Merge ^/head r338026 through r338297, and resolve conflicts.
This commit is contained in:
commit
7847e04111
@ -968,29 +968,10 @@ _worldtmp: .PHONY
|
||||
.endif # !defined(NO_CLEAN)
|
||||
@mkdir -p ${WORLDTMP}
|
||||
@touch ${WORLDTMP}/${.TARGET}
|
||||
|
||||
.for _dir in \
|
||||
lib lib/casper lib/geom usr legacy/bin legacy/usr
|
||||
mkdir -p ${WORLDTMP}/${_dir}
|
||||
.endfor
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.usr.dist \
|
||||
-p ${WORLDTMP}/legacy/usr >/dev/null
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.include.dist \
|
||||
-p ${WORLDTMP}/legacy/usr/include >/dev/null
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.usr.dist \
|
||||
-p ${WORLDTMP}/usr >/dev/null
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.include.dist \
|
||||
-p ${WORLDTMP}/usr/include >/dev/null
|
||||
ln -sf ${.CURDIR}/sys ${WORLDTMP}
|
||||
.if ${MK_DEBUG_FILES} != "no"
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.debug.dist \
|
||||
-p ${WORLDTMP}/legacy/usr/lib >/dev/null
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.debug.dist \
|
||||
-p ${WORLDTMP}/usr/lib >/dev/null
|
||||
.endif
|
||||
.for _mtree in ${LOCAL_MTREE}
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/${_mtree} -p ${WORLDTMP} > /dev/null
|
||||
.endfor
|
||||
# We can't use mtree to create the worldtmp directories since it may not be
|
||||
# available on the target system (this happens e.g. when building on non-FreeBSD)
|
||||
cd ${.CURDIR}/tools/build; \
|
||||
${MAKE} DIRPRFX=tools/build/ DESTDIR=${WORLDTMP}/legacy installdirs
|
||||
_legacy:
|
||||
@echo
|
||||
@echo "--------------------------------------------------------------"
|
||||
@ -1003,6 +984,19 @@ _bootstrap-tools:
|
||||
@echo ">>> stage 1.2: bootstrap tools"
|
||||
@echo "--------------------------------------------------------------"
|
||||
${_+_}cd ${.CURDIR}; ${BMAKE} bootstrap-tools
|
||||
mkdir -p ${WORLDTMP}/usr ${WORLDTMP}/lib/casper ${WORLDTMP}/lib/geom
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.usr.dist \
|
||||
-p ${WORLDTMP}/usr >/dev/null
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.include.dist \
|
||||
-p ${WORLDTMP}/usr/include >/dev/null
|
||||
ln -sf ${.CURDIR}/sys ${WORLDTMP}
|
||||
.if ${MK_DEBUG_FILES} != "no"
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/etc/mtree/BSD.debug.dist \
|
||||
-p ${WORLDTMP}/usr/lib >/dev/null
|
||||
.endif
|
||||
.for _mtree in ${LOCAL_MTREE}
|
||||
${WORLDTMP_MTREE} -f ${.CURDIR}/${_mtree} -p ${WORLDTMP} > /dev/null
|
||||
.endfor
|
||||
_cleanobj:
|
||||
.if !defined(NO_CLEAN)
|
||||
@echo
|
||||
@ -2037,6 +2031,10 @@ ${_bt}-usr.bin/yacc: ${_bt}-lib/liby
|
||||
_gensnmptree= usr.sbin/bsnmpd/gensnmptree
|
||||
.endif
|
||||
|
||||
.if ${MK_LOCALES} != "no"
|
||||
_localedef= usr.bin/localedef
|
||||
.endif
|
||||
|
||||
# We need to build tblgen when we're building clang or lld, either as
|
||||
# bootstrap tools, or as the part of the normal build.
|
||||
.if ${MK_CLANG_BOOTSTRAP} != "no" || ${MK_CLANG} != "no" || \
|
||||
@ -2098,7 +2096,7 @@ bootstrap-tools: .PHONY
|
||||
${_crunchgen} \
|
||||
${_nmtree} \
|
||||
${_vtfontcvt} \
|
||||
usr.bin/localedef
|
||||
${_localedef}
|
||||
${_bt}-${_tool}: .PHONY .MAKE
|
||||
${_+_}@${ECHODIR} "===> ${_tool} (obj,all,install)"; \
|
||||
cd ${.CURDIR}/${_tool}; \
|
||||
|
@ -14,6 +14,11 @@ LIB32CPUFLAGS= -march=i686 -mmmx -msse -msse2
|
||||
.else
|
||||
LIB32CPUFLAGS= -march=${TARGET_CPUTYPE}
|
||||
.endif
|
||||
.if ${WANT_COMPILER_TYPE} == gcc || \
|
||||
(defined(X_COMPILER_TYPE) && ${X_COMPILER_TYPE} == gcc)
|
||||
.else
|
||||
LIB32CPUFLAGS+= -target x86_64-unknown-freebsd12.0
|
||||
.endif
|
||||
LIB32CPUFLAGS+= -m32
|
||||
LIB32WMAKEENV= MACHINE=i386 MACHINE_ARCH=i386 \
|
||||
MACHINE_CPU="i686 mmx sse sse2"
|
||||
|
@ -174,6 +174,11 @@ OLD_FILES+=usr/lib/clang/6.0.1/lib/freebsd/libclang_rt.ubsan_standalone_cxx-x86_
|
||||
OLD_DIRS+=usr/lib/clang/6.0.1/lib/freebsd
|
||||
OLD_DIRS+=usr/lib/clang/6.0.1/lib
|
||||
OLD_DIRS+=usr/lib/clang/6.0.1
|
||||
# 20180819: Remove deprecated arc4random(3) stir/addrandom interfaces
|
||||
OLD_FILES+=usr/share/man/man3/arc4random_addrandom.3.gz
|
||||
OLD_FILES+=usr/share/man/man3/arc4random_stir.3.gz
|
||||
# 20180819: send-pr(1) placeholder removal
|
||||
OLD_FILES+=usr/bin/send-pr
|
||||
# 20180725: Cleanup old libcasper.so.0
|
||||
OLD_LIBS+=lib/libcasper.so.0
|
||||
# 20180722: indent(1) option renamed, test files follow
|
||||
|
17
UPDATING
17
UPDATING
@ -31,6 +31,23 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
|
||||
disable the most expensive debugging functionality run
|
||||
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
|
||||
|
||||
20170822:
|
||||
devctl freeze/that have gone into the tree, the rc scripts have been
|
||||
updated to use them and devmatch has been changed. You should update
|
||||
kernel, userland and rc scripts all at the same time.
|
||||
|
||||
20180818:
|
||||
The default interpreter has been switched from 4th to Lua.
|
||||
LOADER_DEFAULT_INTERP, documented in build(7), will override the default
|
||||
interpreter. If you have custom FORTH code you will need to set
|
||||
LOADER_DEFAULT_INTERP=4th (valid values are 4th, lua or simp) in
|
||||
src.conf for the build. This will create default hard links between
|
||||
loader and loader_4th instead of loader and loader_lua, the new default.
|
||||
If you are using UEFI it will create the proper hard link to loader.efi.
|
||||
|
||||
bhyve uses userboot.so. It remains 4th-only until some issues are solved
|
||||
regarding coexisting with multiple versions of FreeBSD are resolved.
|
||||
|
||||
20180815:
|
||||
ls(1) now respects the COLORTERM environment variable used in other
|
||||
systems and software to indicate that a colored terminal is both
|
||||
|
22
bin/ls/ls.1
22
bin/ls/ls.1
@ -32,7 +32,7 @@
|
||||
.\" @(#)ls.1 8.7 (Berkeley) 7/29/94
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd August 16, 2018
|
||||
.Dd August 18, 2018
|
||||
.Dt LS 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -252,6 +252,26 @@ environment variable is set and not empty.
|
||||
.Pp
|
||||
.Cm never
|
||||
will disable color regardless of environment variables.
|
||||
.Pp
|
||||
For compatibility with GNU coreutils,
|
||||
.Nm
|
||||
supports
|
||||
.Cm yes
|
||||
or
|
||||
.Cm force
|
||||
as equivalent to
|
||||
.Cm always ,
|
||||
.Cm no
|
||||
or
|
||||
.Cm none
|
||||
as equivalent to
|
||||
.Cm never ,
|
||||
and
|
||||
.Cm tty
|
||||
or
|
||||
.Cm if-tty
|
||||
as equivalent to
|
||||
.Cm auto .
|
||||
.It Fl d
|
||||
Directories are listed as plain files (not searched recursively).
|
||||
.It Fl f
|
||||
|
32
bin/ls/ls.c
32
bin/ls/ls.c
@ -200,6 +200,32 @@ do_color(void)
|
||||
return (do_color_from_env());
|
||||
}
|
||||
|
||||
#ifdef COLORLS
|
||||
static bool
|
||||
do_color_always(const char *term)
|
||||
{
|
||||
|
||||
return (strcmp(term, "always") == 0 || strcmp(term, "yes") == 0 ||
|
||||
strcmp(term, "force") == 0);
|
||||
}
|
||||
|
||||
static bool
|
||||
do_color_never(const char *term)
|
||||
{
|
||||
|
||||
return (strcmp(term, "never") == 0 || strcmp(term, "no") == 0 ||
|
||||
strcmp(term, "none") == 0);
|
||||
}
|
||||
|
||||
static bool
|
||||
do_color_auto(const char *term)
|
||||
{
|
||||
|
||||
return (strcmp(term, "auto") == 0 || strcmp(term, "tty") == 0 ||
|
||||
strcmp(term, "if-tty") == 0);
|
||||
}
|
||||
#endif /* COLORLS */
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
@ -406,11 +432,11 @@ main(int argc, char *argv[])
|
||||
break;
|
||||
#ifdef COLORLS
|
||||
case COLOR_OPT:
|
||||
if (optarg == NULL || strcmp(optarg, "always") == 0)
|
||||
if (optarg == NULL || do_color_always(optarg))
|
||||
colorflag = COLORFLAG_ALWAYS;
|
||||
else if (strcmp(optarg, "auto") == 0)
|
||||
else if (do_color_auto(optarg))
|
||||
colorflag = COLORFLAG_AUTO;
|
||||
else if (strcmp(optarg, "never") == 0)
|
||||
else if (do_color_never(optarg))
|
||||
colorflag = COLORFLAG_NEVER;
|
||||
else
|
||||
errx(2, "unsupported --color value '%s' (must be always, auto, or never)",
|
||||
|
@ -27,11 +27,12 @@
|
||||
#pragma ident "%Z%%M% %I% %E% SMI"
|
||||
|
||||
#
|
||||
# get.ipv4remote.pl [tcpport]
|
||||
# get.ipv4remote.pl [port] [proto]
|
||||
#
|
||||
# Find an IPv4 reachable remote host using both ifconfig(1M) and ping(1M).
|
||||
# If a tcpport is specified, return a host that is also listening on this
|
||||
# TCP port. Print the local address and the remote address, or an
|
||||
# If a port is specified, return a host that is also listening on this
|
||||
# port. If the port is specified, the protocol can also be specified and
|
||||
# defaults to tcp. Print the local address and the remote address, or an
|
||||
# error message if no suitable remote host was found. Exit status is 0 if
|
||||
# a host was found.
|
||||
#
|
||||
@ -41,7 +42,8 @@ use IO::Socket;
|
||||
|
||||
my $MAXHOSTS = 32; # max hosts to port scan
|
||||
my $TIMEOUT = 3; # connection timeout
|
||||
my $tcpport = @ARGV == 1 ? $ARGV[0] : 0;
|
||||
my $port = @ARGV >= 1 ? $ARGV[0] : 0;
|
||||
my $proto = @ARGV == 2 ? $ARGV[1] : "tcp";
|
||||
|
||||
#
|
||||
# Determine local IP address
|
||||
@ -79,14 +81,15 @@ while (<PING>) {
|
||||
if (/bytes from (.*): / and not defined $Broadcast{$1}) {
|
||||
my $addr = $1;
|
||||
|
||||
if ($tcpport != 0) {
|
||||
if ($port != 0) {
|
||||
#
|
||||
# Test TCP
|
||||
#
|
||||
my $socket = IO::Socket::INET->new(
|
||||
Proto => "tcp",
|
||||
Type => SOCK_STREAM,
|
||||
Proto => $proto,
|
||||
PeerAddr => $addr,
|
||||
PeerPort => $tcpport,
|
||||
PeerPort => $port,
|
||||
Timeout => $TIMEOUT,
|
||||
);
|
||||
next unless $socket;
|
||||
|
137
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.ipv4localsctp.ksh
Executable file
137
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.ipv4localsctp.ksh
Executable file
@ -0,0 +1,137 @@
|
||||
#!/usr/bin/env ksh
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
#
|
||||
|
||||
#
|
||||
# Test {ip,sctp}:::{send,receive} of IPv4 SCTP to local host.
|
||||
#
|
||||
# This may fail due to:
|
||||
#
|
||||
# 1. A change to the ip stack breaking expected probe behavior,
|
||||
# which is the reason we are testing.
|
||||
# 2. The lo0 interface missing or not up.
|
||||
# 3. An unlikely race causes the unlocked global send/receive
|
||||
# variables to be corrupted.
|
||||
#
|
||||
# This test performs a SCTP association and checks that at least the
|
||||
# following packet counts were traced:
|
||||
#
|
||||
# 7 x ip:::send (4 during the setup, 3 during the teardown)
|
||||
# 7 x sctp:::send (4 during the setup, 3 during the teardown)
|
||||
# 7 x ip:::receive (4 during the setup, 3 during the teardown)
|
||||
# 7 x sctp:::receive (4 during the setup, 3 during the teardown)
|
||||
|
||||
# The actual count tested is 7 each way, since we are tracing both
|
||||
# source and destination events.
|
||||
#
|
||||
|
||||
if (( $# != 1 )); then
|
||||
print -u2 "expected one argument: <dtrace-path>"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
dtrace=$1
|
||||
local=127.0.0.1
|
||||
DIR=/var/tmp/dtest.$$
|
||||
|
||||
sctpport=1024
|
||||
bound=5000
|
||||
while [ $sctpport -lt $bound ]; do
|
||||
ncat --sctp -z $local $sctpport > /dev/null || break
|
||||
sctpport=$(($sctpport + 1))
|
||||
done
|
||||
if [ $sctpport -eq $bound ]; then
|
||||
echo "couldn't find an available SCTP port"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir $DIR
|
||||
cd $DIR
|
||||
|
||||
# ncat will exit when the association is closed.
|
||||
ncat --sctp --listen $local $sctpport &
|
||||
|
||||
cat > test.pl <<-EOPERL
|
||||
use IO::Socket;
|
||||
my \$s = IO::Socket::INET->new(
|
||||
Type => SOCK_STREAM,
|
||||
Proto => "sctp",
|
||||
LocalAddr => "$local",
|
||||
PeerAddr => "$local",
|
||||
PeerPort => $sctpport,
|
||||
Timeout => 3);
|
||||
die "Could not connect to host $local port $sctpport \$@" unless \$s;
|
||||
close \$s;
|
||||
sleep(2);
|
||||
EOPERL
|
||||
|
||||
$dtrace -c 'perl test.pl' -qs /dev/stdin <<EODTRACE
|
||||
BEGIN
|
||||
{
|
||||
ipsend = sctpsend = ipreceive = sctpreceive = 0;
|
||||
}
|
||||
|
||||
ip:::send
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipsend++;
|
||||
}
|
||||
|
||||
sctp:::send
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local"/
|
||||
{
|
||||
sctpsend++;
|
||||
}
|
||||
|
||||
ip:::receive
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipreceive++;
|
||||
}
|
||||
|
||||
sctp:::receive
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local"/
|
||||
{
|
||||
sctpreceive++;
|
||||
}
|
||||
|
||||
END
|
||||
{
|
||||
printf("Minimum SCTP events seen\n\n");
|
||||
printf("ip:::send (%d) - %s\n", ipsend, ipsend >= 7 ? "yes" : "no");
|
||||
printf("ip:::receive (%d) - %s\n", ipreceive, ipreceive >= 7 ? "yes" : "no");
|
||||
printf("sctp:::send (%d) - %s\n", sctpsend, sctpsend >= 7 ? "yes" : "no");
|
||||
printf("sctp:::receive (%d) - %s\n", sctpreceive, sctpreceive >= 7 ? "yes" : "no");
|
||||
}
|
||||
EODTRACE
|
||||
|
||||
status=$?
|
||||
|
||||
cd /
|
||||
/bin/rm -rf $DIR
|
||||
|
||||
exit $status
|
@ -0,0 +1,7 @@
|
||||
Minimum SCTP events seen
|
||||
|
||||
ip:::send - yes
|
||||
ip:::receive - yes
|
||||
sctp:::send - yes
|
||||
sctp:::receive - yes
|
||||
|
130
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.ipv4remotesctp.ksh
Executable file
130
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.ipv4remotesctp.ksh
Executable file
@ -0,0 +1,130 @@
|
||||
#!/usr/bin/env ksh93
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
#
|
||||
|
||||
#
|
||||
# Test {sctp,ip}:::{send,receive} of IPv4 SCTP to a remote host.
|
||||
#
|
||||
# This may fail due to:
|
||||
#
|
||||
# 1. A change to the ip stack breaking expected probe behavior,
|
||||
# which is the reason we are testing.
|
||||
# 2. No physical network interface is plumbed and up.
|
||||
# 3. No other hosts on this subnet are reachable and listening on ssh.
|
||||
# 4. An unlikely race causes the unlocked global send/receive
|
||||
# variables to be corrupted.
|
||||
#
|
||||
# This test performs an SCTP association and checks that at least the
|
||||
# following packet counts were traced:
|
||||
#
|
||||
# 4 x ip:::send (2 during setup, 2 during teardown)
|
||||
# 4 x sctp:::send (2 during connection setup, 2 during connection teardown)
|
||||
# 3 x ip:::receive (2 during setup, 1 during teardown)
|
||||
# 3 x sctp:::receive (2 during setup, 1 during teardown)
|
||||
|
||||
if (( $# != 1 )); then
|
||||
print -u2 "expected one argument: <dtrace-path>"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
dtrace=$1
|
||||
getaddr=./get.ipv4remote.pl
|
||||
sctpport=80
|
||||
DIR=/var/tmp/dtest.$$
|
||||
|
||||
if [[ ! -x $getaddr ]]; then
|
||||
print -u2 "could not find or execute sub program: $getaddr"
|
||||
exit 3
|
||||
fi
|
||||
$getaddr $sctpport sctp | read source dest
|
||||
if (( $? != 0 )); then
|
||||
exit 4
|
||||
fi
|
||||
|
||||
mkdir $DIR
|
||||
cd $DIR
|
||||
|
||||
cat > test.pl <<-EOPERL
|
||||
use IO::Socket;
|
||||
my \$s = IO::Socket::INET->new(
|
||||
Type => SOCK_STREAM,
|
||||
Proto => "sctp",
|
||||
LocalAddr => "$source",
|
||||
PeerAddr => "$dest",
|
||||
PeerPort => $sctpport,
|
||||
Timeout => 3);
|
||||
die "Could not connect to host $dest port $sctpport \$@" unless \$s;
|
||||
close \$s;
|
||||
sleep(2);
|
||||
EOPERL
|
||||
|
||||
$dtrace -c 'perl test.pl' -qs /dev/stdin <<EODTRACE
|
||||
BEGIN
|
||||
{
|
||||
ipsend = sctpsend = ipreceive = sctpreceive = 0;
|
||||
}
|
||||
|
||||
ip:::send
|
||||
/args[2]->ip_saddr == "$source" && args[2]->ip_daddr == "$dest" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipsend++;
|
||||
}
|
||||
|
||||
sctp:::send
|
||||
/args[2]->ip_saddr == "$source" && args[2]->ip_daddr == "$dest"/
|
||||
{
|
||||
sctpsend++;
|
||||
}
|
||||
|
||||
ip:::receive
|
||||
/args[2]->ip_saddr == "$dest" && args[2]->ip_daddr == "$source" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipreceive++;
|
||||
}
|
||||
|
||||
sctp:::receive
|
||||
/args[2]->ip_saddr == "$dest" && args[2]->ip_daddr == "$source"/
|
||||
{
|
||||
sctpreceive++;
|
||||
}
|
||||
|
||||
END
|
||||
{
|
||||
printf("Minimum SCTP events seen\n\n");
|
||||
printf("ip:::send - %s\n", ipsend >= 4 ? "yes" : "no");
|
||||
printf("ip:::receive - %s\n", ipreceive >= 3 ? "yes" : "no");
|
||||
printf("sctp:::send - %s\n", sctpsend >= 4 ? "yes" : "no");
|
||||
printf("sctp:::receive - %s\n", sctpreceive >= 3 ? "yes" : "no");
|
||||
}
|
||||
EODTRACE
|
||||
|
||||
status=$?
|
||||
|
||||
cd /
|
||||
/bin/rm -rf $DIR
|
||||
|
||||
exit $status
|
@ -0,0 +1,7 @@
|
||||
Minimum SCTP events seen
|
||||
|
||||
ip:::send - yes
|
||||
ip:::receive - yes
|
||||
sctp:::send - yes
|
||||
sctp:::receive - yes
|
||||
|
159
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.localsctpstate.ksh
Executable file
159
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.localsctpstate.ksh
Executable file
@ -0,0 +1,159 @@
|
||||
#!/usr/bin/env ksh
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
#
|
||||
|
||||
#
|
||||
# Test sctp:::state-change and sctp:::{send,receive} by connecting to
|
||||
# the local discard service.
|
||||
# A number of state transition events along with SCTP send and
|
||||
# receive events for the message should result.
|
||||
#
|
||||
# This may fail due to:
|
||||
#
|
||||
# 1. A change to the ip stack breaking expected probe behavior,
|
||||
# which is the reason we are testing.
|
||||
# 2. The lo0 interface missing or not up.
|
||||
# 3. An unlikely race causes the unlocked global send/receive
|
||||
# variables to be corrupted.
|
||||
#
|
||||
# This test performs a SCTP connection and checks that at least the
|
||||
# following packet counts were traced:
|
||||
#
|
||||
# 7 x ip:::send (4 during the setup, 3 during the teardown)
|
||||
# 7 x sctp:::send (4 during the setup, 3 during the teardown)
|
||||
# 7 x ip:::receive (4 during the setup, 3 during the teardown)
|
||||
# 7 x sctp:::receive (4 during the setup, 3 during the teardown)
|
||||
#
|
||||
# The actual count tested is 7 each way, since we are tracing both
|
||||
# source and destination events.
|
||||
#
|
||||
|
||||
if (( $# != 1 )); then
|
||||
print -u2 "expected one argument: <dtrace-path>"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
dtrace=$1
|
||||
local=127.0.0.1
|
||||
DIR=/var/tmp/dtest.$$
|
||||
|
||||
sctpport=1024
|
||||
bound=5000
|
||||
while [ $sctpport -lt $bound ]; do
|
||||
ncat --sctp -z $local $sctpport > /dev/null || break
|
||||
sctpport=$(($sctpport + 1))
|
||||
done
|
||||
if [ $sctpport -eq $bound ]; then
|
||||
echo "couldn't find an available SCTP port"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir $DIR
|
||||
cd $DIR
|
||||
|
||||
# ncat will exit when the association is closed.
|
||||
ncat --sctp --listen $local $sctpport &
|
||||
|
||||
cat > test.pl <<-EOPERL
|
||||
use IO::Socket;
|
||||
my \$s = IO::Socket::INET->new(
|
||||
Type => SOCK_STREAM,
|
||||
Proto => "sctp",
|
||||
LocalAddr => "$local",
|
||||
PeerAddr => "$local",
|
||||
PeerPort => $sctpport,
|
||||
Timeout => 3);
|
||||
die "Could not connect to host $local port $sctpport \$@" unless \$s;
|
||||
close \$s;
|
||||
sleep(2);
|
||||
EOPERL
|
||||
|
||||
$dtrace -c 'perl test.pl' -qs /dev/stdin <<EODTRACE
|
||||
BEGIN
|
||||
{
|
||||
ipsend = sctpsend = ipreceive = sctpreceive = 0;
|
||||
}
|
||||
|
||||
ip:::send
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipsend++;
|
||||
}
|
||||
|
||||
sctp:::send
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local" &&
|
||||
(args[4]->sctp_sport == $sctpport || args[4]->sctp_dport == $sctpport)/
|
||||
{
|
||||
sctpsend++;
|
||||
}
|
||||
|
||||
ip:::receive
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipreceive++;
|
||||
}
|
||||
|
||||
sctp:::receive
|
||||
/args[2]->ip_saddr == "$local" && args[2]->ip_daddr == "$local" &&
|
||||
(args[4]->sctp_sport == $sctpport || args[4]->sctp_dport == $sctpport)/
|
||||
{
|
||||
sctpreceive++;
|
||||
}
|
||||
|
||||
sctp:::state-change
|
||||
{
|
||||
state_event[args[3]->sctps_state]++;
|
||||
}
|
||||
|
||||
END
|
||||
{
|
||||
printf("Minimum SCTP events seen\n\n");
|
||||
printf("ip:::send - %s\n", ipsend >= 7 ? "yes" : "no");
|
||||
printf("ip:::receive - %s\n", ipreceive >= 7 ? "yes" : "no");
|
||||
printf("sctp:::send - %s\n", sctpsend >= 7 ? "yes" : "no");
|
||||
printf("sctp:::receive - %s\n", sctpreceive >= 7 ? "yes" : "no");
|
||||
printf("sctp:::state-change to cookie-wait - %s\n",
|
||||
state_event[SCTP_STATE_COOKIE_WAIT] >=1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to cookie-echoed - %s\n",
|
||||
state_event[SCTP_STATE_COOKIE_ECHOED] >=1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to established - %s\n",
|
||||
state_event[SCTP_STATE_ESTABLISHED] >= 2 ? "yes" : "no");
|
||||
printf("sctp:::state-change to shutdown-sent - %s\n",
|
||||
state_event[SCTP_STATE_SHUTDOWN_SENT] >= 1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to shutdown-received - %s\n",
|
||||
state_event[SCTP_STATE_SHUTDOWN_RECEIVED] >= 1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to shutdown-ack-sent - %s\n",
|
||||
state_event[SCTP_STATE_SHUTDOWN_ACK_SENT] >= 1 ? "yes" : "no");
|
||||
}
|
||||
EODTRACE
|
||||
|
||||
status=$?
|
||||
|
||||
cd /
|
||||
/bin/rm -rf $DIR
|
||||
|
||||
exit $status
|
@ -0,0 +1,12 @@
|
||||
Minimum SCTP events seen
|
||||
|
||||
ip:::send - yes
|
||||
ip:::receive - yes
|
||||
sctp:::send - yes
|
||||
sctp:::receive - yes
|
||||
sctp:::state-change to cookie-wait - yes
|
||||
sctp:::state-change to cookie-echoed - yes
|
||||
sctp:::state-change to established - yes
|
||||
sctp:::state-change to shutdown-sent - yes
|
||||
sctp:::state-change to shutdown-received - yes
|
||||
sctp:::state-change to shutdown-ack-sent - yes
|
149
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.remotesctpstate.ksh
Executable file
149
cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/ip/tst.remotesctpstate.ksh
Executable file
@ -0,0 +1,149 @@
|
||||
#!/usr/bin/env ksh93
|
||||
#
|
||||
# CDDL HEADER START
|
||||
#
|
||||
# The contents of this file are subject to the terms of the
|
||||
# Common Development and Distribution License (the "License").
|
||||
# You may not use this file except in compliance with the License.
|
||||
#
|
||||
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
# or http://www.opensolaris.org/os/licensing.
|
||||
# See the License for the specific language governing permissions
|
||||
# and limitations under the License.
|
||||
#
|
||||
# When distributing Covered Code, include this CDDL HEADER in each
|
||||
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
# If applicable, add the following below this CDDL HEADER, with the
|
||||
# fields enclosed by brackets "[]" replaced with your own identifying
|
||||
# information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
#
|
||||
# CDDL HEADER END
|
||||
#
|
||||
|
||||
#
|
||||
# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
|
||||
#
|
||||
|
||||
#
|
||||
# Test sctp:::state-change and sctp:::{send,receive} by connecting to
|
||||
# the remote http service.
|
||||
# A number of state transition events along with sctp send and receive
|
||||
# events for the message should result.
|
||||
#
|
||||
# This may fail due to:
|
||||
#
|
||||
# 1. A change to the ip stack breaking expected probe behavior,
|
||||
# which is the reason we are testing.
|
||||
# 2. The lo0 interface missing or not up.
|
||||
# 3. The remote ssh service is not online.
|
||||
# 4. An unlikely race causes the unlocked global send/receive
|
||||
# variables to be corrupted.
|
||||
#
|
||||
# This test performs a SCTP association to the http service (port 80) and
|
||||
# checks that at least the following packet counts were traced:
|
||||
#
|
||||
# 4 x ip:::send (2 during setup, 2 during teardown)
|
||||
# 4 x sctp:::send (2 during setup, 2 during teardown)
|
||||
# 3 x ip:::receive (2 during setup, 1 during teardown)
|
||||
# 3 x sctp:::receive (2 during setup, 1 during teardown)
|
||||
#
|
||||
|
||||
if (( $# != 1 )); then
|
||||
print -u2 "expected one argument: <dtrace-path>"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
dtrace=$1
|
||||
getaddr=./get.ipv4remote.pl
|
||||
sctpport=80
|
||||
DIR=/var/tmp/dtest.$$
|
||||
|
||||
if [[ ! -x $getaddr ]]; then
|
||||
print -u2 "could not find or execute sub program: $getaddr"
|
||||
exit 3
|
||||
fi
|
||||
$getaddr $sctpport sctp | read source dest
|
||||
if (( $? != 0 )); then
|
||||
exit 4
|
||||
fi
|
||||
|
||||
mkdir $DIR
|
||||
cd $DIR
|
||||
|
||||
cat > test.pl <<-EOPERL
|
||||
use IO::Socket;
|
||||
my \$s = IO::Socket::INET->new(
|
||||
Type => SOCK_STREAM,
|
||||
Proto => "sctp",
|
||||
LocalAddr => "$source",
|
||||
PeerAddr => "$dest",
|
||||
PeerPort => $sctpport,
|
||||
Timeout => 3);
|
||||
die "Could not connect to host $dest port $sctpport \$@" unless \$s;
|
||||
close \$s;
|
||||
sleep(2);
|
||||
EOPERL
|
||||
|
||||
$dtrace -c 'perl test.pl' -qs /dev/stdin <<EODTRACE
|
||||
BEGIN
|
||||
{
|
||||
ipsend = sctpsend = ipreceive = sctpreceive = 0;
|
||||
}
|
||||
|
||||
ip:::send
|
||||
/args[2]->ip_saddr == "$source" && args[2]->ip_daddr == "$dest" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipsend++;
|
||||
}
|
||||
|
||||
sctp:::send
|
||||
/args[2]->ip_saddr == "$source" && args[2]->ip_daddr == "$dest" &&
|
||||
args[4]->sctp_dport == $sctpport/
|
||||
{
|
||||
sctpsend++;
|
||||
}
|
||||
|
||||
ip:::receive
|
||||
/args[2]->ip_saddr == "$dest" && args[2]->ip_daddr == "$source" &&
|
||||
args[4]->ipv4_protocol == IPPROTO_SCTP/
|
||||
{
|
||||
ipreceive++;
|
||||
}
|
||||
|
||||
sctp:::receive
|
||||
/args[2]->ip_saddr == "$dest" && args[2]->ip_daddr == "$source" &&
|
||||
args[4]->sctp_sport == $sctpport/
|
||||
{
|
||||
sctpreceive++;
|
||||
}
|
||||
|
||||
sctp:::state-change
|
||||
{
|
||||
state_event[args[3]->sctps_state]++;
|
||||
}
|
||||
|
||||
END
|
||||
{
|
||||
printf("Minimum SCTP events seen\n\n");
|
||||
printf("ip:::send - %s\n", ipsend >= 4 ? "yes" : "no");
|
||||
printf("ip:::receive - %s\n", ipreceive >= 3 ? "yes" : "no");
|
||||
printf("sctp:::send - %s\n", sctpsend >= 4 ? "yes" : "no");
|
||||
printf("sctp:::receive - %s\n", sctpreceive >= 3 ? "yes" : "no");
|
||||
printf("sctp:::state-change to cookie-wait - %s\n",
|
||||
state_event[SCTP_STATE_COOKIE_WAIT] >=1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to cookie-echoed - %s\n",
|
||||
state_event[SCTP_STATE_COOKIE_ECHOED] >= 1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to established - %s\n",
|
||||
state_event[SCTP_STATE_ESTABLISHED] >= 1 ? "yes" : "no");
|
||||
printf("sctp:::state-change to shutdown-sent - %s\n",
|
||||
state_event[SCTP_STATE_SHUTDOWN-SENT] >= 1 ? "yes" : "no");
|
||||
}
|
||||
EODTRACE
|
||||
|
||||
status=$?
|
||||
|
||||
cd /
|
||||
/bin/rm -rf $DIR
|
||||
|
||||
exit $status
|
@ -0,0 +1,12 @@
|
||||
Minimum SCTP events seen
|
||||
|
||||
ip:::send - yes
|
||||
ip:::receive - yes
|
||||
SCTP:::send - yes
|
||||
sctp:::receive - yes
|
||||
sctp:::state-change to cookie-wait - yes
|
||||
sctp:::state-change to cookie-echoed - yes
|
||||
sctp:::state-change to established - yes
|
||||
sctp:::state-change to shutdown-sent - yes
|
||||
sctp:::state-change to closed - yes
|
||||
|
@ -51,6 +51,7 @@ DSRCS= errno.d \
|
||||
io.d \
|
||||
ip.d \
|
||||
psinfo.d \
|
||||
sctp.d \
|
||||
siftr.d \
|
||||
signal.d \
|
||||
tcp.d \
|
||||
|
171
cddl/lib/libdtrace/sctp.d
Normal file
171
cddl/lib/libdtrace/sctp.d
Normal file
@ -0,0 +1,171 @@
|
||||
/*
|
||||
* CDDL HEADER START
|
||||
*
|
||||
* The contents of this file are subject to the terms of the
|
||||
* Common Development and Distribution License (the "License").
|
||||
* You may not use this file except in compliance with the License.
|
||||
*
|
||||
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
||||
* or http://www.opensolaris.org/os/licensing.
|
||||
* See the License for the specific language governing permissions
|
||||
* and limitations under the License.
|
||||
*
|
||||
* When distributing Covered Code, include this CDDL HEADER in each
|
||||
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
||||
* If applicable, add the following below this CDDL HEADER, with the
|
||||
* fields enclosed by brackets "[]" replaced with your own identifying
|
||||
* information: Portions Copyright [yyyy] [name of copyright owner]
|
||||
*
|
||||
* CDDL HEADER END
|
||||
*
|
||||
* $FreeBSD$
|
||||
*/
|
||||
/*
|
||||
* Copyright (c) 2018 Michael Tuexen <tuexen@FreeBSD.org>
|
||||
*/
|
||||
|
||||
#pragma D depends_on library ip.d
|
||||
#pragma D depends_on library socket.d
|
||||
#pragma D depends_on module kernel
|
||||
#pragma D depends_on provider sctp
|
||||
|
||||
#pragma D binding "1.13" SCTP_STATE_MASK
|
||||
inline int32_t SCTP_STATE_MASK = 0x0000007f;
|
||||
#pragma D binding "1.13" SCTP_STATE_SHUTDOWN_PENDING
|
||||
inline int32_t SCTP_STATE_SHUTDOWN_PENDING = 0x00000080;
|
||||
#pragma D binding "1.13" SCTP_STATE_CLOSED_SOCKET
|
||||
inline int32_t SCTP_STATE_CLOSED_SOCKET = 0x00000100;
|
||||
#pragma D binding "1.13" SCTP_STATE_ABOUT_TO_BE_FREED
|
||||
inline int32_t SCTP_STATE_ABOUT_TO_BE_FREED = 0x00000200;
|
||||
#pragma D binding "1.13" SCTP_STATE_ABOUT_TO_BE_FREED
|
||||
inline int32_t SCTP_STATE_PARTIAL_MSG_LEFT = 0x00000400;
|
||||
#pragma D binding "1.13" SCTP_STATE_PARTIAL_MSG_LEFT
|
||||
inline int32_t SCTP_STATE_WAS_ABORTED = 0x00000800;
|
||||
#pragma D binding "1.13" SCTP_STATE_IN_ACCEPT_QUEUE
|
||||
inline int32_t SCTP_STATE_IN_ACCEPT_QUEUE = 0x00001000;
|
||||
#pragma D binding "1.13" SCTP_STATE_BOUND
|
||||
inline int32_t SCTP_STATE_BOUND = 0x00001000;
|
||||
#pragma D binding "1.13" SCTP_STATE_EMPTY
|
||||
inline int32_t SCTP_STATE_EMPTY = 0x00000000;
|
||||
#pragma D binding "1.13" SCTP_STATE_CLOSED
|
||||
inline int32_t SCTP_STATE_CLOSED = 0x00000000;
|
||||
#pragma D binding "1.13" SCTP_STATE_INUSE
|
||||
inline int32_t SCTP_STATE_INUSE = 0x00000001;
|
||||
#pragma D binding "1.13" SCTP_STATE_COOKIE_WAIT
|
||||
inline int32_t SCTP_STATE_COOKIE_WAIT = 0x00000002;
|
||||
#pragma D binding "1.13" SCTP_STATE_COOKIE_ECHOED
|
||||
inline int32_t SCTP_STATE_COOKIE_ECHOED = 0x00000004;
|
||||
#pragma D binding "1.13" SCTP_STATE_ESTABLISHED
|
||||
inline int32_t SCTP_STATE_ESTABLISHED = 0x00000008;
|
||||
#pragma D binding "1.13" SCTP_STATE_OPEN
|
||||
inline int32_t SCTP_STATE_OPEN = 0x00000008;
|
||||
#pragma D binding "1.13" SCTP_STATE_SHUTDOWN_SENT
|
||||
inline int32_t SCTP_STATE_SHUTDOWN_SENT = 0x00000010;
|
||||
#pragma D binding "1.13" SCTP_STATE_SHUTDOWN_RECEIVED
|
||||
inline int32_t SCTP_STATE_SHUTDOWN_RECEIVED = 0x00000020;
|
||||
#pragma D binding "1.13" SCTP_STATE_SHUTDOWN_ACK_SENT
|
||||
inline int32_t SCTP_STATE_SHUTDOWN_ACK_SENT = 0x00000040;
|
||||
|
||||
/* SCTP association state strings. */
|
||||
#pragma D binding "1.13" sctp_state_string
|
||||
inline string sctp_state_string[int32_t state] =
|
||||
state & SCTP_STATE_ABOUT_TO_BE_FREED ? "state-closed" :
|
||||
state & SCTP_STATE_SHUTDOWN_PENDING ? "state-shutdown-pending" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_EMPTY ? "state-closed" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_INUSE ? "state-closed" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_COOKIE_WAIT ? "state-cookie-wait" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_COOKIE_ECHOED ? "state-cookie-echoed" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_OPEN ? "state-established" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_SHUTDOWN_SENT ? "state-shutdown-sent" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_SHUTDOWN_RECEIVED ? "state-shutdown-received" :
|
||||
(state & SCTP_STATE_MASK) == SCTP_STATE_SHUTDOWN_ACK_SENT ? "state-shutdown-ack-sent" :
|
||||
"<unknown>";
|
||||
|
||||
/*
|
||||
* sctpsinfo contains stable SCTP details.
|
||||
*/
|
||||
typedef struct sctpsinfo {
|
||||
uintptr_t sctps_addr; /* pointer to struct sctp_tcb */
|
||||
int sctps_num_raddrs; /* number of remote addresses */
|
||||
uintptr_t sctps_raddrs; /* pointer to struct sctp_nets */
|
||||
int sctps_num_laddrs; /* number of local addresses */
|
||||
uintptr_t sctps_laddrs; /* pointer to struct sctp_laddr */
|
||||
uint16_t sctps_lport; /* local port */
|
||||
uint16_t sctps_rport; /* remote port */
|
||||
string sctps_laddr; /* local address, as a string */
|
||||
string sctps_raddr; /* remote address, as a string */
|
||||
int32_t sctps_state;
|
||||
} sctpsinfo_t;
|
||||
|
||||
/*
|
||||
* sctplsinfo provides the old SCTP state for state changes.
|
||||
*/
|
||||
typedef struct sctplsinfo {
|
||||
int32_t sctps_state; /* previous SCTP state */
|
||||
} sctplsinfo_t;
|
||||
|
||||
/*
|
||||
* sctpinfo is the SCTP header fields.
|
||||
*/
|
||||
typedef struct sctpinfo {
|
||||
uint16_t sctp_sport; /* source port */
|
||||
uint16_t sctp_dport; /* destination port */
|
||||
uint32_t sctp_verify; /* verification tag */
|
||||
uint32_t sctp_checksum; /* CRC32C of the SCTP packet */
|
||||
struct sctphdr *sctp_hdr; /* raw SCTP header */
|
||||
} sctpinfo_t;
|
||||
|
||||
#pragma D binding "1.13" translator
|
||||
translator csinfo_t < struct sctp_tcb *p > {
|
||||
cs_addr = NULL;
|
||||
cs_cid = (uint64_t)p;
|
||||
cs_pid = 0;
|
||||
cs_zoneid = 0;
|
||||
};
|
||||
|
||||
#pragma D binding "1.13" translator
|
||||
translator sctpsinfo_t < struct sctp_tcb *p > {
|
||||
sctps_addr = (uintptr_t)p;
|
||||
sctps_num_raddrs = p == NULL ? -1 : p->asoc.numnets;
|
||||
sctps_raddrs = p == NULL ? NULL : (uintptr_t)(p->asoc.nets.tqh_first);
|
||||
sctps_num_laddrs = p == NULL ? -1 :
|
||||
p->sctp_ep == NULL ? -1 :
|
||||
p->sctp_ep->laddr_count;
|
||||
sctps_laddrs = p == NULL ? NULL :
|
||||
p->sctp_ep == NULL ? NULL :
|
||||
(uintptr_t)(p->sctp_ep->sctp_addr_list.lh_first);
|
||||
sctps_lport = p == NULL ? 0 :
|
||||
p->sctp_ep == NULL ? 0 :
|
||||
ntohs(p->sctp_ep->ip_inp.inp.inp_inc.inc_ie.ie_lport);
|
||||
sctps_rport = p == NULL ? 0 : ntohs(p->rport);
|
||||
sctps_laddr = p == NULL ? "<unknown>" :
|
||||
p->asoc.primary_destination == NULL ? "<unknown>" :
|
||||
p->asoc.primary_destination->ro._s_addr == NULL ? "<unknown>" :
|
||||
p->asoc.primary_destination->ro._s_addr->address.sa.sa_family == AF_INET ?
|
||||
inet_ntoa(&p->asoc.primary_destination->ro._s_addr->address.sin.sin_addr.s_addr) :
|
||||
p->asoc.primary_destination->ro._s_addr->address.sa.sa_family == AF_INET6 ?
|
||||
inet_ntoa6(&p->asoc.primary_destination->ro._s_addr->address.sin6.sin6_addr) :
|
||||
"<unknown>";
|
||||
sctps_raddr = p == NULL ? "<unknown>" :
|
||||
p->asoc.primary_destination == NULL ? "<unknown>" :
|
||||
p->asoc.primary_destination->ro._l_addr.sa.sa_family == AF_INET ?
|
||||
inet_ntoa(&p->asoc.primary_destination->ro._l_addr.sin.sin_addr.s_addr) :
|
||||
p->asoc.primary_destination->ro._l_addr.sa.sa_family == AF_INET6 ?
|
||||
inet_ntoa6(&p->asoc.primary_destination->ro._l_addr.sin6.sin6_addr) :
|
||||
"<unknown>";
|
||||
sctps_state = p == NULL ? SCTP_STATE_CLOSED : p->asoc.state;
|
||||
};
|
||||
|
||||
#pragma D binding "1.13" translator
|
||||
translator sctpinfo_t < struct sctphdr *p > {
|
||||
sctp_sport = p == NULL ? 0 : ntohs(p->src_port);
|
||||
sctp_dport = p == NULL ? 0 : ntohs(p->dest_port);
|
||||
sctp_verify = p == NULL ? 0 : ntohl(p->v_tag);
|
||||
sctp_checksum = p == NULL ? 0 : ntohl(p->checksum);
|
||||
sctp_hdr = p;
|
||||
};
|
||||
|
||||
#pragma D binding "1.13" translator
|
||||
translator sctplsinfo_t < int state > {
|
||||
sctps_state = state;
|
||||
};
|
@ -61,6 +61,7 @@ CFLAGS+= -DWANTS_MUTEX_OWNED
|
||||
CFLAGS+= -I${SRCTOP}/lib/libpthread/thread
|
||||
CFLAGS+= -I${SRCTOP}/lib/libpthread/sys
|
||||
CFLAGS+= -I${SRCTOP}/lib/libthr/arch/${MACHINE_CPUARCH}/include
|
||||
CFLAGS.gcc+= -fms-extensions
|
||||
|
||||
LIBADD= md pthread z nvpair avl umem
|
||||
|
||||
|
@ -24,6 +24,7 @@ CSTD= c99
|
||||
# Since there are many asserts in this program, it makes no sense to compile
|
||||
# it without debugging.
|
||||
CFLAGS+= -g -DDEBUG=1 -Wno-format
|
||||
CFLAGS.gcc+= -fms-extensions
|
||||
|
||||
HAS_TESTS=
|
||||
SUBDIR.${MK_TESTS}+= tests
|
||||
|
@ -9,6 +9,8 @@ PACKAGE= tests
|
||||
${PACKAGE}FILES= \
|
||||
tst.ipv4localicmp.ksh \
|
||||
tst.ipv4localicmp.ksh.out \
|
||||
tst.ipv4localsctp.ksh \
|
||||
tst.ipv4localsctp.ksh.out \
|
||||
tst.ipv4localtcp.ksh \
|
||||
tst.ipv4localtcp.ksh.out \
|
||||
tst.ipv4localudp.ksh \
|
||||
@ -17,6 +19,8 @@ ${PACKAGE}FILES= \
|
||||
tst.ipv4localudplite.ksh.out \
|
||||
tst.ipv4remoteicmp.ksh \
|
||||
tst.ipv4remoteicmp.ksh.out \
|
||||
tst.ipv4remotesctp.ksh \
|
||||
tst.ipv4remotesctp.ksh.out \
|
||||
tst.ipv4remotetcp.ksh \
|
||||
tst.ipv4remotetcp.ksh.out \
|
||||
tst.ipv4remoteudp.ksh \
|
||||
@ -27,8 +31,12 @@ ${PACKAGE}FILES= \
|
||||
tst.ipv6localicmp.ksh.out \
|
||||
tst.ipv6remoteicmp.ksh \
|
||||
tst.ipv6remoteicmp.ksh.out \
|
||||
tst.localsctpstate.ksh \
|
||||
tst.localsctpstate.ksh.out \
|
||||
tst.localtcpstate.ksh \
|
||||
tst.localtcpstate.ksh.out \
|
||||
tst.remotesctpstate.ksh \
|
||||
tst.remotesctpstate.ksh.out \
|
||||
tst.remotetcpstate.ksh \
|
||||
tst.remotetcpstate.ksh.out \
|
||||
|
||||
|
@ -117,11 +117,13 @@ exclude SKIP common/builtinvar/tst.ipl.d
|
||||
exclude SKIP common/builtinvar/tst.ipl1.d
|
||||
|
||||
# These tests rely on being able to find a host via broadcast pings.
|
||||
exclude EXFAIL common/ip/tst.ipv4remotesctp.ksh
|
||||
exclude EXFAIL common/ip/tst.ipv4remotetcp.ksh
|
||||
exclude EXFAIL common/ip/tst.ipv4remoteudp.ksh
|
||||
exclude EXFAIL common/ip/tst.ipv4remoteudplite.ksh
|
||||
exclude EXFAIL common/ip/tst.ipv6remoteicmp.ksh
|
||||
exclude EXFAIL common/ip/tst.ipv4remoteicmp.ksh
|
||||
exclude EXFAIL common/ip/tst.remotesctpstate.ksh
|
||||
exclude EXFAIL common/ip/tst.remotetcpstate.ksh
|
||||
|
||||
# Tries to enable pid$target:libc::entry, though there's no "libc" module.
|
||||
|
@ -25,6 +25,7 @@ CFLAGS+= -I${SRCTOP}/cddl/contrib/opensolaris/head
|
||||
|
||||
LIBADD= nvpair umem uutil zfs zpool
|
||||
|
||||
CFLAGS.gcc+= -fms-extensions
|
||||
# Since there are many asserts in this program, it makes no sense to compile
|
||||
# it without debugging.
|
||||
CFLAGS+= -g -DDEBUG=1
|
||||
|
@ -3,7 +3,7 @@
|
||||
.\"
|
||||
.\" This man page documents only lld's ELF linking support, obtained originally
|
||||
.\" from FreeBSD.
|
||||
.Dd July 30, 2018
|
||||
.Dd August 22, 2018
|
||||
.Dt LD.LLD 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -451,6 +451,13 @@ Make the main stack executable.
|
||||
Stack permissions are recorded in the
|
||||
.Dv PT_GNU_STACK
|
||||
segment.
|
||||
.It Cm ifunc-noplt
|
||||
Do not emit PLT entries for GNU ifuncs.
|
||||
Instead, preserve relocations for ifunc call sites so that they may
|
||||
be applied by a run-time loader.
|
||||
Note that this feature requires special loader support and will
|
||||
generally result in application crashes when used outside of freestanding
|
||||
environments.
|
||||
.It Cm initfirst
|
||||
Sets the
|
||||
.Dv DF_1_INITFIRST
|
||||
|
@ -1,4 +1,68 @@
|
||||
---
|
||||
(4.2.8p12) 2018/08/14 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
* [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
|
||||
- fixed stack buffer overflow in the openhost() command-line call
|
||||
of NTPQ/NTPDC <perlinger@ntp.org>
|
||||
* [Sec 3012] noepeer tweaks. <stenn@ntp.org>
|
||||
* [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
|
||||
* [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
|
||||
other TrustedBSD platforms
|
||||
- applied patch by Ian Lepore <perlinger@ntp.org>
|
||||
* [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
|
||||
- changed interaction with SCM to signal pending startup
|
||||
* [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
|
||||
- rework of ntpq 'nextvar()' key/value parsing
|
||||
* [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey (with mods)
|
||||
* [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey (with mods)
|
||||
* [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
|
||||
* [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3471] Check for openssl/[ch]mac.h. HStenn.
|
||||
- add #define ENABLE_CMAC support in configure. HStenn.
|
||||
* [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
|
||||
* [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
|
||||
- patch by Stephen Friedl
|
||||
* [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
|
||||
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
|
||||
* [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
|
||||
* [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
|
||||
- initial patch by Hal Murray; also fixed refclock_report() trouble
|
||||
* [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
|
||||
* [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
|
||||
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
|
||||
* [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
* [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
|
||||
with modifications
|
||||
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
|
||||
* [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
|
||||
- applied patch by Miroslav Lichvar
|
||||
* [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
|
||||
* [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
|
||||
- integrated patch by Reinhard Max
|
||||
* [Bug 2821] minor build issues <perlinger@ntp.org>
|
||||
- applied patches by Christos Zoulas, including real bug fixes
|
||||
* html/authopt.html: cleanup, from <stenn@ntp.org>
|
||||
* ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
|
||||
* Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
|
||||
* html/authentic.html: cleanup, from <stenn@ntp.org>
|
||||
|
||||
---
|
||||
(4.2.8p11) 2018/02/27 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
* [Sec 3454] Unauthenticated packet can reset authenticated interleave
|
||||
associations. HStenn.
|
||||
@ -14,16 +78,16 @@
|
||||
- applied patch by Sean Haugh
|
||||
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
|
||||
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
|
||||
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
|
||||
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
|
||||
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
|
||||
- refactoring the MAC code, too
|
||||
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
|
||||
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
|
||||
- applied patch by ggarvey
|
||||
- applied patch by ggarvey
|
||||
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
|
||||
- applied patch by ggarvey (with minor mods)
|
||||
- applied patch by ggarvey (with minor mods)
|
||||
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
|
||||
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
|
||||
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
|
||||
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
|
||||
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
|
||||
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
|
||||
|
@ -1,5 +1,5 @@
|
||||
--
|
||||
NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
|
||||
NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09)
|
||||
|
||||
NOTE: this NEWS file will be undergoing more revisions.
|
||||
|
||||
@ -7,6 +7,77 @@ Focus: Security, Bug fixes, enhancements.
|
||||
|
||||
Severity: MEDIUM
|
||||
|
||||
This release fixes a "hole" in the noepeer capability introduced to ntpd
|
||||
in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
|
||||
ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements:
|
||||
|
||||
* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
|
||||
|
||||
* [Sec 3012] Fix a hole in the new "noepeer" processing.
|
||||
|
||||
* Bug Fixes:
|
||||
[Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org>
|
||||
[Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
|
||||
other TrustedBSD platforms
|
||||
- applied patch by Ian Lepore <perlinger@ntp.org>
|
||||
[Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org>
|
||||
- changed interaction with SCM to signal pending startup
|
||||
[Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org>
|
||||
- rework of ntpq 'nextvar()' key/value parsing
|
||||
[Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey (with mods)
|
||||
[Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey (with mods)
|
||||
[Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though
|
||||
[Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3471] Check for openssl/[ch]mac.h. HStenn.
|
||||
- add #define ENABLE_CMAC support in configure. HStenn.
|
||||
[Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org>
|
||||
[Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org>
|
||||
- patch by Stephen Friedl
|
||||
[Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org>
|
||||
- fixed IO redirection and CTRL-C handling in ntq and ntpdc
|
||||
[Bug 3465] Default TTL values cannot be used <perlinger@ntp.org>
|
||||
[Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org>
|
||||
- initial patch by Hal Murray; also fixed refclock_report() trouble
|
||||
[Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org>
|
||||
[Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer
|
||||
- According to Brooks Davis, there was only one location <perlinger@ntp.org>
|
||||
[Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org>
|
||||
- applied patch by Gerry Garvey
|
||||
[Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey,
|
||||
with modifications
|
||||
New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c.
|
||||
[Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org>
|
||||
- applied patch by Miroslav Lichvar
|
||||
[Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov.
|
||||
[Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org>
|
||||
- integrated patch by Reinhard Max
|
||||
[Bug 2821] minor build issues <perlinger@ntp.org>
|
||||
- applied patches by Christos Zoulas, including real bug fixes
|
||||
html/authopt.html: cleanup, from <stenn@ntp.org>
|
||||
ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org>
|
||||
Symmetric key range is 1-65535. Update docs. <stenn@ntp.org>
|
||||
|
||||
--
|
||||
NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27)
|
||||
|
||||
Focus: Security, Bug fixes, enhancements.
|
||||
|
||||
Severity: MEDIUM
|
||||
|
||||
This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity
|
||||
vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and
|
||||
provides 65 other non-security fixes and improvements:
|
||||
|
@ -311,6 +311,9 @@
|
||||
/* Provide the explicit 127.0.0.0/8 martian filter? */
|
||||
#undef ENABLE_BUG3020_FIX
|
||||
|
||||
/* Enable CMAC support? */
|
||||
#undef ENABLE_CMAC
|
||||
|
||||
/* nls support in libopts */
|
||||
#undef ENABLE_NLS
|
||||
|
||||
@ -372,6 +375,14 @@
|
||||
/* Define to 1 if you have the `daemon' function. */
|
||||
#undef HAVE_DAEMON
|
||||
|
||||
/* Define to 1 if you have the declaration of `siglongjmp', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_SIGLONGJMP
|
||||
|
||||
/* Define to 1 if you have the declaration of `sigsetjmp', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_SIGSETJMP
|
||||
|
||||
/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
|
||||
don't. */
|
||||
#undef HAVE_DECL_STRERROR_R
|
||||
@ -653,6 +664,12 @@
|
||||
/* if you have NT Threads */
|
||||
#undef HAVE_NT_THREADS
|
||||
|
||||
/* Define to 1 if you have the <openssl/cmac.h> header file. */
|
||||
#undef HAVE_OPENSSL_CMAC_H
|
||||
|
||||
/* Define to 1 if you have the <openssl/hmac.h> header file. */
|
||||
#undef HAVE_OPENSSL_HMAC_H
|
||||
|
||||
/* Define to 1 if the system has the type `pid_t'. */
|
||||
#undef HAVE_PID_T
|
||||
|
||||
@ -957,6 +974,9 @@
|
||||
/* Define to 1 if you have the <sys/lock.h> header file. */
|
||||
#undef HAVE_SYS_LOCK_H
|
||||
|
||||
/* Define to 1 if you have the <sys/mac.h> header file. */
|
||||
#undef HAVE_SYS_MAC_H
|
||||
|
||||
/* Define to 1 if you have the <sys/mman.h> header file. */
|
||||
#undef HAVE_SYS_MMAN_H
|
||||
|
||||
@ -1117,6 +1137,9 @@
|
||||
/* Do we have the TIO serial stuff? */
|
||||
#undef HAVE_TIO_SERIAL_STUFF
|
||||
|
||||
/* Are TrustedBSD MAC policy privileges available? */
|
||||
#undef HAVE_TRUSTEDBSD_MAC
|
||||
|
||||
/* Define to 1 if the system has the type `uint16_t'. */
|
||||
#undef HAVE_UINT16_T
|
||||
|
||||
|
112
contrib/ntp/configure
vendored
112
contrib/ntp/configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11.
|
||||
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p12.
|
||||
#
|
||||
# Report bugs to <http://bugs.ntp.org./>.
|
||||
#
|
||||
@ -590,8 +590,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='ntp'
|
||||
PACKAGE_TARNAME='ntp'
|
||||
PACKAGE_VERSION='4.2.8p11'
|
||||
PACKAGE_STRING='ntp 4.2.8p11'
|
||||
PACKAGE_VERSION='4.2.8p12'
|
||||
PACKAGE_STRING='ntp 4.2.8p12'
|
||||
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
|
||||
PACKAGE_URL='http://www.ntp.org./'
|
||||
|
||||
@ -968,6 +968,7 @@ enable_c99_snprintf
|
||||
enable_clockctl
|
||||
enable_linuxcaps
|
||||
enable_solarisprivs
|
||||
enable_trustedbsd_mac
|
||||
with_arlib
|
||||
with_net_snmp_config
|
||||
enable_libseccomp
|
||||
@ -1614,7 +1615,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems.
|
||||
\`configure' configures ntp 4.2.8p12 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1684,7 +1685,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of ntp 4.2.8p11:";;
|
||||
short | recursive ) echo "Configuration of ntp 4.2.8p12:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1731,6 +1732,8 @@ Optional Features and Packages:
|
||||
--enable-clockctl s Use /dev/clockctl for non-root clock control
|
||||
--enable-linuxcaps + Use Linux capabilities for non-root clock control
|
||||
--enable-solarisprivs + Use Solaris privileges for non-root clock control
|
||||
--enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock
|
||||
control
|
||||
--with-arlib - deprecated, arlib not distributed
|
||||
--with-net-snmp-config + =net-snmp-config
|
||||
--enable-libseccomp EXPERIMENTAL: enable support for libseccomp
|
||||
@ -1923,7 +1926,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
ntp configure 4.2.8p11
|
||||
ntp configure 4.2.8p12
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@ -2632,7 +2635,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by ntp $as_me 4.2.8p11, which was
|
||||
It was created by ntp $as_me 4.2.8p12, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -3633,7 +3636,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='ntp'
|
||||
VERSION='4.2.8p11'
|
||||
VERSION='4.2.8p12'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@ -24026,7 +24029,40 @@ esac
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_have_solarisprivs" >&5
|
||||
$as_echo "$ntp_have_solarisprivs" >&6; }
|
||||
|
||||
case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs" in
|
||||
for ac_header in sys/mac.h
|
||||
do :
|
||||
ac_fn_c_check_header_mongrel "$LINENO" "sys/mac.h" "ac_cv_header_sys_mac_h" "$ac_includes_default"
|
||||
if test "x$ac_cv_header_sys_mac_h" = xyes; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_SYS_MAC_H 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
|
||||
# Check whether --enable-trustedbsd_mac was given.
|
||||
if test "${enable_trustedbsd_mac+set}" = set; then :
|
||||
enableval=$enable_trustedbsd_mac; ntp_use_trustedbsd_mac=$enableval
|
||||
|
||||
fi
|
||||
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should use TrustedBSD MAC privileges" >&5
|
||||
$as_echo_n "checking if we should use TrustedBSD MAC privileges... " >&6; }
|
||||
|
||||
case "$ntp_use_trustedbsd_mac$ac_cv_header_sys_mac_h" in
|
||||
yesyes)
|
||||
|
||||
$as_echo "#define HAVE_TRUSTEDBSD_MAC 1" >>confdefs.h
|
||||
|
||||
esac
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_use_trustedbsd_mac" >&5
|
||||
$as_echo "$ntp_use_trustedbsd_mac" >&6; }
|
||||
|
||||
case "$ntp_use_dev_clockctl$ntp_have_linuxcaps$ntp_have_solarisprivs$ntp_use_trustedbsd_mac" in
|
||||
*yes*)
|
||||
|
||||
$as_echo "#define HAVE_DROPROOT 1" >>confdefs.h
|
||||
@ -30311,6 +30347,19 @@ $as_echo "$ntp_openssl" >&6; }
|
||||
|
||||
case "$ntp_openssl" in
|
||||
yes)
|
||||
for ac_header in openssl/cmac.h openssl/hmac.h
|
||||
do :
|
||||
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
|
||||
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
|
||||
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
|
||||
_ACEOF
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
|
||||
$as_echo "#define OPENSSL /**/" >>confdefs.h
|
||||
|
||||
@ -30534,6 +30583,21 @@ LIBS="$NTPO_SAVED_LIBS"
|
||||
{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;}
|
||||
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable CMAC support" >&5
|
||||
$as_echo_n "checking if we want to enable CMAC support... " >&6; }
|
||||
case "$ac_cv_header_openssl_cmac_h" in
|
||||
yes)
|
||||
|
||||
$as_echo "#define ENABLE_CMAC 1" >>confdefs.h
|
||||
|
||||
ans="yes"
|
||||
;;
|
||||
*) ans="no"
|
||||
;;
|
||||
esac
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ans" >&5
|
||||
$as_echo "$ans" >&6; }
|
||||
|
||||
|
||||
|
||||
|
||||
@ -33221,6 +33285,32 @@ fi
|
||||
|
||||
|
||||
|
||||
###
|
||||
|
||||
ac_fn_c_check_decl "$LINENO" "sigsetjmp" "ac_cv_have_decl_sigsetjmp" "#include <setjmp.h>
|
||||
"
|
||||
if test "x$ac_cv_have_decl_sigsetjmp" = xyes; then :
|
||||
ac_have_decl=1
|
||||
else
|
||||
ac_have_decl=0
|
||||
fi
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_DECL_SIGSETJMP $ac_have_decl
|
||||
_ACEOF
|
||||
ac_fn_c_check_decl "$LINENO" "siglongjmp" "ac_cv_have_decl_siglongjmp" "#include <setjmp.h>
|
||||
"
|
||||
if test "x$ac_cv_have_decl_siglongjmp" = xyes; then :
|
||||
ac_have_decl=1
|
||||
else
|
||||
ac_have_decl=0
|
||||
fi
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
#define HAVE_DECL_SIGLONGJMP $ac_have_decl
|
||||
_ACEOF
|
||||
|
||||
|
||||
###
|
||||
|
||||
|
||||
@ -33964,7 +34054,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by ntp $as_me 4.2.8p11, which was
|
||||
This file was extended by ntp $as_me 4.2.8p12, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -34031,7 +34121,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
ntp config.status 4.2.8p11
|
||||
ntp config.status 4.2.8p12
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
@ -3014,6 +3014,17 @@ AC_MSG_RESULT([$ans])
|
||||
|
||||
NTP_OPENSSL
|
||||
|
||||
AC_MSG_CHECKING([if we want to enable CMAC support])
|
||||
case "$ac_cv_header_openssl_cmac_h" in
|
||||
yes)
|
||||
AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?])
|
||||
ans="yes"
|
||||
;;
|
||||
*) ans="no"
|
||||
;;
|
||||
esac
|
||||
AC_MSG_RESULT([$ans])
|
||||
|
||||
NTP_CRYPTO_RAND
|
||||
|
||||
# if we are using OpenSSL (--with-crypto), by default Autokey is enabled
|
||||
@ -4380,6 +4391,10 @@ NTP_PROBLEM_TESTS
|
||||
|
||||
###
|
||||
|
||||
AC_CHECK_DECLS([sigsetjmp,siglongjmp], [], [], [[#include <setjmp.h>]])
|
||||
|
||||
###
|
||||
|
||||
AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir],
|
||||
[Default location of crypto key info])
|
||||
|
||||
|
@ -1,91 +1,223 @@
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
|
||||
<meta name="generator" content="HTML Tidy, see www.w3.org">
|
||||
<title>Authentication Support</title>
|
||||
<link href="scripts/style.css" type="text/css" rel="stylesheet">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
<style1 {
|
||||
color: #FF0000;
|
||||
font-weight: bold;
|
||||
}
|
||||
.style1 {color: #FF0000}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h3>Authentication Support</h3>
|
||||
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
|
||||
<p>Our resident cryptographer; now you see him, now you don't.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->5-Feb-2016 09:13<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
<script type="text/javascript" language="javascript" src="scripts/hand.txt"></script>
|
||||
<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
|
||||
<h4>Table of Contents</h4>
|
||||
<ul>
|
||||
<li class="inline"><a href="#auth">Introduction</a></li>
|
||||
<li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
|
||||
<li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li>
|
||||
<li class="inline"><a href="#pub">Public Key Cryptography</a></li>
|
||||
</ul>
|
||||
<hr>
|
||||
<h4 id="auth">Introduction</h4>
|
||||
<p>This page describes the various cryptographic authentication provisions in NTPv4. Authentication support allows the NTP client to verify that servers are in fact known and trusted and not intruders intending accidentally or intentionally to masquerade as a legitimate server. A detailed discussion of the NTP multi-layer security model and vulnerability analysis is in the white paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP Security Analysis</a>.</p>
|
||||
<p> The NTPv3 specification (RFC-1305) defined an authentication scheme properly described as <em>symmetric key cryptography</em>. It used the Data Encryption Standard (DES) algorithm operating in cipher-block chaining (CBC) mode. Subsequently, this algorithm was replaced by the RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5. Either algorithm computes a message digest or one-way hash which can be used to verify the client has the same message digest as the server. The MD5 message digest algorithm is included in the distribution, so without further cryptographic support, the distribution can be freely exported.</p>
|
||||
<p>If the OpenSSL cryptographic library is installed prior to building the distribution, all message digest algorithms included in the library may be used, including SHA and SHA1. However, if conformance to FIPS 140-2 is required, only a limited subset of these algorithms can be used. This library is available from <a href="http://www.openssl.org">http://www.openssl.org</a> and can be installed using the procedures outlined in the <a href="build.html">Building and Installing the Distribution</a> page. Once installed, the configure and build process automatically detects the library and links the library routines
|
||||
required.</p>
|
||||
<p>In addition to the symmetric key algorithms, this distribution includes support for the Autokey public key algorithms and protocol specified in RFC-5906 "Network Time Protocol Version 4: Autokey Specification". This support is available only if the OpenSSL library has been installed and the <tt>--enable-autokey</tt> option is used when the distribution is built.</p>
|
||||
<p> Public key cryptography is generally considered more secure than symmetric key cryptography, since the security is based on private and public values which are generated by each participant and where the private value is never revealed. Autokey uses X.509 public certificates, which can be produced by commercial services, the OpenSSL application program, or the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in the NTP software distribution.</p>
|
||||
<p>Note that according to US law, NTP binaries including OpenSSL library components, including the OpenSSL library itself, cannot be exported outside the US without license from the US Department of Commerce. Builders outside the US are advised to obtain the OpenSSL library directly from OpenSSL, which is outside the US, and build outside the US.</p>
|
||||
<p>Authentication is configured separately for each association using the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt> configuration command, as described in the <a href="confopt.html">Server Options</a> page. The <a href="keygen.html">ntp-keygen</a> page describes the files required for the various authentication schemes. Further details are in the briefings, papers and reports at the NTP project page linked from <a href="http://www.ntp.org">www.ntp.org</a>.</p>
|
||||
<p>By default, the client sends non-authenticated packets and the server responds with non-authenticated packets. If the client sends authenticated packets, the server responds with authenticated packets if correct, or a crypto-NAK packet if not. In the case of unsolicited packets which might consume significant resources, such as broadcast or symmetric mode packets, authentication is required, unless overridden by a <tt>disable auth</tt> command. In the current climate of targeted broadcast or "letterbomb" attacks, defeating this requirement would be decidedly dangerous. In any case, the <tt>notrust </tt>flag, described on the <a href="authopt.html">Access Control Options</a> page, can be used to disable access to all but correctly authenticated clients.</p>
|
||||
<h4 id="symm">Symmetric Key Cryptography</h4>
|
||||
<p>The original NTPv3 specification (RFC-1305), as well as the current NTPv4 specification (RFC-5905), allows any one of possibly 65,534 message digest keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association. The servers and clients involved must agree on the key ID, key type and key to authenticate NTP packets.</p>
|
||||
<p>The message digest is a cryptographic hash computed by an algorithm such as MD5, SHA, or AES-128 CMAC. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p>
|
||||
<p>Keys and related information are specified in a keys file, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can be constructed and edited using an ordinary text editor.</p>
|
||||
<p> Each line of the keys file consists of three or four fields: a key ID in the range 1 to 65,534, inclusive, a key type, a message digest key consisting of a printable ASCII string less than 40 characters or a 40-character hex digit string, and an optional comma-separated list of IPs that are allowed to serve time. If the OpenSSL library is installed, the key type can be any message digest algorithm supported by the library. If the OpenSSL library is not installed, the only permitted key type is MD5.</p>
|
||||
<table>
|
||||
<caption style="caption-side: bottom;">
|
||||
Figure 1. Typical Symmetric Key File
|
||||
</caption>
|
||||
<tr><td style="border: 1px solid black; border-spacing: 0;">
|
||||
<pre style="color:grey;">
|
||||
# ntpkey_MD5key_bk.ntp.org.3595864945
|
||||
# Thu Dec 12 19:22:25 2013
|
||||
<head>
|
||||
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
|
||||
<meta name="generator" content="HTML Tidy, see www.w3.org">
|
||||
<title>Authentication Support</title>
|
||||
<!-- Changed by: Harlan Stenn, 24-Jul-2018 -->
|
||||
<link href="scripts/style.css" type="text/css" rel="stylesheet">
|
||||
<style type="text/css">
|
||||
<!--
|
||||
<style1 {
|
||||
color: #FF0000;
|
||||
font-weight: bold;
|
||||
}
|
||||
.style1 {color: #FF0000}
|
||||
-->
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h3>Authentication Support</h3>
|
||||
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
|
||||
<p>Our resident cryptographer; now you see him, now you don't.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->24-Jul-2018 09:12<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
<script type="text/javascript" language="javascript" src="scripts/hand.txt"></script>
|
||||
<script type="text/javascript" language="javascript" src="scripts/authopt.txt"></script>
|
||||
<h4>Table of Contents</h4>
|
||||
<ul>
|
||||
<li class="inline"><a href="#auth">Introduction</a></li>
|
||||
<li class="inline"><a href="#symm">Symmetric Key Cryptography</a></li>
|
||||
<li class="inline"><a href="#windows">Microsoft Windows Authentication</a></li>
|
||||
<li class="inline"><a href="#pub">Public Key Cryptography</a></li>
|
||||
</ul>
|
||||
<hr>
|
||||
<h4 id="auth">Introduction</h4>
|
||||
<p>This page describes the various cryptographic authentication
|
||||
provisions in NTPv4. Authentication support allows the NTP client to
|
||||
verify that servers are in fact known and trusted and not intruders
|
||||
intending accidentally or intentionally to masquerade as a legitimate
|
||||
server. A detailed discussion of the NTP multi-layer security model
|
||||
and vulnerability analysis is in the white
|
||||
paper <a href="http://www.eecis.udel.edu/~mills/security.html">NTP
|
||||
Security Analysis</a>.</p>
|
||||
<p>The NTPv3 specification (RFC-1305) defined an authentication scheme
|
||||
properly described as <em>symmetric key cryptography</em>. It used
|
||||
the Data Encryption Standard (DES) algorithm operating in cipher-block
|
||||
chaining (CBC) mode. Subsequently, this algorithm was replaced by the
|
||||
RSA Message Digest 5 (MD5) algorithm commonly called keyed-MD5.
|
||||
Either algorithm computes a message digest or one-way hash which can
|
||||
be used to verify the client has the same message digest as the
|
||||
server. The MD5 message digest algorithm is included in the
|
||||
distribution, so without further cryptographic support, the
|
||||
distribution can be freely exported.</p>
|
||||
<p>If the OpenSSL cryptographic library is installed prior to building
|
||||
the distribution, all message digest algorithms included in the
|
||||
library may be used, including SHA and SHA1. However, if conformance
|
||||
to FIPS 140-2 is required, only a limited subset of these algorithms
|
||||
can be used. This library is available
|
||||
from <a href="http://www.openssl.org">http://www.openssl.org</a> and
|
||||
can be installed using the procedures outlined in
|
||||
the <a href="build.html">Building and Installing the Distribution</a>
|
||||
page. Once installed, the configure and build process automatically
|
||||
detects the library and links the library routines required.</p>
|
||||
<p>In addition to the symmetric key algorithms, this distribution
|
||||
includes support for the Autokey public key algorithms and protocol
|
||||
specified in RFC-5906 "Network Time Protocol Version 4: Autokey
|
||||
Specification". This support is available only if the OpenSSL
|
||||
library has been installed and the <tt>--enable-autokey</tt> option is
|
||||
used when the distribution is built.</p>
|
||||
<p> Public key cryptography is generally considered more secure than
|
||||
symmetric key cryptography, since the security is based on private and
|
||||
public values which are generated by each participant and where the
|
||||
private value is never revealed. Autokey uses X.509 public
|
||||
certificates, which can be produced by commercial services, the
|
||||
OpenSSL application program, or
|
||||
the <a href="keygen.html"><tt>ntp-keygen</tt></a> utility program in
|
||||
the NTP software distribution.</p>
|
||||
<p>Note that according to US law, NTP binaries including OpenSSL library
|
||||
components, including the OpenSSL library itself, cannot be exported
|
||||
outside the US without license from the US Department of Commerce.
|
||||
Builders outside the US are advised to obtain the OpenSSL library
|
||||
directly from OpenSSL, which is outside the US, and build outside the
|
||||
US.</p>
|
||||
<p>Authentication is configured separately for each association using
|
||||
the <tt>key</tt> or <tt>autokey</tt> option of the <tt>server</tt>
|
||||
configuration command, as described in
|
||||
the <a href="confopt.html">Server Options</a> page.
|
||||
The <a href="keygen.html">ntp-keygen</a> page describes the files
|
||||
required for the various authentication schemes. Further details are
|
||||
in the briefings, papers and reports at the NTP project page linked
|
||||
from <a href="http://www.ntp.org">www.ntp.org</a>.</p>
|
||||
<p>By default, the client sends non-authenticated packets and the server
|
||||
responds with non-authenticated packets. If the client sends
|
||||
authenticated packets, the server responds with authenticated packets
|
||||
if correct, or a crypto-NAK packet if not. In the case of unsolicited
|
||||
packets which might consume significant resources, such as broadcast
|
||||
or symmetric mode packets, authentication is required, unless
|
||||
overridden by a <tt>disable auth</tt> command. In the current climate
|
||||
of targeted broadcast or "letterbomb" attacks, defeating
|
||||
this requirement would be decidedly dangerous. In any case,
|
||||
the <tt>notrust </tt>flag, described on
|
||||
the <a href="authopt.html">Access Control Options</a> page, can be
|
||||
used to disable access to all but correctly authenticated clients.</p>
|
||||
<h4 id="symm">Symmetric Key Cryptography</h4>
|
||||
<p>The original NTPv3 specification (RFC-1305), as well as the current
|
||||
NTPv4 specification (RFC-5905), allows any one of possibly 65,535
|
||||
message digest keys (excluding zero), each distinguished by a 32-bit
|
||||
key ID, to authenticate an association. The servers and clients
|
||||
involved must agree on the key ID, key type and key to authenticate
|
||||
NTP packets.</p>
|
||||
<p>The message digest is a cryptographic hash computed by an algorithm
|
||||
such as MD5, SHA, or AES-128 CMAC. When authentication is specified,
|
||||
a message authentication code (MAC) is appended to the NTP packet
|
||||
header. The MAC consists of a 32-bit key identifier (key ID) followed
|
||||
by a 128- or 160-bit message digest. The algorithm computes the
|
||||
digest as the hash of a 128- or 160- bit message digest key
|
||||
concatenated with the NTP packet header fields with the exception of
|
||||
the MAC. On transmit, the message digest is computed and inserted in
|
||||
the MAC. On receive, the message digest is computed and compared with
|
||||
the MAC. The packet is accepted only if the two MACs are identical.
|
||||
If a discrepancy is found by the client, the client ignores the
|
||||
packet, but raises an alarm. If this happens at the server, the
|
||||
server returns a special message called a <em>crypto-NAK</em>. Since
|
||||
the crypto-NAK is protected by the loopback test, an intruder cannot
|
||||
disrupt the protocol by sending a bogus crypto-NAK.</p>
|
||||
<p>Keys and related information are specified in a keys file, which must
|
||||
be distributed and stored using secure means beyond the scope of the
|
||||
NTP protocol itself. Besides the keys used for ordinary NTP
|
||||
associations, additional keys can be used as passwords for
|
||||
the <tt><a href="ntpq.html">ntpq</a></tt>
|
||||
and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.
|
||||
Ordinarily, the <tt>ntp.keys</tt> file is generated by
|
||||
the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can
|
||||
be constructed and edited using an ordinary text editor.</p>
|
||||
<p> Each line of the keys file consists of three or four fields: a key
|
||||
ID in the range 1 to 65,535, inclusive, a key type, a message digest
|
||||
key consisting of a printable ASCII string less than 40 characters or
|
||||
a 40-character hex digit string, and an optional comma-separated list
|
||||
of IPs that are allowed to serve time. If the OpenSSL library is
|
||||
installed, the key type can be any message digest algorithm supported
|
||||
by the library. If the OpenSSL library is not installed, the only
|
||||
permitted key type is MD5.</p>
|
||||
<table>
|
||||
<caption style="caption-side: bottom;">
|
||||
Figure 1. Typical Symmetric Key File
|
||||
</caption>
|
||||
<tr><td style="border: 1px solid black; border-spacing: 0;">
|
||||
<pre style="color:grey;">
|
||||
# ntpkey_MD5key_bk.ntp.org.3595864945
|
||||
# Thu Dec 12 19:22:25 2013
|
||||
|
||||
1 MD5 L";Nw<`.I<f4U0)247"i # MD5 key
|
||||
2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key
|
||||
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
|
||||
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
|
||||
5 MD5 B;fxlKgr/&4ZTbL6=RxA # MD5 key
|
||||
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
|
||||
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
|
||||
8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
|
||||
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
|
||||
10 MD5 2late4Me # MD5 key
|
||||
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
|
||||
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
|
||||
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
|
||||
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
|
||||
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
|
||||
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
|
||||
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
|
||||
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
|
||||
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
|
||||
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
|
||||
</pre></td></tr></table>
|
||||
<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be changed to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
|
||||
<p>When <tt>ntpd</tt> is started, it reads the keys file specified by the <tt>keys</tt> command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpq</tt> or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p>
|
||||
<h4 id="windows">Microsoft Windows Authentication</h4>
|
||||
<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft Windows MS-SNTP authentication using Active Directory services. This support was contributed by the Samba Team and is still in development. It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> command described on the <a href="accopt.html#restrict">Access Control Options</a> page. <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></p>
|
||||
<h4 id="pub">Public Key Cryptography</h4>
|
||||
<p>See the <a href="autokey.html">Autokey Public-Key Authentication</a> page.</p>
|
||||
<hr>
|
||||
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
|
||||
</body>
|
||||
1 MD5 L";Nw<`.I<f4U0)247"i # MD5 key
|
||||
2 MD5 &>l0%XXK9O'51VwV<xq~ # MD5 key
|
||||
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
|
||||
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
|
||||
5 MD5 B;fxlKgr/&4ZTbL6=RxA # MD5 key
|
||||
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
|
||||
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
|
||||
8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
|
||||
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
|
||||
10 MD5 2late4Me # MD5 key
|
||||
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
|
||||
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
|
||||
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
|
||||
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
|
||||
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
|
||||
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
|
||||
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
|
||||
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
|
||||
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
|
||||
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
|
||||
21 MD5 sampo 10.1.2.3/24
|
||||
</pre></td></tr></table>
|
||||
<p>Figure 1 shows a typical symmetric keys file used by the reference
|
||||
implementation when the OpenSSL library is installed. Each line of
|
||||
the file contains three or four fields. The first field is an integer
|
||||
between 1 and 65535, inclusive, representing the key identifier. The
|
||||
second field is the digest algorithm, which in the absence of the
|
||||
OpenSSL library must be <tt>MD5</tt>, which designates the MD5 message
|
||||
digest algorithm. The third field is the key. The optional fourth
|
||||
field is one or more comma-separated IPs. An IP may end with an
|
||||
optional <tt>/subnetbits</tt> suffix, which limits the acceptance of
|
||||
the key identifier to packets claiming to be from the described IP
|
||||
space. In this example, for the key IDs in the range 1-10 the key is
|
||||
interpreted as a printable ASCII string. For the key IDs in the range
|
||||
11-20, the key is a 40-character hex digit string. In either case,
|
||||
the key is truncated or zero-filled internally to either 128 or 160
|
||||
bits, depending on the key type. The line can be edited later or new
|
||||
lines can be added to change any field. The key can be changed to a
|
||||
password, such as <tt>2late4Me</tt> for key ID 10. Note that two or
|
||||
more keys files can be combined in any order as long as the key IDs
|
||||
are distinct.</p>
|
||||
<p>When <tt>ntpd</tt> is started, it reads the keys file specified by
|
||||
the <tt>keys</tt> command and installs the keys in the key cache.
|
||||
However, individual keys must be activated with
|
||||
the <tt>trustedkey</tt> configuration command before use. This
|
||||
allows, for instance, the installation of possibly several batches of
|
||||
keys and then activating a key remotely using <tt>ntpq</tt>
|
||||
or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID
|
||||
used as the password for the <tt>ntpdc</tt> utility, while
|
||||
the <tt>controlkey</tt> command selects the key ID used as the
|
||||
password for the <tt>ntpq</tt> utility.</p>
|
||||
<h4 id="windows">Microsoft Windows Authentication</h4>
|
||||
<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft
|
||||
Windows MS-SNTP authentication using Active Directory services. This
|
||||
support was contributed by the Samba Team and is still in development.
|
||||
It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt>
|
||||
command described on the <a href="accopt.html#restrict">Access Control
|
||||
Options</a> page. <span class="style1">Note: Potential users should
|
||||
be aware that these services involve a TCP connection to another
|
||||
process that could potentially block, denying services to other users.
|
||||
Therefore, this flag should be used only for a dedicated server with
|
||||
no clients other than MS-SNTP.</span></p>
|
||||
<h4 id="pub">Public Key Cryptography</h4>
|
||||
<p>See the <a href="autokey.html">Autokey Public-Key Authentication</a>
|
||||
page.</p>
|
||||
<hr>
|
||||
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
|
||||
</body>
|
||||
</html>
|
||||
|
@ -4,6 +4,7 @@
|
||||
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
|
||||
<meta name="generator" content="HTML Tidy, see www.w3.org">
|
||||
<title>Authentication Commands and Options</title>
|
||||
<!-- Changed by: stenn, 25-May-2018 -->
|
||||
<link href="scripts/style.css" type="text/css" rel="stylesheet">
|
||||
<style type="text/css">
|
||||
.style1 {
|
||||
@ -17,7 +18,7 @@
|
||||
<img src="pic/alice44.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
|
||||
<p>Our resident cryptographer; now you see him, now you don't.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->15-Oct-2011 01:00<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
@ -28,65 +29,65 @@
|
||||
<p>Unless noted otherwise, further information about these commands is on the <a href="authentic.html">Authentication Support</a> page.</p>
|
||||
<dl>
|
||||
<dt id=automax><tt>automax [<i>logsec</i>]</tt></dt>
|
||||
<dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd>
|
||||
<dd>Specifies the interval between regenerations of the session key list used with the Autokey protocol, as a power of 2 in seconds. Note that the size of the key list for each association depends on this interval and the current poll interval. The default interval is 12 (about 1.1 hr). For poll intervals above the specified interval, a session key list with a single entry will be regenerated for every message sent. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information.</dd>
|
||||
<dt id="controlkey"><tt>controlkey <i>keyid</i></tt></dt>
|
||||
<dd>Specifies the key ID for the <a
|
||||
href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the
|
||||
standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
|
||||
key</a>, where the value can be in the range 1 to 65534,
|
||||
standard protocol defined in RFC-1305. The <tt><i>keyid</i></tt> argument is the key ID for a <a href="#trustedkey">trusted
|
||||
key</a>, where the value can be in the range 1 to 65535,
|
||||
inclusive.</dd>
|
||||
<dt id="crypto"><tt>crypto [digest</tt> <em><tt>digest</tt></em><tt>]</tt> <tt>[host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
|
||||
<dt id="crypto"><tt>crypto [digest <i>digest</i>] [host <i>name</i>] [ident <i>name</i>] [pw <i>password</i>] [randfile <i>file</i>]</tt></dt>
|
||||
<dd>This command activates the Autokey public key cryptography
|
||||
and loads the required host keys and certificate. If one or more files
|
||||
are unspecified, the default names are used. Unless
|
||||
and loads the required host keys and certificate. If one or more files
|
||||
are unspecified, the default names are used. Unless
|
||||
the complete path and name of the file are specified, the location of a file
|
||||
is relative to the keys directory specified in the <tt>keysdir</tt> configuration
|
||||
command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd>
|
||||
command with default <tt>/usr/local/etc</tt>. See the <a href="autokey.html">Autokey Public Key Authentication</a> page for further information. Following are the options.</dd>
|
||||
<dd>
|
||||
<dl>
|
||||
<dt><tt>digest</tt> <em><tt>digest</tt></em></dt>
|
||||
<dt><tt>digest</tt> <i>digest</i></dt>
|
||||
<dd> </dd>
|
||||
<dd>Specify the message digest algorithm, with default MD5. If the OpenSSL library
|
||||
is installed, <tt><i>digest</i></tt> can be be any message digest algorithm supported
|
||||
by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All
|
||||
participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric
|
||||
key message digest algorithm. Note: If compliance with FIPS 140-2 is required,
|
||||
by the library. The current selections are: <tt>MD2</tt>, <tt>MD4</tt>, <tt>MD5,</tt> <tt>MDC2</tt>, <tt>RIPEMD160</tt>, <tt>SHA</tt> and <tt>SHA1</tt>. All
|
||||
participants in an Autokey subnet must use the same algorithm. The Autokey message digest algorithm is separate and distinct from the symmetric
|
||||
key message digest algorithm. Note: If compliance with FIPS 140-2 is required,
|
||||
the algorithm must be ether <tt>SHA</tt> or <tt>SHA1</tt>.</dd>
|
||||
<dt><tt>host <i>name</i></tt></dt>
|
||||
<dd>Specify the cryptographic media names for the host, sign and certificate files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
|
||||
<dd>Specify the cryptographic media names for the host, sign and certificate files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
|
||||
<dd><span class="style1">Note: In the latest Autokey version, this option has no effect other than to change the cryptographic media file names.</span></dd>
|
||||
<dt><tt>ident <i>group</i></tt></dt>
|
||||
<dd>Specify the cryptographic media names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
|
||||
<dd>Specify the cryptographic media names for the identity scheme files. If this option is not specified, the default name is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
|
||||
<dd><span class="style1">Note: In the latest Autokey version, this option has no effect other than to change the cryptographic media file names.</span></dd>
|
||||
<dt><tt>pw <i>password</i></tt></dt>
|
||||
<dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine. </dd>
|
||||
<dd>Specifies the password to decrypt files previously encrypted by the <tt>ntp-keygen</tt> program with the <tt>-p</tt> option. If this option is not specified, the default password is the string returned by the Unix <tt>gethostname()</tt> routine.</dd>
|
||||
<dt><tt>randfile <i>file</i></tt></dt>
|
||||
<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd>
|
||||
<dd>Specifies the location of the random seed file used by the OpenSSL library. The defaults are described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>.</dd>
|
||||
</dl>
|
||||
</dd>
|
||||
<dt id="ident"><tt>ident <i>group</i></tt></dt>
|
||||
<dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
|
||||
<dd>Specifies the group name for ephemeral associations mobilized by broadcast and symmetric passive modes. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
|
||||
<dt id="keys"><tt>keys <i>path</i></tt></dt>
|
||||
<dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>. This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
|
||||
<dd>Specifies the complete directory path for the key file containing the key IDs, key types and keys used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. The format of the keyfile is described on the <a href="keygen.html"><tt>ntp-keygen</tt> page</a>. This is the same operation as the <tt>-k</tt> command line option. Note that the directory path for Autokey cryptographic media is specified by the <tt>keysdir</tt> command.</dd>
|
||||
<dt id="keysdir"><tt>keysdir <i>path</i></tt></dt>
|
||||
<dd>Specifies the complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
|
||||
<dd>Specifies the complete directory path for the Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
|
||||
<dt id="requestkey"><tt>requestkey <i>keyid</i></tt></dt>
|
||||
<dd>Specifies the key ID for the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which
|
||||
uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
|
||||
uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>keyid</i></tt> argument is a key ID
|
||||
for a <a href="#trustedkey">trusted key</a>, in the range 1 to
|
||||
65534, inclusive.</dd>
|
||||
65535, inclusive.</dd>
|
||||
<dt id="revoke"><tt>revoke [<i>logsec</i>]</tt></dt>
|
||||
<dd>Specifies the interval between re-randomization of certain cryptographic values used by the Autokey scheme, as a power of 2 in seconds, with default 17 (36 hr). See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
|
||||
<dt id="trustedkey"><tt>trustedkey [<i>keyid</i> | (<i>lowid</i> ... <i>highid</i>)] [...]</tt></dt>
|
||||
<dd>Specifies the key ID(s) which are trusted for the purposes of
|
||||
authenticating peers with symmetric key cryptography. Key IDs
|
||||
used to authenticate <tt>ntpq</tt> and <tt>ntpdc</tt> operations
|
||||
must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication
|
||||
must be listed here and additionally be enabled with <a href="#controlkey">controlkey</a> and/or <a href="#requestkey">requestkey</a>. The authentication
|
||||
procedure for time transfer requires that both the local and
|
||||
remote NTP servers employ the same key ID and secret for this
|
||||
purpose, although different keys IDs may be used with different
|
||||
servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the
|
||||
lowest 120 key IDs which start with the digit 1. The spaces
|
||||
servers. Ranges of trusted key IDs may be specified: <tt>trustedkey (1 ... 19) 1000 (100 ... 199)</tt> enables the
|
||||
lowest 120 key IDs which start with the digit 1. The spaces
|
||||
surrounding the ellipsis are required when specifying a range.</dd>
|
||||
</dl>
|
||||
<hr>
|
||||
|
@ -13,7 +13,7 @@
|
||||
Walt Kelly</a>
|
||||
<p>The chicken is getting configuration advice.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->10-Mar-2014 05:01<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
@ -67,7 +67,7 @@ Walt Kelly</a>
|
||||
<dt><tt>ident</tt> <em><tt>group</tt></em></dt>
|
||||
<dd>Specify the group name for the association. See the <a href="autokey.html">Autokey Public-Key Authentication</a> page for further information.</dd>
|
||||
<dt><tt>key</tt> <i><tt>key</tt></i></dt>
|
||||
<dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65534, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
|
||||
<dd>Send and receive packets authenticated by the symmetric key scheme described in the <a href="authentic.html">Authentication Support</a> page. The <i><tt>key</tt></i> specifies the key identifier with values from 1 to 65535, inclusive. This option is mutually exclusive with the <tt>autokey</tt> option.</dd> <dt><tt>minpoll <i>minpoll<br>
|
||||
</i></tt><tt>maxpoll <i>maxpoll</i></tt></dt>
|
||||
<dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36 hr). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). Additional information about this option is on the <a href="poll.html">Poll Program</a> page.</dd>
|
||||
<dt><tt>mode <i>option</i></tt></dt>
|
||||
|
@ -11,7 +11,7 @@
|
||||
<p><img src="pic/alice23.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a></p>
|
||||
<p>Alice holds the key.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->11-Jan-2018 11:55<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->24-Jul-2018 07:27<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
@ -313,7 +313,7 @@
|
||||
</pre></td></tr></table>
|
||||
<p>Figure 1 shows a typical symmetric keys file used by the reference
|
||||
implementation. Each line of the file contains three or four fields,
|
||||
first an integer between 1 and 65534, inclusive, representing the key
|
||||
first an integer between 1 and 65535, inclusive, representing the key
|
||||
identifier used in the <tt>server</tt> and <tt>peer</tt> configuration
|
||||
commands. Second is the key type for the message digest algorithm,
|
||||
which in the absence of the OpenSSL library must be <tt>MD5</tt> to
|
||||
|
@ -11,7 +11,7 @@
|
||||
<img src="pic/rabbit.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
|
||||
<p>I told you it was eyeball and wristwatch.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->9-Feb-2014 03:34<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->21-Jul-2018 04:09<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<hr>
|
||||
@ -63,7 +63,7 @@ Protocol (SNTP) Client</a> page. After a suitable period of mourning, the <tt>n
|
||||
<dt><tt>-s</tt></dt>
|
||||
<dd>Divert logging output from the standard output (default) to the system <tt>syslog</tt> facility. This is designed primarily for convenience of <tt>cron</tt> scripts.</dd>
|
||||
<dt><tt>-t <i>timeout</i></tt></dt>
|
||||
<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.</dd>
|
||||
<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 2 seconds, a value suitable for polling across a LAN.</dd>
|
||||
<dt><tt>-u</tt></dt>
|
||||
<dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
|
||||
<dt><tt>-<i>v</i></tt></dt>
|
||||
|
@ -610,6 +610,18 @@ struct pkt {
|
||||
#define STRATUM_TO_PKT(s) ((u_char)(((s) == (STRATUM_UNSPEC)) ?\
|
||||
(STRATUM_PKT_UNSPEC) : (s)))
|
||||
|
||||
|
||||
/*
|
||||
* A test to determine if the refid should be interpreted as text string.
|
||||
* This is usually the case for a refclock, which has stratum 0 internally,
|
||||
* which results in sys_stratum 1 if the refclock becomes system peer, or
|
||||
* in case of a kiss-of-death (KoD) packet that has STRATUM_PKT_UNSPEC (==0)
|
||||
* in the packet which is converted to STRATUM_UNSPEC when the packet
|
||||
* is evaluated.
|
||||
*/
|
||||
#define REFID_ISTEXT(s) (((s) <= 1) || ((s) >= STRATUM_UNSPEC))
|
||||
|
||||
|
||||
/*
|
||||
* Event codes. Used for reporting errors/events to the control module
|
||||
*/
|
||||
|
@ -7,8 +7,13 @@
|
||||
#define NTP_MD5_H
|
||||
|
||||
#ifdef OPENSSL
|
||||
# include "openssl/evp.h"
|
||||
# include <openssl/evp.h>
|
||||
# include "libssl_compat.h"
|
||||
# ifdef HAVE_OPENSSL_CMAC_H
|
||||
# include <openssl/cmac.h>
|
||||
# define CMAC "AES128CMAC"
|
||||
# define AES_128_KEY_SIZE 16
|
||||
# endif /*HAVE_OPENSSL_CMAC_H*/
|
||||
#else /* !OPENSSL follows */
|
||||
/*
|
||||
* Provide OpenSSL-alike MD5 API if we're not using OpenSSL
|
||||
|
@ -67,8 +67,6 @@ isc_random_seed(isc_uint32_t seed)
|
||||
|
||||
#ifndef HAVE_ARC4RANDOM
|
||||
srand(seed);
|
||||
#else
|
||||
arc4random_addrandom((u_char *) &seed, sizeof(isc_uint32_t));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -12,12 +12,6 @@
|
||||
#include "ntp_md5.h" /* provides OpenSSL digest API */
|
||||
#include "isc/string.h"
|
||||
|
||||
#ifdef OPENSSL
|
||||
# include "openssl/cmac.h"
|
||||
# define CMAC "AES128CMAC"
|
||||
# define AES_128_KEY_SIZE 16
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
const void * buf;
|
||||
size_t len;
|
||||
@ -28,7 +22,7 @@ typedef struct {
|
||||
size_t len;
|
||||
} rwbuffT;
|
||||
|
||||
#ifdef OPENSSL
|
||||
#if defined(OPENSSL) && defined(ENABLE_CMAC)
|
||||
static size_t
|
||||
cmac_ctx_size(
|
||||
CMAC_CTX * ctx)
|
||||
@ -42,7 +36,7 @@ cmac_ctx_size(
|
||||
}
|
||||
return mlen;
|
||||
}
|
||||
#endif /*OPENSSL*/
|
||||
#endif /*OPENSSL && ENABLE_CMAC*/
|
||||
|
||||
static size_t
|
||||
make_mac(
|
||||
@ -63,6 +57,7 @@ make_mac(
|
||||
INIT_SSL();
|
||||
|
||||
/* Check if CMAC key type specific code required */
|
||||
# ifdef ENABLE_CMAC
|
||||
if (ktype == NID_cmac) {
|
||||
CMAC_CTX * ctx = NULL;
|
||||
void const * keyptr = key->buf;
|
||||
@ -100,7 +95,9 @@ make_mac(
|
||||
if (ctx)
|
||||
CMAC_CTX_cleanup(ctx);
|
||||
}
|
||||
else { /* generic MAC handling */
|
||||
else
|
||||
# endif /*ENABLE_CMAC*/
|
||||
{ /* generic MAC handling */
|
||||
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
|
||||
u_int uilen = 0;
|
||||
|
||||
@ -153,7 +150,7 @@ make_mac(
|
||||
if (ktype == NID_md5)
|
||||
{
|
||||
EVP_MD_CTX * ctx = EVP_MD_CTX_new();
|
||||
uint uilen = 0;
|
||||
u_int uilen = 0;
|
||||
|
||||
if (digest->len < 16) {
|
||||
msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small.");
|
||||
|
@ -1873,7 +1873,7 @@ basedate_eval_string(
|
||||
goto buildstamp;
|
||||
}
|
||||
|
||||
rc = scanf(str, "%lu%n", &ned, &nc);
|
||||
rc = sscanf(str, "%lu%n", &ned, &nc);
|
||||
if (rc == 1 && (size_t)nc == sl) {
|
||||
if (ned <= INT32_MAX)
|
||||
return (int32_t)ned;
|
||||
|
@ -170,6 +170,11 @@ common_prettydate(
|
||||
|
||||
LIB_GETBUF(bp);
|
||||
|
||||
if (ts->l_ui == 0 && ts->l_uf == 0) {
|
||||
strlcpy (bp, "(no time)", LIB_BUFLENGTH);
|
||||
return (bp);
|
||||
}
|
||||
|
||||
/* get & fix milliseconds */
|
||||
ntps = ts->l_ui;
|
||||
msec = ts->l_uf / 4294967; /* fract / (2 ** 32 / 1000) */
|
||||
|
@ -13,16 +13,16 @@
|
||||
#include <lib_strbuf.h>
|
||||
|
||||
#ifdef OPENSSL
|
||||
# include "openssl/cmac.h"
|
||||
# include "openssl/crypto.h"
|
||||
# include "openssl/err.h"
|
||||
# include "openssl/evp.h"
|
||||
# include "openssl/opensslv.h"
|
||||
# include <openssl/crypto.h>
|
||||
# include <openssl/err.h>
|
||||
# include <openssl/evp.h>
|
||||
# include <openssl/opensslv.h>
|
||||
# include "libssl_compat.h"
|
||||
|
||||
# define CMAC_LENGTH 16
|
||||
# define CMAC "AES128CMAC"
|
||||
|
||||
# ifdef HAVE_OPENSSL_CMAC_H
|
||||
# include <openssl/cmac.h>
|
||||
# define CMAC_LENGTH 16
|
||||
# define CMAC "AES128CMAC"
|
||||
# endif /*HAVE_OPENSSL_CMAC_H*/
|
||||
int ssl_init_done;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
@ -126,6 +126,7 @@ keytype_from_text(
|
||||
|
||||
key_type = OBJ_sn2nid(upcased);
|
||||
|
||||
# ifdef ENABLE_CMAC
|
||||
if (!key_type && !strncmp(CMAC, upcased, strlen(CMAC) + 1)) {
|
||||
key_type = NID_cmac;
|
||||
|
||||
@ -134,6 +135,7 @@ keytype_from_text(
|
||||
__FILE__, __LINE__, __func__, CMAC);
|
||||
}
|
||||
}
|
||||
# endif /*ENABLE_CMAC*/
|
||||
#else
|
||||
|
||||
key_type = 0;
|
||||
@ -153,6 +155,7 @@ keytype_from_text(
|
||||
digest_len = (md) ? EVP_MD_size(md) : 0;
|
||||
|
||||
if (!md || digest_len <= 0) {
|
||||
# ifdef ENABLE_CMAC
|
||||
if (key_type == NID_cmac) {
|
||||
digest_len = CMAC_LENGTH;
|
||||
|
||||
@ -160,7 +163,9 @@ keytype_from_text(
|
||||
fprintf(stderr, "%s:%d:%s():%s:len\n",
|
||||
__FILE__, __LINE__, __func__, CMAC);
|
||||
}
|
||||
} else {
|
||||
} else
|
||||
# endif /*ENABLE_CMAC*/
|
||||
{
|
||||
fprintf(stderr,
|
||||
"key type %s is not supported by OpenSSL\n",
|
||||
keytype_name(key_type));
|
||||
@ -209,6 +214,7 @@ keytype_name(
|
||||
INIT_SSL();
|
||||
name = OBJ_nid2sn(nid);
|
||||
|
||||
# ifdef ENABLE_CMAC
|
||||
if (NID_cmac == nid) {
|
||||
name = CMAC;
|
||||
|
||||
@ -217,6 +223,7 @@ keytype_name(
|
||||
__FILE__, __LINE__, __func__, CMAC);
|
||||
}
|
||||
} else
|
||||
# endif /*ENABLE_CMAC*/
|
||||
if (NULL == name) {
|
||||
name = unknown_type;
|
||||
}
|
||||
|
@ -138,12 +138,13 @@ set_ctrl_c_hook(
|
||||
|
||||
if (NULL == c_hook) {
|
||||
handler = SIG_DFL;
|
||||
ctrl_c_hook = NULL;
|
||||
} else {
|
||||
handler = &sigint_handler;
|
||||
signal_no_reset(SIGINT, handler);
|
||||
ctrl_c_hook = c_hook;
|
||||
} else {
|
||||
ctrl_c_hook = c_hook;
|
||||
handler = &sigint_handler;
|
||||
signal_no_reset(SIGINT, handler);
|
||||
}
|
||||
signal_no_reset(SIGINT, handler);
|
||||
}
|
||||
#else /* SYS_WINNT follows */
|
||||
/*
|
||||
|
@ -89,6 +89,8 @@ netwrite(
|
||||
}
|
||||
|
||||
|
||||
int set_user_group_ids(void);
|
||||
|
||||
/* === functions === */
|
||||
/*
|
||||
* exit_worker()
|
||||
@ -592,6 +594,8 @@ fork_blocking_child(
|
||||
init_logging("ntp_intres", 0, FALSE);
|
||||
setup_logfile(NULL);
|
||||
|
||||
(void) set_user_group_ids();
|
||||
|
||||
/*
|
||||
* And now back to the portable code
|
||||
*/
|
||||
|
@ -56,6 +56,17 @@
|
||||
# define THREAD_MAXSTACKSIZE THREAD_MINSTACKSIZE
|
||||
#endif
|
||||
|
||||
/* need a good integer to store a pointer... */
|
||||
#ifndef UINTPTR_T
|
||||
# if defined(UINTPTR_MAX)
|
||||
# define UINTPTR_T uintptr_t
|
||||
# elif defined(UINT_PTR)
|
||||
# define UINTPTR_T UINT_PTR
|
||||
# else
|
||||
# define UINTPTR_T size_t
|
||||
# endif
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
|
||||
@ -66,7 +77,7 @@ static BOOL same_os_sema(const sem_ref obj, void * osobj);
|
||||
|
||||
#else
|
||||
|
||||
# define thread_exit(c) pthread_exit((void*)(size_t)(c))
|
||||
# define thread_exit(c) pthread_exit((void*)(UINTPTR_T)(c))
|
||||
# define tickle_sem sem_post
|
||||
void * blocking_thread(void *);
|
||||
static void block_thread_signals(sigset_t *);
|
||||
@ -374,7 +385,9 @@ send_blocking_resp_internal(
|
||||
if (empty)
|
||||
{
|
||||
# ifdef WORK_PIPE
|
||||
write(c->resp_write_pipe, "", 1);
|
||||
if (1 != write(c->resp_write_pipe, "", 1))
|
||||
msyslog(LOG_WARNING, "async resolver: %s",
|
||||
"failed to notify main thread!");
|
||||
# else
|
||||
tickle_sem(c->responses_pending);
|
||||
# endif
|
||||
|
@ -21,7 +21,7 @@ crypto digest md5 host myhostname ident wedent pw cryptopass randfile /.rnd
|
||||
revoke 10
|
||||
keysdir "/etc/ntp/keys"
|
||||
keys "/etc/ntp.keys"
|
||||
trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65534)
|
||||
trustedkey 1 2 3 4 5 6 7 8 9 10 11 12 (14 ... 16) 18 (32768 ... 65535)
|
||||
controlkey 12
|
||||
requestkey 12
|
||||
enable auth ntp monitor stats
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
|
||||
#
|
||||
# It has been AutoGen-ed February 27, 2018 at 05:14:34 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed August 14, 2018 at 08:29:07 AM by AutoGen 5.18.5
|
||||
# From the definitions ntp.conf.def
|
||||
# and the template file agtexi-file.tpl
|
||||
@end ignore
|
||||
@ -284,7 +284,7 @@ option.
|
||||
All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
@kbd{key}
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
@item @code{minpoll} @kbd{minpoll}
|
||||
@ -543,7 +543,7 @@ and reports at the NTP project page linked from
|
||||
@code{http://www.ntp.org/}.
|
||||
@subsubsection Symmetric-Key Cryptography
|
||||
The original RFC-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -827,7 +827,7 @@ The
|
||||
@kbd{key}
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]}
|
||||
This command requires the OpenSSL library.
|
||||
It activates public key
|
||||
@ -920,7 +920,7 @@ The
|
||||
@kbd{key}
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
@item @code{revoke} @kbd{logsec}
|
||||
Specifies the interval between re-randomization of certain
|
||||
cryptographic values used by the Autokey scheme, as a power of 2 in
|
||||
@ -947,7 +947,7 @@ servers.
|
||||
The
|
||||
@kbd{key}
|
||||
arguments are 32-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
@end table
|
||||
@subsubsection Error Codes
|
||||
The following error codes are reported via the NTP control
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
|
||||
#
|
||||
# It has been AutoGen-ed February 27, 2018 at 05:14:37 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed August 14, 2018 at 08:29:10 AM by AutoGen 5.18.5
|
||||
# From the definitions ntp.keys.def
|
||||
# and the template file agtexi-file.tpl
|
||||
@end ignore
|
||||
@ -29,7 +29,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
|
||||
The key file uses the same comment conventions
|
||||
@ -42,7 +42,7 @@ Key entries use a fixed format of the form
|
||||
|
||||
where
|
||||
@kbd{keyno}
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
@kbd{type}
|
||||
is the message digest algorithm,
|
||||
@kbd{key}
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
|
||||
#
|
||||
# It has been AutoGen-ed February 27, 2018 at 05:14:39 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed August 14, 2018 at 08:29:12 AM by AutoGen 5.18.5
|
||||
# From the definitions ntpd-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -142,7 +142,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpd - NTP daemon program - Ver. 4.2.8p11
|
||||
ntpd - NTP daemon program - Ver. 4.2.8p12
|
||||
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
|
||||
[ <server1> ... <serverN> ]
|
||||
Flg Arg Option-Name Description
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntp.conf 5man "27 Feb 2018" "4.2.8p11" "File Formats"
|
||||
.TH ntp.conf 5man "14 Aug 2018" "4.2.8p12" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-2caiQA/ag-bdaaPA)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:28:54 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -326,7 +326,7 @@ option.
|
||||
All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
\f\*[I-Font]key\f[]
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
.TP 7
|
||||
@ -611,7 +611,7 @@ and reports at the NTP project page linked from
|
||||
\f[C]http://www.ntp.org/\f[].
|
||||
.SS Symmetric-Key Cryptography
|
||||
The original RFC-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -932,7 +932,7 @@ The
|
||||
\f\*[I-Font]key\f[]
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
|
||||
This command requires the OpenSSL library.
|
||||
@ -1038,7 +1038,7 @@ The
|
||||
\f\*[I-Font]key\f[]
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
|
||||
Specifies the interval between re-randomization of certain
|
||||
@ -1067,7 +1067,7 @@ servers.
|
||||
The
|
||||
\f\*[I-Font]key\f[]
|
||||
arguments are 32-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
.PP
|
||||
.SS Error Codes
|
||||
The following error codes are reported via the NTP control
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTP_CONF 5mdoc File Formats
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:15 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -325,7 +325,7 @@ option.
|
||||
All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
.Ar key
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
.It Cm minpoll Ar minpoll
|
||||
@ -583,7 +583,7 @@ and reports at the NTP project page linked from
|
||||
.Li http://www.ntp.org/ .
|
||||
.Ss Symmetric\-Key Cryptography
|
||||
The original RFC\-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32\-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32\-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -877,7 +877,7 @@ The
|
||||
.Ar key
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
.It Xo Ic crypto
|
||||
.Op Cm cert Ar file
|
||||
.Op Cm leap Ar file
|
||||
@ -981,7 +981,7 @@ The
|
||||
.Ar key
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
.It Ic revoke Ar logsec
|
||||
Specifies the interval between re\-randomization of certain
|
||||
cryptographic values used by the Autokey scheme, as a power of 2 in
|
||||
@ -1008,7 +1008,7 @@ servers.
|
||||
The
|
||||
.Ar key
|
||||
arguments are 32\-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
.El
|
||||
.Ss Error Codes
|
||||
The following error codes are reported via the NTP control
|
||||
|
@ -327,7 +327,7 @@ option.
|
||||
All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
.Ar key
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
.It Cm minpoll Ar minpoll
|
||||
@ -585,7 +585,7 @@ and reports at the NTP project page linked from
|
||||
.Li http://www.ntp.org/ .
|
||||
.Ss Symmetric-Key Cryptography
|
||||
The original RFC-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -879,7 +879,7 @@ The
|
||||
.Ar key
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
.It Xo Ic crypto
|
||||
.Op Cm cert Ar file
|
||||
.Op Cm leap Ar file
|
||||
@ -983,7 +983,7 @@ The
|
||||
.Ar key
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
.It Ic revoke Ar logsec
|
||||
Specifies the interval between re-randomization of certain
|
||||
cryptographic values used by the Autokey scheme, as a power of 2 in
|
||||
@ -1010,7 +1010,7 @@ servers.
|
||||
The
|
||||
.Ar key
|
||||
arguments are 32-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
.El
|
||||
.Ss Error Codes
|
||||
The following error codes are reported via the NTP control
|
||||
|
@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
|
||||
<p>This document describes the configuration file for the NTP Project's
|
||||
<code>ntpd</code> program.
|
||||
|
||||
<p>This document applies to version 4.2.8p11 of <code>ntp.conf</code>.
|
||||
<p>This document applies to version 4.2.8p12 of <code>ntp.conf</code>.
|
||||
|
||||
<div class="shortcontents">
|
||||
<h2>Short Contents</h2>
|
||||
@ -329,7 +329,7 @@ option.
|
||||
<br><dt><code>key</code> <kbd>key</kbd><dd>All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
<kbd>key</kbd>
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
<br><dt><code>minpoll</code> <kbd>minpoll</kbd><br><dt><code>maxpoll</code> <kbd>maxpoll</kbd><dd>These options specify the minimum and maximum poll intervals
|
||||
@ -584,7 +584,7 @@ and reports at the NTP project page linked from
|
||||
<h5 class="subsubsection">Symmetric-Key Cryptography</h5>
|
||||
|
||||
<p>The original RFC-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -876,7 +876,7 @@ The
|
||||
<kbd>key</kbd>
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
<br><dt><code>crypto</code> <code>[cert </code><kbd>file</kbd><code>]</code> <code>[leap </code><kbd>file</kbd><code>]</code> <code>[randfile </code><kbd>file</kbd><code>]</code> <code>[host </code><kbd>file</kbd><code>]</code> <code>[sign </code><kbd>file</kbd><code>]</code> <code>[gq </code><kbd>file</kbd><code>]</code> <code>[gqpar </code><kbd>file</kbd><code>]</code> <code>[iffpar </code><kbd>file</kbd><code>]</code> <code>[mvpar </code><kbd>file</kbd><code>]</code> <code>[pw </code><kbd>password</kbd><code>]</code><dd>This command requires the OpenSSL library.
|
||||
It activates public key
|
||||
cryptography, selects the message digest and signature
|
||||
@ -956,7 +956,7 @@ The
|
||||
<kbd>key</kbd>
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
<br><dt><code>revoke</code> <kbd>logsec</kbd><dd>Specifies the interval between re-randomization of certain
|
||||
cryptographic values used by the Autokey scheme, as a power of 2 in
|
||||
seconds.
|
||||
@ -981,7 +981,7 @@ servers.
|
||||
The
|
||||
<kbd>key</kbd>
|
||||
arguments are 32-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
</dl>
|
||||
|
||||
<h5 class="subsubsection">Error Codes</h5>
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntp.conf 5 "27 Feb 2018" "4.2.8p11" "File Formats"
|
||||
.TH ntp.conf 5 "14 Aug 2018" "4.2.8p12" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LkaqTP/ag-XkaiSP)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-2caiQA/ag-bdaaPA)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:22 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:28:54 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -326,7 +326,7 @@ option.
|
||||
All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
\f\*[I-Font]key\f[]
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
.TP 7
|
||||
@ -611,7 +611,7 @@ and reports at the NTP project page linked from
|
||||
\f[C]http://www.ntp.org/\f[].
|
||||
.SS Symmetric-Key Cryptography
|
||||
The original RFC-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -932,7 +932,7 @@ The
|
||||
\f\*[I-Font]key\f[]
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]]
|
||||
This command requires the OpenSSL library.
|
||||
@ -1038,7 +1038,7 @@ The
|
||||
\f\*[I-Font]key\f[]
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[]
|
||||
Specifies the interval between re-randomization of certain
|
||||
@ -1067,7 +1067,7 @@ servers.
|
||||
The
|
||||
\f\*[I-Font]key\f[]
|
||||
arguments are 32-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
.PP
|
||||
.SS Error Codes
|
||||
The following error codes are reported via the NTP control
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTP_CONF 5 File Formats
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:42 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:15 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -325,7 +325,7 @@ option.
|
||||
All packets sent to and received from the server or peer are to
|
||||
include authentication fields encrypted using the specified
|
||||
.Ar key
|
||||
identifier with values from 1 to 65534, inclusive.
|
||||
identifier with values from 1 to 65535, inclusive.
|
||||
The
|
||||
default is to include no encryption field.
|
||||
.It Cm minpoll Ar minpoll
|
||||
@ -583,7 +583,7 @@ and reports at the NTP project page linked from
|
||||
.Li http://www.ntp.org/ .
|
||||
.Ss Symmetric\-Key Cryptography
|
||||
The original RFC\-1305 specification allows any one of possibly
|
||||
65,534 keys, each distinguished by a 32\-bit key identifier, to
|
||||
65,535 keys, each distinguished by a 32\-bit key identifier, to
|
||||
authenticate an association.
|
||||
The servers and clients involved must
|
||||
agree on the key and key identifier to
|
||||
@ -877,7 +877,7 @@ The
|
||||
.Ar key
|
||||
argument is
|
||||
the key identifier for a trusted key, where the value can be in the
|
||||
range 1 to 65,534, inclusive.
|
||||
range 1 to 65,535, inclusive.
|
||||
.It Xo Ic crypto
|
||||
.Op Cm cert Ar file
|
||||
.Op Cm leap Ar file
|
||||
@ -981,7 +981,7 @@ The
|
||||
.Ar key
|
||||
argument is a key identifier
|
||||
for the trusted key, where the value can be in the range 1 to
|
||||
65,534, inclusive.
|
||||
65,535, inclusive.
|
||||
.It Ic revoke Ar logsec
|
||||
Specifies the interval between re\-randomization of certain
|
||||
cryptographic values used by the Autokey scheme, as a power of 2 in
|
||||
@ -1008,7 +1008,7 @@ servers.
|
||||
The
|
||||
.Ar key
|
||||
arguments are 32\-bit unsigned
|
||||
integers with values from 1 to 65,534.
|
||||
integers with values from 1 to 65,535.
|
||||
.El
|
||||
.Ss Error Codes
|
||||
The following error codes are reported via the NTP control
|
||||
|
@ -1,8 +1,8 @@
|
||||
.TH ntp.keys 5man "27 Feb 2018" "4.2.8p11" "File Formats"
|
||||
.TH ntp.keys 5man "14 Aug 2018" "4.2.8p12" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:28:59 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agman-file.tpl
|
||||
.Sh NAME
|
||||
@ -54,7 +54,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
@ -73,7 +73,7 @@ Key entries use a fixed format of the form
|
||||
|
||||
where
|
||||
\f\*[I-Font]keyno\f[]
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
\f\*[I-Font]type\f[]
|
||||
is the message digest algorithm,
|
||||
\f\*[I-Font]key\f[]
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTP_KEYS 5mdoc File Formats
|
||||
.Os SunOS 5.10
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:18 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agmdoc-file.tpl
|
||||
.Sh NAME
|
||||
@ -37,7 +37,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
.Pp
|
||||
The key file uses the same comment conventions
|
||||
@ -48,7 +48,7 @@ Key entries use a fixed format of the form
|
||||
.Pp
|
||||
where
|
||||
.Ar keyno
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
.Ar type
|
||||
is the message digest algorithm,
|
||||
.Ar key
|
||||
|
@ -36,7 +36,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
.Pp
|
||||
The key file uses the same comment conventions
|
||||
@ -47,7 +47,7 @@ Key entries use a fixed format of the form
|
||||
.Pp
|
||||
where
|
||||
.Ar keyno
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
.Ar type
|
||||
is the message digest algorithm,
|
||||
.Ar key
|
||||
|
@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
|
||||
<p>This document describes the symmetric key file for the NTP Project's
|
||||
<code>ntpd</code> program.
|
||||
|
||||
<p>This document applies to version 4.2.8p11 of <code>ntp.keys</code>.
|
||||
<p>This document applies to version 4.2.8p12 of <code>ntp.keys</code>.
|
||||
|
||||
<div class="shortcontents">
|
||||
<h2>Short Contents</h2>
|
||||
@ -86,7 +86,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
|
||||
<p>The key file uses the same comment conventions
|
||||
@ -97,7 +97,7 @@ Key entries use a fixed format of the form
|
||||
</pre>
|
||||
<p>where
|
||||
<kbd>keyno</kbd>
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
<kbd>type</kbd>
|
||||
is the message digest algorithm,
|
||||
<kbd>key</kbd>
|
||||
|
@ -1,8 +1,8 @@
|
||||
.TH ntp.keys 5 "27 Feb 2018" "4.2.8p11" "File Formats"
|
||||
.TH ntp.keys 5 "14 Aug 2018" "4.2.8p12" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:26 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:28:59 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agman-file.tpl
|
||||
.Sh NAME
|
||||
@ -54,7 +54,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
@ -73,7 +73,7 @@ Key entries use a fixed format of the form
|
||||
|
||||
where
|
||||
\f\*[I-Font]keyno\f[]
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
\f\*[I-Font]type\f[]
|
||||
is the message digest algorithm,
|
||||
\f\*[I-Font]key\f[]
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTP_KEYS 5 File Formats
|
||||
.Os SunOS 5.10
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:46 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:18 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agmdoc-file.tpl
|
||||
.Sh NAME
|
||||
@ -37,7 +37,7 @@ statement in the configuration file.
|
||||
While key number 0 is fixed by the NTP standard
|
||||
(as 56 zero bits)
|
||||
and may not be changed,
|
||||
one or more keys numbered between 1 and 65534
|
||||
one or more keys numbered between 1 and 65535
|
||||
may be arbitrarily set in the keys file.
|
||||
.Pp
|
||||
The key file uses the same comment conventions
|
||||
@ -48,7 +48,7 @@ Key entries use a fixed format of the form
|
||||
.Pp
|
||||
where
|
||||
.Ar keyno
|
||||
is a positive integer (between 1 and 65534),
|
||||
is a positive integer (between 1 and 65535),
|
||||
.Ar type
|
||||
is the message digest algorithm,
|
||||
.Ar key
|
||||
|
@ -364,7 +364,7 @@ static u_int32 get_match(const char *, struct masks *);
|
||||
static u_int32 get_logmask(const char *);
|
||||
static int/*BOOL*/ is_refclk_addr(const address_node * addr);
|
||||
|
||||
static void appendstr(char *, size_t, char *);
|
||||
static void appendstr(char *, size_t, const char *);
|
||||
|
||||
|
||||
#ifndef SIM
|
||||
@ -382,14 +382,14 @@ static void fatal_error(const char *fmt, ...)
|
||||
#endif
|
||||
{
|
||||
va_list va;
|
||||
|
||||
|
||||
va_start(va, fmt);
|
||||
mvsyslog(LOG_EMERG, fmt, va);
|
||||
va_end(va);
|
||||
_exit(1);
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* FUNCTIONS FOR INITIALIZATION
|
||||
* ----------------------------
|
||||
*/
|
||||
@ -742,7 +742,7 @@ dump_config_tree(
|
||||
atrv->value.i);
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
case T_Double:
|
||||
fprintf(df, " %s %s",
|
||||
keyword(atrv->attr),
|
||||
@ -938,7 +938,7 @@ dump_config_tree(
|
||||
if (T_Source == flag_tok_fifo->i) {
|
||||
s = "source";
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
const char *ap = rest_node->addr->address;
|
||||
@ -1446,7 +1446,7 @@ create_unpeer_node(
|
||||
/* accumulate with overflow retention */
|
||||
u = (10 * u + *pch - '0') | (u & 0xFF000000u);
|
||||
}
|
||||
|
||||
|
||||
if (!*pch && u <= ASSOCID_MAX) {
|
||||
my_node->assocID = (associd_t)u;
|
||||
my_node->addr = NULL;
|
||||
@ -2132,7 +2132,7 @@ config_tos(
|
||||
* since three variables with interdependecies are involved. We
|
||||
* just log an error but do not stop: This might be caused by
|
||||
* remote config, and it might be fixed by remote config, too.
|
||||
*/
|
||||
*/
|
||||
int l_maxclock = sys_maxclock;
|
||||
int l_minclock = sys_minclock;
|
||||
int l_minsane = sys_minsane;
|
||||
@ -2162,7 +2162,7 @@ config_tos(
|
||||
tos->value.d = 0;
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
case T_Ceiling:
|
||||
val = tos->value.d;
|
||||
if (val > STRATUM_UNSPEC - 1) {
|
||||
@ -2207,7 +2207,7 @@ config_tos(
|
||||
" - daemon will not operate properly!",
|
||||
l_minsane, l_minclock, l_maxclock);
|
||||
}
|
||||
|
||||
|
||||
/* -*- phase two: forward the values to the protocol machinery */
|
||||
tos = HEAD_PFIFO(ptree->orphan_cmds);
|
||||
for (; tos != NULL; tos = tos->link) {
|
||||
@ -3383,6 +3383,10 @@ config_ttl(
|
||||
size_t i = 0;
|
||||
int_node *curr_ttl;
|
||||
|
||||
/* [Bug 3465] There is a built-in default for the TTLs. We must
|
||||
* overwrite 'sys_ttlmax' if we change that preset, and leave it
|
||||
* alone otherwise!
|
||||
*/
|
||||
curr_ttl = HEAD_PFIFO(ptree->ttl);
|
||||
for (; curr_ttl != NULL; curr_ttl = curr_ttl->link) {
|
||||
if (i < COUNTOF(sys_ttl))
|
||||
@ -3392,7 +3396,8 @@ config_ttl(
|
||||
"ttl: Number of TTL entries exceeds %zu. Ignoring TTL %d...",
|
||||
COUNTOF(sys_ttl), curr_ttl->i);
|
||||
}
|
||||
sys_ttlmax = (i) ? (i - 1) : 0;
|
||||
if (0 != i) /* anything written back at all? */
|
||||
sys_ttlmax = i - 1;
|
||||
}
|
||||
#endif /* !SIM */
|
||||
|
||||
@ -3621,10 +3626,8 @@ config_fudge(
|
||||
err_flag = 1;
|
||||
msyslog(LOG_ERR,
|
||||
"unrecognized fudge reference clock address %s, line ignored",
|
||||
stoa(&addr_sock));
|
||||
}
|
||||
|
||||
if (!ISREFCLOCKADR(&addr_sock)) {
|
||||
addr_node->address);
|
||||
} else if (!ISREFCLOCKADR(&addr_sock)) {
|
||||
err_flag = 1;
|
||||
msyslog(LOG_ERR,
|
||||
"inappropriate address %s for the fudge command, line ignored",
|
||||
@ -3696,7 +3699,7 @@ config_fudge(
|
||||
msyslog(LOG_ERR,
|
||||
"Unexpected fudge flag %s (%d) for %s",
|
||||
token_name(curr_opt->attr),
|
||||
curr_opt->attr, stoa(&addr_sock));
|
||||
curr_opt->attr, addr_node->address);
|
||||
exit(curr_opt->attr ? curr_opt->attr : 1);
|
||||
}
|
||||
}
|
||||
@ -4565,7 +4568,7 @@ config_ntpd(
|
||||
if (config_tos_clock(ptree))
|
||||
clamp_systime();
|
||||
}
|
||||
|
||||
|
||||
config_nic_rules(ptree, input_from_files);
|
||||
config_monitor(ptree);
|
||||
config_auth(ptree);
|
||||
@ -4845,7 +4848,7 @@ is_refclk_addr(
|
||||
const address_node * addr
|
||||
)
|
||||
{
|
||||
return addr && addr->address && !strncmp(addr->address, "127.127.", 6);
|
||||
return addr && addr->address && !strncmp(addr->address, "127.127.", 8);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -5463,7 +5466,7 @@ static void
|
||||
appendstr(
|
||||
char *string,
|
||||
size_t s,
|
||||
char *new
|
||||
const char *new
|
||||
)
|
||||
{
|
||||
if (*string != '\0') {
|
||||
|
@ -916,7 +916,7 @@ is_safe_filename(const char * name)
|
||||
u_int widx, bidx, mask;
|
||||
if ( ! (name && *name))
|
||||
return FALSE;
|
||||
|
||||
|
||||
mask = 1u;
|
||||
while (0 != (widx = (u_char)*name++)) {
|
||||
bidx = (widx & 15) << 1;
|
||||
@ -955,7 +955,7 @@ save_config(
|
||||
* level. On POSIX systems we could allow '\\' but such
|
||||
* filenames are tricky to manipulate from a shell, so just
|
||||
* reject both types of slashes on all platforms.
|
||||
*/
|
||||
*/
|
||||
/* TALOS-CAN-0062: block directory traversal for VMS, too */
|
||||
static const char * illegal_in_filename =
|
||||
#if defined(VMS)
|
||||
@ -983,8 +983,8 @@ save_config(
|
||||
# if defined(_O_TEXT) /* windows, again */
|
||||
| _O_TEXT
|
||||
#endif
|
||||
;
|
||||
|
||||
;
|
||||
|
||||
char filespec[128];
|
||||
char filename[128];
|
||||
char fullpath[512];
|
||||
@ -1046,7 +1046,7 @@ save_config(
|
||||
/* copy data directly as we exactly know the size */
|
||||
memcpy(filespec, reqpt, reqlen);
|
||||
filespec[reqlen] = '\0';
|
||||
|
||||
|
||||
/*
|
||||
* allow timestamping of the saved config filename with
|
||||
* strftime() format such as:
|
||||
@ -1110,7 +1110,7 @@ save_config(
|
||||
*/
|
||||
prc = snprintf(fullpath, sizeof(fullpath), "%s%s",
|
||||
saveconfigdir, filename);
|
||||
if (prc < 0 || prc >= sizeof(fullpath)) {
|
||||
if (prc < 0 || (size_t)prc >= sizeof(fullpath)) {
|
||||
ctl_printf("saveconfig exceeded maximum path length (%u)",
|
||||
(u_int)sizeof(fullpath));
|
||||
ctl_flushpkt(0);
|
||||
@ -1127,8 +1127,8 @@ save_config(
|
||||
fptr = fdopen(fd, "w");
|
||||
|
||||
if (NULL == fptr || -1 == dump_all_config_trees(fptr, 1)) {
|
||||
ctl_printf("Unable to save configuration to file '%s': %m",
|
||||
filename);
|
||||
ctl_printf("Unable to save configuration to file '%s': %s",
|
||||
filename, strerror(errno));
|
||||
msyslog(LOG_ERR,
|
||||
"saveconfig %s from %s failed", filename,
|
||||
stoa(&rbufp->recv_srcadr));
|
||||
@ -1154,7 +1154,7 @@ save_config(
|
||||
#else /* !SAVECONFIG follows */
|
||||
ctl_printf("%s",
|
||||
"saveconfig unavailable, configured with --disable-saveconfig");
|
||||
#endif
|
||||
#endif
|
||||
ctl_flushpkt(0);
|
||||
}
|
||||
|
||||
@ -1506,11 +1506,11 @@ ctl_putdata_ex(
|
||||
} else {
|
||||
datanotbinflag = TRUE;
|
||||
add_len = 3;
|
||||
|
||||
|
||||
if (datasent) {
|
||||
*datapt++ = ',';
|
||||
datalinelen++;
|
||||
|
||||
|
||||
/* sum up total length */
|
||||
for (argi = 0, src_len = 0; argi < argc; ++argi)
|
||||
src_len += argv[argi].len;
|
||||
@ -1539,14 +1539,14 @@ ctl_putdata_ex(
|
||||
/* Not enough room in this one, flush it out. */
|
||||
if (src_len < cur_len)
|
||||
cur_len = src_len;
|
||||
|
||||
|
||||
memcpy(datapt, src_ptr, cur_len);
|
||||
datapt += cur_len;
|
||||
datalinelen += cur_len;
|
||||
|
||||
src_ptr += cur_len;
|
||||
src_len -= cur_len;
|
||||
|
||||
|
||||
ctl_flushpkt(CTL_MORE);
|
||||
cur_len = (size_t)(dataend - datapt);
|
||||
}
|
||||
@ -1571,7 +1571,7 @@ ctl_putdata(
|
||||
)
|
||||
{
|
||||
CtlMemBufT args[1];
|
||||
|
||||
|
||||
args[0].buf = dp;
|
||||
args[0].len = dlen;
|
||||
ctl_putdata_ex(args, 1, bin);
|
||||
@ -1594,7 +1594,7 @@ ctl_putstr(
|
||||
)
|
||||
{
|
||||
CtlMemBufT args[4];
|
||||
|
||||
|
||||
args[0].buf = tag;
|
||||
args[0].len = strlen(tag);
|
||||
if (data && len) {
|
||||
@ -1606,7 +1606,9 @@ ctl_putstr(
|
||||
args[3].len = 1;
|
||||
ctl_putdata_ex(args, 4, FALSE);
|
||||
} else {
|
||||
ctl_putdata_ex(args, 1, FALSE);
|
||||
args[1].buf = "=\"\"";
|
||||
args[1].len = 3;
|
||||
ctl_putdata_ex(args, 2, FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1628,17 +1630,17 @@ ctl_putunqstr(
|
||||
)
|
||||
{
|
||||
CtlMemBufT args[3];
|
||||
|
||||
|
||||
args[0].buf = tag;
|
||||
args[0].len = strlen(tag);
|
||||
args[1].buf = "=";
|
||||
args[1].len = 1;
|
||||
if (data && len) {
|
||||
args[1].buf = "=";
|
||||
args[1].len = 1;
|
||||
args[2].buf = data;
|
||||
args[2].len = len;
|
||||
ctl_putdata_ex(args, 3, FALSE);
|
||||
args[2].buf = data;
|
||||
args[2].len = len;
|
||||
ctl_putdata_ex(args, 3, FALSE);
|
||||
} else {
|
||||
ctl_putdata_ex(args, 1, FALSE);
|
||||
ctl_putdata_ex(args, 2, FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1656,7 +1658,7 @@ ctl_putdblf(
|
||||
{
|
||||
char buffer[40];
|
||||
int rc;
|
||||
|
||||
|
||||
rc = snprintf(buffer, sizeof(buffer),
|
||||
(use_f ? "%.*f" : "%.*g"),
|
||||
precision, d);
|
||||
@ -1677,7 +1679,7 @@ ctl_putuint(
|
||||
int rc;
|
||||
|
||||
rc = snprintf(buffer, sizeof(buffer), "%lu", uval);
|
||||
INSIST(rc >= 0 && rc < sizeof(buffer));
|
||||
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
|
||||
ctl_putunqstr(tag, buffer, rc);
|
||||
}
|
||||
|
||||
@ -1716,7 +1718,7 @@ ctl_putfs(
|
||||
{
|
||||
char buffer[16];
|
||||
int rc;
|
||||
|
||||
|
||||
time_t fstamp = (time_t)uval - JAN_1970;
|
||||
struct tm *tm = gmtime(&fstamp);
|
||||
|
||||
@ -1744,7 +1746,7 @@ ctl_puthex(
|
||||
{
|
||||
char buffer[24]; /* must fit 64bit int! */
|
||||
int rc;
|
||||
|
||||
|
||||
rc = snprintf(buffer, sizeof(buffer), "0x%lx", uval);
|
||||
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
|
||||
ctl_putunqstr(tag, buffer, rc);
|
||||
@ -1762,9 +1764,9 @@ ctl_putint(
|
||||
{
|
||||
char buffer[24]; /*must fit 64bit int */
|
||||
int rc;
|
||||
|
||||
|
||||
rc = snprintf(buffer, sizeof(buffer), "%ld", ival);
|
||||
INSIST(rc >= 0 && rc < sizeof(buffer));
|
||||
INSIST(rc >= 0 && (size_t)rc < sizeof(buffer));
|
||||
ctl_putunqstr(tag, buffer, rc);
|
||||
}
|
||||
|
||||
@ -1780,7 +1782,7 @@ ctl_putts(
|
||||
{
|
||||
char buffer[24];
|
||||
int rc;
|
||||
|
||||
|
||||
rc = snprintf(buffer, sizeof(buffer),
|
||||
"0x%08lx.%08lx",
|
||||
(u_long)ts->l_ui, (u_long)ts->l_uf);
|
||||
@ -1800,7 +1802,7 @@ ctl_putadr(
|
||||
)
|
||||
{
|
||||
const char *cq;
|
||||
|
||||
|
||||
if (NULL == addr)
|
||||
cq = numtoa(addr32);
|
||||
else
|
||||
@ -1827,7 +1829,9 @@ ctl_putrefid(
|
||||
|
||||
bytes.w = refid;
|
||||
for (nc = 0; nc < sizeof(bytes.b) && bytes.b[nc]; ++nc)
|
||||
if (!isprint(bytes.b[nc]))
|
||||
if ( !isprint(bytes.b[nc])
|
||||
|| isspace(bytes.b[nc])
|
||||
|| bytes.b[nc] == ',' )
|
||||
bytes.b[nc] = '.';
|
||||
ctl_putunqstr(tag, (const char*)bytes.b, nc);
|
||||
}
|
||||
@ -1874,11 +1878,11 @@ ctl_printf(
|
||||
va_list va;
|
||||
char fmtbuf[128];
|
||||
int rc;
|
||||
|
||||
|
||||
va_start(va, fmt);
|
||||
rc = vsnprintf(fmtbuf, sizeof(fmtbuf), fmt, va);
|
||||
va_end(va);
|
||||
if (rc < 0 || rc >= sizeof(fmtbuf))
|
||||
if (rc < 0 || (size_t)rc >= sizeof(fmtbuf))
|
||||
strcpy(fmtbuf + sizeof(fmtbuf) - strlen(ellipsis) - 1,
|
||||
ellipsis);
|
||||
ctl_putdata(fmtbuf, strlen(fmtbuf), 0);
|
||||
@ -1951,10 +1955,10 @@ ctl_putsys(
|
||||
break;
|
||||
|
||||
case CS_REFID:
|
||||
if (sys_stratum > 1 && sys_stratum < STRATUM_UNSPEC)
|
||||
ctl_putadr(sys_var[varid].text, sys_refid, NULL);
|
||||
else
|
||||
if (REFID_ISTEXT(sys_stratum))
|
||||
ctl_putrefid(sys_var[varid].text, sys_refid);
|
||||
else
|
||||
ctl_putadr(sys_var[varid].text, sys_refid, NULL);
|
||||
break;
|
||||
|
||||
case CS_REFTIME:
|
||||
@ -2678,11 +2682,10 @@ ctl_putpeer(
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
if (p->stratum > 1 && p->stratum < STRATUM_UNSPEC)
|
||||
ctl_putadr(peer_var[id].text, p->refid,
|
||||
NULL);
|
||||
else
|
||||
if (REFID_ISTEXT(p->stratum))
|
||||
ctl_putrefid(peer_var[id].text, p->refid);
|
||||
else
|
||||
ctl_putadr(peer_var[id].text, p->refid, NULL);
|
||||
break;
|
||||
|
||||
case CP_REFTIME:
|
||||
@ -3061,7 +3064,7 @@ ctl_getitem(
|
||||
* packet; If it's EOV, it will never be NULL again until the
|
||||
* variable is found and processed in a given 'var_list'. (That
|
||||
* is, a result is returned that is neither NULL nor EOV).
|
||||
*/
|
||||
*/
|
||||
static const struct ctl_var eol = { 0, EOV, NULL };
|
||||
static char buf[128];
|
||||
static u_long quiet_until;
|
||||
@ -3101,7 +3104,7 @@ ctl_getitem(
|
||||
++plhead;
|
||||
while (plhead != pltail && isspace((u_char)pltail[-1]))
|
||||
--pltail;
|
||||
|
||||
|
||||
/* check payload size, terminate packet on overflow */
|
||||
plsize = (size_t)(pltail - plhead);
|
||||
if (plsize >= sizeof(buf))
|
||||
@ -3126,7 +3129,7 @@ ctl_getitem(
|
||||
* variable lists after an EoV was returned. (Such a behavior
|
||||
* actually caused Bug 3008.)
|
||||
*/
|
||||
|
||||
|
||||
if (NULL == var_list)
|
||||
return &eol;
|
||||
|
||||
@ -3647,7 +3650,7 @@ static u_int32 derive_nonce(
|
||||
/* [Bug 3457] set flags and don't kill them again */
|
||||
EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL);
|
||||
# else
|
||||
# else
|
||||
EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5));
|
||||
# endif
|
||||
EVP_DigestUpdate(ctx, salt, sizeof(salt));
|
||||
@ -3944,7 +3947,7 @@ static void read_mru_list(
|
||||
int restrict_mask
|
||||
)
|
||||
{
|
||||
static const char nulltxt[1] = { '\0' };
|
||||
static const char nulltxt[1] = { '\0' };
|
||||
static const char nonce_text[] = "nonce";
|
||||
static const char frags_text[] = "frags";
|
||||
static const char limit_text[] = "limit";
|
||||
@ -3954,7 +3957,7 @@ static void read_mru_list(
|
||||
static const char maxlstint_text[] = "maxlstint";
|
||||
static const char laddr_text[] = "laddr";
|
||||
static const char resaxx_fmt[] = "0x%hx";
|
||||
|
||||
|
||||
u_int limit;
|
||||
u_short frags;
|
||||
u_short resall;
|
||||
|
@ -1612,6 +1612,34 @@ set_wildcard_reuse(
|
||||
}
|
||||
#endif /* OS_NEEDS_REUSEADDR_FOR_IFADDRBIND */
|
||||
|
||||
static isc_boolean_t
|
||||
check_flags(
|
||||
sockaddr_u *psau,
|
||||
const char *name,
|
||||
u_int32 flags
|
||||
)
|
||||
{
|
||||
#if defined(SIOCGIFAFLAG_IN)
|
||||
struct ifreq ifr;
|
||||
int fd;
|
||||
|
||||
if (psau->sa.sa_family != AF_INET)
|
||||
return ISC_FALSE;
|
||||
if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
|
||||
return ISC_FALSE;
|
||||
ZERO(ifr);
|
||||
memcpy(&ifr.ifr_addr, &psau->sa, sizeof(ifr.ifr_addr));
|
||||
strlcpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
|
||||
if (ioctl(fd, SIOCGIFAFLAG_IN, &ifr) < 0) {
|
||||
close(fd);
|
||||
return ISC_FALSE;
|
||||
}
|
||||
close(fd);
|
||||
if ((ifr.ifr_addrflags & flags) != 0)
|
||||
return ISC_TRUE;
|
||||
#endif /* SIOCGIFAFLAG_IN */
|
||||
return ISC_FALSE;
|
||||
}
|
||||
|
||||
static isc_boolean_t
|
||||
check_flags6(
|
||||
@ -1661,19 +1689,32 @@ is_valid(
|
||||
const char *name
|
||||
)
|
||||
{
|
||||
u_int32 flags6;
|
||||
u_int32 flags;
|
||||
|
||||
flags6 = 0;
|
||||
flags = 0;
|
||||
switch (psau->sa.sa_family) {
|
||||
case AF_INET:
|
||||
#ifdef IN_IFF_DETACHED
|
||||
flags |= IN_IFF_DETACHED;
|
||||
#endif
|
||||
#ifdef IN_IFF_TENTATIVE
|
||||
flags |= IN_IFF_TENTATIVE;
|
||||
#endif
|
||||
return check_flags(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
|
||||
case AF_INET6:
|
||||
#ifdef IN6_IFF_DEPARTED
|
||||
flags6 |= IN6_IFF_DEPARTED;
|
||||
flags |= IN6_IFF_DEPARTED;
|
||||
#endif
|
||||
#ifdef IN6_IFF_DETACHED
|
||||
flags6 |= IN6_IFF_DETACHED;
|
||||
flags |= IN6_IFF_DETACHED;
|
||||
#endif
|
||||
#ifdef IN6_IFF_TENTATIVE
|
||||
flags6 |= IN6_IFF_TENTATIVE;
|
||||
flags |= IN6_IFF_TENTATIVE;
|
||||
#endif
|
||||
return check_flags6(psau, name, flags6) ? ISC_FALSE : ISC_TRUE;
|
||||
return check_flags6(psau, name, flags) ? ISC_FALSE : ISC_TRUE;
|
||||
default:
|
||||
return ISC_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@ -3092,7 +3133,7 @@ sendpkt(
|
||||
int cc;
|
||||
int rc;
|
||||
u_char cttl;
|
||||
l_fp fp_zero = { 0, 0 };
|
||||
l_fp fp_zero = { { 0 }, 0 };
|
||||
|
||||
ismcast = IS_MCAST(dest);
|
||||
if (!ismcast)
|
||||
|
@ -1099,10 +1099,14 @@ start_kern_loop(void)
|
||||
pll_control = TRUE;
|
||||
ZERO(ntv);
|
||||
ntv.modes = MOD_BITS;
|
||||
ntv.status = STA_PLL;
|
||||
ntv.maxerror = MAXDISPERSE;
|
||||
ntv.esterror = MAXDISPERSE;
|
||||
ntv.constant = sys_poll; /* why is it that here constant is unconditionally set to sys_poll, whereas elsewhere is is modified depending on nanosecond vs. microsecond kernel? */
|
||||
ntv.status = STA_PLL | STA_UNSYNC;
|
||||
ntv.maxerror = MAXDISPERSE * 1.0e6;
|
||||
ntv.esterror = MAXDISPERSE * 1.0e6;
|
||||
ntv.constant = sys_poll;
|
||||
/* ^^^^^^^^ why is it that here constant is
|
||||
* unconditionally set to sys_poll, whereas elsewhere is is
|
||||
* modified depending on nanosecond vs. microsecond kernel?
|
||||
*/
|
||||
#ifdef SIGSYS
|
||||
/*
|
||||
* Use sigsetjmp() to save state and then call ntp_adjtime(); if
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -454,7 +454,7 @@ extern int yydebug;
|
||||
|
||||
union YYSTYPE
|
||||
{
|
||||
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */
|
||||
#line 52 "ntp_parser.y" /* yacc.c:1909 */
|
||||
|
||||
char * String;
|
||||
double Double;
|
||||
|
@ -33,7 +33,7 @@
|
||||
|
||||
/*
|
||||
* This macro defines the authentication state. If x is 1 authentication
|
||||
* is required; othewise it is optional.
|
||||
* is required; otherwise it is optional.
|
||||
*/
|
||||
#define AUTH(x, y) ((x) ? (y) == AUTH_OK \
|
||||
: (y) == AUTH_OK || (y) == AUTH_NONE)
|
||||
@ -272,7 +272,7 @@ kiss_code_check(
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
/*
|
||||
* Check that NAK is valid
|
||||
*/
|
||||
nak_code
|
||||
@ -315,7 +315,7 @@ valid_NAK(
|
||||
return INVALIDNAK;
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* Make sure that the extra field in the packet is all zeros
|
||||
*/
|
||||
rpkt = &rbufp->recv_pkt;
|
||||
@ -324,10 +324,13 @@ valid_NAK(
|
||||
return INVALIDNAK;
|
||||
}
|
||||
|
||||
/*
|
||||
* Only valid if peer uses a key
|
||||
/*
|
||||
* During the first few packets of the autokey dance there will
|
||||
* not (yet) be a keyid, but in this case FLAG_SKEY is set.
|
||||
* So the NAK is invalid if either there's no peer, or
|
||||
* if the keyid is 0 and FLAG_SKEY is not set.
|
||||
*/
|
||||
if (!peer || !peer->keyid || !(peer->flags & FLAG_SKEY)) {
|
||||
if (!peer || (!peer->keyid && !(peer->flags & FLAG_SKEY))) {
|
||||
return INVALIDNAK;
|
||||
}
|
||||
|
||||
@ -371,6 +374,13 @@ transmit(
|
||||
*/
|
||||
hpoll = peer->hpoll;
|
||||
|
||||
/*
|
||||
* If we haven't received anything (even if unsync) since last
|
||||
* send, reset ppoll.
|
||||
*/
|
||||
if (peer->outdate > peer->timelastrec && !peer->reach)
|
||||
peer->ppoll = peer->maxpoll;
|
||||
|
||||
/*
|
||||
* In broadcast mode the poll interval is never changed from
|
||||
* minpoll.
|
||||
@ -645,7 +655,7 @@ receive(
|
||||
hisleap = PKT_LEAP(pkt->li_vn_mode);
|
||||
hismode = (int)PKT_MODE(pkt->li_vn_mode);
|
||||
hisstratum = PKT_TO_STRATUM(pkt->stratum);
|
||||
DPRINTF(2, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n",
|
||||
DPRINTF(1, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s restrict %s org %#010x.%08x xmt %#010x.%08x\n",
|
||||
current_time, stoa(&rbufp->dstadr->sin),
|
||||
stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode,
|
||||
build_iflags(rbufp->dstadr->flags),
|
||||
@ -737,7 +747,7 @@ receive(
|
||||
} else {
|
||||
DPRINTF(2, ("receive: drop: MODE_UNSPEC\n"));
|
||||
sys_badlength++;
|
||||
return; /* invalid mode */
|
||||
return; /* invalid mode */
|
||||
}
|
||||
}
|
||||
|
||||
@ -841,7 +851,7 @@ receive(
|
||||
/*
|
||||
** Packet Data Verification Layer
|
||||
**
|
||||
** This layer verifies the packet data content. If
|
||||
** This layer verifies the packet data content. If
|
||||
** authentication is required, a MAC must be present.
|
||||
** If a MAC is present, it must validate.
|
||||
** Crypto-NAK? Look - a shiny thing!
|
||||
@ -949,7 +959,7 @@ receive(
|
||||
if (0 != peer) {
|
||||
peer->badNAK++;
|
||||
}
|
||||
msyslog(LOG_ERR, "Invalid-NAK error at %ld %s<-%s",
|
||||
msyslog(LOG_ERR, "Invalid-NAK error at %ld %s<-%s",
|
||||
current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr));
|
||||
return;
|
||||
}
|
||||
@ -957,7 +967,7 @@ receive(
|
||||
if (has_mac == 0) {
|
||||
restrict_mask &= ~RES_MSSNTP;
|
||||
is_authentic = AUTH_NONE; /* not required */
|
||||
DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n",
|
||||
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n",
|
||||
current_time, stoa(dstadr_sin),
|
||||
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
|
||||
authlen,
|
||||
@ -966,7 +976,7 @@ receive(
|
||||
} else if (crypto_nak_test == VALIDNAK) {
|
||||
restrict_mask &= ~RES_MSSNTP;
|
||||
is_authentic = AUTH_CRYPTO; /* crypto-NAK */
|
||||
DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC4\n",
|
||||
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x CRYPTONAK\n",
|
||||
current_time, stoa(dstadr_sin),
|
||||
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
|
||||
skeyid, authlen + has_mac, is_authentic,
|
||||
@ -989,13 +999,19 @@ receive(
|
||||
&& (memcmp(zero_key, (char *)pkt + authlen + 4,
|
||||
MAX_MD5_LEN - 4) == 0)) {
|
||||
is_authentic = AUTH_NONE;
|
||||
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x SIGND\n",
|
||||
current_time, stoa(dstadr_sin),
|
||||
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
|
||||
authlen,
|
||||
ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf),
|
||||
ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)));
|
||||
#endif /* HAVE_NTP_SIGND */
|
||||
|
||||
} else {
|
||||
/*
|
||||
* has_mac is not 0
|
||||
* Not a VALID_NAK
|
||||
* Not an MS-SNTP SIGND packet
|
||||
* Not an MS-SNTP SIGND packet
|
||||
*
|
||||
* So there is a MAC here.
|
||||
*/
|
||||
@ -1054,7 +1070,7 @@ receive(
|
||||
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
|
||||
DPRINTF(2, ("receive: drop: BCAST from wildcard\n"));
|
||||
sys_restricted++;
|
||||
return; /* no wildcard */
|
||||
return; /* no wildcard */
|
||||
}
|
||||
pkeyid = 0;
|
||||
if (!SOCK_UNSPEC(&rbufp->dstadr->bcast))
|
||||
@ -1106,7 +1122,7 @@ receive(
|
||||
if (crypto_flags && skeyid > NTP_MAXKEY)
|
||||
authtrust(skeyid, 0);
|
||||
#endif /* AUTOKEY */
|
||||
DPRINTF(2, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x\n",
|
||||
DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC\n",
|
||||
current_time, stoa(dstadr_sin),
|
||||
stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str,
|
||||
skeyid, authlen + has_mac, is_authentic,
|
||||
@ -1198,6 +1214,8 @@ receive(
|
||||
* client association; a symmetric active packet mobilizes a
|
||||
* symmetric passive association.
|
||||
*/
|
||||
DPRINTF(1, ("receive: MATCH_ASSOC dispatch: mode %d/%s:%s \n",
|
||||
hismode, hm_str, am_str));
|
||||
switch (retcode) {
|
||||
|
||||
/*
|
||||
@ -1373,7 +1391,7 @@ receive(
|
||||
if (NULL == peer) {
|
||||
DPRINTF(2, ("receive: AM_MANYCAST drop: duplicate\n"));
|
||||
sys_declined++;
|
||||
return; /* ignore duplicate */
|
||||
return; /* ignore duplicate */
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1511,10 +1529,10 @@ receive(
|
||||
* is fixed at this value.
|
||||
*/
|
||||
peer = newpeer(&rbufp->recv_srcadr, NULL, match_ep,
|
||||
r4a.ippeerlimit, MODE_CLIENT, hisversion,
|
||||
pkt->ppoll, pkt->ppoll,
|
||||
FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
|
||||
0, skeyid, sys_ident);
|
||||
r4a.ippeerlimit, MODE_CLIENT, hisversion,
|
||||
pkt->ppoll, pkt->ppoll,
|
||||
FLAG_BC_VOL | FLAG_IBURST | FLAG_PREEMPT, MDF_BCLNT,
|
||||
0, skeyid, sys_ident);
|
||||
if (NULL == peer) {
|
||||
DPRINTF(2, ("receive: AM_NEWBCL drop: empty newpeer() failed\n"));
|
||||
sys_restricted++;
|
||||
@ -1529,15 +1547,19 @@ receive(
|
||||
return; /* hooray */
|
||||
|
||||
/*
|
||||
* This is the first packet received from a symmetric active
|
||||
* peer. If the packet is authentic, the first he sent, and
|
||||
* RES_NOEPEER is not enabled, mobilize a passive association
|
||||
* If not, kiss the frog.
|
||||
* This is the first packet received from a potential ephemeral
|
||||
* symmetric active peer. First, deal with broken Windows clients.
|
||||
* Then, if NOEPEER is enabled, drop it. If the packet meets our
|
||||
* authenticty requirements and is the first he sent, mobilize
|
||||
* a passive association.
|
||||
* Otherwise, kiss the frog.
|
||||
*
|
||||
* There are cases here where we do not call record_raw_stats().
|
||||
*/
|
||||
case AM_NEWPASS:
|
||||
|
||||
DEBUG_REQUIRE(MODE_ACTIVE == hismode);
|
||||
|
||||
#ifdef AUTOKEY
|
||||
/*
|
||||
* Do not respond if not the same group.
|
||||
@ -1551,27 +1573,33 @@ receive(
|
||||
if (!AUTH(sys_authenticate | (restrict_mask &
|
||||
(RES_NOPEER | RES_DONTTRUST)), is_authentic)
|
||||
) {
|
||||
if (0 == (restrict_mask & RES_NOEPEER)) {
|
||||
/*
|
||||
* If authenticated but cannot mobilize an
|
||||
* association, send a symmetric passive
|
||||
* response without mobilizing an association.
|
||||
* This is for drat broken Windows clients. See
|
||||
* Microsoft KB 875424 for preferred workaround.
|
||||
*/
|
||||
if (AUTH(restrict_mask & RES_DONTTRUST,
|
||||
is_authentic)) {
|
||||
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
|
||||
restrict_mask);
|
||||
return; /* hooray */
|
||||
}
|
||||
if (is_authentic == AUTH_ERROR) {
|
||||
fast_xmit(rbufp, MODE_ACTIVE, 0,
|
||||
restrict_mask);
|
||||
sys_restricted++;
|
||||
return;
|
||||
}
|
||||
/*
|
||||
* If authenticated but cannot mobilize an
|
||||
* association, send a symmetric passive
|
||||
* response without mobilizing an association.
|
||||
* This is for drat broken Windows clients. See
|
||||
* Microsoft KB 875424 for preferred workaround.
|
||||
*/
|
||||
if (AUTH(restrict_mask & RES_DONTTRUST,
|
||||
is_authentic)) {
|
||||
fast_xmit(rbufp, MODE_PASSIVE, skeyid,
|
||||
restrict_mask);
|
||||
return; /* hooray */
|
||||
}
|
||||
/* HMS: Why is this next set of lines a feature? */
|
||||
if (is_authentic == AUTH_ERROR) {
|
||||
fast_xmit(rbufp, MODE_PASSIVE, 0,
|
||||
restrict_mask);
|
||||
sys_restricted++;
|
||||
return;
|
||||
}
|
||||
|
||||
if (restrict_mask & RES_NOEPEER) {
|
||||
DPRINTF(2, ("receive: AM_NEWPASS drop: NOEPEER\n"));
|
||||
sys_declined++;
|
||||
return;
|
||||
}
|
||||
|
||||
/* [Bug 2941]
|
||||
* If we got here, the packet isn't part of an
|
||||
* existing association, either isn't correctly
|
||||
@ -1593,6 +1621,12 @@ receive(
|
||||
return;
|
||||
}
|
||||
|
||||
if (restrict_mask & RES_NOEPEER) {
|
||||
DPRINTF(2, ("receive: AM_NEWPASS drop: NOEPEER\n"));
|
||||
sys_declined++;
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Do not respond if synchronized and if stratum is
|
||||
* below the floor or at or above the ceiling. Note,
|
||||
@ -1670,8 +1704,8 @@ receive(
|
||||
}
|
||||
|
||||
/* This is error-worthy */
|
||||
if (pkt->ppoll < peer->minpoll ||
|
||||
pkt->ppoll > peer->maxpoll ) {
|
||||
if ( pkt->ppoll < peer->minpoll
|
||||
|| pkt->ppoll > peer->maxpoll) {
|
||||
msyslog(LOG_INFO, "receive: broadcast poll of %u from %s is out-of-range (%d to %d)!",
|
||||
pkt->ppoll, stoa(&rbufp->recv_srcadr),
|
||||
peer->minpoll, peer->maxpoll);
|
||||
@ -1719,7 +1753,7 @@ receive(
|
||||
* network is trustable, so we take our accepted
|
||||
* broadcast packets as we receive them. But
|
||||
* some folks might want to take additional poll
|
||||
* delays before believing a backward step.
|
||||
* delays before believing a backward step.
|
||||
*/
|
||||
if (sys_bcpollbstep) {
|
||||
/* pkt->ppoll or peer->ppoll ? */
|
||||
@ -1735,8 +1769,8 @@ receive(
|
||||
tdiff = p_xmt;
|
||||
L_SUB(&tdiff, &peer->bxmt);
|
||||
}
|
||||
if (tdiff.l_i < 0 &&
|
||||
(current_time - peer->timereceived) < deadband)
|
||||
if ( tdiff.l_i < 0
|
||||
&& (current_time - peer->timereceived) < deadband)
|
||||
{
|
||||
msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x",
|
||||
stoa(&rbufp->recv_srcadr),
|
||||
@ -2431,6 +2465,7 @@ process_packet(
|
||||
peer->seldisptoolarge++;
|
||||
DPRINTF(1, ("packet: flash header %04x\n",
|
||||
peer->flash));
|
||||
poll_update(peer, peer->hpoll); /* ppoll updated? */
|
||||
return;
|
||||
}
|
||||
|
||||
@ -2586,7 +2621,7 @@ process_packet(
|
||||
* between the unicast timestamp and the broadcast
|
||||
* timestamp. This works for both basic and interleaved
|
||||
* modes.
|
||||
* [Bug 3031] Don't keep this peer when the delay
|
||||
* [Bug 3031] Don't keep this peer when the delay
|
||||
* calculation gives reason to suspect clock steps.
|
||||
* This is assumed for delays > 50ms.
|
||||
*/
|
||||
@ -2977,8 +3012,6 @@ poll_update(
|
||||
} else {
|
||||
if (peer->retry > 0)
|
||||
hpoll = peer->minpoll;
|
||||
else if (!(peer->reach))
|
||||
hpoll = peer->hpoll;
|
||||
else
|
||||
hpoll = min(peer->ppoll, peer->hpoll);
|
||||
#ifdef REFCLOCK
|
||||
@ -3072,6 +3105,10 @@ peer_clear(
|
||||
peer->stratum = STRATUM_UNSPEC;
|
||||
memcpy(&peer->refid, ident, 4);
|
||||
#ifdef REFCLOCK
|
||||
} else {
|
||||
/* Clear refclock sample filter */
|
||||
peer->procptr->codeproc = 0;
|
||||
peer->procptr->coderecv = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -3987,7 +4024,7 @@ peer_xmit(
|
||||
DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n",
|
||||
current_time,
|
||||
peer->dstadr ? stoa(&peer->dstadr->sin) : "-",
|
||||
stoa(&peer->srcadr), peer->hmode, sendlen,
|
||||
stoa(&peer->srcadr), peer->hmode, sendlen,
|
||||
xmt_tx.l_ui, xmt_tx.l_uf));
|
||||
return;
|
||||
}
|
||||
@ -4330,7 +4367,7 @@ leap_smear_add_offs(
|
||||
return;
|
||||
}
|
||||
|
||||
#endif /* LEAP_SMEAR */
|
||||
#endif /* LEAP_SMEAR */
|
||||
|
||||
|
||||
/*
|
||||
|
@ -112,7 +112,7 @@ refclock_report(
|
||||
/* ignore others */
|
||||
break;
|
||||
}
|
||||
if (pp->lastevent < 15)
|
||||
if ((code != CEVNT_NOMINAL) && (pp->lastevent < 15))
|
||||
pp->lastevent++;
|
||||
if (pp->currentstatus != code) {
|
||||
pp->currentstatus = (u_char)code;
|
||||
|
@ -890,6 +890,7 @@ peer_info (
|
||||
ip->flags |= INFO_FLAG_SHORTLIST;
|
||||
ip->leap = pp->leap;
|
||||
ip->hmode = pp->hmode;
|
||||
ip->pmode = pp->pmode;
|
||||
ip->keyid = pp->keyid;
|
||||
ip->stratum = pp->stratum;
|
||||
ip->ppoll = pp->ppoll;
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed February 27, 2018 at 05:13:19 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed August 14, 2018 at 08:27:45 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpd-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpd options
|
||||
*/
|
||||
static char const ntpd_opt_strs[3132] =
|
||||
/* 0 */ "ntpd 4.2.8p11\n"
|
||||
/* 0 */ "ntpd 4.2.8p12\n"
|
||||
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3132] =
|
||||
/* 2901 */ "output version information and exit\0"
|
||||
/* 2937 */ "version\0"
|
||||
/* 2945 */ "NTPD\0"
|
||||
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p11\n"
|
||||
/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p12\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
|
||||
"\t\t[ <server1> ... <serverN> ]\n\0"
|
||||
/* 3082 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 3116 */ "\n\0"
|
||||
/* 3118 */ "ntpd 4.2.8p11";
|
||||
/* 3118 */ "ntpd 4.2.8p12";
|
||||
|
||||
/**
|
||||
* ipv4 option description with
|
||||
@ -1529,7 +1529,7 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpdOptions.pzCopyright */
|
||||
puts(_("ntpd 4.2.8p11\n\
|
||||
puts(_("ntpd 4.2.8p12\n\
|
||||
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
@ -1670,7 +1670,7 @@ implied warranty.\n"));
|
||||
puts(_("output version information and exit"));
|
||||
|
||||
/* referenced via ntpdOptions.pzUsageTitle */
|
||||
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p11\n\
|
||||
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p12\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
|
||||
\t\t[ <server1> ... <serverN> ]\n"));
|
||||
|
||||
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
|
||||
puts(_("\n"));
|
||||
|
||||
/* referenced via ntpdOptions.pzFullVersion */
|
||||
puts(_("ntpd 4.2.8p11"));
|
||||
puts(_("ntpd 4.2.8p12"));
|
||||
|
||||
/* referenced via ntpdOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed February 27, 2018 at 05:13:17 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed August 14, 2018 at 08:27:44 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpd-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -106,9 +106,9 @@ typedef enum {
|
||||
/** count of all options for ntpd */
|
||||
#define OPTION_CT 38
|
||||
/** ntpd version */
|
||||
#define NTPD_VERSION "4.2.8p11"
|
||||
#define NTPD_VERSION "4.2.8p12"
|
||||
/** Full ntpd version text */
|
||||
#define NTPD_FULL_VERSION "ntpd 4.2.8p11"
|
||||
#define NTPD_FULL_VERSION "ntpd 4.2.8p12"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpd 1ntpdman "27 Feb 2018" "4.2.8p11" "User Commands"
|
||||
.TH ntpd 1ntpdman "14 Aug 2018" "4.2.8p12" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-jbaWTB/ag-ubaOSB)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:02 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTPD 1ntpdmdoc User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:20 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
|
@ -104,6 +104,10 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
# include "ntservice.h"
|
||||
#endif
|
||||
|
||||
#ifdef _AIX
|
||||
# include <ulimit.h>
|
||||
#endif /* _AIX */
|
||||
@ -185,7 +189,6 @@ char *group; /* group to switch to */
|
||||
const char *chrootdir; /* directory to chroot to */
|
||||
uid_t sw_uid;
|
||||
gid_t sw_gid;
|
||||
char *endp;
|
||||
struct group *gr;
|
||||
struct passwd *pw;
|
||||
#endif /* HAVE_DROPROOT */
|
||||
@ -526,6 +529,219 @@ set_process_priority(void)
|
||||
}
|
||||
#endif /* !SIM */
|
||||
|
||||
#if !defined(SIM) && !defined(SYS_WINNT)
|
||||
/*
|
||||
* Detach from terminal (much like daemon())
|
||||
* Nothe that this function calls exit()
|
||||
*/
|
||||
static void
|
||||
detach_from_terminal(
|
||||
int pipe_fds[2],
|
||||
long wait_sync,
|
||||
const char *logfilename
|
||||
)
|
||||
{
|
||||
int rc;
|
||||
int exit_code;
|
||||
# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY)
|
||||
int fid;
|
||||
# endif
|
||||
# ifdef _AIX
|
||||
struct sigaction sa;
|
||||
# endif
|
||||
|
||||
rc = fork();
|
||||
if (-1 == rc) {
|
||||
exit_code = (errno) ? errno : -1;
|
||||
msyslog(LOG_ERR, "fork: %m");
|
||||
exit(exit_code);
|
||||
}
|
||||
if (rc > 0) {
|
||||
/* parent */
|
||||
exit_code = wait_child_sync_if(pipe_fds[0],
|
||||
wait_sync);
|
||||
exit(exit_code);
|
||||
}
|
||||
|
||||
/*
|
||||
* child/daemon
|
||||
* close all open files excepting waitsync_fd_to_close.
|
||||
* msyslog() unreliable until after init_logging().
|
||||
*/
|
||||
closelog();
|
||||
if (syslog_file != NULL) {
|
||||
fclose(syslog_file);
|
||||
syslog_file = NULL;
|
||||
syslogit = TRUE;
|
||||
}
|
||||
close_all_except(waitsync_fd_to_close);
|
||||
INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \
|
||||
&& 2 == dup2(0, 2));
|
||||
|
||||
init_logging(progname, 0, TRUE);
|
||||
/* we lost our logfile (if any) daemonizing */
|
||||
setup_logfile(logfilename);
|
||||
|
||||
# ifdef SYS_DOMAINOS
|
||||
{
|
||||
uid_$t puid;
|
||||
status_$t st;
|
||||
|
||||
proc2_$who_am_i(&puid);
|
||||
proc2_$make_server(&puid, &st);
|
||||
}
|
||||
# endif /* SYS_DOMAINOS */
|
||||
# ifdef HAVE_SETSID
|
||||
if (setsid() == (pid_t)-1)
|
||||
msyslog(LOG_ERR, "setsid(): %m");
|
||||
# elif defined(HAVE_SETPGID)
|
||||
if (setpgid(0, 0) == -1)
|
||||
msyslog(LOG_ERR, "setpgid(): %m");
|
||||
# else /* !HAVE_SETSID && !HAVE_SETPGID follows */
|
||||
# ifdef TIOCNOTTY
|
||||
fid = open("/dev/tty", 2);
|
||||
if (fid >= 0) {
|
||||
ioctl(fid, (u_long)TIOCNOTTY, NULL);
|
||||
close(fid);
|
||||
}
|
||||
# endif /* TIOCNOTTY */
|
||||
ntp_setpgrp(0, getpid());
|
||||
# endif /* !HAVE_SETSID && !HAVE_SETPGID */
|
||||
# ifdef _AIX
|
||||
/* Don't get killed by low-on-memory signal. */
|
||||
sa.sa_handler = catch_danger;
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sa.sa_flags = SA_RESTART;
|
||||
sigaction(SIGDANGER, &sa, NULL);
|
||||
# endif /* _AIX */
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
#ifdef HAVE_DROPROOT
|
||||
/*
|
||||
* Map user name/number to user ID
|
||||
*/
|
||||
static int
|
||||
map_user(
|
||||
)
|
||||
{
|
||||
char *endp;
|
||||
|
||||
if (isdigit((unsigned char)*user)) {
|
||||
sw_uid = (uid_t)strtoul(user, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
goto getuser;
|
||||
|
||||
if ((pw = getpwuid(sw_uid)) != NULL) {
|
||||
free(user);
|
||||
user = estrdup(pw->pw_name);
|
||||
sw_gid = pw->pw_gid;
|
||||
} else {
|
||||
errno = 0;
|
||||
msyslog(LOG_ERR, "Cannot find user ID %s", user);
|
||||
return 0;
|
||||
}
|
||||
|
||||
} else {
|
||||
getuser:
|
||||
errno = 0;
|
||||
if ((pw = getpwnam(user)) != NULL) {
|
||||
sw_uid = pw->pw_uid;
|
||||
sw_gid = pw->pw_gid;
|
||||
} else {
|
||||
if (errno)
|
||||
msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
|
||||
else
|
||||
msyslog(LOG_ERR, "Cannot find user `%s'", user);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Map group name/number to group ID
|
||||
*/
|
||||
static int
|
||||
map_group(
|
||||
)
|
||||
{
|
||||
char *endp;
|
||||
|
||||
if (isdigit((unsigned char)*group)) {
|
||||
sw_gid = (gid_t)strtoul(group, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
goto getgroup;
|
||||
} else {
|
||||
getgroup:
|
||||
if ((gr = getgrnam(group)) != NULL) {
|
||||
sw_gid = gr->gr_gid;
|
||||
} else {
|
||||
errno = 0;
|
||||
msyslog(LOG_ERR, "Cannot find group `%s'", group);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Change (effective) user and group IDs, also initialize the supplementary group access list
|
||||
*/
|
||||
int
|
||||
set_user_group_ids(
|
||||
)
|
||||
{
|
||||
/* If the the user was already mapped, no need to map it again */
|
||||
if ((NULL != user) && (0 == sw_uid)) {
|
||||
if (0 == map_user())
|
||||
exit (-1);
|
||||
}
|
||||
/* same applies for the group */
|
||||
if ((NULL != group) && (0 == sw_gid)) {
|
||||
if (0 == map_group())
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
if (user && initgroups(user, sw_gid)) {
|
||||
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
|
||||
return 0;
|
||||
}
|
||||
if (group && setgid(sw_gid)) {
|
||||
msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
|
||||
return 0;
|
||||
}
|
||||
if (group && setegid(sw_gid)) {
|
||||
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
|
||||
return 0;
|
||||
}
|
||||
if (group) {
|
||||
if (0 != setgroups(1, &sw_gid)) {
|
||||
msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
else if (pw)
|
||||
if (0 != initgroups(pw->pw_name, pw->pw_gid)) {
|
||||
msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
|
||||
return 0;
|
||||
}
|
||||
if (user && setuid(sw_uid)) {
|
||||
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
|
||||
return 0;
|
||||
}
|
||||
if (user && seteuid(sw_uid)) {
|
||||
msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
#endif /* HAVE_DROPROOT */
|
||||
#endif /* !SIM */
|
||||
|
||||
/*
|
||||
* Main program. Initialize us, disconnect us from the tty if necessary,
|
||||
@ -552,12 +768,6 @@ ntpdmain(
|
||||
int pipe_fds[2];
|
||||
int rc;
|
||||
int exit_code;
|
||||
# ifdef _AIX
|
||||
struct sigaction sa;
|
||||
# endif
|
||||
# if !defined(HAVE_SETSID) && !defined (HAVE_SETPGID) && defined(TIOCNOTTY)
|
||||
int fid;
|
||||
# endif
|
||||
# endif /* HAVE_WORKING_FORK*/
|
||||
# ifdef SCO5_CLOCK
|
||||
int fd;
|
||||
@ -725,6 +935,11 @@ ntpdmain(
|
||||
|
||||
init_lib();
|
||||
# ifdef SYS_WINNT
|
||||
/*
|
||||
* Make sure the service is initialized before we do anything else
|
||||
*/
|
||||
ntservice_init();
|
||||
|
||||
/*
|
||||
* Start interpolation thread, must occur before first
|
||||
* get_systime()
|
||||
@ -744,70 +959,7 @@ ntpdmain(
|
||||
if (!nofork) {
|
||||
|
||||
# ifdef HAVE_WORKING_FORK
|
||||
rc = fork();
|
||||
if (-1 == rc) {
|
||||
exit_code = (errno) ? errno : -1;
|
||||
msyslog(LOG_ERR, "fork: %m");
|
||||
exit(exit_code);
|
||||
}
|
||||
if (rc > 0) {
|
||||
/* parent */
|
||||
exit_code = wait_child_sync_if(pipe_fds[0],
|
||||
wait_sync);
|
||||
exit(exit_code);
|
||||
}
|
||||
|
||||
/*
|
||||
* child/daemon
|
||||
* close all open files excepting waitsync_fd_to_close.
|
||||
* msyslog() unreliable until after init_logging().
|
||||
*/
|
||||
closelog();
|
||||
if (syslog_file != NULL) {
|
||||
fclose(syslog_file);
|
||||
syslog_file = NULL;
|
||||
syslogit = TRUE;
|
||||
}
|
||||
close_all_except(waitsync_fd_to_close);
|
||||
INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \
|
||||
&& 2 == dup2(0, 2));
|
||||
|
||||
init_logging(progname, 0, TRUE);
|
||||
/* we lost our logfile (if any) daemonizing */
|
||||
setup_logfile(logfilename);
|
||||
|
||||
# ifdef SYS_DOMAINOS
|
||||
{
|
||||
uid_$t puid;
|
||||
status_$t st;
|
||||
|
||||
proc2_$who_am_i(&puid);
|
||||
proc2_$make_server(&puid, &st);
|
||||
}
|
||||
# endif /* SYS_DOMAINOS */
|
||||
# ifdef HAVE_SETSID
|
||||
if (setsid() == (pid_t)-1)
|
||||
msyslog(LOG_ERR, "setsid(): %m");
|
||||
# elif defined(HAVE_SETPGID)
|
||||
if (setpgid(0, 0) == -1)
|
||||
msyslog(LOG_ERR, "setpgid(): %m");
|
||||
# else /* !HAVE_SETSID && !HAVE_SETPGID follows */
|
||||
# ifdef TIOCNOTTY
|
||||
fid = open("/dev/tty", 2);
|
||||
if (fid >= 0) {
|
||||
ioctl(fid, (u_long)TIOCNOTTY, NULL);
|
||||
close(fid);
|
||||
}
|
||||
# endif /* TIOCNOTTY */
|
||||
ntp_setpgrp(0, getpid());
|
||||
# endif /* !HAVE_SETSID && !HAVE_SETPGID */
|
||||
# ifdef _AIX
|
||||
/* Don't get killed by low-on-memory signal. */
|
||||
sa.sa_handler = catch_danger;
|
||||
sigemptyset(&sa.sa_mask);
|
||||
sa.sa_flags = SA_RESTART;
|
||||
sigaction(SIGDANGER, &sa, NULL);
|
||||
# endif /* _AIX */
|
||||
detach_from_terminal(pipe_fds, wait_sync, logfilename);
|
||||
# endif /* HAVE_WORKING_FORK */
|
||||
}
|
||||
|
||||
@ -980,51 +1132,12 @@ ntpdmain(
|
||||
# endif /* HAVE_LINUX_CAPABILITIES || HAVE_SOLARIS_PRIVS */
|
||||
|
||||
if (user != NULL) {
|
||||
if (isdigit((unsigned char)*user)) {
|
||||
sw_uid = (uid_t)strtoul(user, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
goto getuser;
|
||||
|
||||
if ((pw = getpwuid(sw_uid)) != NULL) {
|
||||
free(user);
|
||||
user = estrdup(pw->pw_name);
|
||||
sw_gid = pw->pw_gid;
|
||||
} else {
|
||||
errno = 0;
|
||||
msyslog(LOG_ERR, "Cannot find user ID %s", user);
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
} else {
|
||||
getuser:
|
||||
errno = 0;
|
||||
if ((pw = getpwnam(user)) != NULL) {
|
||||
sw_uid = pw->pw_uid;
|
||||
sw_gid = pw->pw_gid;
|
||||
} else {
|
||||
if (errno)
|
||||
msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
|
||||
else
|
||||
msyslog(LOG_ERR, "Cannot find user `%s'", user);
|
||||
exit (-1);
|
||||
}
|
||||
}
|
||||
if (0 == map_user())
|
||||
exit (-1);
|
||||
}
|
||||
if (group != NULL) {
|
||||
if (isdigit((unsigned char)*group)) {
|
||||
sw_gid = (gid_t)strtoul(group, &endp, 0);
|
||||
if (*endp != '\0')
|
||||
goto getgroup;
|
||||
} else {
|
||||
getgroup:
|
||||
if ((gr = getgrnam(group)) != NULL) {
|
||||
sw_gid = gr->gr_gid;
|
||||
} else {
|
||||
errno = 0;
|
||||
msyslog(LOG_ERR, "Cannot find group `%s'", group);
|
||||
exit (-1);
|
||||
}
|
||||
}
|
||||
if (0 == map_group())
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
if (chrootdir ) {
|
||||
@ -1058,37 +1171,8 @@ ntpdmain(
|
||||
exit(-1);
|
||||
}
|
||||
# endif /* HAVE_SOLARIS_PRIVS */
|
||||
if (user && initgroups(user, sw_gid)) {
|
||||
msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
|
||||
exit (-1);
|
||||
}
|
||||
if (group && setgid(sw_gid)) {
|
||||
msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
|
||||
exit (-1);
|
||||
}
|
||||
if (group && setegid(sw_gid)) {
|
||||
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
|
||||
exit (-1);
|
||||
}
|
||||
if (group) {
|
||||
if (0 != setgroups(1, &sw_gid)) {
|
||||
msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid);
|
||||
exit (-1);
|
||||
}
|
||||
}
|
||||
else if (pw)
|
||||
if (0 != initgroups(pw->pw_name, pw->pw_gid)) {
|
||||
msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
|
||||
exit (-1);
|
||||
}
|
||||
if (user && setuid(sw_uid)) {
|
||||
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
|
||||
exit (-1);
|
||||
}
|
||||
if (user && seteuid(sw_uid)) {
|
||||
msyslog(LOG_ERR, "Cannot seteuid() to user `%s': %m", user);
|
||||
exit (-1);
|
||||
}
|
||||
if (0 == set_user_group_ids())
|
||||
exit(-1);
|
||||
|
||||
# if defined(HAVE_TRUSTEDBSD_MAC)
|
||||
/*
|
||||
@ -1263,6 +1347,10 @@ int scmp_sc[] = {
|
||||
}
|
||||
#endif /* LIBSECCOMP and KERN_SECCOMP */
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
ntservice_isup();
|
||||
#endif
|
||||
|
||||
# ifdef HAVE_IO_COMPLETION_PORT
|
||||
|
||||
for (;;) {
|
||||
|
@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
|
||||
symmetric and broadcast modes, and with both symmetric-key and public-key
|
||||
cryptography.
|
||||
|
||||
<p>This document applies to version 4.2.8p11 of <code>ntpd</code>.
|
||||
<p>This document applies to version 4.2.8p12 of <code>ntpd</code>.
|
||||
|
||||
<ul class="menu">
|
||||
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
|
||||
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
|
||||
used to select the program, defaulting to <span class="file">more</span>. Both will exit
|
||||
with a status code of 0.
|
||||
|
||||
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p10
|
||||
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p11
|
||||
Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
|
||||
[ <server1> ... <serverN> ]
|
||||
Flg Arg Option-Name Description
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpd @NTPD_MS@ "27 Feb 2018" "4.2.8p11" "User Commands"
|
||||
.TH ntpd @NTPD_MS@ "14 Aug 2018" "4.2.8p12" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Ffa4WQ/ag-RfaWVQ)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-jbaWTB/ag-ubaOSB)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:30 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:02 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTPD @NTPD_MS@ User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:14:47 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:20 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
|
@ -5,6 +5,8 @@
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
|
||||
// XXX: Move to header.
|
||||
size_t remoteconfig_cmdlength( const char *, const char *);
|
||||
|
||||
/* Bug 2853 */
|
||||
/* evaluate the length of the command sequence. This breaks at the first
|
||||
|
@ -485,7 +485,8 @@ datum_pts_receive(
|
||||
struct recvbuf *rbufp
|
||||
)
|
||||
{
|
||||
int i, nb;
|
||||
int i;
|
||||
size_t nb;
|
||||
l_fp tstmp;
|
||||
struct peer *p;
|
||||
struct datum_pts_unit *datum_pts;
|
||||
|
@ -1136,7 +1136,7 @@ json_token_skip(
|
||||
const json_ctx * ctx,
|
||||
tok_ref tid)
|
||||
{
|
||||
if (tid >= 0 && (u_int)tid < ctx->ntok) {
|
||||
if (tid >= 0 && tid < ctx->ntok) {
|
||||
int len = ctx->tok[tid].size;
|
||||
/* For arrays and objects, the size is the number of
|
||||
* ITEMS in the compound. Thats the number of objects in
|
||||
@ -1164,7 +1164,7 @@ json_token_skip(
|
||||
/* The next condition should never be true, but paranoia
|
||||
* prevails...
|
||||
*/
|
||||
if (tid < 0 || (u_int)tid > ctx->ntok)
|
||||
if (tid < 0 || tid > ctx->ntok)
|
||||
tid = ctx->ntok;
|
||||
}
|
||||
return tid;
|
||||
|
@ -139,8 +139,7 @@ static void jupiter_canmsg (struct instance *, u_int);
|
||||
static u_short jupiter_cksum (u_short *, u_int);
|
||||
static int jupiter_config (struct instance *);
|
||||
static void jupiter_debug (struct peer *, const char *,
|
||||
const char *, ...)
|
||||
__attribute__ ((format (printf, 3, 4)));
|
||||
const char *, ...) NTP_PRINTF(3, 4);
|
||||
static const char * jupiter_parse_t (struct instance *, u_short *);
|
||||
static const char * jupiter_parse_gpos (struct instance *, u_short *);
|
||||
static void jupiter_platform (struct instance *, u_int);
|
||||
|
@ -340,6 +340,7 @@ shm_poll(
|
||||
if (pp->coderecv != pp->codeproc) {
|
||||
/* have some samples, everything OK */
|
||||
pp->lastref = pp->lastrec;
|
||||
refclock_report(peer, CEVNT_NOMINAL);
|
||||
refclock_receive(peer);
|
||||
} else if (NULL == up->shm) { /* is this possible at all? */
|
||||
/* we're out of business without SHM access */
|
||||
|
@ -640,7 +640,7 @@ true_send(
|
||||
size_t len = strlen(cmd);
|
||||
|
||||
true_debug(peer, "Send '%s'\n", cmd);
|
||||
if (write(pp->io.fd, cmd, (unsigned)len) != len)
|
||||
if (write(pp->io.fd, cmd, len) != (ssize_t)len)
|
||||
refclock_report(peer, CEVNT_FAULT);
|
||||
else
|
||||
pp->polls++;
|
||||
|
@ -154,7 +154,7 @@ char const *progname;
|
||||
/*
|
||||
* Systemwide parameters and flags
|
||||
*/
|
||||
int sys_samples = DEFSAMPLES; /* number of samples/server */
|
||||
int sys_samples = 0; /* number of samples/server, will be modified later */
|
||||
u_long sys_timeout = DEFTIMEOUT; /* timeout time, in TIMER_HZ units */
|
||||
struct server *sys_servers; /* the server list */
|
||||
int sys_numservers = 0; /* number of servers to poll */
|
||||
@ -220,7 +220,7 @@ void input_handler (void);
|
||||
static int l_adj_systime (l_fp *);
|
||||
static int l_step_systime (l_fp *);
|
||||
|
||||
static void printserver (struct server *, FILE *);
|
||||
static void print_server (struct server *, FILE *);
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
int on = 1;
|
||||
@ -429,7 +429,7 @@ ntpdatemain (
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
|
||||
if (errflg) {
|
||||
(void) fprintf(stderr,
|
||||
"usage: %s [-46bBdqsuv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-t timeo] server ...\n",
|
||||
@ -437,6 +437,14 @@ ntpdatemain (
|
||||
exit(2);
|
||||
}
|
||||
|
||||
/*
|
||||
* If number of Samples (-p) not specified by user:
|
||||
* - if a simple_query (-q) just ONE will do
|
||||
* - otherwise the normal is DEFSAMPLES
|
||||
*/
|
||||
if (sys_samples == 0)
|
||||
sys_samples = (simple_query ? 1 : DEFSAMPLES);
|
||||
|
||||
if (debug || simple_query) {
|
||||
#ifdef HAVE_SETVBUF
|
||||
static char buf[BUFSIZ];
|
||||
@ -651,9 +659,6 @@ transmit(
|
||||
{
|
||||
struct pkt xpkt;
|
||||
|
||||
if (debug)
|
||||
printf("transmit(%s)\n", stoa(&server->srcadr));
|
||||
|
||||
if (server->filter_nextpt < server->xmtcnt) {
|
||||
l_fp ts;
|
||||
/*
|
||||
@ -674,6 +679,9 @@ transmit(
|
||||
return;
|
||||
}
|
||||
|
||||
if (debug)
|
||||
printf("transmit(%s)\n", stoa(&server->srcadr));
|
||||
|
||||
/*
|
||||
* If we're here, send another message to the server. Fill in
|
||||
* the packet and let 'er rip.
|
||||
@ -849,7 +857,7 @@ receive(
|
||||
NTOHL_FP(&rpkt->xmt, &server->org);
|
||||
|
||||
/*
|
||||
* Make sure the server is at least somewhat sane. If not, try
|
||||
* Make sure the server is at least somewhat sane. If not, try
|
||||
* again.
|
||||
*/
|
||||
if (L_ISZERO(&rec) || !L_ISHIS(&server->org, &rec)) {
|
||||
@ -956,7 +964,7 @@ clock_filter(
|
||||
int ord[NTP_SHIFT];
|
||||
|
||||
INSIST((0 < sys_samples) && (sys_samples <= NTP_SHIFT));
|
||||
|
||||
|
||||
/*
|
||||
* Sort indices into increasing delay order
|
||||
*/
|
||||
@ -1042,15 +1050,15 @@ clock_select(void)
|
||||
/*
|
||||
* This first chunk of code is supposed to go through all
|
||||
* servers we know about to find the NTP_MAXLIST servers which
|
||||
* are most likely to succeed. We run through the list
|
||||
* are most likely to succeed. We run through the list
|
||||
* doing the sanity checks and trying to insert anyone who
|
||||
* looks okay. We are at all times aware that we should
|
||||
* looks okay. We are at all times aware that we should
|
||||
* only keep samples from the top two strata and we only need
|
||||
* NTP_MAXLIST of them.
|
||||
*/
|
||||
nlist = 0; /* none yet */
|
||||
for (server = sys_servers; server != NULL; server = server->next_server) {
|
||||
if (server->delay == 0) {
|
||||
if (server->stratum == 0) {
|
||||
if (debug)
|
||||
printf("%s: Server dropped: no data\n", ntoa(&server->srcadr));
|
||||
continue; /* no data */
|
||||
@ -1062,25 +1070,25 @@ clock_select(void)
|
||||
}
|
||||
if (server->delay > NTP_MAXWGT) {
|
||||
if (debug)
|
||||
printf("%s: Server dropped: server too far away\n",
|
||||
printf("%s: Server dropped: server too far away\n",
|
||||
ntoa(&server->srcadr));
|
||||
continue; /* too far away */
|
||||
}
|
||||
if (server->leap == LEAP_NOTINSYNC) {
|
||||
if (debug)
|
||||
printf("%s: Server dropped: Leap not in sync\n", ntoa(&server->srcadr));
|
||||
printf("%s: Server dropped: leap not in sync\n", ntoa(&server->srcadr));
|
||||
continue; /* he's in trouble */
|
||||
}
|
||||
if (!L_ISHIS(&server->org, &server->reftime)) {
|
||||
if (debug)
|
||||
printf("%s: Server dropped: server is very broken\n",
|
||||
printf("%s: Server dropped: server is very broken\n",
|
||||
ntoa(&server->srcadr));
|
||||
continue; /* very broken host */
|
||||
}
|
||||
if ((server->org.l_ui - server->reftime.l_ui)
|
||||
>= NTP_MAXAGE) {
|
||||
if (debug)
|
||||
printf("%s: Server dropped: Server has gone too long without sync\n",
|
||||
printf("%s: Server dropped: server has gone too long without sync\n",
|
||||
ntoa(&server->srcadr));
|
||||
continue; /* too long without sync */
|
||||
}
|
||||
@ -1256,8 +1264,10 @@ clock_adjust(void)
|
||||
server = clock_select();
|
||||
|
||||
if (debug || simple_query) {
|
||||
if (debug)
|
||||
printf ("\n");
|
||||
for (sp = sys_servers; sp != NULL; sp = sp->next_server)
|
||||
printserver(sp, stdout);
|
||||
print_server(sp, stdout);
|
||||
}
|
||||
|
||||
if (server == 0) {
|
||||
@ -1283,31 +1293,17 @@ clock_adjust(void)
|
||||
}
|
||||
|
||||
if (dostep) {
|
||||
if (simple_query || debug || l_step_systime(&server->offset)){
|
||||
if (simple_query || l_step_systime(&server->offset)){
|
||||
msyslog(LOG_NOTICE, "step time server %s offset %s sec",
|
||||
stoa(&server->srcadr),
|
||||
lfptoa(&server->offset, 6));
|
||||
}
|
||||
} else {
|
||||
#ifndef SYS_WINNT
|
||||
if (simple_query || l_adj_systime(&server->offset)) {
|
||||
msyslog(LOG_NOTICE, "adjust time server %s offset %s sec",
|
||||
stoa(&server->srcadr),
|
||||
lfptoa(&server->offset, 6));
|
||||
}
|
||||
#else
|
||||
/* The NT SetSystemTimeAdjustment() call achieves slewing by
|
||||
* changing the clock frequency. This means that we cannot specify
|
||||
* it to slew the clock by a definite amount and then stop like
|
||||
* the Unix adjtime() routine. We can technically adjust the clock
|
||||
* frequency, have ntpdate sleep for a while, and then wake
|
||||
* up and reset the clock frequency, but this might cause some
|
||||
* grief if the user attempts to run ntpd immediately after
|
||||
* ntpdate and the socket is in use.
|
||||
*/
|
||||
printf("\nThe -b option is required by ntpdate on Windows NT platforms\n");
|
||||
exit(1);
|
||||
#endif /* SYS_WINNT */
|
||||
}
|
||||
return(0);
|
||||
}
|
||||
@ -1440,7 +1436,7 @@ findserver(
|
||||
if (SRCPORT(addr) != NTP_PORT)
|
||||
return 0;
|
||||
|
||||
for (server = sys_servers; server != NULL;
|
||||
for (server = sys_servers; server != NULL;
|
||||
server = server->next_server) {
|
||||
if (SOCK_EQ(addr, &server->srcadr))
|
||||
return server;
|
||||
@ -1451,7 +1447,7 @@ findserver(
|
||||
}
|
||||
}
|
||||
|
||||
if (mc_server != NULL) {
|
||||
if (mc_server != NULL) {
|
||||
|
||||
struct server *sp;
|
||||
|
||||
@ -1494,7 +1490,7 @@ timer(void)
|
||||
* who's event timers have expired. Give these to
|
||||
* the transmit routine.
|
||||
*/
|
||||
for (server = sys_servers; server != NULL;
|
||||
for (server = sys_servers; server != NULL;
|
||||
server = server->next_server) {
|
||||
if (server->event_time != 0
|
||||
&& server->event_time <= current_time)
|
||||
@ -1520,7 +1516,7 @@ alarming(
|
||||
alarm_flag++;
|
||||
}
|
||||
#else /* SYS_WINNT follows */
|
||||
void CALLBACK
|
||||
void CALLBACK
|
||||
alarming(UINT uTimerID, UINT uMsg, DWORD dwUser, DWORD dw1, DWORD dw2)
|
||||
{
|
||||
UNUSED_ARG(uTimerID); UNUSED_ARG(uMsg); UNUSED_ARG(dwUser);
|
||||
@ -1605,24 +1601,26 @@ init_alarm(void)
|
||||
#else /* SYS_WINNT follows */
|
||||
_tzset();
|
||||
|
||||
/*
|
||||
* Get privileges needed for fiddling with the clock
|
||||
*/
|
||||
if (!simple_query && !debug) {
|
||||
/*
|
||||
* Get privileges needed for fiddling with the clock
|
||||
*/
|
||||
|
||||
/* get the current process token handle */
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
|
||||
msyslog(LOG_ERR, "OpenProcessToken failed: %m");
|
||||
exit(1);
|
||||
/* get the current process token handle */
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
|
||||
msyslog(LOG_ERR, "OpenProcessToken failed: %m");
|
||||
exit(1);
|
||||
}
|
||||
/* get the LUID for system-time privilege. */
|
||||
LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &tkp.Privileges[0].Luid);
|
||||
tkp.PrivilegeCount = 1; /* one privilege to set */
|
||||
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
/* get set-time privilege for this process. */
|
||||
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0);
|
||||
/* cannot test return value of AdjustTokenPrivileges. */
|
||||
if (GetLastError() != ERROR_SUCCESS)
|
||||
msyslog(LOG_ERR, "AdjustTokenPrivileges failed: %m");
|
||||
}
|
||||
/* get the LUID for system-time privilege. */
|
||||
LookupPrivilegeValue(NULL, SE_SYSTEMTIME_NAME, &tkp.Privileges[0].Luid);
|
||||
tkp.PrivilegeCount = 1; /* one privilege to set */
|
||||
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
/* get set-time privilege for this process. */
|
||||
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,(PTOKEN_PRIVILEGES) NULL, 0);
|
||||
/* cannot test return value of AdjustTokenPrivileges. */
|
||||
if (GetLastError() != ERROR_SUCCESS)
|
||||
msyslog(LOG_ERR, "AdjustTokenPrivileges failed: %m");
|
||||
|
||||
/*
|
||||
* Set up timer interrupts for every 2**EVENT_TIMEOUT seconds
|
||||
@ -1996,7 +1994,6 @@ input_handler(void)
|
||||
}
|
||||
|
||||
|
||||
#if !defined SYS_WINNT && !defined SYS_CYGWIN32
|
||||
/*
|
||||
* adj_systime - do a big long slew of the system time
|
||||
*/
|
||||
@ -2041,15 +2038,30 @@ l_adj_systime(
|
||||
adjtv.tv_usec = -adjtv.tv_usec;
|
||||
}
|
||||
|
||||
if (adjtv.tv_usec != 0 && !debug) {
|
||||
if (!debug && (adjtv.tv_usec != 0)) {
|
||||
/* A time correction needs to be applied. */
|
||||
#if !defined SYS_WINNT && !defined SYS_CYGWIN32
|
||||
/* Slew the time on systems that support this. */
|
||||
if (adjtime(&adjtv, &oadjtv) < 0) {
|
||||
msyslog(LOG_ERR, "Can't adjust the time of day: %m");
|
||||
exit(1);
|
||||
}
|
||||
#else /* SYS_WINNT or SYS_CYGWIN32 is defined */
|
||||
/*
|
||||
* The NT SetSystemTimeAdjustment() call achieves slewing by
|
||||
* changing the clock frequency. This means that we cannot specify
|
||||
* it to slew the clock by a definite amount and then stop like
|
||||
* the Unix adjtime() routine. We can technically adjust the clock
|
||||
* frequency, have ntpdate sleep for a while, and then wake
|
||||
* up and reset the clock frequency, but this might cause some
|
||||
* grief if the user attempts to run ntpd immediately after
|
||||
* ntpdate and the socket is in use.
|
||||
*/
|
||||
printf("\nSlewing the system time is not supported on Windows. Use the -b option to step the time.\n");
|
||||
#endif /* defined SYS_WINNT || defined SYS_CYGWIN32 */
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
#endif /* SYS_WINNT */
|
||||
|
||||
|
||||
/*
|
||||
@ -2068,11 +2080,14 @@ l_step_systime(
|
||||
int isneg;
|
||||
int n;
|
||||
|
||||
if (debug) return 1;
|
||||
if (debug)
|
||||
return 1;
|
||||
|
||||
/*
|
||||
* Take the absolute value of the offset
|
||||
*/
|
||||
ftmp = *ts;
|
||||
|
||||
if (L_ISNEG(&ftmp)) {
|
||||
L_NEG(&ftmp);
|
||||
isneg = 1;
|
||||
@ -2082,9 +2097,9 @@ l_step_systime(
|
||||
if (ftmp.l_ui >= 3) { /* Step it and slew - we might win */
|
||||
LFPTOD(ts, dtemp);
|
||||
n = step_systime(dtemp);
|
||||
if (!n)
|
||||
return n;
|
||||
if (isneg)
|
||||
if (n == 0)
|
||||
return 0;
|
||||
if (isneg) /* WTF! */
|
||||
ts->l_ui = ~0;
|
||||
else
|
||||
ts->l_ui = ~0;
|
||||
@ -2113,12 +2128,12 @@ l_step_systime(
|
||||
}
|
||||
|
||||
|
||||
/* XXX ELIMINATE printserver similar in ntptrace.c, ntpdate.c */
|
||||
/* XXX ELIMINATE print_server similar in ntptrace.c, ntpdate.c */
|
||||
/*
|
||||
* printserver - print detail information for a server
|
||||
* print_server - print detail information for a server
|
||||
*/
|
||||
static void
|
||||
printserver(
|
||||
print_server(
|
||||
register struct server *pp,
|
||||
FILE *fp
|
||||
)
|
||||
@ -2127,6 +2142,9 @@ printserver(
|
||||
char junk[5];
|
||||
const char *str;
|
||||
|
||||
if (pp->stratum == 0) /* Nothing received => nothing to print */
|
||||
return;
|
||||
|
||||
if (!debug) {
|
||||
(void) fprintf(fp, "server %s, stratum %d, offset %s, delay %s\n",
|
||||
stoa(&pp->srcadr), pp->stratum,
|
||||
@ -2143,17 +2161,20 @@ printserver(
|
||||
pp->leap & 0x1 ? '1' : '0',
|
||||
pp->trust);
|
||||
|
||||
if (pp->stratum == 1) {
|
||||
junk[4] = 0;
|
||||
memmove(junk, (char *)&pp->refid, 4);
|
||||
if (REFID_ISTEXT(pp->stratum)) {
|
||||
str = (char *) &pp->refid;
|
||||
for (i=0; i<4 && str[i]; i++) {
|
||||
junk[i] = (isprint(str[i]) ? str[i] : '.');
|
||||
}
|
||||
junk[i] = 0; // force terminating 0
|
||||
str = junk;
|
||||
} else {
|
||||
str = stoa(&pp->srcadr);
|
||||
str = numtoa(pp->refid);
|
||||
}
|
||||
(void) fprintf(fp,
|
||||
"refid [%s], delay %s, dispersion %s\n",
|
||||
str, fptoa((s_fp)pp->delay, 5),
|
||||
ufptoa(pp->dispersion, 5));
|
||||
"refid [%s], root delay %s, root dispersion %s\n",
|
||||
str, fptoa((s_fp)pp->rootdelay, 6),
|
||||
ufptoa(pp->rootdisp, 6));
|
||||
|
||||
(void) fprintf(fp, "transmitted %d, in filter %d\n",
|
||||
pp->xmtcnt, pp->filter_nextpt);
|
||||
@ -2165,21 +2186,23 @@ printserver(
|
||||
(void) fprintf(fp, "transmit timestamp: %s\n",
|
||||
prettydate(&pp->xmt));
|
||||
|
||||
(void) fprintf(fp, "filter delay: ");
|
||||
for (i = 0; i < NTP_SHIFT; i++) {
|
||||
(void) fprintf(fp, " %-8.8s", fptoa(pp->filter_delay[i], 5));
|
||||
if (i == (NTP_SHIFT>>1)-1)
|
||||
(void) fprintf(fp, "\n ");
|
||||
}
|
||||
(void) fprintf(fp, "\n");
|
||||
if (sys_samples > 1) {
|
||||
(void) fprintf(fp, "filter delay: ");
|
||||
for (i = 0; i < NTP_SHIFT; i++) {
|
||||
(void) fprintf(fp, " %-8.8s", fptoa(pp->filter_delay[i], 5));
|
||||
if (i == (NTP_SHIFT>>1)-1)
|
||||
(void) fprintf(fp, "\n ");
|
||||
}
|
||||
(void) fprintf(fp, "\n");
|
||||
|
||||
(void) fprintf(fp, "filter offset:");
|
||||
for (i = 0; i < PEER_SHIFT; i++) {
|
||||
(void) fprintf(fp, " %-8.8s", lfptoa(&pp->filter_offset[i], 6));
|
||||
if (i == (PEER_SHIFT>>1)-1)
|
||||
(void) fprintf(fp, "\n ");
|
||||
(void) fprintf(fp, "filter offset:");
|
||||
for (i = 0; i < PEER_SHIFT; i++) {
|
||||
(void) fprintf(fp, " %-8.8s", lfptoa(&pp->filter_offset[i], 6));
|
||||
if (i == (PEER_SHIFT>>1)-1)
|
||||
(void) fprintf(fp, "\n ");
|
||||
}
|
||||
(void) fprintf(fp, "\n");
|
||||
}
|
||||
(void) fprintf(fp, "\n");
|
||||
|
||||
(void) fprintf(fp, "delay %s, dispersion %s\n",
|
||||
fptoa((s_fp)pp->delay, 5), ufptoa(pp->dispersion, 5));
|
||||
@ -2227,7 +2250,7 @@ isc_boolean_t ntp_port_inuse(int af, u_short port)
|
||||
* Check if NTP socket is already in use on this system
|
||||
* This is only for Windows Systems, as they tend not to fail on the real bind() below
|
||||
*/
|
||||
|
||||
|
||||
SOCKET checksocket;
|
||||
struct sockaddr_in checkservice;
|
||||
checksocket = socket(af, SOCK_DGRAM, 0);
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi)
|
||||
#
|
||||
# It has been AutoGen-ed February 27, 2018 at 05:15:06 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed August 14, 2018 at 08:29:40 AM by AutoGen 5.18.5
|
||||
# From the definitions ntpdc-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -76,7 +76,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11
|
||||
ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12
|
||||
Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 DNS name resolution
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed August 14, 2018 at 08:29:29 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpdc-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpdc options
|
||||
*/
|
||||
static char const ntpdc_opt_strs[1914] =
|
||||
/* 0 */ "ntpdc 4.2.8p11\n"
|
||||
/* 0 */ "ntpdc 4.2.8p12\n"
|
||||
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
@ -128,14 +128,14 @@ static char const ntpdc_opt_strs[1914] =
|
||||
/* 1695 */ "no-load-opts\0"
|
||||
/* 1708 */ "no\0"
|
||||
/* 1711 */ "NTPDC\0"
|
||||
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n"
|
||||
/* 1717 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
|
||||
/* 1848 */ "$HOME\0"
|
||||
/* 1854 */ ".\0"
|
||||
/* 1856 */ ".ntprc\0"
|
||||
/* 1863 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 1897 */ "\n\0"
|
||||
/* 1899 */ "ntpdc 4.2.8p11";
|
||||
/* 1899 */ "ntpdc 4.2.8p12";
|
||||
|
||||
/**
|
||||
* ipv4 option description with
|
||||
@ -796,7 +796,7 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpdcOptions.pzCopyright */
|
||||
puts(_("ntpdc 4.2.8p11\n\
|
||||
puts(_("ntpdc 4.2.8p12\n\
|
||||
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
@ -862,14 +862,14 @@ implied warranty.\n"));
|
||||
puts(_("load options from a config file"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzUsageTitle */
|
||||
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11\n\
|
||||
puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzExplain */
|
||||
puts(_("\n"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzFullVersion */
|
||||
puts(_("ntpdc 4.2.8p11"));
|
||||
puts(_("ntpdc 4.2.8p12"));
|
||||
|
||||
/* referenced via ntpdcOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpdc-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed February 27, 2018 at 05:14:56 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed August 14, 2018 at 08:29:28 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpdc-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -83,9 +83,9 @@ typedef enum {
|
||||
/** count of all options for ntpdc */
|
||||
#define OPTION_CT 15
|
||||
/** ntpdc version */
|
||||
#define NTPDC_VERSION "4.2.8p11"
|
||||
#define NTPDC_VERSION "4.2.8p12"
|
||||
/** Full ntpdc version text */
|
||||
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p11"
|
||||
#define NTPDC_FULL_VERSION "ntpdc 4.2.8p12"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpdc 1ntpdcman "27 Feb 2018" "4.2.8p11" "User Commands"
|
||||
.TH ntpdc 1ntpdcman "14 Aug 2018" "4.2.8p12" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-uwaqJD/ag-GwaiID)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:36 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTPDC 1ntpdcmdoc User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:15:09 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:43 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
|
@ -226,15 +226,27 @@ static const char *chosts[MAXHOSTS];
|
||||
#define STREQ(a, b) (*(a) == *(b) && strcmp((a), (b)) == 0)
|
||||
|
||||
/*
|
||||
* Jump buffer for longjumping back to the command level
|
||||
* Jump buffer for longjumping back to the command level.
|
||||
*
|
||||
* See ntpq/ntpq.c for an explanation why 'sig{set,long}jmp()' is used
|
||||
* when available.
|
||||
*/
|
||||
static jmp_buf interrupt_buf;
|
||||
static volatile int jump = 0;
|
||||
#if HAVE_DECL_SIGSETJMP && HAVE_DECL_SIGLONGJMP
|
||||
# define JMP_BUF sigjmp_buf
|
||||
# define SETJMP(x) sigsetjmp((x), 1)
|
||||
# define LONGJMP(x, v) siglongjmp((x),(v))
|
||||
#else
|
||||
# define JMP_BUF jmp_buf
|
||||
# define SETJMP(x) setjmp((x))
|
||||
# define LONGJMP(x, v) longjmp((x),(v))
|
||||
#endif
|
||||
static JMP_BUF interrupt_buf;
|
||||
static volatile int jump = 0;
|
||||
|
||||
/*
|
||||
* Pointer to current output unit
|
||||
*/
|
||||
static FILE *current_output;
|
||||
static FILE *current_output = NULL;
|
||||
|
||||
/*
|
||||
* Command table imported from ntpdc_ops.c
|
||||
@ -275,7 +287,6 @@ ntpdcmain(
|
||||
char *argv[]
|
||||
)
|
||||
{
|
||||
|
||||
delay_time.l_ui = 0;
|
||||
delay_time.l_uf = DEFDELAY;
|
||||
|
||||
@ -352,7 +363,7 @@ ntpdcmain(
|
||||
|
||||
#ifndef SYS_WINNT /* Under NT cannot handle SIGINT, WIN32 spawns a handler */
|
||||
if (interactive)
|
||||
(void) signal_no_reset(SIGINT, abortcmd);
|
||||
(void) signal_no_reset(SIGINT, abortcmd);
|
||||
#endif /* SYS_WINNT */
|
||||
|
||||
/*
|
||||
@ -393,31 +404,28 @@ openhost(
|
||||
)
|
||||
{
|
||||
char temphost[LENHOSTNAME];
|
||||
int a_info, i;
|
||||
int a_info;
|
||||
struct addrinfo hints, *ai = NULL;
|
||||
sockaddr_u addr;
|
||||
size_t octets;
|
||||
register const char *cp;
|
||||
const char *cp;
|
||||
char name[LENHOSTNAME];
|
||||
char service[5];
|
||||
|
||||
/*
|
||||
* We need to get by the [] if they were entered
|
||||
*/
|
||||
|
||||
cp = hname;
|
||||
|
||||
if (*cp == '[') {
|
||||
cp++;
|
||||
for (i = 0; *cp && *cp != ']'; cp++, i++)
|
||||
name[i] = *cp;
|
||||
if (*cp == ']') {
|
||||
name[i] = '\0';
|
||||
hname = name;
|
||||
} else {
|
||||
if (*hname == '[') {
|
||||
cp = strchr(hname + 1, ']');
|
||||
if (!cp || (octets = (size_t)(cp - hname) - 1) >= sizeof(name)) {
|
||||
errno = EINVAL;
|
||||
warning("%s", "bad hostname/address");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
memcpy(name, hname + 1, octets);
|
||||
name[octets] = '\0';
|
||||
hname = name;
|
||||
}
|
||||
|
||||
/*
|
||||
* First try to resolve it as an ip address and if that fails,
|
||||
@ -944,7 +952,7 @@ sendrequest(
|
||||
if (!maclen) {
|
||||
fprintf(stderr, "Key not found\n");
|
||||
return 1;
|
||||
} else if (maclen != (int)(info_auth_hashlen + sizeof(keyid_t))) {
|
||||
} else if (maclen != (size_t)(info_auth_hashlen + sizeof(keyid_t))) {
|
||||
fprintf(stderr,
|
||||
"%zu octet MAC, %zu expected with %zu octet digest\n",
|
||||
maclen, (info_auth_hashlen + sizeof(keyid_t)),
|
||||
@ -1118,12 +1126,14 @@ abortcmd(
|
||||
int sig
|
||||
)
|
||||
{
|
||||
|
||||
if (current_output == stdout)
|
||||
(void) fflush(stdout);
|
||||
(void)fflush(stdout);
|
||||
putc('\n', stderr);
|
||||
(void) fflush(stderr);
|
||||
if (jump) longjmp(interrupt_buf, 1);
|
||||
(void)fflush(stderr);
|
||||
if (jump) {
|
||||
jump = 0;
|
||||
LONGJMP(interrupt_buf, 1);
|
||||
}
|
||||
}
|
||||
#endif /* SYS_WINNT */
|
||||
|
||||
@ -1235,14 +1245,22 @@ docmd(
|
||||
current_output = stdout;
|
||||
}
|
||||
|
||||
if (interactive && setjmp(interrupt_buf)) {
|
||||
return;
|
||||
if (interactive) {
|
||||
if ( ! SETJMP(interrupt_buf)) {
|
||||
jump = 1;
|
||||
(xcmd->handler)(&pcmd, current_output);
|
||||
jump = 0;
|
||||
} else {
|
||||
fflush(current_output);
|
||||
fputs("\n >>> command aborted <<<\n", stderr);
|
||||
fflush(stderr);
|
||||
}
|
||||
} else {
|
||||
jump = 1;
|
||||
(xcmd->handler)(&pcmd, current_output);
|
||||
jump = 0;
|
||||
if (current_output != stdout)
|
||||
(void) fclose(current_output);
|
||||
(xcmd->handler)(&pcmd, current_output);
|
||||
}
|
||||
if ((NULL != current_output) && (stdout != current_output)) {
|
||||
(void)fclose(current_output);
|
||||
current_output = NULL;
|
||||
}
|
||||
}
|
||||
|
@ -36,7 +36,7 @@ display the time offset of the system clock relative to the server
|
||||
clock. Run as root, it can correct the system clock to this offset as
|
||||
well. It can be run as an interactive command or from a cron job.
|
||||
|
||||
<p>This document applies to version 4.2.8p11 of <code>ntpdc</code>.
|
||||
<p>This document applies to version 4.2.8p12 of <code>ntpdc</code>.
|
||||
|
||||
<p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4
|
||||
IETF specification.
|
||||
@ -152,7 +152,7 @@ the usage text by passing it through a pager program.
|
||||
used to select the program, defaulting to <span class="file">more</span>. Both will exit
|
||||
with a status code of 0.
|
||||
|
||||
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p11
|
||||
<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p12
|
||||
Usage: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 DNS name resolution
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpdc @NTPDC_MS@ "27 Feb 2018" "4.2.8p11" "User Commands"
|
||||
.TH ntpdc @NTPDC_MS@ "14 Aug 2018" "4.2.8p12" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-MnaqKS/ag-YnaiJS)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-uwaqJD/ag-GwaiID)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:15:03 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:36 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTPDC @NTPDC_MS@ User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:15:09 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:43 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpdc-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi)
|
||||
#
|
||||
# It has been AutoGen-ed February 27, 2018 at 05:15:26 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed August 14, 2018 at 08:30:02 AM by AutoGen 5.18.5
|
||||
# From the definitions ntpq-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -944,7 +944,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpq - standard NTP query program - Ver. 4.2.8p11
|
||||
ntpq - standard NTP query program - Ver. 4.2.8p12
|
||||
Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 name resolution
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpq-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed February 27, 2018 at 05:15:12 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed August 14, 2018 at 08:29:47 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpq-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -69,7 +69,7 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpq options
|
||||
*/
|
||||
static char const ntpq_opt_strs[1977] =
|
||||
/* 0 */ "ntpq 4.2.8p11\n"
|
||||
/* 0 */ "ntpq 4.2.8p12\n"
|
||||
"Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
@ -132,13 +132,13 @@ static char const ntpq_opt_strs[1977] =
|
||||
/* 1768 */ "no-load-opts\0"
|
||||
/* 1781 */ "no\0"
|
||||
/* 1784 */ "NTPQ\0"
|
||||
/* 1789 */ "ntpq - standard NTP query program - Ver. 4.2.8p11\n"
|
||||
/* 1789 */ "ntpq - standard NTP query program - Ver. 4.2.8p12\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0"
|
||||
/* 1909 */ "$HOME\0"
|
||||
/* 1915 */ ".\0"
|
||||
/* 1917 */ ".ntprc\0"
|
||||
/* 1924 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 1958 */ "ntpq 4.2.8p11\0"
|
||||
/* 1958 */ "ntpq 4.2.8p12\0"
|
||||
/* 1972 */ "hash";
|
||||
|
||||
/**
|
||||
@ -841,7 +841,7 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpqOptions.pzCopyright */
|
||||
puts(_("ntpq 4.2.8p11\n\
|
||||
puts(_("ntpq 4.2.8p12\n\
|
||||
Copyright (C) 1992-2017 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
@ -910,11 +910,11 @@ implied warranty.\n"));
|
||||
puts(_("load options from a config file"));
|
||||
|
||||
/* referenced via ntpqOptions.pzUsageTitle */
|
||||
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p11\n\
|
||||
puts(_("ntpq - standard NTP query program - Ver. 4.2.8p12\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n"));
|
||||
|
||||
/* referenced via ntpqOptions.pzFullVersion */
|
||||
puts(_("ntpq 4.2.8p11"));
|
||||
puts(_("ntpq 4.2.8p12"));
|
||||
|
||||
/* referenced via ntpqOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpq-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed February 27, 2018 at 05:15:12 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed August 14, 2018 at 08:29:47 AM by AutoGen 5.18.5
|
||||
* From the definitions ntpq-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -84,9 +84,9 @@ typedef enum {
|
||||
/** count of all options for ntpq */
|
||||
#define OPTION_CT 16
|
||||
/** ntpq version */
|
||||
#define NTPQ_VERSION "4.2.8p11"
|
||||
#define NTPQ_VERSION "4.2.8p12"
|
||||
/** Full ntpq version text */
|
||||
#define NTPQ_FULL_VERSION "ntpq 4.2.8p11"
|
||||
#define NTPQ_FULL_VERSION "ntpq 4.2.8p12"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
@ -446,6 +446,7 @@ doaddvlist(
|
||||
|
||||
len = strlen(vars);
|
||||
while (nextvar(&len, &vars, &name, &value)) {
|
||||
INSIST(name && value);
|
||||
vl = findlistvar(vlist, name);
|
||||
if (NULL == vl) {
|
||||
fprintf(stderr, "Variable list full\n");
|
||||
@ -481,6 +482,7 @@ dormvlist(
|
||||
|
||||
len = strlen(vars);
|
||||
while (nextvar(&len, &vars, &name, &value)) {
|
||||
INSIST(name && value);
|
||||
vl = findlistvar(vlist, name);
|
||||
if (vl == 0 || vl->name == 0) {
|
||||
(void) fprintf(stderr, "Variable `%s' not found\n",
|
||||
@ -1153,7 +1155,7 @@ printassoc(
|
||||
* Output a header
|
||||
*/
|
||||
(void) fprintf(fp,
|
||||
"\nind assid status conf reach auth condition last_event cnt\n");
|
||||
"ind assid status conf reach auth condition last_event cnt\n");
|
||||
(void) fprintf(fp,
|
||||
"===========================================================\n");
|
||||
for (i = 0; i < numassoc; i++) {
|
||||
@ -1475,31 +1477,36 @@ prettyinterval(
|
||||
}
|
||||
|
||||
if (diff <= 2048) {
|
||||
snprintf(buf, cb, "%ld", diff);
|
||||
snprintf(buf, cb, "%u", (unsigned int)diff);
|
||||
return buf;
|
||||
}
|
||||
|
||||
diff = (diff + 29) / 60;
|
||||
if (diff <= 300) {
|
||||
snprintf(buf, cb, "%ldm", diff);
|
||||
snprintf(buf, cb, "%um", (unsigned int)diff);
|
||||
return buf;
|
||||
}
|
||||
|
||||
diff = (diff + 29) / 60;
|
||||
if (diff <= 96) {
|
||||
snprintf(buf, cb, "%ldh", diff);
|
||||
snprintf(buf, cb, "%uh", (unsigned int)diff);
|
||||
return buf;
|
||||
}
|
||||
|
||||
diff = (diff + 11) / 24;
|
||||
if (diff <= 999) {
|
||||
snprintf(buf, cb, "%ldd", diff);
|
||||
snprintf(buf, cb, "%ud", (unsigned int)diff);
|
||||
return buf;
|
||||
}
|
||||
|
||||
/* years are only approximated... */
|
||||
diff = (long)floor(diff / 365.25 + 0.5);
|
||||
snprintf(buf, cb, "%ldy", diff);
|
||||
if (diff <= 999) {
|
||||
snprintf(buf, cb, "%uy", (unsigned int)diff);
|
||||
return buf;
|
||||
}
|
||||
/* Ok, this amounts to infinity... */
|
||||
strlcpy(buf, "INF", cb);
|
||||
return buf;
|
||||
}
|
||||
|
||||
@ -1638,10 +1645,14 @@ doprintpeers(
|
||||
l_fp rec;
|
||||
l_fp ts;
|
||||
u_long poll_sec;
|
||||
u_long flash = 0;
|
||||
char type = '?';
|
||||
char whenbuf[8], pollbuf[8];
|
||||
char clock_name[LENHOSTNAME];
|
||||
|
||||
char whenbuf[12], pollbuf[12];
|
||||
/* [Bug 3482] formally whenbuf & pollbuf should be able to hold
|
||||
* a full signed int. Not that we would use that much string
|
||||
* data for it...
|
||||
*/
|
||||
get_systime(&ts);
|
||||
|
||||
have_srchost = FALSE;
|
||||
@ -1657,6 +1668,7 @@ doprintpeers(
|
||||
ZERO(estdisp);
|
||||
|
||||
while (nextvar(&datalen, &data, &name, &value)) {
|
||||
INSIST(name && value);
|
||||
if (!strcmp("srcadr", name) ||
|
||||
!strcmp("peeradr", name)) {
|
||||
if (!decodenetnum(value, &srcadr))
|
||||
@ -1771,6 +1783,8 @@ doprintpeers(
|
||||
} else if (!strcmp("reftime", name)) {
|
||||
if (!decodets(value, &reftime))
|
||||
L_CLR(&reftime);
|
||||
} else if (!strcmp("flash", name)) {
|
||||
decodeuint(value, &flash);
|
||||
} else {
|
||||
// fprintf(stderr, "UNRECOGNIZED name=%s ", name);
|
||||
}
|
||||
@ -1850,7 +1864,9 @@ doprintpeers(
|
||||
+ 1 + 15 + 1, "");
|
||||
else
|
||||
fprintf(fp, "%c%-15.15s ", c, clock_name);
|
||||
if (!have_da_rid) {
|
||||
if ((flash & TEST12) && (pvl != opeervarlist)) {
|
||||
drlen = fprintf(fp, "(loop)");
|
||||
} else if (!have_da_rid) {
|
||||
drlen = 0;
|
||||
} else {
|
||||
drlen = strlen(dstadr_refid);
|
||||
@ -2381,7 +2397,7 @@ fetch_nonce(
|
||||
return FALSE;
|
||||
}
|
||||
chars = rsize - (sizeof(nonce_eq) - 1);
|
||||
if (chars >= (int)cb_nonce)
|
||||
if (chars >= cb_nonce)
|
||||
return FALSE;
|
||||
memcpy(nonce, rdata + sizeof(nonce_eq) - 1, chars);
|
||||
nonce[chars] = '\0';
|
||||
@ -2647,6 +2663,7 @@ collect_mru_list(
|
||||
have_addr_older = FALSE;
|
||||
have_last_older = FALSE;
|
||||
while (!qres && nextvar(&rsize, &rdata, &tag, &val)) {
|
||||
INSIST(tag && val);
|
||||
if (debug > 1)
|
||||
fprintf(stderr, "nextvar gave: %s = %s\n",
|
||||
tag, val);
|
||||
@ -3391,11 +3408,9 @@ ifstats(
|
||||
fields = 0;
|
||||
ui = 0;
|
||||
while (nextvar(&dsize, &datap, &tag, &val)) {
|
||||
INSIST(tag && val);
|
||||
if (debug > 1)
|
||||
fprintf(stderr, "nextvar gave: %s = %s\n", tag,
|
||||
(NULL == val)
|
||||
? ""
|
||||
: val);
|
||||
fprintf(stderr, "nextvar gave: %s = %s\n", tag, val);
|
||||
comprende = FALSE;
|
||||
switch(tag[0]) {
|
||||
|
||||
@ -3407,7 +3422,7 @@ ifstats(
|
||||
|
||||
case 'b':
|
||||
if (1 == sscanf(tag, bcast_fmt, &ui) &&
|
||||
(NULL == val ||
|
||||
('\0' == *val ||
|
||||
decodenetnum(val, &row.bcast)))
|
||||
comprende = TRUE;
|
||||
break;
|
||||
@ -3433,7 +3448,6 @@ ifstats(
|
||||
case 'n':
|
||||
if (1 == sscanf(tag, name_fmt, &ui)) {
|
||||
/* strip quotes */
|
||||
INSIST(val);
|
||||
len = strlen(val);
|
||||
if (len >= 2 &&
|
||||
len - 2 < sizeof(row.name)) {
|
||||
@ -3607,11 +3621,9 @@ reslist(
|
||||
fields = 0;
|
||||
ui = 0;
|
||||
while (nextvar(&dsize, &datap, &tag, &val)) {
|
||||
INSIST(tag && val);
|
||||
if (debug > 1)
|
||||
fprintf(stderr, "nextvar gave: %s = %s\n", tag,
|
||||
(NULL == val)
|
||||
? ""
|
||||
: val);
|
||||
fprintf(stderr, "nextvar gave: %s = %s\n", tag, val);
|
||||
comprende = FALSE;
|
||||
switch(tag[0]) {
|
||||
|
||||
@ -3718,8 +3730,7 @@ collect_display_vdc(
|
||||
* the retrieved values.
|
||||
*/
|
||||
while (nextvar(&rsize, &rdata, &tag, &val)) {
|
||||
if (NULL == val)
|
||||
continue;
|
||||
INSIST(tag && val);
|
||||
n = 0;
|
||||
for (pvdc = table; pvdc->tag != NULL; pvdc++) {
|
||||
len = strlen(pvdc->tag);
|
||||
@ -3944,9 +3955,9 @@ monstats(
|
||||
)
|
||||
{
|
||||
static vdc monstats_vdc[] = {
|
||||
VDC_INIT("mru_enabled", "enabled: ", NTP_STR),
|
||||
VDC_INIT("mru_enabled", "enabled: ", NTP_STR),
|
||||
VDC_INIT("mru_depth", "addresses: ", NTP_STR),
|
||||
VDC_INIT("mru_deepest", "peak addresses: ", NTP_STR),
|
||||
VDC_INIT("mru_deepest", "peak addresses: ", NTP_STR),
|
||||
VDC_INIT("mru_maxdepth", "maximum addresses: ", NTP_STR),
|
||||
VDC_INIT("mru_mindepth", "reclaim above count:", NTP_STR),
|
||||
VDC_INIT("mru_maxage", "reclaim older than: ", NTP_STR),
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpq 1ntpqman "27 Feb 2018" "4.2.8p11" "User Commands"
|
||||
.TH ntpq 1ntpqman "14 Aug 2018" "4.2.8p12" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-D4aGRT/ag-Q4ayQT)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-_XaWRE/ag-lYaOQE)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:15:22 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:29:58 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpq-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd February 27 2018
|
||||
.Dd August 14 2018
|
||||
.Dt NTPQ 1ntpqmdoc User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed February 27, 2018 at 05:15:28 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed August 14, 2018 at 08:30:05 AM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpq-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -44,7 +44,7 @@ monitor the operational status
|
||||
and determine the performance of
|
||||
<code>ntpd</code>, the NTP daemon.
|
||||
|
||||
<p>This document applies to version 4.2.8p11 of <code>ntpq</code>.
|
||||
<p>This document applies to version 4.2.8p12 of <code>ntpq</code>.
|
||||
|
||||
<ul class="menu">
|
||||
<li><a accesskey="1" href="#ntpq-Description">ntpq Description</a>
|
||||
@ -855,7 +855,7 @@ the usage text by passing it through a pager program.
|
||||
used to select the program, defaulting to <span class="file">more</span>. Both will exit
|
||||
with a status code of 0.
|
||||
|
||||
<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p10
|
||||
<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p11
|
||||
Usage: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]
|
||||
Flg Arg Option-Name Description
|
||||
-4 no ipv4 Force IPv4 name resolution
|
||||
@ -1284,7 +1284,7 @@ The password must correspond to the key ID configured in <code>ntp.conf</code> f
|
||||
|
||||
<br><dt><code><a name="raw"></a> raw</code><dd>Display server messages as received and without reformatting.
|
||||
|
||||
<br><dt><code><a name="timeout"></a> timeout </code><kbd>millseconds</kbd><dd>Specify a timeout period for responses to server queries.
|
||||
<br><dt><code><a name="timeout"></a> timeout </code><kbd>milliseconds</kbd><dd>Specify a timeout period for responses to server queries.
|
||||
The default is about 5000 milliseconds.
|
||||
Note that since <code>ntpq</code> retries each query once after a timeout
|
||||
the total waiting time for a timeout will be twice the timeout value set.
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user