive(
|
||||
return; /* Drop any other kiss code packets */
|
||||
}
|
||||
|
||||
/*
|
||||
* If:
|
||||
* - this is a *cast (uni-, broad-, or m-) server packet
|
||||
* - and it's authenticated
|
||||
* then see if the sender's IP is trusted for this keyid.
|
||||
* If it is, great - nothing special to do here.
|
||||
* Otherwise, we should report and bail.
|
||||
*/
|
||||
|
||||
switch (hismode) {
|
||||
case MODE_SERVER: /* server mode */
|
||||
case MODE_BROADCAST: /* broadcast mode */
|
||||
case MODE_ACTIVE: /* symmetric active mode */
|
||||
if ( is_authentic == AUTH_OK
|
||||
&& !authistrustedip(skeyid, &peer->srcadr)) {
|
||||
report_event(PEVNT_AUTH, peer, "authIP");
|
||||
peer->badauth++;
|
||||
return;
|
||||
}
|
||||
break;
|
||||
|
||||
case MODE_UNSPEC: /* unspecified (old version) */
|
||||
case MODE_PASSIVE: /* symmetric passive mode */
|
||||
case MODE_CLIENT: /* client mode */
|
||||
#if 0 /* At this point, MODE_CONTROL is overloaded by MODE_BCLIENT */
|
||||
case MODE_CONTROL: /* control mode */
|
||||
#endif
|
||||
case MODE_PRIVATE: /* private mode */
|
||||
case MODE_BCLIENT: /* broadcast client mode */
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* That was hard and I am sweaty, but the packet is squeaky
|
||||
* clean. Get on with real work.
|
||||
*/
|
||||
peer->timereceived = current_time;
|
||||
peer->timelastrec = current_time;
|
||||
if (is_authentic == AUTH_OK)
|
||||
peer->flags |= FLAG_AUTHENTIC;
|
||||
else
|
||||
@ -1560,8 +1687,11 @@ receive(
|
||||
"crypto error");
|
||||
peer_clear(peer, "CRYP");
|
||||
peer->flash |= TEST9; /* bad crypt */
|
||||
if (peer->flags & FLAG_PREEMPT)
|
||||
unpeer(peer);
|
||||
if (peer->flags & FLAG_PREEMPT) {
|
||||
if (unpeer_crypto_early) {
|
||||
unpeer(peer);
|
||||
}
|
||||
}
|
||||
}
|
||||
return;
|
||||
}
|
||||
@ -4358,6 +4488,22 @@ proto_config(
|
||||
io_multicast_del(svalue);
|
||||
break;
|
||||
|
||||
/*
|
||||
* Unpeer Early policy choices
|
||||
*/
|
||||
|
||||
case PROTO_UECRYPTO: /* Crypto */
|
||||
unpeer_crypto_early = value;
|
||||
break;
|
||||
|
||||
case PROTO_UECRYPTONAK: /* Crypto_NAK */
|
||||
unpeer_crypto_nak_early = value;
|
||||
break;
|
||||
|
||||
case PROTO_UEDIGEST: /* Digest */
|
||||
unpeer_digest_early = value;
|
||||
break;
|
||||
|
||||
default:
|
||||
msyslog(LOG_NOTICE,
|
||||
"proto: unsupported option %d", item);
|
||||
|
@ -81,8 +81,8 @@ static void do_unconf (sockaddr_u *, endpt *, struct req_pkt *);
|
||||
static void set_sys_flag (sockaddr_u *, endpt *, struct req_pkt *);
|
||||
static void clr_sys_flag (sockaddr_u *, endpt *, struct req_pkt *);
|
||||
static void setclr_flags (sockaddr_u *, endpt *, struct req_pkt *, u_long);
|
||||
static void list_restrict4 (restrict_u *, struct info_restrict **);
|
||||
static void list_restrict6 (restrict_u *, struct info_restrict **);
|
||||
static void list_restrict4 (const restrict_u *, struct info_restrict **);
|
||||
static void list_restrict6 (const restrict_u *, struct info_restrict **);
|
||||
static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *);
|
||||
static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *);
|
||||
static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *);
|
||||
@ -667,43 +667,35 @@ list_peers(
|
||||
struct req_pkt *inpkt
|
||||
)
|
||||
{
|
||||
struct info_peer_list *ip;
|
||||
struct peer *pp;
|
||||
int skip = 0;
|
||||
struct info_peer_list * ip;
|
||||
const struct peer * pp;
|
||||
|
||||
ip = (struct info_peer_list *)prepare_pkt(srcadr, inter, inpkt,
|
||||
v6sizeof(struct info_peer_list));
|
||||
for (pp = peer_list; pp != NULL && ip != NULL; pp = pp->p_link) {
|
||||
if (IS_IPV6(&pp->srcadr)) {
|
||||
if (client_v6_capable) {
|
||||
ip->addr6 = SOCK_ADDR6(&pp->srcadr);
|
||||
ip->v6_flag = 1;
|
||||
skip = 0;
|
||||
} else {
|
||||
skip = 1;
|
||||
break;
|
||||
}
|
||||
if (!client_v6_capable)
|
||||
continue;
|
||||
ip->addr6 = SOCK_ADDR6(&pp->srcadr);
|
||||
ip->v6_flag = 1;
|
||||
} else {
|
||||
ip->addr = NSRCADR(&pp->srcadr);
|
||||
if (client_v6_capable)
|
||||
ip->v6_flag = 0;
|
||||
skip = 0;
|
||||
}
|
||||
|
||||
if (!skip) {
|
||||
ip->port = NSRCPORT(&pp->srcadr);
|
||||
ip->hmode = pp->hmode;
|
||||
ip->flags = 0;
|
||||
if (pp->flags & FLAG_CONFIG)
|
||||
ip->flags |= INFO_FLAG_CONFIG;
|
||||
if (pp == sys_peer)
|
||||
ip->flags |= INFO_FLAG_SYSPEER;
|
||||
if (pp->status == CTL_PST_SEL_SYNCCAND)
|
||||
ip->flags |= INFO_FLAG_SEL_CANDIDATE;
|
||||
if (pp->status >= CTL_PST_SEL_SYSPEER)
|
||||
ip->flags |= INFO_FLAG_SHORTLIST;
|
||||
ip = (struct info_peer_list *)more_pkt();
|
||||
}
|
||||
ip->port = NSRCPORT(&pp->srcadr);
|
||||
ip->hmode = pp->hmode;
|
||||
ip->flags = 0;
|
||||
if (pp->flags & FLAG_CONFIG)
|
||||
ip->flags |= INFO_FLAG_CONFIG;
|
||||
if (pp == sys_peer)
|
||||
ip->flags |= INFO_FLAG_SYSPEER;
|
||||
if (pp->status == CTL_PST_SEL_SYNCCAND)
|
||||
ip->flags |= INFO_FLAG_SEL_CANDIDATE;
|
||||
if (pp->status >= CTL_PST_SEL_SYSPEER)
|
||||
ip->flags |= INFO_FLAG_SHORTLIST;
|
||||
ip = (struct info_peer_list *)more_pkt();
|
||||
} /* for pp */
|
||||
|
||||
flush_pkt();
|
||||
@ -720,10 +712,9 @@ list_peers_sum(
|
||||
struct req_pkt *inpkt
|
||||
)
|
||||
{
|
||||
register struct info_peer_summary *ips;
|
||||
register struct peer *pp;
|
||||
l_fp ltmp;
|
||||
register int skip;
|
||||
struct info_peer_summary * ips;
|
||||
const struct peer * pp;
|
||||
l_fp ltmp;
|
||||
|
||||
DPRINTF(3, ("wants peer list summary\n"));
|
||||
|
||||
@ -736,18 +727,14 @@ list_peers_sum(
|
||||
* want only v4.
|
||||
*/
|
||||
if (IS_IPV6(&pp->srcadr)) {
|
||||
if (client_v6_capable) {
|
||||
ips->srcadr6 = SOCK_ADDR6(&pp->srcadr);
|
||||
ips->v6_flag = 1;
|
||||
if (pp->dstadr)
|
||||
ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin);
|
||||
else
|
||||
ZERO(ips->dstadr6);
|
||||
skip = 0;
|
||||
} else {
|
||||
skip = 1;
|
||||
break;
|
||||
}
|
||||
if (!client_v6_capable)
|
||||
continue;
|
||||
ips->srcadr6 = SOCK_ADDR6(&pp->srcadr);
|
||||
ips->v6_flag = 1;
|
||||
if (pp->dstadr)
|
||||
ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin);
|
||||
else
|
||||
ZERO(ips->dstadr6);
|
||||
} else {
|
||||
ips->srcadr = NSRCADR(&pp->srcadr);
|
||||
if (client_v6_capable)
|
||||
@ -765,39 +752,37 @@ list_peers_sum(
|
||||
ips->dstadr = NSRCADR(&pp->dstadr->bcast);
|
||||
}
|
||||
}
|
||||
} else
|
||||
} else {
|
||||
ips->dstadr = 0;
|
||||
|
||||
skip = 0;
|
||||
}
|
||||
}
|
||||
|
||||
if (!skip) {
|
||||
ips->srcport = NSRCPORT(&pp->srcadr);
|
||||
ips->stratum = pp->stratum;
|
||||
ips->hpoll = pp->hpoll;
|
||||
ips->ppoll = pp->ppoll;
|
||||
ips->reach = pp->reach;
|
||||
ips->flags = 0;
|
||||
if (pp == sys_peer)
|
||||
ips->flags |= INFO_FLAG_SYSPEER;
|
||||
if (pp->flags & FLAG_CONFIG)
|
||||
ips->flags |= INFO_FLAG_CONFIG;
|
||||
if (pp->flags & FLAG_REFCLOCK)
|
||||
ips->flags |= INFO_FLAG_REFCLOCK;
|
||||
if (pp->flags & FLAG_PREFER)
|
||||
ips->flags |= INFO_FLAG_PREFER;
|
||||
if (pp->flags & FLAG_BURST)
|
||||
ips->flags |= INFO_FLAG_BURST;
|
||||
if (pp->status == CTL_PST_SEL_SYNCCAND)
|
||||
ips->flags |= INFO_FLAG_SEL_CANDIDATE;
|
||||
if (pp->status >= CTL_PST_SEL_SYSPEER)
|
||||
ips->flags |= INFO_FLAG_SHORTLIST;
|
||||
ips->hmode = pp->hmode;
|
||||
ips->delay = HTONS_FP(DTOFP(pp->delay));
|
||||
DTOLFP(pp->offset, <mp);
|
||||
HTONL_FP(<mp, &ips->offset);
|
||||
ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp)));
|
||||
}
|
||||
ips->srcport = NSRCPORT(&pp->srcadr);
|
||||
ips->stratum = pp->stratum;
|
||||
ips->hpoll = pp->hpoll;
|
||||
ips->ppoll = pp->ppoll;
|
||||
ips->reach = pp->reach;
|
||||
ips->flags = 0;
|
||||
if (pp == sys_peer)
|
||||
ips->flags |= INFO_FLAG_SYSPEER;
|
||||
if (pp->flags & FLAG_CONFIG)
|
||||
ips->flags |= INFO_FLAG_CONFIG;
|
||||
if (pp->flags & FLAG_REFCLOCK)
|
||||
ips->flags |= INFO_FLAG_REFCLOCK;
|
||||
if (pp->flags & FLAG_PREFER)
|
||||
ips->flags |= INFO_FLAG_PREFER;
|
||||
if (pp->flags & FLAG_BURST)
|
||||
ips->flags |= INFO_FLAG_BURST;
|
||||
if (pp->status == CTL_PST_SEL_SYNCCAND)
|
||||
ips->flags |= INFO_FLAG_SEL_CANDIDATE;
|
||||
if (pp->status >= CTL_PST_SEL_SYSPEER)
|
||||
ips->flags |= INFO_FLAG_SHORTLIST;
|
||||
ips->hmode = pp->hmode;
|
||||
ips->delay = HTONS_FP(DTOFP(pp->delay));
|
||||
DTOLFP(pp->offset, <mp);
|
||||
HTONL_FP(<mp, &ips->offset);
|
||||
ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp)));
|
||||
|
||||
ips = (struct info_peer_summary *)more_pkt();
|
||||
} /* for pp */
|
||||
|
||||
@ -1197,7 +1182,7 @@ mem_stats(
|
||||
ms->hashcount[i] = (u_char)
|
||||
max((u_int)peer_hash_count[i], UCHAR_MAX);
|
||||
|
||||
more_pkt();
|
||||
(void) more_pkt();
|
||||
flush_pkt();
|
||||
}
|
||||
|
||||
@ -1285,7 +1270,7 @@ loop_info(
|
||||
li->compliance = htonl((u_int32)(tc_counter));
|
||||
li->watchdog_timer = htonl((u_int32)(current_time - sys_epoch));
|
||||
|
||||
more_pkt();
|
||||
(void) more_pkt();
|
||||
flush_pkt();
|
||||
}
|
||||
|
||||
@ -1571,56 +1556,143 @@ setclr_flags(
|
||||
req_ack(srcadr, inter, inpkt, INFO_OKAY);
|
||||
}
|
||||
|
||||
/* There have been some issues with the restrict list processing,
|
||||
* ranging from problems with deep recursion (resulting in stack
|
||||
* overflows) and overfull reply buffers.
|
||||
*
|
||||
* To avoid this trouble the list reversal is done iteratively using a
|
||||
* scratch pad.
|
||||
*/
|
||||
typedef struct RestrictStack RestrictStackT;
|
||||
struct RestrictStack {
|
||||
RestrictStackT *link;
|
||||
size_t fcnt;
|
||||
const restrict_u *pres[63];
|
||||
};
|
||||
|
||||
static size_t
|
||||
getStackSheetSize(
|
||||
RestrictStackT *sp
|
||||
)
|
||||
{
|
||||
if (sp)
|
||||
return sizeof(sp->pres)/sizeof(sp->pres[0]);
|
||||
return 0u;
|
||||
}
|
||||
|
||||
static int/*BOOL*/
|
||||
pushRestriction(
|
||||
RestrictStackT **spp,
|
||||
const restrict_u *ptr
|
||||
)
|
||||
{
|
||||
RestrictStackT *sp;
|
||||
|
||||
if (NULL == (sp = *spp) || 0 == sp->fcnt) {
|
||||
/* need another sheet in the scratch pad */
|
||||
sp = emalloc(sizeof(*sp));
|
||||
sp->link = *spp;
|
||||
sp->fcnt = getStackSheetSize(sp);
|
||||
*spp = sp;
|
||||
}
|
||||
sp->pres[--sp->fcnt] = ptr;
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static int/*BOOL*/
|
||||
popRestriction(
|
||||
RestrictStackT **spp,
|
||||
const restrict_u **opp
|
||||
)
|
||||
{
|
||||
RestrictStackT *sp;
|
||||
|
||||
if (NULL == (sp = *spp) || sp->fcnt >= getStackSheetSize(sp))
|
||||
return FALSE;
|
||||
|
||||
*opp = sp->pres[sp->fcnt++];
|
||||
if (sp->fcnt >= getStackSheetSize(sp)) {
|
||||
/* discard sheet from scratch pad */
|
||||
*spp = sp->link;
|
||||
free(sp);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
static void
|
||||
flushRestrictionStack(
|
||||
RestrictStackT **spp
|
||||
)
|
||||
{
|
||||
RestrictStackT *sp;
|
||||
|
||||
while (NULL != (sp = *spp)) {
|
||||
*spp = sp->link;
|
||||
free(sp);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* list_restrict4 - recursive helper for list_restrict dumps IPv4
|
||||
* list_restrict4 - iterative helper for list_restrict dumps IPv4
|
||||
* restriction list in reverse order.
|
||||
*/
|
||||
static void
|
||||
list_restrict4(
|
||||
restrict_u * res,
|
||||
const restrict_u * res,
|
||||
struct info_restrict ** ppir
|
||||
)
|
||||
{
|
||||
RestrictStackT * rpad;
|
||||
struct info_restrict * pir;
|
||||
|
||||
if (res->link != NULL)
|
||||
list_restrict4(res->link, ppir);
|
||||
|
||||
pir = *ppir;
|
||||
pir->addr = htonl(res->u.v4.addr);
|
||||
if (client_v6_capable)
|
||||
pir->v6_flag = 0;
|
||||
pir->mask = htonl(res->u.v4.mask);
|
||||
pir->count = htonl(res->count);
|
||||
pir->flags = htons(res->flags);
|
||||
pir->mflags = htons(res->mflags);
|
||||
*ppir = (struct info_restrict *)more_pkt();
|
||||
for (rpad = NULL; res; res = res->link)
|
||||
if (!pushRestriction(&rpad, res))
|
||||
break;
|
||||
|
||||
while (pir && popRestriction(&rpad, &res)) {
|
||||
pir->addr = htonl(res->u.v4.addr);
|
||||
if (client_v6_capable)
|
||||
pir->v6_flag = 0;
|
||||
pir->mask = htonl(res->u.v4.mask);
|
||||
pir->count = htonl(res->count);
|
||||
pir->flags = htons(res->flags);
|
||||
pir->mflags = htons(res->mflags);
|
||||
pir = (struct info_restrict *)more_pkt();
|
||||
}
|
||||
flushRestrictionStack(&rpad);
|
||||
*ppir = pir;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* list_restrict6 - recursive helper for list_restrict dumps IPv6
|
||||
* list_restrict6 - iterative helper for list_restrict dumps IPv6
|
||||
* restriction list in reverse order.
|
||||
*/
|
||||
static void
|
||||
list_restrict6(
|
||||
restrict_u * res,
|
||||
const restrict_u * res,
|
||||
struct info_restrict ** ppir
|
||||
)
|
||||
{
|
||||
RestrictStackT * rpad;
|
||||
struct info_restrict * pir;
|
||||
|
||||
if (res->link != NULL)
|
||||
list_restrict6(res->link, ppir);
|
||||
|
||||
pir = *ppir;
|
||||
pir->addr6 = res->u.v6.addr;
|
||||
pir->mask6 = res->u.v6.mask;
|
||||
pir->v6_flag = 1;
|
||||
pir->count = htonl(res->count);
|
||||
pir->flags = htons(res->flags);
|
||||
pir->mflags = htons(res->mflags);
|
||||
*ppir = (struct info_restrict *)more_pkt();
|
||||
for (rpad = NULL; res; res = res->link)
|
||||
if (!pushRestriction(&rpad, res))
|
||||
break;
|
||||
|
||||
while (pir && popRestriction(&rpad, &res)) {
|
||||
pir->addr6 = res->u.v6.addr;
|
||||
pir->mask6 = res->u.v6.mask;
|
||||
pir->v6_flag = 1;
|
||||
pir->count = htonl(res->count);
|
||||
pir->flags = htons(res->flags);
|
||||
pir->mflags = htons(res->mflags);
|
||||
pir = (struct info_restrict *)more_pkt();
|
||||
}
|
||||
flushRestrictionStack(&rpad);
|
||||
*ppir = pir;
|
||||
}
|
||||
|
||||
|
||||
@ -1644,8 +1716,7 @@ list_restrict(
|
||||
/*
|
||||
* The restriction lists are kept sorted in the reverse order
|
||||
* than they were originally. To preserve the output semantics,
|
||||
* dump each list in reverse order. A recursive helper function
|
||||
* achieves that.
|
||||
* dump each list in reverse order. The workers take care of that.
|
||||
*/
|
||||
list_restrict4(restrictlist4, &ir);
|
||||
if (client_v6_capable)
|
||||
@ -2010,7 +2081,7 @@ do_trustkey(
|
||||
register int items;
|
||||
|
||||
items = INFO_NITEMS(inpkt->err_nitems);
|
||||
kp = (uint32_t*)&inpkt->u;
|
||||
kp = (uint32_t *)&inpkt->u;
|
||||
while (items-- > 0) {
|
||||
authtrust(*kp, trust);
|
||||
kp++;
|
||||
@ -2089,7 +2160,7 @@ req_get_traps(
|
||||
it = (struct info_trap *)prepare_pkt(srcadr, inter, inpkt,
|
||||
v6sizeof(struct info_trap));
|
||||
|
||||
for (i = 0, tr = ctl_traps; i < COUNTOF(ctl_traps); i++, tr++) {
|
||||
for (i = 0, tr = ctl_traps; it && i < COUNTOF(ctl_traps); i++, tr++) {
|
||||
if (tr->tr_flags & TRAP_INUSE) {
|
||||
if (IS_IPV4(&tr->tr_addr)) {
|
||||
if (tr->tr_localaddr == any_interface)
|
||||
@ -2405,7 +2476,7 @@ get_clock_info(
|
||||
ic = (struct info_clock *)prepare_pkt(srcadr, inter, inpkt,
|
||||
sizeof(struct info_clock));
|
||||
|
||||
while (items-- > 0) {
|
||||
while (items-- > 0 && ic) {
|
||||
NSRCADR(&addr) = *clkaddr++;
|
||||
if (!ISREFCLOCKADR(&addr) || NULL ==
|
||||
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
|
||||
@ -2544,7 +2615,7 @@ get_clkbug_info(
|
||||
ic = (struct info_clkbug *)prepare_pkt(srcadr, inter, inpkt,
|
||||
sizeof(struct info_clkbug));
|
||||
|
||||
while (items-- > 0) {
|
||||
while (items-- > 0 && ic) {
|
||||
NSRCADR(&addr) = *clkaddr++;
|
||||
if (!ISREFCLOCKADR(&addr) || NULL ==
|
||||
findexistingpeer(&addr, NULL, NULL, -1, 0)) {
|
||||
@ -2592,13 +2663,15 @@ fill_info_if_stats(void *data, interface_info_t *interface_info)
|
||||
struct info_if_stats **ifsp = (struct info_if_stats **)data;
|
||||
struct info_if_stats *ifs = *ifsp;
|
||||
endpt *ep = interface_info->ep;
|
||||
|
||||
if (NULL == ifs)
|
||||
return;
|
||||
|
||||
ZERO(*ifs);
|
||||
|
||||
if (IS_IPV6(&ep->sin)) {
|
||||
if (!client_v6_capable) {
|
||||
if (!client_v6_capable)
|
||||
return;
|
||||
}
|
||||
ifs->v6_flag = 1;
|
||||
ifs->unaddr.addr6 = SOCK_ADDR6(&ep->sin);
|
||||
ifs->unbcast.addr6 = SOCK_ADDR6(&ep->bcast);
|
||||
|
@ -669,7 +669,7 @@ int
|
||||
yylex(void)
|
||||
{
|
||||
static follby followedby = FOLLBY_TOKEN;
|
||||
int i;
|
||||
size_t i;
|
||||
int instring;
|
||||
int yylval_was_set;
|
||||
int converted;
|
||||
|
@ -549,14 +549,16 @@ check_leapsec(
|
||||
#ifdef LEAP_SMEAR
|
||||
leap_smear.enabled = leap_smear_intv != 0;
|
||||
#endif
|
||||
if (reset) {
|
||||
if (reset) {
|
||||
lsprox = LSPROX_NOWARN;
|
||||
leapsec_reset_frame();
|
||||
memset(&lsdata, 0, sizeof(lsdata));
|
||||
} else {
|
||||
int fired = leapsec_query(&lsdata, now, tpiv);
|
||||
int fired;
|
||||
|
||||
DPRINTF(1, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n",
|
||||
fired = leapsec_query(&lsdata, now, tpiv);
|
||||
|
||||
DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n",
|
||||
fired, now, now, lsdata.tai_diff, lsdata.ddist));
|
||||
|
||||
#ifdef LEAP_SMEAR
|
||||
@ -572,8 +574,7 @@ check_leapsec(
|
||||
DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n",
|
||||
leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end));
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
if (leap_smear.interval)
|
||||
DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n"));
|
||||
leap_smear.interval = 0;
|
||||
@ -655,10 +656,10 @@ check_leapsec(
|
||||
sys_tai = lsdata.tai_offs;
|
||||
} else {
|
||||
#ifdef AUTOKEY
|
||||
update_autokey = (sys_tai != lsdata.tai_offs);
|
||||
update_autokey = (sys_tai != (u_int)lsdata.tai_offs);
|
||||
#endif
|
||||
lsprox = lsdata.proximity;
|
||||
sys_tai = lsdata.tai_offs;
|
||||
lsprox = lsdata.proximity;
|
||||
sys_tai = lsdata.tai_offs;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed January 7, 2016 at 11:28:29 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed January 20, 2016 at 04:15:45 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpd-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -18,7 +18,7 @@
|
||||
* The ntpd program is copyrighted and licensed
|
||||
* under the following terms:
|
||||
*
|
||||
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* This is free software. It is licensed for use, modification and
|
||||
* redistribution under the terms of the NTP License, copies of which
|
||||
* can be seen at:
|
||||
@ -75,8 +75,8 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpd options
|
||||
*/
|
||||
static char const ntpd_opt_strs[3129] =
|
||||
/* 0 */ "ntpd 4.2.8p5\n"
|
||||
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
/* 0 */ "ntpd 4.2.8p6\n"
|
||||
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
"can be seen at:\n"
|
||||
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] =
|
||||
/* 2900 */ "output version information and exit\0"
|
||||
/* 2936 */ "version\0"
|
||||
/* 2944 */ "NTPD\0"
|
||||
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p5\n"
|
||||
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p6\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
|
||||
"\t\t[ <server1> ... <serverN> ]\n\0"
|
||||
/* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 3114 */ "\n\0"
|
||||
/* 3116 */ "ntpd 4.2.8p5";
|
||||
/* 3116 */ "ntpd 4.2.8p6";
|
||||
|
||||
/**
|
||||
* ipv4 option description with
|
||||
@ -1529,8 +1529,8 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpdOptions.pzCopyright */
|
||||
puts(_("ntpd 4.2.8p5\n\
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
puts(_("ntpd 4.2.8p6\n\
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
can be seen at:\n"));
|
||||
@ -1670,7 +1670,7 @@ implied warranty.\n"));
|
||||
puts(_("output version information and exit"));
|
||||
|
||||
/* referenced via ntpdOptions.pzUsageTitle */
|
||||
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p5\n\
|
||||
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p6\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
|
||||
\t\t[ <server1> ... <serverN> ]\n"));
|
||||
|
||||
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
|
||||
puts(_("\n"));
|
||||
|
||||
/* referenced via ntpdOptions.pzFullVersion */
|
||||
puts(_("ntpd 4.2.8p5"));
|
||||
puts(_("ntpd 4.2.8p6"));
|
||||
|
||||
/* referenced via ntpdOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed January 7, 2016 at 11:28:28 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed January 20, 2016 at 04:15:43 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpd-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -18,7 +18,7 @@
|
||||
* The ntpd program is copyrighted and licensed
|
||||
* under the following terms:
|
||||
*
|
||||
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* This is free software. It is licensed for use, modification and
|
||||
* redistribution under the terms of the NTP License, copies of which
|
||||
* can be seen at:
|
||||
@ -106,9 +106,9 @@ typedef enum {
|
||||
/** count of all options for ntpd */
|
||||
#define OPTION_CT 38
|
||||
/** ntpd version */
|
||||
#define NTPD_VERSION "4.2.8p5"
|
||||
#define NTPD_VERSION "4.2.8p6"
|
||||
/** Full ntpd version text */
|
||||
#define NTPD_FULL_VERSION "ntpd 4.2.8p5"
|
||||
#define NTPD_FULL_VERSION "ntpd 4.2.8p6"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpd 1ntpdman "07 Jan 2016" "4.2.8p5" "User Commands"
|
||||
.TH ntpd 1ntpdman "20 Jan 2016" "4.2.8p6" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9JaiRS/ag-jKaaQS)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:17:54 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -979,7 +979,7 @@ RFC5908
|
||||
.SH "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH BUGS
|
||||
The
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTPD 1ntpdmdoc User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:02 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:12 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -886,7 +886,7 @@ A snapshot of this documentation is available in HTML format in
|
||||
.Sh "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh BUGS
|
||||
The
|
||||
|
@ -209,6 +209,11 @@ extern int syscall (int, ...);
|
||||
|
||||
|
||||
#if !defined(SIM) && defined(SIGDIE1)
|
||||
static volatile int signalled = 0;
|
||||
static volatile int signo = 0;
|
||||
|
||||
/* In an ideal world, 'finish_safe()' would declared as noreturn... */
|
||||
static void finish_safe (int);
|
||||
static RETSIGTYPE finish (int);
|
||||
#endif
|
||||
|
||||
@ -298,11 +303,28 @@ my_pthread_warmup_worker(
|
||||
static void
|
||||
my_pthread_warmup(void)
|
||||
{
|
||||
pthread_t thread;
|
||||
int rc;
|
||||
pthread_t thread;
|
||||
pthread_attr_t thr_attr;
|
||||
int rc;
|
||||
|
||||
pthread_attr_init(&thr_attr);
|
||||
#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
|
||||
defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \
|
||||
defined(PTHREAD_STACK_MIN)
|
||||
rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN);
|
||||
if (0 != rc)
|
||||
msyslog(LOG_ERR,
|
||||
"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
|
||||
strerror(rc));
|
||||
#endif
|
||||
rc = pthread_create(
|
||||
&thread, NULL, my_pthread_warmup_worker, NULL);
|
||||
if (0 == rc) {
|
||||
&thread, &thr_attr, my_pthread_warmup_worker, NULL);
|
||||
pthread_attr_destroy(&thr_attr);
|
||||
if (0 != rc) {
|
||||
msyslog(LOG_ERR,
|
||||
"my_pthread_warmup: pthread_create() -> %s",
|
||||
strerror(rc));
|
||||
} else {
|
||||
pthread_cancel(thread);
|
||||
pthread_join(thread, NULL);
|
||||
}
|
||||
@ -1204,6 +1226,10 @@ int scmp_sc[] = {
|
||||
# ifdef HAVE_IO_COMPLETION_PORT
|
||||
|
||||
for (;;) {
|
||||
#if !defined(SIM) && defined(SIGDIE1)
|
||||
if (signalled)
|
||||
finish_safe(signo);
|
||||
#endif
|
||||
GetReceivedBuffers();
|
||||
# else /* normal I/O */
|
||||
|
||||
@ -1211,11 +1237,19 @@ int scmp_sc[] = {
|
||||
was_alarmed = FALSE;
|
||||
|
||||
for (;;) {
|
||||
#if !defined(SIM) && defined(SIGDIE1)
|
||||
if (signalled)
|
||||
finish_safe(signo);
|
||||
#endif
|
||||
if (alarm_flag) { /* alarmed? */
|
||||
was_alarmed = TRUE;
|
||||
alarm_flag = FALSE;
|
||||
}
|
||||
|
||||
/* collect async name/addr results */
|
||||
if (!was_alarmed)
|
||||
harvest_blocking_responses();
|
||||
|
||||
if (!was_alarmed && !has_full_recv_buffer()) {
|
||||
/*
|
||||
* Nothing to do. Wait for something.
|
||||
@ -1330,9 +1364,9 @@ int scmp_sc[] = {
|
||||
/*
|
||||
* finish - exit gracefully
|
||||
*/
|
||||
static RETSIGTYPE
|
||||
finish(
|
||||
int sig
|
||||
static void
|
||||
finish_safe(
|
||||
int sig
|
||||
)
|
||||
{
|
||||
const char *sig_desc;
|
||||
@ -1353,6 +1387,16 @@ finish(
|
||||
peer_cleanup();
|
||||
exit(0);
|
||||
}
|
||||
|
||||
static RETSIGTYPE
|
||||
finish(
|
||||
int sig
|
||||
)
|
||||
{
|
||||
signalled = 1;
|
||||
signo = sig;
|
||||
}
|
||||
|
||||
#endif /* !SIM && SIGDIE1 */
|
||||
|
||||
|
||||
|
@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
|
||||
symmetric and broadcast modes, and with both symmetric-key and public-key
|
||||
cryptography.
|
||||
|
||||
<p>This document applies to version 4.2.8p5 of <code>ntpd</code>.
|
||||
<p>This document applies to version 4.2.8p6 of <code>ntpd</code>.
|
||||
|
||||
<ul class="menu">
|
||||
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
|
||||
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
|
||||
used to select the program, defaulting to <span class="file">more</span>. Both will exit
|
||||
with a status code of 0.
|
||||
|
||||
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p4
|
||||
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p5
|
||||
Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
|
||||
[ <server1> ... <serverN> ]
|
||||
Flg Arg Option-Name Description
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpd @NTPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
|
||||
.TH ntpd @NTPD_MS@ "20 Jan 2016" "4.2.8p6" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9JaiRS/ag-jKaaQS)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:17:54 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -979,7 +979,7 @@ RFC5908
|
||||
.SH "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH BUGS
|
||||
The
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTPD @NTPD_MS@ User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:02 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:12 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -886,7 +886,7 @@ A snapshot of this documentation is available in HTML format in
|
||||
.Sh "AUTHORS"
|
||||
The University of Delaware and Network Time Foundation
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh BUGS
|
||||
The
|
||||
|
@ -1264,7 +1264,7 @@ chu_a(
|
||||
offset = up->charstamp;
|
||||
else if (k > 0)
|
||||
i = 1;
|
||||
for (; i < nchar && i < k + 10; i++) {
|
||||
for (; i < nchar && (i - 10) < k; i++) {
|
||||
up->tstamp[up->ntstamp] = up->cstamp[i];
|
||||
L_SUB(&up->tstamp[up->ntstamp], &offset);
|
||||
L_ADD(&offset, &up->charstamp);
|
||||
|
@ -377,17 +377,6 @@ static int16_t clamped_precision(int rawprec);
|
||||
* local / static stuff
|
||||
*/
|
||||
|
||||
/* The logon string is actually the ?WATCH command of GPSD, using JSON
|
||||
* data and selecting the GPS device name we created from our unit
|
||||
* number. We have an old a newer version that request PPS (and TOFF)
|
||||
* transmission.
|
||||
* Note: These are actually format strings!
|
||||
*/
|
||||
static const char * const s_req_watch[2] = {
|
||||
"?WATCH={\"device\":\"%s\",\"enable\":true,\"json\":true};\r\n",
|
||||
"?WATCH={\"device\":\"%s\",\"enable\":true,\"json\":true,\"pps\":true};\r\n"
|
||||
};
|
||||
|
||||
static const char * const s_req_version =
|
||||
"?VERSION;\r\n";
|
||||
|
||||
@ -1147,7 +1136,7 @@ json_token_skip(
|
||||
const json_ctx * ctx,
|
||||
tok_ref tid)
|
||||
{
|
||||
if (tid >= 0 && tid < ctx->ntok) {
|
||||
if (tid >= 0 && (u_int)tid < ctx->ntok) {
|
||||
int len = ctx->tok[tid].size;
|
||||
/* For arrays and objects, the size is the number of
|
||||
* ITEMS in the compound. Thats the number of objects in
|
||||
@ -1172,7 +1161,10 @@ json_token_skip(
|
||||
++tid;
|
||||
break;
|
||||
}
|
||||
if (tid > ctx->ntok) /* Impossible? Paranoia rulez. */
|
||||
/* The next condition should never be true, but paranoia
|
||||
* prevails...
|
||||
*/
|
||||
if (tid < 0 || (u_int)tid > ctx->ntok)
|
||||
tid = ctx->ntok;
|
||||
}
|
||||
return tid;
|
||||
@ -1200,7 +1192,7 @@ json_object_lookup(
|
||||
tid = json_token_skip(ctx, tid); /* skip val */
|
||||
} else if (strcmp(key, ctx->buf + ctx->tok[tid].start)) {
|
||||
tid = json_token_skip(ctx, tid+1); /* skip key+val */
|
||||
} else if (what < 0 || what == ctx->tok[tid+1].type) {
|
||||
} else if (what < 0 || (u_int)what == ctx->tok[tid+1].type) {
|
||||
return tid + 1;
|
||||
} else {
|
||||
break;
|
||||
@ -1513,8 +1505,14 @@ process_version(
|
||||
if (up->fl_watch)
|
||||
return;
|
||||
|
||||
/* The logon string is actually the ?WATCH command of GPSD,
|
||||
* using JSON data and selecting the GPS device name we created
|
||||
* from our unit number. We have an old a newer version that
|
||||
* request PPS (and TOFF) transmission.
|
||||
*/
|
||||
snprintf(up->buffer, sizeof(up->buffer),
|
||||
s_req_watch[up->pf_toff != 0], up->device);
|
||||
"?WATCH={\"device\":\"%s\",\"enable\":true,\"json\":true%s};\r\n",
|
||||
up->device, (up->pf_toff ? ",\"pps\":true" : ""));
|
||||
buf = up->buffer;
|
||||
len = strlen(buf);
|
||||
log_data(peer, "send", buf, len);
|
||||
|
@ -149,8 +149,8 @@
|
||||
*/
|
||||
|
||||
struct jjyRawDataBreak {
|
||||
char *pString ;
|
||||
int iLength ;
|
||||
const char * pString ;
|
||||
int iLength ;
|
||||
} ;
|
||||
|
||||
#define MAX_TIMESTAMP 6
|
||||
@ -627,7 +627,7 @@ jjy_receive ( struct recvbuf *rbufp )
|
||||
#ifdef DEBUG
|
||||
printf( "\nrefclock_jjy.c : %s : Len=%d ", sFunctionName, pp->lencode ) ;
|
||||
for ( i = 0 ; i < pp->lencode ; i ++ ) {
|
||||
if ( iscntrl( pp->a_lastcode[i] & 0x7F ) ) {
|
||||
if ( iscntrl( (u_char)(pp->a_lastcode[i] & 0x7F) ) ) {
|
||||
printf( "<x%02X>", pp->a_lastcode[i] & 0xFF ) ;
|
||||
} else {
|
||||
printf( "%c", pp->a_lastcode[i] ) ;
|
||||
@ -702,7 +702,7 @@ jjy_receive ( struct recvbuf *rbufp )
|
||||
up->iLineBufLen ++ ;
|
||||
|
||||
/* Copy printable characters */
|
||||
if ( ! iscntrl( up->sRawBuf[i] ) ) {
|
||||
if ( ! iscntrl( (u_char)up->sRawBuf[i] ) ) {
|
||||
up->sTextBuf[up->iTextBufLen] = up->sRawBuf[i] ;
|
||||
up->iTextBufLen ++ ;
|
||||
}
|
||||
@ -1154,12 +1154,13 @@ jjy_receive_tristate_jjy01 ( struct recvbuf *rbufp )
|
||||
struct refclockproc *pp ;
|
||||
struct peer *peer;
|
||||
|
||||
char *pBuf, sLog [ 100 ] ;
|
||||
int iLen ;
|
||||
int rc ;
|
||||
char * pBuf ;
|
||||
char sLog [ 100 ] ;
|
||||
int iLen ;
|
||||
int rc ;
|
||||
|
||||
const char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
/* Initialize pointers */
|
||||
|
||||
@ -1359,8 +1360,8 @@ jjy_poll_tristate_jjy01 ( int unit, struct peer *peer )
|
||||
struct refclockproc *pp ;
|
||||
struct jjyunit *up ;
|
||||
|
||||
const char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
pp = peer->procptr;
|
||||
up = pp->unitptr ;
|
||||
@ -2010,12 +2011,13 @@ jjy_receive_tristate_gpsclock01 ( struct recvbuf *rbufp )
|
||||
struct refclockproc *pp ;
|
||||
struct peer *peer;
|
||||
|
||||
char *pBuf, sLog [ 100 ] ;
|
||||
int iLen ;
|
||||
int rc ;
|
||||
char * pBuf ;
|
||||
char sLog [ 100 ] ;
|
||||
int iLen ;
|
||||
int rc ;
|
||||
|
||||
const char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
/* Initialize pointers */
|
||||
|
||||
@ -2239,8 +2241,8 @@ jjy_poll_tristate_gpsclock01 ( int unit, struct peer *peer )
|
||||
struct refclockproc *pp ;
|
||||
struct jjyunit *up ;
|
||||
|
||||
const char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
pp = peer->procptr ;
|
||||
up = pp->unitptr ;
|
||||
@ -2576,7 +2578,7 @@ static int teljjy_bye_ignore ( struct peer *peer, struct refclockproc *, struct
|
||||
static int teljjy_bye_disc ( struct peer *peer, struct refclockproc *, struct jjyunit * ) ;
|
||||
static int teljjy_bye_modem ( struct peer *peer, struct refclockproc *, struct jjyunit * ) ;
|
||||
|
||||
static int ( *pTeljjyHandler [ ] [ 5 ] ) ( ) =
|
||||
static int ( *pTeljjyHandler [ ] [ 5 ] ) ( struct peer *, struct refclockproc *, struct jjyunit *) =
|
||||
{ /*STATE_IDLE STATE_DAILOUT STATE_LOGIN STATE_CONNECT STATE_BYE */
|
||||
/* NULL */ { teljjy_idle_ignore , teljjy_dial_ignore, teljjy_login_ignore, teljjy_conn_ignore, teljjy_bye_ignore },
|
||||
/* START */ { teljjy_idle_dialout, teljjy_dial_ignore, teljjy_login_ignore, teljjy_conn_ignore, teljjy_bye_ignore },
|
||||
@ -2715,12 +2717,12 @@ jjy_start_telephone ( int unit, struct peer *peer, struct jjyunit *up )
|
||||
|
||||
iNumberOfDigitsOfPhoneNumber = iCommaCount = iCommaPosition = iFirstThreeDigitsCount = 0 ;
|
||||
for ( i = 0 ; i < strlen( sys_phone[0] ) ; i ++ ) {
|
||||
if ( isdigit( *(sys_phone[0]+i) ) ) {
|
||||
if ( isdigit( (u_char)sys_phone[0][i] ) ) {
|
||||
if ( iFirstThreeDigitsCount < sizeof(sFirstThreeDigits)-1 ) {
|
||||
sFirstThreeDigits[iFirstThreeDigitsCount++] = *(sys_phone[0]+i) ;
|
||||
sFirstThreeDigits[iFirstThreeDigitsCount++] = sys_phone[0][i] ;
|
||||
}
|
||||
iNumberOfDigitsOfPhoneNumber ++ ;
|
||||
} else if ( *(sys_phone[0]+i) == ',' ) {
|
||||
} else if ( sys_phone[0][i] == ',' ) {
|
||||
iCommaCount ++ ;
|
||||
if ( iCommaCount > 1 ) {
|
||||
msyslog( LOG_ERR, "refclock_jjy.c : jjy_start_telephone : phone in the ntpd.conf should be zero or one comma." ) ;
|
||||
@ -2729,7 +2731,7 @@ jjy_start_telephone ( int unit, struct peer *peer, struct jjyunit *up )
|
||||
}
|
||||
iFirstThreeDigitsCount = 0 ;
|
||||
iCommaPosition = i ;
|
||||
} else if ( *(sys_phone[0]+i) != '-' ) {
|
||||
} else if ( sys_phone[0][i] != '-' ) {
|
||||
msyslog( LOG_ERR, "refclock_jjy.c : jjy_start_telephone : phone in the ntpd.conf should be a number or a hyphen." ) ;
|
||||
up->bInitError = TRUE ;
|
||||
return 1 ;
|
||||
@ -3213,8 +3215,8 @@ static int
|
||||
teljjy_login_login ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
|
||||
{
|
||||
|
||||
char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
DEBUG_TELJJY_PRINTF( "teljjy_login_login" ) ;
|
||||
|
||||
@ -3290,8 +3292,8 @@ static int
|
||||
teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
|
||||
{
|
||||
|
||||
const char *pCmd ;
|
||||
int i, iLen, iNextClockState ;
|
||||
const char * pCmd ;
|
||||
int i, iLen, iNextClockState ;
|
||||
|
||||
DEBUG_TELJJY_PRINTF( "teljjy_conn_send" ) ;
|
||||
|
||||
@ -3527,7 +3529,7 @@ static int
|
||||
teljjy_conn_silent ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
|
||||
{
|
||||
|
||||
const char *pCmd ;
|
||||
const char * pCmd ;
|
||||
|
||||
DEBUG_TELJJY_PRINTF( "teljjy_conn_silent" ) ;
|
||||
|
||||
@ -3665,7 +3667,7 @@ static int modem_esc_data ( struct peer *, struct refclockproc *, struct jjyu
|
||||
static int modem_esc_silent ( struct peer *, struct refclockproc *, struct jjyunit * ) ;
|
||||
static int modem_esc_disc ( struct peer *, struct refclockproc *, struct jjyunit * ) ;
|
||||
|
||||
static int ( *pModemHandler [ ] [ 5 ] ) ( ) =
|
||||
static int ( *pModemHandler [ ] [ 5 ] ) ( struct peer *, struct refclockproc *, struct jjyunit * ) =
|
||||
{ /*STATE_DISCONNECT STATE_INITIALIZE STATE_DAILING STATE_CONNECT STATE_ESCAPE */
|
||||
/* NULL */ { modem_disc_ignore, modem_init_ignore, modem_dial_ignore , modem_conn_ignore, modem_esc_ignore },
|
||||
/* INITIALIZE */ { modem_disc_init , modem_init_start , modem_dial_ignore , modem_conn_ignore, modem_esc_ignore },
|
||||
@ -3993,10 +3995,11 @@ static int
|
||||
modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
|
||||
{
|
||||
|
||||
char *pCmd, cBuf [ 46 ] ;
|
||||
int iCmdLen ;
|
||||
int iErrorCorrection, iSpeakerSwitch, iSpeakerVolume ;
|
||||
int iNextModemState = STAY_MODEM_STATE ;
|
||||
const char * pCmd ;
|
||||
char cBuf [ 46 ] ;
|
||||
int iCmdLen ;
|
||||
int iErrorCorrection, iSpeakerSwitch, iSpeakerVolume ;
|
||||
int iNextModemState = STAY_MODEM_STATE ;
|
||||
|
||||
DEBUG_MODEM_PRINTF( "modem_init_resp00" ) ;
|
||||
|
||||
@ -4031,7 +4034,7 @@ modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *
|
||||
}
|
||||
|
||||
pCmd = cBuf ;
|
||||
snprintf( pCmd, sizeof(cBuf), "ATM%dL%d\r\n", iSpeakerSwitch, iSpeakerVolume ) ;
|
||||
snprintf( cBuf, sizeof(cBuf), "ATM%dL%d\r\n", iSpeakerSwitch, iSpeakerVolume ) ;
|
||||
break ;
|
||||
|
||||
case 3 :
|
||||
@ -4060,7 +4063,7 @@ modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *
|
||||
}
|
||||
|
||||
pCmd = cBuf ;
|
||||
snprintf( pCmd, sizeof(cBuf), "AT\\N%d\r\n", iErrorCorrection ) ;
|
||||
snprintf( cBuf, sizeof(cBuf), "AT\\N%d\r\n", iErrorCorrection ) ;
|
||||
break ;
|
||||
|
||||
case 7 :
|
||||
@ -4251,8 +4254,8 @@ static int
|
||||
modem_esc_escape ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
|
||||
{
|
||||
|
||||
char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
DEBUG_MODEM_PRINTF( "modem_esc_escape" ) ;
|
||||
|
||||
@ -4317,8 +4320,8 @@ static int
|
||||
modem_esc_disc ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
|
||||
{
|
||||
|
||||
char *pCmd ;
|
||||
int iCmdLen ;
|
||||
const char * pCmd ;
|
||||
int iCmdLen ;
|
||||
|
||||
DEBUG_MODEM_PRINTF( "modem_esc_disc" ) ;
|
||||
|
||||
@ -4349,9 +4352,9 @@ static void
|
||||
jjy_write_clockstats ( struct peer *peer, int iMark, const char *pData )
|
||||
{
|
||||
|
||||
char sLog [ 100 ] ;
|
||||
char *pMark ;
|
||||
int iMarkLen, iDataLen ;
|
||||
char sLog [ 100 ] ;
|
||||
const char * pMark ;
|
||||
int iMarkLen, iDataLen ;
|
||||
|
||||
switch ( iMark ) {
|
||||
case JJY_CLOCKSTATS_MARK_JJY :
|
||||
|
@ -600,7 +600,7 @@ shm_timer(
|
||||
cd.year, cd.month, cd.monthday,
|
||||
cd.hour, cd.minute, cd.second,
|
||||
(long)shm_stat.tvt.tv_nsec);
|
||||
pp->lencode = (c < sizeof(pp->a_lastcode)) ? c : 0;
|
||||
pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0;
|
||||
|
||||
/* check 1: age control of local time stamp */
|
||||
tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec;
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
|
||||
#
|
||||
# It has been AutoGen-ed January 7, 2016 at 11:31:26 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed January 20, 2016 at 04:18:37 AM by AutoGen 5.18.5
|
||||
# From the definitions ntpdc-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -76,7 +76,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
|
||||
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6
|
||||
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 DNS name resolution
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed January 7, 2016 at 11:31:12 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed January 20, 2016 at 04:18:22 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpdc-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -18,7 +18,7 @@
|
||||
* The ntpdc program is copyrighted and licensed
|
||||
* under the following terms:
|
||||
*
|
||||
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* This is free software. It is licensed for use, modification and
|
||||
* redistribution under the terms of the NTP License, copies of which
|
||||
* can be seen at:
|
||||
@ -69,8 +69,8 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpdc options
|
||||
*/
|
||||
static char const ntpdc_opt_strs[1911] =
|
||||
/* 0 */ "ntpdc 4.2.8p5\n"
|
||||
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
/* 0 */ "ntpdc 4.2.8p6\n"
|
||||
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
"can be seen at:\n"
|
||||
@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1911] =
|
||||
/* 1694 */ "no-load-opts\0"
|
||||
/* 1707 */ "no\0"
|
||||
/* 1710 */ "NTPDC\0"
|
||||
/* 1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n"
|
||||
/* 1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
|
||||
/* 1846 */ "$HOME\0"
|
||||
/* 1852 */ ".\0"
|
||||
/* 1854 */ ".ntprc\0"
|
||||
/* 1861 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 1895 */ "\n\0"
|
||||
/* 1897 */ "ntpdc 4.2.8p5";
|
||||
/* 1897 */ "ntpdc 4.2.8p6";
|
||||
|
||||
/**
|
||||
* ipv4 option description with
|
||||
@ -796,8 +796,8 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpdcOptions.pzCopyright */
|
||||
puts(_("ntpdc 4.2.8p5\n\
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
puts(_("ntpdc 4.2.8p6\n\
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
can be seen at:\n"));
|
||||
@ -862,14 +862,14 @@ implied warranty.\n"));
|
||||
puts(_("load options from a config file"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzUsageTitle */
|
||||
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n\
|
||||
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzExplain */
|
||||
puts(_("\n"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzFullVersion */
|
||||
puts(_("ntpdc 4.2.8p5"));
|
||||
puts(_("ntpdc 4.2.8p6"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed January 7, 2016 at 11:31:11 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed January 20, 2016 at 04:18:21 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpdc-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -18,7 +18,7 @@
|
||||
* The ntpdc program is copyrighted and licensed
|
||||
* under the following terms:
|
||||
*
|
||||
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* This is free software. It is licensed for use, modification and
|
||||
* redistribution under the terms of the NTP License, copies of which
|
||||
* can be seen at:
|
||||
@ -83,9 +83,9 @@ typedef enum {
|
||||
/** count of all options for ntpdc */
|
||||
#define OPTION_CT 15
|
||||
/** ntpdc version */
|
||||
#define NTPDC_VERSION "4.2.8p5"
|
||||
#define NTPDC_VERSION "4.2.8p6"
|
||||
/** Full ntpdc version text */
|
||||
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p5"
|
||||
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p6"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpdc 1ntpdcman "07 Jan 2016" "4.2.8p5" "User Commands"
|
||||
.TH ntpdc 1ntpdcman "20 Jan 2016" "4.2.8p6" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-n4aaHU/ag-A4a4FU)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:33 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -848,7 +848,7 @@ RFC1305
|
||||
.SH AUTHORS
|
||||
The formatting directives in this document came from FreeBSD.
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH BUGS
|
||||
The
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTPDC 1ntpdcmdoc User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:29 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:39 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -787,7 +787,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
|
||||
.Sh AUTHORS
|
||||
The formatting directives in this document came from FreeBSD.
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh BUGS
|
||||
The
|
||||
|
@ -605,7 +605,11 @@ getresponse(
|
||||
int seq;
|
||||
fd_set fds;
|
||||
ssize_t n;
|
||||
size_t pad;
|
||||
int pad;
|
||||
/* absolute timeout checks. Not 'time_t' by intention! */
|
||||
uint32_t tobase; /* base value for timeout */
|
||||
uint32_t tospan; /* timeout span (max delay) */
|
||||
uint32_t todiff; /* current delay */
|
||||
|
||||
/*
|
||||
* This is pretty tricky. We may get between 1 and many packets
|
||||
@ -622,12 +626,14 @@ getresponse(
|
||||
lastseq = 999; /* too big to be a sequence number */
|
||||
ZERO(haveseq);
|
||||
FD_ZERO(&fds);
|
||||
tobase = (uint32_t)time(NULL);
|
||||
|
||||
again:
|
||||
if (firstpkt)
|
||||
tvo = tvout;
|
||||
else
|
||||
tvo = tvsout;
|
||||
tospan = (uint32_t)tvo.tv_sec + (tvo.tv_usec != 0);
|
||||
|
||||
FD_SET(sockfd, &fds);
|
||||
n = select(sockfd+1, &fds, NULL, NULL, &tvo);
|
||||
@ -635,6 +641,17 @@ getresponse(
|
||||
warning("select fails");
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if this is already too late. Trash the data and fake a
|
||||
* timeout if this is so.
|
||||
*/
|
||||
todiff = (((uint32_t)time(NULL)) - tobase) & 0x7FFFFFFFu;
|
||||
if ((n > 0) && (todiff > tospan)) {
|
||||
n = recv(sockfd, (char *)&rpkt, sizeof(rpkt), 0);
|
||||
n = 0; /* faked timeout return from 'select()'*/
|
||||
}
|
||||
|
||||
if (n == 0) {
|
||||
/*
|
||||
* Timed out. Return what we have
|
||||
@ -780,8 +797,10 @@ getresponse(
|
||||
}
|
||||
|
||||
/*
|
||||
* So far, so good. Copy this data into the output array.
|
||||
* So far, so good. Copy this data into the output array. Bump
|
||||
* the timeout base, in case we expect more data.
|
||||
*/
|
||||
tobase = (uint32_t)time(NULL);
|
||||
if ((datap + datasize + (pad * items)) > (pktdata + pktdatasize)) {
|
||||
size_t offset = datap - pktdata;
|
||||
growpktdata();
|
||||
|
@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server
|
||||
clock. Run as root, it can correct the system clock to this offset as
|
||||
well. It can be run as an interactive command or from a cron job.
|
||||
|
||||
<p>This document applies to version 4.2.8p5 of <code>ntpdc</code>.
|
||||
<p>This document applies to version 4.2.8p6 of <code>ntpdc</code>.
|
||||
|
||||
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
|
||||
IETF specification.
|
||||
@ -152,7 +152,7 @@ the usage text by passing it through a pager program.
|
||||
used to select the program, defaulting to <span class="file">more</span>. Both will exit
|
||||
with a status code of 0.
|
||||
|
||||
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5
|
||||
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6
|
||||
Usage: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 DNS name resolution
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpdc @NTPDC_MS@ "07 Jan 2016" "4.2.8p5" "User Commands"
|
||||
.TH ntpdc @NTPDC_MS@ "20 Jan 2016" "4.2.8p6" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-n4aaHU/ag-A4a4FU)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:33 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -848,7 +848,7 @@ RFC1305
|
||||
.SH AUTHORS
|
||||
The formatting directives in this document came from FreeBSD.
|
||||
.SH "COPYRIGHT"
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.SH BUGS
|
||||
The
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd January 7 2016
|
||||
.Dd January 20 2016
|
||||
.Dt NTPDC @NTPDC_MS@ User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed January 7, 2016 at 11:31:29 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed January 20, 2016 at 04:18:39 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -787,7 +787,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
|
||||
.Sh AUTHORS
|
||||
The formatting directives in this document came from FreeBSD.
|
||||
.Sh "COPYRIGHT"
|
||||
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
|
||||
This program is released under the terms of the NTP license, <http://ntp.org/license>.
|
||||
.Sh BUGS
|
||||
The
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
|
||||
#
|
||||
# It has been AutoGen-ed January 7, 2016 at 11:32:00 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed January 20, 2016 at 04:19:10 AM by AutoGen 5.18.5
|
||||
# From the definitions ntpq-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -847,7 +847,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpq - standard NTP query program - Ver. 4.2.8p5
|
||||
ntpq - standard NTP query program - Ver. 4.2.8p6
|
||||
Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 DNS name resolution
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed January 7, 2016 at 11:31:32 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed January 20, 2016 at 04:18:42 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpq-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -18,7 +18,7 @@
|
||||
* The ntpq program is copyrighted and licensed
|
||||
* under the following terms:
|
||||
*
|
||||
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* This is free software. It is licensed for use, modification and
|
||||
* redistribution under the terms of the NTP License, copies of which
|
||||
* can be seen at:
|
||||
@ -69,8 +69,8 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpq options
|
||||
*/
|
||||
static char const ntpq_opt_strs[1925] =
|
||||
/* 0 */ "ntpq 4.2.8p5\n"
|
||||
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
/* 0 */ "ntpq 4.2.8p6\n"
|
||||
"Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
"can be seen at:\n"
|
||||
@ -129,13 +129,13 @@ static char const ntpq_opt_strs[1925] =
|
||||
/* 1723 */ "no-load-opts\0"
|
||||
/* 1736 */ "no\0"
|
||||
/* 1739 */ "NTPQ\0"
|
||||
/* 1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p5\n"
|
||||
/* 1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p6\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
|
||||
/* 1863 */ "$HOME\0"
|
||||
/* 1869 */ ".\0"
|
||||
/* 1871 */ ".ntprc\0"
|
||||
/* 1878 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 1912 */ "ntpq 4.2.8p5";
|
||||
/* 1912 */ "ntpq 4.2.8p6";
|
||||
|
||||
/**
|
||||
* ipv4 option description with
|
||||
@ -786,8 +786,8 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpqOptions.pzCopyright */
|
||||
puts(_("ntpq 4.2.8p5\n\
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
puts(_("ntpq 4.2.8p6\n\
|
||||
Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
can be seen at:\n"));
|
||||
@ -852,11 +852,11 @@ implied warranty.\n"));
|
||||
puts(_("load options from a config file"));
|
||||
|
||||
/* referenced via ntpqOptions.pzUsageTitle */
|
||||
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p5\n\
|
||||
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p6\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
|
||||
|
||||
/* referenced via ntpqOptions.pzFullVersion */
|
||||
puts(_("ntpq 4.2.8p5"));
|
||||
puts(_("ntpq 4.2.8p6"));
|
||||
|
||||
/* referenced via ntpqOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed January 7, 2016 at 11:31:32 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed January 20, 2016 at 04:18:42 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpq-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -18,7 +18,7 @@
|
||||
* The ntpq program is copyrighted and licensed
|
||||
* under the following terms:
|
||||
*
|
||||
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
|
||||
* This is free software. It is licensed for use, modification and
|
||||
* redistribution under the terms of the NTP License, copies of which
|
||||
* can be seen at:
|
||||
@ -83,9 +83,9 @@ typedef enum {
|
||||
/** count of all options for ntpq */
|
||||
#define OPTION_CT 15
|
||||
/** ntpq version */
|
||||
#define NTPQ_VERSION "4.2.8p5"
|
||||
#define NTPQ_VERSION "4.2.8p6"
|
||||
/** Full ntpq version text */
|
||||
#define NTPQ_FULL_VERSION "ntpq 4.2.8p5"
|
||||
#define NTPQ_FULL_VERSION "ntpq 4.2.8p6"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user