d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFV r294491: ntp 4.2.8p6.

Browse Source 
Security:	CVE-2015-7973, CVE-2015-7974, CVE-2015-7975
Security:	CVE-2015-7976, CVE-2015-7977, CVE-2015-7978
Security:	CVE-2015-7979, CVE-2015-8138, CVE-2015-8139
Security:	CVE-2015-8140, CVE-2015-8158
With hat:	so
This commit is contained in:
Xin LI 2016-01-22 07:32:39 +00:00
commit 68ba7e87e7
201 changed files with 6767 additions and 3581 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
contrib/ntp/ChangeLog
View File

@ -1,3 +1,37 @@
---
(4.2.8p6) 2016/01/20 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
* [Sec 2936] Skeleton Key: Any trusted key system can serve time. HStenn.
* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
* [Sec 2938] ntpq saveconfig command allows dangerous characters
in filenames. perlinger@ntp.org
* [Sec 2939] reslist NULL pointer dereference. perlinger@ntp.org
* [Sec 2940] Stack exhaustion in recursive traversal of restriction
list. perlinger@ntp.org
* [Sec 2942]: Off-path DoS attack on auth broadcast mode. HStenn.
* [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
* [Sec 2948] Potential Infinite Loop in ntpq ( and ntpdc) perlinger@ntp.org
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
* Disable incomplete t-ntp_signd.c test. Harlan Stenn.
--- ---
(4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn@ntp.org> (4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn@ntp.org>
@ -47,6 +81,7 @@
lots of clients. perlinger@ntp.org lots of clients. perlinger@ntp.org
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call * [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org - changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* Unity cleanup for FreeBSD-6.4. Harlan Stenn. * Unity cleanup for FreeBSD-6.4. Harlan Stenn.
* Unity test cleanup. Harlan Stenn. * Unity test cleanup. Harlan Stenn.
* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. * Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn.
@ -55,9 +90,8 @@
* Quiet a warning from clang. Harlan Stenn. * Quiet a warning from clang. Harlan Stenn.
* Update the NEWS file. Harlan Stenn. * Update the NEWS file. Harlan Stenn.
* Update scripts/calc_tickadj/Makefile.am. Harlan Stenn. * Update scripts/calc_tickadj/Makefile.am. Harlan Stenn.
--- ---
(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 2899] CVE-2014-9297 perlinger@ntp.org * [Sec 2899] CVE-2014-9297 perlinger@ntp.org
* [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's. * [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.

1020
contrib/ntp/CommitLog
View File

File diff suppressed because it is too large Load Diff

253
contrib/ntp/NEWS
View File

@ -1,5 +1,258 @@
--- ---
NTP 4.2.8p6
Focus: Security, Bug fixes, enhancements.
Severity: MEDIUM
In addition to bug fixes and enhancements, this release fixes the
following X low- and Y medium-severity vulnerabilities:
* Potential Infinite Loop in 'ntpq'
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2548 / CVE-2015-8158
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'.
The loop's only stopping conditions are receiving a complete and
correct response or hitting a small number of error conditions.
If the packet contains incorrect values that don't trigger one of
the error conditions, the loop continues to receive new packets.
Note well, this is an attack against an instance of 'ntpq', not
'ntpd', and this attack requires the attacker to do one of the
following:
* Own a malicious NTP server that the client trusts
* Prevent a legitimate NTP server from sending packets to
the 'ntpq' client
* MITM the 'ntpq' communications between the 'ntpq' client
and the NTP server
Mitigation:
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page
Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
* 0rigin: Zero Origin Timestamp Bypass
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2945 / CVE-2015-8138
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM
(3.7 - LOW if you score AC:L)
Summary: To distinguish legitimate peer responses from forgeries, a
client attempts to verify a response packet by ensuring that the
origin timestamp in the packet matches the origin timestamp it
transmitted in its last request. A logic error exists that
allows packets with an origin timestamp of zero to bypass this
check whenever there is not an outstanding request to the server.
Mitigation:
Configure 'ntpd' to get time from multiple sources.
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Monitor your 'ntpd= instances.
Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
* Stack exhaustion in recursive traversal of restriction list
Date Resolved: Stable (4.2.8p6) 19 Jan 2016
References: Sec 2940 / CVE-2015-7978
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
Summary: An unauthenticated 'ntpdc reslist' command can cause a
segmentation fault in ntpd by exhausting the call stack.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
If you are unable to upgrade:
In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
If you must enable mode 7:
configure the use of a 'requestkey' to control who can
issue mode 7 requests.
configure 'restrict noquery' to further limit mode 7
requests to trusted sources.
Monitor your ntpd instances.
Credit: This weakness was discovered by Stephen Gray at Cisco ASIG.
* Off-path Denial of Service (!DoS) attack on authenticated broadcast mode
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2942 / CVE-2015-7979
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:N/AC:M/Au:N/C:N/I:P/A:P) Base Score: 5.8
Summary: An off-path attacker can send broadcast packets with bad
authentication (wrong key, mismatched key, incorrect MAC, etc)
to broadcast clients. It is observed that the broadcast client
tears down the association with the broadcast server upon
receiving just one bad packet.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
Monitor your 'ntpd' instances.
If this sort of attack is an active problem for you, you have
deeper problems to investigate. In this case also consider
having smaller NTP broadcast domains.
Credit: This weakness was discovered by Aanchal Malhotra of Boston
University.
* reslist NULL pointer dereference
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2939 / CVE-2015-7977
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM
Summary: An unauthenticated 'ntpdc reslist' command can cause a
segmentation fault in ntpd by causing a NULL pointer dereference.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p6, or later, from NTP Project Download Page or
the NTP Public Services Project Download Page.
If you are unable to upgrade:
mode 7 is disabled by default. Don't enable it.
If you must enable mode 7:
configure the use of a 'requestkey' to control who can
issue mode 7 requests.
configure 'restrict noquery' to further limit mode 7
requests to trusted sources.
Monitor your ntpd instances.
Credit: This weakness was discovered by Stephen Gray of Cisco ASIG.
* 'ntpq saveconfig' command allows dangerous characters in filenames.
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2938 / CVE-2015-7976
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM
Summary: The ntpq saveconfig command does not do adequate filtering
of special characters from the supplied filename.
Note well: The ability to use the saveconfig command is controlled
by the 'restrict nomodify' directive, and the recommended default
configuration is to disable this capability. If the ability to
execute a 'saveconfig' is required, it can easily (and should) be
limited and restricted to a known small number of IP addresses.
Mitigation:
Implement BCP-38.
use 'restrict default nomodify' in your 'ntp.conf' file.
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page.
If you are unable to upgrade:
build NTP with 'configure --disable-saveconfig' if you will
never need this capability, or
use 'restrict default nomodify' in your 'ntp.conf' file. Be
careful about what IPs have the ability to send 'modify'
requests to 'ntpd'.
Monitor your ntpd instances.
'saveconfig' requests are logged to syslog - monitor your syslog files.
Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG.
* nextvar() missing length check in ntpq
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2937 / CVE-2015-7975
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW
If you score A:C, this becomes 4.0.
CVSSv3: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Base Score 2.9, LOW
Summary: ntpq may call nextvar() which executes a memcpy() into the
name buffer without a proper length check against its maximum
length of 256 bytes. Note well that we're taking about ntpq here.
The usual worst-case effect of this vulnerability is that the
specific instance of ntpq will crash and the person or process
that did this will have stopped themselves.
Mitigation:
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
If you are unable to upgrade:
If you have scripts that feed input to ntpq make sure there are
some sanity checks on the input received from the "outside".
This is potentially more dangerous if ntpq is run as root.
Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG.
* Skeleton Key: Any trusted key system can serve time
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2936 / CVE-2015-7974
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:N/AC:H/Au:S/C:N/I:C/A:N) Base Score: 4.9
Summary: Symmetric key encryption uses a shared trusted key. The
reported title for this issue was "Missing key check allows
impersonation between authenticated peers" and the report claimed
"A key specified only for one server should only work to
authenticate that server, other trusted keys should be refused."
Except there has never been any correlation between this trusted
key and server v. clients machines and there has never been any
way to specify a key only for one server. We have treated this as
an enhancement request, and ntp-4.2.8p6 includes other checks and
tests to strengthen clients against attacks coming from broadcast
servers.
Mitigation:
Implement BCP-38.
If this scenario represents a real or a potential issue for you,
upgrade to 4.2.8p6, or later, from the NTP Project Download
Page or the NTP Public Services Project Download Page, and
use the new field in the ntp.keys file that specifies the list
of IPs that are allowed to serve time. Note that this alone
will not protect against time packets with forged source IP
addresses, however other changes in ntp-4.2.8p6 provide
significant mitigation against broadcast attacks. MITM attacks
are a different story.
If you are unable to upgrade:
Don't use broadcast mode if you cannot monitor your client
servers.
If you choose to use symmetric keys to authenticate time
packets in a hostile environment where ephemeral time
servers can be created, or if it is expected that malicious
time servers will participate in an NTP broadcast domain,
limit the number of participating systems that participate
in the shared-key group.
Monitor your ntpd instances.
Credit: This weakness was discovered by Matt Street of Cisco ASIG.
* Deja Vu: Replay attack on authenticated broadcast mode
Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016
References: Sec 2935 / CVE-2015-7973
Affects: All ntp-4 releases up to, but not including 4.2.8p6, and
4.3.0 up to, but not including 4.3.90
CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM
Summary: If an NTP network is configured for broadcast operations then
either a man-in-the-middle attacker or a malicious participant
that has the same trusted keys as the victim can replay time packets.
Mitigation:
Implement BCP-38.
Upgrade to 4.2.8p6, or later, from the NTP Project Download Page
or the NTP Public Services Project Download Page.
If you are unable to upgrade:
Don't use broadcast mode if you cannot monitor your client servers.
Monitor your ntpd instances.
Credit: This weakness was discovered by Aanchal Malhotra of Boston
University.
Other fixes:
* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org
* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org
- applied patch by shenpeng11@huawei.com with minor adjustments
* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org
* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org
* [Bug 2892] Several test cases assume IPv6 capabilities even when
IPv6 is disabled in the build. perlinger@ntp.org
- Found this already fixed, but validation led to cleanup actions.
* [Bug 2905] DNS lookups broken. perlinger@ntp.org
- added limits to stack consumption, fixed some return code handling
* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call
- changed stacked/nested handling of CTRL-C. perlinger@ntp.org
- make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org
* [Bug 2980] reduce number of warnings. perlinger@ntp.org
- integrated several patches from Havard Eidnes (he@uninett.no)
* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org
- implement 'auth_log2()' using integer bithack instead of float calculation
* Make leapsec_query debug messages less verbose. Harlan Stenn.
---
NTP 4.2.8p5 NTP 4.2.8p5
Focus: Security, Bug fixes, enhancements. Focus: Security, Bug fixes, enhancements.

20
contrib/ntp/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# Guess values for system-dependent variables and create Makefiles. # Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p5. # Generated by GNU Autoconf 2.69 for ntp 4.2.8p6.
# #
# Report bugs to <http://bugs.ntp.org./>. # Report bugs to <http://bugs.ntp.org./>.
# #
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package. # Identity of this package.
PACKAGE_NAME='ntp' PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp' PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p5' PACKAGE_VERSION='4.2.8p6'
PACKAGE_STRING='ntp 4.2.8p5' PACKAGE_STRING='ntp 4.2.8p6'
PACKAGE_BUGREPORT='http://bugs.ntp.org./' PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./' PACKAGE_URL='http://www.ntp.org./'
@ -1616,7 +1616,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing. # Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh. # This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF cat <<_ACEOF
\`configure' configures ntp 4.2.8p5 to adapt to many kinds of systems. \`configure' configures ntp 4.2.8p6 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]... Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1686,7 +1686,7 @@ fi
if test -n "$ac_init_help"; then if test -n "$ac_init_help"; then
case $ac_init_help in case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p5:";; short | recursive ) echo "Configuration of ntp 4.2.8p6:";;
esac esac
cat <<\_ACEOF cat <<\_ACEOF
@ -1919,7 +1919,7 @@ fi
test -n "$ac_init_help" && exit $ac_status test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then if $ac_init_version; then
cat <<\_ACEOF cat <<\_ACEOF
ntp configure 4.2.8p5 ntp configure 4.2.8p6
generated by GNU Autoconf 2.69 generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc. Copyright (C) 2012 Free Software Foundation, Inc.
@ -2749,7 +2749,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake. running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p5, which was It was created by ntp $as_me 4.2.8p6, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@ $ $0 $@
@ -3750,7 +3750,7 @@ fi
# Define the identity of the package. # Define the identity of the package.
PACKAGE='ntp' PACKAGE='ntp'
VERSION='4.2.8p5' VERSION='4.2.8p6'
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
@ -37840,7 +37840,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their # report actual input values of CONFIG_FILES etc. instead of their
# values after options handling. # values after options handling.
ac_log=" ac_log="
This file was extended by ntp $as_me 4.2.8p5, which was This file was extended by ntp $as_me 4.2.8p6, which was
generated by GNU Autoconf 2.69. Invocation command line was generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES CONFIG_FILES = $CONFIG_FILES
@ -37907,7 +37907,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\ ac_cs_version="\\
ntp config.status 4.2.8p5 ntp config.status 4.2.8p6
configured by $0, generated by GNU Autoconf 2.69, configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\" with options \\"\$ac_cs_config\\"

14
contrib/ntp/html/miscopt.html
View File

@ -11,7 +11,7 @@
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a> <img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>We have three, now looking for more.</p> <p>We have three, now looking for more.</p>
<p>Last update: <p>Last update:
<!-- #BeginDate format:En2m -->17-Nov-2015 11:06<!-- #EndDate --> <!-- #BeginDate format:En2m -->16-Jan-2016 13:08<!-- #EndDate -->
UTC</p> UTC</p>
<br clear="left"> <br clear="left">
<h4>Related Links</h4> <h4>Related Links</h4>
@ -29,8 +29,9 @@
<dd>The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version.</dd> <dd>The file format consists of a single line containing a single floating point number, which records the frequency offset measured in parts-per-million (PPM). The file is updated by first writing the current drift value into a temporary file and then renaming this file to replace the old version.</dd>
<dt id="dscp"><tt>dscp <i>dscp</i></tt></dt> <dt id="dscp"><tt>dscp <i>dscp</i></tt></dt>
<dd>This command specifies the Differentiated Services Code Point (DSCP) value that is used in sent NTP packets. The default value is 46 for Expedited Forwarding (EF).</dd> <dd>This command specifies the Differentiated Services Code Point (DSCP) value that is used in sent NTP packets. The default value is 46 for Expedited Forwarding (EF).</dd>
<dt id="enable"><tt>enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</tt><br> <dt id="enable"><tt>enable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</tt></dt>
<tt>disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</tt></dt>
<dt><tt>disable [auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</tt></dt>
<dd>Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that most of these flags can be modified remotely using <a href="ntpq.html"><tt>ntpq</tt></a> utility program's <tt>:config</tt> and <tt>config-from-file</tt> commands. <dd>Provides a way to enable or disable various system options. Flags not mentioned are unaffected. Note that most of these flags can be modified remotely using <a href="ntpq.html"><tt>ntpq</tt></a> utility program's <tt>:config</tt> and <tt>config-from-file</tt> commands.
<dl> <dl>
<dt><tt>auth</tt></dt> <dt><tt>auth</tt></dt>
@ -50,6 +51,13 @@
<dd>Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable.</dd> <dd>Enables time and frequency discipline. In effect, this switch opens and closes the feedback loop, which is useful for testing. The default for this flag is enable.</dd>
<dt><tt>stats</tt></dt> <dt><tt>stats</tt></dt>
<dd>Enables the statistics facility. See the <a href="monopt.html">Monitoring Options</a> page for further information. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd> <dd>Enables the statistics facility. See the <a href="monopt.html">Monitoring Options</a> page for further information. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
| unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early
<dt><tt>unpeer_crypto_early</tt></dt>
<dd>Enables the early resetting of an association in case of a crypto failure. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
<dt><tt>unpeer_crypto_nak_early</tt></dt>
<dd>Enables the early resetting of an association in case of a crypto_NAK message. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
<dt><tt>unpeer_digest_early</tt></dt>
<dd>Enables the early resetting of an association in case of an autokey digest failur. This is generally a feature, but it can be used in a DoS attack. If you are seeing these packets being used as a DoS attack against your server, you should disable this flag. The default for this flag is enabled. This flag is excluded from runtime configuration using <tt>ntpq</tt>.</dd>
</dl> </dl>
</dd> </dd>
<dt id="includefile"><tt>includefile <i>includefile</i></tt></dt> <dt id="includefile"><tt>includefile <i>includefile</i></tt></dt>

1
contrib/ntp/include/Makefile.am
View File

@ -36,6 +36,7 @@ noinst_HEADERS = \
ntp_if.h \ ntp_if.h \
ntp_intres.h \ ntp_intres.h \
ntp_io.h \ ntp_io.h \
ntp_keyacc.h \
ntp_libopts.h \ ntp_libopts.h \
ntp_lineedit.h \ ntp_lineedit.h \
ntp_lists.h \ ntp_lists.h \

1
contrib/ntp/include/Makefile.in
View File

@ -521,6 +521,7 @@ noinst_HEADERS = \
ntp_if.h \ ntp_if.h \
ntp_intres.h \ ntp_intres.h \
ntp_io.h \ ntp_io.h \
ntp_keyacc.h \
ntp_libopts.h \ ntp_libopts.h \
ntp_lineedit.h \ ntp_lineedit.h \
ntp_lists.h \ ntp_lists.h \

7
contrib/ntp/include/ntp.h
View File

@ -350,6 +350,7 @@ struct peer {
l_fp dst; /* destination timestamp */ l_fp dst; /* destination timestamp */
l_fp aorg; /* origin timestamp */ l_fp aorg; /* origin timestamp */
l_fp borg; /* alternate origin timestamp */ l_fp borg; /* alternate origin timestamp */
l_fp bxmt; /* most recent broadcast transmit timestamp */
double offset; /* peer clock offset */ double offset; /* peer clock offset */
double delay; /* peer roundtrip delay */ double delay; /* peer roundtrip delay */
double jitter; /* peer jitter (squares) */ double jitter; /* peer jitter (squares) */
@ -382,7 +383,8 @@ struct peer {
* Statistic counters * Statistic counters
*/ */
u_long timereset; /* time stat counters were reset */ u_long timereset; /* time stat counters were reset */
u_long timereceived; /* last packet received time */ u_long timelastrec; /* last packet received time */
u_long timereceived; /* last (clean) packet received time */
u_long timereachable; /* last reachable/unreachable time */ u_long timereachable; /* last reachable/unreachable time */
u_long sent; /* packets sent */ u_long sent; /* packets sent */
@ -708,6 +710,9 @@ struct pkt {
#define PROTO_ORPHAN 26 #define PROTO_ORPHAN 26
#define PROTO_ORPHWAIT 27 #define PROTO_ORPHWAIT 27
#define PROTO_MODE7 28 #define PROTO_MODE7 28
#define PROTO_UECRYPTO 29
#define PROTO_UECRYPTONAK 30
#define PROTO_UEDIGEST 31
/* /*
* Configuration items for the loop filter * Configuration items for the loop filter

3
contrib/ntp/include/ntp_io.h
View File

@ -40,6 +40,8 @@
#include "libntp.h" /* This needs Something above for GETDTABLESIZE */ #include "libntp.h" /* This needs Something above for GETDTABLESIZE */
#include "ntp_keyacc.h"
/* /*
* Define FNDELAY and FASYNC using O_NONBLOCK and O_ASYNC if we need * Define FNDELAY and FASYNC using O_NONBLOCK and O_ASYNC if we need
* to (and can). This is here initially for QNX, but may help for * to (and can). This is here initially for QNX, but may help for
@ -83,7 +85,6 @@ typedef enum {
extern int qos; extern int qos;
SOCKET move_fd(SOCKET fd); SOCKET move_fd(SOCKET fd);
isc_boolean_t get_broadcastclient_flag(void); isc_boolean_t get_broadcastclient_flag(void);
extern int is_ip_address(const char *, u_short, sockaddr_u *);
extern void sau_from_netaddr(sockaddr_u *, const isc_netaddr_t *); extern void sau_from_netaddr(sockaddr_u *, const isc_netaddr_t *);
extern void add_nic_rule(nic_rule_match match_type, extern void add_nic_rule(nic_rule_match match_type,
const char *if_name, int prefixlen, const char *if_name, int prefixlen,

13
contrib/ntp/include/ntp_keyacc.h Normal file
View File

@ -0,0 +1,13 @@
/*
* ntp_keyacc.h - key access stuff
*/
#ifndef NTP_KEYACC_H
#define NTP_KEYACC_H
typedef struct keyaccess KeyAccT;
struct keyaccess {
KeyAccT * next;
sockaddr_u addr;
};
#endif /* NTP_KEYACC_H */

5
contrib/ntp/include/ntp_stdlib.h
View File

@ -16,6 +16,7 @@
#include "ntp_malloc.h" #include "ntp_malloc.h"
#include "ntp_string.h" #include "ntp_string.h"
#include "ntp_syslog.h" #include "ntp_syslog.h"
#include "ntp_keyacc.h"
#ifdef __GNUC__ #ifdef __GNUC__
#define NTP_PRINTF(fmt, args) __attribute__((__format__(__printf__, fmt, args))) #define NTP_PRINTF(fmt, args) __attribute__((__format__(__printf__, fmt, args)))
@ -69,6 +70,7 @@ extern int authdecrypt (keyid_t, u_int32 *, size_t, size_t);
extern size_t authencrypt (keyid_t, u_int32 *, size_t); extern size_t authencrypt (keyid_t, u_int32 *, size_t);
extern int authhavekey (keyid_t); extern int authhavekey (keyid_t);
extern int authistrusted (keyid_t); extern int authistrusted (keyid_t);
extern int authistrustedip (keyid_t, sockaddr_u *);
extern int authreadkeys (const char *); extern int authreadkeys (const char *);
extern void authtrust (keyid_t, u_long); extern void authtrust (keyid_t, u_long);
extern int authusekey (keyid_t, int, const u_char *); extern int authusekey (keyid_t, int, const u_char *);
@ -97,7 +99,7 @@ extern int ymd2yd (int, int, int);
/* a_md5encrypt.c */ /* a_md5encrypt.c */
extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t); extern int MD5authdecrypt (int, const u_char *, u_int32 *, size_t, size_t);
extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t); extern size_t MD5authencrypt (int, const u_char *, u_int32 *, size_t);
extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t); extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, KeyAccT *c);
extern u_int32 addr2refid (sockaddr_u *); extern u_int32 addr2refid (sockaddr_u *);
/* emalloc.c */ /* emalloc.c */
@ -141,6 +143,7 @@ extern int atouint (const char *, u_long *);
extern int hextoint (const char *, u_long *); extern int hextoint (const char *, u_long *);
extern const char * humanlogtime (void); extern const char * humanlogtime (void);
extern const char * humantime (time_t); extern const char * humantime (time_t);
extern int is_ip_address (const char *, u_short, sockaddr_u *);
extern char * mfptoa (u_int32, u_int32, short); extern char * mfptoa (u_int32, u_int32, short);
extern char * mfptoms (u_int32, u_int32, short); extern char * mfptoms (u_int32, u_int32, short);
extern const char * modetoa (size_t); extern const char * modetoa (size_t);

1
contrib/ntp/include/ntp_types.h
View File

@ -218,6 +218,7 @@ typedef uint16_t associd_t; /* association ID */
#define ASSOCID_MAX USHRT_MAX #define ASSOCID_MAX USHRT_MAX
typedef u_int32 keyid_t; /* cryptographic key ID */ typedef u_int32 keyid_t; /* cryptographic key ID */
#define KEYID_T_MAX (0xffffffff) #define KEYID_T_MAX (0xffffffff)
typedef u_int32 tstamp_t; /* NTP seconds timestamp */ typedef u_int32 tstamp_t; /* NTP seconds timestamp */
/* /*

53
contrib/ntp/include/ntp_worker.h
View File

@ -60,33 +60,35 @@ typedef sema_type *sem_ref;
#if defined(WORK_FORK) #if defined(WORK_FORK)
typedef struct blocking_child_tag { typedef struct blocking_child_tag {
int reusable; int reusable;
int pid; int pid;
int req_write_pipe; /* parent */ int req_write_pipe; /* parent */
int resp_read_pipe; int resp_read_pipe;
void * resp_read_ctx; void * resp_read_ctx;
int req_read_pipe; /* child */ int req_read_pipe; /* child */
int resp_write_pipe; int resp_write_pipe;
int ispipe; int ispipe;
volatile u_int resp_ready_seen; /* signal/scan */
volatile u_int resp_ready_done; /* consumer/mainloop */
} blocking_child; } blocking_child;
#elif defined(WORK_THREAD) #elif defined(WORK_THREAD)
typedef struct blocking_child_tag { typedef struct blocking_child_tag {
/* /*
* blocking workitems and blocking_responses are dynamically-sized * blocking workitems and blocking_responses are
* one-dimensional arrays of pointers to blocking worker requests and * dynamically-sized one-dimensional arrays of pointers to
* responses. * blocking worker requests and responses.
* *
* IMPORTANT: This structure is shared between threads, and all access * IMPORTANT: This structure is shared between threads, and all
* that is not atomic (especially queue operations) must hold the * access that is not atomic (especially queue operations) must
* 'accesslock' semaphore to avoid data races. * hold the 'accesslock' semaphore to avoid data races.
* *
* The resource management (thread/semaphore creation/destruction) * The resource management (thread/semaphore
* functions and functions just testing a handle are safe because these * creation/destruction) functions and functions just testing a
* are only changed by the main thread when no worker is running on the * handle are safe because these are only changed by the main
* same data structure. * thread when no worker is running on the same data structure.
*/ */
int reusable; int reusable;
sem_ref accesslock; /* shared access lock */ sem_ref accesslock; /* shared access lock */
thr_ref thread_ref; /* thread 'handle' */ thr_ref thread_ref; /* thread 'handle' */
@ -117,6 +119,8 @@ typedef struct blocking_child_tag {
int resp_write_pipe; /* child */ int resp_write_pipe; /* child */
int ispipe; int ispipe;
void * resp_read_ctx; /* child */ void * resp_read_ctx; /* child */
volatile u_int resp_ready_seen; /* signal/scan */
volatile u_int resp_ready_done; /* consumer/mainloop */
#else #else
sem_ref responses_pending; /* signalling */ sem_ref responses_pending; /* signalling */
#endif #endif
@ -126,6 +130,10 @@ typedef struct blocking_child_tag {
#endif /* WORK_THREAD */ #endif /* WORK_THREAD */
/* we need some global tag to indicate any blocking child may be ready: */
extern volatile u_int blocking_child_ready_seen;/* signal/scan */
extern volatile u_int blocking_child_ready_done;/* consumer/mainloop */
extern blocking_child ** blocking_children; extern blocking_child ** blocking_children;
extern size_t blocking_children_alloc; extern size_t blocking_children_alloc;
extern int worker_per_query; /* boolean */ extern int worker_per_query; /* boolean */
@ -139,6 +147,7 @@ extern int queue_blocking_response(blocking_child *,
blocking_pipe_header *, size_t, blocking_pipe_header *, size_t,
const blocking_pipe_header *); const blocking_pipe_header *);
extern void process_blocking_resp(blocking_child *); extern void process_blocking_resp(blocking_child *);
extern void harvest_blocking_responses(void);
extern int send_blocking_req_internal(blocking_child *, extern int send_blocking_req_internal(blocking_child *,
blocking_pipe_header *, blocking_pipe_header *,
void *); void *);

6
contrib/ntp/include/parse.h
View File

@ -107,9 +107,9 @@ extern unsigned int splclock (void);
/* /*
* some constants useful for GPS time conversion * some constants useful for GPS time conversion
*/ */
#define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */ #define GPSORIGIN 2524953600UL /* NTP origin - GPS origin in seconds */
#define GPSWRAP 990U /* assume week count less than this in the previous epoch */ #define GPSWRAP 990 /* assume week count less than this in the previous epoch */
#define GPSWEEKS 1024U /* number of weeks until the GPS epch rolls over */ #define GPSWEEKS 1024 /* number of weeks until the GPS epch rolls over */
/* /*
* state flags * state flags

1
contrib/ntp/libntp/Makefile.am
View File

@ -70,6 +70,7 @@ libntp_a_SRCS = \
humandate.c \ humandate.c \
icom.c \ icom.c \
iosignal.c \ iosignal.c \
is_ip_address.c \
lib_strbuf.c \ lib_strbuf.c \
machines.c \ machines.c \
mktime.c \ mktime.c \

56
contrib/ntp/libntp/Makefile.in
View File

@ -150,12 +150,12 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \
calyearstart.c clocktime.c clocktypes.c decodenetnum.c \ calyearstart.c clocktime.c clocktypes.c decodenetnum.c \
dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \ dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \
hextoint.c hextolfp.c humandate.c icom.c iosignal.c \ hextoint.c hextolfp.c humandate.c icom.c iosignal.c \
lib_strbuf.c machines.c mktime.c modetoa.c mstolfp.c msyslog.c \ is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \
netof.c ntp_calendar.c ntp_crypto_rnd.c ntp_intres.c \ mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \
ntp_libopts.c ntp_lineedit.c ntp_random.c ntp_rfc2553.c \ ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \
ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \ ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \
refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \ prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \
socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \ strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \
vint64ops.c work_fork.c work_thread.c ymd2yd.c \ vint64ops.c work_fork.c work_thread.c ymd2yd.c \
$(srcdir)/../lib/isc/assertions.c \ $(srcdir)/../lib/isc/assertions.c \
@ -207,21 +207,21 @@ am__objects_4 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \
dolfptoa.$(OBJEXT) emalloc.$(OBJEXT) findconfig.$(OBJEXT) \ dolfptoa.$(OBJEXT) emalloc.$(OBJEXT) findconfig.$(OBJEXT) \
getopt.$(OBJEXT) hextoint.$(OBJEXT) hextolfp.$(OBJEXT) \ getopt.$(OBJEXT) hextoint.$(OBJEXT) hextolfp.$(OBJEXT) \
humandate.$(OBJEXT) icom.$(OBJEXT) iosignal.$(OBJEXT) \ humandate.$(OBJEXT) icom.$(OBJEXT) iosignal.$(OBJEXT) \
lib_strbuf.$(OBJEXT) machines.$(OBJEXT) mktime.$(OBJEXT) \ is_ip_address.$(OBJEXT) lib_strbuf.$(OBJEXT) \
modetoa.$(OBJEXT) mstolfp.$(OBJEXT) msyslog.$(OBJEXT) \ machines.$(OBJEXT) mktime.$(OBJEXT) modetoa.$(OBJEXT) \
netof.$(OBJEXT) ntp_calendar.$(OBJEXT) \ mstolfp.$(OBJEXT) msyslog.$(OBJEXT) netof.$(OBJEXT) \
ntp_crypto_rnd.$(OBJEXT) ntp_intres.$(OBJEXT) \ ntp_calendar.$(OBJEXT) ntp_crypto_rnd.$(OBJEXT) \
ntp_libopts.$(OBJEXT) ntp_lineedit.$(OBJEXT) \ ntp_intres.$(OBJEXT) ntp_libopts.$(OBJEXT) \
ntp_random.$(OBJEXT) ntp_rfc2553.$(OBJEXT) \ ntp_lineedit.$(OBJEXT) ntp_random.$(OBJEXT) \
ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) numtohost.$(OBJEXT) \ ntp_rfc2553.$(OBJEXT) ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) \
octtoint.$(OBJEXT) prettydate.$(OBJEXT) refidsmear.$(OBJEXT) \ numtohost.$(OBJEXT) octtoint.$(OBJEXT) prettydate.$(OBJEXT) \
recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) snprintf.$(OBJEXT) \ refidsmear.$(OBJEXT) recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) \
socket.$(OBJEXT) socktoa.$(OBJEXT) socktohost.$(OBJEXT) \ snprintf.$(OBJEXT) socket.$(OBJEXT) socktoa.$(OBJEXT) \
ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \ socktohost.$(OBJEXT) ssl_init.$(OBJEXT) statestr.$(OBJEXT) \
strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timetoa.$(OBJEXT) \ strdup.$(OBJEXT) strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) \
timevalops.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \ timetoa.$(OBJEXT) timevalops.$(OBJEXT) uglydate.$(OBJEXT) \
work_fork.$(OBJEXT) work_thread.$(OBJEXT) ymd2yd.$(OBJEXT) \ vint64ops.$(OBJEXT) work_fork.$(OBJEXT) work_thread.$(OBJEXT) \
$(am__objects_3) $(am__objects_1) ymd2yd.$(OBJEXT) $(am__objects_3) $(am__objects_1)
am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4) am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_4)
libntp_a_OBJECTS = $(am_libntp_a_OBJECTS) libntp_a_OBJECTS = $(am_libntp_a_OBJECTS)
libntpsim_a_AR = $(AR) $(ARFLAGS) libntpsim_a_AR = $(AR) $(ARFLAGS)
@ -232,12 +232,12 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \
calyearstart.c clocktime.c clocktypes.c decodenetnum.c \ calyearstart.c clocktime.c clocktypes.c decodenetnum.c \
dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \ dofptoa.c dolfptoa.c emalloc.c findconfig.c getopt.c \
hextoint.c hextolfp.c humandate.c icom.c iosignal.c \ hextoint.c hextolfp.c humandate.c icom.c iosignal.c \
lib_strbuf.c machines.c mktime.c modetoa.c mstolfp.c msyslog.c \ is_ip_address.c lib_strbuf.c machines.c mktime.c modetoa.c \
netof.c ntp_calendar.c ntp_crypto_rnd.c ntp_intres.c \ mstolfp.c msyslog.c netof.c ntp_calendar.c ntp_crypto_rnd.c \
ntp_libopts.c ntp_lineedit.c ntp_random.c ntp_rfc2553.c \ ntp_intres.c ntp_libopts.c ntp_lineedit.c ntp_random.c \
ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \ ntp_rfc2553.c ntp_worker.c numtoa.c numtohost.c octtoint.c \
refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \ prettydate.c refidsmear.c recvbuff.c refnumtoa.c snprintf.c \
socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ socket.c socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \
strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \ strl_obsd.c syssignal.c timetoa.c timevalops.c uglydate.c \
vint64ops.c work_fork.c work_thread.c ymd2yd.c \ vint64ops.c work_fork.c work_thread.c ymd2yd.c \
$(srcdir)/../lib/isc/assertions.c \ $(srcdir)/../lib/isc/assertions.c \
@ -660,6 +660,7 @@ libntp_a_SRCS = \
humandate.c \ humandate.c \
icom.c \ icom.c \
iosignal.c \ iosignal.c \
is_ip_address.c \
lib_strbuf.c \ lib_strbuf.c \
machines.c \ machines.c \
mktime.c \ mktime.c \
@ -806,6 +807,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inet_pton.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/inet_pton.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/interfaceiter.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/interfaceiter.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iosignal.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iosignal.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/is_ip_address.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib_strbuf.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lib_strbuf.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@

105
contrib/ntp/libntp/authkeys.c
View File

@ -15,6 +15,7 @@
#include "ntp_string.h" #include "ntp_string.h"
#include "ntp_malloc.h" #include "ntp_malloc.h"
#include "ntp_stdlib.h" #include "ntp_stdlib.h"
#include "ntp_keyacc.h"
/* /*
* Structure to store keys in in the hash table. * Structure to store keys in in the hash table.
@ -25,6 +26,7 @@ struct savekey {
symkey * hlink; /* next in hash bucket */ symkey * hlink; /* next in hash bucket */
DECL_DLIST_LINK(symkey, llink); /* for overall & free lists */ DECL_DLIST_LINK(symkey, llink); /* for overall & free lists */
u_char * secret; /* shared secret */ u_char * secret; /* shared secret */
KeyAccT * keyacclist; /* Private key access list */
u_long lifetime; /* remaining lifetime */ u_long lifetime; /* remaining lifetime */
keyid_t keyid; /* key identifier */ keyid_t keyid; /* key identifier */
u_short type; /* OpenSSL digest NID */ u_short type; /* OpenSSL digest NID */
@ -48,13 +50,13 @@ struct symkey_alloc_tag {
symkey_alloc * authallocs; symkey_alloc * authallocs;
#endif /* DEBUG */ #endif /* DEBUG */
static inline u_short auth_log2(double x); static u_short auth_log2(size_t);
static void auth_resize_hashtable(void); static void auth_resize_hashtable(void);
static void allocsymkey(symkey **, keyid_t, u_short, static void allocsymkey(symkey **, keyid_t, u_short, u_short,
u_short, u_long, u_short, u_char *); u_long, u_short, u_char *, KeyAccT *);
static void freesymkey(symkey *, symkey **); static void freesymkey(symkey *, symkey **);
#ifdef DEBUG #ifdef DEBUG
static void free_auth_mem(void); static void free_auth_mem(void);
#endif #endif
symkey key_listhead; /* list of all in-use keys */; symkey key_listhead; /* list of all in-use keys */;
@ -97,6 +99,7 @@ u_char *cache_secret; /* secret */
u_short cache_secretsize; /* secret length */ u_short cache_secretsize; /* secret length */
int cache_type; /* OpenSSL digest NID */ int cache_type; /* OpenSSL digest NID */
u_short cache_flags; /* flags that wave */ u_short cache_flags; /* flags that wave */
KeyAccT *cache_keyacclist; /* key access list */
/* /*
@ -142,6 +145,7 @@ free_auth_mem(void)
key_hash = NULL; key_hash = NULL;
cache_keyid = 0; cache_keyid = 0;
cache_flags = 0; cache_flags = 0;
cache_keyacclist = NULL;
for (alloc = authallocs; alloc != NULL; alloc = next_alloc) { for (alloc = authallocs; alloc != NULL; alloc = next_alloc) {
next_alloc = alloc->link; next_alloc = alloc->link;
free(alloc->mem); free(alloc->mem);
@ -210,10 +214,33 @@ auth_prealloc_symkeys(
} }
static inline u_short static u_short
auth_log2(double x) auth_log2(size_t x)
{ {
return (u_short)(log10(x) / log10(2)); /*
** bithack to calculate floor(log2(x))
**
** This assumes
** - (sizeof(size_t) is a power of two
** - CHAR_BITS is a power of two
** - returning zero for arguments <= 0 is OK.
**
** Does only shifts, masks and sums in integer arithmetic in
** log2(CHAR_BIT*sizeof(size_t)) steps. (that is, 5/6 steps for
** 32bit/64bit size_t)
*/
int s;
int r = 0;
size_t m = ~(size_t)0;
for (s = sizeof(size_t) / 2 * CHAR_BIT; s != 0; s >>= 1) {
m <<= s;
if (x & m)
r += s;
else
x <<= s;
}
return (u_short)r;
} }
@ -234,7 +261,7 @@ auth_resize_hashtable(void)
symkey * sk; symkey * sk;
totalkeys = authnumkeys + authnumfreekeys; totalkeys = authnumkeys + authnumfreekeys;
hashbits = auth_log2(totalkeys / 4.0) + 1; hashbits = auth_log2(totalkeys / 4) + 1;
hashbits = max(4, hashbits); hashbits = max(4, hashbits);
hashbits = min(15, hashbits); hashbits = min(15, hashbits);
@ -267,7 +294,8 @@ allocsymkey(
u_short type, u_short type,
u_long lifetime, u_long lifetime,
u_short secretsize, u_short secretsize,
u_char * secret u_char * secret,
KeyAccT * ka
) )
{ {
symkey * sk; symkey * sk;
@ -281,6 +309,7 @@ allocsymkey(
sk->type = type; sk->type = type;
sk->secretsize = secretsize; sk->secretsize = secretsize;
sk->secret = secret; sk->secret = secret;
sk->keyacclist = ka;
sk->lifetime = lifetime; sk->lifetime = lifetime;
LINK_SLIST(*bucket, sk, hlink); LINK_SLIST(*bucket, sk, hlink);
LINK_TAIL_DLIST(key_listhead, sk, llink); LINK_TAIL_DLIST(key_listhead, sk, llink);
@ -412,6 +441,7 @@ authhavekey(
cache_flags = sk->flags; cache_flags = sk->flags;
cache_secret = sk->secret; cache_secret = sk->secret;
cache_secretsize = sk->secretsize; cache_secretsize = sk->secretsize;
cache_keyacclist = sk->keyacclist;
return TRUE; return TRUE;
} }
@ -451,6 +481,7 @@ authtrust(
if (cache_keyid == id) { if (cache_keyid == id) {
cache_flags = 0; cache_flags = 0;
cache_keyid = 0; cache_keyid = 0;
cache_keyacclist = NULL;
} }
/* /*
@ -480,7 +511,7 @@ authtrust(
} else { } else {
lifetime = 0; lifetime = 0;
} }
allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL); allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL, NULL);
} }
@ -511,6 +542,49 @@ authistrusted(
return TRUE; return TRUE;
} }
/*
* authistrustedip - determine if the IP is OK for the keyid
*/
int
authistrustedip(
keyid_t keyno,
sockaddr_u * sau
)
{
symkey * sk;
symkey ** bucket;
KeyAccT * kal;
KeyAccT * k;
if (keyno == cache_keyid)
kal = cache_keyacclist;
else {
authkeyuncached++;
bucket = &key_hash[KEYHASH(keyno)];
for (sk = *bucket; sk != NULL; sk = sk->hlink) {
if (keyno == sk->keyid)
break;
}
if (NULL == sk || !(KEY_TRUSTED & sk->flags)) {
INSIST(!"authistrustedip: keyid not found/trusted!");
return FALSE;
}
kal = sk->keyacclist;
}
if (NULL == kal)
return TRUE;
for (k = kal; k; k = k->next) {
if (SOCK_EQ(&k->addr, sau))
return TRUE;
}
return FALSE;
}
/* Note: There are two locations below where 'strncpy()' is used. While /* Note: There are two locations below where 'strncpy()' is used. While
* this function is a hazard by itself, it's essential that it is used * this function is a hazard by itself, it's essential that it is used
* here. Bug 1243 involved that the secret was filled with NUL bytes * here. Bug 1243 involved that the secret was filled with NUL bytes
@ -527,7 +601,8 @@ MD5auth_setkey(
keyid_t keyno, keyid_t keyno,
int keytype, int keytype,
const u_char *key, const u_char *key,
size_t len size_t len,
KeyAccT *ka
) )
{ {
symkey * sk; symkey * sk;
@ -553,6 +628,7 @@ MD5auth_setkey(
sk->type = (u_short)keytype; sk->type = (u_short)keytype;
secretsize = len; secretsize = len;
sk->secretsize = (u_short)secretsize; sk->secretsize = (u_short)secretsize;
sk->keyacclist = ka;
#ifndef DISABLE_BUG1243_FIX #ifndef DISABLE_BUG1243_FIX
memcpy(sk->secret, key, secretsize); memcpy(sk->secret, key, secretsize);
#else #else
@ -563,6 +639,7 @@ MD5auth_setkey(
if (cache_keyid == keyno) { if (cache_keyid == keyno) {
cache_flags = 0; cache_flags = 0;
cache_keyid = 0; cache_keyid = 0;
cache_keyacclist = NULL;
} }
return; return;
} }
@ -580,7 +657,7 @@ MD5auth_setkey(
strncpy((char *)secret, (const char *)key, secretsize); strncpy((char *)secret, (const char *)key, secretsize);
#endif #endif
allocsymkey(bucket, keyno, 0, (u_short)keytype, 0, allocsymkey(bucket, keyno, 0, (u_short)keytype, 0,
(u_short)secretsize, secret); (u_short)secretsize, secret, ka);
#ifdef DEBUG #ifdef DEBUG
if (debug >= 4) { if (debug >= 4) {
size_t j; size_t j;

51
contrib/ntp/libntp/authreadkeys.c
View File

@ -5,10 +5,12 @@
#include <stdio.h> #include <stdio.h>
#include <ctype.h> #include <ctype.h>
#include "ntpd.h" /* Only for DPRINTF */
#include "ntp_fp.h" #include "ntp_fp.h"
#include "ntp.h" #include "ntp.h"
#include "ntp_syslog.h" #include "ntp_syslog.h"
#include "ntp_stdlib.h" #include "ntp_stdlib.h"
#include "ntp_keyacc.h"
#ifdef OPENSSL #ifdef OPENSSL
#include "openssl/objects.h" #include "openssl/objects.h"
@ -85,6 +87,7 @@ static void log_maybe(u_int*, const char*, ...) NTP_PRINTF(2, 3);
typedef struct keydata KeyDataT; typedef struct keydata KeyDataT;
struct keydata { struct keydata {
KeyDataT *next; /* queue/stack link */ KeyDataT *next; /* queue/stack link */
KeyAccT *keyacclist; /* key access list */
keyid_t keyid; /* stored key ID */ keyid_t keyid; /* stored key ID */
u_short keytype; /* stored key type */ u_short keytype; /* stored key type */
u_short seclen; /* length of secret */ u_short seclen; /* length of secret */
@ -228,6 +231,7 @@ authreadkeys(
len = strlen(token); len = strlen(token);
if (len <= 20) { /* Bug 2537 */ if (len <= 20) { /* Bug 2537 */
next = emalloc(sizeof(KeyDataT) + len); next = emalloc(sizeof(KeyDataT) + len);
next->keyacclist = NULL;
next->keyid = keyno; next->keyid = keyno;
next->keytype = keytype; next->keytype = keytype;
next->seclen = len; next->seclen = len;
@ -257,11 +261,48 @@ authreadkeys(
} }
len = jlim/2; /* hmmmm.... what about odd length?!? */ len = jlim/2; /* hmmmm.... what about odd length?!? */
next = emalloc(sizeof(KeyDataT) + len); next = emalloc(sizeof(KeyDataT) + len);
next->keyacclist = NULL;
next->keyid = keyno; next->keyid = keyno;
next->keytype = keytype; next->keytype = keytype;
next->seclen = len; next->seclen = len;
memcpy(next->secbuf, keystr, len); memcpy(next->secbuf, keystr, len);
} }
token = nexttok(&line);
DPRINTF(0, ("authreadkeys: full access list <%s>\n", (token) ? token : "NULL"));
if (token != NULL) { /* A comma-separated IP access list */
char *tp = token;
while (tp) {
char *i;
KeyAccT ka;
i = strchr(tp, (int)',');
if (i)
*i = '\0';
DPRINTF(0, ("authreadkeys: access list: <%s>\n", tp));
if (is_ip_address(tp, AF_UNSPEC, &ka.addr)) {
KeyAccT *kap;
kap = emalloc(sizeof(KeyAccT));
memcpy(kap, &ka, sizeof ka);
kap->next = next->keyacclist;
next->keyacclist = kap;
} else {
log_maybe(&nerr,
"authreadkeys: invalid IP address <%s> for key %d",
tp, keyno);
}
if (i) {
tp = i + 1;
} else {
tp = 0;
}
}
}
INSIST(NULL != next); INSIST(NULL != next);
next->next = list; next->next = list;
list = next; list = next;
@ -286,7 +327,7 @@ authreadkeys(
while (NULL != (next = list)) { while (NULL != (next = list)) {
list = next->next; list = next->next;
MD5auth_setkey(next->keyid, next->keytype, MD5auth_setkey(next->keyid, next->keytype,
next->secbuf, next->seclen); next->secbuf, next->seclen, next->keyacclist);
/* purge secrets from memory before free()ing it */ /* purge secrets from memory before free()ing it */
memset(next, 0, sizeof(*next) + next->seclen); memset(next, 0, sizeof(*next) + next->seclen);
free(next); free(next);
@ -297,6 +338,14 @@ authreadkeys(
/* Mop up temporary storage before bailing out. */ /* Mop up temporary storage before bailing out. */
while (NULL != (next = list)) { while (NULL != (next = list)) {
list = next->next; list = next->next;
while (next->keyacclist) {
KeyAccT *kap = next->keyacclist;
next->keyacclist = kap->next;
free(kap);
}
/* purge secrets from memory before free()ing it */ /* purge secrets from memory before free()ing it */
memset(next, 0, sizeof(*next) + next->seclen); memset(next, 0, sizeof(*next) + next->seclen);
free(next); free(next);

2
contrib/ntp/libntp/authusekey.c
View File

@ -29,6 +29,6 @@ authusekey(
if (0 == len) if (0 == len)
return 0; return 0;
MD5auth_setkey(keyno, keytype, str, len); MD5auth_setkey(keyno, keytype, str, len, NULL);
return 1; return 1;
} }

129
contrib/ntp/libntp/is_ip_address.c Normal file
View File

@ -0,0 +1,129 @@
/*
* is_ip_address
*
*/
#ifdef HAVE_CONFIG_H
# include <config.h>
#endif
#if 0
#include <stdio.h>
#include <signal.h>
#ifdef HAVE_FNMATCH_H
# include <fnmatch.h>
# if !defined(FNM_CASEFOLD) && defined(FNM_IGNORECASE)
# define FNM_CASEFOLD FNM_IGNORECASE
# endif
#endif
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
# include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_SOCKIO_H /* UXPV: SIOC* #defines (Frank Vance <fvance@waii.com>) */
# include <sys/sockio.h>
#endif
#ifdef HAVE_SYS_UIO_H
# include <sys/uio.h>
#endif
#endif
#include "ntp_assert.h"
#include "ntp_stdlib.h"
#include "safecast.h"
#if 0
#include "ntp_machine.h"
#include "ntpd.h"
#include "ntp_io.h"
#include "iosignal.h"
#include "ntp_lists.h"
#include "ntp_refclock.h"
#include "ntp_worker.h"
#include "ntp_request.h"
#include "timevalops.h"
#include "timespecops.h"
#include "ntpd-opts.h"
#endif
/* Don't include ISC's version of IPv6 variables and structures */
#define ISC_IPV6_H 1
#include <isc/mem.h>
#include <isc/interfaceiter.h>
#include <isc/netaddr.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
/*
* Code to tell if we have an IP address
* If we have then return the sockaddr structure
* and set the return value
* see the bind9/getaddresses.c for details
*/
int
is_ip_address(
const char * host,
u_short af,
sockaddr_u * addr
)
{
struct in_addr in4;
struct addrinfo hints;
struct addrinfo *result;
struct sockaddr_in6 *resaddr6;
char tmpbuf[128];
char *pch;
REQUIRE(host != NULL);
REQUIRE(addr != NULL);
ZERO_SOCK(addr);
/*
* Try IPv4, then IPv6. In order to handle the extended format
* for IPv6 scoped addresses (address%scope_ID), we'll use a local
* working buffer of 128 bytes. The length is an ad-hoc value, but
* should be enough for this purpose; the buffer can contain a string
* of at least 80 bytes for scope_ID in addition to any IPv6 numeric
* addresses (up to 46 bytes), the delimiter character and the
* terminating NULL character.
*/
if (AF_UNSPEC == af || AF_INET == af)
if (inet_pton(AF_INET, host, &in4) == 1) {
AF(addr) = AF_INET;
SET_ADDR4N(addr, in4.s_addr);
return TRUE;
}
if (AF_UNSPEC == af || AF_INET6 == af)
if (sizeof(tmpbuf) > strlen(host)) {
if ('[' == host[0]) {
strlcpy(tmpbuf, &host[1], sizeof(tmpbuf));
pch = strchr(tmpbuf, ']');
if (pch != NULL)
*pch = '\0';
} else {
strlcpy(tmpbuf, host, sizeof(tmpbuf));
}
ZERO(hints);
hints.ai_family = AF_INET6;
hints.ai_flags |= AI_NUMERICHOST;
if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) {
AF(addr) = AF_INET6;
resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr);
SET_ADDR6N(addr, resaddr6->sin6_addr);
SET_SCOPE(addr, resaddr6->sin6_scope_id);
freeaddrinfo(result);
return TRUE;
}
}
/*
* If we got here it was not an IP address
*/
return FALSE;
}

27
contrib/ntp/libntp/ntp_worker.c
View File

@ -27,6 +27,8 @@ blocking_child ** blocking_children;
size_t blocking_children_alloc; size_t blocking_children_alloc;
int worker_per_query; /* boolean */ int worker_per_query; /* boolean */
int intres_req_pending; int intres_req_pending;
volatile u_int blocking_child_ready_seen;
volatile u_int blocking_child_ready_done;
#ifndef HAVE_IO_COMPLETION_PORT #ifndef HAVE_IO_COMPLETION_PORT
@ -262,6 +264,31 @@ process_blocking_resp(
req_child_exit(c); req_child_exit(c);
} }
void
harvest_blocking_responses(void)
{
int idx;
blocking_child* cp;
u_int scseen, scdone;
scseen = blocking_child_ready_seen;
scdone = blocking_child_ready_done;
if (scdone != scseen) {
blocking_child_ready_done = scseen;
for (idx = 0; idx < blocking_children_alloc; idx++) {
cp = blocking_children[idx];
if (NULL == cp)
continue;
scseen = cp->resp_ready_seen;
scdone = cp->resp_ready_done;
if (scdone != scseen) {
cp->resp_ready_done = scseen;
process_blocking_resp(cp);
}
}
}
}
/* /*
* blocking_child_common runs as a forked child or a thread * blocking_child_common runs as a forked child or a thread

15
contrib/ntp/libntp/systime.c
View File

@ -323,9 +323,18 @@ adj_systime(
else else
quant = 1e-6; quant = 1e-6;
ticks = (long)(dtemp / quant + .5); ticks = (long)(dtemp / quant + .5);
adjtv.tv_usec = (long)(ticks * quant * 1e6); adjtv.tv_usec = (long)(ticks * quant * 1.e6 + .5);
dtemp -= adjtv.tv_usec / 1e6; /* The rounding in the conversions could us push over the
sys_residual = dtemp; * limits: make sure the result is properly normalised!
* note: sign comes later, all numbers non-negative here.
*/
if (adjtv.tv_usec >= 1000000) {
adjtv.tv_sec += 1;
adjtv.tv_usec -= 1000000;
dtemp -= 1.;
}
/* set the new residual with leftover from correction */
sys_residual = dtemp - adjtv.tv_usec * 1.e-6;
/* /*
* Convert to signed seconds and microseconds for the Unix * Convert to signed seconds and microseconds for the Unix

74
contrib/ntp/libntp/work_thread.c
View File

@ -25,12 +25,37 @@
#define CHILD_EXIT_REQ ((blocking_pipe_header *)(intptr_t)-1) #define CHILD_EXIT_REQ ((blocking_pipe_header *)(intptr_t)-1)
#define CHILD_GONE_RESP CHILD_EXIT_REQ #define CHILD_GONE_RESP CHILD_EXIT_REQ
/* Queue size increments:
* The request queue grows a bit faster than the response queue -- the
* deamon can push requests and pull results faster on avarage than the
* worker can process requests and push results... If this really pays
* off is debatable.
*/
#define WORKITEMS_ALLOC_INC 16 #define WORKITEMS_ALLOC_INC 16
#define RESPONSES_ALLOC_INC 4 #define RESPONSES_ALLOC_INC 4
/* Fiddle with min/max stack sizes. 64kB minimum seems to work, so we
* set the maximum to 256kB. If the minimum goes below the
* system-defined minimum stack size, we have to adjust accordingly.
*/
#ifndef THREAD_MINSTACKSIZE #ifndef THREAD_MINSTACKSIZE
#define THREAD_MINSTACKSIZE (64U * 1024) # define THREAD_MINSTACKSIZE (64U * 1024)
#endif #endif
#ifndef __sun
#if defined(PTHREAD_STACK_MIN) && THREAD_MINSTACKSIZE < PTHREAD_STACK_MIN
# undef THREAD_MINSTACKSIZE
# define THREAD_MINSTACKSIZE PTHREAD_STACK_MIN
#endif
#endif
#ifndef THREAD_MAXSTACKSIZE
# define THREAD_MAXSTACKSIZE (256U * 1024)
#endif
#if THREAD_MAXSTACKSIZE < THREAD_MINSTACKSIZE
# undef THREAD_MAXSTACKSIZE
# define THREAD_MAXSTACKSIZE THREAD_MINSTACKSIZE
#endif
#ifdef SYS_WINNT #ifdef SYS_WINNT
@ -148,15 +173,19 @@ ensure_workitems_empty_slot(
size_t new_alloc; size_t new_alloc;
size_t slots_used; size_t slots_used;
size_t sidx;
slots_used = c->head_workitem - c->tail_workitem; slots_used = c->head_workitem - c->tail_workitem;
if (slots_used >= c->workitems_alloc) { if (slots_used >= c->workitems_alloc) {
new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC; new_alloc = c->workitems_alloc + WORKITEMS_ALLOC_INC;
c->workitems = erealloc(c->workitems, new_alloc * each); c->workitems = erealloc(c->workitems, new_alloc * each);
for (sidx = c->workitems_alloc; sidx < new_alloc; ++sidx)
c->workitems[sidx] = NULL;
c->tail_workitem = 0; c->tail_workitem = 0;
c->head_workitem = c->workitems_alloc; c->head_workitem = c->workitems_alloc;
c->workitems_alloc = new_alloc; c->workitems_alloc = new_alloc;
} }
INSIST(NULL == c->workitems[c->head_workitem % c->workitems_alloc]);
return (0 == slots_used); return (0 == slots_used);
} }
@ -180,15 +209,19 @@ ensure_workresp_empty_slot(
size_t new_alloc; size_t new_alloc;
size_t slots_used; size_t slots_used;
size_t sidx;
slots_used = c->head_response - c->tail_response; slots_used = c->head_response - c->tail_response;
if (slots_used >= c->responses_alloc) { if (slots_used >= c->responses_alloc) {
new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC; new_alloc = c->responses_alloc + RESPONSES_ALLOC_INC;
c->responses = erealloc(c->responses, new_alloc * each); c->responses = erealloc(c->responses, new_alloc * each);
for (sidx = c->responses_alloc; sidx < new_alloc; ++sidx)
c->responses[sidx] = NULL;
c->tail_response = 0; c->tail_response = 0;
c->head_response = c->responses_alloc; c->head_response = c->responses_alloc;
c->responses_alloc = new_alloc; c->responses_alloc = new_alloc;
} }
INSIST(NULL == c->responses[c->head_response % c->responses_alloc]);
return (0 == slots_used); return (0 == slots_used);
} }
@ -478,11 +511,11 @@ start_blocking_thread_internal(
# endif # endif
pthread_attr_t thr_attr; pthread_attr_t thr_attr;
int rc; int rc;
int saved_errno;
int pipe_ends[2]; /* read then write */ int pipe_ends[2]; /* read then write */
int is_pipe; int is_pipe;
int flags; int flags;
size_t stacksize; size_t ostacksize;
size_t nstacksize;
sigset_t saved_sig_mask; sigset_t saved_sig_mask;
c->thread_ref = NULL; c->thread_ref = NULL;
@ -522,21 +555,29 @@ start_blocking_thread_internal(
pthread_attr_setdetachstate(&thr_attr, PTHREAD_CREATE_DETACHED); pthread_attr_setdetachstate(&thr_attr, PTHREAD_CREATE_DETACHED);
#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \ #if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE)
rc = pthread_attr_getstacksize(&thr_attr, &stacksize); rc = pthread_attr_getstacksize(&thr_attr, &ostacksize);
if (-1 == rc) { if (0 != rc) {
msyslog(LOG_ERR, msyslog(LOG_ERR,
"start_blocking_thread: pthread_attr_getstacksize %m"); "start_blocking_thread: pthread_attr_getstacksize() -> %s",
} else if (stacksize < THREAD_MINSTACKSIZE) { strerror(rc));
rc = pthread_attr_setstacksize(&thr_attr, } else {
THREAD_MINSTACKSIZE); if (ostacksize < THREAD_MINSTACKSIZE)
if (-1 == rc) nstacksize = THREAD_MINSTACKSIZE;
else if (ostacksize > THREAD_MAXSTACKSIZE)
nstacksize = THREAD_MAXSTACKSIZE;
else
nstacksize = ostacksize;
if (nstacksize != ostacksize)
rc = pthread_attr_setstacksize(&thr_attr, nstacksize);
if (0 != rc)
msyslog(LOG_ERR, msyslog(LOG_ERR,
"start_blocking_thread: pthread_attr_setstacksize(0x%lx -> 0x%lx) %m", "start_blocking_thread: pthread_attr_setstacksize(0x%lx -> 0x%lx) -> %s",
(u_long)stacksize, (u_long)ostacksize, (u_long)nstacksize,
(u_long)THREAD_MINSTACKSIZE); strerror(rc));
} }
#else #else
UNUSED_ARG(stacksize); UNUSED_ARG(nstacksize);
UNUSED_ARG(ostacksize);
#endif #endif
#if defined(PTHREAD_SCOPE_SYSTEM) && defined(NEED_PTHREAD_SCOPE_SYSTEM) #if defined(PTHREAD_SCOPE_SYSTEM) && defined(NEED_PTHREAD_SCOPE_SYSTEM)
pthread_attr_setscope(&thr_attr, PTHREAD_SCOPE_SYSTEM); pthread_attr_setscope(&thr_attr, PTHREAD_SCOPE_SYSTEM);
@ -545,12 +586,11 @@ start_blocking_thread_internal(
block_thread_signals(&saved_sig_mask); block_thread_signals(&saved_sig_mask);
rc = pthread_create(&c->thr_table[0], &thr_attr, rc = pthread_create(&c->thr_table[0], &thr_attr,
&blocking_thread, c); &blocking_thread, c);
saved_errno = errno;
pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL); pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
pthread_attr_destroy(&thr_attr); pthread_attr_destroy(&thr_attr);
if (0 != rc) { if (0 != rc) {
errno = saved_errno; msyslog(LOG_ERR, "start_blocking_thread: pthread_create() -> %s",
msyslog(LOG_ERR, "pthread_create() blocking child: %m"); strerror(rc));
exit(1); exit(1);
} }
c->thread_ref = &c->thr_table[0]; c->thread_ref = &c->thr_table[0];

67
contrib/ntp/ntpd/invoke-ntp.conf.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:30:49 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:17:59 AM by AutoGen 5.18.5
# From the definitions ntp.conf.def # From the definitions ntp.conf.def
# and the template file agtexi-file.tpl # and the template file agtexi-file.tpl
@end ignore @end ignore
@ -2294,8 +2294,8 @@ otherwise, should be avoided.
@item @code{dscp} @kbd{value} @item @code{dscp} @kbd{value}
This option specifies the Differentiated Services Control Point (DSCP) value, This option specifies the Differentiated Services Control Point (DSCP) value,
a 6-bit code. The default value is 46, signifying Expedited Forwarding. a 6-bit code. The default value is 46, signifying Expedited Forwarding.
@item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]} @item @code{enable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]}
@item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats}]} @item @code{disable} @code{[@code{auth} | @code{bclient} | @code{calibrate} | @code{kernel} | @code{mode7} | @code{monitor} | @code{ntp} | @code{stats} | @code{unpeer_crypto_early} | @code{unpeer_crypto_nak_early} | @code{unpeer_digest_early}]}
Provides a way to enable or disable various server options. Provides a way to enable or disable various server options.
Flags not mentioned are unaffected. Flags not mentioned are unaffected.
Note that all of these flags Note that all of these flags
@ -2367,6 +2367,67 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
@code{disable}. @code{disable}.
@item @code{unpeer_crypto_early}
By default, if
@code{ntpd(1ntpdmdoc)}
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
@code{peerstats}
file for evidence of any of these attacks.
The
default for this flag is
@code{enable}.
@item @code{unpeer_crypto_nak_early}
By default, if
@code{ntpd(1ntpdmdoc)}
receives a crypto-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
@code{peerstats}
file for evidence of any of these attacks.
The
default for this flag is
@code{enable}.
@item @code{unpeer_digest_early}
By default, if
@code{ntpd(1ntpdmdoc)}
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
@code{peerstats}
file for evidence of any of these attacks.
The
default for this flag is
@code{enable}.
@end table @end table
@item @code{includefile} @kbd{includefile} @item @code{includefile} @kbd{includefile}
This command allows additional configuration commands This command allows additional configuration commands

14
contrib/ntp/ntpd/invoke-ntp.keys.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:30:52 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:18:02 AM by AutoGen 5.18.5
# From the definitions ntp.keys.def # From the definitions ntp.keys.def
# and the template file agtexi-file.tpl # and the template file agtexi-file.tpl
@end ignore @end ignore
@ -37,7 +37,7 @@ as the configuration file.
Key entries use a fixed format of the form Key entries use a fixed format of the form
@example @example
@kbd{keyno} @kbd{type} @kbd{key} @kbd{keyno} @kbd{type} @kbd{key} @kbd{opt_IP_list}
@end example @end example
where where
@ -47,7 +47,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
@kbd{key} @kbd{key}
is the key itself. is the key itself, and
@kbd{opt_IP_list}
is an optional comma-separated list of IPs
that are allowed to serve time.
If
@kbd{opt_IP_list}
is empty,
any properly-authenticated server message will be
accepted.
The The
@kbd{key} @kbd{key}

4
contrib/ntp/ntpd/invoke-ntpd.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:30:54 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:18:04 AM by AutoGen 5.18.5
# From the definitions ntpd-opts.def # From the definitions ntpd-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -142,7 +142,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
ntpd - NTP daemon program - Ver. 4.2.8p5 ntpd - NTP daemon program - Ver. 4.2.8p6
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \ Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
[ <server1> ... <serverN> ] [ <server1> ... <serverN> ]
Flg Arg Option-Name Description Flg Arg Option-Name Description

2
contrib/ntp/ntpd/keyword-gen-utd
View File

@ -1 +1 @@
* Generated 2015-06-25 03:57:00 UTC diff_ignore_line * Generated 2016-01-16 08:33:03 UTC diff_ignore_line

3
contrib/ntp/ntpd/keyword-gen.c
View File

@ -202,6 +202,9 @@ struct key_tok ntp_keywords[] = {
{ "ntp", T_Ntp, FOLLBY_TOKEN }, { "ntp", T_Ntp, FOLLBY_TOKEN },
{ "mode7", T_Mode7, FOLLBY_TOKEN }, { "mode7", T_Mode7, FOLLBY_TOKEN },
{ "stats", T_Stats, FOLLBY_TOKEN }, { "stats", T_Stats, FOLLBY_TOKEN },
{ "unpeer_crypto_early", T_UEcrypto, FOLLBY_TOKEN },
{ "unpeer_crypto_nak_early", T_UEcryptonak, FOLLBY_TOKEN },
{ "unpeer_digest_early", T_UEdigest, FOLLBY_TOKEN },
/* rlimit_option */ /* rlimit_option */
{ "memlock", T_Memlock, FOLLBY_TOKEN }, { "memlock", T_Memlock, FOLLBY_TOKEN },
{ "stacksize", T_Stacksize, FOLLBY_TOKEN }, { "stacksize", T_Stacksize, FOLLBY_TOKEN },

76
contrib/ntp/ntpd/ntp.conf.5man
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntp.conf 5man "07 Jan 2016" "4.2.8p5" "File Formats" .TH ntp.conf 5man "20 Jan 2016" "4.2.8p6" "File Formats"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def .\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -2573,9 +2573,9 @@ otherwise, should be avoided.
This option specifies the Differentiated Services Control Point (DSCP) value, This option specifies the Differentiated Services Control Point (DSCP) value,
a 6-bit code. The default value is 46, signifying Expedited Forwarding. a 6-bit code. The default value is 46, signifying Expedited Forwarding.
.TP 7 .TP 7
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] .NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
.TP 7 .TP 7
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] .NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
Provides a way to enable or disable various server options. Provides a way to enable or disable various server options.
Flags not mentioned are unaffected. Flags not mentioned are unaffected.
Note that all of these flags Note that all of these flags
@ -2655,6 +2655,70 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
\f\*[B-Font]disable\f[]. \f\*[B-Font]disable\f[].
.TP 7
.NOP \f\*[B-Font]unpeer_crypto_early\f[]
By default, if
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
\f\*[B-Font]peerstats\f[]
file for evidence of any of these attacks.
The
default for this flag is
\f\*[B-Font]enable\f[].
.TP 7
.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[]
By default, if
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
receives a crypto-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
\f\*[B-Font]peerstats\f[]
file for evidence of any of these attacks.
The
default for this flag is
\f\*[B-Font]enable\f[].
.TP 7
.NOP \f\*[B-Font]unpeer_digest_early\f[]
By default, if
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
\f\*[B-Font]peerstats\f[]
file for evidence of any of these attacks.
The
default for this flag is
\f\*[B-Font]enable\f[].
.RE .RE
.TP 7 .TP 7
.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] .NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
@ -3027,7 +3091,7 @@ RFC5905
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS .SH BUGS
The syntax checking is not picky; some combinations of The syntax checking is not picky; some combinations of

77
contrib/ntp/ntpd/ntp.conf.5mdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTP_CONF 5mdoc File Formats .Dt NTP_CONF 5mdoc File Formats
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def .\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -2393,16 +2393,18 @@ a 6\-bit code. The default value is 46, signifying Expedited Forwarding.
.Oo .Oo
.Cm auth | Cm bclient | .Cm auth | Cm bclient |
.Cm calibrate | Cm kernel | .Cm calibrate | Cm kernel |
.Cm mode7 | monitor | .Cm mode7 | Cm monitor |
.Cm ntp | Cm stats .Cm ntp | Cm stats |
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
.Oc .Oc
.Xc .Xc
.It Xo Ic disable .It Xo Ic disable
.Oo .Oo
.Cm auth | Cm bclient | .Cm auth | Cm bclient |
.Cm calibrate | Cm kernel | .Cm calibrate | Cm kernel |
.Cm mode7 | monitor | .Cm mode7 | Cm monitor |
.Cm ntp | Cm stats .Cm ntp | Cm stats |
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
.Oc .Oc
.Xc .Xc
Provides a way to enable or disable various server options. Provides a way to enable or disable various server options.
@ -2476,6 +2478,67 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
.Ic disable . .Ic disable .
.It Cm unpeer_crypto_early
By default, if
.Xr ntpd 1ntpdmdoc
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.It Cm unpeer_crypto_nak_early
By default, if
.Xr ntpd 1ntpdmdoc
receives a crypto\-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto\-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.It Cm unpeer_digest_early
By default, if
.Xr ntpd 1ntpdmdoc
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.El .El
.It Ic includefile Ar includefile .It Ic includefile Ar includefile
This command allows additional configuration commands This command allows additional configuration commands
@ -2834,7 +2897,7 @@ A snapshot of this documentation is available in HTML format in
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS .Sh BUGS
The syntax checking is not picky; some combinations of The syntax checking is not picky; some combinations of

71
contrib/ntp/ntpd/ntp.conf.def
View File

@ -2395,16 +2395,18 @@ a 6-bit code. The default value is 46, signifying Expedited Forwarding.
.Oo .Oo
.Cm auth | Cm bclient | .Cm auth | Cm bclient |
.Cm calibrate | Cm kernel | .Cm calibrate | Cm kernel |
.Cm mode7 | monitor | .Cm mode7 | Cm monitor |
.Cm ntp | Cm stats .Cm ntp | Cm stats |
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
.Oc .Oc
.Xc .Xc
.It Xo Ic disable .It Xo Ic disable
.Oo .Oo
.Cm auth | Cm bclient | .Cm auth | Cm bclient |
.Cm calibrate | Cm kernel | .Cm calibrate | Cm kernel |
.Cm mode7 | monitor | .Cm mode7 | Cm monitor |
.Cm ntp | Cm stats .Cm ntp | Cm stats |
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
.Oc .Oc
.Xc .Xc
Provides a way to enable or disable various server options. Provides a way to enable or disable various server options.
@ -2478,6 +2480,67 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
.Ic disable . .Ic disable .
.It Cm unpeer_crypto_early
By default, if
.Xr ntpd 1ntpdmdoc
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.It Cm unpeer_crypto_nak_early
By default, if
.Xr ntpd 1ntpdmdoc
receives a crypto-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.It Cm unpeer_digest_early
By default, if
.Xr ntpd 1ntpdmdoc
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.El .El
.It Ic includefile Ar includefile .It Ic includefile Ar includefile
This command allows additional configuration commands This command allows additional configuration commands

62
contrib/ntp/ntpd/ntp.conf.html
View File

@ -33,7 +33,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the configuration file for the NTP Project's <p>This document describes the configuration file for the NTP Project's
<code>ntpd</code> program. <code>ntpd</code> program.
<p>This document applies to version 4.2.8p5 of <code>ntp.conf</code>. <p>This document applies to version 4.2.8p6 of <code>ntp.conf</code>.
<div class="shortcontents"> <div class="shortcontents">
<h2>Short Contents</h2> <h2>Short Contents</h2>
@ -2288,7 +2288,7 @@ drift file is located in, and that file system links, symbolic or
otherwise, should be avoided. otherwise, should be avoided.
<br><dt><code>dscp</code> <kbd>value</kbd><dd>This option specifies the Differentiated Services Control Point (DSCP) value, <br><dt><code>dscp</code> <kbd>value</kbd><dd>This option specifies the Differentiated Services Control Point (DSCP) value,
a 6-bit code. The default value is 46, signifying Expedited Forwarding. a 6-bit code. The default value is 46, signifying Expedited Forwarding.
<br><dt><code>enable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</code><br><dt><code>disable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats]</code><dd>Provides a way to enable or disable various server options. <br><dt><code>enable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</code><br><dt><code>disable</code> <code>[auth | bclient | calibrate | kernel | mode7 | monitor | ntp | stats | unpeer_crypto_early | unpeer_crypto_nak_early | unpeer_digest_early]</code><dd>Provides a way to enable or disable various server options.
Flags not mentioned are unaffected. Flags not mentioned are unaffected.
Note that all of these flags Note that all of these flags
can be controlled remotely using the can be controlled remotely using the
@ -2351,6 +2351,64 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
<code>disable</code>. <code>disable</code>.
<br><dt><code>unpeer_crypto_early</code><dd>By default, if
<code>ntpd(1ntpdmdoc)</code>
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
<code>peerstats</code>
file for evidence of any of these attacks.
The
default for this flag is
<code>enable</code>.
<br><dt><code>unpeer_crypto_nak_early</code><dd>By default, if
<code>ntpd(1ntpdmdoc)</code>
receives a crypto-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
<code>peerstats</code>
file for evidence of any of these attacks.
The
default for this flag is
<code>enable</code>.
<br><dt><code>unpeer_digest_early</code><dd>By default, if
<code>ntpd(1ntpdmdoc)</code>
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
<code>peerstats</code>
file for evidence of any of these attacks.
The
default for this flag is
<code>enable</code>.
</dl> </dl>
<br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands <br><dt><code>includefile</code> <kbd>includefile</kbd><dd>This command allows additional configuration commands
to be included from a separate file. to be included from a separate file.

76
contrib/ntp/ntpd/ntp.conf.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats" .TH ntp.conf 5 "20 Jan 2016" "4.2.8p6" "File Formats"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def .\" From the definitions ntp.conf.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -2573,9 +2573,9 @@ otherwise, should be avoided.
This option specifies the Differentiated Services Control Point (DSCP) value, This option specifies the Differentiated Services Control Point (DSCP) value,
a 6-bit code. The default value is 46, signifying Expedited Forwarding. a 6-bit code. The default value is 46, signifying Expedited Forwarding.
.TP 7 .TP 7
.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] .NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
.TP 7 .TP 7
.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] .NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]]
Provides a way to enable or disable various server options. Provides a way to enable or disable various server options.
Flags not mentioned are unaffected. Flags not mentioned are unaffected.
Note that all of these flags Note that all of these flags
@ -2655,6 +2655,70 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
\f\*[B-Font]disable\f[]. \f\*[B-Font]disable\f[].
.TP 7
.NOP \f\*[B-Font]unpeer_crypto_early\f[]
By default, if
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
\f\*[B-Font]peerstats\f[]
file for evidence of any of these attacks.
The
default for this flag is
\f\*[B-Font]enable\f[].
.TP 7
.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[]
By default, if
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
receives a crypto-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
\f\*[B-Font]peerstats\f[]
file for evidence of any of these attacks.
The
default for this flag is
\f\*[B-Font]enable\f[].
.TP 7
.NOP \f\*[B-Font]unpeer_digest_early\f[]
By default, if
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
\f\*[B-Font]peerstats\f[]
file for evidence of any of these attacks.
The
default for this flag is
\f\*[B-Font]enable\f[].
.RE .RE
.TP 7 .TP 7
.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] .NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[]
@ -3027,7 +3091,7 @@ RFC5905
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS .SH BUGS
The syntax checking is not picky; some combinations of The syntax checking is not picky; some combinations of

77
contrib/ntp/ntpd/ntp.conf.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTP_CONF 5 File Formats .Dt NTP_CONF 5 File Formats
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:57 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:07 AM by AutoGen 5.18.5
.\" From the definitions ntp.conf.def .\" From the definitions ntp.conf.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -2393,16 +2393,18 @@ a 6\-bit code. The default value is 46, signifying Expedited Forwarding.
.Oo .Oo
.Cm auth | Cm bclient | .Cm auth | Cm bclient |
.Cm calibrate | Cm kernel | .Cm calibrate | Cm kernel |
.Cm mode7 | monitor | .Cm mode7 | Cm monitor |
.Cm ntp | Cm stats .Cm ntp | Cm stats |
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
.Oc .Oc
.Xc .Xc
.It Xo Ic disable .It Xo Ic disable
.Oo .Oo
.Cm auth | Cm bclient | .Cm auth | Cm bclient |
.Cm calibrate | Cm kernel | .Cm calibrate | Cm kernel |
.Cm mode7 | monitor | .Cm mode7 | Cm monitor |
.Cm ntp | Cm stats .Cm ntp | Cm stats |
.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early
.Oc .Oc
.Xc .Xc
Provides a way to enable or disable various server options. Provides a way to enable or disable various server options.
@ -2476,6 +2478,67 @@ See the
section for further information. section for further information.
The default for this flag is The default for this flag is
.Ic disable . .Ic disable .
.It Cm unpeer_crypto_early
By default, if
.Xr ntpd @NTPD_MS@
receives an autokey packet that fails TEST9,
a crypto failure,
the association is immediately cleared.
This is almost certainly a feature,
but if, in spite of the current recommendation of not using autokey,
you are
.B still
using autokey
.B and
you are seeing this sort of DoS attack
disabling this flag will delay
tearing down the association until the reachability counter
becomes zero.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.It Cm unpeer_crypto_nak_early
By default, if
.Xr ntpd @NTPD_MS@
receives a crypto\-NAK packet that
passes the duplicate packet and origin timestamp checks
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery if a server key has changed,
a properly forged and appropriately delivered crypto\-NAK packet
can be used in a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.It Cm unpeer_digest_early
By default, if
.Xr ntpd @NTPD_MS@
receives what should be an authenticated packet
that passes other packet sanity checks but
contains an invalid digest
the association is immediately cleared.
While this is generally a feature
as it allows for quick recovery,
if this type of packet is carefully forged and sent
during an appropriate window it can be used for a DoS attack.
If you have active noticable problems with this type of DoS attack
then you should consider
disabling this option.
You can check your
.Cm peerstats
file for evidence of any of these attacks.
The
default for this flag is
.Ic enable .
.El .El
.It Ic includefile Ar includefile .It Ic includefile Ar includefile
This command allows additional configuration commands This command allows additional configuration commands
@ -2834,7 +2897,7 @@ A snapshot of this documentation is available in HTML format in
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS .Sh BUGS
The syntax checking is not picky; some combinations of The syntax checking is not picky; some combinations of

18
contrib/ntp/ntpd/ntp.keys.5man
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5man "07 Jan 2016" "4.2.8p5" "File Formats" .TH ntp.keys 5man "20 Jan 2016" "4.2.8p6" "File Formats"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:17:51 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def .\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl .\" and the template file agman-file.tpl
.Sh NAME .Sh NAME
@ -66,7 +66,7 @@ Key entries use a fixed format of the form
.ne 2 .ne 2
.in +4 .in +4
\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[]
.in -4 .in -4
.sp \n(Ppu .sp \n(Ppu
.ne 2 .ne 2
@ -78,7 +78,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
\f\*[I-Font]key\f[] \f\*[I-Font]key\f[]
is the key itself. is the key itself, and
\f\*[I-Font]opt_IP_list\f[]
is an optional comma-separated list of IPs
that are allowed to serve time.
If
\f\*[I-Font]opt_IP_list\f[]
is empty,
any properly-authenticated server message will be
accepted.
.sp \n(Ppu .sp \n(Ppu
.ne 2 .ne 2
@ -160,7 +168,7 @@ the default name of the configuration file
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS" .SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

18
contrib/ntp/ntpd/ntp.keys.5mdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTP_KEYS 5mdoc File Formats .Dt NTP_KEYS 5mdoc File Formats
.Os SunOS 5.10 .Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:10 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def .\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl .\" and the template file agmdoc-file.tpl
.Sh NAME .Sh NAME
@ -44,7 +44,7 @@ The key file uses the same comment conventions
as the configuration file. as the configuration file.
Key entries use a fixed format of the form Key entries use a fixed format of the form
.Pp .Pp
.D1 Ar keyno type key .D1 Ar keyno type key opt_IP_list
.Pp .Pp
where where
.Ar keyno .Ar keyno
@ -53,7 +53,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
.Ar key .Ar key
is the key itself. is the key itself, and
.Ar opt_IP_list
is an optional comma\-separated list of IPs
that are allowed to serve time.
If
.Ar opt_IP_list
is empty,
any properly\-authenticated server message will be
accepted.
.Pp .Pp
The The
.Ar key .Ar key
@ -147,7 +155,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS" .Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

12
contrib/ntp/ntpd/ntp.keys.def
View File

@ -43,7 +43,7 @@ The key file uses the same comment conventions
as the configuration file. as the configuration file.
Key entries use a fixed format of the form Key entries use a fixed format of the form
.Pp .Pp
.D1 Ar keyno type key .D1 Ar keyno type key opt_IP_list
.Pp .Pp
where where
.Ar keyno .Ar keyno
@ -52,7 +52,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
.Ar key .Ar key
is the key itself. is the key itself, and
.Ar opt_IP_list
is an optional comma-separated list of IPs
that are allowed to serve time.
If
.Ar opt_IP_list
is empty,
any properly-authenticated server message will be
accepted.
.Pp .Pp
The The
.Ar key .Ar key

14
contrib/ntp/ntpd/ntp.keys.html
View File

@ -33,7 +33,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>This document describes the symmetric key file for the NTP Project's <p>This document describes the symmetric key file for the NTP Project's
<code>ntpd</code> program. <code>ntpd</code> program.
<p>This document applies to version 4.2.8p5 of <code>ntp.keys</code>. <p>This document applies to version 4.2.8p6 of <code>ntp.keys</code>.
<div class="shortcontents"> <div class="shortcontents">
<h2>Short Contents</h2> <h2>Short Contents</h2>
@ -93,7 +93,7 @@ may be arbitrarily set in the keys file.
as the configuration file. as the configuration file.
Key entries use a fixed format of the form Key entries use a fixed format of the form
<pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <pre class="example"> <kbd>keyno</kbd> <kbd>type</kbd> <kbd>key</kbd> <kbd>opt_IP_list</kbd>
</pre> </pre>
<p>where <p>where
<kbd>keyno</kbd> <kbd>keyno</kbd>
@ -102,7 +102,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
<kbd>key</kbd> <kbd>key</kbd>
is the key itself. is the key itself, and
<kbd>opt_IP_list</kbd>
is an optional comma-separated list of IPs
that are allowed to serve time.
If
<kbd>opt_IP_list</kbd>
is empty,
any properly-authenticated server message will be
accepted.
<p>The <p>The
<kbd>key</kbd> <kbd>key</kbd>

18
contrib/ntp/ntpd/ntp.keys.man.in
View File

@ -1,8 +1,8 @@
.TH ntp.keys 5 "07 Jan 2016" "4.2.8p5" "File Formats" .TH ntp.keys 5 "20 Jan 2016" "4.2.8p6" "File Formats"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" EDIT THIS FILE WITH CAUTION (ntp.man)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:41 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:17:51 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def .\" From the definitions ntp.keys.def
.\" and the template file agman-file.tpl .\" and the template file agman-file.tpl
.Sh NAME .Sh NAME
@ -66,7 +66,7 @@ Key entries use a fixed format of the form
.ne 2 .ne 2
.in +4 .in +4
\f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]keyno\f[] \f\*[I-Font]type\f[] \f\*[I-Font]key\f[] \f\*[I-Font]opt_IP_list\f[]
.in -4 .in -4
.sp \n(Ppu .sp \n(Ppu
.ne 2 .ne 2
@ -78,7 +78,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
\f\*[I-Font]key\f[] \f\*[I-Font]key\f[]
is the key itself. is the key itself, and
\f\*[I-Font]opt_IP_list\f[]
is an optional comma-separated list of IPs
that are allowed to serve time.
If
\f\*[I-Font]opt_IP_list\f[]
is empty,
any properly-authenticated server message will be
accepted.
.sp \n(Ppu .sp \n(Ppu
.ne 2 .ne 2
@ -160,7 +168,7 @@ the default name of the configuration file
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS" .SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

18
contrib/ntp/ntpd/ntp.keys.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTP_KEYS 5 File Formats .Dt NTP_KEYS 5 File Formats
.Os SunOS 5.10 .Os SunOS 5.10
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:00 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:10 AM by AutoGen 5.18.5
.\" From the definitions ntp.keys.def .\" From the definitions ntp.keys.def
.\" and the template file agmdoc-file.tpl .\" and the template file agmdoc-file.tpl
.Sh NAME .Sh NAME
@ -44,7 +44,7 @@ The key file uses the same comment conventions
as the configuration file. as the configuration file.
Key entries use a fixed format of the form Key entries use a fixed format of the form
.Pp .Pp
.D1 Ar keyno type key .D1 Ar keyno type key opt_IP_list
.Pp .Pp
where where
.Ar keyno .Ar keyno
@ -53,7 +53,15 @@ is a positive integer (between 1 and 65534),
is the message digest algorithm, is the message digest algorithm,
and and
.Ar key .Ar key
is the key itself. is the key itself, and
.Ar opt_IP_list
is an optional comma\-separated list of IPs
that are allowed to serve time.
If
.Ar opt_IP_list
is empty,
any properly\-authenticated server message will be
accepted.
.Pp .Pp
The The
.Ar key .Ar key
@ -147,7 +155,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS" .Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

14
contrib/ntp/ntpd/ntp_config.c
View File

@ -53,6 +53,8 @@
#include "ntp_parser.h" #include "ntp_parser.h"
#include "ntpd-opts.h" #include "ntpd-opts.h"
extern int yyparse(void);
/* Bug 2817 */ /* Bug 2817 */
#if defined(HAVE_SYS_MMAN_H) #if defined(HAVE_SYS_MMAN_H)
# include <sys/mman.h> # include <sys/mman.h>
@ -2981,6 +2983,18 @@ apply_enable_disable(
proto_config(PROTO_FILEGEN, enable, 0., NULL); proto_config(PROTO_FILEGEN, enable, 0., NULL);
break; break;
case T_UEcrypto:
proto_config(PROTO_UECRYPTO, enable, 0., NULL);
break;
case T_UEcryptonak:
proto_config(PROTO_UECRYPTONAK, enable, 0., NULL);
break;
case T_UEdigest:
proto_config(PROTO_UEDIGEST, enable, 0., NULL);
break;
#ifdef BC_LIST_FRAMEWORK_NOT_YET_USED #ifdef BC_LIST_FRAMEWORK_NOT_YET_USED
case T_Bc_bugXXXX: case T_Bc_bugXXXX:
pentry = bc_list; pentry = bc_list;

221
contrib/ntp/ntpd/ntp_control.c
View File

@ -75,6 +75,7 @@ static void ctl_putarray (const char *, double *, int);
static void ctl_putsys (int); static void ctl_putsys (int);
static void ctl_putpeer (int, struct peer *); static void ctl_putpeer (int, struct peer *);
static void ctl_putfs (const char *, tstamp_t); static void ctl_putfs (const char *, tstamp_t);
static void ctl_printf (const char *, ...) NTP_PRINTF(1, 2);
#ifdef REFCLOCK #ifdef REFCLOCK
static void ctl_putclock (int, struct refclockstat *, int); static void ctl_putclock (int, struct refclockstat *, int);
#endif /* REFCLOCK */ #endif /* REFCLOCK */
@ -111,6 +112,8 @@ static void unset_trap (struct recvbuf *, int);
static struct ctl_trap *ctlfindtrap(sockaddr_u *, static struct ctl_trap *ctlfindtrap(sockaddr_u *,
struct interface *); struct interface *);
int/*BOOL*/ is_safe_filename(const char * name);
static const struct ctl_proc control_codes[] = { static const struct ctl_proc control_codes[] = {
{ CTL_OP_UNSPEC, NOAUTH, control_unspec }, { CTL_OP_UNSPEC, NOAUTH, control_unspec },
{ CTL_OP_READSTAT, NOAUTH, read_status }, { CTL_OP_READSTAT, NOAUTH, read_status },
@ -873,10 +876,66 @@ ctl_error(
CTL_HEADER_LEN); CTL_HEADER_LEN);
} }
int/*BOOL*/
is_safe_filename(const char * name)
{
/* We need a strict validation of filenames we should write: The
* daemon might run with special permissions and is remote
* controllable, so we better take care what we allow as file
* name!
*
* The first character must be digit or a letter from the ASCII
* base plane or a '_' ([_A-Za-z0-9]), the following characters
* must be from [-._+A-Za-z0-9].
*
* We do not trust the character classification much here: Since
* the NTP protocol makes no provisions for UTF-8 or local code
* pages, we strictly require the 7bit ASCII code page.
*
* The following table is a packed bit field of 128 two-bit
* groups. The LSB in each group tells us if a character is
* acceptable at the first position, the MSB if the character is
* accepted at any other position.
*
* This does not ensure that the file name is syntactically
* correct (multiple dots will not work with VMS...) but it will
* exclude potential globbing bombs and directory traversal. It
* also rules out drive selection. (For systems that have this
* notion, like Windows or VMS.)
*/
static const uint32_t chclass[8] = {
0x00000000, 0x00000000,
0x28800000, 0x000FFFFF,
0xFFFFFFFC, 0xC03FFFFF,
0xFFFFFFFC, 0x003FFFFF
};
u_int widx, bidx, mask;
if (!*name)
return FALSE;
mask = 1u;
while (0 != (widx = (u_char)*name++)) {
bidx = (widx & 15) << 1;
widx = widx >> 4;
if (widx >= sizeof(chclass))
return FALSE;
if (0 == ((chclass[widx] >> bidx) & mask))
return FALSE;
mask |= 2u;
}
return TRUE;
}
/* /*
* save_config - Implements ntpq -c "saveconfig <filename>" * save_config - Implements ntpq -c "saveconfig <filename>"
* Writes current configuration including any runtime * Writes current configuration including any runtime
* changes by ntpq's :config or config-from-file * changes by ntpq's :config or config-from-file
*
* Note: There should be no buffer overflow or truncation in the
* processing of file names -- both cause security problems. This is bit
* painful to code but essential here.
*/ */
void void
save_config( save_config(
@ -904,24 +963,38 @@ save_config(
"\\/" /* separator and critical char for POSIX */ "\\/" /* separator and critical char for POSIX */
#endif #endif
; ;
char reply[128]; char reply[128];
#ifdef SAVECONFIG #ifdef SAVECONFIG
static const char savedconfig_eq[] = "savedconfig=";
/* Build a safe open mode from the available mode flags. We want
* to create a new file and write it in text mode (when
* applicable -- only Windows does this...)
*/
static const int openmode = O_CREAT | O_TRUNC | O_WRONLY
# if defined(O_EXCL) /* posix, vms */
| O_EXCL
# elif defined(_O_EXCL) /* windows is alway very special... */
| _O_EXCL
# endif
# if defined(_O_TEXT) /* windows, again */
| _O_TEXT
#endif
;
char filespec[128]; char filespec[128];
char filename[128]; char filename[128];
char fullpath[512]; char fullpath[512];
const char savedconfig_eq[] = "savedconfig=";
char savedconfig[sizeof(savedconfig_eq) + sizeof(filename)]; char savedconfig[sizeof(savedconfig_eq) + sizeof(filename)];
time_t now; time_t now;
int fd; int fd;
FILE *fptr; FILE *fptr;
int prc;
size_t reqlen;
#endif #endif
if (RES_NOMODIFY & restrict_mask) { if (RES_NOMODIFY & restrict_mask) {
snprintf(reply, sizeof(reply), ctl_printf("%s", "saveconfig prohibited by restrict ... nomodify");
"saveconfig prohibited by restrict ... nomodify");
ctl_putdata(reply, strlen(reply), 0);
ctl_flushpkt(0); ctl_flushpkt(0);
NLOG(NLOG_SYSINFO) NLOG(NLOG_SYSINFO)
msyslog(LOG_NOTICE, msyslog(LOG_NOTICE,
@ -933,9 +1006,7 @@ save_config(
#ifdef SAVECONFIG #ifdef SAVECONFIG
if (NULL == saveconfigdir) { if (NULL == saveconfigdir) {
snprintf(reply, sizeof(reply), ctl_printf("%s", "saveconfig prohibited, no saveconfigdir configured");
"saveconfig prohibited, no saveconfigdir configured");
ctl_putdata(reply, strlen(reply), 0);
ctl_flushpkt(0); ctl_flushpkt(0);
NLOG(NLOG_SYSINFO) NLOG(NLOG_SYSINFO)
msyslog(LOG_NOTICE, msyslog(LOG_NOTICE,
@ -944,21 +1015,79 @@ save_config(
return; return;
} }
if (0 == reqend - reqpt) /* The length checking stuff gets serious. Do not assume a NUL
* byte can be found, but if so, use it to calculate the needed
* buffer size. If the available buffer is too short, bail out;
* likewise if there is no file spec. (The latter will not
* happen when using NTPQ, but there are other ways to craft a
* network packet!)
*/
reqlen = (size_t)(reqend - reqpt);
if (0 != reqlen) {
char * nulpos = (char*)memchr(reqpt, 0, reqlen);
if (NULL != nulpos)
reqlen = (size_t)(nulpos - reqpt);
}
if (0 == reqlen)
return; return;
if (reqlen >= sizeof(filespec)) {
ctl_printf("saveconfig exceeded maximum raw name length (%u)",
(u_int)sizeof(filespec));
ctl_flushpkt(0);
msyslog(LOG_NOTICE,
"saveconfig exceeded maximum raw name length from %s",
stoa(&rbufp->recv_srcadr));
return;
}
strlcpy(filespec, reqpt, sizeof(filespec)); /* copy data directly as we exactly know the size */
time(&now); memcpy(filespec, reqpt, reqlen);
filespec[reqlen] = '\0';
/* /*
* allow timestamping of the saved config filename with * allow timestamping of the saved config filename with
* strftime() format such as: * strftime() format such as:
* ntpq -c "saveconfig ntp-%Y%m%d-%H%M%S.conf" * ntpq -c "saveconfig ntp-%Y%m%d-%H%M%S.conf"
* XXX: Nice feature, but not too safe. * XXX: Nice feature, but not too safe.
* YYY: The check for permitted characters in file names should
* weed out the worst. Let's hope 'strftime()' does not
* develop pathological problems.
*/ */
time(&now);
if (0 == strftime(filename, sizeof(filename), filespec, if (0 == strftime(filename, sizeof(filename), filespec,
localtime(&now))) localtime(&now)))
{
/*
* If we arrive here, 'strftime()' balked; most likely
* the buffer was too short. (Or it encounterd an empty
* format, or just a format that expands to an empty
* string.) We try to use the original name, though this
* is very likely to fail later if there are format
* specs in the string. Note that truncation cannot
* happen here as long as both buffers have the same
* size!
*/
strlcpy(filename, filespec, sizeof(filename)); strlcpy(filename, filespec, sizeof(filename));
}
/*
* Check the file name for sanity. This might/will rule out file
* names that would be legal but problematic, and it blocks
* directory traversal.
*/
if (!is_safe_filename(filename)) {
ctl_printf("saveconfig rejects unsafe file name '%s'",
filename);
ctl_flushpkt(0);
msyslog(LOG_NOTICE,
"saveconfig rejects unsafe file name from %s",
stoa(&rbufp->recv_srcadr));
return;
}
/*
* XXX: This next test may not be needed with is_safe_filename()
*/
/* block directory/drive traversal */ /* block directory/drive traversal */
/* TALOS-CAN-0062: block directory traversal for VMS, too */ /* TALOS-CAN-0062: block directory traversal for VMS, too */
@ -968,38 +1097,49 @@ save_config(
ctl_putdata(reply, strlen(reply), 0); ctl_putdata(reply, strlen(reply), 0);
ctl_flushpkt(0); ctl_flushpkt(0);
msyslog(LOG_NOTICE, msyslog(LOG_NOTICE,
"saveconfig with path from %s rejected", "saveconfig rejects unsafe file name from %s",
stoa(&rbufp->recv_srcadr)); stoa(&rbufp->recv_srcadr));
return; return;
} }
snprintf(fullpath, sizeof(fullpath), "%s%s", /* concatenation of directory and path can cause another
saveconfigdir, filename); * truncation...
*/
prc = snprintf(fullpath, sizeof(fullpath), "%s%s",
saveconfigdir, filename);
if (prc < 0 || prc >= sizeof(fullpath)) {
ctl_printf("saveconfig exceeded maximum path length (%u)",
(u_int)sizeof(fullpath));
ctl_flushpkt(0);
msyslog(LOG_NOTICE,
"saveconfig exceeded maximum path length from %s",
stoa(&rbufp->recv_srcadr));
return;
}
fd = open(fullpath, O_CREAT | O_TRUNC | O_WRONLY, fd = open(fullpath, openmode, S_IRUSR | S_IWUSR);
S_IRUSR | S_IWUSR);
if (-1 == fd) if (-1 == fd)
fptr = NULL; fptr = NULL;
else else
fptr = fdopen(fd, "w"); fptr = fdopen(fd, "w");
if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) { if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) {
snprintf(reply, sizeof(reply), ctl_printf("Unable to save configuration to file '%s': %m",
"Unable to save configuration to file %s", filename);
filename);
msyslog(LOG_ERR, msyslog(LOG_ERR,
"saveconfig %s from %s failed", filename, "saveconfig %s from %s failed", filename,
stoa(&rbufp->recv_srcadr)); stoa(&rbufp->recv_srcadr));
} else { } else {
snprintf(reply, sizeof(reply), ctl_printf("Configuration saved to '%s'", filename);
"Configuration saved to %s", filename);
msyslog(LOG_NOTICE, msyslog(LOG_NOTICE,
"Configuration saved to %s (requested by %s)", "Configuration saved to '%s' (requested by %s)",
fullpath, stoa(&rbufp->recv_srcadr)); fullpath, stoa(&rbufp->recv_srcadr));
/* /*
* save the output filename in system variable * save the output filename in system variable
* savedconfig, retrieved with: * savedconfig, retrieved with:
* ntpq -c "rv 0 savedconfig" * ntpq -c "rv 0 savedconfig"
* Note: the way 'savedconfig' is defined makes overflow
* checks unnecessary here.
*/ */
snprintf(savedconfig, sizeof(savedconfig), "%s%s", snprintf(savedconfig, sizeof(savedconfig), "%s%s",
savedconfig_eq, filename); savedconfig_eq, filename);
@ -1009,11 +1149,9 @@ save_config(
if (NULL != fptr) if (NULL != fptr)
fclose(fptr); fclose(fptr);
#else /* !SAVECONFIG follows */ #else /* !SAVECONFIG follows */
snprintf(reply, sizeof(reply), ctl_printf("%s",
"saveconfig unavailable, configured with --disable-saveconfig"); "saveconfig unavailable, configured with --disable-saveconfig");
#endif #endif
ctl_putdata(reply, strlen(reply), 0);
ctl_flushpkt(0); ctl_flushpkt(0);
} }
@ -1757,6 +1895,29 @@ ctl_putarray(
ctl_putdata(buffer, (unsigned)(cp - buffer), 0); ctl_putdata(buffer, (unsigned)(cp - buffer), 0);
} }
/*
* ctl_printf - put a formatted string into the data buffer
*/
static void
ctl_printf(
const char * fmt,
...
)
{
static const char * ellipsis = "[...]";
va_list va;
char fmtbuf[128];
int rc;
va_start(va, fmt);
rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va);
va_end(va);
if (rc < 0 || rc >= sizeof(fmtbuf))
strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1,
ellipsis);
ctl_putdata(fmtbuf, strlen(fmtbuf), 0);
}
/* /*
* ctl_putsys - output a system variable * ctl_putsys - output a system variable

2
contrib/ntp/ntpd/ntp_crypto.c
View File

@ -269,7 +269,7 @@ session_key(
memcpy(&keyid, dgst, 4); memcpy(&keyid, dgst, 4);
keyid = ntohl(keyid); keyid = ntohl(keyid);
if (lifetime != 0) { if (lifetime != 0) {
MD5auth_setkey(keyno, crypto_nid, dgst, len); MD5auth_setkey(keyno, crypto_nid, dgst, len, NULL);
authtrust(keyno, lifetime); authtrust(keyno, lifetime);
} }
DPRINTF(2, ("session_key: %s > %s %08x %08x hash %08x life %lu\n", DPRINTF(2, ("session_key: %s > %s %08x %08x hash %08x life %lu\n",

367
contrib/ntp/ntpd/ntp_io.c
View File

@ -62,6 +62,9 @@
# endif # endif
#endif #endif
#if defined(HAVE_SIGNALED_IO) && defined(DEBUG_TIMING)
# undef DEBUG_TIMING
#endif
/* /*
* setsockopt does not always have the same arg declaration * setsockopt does not always have the same arg declaration
@ -280,9 +283,12 @@ static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *,
const sockaddr_u *, const sockaddr_u *); const sockaddr_u *, const sockaddr_u *);
static int create_sockets (u_short); static int create_sockets (u_short);
static SOCKET open_socket (sockaddr_u *, int, int, endpt *); static SOCKET open_socket (sockaddr_u *, int, int, endpt *);
static char * fdbits (int, fd_set *);
static void set_reuseaddr (int); static void set_reuseaddr (int);
static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *);
#if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
static char * fdbits (int, const fd_set *);
#endif
#ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES
static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *);
#endif #endif
@ -337,12 +343,15 @@ static int cmp_addr_distance(const sockaddr_u *,
#if !defined(HAVE_IO_COMPLETION_PORT) #if !defined(HAVE_IO_COMPLETION_PORT)
static inline int read_network_packet (SOCKET, struct interface *, l_fp); static inline int read_network_packet (SOCKET, struct interface *, l_fp);
static void ntpd_addremove_io_fd (int, int, int); static void ntpd_addremove_io_fd (int, int, int);
static input_handler_t input_handler; static void input_handler_scan (const l_fp*, const fd_set*);
static int/*BOOL*/ sanitize_fdset (int errc);
#ifdef REFCLOCK #ifdef REFCLOCK
static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp); static inline int read_refclock_packet (SOCKET, struct refclockio *, l_fp);
#endif #endif
#ifdef HAVE_SIGNALED_IO
static void input_handler (l_fp*);
#endif
#endif #endif
#ifndef HAVE_IO_COMPLETION_PORT #ifndef HAVE_IO_COMPLETION_PORT
@ -455,11 +464,9 @@ init_io(void)
addremove_io_fd = &ntpd_addremove_io_fd; addremove_io_fd = &ntpd_addremove_io_fd;
#endif #endif
#ifdef SYS_WINNT #if defined(SYS_WINNT)
init_io_completion_port(); init_io_completion_port();
#endif #elif defined(HAVE_SIGNALED_IO)
#if defined(HAVE_SIGNALED_IO)
(void) set_signal(input_handler); (void) set_signal(input_handler);
#endif #endif
} }
@ -475,7 +482,8 @@ ntpd_addremove_io_fd(
UNUSED_ARG(is_pipe); UNUSED_ARG(is_pipe);
#ifdef HAVE_SIGNALED_IO #ifdef HAVE_SIGNALED_IO
init_socket_sig(fd); if (!remove_it)
init_socket_sig(fd);
#endif /* not HAVE_SIGNALED_IO */ #endif /* not HAVE_SIGNALED_IO */
maintain_activefds(fd, remove_it); maintain_activefds(fd, remove_it);
@ -716,78 +724,6 @@ addr_samesubnet(
} }
/*
* Code to tell if we have an IP address
* If we have then return the sockaddr structure
* and set the return value
* see the bind9/getaddresses.c for details
*/
int
is_ip_address(
const char * host,
u_short af,
sockaddr_u * addr
)
{
struct in_addr in4;
struct addrinfo hints;
struct addrinfo *result;
struct sockaddr_in6 *resaddr6;
char tmpbuf[128];
char *pch;
REQUIRE(host != NULL);
REQUIRE(addr != NULL);
ZERO_SOCK(addr);
/*
* Try IPv4, then IPv6. In order to handle the extended format
* for IPv6 scoped addresses (address%scope_ID), we'll use a local
* working buffer of 128 bytes. The length is an ad-hoc value, but
* should be enough for this purpose; the buffer can contain a string
* of at least 80 bytes for scope_ID in addition to any IPv6 numeric
* addresses (up to 46 bytes), the delimiter character and the
* terminating NULL character.
*/
if (AF_UNSPEC == af || AF_INET == af)
if (inet_pton(AF_INET, host, &in4) == 1) {
AF(addr) = AF_INET;
SET_ADDR4N(addr, in4.s_addr);
return TRUE;
}
if (AF_UNSPEC == af || AF_INET6 == af)
if (sizeof(tmpbuf) > strlen(host)) {
if ('[' == host[0]) {
strlcpy(tmpbuf, &host[1], sizeof(tmpbuf));
pch = strchr(tmpbuf, ']');
if (pch != NULL)
*pch = '\0';
} else {
strlcpy(tmpbuf, host, sizeof(tmpbuf));
}
ZERO(hints);
hints.ai_family = AF_INET6;
hints.ai_flags |= AI_NUMERICHOST;
if (getaddrinfo(tmpbuf, NULL, &hints, &result) == 0) {
AF(addr) = AF_INET6;
resaddr6 = UA_PTR(struct sockaddr_in6, result->ai_addr);
SET_ADDR6N(addr, resaddr6->sin6_addr);
SET_SCOPE(addr, resaddr6->sin6_scope_id);
freeaddrinfo(result);
return TRUE;
}
}
/*
* If we got here it was not an IP address
*/
return FALSE;
}
/* /*
* interface list enumerator - visitor pattern * interface list enumerator - visitor pattern
*/ */
@ -2354,6 +2290,7 @@ get_broadcastclient_flag(void)
{ {
return (broadcast_client_enabled); return (broadcast_client_enabled);
} }
/* /*
* Check to see if the address is a multicast address * Check to see if the address is a multicast address
*/ */
@ -3204,15 +3141,15 @@ sendpkt(
} }
#if !defined(HAVE_IO_COMPLETION_PORT) #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO)
/* /*
* fdbits - generate ascii representation of fd_set (FAU debug support) * fdbits - generate ascii representation of fd_set (FAU debug support)
* HFDF format - highest fd first. * HFDF format - highest fd first.
*/ */
static char * static char *
fdbits( fdbits(
int count, int count,
fd_set *set const fd_set* set
) )
{ {
static char buffer[256]; static char buffer[256];
@ -3228,7 +3165,7 @@ fdbits(
return buffer; return buffer;
} }
#endif
#ifdef REFCLOCK #ifdef REFCLOCK
/* /*
@ -3265,7 +3202,7 @@ read_refclock_packet(
/* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead /* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
* to buffer overrun and memory corruption * to buffer overrun and memory corruption
*/ */
if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space)) if (rp->datalen <= 0 || (size_t)rp->datalen > sizeof(rb->recv_space))
read_count = sizeof(rb->recv_space); read_count = sizeof(rb->recv_space);
else else
read_count = (u_int)rp->datalen; read_count = (u_int)rp->datalen;
@ -3582,6 +3519,7 @@ io_handler(void)
* and - lacking a hardware reference clock - I have * and - lacking a hardware reference clock - I have
* yet to learn about anything else that is. * yet to learn about anything else that is.
*/ */
++handler_calls;
rdfdes = activefds; rdfdes = activefds;
# if !defined(VMS) && !defined(SYS_VXWORKS) # if !defined(VMS) && !defined(SYS_VXWORKS)
nfound = select(maxactivefd + 1, &rdfdes, NULL, nfound = select(maxactivefd + 1, &rdfdes, NULL,
@ -3590,20 +3528,29 @@ io_handler(void)
/* make select() wake up after one second */ /* make select() wake up after one second */
{ {
struct timeval t1; struct timeval t1;
t1.tv_sec = 1;
t1.tv_sec = 1;
t1.tv_usec = 0; t1.tv_usec = 0;
nfound = select(maxactivefd + 1, nfound = select(maxactivefd + 1,
&rdfdes, NULL, NULL, &rdfdes, NULL, NULL,
&t1); &t1);
} }
# endif /* VMS, VxWorks */ # endif /* VMS, VxWorks */
if (nfound < 0 && sanitize_fdset(errno)) {
struct timeval t1;
t1.tv_sec = 0;
t1.tv_usec = 0;
rdfdes = activefds;
nfound = select(maxactivefd + 1,
&rdfdes, NULL, NULL,
&t1);
}
if (nfound > 0) { if (nfound > 0) {
l_fp ts; l_fp ts;
get_systime(&ts); get_systime(&ts);
input_handler(&ts); input_handler_scan(&ts, &rdfdes);
} else if (nfound == -1 && errno != EINTR) { } else if (nfound == -1 && errno != EINTR) {
msyslog(LOG_ERR, "select() error: %m"); msyslog(LOG_ERR, "select() error: %m");
} }
@ -3619,27 +3566,110 @@ io_handler(void)
# endif /* HAVE_SIGNALED_IO */ # endif /* HAVE_SIGNALED_IO */
} }
#ifdef HAVE_SIGNALED_IO
/* /*
* input_handler - receive packets asynchronously * input_handler - receive packets asynchronously
*
* ALWAYS IN SIGNAL HANDLER CONTEXT -- only async-safe functions allowed!
*/ */
static void static RETSIGTYPE
input_handler( input_handler(
l_fp * cts l_fp * cts
) )
{ {
int buflen;
int n; int n;
struct timeval tvzero;
fd_set fds;
++handler_calls;
/*
* Do a poll to see who has data
*/
fds = activefds;
tvzero.tv_sec = tvzero.tv_usec = 0;
n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
if (n < 0 && sanitize_fdset(errno)) {
fds = activefds;
tvzero.tv_sec = tvzero.tv_usec = 0;
n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
}
if (n > 0)
input_handler_scan(cts, &fds);
}
#endif /* HAVE_SIGNALED_IO */
/*
* Try to sanitize the global FD set
*
* SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
*/
static int/*BOOL*/
sanitize_fdset(
int errc
)
{
int j, b, maxscan;
# ifndef HAVE_SIGNALED_IO
/*
* extended FAU debugging output
*/
if (errc != EINTR) {
msyslog(LOG_ERR,
"select(%d, %s, 0L, 0L, &0.0) error: %m",
maxactivefd + 1,
fdbits(maxactivefd, &activefds));
}
# endif
if (errc != EBADF)
return FALSE;
/* if we have oviously bad FDs, try to sanitize the FD set. */
for (j = 0, maxscan = 0; j <= maxactivefd; j++) {
if (FD_ISSET(j, &activefds)) {
if (-1 != read(j, &b, 0)) {
maxscan = j;
continue;
}
# ifndef HAVE_SIGNALED_IO
msyslog(LOG_ERR,
"Removing bad file descriptor %d from select set",
j);
# endif
FD_CLR(j, &activefds);
}
}
if (maxactivefd != maxscan)
maxactivefd = maxscan;
return TRUE;
}
/*
* scan the known FDs (clocks, servers, ...) for presence in a 'fd_set'.
*
* SIGNAL HANDLER CONTEXT if HAVE_SIGNALED_IO, ordinary userspace otherwise
*/
static void
input_handler_scan(
const l_fp * cts,
const fd_set * pfds
)
{
int buflen;
u_int idx; u_int idx;
int doing; int doing;
SOCKET fd; SOCKET fd;
blocking_child *c; blocking_child *c;
struct timeval tvzero;
l_fp ts; /* Timestamp at BOselect() gob */ l_fp ts; /* Timestamp at BOselect() gob */
#ifdef DEBUG_TIMING
#if defined(DEBUG_TIMING)
l_fp ts_e; /* Timestamp at EOselect() gob */ l_fp ts_e; /* Timestamp at EOselect() gob */
#endif #endif
fd_set fds;
size_t select_count;
endpt * ep; endpt * ep;
#ifdef REFCLOCK #ifdef REFCLOCK
struct refclockio *rp; struct refclockio *rp;
@ -3651,99 +3681,43 @@ input_handler(
struct asyncio_reader * next_asyncio_reader; struct asyncio_reader * next_asyncio_reader;
#endif #endif
handler_calls++;
select_count = 0;
/*
* If we have something to do, freeze a timestamp.
* See below for the other cases (nothing left to do or error)
*/
ts = *cts;
/*
* Do a poll to see who has data
*/
fds = activefds;
tvzero.tv_sec = tvzero.tv_usec = 0;
n = select(maxactivefd + 1, &fds, NULL, NULL, &tvzero);
/*
* If there are no packets waiting just return
*/
if (n < 0) {
int err = errno;
int j, b, prior;
/*
* extended FAU debugging output
*/
if (err != EINTR)
msyslog(LOG_ERR,
"select(%d, %s, 0L, 0L, &0.0) error: %m",
maxactivefd + 1,
fdbits(maxactivefd, &activefds));
if (err != EBADF)
goto ih_return;
for (j = 0, prior = 0; j <= maxactivefd; j++) {
if (FD_ISSET(j, &activefds)) {
if (-1 != read(j, &b, 0)) {
prior = j;
continue;
}
msyslog(LOG_ERR,
"Removing bad file descriptor %d from select set",
j);
FD_CLR(j, &activefds);
if (j == maxactivefd)
maxactivefd = prior;
}
}
goto ih_return;
}
else if (n == 0)
goto ih_return;
++handler_pkts; ++handler_pkts;
ts = *cts;
#ifdef REFCLOCK #ifdef REFCLOCK
/* /*
* Check out the reference clocks first, if any * Check out the reference clocks first, if any
*/ */
if (refio != NULL) { for (rp = refio; rp != NULL; rp = rp->next) {
for (rp = refio; rp != NULL; rp = rp->next) { fd = rp->fd;
fd = rp->fd;
if (!FD_ISSET(fd, pfds))
if (!FD_ISSET(fd, &fds)) continue;
continue; buflen = read_refclock_packet(fd, rp, ts);
++select_count; /*
buflen = read_refclock_packet(fd, rp, ts); * The first read must succeed after select() indicates
/* * readability, or we've reached a permanent EOF.
* The first read must succeed after select() * http://bugs.ntp.org/1732 reported ntpd munching CPU
* indicates readability, or we've reached * after a USB GPS was unplugged because select was
* a permanent EOF. http://bugs.ntp.org/1732 * indicating EOF but ntpd didn't remove the descriptor
* reported ntpd munching CPU after a USB GPS * from the activefds set.
* was unplugged because select was indicating */
* EOF but ntpd didn't remove the descriptor if (buflen < 0 && EAGAIN != errno) {
* from the activefds set. saved_errno = errno;
*/ clk = refnumtoa(&rp->srcclock->srcadr);
if (buflen < 0 && EAGAIN != errno) { errno = saved_errno;
saved_errno = errno; msyslog(LOG_ERR, "%s read: %m", clk);
clk = refnumtoa(&rp->srcclock->srcadr); maintain_activefds(fd, TRUE);
errno = saved_errno; } else if (0 == buflen) {
msyslog(LOG_ERR, "%s read: %m", clk); clk = refnumtoa(&rp->srcclock->srcadr);
maintain_activefds(fd, TRUE); msyslog(LOG_ERR, "%s read EOF", clk);
} else if (0 == buflen) { maintain_activefds(fd, TRUE);
clk = refnumtoa(&rp->srcclock->srcadr); } else {
msyslog(LOG_ERR, "%s read EOF", clk); /* drain any remaining refclock input */
maintain_activefds(fd, TRUE); do {
} else { buflen = read_refclock_packet(fd, rp, ts);
/* drain any remaining refclock input */ } while (buflen > 0);
do {
buflen = read_refclock_packet(fd, rp, ts);
} while (buflen > 0);
}
} }
} }
#endif /* REFCLOCK */ #endif /* REFCLOCK */
@ -3762,9 +3736,8 @@ input_handler(
} }
if (fd < 0) if (fd < 0)
continue; continue;
if (FD_ISSET(fd, &fds)) if (FD_ISSET(fd, pfds))
do { do {
++select_count;
buflen = read_network_packet( buflen = read_network_packet(
fd, ep, ts); fd, ep, ts);
} while (buflen > 0); } while (buflen > 0);
@ -3781,10 +3754,8 @@ input_handler(
while (asyncio_reader != NULL) { while (asyncio_reader != NULL) {
/* callback may unlink and free asyncio_reader */ /* callback may unlink and free asyncio_reader */
next_asyncio_reader = asyncio_reader->link; next_asyncio_reader = asyncio_reader->link;
if (FD_ISSET(asyncio_reader->fd, &fds)) { if (FD_ISSET(asyncio_reader->fd, pfds))
++select_count;
(*asyncio_reader->receiver)(asyncio_reader); (*asyncio_reader->receiver)(asyncio_reader);
}
asyncio_reader = next_asyncio_reader; asyncio_reader = next_asyncio_reader;
} }
#endif /* HAS_ROUTING_SOCKET */ #endif /* HAS_ROUTING_SOCKET */
@ -3796,26 +3767,14 @@ input_handler(
c = blocking_children[idx]; c = blocking_children[idx];
if (NULL == c || -1 == c->resp_read_pipe) if (NULL == c || -1 == c->resp_read_pipe)
continue; continue;
if (FD_ISSET(c->resp_read_pipe, &fds)) { if (FD_ISSET(c->resp_read_pipe, pfds)) {
select_count++; ++c->resp_ready_seen;
process_blocking_resp(c); ++blocking_child_ready_seen;
} }
} }
/*
* Done everything from that select.
* If nothing to do, just return.
* If an error occurred, complain and return.
*/
if (select_count == 0) { /* We really had nothing to do */
#ifdef DEBUG
if (debug)
msyslog(LOG_DEBUG, "input_handler: select() returned 0");
#endif /* DEBUG */
goto ih_return;
}
/* We've done our work */ /* We've done our work */
#ifdef DEBUG_TIMING #if defined(DEBUG_TIMING)
get_systime(&ts_e); get_systime(&ts_e);
/* /*
* (ts_e - ts) is the amount of time we spent * (ts_e - ts) is the amount of time we spent
@ -3829,11 +3788,7 @@ input_handler(
"input_handler: Processed a gob of fd's in %s msec", "input_handler: Processed a gob of fd's in %s msec",
lfptoms(&ts_e, 6)); lfptoms(&ts_e, 6));
#endif /* DEBUG_TIMING */ #endif /* DEBUG_TIMING */
/* We're done... */
ih_return:
return;
} }
#endif /* !HAVE_IO_COMPLETION_PORT */
/* /*

971
contrib/ntp/ntpd/ntp_keyword.h
View File

File diff suppressed because it is too large Load Diff

3241
contrib/ntp/ntpd/ntp_parser.c
View File

File diff suppressed because it is too large Load Diff

488
contrib/ntp/ntpd/ntp_parser.h
View File

@ -1,19 +1,19 @@
/* A Bison parser, made by GNU Bison 3.0.2. */ /* A Bison parser, made by GNU Bison 2.7.12-4996. */
/* Bison interface for Yacc-like parsers in C /* Bison interface for Yacc-like parsers in C
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */ along with this program. If not, see <http://www.gnu.org/licenses/>. */
@ -26,13 +26,13 @@
special exception, which will cause the skeleton and the resulting special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public Bison output files to be licensed under the GNU General Public
License without this special exception. License without this special exception.
This special exception was added by the Free Software Foundation in This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */ version 2.2 of Bison. */
#ifndef YY_YY__NTPD_NTP_PARSER_H_INCLUDED #ifndef YY_YY_NTP_PARSER_H_INCLUDED
# define YY_YY__NTPD_NTP_PARSER_H_INCLUDED # define YY_YY_NTP_PARSER_H_INCLUDED
/* Debug traces. */ /* Enabling traces. */
#ifndef YYDEBUG #ifndef YYDEBUG
# define YYDEBUG 1 # define YYDEBUG 1
#endif #endif
@ -40,203 +40,207 @@
extern int yydebug; extern int yydebug;
#endif #endif
/* Token type. */ /* Tokens. */
#ifndef YYTOKENTYPE #ifndef YYTOKENTYPE
# define YYTOKENTYPE # define YYTOKENTYPE
enum yytokentype /* Put the tokens into the symbol table, so that GDB and other debuggers
{ know about them. */
T_Abbrev = 258, enum yytokentype {
T_Age = 259, T_Abbrev = 258,
T_All = 260, T_Age = 259,
T_Allan = 261, T_All = 260,
T_Allpeers = 262, T_Allan = 261,
T_Auth = 263, T_Allpeers = 262,
T_Autokey = 264, T_Auth = 263,
T_Automax = 265, T_Autokey = 264,
T_Average = 266, T_Automax = 265,
T_Bclient = 267, T_Average = 266,
T_Beacon = 268, T_Bclient = 267,
T_Broadcast = 269, T_Beacon = 268,
T_Broadcastclient = 270, T_Broadcast = 269,
T_Broadcastdelay = 271, T_Broadcastclient = 270,
T_Burst = 272, T_Broadcastdelay = 271,
T_Calibrate = 273, T_Burst = 272,
T_Ceiling = 274, T_Calibrate = 273,
T_Clockstats = 275, T_Ceiling = 274,
T_Cohort = 276, T_Clockstats = 275,
T_ControlKey = 277, T_Cohort = 276,
T_Crypto = 278, T_ControlKey = 277,
T_Cryptostats = 279, T_Crypto = 278,
T_Ctl = 280, T_Cryptostats = 279,
T_Day = 281, T_Ctl = 280,
T_Default = 282, T_Day = 281,
T_Digest = 283, T_Default = 282,
T_Disable = 284, T_Digest = 283,
T_Discard = 285, T_Disable = 284,
T_Dispersion = 286, T_Discard = 285,
T_Double = 287, T_Dispersion = 286,
T_Driftfile = 288, T_Double = 287,
T_Drop = 289, T_Driftfile = 288,
T_Dscp = 290, T_Drop = 289,
T_Ellipsis = 291, T_Dscp = 290,
T_Enable = 292, T_Ellipsis = 291,
T_End = 293, T_Enable = 292,
T_False = 294, T_End = 293,
T_File = 295, T_False = 294,
T_Filegen = 296, T_File = 295,
T_Filenum = 297, T_Filegen = 296,
T_Flag1 = 298, T_Filenum = 297,
T_Flag2 = 299, T_Flag1 = 298,
T_Flag3 = 300, T_Flag2 = 299,
T_Flag4 = 301, T_Flag3 = 300,
T_Flake = 302, T_Flag4 = 301,
T_Floor = 303, T_Flake = 302,
T_Freq = 304, T_Floor = 303,
T_Fudge = 305, T_Freq = 304,
T_Host = 306, T_Fudge = 305,
T_Huffpuff = 307, T_Host = 306,
T_Iburst = 308, T_Huffpuff = 307,
T_Ident = 309, T_Iburst = 308,
T_Ignore = 310, T_Ident = 309,
T_Incalloc = 311, T_Ignore = 310,
T_Incmem = 312, T_Incalloc = 311,
T_Initalloc = 313, T_Incmem = 312,
T_Initmem = 314, T_Initalloc = 313,
T_Includefile = 315, T_Initmem = 314,
T_Integer = 316, T_Includefile = 315,
T_Interface = 317, T_Integer = 316,
T_Intrange = 318, T_Interface = 317,
T_Io = 319, T_Intrange = 318,
T_Ipv4 = 320, T_Io = 319,
T_Ipv4_flag = 321, T_Ipv4 = 320,
T_Ipv6 = 322, T_Ipv4_flag = 321,
T_Ipv6_flag = 323, T_Ipv6 = 322,
T_Kernel = 324, T_Ipv6_flag = 323,
T_Key = 325, T_Kernel = 324,
T_Keys = 326, T_Key = 325,
T_Keysdir = 327, T_Keys = 326,
T_Kod = 328, T_Keysdir = 327,
T_Mssntp = 329, T_Kod = 328,
T_Leapfile = 330, T_Mssntp = 329,
T_Leapsmearinterval = 331, T_Leapfile = 330,
T_Limited = 332, T_Leapsmearinterval = 331,
T_Link = 333, T_Limited = 332,
T_Listen = 334, T_Link = 333,
T_Logconfig = 335, T_Listen = 334,
T_Logfile = 336, T_Logconfig = 335,
T_Loopstats = 337, T_Logfile = 336,
T_Lowpriotrap = 338, T_Loopstats = 337,
T_Manycastclient = 339, T_Lowpriotrap = 338,
T_Manycastserver = 340, T_Manycastclient = 339,
T_Mask = 341, T_Manycastserver = 340,
T_Maxage = 342, T_Mask = 341,
T_Maxclock = 343, T_Maxage = 342,
T_Maxdepth = 344, T_Maxclock = 343,
T_Maxdist = 345, T_Maxdepth = 344,
T_Maxmem = 346, T_Maxdist = 345,
T_Maxpoll = 347, T_Maxmem = 346,
T_Mdnstries = 348, T_Maxpoll = 347,
T_Mem = 349, T_Mdnstries = 348,
T_Memlock = 350, T_Mem = 349,
T_Minclock = 351, T_Memlock = 350,
T_Mindepth = 352, T_Minclock = 351,
T_Mindist = 353, T_Mindepth = 352,
T_Minimum = 354, T_Mindist = 353,
T_Minpoll = 355, T_Minimum = 354,
T_Minsane = 356, T_Minpoll = 355,
T_Mode = 357, T_Minsane = 356,
T_Mode7 = 358, T_Mode = 357,
T_Monitor = 359, T_Mode7 = 358,
T_Month = 360, T_Monitor = 359,
T_Mru = 361, T_Month = 360,
T_Multicastclient = 362, T_Mru = 361,
T_Nic = 363, T_Multicastclient = 362,
T_Nolink = 364, T_Nic = 363,
T_Nomodify = 365, T_Nolink = 364,
T_Nomrulist = 366, T_Nomodify = 365,
T_None = 367, T_Nomrulist = 366,
T_Nonvolatile = 368, T_None = 367,
T_Nopeer = 369, T_Nonvolatile = 368,
T_Noquery = 370, T_Nopeer = 369,
T_Noselect = 371, T_Noquery = 370,
T_Noserve = 372, T_Noselect = 371,
T_Notrap = 373, T_Noserve = 372,
T_Notrust = 374, T_Notrap = 373,
T_Ntp = 375, T_Notrust = 374,
T_Ntpport = 376, T_Ntp = 375,
T_NtpSignDsocket = 377, T_Ntpport = 376,
T_Orphan = 378, T_NtpSignDsocket = 377,
T_Orphanwait = 379, T_Orphan = 378,
T_Panic = 380, T_Orphanwait = 379,
T_Peer = 381, T_Panic = 380,
T_Peerstats = 382, T_Peer = 381,
T_Phone = 383, T_Peerstats = 382,
T_Pid = 384, T_Phone = 383,
T_Pidfile = 385, T_Pid = 384,
T_Pool = 386, T_Pidfile = 385,
T_Port = 387, T_Pool = 386,
T_Preempt = 388, T_Port = 387,
T_Prefer = 389, T_Preempt = 388,
T_Protostats = 390, T_Prefer = 389,
T_Pw = 391, T_Protostats = 390,
T_Randfile = 392, T_Pw = 391,
T_Rawstats = 393, T_Randfile = 392,
T_Refid = 394, T_Rawstats = 393,
T_Requestkey = 395, T_Refid = 394,
T_Reset = 396, T_Requestkey = 395,
T_Restrict = 397, T_Reset = 396,
T_Revoke = 398, T_Restrict = 397,
T_Rlimit = 399, T_Revoke = 398,
T_Saveconfigdir = 400, T_Rlimit = 399,
T_Server = 401, T_Saveconfigdir = 400,
T_Setvar = 402, T_Server = 401,
T_Source = 403, T_Setvar = 402,
T_Stacksize = 404, T_Source = 403,
T_Statistics = 405, T_Stacksize = 404,
T_Stats = 406, T_Statistics = 405,
T_Statsdir = 407, T_Stats = 406,
T_Step = 408, T_Statsdir = 407,
T_Stepback = 409, T_Step = 408,
T_Stepfwd = 410, T_Stepback = 409,
T_Stepout = 411, T_Stepfwd = 410,
T_Stratum = 412, T_Stepout = 411,
T_String = 413, T_Stratum = 412,
T_Sys = 414, T_String = 413,
T_Sysstats = 415, T_Sys = 414,
T_Tick = 416, T_Sysstats = 415,
T_Time1 = 417, T_Tick = 416,
T_Time2 = 418, T_Time1 = 417,
T_Timer = 419, T_Time2 = 418,
T_Timingstats = 420, T_Timer = 419,
T_Tinker = 421, T_Timingstats = 420,
T_Tos = 422, T_Tinker = 421,
T_Trap = 423, T_Tos = 422,
T_True = 424, T_Trap = 423,
T_Trustedkey = 425, T_True = 424,
T_Ttl = 426, T_Trustedkey = 425,
T_Type = 427, T_Ttl = 426,
T_U_int = 428, T_Type = 427,
T_Unconfig = 429, T_U_int = 428,
T_Unpeer = 430, T_UEcrypto = 429,
T_Version = 431, T_UEcryptonak = 430,
T_WanderThreshold = 432, T_UEdigest = 431,
T_Week = 433, T_Unconfig = 432,
T_Wildcard = 434, T_Unpeer = 433,
T_Xleave = 435, T_Version = 434,
T_Year = 436, T_WanderThreshold = 435,
T_Flag = 437, T_Week = 436,
T_EOC = 438, T_Wildcard = 437,
T_Simulate = 439, T_Xleave = 438,
T_Beep_Delay = 440, T_Year = 439,
T_Sim_Duration = 441, T_Flag = 440,
T_Server_Offset = 442, T_EOC = 441,
T_Duration = 443, T_Simulate = 442,
T_Freq_Offset = 444, T_Beep_Delay = 443,
T_Wander = 445, T_Sim_Duration = 444,
T_Jitter = 446, T_Server_Offset = 445,
T_Prop_Delay = 447, T_Duration = 446,
T_Proc_Delay = 448 T_Freq_Offset = 447,
}; T_Wander = 448,
T_Jitter = 449,
T_Prop_Delay = 450,
T_Proc_Delay = 451
};
#endif #endif
/* Tokens. */ /* Tokens. */
#define T_Abbrev 258 #define T_Abbrev 258
@ -410,33 +414,37 @@ extern int yydebug;
#define T_Ttl 426 #define T_Ttl 426
#define T_Type 427 #define T_Type 427
#define T_U_int 428 #define T_U_int 428
#define T_Unconfig 429 #define T_UEcrypto 429
#define T_Unpeer 430 #define T_UEcryptonak 430
#define T_Version 431 #define T_UEdigest 431
#define T_WanderThreshold 432 #define T_Unconfig 432
#define T_Week 433 #define T_Unpeer 433
#define T_Wildcard 434 #define T_Version 434
#define T_Xleave 435 #define T_WanderThreshold 435
#define T_Year 436 #define T_Week 436
#define T_Flag 437 #define T_Wildcard 437
#define T_EOC 438 #define T_Xleave 438
#define T_Simulate 439 #define T_Year 439
#define T_Beep_Delay 440 #define T_Flag 440
#define T_Sim_Duration 441 #define T_EOC 441
#define T_Server_Offset 442 #define T_Simulate 442
#define T_Duration 443 #define T_Beep_Delay 443
#define T_Freq_Offset 444 #define T_Sim_Duration 444
#define T_Wander 445 #define T_Server_Offset 445
#define T_Jitter 446 #define T_Duration 446
#define T_Prop_Delay 447 #define T_Freq_Offset 447
#define T_Proc_Delay 448 #define T_Wander 448
#define T_Jitter 449
#define T_Prop_Delay 450
#define T_Proc_Delay 451
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE YYSTYPE; typedef union YYSTYPE
union YYSTYPE
{ {
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */ /* Line 2053 of yacc.c */
#line 51 "../../ntpd/ntp_parser.y"
char * String; char * String;
double Double; double Double;
@ -455,15 +463,29 @@ union YYSTYPE
script_info * Sim_script; script_info * Sim_script;
script_info_fifo * Sim_script_fifo; script_info_fifo * Sim_script_fifo;
#line 459 "../../ntpd/ntp_parser.h" /* yacc.c:1909 */
}; /* Line 2053 of yacc.c */
#line 469 "ntp_parser.h"
} YYSTYPE;
# define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_DECLARED 1
#endif #endif
extern YYSTYPE yylval; extern YYSTYPE yylval;
#ifdef YYPARSE_PARAM
#if defined __STDC__ || defined __cplusplus
int yyparse (void *YYPARSE_PARAM);
#else
int yyparse ();
#endif
#else /* ! YYPARSE_PARAM */
#if defined __STDC__ || defined __cplusplus
int yyparse (void); int yyparse (void);
#else
int yyparse ();
#endif
#endif /* ! YYPARSE_PARAM */
#endif /* !YY_YY__NTPD_NTP_PARSER_H_INCLUDED */ #endif /* !YY_YY_NTP_PARSER_H_INCLUDED */

158
contrib/ntp/ntpd/ntp_proto.c
View File

@ -153,6 +153,19 @@ u_long sys_declined; /* declined */
u_long sys_limitrejected; /* rate exceeded */ u_long sys_limitrejected; /* rate exceeded */
u_long sys_kodsent; /* KoD sent */ u_long sys_kodsent; /* KoD sent */
/*
* Mechanism knobs: how soon do we unpeer()?
*
* The default way is "on-receipt". If this was a packet from a
* well-behaved source, on-receipt will offer the fastest recovery.
* If this was from a DoS attack, the default way makes it easier
* for a bad-guy to DoS us. So look and see what bites you harder
* and choose according to your environment.
*/
int unpeer_crypto_early = 1; /* bad crypto (TEST9) */
int unpeer_crypto_nak_early = 1; /* crypto_NAK (TEST5) */
int unpeer_digest_early = 1; /* bad digest (TEST5) */
static int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid); static int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
static double root_distance (struct peer *); static double root_distance (struct peer *);
static void clock_combine (peer_select *, int, int); static void clock_combine (peer_select *, int, int);
@ -1157,6 +1170,7 @@ receive(
} else { } else {
peer->delay = sys_bdelay; peer->delay = sys_bdelay;
peer->bxmt = p_xmt;
} }
break; break;
} }
@ -1177,6 +1191,7 @@ receive(
sys_restricted++; sys_restricted++;
return; /* ignore duplicate */ return; /* ignore duplicate */
} }
peer->bxmt = p_xmt;
#ifdef AUTOKEY #ifdef AUTOKEY
if (skeyid > NTP_MAXKEY) if (skeyid > NTP_MAXKEY)
crypto_recv(peer, rbufp); crypto_recv(peer, rbufp);
@ -1286,6 +1301,73 @@ receive(
return; return;
} }
#endif /* AUTOKEY */ #endif /* AUTOKEY */
if (MODE_BROADCAST == hismode) {
u_char poll;
int bail = 0;
l_fp tdiff;
DPRINTF(2, ("receive: PROCPKT/BROADCAST: prev pkt %ld seconds ago, ppoll: %d, %d secs\n",
(current_time - peer->timelastrec),
peer->ppoll, (1 << peer->ppoll)
));
/* Things we can check:
*
* Did the poll interval change?
* Is the poll interval in the packet in-range?
* Did this packet arrive too soon?
* Is the timestamp in this packet monotonic
* with respect to the previous packet?
*/
/* This is noteworthy, not error-worthy */
if (pkt->ppoll != peer->ppoll) {
msyslog(LOG_INFO, "receive: broadcast poll from %s changed from %ud to %ud",
stoa(&rbufp->recv_srcadr),
peer->ppoll, pkt->ppoll);
}
poll = min(peer->maxpoll,
max(peer->minpoll, pkt->ppoll));
/* This is error-worthy */
if (pkt->ppoll != poll) {
msyslog(LOG_INFO, "receive: broadcast poll of %ud from %s is out-of-range (%d to %d)!",
pkt->ppoll, stoa(&rbufp->recv_srcadr),
peer->minpoll, peer->maxpoll);
++bail;
}
if ( (current_time - peer->timelastrec)
< (1 << pkt->ppoll)) {
msyslog(LOG_INFO, "receive: broadcast packet from %s arrived after %ld, not %d seconds!",
stoa(&rbufp->recv_srcadr),
(current_time - peer->timelastrec),
(1 << pkt->ppoll)
);
++bail;
}
tdiff = p_xmt;
L_SUB(&tdiff, &peer->bxmt);
if (tdiff.l_i < 0) {
msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x",
stoa(&rbufp->recv_srcadr),
peer->bxmt.l_ui, peer->bxmt.l_uf,
p_xmt.l_ui, p_xmt.l_uf
);
++bail;
}
peer->bxmt = p_xmt;
if (bail) {
peer->timelastrec = current_time;
sys_declined++;
return;
}
}
break; break;
/* /*
@ -1362,7 +1444,12 @@ receive(
/* /*
* Basic mode checks: * Basic mode checks:
* *
* If there is no origin timestamp, it's an initial packet. * If there is no origin timestamp, it's either an initial packet
* or we've already received a response to our query. Of course,
* should 'aorg' be all-zero because this really was the original
* transmit timestamp, we'll drop the reply. There is a window of
* one nanosecond once every 136 years' time where this is possible.
* We currently ignore this situation.
* *
* Otherwise, check for bogus packet in basic mode. * Otherwise, check for bogus packet in basic mode.
* If it is bogus, switch to interleaved mode and resynchronize, * If it is bogus, switch to interleaved mode and resynchronize,
@ -1375,7 +1462,8 @@ receive(
} else if (peer->flip == 0) { } else if (peer->flip == 0) {
if (0 < hisstratum && L_ISZERO(&p_org)) { if (0 < hisstratum && L_ISZERO(&p_org)) {
L_CLR(&peer->aorg); L_CLR(&peer->aorg);
} else if (!L_ISEQU(&p_org, &peer->aorg)) { } else if ( L_ISZERO(&peer->aorg)
|| !L_ISEQU(&p_org, &peer->aorg)) {
peer->bogusorg++; peer->bogusorg++;
peer->flash |= TEST2; /* bogus */ peer->flash |= TEST2; /* bogus */
msyslog(LOG_INFO, msyslog(LOG_INFO,
@ -1424,7 +1512,9 @@ receive(
peer->flash |= TEST5; /* bad auth */ peer->flash |= TEST5; /* bad auth */
peer->badauth++; peer->badauth++;
if (peer->flags & FLAG_PREEMPT) { if (peer->flags & FLAG_PREEMPT) {
unpeer(peer); if (unpeer_crypto_nak_early) {
unpeer(peer);
}
return; return;
} }
#ifdef AUTOKEY #ifdef AUTOKEY
@ -1450,7 +1540,9 @@ receive(
&& (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE)) && (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask); fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
if (peer->flags & FLAG_PREEMPT) { if (peer->flags & FLAG_PREEMPT) {
unpeer(peer); if (unpeer_digest_early) {
unpeer(peer);
}
return; return;
} }
#ifdef AUTOKEY #ifdef AUTOKEY
@ -1505,12 +1597,47 @@ receive(
return; /* Drop any other kiss code packets */ return; /* Drop any other kiss code packets */
} }
/*
* If:
* - this is a *cast (uni-, broad-, or m-) server packet
* - and it's authenticated
* then see if the sender's IP is trusted for this keyid.
* If it is, great - nothing special to do here.
* Otherwise, we should report and bail.
*/
switch (hismode) {
case MODE_SERVER: /* server mode */
case MODE_BROADCAST: /* broadcast mode */
case MODE_ACTIVE: /* symmetric active mode */
if ( is_authentic == AUTH_OK
&& !authistrustedip(skeyid, &peer->srcadr)) {
report_event(PEVNT_AUTH, peer, "authIP");
peer->badauth++;
return;
}
break;
case MODE_UNSPEC: /* unspecified (old version) */
case MODE_PASSIVE: /* symmetric passive mode */
case MODE_CLIENT: /* client mode */
#if 0 /* At this point, MODE_CONTROL is overloaded by MODE_BCLIENT */
case MODE_CONTROL: /* control mode */
#endif
case MODE_PRIVATE: /* private mode */
case MODE_BCLIENT: /* broadcast client mode */
break;
default:
break;
}
/* /*
* That was hard and I am sweaty, but the packet is squeaky * That was hard and I am sweaty, but the packet is squeaky
* clean. Get on with real work. * clean. Get on with real work.
*/ */
peer->timereceived = current_time; peer->timereceived = current_time;
peer->timelastrec = current_time;
if (is_authentic == AUTH_OK) if (is_authentic == AUTH_OK)
peer->flags |= FLAG_AUTHENTIC; peer->flags |= FLAG_AUTHENTIC;
else else
@ -1560,8 +1687,11 @@ receive(
"crypto error"); "crypto error");
peer_clear(peer, "CRYP"); peer_clear(peer, "CRYP");
peer->flash |= TEST9; /* bad crypt */ peer->flash |= TEST9; /* bad crypt */
if (peer->flags & FLAG_PREEMPT) if (peer->flags & FLAG_PREEMPT) {
unpeer(peer); if (unpeer_crypto_early) {
unpeer(peer);
}
}
} }
return; return;
} }
@ -4358,6 +4488,22 @@ proto_config(
io_multicast_del(svalue); io_multicast_del(svalue);
break; break;
/*
* Unpeer Early policy choices
*/
case PROTO_UECRYPTO: /* Crypto */
unpeer_crypto_early = value;
break;
case PROTO_UECRYPTONAK: /* Crypto_NAK */
unpeer_crypto_nak_early = value;
break;
case PROTO_UEDIGEST: /* Digest */
unpeer_digest_early = value;
break;
default: default:
msyslog(LOG_NOTICE, msyslog(LOG_NOTICE,
"proto: unsupported option %d", item); "proto: unsupported option %d", item);

293
contrib/ntp/ntpd/ntp_request.c
View File

@ -81,8 +81,8 @@ static void do_unconf (sockaddr_u *, endpt *, struct req_pkt *);
static void set_sys_flag (sockaddr_u *, endpt *, struct req_pkt *); static void set_sys_flag (sockaddr_u *, endpt *, struct req_pkt *);
static void clr_sys_flag (sockaddr_u *, endpt *, struct req_pkt *); static void clr_sys_flag (sockaddr_u *, endpt *, struct req_pkt *);
static void setclr_flags (sockaddr_u *, endpt *, struct req_pkt *, u_long); static void setclr_flags (sockaddr_u *, endpt *, struct req_pkt *, u_long);
static void list_restrict4 (restrict_u *, struct info_restrict **); static void list_restrict4 (const restrict_u *, struct info_restrict **);
static void list_restrict6 (restrict_u *, struct info_restrict **); static void list_restrict6 (const restrict_u *, struct info_restrict **);
static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *); static void list_restrict (sockaddr_u *, endpt *, struct req_pkt *);
static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *); static void do_resaddflags (sockaddr_u *, endpt *, struct req_pkt *);
static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *); static void do_ressubflags (sockaddr_u *, endpt *, struct req_pkt *);
@ -667,43 +667,35 @@ list_peers(
struct req_pkt *inpkt struct req_pkt *inpkt
) )
{ {
struct info_peer_list *ip; struct info_peer_list * ip;
struct peer *pp; const struct peer * pp;
int skip = 0;
ip = (struct info_peer_list *)prepare_pkt(srcadr, inter, inpkt, ip = (struct info_peer_list *)prepare_pkt(srcadr, inter, inpkt,
v6sizeof(struct info_peer_list)); v6sizeof(struct info_peer_list));
for (pp = peer_list; pp != NULL && ip != NULL; pp = pp->p_link) { for (pp = peer_list; pp != NULL && ip != NULL; pp = pp->p_link) {
if (IS_IPV6(&pp->srcadr)) { if (IS_IPV6(&pp->srcadr)) {
if (client_v6_capable) { if (!client_v6_capable)
ip->addr6 = SOCK_ADDR6(&pp->srcadr); continue;
ip->v6_flag = 1; ip->addr6 = SOCK_ADDR6(&pp->srcadr);
skip = 0; ip->v6_flag = 1;
} else {
skip = 1;
break;
}
} else { } else {
ip->addr = NSRCADR(&pp->srcadr); ip->addr = NSRCADR(&pp->srcadr);
if (client_v6_capable) if (client_v6_capable)
ip->v6_flag = 0; ip->v6_flag = 0;
skip = 0;
} }
if (!skip) { ip->port = NSRCPORT(&pp->srcadr);
ip->port = NSRCPORT(&pp->srcadr); ip->hmode = pp->hmode;
ip->hmode = pp->hmode; ip->flags = 0;
ip->flags = 0; if (pp->flags & FLAG_CONFIG)
if (pp->flags & FLAG_CONFIG) ip->flags |= INFO_FLAG_CONFIG;
ip->flags |= INFO_FLAG_CONFIG; if (pp == sys_peer)
if (pp == sys_peer) ip->flags |= INFO_FLAG_SYSPEER;
ip->flags |= INFO_FLAG_SYSPEER; if (pp->status == CTL_PST_SEL_SYNCCAND)
if (pp->status == CTL_PST_SEL_SYNCCAND) ip->flags |= INFO_FLAG_SEL_CANDIDATE;
ip->flags |= INFO_FLAG_SEL_CANDIDATE; if (pp->status >= CTL_PST_SEL_SYSPEER)
if (pp->status >= CTL_PST_SEL_SYSPEER) ip->flags |= INFO_FLAG_SHORTLIST;
ip->flags |= INFO_FLAG_SHORTLIST; ip = (struct info_peer_list *)more_pkt();
ip = (struct info_peer_list *)more_pkt();
}
} /* for pp */ } /* for pp */
flush_pkt(); flush_pkt();
@ -720,10 +712,9 @@ list_peers_sum(
struct req_pkt *inpkt struct req_pkt *inpkt
) )
{ {
register struct info_peer_summary *ips; struct info_peer_summary * ips;
register struct peer *pp; const struct peer * pp;
l_fp ltmp; l_fp ltmp;
register int skip;
DPRINTF(3, ("wants peer list summary\n")); DPRINTF(3, ("wants peer list summary\n"));
@ -736,18 +727,14 @@ list_peers_sum(
* want only v4. * want only v4.
*/ */
if (IS_IPV6(&pp->srcadr)) { if (IS_IPV6(&pp->srcadr)) {
if (client_v6_capable) { if (!client_v6_capable)
ips->srcadr6 = SOCK_ADDR6(&pp->srcadr); continue;
ips->v6_flag = 1; ips->srcadr6 = SOCK_ADDR6(&pp->srcadr);
if (pp->dstadr) ips->v6_flag = 1;
ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin); if (pp->dstadr)
else ips->dstadr6 = SOCK_ADDR6(&pp->dstadr->sin);
ZERO(ips->dstadr6); else
skip = 0; ZERO(ips->dstadr6);
} else {
skip = 1;
break;
}
} else { } else {
ips->srcadr = NSRCADR(&pp->srcadr); ips->srcadr = NSRCADR(&pp->srcadr);
if (client_v6_capable) if (client_v6_capable)
@ -765,39 +752,37 @@ list_peers_sum(
ips->dstadr = NSRCADR(&pp->dstadr->bcast); ips->dstadr = NSRCADR(&pp->dstadr->bcast);
} }
} }
} else } else {
ips->dstadr = 0; ips->dstadr = 0;
}
skip = 0;
} }
if (!skip) { ips->srcport = NSRCPORT(&pp->srcadr);
ips->srcport = NSRCPORT(&pp->srcadr); ips->stratum = pp->stratum;
ips->stratum = pp->stratum; ips->hpoll = pp->hpoll;
ips->hpoll = pp->hpoll; ips->ppoll = pp->ppoll;
ips->ppoll = pp->ppoll; ips->reach = pp->reach;
ips->reach = pp->reach; ips->flags = 0;
ips->flags = 0; if (pp == sys_peer)
if (pp == sys_peer) ips->flags |= INFO_FLAG_SYSPEER;
ips->flags |= INFO_FLAG_SYSPEER; if (pp->flags & FLAG_CONFIG)
if (pp->flags & FLAG_CONFIG) ips->flags |= INFO_FLAG_CONFIG;
ips->flags |= INFO_FLAG_CONFIG; if (pp->flags & FLAG_REFCLOCK)
if (pp->flags & FLAG_REFCLOCK) ips->flags |= INFO_FLAG_REFCLOCK;
ips->flags |= INFO_FLAG_REFCLOCK; if (pp->flags & FLAG_PREFER)
if (pp->flags & FLAG_PREFER) ips->flags |= INFO_FLAG_PREFER;
ips->flags |= INFO_FLAG_PREFER; if (pp->flags & FLAG_BURST)
if (pp->flags & FLAG_BURST) ips->flags |= INFO_FLAG_BURST;
ips->flags |= INFO_FLAG_BURST; if (pp->status == CTL_PST_SEL_SYNCCAND)
if (pp->status == CTL_PST_SEL_SYNCCAND) ips->flags |= INFO_FLAG_SEL_CANDIDATE;
ips->flags |= INFO_FLAG_SEL_CANDIDATE; if (pp->status >= CTL_PST_SEL_SYSPEER)
if (pp->status >= CTL_PST_SEL_SYSPEER) ips->flags |= INFO_FLAG_SHORTLIST;
ips->flags |= INFO_FLAG_SHORTLIST; ips->hmode = pp->hmode;
ips->hmode = pp->hmode; ips->delay = HTONS_FP(DTOFP(pp->delay));
ips->delay = HTONS_FP(DTOFP(pp->delay)); DTOLFP(pp->offset, &ltmp);
DTOLFP(pp->offset, &ltmp); HTONL_FP(&ltmp, &ips->offset);
HTONL_FP(&ltmp, &ips->offset); ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp)));
ips->dispersion = HTONS_FP(DTOUFP(SQRT(pp->disp)));
}
ips = (struct info_peer_summary *)more_pkt(); ips = (struct info_peer_summary *)more_pkt();
} /* for pp */ } /* for pp */
@ -1197,7 +1182,7 @@ mem_stats(
ms->hashcount[i] = (u_char) ms->hashcount[i] = (u_char)
max((u_int)peer_hash_count[i], UCHAR_MAX); max((u_int)peer_hash_count[i], UCHAR_MAX);
more_pkt(); (void) more_pkt();
flush_pkt(); flush_pkt();
} }
@ -1285,7 +1270,7 @@ loop_info(
li->compliance = htonl((u_int32)(tc_counter)); li->compliance = htonl((u_int32)(tc_counter));
li->watchdog_timer = htonl((u_int32)(current_time - sys_epoch)); li->watchdog_timer = htonl((u_int32)(current_time - sys_epoch));
more_pkt(); (void) more_pkt();
flush_pkt(); flush_pkt();
} }
@ -1571,56 +1556,143 @@ setclr_flags(
req_ack(srcadr, inter, inpkt, INFO_OKAY); req_ack(srcadr, inter, inpkt, INFO_OKAY);
} }
/* There have been some issues with the restrict list processing,
* ranging from problems with deep recursion (resulting in stack
* overflows) and overfull reply buffers.
*
* To avoid this trouble the list reversal is done iteratively using a
* scratch pad.
*/
typedef struct RestrictStack RestrictStackT;
struct RestrictStack {
RestrictStackT *link;
size_t fcnt;
const restrict_u *pres[63];
};
static size_t
getStackSheetSize(
RestrictStackT *sp
)
{
if (sp)
return sizeof(sp->pres)/sizeof(sp->pres[0]);
return 0u;
}
static int/*BOOL*/
pushRestriction(
RestrictStackT **spp,
const restrict_u *ptr
)
{
RestrictStackT *sp;
if (NULL == (sp = *spp) || 0 == sp->fcnt) {
/* need another sheet in the scratch pad */
sp = emalloc(sizeof(*sp));
sp->link = *spp;
sp->fcnt = getStackSheetSize(sp);
*spp = sp;
}
sp->pres[--sp->fcnt] = ptr;
return TRUE;
}
static int/*BOOL*/
popRestriction(
RestrictStackT **spp,
const restrict_u **opp
)
{
RestrictStackT *sp;
if (NULL == (sp = *spp) || sp->fcnt >= getStackSheetSize(sp))
return FALSE;
*opp = sp->pres[sp->fcnt++];
if (sp->fcnt >= getStackSheetSize(sp)) {
/* discard sheet from scratch pad */
*spp = sp->link;
free(sp);
}
return TRUE;
}
static void
flushRestrictionStack(
RestrictStackT **spp
)
{
RestrictStackT *sp;
while (NULL != (sp = *spp)) {
*spp = sp->link;
free(sp);
}
}
/* /*
* list_restrict4 - recursive helper for list_restrict dumps IPv4 * list_restrict4 - iterative helper for list_restrict dumps IPv4
* restriction list in reverse order. * restriction list in reverse order.
*/ */
static void static void
list_restrict4( list_restrict4(
restrict_u * res, const restrict_u * res,
struct info_restrict ** ppir struct info_restrict ** ppir
) )
{ {
RestrictStackT * rpad;
struct info_restrict * pir; struct info_restrict * pir;
if (res->link != NULL)
list_restrict4(res->link, ppir);
pir = *ppir; pir = *ppir;
pir->addr = htonl(res->u.v4.addr); for (rpad = NULL; res; res = res->link)
if (client_v6_capable) if (!pushRestriction(&rpad, res))
pir->v6_flag = 0; break;
pir->mask = htonl(res->u.v4.mask);
pir->count = htonl(res->count); while (pir && popRestriction(&rpad, &res)) {
pir->flags = htons(res->flags); pir->addr = htonl(res->u.v4.addr);
pir->mflags = htons(res->mflags); if (client_v6_capable)
*ppir = (struct info_restrict *)more_pkt(); pir->v6_flag = 0;
pir->mask = htonl(res->u.v4.mask);
pir->count = htonl(res->count);
pir->flags = htons(res->flags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
flushRestrictionStack(&rpad);
*ppir = pir;
} }
/* /*
* list_restrict6 - recursive helper for list_restrict dumps IPv6 * list_restrict6 - iterative helper for list_restrict dumps IPv6
* restriction list in reverse order. * restriction list in reverse order.
*/ */
static void static void
list_restrict6( list_restrict6(
restrict_u * res, const restrict_u * res,
struct info_restrict ** ppir struct info_restrict ** ppir
) )
{ {
RestrictStackT * rpad;
struct info_restrict * pir; struct info_restrict * pir;
if (res->link != NULL)
list_restrict6(res->link, ppir);
pir = *ppir; pir = *ppir;
pir->addr6 = res->u.v6.addr; for (rpad = NULL; res; res = res->link)
pir->mask6 = res->u.v6.mask; if (!pushRestriction(&rpad, res))
pir->v6_flag = 1; break;
pir->count = htonl(res->count);
pir->flags = htons(res->flags); while (pir && popRestriction(&rpad, &res)) {
pir->mflags = htons(res->mflags); pir->addr6 = res->u.v6.addr;
*ppir = (struct info_restrict *)more_pkt(); pir->mask6 = res->u.v6.mask;
pir->v6_flag = 1;
pir->count = htonl(res->count);
pir->flags = htons(res->flags);
pir->mflags = htons(res->mflags);
pir = (struct info_restrict *)more_pkt();
}
flushRestrictionStack(&rpad);
*ppir = pir;
} }
@ -1644,8 +1716,7 @@ list_restrict(
/* /*
* The restriction lists are kept sorted in the reverse order * The restriction lists are kept sorted in the reverse order
* than they were originally. To preserve the output semantics, * than they were originally. To preserve the output semantics,
* dump each list in reverse order. A recursive helper function * dump each list in reverse order. The workers take care of that.
* achieves that.
*/ */
list_restrict4(restrictlist4, &ir); list_restrict4(restrictlist4, &ir);
if (client_v6_capable) if (client_v6_capable)
@ -2010,7 +2081,7 @@ do_trustkey(
register int items; register int items;
items = INFO_NITEMS(inpkt->err_nitems); items = INFO_NITEMS(inpkt->err_nitems);
kp = (uint32_t*)&inpkt->u; kp = (uint32_t *)&inpkt->u;
while (items-- > 0) { while (items-- > 0) {
authtrust(*kp, trust); authtrust(*kp, trust);
kp++; kp++;
@ -2089,7 +2160,7 @@ req_get_traps(
it = (struct info_trap *)prepare_pkt(srcadr, inter, inpkt, it = (struct info_trap *)prepare_pkt(srcadr, inter, inpkt,
v6sizeof(struct info_trap)); v6sizeof(struct info_trap));
for (i = 0, tr = ctl_traps; i < COUNTOF(ctl_traps); i++, tr++) { for (i = 0, tr = ctl_traps; it && i < COUNTOF(ctl_traps); i++, tr++) {
if (tr->tr_flags & TRAP_INUSE) { if (tr->tr_flags & TRAP_INUSE) {
if (IS_IPV4(&tr->tr_addr)) { if (IS_IPV4(&tr->tr_addr)) {
if (tr->tr_localaddr == any_interface) if (tr->tr_localaddr == any_interface)
@ -2405,7 +2476,7 @@ get_clock_info(
ic = (struct info_clock *)prepare_pkt(srcadr, inter, inpkt, ic = (struct info_clock *)prepare_pkt(srcadr, inter, inpkt,
sizeof(struct info_clock)); sizeof(struct info_clock));
while (items-- > 0) { while (items-- > 0 && ic) {
NSRCADR(&addr) = *clkaddr++; NSRCADR(&addr) = *clkaddr++;
if (!ISREFCLOCKADR(&addr) || NULL == if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) { findexistingpeer(&addr, NULL, NULL, -1, 0)) {
@ -2544,7 +2615,7 @@ get_clkbug_info(
ic = (struct info_clkbug *)prepare_pkt(srcadr, inter, inpkt, ic = (struct info_clkbug *)prepare_pkt(srcadr, inter, inpkt,
sizeof(struct info_clkbug)); sizeof(struct info_clkbug));
while (items-- > 0) { while (items-- > 0 && ic) {
NSRCADR(&addr) = *clkaddr++; NSRCADR(&addr) = *clkaddr++;
if (!ISREFCLOCKADR(&addr) || NULL == if (!ISREFCLOCKADR(&addr) || NULL ==
findexistingpeer(&addr, NULL, NULL, -1, 0)) { findexistingpeer(&addr, NULL, NULL, -1, 0)) {
@ -2592,13 +2663,15 @@ fill_info_if_stats(void *data, interface_info_t *interface_info)
struct info_if_stats **ifsp = (struct info_if_stats **)data; struct info_if_stats **ifsp = (struct info_if_stats **)data;
struct info_if_stats *ifs = *ifsp; struct info_if_stats *ifs = *ifsp;
endpt *ep = interface_info->ep; endpt *ep = interface_info->ep;
if (NULL == ifs)
return;
ZERO(*ifs); ZERO(*ifs);
if (IS_IPV6(&ep->sin)) { if (IS_IPV6(&ep->sin)) {
if (!client_v6_capable) { if (!client_v6_capable)
return; return;
}
ifs->v6_flag = 1; ifs->v6_flag = 1;
ifs->unaddr.addr6 = SOCK_ADDR6(&ep->sin); ifs->unaddr.addr6 = SOCK_ADDR6(&ep->sin);
ifs->unbcast.addr6 = SOCK_ADDR6(&ep->bcast); ifs->unbcast.addr6 = SOCK_ADDR6(&ep->bcast);

2
contrib/ntp/ntpd/ntp_scanner.c
View File

@ -669,7 +669,7 @@ int
yylex(void) yylex(void)
{ {
static follby followedby = FOLLBY_TOKEN; static follby followedby = FOLLBY_TOKEN;
int i; size_t i;
int instring; int instring;
int yylval_was_set; int yylval_was_set;
int converted; int converted;

17
contrib/ntp/ntpd/ntp_timer.c
View File

@ -549,14 +549,16 @@ check_leapsec(
#ifdef LEAP_SMEAR #ifdef LEAP_SMEAR
leap_smear.enabled = leap_smear_intv != 0; leap_smear.enabled = leap_smear_intv != 0;
#endif #endif
if (reset) { if (reset) {
lsprox = LSPROX_NOWARN; lsprox = LSPROX_NOWARN;
leapsec_reset_frame(); leapsec_reset_frame();
memset(&lsdata, 0, sizeof(lsdata)); memset(&lsdata, 0, sizeof(lsdata));
} else { } else {
int fired = leapsec_query(&lsdata, now, tpiv); int fired;
DPRINTF(1, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n", fired = leapsec_query(&lsdata, now, tpiv);
DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n",
fired, now, now, lsdata.tai_diff, lsdata.ddist)); fired, now, now, lsdata.tai_diff, lsdata.ddist));
#ifdef LEAP_SMEAR #ifdef LEAP_SMEAR
@ -572,8 +574,7 @@ check_leapsec(
DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n", DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n",
leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end)); leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end));
} }
} } else {
else {
if (leap_smear.interval) if (leap_smear.interval)
DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n")); DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n"));
leap_smear.interval = 0; leap_smear.interval = 0;
@ -655,10 +656,10 @@ check_leapsec(
sys_tai = lsdata.tai_offs; sys_tai = lsdata.tai_offs;
} else { } else {
#ifdef AUTOKEY #ifdef AUTOKEY
update_autokey = (sys_tai != lsdata.tai_offs); update_autokey = (sys_tai != (u_int)lsdata.tai_offs);
#endif #endif
lsprox = lsdata.proximity; lsprox = lsdata.proximity;
sys_tai = lsdata.tai_offs; sys_tai = lsdata.tai_offs;
} }
} }

20
contrib/ntp/ntpd/ntpd-opts.c
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c) * EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
* *
* It has been AutoGen-ed January 7, 2016 at 11:28:29 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:15:45 AM by AutoGen 5.18.5
* From the definitions ntpd-opts.def * From the definitions ntpd-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpd program is copyrighted and licensed * The ntpd program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -75,8 +75,8 @@ extern FILE * option_usage_fp;
* static const strings for ntpd options * static const strings for ntpd options
*/ */
static char const ntpd_opt_strs[3129] = static char const ntpd_opt_strs[3129] =
/* 0 */ "ntpd 4.2.8p5\n" /* 0 */ "ntpd 4.2.8p6\n"
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n" "Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n" "This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n" "redistribution under the terms of the NTP License, copies of which\n"
"can be seen at:\n" "can be seen at:\n"
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] =
/* 2900 */ "output version information and exit\0" /* 2900 */ "output version information and exit\0"
/* 2936 */ "version\0" /* 2936 */ "version\0"
/* 2944 */ "NTPD\0" /* 2944 */ "NTPD\0"
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p5\n" /* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p6\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
"\t\t[ <server1> ... <serverN> ]\n\0" "\t\t[ <server1> ... <serverN> ]\n\0"
/* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 3114 */ "\n\0" /* 3114 */ "\n\0"
/* 3116 */ "ntpd 4.2.8p5"; /* 3116 */ "ntpd 4.2.8p6";
/** /**
* ipv4 option description with * ipv4 option description with
@ -1529,8 +1529,8 @@ static void bogus_function(void) {
translate option names. translate option names.
*/ */
/* referenced via ntpdOptions.pzCopyright */ /* referenced via ntpdOptions.pzCopyright */
puts(_("ntpd 4.2.8p5\n\ puts(_("ntpd 4.2.8p6\n\
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\ Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\ This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\ redistribution under the terms of the NTP License, copies of which\n\
can be seen at:\n")); can be seen at:\n"));
@ -1670,7 +1670,7 @@ implied warranty.\n"));
puts(_("output version information and exit")); puts(_("output version information and exit"));
/* referenced via ntpdOptions.pzUsageTitle */ /* referenced via ntpdOptions.pzUsageTitle */
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p5\n\ puts(_("ntpd - NTP daemon program - Ver. 4.2.8p6\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
\t\t[ <server1> ... <serverN> ]\n")); \t\t[ <server1> ... <serverN> ]\n"));
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
puts(_("\n")); puts(_("\n"));
/* referenced via ntpdOptions.pzFullVersion */ /* referenced via ntpdOptions.pzFullVersion */
puts(_("ntpd 4.2.8p5")); puts(_("ntpd 4.2.8p6"));
/* referenced via ntpdOptions.pzFullUsage */ /* referenced via ntpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>")); puts(_("<<<NOT-FOUND>>>"));

8
contrib/ntp/ntpd/ntpd-opts.h
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h) * EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
* *
* It has been AutoGen-ed January 7, 2016 at 11:28:28 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:15:43 AM by AutoGen 5.18.5
* From the definitions ntpd-opts.def * From the definitions ntpd-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpd program is copyrighted and licensed * The ntpd program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -106,9 +106,9 @@ typedef enum {
/** count of all options for ntpd */ /** count of all options for ntpd */
#define OPTION_CT 38 #define OPTION_CT 38
/** ntpd version */ /** ntpd version */
#define NTPD_VERSION "4.2.8p5" #define NTPD_VERSION "4.2.8p6"
/** Full ntpd version text */ /** Full ntpd version text */
#define NTPD_FULL_VERSION "ntpd 4.2.8p5" #define NTPD_FULL_VERSION "ntpd 4.2.8p6"
/** /**
* Interface defines for all options. Replace "n" with the UPPER_CASED * Interface defines for all options. Replace "n" with the UPPER_CASED

8
contrib/ntp/ntpd/ntpd.1ntpdman
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpd 1ntpdman "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpd 1ntpdman "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9JaiRS/ag-jKaaQS)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:17:54 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def .\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -979,7 +979,7 @@ RFC5908
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS .SH BUGS
The The

6
contrib/ntp/ntpd/ntpd.1ntpdmdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPD 1ntpdmdoc User Commands .Dt NTPD 1ntpdmdoc User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:02 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:12 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def .\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -886,7 +886,7 @@ A snapshot of this documentation is available in HTML format in
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS .Sh BUGS
The The

58
contrib/ntp/ntpd/ntpd.c
View File

@ -209,6 +209,11 @@ extern int syscall (int, ...);
#if !defined(SIM) && defined(SIGDIE1) #if !defined(SIM) && defined(SIGDIE1)
static volatile int signalled = 0;
static volatile int signo = 0;
/* In an ideal world, 'finish_safe()' would declared as noreturn... */
static void finish_safe (int);
static RETSIGTYPE finish (int); static RETSIGTYPE finish (int);
#endif #endif
@ -298,11 +303,28 @@ my_pthread_warmup_worker(
static void static void
my_pthread_warmup(void) my_pthread_warmup(void)
{ {
pthread_t thread; pthread_t thread;
int rc; pthread_attr_t thr_attr;
int rc;
pthread_attr_init(&thr_attr);
#if defined(HAVE_PTHREAD_ATTR_GETSTACKSIZE) && \
defined(HAVE_PTHREAD_ATTR_SETSTACKSIZE) && \
defined(PTHREAD_STACK_MIN)
rc = pthread_attr_setstacksize(&thr_attr, PTHREAD_STACK_MIN);
if (0 != rc)
msyslog(LOG_ERR,
"my_pthread_warmup: pthread_attr_setstacksize() -> %s",
strerror(rc));
#endif
rc = pthread_create( rc = pthread_create(
&thread, NULL, my_pthread_warmup_worker, NULL); &thread, &thr_attr, my_pthread_warmup_worker, NULL);
if (0 == rc) { pthread_attr_destroy(&thr_attr);
if (0 != rc) {
msyslog(LOG_ERR,
"my_pthread_warmup: pthread_create() -> %s",
strerror(rc));
} else {
pthread_cancel(thread); pthread_cancel(thread);
pthread_join(thread, NULL); pthread_join(thread, NULL);
} }
@ -1204,6 +1226,10 @@ int scmp_sc[] = {
# ifdef HAVE_IO_COMPLETION_PORT # ifdef HAVE_IO_COMPLETION_PORT
for (;;) { for (;;) {
#if !defined(SIM) && defined(SIGDIE1)
if (signalled)
finish_safe(signo);
#endif
GetReceivedBuffers(); GetReceivedBuffers();
# else /* normal I/O */ # else /* normal I/O */
@ -1211,11 +1237,19 @@ int scmp_sc[] = {
was_alarmed = FALSE; was_alarmed = FALSE;
for (;;) { for (;;) {
#if !defined(SIM) && defined(SIGDIE1)
if (signalled)
finish_safe(signo);
#endif
if (alarm_flag) { /* alarmed? */ if (alarm_flag) { /* alarmed? */
was_alarmed = TRUE; was_alarmed = TRUE;
alarm_flag = FALSE; alarm_flag = FALSE;
} }
/* collect async name/addr results */
if (!was_alarmed)
harvest_blocking_responses();
if (!was_alarmed && !has_full_recv_buffer()) { if (!was_alarmed && !has_full_recv_buffer()) {
/* /*
* Nothing to do. Wait for something. * Nothing to do. Wait for something.
@ -1330,9 +1364,9 @@ int scmp_sc[] = {
/* /*
* finish - exit gracefully * finish - exit gracefully
*/ */
static RETSIGTYPE static void
finish( finish_safe(
int sig int sig
) )
{ {
const char *sig_desc; const char *sig_desc;
@ -1353,6 +1387,16 @@ finish(
peer_cleanup(); peer_cleanup();
exit(0); exit(0);
} }
static RETSIGTYPE
finish(
int sig
)
{
signalled = 1;
signo = sig;
}
#endif /* !SIM && SIGDIE1 */ #endif /* !SIM && SIGDIE1 */

4
contrib/ntp/ntpd/ntpd.html
View File

@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
symmetric and broadcast modes, and with both symmetric-key and public-key symmetric and broadcast modes, and with both symmetric-key and public-key
cryptography. cryptography.
<p>This document applies to version 4.2.8p5 of <code>ntpd</code>. <p>This document applies to version 4.2.8p6 of <code>ntpd</code>.
<ul class="menu"> <ul class="menu">
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description <li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0. with a status code of 0.
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p4 <pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p5
Usage: ntpd [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... \ Usage: ntpd [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... \
[ &lt;server1&gt; ... &lt;serverN&gt; ] [ &lt;server1&gt; ... &lt;serverN&gt; ]
Flg Arg Option-Name Description Flg Arg Option-Name Description

8
contrib/ntp/ntpd/ntpd.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpd @NTPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpd @NTPD_MS@ "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-KDaWJq/ag-WDaOIq) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9JaiRS/ag-jKaaQS)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:30:44 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:17:54 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def .\" From the definitions ntpd-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -979,7 +979,7 @@ RFC5908
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS .SH BUGS
The The

6
contrib/ntp/ntpd/ntpd.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPD @NTPD_MS@ User Commands .Dt NTPD @NTPD_MS@ User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:02 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:12 AM by AutoGen 5.18.5
.\" From the definitions ntpd-opts.def .\" From the definitions ntpd-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -886,7 +886,7 @@ A snapshot of this documentation is available in HTML format in
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS .Sh BUGS
The The

2
contrib/ntp/ntpd/refclock_chu.c
View File

@ -1264,7 +1264,7 @@ chu_a(
offset = up->charstamp; offset = up->charstamp;
else if (k > 0) else if (k > 0)
i = 1; i = 1;
for (; i < nchar && i < k + 10; i++) { for (; i < nchar && (i - 10) < k; i++) {
up->tstamp[up->ntstamp] = up->cstamp[i]; up->tstamp[up->ntstamp] = up->cstamp[i];
L_SUB(&up->tstamp[up->ntstamp], &offset); L_SUB(&up->tstamp[up->ntstamp], &offset);
L_ADD(&offset, &up->charstamp); L_ADD(&offset, &up->charstamp);

28
contrib/ntp/ntpd/refclock_gpsdjson.c
View File

@ -377,17 +377,6 @@ static int16_t clamped_precision(int rawprec);
* local / static stuff * local / static stuff
*/ */
/* The logon string is actually the ?WATCH command of GPSD, using JSON
* data and selecting the GPS device name we created from our unit
* number. We have an old a newer version that request PPS (and TOFF)
* transmission.
* Note: These are actually format strings!
*/
static const char * const s_req_watch[2] = {
"?WATCH={\"device\":\"%s\",\"enable\":true,\"json\":true};\r\n",
"?WATCH={\"device\":\"%s\",\"enable\":true,\"json\":true,\"pps\":true};\r\n"
};
static const char * const s_req_version = static const char * const s_req_version =
"?VERSION;\r\n"; "?VERSION;\r\n";
@ -1147,7 +1136,7 @@ json_token_skip(
const json_ctx * ctx, const json_ctx * ctx,
tok_ref tid) tok_ref tid)
{ {
if (tid >= 0 && tid < ctx->ntok) { if (tid >= 0 && (u_int)tid < ctx->ntok) {
int len = ctx->tok[tid].size; int len = ctx->tok[tid].size;
/* For arrays and objects, the size is the number of /* For arrays and objects, the size is the number of
* ITEMS in the compound. Thats the number of objects in * ITEMS in the compound. Thats the number of objects in
@ -1172,7 +1161,10 @@ json_token_skip(
++tid; ++tid;
break; break;
} }
if (tid > ctx->ntok) /* Impossible? Paranoia rulez. */ /* The next condition should never be true, but paranoia
* prevails...
*/
if (tid < 0 || (u_int)tid > ctx->ntok)
tid = ctx->ntok; tid = ctx->ntok;
} }
return tid; return tid;
@ -1200,7 +1192,7 @@ json_object_lookup(
tid = json_token_skip(ctx, tid); /* skip val */ tid = json_token_skip(ctx, tid); /* skip val */
} else if (strcmp(key, ctx->buf + ctx->tok[tid].start)) { } else if (strcmp(key, ctx->buf + ctx->tok[tid].start)) {
tid = json_token_skip(ctx, tid+1); /* skip key+val */ tid = json_token_skip(ctx, tid+1); /* skip key+val */
} else if (what < 0 || what == ctx->tok[tid+1].type) { } else if (what < 0 || (u_int)what == ctx->tok[tid+1].type) {
return tid + 1; return tid + 1;
} else { } else {
break; break;
@ -1513,8 +1505,14 @@ process_version(
if (up->fl_watch) if (up->fl_watch)
return; return;
/* The logon string is actually the ?WATCH command of GPSD,
* using JSON data and selecting the GPS device name we created
* from our unit number. We have an old a newer version that
* request PPS (and TOFF) transmission.
*/
snprintf(up->buffer, sizeof(up->buffer), snprintf(up->buffer, sizeof(up->buffer),
s_req_watch[up->pf_toff != 0], up->device); "?WATCH={\"device\":\"%s\",\"enable\":true,\"json\":true%s};\r\n",
up->device, (up->pf_toff ? ",\"pps\":true" : ""));
buf = up->buffer; buf = up->buffer;
len = strlen(buf); len = strlen(buf);
log_data(peer, "send", buf, len); log_data(peer, "send", buf, len);

87
contrib/ntp/ntpd/refclock_jjy.c
View File

@ -149,8 +149,8 @@
*/ */
struct jjyRawDataBreak { struct jjyRawDataBreak {
char *pString ; const char * pString ;
int iLength ; int iLength ;
} ; } ;
#define MAX_TIMESTAMP 6 #define MAX_TIMESTAMP 6
@ -627,7 +627,7 @@ jjy_receive ( struct recvbuf *rbufp )
#ifdef DEBUG #ifdef DEBUG
printf( "\nrefclock_jjy.c : %s : Len=%d ", sFunctionName, pp->lencode ) ; printf( "\nrefclock_jjy.c : %s : Len=%d ", sFunctionName, pp->lencode ) ;
for ( i = 0 ; i < pp->lencode ; i ++ ) { for ( i = 0 ; i < pp->lencode ; i ++ ) {
if ( iscntrl( pp->a_lastcode[i] & 0x7F ) ) { if ( iscntrl( (u_char)(pp->a_lastcode[i] & 0x7F) ) ) {
printf( "<x%02X>", pp->a_lastcode[i] & 0xFF ) ; printf( "<x%02X>", pp->a_lastcode[i] & 0xFF ) ;
} else { } else {
printf( "%c", pp->a_lastcode[i] ) ; printf( "%c", pp->a_lastcode[i] ) ;
@ -702,7 +702,7 @@ jjy_receive ( struct recvbuf *rbufp )
up->iLineBufLen ++ ; up->iLineBufLen ++ ;
/* Copy printable characters */ /* Copy printable characters */
if ( ! iscntrl( up->sRawBuf[i] ) ) { if ( ! iscntrl( (u_char)up->sRawBuf[i] ) ) {
up->sTextBuf[up->iTextBufLen] = up->sRawBuf[i] ; up->sTextBuf[up->iTextBufLen] = up->sRawBuf[i] ;
up->iTextBufLen ++ ; up->iTextBufLen ++ ;
} }
@ -1154,12 +1154,13 @@ jjy_receive_tristate_jjy01 ( struct recvbuf *rbufp )
struct refclockproc *pp ; struct refclockproc *pp ;
struct peer *peer; struct peer *peer;
char *pBuf, sLog [ 100 ] ; char * pBuf ;
int iLen ; char sLog [ 100 ] ;
int rc ; int iLen ;
int rc ;
const char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
/* Initialize pointers */ /* Initialize pointers */
@ -1359,8 +1360,8 @@ jjy_poll_tristate_jjy01 ( int unit, struct peer *peer )
struct refclockproc *pp ; struct refclockproc *pp ;
struct jjyunit *up ; struct jjyunit *up ;
const char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
pp = peer->procptr; pp = peer->procptr;
up = pp->unitptr ; up = pp->unitptr ;
@ -2010,12 +2011,13 @@ jjy_receive_tristate_gpsclock01 ( struct recvbuf *rbufp )
struct refclockproc *pp ; struct refclockproc *pp ;
struct peer *peer; struct peer *peer;
char *pBuf, sLog [ 100 ] ; char * pBuf ;
int iLen ; char sLog [ 100 ] ;
int rc ; int iLen ;
int rc ;
const char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
/* Initialize pointers */ /* Initialize pointers */
@ -2239,8 +2241,8 @@ jjy_poll_tristate_gpsclock01 ( int unit, struct peer *peer )
struct refclockproc *pp ; struct refclockproc *pp ;
struct jjyunit *up ; struct jjyunit *up ;
const char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
pp = peer->procptr ; pp = peer->procptr ;
up = pp->unitptr ; up = pp->unitptr ;
@ -2576,7 +2578,7 @@ static int teljjy_bye_ignore ( struct peer *peer, struct refclockproc *, struct
static int teljjy_bye_disc ( struct peer *peer, struct refclockproc *, struct jjyunit * ) ; static int teljjy_bye_disc ( struct peer *peer, struct refclockproc *, struct jjyunit * ) ;
static int teljjy_bye_modem ( struct peer *peer, struct refclockproc *, struct jjyunit * ) ; static int teljjy_bye_modem ( struct peer *peer, struct refclockproc *, struct jjyunit * ) ;
static int ( *pTeljjyHandler [ ] [ 5 ] ) ( ) = static int ( *pTeljjyHandler [ ] [ 5 ] ) ( struct peer *, struct refclockproc *, struct jjyunit *) =
{ /*STATE_IDLE STATE_DAILOUT STATE_LOGIN STATE_CONNECT STATE_BYE */ { /*STATE_IDLE STATE_DAILOUT STATE_LOGIN STATE_CONNECT STATE_BYE */
/* NULL */ { teljjy_idle_ignore , teljjy_dial_ignore, teljjy_login_ignore, teljjy_conn_ignore, teljjy_bye_ignore }, /* NULL */ { teljjy_idle_ignore , teljjy_dial_ignore, teljjy_login_ignore, teljjy_conn_ignore, teljjy_bye_ignore },
/* START */ { teljjy_idle_dialout, teljjy_dial_ignore, teljjy_login_ignore, teljjy_conn_ignore, teljjy_bye_ignore }, /* START */ { teljjy_idle_dialout, teljjy_dial_ignore, teljjy_login_ignore, teljjy_conn_ignore, teljjy_bye_ignore },
@ -2715,12 +2717,12 @@ jjy_start_telephone ( int unit, struct peer *peer, struct jjyunit *up )
iNumberOfDigitsOfPhoneNumber = iCommaCount = iCommaPosition = iFirstThreeDigitsCount = 0 ; iNumberOfDigitsOfPhoneNumber = iCommaCount = iCommaPosition = iFirstThreeDigitsCount = 0 ;
for ( i = 0 ; i < strlen( sys_phone[0] ) ; i ++ ) { for ( i = 0 ; i < strlen( sys_phone[0] ) ; i ++ ) {
if ( isdigit( *(sys_phone[0]+i) ) ) { if ( isdigit( (u_char)sys_phone[0][i] ) ) {
if ( iFirstThreeDigitsCount < sizeof(sFirstThreeDigits)-1 ) { if ( iFirstThreeDigitsCount < sizeof(sFirstThreeDigits)-1 ) {
sFirstThreeDigits[iFirstThreeDigitsCount++] = *(sys_phone[0]+i) ; sFirstThreeDigits[iFirstThreeDigitsCount++] = sys_phone[0][i] ;
} }
iNumberOfDigitsOfPhoneNumber ++ ; iNumberOfDigitsOfPhoneNumber ++ ;
} else if ( *(sys_phone[0]+i) == ',' ) { } else if ( sys_phone[0][i] == ',' ) {
iCommaCount ++ ; iCommaCount ++ ;
if ( iCommaCount > 1 ) { if ( iCommaCount > 1 ) {
msyslog( LOG_ERR, "refclock_jjy.c : jjy_start_telephone : phone in the ntpd.conf should be zero or one comma." ) ; msyslog( LOG_ERR, "refclock_jjy.c : jjy_start_telephone : phone in the ntpd.conf should be zero or one comma." ) ;
@ -2729,7 +2731,7 @@ jjy_start_telephone ( int unit, struct peer *peer, struct jjyunit *up )
} }
iFirstThreeDigitsCount = 0 ; iFirstThreeDigitsCount = 0 ;
iCommaPosition = i ; iCommaPosition = i ;
} else if ( *(sys_phone[0]+i) != '-' ) { } else if ( sys_phone[0][i] != '-' ) {
msyslog( LOG_ERR, "refclock_jjy.c : jjy_start_telephone : phone in the ntpd.conf should be a number or a hyphen." ) ; msyslog( LOG_ERR, "refclock_jjy.c : jjy_start_telephone : phone in the ntpd.conf should be a number or a hyphen." ) ;
up->bInitError = TRUE ; up->bInitError = TRUE ;
return 1 ; return 1 ;
@ -3213,8 +3215,8 @@ static int
teljjy_login_login ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up ) teljjy_login_login ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
{ {
char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
DEBUG_TELJJY_PRINTF( "teljjy_login_login" ) ; DEBUG_TELJJY_PRINTF( "teljjy_login_login" ) ;
@ -3290,8 +3292,8 @@ static int
teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up ) teljjy_conn_send ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
{ {
const char *pCmd ; const char * pCmd ;
int i, iLen, iNextClockState ; int i, iLen, iNextClockState ;
DEBUG_TELJJY_PRINTF( "teljjy_conn_send" ) ; DEBUG_TELJJY_PRINTF( "teljjy_conn_send" ) ;
@ -3527,7 +3529,7 @@ static int
teljjy_conn_silent ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up ) teljjy_conn_silent ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
{ {
const char *pCmd ; const char * pCmd ;
DEBUG_TELJJY_PRINTF( "teljjy_conn_silent" ) ; DEBUG_TELJJY_PRINTF( "teljjy_conn_silent" ) ;
@ -3665,7 +3667,7 @@ static int modem_esc_data ( struct peer *, struct refclockproc *, struct jjyu
static int modem_esc_silent ( struct peer *, struct refclockproc *, struct jjyunit * ) ; static int modem_esc_silent ( struct peer *, struct refclockproc *, struct jjyunit * ) ;
static int modem_esc_disc ( struct peer *, struct refclockproc *, struct jjyunit * ) ; static int modem_esc_disc ( struct peer *, struct refclockproc *, struct jjyunit * ) ;
static int ( *pModemHandler [ ] [ 5 ] ) ( ) = static int ( *pModemHandler [ ] [ 5 ] ) ( struct peer *, struct refclockproc *, struct jjyunit * ) =
{ /*STATE_DISCONNECT STATE_INITIALIZE STATE_DAILING STATE_CONNECT STATE_ESCAPE */ { /*STATE_DISCONNECT STATE_INITIALIZE STATE_DAILING STATE_CONNECT STATE_ESCAPE */
/* NULL */ { modem_disc_ignore, modem_init_ignore, modem_dial_ignore , modem_conn_ignore, modem_esc_ignore }, /* NULL */ { modem_disc_ignore, modem_init_ignore, modem_dial_ignore , modem_conn_ignore, modem_esc_ignore },
/* INITIALIZE */ { modem_disc_init , modem_init_start , modem_dial_ignore , modem_conn_ignore, modem_esc_ignore }, /* INITIALIZE */ { modem_disc_init , modem_init_start , modem_dial_ignore , modem_conn_ignore, modem_esc_ignore },
@ -3993,10 +3995,11 @@ static int
modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up ) modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
{ {
char *pCmd, cBuf [ 46 ] ; const char * pCmd ;
int iCmdLen ; char cBuf [ 46 ] ;
int iErrorCorrection, iSpeakerSwitch, iSpeakerVolume ; int iCmdLen ;
int iNextModemState = STAY_MODEM_STATE ; int iErrorCorrection, iSpeakerSwitch, iSpeakerVolume ;
int iNextModemState = STAY_MODEM_STATE ;
DEBUG_MODEM_PRINTF( "modem_init_resp00" ) ; DEBUG_MODEM_PRINTF( "modem_init_resp00" ) ;
@ -4031,7 +4034,7 @@ modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *
} }
pCmd = cBuf ; pCmd = cBuf ;
snprintf( pCmd, sizeof(cBuf), "ATM%dL%d\r\n", iSpeakerSwitch, iSpeakerVolume ) ; snprintf( cBuf, sizeof(cBuf), "ATM%dL%d\r\n", iSpeakerSwitch, iSpeakerVolume ) ;
break ; break ;
case 3 : case 3 :
@ -4060,7 +4063,7 @@ modem_init_resp00 ( struct peer *peer, struct refclockproc *pp, struct jjyunit *
} }
pCmd = cBuf ; pCmd = cBuf ;
snprintf( pCmd, sizeof(cBuf), "AT\\N%d\r\n", iErrorCorrection ) ; snprintf( cBuf, sizeof(cBuf), "AT\\N%d\r\n", iErrorCorrection ) ;
break ; break ;
case 7 : case 7 :
@ -4251,8 +4254,8 @@ static int
modem_esc_escape ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up ) modem_esc_escape ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
{ {
char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
DEBUG_MODEM_PRINTF( "modem_esc_escape" ) ; DEBUG_MODEM_PRINTF( "modem_esc_escape" ) ;
@ -4317,8 +4320,8 @@ static int
modem_esc_disc ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up ) modem_esc_disc ( struct peer *peer, struct refclockproc *pp, struct jjyunit *up )
{ {
char *pCmd ; const char * pCmd ;
int iCmdLen ; int iCmdLen ;
DEBUG_MODEM_PRINTF( "modem_esc_disc" ) ; DEBUG_MODEM_PRINTF( "modem_esc_disc" ) ;
@ -4349,9 +4352,9 @@ static void
jjy_write_clockstats ( struct peer *peer, int iMark, const char *pData ) jjy_write_clockstats ( struct peer *peer, int iMark, const char *pData )
{ {
char sLog [ 100 ] ; char sLog [ 100 ] ;
char *pMark ; const char * pMark ;
int iMarkLen, iDataLen ; int iMarkLen, iDataLen ;
switch ( iMark ) { switch ( iMark ) {
case JJY_CLOCKSTATS_MARK_JJY : case JJY_CLOCKSTATS_MARK_JJY :

2
contrib/ntp/ntpd/refclock_shm.c
View File

@ -600,7 +600,7 @@ shm_timer(
cd.year, cd.month, cd.monthday, cd.year, cd.month, cd.monthday,
cd.hour, cd.minute, cd.second, cd.hour, cd.minute, cd.second,
(long)shm_stat.tvt.tv_nsec); (long)shm_stat.tvt.tv_nsec);
pp->lencode = (c < sizeof(pp->a_lastcode)) ? c : 0; pp->lencode = (c > 0 && (size_t)c < sizeof(pp->a_lastcode)) ? c : 0;
/* check 1: age control of local time stamp */ /* check 1: age control of local time stamp */
tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec; tt = shm_stat.tvc.tv_sec - shm_stat.tvr.tv_sec;

4
contrib/ntp/ntpdc/invoke-ntpdc.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:31:26 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:18:37 AM by AutoGen 5.18.5
# From the definitions ntpdc-opts.def # From the definitions ntpdc-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -76,7 +76,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5 ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...] Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution -4 no ipv4 Force IPv4 DNS name resolution

20
contrib/ntp/ntpdc/ntpdc-opts.c
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c) * EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
* *
* It has been AutoGen-ed January 7, 2016 at 11:31:12 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:18:22 AM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def * From the definitions ntpdc-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpdc program is copyrighted and licensed * The ntpdc program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -69,8 +69,8 @@ extern FILE * option_usage_fp;
* static const strings for ntpdc options * static const strings for ntpdc options
*/ */
static char const ntpdc_opt_strs[1911] = static char const ntpdc_opt_strs[1911] =
/* 0 */ "ntpdc 4.2.8p5\n" /* 0 */ "ntpdc 4.2.8p6\n"
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n" "Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n" "This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n" "redistribution under the terms of the NTP License, copies of which\n"
"can be seen at:\n" "can be seen at:\n"
@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1911] =
/* 1694 */ "no-load-opts\0" /* 1694 */ "no-load-opts\0"
/* 1707 */ "no\0" /* 1707 */ "no\0"
/* 1710 */ "NTPDC\0" /* 1710 */ "NTPDC\0"
/* 1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n" /* 1716 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1846 */ "$HOME\0" /* 1846 */ "$HOME\0"
/* 1852 */ ".\0" /* 1852 */ ".\0"
/* 1854 */ ".ntprc\0" /* 1854 */ ".ntprc\0"
/* 1861 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 1861 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1895 */ "\n\0" /* 1895 */ "\n\0"
/* 1897 */ "ntpdc 4.2.8p5"; /* 1897 */ "ntpdc 4.2.8p6";
/** /**
* ipv4 option description with * ipv4 option description with
@ -796,8 +796,8 @@ static void bogus_function(void) {
translate option names. translate option names.
*/ */
/* referenced via ntpdcOptions.pzCopyright */ /* referenced via ntpdcOptions.pzCopyright */
puts(_("ntpdc 4.2.8p5\n\ puts(_("ntpdc 4.2.8p6\n\
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\ Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\ This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\ redistribution under the terms of the NTP License, copies of which\n\
can be seen at:\n")); can be seen at:\n"));
@ -862,14 +862,14 @@ implied warranty.\n"));
puts(_("load options from a config file")); puts(_("load options from a config file"));
/* referenced via ntpdcOptions.pzUsageTitle */ /* referenced via ntpdcOptions.pzUsageTitle */
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5\n\ puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n")); Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpdcOptions.pzExplain */ /* referenced via ntpdcOptions.pzExplain */
puts(_("\n")); puts(_("\n"));
/* referenced via ntpdcOptions.pzFullVersion */ /* referenced via ntpdcOptions.pzFullVersion */
puts(_("ntpdc 4.2.8p5")); puts(_("ntpdc 4.2.8p6"));
/* referenced via ntpdcOptions.pzFullUsage */ /* referenced via ntpdcOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>")); puts(_("<<<NOT-FOUND>>>"));

8
contrib/ntp/ntpdc/ntpdc-opts.h
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h) * EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
* *
* It has been AutoGen-ed January 7, 2016 at 11:31:11 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:18:21 AM by AutoGen 5.18.5
* From the definitions ntpdc-opts.def * From the definitions ntpdc-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpdc program is copyrighted and licensed * The ntpdc program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -83,9 +83,9 @@ typedef enum {
/** count of all options for ntpdc */ /** count of all options for ntpdc */
#define OPTION_CT 15 #define OPTION_CT 15
/** ntpdc version */ /** ntpdc version */
#define NTPDC_VERSION "4.2.8p5" #define NTPDC_VERSION "4.2.8p6"
/** Full ntpdc version text */ /** Full ntpdc version text */
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p5" #define NTPDC_FULL_VERSION "ntpdc 4.2.8p6"
/** /**
* Interface defines for all options. Replace "n" with the UPPER_CASED * Interface defines for all options. Replace "n" with the UPPER_CASED

8
contrib/ntp/ntpdc/ntpdc.1ntpdcman
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpdc 1ntpdcman "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpdc 1ntpdcman "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-n4aaHU/ag-A4a4FU)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:33 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def .\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -848,7 +848,7 @@ RFC1305
.SH AUTHORS .SH AUTHORS
The formatting directives in this document came from FreeBSD. The formatting directives in this document came from FreeBSD.
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS .SH BUGS
The The

6
contrib/ntp/ntpdc/ntpdc.1ntpdcmdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPDC 1ntpdcmdoc User Commands .Dt NTPDC 1ntpdcmdoc User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:29 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:39 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def .\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -787,7 +787,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh AUTHORS .Sh AUTHORS
The formatting directives in this document came from FreeBSD. The formatting directives in this document came from FreeBSD.
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS .Sh BUGS
The The

23
contrib/ntp/ntpdc/ntpdc.c
View File

@ -605,7 +605,11 @@ getresponse(
int seq; int seq;
fd_set fds; fd_set fds;
ssize_t n; ssize_t n;
size_t pad; int pad;
/* absolute timeout checks. Not 'time_t' by intention! */
uint32_t tobase; /* base value for timeout */
uint32_t tospan; /* timeout span (max delay) */
uint32_t todiff; /* current delay */
/* /*
* This is pretty tricky. We may get between 1 and many packets * This is pretty tricky. We may get between 1 and many packets
@ -622,12 +626,14 @@ getresponse(
lastseq = 999; /* too big to be a sequence number */ lastseq = 999; /* too big to be a sequence number */
ZERO(haveseq); ZERO(haveseq);
FD_ZERO(&fds); FD_ZERO(&fds);
tobase = (uint32_t)time(NULL);
again: again:
if (firstpkt) if (firstpkt)
tvo = tvout; tvo = tvout;
else else
tvo = tvsout; tvo = tvsout;
tospan = (uint32_t)tvo.tv_sec + (tvo.tv_usec != 0);
FD_SET(sockfd, &fds); FD_SET(sockfd, &fds);
n = select(sockfd+1, &fds, NULL, NULL, &tvo); n = select(sockfd+1, &fds, NULL, NULL, &tvo);
@ -635,6 +641,17 @@ getresponse(
warning("select fails"); warning("select fails");
return -1; return -1;
} }
/*
* Check if this is already too late. Trash the data and fake a
* timeout if this is so.
*/
todiff = (((uint32_t)time(NULL)) - tobase) & 0x7FFFFFFFu;
if ((n > 0) && (todiff > tospan)) {
n = recv(sockfd, (char *)&rpkt, sizeof(rpkt), 0);
n = 0; /* faked timeout return from 'select()'*/
}
if (n == 0) { if (n == 0) {
/* /*
* Timed out. Return what we have * Timed out. Return what we have
@ -780,8 +797,10 @@ getresponse(
} }
/* /*
* So far, so good. Copy this data into the output array. * So far, so good. Copy this data into the output array. Bump
* the timeout base, in case we expect more data.
*/ */
tobase = (uint32_t)time(NULL);
if ((datap + datasize + (pad * items)) > (pktdata + pktdatasize)) { if ((datap + datasize + (pad * items)) > (pktdata + pktdatasize)) {
size_t offset = datap - pktdata; size_t offset = datap - pktdata;
growpktdata(); growpktdata();

4
contrib/ntp/ntpdc/ntpdc.html
View File

@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server
clock. Run as root, it can correct the system clock to this offset as clock. Run as root, it can correct the system clock to this offset as
well. It can be run as an interactive command or from a cron job. well. It can be run as an interactive command or from a cron job.
<p>This document applies to version 4.2.8p5 of <code>ntpdc</code>. <p>This document applies to version 4.2.8p6 of <code>ntpdc</code>.
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4 <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
IETF specification. IETF specification.
@ -152,7 +152,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0. with a status code of 0.
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p5 <pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p6
Usage: ntpdc [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...] Usage: ntpdc [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...]
Flg Arg Option-Name Description Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution -4 no ipv4 Force IPv4 DNS name resolution

8
contrib/ntp/ntpdc/ntpdc.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpdc @NTPDC_MS@ "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpdc @NTPDC_MS@ "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-EXaGzs/ag-QXayys) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-n4aaHU/ag-A4a4FU)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:22 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:33 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def .\" From the definitions ntpdc-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -848,7 +848,7 @@ RFC1305
.SH AUTHORS .SH AUTHORS
The formatting directives in this document came from FreeBSD. The formatting directives in this document came from FreeBSD.
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH BUGS .SH BUGS
The The

6
contrib/ntp/ntpdc/ntpdc.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPDC @NTPDC_MS@ User Commands .Dt NTPDC @NTPDC_MS@ User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:29 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:18:39 AM by AutoGen 5.18.5
.\" From the definitions ntpdc-opts.def .\" From the definitions ntpdc-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -787,7 +787,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh AUTHORS .Sh AUTHORS
The formatting directives in this document came from FreeBSD. The formatting directives in this document came from FreeBSD.
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh BUGS .Sh BUGS
The The

4
contrib/ntp/ntpq/invoke-ntpq.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:32:00 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:19:10 AM by AutoGen 5.18.5
# From the definitions ntpq-opts.def # From the definitions ntpq-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -847,7 +847,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
ntpq - standard NTP query program - Ver. 4.2.8p5 ntpq - standard NTP query program - Ver. 4.2.8p6
Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...] Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
Flg Arg Option-Name Description Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution -4 no ipv4 Force IPv4 DNS name resolution

20
contrib/ntp/ntpq/ntpq-opts.c
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c) * EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
* *
* It has been AutoGen-ed January 7, 2016 at 11:31:32 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:18:42 AM by AutoGen 5.18.5
* From the definitions ntpq-opts.def * From the definitions ntpq-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpq program is copyrighted and licensed * The ntpq program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -69,8 +69,8 @@ extern FILE * option_usage_fp;
* static const strings for ntpq options * static const strings for ntpq options
*/ */
static char const ntpq_opt_strs[1925] = static char const ntpq_opt_strs[1925] =
/* 0 */ "ntpq 4.2.8p5\n" /* 0 */ "ntpq 4.2.8p6\n"
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n" "Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n" "This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n" "redistribution under the terms of the NTP License, copies of which\n"
"can be seen at:\n" "can be seen at:\n"
@ -129,13 +129,13 @@ static char const ntpq_opt_strs[1925] =
/* 1723 */ "no-load-opts\0" /* 1723 */ "no-load-opts\0"
/* 1736 */ "no\0" /* 1736 */ "no\0"
/* 1739 */ "NTPQ\0" /* 1739 */ "NTPQ\0"
/* 1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p5\n" /* 1744 */ "ntpq - standard NTP query program - Ver. 4.2.8p6\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
/* 1863 */ "$HOME\0" /* 1863 */ "$HOME\0"
/* 1869 */ ".\0" /* 1869 */ ".\0"
/* 1871 */ ".ntprc\0" /* 1871 */ ".ntprc\0"
/* 1878 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 1878 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1912 */ "ntpq 4.2.8p5"; /* 1912 */ "ntpq 4.2.8p6";
/** /**
* ipv4 option description with * ipv4 option description with
@ -786,8 +786,8 @@ static void bogus_function(void) {
translate option names. translate option names.
*/ */
/* referenced via ntpqOptions.pzCopyright */ /* referenced via ntpqOptions.pzCopyright */
puts(_("ntpq 4.2.8p5\n\ puts(_("ntpq 4.2.8p6\n\
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\ Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\ This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\ redistribution under the terms of the NTP License, copies of which\n\
can be seen at:\n")); can be seen at:\n"));
@ -852,11 +852,11 @@ implied warranty.\n"));
puts(_("load options from a config file")); puts(_("load options from a config file"));
/* referenced via ntpqOptions.pzUsageTitle */ /* referenced via ntpqOptions.pzUsageTitle */
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p5\n\ puts(_("ntpq - standard NTP query program - Ver. 4.2.8p6\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n")); Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
/* referenced via ntpqOptions.pzFullVersion */ /* referenced via ntpqOptions.pzFullVersion */
puts(_("ntpq 4.2.8p5")); puts(_("ntpq 4.2.8p6"));
/* referenced via ntpqOptions.pzFullUsage */ /* referenced via ntpqOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>")); puts(_("<<<NOT-FOUND>>>"));

8
contrib/ntp/ntpq/ntpq-opts.h
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h) * EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
* *
* It has been AutoGen-ed January 7, 2016 at 11:31:32 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:18:42 AM by AutoGen 5.18.5
* From the definitions ntpq-opts.def * From the definitions ntpq-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpq program is copyrighted and licensed * The ntpq program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -83,9 +83,9 @@ typedef enum {
/** count of all options for ntpq */ /** count of all options for ntpq */
#define OPTION_CT 15 #define OPTION_CT 15
/** ntpq version */ /** ntpq version */
#define NTPQ_VERSION "4.2.8p5" #define NTPQ_VERSION "4.2.8p6"
/** Full ntpq version text */ /** Full ntpq version text */
#define NTPQ_FULL_VERSION "ntpq 4.2.8p5" #define NTPQ_FULL_VERSION "ntpq 4.2.8p6"
/** /**
* Interface defines for all options. Replace "n" with the UPPER_CASED * Interface defines for all options. Replace "n" with the UPPER_CASED

8
contrib/ntp/ntpq/ntpq-subs.c
View File

@ -2861,7 +2861,7 @@ collect_mru_list(
ri, sptoa(&recent->addr), ri, ri, sptoa(&recent->addr), ri,
recent->last.l_ui, recent->last.l_uf); recent->last.l_ui, recent->last.l_uf);
chars = strlen(buf); chars = strlen(buf);
if (REQ_ROOM <= chars) if ((size_t)REQ_ROOM <= chars)
break; break;
memcpy(req, buf, chars + 1); memcpy(req, buf, chars + 1);
req += chars; req += chars;
@ -3173,6 +3173,7 @@ mrulist(
qsort(sorted, mru_count, sizeof(sorted[0]), qsort(sorted, mru_count, sizeof(sorted[0]),
mru_qcmp_table[order]); mru_qcmp_table[order]);
mrulist_interrupted = FALSE;
printf( "lstint avgint rstr r m v count rport remote address\n" printf( "lstint avgint rstr r m v count rport remote address\n"
"==============================================================================\n"); "==============================================================================\n");
/* '=' x 78 */ /* '=' x 78 */
@ -3199,6 +3200,11 @@ mrulist(
nntohost(&recent->addr)); nntohost(&recent->addr));
if (showhostnames) if (showhostnames)
fflush(fp); fflush(fp);
if (mrulist_interrupted) {
fputs("\n --interrupted--\n", fp);
fflush(fp);
break;
}
} }
fflush(fp); fflush(fp);
if (debug) { if (debug) {

8
contrib/ntp/ntpq/ntpq.1ntpqman
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpq 1ntpqman "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpq 1ntpqman "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Z7aWRV/ag-_7aOQV)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:06 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def .\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -1412,7 +1412,7 @@ it to autogen-users@lists.sourceforge.net. Thank you.
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS" .SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

6
contrib/ntp/ntpq/ntpq.1ntpqmdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPQ 1ntpqmdoc User Commands .Dt NTPQ 1ntpqmdoc User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:32:02 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:12 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def .\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -955,7 +955,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS" .Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

94
contrib/ntp/ntpq/ntpq.c
View File

@ -218,7 +218,7 @@ static void outputarr (FILE *, char *, int, l_fp *);
static int assoccmp (const void *, const void *); static int assoccmp (const void *, const void *);
static void on_ctrlc (void); static void on_ctrlc (void);
u_short varfmt (const char *); u_short varfmt (const char *);
static int my_easprintf (char**, const char *, ...) NTP_PRINTF(2, 3);
void ntpq_custom_opt_handler (tOptions *, tOptDesc *); void ntpq_custom_opt_handler (tOptions *, tOptDesc *);
#ifdef OPENSSL #ifdef OPENSSL
@ -472,7 +472,7 @@ ntpqmain(
{ {
char *list; char *list;
char *msg, *fmt; char *msg;
list = list_digest_names(); list = list_digest_names();
for (icmd = 0; icmd < sizeof(builtins)/sizeof(builtins[0]); icmd++) { for (icmd = 0; icmd < sizeof(builtins)/sizeof(builtins[0]); icmd++) {
@ -486,13 +486,15 @@ ntpqmain(
#ifdef OPENSSL #ifdef OPENSSL
builtins[icmd].desc[0] = "digest-name"; builtins[icmd].desc[0] = "digest-name";
fmt = "set key type to use for authenticated requests, one of:%s"; my_easprintf(&msg,
"set key type to use for authenticated requests, one of:%s",
list);
#else #else
builtins[icmd].desc[0] = "md5"; builtins[icmd].desc[0] = "md5";
fmt = "set key type to use for authenticated requests (%s)"; my_easprintf(&msg,
"set key type to use for authenticated requests (%s)",
list);
#endif #endif
msg = emalloc(strlen(fmt) + strlen(list) - strlen("%s") +1);
sprintf(msg, fmt, list);
builtins[icmd].comment = msg; builtins[icmd].comment = msg;
free(list); free(list);
} }
@ -844,6 +846,10 @@ getresponse(
fd_set fds; fd_set fds;
int n; int n;
int errcode; int errcode;
/* absolute timeout checks. Not 'time_t' by intention! */
uint32_t tobase; /* base value for timeout */
uint32_t tospan; /* timeout span (max delay) */
uint32_t todiff; /* current delay */
/* /*
* This is pretty tricky. We may get between 1 and MAXFRAG packets * This is pretty tricky. We may get between 1 and MAXFRAG packets
@ -860,6 +866,8 @@ getresponse(
numfrags = 0; numfrags = 0;
seenlastfrag = 0; seenlastfrag = 0;
tobase = (uint32_t)time(NULL);
FD_ZERO(&fds); FD_ZERO(&fds);
/* /*
@ -872,13 +880,40 @@ getresponse(
tvo = tvout; tvo = tvout;
else else
tvo = tvsout; tvo = tvsout;
tospan = (uint32_t)tvo.tv_sec + (tvo.tv_usec != 0);
FD_SET(sockfd, &fds); FD_SET(sockfd, &fds);
n = select(sockfd+1, &fds, NULL, NULL, &tvo); n = select(sockfd+1, &fds, NULL, NULL, &tvo);
if (n == -1) { if (n == -1) {
#if !defined(SYS_WINNT) && defined(EINTR)
/* Windows does not know about EINTR (until very
* recently) and the handling of console events
* is *very* different from POSIX/UNIX signal
* handling anyway.
*
* Under non-windows targets we map EINTR as
* 'last packet was received' and try to exit
* the receive sequence.
*/
if (errno == EINTR) {
seenlastfrag = 1;
goto maybe_final;
}
#endif
warning("select fails"); warning("select fails");
return -1; return -1;
} }
/*
* Check if this is already too late. Trash the data and
* fake a timeout if this is so.
*/
todiff = (((uint32_t)time(NULL)) - tobase) & 0x7FFFFFFFu;
if ((n > 0) && (todiff > tospan)) {
n = recv(sockfd, (char *)&rpkt, sizeof(rpkt), 0);
n = 0; /* faked timeout return from 'select()'*/
}
if (n == 0) { if (n == 0) {
/* /*
* Timed out. Return what we have * Timed out. Return what we have
@ -1141,14 +1176,17 @@ getresponse(
} }
/* /*
* Copy the data into the data buffer. * Copy the data into the data buffer, and bump the
* timout base in case we need more.
*/ */
memcpy((char *)pktdata + offset, &rpkt.u, count); memcpy((char *)pktdata + offset, &rpkt.u, count);
tobase = (uint32_t)time(NULL);
/* /*
* If we've seen the last fragment, look for holes in the sequence. * If we've seen the last fragment, look for holes in the sequence.
* If there aren't any, we're done. * If there aren't any, we're done.
*/ */
maybe_final:
if (seenlastfrag && offsets[0] == 0) { if (seenlastfrag && offsets[0] == 0) {
for (f = 1; f < numfrags; f++) for (f = 1; f < numfrags; f++)
if (offsets[f-1] + counts[f-1] != if (offsets[f-1] + counts[f-1] !=
@ -2954,6 +2992,8 @@ nextvar(
len = srclen; len = srclen;
while (len > 0 && isspace((unsigned char)cp[len - 1])) while (len > 0 && isspace((unsigned char)cp[len - 1]))
len--; len--;
if (len >= sizeof(name))
return 0;
if (len > 0) if (len > 0)
memcpy(name, cp, len); memcpy(name, cp, len);
name[len] = '\0'; name[len] = '\0';
@ -3615,3 +3655,41 @@ on_ctrlc(void)
if ((*ctrlc_stack[--size])()) if ((*ctrlc_stack[--size])())
break; break;
} }
static int
my_easprintf(
char ** ppinto,
const char * fmt ,
...
)
{
va_list va;
int prc;
size_t len = 128;
char * buf = emalloc(len);
again:
/* Note: we expect the memory allocation to fail long before the
* increment in buffer size actually overflows.
*/
buf = (buf) ? erealloc(buf, len) : emalloc(len);
va_start(va, fmt);
prc = vsnprintf(buf, len, fmt, va);
va_end(va);
if (prc < 0) {
/* might be very old vsnprintf. Or actually MSVC... */
len += len >> 1;
goto again;
}
if ((size_t)prc >= len) {
/* at least we have the proper size now... */
len = (size_t)prc + 1;
goto again;
}
if ((size_t)prc < (len - 32))
buf = erealloc(buf, (size_t)prc + 1);
*ppinto = buf;
return prc;
}

4
contrib/ntp/ntpq/ntpq.html
View File

@ -44,7 +44,7 @@ monitor the operational status
and determine the performance of and determine the performance of
<code>ntpd</code>, the NTP daemon. <code>ntpd</code>, the NTP daemon.
<p>This document applies to version 4.2.8p5 of <code>ntpq</code>. <p>This document applies to version 4.2.8p6 of <code>ntpq</code>.
<ul class="menu"> <ul class="menu">
<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a> <li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>
@ -769,7 +769,7 @@ the usage text by passing it through a pager program.
used to select the program, defaulting to <span class="file">more</span>. Both will exit used to select the program, defaulting to <span class="file">more</span>. Both will exit
with a status code of 0. with a status code of 0.
<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p4 <pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p5
Usage: ntpq [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...] Usage: ntpq [ -&lt;flag&gt; [&lt;val&gt;] | --&lt;name&gt;[{=| }&lt;val&gt;] ]... [ host ...]
Flg Arg Option-Name Description Flg Arg Option-Name Description
-4 no ipv4 Force IPv4 DNS name resolution -4 no ipv4 Force IPv4 DNS name resolution

8
contrib/ntp/ntpq/ntpq.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpq @NTPQ_MS@ "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpq @NTPQ_MS@ "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-4VaaKt/ag-eWa4It) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Z7aWRV/ag-_7aOQV)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:31:55 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:06 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def .\" From the definitions ntpq-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -1412,7 +1412,7 @@ it to autogen-users@lists.sourceforge.net. Thank you.
.SH "AUTHORS" .SH "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS" .SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

6
contrib/ntp/ntpq/ntpq.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPQ @NTPQ_MS@ User Commands .Dt NTPQ @NTPQ_MS@ User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:32:02 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:12 AM by AutoGen 5.18.5
.\" From the definitions ntpq-opts.def .\" From the definitions ntpq-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -955,7 +955,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh "AUTHORS" .Sh "AUTHORS"
The University of Delaware and Network Time Foundation The University of Delaware and Network Time Foundation
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS" .Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

4
contrib/ntp/ntpsnmpd/invoke-ntpsnmpd.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:32:15 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:19:26 AM by AutoGen 5.18.5
# From the definitions ntpsnmpd-opts.def # From the definitions ntpsnmpd-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -47,7 +47,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5 ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p6
Usage: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... Usage: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
Flg Arg Option-Name Description Flg Arg Option-Name Description
-n no nofork Do not fork -n no nofork Do not fork

20
contrib/ntp/ntpsnmpd/ntpsnmpd-opts.c
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c) * EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c)
* *
* It has been AutoGen-ed January 7, 2016 at 11:32:05 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:19:15 AM by AutoGen 5.18.5
* From the definitions ntpsnmpd-opts.def * From the definitions ntpsnmpd-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpsnmpd program is copyrighted and licensed * The ntpsnmpd program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -61,8 +61,8 @@ extern FILE * option_usage_fp;
* static const strings for ntpsnmpd options * static const strings for ntpsnmpd options
*/ */
static char const ntpsnmpd_opt_strs[1610] = static char const ntpsnmpd_opt_strs[1610] =
/* 0 */ "ntpsnmpd 4.2.8p5\n" /* 0 */ "ntpsnmpd 4.2.8p6\n"
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n" "Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n"
"This is free software. It is licensed for use, modification and\n" "This is free software. It is licensed for use, modification and\n"
"redistribution under the terms of the NTP License, copies of which\n" "redistribution under the terms of the NTP License, copies of which\n"
"can be seen at:\n" "can be seen at:\n"
@ -101,14 +101,14 @@ static char const ntpsnmpd_opt_strs[1610] =
/* 1414 */ "no-load-opts\0" /* 1414 */ "no-load-opts\0"
/* 1427 */ "no\0" /* 1427 */ "no\0"
/* 1430 */ "NTPSNMPD\0" /* 1430 */ "NTPSNMPD\0"
/* 1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n" /* 1439 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p6\n"
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0"
/* 1542 */ "$HOME\0" /* 1542 */ "$HOME\0"
/* 1548 */ ".\0" /* 1548 */ ".\0"
/* 1550 */ ".ntprc\0" /* 1550 */ ".ntprc\0"
/* 1557 */ "http://bugs.ntp.org, bugs@ntp.org\0" /* 1557 */ "http://bugs.ntp.org, bugs@ntp.org\0"
/* 1591 */ "\n\0" /* 1591 */ "\n\0"
/* 1593 */ "ntpsnmpd 4.2.8p5"; /* 1593 */ "ntpsnmpd 4.2.8p6";
/** /**
* nofork option description: * nofork option description:
@ -554,8 +554,8 @@ static void bogus_function(void) {
translate option names. translate option names.
*/ */
/* referenced via ntpsnmpdOptions.pzCopyright */ /* referenced via ntpsnmpdOptions.pzCopyright */
puts(_("ntpsnmpd 4.2.8p5\n\ puts(_("ntpsnmpd 4.2.8p6\n\
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\ Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.\n\
This is free software. It is licensed for use, modification and\n\ This is free software. It is licensed for use, modification and\n\
redistribution under the terms of the NTP License, copies of which\n\ redistribution under the terms of the NTP License, copies of which\n\
can be seen at:\n")); can be seen at:\n"));
@ -599,14 +599,14 @@ implied warranty.\n"));
puts(_("load options from a config file")); puts(_("load options from a config file"));
/* referenced via ntpsnmpdOptions.pzUsageTitle */ /* referenced via ntpsnmpdOptions.pzUsageTitle */
puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p5\n\ puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p6\n\
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n")); Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n"));
/* referenced via ntpsnmpdOptions.pzExplain */ /* referenced via ntpsnmpdOptions.pzExplain */
puts(_("\n")); puts(_("\n"));
/* referenced via ntpsnmpdOptions.pzFullVersion */ /* referenced via ntpsnmpdOptions.pzFullVersion */
puts(_("ntpsnmpd 4.2.8p5")); puts(_("ntpsnmpd 4.2.8p6"));
/* referenced via ntpsnmpdOptions.pzFullUsage */ /* referenced via ntpsnmpdOptions.pzFullUsage */
puts(_("<<<NOT-FOUND>>>")); puts(_("<<<NOT-FOUND>>>"));

8
contrib/ntp/ntpsnmpd/ntpsnmpd-opts.h
View File

@ -1,7 +1,7 @@
/* /*
* EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h) * EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h)
* *
* It has been AutoGen-ed January 7, 2016 at 11:32:04 PM by AutoGen 5.18.5 * It has been AutoGen-ed January 20, 2016 at 04:19:14 AM by AutoGen 5.18.5
* From the definitions ntpsnmpd-opts.def * From the definitions ntpsnmpd-opts.def
* and the template file options * and the template file options
* *
@ -18,7 +18,7 @@
* The ntpsnmpd program is copyrighted and licensed * The ntpsnmpd program is copyrighted and licensed
* under the following terms: * under the following terms:
* *
* Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved. * Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation, all rights reserved.
* This is free software. It is licensed for use, modification and * This is free software. It is licensed for use, modification and
* redistribution under the terms of the NTP License, copies of which * redistribution under the terms of the NTP License, copies of which
* can be seen at: * can be seen at:
@ -76,9 +76,9 @@ typedef enum {
/** count of all options for ntpsnmpd */ /** count of all options for ntpsnmpd */
#define OPTION_CT 8 #define OPTION_CT 8
/** ntpsnmpd version */ /** ntpsnmpd version */
#define NTPSNMPD_VERSION "4.2.8p5" #define NTPSNMPD_VERSION "4.2.8p6"
/** Full ntpsnmpd version text */ /** Full ntpsnmpd version text */
#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p5" #define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p6"
/** /**
* Interface defines for all options. Replace "n" with the UPPER_CASED * Interface defines for all options. Replace "n" with the UPPER_CASED

8
contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdman
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpsnmpd 1ntpsnmpdman "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpsnmpd 1ntpsnmpdman "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-FaaWZW/ag-SaaOYW)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:22 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def .\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -138,7 +138,7 @@ it to autogen-users@lists.sourceforge.net. Thank you.
.NOP "Heiko Gerstung" .NOP "Heiko Gerstung"
.br .br
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS" .SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

6
contrib/ntp/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPSNMPD 1ntpsnmpdmdoc User Commands .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:32:18 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:28 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def .\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -110,7 +110,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh AUTHORS .Sh AUTHORS
.An "Heiko Gerstung" .An "Heiko Gerstung"
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS" .Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

2
contrib/ntp/ntpsnmpd/ntpsnmpd.html
View File

@ -42,7 +42,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code> <p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code>
operations and determine performance. It uses the standard NTP mode 6 control operations and determine performance. It uses the standard NTP mode 6 control
<p>This document applies to version 4.2.8p5 of <code>ntpsnmpd</code>. <p>This document applies to version 4.2.8p6 of <code>ntpsnmpd</code>.
<ul class="menu"> <ul class="menu">
<li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description <li><a accesskey="1" href="#ntpsnmpd-Description">ntpsnmpd Description</a>: Description

8
contrib/ntp/ntpsnmpd/ntpsnmpd.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH ntpsnmpd @NTPSNMPD_MS@ "07 Jan 2016" "4.2.8p5" "User Commands" .TH ntpsnmpd @NTPSNMPD_MS@ "20 Jan 2016" "4.2.8p6" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dZaaSu/ag-qZa4Qu) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-FaaWZW/ag-SaaOYW)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:32:12 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:22 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def .\" From the definitions ntpsnmpd-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME
@ -138,7 +138,7 @@ it to autogen-users@lists.sourceforge.net. Thank you.
.NOP "Heiko Gerstung" .NOP "Heiko Gerstung"
.br .br
.SH "COPYRIGHT" .SH "COPYRIGHT"
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.SH "BUGS" .SH "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

6
contrib/ntp/ntpsnmpd/ntpsnmpd.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt NTPSNMPD @NTPSNMPD_MS@ User Commands .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:32:18 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:19:28 AM by AutoGen 5.18.5
.\" From the definitions ntpsnmpd-opts.def .\" From the definitions ntpsnmpd-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME
@ -110,7 +110,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you.
.Sh AUTHORS .Sh AUTHORS
.An "Heiko Gerstung" .An "Heiko Gerstung"
.Sh "COPYRIGHT" .Sh "COPYRIGHT"
Copyright (C) 1992\-2015 The University of Delaware and Network Time Foundation all rights reserved. Copyright (C) 1992\-2016 The University of Delaware and Network Time Foundation all rights reserved.
This program is released under the terms of the NTP license, <http://ntp.org/license>. This program is released under the terms of the NTP license, <http://ntp.org/license>.
.Sh "BUGS" .Sh "BUGS"
Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org Please send bug reports to: http://bugs.ntp.org, bugs@ntp.org

2
contrib/ntp/packageinfo.sh
View File

@ -83,7 +83,7 @@ CLTAG=NTP_4_2_0
# - Numeric values increment # - Numeric values increment
# - empty 'increments' to 1 # - empty 'increments' to 1
# - NEW 'increments' to empty # - NEW 'increments' to empty
point=5 point=6
### betapoint is normally modified by script. ### betapoint is normally modified by script.
# ntp-stable Beta number (betapoint) # ntp-stable Beta number (betapoint)

6
contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands" .TH calc_tickadj 1calc_tickadjman "20 Jan 2016" "ntp (4.2.8p6)" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-lWayEG/ag-yWaGDG)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:09:44 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def .\" From the definitions calc_tickadj-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME

4
contrib/ntp/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:26:28 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:09:46 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def .\" From the definitions calc_tickadj-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME

2
contrib/ntp/scripts/calc_tickadj/calc_tickadj.html
View File

@ -31,7 +31,7 @@ Up:&nbsp;<a rel="up" accesskey="u" href="#dir">(dir)</a>
<h2 class="unnumbered">calc_tickadj User's Manual</h2> <h2 class="unnumbered">calc_tickadj User's Manual</h2>
<p>This document describes the use of the NTP Project's <code>calc_tickadj</code> program. <p>This document describes the use of the NTP Project's <code>calc_tickadj</code> program.
This document applies to version 4.2.8p5 of <code>calc_tickadj</code>. This document applies to version 4.2.8p6 of <code>calc_tickadj</code>.
<div class="shortcontents"> <div class="shortcontents">
<h2>Short Contents</h2> <h2>Short Contents</h2>

6
contrib/ntp/scripts/calc_tickadj/calc_tickadj.man.in
View File

@ -10,11 +10,11 @@
.ds B-Font B .ds B-Font B
.ds I-Font I .ds I-Font I
.ds R-Font R .ds R-Font R
.TH calc_tickadj 1calc_tickadjman "07 Jan 2016" "ntp (4.2.8p5)" "User Commands" .TH calc_tickadj 1calc_tickadjman "20 Jan 2016" "ntp (4.2.8p6)" "User Commands"
.\" .\"
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-nyaOMf/ag-AyaWLf) .\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-lWayEG/ag-yWaGDG)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:26:26 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:09:44 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def .\" From the definitions calc_tickadj-opts.def
.\" and the template file agman-cmd.tpl .\" and the template file agman-cmd.tpl
.SH NAME .SH NAME

4
contrib/ntp/scripts/calc_tickadj/calc_tickadj.mdoc.in
View File

@ -1,9 +1,9 @@
.Dd January 7 2016 .Dd January 20 2016
.Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands
.Os .Os
.\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc) .\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc)
.\" .\"
.\" It has been AutoGen-ed January 7, 2016 at 11:26:28 PM by AutoGen 5.18.5 .\" It has been AutoGen-ed January 20, 2016 at 04:09:46 AM by AutoGen 5.18.5
.\" From the definitions calc_tickadj-opts.def .\" From the definitions calc_tickadj-opts.def
.\" and the template file agmdoc-cmd.tpl .\" and the template file agmdoc-cmd.tpl
.Sh NAME .Sh NAME

2
contrib/ntp/scripts/calc_tickadj/invoke-calc_tickadj.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-calc_tickadj.texi) # EDIT THIS FILE WITH CAUTION (invoke-calc_tickadj.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:26:30 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:09:47 AM by AutoGen 5.18.5
# From the definitions calc_tickadj-opts.def # From the definitions calc_tickadj-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore

4
contrib/ntp/scripts/invoke-plot_summary.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-plot_summary.texi) # EDIT THIS FILE WITH CAUTION (invoke-plot_summary.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:27:16 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:10:34 AM by AutoGen 5.18.5
# From the definitions plot_summary-opts.def # From the definitions plot_summary-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -41,7 +41,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
plot_summary - plot statistics generated by summary script - Ver. 4.2.8p5 plot_summary - plot statistics generated by summary script - Ver. 4.2.8p6
USAGE: plot_summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... USAGE: plot_summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
--directory=str Where the summary files are --directory=str Where the summary files are

4
contrib/ntp/scripts/invoke-summary.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-summary.texi) # EDIT THIS FILE WITH CAUTION (invoke-summary.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:27:22 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:10:40 AM by AutoGen 5.18.5
# From the definitions summary-opts.def # From the definitions summary-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -42,7 +42,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
summary - compute various stastics from NTP stat files - Ver. 4.2.8p5 summary - compute various stastics from NTP stat files - Ver. 4.2.8p6
USAGE: summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... USAGE: summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
--directory=str Directory containing stat files --directory=str Directory containing stat files

4
contrib/ntp/scripts/ntp-wait/invoke-ntp-wait.texi
View File

@ -6,7 +6,7 @@
# #
# EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi) # EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi)
# #
# It has been AutoGen-ed January 7, 2016 at 11:26:39 PM by AutoGen 5.18.5 # It has been AutoGen-ed January 20, 2016 at 04:09:57 AM by AutoGen 5.18.5
# From the definitions ntp-wait-opts.def # From the definitions ntp-wait-opts.def
# and the template file agtexi-cmd.tpl # and the template file agtexi-cmd.tpl
@end ignore @end ignore
@ -61,7 +61,7 @@ with a status code of 0.
@exampleindent 0 @exampleindent 0
@example @example
ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p5 ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p6
USAGE: ntp-wait [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... USAGE: ntp-wait [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]...
-n, --tries=num Number of times to check ntpd -n, --tries=num Number of times to check ntpd

Some files were not shown because too many files have changed in this diff Show More