MFV ntp-4.2.8p4 (r289715)
Security: VuXML: c4a18a12-77fc-11e5-a687-206a8a720317 Security: CVE-2015-7871 Security: CVE-2015-7855 Security: CVE-2015-7854 Security: CVE-2015-7853 Security: CVE-2015-7852 Security: CVE-2015-7851 Security: CVE-2015-7850 Security: CVE-2015-7849 Security: CVE-2015-7848 Security: CVE-2015-7701 Security: CVE-2015-7703 Security: CVE-2015-7704, CVE-2015-7705 Security: CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 Security: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner Sponsored by: Nginx, Inc.
This commit is contained in:
commit
9034852c84
@ -1,4 +1,159 @@
|
||||
---
|
||||
(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org>
|
||||
(4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
* [Sec 2899] CVE-2014-9297 perlinger@ntp.org
|
||||
* [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.
|
||||
Danny Mayer. Log incoming packets that fail TEST2. Harlan Stenn.
|
||||
* [Sec 2902] configuration directives "pidfile" and "driftfile"
|
||||
should be local-only. perlinger@ntp.org (patch by Miroslav Lichvar)
|
||||
* [Sec 2909] added missing call to 'free()' in ntp_crypto.c. perlinger@ntp.org
|
||||
* [Sec 2913] TALOS-CAN-0052: crash by loop counter underrun. perlinger@ntp.org
|
||||
* [Sec 2916] TALOS-CAN-0054: memory corruption in password store. JPerlinger
|
||||
* [Sec 2917] TALOS-CAN-0055: Infinite loop if extended logging enabled and
|
||||
the logfile and keyfile are the same. perlinger@ntp.org
|
||||
* [Sec 1918] TALOS-CAN-0062: prevent directory traversal for VMS, too, when
|
||||
using 'saveconfig' command. perlinger@ntp.org
|
||||
* [Bug 2919] TALOS-CAN-0063: avoid buffer overrun in ntpq. perlinger@ntp.org
|
||||
* [Sec 2020] TALOS-CAN-0064: signed/unsiged clash could lead to buffer overun
|
||||
and memory corruption. perlinger@ntp.org
|
||||
* [Sec 2921] TALOS-CAN-0065: password length memory corruption. JPerlinger.
|
||||
* [Sec 2922] decodenetnum() will ASSERT botch instead of returning FAIL
|
||||
on some bogus values. Harlan Stenn.
|
||||
* [Sec 2941] NAK to the Future: Symmetric association authentication
|
||||
bypass via crypto-NAK. Patch applied. perlinger@ntp.org
|
||||
* [Bug 2332] (reopened) Exercise thread cancellation once before dropping
|
||||
privileges and limiting resources in NTPD removes the need to link
|
||||
forcefully against 'libgcc_s' which does not always work. J.Perlinger
|
||||
* [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn.
|
||||
* [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
|
||||
* [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn.
|
||||
* [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org
|
||||
* [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn.
|
||||
* [Bug 2849] Systems with more than one default route may never
|
||||
synchronize. Brian Utterback. Note that this patch might need to
|
||||
be reverted once Bug 2043 has been fixed.
|
||||
* [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger
|
||||
* [Bug 2866] segmentation fault at initgroups(). Harlan Stenn.
|
||||
* [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
|
||||
* [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn
|
||||
* [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn
|
||||
* [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must
|
||||
be configured for the distribution targets. Harlan Stenn.
|
||||
* [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
|
||||
* [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
|
||||
* [Bug 2888] streamline calendar functions. perlinger@ntp.org
|
||||
* [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
|
||||
* [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
|
||||
* [Bug 2906] make check needs better support for pthreads. Harlan Stenn.
|
||||
* [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn.
|
||||
* [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn.
|
||||
* libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn.
|
||||
* Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn.
|
||||
* tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn.
|
||||
* Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn.
|
||||
* On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
|
||||
* top_srcdir can change based on ntp v. sntp. Harlan Stenn.
|
||||
* sntp/tests/ function parameter list cleanup. Damir Tomić.
|
||||
* tests/libntp/ function parameter list cleanup. Damir Tomić.
|
||||
* tests/ntpd/ function parameter list cleanup. Damir Tomić.
|
||||
* sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn.
|
||||
* sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn.
|
||||
* tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić.
|
||||
* tests/libntp/ improvements in code and fixed error printing. Damir Tomić.
|
||||
* tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
|
||||
caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
|
||||
formatting; first declaration, then code (C90); deleted unnecessary comments;
|
||||
changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich
|
||||
* tests/libntp/lfpfunc.c remove unnecessary include, remove old comments,
|
||||
fix formatting, cleanup. Tomasz Flendrich
|
||||
* tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting.
|
||||
Tomasz Flendrich
|
||||
* tests/libntp/statestr.c remove empty functions, remove unnecessary include,
|
||||
fix formatting. Tomasz Flendrich
|
||||
* tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich
|
||||
* tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting.
|
||||
* tests/libntp/ymd3yd.c removed an empty function and an unnecessary include,
|
||||
fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/timespecops.c fixed formatting, fixed the order of includes,
|
||||
removed unnecessary comments, cleanup. Tomasz Flendrich
|
||||
* tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary
|
||||
comments, cleanup. Tomasz Flendrich
|
||||
* tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting.
|
||||
Tomasz Flendrich
|
||||
* tests/libntp/lfptest.h cleanup. Tomasz Flendrich
|
||||
* tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
|
||||
* sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* sntp/tests/kodDatabase.c added consts, deleted empty function,
|
||||
fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/packetHandling.c is now using proper Unity's assertions,
|
||||
fixed formatting, deleted unused variable. Tomasz Flendrich
|
||||
* sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* sntp/tests/packetProcessing.c changed from sprintf to snprintf,
|
||||
fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/utilities.c is now using proper Unity's assertions, changed
|
||||
the order of includes, fixed formatting, removed unnecessary comments.
|
||||
Tomasz Flendrich
|
||||
* sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem,
|
||||
made one function do its job, deleted unnecessary prints, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* sntp/unity/Makefile.am added a missing header. Tomasz Flendrich
|
||||
* sntp/unity/unity_config.h: Distribute it. Harlan Stenn.
|
||||
* sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
|
||||
* sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn.
|
||||
* sntp/unity/unity.c: Clean up a printf(). Harlan Stenn.
|
||||
* Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn.
|
||||
* Don't build sntp/libevent/sample/. Harlan Stenn.
|
||||
* tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
|
||||
* br-flock: --enable-local-libevent. Harlan Stenn.
|
||||
* Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich
|
||||
* scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
|
||||
* Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn.
|
||||
* Code cleanup. Harlan Stenn.
|
||||
* libntp/icom.c: Typo fix. Harlan Stenn.
|
||||
* util/ntptime.c: initialization nit. Harlan Stenn.
|
||||
* ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn.
|
||||
* Add std_unity_tests to various Makefile.am files. Harlan Stenn.
|
||||
* ntpd/ntp_restrict.c: added a few assertions, created tests for this file.
|
||||
Tomasz Flendrich
|
||||
* Changed progname to be const in many files - now it's consistent. Tomasz
|
||||
Flendrich
|
||||
* Typo fix for GCC warning suppression. Harlan Stenn.
|
||||
* Added tests/ntpd/ntp_scanner.c test. Damir Tomić.
|
||||
* Added declarations to all Unity tests, and did minor fixes to them.
|
||||
Reduced the number of warnings by half. Damir Tomić.
|
||||
* Updated generate_test_runner.rb and updated the sntp/unity/auto directory
|
||||
with the latest Unity updates from Mark. Damir Tomić.
|
||||
* Retire google test - phase I. Harlan Stenn.
|
||||
* Unity test cleanup: move declaration of 'initializing'. Harlan Stenn.
|
||||
* Update the NEWS file. Harlan Stenn.
|
||||
* Autoconf cleanup. Harlan Stenn.
|
||||
* Unit test dist cleanup. Harlan Stenn.
|
||||
* Cleanup various test Makefile.am files. Harlan Stenn.
|
||||
* Pthread autoconf macro cleanup. Harlan Stenn.
|
||||
* Fix progname definition in unity runner scripts. Harlan Stenn.
|
||||
* Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn.
|
||||
* Update the patch for bug 2817. Harlan Stenn.
|
||||
* More updates for bug 2817. Harlan Stenn.
|
||||
* Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn.
|
||||
* gcc on older HPUX may need +allowdups. Harlan Stenn.
|
||||
* Adding missing MCAST protection. Harlan Stenn.
|
||||
* Disable certain test programs on certain platforms. Harlan Stenn.
|
||||
* Implement --enable-problem-tests (on by default). Harlan Stenn.
|
||||
* build system tweaks. Harlan Stenn.
|
||||
---
|
||||
(4.2.8p3) 2015/06/29 Released by Harlan Stenn <stenn@ntp.org>
|
||||
|
||||
* [Sec 2853] Crafted remote config packet can crash some versions of
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,2 +0,0 @@
|
||||
*ports
|
||||
*html/pic
|
@ -1,55 +0,0 @@
|
||||
# ex:ts=8
|
||||
#
|
||||
# $FreeBSD$
|
||||
|
||||
NTP 4.2.8
|
||||
originals can be found on http://www.ntp.org/downloads.html
|
||||
|
||||
Import
|
||||
------
|
||||
|
||||
For the import of NTP the following files were removed:
|
||||
|
||||
ports/* NT files
|
||||
html/pic/* GIF files
|
||||
html/build/hints/solaris.xtra.4095849 Trigger merge conflict script
|
||||
|
||||
The stripped down version was created using FREEBSD-Xlist during
|
||||
extraction:
|
||||
|
||||
tar -X FREEBSD-Xlist -xvzf ntp-4.2.8.tar.gz
|
||||
mv ntp-4.2.8 4.2.8
|
||||
|
||||
Imported by:
|
||||
See procedure on
|
||||
https://www.freebsd.org/doc/en_US.ISO8859-1/articles/committers-guide/subversion-primer.html
|
||||
|
||||
Updating usr.sbin/ntp
|
||||
---------------------
|
||||
|
||||
./configure --disable-all-clocks --enable-NMEA --enable-ONCORE
|
||||
--enable-RAWDCF --with-crypto --disable-debugging
|
||||
--enable-LOCAL-CLOCK --with-sntp --with-arlib --prefix=/usr
|
||||
|
||||
config.h was generated by running configure and excluding almost all clock
|
||||
drivers (what is included is DCF77 -- what I use --, NMEA, Motorola OnCORE
|
||||
and local clocks).
|
||||
|
||||
The file is then edited to edit the value of "NO_PARENB_IGNPAR" because we
|
||||
need to set no parity on the serial port (needed for DCF77). All clock
|
||||
drivers are then disabled (some of them are included by default by ntpd).
|
||||
|
||||
Note that there are two #ifdef to support other architectures (WRT to long
|
||||
size and endianness). They'll need to be redone for each upgrade to the
|
||||
vendor branch to keep config.h in sync.
|
||||
|
||||
ntpd/ntp_control.c is now the only file that is different from the vendor
|
||||
branch for unsigned char/int fixes and removal of a DoS.
|
||||
|
||||
Documentation in /usr/share/doc/ntp is generated from the HTML files with
|
||||
lynx (without the GIF files of course).
|
||||
|
||||
A patch to fix IPV6_MULTICAST_LOOP was committed to head as r222444 and
|
||||
filed as http://bugs.ntp.org/show_bug.cgi?id=1936. Check if still needed
|
||||
or re-apply on update.
|
||||
|
@ -23,7 +23,7 @@ SUBDIRS = \
|
||||
tests \
|
||||
$(NULL)
|
||||
|
||||
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp
|
||||
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp --enable-local-libevent $(NTP_DCF)
|
||||
|
||||
EXTRA_DIST = \
|
||||
$(srcdir)/COPYRIGHT \
|
||||
|
@ -115,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -262,6 +263,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -270,6 +272,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -331,6 +334,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
@ -539,7 +543,7 @@ SUBDIRS = \
|
||||
tests \
|
||||
$(NULL)
|
||||
|
||||
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp
|
||||
DISTCHECK_CONFIGURE_FLAGS = -C --with-sntp --enable-local-libevent $(NTP_DCF)
|
||||
EXTRA_DIST = \
|
||||
$(srcdir)/COPYRIGHT \
|
||||
ChangeLog \
|
||||
|
495
contrib/ntp/NEWS
495
contrib/ntp/NEWS
@ -1,3 +1,498 @@
|
||||
---
|
||||
NTP 4.2.8p4
|
||||
|
||||
Focus: Security, Bug fies, enhancements.
|
||||
|
||||
Severity: MEDIUM
|
||||
|
||||
In addition to bug fixes and enhancements, this release fixes the
|
||||
following 13 low- and medium-severity vulnerabilities:
|
||||
|
||||
* Incomplete vallen (value length) checks in ntp_crypto.c, leading
|
||||
to potential crashes or potential code injection/information leakage.
|
||||
|
||||
References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
|
||||
and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6
|
||||
Summary: The fix for CVE-2014-9750 was incomplete in that there were
|
||||
certain code paths where a packet with particular autokey operations
|
||||
that contained malicious data was not always being completely
|
||||
validated. Receipt of these packets can cause ntpd to crash.
|
||||
Mitigation:
|
||||
Don't use autokey.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Tenable Network Security.
|
||||
|
||||
* Clients that receive a KoD should validate the origin timestamp field.
|
||||
|
||||
References: Sec 2901 / CVE-2015-7704, CVE-2015-7705
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
|
||||
and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst
|
||||
Summary: An ntpd client that honors Kiss-of-Death responses will honor
|
||||
KoD messages that have been forged by an attacker, causing it to
|
||||
delay or stop querying its servers for time updates. Also, an
|
||||
attacker can forge packets that claim to be from the target and
|
||||
send them to servers often enough that a server that implements
|
||||
KoD rate limiting will send the target machine a KoD response to
|
||||
attempt to reduce the rate of incoming packets, or it may also
|
||||
trigger a firewall block at the server for packets from the target
|
||||
machine. For either of these attacks to succeed, the attacker must
|
||||
know what servers the target is communicating with. An attacker
|
||||
can be anywhere on the Internet and can frequently learn the
|
||||
identity of the target's time source by sending the target a
|
||||
time query.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download Page
|
||||
or the NTP Public Services Project Download Page
|
||||
If you can't upgrade, restrict who can query ntpd to learn who
|
||||
its servers are, and what IPs are allowed to ask your system
|
||||
for the time. This mitigation is heavy-handed.
|
||||
Monitor your ntpd instances.
|
||||
Note:
|
||||
4.2.8p4 protects against the first attack. For the second attack,
|
||||
all we can do is warn when it is happening, which we do in 4.2.8p4.
|
||||
Credit: This weakness was discovered by Aanchal Malhotra,
|
||||
Issac E. Cohen, and Sharon Goldberg of Boston University.
|
||||
|
||||
* configuration directives to change "pidfile" and "driftfile" should
|
||||
only be allowed locally.
|
||||
|
||||
References: Sec 2902 / CVE-2015-5196
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
|
||||
and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:C/A:C) Base Score: 6.2 worst case
|
||||
Summary: If ntpd is configured to allow for remote configuration,
|
||||
and if the (possibly spoofed) source IP address is allowed to
|
||||
send remote configuration requests, and if the attacker knows
|
||||
the remote configuration password, it's possible for an attacker
|
||||
to use the "pidfile" or "driftfile" directives to potentially
|
||||
overwrite other files.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page
|
||||
If you cannot upgrade, don't enable remote configuration.
|
||||
If you must enable remote configuration and cannot upgrade,
|
||||
remote configuration of NTF's ntpd requires:
|
||||
- an explicitly configured trustedkey, and you should also
|
||||
configure a controlkey.
|
||||
- access from a permitted IP. You choose the IPs.
|
||||
- authentication. Don't disable it. Practice secure key safety.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Miroslav Lichvar of Red Hat.
|
||||
|
||||
* Slow memory leak in CRYPTO_ASSOC
|
||||
|
||||
References: Sec 2909 / CVE-2015-7701
|
||||
Affects: All ntp-4 releases that use autokey up to, but not
|
||||
including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 0.0 best/usual case,
|
||||
4.6 otherwise
|
||||
Summary: If ntpd is configured to use autokey, then an attacker can
|
||||
send packets to ntpd that will, after several days of ongoing
|
||||
attack, cause it to run out of memory.
|
||||
Mitigation:
|
||||
Don't use autokey.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Tenable Network Security.
|
||||
|
||||
* mode 7 loop counter underrun
|
||||
|
||||
References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
|
||||
and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6
|
||||
Summary: If ntpd is configured to enable mode 7 packets, and if the
|
||||
use of mode 7 packets is not properly protected thru the use of
|
||||
the available mode 7 authentication and restriction mechanisms,
|
||||
and if the (possibly spoofed) source IP address is allowed to
|
||||
send mode 7 queries, then an attacker can send a crafted packet
|
||||
to ntpd that will cause it to crash.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
In ntp-4.2.8, mode 7 is disabled by default. Don't enable it.
|
||||
If you must enable mode 7:
|
||||
configure the use of a requestkey to control who can issue
|
||||
mode 7 requests.
|
||||
configure restrict noquery to further limit mode 7 requests
|
||||
to trusted sources.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Aleksandar Nikolic of Cisco Talos.
|
||||
|
||||
* memory corruption in password store
|
||||
|
||||
References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:C/A:C) Base Score: 6.8, worst case
|
||||
Summary: If ntpd is configured to allow remote configuration, and if
|
||||
the (possibly spoofed) source IP address is allowed to send
|
||||
remote configuration requests, and if the attacker knows the
|
||||
remote configuration password or if ntpd was configured to
|
||||
disable authentication, then an attacker can send a set of
|
||||
packets to ntpd that may cause a crash or theoretically
|
||||
perform a code injection attack.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade, remote configuration of NTF's
|
||||
ntpd requires:
|
||||
an explicitly configured "trusted" key. Only configure
|
||||
this if you need it.
|
||||
access from a permitted IP address. You choose the IPs.
|
||||
authentication. Don't disable it. Practice secure key safety.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
|
||||
|
||||
* Infinite loop if extended logging enabled and the logfile and
|
||||
keyfile are the same.
|
||||
|
||||
References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4,
|
||||
and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6, worst case
|
||||
Summary: If ntpd is configured to allow remote configuration, and if
|
||||
the (possibly spoofed) source IP address is allowed to send
|
||||
remote configuration requests, and if the attacker knows the
|
||||
remote configuration password or if ntpd was configured to
|
||||
disable authentication, then an attacker can send a set of
|
||||
packets to ntpd that will cause it to crash and/or create a
|
||||
potentially huge log file. Specifically, the attacker could
|
||||
enable extended logging, point the key file at the log file,
|
||||
and cause what amounts to an infinite loop.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade, remote configuration of NTF's ntpd
|
||||
requires:
|
||||
an explicitly configured "trusted" key. Only configure this
|
||||
if you need it.
|
||||
access from a permitted IP address. You choose the IPs.
|
||||
authentication. Don't disable it. Practice secure key safety.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
|
||||
|
||||
* Potential path traversal vulnerability in the config file saving of
|
||||
ntpd on VMS.
|
||||
|
||||
References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062
|
||||
Affects: All ntp-4 releases running under VMS up to, but not
|
||||
including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:P/A:C) Base Score: 5.2, worst case
|
||||
Summary: If ntpd is configured to allow remote configuration, and if
|
||||
the (possibly spoofed) IP address is allowed to send remote
|
||||
configuration requests, and if the attacker knows the remote
|
||||
configuration password or if ntpd was configured to disable
|
||||
authentication, then an attacker can send a set of packets to
|
||||
ntpd that may cause ntpd to overwrite files.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade, remote configuration of NTF's ntpd
|
||||
requires:
|
||||
an explicitly configured "trusted" key. Only configure
|
||||
this if you need it.
|
||||
access from permitted IP addresses. You choose the IPs.
|
||||
authentication. Don't disable it. Practice key security safety.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
|
||||
|
||||
* ntpq atoascii() potential memory corruption
|
||||
|
||||
References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063
|
||||
Affects: All ntp-4 releases running up to, but not including 4.2.8p4,
|
||||
and 4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:N/C:N/I:P/A:P) Base Score: 4.0, worst case
|
||||
Summary: If an attacker can figure out the precise moment that ntpq
|
||||
is listening for data and the port number it is listening on or
|
||||
if the attacker can provide a malicious instance ntpd that
|
||||
victims will connect to then an attacker can send a set of
|
||||
crafted mode 6 response packets that, if received by ntpq,
|
||||
can cause ntpq to crash.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade and you run ntpq against a server
|
||||
and ntpq crashes, try again using raw mode. Build or get a
|
||||
patched ntpq and see if that fixes the problem. Report new
|
||||
bugs in ntpq or abusive servers appropriately.
|
||||
If you use ntpq in scripts, make sure ntpq does what you expect
|
||||
in your scripts.
|
||||
Credit: This weakness was discovered by Yves Younan and
|
||||
Aleksander Nikolich of Cisco Talos.
|
||||
|
||||
* Invalid length data provided by a custom refclock driver could cause
|
||||
a buffer overflow.
|
||||
|
||||
References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064
|
||||
Affects: Potentially all ntp-4 releases running up to, but not
|
||||
including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
|
||||
that have custom refclocks
|
||||
CVSS: (AV:L/AC:H/Au:M/C:C/I:C/A:C) Base Score: 0.0 usual case,
|
||||
5.9 unusual worst case
|
||||
Summary: A negative value for the datalen parameter will overflow a
|
||||
data buffer. NTF's ntpd driver implementations always set this
|
||||
value to 0 and are therefore not vulnerable to this weakness.
|
||||
If you are running a custom refclock driver in ntpd and that
|
||||
driver supplies a negative value for datalen (no custom driver
|
||||
of even minimal competence would do this) then ntpd would
|
||||
overflow a data buffer. It is even hypothetically possible
|
||||
in this case that instead of simply crashing ntpd the attacker
|
||||
could effect a code injection attack.
|
||||
Mitigation:
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
If you are running custom refclock drivers, make sure
|
||||
the signed datalen value is either zero or positive.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Yves Younan of Cisco Talos.
|
||||
|
||||
* Password Length Memory Corruption Vulnerability
|
||||
|
||||
References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
|
||||
4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:C/I:C/A:C) Base Score: 0.0 best case,
|
||||
1.7 usual case, 6.8, worst case
|
||||
Summary: If ntpd is configured to allow remote configuration, and if
|
||||
the (possibly spoofed) source IP address is allowed to send
|
||||
remote configuration requests, and if the attacker knows the
|
||||
remote configuration password or if ntpd was (foolishly)
|
||||
configured to disable authentication, then an attacker can
|
||||
send a set of packets to ntpd that may cause it to crash,
|
||||
with the hypothetical possibility of a small code injection.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade, remote configuration of NTF's
|
||||
ntpd requires:
|
||||
an explicitly configured "trusted" key. Only configure
|
||||
this if you need it.
|
||||
access from a permitted IP address. You choose the IPs.
|
||||
authentication. Don't disable it. Practice secure key safety.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Yves Younan and
|
||||
Aleksander Nikolich of Cisco Talos.
|
||||
|
||||
* decodenetnum() will ASSERT botch instead of returning FAIL on some
|
||||
bogus values.
|
||||
|
||||
References: Sec 2922 / CVE-2015-7855
|
||||
Affects: All ntp-4 releases up to, but not including 4.2.8p4, and
|
||||
4.3.0 up to, but not including 4.3.77
|
||||
CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6, worst case
|
||||
Summary: If ntpd is fed a crafted mode 6 or mode 7 packet containing
|
||||
an unusually long data value where a network address is expected,
|
||||
the decodenetnum() function will abort with an assertion failure
|
||||
instead of simply returning a failure condition.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
mode 7 is disabled by default. Don't enable it.
|
||||
Use restrict noquery to limit who can send mode 6
|
||||
and mode 7 requests.
|
||||
Configure and use the controlkey and requestkey
|
||||
authentication directives to limit who can
|
||||
send mode 6 and mode 7 requests.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by John D "Doug" Birdwell of IDA.org.
|
||||
|
||||
* NAK to the Future: Symmetric association authentication bypass via
|
||||
crypto-NAK.
|
||||
|
||||
References: Sec 2941 / CVE-2015-7871
|
||||
Affects: All ntp-4 releases between 4.2.5p186 up to but not including
|
||||
4.2.8p4, and 4.3.0 up to but not including 4.3.77
|
||||
CVSS: (AV:N/AC:L/Au:N/C:N/I:P/A:P) Base Score: 6.4
|
||||
Summary: Crypto-NAK packets can be used to cause ntpd to accept time
|
||||
from unauthenticated ephemeral symmetric peers by bypassing the
|
||||
authentication required to mobilize peer associations. This
|
||||
vulnerability appears to have been introduced in ntp-4.2.5p186
|
||||
when the code handling mobilization of new passive symmetric
|
||||
associations (lines 1103-1165) was refactored.
|
||||
Mitigation:
|
||||
Implement BCP-38.
|
||||
Upgrade to 4.2.8p4, or later, from the NTP Project Download
|
||||
Page or the NTP Public Services Project Download Page.
|
||||
If you are unable to upgrade:
|
||||
Apply the patch to the bottom of the "authentic" check
|
||||
block around line 1136 of ntp_proto.c.
|
||||
Monitor your ntpd instances.
|
||||
Credit: This weakness was discovered by Stephen Gray <stepgray@cisco.com>.
|
||||
|
||||
Backward-Incompatible changes:
|
||||
* [Bug 2817] Default on Linux is now "rlimit memlock -1".
|
||||
While the general default of 32M is still the case, under Linux
|
||||
the default value has been changed to -1 (do not lock ntpd into
|
||||
memory). A value of 0 means "lock ntpd into memory with whatever
|
||||
memory it needs." If your ntp.conf file has an explicit "rlimit memlock"
|
||||
value in it, that value will continue to be used.
|
||||
|
||||
* [Bug 2886] Misspelling: "outlyer" should be "outlier".
|
||||
If you've written a script that looks for this case in, say, the
|
||||
output of ntpq, you probably want to change your regex matches
|
||||
from 'outlyer' to 'outl[iy]er'.
|
||||
|
||||
New features in this release:
|
||||
* 'rlimit memlock' now has finer-grained control. A value of -1 means
|
||||
"don't lock ntpd into memore". This is the default for Linux boxes.
|
||||
A value of 0 means "lock ntpd into memory" with no limits. Otherwise
|
||||
the value is the number of megabytes of memory to lock. The default
|
||||
is 32 megabytes.
|
||||
|
||||
* The old Google Test framework has been replaced with a new framework,
|
||||
based on http://www.throwtheswitch.org/unity/ .
|
||||
|
||||
Bug Fixes and Improvements:
|
||||
* [Bug 2332] (reopened) Exercise thread cancellation once before dropping
|
||||
privileges and limiting resources in NTPD removes the need to link
|
||||
forcefully against 'libgcc_s' which does not always work. J.Perlinger
|
||||
* [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn.
|
||||
* [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn.
|
||||
* [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn.
|
||||
* [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org
|
||||
* [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn.
|
||||
* [Bug 2849] Systems with more than one default route may never
|
||||
synchronize. Brian Utterback. Note that this patch might need to
|
||||
be reverted once Bug 2043 has been fixed.
|
||||
* [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger
|
||||
* [Bug 2866] segmentation fault at initgroups(). Harlan Stenn.
|
||||
* [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger
|
||||
* [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn
|
||||
* [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn
|
||||
* [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must
|
||||
be configured for the distribution targets. Harlan Stenn.
|
||||
* [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar.
|
||||
* [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org
|
||||
* [Bug 2888] streamline calendar functions. perlinger@ntp.org
|
||||
* [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org
|
||||
* [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov.
|
||||
* [Bug 2906] make check needs better support for pthreads. Harlan Stenn.
|
||||
* [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn.
|
||||
* [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn.
|
||||
* libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn.
|
||||
* Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn.
|
||||
* tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn.
|
||||
* Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn.
|
||||
* On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn.
|
||||
* top_srcdir can change based on ntp v. sntp. Harlan Stenn.
|
||||
* sntp/tests/ function parameter list cleanup. Damir Tomić.
|
||||
* tests/libntp/ function parameter list cleanup. Damir Tomić.
|
||||
* tests/ntpd/ function parameter list cleanup. Damir Tomić.
|
||||
* sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn.
|
||||
* sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn.
|
||||
* tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić.
|
||||
* tests/libntp/ improvements in code and fixed error printing. Damir Tomić.
|
||||
* tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c,
|
||||
caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed
|
||||
formatting; first declaration, then code (C90); deleted unnecessary comments;
|
||||
changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich
|
||||
* tests/libntp/lfpfunc.c remove unnecessary include, remove old comments,
|
||||
fix formatting, cleanup. Tomasz Flendrich
|
||||
* tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting.
|
||||
Tomasz Flendrich
|
||||
* tests/libntp/statestr.c remove empty functions, remove unnecessary include,
|
||||
fix formatting. Tomasz Flendrich
|
||||
* tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich
|
||||
* tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting.
|
||||
* tests/libntp/ymd3yd.c removed an empty function and an unnecessary include,
|
||||
fixed formatting. Tomasz Flendrich
|
||||
* tests/libntp/timespecops.c fixed formatting, fixed the order of includes,
|
||||
removed unnecessary comments, cleanup. Tomasz Flendrich
|
||||
* tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary
|
||||
comments, cleanup. Tomasz Flendrich
|
||||
* tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting.
|
||||
Tomasz Flendrich
|
||||
* tests/libntp/lfptest.h cleanup. Tomasz Flendrich
|
||||
* tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich
|
||||
* sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* sntp/tests/kodDatabase.c added consts, deleted empty function,
|
||||
fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/packetHandling.c is now using proper Unity's assertions,
|
||||
fixed formatting, deleted unused variable. Tomasz Flendrich
|
||||
* sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* sntp/tests/packetProcessing.c changed from sprintf to snprintf,
|
||||
fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/utilities.c is now using proper Unity's assertions, changed
|
||||
the order of includes, fixed formatting, removed unnecessary comments.
|
||||
Tomasz Flendrich
|
||||
* sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich
|
||||
* sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem,
|
||||
made one function do its job, deleted unnecessary prints, fixed formatting.
|
||||
Tomasz Flendrich
|
||||
* sntp/unity/Makefile.am added a missing header. Tomasz Flendrich
|
||||
* sntp/unity/unity_config.h: Distribute it. Harlan Stenn.
|
||||
* sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn.
|
||||
* sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn.
|
||||
* sntp/unity/unity.c: Clean up a printf(). Harlan Stenn.
|
||||
* Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn.
|
||||
* Don't build sntp/libevent/sample/. Harlan Stenn.
|
||||
* tests/libntp/test_caltontp needs -lpthread. Harlan Stenn.
|
||||
* br-flock: --enable-local-libevent. Harlan Stenn.
|
||||
* Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich
|
||||
* scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn.
|
||||
* Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn.
|
||||
* Code cleanup. Harlan Stenn.
|
||||
* libntp/icom.c: Typo fix. Harlan Stenn.
|
||||
* util/ntptime.c: initialization nit. Harlan Stenn.
|
||||
* ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn.
|
||||
* Add std_unity_tests to various Makefile.am files. Harlan Stenn.
|
||||
* ntpd/ntp_restrict.c: added a few assertions, created tests for this file.
|
||||
Tomasz Flendrich
|
||||
* Changed progname to be const in many files - now it's consistent. Tomasz
|
||||
Flendrich
|
||||
* Typo fix for GCC warning suppression. Harlan Stenn.
|
||||
* Added tests/ntpd/ntp_scanner.c test. Damir Tomić.
|
||||
* Added declarations to all Unity tests, and did minor fixes to them.
|
||||
Reduced the number of warnings by half. Damir Tomić.
|
||||
* Updated generate_test_runner.rb and updated the sntp/unity/auto directory
|
||||
with the latest Unity updates from Mark. Damir Tomić.
|
||||
* Retire google test - phase I. Harlan Stenn.
|
||||
* Unity test cleanup: move declaration of 'initializing'. Harlan Stenn.
|
||||
* Update the NEWS file. Harlan Stenn.
|
||||
* Autoconf cleanup. Harlan Stenn.
|
||||
* Unit test dist cleanup. Harlan Stenn.
|
||||
* Cleanup various test Makefile.am files. Harlan Stenn.
|
||||
* Pthread autoconf macro cleanup. Harlan Stenn.
|
||||
* Fix progname definition in unity runner scripts. Harlan Stenn.
|
||||
* Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn.
|
||||
* Update the patch for bug 2817. Harlan Stenn.
|
||||
* More updates for bug 2817. Harlan Stenn.
|
||||
* Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn.
|
||||
* gcc on older HPUX may need +allowdups. Harlan Stenn.
|
||||
* Adding missing MCAST protection. Harlan Stenn.
|
||||
* Disable certain test programs on certain platforms. Harlan Stenn.
|
||||
* Implement --enable-problem-tests (on by default). Harlan Stenn.
|
||||
* build system tweaks. Harlan Stenn.
|
||||
|
||||
---
|
||||
NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29)
|
||||
|
||||
|
1
contrib/ntp/aclocal.m4
vendored
1
contrib/ntp/aclocal.m4
vendored
@ -1355,6 +1355,7 @@ m4_include([sntp/m4/ntp_lineeditlibs.m4])
|
||||
m4_include([sntp/m4/ntp_locinfo.m4])
|
||||
m4_include([sntp/m4/ntp_openssl.m4])
|
||||
m4_include([sntp/m4/ntp_pkg_config.m4])
|
||||
m4_include([sntp/m4/ntp_problemtests.m4])
|
||||
m4_include([sntp/m4/ntp_prog_cc.m4])
|
||||
m4_include([sntp/m4/ntp_rlimit.m4])
|
||||
m4_include([sntp/m4/ntp_sntp.m4])
|
||||
|
@ -124,6 +124,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -229,6 +230,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -237,6 +239,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -298,6 +301,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -58,7 +58,7 @@ void Exit (int);
|
||||
/* emacs cc-mode goes nuts if we split the next line... */
|
||||
#define tvtod(tv) ((double)tv.tv_sec + ((double)tv.tv_usec / (double)MILLION))
|
||||
|
||||
char *progname = NULL;
|
||||
char const *progname = NULL;
|
||||
int verbose = 0;
|
||||
int sysdebug = 0;
|
||||
static int mqid;
|
||||
|
@ -117,6 +117,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -224,6 +225,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -232,6 +234,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -293,6 +296,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -56,7 +56,7 @@ struct chucode {
|
||||
|
||||
#define STREQ(a, b) (*(a) == *(b) && strcmp((a), (b)) == 0)
|
||||
|
||||
char *progname;
|
||||
char const *progname;
|
||||
|
||||
int dofilter = 0; /* set to 1 when we should run filter algorithm */
|
||||
int showtimes = 0; /* set to 1 when we should show char arrival times */
|
||||
|
@ -117,7 +117,7 @@ int Cflag = 0;
|
||||
int Gflag = 0;
|
||||
int height;
|
||||
|
||||
char *progname;
|
||||
char const *progname;
|
||||
|
||||
static void doit (double, double, double, double, double, char *);
|
||||
static double latlong (char *, int);
|
||||
|
243
contrib/ntp/configure
vendored
243
contrib/ntp/configure
vendored
@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p3.
|
||||
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p4.
|
||||
#
|
||||
# Report bugs to <http://bugs.ntp.org./>.
|
||||
#
|
||||
@ -590,8 +590,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='ntp'
|
||||
PACKAGE_TARNAME='ntp'
|
||||
PACKAGE_VERSION='4.2.8p3'
|
||||
PACKAGE_STRING='ntp 4.2.8p3'
|
||||
PACKAGE_VERSION='4.2.8p4'
|
||||
PACKAGE_STRING='ntp 4.2.8p4'
|
||||
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
|
||||
PACKAGE_URL='http://www.ntp.org./'
|
||||
|
||||
@ -639,6 +639,12 @@ LTLIBOBJS
|
||||
subdirs
|
||||
PERLLIBDIR
|
||||
NTP_KEYSDIR
|
||||
BUILD_TEST_NTP_SIGND_FALSE
|
||||
BUILD_TEST_NTP_SIGND_TRUE
|
||||
BUILD_TEST_NTP_SCANNER_FALSE
|
||||
BUILD_TEST_NTP_SCANNER_TRUE
|
||||
BUILD_TEST_NTP_RESTRICT_FALSE
|
||||
BUILD_TEST_NTP_RESTRICT_TRUE
|
||||
GTEST_AVAILABLE_FALSE
|
||||
GTEST_AVAILABLE_TRUE
|
||||
GTEST_CPPFLAGS
|
||||
@ -689,6 +695,8 @@ PTHREADS_FALSE
|
||||
PTHREADS_TRUE
|
||||
LIBISC_PTHREADS_NOTHREADS
|
||||
PTHREAD_LIBS
|
||||
LTHREAD_LIBS
|
||||
BUILD_THREAD
|
||||
HAVE_INLINE
|
||||
LDADD_LIBUTIL
|
||||
ALLOCA
|
||||
@ -701,6 +709,7 @@ BUILD_LIBEVENT_FALSE
|
||||
BUILD_LIBEVENT_TRUE
|
||||
LDADD_LIBEVENT
|
||||
CPPFLAGS_LIBEVENT
|
||||
CFLAGS_LIBEVENT
|
||||
PKG_CONFIG
|
||||
LIBOPTS_DIR
|
||||
LIBOPTS_CFLAGS
|
||||
@ -1050,6 +1059,7 @@ enable_getifaddrs
|
||||
enable_saveconfig
|
||||
enable_leap_smear
|
||||
with_gtest
|
||||
enable_problem_tests
|
||||
'
|
||||
ac_precious_vars='build_alias
|
||||
host_alias
|
||||
@ -1606,7 +1616,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures ntp 4.2.8p3 to adapt to many kinds of systems.
|
||||
\`configure' configures ntp 4.2.8p4 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@ -1676,7 +1686,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of ntp 4.2.8p3:";;
|
||||
short | recursive ) echo "Configuration of ntp 4.2.8p4:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@ -1724,7 +1734,7 @@ Optional Features and Packages:
|
||||
--enable-libseccomp EXPERIMENTAL: enable support for libseccomp
|
||||
sandboxing (default is no)
|
||||
--with-stack-limit ? =50 (200 for openbsd) 4k pages
|
||||
--with-memlock ? =32 (megabytes)
|
||||
--with-memlock ? =32 (-1 on linux) megabytes
|
||||
--enable-debug-timing - include processing time debugging code (costs
|
||||
performance)
|
||||
--enable-dst-minutes =60 minutes per DST adjustment
|
||||
@ -1821,6 +1831,7 @@ Optional Features and Packages:
|
||||
--enable-saveconfig + saveconfig mechanism
|
||||
--enable-leap-smear - experimental leap smear code
|
||||
--with-gtest Use the gtest framework (Default: if it's available)
|
||||
--enable-problem-tests + enable tests with undiagnosed problems
|
||||
|
||||
Some influential environment variables:
|
||||
CC C compiler command
|
||||
@ -1908,7 +1919,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
ntp configure 4.2.8p3
|
||||
ntp configure 4.2.8p4
|
||||
generated by GNU Autoconf 2.69
|
||||
|
||||
Copyright (C) 2012 Free Software Foundation, Inc.
|
||||
@ -2738,7 +2749,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by ntp $as_me 4.2.8p3, which was
|
||||
It was created by ntp $as_me 4.2.8p4, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
$ $0 $@
|
||||
@ -3117,6 +3128,12 @@ ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
|
||||
ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
|
||||
|
||||
|
||||
ac_ext=c
|
||||
ac_cpp='$CPP $CPPFLAGS'
|
||||
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
|
||||
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
|
||||
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||
|
||||
|
||||
|
||||
|
||||
@ -3733,7 +3750,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='ntp'
|
||||
VERSION='4.2.8p3'
|
||||
VERSION='4.2.8p4'
|
||||
|
||||
|
||||
cat >>confdefs.h <<_ACEOF
|
||||
@ -6768,7 +6785,7 @@ esac
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking additional compiler flags" >&5
|
||||
$as_echo_n "checking additional compiler flags... " >&6; }
|
||||
# allow ntp_os_flags to be preset to skip this stuff
|
||||
# allow ntp_os_cflags to be preset to skip this stuff
|
||||
case "${ntp_os_cflags+set}" in
|
||||
set)
|
||||
;;
|
||||
@ -6856,7 +6873,7 @@ $as_echo_n "checking additional compiler flags... " >&6; }
|
||||
;;
|
||||
esac
|
||||
esac
|
||||
case "$ntp_os_flags" in
|
||||
case "$ntp_os_cflags" in
|
||||
'')
|
||||
ntp_os_cflags_msg="none needed"
|
||||
;;
|
||||
@ -6867,6 +6884,38 @@ $as_echo_n "checking additional compiler flags... " >&6; }
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_os_cflags_msg" >&5
|
||||
$as_echo "$ntp_os_cflags_msg" >&6; }
|
||||
{ ntp_os_cflags_msg=; unset ntp_os_cflags_msg;}
|
||||
###
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking additional linker flags" >&5
|
||||
$as_echo_n "checking additional linker flags... " >&6; }
|
||||
# HMS: The following might still need tweaking
|
||||
# allow ntp_os_ldflags to be preset to skip this stuff
|
||||
case "${ntp_os_ldflags+set}" in
|
||||
set)
|
||||
;;
|
||||
*)
|
||||
ntp_os_ldflags=
|
||||
case "$host_os" in
|
||||
hpux*)
|
||||
case "$GCC" in
|
||||
yes)
|
||||
ntp_os_ldflags="-Wl,+allowdups"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
case "$ntp_os_ldflags" in
|
||||
'')
|
||||
ntp_os_ldflags_msg="none needed"
|
||||
;;
|
||||
*)
|
||||
ntp_os_ldflags_msg="$ntp_os_ldflags"
|
||||
esac
|
||||
LDFLAGS_NTP="$LDFLAGS_NTP $ntp_os_ldflags"
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_os_ldflags_msg" >&5
|
||||
$as_echo "$ntp_os_ldflags_msg" >&6; }
|
||||
{ ntp_os_ldflags_msg=; unset ntp_os_ldflags_msg;}
|
||||
|
||||
|
||||
|
||||
@ -19945,6 +19994,7 @@ ntp_libevent_tearoff=sntp/libevent
|
||||
|
||||
|
||||
|
||||
|
||||
case "$ntp_use_local_libevent" in
|
||||
yes)
|
||||
;;
|
||||
@ -19958,6 +20008,7 @@ $as_echo_n "checking if libevent $ntp_libevent_min_version or later is installed
|
||||
ntp_use_local_libevent=no
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5
|
||||
$as_echo "$as_me: Using the installed libevent" >&6;}
|
||||
CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
|
||||
CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent`
|
||||
# HMS: I hope the following is accurate.
|
||||
# We don't need -levent, we only need -levent_core.
|
||||
@ -19987,6 +20038,9 @@ $as_echo "$as_me: Using the installed libevent" >&6;}
|
||||
$as_echo "yes" >&6; }
|
||||
else
|
||||
ntp_use_local_libevent=yes
|
||||
# HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS
|
||||
# is "pthreads"?
|
||||
CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
|
||||
$as_echo "no" >&6; }
|
||||
fi
|
||||
@ -20012,6 +20066,7 @@ $as_echo "$as_me: Using libevent tearoff" >&6;}
|
||||
esac
|
||||
esac
|
||||
|
||||
|
||||
if test "x$ntp_use_local_libevent" = "xyes"; then
|
||||
BUILD_LIBEVENT_TRUE=
|
||||
BUILD_LIBEVENT_FALSE='#'
|
||||
@ -22941,7 +22996,8 @@ fi
|
||||
|
||||
have_pthreads=no
|
||||
case "$enable_thread_support" in
|
||||
yes)
|
||||
no) ;;
|
||||
*)
|
||||
ol_found_pthreads=no
|
||||
|
||||
|
||||
@ -26358,6 +26414,9 @@ $as_echo "$ol_cv_pthread_lib_lpthreads" >&6; }
|
||||
fi
|
||||
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: ol_link_threads: <$ol_link_threads> ol_link_pthreads <$ol_link_pthreads>" >&5
|
||||
$as_echo "$as_me: ol_link_threads: <$ol_link_threads> ol_link_pthreads <$ol_link_pthreads>" >&6;}
|
||||
|
||||
if test $ol_link_threads != no ; then
|
||||
LTHREAD_LIBS="$LTHREAD_LIBS $ol_link_pthreads"
|
||||
|
||||
@ -27398,6 +27457,10 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
|
||||
ac_compiler_gnu=$ac_cv_c_compiler_gnu
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
case "$ol_found_pthreads" in
|
||||
yes)
|
||||
saved_LIBS="$LIBS"
|
||||
@ -27423,56 +27486,6 @@ done
|
||||
yes)
|
||||
PTHREAD_LIBS="$LTHREAD_LIBS"
|
||||
have_pthreads=yes
|
||||
# Bug 2332: With GCC we need to force a reference to libgcc_s
|
||||
# (if libgcc_s exists) or the combination of
|
||||
# threads + setuid + mlockall does not work on linux because
|
||||
# thread cancellation fails to load libgcc_s with dlopen().
|
||||
# We have to pass this all as linker options to avoid argument
|
||||
# reordering by libtool.
|
||||
case "$GCC$with_gnu_ld" in
|
||||
yesyes)
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for exit in -lgcc_s" >&5
|
||||
$as_echo_n "checking for exit in -lgcc_s... " >&6; }
|
||||
if ${ac_cv_lib_gcc_s_exit+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-lgcc_s $LIBS"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
char exit ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
return exit ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
ac_cv_lib_gcc_s_exit=yes
|
||||
else
|
||||
ac_cv_lib_gcc_s_exit=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gcc_s_exit" >&5
|
||||
$as_echo "$ac_cv_lib_gcc_s_exit" >&6; }
|
||||
if test "x$ac_cv_lib_gcc_s_exit" = xyes; then :
|
||||
PTHREAD_LIBS="$LTHREAD_LIBS -Wl,--no-as-needed,-lgcc_s,--as-needed"
|
||||
fi
|
||||
|
||||
;;
|
||||
esac
|
||||
esac
|
||||
esac
|
||||
esac
|
||||
@ -31236,10 +31249,15 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_rlimit_memlock" >&5
|
||||
$as_echo "$ntp_cv_rlimit_memlock" >&6; }
|
||||
case "$host" in
|
||||
*-*-*linux*)
|
||||
ntp_dflt_rlimit_memlock="-1" ;;
|
||||
*) ntp_dflt_rlimit_memlock="32" ;;
|
||||
esac
|
||||
case "$ntp_cv_rlimit_memlock" in
|
||||
yes)
|
||||
|
||||
HAVE_RLIMIT_MEMLOCK=" memlock 32"
|
||||
HAVE_RLIMIT_MEMLOCK=" memlock $ntp_dflt_rlimit_memlock" ;;
|
||||
esac
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RLIMIT_STACK" >&5
|
||||
@ -31288,8 +31306,6 @@ case "$ntp_cv_rlimit_stack" in
|
||||
HAVE_RLIMIT_STACK=" stacksize 50"
|
||||
esac
|
||||
|
||||
|
||||
|
||||
# HMS: Only if we are doing the MLOCKALL stuff...
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the default number of 4k stack pages" >&5
|
||||
$as_echo_n "checking for the default number of 4k stack pages... " >&6; }
|
||||
@ -31339,7 +31355,7 @@ fi
|
||||
|
||||
case "$ans" in
|
||||
yes | no)
|
||||
ans=32
|
||||
ans=$ntp_dflt_rlimit_memlock
|
||||
;;
|
||||
[1-9][0-9]*) ;;
|
||||
*) as_fn_error $? "\"--with-memlock requires an integer argument.\"" "$LINENO" 5
|
||||
@ -31354,6 +31370,7 @@ _ACEOF
|
||||
|
||||
|
||||
|
||||
|
||||
# some OSes prefer _exit() in forked children to exit()
|
||||
for ac_func in _exit
|
||||
do :
|
||||
@ -36995,6 +37012,81 @@ fi
|
||||
|
||||
|
||||
|
||||
|
||||
case "$build" in
|
||||
$host) cross=0 ;;
|
||||
*) cross=1 ;;
|
||||
esac
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we want to enable tests with undiagnosed problems" >&5
|
||||
$as_echo_n "checking if we want to enable tests with undiagnosed problems... " >&6; }
|
||||
# Check whether --enable-problem-tests was given.
|
||||
if test "${enable_problem_tests+set}" = set; then :
|
||||
enableval=$enable_problem_tests; ntp_ept=$enableval
|
||||
else
|
||||
ntp_ept=yes
|
||||
|
||||
fi
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_ept" >&5
|
||||
$as_echo "$ntp_ept" >&6; }
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can run test-ntp_restrict" >&5
|
||||
$as_echo_n "checking if we can run test-ntp_restrict... " >&6; }
|
||||
ntp_test_ntp_restrict="no"
|
||||
case "$ntp_ept:$cross:$host" in
|
||||
no:0:*-*-solaris*) ;;
|
||||
no:0:*-*-hpux-11.23*) ;;
|
||||
*) ntp_test_ntp_restrict="yes" ;;
|
||||
esac
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_restrict" >&5
|
||||
$as_echo "$ntp_test_ntp_restrict" >&6; }
|
||||
if test x$ntp_test_ntp_restrict = xyes; then
|
||||
BUILD_TEST_NTP_RESTRICT_TRUE=
|
||||
BUILD_TEST_NTP_RESTRICT_FALSE='#'
|
||||
else
|
||||
BUILD_TEST_NTP_RESTRICT_TRUE='#'
|
||||
BUILD_TEST_NTP_RESTRICT_FALSE=
|
||||
fi
|
||||
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can run test-ntp_scanner" >&5
|
||||
$as_echo_n "checking if we can run test-ntp_scanner... " >&6; }
|
||||
ntp_test_ntp_scanner="no"
|
||||
case "$ntp_ept:$cross:$host" in
|
||||
no:0:*-*-solaris*) ;;
|
||||
*) ntp_test_ntp_scanner="yes" ;;
|
||||
esac
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_scanner" >&5
|
||||
$as_echo "$ntp_test_ntp_scanner" >&6; }
|
||||
if test x$ntp_test_ntp_scanner = xyes; then
|
||||
BUILD_TEST_NTP_SCANNER_TRUE=
|
||||
BUILD_TEST_NTP_SCANNER_FALSE='#'
|
||||
else
|
||||
BUILD_TEST_NTP_SCANNER_TRUE='#'
|
||||
BUILD_TEST_NTP_SCANNER_FALSE=
|
||||
fi
|
||||
|
||||
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can run test-ntp_signd" >&5
|
||||
$as_echo_n "checking if we can run test-ntp_signd... " >&6; }
|
||||
ntp_test_ntp_signd="no"
|
||||
case "$ntp_ept:$cross:$host" in
|
||||
no:0:*-*-solaris*) ;;
|
||||
*) ntp_test_ntp_signd="yes" ;;
|
||||
esac
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ntp_test_ntp_signd" >&5
|
||||
$as_echo "$ntp_test_ntp_signd" >&6; }
|
||||
if test x$ntp_test_ntp_signd = xyes; then
|
||||
BUILD_TEST_NTP_SIGND_TRUE=
|
||||
BUILD_TEST_NTP_SIGND_FALSE='#'
|
||||
else
|
||||
BUILD_TEST_NTP_SIGND_TRUE='#'
|
||||
BUILD_TEST_NTP_SIGND_FALSE=
|
||||
fi
|
||||
|
||||
|
||||
|
||||
###
|
||||
|
||||
|
||||
@ -37091,6 +37183,8 @@ ac_config_files="$ac_config_files tests/libntp/Makefile"
|
||||
|
||||
ac_config_files="$ac_config_files tests/ntpd/Makefile"
|
||||
|
||||
ac_config_files="$ac_config_files tests/ntpq/Makefile"
|
||||
|
||||
ac_config_files="$ac_config_files tests/sandbox/Makefile"
|
||||
|
||||
ac_config_files="$ac_config_files tests/sec-2853/Makefile"
|
||||
@ -37333,6 +37427,18 @@ if test -z "${GTEST_AVAILABLE_TRUE}" && test -z "${GTEST_AVAILABLE_FALSE}"; then
|
||||
as_fn_error $? "conditional \"GTEST_AVAILABLE\" was never defined.
|
||||
Usually this means the macro was only invoked conditionally." "$LINENO" 5
|
||||
fi
|
||||
if test -z "${BUILD_TEST_NTP_RESTRICT_TRUE}" && test -z "${BUILD_TEST_NTP_RESTRICT_FALSE}"; then
|
||||
as_fn_error $? "conditional \"BUILD_TEST_NTP_RESTRICT\" was never defined.
|
||||
Usually this means the macro was only invoked conditionally." "$LINENO" 5
|
||||
fi
|
||||
if test -z "${BUILD_TEST_NTP_SCANNER_TRUE}" && test -z "${BUILD_TEST_NTP_SCANNER_FALSE}"; then
|
||||
as_fn_error $? "conditional \"BUILD_TEST_NTP_SCANNER\" was never defined.
|
||||
Usually this means the macro was only invoked conditionally." "$LINENO" 5
|
||||
fi
|
||||
if test -z "${BUILD_TEST_NTP_SIGND_TRUE}" && test -z "${BUILD_TEST_NTP_SIGND_FALSE}"; then
|
||||
as_fn_error $? "conditional \"BUILD_TEST_NTP_SIGND\" was never defined.
|
||||
Usually this means the macro was only invoked conditionally." "$LINENO" 5
|
||||
fi
|
||||
|
||||
: "${CONFIG_STATUS=./config.status}"
|
||||
ac_write_fail=0
|
||||
@ -37730,7 +37836,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by ntp $as_me 4.2.8p3, which was
|
||||
This file was extended by ntp $as_me 4.2.8p4, which was
|
||||
generated by GNU Autoconf 2.69. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@ -37797,7 +37903,7 @@ _ACEOF
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
|
||||
ac_cs_version="\\
|
||||
ntp config.status 4.2.8p3
|
||||
ntp config.status 4.2.8p4
|
||||
configured by $0, generated by GNU Autoconf 2.69,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
@ -38344,6 +38450,7 @@ do
|
||||
"tests/bug-2803/Makefile") CONFIG_FILES="$CONFIG_FILES tests/bug-2803/Makefile" ;;
|
||||
"tests/libntp/Makefile") CONFIG_FILES="$CONFIG_FILES tests/libntp/Makefile" ;;
|
||||
"tests/ntpd/Makefile") CONFIG_FILES="$CONFIG_FILES tests/ntpd/Makefile" ;;
|
||||
"tests/ntpq/Makefile") CONFIG_FILES="$CONFIG_FILES tests/ntpq/Makefile" ;;
|
||||
"tests/sandbox/Makefile") CONFIG_FILES="$CONFIG_FILES tests/sandbox/Makefile" ;;
|
||||
"tests/sec-2853/Makefile") CONFIG_FILES="$CONFIG_FILES tests/sec-2853/Makefile" ;;
|
||||
"util/Makefile") CONFIG_FILES="$CONFIG_FILES util/Makefile" ;;
|
||||
|
@ -11,6 +11,7 @@ AC_INIT(
|
||||
)
|
||||
AC_CONFIG_MACRO_DIR([sntp/m4])
|
||||
AC_CONFIG_AUX_DIR([sntp/libevent/build-aux])
|
||||
AC_LANG([C])
|
||||
|
||||
AC_PRESERVE_HELP_ORDER
|
||||
|
||||
@ -928,60 +929,6 @@ esac
|
||||
|
||||
NTP_RLIMIT_ITEMS
|
||||
|
||||
# HMS: Only if we are doing the MLOCKALL stuff...
|
||||
AC_MSG_CHECKING([for the default number of 4k stack pages])
|
||||
AC_ARG_WITH(
|
||||
[stack-limit],
|
||||
[AS_HELP_STRING(
|
||||
[--with-stack-limit],
|
||||
[? =50 (200 for openbsd) 4k pages]
|
||||
)],
|
||||
[ans=$withval],
|
||||
[ans=yes]
|
||||
)
|
||||
case "$ans" in
|
||||
yes | no)
|
||||
case "$host" in
|
||||
*-*-openbsd*)
|
||||
ans=200
|
||||
;;
|
||||
*) ans=50
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
[[1-9]][[0-9]]*)
|
||||
;;
|
||||
*) AC_MSG_ERROR(["--with-stack-limit requires an integer argument."])
|
||||
;;
|
||||
esac
|
||||
AC_MSG_RESULT([$ans])
|
||||
AC_DEFINE_UNQUOTED([DFLT_RLIMIT_STACK], [$ans],
|
||||
[Default number of 4k pages for RLIMIT_STACK])
|
||||
|
||||
# HMS: only if we have RLIMIT_MEMLOCK
|
||||
AC_MSG_CHECKING([for the default number of megabytes to MEMLOCK])
|
||||
AC_ARG_WITH(
|
||||
[memlock],
|
||||
[AS_HELP_STRING(
|
||||
[--with-memlock],
|
||||
[? =32 (megabytes)]
|
||||
)],
|
||||
[ans=$withval],
|
||||
[ans=yes]
|
||||
)
|
||||
case "$ans" in
|
||||
yes | no)
|
||||
ans=32
|
||||
;;
|
||||
[[1-9]][[0-9]]*) ;;
|
||||
*) AC_MSG_ERROR(["--with-memlock requires an integer argument."])
|
||||
;;
|
||||
esac
|
||||
AC_MSG_RESULT([$ans])
|
||||
AC_DEFINE_UNQUOTED([DFLT_RLIMIT_MEMLOCK], [$ans],
|
||||
[Default number of megabytes for RLIMIT_MEMLOCK])
|
||||
|
||||
|
||||
# some OSes prefer _exit() in forked children to exit()
|
||||
AC_CHECK_FUNCS([_exit])
|
||||
ntp_worker_child_exit=exit
|
||||
@ -4382,6 +4329,8 @@ dnl require a C++ compiler only if we will use gtest, but AC_PROG_CXX
|
||||
dnl can't be conditionalized.
|
||||
NTP_GOOGLETEST
|
||||
|
||||
NTP_PROBLEM_TESTS
|
||||
|
||||
###
|
||||
|
||||
AC_DEFINE_DIR([NTP_KEYSDIR], [sysconfdir],
|
||||
@ -4425,6 +4374,7 @@ AC_CONFIG_FILES([tests/Makefile])
|
||||
AC_CONFIG_FILES([tests/bug-2803/Makefile])
|
||||
AC_CONFIG_FILES([tests/libntp/Makefile])
|
||||
AC_CONFIG_FILES([tests/ntpd/Makefile])
|
||||
AC_CONFIG_FILES([tests/ntpq/Makefile])
|
||||
AC_CONFIG_FILES([tests/sandbox/Makefile])
|
||||
AC_CONFIG_FILES([tests/sec-2853/Makefile])
|
||||
AC_CONFIG_FILES([util/Makefile])
|
||||
|
@ -11,7 +11,7 @@
|
||||
<img src="pic/alice47.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/%7emills/pictures.html">from <i>Alice's Adventures in Wonderland</i>, Lewis Carroll</a>
|
||||
<p>Caterpillar knows all the error codes, which is more than most of us do.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->16-Jul-2014 04:48<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->26-Jul-2015 06:26<!-- #EndDate -->
|
||||
UTC</p>
|
||||
</p>
|
||||
<br clear="left">
|
||||
@ -296,7 +296,7 @@
|
||||
</tr>
|
||||
<tr>
|
||||
<td><tt>3</tt></td>
|
||||
<td><tt>sel_outlyer</tt></td>
|
||||
<td><tt>sel_outlier</tt></td>
|
||||
<td><tt>-</tt></td>
|
||||
<td>discarded by the cluster algorithm</td>
|
||||
</tr>
|
||||
|
@ -11,7 +11,7 @@
|
||||
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
|
||||
<p>We have three, now looking for more.</p>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->29-Jun-2015 05:56<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->23-Sep-2015 10:20<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<br clear="left">
|
||||
<h4>Related Links</h4>
|
||||
@ -105,7 +105,7 @@
|
||||
<dd>
|
||||
<dl>
|
||||
<dt><tt>memlock <i>Nmegabytes</i></tt></dt>
|
||||
<dd>Specify the number of megabytes of memory that can be allocated. Probably only available under Linux, this option is useful when dropping root (the <tt>-i</tt> option). The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.</dd>
|
||||
<dd>Specify the number of megabytes of memory that should be allocated and locked. Probably only available under Linux, this option may be useful when dropping root (the <tt>-i</tt> option). The default is 32 megabytes on non-Linux machines, and -1 under Linux. -1 means "do not lock the process into memory". 0 means "lock whatever memory the process wants into memory".</dd>
|
||||
<dt><tt>stacksize <i>N4kPages</i></tt></dt>
|
||||
<dd>Specifies the maximum size of the process stack on systems with the <tt>mlockall()</tt> function. Defaults to 50 4k pages (200 4k pages in OpenBSD).</dd>
|
||||
<dt><tt>filenum <i>Nfiledescriptors</i></tt></dt>
|
||||
|
@ -7,9 +7,9 @@
|
||||
<link href="scripts/style.css" type="text/css" rel="stylesheet">
|
||||
</head>
|
||||
<body>
|
||||
<h3>Performance Metrics</h3>
|
||||
<h3>Performance Metrics</h3>
|
||||
<p>Last update:
|
||||
<!-- #BeginDate format:En2m -->10-Mar-2014 05:23<!-- #EndDate -->
|
||||
<!-- #BeginDate format:En2m -->26-Jul-2015 06:29<!-- #EndDate -->
|
||||
UTC</p>
|
||||
<h4>Related Links</h4>
|
||||
<script type="text/javascript" language="javascript" src="scripts/special.txt"></script>
|
||||
@ -25,45 +25,45 @@
|
||||
|
||||
<p>This page describes several statistics provided in the NTP specification and reference implementation and how they determine the accuracy and error measured during routine and exceptional operation. These statistics provide the following information.</p>
|
||||
<ul>
|
||||
<li>Nominal estimate of the server clock time relative to the client clock time. This is called <em>clock offset</em> symbolized by the Greek letter θ.</li>
|
||||
<li>Roundtrip system and network delay measured by the on-wire protocol. This is call <em>roundtrip delay</em> symbolized by the Greek letter δ.</li>
|
||||
<li>Potential clock offset error due to the maximum uncorrected system clock frequency error. This is called <em>dispersion</em> symbolized by the Greek letter ε.</li>
|
||||
<li>Expected error, consisting of the root mean square (RMS) nominal clock offset sample differencess in a sliding window of several samples. This is called <em>jitter</em> symbolized by the Greek letter φ.</li>
|
||||
<li>Nominal estimate of the server clock time relative to the client clock time. This is called <em>clock offset</em> symbolized by the Greek letter θ.</li>
|
||||
<li>Roundtrip system and network delay measured by the on-wire protocol. This is call <em>roundtrip delay</em> symbolized by the Greek letter δ.</li>
|
||||
<li>Potential clock offset error due to the maximum uncorrected system clock frequency error. This is called <em>dispersion</em> symbolized by the Greek letter ε.</li>
|
||||
<li>Expected error, consisting of the root mean square (RMS) nominal clock offset sample differencess in a sliding window of several samples. This is called <em>jitter</em> symbolized by the Greek letter φ.</li>
|
||||
</ul>
|
||||
<p> Figure 1 shows how the various measured statistics are collected and compiled to calibrate NTP performance.</p>
|
||||
<div align="center">
|
||||
<img src="pic/stats.gif" alt="gif">
|
||||
<p>Figure 1. Statistics Budget</p>
|
||||
</div>
|
||||
<p>The data represented in boxes labeled Server are contained in fields in packet received from the server. The data represented in boxes labeled Peer are computed by the on-wire protocol, as described below. The algorithms of the box labeled Selection and Combining Algorithms process the peer data to select a system peer. The System box represents summary data inherited from the system peer. These data are available to application programs and dependent downstream clients.</p>
|
||||
<p>The data represented in boxes labeled Server are contained in fields in packet received from the server. The data represented in boxes labeled Peer are computed by the on-wire protocol, as described below. The algorithms of the box labeled Selection and Combining Algorithms process the peer data to select a system peer. The System box represents summary data inherited from the system peer. These data are available to application programs and dependent downstream clients.</p>
|
||||
<h4 id="budget">2. Statistics Summary</h4>
|
||||
<p>Each NTP synchronization source is characterized by the offset θ and delay δ samples measured by the on-wire protocol, as described on the <a href="warp.html">How NTP Works</a> page. In addition, the dispersion ε sample is initialized with the sum of the source precision ρ<sub>R</sub> and the client precision ρ (not shown) as each source packet is received. The dispersion increases at a rate of 15 μs/s after that. For this purpose, the precision is equal to the latency to read the system clock. The offset, delay and dispersion are called the sample statistics.</p>
|
||||
<p>Each NTP synchronization source is characterized by the offset θ and delay δ samples measured by the on-wire protocol, as described on the <a href="warp.html">How NTP Works</a> page. In addition, the dispersion ε sample is initialized with the sum of the source precision ρ<sub>R</sub> and the client precision ρ (not shown) as each source packet is received. The dispersion increases at a rate of 15 μs/s after that. For this purpose, the precision is equal to the latency to read the system clock. The offset, delay and dispersion are called the sample statistics.</p>
|
||||
<blockquote>
|
||||
<p>Note. In very fast networks where the client clock frequency is not within 1 PPM or so of the the server clock frequency, the roundtrip delay may have small negative values. This is usually a temporary condition when the client is first started. When using the roundtrip delay in calculations, negative values are assumed zero.</p>
|
||||
<p>Note. In very fast networks where the client clock frequency is not within 1 PPM or so of the the server clock frequency, the roundtrip delay may have small negative values. This is usually a temporary condition when the client is first started. When using the roundtrip delay in calculations, negative values are assumed zero.</p>
|
||||
</blockquote>
|
||||
<p> In a window of eight (offset, delay, dispersion) samples, the algorithm described on the <a href="filter.html">Clock Filter Algorithm</a> page selects the sample with minimum delay, which generally represents the most accurate offset statistic. The selected offset sample determines the <em>peer offset</em> and <em>peer delay </em>statistics. The <em>peer dispersion</em> is a weighted average of the dispersion samples in the window. These quantities are recalculated as each update is received from the source. Between updates, both the sample dispersion and peer dispersion continue to grow at the same rate, 15 μs/s. Finally, the <em>peer jitter</em> φ is determined as the RMS differences between the offset samples in the window relative to the selected offset sample. The peer statistics are recorded by the <tt>peerstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. Peer variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#peer"><tt>ntpq</tt></a> program.</p>
|
||||
<p> The clock filter algorithm continues to process updates in this way until the source is no longer reachable. Reachability is determined by an eight-bit shift register, which is shifted left by one bit as each poll packet is sent, with 0 replacing the vacated rightmost bit. Each time a valid update is received, the rightmost bit is set to 1. The source is considered reachable if any bit is set to 1 in the register; otherwise, it is considered unreachable. When a source becomes unreachable, a dummy sample with "infinite" dispersion is inserted in the filter window at each poll, thus displacing old samples. This causes the peer dispersion to increase eventually to infinity.</p>
|
||||
<p>The composition of the source population and the system peer selection is redetermined as each update from each source is received. The system peer and system variables are determined as described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The system variables Θ, Δ, Ε and Φ are updated from the system peer variables of the same name and the system stratum set one greater than the system peer stratum. The system statistics are recorded by the <tt>loopstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. System variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#system"><tt>ntpq</tt></a> program.</p>
|
||||
<p>Although it might seem counterintuitive, a cardinal rule in the selection process is, once a sample has been selected by the clock filter algorithm, older samples are no longer selectable. This applies also to the clock select algorithm. Once the peer variables for a source have been selected, older variables of the same or other sources are no longer selectable. The reason for these rules is to limit the time delay in the clock discipline algorithm. This is necessary to preserve the optimum impulse response and thus the risetime and overshoot.</p>
|
||||
<p> In a window of eight (offset, delay, dispersion) samples, the algorithm described on the <a href="filter.html">Clock Filter Algorithm</a> page selects the sample with minimum delay, which generally represents the most accurate offset statistic. The selected offset sample determines the <em>peer offset</em> and <em>peer delay </em>statistics. The <em>peer dispersion</em> is a weighted average of the dispersion samples in the window. These quantities are recalculated as each update is received from the source. Between updates, both the sample dispersion and peer dispersion continue to grow at the same rate, 15 μs/s. Finally, the <em>peer jitter</em> φ is determined as the RMS differences between the offset samples in the window relative to the selected offset sample. The peer statistics are recorded by the <tt>peerstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. Peer variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#peer"><tt>ntpq</tt></a> program.</p>
|
||||
<p> The clock filter algorithm continues to process updates in this way until the source is no longer reachable. Reachability is determined by an eight-bit shift register, which is shifted left by one bit as each poll packet is sent, with 0 replacing the vacated rightmost bit. Each time a valid update is received, the rightmost bit is set to 1. The source is considered reachable if any bit is set to 1 in the register; otherwise, it is considered unreachable. When a source becomes unreachable, a dummy sample with "infinite" dispersion is inserted in the filter window at each poll, thus displacing old samples. This causes the peer dispersion to increase eventually to infinity.</p>
|
||||
<p>The composition of the source population and the system peer selection is redetermined as each update from each source is received. The system peer and system variables are determined as described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page. The system variables Θ, Δ, Ε and Φ are updated from the system peer variables of the same name and the system stratum set one greater than the system peer stratum. The system statistics are recorded by the <tt>loopstats</tt> option of the <a href="monopt.html#filegen"><tt>filegen</tt></a> command. System variables are displayed by the <tt>rv</tt> command of the <a href="ntpq.html#system"><tt>ntpq</tt></a> program.</p>
|
||||
<p>Although it might seem counterintuitive, a cardinal rule in the selection process is, once a sample has been selected by the clock filter algorithm, older samples are no longer selectable. This applies also to the clock select algorithm. Once the peer variables for a source have been selected, older variables of the same or other sources are no longer selectable. The reason for these rules is to limit the time delay in the clock discipline algorithm. This is necessary to preserve the optimum impulse response and thus the risetime and overshoot.</p>
|
||||
<p>This means that not every sample can be used to update the peer variables, and up to seven samples can be ignored between selected samples. This fact has been carefully considered in the discipline algorithm design with due consideration for feedback loop delay and minimum sampling rate. In engineering terms, even if only one sample in eight survives, the resulting sample rate is twice the Nyquist rate at any time constant and poll interval.</p>
|
||||
<h4 id="quality">3. Quality of Service</h4>
|
||||
<p>This section discusses how an NTP client determines the system performance using a peer population including reference clocks and remote servers. This is determined for each peer from two statistics, <em>peer jitter</em> and <em>root distance.</em> Peer jitter is determined from various jitter components as described above. It represents the expected error in determining the clock offset estimate. Root distance represents the maximum error of the estimate due to all causes.</p>
|
||||
<p>The root distance statistic is computed as one-half the <em> root delay</em> of the primary source of time; i.e., the reference clock, plus the <em> root dispersion</em> of that source. The root variables are included in the NTP packet header received from each source. At each update the root delay is recomputed as the sum of the root delay in the packet plus the peer delay, while the root dispersion is recomputed as the sum of the root dispersion in the packet plus the peer dispersion.</p>
|
||||
<p>This section discusses how an NTP client determines the system performance using a peer population including reference clocks and remote servers. This is determined for each peer from two statistics, <em>peer jitter</em> and <em>root distance.</em> Peer jitter is determined from various jitter components as described above. It represents the expected error in determining the clock offset estimate. Root distance represents the maximum error of the estimate due to all causes.</p>
|
||||
<p>The root distance statistic is computed as one-half the <em> root delay</em> of the primary source of time; i.e., the reference clock, plus the <em> root dispersion</em> of that source. The root variables are included in the NTP packet header received from each source. At each update the root delay is recomputed as the sum of the root delay in the packet plus the peer delay, while the root dispersion is recomputed as the sum of the root dispersion in the packet plus the peer dispersion.</p>
|
||||
<blockquote>
|
||||
<p>Note. In order to avoid timing loops, the root distance is adjusted to the maximum of the above computation and a <em>minimum threshold.</em> The minimum threshold defaults to 1 ms, but can be changed according to client preference using the <tt>mindist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command.</p>
|
||||
<p>Note. In order to avoid timing loops, the root distance is adjusted to the maximum of the above computation and a <em>minimum threshold.</em> The minimum threshold defaults to 1 ms, but can be changed according to client preference using the <tt>mindist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command.</p>
|
||||
</blockquote>
|
||||
<p>A source is considered selectable only if its root distance is less than the <em>select threshold</em>, by default 1.5 s, but can be changed according to client preference using the <tt>maxdist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command. When an upstream server loses all sources, its root distance apparent to dependent clients continues to increase. The clients are not aware of this condition and continue to accept synchronization as long as the root distance is less than the select threshold.</p>
|
||||
<p>The root distance statistic is used by the select, cluster and mitigation algorithms. In this respect, it is sometimes called the <em>synchronization distance</em> often shortened simply to <em>distance</em>. The root distance is also used in the following ways.</p>
|
||||
<p>A source is considered selectable only if its root distance is less than the <em>select threshold</em>, by default 1.5 s, but can be changed according to client preference using the <tt>maxdist</tt> option of the <a href="miscopt.html#tos"><tt>tos</tt></a> command. When an upstream server loses all sources, its root distance apparent to dependent clients continues to increase. The clients are not aware of this condition and continue to accept synchronization as long as the root distance is less than the select threshold.</p>
|
||||
<p>The root distance statistic is used by the select, cluster and mitigation algorithms. In this respect, it is sometimes called the <em>synchronization distance</em> often shortened simply to <em>distance</em>. The root distance is also used in the following ways.</p>
|
||||
<ul>
|
||||
<li>Root distance defines the maximum error of the clock offset estimate due to all causes as long as the source remains reachable..</li>
|
||||
<li>Root distance defines the upper and lower limits of the correctness interval. This interval represents the maximum clock offset for each of possibly several sources. The clock select algorithm computes the intersection of the correctness intervals to determine the truechimers from the selectable source population.</li>
|
||||
<li>Root distance is used by the clock cluster algorithm as a weight factor when pruning outlyers from the truechimer population.</li>
|
||||
<li>Root distance defines the upper and lower limits of the correctness interval. This interval represents the maximum clock offset for each of possibly several sources. The clock select algorithm computes the intersection of the correctness intervals to determine the truechimers from the selectable source population.</li>
|
||||
<li>Root distance is used by the clock cluster algorithm as a weight factor when pruning outliers from the truechimer population.</li>
|
||||
<li>The (normalized) reciprocal of the root distance is used as a weight factor by the combine algorithm when computing the system clock offset and system jitter.</li>
|
||||
<li>Root distance is used by the mitigation algorithm to select the system peer from among the cluster algorithm survivors.</li>
|
||||
<li>Root distance is used by the mitigation algorithm to select the system peer from among the cluster algorithm survivors.</li>
|
||||
</ul>
|
||||
<p>The root distance thus functions as a metric in the selection and weighting of the various available sources. The strategy is to select the system peer as the source with the minimum root distance and thus the minimum maximum error. The reference implementation uses the Bellman-Ford algorithm described in the literature, where the goal is to minimize the root distance. The algorithm selects the <em>system peer</em>, from which the system root delay and system root dispersion are inherited.</p>
|
||||
<p>The algorithms described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page deliver several important statistics. The <em>system offset</em> and <em>system jitter</em> are weighted averages computed by the clock combine algorithm. System offset is best interpreted as the maximum-likelihood estimate of the system clock offset, while system jitter, also called estimated error, is best interpreted as the expected error of this estimate. <em>System delay</em> is the root delay inherited from the system peer, while <em>s</em><em>ystem dispersion</em> is the root dispersion plus contributions due to jitter and the absolute value of the system offset.</p>
|
||||
<p>The maximum system error, or <em>system distance</em>, is computed as one-half the system delay plus the system dispersion. In order to simplify discussion, certain minor contributions to the maximum error statistic are ignored. If the precision time kernel support is available, both the estimated error and maximum error are reported to user programs via the <tt>ntp_adjtime()</tt> kernel system call. See the <a href="kern.html">Kernel Model for Precision Timekeeping</a> page for further information.</p>
|
||||
<p>The root distance thus functions as a metric in the selection and weighting of the various available sources. The strategy is to select the system peer as the source with the minimum root distance and thus the minimum maximum error. The reference implementation uses the Bellman-Ford algorithm described in the literature, where the goal is to minimize the root distance. The algorithm selects the <em>system peer</em>, from which the system root delay and system root dispersion are inherited.</p>
|
||||
<p>The algorithms described on the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page deliver several important statistics. The <em>system offset</em> and <em>system jitter</em> are weighted averages computed by the clock combine algorithm. System offset is best interpreted as the maximum-likelihood estimate of the system clock offset, while system jitter, also called estimated error, is best interpreted as the expected error of this estimate. <em>System delay</em> is the root delay inherited from the system peer, while <em>s</em><em>ystem dispersion</em> is the root dispersion plus contributions due to jitter and the absolute value of the system offset.</p>
|
||||
<p>The maximum system error, or <em>system distance</em>, is computed as one-half the system delay plus the system dispersion. In order to simplify discussion, certain minor contributions to the maximum error statistic are ignored. If the precision time kernel support is available, both the estimated error and maximum error are reported to user programs via the <tt>ntp_adjtime()</tt> kernel system call. See the <a href="kern.html">Kernel Model for Precision Timekeeping</a> page for further information.</p>
|
||||
<hr>
|
||||
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
|
||||
</body>
|
||||
|
@ -62,6 +62,7 @@ noinst_HEADERS = \
|
||||
ntpsim.h \
|
||||
parse.h \
|
||||
parse_conf.h \
|
||||
rc_cmdlength.h \
|
||||
recvbuff.h \
|
||||
refclock_atom.h \
|
||||
refidsmear.h \
|
||||
|
@ -116,6 +116,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -227,6 +228,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -235,6 +237,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -296,6 +299,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
@ -543,6 +547,7 @@ noinst_HEADERS = \
|
||||
ntpsim.h \
|
||||
parse.h \
|
||||
parse_conf.h \
|
||||
rc_cmdlength.h \
|
||||
recvbuff.h \
|
||||
refclock_atom.h \
|
||||
refidsmear.h \
|
||||
|
@ -116,6 +116,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -185,6 +186,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -193,6 +195,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -254,6 +257,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -88,10 +88,6 @@ extern void calysto_assert(unsigned char cnd); /* check whether this holds */
|
||||
* We initially used NTP_REQUIRE() instead of REQUIRE() etc, but that
|
||||
* is unneccesarily verbose, as libisc use of REQUIRE() etc shows.
|
||||
*/
|
||||
#define NTP_REQUIRE(x) REQUIRE(x)
|
||||
#define NTP_INSIST(x) INSIST(x)
|
||||
#define NTP_INVARIANT(x) INVARIANT(x)
|
||||
#define NTP_ENSURE(x) ENSURE(x)
|
||||
|
||||
# ifdef DEBUG
|
||||
#define DEBUG_REQUIRE(x) REQUIRE(x)
|
||||
|
@ -157,6 +157,12 @@ ntpcal_daysplit(const vint64 *);
|
||||
extern vint64
|
||||
ntpcal_dayjoin(int32_t /* days */, int32_t /* seconds */);
|
||||
|
||||
/* Get the number of leap years since epoch for the number of elapsed
|
||||
* full years
|
||||
*/
|
||||
extern int32_t
|
||||
ntpcal_leapyears_in_years(int32_t /* years */);
|
||||
|
||||
/*
|
||||
* Convert elapsed years in Era into elapsed days in Era.
|
||||
*/
|
||||
@ -220,6 +226,9 @@ ntpcal_date_to_rd(const struct calendar * /* jt */);
|
||||
*
|
||||
* if 'isleapyear' is not NULL, it will receive an integer that is 0
|
||||
* for regular years and a non-zero value for leap years.
|
||||
*
|
||||
* The input is limited to [-2^30, 2^30-1]. If the days exceed this
|
||||
* range, errno is set to EDOM and the result is saturated.
|
||||
*/
|
||||
extern ntpcal_split
|
||||
ntpcal_split_eradays(int32_t /* days */, int/*BOOL*/ * /* isleapyear */);
|
||||
@ -330,6 +339,10 @@ ntpcal_date_to_time(const struct calendar * /* jd */);
|
||||
extern int32_t
|
||||
isocal_weeks_in_years(int32_t /* years */);
|
||||
|
||||
/*
|
||||
* The input is limited to [-2^30, 2^30-1]. If the weeks exceed this
|
||||
* range, errno is set to EDOM and the result is saturated.
|
||||
*/
|
||||
extern ntpcal_split
|
||||
isocal_split_eraweeks(int32_t /* weeks */);
|
||||
|
||||
|
@ -46,8 +46,8 @@
|
||||
extern int cmdline_server_count;
|
||||
extern char ** cmdline_servers;
|
||||
|
||||
/* set to zero if admin doesn't want memory locked */
|
||||
extern int do_memlock;
|
||||
/* set to zero if we're not locking memory */
|
||||
extern int cur_memlock;
|
||||
|
||||
typedef struct int_range_tag {
|
||||
int first;
|
||||
|
@ -104,7 +104,7 @@ struct ntp_control {
|
||||
#define CTL_PST_SEL_REJECT 0 /* reject */
|
||||
#define CTL_PST_SEL_SANE 1 /* x falsetick */
|
||||
#define CTL_PST_SEL_CORRECT 2 /* . excess */
|
||||
#define CTL_PST_SEL_SELCAND 3 /* - outlyer */
|
||||
#define CTL_PST_SEL_SELCAND 3 /* - outlier */
|
||||
#define CTL_PST_SEL_SYNCCAND 4 /* + candidate */
|
||||
#define CTL_PST_SEL_EXCESS 5 /* # backup */
|
||||
#define CTL_PST_SEL_SYSPEER 6 /* * sys.peer */
|
||||
|
@ -215,9 +215,9 @@ do { \
|
||||
\
|
||||
for (pentry = (listhead); \
|
||||
pentry != NULL; \
|
||||
pentry = pentry->nextlink){ \
|
||||
NTP_INSIST(pentry != pentry->nextlink); \
|
||||
NTP_INSIST((listhead) != pentry->nextlink); \
|
||||
pentry = pentry->nextlink) { \
|
||||
INSIST(pentry != pentry->nextlink); \
|
||||
INSIST((listhead) != pentry->nextlink); \
|
||||
} \
|
||||
} while (FALSE)
|
||||
|
||||
|
@ -31,6 +31,7 @@ extern int mvsnprintf(char *, size_t, const char *, va_list)
|
||||
extern int msnprintf(char *, size_t, const char *, ...)
|
||||
NTP_PRINTF(3, 4);
|
||||
extern void msyslog(int, const char *, ...) NTP_PRINTF(2, 3);
|
||||
extern void mvsyslog(int, const char *, va_list) NTP_PRINTF(2, 0);
|
||||
extern void init_logging (const char *, u_int32, int);
|
||||
extern int change_logfile (const char *, int);
|
||||
extern void setup_logfile (const char *);
|
||||
|
@ -9,6 +9,7 @@
|
||||
|
||||
#ifdef VMS
|
||||
extern void msyslog();
|
||||
extern void mvsyslog();
|
||||
#else
|
||||
# ifndef SYS_VXWORKS
|
||||
# include <syslog.h>
|
||||
|
@ -15,7 +15,8 @@
|
||||
#include <sys/types.h>
|
||||
#if defined(HAVE_INTTYPES_H)
|
||||
# include <inttypes.h>
|
||||
#elif defined(HAVE_STDINT_H)
|
||||
#endif
|
||||
#if defined(HAVE_STDINT_H)
|
||||
# include <stdint.h>
|
||||
#endif
|
||||
|
||||
|
2
contrib/ntp/include/rc_cmdlength.h
Normal file
2
contrib/ntp/include/rc_cmdlength.h
Normal file
@ -0,0 +1,2 @@
|
||||
|
||||
extern size_t remoteconfig_cmdlength( const char *src_buf, const char *src_end );
|
@ -115,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -224,6 +225,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -232,6 +234,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -293,6 +296,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -116,6 +116,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -185,6 +186,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -193,6 +195,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -254,6 +257,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -117,6 +117,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -345,6 +346,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -353,6 +355,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -414,6 +417,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -40,7 +40,7 @@ atolfp(
|
||||
int isneg;
|
||||
static const char *digits = "0123456789";
|
||||
|
||||
NTP_REQUIRE(str != NULL);
|
||||
REQUIRE(str != NULL);
|
||||
|
||||
isneg = 0;
|
||||
dec_i = dec_f = 0;
|
||||
|
@ -377,7 +377,9 @@ audio_gain(
|
||||
#ifdef PCM_STYLE_SOUND
|
||||
int l, r;
|
||||
|
||||
rval = 0;
|
||||
# ifdef GCC
|
||||
rval = 0; /* GCC thinks rval is used uninitialized */
|
||||
# endif
|
||||
|
||||
r = l = 100 * gain / 255; /* Normalize to 0-100 */
|
||||
# ifdef DEBUG
|
||||
@ -392,10 +394,11 @@ audio_gain(
|
||||
if (cf_agc[0] != '\0')
|
||||
rval = ioctl(ctl_fd, agc, &l);
|
||||
else
|
||||
if (2 == port)
|
||||
rval = ioctl(ctl_fd, SOUND_MIXER_WRITE_LINE, &l);
|
||||
else
|
||||
rval = ioctl(ctl_fd, SOUND_MIXER_WRITE_MIC, &l);
|
||||
rval = ioctl(ctl_fd
|
||||
, (2 == port)
|
||||
? SOUND_MIXER_WRITE_LINE
|
||||
: SOUND_MIXER_WRITE_MIC
|
||||
, &l);
|
||||
if (-1 == rval) {
|
||||
printf("audio_gain: agc write: %s\n", strerror(errno));
|
||||
return rval;
|
||||
|
@ -534,6 +534,12 @@ MD5auth_setkey(
|
||||
bucket = &key_hash[KEYHASH(keyno)];
|
||||
for (sk = *bucket; sk != NULL; sk = sk->hlink) {
|
||||
if (keyno == sk->keyid) {
|
||||
/* TALOS-CAN-0054: make sure we have a new buffer! */
|
||||
if (NULL != sk->secret) {
|
||||
memset(sk->secret, 0, sk->secretsize);
|
||||
free(sk->secret);
|
||||
}
|
||||
sk->secret = emalloc(len);
|
||||
sk->type = (u_short)keytype;
|
||||
secretsize = len;
|
||||
sk->secretsize = (u_short)secretsize;
|
||||
@ -593,12 +599,14 @@ auth_delkeys(void)
|
||||
}
|
||||
|
||||
/*
|
||||
* Don't lose info as to which keys are trusted.
|
||||
* Don't lose info as to which keys are trusted. Make
|
||||
* sure there are no dangling pointers!
|
||||
*/
|
||||
if (KEY_TRUSTED & sk->flags) {
|
||||
if (sk->secret != NULL) {
|
||||
memset(sk->secret, '\0', sk->secretsize);
|
||||
memset(sk->secret, 0, sk->secretsize);
|
||||
free(sk->secret);
|
||||
sk->secret = NULL; /* TALOS-CAN-0054 */
|
||||
}
|
||||
sk->secretsize = 0;
|
||||
sk->lifetime = 0;
|
||||
|
@ -62,6 +62,40 @@ nexttok(
|
||||
}
|
||||
|
||||
|
||||
/* TALOS-CAN-0055: possibly DoS attack by setting the key file to the
|
||||
* log file. This is hard to prevent (it would need to check two files
|
||||
* to be the same on the inode level, which will not work so easily with
|
||||
* Windows or VMS) but we can avoid the self-amplification loop: We only
|
||||
* log the first 5 errors, silently ignore the next 10 errors, and give
|
||||
* up when when we have found more than 15 errors.
|
||||
*
|
||||
* This avoids the endless file iteration we will end up with otherwise,
|
||||
* and also avoids overflowing the log file.
|
||||
*
|
||||
* Nevertheless, once this happens, the keys are gone since this would
|
||||
* require a save/swap strategy that is not easy to apply due to the
|
||||
* data on global/static level.
|
||||
*/
|
||||
|
||||
static const size_t nerr_loglimit = 5u;
|
||||
static const size_t nerr_maxlimit = 15;
|
||||
|
||||
static void log_maybe(size_t*, const char*, ...) NTP_PRINTF(2, 3);
|
||||
|
||||
static void
|
||||
log_maybe(
|
||||
size_t *pnerr,
|
||||
const char *fmt ,
|
||||
...)
|
||||
{
|
||||
va_list ap;
|
||||
if (++(*pnerr) <= nerr_loglimit) {
|
||||
va_start(ap, fmt);
|
||||
mvsyslog(LOG_ERR, fmt, ap);
|
||||
va_end(ap);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* authreadkeys - (re)read keys from a file.
|
||||
*/
|
||||
@ -79,7 +113,7 @@ authreadkeys(
|
||||
u_char keystr[32]; /* Bug 2537 */
|
||||
size_t len;
|
||||
size_t j;
|
||||
|
||||
size_t nerr;
|
||||
/*
|
||||
* Open file. Complain and return if it can't be opened.
|
||||
*/
|
||||
@ -99,7 +133,10 @@ authreadkeys(
|
||||
/*
|
||||
* Now read lines from the file, looking for key entries
|
||||
*/
|
||||
nerr = 0;
|
||||
while ((line = fgets(buf, sizeof buf, fp)) != NULL) {
|
||||
if (nerr > nerr_maxlimit)
|
||||
break;
|
||||
token = nexttok(&line);
|
||||
if (token == NULL)
|
||||
continue;
|
||||
@ -109,15 +146,16 @@ authreadkeys(
|
||||
*/
|
||||
keyno = atoi(token);
|
||||
if (keyno == 0) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: cannot change key %s", token);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: cannot change key %s",
|
||||
token);
|
||||
continue;
|
||||
}
|
||||
|
||||
if (keyno > NTP_MAXKEY) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: key %s > %d reserved for Autokey",
|
||||
token, NTP_MAXKEY);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: key %s > %d reserved for Autokey",
|
||||
token, NTP_MAXKEY);
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -126,8 +164,9 @@ authreadkeys(
|
||||
*/
|
||||
token = nexttok(&line);
|
||||
if (token == NULL) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: no key type for key %d", keyno);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: no key type for key %d",
|
||||
keyno);
|
||||
continue;
|
||||
}
|
||||
#ifdef OPENSSL
|
||||
@ -139,13 +178,15 @@ authreadkeys(
|
||||
*/
|
||||
keytype = keytype_from_text(token, NULL);
|
||||
if (keytype == 0) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: invalid type for key %d", keyno);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: invalid type for key %d",
|
||||
keyno);
|
||||
continue;
|
||||
}
|
||||
if (EVP_get_digestbynid(keytype) == NULL) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: no algorithm for key %d", keyno);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: no algorithm for key %d",
|
||||
keyno);
|
||||
continue;
|
||||
}
|
||||
#else /* !OPENSSL follows */
|
||||
@ -155,8 +196,9 @@ authreadkeys(
|
||||
* 'm' for compatibility.
|
||||
*/
|
||||
if (!(*token == 'M' || *token == 'm')) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: invalid type for key %d", keyno);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: invalid type for key %d",
|
||||
keyno);
|
||||
continue;
|
||||
}
|
||||
keytype = KEY_TYPE_MD5;
|
||||
@ -170,8 +212,8 @@ authreadkeys(
|
||||
*/
|
||||
token = nexttok(&line);
|
||||
if (token == NULL) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: no key for key %d", keyno);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: no key for key %d", keyno);
|
||||
continue;
|
||||
}
|
||||
len = strlen(token);
|
||||
@ -195,13 +237,24 @@ authreadkeys(
|
||||
keystr[j / 2] = temp << 4;
|
||||
}
|
||||
if (j < jlim) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: invalid hex digit for key %d", keyno);
|
||||
log_maybe(&nerr,
|
||||
"authreadkeys: invalid hex digit for key %d",
|
||||
keyno);
|
||||
continue;
|
||||
}
|
||||
MD5auth_setkey(keyno, keytype, keystr, jlim / 2);
|
||||
}
|
||||
}
|
||||
fclose(fp);
|
||||
if (nerr > nerr_maxlimit) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: emergency break after %u errors",
|
||||
nerr);
|
||||
return (0);
|
||||
} else if (nerr > nerr_loglimit) {
|
||||
msyslog(LOG_ERR,
|
||||
"authreadkeys: found %u more error(s)",
|
||||
nerr - nerr_loglimit);
|
||||
}
|
||||
return (1);
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ caljulian(
|
||||
ntpcal_split split;
|
||||
|
||||
|
||||
NTP_INSIST(NULL != jt);
|
||||
INSIST(NULL != jt);
|
||||
|
||||
/*
|
||||
* Unfold ntp time around current time into NTP domain. Split
|
||||
|
@ -40,14 +40,14 @@ caltontp(
|
||||
int32_t eraday; /* CE Rata Die number */
|
||||
vint64 ntptime;/* resulting NTP time */
|
||||
|
||||
NTP_INSIST(jt != NULL);
|
||||
REQUIRE(jt != NULL);
|
||||
|
||||
NTP_REQUIRE(jt->month <= 13); /* permit month 0..13! */
|
||||
NTP_REQUIRE(jt->monthday <= 32);
|
||||
NTP_REQUIRE(jt->yearday <= 366);
|
||||
NTP_REQUIRE(jt->hour <= 24);
|
||||
NTP_REQUIRE(jt->minute <= MINSPERHR);
|
||||
NTP_REQUIRE(jt->second <= SECSPERMIN);
|
||||
REQUIRE(jt->month <= 13); /* permit month 0..13! */
|
||||
REQUIRE(jt->monthday <= 32);
|
||||
REQUIRE(jt->yearday <= 366);
|
||||
REQUIRE(jt->hour <= 24);
|
||||
REQUIRE(jt->minute <= MINSPERHR);
|
||||
REQUIRE(jt->second <= SECSPERMIN);
|
||||
|
||||
/*
|
||||
* First convert the date to he corresponding RataDie
|
||||
|
@ -35,8 +35,11 @@ decodenetnum(
|
||||
char *np;
|
||||
char name[80];
|
||||
|
||||
NTP_REQUIRE(num != NULL);
|
||||
NTP_REQUIRE(strlen(num) < sizeof(name));
|
||||
REQUIRE(num != NULL);
|
||||
|
||||
if (strlen(num) >= sizeof(name)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
port_str = NULL;
|
||||
if ('[' != num[0]) {
|
||||
@ -72,7 +75,7 @@ decodenetnum(
|
||||
err = getaddrinfo(cp, "ntp", &hints, &ai);
|
||||
if (err != 0)
|
||||
return 0;
|
||||
NTP_INSIST(ai->ai_addrlen <= sizeof(*netnum));
|
||||
INSIST(ai->ai_addrlen <= sizeof(*netnum));
|
||||
ZERO(*netnum);
|
||||
memcpy(netnum, ai->ai_addr, ai->ai_addrlen);
|
||||
freeaddrinfo(ai);
|
||||
|
@ -76,8 +76,6 @@ ereallocz(
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
|
||||
/*
|
||||
* This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX
|
||||
* if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW
|
||||
|
@ -6,14 +6,16 @@
|
||||
* frequency. All other parameters must be manually set before use.
|
||||
*/
|
||||
#include <config.h>
|
||||
#include "icom.h"
|
||||
#include <ntp_stdlib.h>
|
||||
#include <ntp_tty.h>
|
||||
#include <l_stdlib.h>
|
||||
#include <icom.h>
|
||||
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "ntp_tty.h"
|
||||
#include "l_stdlib.h"
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
#undef write /* ports/winnt/include/config.h: #define write _write */
|
||||
@ -60,9 +62,14 @@ static void doublefreq (double, u_char *, int);
|
||||
|
||||
/*
|
||||
* icom_freq(fd, ident, freq) - load radio frequency
|
||||
*
|
||||
* returns:
|
||||
* 0 (ok)
|
||||
* -1 (error)
|
||||
* 1 (short write to device)
|
||||
*/
|
||||
int
|
||||
icom_freq( /* returns 0 (ok), EIO (error) */
|
||||
icom_freq(
|
||||
int fd, /* file descriptor */
|
||||
int ident, /* ICOM radio identifier */
|
||||
double freq /* frequency (MHz) */
|
||||
@ -71,6 +78,7 @@ icom_freq( /* returns 0 (ok), EIO (error) */
|
||||
u_char cmd[] = {PAD, PR, PR, 0, TX, V_SFREQ, 0, 0, 0, 0, FI,
|
||||
FI};
|
||||
int temp;
|
||||
int rc;
|
||||
|
||||
cmd[3] = (char)ident;
|
||||
if (ident == IC735)
|
||||
@ -78,9 +86,17 @@ icom_freq( /* returns 0 (ok), EIO (error) */
|
||||
else
|
||||
temp = 5;
|
||||
doublefreq(freq * 1e6, &cmd[6], temp);
|
||||
temp = write(fd, cmd, temp + 7);
|
||||
rc = write(fd, cmd, temp + 7);
|
||||
if (rc == -1) {
|
||||
msyslog(LOG_ERR, "icom_freq: write() failed: %m");
|
||||
return -1;
|
||||
} else if (rc != temp + 7) {
|
||||
msyslog(LOG_ERR, "icom_freq: only wrote %d of %d bytes.",
|
||||
rc, temp+7);
|
||||
return 1;
|
||||
}
|
||||
|
||||
return (0);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
@ -40,7 +40,7 @@ struct hostent *gethostbyname(char *name)
|
||||
{
|
||||
struct hostent *host1;
|
||||
h_errno = 0; /* we are always successful!!! */
|
||||
host1 = (struct hostent *) malloc (sizeof(struct hostent));
|
||||
host1 = (struct hostent *) emalloc (sizeof(struct hostent));
|
||||
host1->h_name = name;
|
||||
host1->h_addrtype = AF_INET;
|
||||
host1->h_aliases = name;
|
||||
@ -54,7 +54,7 @@ struct hostent *gethostbyaddr(char *name, int size, int addr_type)
|
||||
{
|
||||
struct hostent *host1;
|
||||
h_errno = 0; /* we are always successful!!! */
|
||||
host1 = (struct hostent *) malloc (sizeof(struct hostent));
|
||||
host1 = (struct hostent *) emalloc (sizeof(struct hostent));
|
||||
host1->h_name = name;
|
||||
host1->h_addrtype = AF_INET;
|
||||
host1->h_aliases = name;
|
||||
@ -66,7 +66,7 @@ struct hostent *gethostbyaddr(char *name, int size, int addr_type)
|
||||
struct servent *getservbyname (char *name, char *type)
|
||||
{
|
||||
struct servent *serv1;
|
||||
serv1 = (struct servent *) malloc (sizeof(struct servent));
|
||||
serv1 = (struct servent *) emalloc (sizeof(struct servent));
|
||||
serv1->s_name = "ntp"; /* official service name */
|
||||
serv1->s_aliases = NULL; /* alias list */
|
||||
serv1->s_port = 123; /* port # */
|
||||
|
@ -38,7 +38,7 @@ char * syslog_abs_fname;
|
||||
#define INIT_NTP_SYSLOGMASK ~(u_int32)0
|
||||
u_int32 ntp_syslogmask = INIT_NTP_SYSLOGMASK;
|
||||
|
||||
extern char * progname;
|
||||
extern char const * progname;
|
||||
|
||||
/* Declare the local functions */
|
||||
void addto_syslog (int, const char *);
|
||||
@ -145,8 +145,8 @@ addto_syslog(
|
||||
const char * msg
|
||||
)
|
||||
{
|
||||
static char * prevcall_progname;
|
||||
static char * prog;
|
||||
static char const * prevcall_progname;
|
||||
static char const * prog;
|
||||
const char nl[] = "\n";
|
||||
const char empty[] = "";
|
||||
FILE * term_file;
|
||||
@ -357,6 +357,18 @@ msyslog(
|
||||
addto_syslog(level, buf);
|
||||
}
|
||||
|
||||
void
|
||||
mvsyslog(
|
||||
int level,
|
||||
const char * fmt,
|
||||
va_list ap
|
||||
)
|
||||
{
|
||||
char buf[1024];
|
||||
mvsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
addto_syslog(level, buf);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Initialize the logging
|
||||
@ -371,7 +383,7 @@ init_logging(
|
||||
)
|
||||
{
|
||||
static int was_daemon;
|
||||
const char * cp;
|
||||
char * cp;
|
||||
const char * pname;
|
||||
|
||||
/*
|
||||
@ -402,7 +414,7 @@ init_logging(
|
||||
#ifdef SYS_WINNT /* strip ".exe" */
|
||||
cp = strrchr(progname, '.');
|
||||
if (NULL != cp && !strcasecmp(cp, ".exe"))
|
||||
progname[cp - progname] = '\0';
|
||||
*cp = '\0';
|
||||
#endif
|
||||
|
||||
#if !defined(VMS)
|
||||
@ -454,7 +466,7 @@ change_logfile(
|
||||
size_t octets;
|
||||
#endif /* POSIX */
|
||||
|
||||
NTP_REQUIRE(fname != NULL);
|
||||
REQUIRE(fname != NULL);
|
||||
log_fname = fname;
|
||||
|
||||
/*
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -249,12 +249,12 @@ getaddrinfo_sometime(
|
||||
size_t servsize;
|
||||
time_t now;
|
||||
|
||||
NTP_REQUIRE(NULL != node);
|
||||
REQUIRE(NULL != node);
|
||||
if (NULL != hints) {
|
||||
NTP_REQUIRE(0 == hints->ai_addrlen);
|
||||
NTP_REQUIRE(NULL == hints->ai_addr);
|
||||
NTP_REQUIRE(NULL == hints->ai_canonname);
|
||||
NTP_REQUIRE(NULL == hints->ai_next);
|
||||
REQUIRE(0 == hints->ai_addrlen);
|
||||
REQUIRE(NULL == hints->ai_addr);
|
||||
REQUIRE(NULL == hints->ai_canonname);
|
||||
REQUIRE(NULL == hints->ai_next);
|
||||
}
|
||||
|
||||
idx = get_dnschild_ctx();
|
||||
@ -420,7 +420,7 @@ blocking_getaddrinfo(
|
||||
|
||||
ai = ai_res;
|
||||
while (NULL != ai) {
|
||||
NTP_INSIST(ai->ai_addrlen <= sizeof(sockaddr_u));
|
||||
INSIST(ai->ai_addrlen <= sizeof(sockaddr_u));
|
||||
memcpy(cp, ai->ai_addr, ai->ai_addrlen);
|
||||
cp += sizeof(sockaddr_u);
|
||||
|
||||
@ -568,7 +568,7 @@ getaddrinfo_sometime_complete(
|
||||
ai[i].ai_canonname += (size_t)canon_start;
|
||||
}
|
||||
|
||||
NTP_ENSURE((char *)psau == canon_start);
|
||||
ENSURE((char *)psau == canon_start);
|
||||
|
||||
if (!gai_resp->ai_count)
|
||||
ai = NULL;
|
||||
@ -634,8 +634,8 @@ getnameinfo_sometime(
|
||||
dnschild_ctx * child_ctx;
|
||||
time_t time_now;
|
||||
|
||||
NTP_REQUIRE(hostoctets);
|
||||
NTP_REQUIRE(hostoctets + servoctets < 1024);
|
||||
REQUIRE(hostoctets);
|
||||
REQUIRE(hostoctets + servoctets < 1024);
|
||||
|
||||
idx = get_dnschild_ctx();
|
||||
child_ctx = dnschild_contexts[idx];
|
||||
@ -699,7 +699,7 @@ blocking_getnameinfo(
|
||||
* large allocations. We only need room for the host
|
||||
* and service names.
|
||||
*/
|
||||
NTP_REQUIRE(octets < sizeof(host));
|
||||
REQUIRE(octets < sizeof(host));
|
||||
service = host + gni_req->hostoctets;
|
||||
|
||||
worker_ctx = get_worker_context(c, gni_req->dns_idx);
|
||||
@ -775,8 +775,8 @@ blocking_getnameinfo(
|
||||
cp += gni_resp->servoctets;
|
||||
}
|
||||
|
||||
NTP_INSIST((size_t)(cp - (char *)resp) == resp_octets);
|
||||
NTP_INSIST(resp_octets - sizeof(*resp) == gni_resp->octets);
|
||||
INSIST((size_t)(cp - (char *)resp) == resp_octets);
|
||||
INSIST(resp_octets - sizeof(*resp) == gni_resp->octets);
|
||||
|
||||
rc = queue_blocking_response(c, resp, resp_octets, req);
|
||||
if (rc)
|
||||
|
@ -36,7 +36,7 @@
|
||||
* external references
|
||||
*/
|
||||
|
||||
extern char * progname;
|
||||
extern char const * progname;
|
||||
|
||||
/*
|
||||
* globals, private prototypes
|
||||
|
@ -221,7 +221,7 @@ copy_addrinfo_common(
|
||||
}
|
||||
++ai_cpy;
|
||||
}
|
||||
NTP_ENSURE(pcanon == ((char *)dst + octets));
|
||||
ENSURE(pcanon == ((char *)dst + octets));
|
||||
|
||||
return dst;
|
||||
}
|
||||
|
@ -278,7 +278,7 @@ blocking_child_common(
|
||||
req = receive_blocking_req_internal(c);
|
||||
if (NULL == req) {
|
||||
say_bye = TRUE;
|
||||
break;
|
||||
continue;
|
||||
}
|
||||
|
||||
DEBUG_REQUIRE(BLOCKING_REQ_MAGIC == req->magic_sig);
|
||||
|
@ -141,7 +141,7 @@ get_struct_tm(
|
||||
return NULL; /* That's truly pathological! */
|
||||
|
||||
/* 'tm' surely not NULL here! */
|
||||
NTP_INSIST(tm != NULL);
|
||||
INSIST(tm != NULL);
|
||||
if (folds != 0) {
|
||||
tm->tm_year += folds * SOLAR_CYCLE_YEARS;
|
||||
if (tm->tm_year <= 0 || tm->tm_year >= 200)
|
||||
|
@ -216,7 +216,7 @@ get_free_recv_buffer_alloc(void)
|
||||
create_buffers(RECV_INC);
|
||||
buffer = get_free_recv_buffer();
|
||||
}
|
||||
NTP_ENSURE(buffer != NULL);
|
||||
ENSURE(buffer != NULL);
|
||||
return (buffer);
|
||||
}
|
||||
#endif
|
||||
|
@ -78,7 +78,7 @@ move_fd(
|
||||
static SOCKET socket_boundary = -1;
|
||||
SOCKET newfd;
|
||||
|
||||
NTP_REQUIRE((int)fd >= 0);
|
||||
REQUIRE((int)fd >= 0);
|
||||
|
||||
/*
|
||||
* check whether boundary has be set up
|
||||
@ -115,7 +115,7 @@ move_fd(
|
||||
socket_boundary));
|
||||
} while (socket_boundary > 0);
|
||||
#else
|
||||
NTP_REQUIRE((int)fd >= 0);
|
||||
ENSURE((int)fd >= 0);
|
||||
#endif /* !defined(SYS_WINNT) && defined(F_DUPFD) */
|
||||
return fd;
|
||||
}
|
||||
|
@ -79,7 +79,7 @@ socktohost(
|
||||
if (a_info)
|
||||
goto forward_fail;
|
||||
|
||||
NTP_INSIST(alist != NULL);
|
||||
INSIST(alist != NULL);
|
||||
|
||||
for (ai = alist; ai != NULL; ai = ai->ai_next) {
|
||||
/*
|
||||
|
@ -60,7 +60,7 @@ static const struct codestring select_codes[] = {
|
||||
{ CTL_PST_SEL_REJECT, "sel_reject" },
|
||||
{ CTL_PST_SEL_SANE, "sel_falsetick" },
|
||||
{ CTL_PST_SEL_CORRECT, "sel_excess" },
|
||||
{ CTL_PST_SEL_SELCAND, "sel_outlyer" },
|
||||
{ CTL_PST_SEL_SELCAND, "sel_outlier" },
|
||||
{ CTL_PST_SEL_SYNCCAND, "sel_candidate" },
|
||||
{ CTL_PST_SEL_EXCESS, "sel_backup" },
|
||||
{ CTL_PST_SEL_SYSPEER, "sel_sys.peer" },
|
||||
|
@ -118,6 +118,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -252,6 +253,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -260,6 +262,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -321,6 +324,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
|
@ -432,6 +432,9 @@ version.c: $(ntpd_OBJECTS) ../libntp/libntp.a @LIBPARSE@ Makefile $(top_srcdir)/
|
||||
version.o: version.c
|
||||
env CCACHE_DISABLE=1 $(COMPILE) -c version.c -o version.o
|
||||
|
||||
$(srcdir)/Makefile.am:
|
||||
@: do-nothing
|
||||
|
||||
include $(top_srcdir)/bincheck.mf
|
||||
include $(top_srcdir)/check-libopts.mf
|
||||
include $(top_srcdir)/sntp/check-libntp.mf
|
||||
|
@ -125,6 +125,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_locinfo.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_openssl.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_pkg_config.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_problemtests.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_prog_cc.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_rlimit.m4 \
|
||||
$(top_srcdir)/sntp/m4/ntp_sntp.m4 \
|
||||
@ -343,6 +344,7 @@ AUTOCONF = @AUTOCONF@
|
||||
AUTOHEADER = @AUTOHEADER@
|
||||
AUTOMAKE = @AUTOMAKE@
|
||||
AWK = @AWK@
|
||||
BUILD_THREAD = @BUILD_THREAD@
|
||||
CALC_TICKADJ_DB = @CALC_TICKADJ_DB@
|
||||
CALC_TICKADJ_DL = @CALC_TICKADJ_DL@
|
||||
CALC_TICKADJ_DS = @CALC_TICKADJ_DS@
|
||||
@ -351,6 +353,7 @@ CALC_TICKADJ_NI = @CALC_TICKADJ_NI@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
CFLAGS_LIBEVENT = @CFLAGS_LIBEVENT@
|
||||
CFLAGS_NTP = @CFLAGS_NTP@
|
||||
CHUTEST = @CHUTEST@
|
||||
CONFIG_SHELL = @CONFIG_SHELL@
|
||||
@ -412,6 +415,7 @@ LIBTOOL_DEPS = @LIBTOOL_DEPS@
|
||||
LIPO = @LIPO@
|
||||
LN_S = @LN_S@
|
||||
LSCF = @LSCF@
|
||||
LTHREAD_LIBS = @LTHREAD_LIBS@
|
||||
LTLIBOBJS = @LTLIBOBJS@
|
||||
MAKEINFO = @MAKEINFO@
|
||||
MAKE_ADJTIMED = @MAKE_ADJTIMED@
|
||||
@ -1827,6 +1831,9 @@ version.c: $(ntpd_OBJECTS) ../libntp/libntp.a @LIBPARSE@ Makefile $(top_srcdir)/
|
||||
version.o: version.c
|
||||
env CCACHE_DISABLE=1 $(COMPILE) -c version.c -o version.o
|
||||
|
||||
$(srcdir)/Makefile.am:
|
||||
@: do-nothing
|
||||
|
||||
install-exec-hook:
|
||||
@test -z "${bin_PROGRAMS}${bin_SCRIPTS}" \
|
||||
|| for i in ${bin_PROGRAMS} ${bin_SCRIPTS} " "; do \
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi)
|
||||
#
|
||||
# It has been AutoGen-ed June 29, 2015 at 04:30:28 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed October 21, 2015 at 12:38:16 PM by AutoGen 5.18.5
|
||||
# From the definitions ntp.conf.def
|
||||
# and the template file agtexi-file.tpl
|
||||
@end ignore
|
||||
@ -1837,7 +1837,7 @@ re-associate accordingly.
|
||||
Some administrators prefer to avoid running
|
||||
@code{ntpd(1ntpdmdoc)}
|
||||
continuously and run either
|
||||
@code{ntpdate(8)}
|
||||
@code{sntp(1sntpmdoc)}
|
||||
or
|
||||
@code{ntpd(1ntpdmdoc)}
|
||||
@code{-q}
|
||||
@ -1921,7 +1921,7 @@ peers remaining.
|
||||
This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
@item @code{minclock} @kbd{minclock}
|
||||
The clustering algorithm repeatedly casts out outlyer
|
||||
The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
@code{minclock}
|
||||
associations remain.
|
||||
@ -2578,12 +2578,15 @@ pulses will not be suppressed.
|
||||
@item @code{rlimit} @code{[@code{memlock} @kbd{Nmegabytes} | @code{stacksize} @kbd{N4kPages} @code{filenum} @kbd{Nfiledescriptors}]}
|
||||
@table @asis
|
||||
@item @code{memlock} @kbd{Nmegabytes}
|
||||
Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
@code{-i}
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
@item @code{stacksize} @kbd{N4kPages}
|
||||
Specifies the maximum size of the process stack on systems with the
|
||||
@code{mlockall()}
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi)
|
||||
#
|
||||
# It has been AutoGen-ed June 29, 2015 at 04:30:31 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed October 21, 2015 at 12:38:19 PM by AutoGen 5.18.5
|
||||
# From the definitions ntp.keys.def
|
||||
# and the template file agtexi-file.tpl
|
||||
@end ignore
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
# EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi)
|
||||
#
|
||||
# It has been AutoGen-ed June 29, 2015 at 04:30:33 PM by AutoGen 5.18.5
|
||||
# It has been AutoGen-ed October 21, 2015 at 12:38:21 PM by AutoGen 5.18.5
|
||||
# From the definitions ntpd-opts.def
|
||||
# and the template file agtexi-cmd.tpl
|
||||
@end ignore
|
||||
@ -142,7 +142,7 @@ with a status code of 0.
|
||||
|
||||
@exampleindent 0
|
||||
@example
|
||||
ntpd - NTP daemon program - Ver. 4.2.8p3
|
||||
ntpd - NTP daemon program - Ver. 4.2.8p4
|
||||
Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \
|
||||
[ <server1> ... <serverN> ]
|
||||
Flg Arg Option-Name Description
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntp.conf 5man "29 Jun 2015" "4.2.8p3" "File Formats"
|
||||
.TH ntp.conf 5man "21 Oct 2015" "4.2.8p4" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-R0aO7B/ag-30aG6B)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:16 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -2080,7 +2080,7 @@ re-associate accordingly.
|
||||
Some administrators prefer to avoid running
|
||||
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
|
||||
continuously and run either
|
||||
\fCntpdate\f[]\fR(8)\f[]
|
||||
\fCsntp\f[]\fR(1sntpmdoc)\f[]
|
||||
or
|
||||
\fCntpd\f[]\fR(1ntpdmdoc)\f[]
|
||||
\f\*[B-Font]\-q\f[]
|
||||
@ -2170,7 +2170,7 @@ This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
|
||||
The clustering algorithm repeatedly casts out outlyer
|
||||
The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
\f\*[B-Font]minclock\f[]
|
||||
associations remain.
|
||||
@ -2897,12 +2897,15 @@ pulses will not be suppressed.
|
||||
.RS
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
|
||||
Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
\f\*[B-Font]\-i\f[]
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
|
||||
Specifies the maximum size of the process stack on systems with the
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd June 29 2015
|
||||
.Dd October 21 2015
|
||||
.Dt NTP_CONF 5mdoc File Formats
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:36 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -1903,7 +1903,7 @@ re\-associate accordingly.
|
||||
Some administrators prefer to avoid running
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
continuously and run either
|
||||
.Xr ntpdate 8
|
||||
.Xr sntp 1sntpmdoc
|
||||
or
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
.Fl q
|
||||
@ -1995,7 +1995,7 @@ peers remaining.
|
||||
This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
.It Cm minclock Ar minclock
|
||||
The clustering algorithm repeatedly casts out outlyer
|
||||
The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
.Cm minclock
|
||||
associations remain.
|
||||
@ -2725,12 +2725,15 @@ pulses will not be suppressed.
|
||||
.Xc
|
||||
.Bl -tag -width indent
|
||||
.It Cm memlock Ar Nmegabytes
|
||||
Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
.Fl i
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
.It Cm stacksize Ar N4kPages
|
||||
Specifies the maximum size of the process stack on systems with the
|
||||
.Fn mlockall
|
||||
|
@ -1905,7 +1905,7 @@ re-associate accordingly.
|
||||
Some administrators prefer to avoid running
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
continuously and run either
|
||||
.Xr ntpdate 8
|
||||
.Xr sntp 1sntpmdoc
|
||||
or
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
.Fl q
|
||||
@ -1997,7 +1997,7 @@ peers remaining.
|
||||
This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
.It Cm minclock Ar minclock
|
||||
The clustering algorithm repeatedly casts out outlyer
|
||||
The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
.Cm minclock
|
||||
associations remain.
|
||||
@ -2727,12 +2727,15 @@ pulses will not be suppressed.
|
||||
.Xc
|
||||
.Bl -tag -width indent
|
||||
.It Cm memlock Ar Nmegabytes
|
||||
Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
.Fl i
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
.It Cm stacksize Ar N4kPages
|
||||
Specifies the maximum size of the process stack on systems with the
|
||||
.Fn mlockall
|
||||
|
@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
|
||||
<p>This document describes the configuration file for the NTP Project's
|
||||
<code>ntpd</code> program.
|
||||
|
||||
<p>This document applies to version 4.2.8p3 of <code>ntp.conf</code>.
|
||||
<p>This document applies to version 4.2.8p4 of <code>ntp.conf</code>.
|
||||
|
||||
<div class="shortcontents">
|
||||
<h2>Short Contents</h2>
|
||||
@ -1839,7 +1839,7 @@ re-associate accordingly.
|
||||
<p>Some administrators prefer to avoid running
|
||||
<code>ntpd(1ntpdmdoc)</code>
|
||||
continuously and run either
|
||||
<code>ntpdate(8)</code>
|
||||
<code>sntp(1sntpmdoc)</code>
|
||||
or
|
||||
<code>ntpd(1ntpdmdoc)</code>
|
||||
<code>-q</code>
|
||||
@ -1922,7 +1922,7 @@ will be discarded if there are at least
|
||||
peers remaining.
|
||||
This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
<br><dt><code>minclock</code> <kbd>minclock</kbd><dd>The clustering algorithm repeatedly casts out outlyer
|
||||
<br><dt><code>minclock</code> <kbd>minclock</kbd><dd>The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
<code>minclock</code>
|
||||
associations remain.
|
||||
@ -2546,12 +2546,15 @@ pulses will not be suppressed.
|
||||
</dl>
|
||||
<br><dt><code>rlimit</code> <code>[memlock </code><kbd>Nmegabytes</kbd><code> | stacksize </code><kbd>N4kPages</kbd><code> filenum </code><kbd>Nfiledescriptors</kbd><code>]</code><dd>
|
||||
<dl>
|
||||
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
<dt><code>memlock</code> <kbd>Nmegabytes</kbd><dd>Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
<code>-i</code>
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non-Linux machines, and -1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
<br><dt><code>stacksize</code> <kbd>N4kPages</kbd><dd>Specifies the maximum size of the process stack on systems with the
|
||||
<code>mlockall()</code>
|
||||
function.
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntp.conf 5 "29 Jun 2015" "4.2.8p3" "File Formats"
|
||||
.TH ntp.conf 5 "21 Oct 2015" "4.2.8p4" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-R0aO7B/ag-30aG6B)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-9oaqYI/ag-OpaiXI)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:16 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:01 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -2080,7 +2080,7 @@ re-associate accordingly.
|
||||
Some administrators prefer to avoid running
|
||||
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
|
||||
continuously and run either
|
||||
\fCntpdate\f[]\fR(8)\f[]
|
||||
\fCsntp\f[]\fR(@SNTP_MS@)\f[]
|
||||
or
|
||||
\fCntpd\f[]\fR(@NTPD_MS@)\f[]
|
||||
\f\*[B-Font]\-q\f[]
|
||||
@ -2170,7 +2170,7 @@ This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[]
|
||||
The clustering algorithm repeatedly casts out outlyer
|
||||
The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
\f\*[B-Font]minclock\f[]
|
||||
associations remain.
|
||||
@ -2897,12 +2897,15 @@ pulses will not be suppressed.
|
||||
.RS
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[]
|
||||
Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
\f\*[B-Font]\-i\f[]
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non-Linux machines, and \-1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
.TP 7
|
||||
.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[]
|
||||
Specifies the maximum size of the process stack on systems with the
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd June 29 2015
|
||||
.Dd October 21 2015
|
||||
.Dt NTP_CONF 5 File Formats
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:36 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:24 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.conf.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -1903,7 +1903,7 @@ re\-associate accordingly.
|
||||
Some administrators prefer to avoid running
|
||||
.Xr ntpd @NTPD_MS@
|
||||
continuously and run either
|
||||
.Xr ntpdate 8
|
||||
.Xr sntp @SNTP_MS@
|
||||
or
|
||||
.Xr ntpd @NTPD_MS@
|
||||
.Fl q
|
||||
@ -1995,7 +1995,7 @@ peers remaining.
|
||||
This value defaults to 1, but can be changed
|
||||
to any number from 1 to 15.
|
||||
.It Cm minclock Ar minclock
|
||||
The clustering algorithm repeatedly casts out outlyer
|
||||
The clustering algorithm repeatedly casts out outlier
|
||||
associations until no more than
|
||||
.Cm minclock
|
||||
associations remain.
|
||||
@ -2725,12 +2725,15 @@ pulses will not be suppressed.
|
||||
.Xc
|
||||
.Bl -tag -width indent
|
||||
.It Cm memlock Ar Nmegabytes
|
||||
Specify the number of megabytes of memory that can be allocated.
|
||||
Probably only available under Linux, this option is useful
|
||||
Specify the number of megabytes of memory that should be
|
||||
allocated and locked.
|
||||
Probably only available under Linux, this option may be useful
|
||||
when dropping root (the
|
||||
.Fl i
|
||||
option).
|
||||
The default is 32 megabytes. Setting this to zero will prevent any attemp to lock memory.
|
||||
The default is 32 megabytes on non\-Linux machines, and \-1 under Linux.
|
||||
-1 means "do not lock the process into memory".
|
||||
0 means "lock whatever memory the process wants into memory".
|
||||
.It Cm stacksize Ar N4kPages
|
||||
Specifies the maximum size of the process stack on systems with the
|
||||
.Fn mlockall
|
||||
|
@ -1,8 +1,8 @@
|
||||
.TH ntp.keys 5man "29 Jun 2015" "4.2.8p3" "File Formats"
|
||||
.TH ntp.keys 5man "21 Oct 2015" "4.2.8p4" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:21 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agman-file.tpl
|
||||
.Sh NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd June 29 2015
|
||||
.Dd October 21 2015
|
||||
.Dt NTP_KEYS 5mdoc File Formats
|
||||
.Os SunOS 5.10
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:39 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agmdoc-file.tpl
|
||||
.Sh NAME
|
||||
|
@ -33,7 +33,7 @@ Up: <a rel="up" accesskey="u" href="#dir">(dir)</a>
|
||||
<p>This document describes the symmetric key file for the NTP Project's
|
||||
<code>ntpd</code> program.
|
||||
|
||||
<p>This document applies to version 4.2.8p3 of <code>ntp.keys</code>.
|
||||
<p>This document applies to version 4.2.8p4 of <code>ntp.keys</code>.
|
||||
|
||||
<div class="shortcontents">
|
||||
<h2>Short Contents</h2>
|
||||
|
@ -1,8 +1,8 @@
|
||||
.TH ntp.keys 5 "29 Jun 2015" "4.2.8p3" "File Formats"
|
||||
.TH ntp.keys 5 "21 Oct 2015" "4.2.8p4" "File Formats"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.man)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:21 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:08 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agman-file.tpl
|
||||
.Sh NAME
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd June 29 2015
|
||||
.Dd October 21 2015
|
||||
.Dt NTP_KEYS 5 File Formats
|
||||
.Os SunOS 5.10
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntp.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:39 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:28 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntp.keys.def
|
||||
.\" and the template file agmdoc-file.tpl
|
||||
.Sh NAME
|
||||
|
@ -53,13 +53,21 @@
|
||||
#include "ntp_parser.h"
|
||||
#include "ntpd-opts.h"
|
||||
|
||||
/* Bug 2817 */
|
||||
#if defined(HAVE_SYS_MMAN_H)
|
||||
# include <sys/mman.h>
|
||||
#endif
|
||||
|
||||
/* list of servers from command line for config_peers() */
|
||||
int cmdline_server_count;
|
||||
char ** cmdline_servers;
|
||||
|
||||
/* set to zero if admin doesn't want memory locked */
|
||||
int do_memlock = 1;
|
||||
/* Current state of memory locking:
|
||||
* -1: default
|
||||
* 0: memory locking disabled
|
||||
* 1: Memory locking enabled
|
||||
*/
|
||||
int cur_memlock = -1;
|
||||
|
||||
/*
|
||||
* "logconfig" building blocks
|
||||
@ -1152,9 +1160,8 @@ create_address_node(
|
||||
{
|
||||
address_node *my_node;
|
||||
|
||||
NTP_REQUIRE(NULL != addr);
|
||||
NTP_REQUIRE(AF_INET == type ||
|
||||
AF_INET6 == type || AF_UNSPEC == type);
|
||||
REQUIRE(NULL != addr);
|
||||
REQUIRE(AF_INET == type || AF_INET6 == type || AF_UNSPEC == type);
|
||||
my_node = emalloc_zero(sizeof(*my_node));
|
||||
my_node->address = addr;
|
||||
my_node->type = (u_short)type;
|
||||
@ -1170,7 +1177,7 @@ destroy_address_node(
|
||||
{
|
||||
if (NULL == my_node)
|
||||
return;
|
||||
NTP_REQUIRE(NULL != my_node->address);
|
||||
REQUIRE(NULL != my_node->address);
|
||||
|
||||
free(my_node->address);
|
||||
free(my_node);
|
||||
@ -1567,7 +1574,7 @@ create_nic_rule_node(
|
||||
{
|
||||
nic_rule_node *my_node;
|
||||
|
||||
NTP_REQUIRE(match_class != 0 || if_name != NULL);
|
||||
REQUIRE(match_class != 0 || if_name != NULL);
|
||||
|
||||
my_node = emalloc_zero(sizeof(*my_node));
|
||||
my_node->match_class = match_class;
|
||||
@ -1826,7 +1833,9 @@ config_auth(
|
||||
|
||||
/* Crypto Command */
|
||||
#ifdef AUTOKEY
|
||||
# ifdef __GNUC__
|
||||
item = -1; /* quiet warning */
|
||||
# endif
|
||||
my_val = HEAD_PFIFO(ptree->auth.crypto_cmd_list);
|
||||
for (; my_val != NULL; my_val = my_val->link) {
|
||||
switch (my_val->attr) {
|
||||
@ -1979,7 +1988,9 @@ config_tos(
|
||||
int item;
|
||||
double val;
|
||||
|
||||
#ifdef __GNUC__
|
||||
item = -1; /* quiet warning */
|
||||
#endif
|
||||
tos = HEAD_PFIFO(ptree->orphan_cmds);
|
||||
for (; tos != NULL; tos = tos->link) {
|
||||
val = tos->value.d;
|
||||
@ -2610,18 +2621,36 @@ config_rlimit(
|
||||
break;
|
||||
|
||||
case T_Memlock:
|
||||
if (rlimit_av->value.i != 0) {
|
||||
/* What if we HAVE_OPT(SAVECONFIGQUIT) ? */
|
||||
if (rlimit_av->value.i == -1) {
|
||||
# if defined(HAVE_MLOCKALL)
|
||||
if (cur_memlock != 0) {
|
||||
if (-1 == munlockall()) {
|
||||
msyslog(LOG_ERR, "munlockall() failed: %m");
|
||||
}
|
||||
}
|
||||
cur_memlock = 0;
|
||||
# endif /* HAVE_MLOCKALL */
|
||||
} else if (rlimit_av->value.i >= 0) {
|
||||
#if defined(RLIMIT_MEMLOCK)
|
||||
# if defined(HAVE_MLOCKALL)
|
||||
if (cur_memlock != 1) {
|
||||
if (-1 == mlockall(MCL_CURRENT|MCL_FUTURE)) {
|
||||
msyslog(LOG_ERR, "mlockall() failed: %m");
|
||||
}
|
||||
}
|
||||
# endif /* HAVE_MLOCKALL */
|
||||
ntp_rlimit(RLIMIT_MEMLOCK,
|
||||
(rlim_t)(rlimit_av->value.i * 1024 * 1024),
|
||||
1024 * 1024,
|
||||
"MB");
|
||||
cur_memlock = 1;
|
||||
#else
|
||||
/* STDERR as well would be fine... */
|
||||
msyslog(LOG_WARNING, "'rlimit memlock' specified but is not available on this system.");
|
||||
#endif /* RLIMIT_MEMLOCK */
|
||||
} else {
|
||||
do_memlock = 0;
|
||||
msyslog(LOG_WARNING, "'rlimit memlock' value of %d is unexpected!", rlimit_av->value.i);
|
||||
}
|
||||
break;
|
||||
|
||||
@ -2662,7 +2691,9 @@ config_tinker(
|
||||
attr_val * tinker;
|
||||
int item;
|
||||
|
||||
#ifdef __GNUC__
|
||||
item = -1; /* quiet warning */
|
||||
#endif
|
||||
tinker = HEAD_PFIFO(ptree->tinker);
|
||||
for (; tinker != NULL; tinker = tinker->link) {
|
||||
switch (tinker->attr) {
|
||||
@ -2776,12 +2807,14 @@ config_nic_rules(
|
||||
switch (curr_node->match_class) {
|
||||
|
||||
default:
|
||||
#ifdef __GNUC__
|
||||
/*
|
||||
* this assignment quiets a gcc "may be used
|
||||
* uninitialized" warning and is here for no
|
||||
* other reason.
|
||||
*/
|
||||
match_type = MATCH_ALL;
|
||||
#endif
|
||||
INSIST(FALSE);
|
||||
break;
|
||||
|
||||
@ -2834,12 +2867,14 @@ config_nic_rules(
|
||||
switch (curr_node->action) {
|
||||
|
||||
default:
|
||||
#ifdef __GNUC__
|
||||
/*
|
||||
* this assignment quiets a gcc "may be used
|
||||
* uninitialized" warning and is here for no
|
||||
* other reason.
|
||||
*/
|
||||
action = ACTION_LISTEN;
|
||||
#endif
|
||||
INSIST(FALSE);
|
||||
break;
|
||||
|
||||
@ -4880,9 +4915,9 @@ getnetnum(
|
||||
enum gnn_type a_type /* ignored */
|
||||
)
|
||||
{
|
||||
NTP_REQUIRE(AF_UNSPEC == AF(addr) ||
|
||||
AF_INET == AF(addr) ||
|
||||
AF_INET6 == AF(addr));
|
||||
REQUIRE(AF_UNSPEC == AF(addr) ||
|
||||
AF_INET == AF(addr) ||
|
||||
AF_INET6 == AF(addr));
|
||||
|
||||
if (!is_ip_address(num, AF(addr), addr))
|
||||
return 0;
|
||||
|
@ -3,10 +3,6 @@
|
||||
* traps. Provides service to ntpq and others.
|
||||
*/
|
||||
|
||||
/*
|
||||
* $FreeBSD: head/contrib/ntp/ntpd/ntp_control.c 276071 2014-12-22 18:54:55Z delphij $
|
||||
*/
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
# include <config.h>
|
||||
#endif
|
||||
@ -32,15 +28,11 @@
|
||||
#include "ntp_leapsec.h"
|
||||
#include "ntp_md5.h" /* provides OpenSSL digest API */
|
||||
#include "lib_strbuf.h"
|
||||
#include <rc_cmdlength.h>
|
||||
#ifdef KERNEL_PLL
|
||||
# include "ntp_syscall.h"
|
||||
#endif
|
||||
|
||||
extern size_t remoteconfig_cmdlength( const char *src_buf, const char *src_end );
|
||||
|
||||
#ifndef MIN
|
||||
#define MIN(a, b) (((a) <= (b)) ? (a) : (b))
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Structure to hold request procedure information
|
||||
@ -428,10 +420,10 @@ static const struct ctl_var sys_var[] = {
|
||||
{ CS_TIMER_XMTS, RO, "timer_xmts" }, /* 87 */
|
||||
{ CS_FUZZ, RO, "fuzz" }, /* 88 */
|
||||
{ CS_WANDER_THRESH, RO, "clk_wander_threshold" }, /* 89 */
|
||||
#ifdef LEAP_SMEAR
|
||||
|
||||
{ CS_LEAPSMEARINTV, RO, "leapsmearinterval" }, /* 90 */
|
||||
{ CS_LEAPSMEAROFFS, RO, "leapsmearoffset" }, /* 91 */
|
||||
#endif /* LEAP_SMEAR */
|
||||
|
||||
#ifdef AUTOKEY
|
||||
{ CS_FLAGS, RO, "flags" }, /* 1 + CS_MAX_NOAUTOKEY */
|
||||
{ CS_HOST, RO, "host" }, /* 2 + CS_MAX_NOAUTOKEY */
|
||||
@ -892,6 +884,28 @@ save_config(
|
||||
int restrict_mask
|
||||
)
|
||||
{
|
||||
/* block directory traversal by searching for characters that
|
||||
* indicate directory components in a file path.
|
||||
*
|
||||
* Conceptually we should be searching for DIRSEP in filename,
|
||||
* however Windows actually recognizes both forward and
|
||||
* backslashes as equivalent directory separators at the API
|
||||
* level. On POSIX systems we could allow '\\' but such
|
||||
* filenames are tricky to manipulate from a shell, so just
|
||||
* reject both types of slashes on all platforms.
|
||||
*/
|
||||
/* TALOS-CAN-0062: block directory traversal for VMS, too */
|
||||
static const char * illegal_in_filename =
|
||||
#if defined(VMS)
|
||||
":[]" /* do not allow drive and path components here */
|
||||
#elif defined(SYS_WINNT)
|
||||
":\\/" /* path and drive separators */
|
||||
#else
|
||||
"\\/" /* separator and critical char for POSIX */
|
||||
#endif
|
||||
;
|
||||
|
||||
|
||||
char reply[128];
|
||||
#ifdef SAVECONFIG
|
||||
char filespec[128];
|
||||
@ -946,15 +960,9 @@ save_config(
|
||||
localtime(&now)))
|
||||
strlcpy(filename, filespec, sizeof(filename));
|
||||
|
||||
/*
|
||||
* Conceptually we should be searching for DIRSEP in filename,
|
||||
* however Windows actually recognizes both forward and
|
||||
* backslashes as equivalent directory separators at the API
|
||||
* level. On POSIX systems we could allow '\\' but such
|
||||
* filenames are tricky to manipulate from a shell, so just
|
||||
* reject both types of slashes on all platforms.
|
||||
*/
|
||||
if (strchr(filename, '\\') || strchr(filename, '/')) {
|
||||
/* block directory/drive traversal */
|
||||
/* TALOS-CAN-0062: block directory traversal for VMS, too */
|
||||
if (NULL != strpbrk(filename, illegal_in_filename)) {
|
||||
snprintf(reply, sizeof(reply),
|
||||
"saveconfig does not allow directory in filename");
|
||||
ctl_putdata(reply, strlen(reply), 0);
|
||||
@ -1409,7 +1417,7 @@ ctl_putstr(
|
||||
memcpy(buffer, tag, tl);
|
||||
cp = buffer + tl;
|
||||
if (len > 0) {
|
||||
NTP_INSIST(tl + 3 + len <= sizeof(buffer));
|
||||
INSIST(tl + 3 + len <= sizeof(buffer));
|
||||
*cp++ = '=';
|
||||
*cp++ = '"';
|
||||
memcpy(cp, data, len);
|
||||
@ -1444,7 +1452,7 @@ ctl_putunqstr(
|
||||
memcpy(buffer, tag, tl);
|
||||
cp = buffer + tl;
|
||||
if (len > 0) {
|
||||
NTP_INSIST(tl + 1 + len <= sizeof(buffer));
|
||||
INSIST(tl + 1 + len <= sizeof(buffer));
|
||||
*cp++ = '=';
|
||||
memcpy(cp, data, len);
|
||||
cp += len;
|
||||
@ -1473,7 +1481,7 @@ ctl_putdblf(
|
||||
while (*cq != '\0')
|
||||
*cp++ = *cq++;
|
||||
*cp++ = '=';
|
||||
NTP_INSIST((size_t)(cp - buffer) < sizeof(buffer));
|
||||
INSIST((size_t)(cp - buffer) < sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer), use_f ? "%.*f" : "%.*g",
|
||||
precision, d);
|
||||
cp += strlen(cp);
|
||||
@ -1499,7 +1507,7 @@ ctl_putuint(
|
||||
*cp++ = *cq++;
|
||||
|
||||
*cp++ = '=';
|
||||
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer), "%lu", uval);
|
||||
cp += strlen(cp);
|
||||
ctl_putdata(buffer, (unsigned)( cp - buffer ), 0);
|
||||
@ -1526,7 +1534,7 @@ ctl_putcal(
|
||||
pcal->hour,
|
||||
pcal->minute
|
||||
);
|
||||
NTP_INSIST(numch < sizeof(buffer));
|
||||
INSIST(numch < sizeof(buffer));
|
||||
ctl_putdata(buffer, numch, 0);
|
||||
|
||||
return;
|
||||
@ -1557,7 +1565,7 @@ ctl_putfs(
|
||||
tm = gmtime(&fstamp);
|
||||
if (NULL == tm)
|
||||
return;
|
||||
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer),
|
||||
"%04d%02d%02d%02d%02d", tm->tm_year + 1900,
|
||||
tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min);
|
||||
@ -1586,7 +1594,7 @@ ctl_puthex(
|
||||
*cp++ = *cq++;
|
||||
|
||||
*cp++ = '=';
|
||||
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer), "0x%lx", uval);
|
||||
cp += strlen(cp);
|
||||
ctl_putdata(buffer,(unsigned)( cp - buffer ), 0);
|
||||
@ -1612,7 +1620,7 @@ ctl_putint(
|
||||
*cp++ = *cq++;
|
||||
|
||||
*cp++ = '=';
|
||||
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer), "%ld", ival);
|
||||
cp += strlen(cp);
|
||||
ctl_putdata(buffer, (unsigned)( cp - buffer ), 0);
|
||||
@ -1638,7 +1646,7 @@ ctl_putts(
|
||||
*cp++ = *cq++;
|
||||
|
||||
*cp++ = '=';
|
||||
NTP_INSIST((size_t)(cp - buffer) < sizeof(buffer));
|
||||
INSIST((size_t)(cp - buffer) < sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer), "0x%08x.%08x",
|
||||
(u_int)ts->l_ui, (u_int)ts->l_uf);
|
||||
cp += strlen(cp);
|
||||
@ -1670,7 +1678,7 @@ ctl_putadr(
|
||||
cq = numtoa(addr32);
|
||||
else
|
||||
cq = stoa(addr);
|
||||
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer), "%s", cq);
|
||||
cp += strlen(cp);
|
||||
ctl_putdata(buffer, (unsigned)(cp - buffer), 0);
|
||||
@ -1741,7 +1749,7 @@ ctl_putarray(
|
||||
if (i == 0)
|
||||
i = NTP_SHIFT;
|
||||
i--;
|
||||
NTP_INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
INSIST((cp - buffer) < (int)sizeof(buffer));
|
||||
snprintf(cp, sizeof(buffer) - (cp - buffer),
|
||||
" %.2f", arr[i] * 1e3);
|
||||
cp += strlen(cp);
|
||||
@ -2410,6 +2418,9 @@ ctl_putsys(
|
||||
ntohl(hostval.tstamp));
|
||||
break;
|
||||
#endif /* AUTOKEY */
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -2933,7 +2944,6 @@ ctl_getitem(
|
||||
* Look for a first character match on the tag. If we find
|
||||
* one, see if it is a full match.
|
||||
*/
|
||||
v = var_list;
|
||||
cp = reqpt;
|
||||
for (v = var_list; !(EOV & v->flags); v++) {
|
||||
if (!(PADDING & v->flags) && *cp == *(v->text)) {
|
||||
@ -3115,7 +3125,7 @@ read_peervars(void)
|
||||
ctl_error(CERR_UNKNOWNVAR);
|
||||
return;
|
||||
}
|
||||
NTP_INSIST(v->code < COUNTOF(wants));
|
||||
INSIST(v->code < COUNTOF(wants));
|
||||
wants[v->code] = 1;
|
||||
gotvar = 1;
|
||||
}
|
||||
@ -3158,19 +3168,19 @@ read_sysvars(void)
|
||||
gotvar = 0;
|
||||
while (NULL != (v = ctl_getitem(sys_var, &valuep))) {
|
||||
if (!(EOV & v->flags)) {
|
||||
NTP_INSIST(v->code < wants_count);
|
||||
INSIST(v->code < wants_count);
|
||||
wants[v->code] = 1;
|
||||
gotvar = 1;
|
||||
} else {
|
||||
v = ctl_getitem(ext_sys_var, &valuep);
|
||||
NTP_INSIST(v != NULL);
|
||||
INSIST(v != NULL);
|
||||
if (EOV & v->flags) {
|
||||
ctl_error(CERR_UNKNOWNVAR);
|
||||
free(wants);
|
||||
return;
|
||||
}
|
||||
n = v->code + CS_MAXCODE + 1;
|
||||
NTP_INSIST(n < wants_count);
|
||||
INSIST(n < wants_count);
|
||||
wants[n] = 1;
|
||||
gotvar = 1;
|
||||
}
|
||||
@ -4404,7 +4414,7 @@ read_clockstatus(
|
||||
gotvar = TRUE;
|
||||
} else {
|
||||
v = ctl_getitem(kv, &valuep);
|
||||
NTP_INSIST(NULL != v);
|
||||
INSIST(NULL != v);
|
||||
if (EOV & v->flags) {
|
||||
ctl_error(CERR_UNKNOWNVAR);
|
||||
free(wants);
|
||||
@ -4800,7 +4810,7 @@ report_event(
|
||||
for (i = 1; i <= CS_VARLIST; i++)
|
||||
ctl_putsys(i);
|
||||
} else {
|
||||
NTP_INSIST(peer != NULL);
|
||||
INSIST(peer != NULL);
|
||||
rpkt.associd = htons(peer->associd);
|
||||
rpkt.status = htons(ctlpeerstatus(peer));
|
||||
|
||||
@ -4905,7 +4915,7 @@ count_var(
|
||||
while (!(EOV & (k++)->flags))
|
||||
c++;
|
||||
|
||||
NTP_ENSURE(c <= USHRT_MAX);
|
||||
ENSURE(c <= USHRT_MAX);
|
||||
return (u_short)c;
|
||||
}
|
||||
|
||||
|
@ -202,6 +202,7 @@ static void cert_free (struct cert_info *);
|
||||
static struct pkey_info *crypto_key (char *, char *, sockaddr_u *);
|
||||
static void bighash (BIGNUM *, BIGNUM *);
|
||||
static struct cert_info *crypto_cert (char *);
|
||||
static u_int exten_payload_size(const struct exten *);
|
||||
|
||||
#ifdef SYS_WINNT
|
||||
int
|
||||
@ -380,7 +381,7 @@ make_keylist(
|
||||
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, sizeof(struct autokey));
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
peer->flags |= FLAG_ASSOC;
|
||||
}
|
||||
@ -419,7 +420,7 @@ crypto_recv(
|
||||
struct autokey *ap, *bp; /* autokey pointer */
|
||||
struct exten *ep, *fp; /* extension pointers */
|
||||
struct cert_info *xinfo; /* certificate info pointer */
|
||||
int has_mac; /* length of MAC field */
|
||||
int macbytes; /* length of MAC field, signed by intention */
|
||||
int authlen; /* offset of MAC field */
|
||||
associd_t associd; /* association ID */
|
||||
tstamp_t fstamp = 0; /* filestamp */
|
||||
@ -446,7 +447,11 @@ crypto_recv(
|
||||
*/
|
||||
authlen = LEN_PKT_NOMAC;
|
||||
hismode = (int)PKT_MODE((&rbufp->recv_pkt)->li_vn_mode);
|
||||
while ((has_mac = rbufp->recv_length - authlen) > (int)MAX_MAC_LEN) {
|
||||
while ((macbytes = rbufp->recv_length - authlen) > (int)MAX_MAC_LEN) {
|
||||
/* We can be reasonably sure that we can read at least
|
||||
* the opcode and the size field here. More stringent
|
||||
* checks follow up shortly.
|
||||
*/
|
||||
pkt = (u_int32 *)&rbufp->recv_pkt + authlen / 4;
|
||||
ep = (struct exten *)pkt;
|
||||
code = ntohl(ep->opcode) & 0xffff0000;
|
||||
@ -467,6 +472,18 @@ crypto_recv(
|
||||
code |= CRYPTO_ERROR;
|
||||
}
|
||||
|
||||
/* Check if the declared size fits into the remaining
|
||||
* buffer.
|
||||
*/
|
||||
if (len > macbytes) {
|
||||
DPRINTF(1, ("crypto_recv: possible attack detected, associd %d\n",
|
||||
associd));
|
||||
return XEVNT_LEN;
|
||||
}
|
||||
|
||||
/* Check if the paylod of the extension fits into the
|
||||
* declared frame.
|
||||
*/
|
||||
if (len >= VALUE_LEN) {
|
||||
fstamp = ntohl(ep->fstamp);
|
||||
vallen = ntohl(ep->vallen);
|
||||
@ -508,6 +525,7 @@ crypto_recv(
|
||||
rval = XEVNT_ERR;
|
||||
break;
|
||||
}
|
||||
free(peer->cmmd); /* will be set again! */
|
||||
}
|
||||
fp = emalloc(len);
|
||||
memcpy(fp, ep, len);
|
||||
@ -1153,9 +1171,8 @@ crypto_xmit(
|
||||
* choice.
|
||||
*/
|
||||
case CRYPTO_CERT | CRYPTO_RESP:
|
||||
vallen = ntohl(ep->vallen); /* Must be <64k */
|
||||
if (vallen == 0 || vallen > MAXHOSTNAME ||
|
||||
len - VALUE_LEN < vallen) {
|
||||
vallen = exten_payload_size(ep); /* Must be <64k */
|
||||
if (vallen == 0 || vallen >= sizeof(certname) ) {
|
||||
rval = XEVNT_LEN;
|
||||
break;
|
||||
}
|
||||
@ -1591,7 +1608,7 @@ crypto_encrypt(
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, vallen);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
|
||||
NTP_INSIST(vallen <= sign_siglen);
|
||||
INSIST(vallen <= sign_siglen);
|
||||
vp->siglen = htonl(vallen);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
@ -1770,7 +1787,7 @@ crypto_send(
|
||||
if (j * 4 < siglen)
|
||||
ep->pkt[i + j++] = 0;
|
||||
memcpy(&ep->pkt[i], vp->sig, siglen);
|
||||
i += j;
|
||||
/* i += j; */ /* We don't use i after this */
|
||||
}
|
||||
opcode = ntohl(ep->opcode);
|
||||
ep->opcode = htonl((opcode & 0xffff0000) | len);
|
||||
@ -1825,7 +1842,7 @@ crypto_update(void)
|
||||
EVP_SignUpdate(&ctx, (u_char *)&pubkey, 12);
|
||||
EVP_SignUpdate(&ctx, pubkey.ptr, ntohl(pubkey.vallen));
|
||||
if (EVP_SignFinal(&ctx, pubkey.sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
pubkey.siglen = htonl(len);
|
||||
}
|
||||
}
|
||||
@ -1846,7 +1863,7 @@ crypto_update(void)
|
||||
EVP_SignUpdate(&ctx, cp->cert.ptr,
|
||||
ntohl(cp->cert.vallen));
|
||||
if (EVP_SignFinal(&ctx, cp->cert.sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
cp->cert.siglen = htonl(len);
|
||||
}
|
||||
}
|
||||
@ -1896,7 +1913,7 @@ crypto_update(void)
|
||||
EVP_SignUpdate(&ctx, (u_char *)&tai_leap, 12);
|
||||
EVP_SignUpdate(&ctx, tai_leap.ptr, len);
|
||||
if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
tai_leap.siglen = htonl(len);
|
||||
}
|
||||
crypto_flags |= CRYPTO_FLAG_TAI;
|
||||
@ -1997,9 +2014,9 @@ asn_to_calendar (
|
||||
* 100. Dontcha love ASN.1? Better than MIL-188.
|
||||
*/
|
||||
len = asn1time->length;
|
||||
NTP_REQUIRE(len < sizeof(v));
|
||||
REQUIRE(len < sizeof(v));
|
||||
(void)strncpy(v, (char *)(asn1time->data), len);
|
||||
NTP_REQUIRE(len >= 13);
|
||||
REQUIRE(len >= 13);
|
||||
temp = strtoul(v+len-3, NULL, 10);
|
||||
pjd->second = temp;
|
||||
v[len-3] = '\0';
|
||||
@ -2169,7 +2186,7 @@ crypto_alice(
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
@ -2197,8 +2214,7 @@ crypto_bob(
|
||||
tstamp_t tstamp; /* NTP timestamp */
|
||||
BIGNUM *bn, *bk, *r;
|
||||
u_char *ptr;
|
||||
u_int len; /* extension field length */
|
||||
u_int vallen = 0; /* value length */
|
||||
u_int len; /* extension field value length */
|
||||
|
||||
/*
|
||||
* If the IFF parameters are not valid, something awful
|
||||
@ -2213,11 +2229,10 @@ crypto_bob(
|
||||
/*
|
||||
* Extract r from the challenge.
|
||||
*/
|
||||
vallen = ntohl(ep->vallen);
|
||||
len = ntohl(ep->opcode) & 0x0000ffff;
|
||||
if (vallen == 0 || len < VALUE_LEN || len - VALUE_LEN < vallen)
|
||||
return XEVNT_LEN;
|
||||
if ((r = BN_bin2bn((u_char *)ep->pkt, vallen, NULL)) == NULL) {
|
||||
len = exten_payload_size(ep);
|
||||
if (len == 0 || len > MAX_VALLEN)
|
||||
return (XEVNT_LEN);
|
||||
if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
|
||||
msyslog(LOG_ERR, "crypto_bob: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
return (XEVNT_ERR);
|
||||
@ -2229,7 +2244,7 @@ crypto_bob(
|
||||
*/
|
||||
bctx = BN_CTX_new(); bk = BN_new(); bn = BN_new();
|
||||
sdsa = DSA_SIG_new();
|
||||
BN_rand(bk, vallen * 8, -1, 1); /* k */
|
||||
BN_rand(bk, len * 8, -1, 1); /* k */
|
||||
BN_mod_mul(bn, dsa->priv_key, r, dsa->q, bctx); /* b r mod q */
|
||||
BN_add(bn, bn, bk);
|
||||
BN_mod(bn, bn, dsa->q, bctx); /* k + b r mod q */
|
||||
@ -2248,16 +2263,16 @@ crypto_bob(
|
||||
* Encode the values in ASN.1 and sign. The filestamp is from
|
||||
* the local file.
|
||||
*/
|
||||
vallen = i2d_DSA_SIG(sdsa, NULL);
|
||||
if (vallen == 0) {
|
||||
len = i2d_DSA_SIG(sdsa, NULL);
|
||||
if (len == 0) {
|
||||
msyslog(LOG_ERR, "crypto_bob: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
DSA_SIG_free(sdsa);
|
||||
return (XEVNT_ERR);
|
||||
}
|
||||
if (vallen > MAX_VALLEN) {
|
||||
msyslog(LOG_ERR, "crypto_bob: signature is too big: %d",
|
||||
vallen);
|
||||
if (len > MAX_VALLEN) {
|
||||
msyslog(LOG_ERR, "crypto_bob: signature is too big: %u",
|
||||
len);
|
||||
DSA_SIG_free(sdsa);
|
||||
return (XEVNT_LEN);
|
||||
}
|
||||
@ -2265,8 +2280,8 @@ crypto_bob(
|
||||
tstamp = crypto_time();
|
||||
vp->tstamp = htonl(tstamp);
|
||||
vp->fstamp = htonl(iffkey_info->fstamp);
|
||||
vp->vallen = htonl(vallen);
|
||||
ptr = emalloc(vallen);
|
||||
vp->vallen = htonl(len);
|
||||
ptr = emalloc(len);
|
||||
vp->ptr = ptr;
|
||||
i2d_DSA_SIG(sdsa, &ptr);
|
||||
DSA_SIG_free(sdsa);
|
||||
@ -2277,10 +2292,10 @@ crypto_bob(
|
||||
vp->sig = emalloc(sign_siglen);
|
||||
EVP_SignInit(&ctx, sign_digest);
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, vallen);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &vallen, sign_pkey)) {
|
||||
NTP_INSIST(vallen <= sign_siglen);
|
||||
vp->siglen = htonl(vallen);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
}
|
||||
@ -2486,7 +2501,7 @@ crypto_alice2(
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
@ -2530,7 +2545,9 @@ crypto_bob2(
|
||||
/*
|
||||
* Extract r from the challenge.
|
||||
*/
|
||||
len = ntohl(ep->vallen);
|
||||
len = exten_payload_size(ep);
|
||||
if (len == 0 || len > MAX_VALLEN)
|
||||
return (XEVNT_LEN);
|
||||
if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
|
||||
msyslog(LOG_ERR, "crypto_bob2: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
@ -2586,7 +2603,7 @@ crypto_bob2(
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
@ -2817,7 +2834,7 @@ crypto_alice3(
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
@ -2859,7 +2876,9 @@ crypto_bob3(
|
||||
/*
|
||||
* Extract r from the challenge.
|
||||
*/
|
||||
len = ntohl(ep->vallen);
|
||||
len = exten_payload_size(ep);
|
||||
if (len == 0 || len > MAX_VALLEN)
|
||||
return (XEVNT_LEN);
|
||||
if ((r = BN_bin2bn((u_char *)ep->pkt, len, NULL)) == NULL) {
|
||||
msyslog(LOG_ERR, "crypto_bob3: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
@ -2919,7 +2938,7 @@ crypto_bob3(
|
||||
EVP_SignUpdate(&ctx, (u_char *)&vp->tstamp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
return (XEVNT_OK);
|
||||
@ -3078,8 +3097,11 @@ cert_sign(
|
||||
if (tstamp == 0)
|
||||
return (XEVNT_TSP);
|
||||
|
||||
len = exten_payload_size(ep);
|
||||
if (len == 0 || len > MAX_VALLEN)
|
||||
return (XEVNT_LEN);
|
||||
cptr = (void *)ep->pkt;
|
||||
if ((req = d2i_X509(NULL, &cptr, ntohl(ep->vallen))) == NULL) {
|
||||
if ((req = d2i_X509(NULL, &cptr, len)) == NULL) {
|
||||
msyslog(LOG_ERR, "cert_sign: %s",
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
return (XEVNT_CRT);
|
||||
@ -3158,7 +3180,7 @@ cert_sign(
|
||||
EVP_SignUpdate(&ctx, (u_char *)vp, 12);
|
||||
EVP_SignUpdate(&ctx, vp->ptr, len);
|
||||
if (EVP_SignFinal(&ctx, vp->sig, &len, sign_pkey)) {
|
||||
NTP_INSIST(len <= sign_siglen);
|
||||
INSIST(len <= sign_siglen);
|
||||
vp->siglen = htonl(len);
|
||||
}
|
||||
}
|
||||
@ -4028,6 +4050,36 @@ crypto_config(
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the payload size (internal value length) of an extension packet.
|
||||
* If the inner value size does not match the outer packet size (that
|
||||
* is, the value would end behind the frame given by the opcode/size
|
||||
* field) the function will effectively return UINT_MAX. If the frame is
|
||||
* too short to hold a variable-sized value, the return value is zero.
|
||||
*/
|
||||
static u_int
|
||||
exten_payload_size(
|
||||
const struct exten * ep)
|
||||
{
|
||||
typedef const u_char *BPTR;
|
||||
|
||||
size_t extn_size;
|
||||
size_t data_size;
|
||||
size_t head_size;
|
||||
|
||||
data_size = 0;
|
||||
if (NULL != ep) {
|
||||
head_size = (BPTR)(&ep->vallen + 1) - (BPTR)ep;
|
||||
extn_size = (uint16_t)(ntohl(ep->opcode) & 0x0000ffff);
|
||||
if (extn_size >= head_size) {
|
||||
data_size = (uint32_t)ntohl(ep->vallen);
|
||||
if (data_size > extn_size - head_size)
|
||||
data_size = ~(size_t)0u;
|
||||
}
|
||||
}
|
||||
return (u_int)data_size;
|
||||
}
|
||||
# else /* !AUTOKEY follows */
|
||||
int ntp_crypto_bs_pubkey;
|
||||
# endif /* !AUTOKEY */
|
||||
|
@ -216,7 +216,7 @@ static int is_wildcard_addr (const sockaddr_u *);
|
||||
* Multicast functions
|
||||
*/
|
||||
static isc_boolean_t addr_ismulticast (sockaddr_u *);
|
||||
static isc_boolean_t is_not_bindable (sockaddr_u *,
|
||||
static isc_boolean_t is_anycast (sockaddr_u *,
|
||||
const char *);
|
||||
|
||||
/*
|
||||
@ -371,7 +371,7 @@ maintain_activefds(
|
||||
maxactivefd = i;
|
||||
break;
|
||||
}
|
||||
NTP_INSIST(fd != maxactivefd);
|
||||
INSIST(fd != maxactivefd);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -687,8 +687,8 @@ addr_samesubnet(
|
||||
const u_int32 * pm;
|
||||
size_t loops;
|
||||
|
||||
NTP_REQUIRE(AF(a) == AF(a_mask));
|
||||
NTP_REQUIRE(AF(b) == AF(b_mask));
|
||||
REQUIRE(AF(a) == AF(a_mask));
|
||||
REQUIRE(AF(b) == AF(b_mask));
|
||||
/*
|
||||
* With address and mask families verified to match, comparing
|
||||
* the masks also validates the address's families match.
|
||||
@ -735,8 +735,8 @@ is_ip_address(
|
||||
char tmpbuf[128];
|
||||
char *pch;
|
||||
|
||||
NTP_REQUIRE(host != NULL);
|
||||
NTP_REQUIRE(addr != NULL);
|
||||
REQUIRE(host != NULL);
|
||||
REQUIRE(addr != NULL);
|
||||
|
||||
ZERO_SOCK(addr);
|
||||
|
||||
@ -1250,15 +1250,15 @@ add_nic_rule(
|
||||
rule->action = action;
|
||||
|
||||
if (MATCH_IFNAME == match_type) {
|
||||
NTP_REQUIRE(NULL != if_name);
|
||||
REQUIRE(NULL != if_name);
|
||||
rule->if_name = estrdup(if_name);
|
||||
} else if (MATCH_IFADDR == match_type) {
|
||||
NTP_REQUIRE(NULL != if_name);
|
||||
REQUIRE(NULL != if_name);
|
||||
/* set rule->addr */
|
||||
is_ip = is_ip_address(if_name, AF_UNSPEC, &rule->addr);
|
||||
NTP_REQUIRE(is_ip);
|
||||
REQUIRE(is_ip);
|
||||
} else
|
||||
NTP_REQUIRE(NULL == if_name);
|
||||
REQUIRE(NULL == if_name);
|
||||
|
||||
LINK_SLIST(nic_rule_list, rule, next);
|
||||
}
|
||||
@ -1278,7 +1278,7 @@ action_text(
|
||||
t = "ERROR"; /* quiet uninit warning */
|
||||
DPRINTF(1, ("fatal: unknown nic_rule_action %d\n",
|
||||
action));
|
||||
NTP_ENSURE(0);
|
||||
ENSURE(0);
|
||||
break;
|
||||
|
||||
case ACTION_LISTEN:
|
||||
@ -1666,11 +1666,9 @@ check_flags6(
|
||||
u_int32 flags6
|
||||
)
|
||||
{
|
||||
#if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6) && \
|
||||
(defined(IN6_IFF_ANYCAST) || defined(IN6_IFF_NOTREADY))
|
||||
#if defined(INCLUDE_IPV6_SUPPORT) && defined(SIOCGIFAFLAG_IN6)
|
||||
struct in6_ifreq ifr6;
|
||||
int fd;
|
||||
u_int32 exclude = 0;
|
||||
|
||||
if (psau->sa.sa_family != AF_INET6)
|
||||
return ISC_FALSE;
|
||||
@ -1684,21 +1682,14 @@ check_flags6(
|
||||
return ISC_FALSE;
|
||||
}
|
||||
close(fd);
|
||||
flags6 = ifr6.ifr_ifru.ifru_flags6;
|
||||
#if defined(IN6_IFF_ANYCAST)
|
||||
exclude |= IN6_IFF_ANYCAST;
|
||||
#endif /* !IN6_IFF_ANYCAST */
|
||||
#if defined(IN6_IFF_NOTREADY)
|
||||
exclude |= IN6_IFF_NOTREADY;
|
||||
#endif /* !IN6_IFF_NOTREADY */
|
||||
if ((flags6 & exclude) != 0)
|
||||
if ((ifr6.ifr_ifru.ifru_flags6 & flags6) != 0)
|
||||
return ISC_TRUE;
|
||||
#endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 && (IN6_IFF_ANYCAST && IN6_IFF_NOTREADY) */
|
||||
#endif /* INCLUDE_IPV6_SUPPORT && SIOCGIFAFLAG_IN6 */
|
||||
return ISC_FALSE;
|
||||
}
|
||||
|
||||
static isc_boolean_t
|
||||
is_not_bindable(
|
||||
is_anycast(
|
||||
sockaddr_u *psau,
|
||||
const char *name
|
||||
)
|
||||
@ -1859,7 +1850,7 @@ update_interfaces(
|
||||
if (is_wildcard_addr(&enumep.sin))
|
||||
continue;
|
||||
|
||||
if (is_not_bindable(&enumep.sin, isc_if.name))
|
||||
if (is_anycast(&enumep.sin, isc_if.name))
|
||||
continue;
|
||||
|
||||
/*
|
||||
@ -2031,6 +2022,7 @@ update_interfaces(
|
||||
if (sys_bclient)
|
||||
io_setbclient();
|
||||
|
||||
#ifdef MCAST
|
||||
/*
|
||||
* Check multicast interfaces and try to join multicast groups if
|
||||
* not joined yet.
|
||||
@ -2056,6 +2048,7 @@ update_interfaces(
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* MCAST */
|
||||
|
||||
return new_interface_found;
|
||||
}
|
||||
@ -2406,7 +2399,7 @@ enable_multicast_if(
|
||||
u_int off6 = 0;
|
||||
#endif
|
||||
|
||||
NTP_REQUIRE(AF(maddr) == AF(&iface->sin));
|
||||
REQUIRE(AF(maddr) == AF(&iface->sin));
|
||||
|
||||
switch (AF(&iface->sin)) {
|
||||
|
||||
@ -2466,9 +2459,9 @@ socket_multicast_enable(
|
||||
)
|
||||
{
|
||||
struct ip_mreq mreq;
|
||||
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
struct ipv6_mreq mreq6;
|
||||
#endif
|
||||
# endif
|
||||
switch (AF(maddr)) {
|
||||
|
||||
case AF_INET:
|
||||
@ -2495,7 +2488,7 @@ socket_multicast_enable(
|
||||
break;
|
||||
|
||||
case AF_INET6:
|
||||
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
/*
|
||||
* Enable reception of multicast packets.
|
||||
* If the address is link-local we can get the
|
||||
@ -2519,9 +2512,9 @@ socket_multicast_enable(
|
||||
DPRINTF(4, ("Added IPv6 multicast group on socket %d, addr %s for interface %u (%s)\n",
|
||||
iface->fd, stoa(&iface->sin),
|
||||
mreq6.ipv6mr_interface, stoa(maddr)));
|
||||
#else
|
||||
# else
|
||||
return ISC_FALSE;
|
||||
#endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
|
||||
# endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
|
||||
}
|
||||
iface->flags |= INT_MCASTOPEN;
|
||||
iface->num_mcast++;
|
||||
@ -2543,9 +2536,9 @@ socket_multicast_disable(
|
||||
sockaddr_u * maddr
|
||||
)
|
||||
{
|
||||
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
struct ipv6_mreq mreq6;
|
||||
#endif
|
||||
# endif
|
||||
struct ip_mreq mreq;
|
||||
|
||||
ZERO(mreq);
|
||||
@ -2574,7 +2567,7 @@ socket_multicast_disable(
|
||||
}
|
||||
break;
|
||||
case AF_INET6:
|
||||
#ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
# ifdef INCLUDE_IPV6_MULTICAST_SUPPORT
|
||||
/*
|
||||
* Disable reception of multicast packets
|
||||
* If the address is link-local we can get the
|
||||
@ -2596,9 +2589,9 @@ socket_multicast_disable(
|
||||
return ISC_FALSE;
|
||||
}
|
||||
break;
|
||||
#else
|
||||
# else
|
||||
return ISC_FALSE;
|
||||
#endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
|
||||
# endif /* INCLUDE_IPV6_MULTICAST_SUPPORT */
|
||||
}
|
||||
|
||||
iface->num_mcast--;
|
||||
@ -2638,7 +2631,7 @@ io_setbclient(void)
|
||||
continue;
|
||||
|
||||
/* Only IPv4 addresses are valid for broadcast */
|
||||
NTP_REQUIRE(IS_IPV4(&interf->sin));
|
||||
REQUIRE(IS_IPV4(&interf->sin));
|
||||
|
||||
/* Do we already have the broadcast address open? */
|
||||
if (interf->flags & INT_BCASTOPEN) {
|
||||
@ -2744,7 +2737,7 @@ io_multicast_add(
|
||||
return;
|
||||
}
|
||||
|
||||
#ifndef MULTICAST_NONEWSOCKET
|
||||
# ifndef MULTICAST_NONEWSOCKET
|
||||
ep = new_interface(NULL);
|
||||
|
||||
/*
|
||||
@ -2794,7 +2787,7 @@ io_multicast_add(
|
||||
}
|
||||
{ /* in place of the { following for in #else clause */
|
||||
one_ep = ep;
|
||||
#else /* MULTICAST_NONEWSOCKET follows */
|
||||
# else /* MULTICAST_NONEWSOCKET follows */
|
||||
/*
|
||||
* For the case where we can't use a separate socket (Windows)
|
||||
* join each applicable endpoint socket to the group address.
|
||||
@ -2809,7 +2802,7 @@ io_multicast_add(
|
||||
(INT_LOOPBACK | INT_WILDCARD) & ep->flags)
|
||||
continue;
|
||||
one_ep = ep;
|
||||
#endif /* MULTICAST_NONEWSOCKET */
|
||||
# endif /* MULTICAST_NONEWSOCKET */
|
||||
if (socket_multicast_enable(ep, addr))
|
||||
msyslog(LOG_INFO,
|
||||
"Joined %s socket to multicast group %s",
|
||||
@ -3249,7 +3242,7 @@ read_refclock_packet(
|
||||
l_fp ts
|
||||
)
|
||||
{
|
||||
int i;
|
||||
u_int read_count;
|
||||
int buflen;
|
||||
int saved_errno;
|
||||
int consumed;
|
||||
@ -3268,12 +3261,15 @@ read_refclock_packet(
|
||||
return (buflen);
|
||||
}
|
||||
|
||||
i = (rp->datalen == 0
|
||||
|| rp->datalen > (int)sizeof(rb->recv_space))
|
||||
? (int)sizeof(rb->recv_space)
|
||||
: rp->datalen;
|
||||
/* TALOS-CAN-0064: avoid signed/unsigned clashes that can lead
|
||||
* to buffer overrun and memory corruption
|
||||
*/
|
||||
if (rp->datalen <= 0 || rp->datalen > sizeof(rb->recv_space))
|
||||
read_count = sizeof(rb->recv_space);
|
||||
else
|
||||
read_count = (u_int)rp->datalen;
|
||||
do {
|
||||
buflen = read(fd, (char *)&rb->recv_space, (u_int)i);
|
||||
buflen = read(fd, (char *)&rb->recv_space, read_count);
|
||||
} while (buflen < 0 && EINTR == errno);
|
||||
|
||||
if (buflen <= 0) {
|
||||
@ -4088,7 +4084,7 @@ calc_addr_distance(
|
||||
int a1_greater;
|
||||
int i;
|
||||
|
||||
NTP_REQUIRE(AF(a1) == AF(a2));
|
||||
REQUIRE(AF(a1) == AF(a2));
|
||||
|
||||
ZERO_SOCK(dist);
|
||||
AF(dist) = AF(a1);
|
||||
@ -4139,7 +4135,7 @@ cmp_addr_distance(
|
||||
{
|
||||
int i;
|
||||
|
||||
NTP_REQUIRE(AF(d1) == AF(d2));
|
||||
REQUIRE(AF(d1) == AF(d2));
|
||||
|
||||
if (IS_IPV4(d1)) {
|
||||
if (SRCADR(d1) < SRCADR(d2))
|
||||
@ -4631,10 +4627,15 @@ process_routing_msgs(struct asyncio_reader *reader)
|
||||
cnt = read(reader->fd, buffer, sizeof(buffer));
|
||||
|
||||
if (cnt < 0) {
|
||||
msyslog(LOG_ERR,
|
||||
"i/o error on routing socket %m - disabling");
|
||||
remove_asyncio_reader(reader);
|
||||
delete_asyncio_reader(reader);
|
||||
if (errno == ENOBUFS) {
|
||||
msyslog(LOG_ERR,
|
||||
"routing socket reports: %m");
|
||||
} else {
|
||||
msyslog(LOG_ERR,
|
||||
"routing socket reports: %m - disabling");
|
||||
remove_asyncio_reader(reader);
|
||||
delete_asyncio_reader(reader);
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -577,7 +577,7 @@ local_clock(
|
||||
switch (state) {
|
||||
|
||||
/*
|
||||
* In SYNC state we ignore the first outlyer and switch
|
||||
* In SYNC state we ignore the first outlier and switch
|
||||
* to SPIK state.
|
||||
*/
|
||||
case EVNT_SYNC:
|
||||
@ -588,8 +588,8 @@ local_clock(
|
||||
return (0);
|
||||
|
||||
/*
|
||||
* In FREQ state we ignore outlyers and inlyers. At the
|
||||
* first outlyer after the stepout threshold, compute
|
||||
* In FREQ state we ignore outliers and inlyers. At the
|
||||
* first outlier after the stepout threshold, compute
|
||||
* the apparent frequency correction and step the phase.
|
||||
*/
|
||||
case EVNT_FREQ:
|
||||
@ -601,7 +601,7 @@ local_clock(
|
||||
/* fall through to EVNT_SPIK */
|
||||
|
||||
/*
|
||||
* In SPIK state we ignore succeeding outlyers until
|
||||
* In SPIK state we ignore succeeding outliers until
|
||||
* either an inlyer is found or the stepout threshold is
|
||||
* exceeded.
|
||||
*/
|
||||
|
@ -133,7 +133,7 @@ remove_from_hash(
|
||||
hash = MON_HASH(&mon->rmtadr);
|
||||
UNLINK_SLIST(punlinked, mon_hash[hash], mon, hash_next,
|
||||
mon_entry);
|
||||
NTP_ENSURE(punlinked == mon);
|
||||
ENSURE(punlinked == mon);
|
||||
}
|
||||
|
||||
|
||||
@ -325,6 +325,8 @@ ntp_monitor(
|
||||
int leak; /* new headway */
|
||||
int limit; /* average threshold */
|
||||
|
||||
REQUIRE(rbufp != NULL);
|
||||
|
||||
if (mon_enabled == MON_OFF)
|
||||
return ~(RES_LIMITED | RES_KOD) & flags;
|
||||
|
||||
@ -466,6 +468,8 @@ ntp_monitor(
|
||||
}
|
||||
}
|
||||
|
||||
INSIST(mon != NULL);
|
||||
|
||||
/*
|
||||
* Got one, initialize it
|
||||
*/
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,19 +1,19 @@
|
||||
/* A Bison parser, made by GNU Bison 2.7.12-4996. */
|
||||
/* A Bison parser, made by GNU Bison 3.0.2. */
|
||||
|
||||
/* Bison interface for Yacc-like parsers in C
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
|
||||
|
||||
|
||||
Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
||||
|
||||
@ -26,13 +26,13 @@
|
||||
special exception, which will cause the skeleton and the resulting
|
||||
Bison output files to be licensed under the GNU General Public
|
||||
License without this special exception.
|
||||
|
||||
|
||||
This special exception was added by the Free Software Foundation in
|
||||
version 2.2 of Bison. */
|
||||
|
||||
#ifndef YY_YY_NTP_PARSER_H_INCLUDED
|
||||
# define YY_YY_NTP_PARSER_H_INCLUDED
|
||||
/* Enabling traces. */
|
||||
#ifndef YY_YY__NTPD_NTP_PARSER_H_INCLUDED
|
||||
# define YY_YY__NTPD_NTP_PARSER_H_INCLUDED
|
||||
/* Debug traces. */
|
||||
#ifndef YYDEBUG
|
||||
# define YYDEBUG 1
|
||||
#endif
|
||||
@ -40,204 +40,203 @@
|
||||
extern int yydebug;
|
||||
#endif
|
||||
|
||||
/* Tokens. */
|
||||
/* Token type. */
|
||||
#ifndef YYTOKENTYPE
|
||||
# define YYTOKENTYPE
|
||||
/* Put the tokens into the symbol table, so that GDB and other debuggers
|
||||
know about them. */
|
||||
enum yytokentype {
|
||||
T_Abbrev = 258,
|
||||
T_Age = 259,
|
||||
T_All = 260,
|
||||
T_Allan = 261,
|
||||
T_Allpeers = 262,
|
||||
T_Auth = 263,
|
||||
T_Autokey = 264,
|
||||
T_Automax = 265,
|
||||
T_Average = 266,
|
||||
T_Bclient = 267,
|
||||
T_Beacon = 268,
|
||||
T_Broadcast = 269,
|
||||
T_Broadcastclient = 270,
|
||||
T_Broadcastdelay = 271,
|
||||
T_Burst = 272,
|
||||
T_Calibrate = 273,
|
||||
T_Ceiling = 274,
|
||||
T_Clockstats = 275,
|
||||
T_Cohort = 276,
|
||||
T_ControlKey = 277,
|
||||
T_Crypto = 278,
|
||||
T_Cryptostats = 279,
|
||||
T_Ctl = 280,
|
||||
T_Day = 281,
|
||||
T_Default = 282,
|
||||
T_Digest = 283,
|
||||
T_Disable = 284,
|
||||
T_Discard = 285,
|
||||
T_Dispersion = 286,
|
||||
T_Double = 287,
|
||||
T_Driftfile = 288,
|
||||
T_Drop = 289,
|
||||
T_Dscp = 290,
|
||||
T_Ellipsis = 291,
|
||||
T_Enable = 292,
|
||||
T_End = 293,
|
||||
T_False = 294,
|
||||
T_File = 295,
|
||||
T_Filegen = 296,
|
||||
T_Filenum = 297,
|
||||
T_Flag1 = 298,
|
||||
T_Flag2 = 299,
|
||||
T_Flag3 = 300,
|
||||
T_Flag4 = 301,
|
||||
T_Flake = 302,
|
||||
T_Floor = 303,
|
||||
T_Freq = 304,
|
||||
T_Fudge = 305,
|
||||
T_Host = 306,
|
||||
T_Huffpuff = 307,
|
||||
T_Iburst = 308,
|
||||
T_Ident = 309,
|
||||
T_Ignore = 310,
|
||||
T_Incalloc = 311,
|
||||
T_Incmem = 312,
|
||||
T_Initalloc = 313,
|
||||
T_Initmem = 314,
|
||||
T_Includefile = 315,
|
||||
T_Integer = 316,
|
||||
T_Interface = 317,
|
||||
T_Intrange = 318,
|
||||
T_Io = 319,
|
||||
T_Ipv4 = 320,
|
||||
T_Ipv4_flag = 321,
|
||||
T_Ipv6 = 322,
|
||||
T_Ipv6_flag = 323,
|
||||
T_Kernel = 324,
|
||||
T_Key = 325,
|
||||
T_Keys = 326,
|
||||
T_Keysdir = 327,
|
||||
T_Kod = 328,
|
||||
T_Mssntp = 329,
|
||||
T_Leapfile = 330,
|
||||
T_Leapsmearinterval = 331,
|
||||
T_Limited = 332,
|
||||
T_Link = 333,
|
||||
T_Listen = 334,
|
||||
T_Logconfig = 335,
|
||||
T_Logfile = 336,
|
||||
T_Loopstats = 337,
|
||||
T_Lowpriotrap = 338,
|
||||
T_Manycastclient = 339,
|
||||
T_Manycastserver = 340,
|
||||
T_Mask = 341,
|
||||
T_Maxage = 342,
|
||||
T_Maxclock = 343,
|
||||
T_Maxdepth = 344,
|
||||
T_Maxdist = 345,
|
||||
T_Maxmem = 346,
|
||||
T_Maxpoll = 347,
|
||||
T_Mdnstries = 348,
|
||||
T_Mem = 349,
|
||||
T_Memlock = 350,
|
||||
T_Minclock = 351,
|
||||
T_Mindepth = 352,
|
||||
T_Mindist = 353,
|
||||
T_Minimum = 354,
|
||||
T_Minpoll = 355,
|
||||
T_Minsane = 356,
|
||||
T_Mode = 357,
|
||||
T_Mode7 = 358,
|
||||
T_Monitor = 359,
|
||||
T_Month = 360,
|
||||
T_Mru = 361,
|
||||
T_Multicastclient = 362,
|
||||
T_Nic = 363,
|
||||
T_Nolink = 364,
|
||||
T_Nomodify = 365,
|
||||
T_Nomrulist = 366,
|
||||
T_None = 367,
|
||||
T_Nonvolatile = 368,
|
||||
T_Nopeer = 369,
|
||||
T_Noquery = 370,
|
||||
T_Noselect = 371,
|
||||
T_Noserve = 372,
|
||||
T_Notrap = 373,
|
||||
T_Notrust = 374,
|
||||
T_Ntp = 375,
|
||||
T_Ntpport = 376,
|
||||
T_NtpSignDsocket = 377,
|
||||
T_Orphan = 378,
|
||||
T_Orphanwait = 379,
|
||||
T_Panic = 380,
|
||||
T_Peer = 381,
|
||||
T_Peerstats = 382,
|
||||
T_Phone = 383,
|
||||
T_Pid = 384,
|
||||
T_Pidfile = 385,
|
||||
T_Pool = 386,
|
||||
T_Port = 387,
|
||||
T_Preempt = 388,
|
||||
T_Prefer = 389,
|
||||
T_Protostats = 390,
|
||||
T_Pw = 391,
|
||||
T_Randfile = 392,
|
||||
T_Rawstats = 393,
|
||||
T_Refid = 394,
|
||||
T_Requestkey = 395,
|
||||
T_Reset = 396,
|
||||
T_Restrict = 397,
|
||||
T_Revoke = 398,
|
||||
T_Rlimit = 399,
|
||||
T_Saveconfigdir = 400,
|
||||
T_Server = 401,
|
||||
T_Setvar = 402,
|
||||
T_Source = 403,
|
||||
T_Stacksize = 404,
|
||||
T_Statistics = 405,
|
||||
T_Stats = 406,
|
||||
T_Statsdir = 407,
|
||||
T_Step = 408,
|
||||
T_Stepback = 409,
|
||||
T_Stepfwd = 410,
|
||||
T_Stepout = 411,
|
||||
T_Stratum = 412,
|
||||
T_String = 413,
|
||||
T_Sys = 414,
|
||||
T_Sysstats = 415,
|
||||
T_Tick = 416,
|
||||
T_Time1 = 417,
|
||||
T_Time2 = 418,
|
||||
T_Timer = 419,
|
||||
T_Timingstats = 420,
|
||||
T_Tinker = 421,
|
||||
T_Tos = 422,
|
||||
T_Trap = 423,
|
||||
T_True = 424,
|
||||
T_Trustedkey = 425,
|
||||
T_Ttl = 426,
|
||||
T_Type = 427,
|
||||
T_U_int = 428,
|
||||
T_Unconfig = 429,
|
||||
T_Unpeer = 430,
|
||||
T_Version = 431,
|
||||
T_WanderThreshold = 432,
|
||||
T_Week = 433,
|
||||
T_Wildcard = 434,
|
||||
T_Xleave = 435,
|
||||
T_Year = 436,
|
||||
T_Flag = 437,
|
||||
T_EOC = 438,
|
||||
T_Simulate = 439,
|
||||
T_Beep_Delay = 440,
|
||||
T_Sim_Duration = 441,
|
||||
T_Server_Offset = 442,
|
||||
T_Duration = 443,
|
||||
T_Freq_Offset = 444,
|
||||
T_Wander = 445,
|
||||
T_Jitter = 446,
|
||||
T_Prop_Delay = 447,
|
||||
T_Proc_Delay = 448
|
||||
};
|
||||
enum yytokentype
|
||||
{
|
||||
T_Abbrev = 258,
|
||||
T_Age = 259,
|
||||
T_All = 260,
|
||||
T_Allan = 261,
|
||||
T_Allpeers = 262,
|
||||
T_Auth = 263,
|
||||
T_Autokey = 264,
|
||||
T_Automax = 265,
|
||||
T_Average = 266,
|
||||
T_Bclient = 267,
|
||||
T_Beacon = 268,
|
||||
T_Broadcast = 269,
|
||||
T_Broadcastclient = 270,
|
||||
T_Broadcastdelay = 271,
|
||||
T_Burst = 272,
|
||||
T_Calibrate = 273,
|
||||
T_Ceiling = 274,
|
||||
T_Clockstats = 275,
|
||||
T_Cohort = 276,
|
||||
T_ControlKey = 277,
|
||||
T_Crypto = 278,
|
||||
T_Cryptostats = 279,
|
||||
T_Ctl = 280,
|
||||
T_Day = 281,
|
||||
T_Default = 282,
|
||||
T_Digest = 283,
|
||||
T_Disable = 284,
|
||||
T_Discard = 285,
|
||||
T_Dispersion = 286,
|
||||
T_Double = 287,
|
||||
T_Driftfile = 288,
|
||||
T_Drop = 289,
|
||||
T_Dscp = 290,
|
||||
T_Ellipsis = 291,
|
||||
T_Enable = 292,
|
||||
T_End = 293,
|
||||
T_False = 294,
|
||||
T_File = 295,
|
||||
T_Filegen = 296,
|
||||
T_Filenum = 297,
|
||||
T_Flag1 = 298,
|
||||
T_Flag2 = 299,
|
||||
T_Flag3 = 300,
|
||||
T_Flag4 = 301,
|
||||
T_Flake = 302,
|
||||
T_Floor = 303,
|
||||
T_Freq = 304,
|
||||
T_Fudge = 305,
|
||||
T_Host = 306,
|
||||
T_Huffpuff = 307,
|
||||
T_Iburst = 308,
|
||||
T_Ident = 309,
|
||||
T_Ignore = 310,
|
||||
T_Incalloc = 311,
|
||||
T_Incmem = 312,
|
||||
T_Initalloc = 313,
|
||||
T_Initmem = 314,
|
||||
T_Includefile = 315,
|
||||
T_Integer = 316,
|
||||
T_Interface = 317,
|
||||
T_Intrange = 318,
|
||||
T_Io = 319,
|
||||
T_Ipv4 = 320,
|
||||
T_Ipv4_flag = 321,
|
||||
T_Ipv6 = 322,
|
||||
T_Ipv6_flag = 323,
|
||||
T_Kernel = 324,
|
||||
T_Key = 325,
|
||||
T_Keys = 326,
|
||||
T_Keysdir = 327,
|
||||
T_Kod = 328,
|
||||
T_Mssntp = 329,
|
||||
T_Leapfile = 330,
|
||||
T_Leapsmearinterval = 331,
|
||||
T_Limited = 332,
|
||||
T_Link = 333,
|
||||
T_Listen = 334,
|
||||
T_Logconfig = 335,
|
||||
T_Logfile = 336,
|
||||
T_Loopstats = 337,
|
||||
T_Lowpriotrap = 338,
|
||||
T_Manycastclient = 339,
|
||||
T_Manycastserver = 340,
|
||||
T_Mask = 341,
|
||||
T_Maxage = 342,
|
||||
T_Maxclock = 343,
|
||||
T_Maxdepth = 344,
|
||||
T_Maxdist = 345,
|
||||
T_Maxmem = 346,
|
||||
T_Maxpoll = 347,
|
||||
T_Mdnstries = 348,
|
||||
T_Mem = 349,
|
||||
T_Memlock = 350,
|
||||
T_Minclock = 351,
|
||||
T_Mindepth = 352,
|
||||
T_Mindist = 353,
|
||||
T_Minimum = 354,
|
||||
T_Minpoll = 355,
|
||||
T_Minsane = 356,
|
||||
T_Mode = 357,
|
||||
T_Mode7 = 358,
|
||||
T_Monitor = 359,
|
||||
T_Month = 360,
|
||||
T_Mru = 361,
|
||||
T_Multicastclient = 362,
|
||||
T_Nic = 363,
|
||||
T_Nolink = 364,
|
||||
T_Nomodify = 365,
|
||||
T_Nomrulist = 366,
|
||||
T_None = 367,
|
||||
T_Nonvolatile = 368,
|
||||
T_Nopeer = 369,
|
||||
T_Noquery = 370,
|
||||
T_Noselect = 371,
|
||||
T_Noserve = 372,
|
||||
T_Notrap = 373,
|
||||
T_Notrust = 374,
|
||||
T_Ntp = 375,
|
||||
T_Ntpport = 376,
|
||||
T_NtpSignDsocket = 377,
|
||||
T_Orphan = 378,
|
||||
T_Orphanwait = 379,
|
||||
T_Panic = 380,
|
||||
T_Peer = 381,
|
||||
T_Peerstats = 382,
|
||||
T_Phone = 383,
|
||||
T_Pid = 384,
|
||||
T_Pidfile = 385,
|
||||
T_Pool = 386,
|
||||
T_Port = 387,
|
||||
T_Preempt = 388,
|
||||
T_Prefer = 389,
|
||||
T_Protostats = 390,
|
||||
T_Pw = 391,
|
||||
T_Randfile = 392,
|
||||
T_Rawstats = 393,
|
||||
T_Refid = 394,
|
||||
T_Requestkey = 395,
|
||||
T_Reset = 396,
|
||||
T_Restrict = 397,
|
||||
T_Revoke = 398,
|
||||
T_Rlimit = 399,
|
||||
T_Saveconfigdir = 400,
|
||||
T_Server = 401,
|
||||
T_Setvar = 402,
|
||||
T_Source = 403,
|
||||
T_Stacksize = 404,
|
||||
T_Statistics = 405,
|
||||
T_Stats = 406,
|
||||
T_Statsdir = 407,
|
||||
T_Step = 408,
|
||||
T_Stepback = 409,
|
||||
T_Stepfwd = 410,
|
||||
T_Stepout = 411,
|
||||
T_Stratum = 412,
|
||||
T_String = 413,
|
||||
T_Sys = 414,
|
||||
T_Sysstats = 415,
|
||||
T_Tick = 416,
|
||||
T_Time1 = 417,
|
||||
T_Time2 = 418,
|
||||
T_Timer = 419,
|
||||
T_Timingstats = 420,
|
||||
T_Tinker = 421,
|
||||
T_Tos = 422,
|
||||
T_Trap = 423,
|
||||
T_True = 424,
|
||||
T_Trustedkey = 425,
|
||||
T_Ttl = 426,
|
||||
T_Type = 427,
|
||||
T_U_int = 428,
|
||||
T_Unconfig = 429,
|
||||
T_Unpeer = 430,
|
||||
T_Version = 431,
|
||||
T_WanderThreshold = 432,
|
||||
T_Week = 433,
|
||||
T_Wildcard = 434,
|
||||
T_Xleave = 435,
|
||||
T_Year = 436,
|
||||
T_Flag = 437,
|
||||
T_EOC = 438,
|
||||
T_Simulate = 439,
|
||||
T_Beep_Delay = 440,
|
||||
T_Sim_Duration = 441,
|
||||
T_Server_Offset = 442,
|
||||
T_Duration = 443,
|
||||
T_Freq_Offset = 444,
|
||||
T_Wander = 445,
|
||||
T_Jitter = 446,
|
||||
T_Prop_Delay = 447,
|
||||
T_Proc_Delay = 448
|
||||
};
|
||||
#endif
|
||||
/* Tokens. */
|
||||
#define T_Abbrev 258
|
||||
@ -432,13 +431,12 @@ extern int yydebug;
|
||||
#define T_Prop_Delay 447
|
||||
#define T_Proc_Delay 448
|
||||
|
||||
|
||||
|
||||
/* Value type. */
|
||||
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
|
||||
typedef union YYSTYPE
|
||||
typedef union YYSTYPE YYSTYPE;
|
||||
union YYSTYPE
|
||||
{
|
||||
/* Line 2053 of yacc.c */
|
||||
#line 51 "../../ntpd/ntp_parser.y"
|
||||
#line 51 "../../ntpd/ntp_parser.y" /* yacc.c:1909 */
|
||||
|
||||
char * String;
|
||||
double Double;
|
||||
@ -457,29 +455,15 @@ typedef union YYSTYPE
|
||||
script_info * Sim_script;
|
||||
script_info_fifo * Sim_script_fifo;
|
||||
|
||||
|
||||
/* Line 2053 of yacc.c */
|
||||
#line 463 "ntp_parser.h"
|
||||
} YYSTYPE;
|
||||
#line 459 "../../ntpd/ntp_parser.h" /* yacc.c:1909 */
|
||||
};
|
||||
# define YYSTYPE_IS_TRIVIAL 1
|
||||
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
|
||||
# define YYSTYPE_IS_DECLARED 1
|
||||
#endif
|
||||
|
||||
|
||||
extern YYSTYPE yylval;
|
||||
|
||||
#ifdef YYPARSE_PARAM
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void *YYPARSE_PARAM);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#else /* ! YYPARSE_PARAM */
|
||||
#if defined __STDC__ || defined __cplusplus
|
||||
int yyparse (void);
|
||||
#else
|
||||
int yyparse ();
|
||||
#endif
|
||||
#endif /* ! YYPARSE_PARAM */
|
||||
|
||||
#endif /* !YY_YY_NTP_PARSER_H_INCLUDED */
|
||||
#endif /* !YY_YY__NTPD_NTP_PARSER_H_INCLUDED */
|
||||
|
@ -718,9 +718,13 @@ refresh_all_peerinterfaces(void)
|
||||
/*
|
||||
* this is called when the interface list has changed
|
||||
* give all peers a chance to find a better interface
|
||||
* but only if either they don't have an address already
|
||||
* or if the one they have hasn't worked for a while.
|
||||
*/
|
||||
for (p = peer_list; p != NULL; p = p->p_link)
|
||||
peer_refresh_interface(p);
|
||||
for (p = peer_list; p != NULL; p = p->p_link) {
|
||||
if (!(p->dstadr && (p->reach & 0x3))) // Bug 2849 XOR 2043
|
||||
peer_refresh_interface(p);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -746,6 +750,8 @@ newpeer(
|
||||
struct peer * peer;
|
||||
u_int hash;
|
||||
|
||||
DEBUG_REQUIRE(srcadr);
|
||||
|
||||
#ifdef AUTOKEY
|
||||
/*
|
||||
* If Autokey is requested but not configured, complain loudly.
|
||||
@ -764,7 +770,7 @@ newpeer(
|
||||
/*
|
||||
* For now only pool associations have a hostname.
|
||||
*/
|
||||
NTP_INSIST(NULL == hostname || (MDF_POOL & cast_flags));
|
||||
INSIST(NULL == hostname || (MDF_POOL & cast_flags));
|
||||
|
||||
/*
|
||||
* First search from the beginning for an association with given
|
||||
@ -817,6 +823,7 @@ newpeer(
|
||||
if (peer_free_count == 0)
|
||||
getmorepeermem();
|
||||
UNLINK_HEAD_SLIST(peer, peer_free, p_link);
|
||||
INSIST(peer != NULL);
|
||||
peer_free_count--;
|
||||
peer_associations++;
|
||||
if (FLAG_PREEMPT & flags)
|
||||
|
@ -28,14 +28,27 @@
|
||||
* This macro defines the authentication state. If x is 1 authentication
|
||||
* is required; othewise it is optional.
|
||||
*/
|
||||
#define AUTH(x, y) ((x) ? (y) == AUTH_OK : (y) == AUTH_OK || \
|
||||
(y) == AUTH_NONE)
|
||||
#define AUTH(x, y) ((x) ? (y) == AUTH_OK \
|
||||
: (y) == AUTH_OK || (y) == AUTH_NONE)
|
||||
|
||||
#define AUTH_NONE 0 /* authentication not required */
|
||||
#define AUTH_OK 1 /* authentication OK */
|
||||
#define AUTH_ERROR 2 /* authentication error */
|
||||
#define AUTH_CRYPTO 3 /* crypto_NAK */
|
||||
|
||||
/*
|
||||
* Set up Kiss Code values
|
||||
*/
|
||||
|
||||
enum kiss_codes {
|
||||
NOKISS, /* No Kiss Code */
|
||||
RATEKISS, /* Rate limit Kiss Code */
|
||||
DENYKISS, /* Deny Kiss */
|
||||
RSTRKISS, /* Restricted Kiss */
|
||||
XKISS, /* Experimental Kiss */
|
||||
UNKNOWNKISS /* Unknown Kiss Code */
|
||||
};
|
||||
|
||||
/*
|
||||
* traffic shaping parameters
|
||||
*/
|
||||
@ -139,6 +152,7 @@ u_long sys_declined; /* declined */
|
||||
u_long sys_limitrejected; /* rate exceeded */
|
||||
u_long sys_kodsent; /* KoD sent */
|
||||
|
||||
static int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid);
|
||||
static double root_distance (struct peer *);
|
||||
static void clock_combine (peer_select *, int, int);
|
||||
static void peer_xmit (struct peer *);
|
||||
@ -185,7 +199,34 @@ set_sys_leap(u_char new_sys_leap) {
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Kiss Code check
|
||||
*/
|
||||
int kiss_code_check(u_char hisleap, u_char hisstratum, u_char hismode, u_int32 refid) {
|
||||
|
||||
if ( hismode == MODE_SERVER
|
||||
&& hisleap == LEAP_NOTINSYNC
|
||||
&& hisstratum == STRATUM_UNSPEC) {
|
||||
if(memcmp(&refid,"RATE", 4) == 0) {
|
||||
return (RATEKISS);
|
||||
}
|
||||
else if(memcmp(&refid,"DENY", 4) == 0) {
|
||||
return (DENYKISS);
|
||||
}
|
||||
else if(memcmp(&refid,"RSTR", 4) == 0) {
|
||||
return (RSTRKISS);
|
||||
}
|
||||
else if(memcmp(&refid,"X", 1) == 0) {
|
||||
return (XKISS);
|
||||
}
|
||||
else {
|
||||
return (UNKNOWNKISS);
|
||||
}
|
||||
}
|
||||
else {
|
||||
return (NOKISS);
|
||||
}
|
||||
}
|
||||
/*
|
||||
* transmit - transmit procedure called by poll timeout
|
||||
*/
|
||||
@ -235,8 +276,8 @@ transmit(
|
||||
peer->unreach = 0;
|
||||
peer->ttl = 0;
|
||||
peer_xmit(peer);
|
||||
} else if (sys_survivors < sys_minclock ||
|
||||
peer_associations < sys_maxclock) {
|
||||
} else if ( sys_survivors < sys_minclock
|
||||
|| peer_associations < sys_maxclock) {
|
||||
if (peer->ttl < (u_int32)sys_ttlmax)
|
||||
peer->ttl++;
|
||||
peer_xmit(peer);
|
||||
@ -260,9 +301,9 @@ transmit(
|
||||
*/
|
||||
if (peer->cast_flags & MDF_POOL) {
|
||||
peer->outdate = current_time;
|
||||
if ((peer_associations <= 2 * sys_maxclock) &&
|
||||
(peer_associations < sys_maxclock ||
|
||||
sys_survivors < sys_minclock))
|
||||
if ( (peer_associations <= 2 * sys_maxclock)
|
||||
&& ( peer_associations < sys_maxclock
|
||||
|| sys_survivors < sys_minclock))
|
||||
pool_xmit(peer);
|
||||
poll_update(peer, hpoll);
|
||||
return;
|
||||
@ -297,8 +338,8 @@ transmit(
|
||||
peer_unfit(peer);
|
||||
report_event(PEVNT_UNREACH, peer, NULL);
|
||||
}
|
||||
if ((peer->flags & FLAG_IBURST) &&
|
||||
peer->retry == 0)
|
||||
if ( (peer->flags & FLAG_IBURST)
|
||||
&& peer->retry == 0)
|
||||
peer->retry = NTP_RETRY;
|
||||
} else {
|
||||
|
||||
@ -312,8 +353,9 @@ transmit(
|
||||
hpoll = sys_poll;
|
||||
if (!(peer->flags & FLAG_PREEMPT))
|
||||
peer->unreach = 0;
|
||||
if ((peer->flags & FLAG_BURST) && peer->retry ==
|
||||
0 && !peer_unfit(peer))
|
||||
if ( (peer->flags & FLAG_BURST)
|
||||
&& peer->retry == 0
|
||||
&& !peer_unfit(peer))
|
||||
peer->retry = NTP_RETRY;
|
||||
}
|
||||
|
||||
@ -334,9 +376,9 @@ transmit(
|
||||
unpeer(peer);
|
||||
return;
|
||||
}
|
||||
if ((peer->flags & FLAG_PREEMPT) &&
|
||||
(peer_associations > sys_maxclock) &&
|
||||
score_all(peer)) {
|
||||
if ( (peer->flags & FLAG_PREEMPT)
|
||||
&& (peer_associations > sys_maxclock)
|
||||
&& score_all(peer)) {
|
||||
report_event(PEVNT_RESTART, peer, "timeout");
|
||||
peer_clear(peer, "TIME");
|
||||
unpeer(peer);
|
||||
@ -392,6 +434,7 @@ receive(
|
||||
u_char hismode; /* packet mode */
|
||||
u_char hisstratum; /* packet stratum */
|
||||
u_short restrict_mask; /* restrict bits */
|
||||
int kissCode = NOKISS; /* Kiss Code */
|
||||
int has_mac; /* length of MAC field */
|
||||
int authlen; /* offset of MAC field */
|
||||
int is_authentic = 0; /* cryptosum ok */
|
||||
@ -483,8 +526,8 @@ receive(
|
||||
*/
|
||||
if (hisversion == NTP_VERSION) {
|
||||
sys_newversion++; /* new version */
|
||||
} else if (!(restrict_mask & RES_VERSION) && hisversion >=
|
||||
NTP_OLDVERSION) {
|
||||
} else if ( !(restrict_mask & RES_VERSION)
|
||||
&& hisversion >= NTP_OLDVERSION) {
|
||||
sys_oldversion++; /* previous version */
|
||||
} else {
|
||||
sys_badlength++;
|
||||
@ -538,8 +581,9 @@ receive(
|
||||
} else {
|
||||
opcode = ntohl(((u_int32 *)pkt)[authlen / 4]);
|
||||
len = opcode & 0xffff;
|
||||
if (len % 4 != 0 || len < 4 || (int)len +
|
||||
authlen > rbufp->recv_length) {
|
||||
if ( len % 4 != 0
|
||||
|| len < 4
|
||||
|| (int)len + authlen > rbufp->recv_length) {
|
||||
sys_badlength++;
|
||||
return; /* bad length */
|
||||
}
|
||||
@ -549,13 +593,13 @@ receive(
|
||||
* sys_groupname is non-NULL, there must be
|
||||
* a group name provided to elicit a response.
|
||||
*/
|
||||
if ((opcode & 0x3fff0000) == CRYPTO_ASSOC &&
|
||||
sys_groupname != NULL) {
|
||||
if ( (opcode & 0x3fff0000) == CRYPTO_ASSOC
|
||||
&& sys_groupname != NULL) {
|
||||
ep = (struct exten *)&((u_int32 *)pkt)[authlen / 4];
|
||||
hostlen = ntohl(ep->vallen);
|
||||
if (hostlen >= sizeof(hostname) ||
|
||||
hostlen > len -
|
||||
offsetof(struct exten, pkt)) {
|
||||
if ( hostlen >= sizeof(hostname)
|
||||
|| hostlen > len -
|
||||
offsetof(struct exten, pkt)) {
|
||||
sys_badlength++;
|
||||
return; /* bad length */
|
||||
}
|
||||
@ -599,8 +643,9 @@ receive(
|
||||
restrict_mask = ntp_monitor(rbufp, restrict_mask);
|
||||
if (restrict_mask & RES_LIMITED) {
|
||||
sys_limitrejected++;
|
||||
if (!(restrict_mask & RES_KOD) || MODE_BROADCAST ==
|
||||
hismode || MODE_SERVER == hismode) {
|
||||
if ( !(restrict_mask & RES_KOD)
|
||||
|| MODE_BROADCAST == hismode
|
||||
|| MODE_SERVER == hismode) {
|
||||
if (MODE_SERVER == hismode)
|
||||
DPRINTF(1, ("Possibly self-induced rate limiting of MODE_SERVER from %s\n",
|
||||
stoa(&rbufp->recv_srcadr)));
|
||||
@ -698,10 +743,11 @@ receive(
|
||||
* This is described in Microsoft's WSPP docs, in MS-SNTP:
|
||||
* http://msdn.microsoft.com/en-us/library/cc212930.aspx
|
||||
*/
|
||||
} else if (has_mac == MAX_MD5_LEN && (restrict_mask & RES_MSSNTP) &&
|
||||
(retcode == AM_FXMIT || retcode == AM_NEWPASS) &&
|
||||
(memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MD5_LEN - 4) ==
|
||||
0)) {
|
||||
} else if ( has_mac == MAX_MD5_LEN
|
||||
&& (restrict_mask & RES_MSSNTP)
|
||||
&& (retcode == AM_FXMIT || retcode == AM_NEWPASS)
|
||||
&& (memcmp(zero_key, (char *)pkt + authlen + 4,
|
||||
MAX_MD5_LEN - 4) == 0)) {
|
||||
is_authentic = AUTH_NONE;
|
||||
#endif /* HAVE_NTP_SIGND */
|
||||
|
||||
@ -754,8 +800,9 @@ receive(
|
||||
* mobilized. However, if this is from
|
||||
* the wildcard interface, game over.
|
||||
*/
|
||||
if (crypto_flags && rbufp->dstadr ==
|
||||
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
|
||||
if ( crypto_flags
|
||||
&& rbufp->dstadr ==
|
||||
ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr)) {
|
||||
sys_restricted++;
|
||||
return; /* no wildcard */
|
||||
}
|
||||
@ -882,10 +929,10 @@ receive(
|
||||
* stratum is greater than the manycaster or the
|
||||
* manycaster has already synchronized to us.
|
||||
*/
|
||||
if (sys_leap == LEAP_NOTINSYNC || sys_stratum >=
|
||||
hisstratum || (!sys_cohort && sys_stratum ==
|
||||
hisstratum + 1) || rbufp->dstadr->addr_refid ==
|
||||
pkt->refid) {
|
||||
if ( sys_leap == LEAP_NOTINSYNC
|
||||
|| sys_stratum >= hisstratum
|
||||
|| (!sys_cohort && sys_stratum == hisstratum + 1)
|
||||
|| rbufp->dstadr->addr_refid == pkt->refid) {
|
||||
sys_declined++;
|
||||
return; /* no help */
|
||||
}
|
||||
@ -933,9 +980,10 @@ receive(
|
||||
sys_restricted++;
|
||||
return; /* not enabled */
|
||||
}
|
||||
if (!AUTH((!(peer2->cast_flags & MDF_POOL) &&
|
||||
sys_authenticate) | (restrict_mask & (RES_NOPEER |
|
||||
RES_DONTTRUST)), is_authentic)) {
|
||||
if (!AUTH( (!(peer2->cast_flags & MDF_POOL)
|
||||
&& sys_authenticate)
|
||||
|| (restrict_mask & (RES_NOPEER |
|
||||
RES_DONTTRUST)), is_authentic)) {
|
||||
sys_restricted++;
|
||||
return; /* access denied */
|
||||
}
|
||||
@ -944,8 +992,9 @@ receive(
|
||||
* Do not respond if unsynchronized or stratum is below
|
||||
* the floor or at or above the ceiling.
|
||||
*/
|
||||
if (hisleap == LEAP_NOTINSYNC || hisstratum <
|
||||
sys_floor || hisstratum >= sys_ceiling) {
|
||||
if ( hisleap == LEAP_NOTINSYNC
|
||||
|| hisstratum < sys_floor
|
||||
|| hisstratum >= sys_ceiling) {
|
||||
sys_declined++;
|
||||
return; /* no help */
|
||||
}
|
||||
@ -1007,8 +1056,9 @@ receive(
|
||||
* Do not respond if unsynchronized or stratum is below
|
||||
* the floor or at or above the ceiling.
|
||||
*/
|
||||
if (hisleap == LEAP_NOTINSYNC || hisstratum <
|
||||
sys_floor || hisstratum >= sys_ceiling) {
|
||||
if ( hisleap == LEAP_NOTINSYNC
|
||||
|| hisstratum < sys_floor
|
||||
|| hisstratum >= sys_ceiling) {
|
||||
sys_declined++;
|
||||
return; /* no help */
|
||||
}
|
||||
@ -1018,8 +1068,8 @@ receive(
|
||||
* Do not respond if Autokey and the opcode is not a
|
||||
* CRYPTO_ASSOC response with association ID.
|
||||
*/
|
||||
if (crypto_flags && skeyid > NTP_MAXKEY && (opcode &
|
||||
0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
|
||||
if ( crypto_flags && skeyid > NTP_MAXKEY
|
||||
&& (opcode & 0xffff0000) != (CRYPTO_ASSOC | CRYPTO_RESP)) {
|
||||
sys_declined++;
|
||||
return; /* protocol error */
|
||||
}
|
||||
@ -1133,6 +1183,24 @@ receive(
|
||||
sys_restricted++;
|
||||
return;
|
||||
}
|
||||
/* [Bug 2941]
|
||||
* If we got here, the packet isn't part of an
|
||||
* existing association, it isn't correctly
|
||||
* authenticated, and it didn't meet either of
|
||||
* the previous two special cases so we should
|
||||
* just drop it on the floor. For example,
|
||||
* crypto-NAKs (is_authentic == AUTH_CRYPTO)
|
||||
* will make it this far. This is just
|
||||
* debug-printed and not logged to avoid log
|
||||
* flooding.
|
||||
*/
|
||||
DPRINTF(1, ("receive: at %ld refusing to mobilize passive association"
|
||||
" with unknown peer %s mode %d keyid %08x len %d auth %d\n",
|
||||
current_time, stoa(&rbufp->recv_srcadr),
|
||||
hismode, skeyid, (authlen + has_mac),
|
||||
is_authentic));
|
||||
sys_declined++;
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1145,8 +1213,8 @@ receive(
|
||||
* we will spin an ephemeral association in response to
|
||||
* MODE_ACTIVE KoDs, which will time out eventually.
|
||||
*/
|
||||
if (hisleap != LEAP_NOTINSYNC && (hisstratum <
|
||||
sys_floor || hisstratum >= sys_ceiling)) {
|
||||
if ( hisleap != LEAP_NOTINSYNC
|
||||
&& (hisstratum < sys_floor || hisstratum >= sys_ceiling)) {
|
||||
sys_declined++;
|
||||
return; /* no help */
|
||||
}
|
||||
@ -1205,9 +1273,9 @@ receive(
|
||||
* have a public key ID; if not, the packet must have a
|
||||
* symmetric key ID.
|
||||
*/
|
||||
if (is_authentic != AUTH_CRYPTO && (((peer->flags &
|
||||
FLAG_SKEY) && skeyid <= NTP_MAXKEY) || (!(peer->flags &
|
||||
FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
|
||||
if ( is_authentic != AUTH_CRYPTO
|
||||
&& ( ((peer->flags & FLAG_SKEY) && skeyid <= NTP_MAXKEY)
|
||||
|| (!(peer->flags & FLAG_SKEY) && skeyid > NTP_MAXKEY))) {
|
||||
sys_badauth++;
|
||||
return;
|
||||
}
|
||||
@ -1256,16 +1324,23 @@ receive(
|
||||
* Check for bogus packet in basic mode. If found, switch to
|
||||
* interleaved mode and resynchronize, but only after confirming
|
||||
* the packet is not bogus in symmetric interleaved mode.
|
||||
*
|
||||
* This could also mean somebody is forging packets claiming to
|
||||
* be from us, attempting to cause our server to KoD us.
|
||||
*/
|
||||
} else if (peer->flip == 0) {
|
||||
if (!L_ISEQU(&p_org, &peer->aorg)) {
|
||||
peer->bogusorg++;
|
||||
peer->flash |= TEST2; /* bogus */
|
||||
if (!L_ISZERO(&peer->dst) && L_ISEQU(&p_org,
|
||||
&peer->dst)) {
|
||||
msyslog(LOG_INFO,
|
||||
"receive: Unexpected origin timestamp from %s",
|
||||
ntoa(&peer->srcadr));
|
||||
if ( !L_ISZERO(&peer->dst)
|
||||
&& L_ISEQU(&p_org, &peer->dst)) {
|
||||
peer->flip = 1;
|
||||
report_event(PEVNT_XLEAVE, peer, NULL);
|
||||
}
|
||||
return; /* Bogus packet, we are done */
|
||||
} else {
|
||||
L_CLR(&peer->aorg);
|
||||
}
|
||||
@ -1282,11 +1357,12 @@ receive(
|
||||
* can happen if a packet is lost, duplicated or crossed. If
|
||||
* found, flip and resynchronize.
|
||||
*/
|
||||
} else if (!L_ISZERO(&peer->dst) && !L_ISEQU(&p_org,
|
||||
&peer->dst)) {
|
||||
} else if ( !L_ISZERO(&peer->dst)
|
||||
&& !L_ISEQU(&p_org, &peer->dst)) {
|
||||
peer->bogusorg++;
|
||||
peer->flags |= FLAG_XBOGUS;
|
||||
peer->flash |= TEST2; /* bogus */
|
||||
return; /* Bogus packet, we are done */
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1321,8 +1397,8 @@ receive(
|
||||
report_event(PEVNT_AUTH, peer, "digest");
|
||||
peer->flash |= TEST5; /* bad auth */
|
||||
peer->badauth++;
|
||||
if (has_mac &&
|
||||
(hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
|
||||
if ( has_mac
|
||||
&& (hismode == MODE_ACTIVE || hismode == MODE_PASSIVE))
|
||||
fast_xmit(rbufp, MODE_ACTIVE, 0, restrict_mask);
|
||||
if (peer->flags & FLAG_PREEMPT) {
|
||||
unpeer(peer);
|
||||
@ -1351,11 +1427,22 @@ receive(
|
||||
* this maximum and advance the headway to give the sender some
|
||||
* headroom. Very intricate.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Check for any kiss codes. Note this is only used when a server
|
||||
* responds to a packet request
|
||||
*/
|
||||
|
||||
kissCode = kiss_code_check(hisleap, hisstratum, hismode, pkt->refid);
|
||||
|
||||
/*
|
||||
* Check to see if this is a RATE Kiss Code
|
||||
* Currently this kiss code will accept whatever poll
|
||||
* rate that the server sends
|
||||
*/
|
||||
peer->ppoll = max(peer->minpoll, pkt->ppoll);
|
||||
if (hismode == MODE_SERVER && hisleap == LEAP_NOTINSYNC &&
|
||||
hisstratum == STRATUM_UNSPEC && memcmp(&pkt->refid,
|
||||
"RATE", 4) == 0) {
|
||||
peer->selbroken++;
|
||||
if (kissCode == RATEKISS) {
|
||||
peer->selbroken++; /* Increment the KoD count */
|
||||
report_event(PEVNT_RATE, peer, NULL);
|
||||
if (pkt->ppoll > peer->minpoll)
|
||||
peer->minpoll = peer->ppoll;
|
||||
@ -1364,6 +1451,11 @@ receive(
|
||||
poll_update(peer, pkt->ppoll);
|
||||
return; /* kiss-o'-death */
|
||||
}
|
||||
if (kissCode != NOKISS) {
|
||||
peer->selbroken++; /* Increment the KoD count */
|
||||
return; /* Drop any other kiss code packets */
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* That was hard and I am sweaty, but the packet is squeaky
|
||||
@ -1455,8 +1547,8 @@ receive(
|
||||
int i;
|
||||
|
||||
for (i = 0; ; i++) {
|
||||
if (tkeyid == peer->pkeyid ||
|
||||
tkeyid == ap->key) {
|
||||
if ( tkeyid == peer->pkeyid
|
||||
|| tkeyid == ap->key) {
|
||||
peer->flash &= ~TEST8;
|
||||
peer->pkeyid = skeyid;
|
||||
ap->seq -= i;
|
||||
@ -1589,8 +1681,8 @@ process_packet(
|
||||
* Verify the server is synchronized; that is, the leap bits,
|
||||
* stratum and root distance are valid.
|
||||
*/
|
||||
if (pleap == LEAP_NOTINSYNC || /* test 6 */
|
||||
pstratum < sys_floor || pstratum >= sys_ceiling)
|
||||
if ( pleap == LEAP_NOTINSYNC /* test 6 */
|
||||
|| pstratum < sys_floor || pstratum >= sys_ceiling)
|
||||
peer->flash |= TEST6; /* bad synch or strat */
|
||||
if (p_del / 2 + p_disp >= MAXDISPERSE) /* test 7 */
|
||||
peer->flash |= TEST7; /* bad header */
|
||||
@ -1823,8 +1915,9 @@ process_packet(
|
||||
* client mode when the client is fit and the autokey dance is
|
||||
* complete.
|
||||
*/
|
||||
if ((FLAG_BC_VOL & peer->flags) && MODE_CLIENT == peer->hmode &&
|
||||
!(TEST11 & peer_unfit(peer))) { /* distance exceeded */
|
||||
if ( (FLAG_BC_VOL & peer->flags)
|
||||
&& MODE_CLIENT == peer->hmode
|
||||
&& !(TEST11 & peer_unfit(peer))) { /* distance exceeded */
|
||||
#ifdef AUTOKEY
|
||||
if (peer->flags & FLAG_SKEY) {
|
||||
if (!(~peer->crypto & CRYPTO_FLAG_ALL))
|
||||
@ -1865,8 +1958,8 @@ clock_update(
|
||||
sys_poll = peer->maxpoll;
|
||||
poll_update(peer, sys_poll);
|
||||
sys_stratum = min(peer->stratum + 1, STRATUM_UNSPEC);
|
||||
if (peer->stratum == STRATUM_REFCLOCK ||
|
||||
peer->stratum == STRATUM_UNSPEC)
|
||||
if ( peer->stratum == STRATUM_REFCLOCK
|
||||
|| peer->stratum == STRATUM_UNSPEC)
|
||||
sys_refid = peer->refid;
|
||||
else
|
||||
sys_refid = addr2refid(&peer->srcadr);
|
||||
@ -1992,12 +2085,12 @@ clock_update(
|
||||
* once is mostly harmless.)
|
||||
*/
|
||||
if (leapsec == LSPROX_NOWARN) {
|
||||
if (leap_vote_ins > leap_vote_del
|
||||
if ( leap_vote_ins > leap_vote_del
|
||||
&& leap_vote_ins > sys_survivors / 2) {
|
||||
get_systime(&now);
|
||||
leapsec_add_dyn(TRUE, now.l_ui, NULL);
|
||||
}
|
||||
if (leap_vote_del > leap_vote_ins
|
||||
if ( leap_vote_del > leap_vote_ins
|
||||
&& leap_vote_del > sys_survivors / 2) {
|
||||
get_systime(&now);
|
||||
leapsec_add_dyn(FALSE, now.l_ui, NULL);
|
||||
@ -2320,8 +2413,8 @@ clock_filter(
|
||||
m = 0;
|
||||
for (i = 0; i < NTP_SHIFT; i++) {
|
||||
peer->filter_order[i] = (u_char) ord[i];
|
||||
if (dst[i] >= MAXDISPERSE || (m >= 2 && dst[i] >=
|
||||
sys_maxdist))
|
||||
if ( dst[i] >= MAXDISPERSE
|
||||
|| (m >= 2 && dst[i] >= sys_maxdist))
|
||||
continue;
|
||||
m++;
|
||||
}
|
||||
@ -2367,10 +2460,11 @@ clock_filter(
|
||||
* than twice the host poll interval, consider the new sample
|
||||
* a popcorn spike and ignore it.
|
||||
*/
|
||||
if (peer->disp < sys_maxdist && peer->filter_disp[k] <
|
||||
sys_maxdist && etemp > CLOCK_SGATE * peer->jitter &&
|
||||
peer->filter_epoch[k] - peer->epoch < 2. *
|
||||
ULOGTOD(peer->hpoll)) {
|
||||
if ( peer->disp < sys_maxdist
|
||||
&& peer->filter_disp[k] < sys_maxdist
|
||||
&& etemp > CLOCK_SGATE * peer->jitter
|
||||
&& peer->filter_epoch[k] - peer->epoch
|
||||
< 2. * ULOGTOD(peer->hpoll)) {
|
||||
snprintf(tbuf, sizeof(tbuf), "%.6f s", etemp);
|
||||
report_event(PEVNT_POPCORN, peer, tbuf);
|
||||
return;
|
||||
@ -2547,14 +2641,14 @@ clock_select(void)
|
||||
if (!(peer->flags & FLAG_PREFER)) {
|
||||
switch (peer->refclktype) {
|
||||
case REFCLK_LOCALCLOCK:
|
||||
if (current_time > orphwait &&
|
||||
typelocal == NULL)
|
||||
if ( current_time > orphwait
|
||||
&& typelocal == NULL)
|
||||
typelocal = peer;
|
||||
continue;
|
||||
|
||||
case REFCLK_ACTS:
|
||||
if (current_time > orphwait &&
|
||||
typeacts == NULL)
|
||||
if ( current_time > orphwait
|
||||
&& typeacts == NULL)
|
||||
typeacts = peer;
|
||||
continue;
|
||||
}
|
||||
@ -2684,8 +2778,10 @@ clock_select(void)
|
||||
|
||||
peer = peers[i].peer;
|
||||
h = peers[i].synch;
|
||||
if ((high <= low || peer->offset + h < low ||
|
||||
peer->offset - h > high) && !(peer->flags & FLAG_TRUE))
|
||||
if (( high <= low
|
||||
|| peer->offset + h < low
|
||||
|| peer->offset - h > high
|
||||
) && !(peer->flags & FLAG_TRUE))
|
||||
continue;
|
||||
|
||||
#ifdef REFCLOCK
|
||||
@ -2742,7 +2838,7 @@ clock_select(void)
|
||||
}
|
||||
|
||||
/*
|
||||
* Now, vote outlyers off the island by select jitter weighted
|
||||
* Now, vote outliers off the island by select jitter weighted
|
||||
* by root distance. Continue voting as long as there are more
|
||||
* than sys_minclock survivors and the select jitter of the peer
|
||||
* with the worst metric is greater than the minimum peer
|
||||
@ -2772,8 +2868,9 @@ clock_select(void)
|
||||
}
|
||||
}
|
||||
g = max(g, LOGTOD(sys_precision));
|
||||
if (nlist <= max(1, sys_minclock) || g <= d ||
|
||||
((FLAG_TRUE | FLAG_PREFER) & peers[k].peer->flags))
|
||||
if ( nlist <= max(1, sys_minclock)
|
||||
|| g <= d
|
||||
|| ((FLAG_TRUE | FLAG_PREFER) & peers[k].peer->flags))
|
||||
break;
|
||||
|
||||
DPRINTF(3, ("select: drop %s seljit %.6f jit %.6f\n",
|
||||
@ -2898,10 +2995,12 @@ clock_select(void)
|
||||
* if there is a prefer peer or there are no survivors and none
|
||||
* are required.
|
||||
*/
|
||||
if (typepps != NULL && fabs(sys_offset) < 0.4 &&
|
||||
(typepps->refclktype != REFCLK_ATOM_PPS ||
|
||||
(typepps->refclktype == REFCLK_ATOM_PPS && (sys_prefer !=
|
||||
NULL || (typesystem == NULL && sys_minsane == 0))))) {
|
||||
if ( typepps != NULL
|
||||
&& fabs(sys_offset) < 0.4
|
||||
&& ( typepps->refclktype != REFCLK_ATOM_PPS
|
||||
|| ( typepps->refclktype == REFCLK_ATOM_PPS
|
||||
&& ( sys_prefer != NULL
|
||||
|| (typesystem == NULL && sys_minsane == 0))))) {
|
||||
typesystem = typepps;
|
||||
sys_clockhop = 0;
|
||||
typesystem->new_status = CTL_PST_SEL_PPS;
|
||||
@ -3240,16 +3339,16 @@ peer_xmit(
|
||||
* autokey sequence, the autokey exchange is
|
||||
* used to retrieve the autokey values.
|
||||
*/
|
||||
else if (sys_leap != LEAP_NOTINSYNC &&
|
||||
peer->leap != LEAP_NOTINSYNC &&
|
||||
!(peer->crypto & CRYPTO_FLAG_COOK))
|
||||
else if ( sys_leap != LEAP_NOTINSYNC
|
||||
&& peer->leap != LEAP_NOTINSYNC
|
||||
&& !(peer->crypto & CRYPTO_FLAG_COOK))
|
||||
exten = crypto_args(peer, CRYPTO_COOK,
|
||||
peer->associd, NULL);
|
||||
else if (!(peer->crypto & CRYPTO_FLAG_AUTO))
|
||||
exten = crypto_args(peer, CRYPTO_AUTO,
|
||||
peer->associd, NULL);
|
||||
else if (peer->flags & FLAG_ASSOC &&
|
||||
peer->crypto & CRYPTO_FLAG_SIGN)
|
||||
else if ( peer->flags & FLAG_ASSOC
|
||||
&& peer->crypto & CRYPTO_FLAG_SIGN)
|
||||
exten = crypto_args(peer, CRYPTO_AUTO |
|
||||
CRYPTO_RESP, peer->assoc, NULL);
|
||||
|
||||
@ -3693,7 +3792,7 @@ pool_xmit(
|
||||
pool->hostname));
|
||||
else
|
||||
msyslog(LOG_ERR,
|
||||
"unable to start pool DNS %s %m",
|
||||
"unable to start pool DNS %s: %m",
|
||||
pool->hostname);
|
||||
return;
|
||||
}
|
||||
@ -3883,8 +3982,9 @@ peer_unfit(
|
||||
* synchronized, (2) the server stratum is below the floor or
|
||||
* greater than or equal to the ceiling.
|
||||
*/
|
||||
if (peer->leap == LEAP_NOTINSYNC || peer->stratum < sys_floor ||
|
||||
peer->stratum >= sys_ceiling)
|
||||
if ( peer->leap == LEAP_NOTINSYNC
|
||||
|| peer->stratum < sys_floor
|
||||
|| peer->stratum >= sys_ceiling)
|
||||
rval |= TEST10; /* bad synch or stratum */
|
||||
|
||||
/*
|
||||
@ -3892,8 +3992,9 @@ peer_unfit(
|
||||
* distance is greater than or equal to the distance threshold
|
||||
* plus the increment due to one host poll interval.
|
||||
*/
|
||||
if (!(peer->flags & FLAG_REFCLOCK) && root_distance(peer) >=
|
||||
sys_maxdist + clock_phi * ULOGTOD(peer->hpoll))
|
||||
if ( !(peer->flags & FLAG_REFCLOCK)
|
||||
&& root_distance(peer) >= sys_maxdist
|
||||
+ clock_phi * ULOGTOD(peer->hpoll))
|
||||
rval |= TEST11; /* distance exceeded */
|
||||
|
||||
/*
|
||||
|
@ -1049,7 +1049,7 @@ refclock_control(
|
||||
if (NULL == peer)
|
||||
return;
|
||||
|
||||
NTP_INSIST(peer->procptr != NULL);
|
||||
INSIST(peer->procptr != NULL);
|
||||
pp = peer->procptr;
|
||||
|
||||
/*
|
||||
|
@ -1757,10 +1757,12 @@ do_restrict(
|
||||
}
|
||||
|
||||
/*
|
||||
* Looks okay, try it out
|
||||
* Looks okay, try it out. Needs to reload data pointer and
|
||||
* item counter. (Talos-CAN-0052)
|
||||
*/
|
||||
ZERO_SOCK(&matchaddr);
|
||||
ZERO_SOCK(&matchmask);
|
||||
items = INFO_NITEMS(inpkt->err_nitems);
|
||||
datap = inpkt->u.data;
|
||||
|
||||
while (items-- > 0) {
|
||||
@ -1917,9 +1919,11 @@ reset_peer(
|
||||
}
|
||||
|
||||
/*
|
||||
* Now do it in earnest.
|
||||
* Now do it in earnest. Needs to reload data pointer and item
|
||||
* counter. (Talos-CAN-0052)
|
||||
*/
|
||||
|
||||
|
||||
items = INFO_NITEMS(inpkt->err_nitems);
|
||||
datap = inpkt->u.data;
|
||||
while (items-- > 0) {
|
||||
ZERO(cp);
|
||||
|
@ -173,7 +173,7 @@ alloc_res4(void)
|
||||
LINK_SLIST(resfree4, res, link);
|
||||
res = (void *)((char *)res - cb);
|
||||
}
|
||||
NTP_INSIST(rl == res);
|
||||
INSIST(rl == res);
|
||||
/* allocate the first */
|
||||
return res;
|
||||
}
|
||||
@ -199,7 +199,7 @@ alloc_res6(void)
|
||||
LINK_SLIST(resfree6, res, link);
|
||||
res = (void *)((char *)res - cb);
|
||||
}
|
||||
NTP_INSIST(rl == res);
|
||||
INSIST(rl == res);
|
||||
/* allocate the first */
|
||||
return res;
|
||||
}
|
||||
@ -223,7 +223,7 @@ free_res(
|
||||
else
|
||||
plisthead = &restrictlist4;
|
||||
UNLINK_SLIST(unlinked, *plisthead, res, link, restrict_u);
|
||||
NTP_INSIST(unlinked == res);
|
||||
INSIST(unlinked == res);
|
||||
|
||||
if (v6) {
|
||||
zero_mem(res, V6_SIZEOF_RESTRICT_U);
|
||||
@ -291,7 +291,7 @@ match_restrict6_addr(
|
||||
|
||||
for (res = restrictlist6; res != NULL; res = next) {
|
||||
next = res->link;
|
||||
NTP_INSIST(next != res);
|
||||
INSIST(next != res);
|
||||
if (res->expire &&
|
||||
res->expire <= current_time)
|
||||
free_res(res, v6);
|
||||
@ -435,6 +435,9 @@ restrictions(
|
||||
|
||||
match = match_restrict4_addr(SRCADR(srcadr),
|
||||
SRCPORT(srcadr));
|
||||
|
||||
INSIST(match != NULL);
|
||||
|
||||
match->count++;
|
||||
/*
|
||||
* res_not_found counts only use of the final default
|
||||
@ -461,6 +464,7 @@ restrictions(
|
||||
return (int)RES_IGNORE;
|
||||
|
||||
match = match_restrict6_addr(pin6, SRCPORT(srcadr));
|
||||
INSIST(match != NULL);
|
||||
match->count++;
|
||||
if (&restrict_def6 == match)
|
||||
res_not_found++;
|
||||
@ -494,8 +498,8 @@ hack_restrict(
|
||||
op, stoa(resaddr), stoa(resmask), mflags, flags));
|
||||
|
||||
if (NULL == resaddr) {
|
||||
NTP_REQUIRE(NULL == resmask);
|
||||
NTP_REQUIRE(RESTRICT_FLAGS == op);
|
||||
REQUIRE(NULL == resmask);
|
||||
REQUIRE(RESTRICT_FLAGS == op);
|
||||
restrict_source_flags = flags;
|
||||
restrict_source_mflags = mflags;
|
||||
restrict_source_enabled = 1;
|
||||
@ -503,9 +507,13 @@ hack_restrict(
|
||||
}
|
||||
|
||||
ZERO(match);
|
||||
|
||||
#if 0
|
||||
/* silence VC9 potentially uninit warnings */
|
||||
// HMS: let's use a compiler-specific "enable" for this.
|
||||
res = NULL;
|
||||
v6 = 0;
|
||||
#endif
|
||||
|
||||
if (IS_IPV4(resaddr)) {
|
||||
v6 = 0;
|
||||
@ -528,7 +536,7 @@ hack_restrict(
|
||||
&match.u.v6.mask);
|
||||
|
||||
} else /* not IPv4 nor IPv6 */
|
||||
NTP_REQUIRE(0);
|
||||
REQUIRE(0);
|
||||
|
||||
match.flags = flags;
|
||||
match.mflags = mflags;
|
||||
@ -600,7 +608,7 @@ hack_restrict(
|
||||
break;
|
||||
|
||||
default: /* unknown op */
|
||||
NTP_INSIST(0);
|
||||
INSIST(0);
|
||||
break;
|
||||
}
|
||||
|
||||
@ -626,7 +634,7 @@ restrict_source(
|
||||
IS_MCAST(addr) || ISREFCLOCKADR(addr))
|
||||
return;
|
||||
|
||||
NTP_REQUIRE(AF_INET == AF(addr) || AF_INET6 == AF(addr));
|
||||
REQUIRE(AF_INET == AF(addr) || AF_INET6 == AF(addr));
|
||||
|
||||
SET_HOSTMASK(&onesmask, AF(addr));
|
||||
if (farewell) {
|
||||
@ -647,10 +655,12 @@ restrict_source(
|
||||
*/
|
||||
if (IS_IPV4(addr)) {
|
||||
res = match_restrict4_addr(SRCADR(addr), SRCPORT(addr));
|
||||
INSIST(res != NULL);
|
||||
found_specific = (SRCADR(&onesmask) == res->u.v4.mask);
|
||||
} else {
|
||||
res = match_restrict6_addr(&SOCK_ADDR6(addr),
|
||||
SRCPORT(addr));
|
||||
INSIST(res != NULL);
|
||||
found_specific = ADDR6_EQ(&res->u.v6.mask,
|
||||
&SOCK_ADDR6(&onesmask));
|
||||
}
|
||||
|
@ -56,6 +56,12 @@ static void check_leapsec(u_int32, const time_t*, int/*BOOL*/);
|
||||
*/
|
||||
volatile int interface_interval; /* init_io() sets def. 300s */
|
||||
|
||||
/*
|
||||
* Initializing flag. All async routines watch this and only do their
|
||||
* thing when it is clear.
|
||||
*/
|
||||
int initializing;
|
||||
|
||||
/*
|
||||
* Alarm flag. The mainline code imports this.
|
||||
*/
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpd-opts.c)
|
||||
*
|
||||
* It has been AutoGen-ed June 29, 2015 at 04:28:19 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed October 21, 2015 at 12:36:00 PM by AutoGen 5.18.5
|
||||
* From the definitions ntpd-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -75,7 +75,7 @@ extern FILE * option_usage_fp;
|
||||
* static const strings for ntpd options
|
||||
*/
|
||||
static char const ntpd_opt_strs[3129] =
|
||||
/* 0 */ "ntpd 4.2.8p3\n"
|
||||
/* 0 */ "ntpd 4.2.8p4\n"
|
||||
"Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n"
|
||||
"This is free software. It is licensed for use, modification and\n"
|
||||
"redistribution under the terms of the NTP License, copies of which\n"
|
||||
@ -205,12 +205,12 @@ static char const ntpd_opt_strs[3129] =
|
||||
/* 2900 */ "output version information and exit\0"
|
||||
/* 2936 */ "version\0"
|
||||
/* 2944 */ "NTPD\0"
|
||||
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p3\n"
|
||||
/* 2949 */ "ntpd - NTP daemon program - Ver. 4.2.8p4\n"
|
||||
"Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n"
|
||||
"\t\t[ <server1> ... <serverN> ]\n\0"
|
||||
/* 3080 */ "http://bugs.ntp.org, bugs@ntp.org\0"
|
||||
/* 3114 */ "\n\0"
|
||||
/* 3116 */ "ntpd 4.2.8p3";
|
||||
/* 3116 */ "ntpd 4.2.8p4";
|
||||
|
||||
/**
|
||||
* ipv4 option description with
|
||||
@ -1529,7 +1529,7 @@ static void bogus_function(void) {
|
||||
translate option names.
|
||||
*/
|
||||
/* referenced via ntpdOptions.pzCopyright */
|
||||
puts(_("ntpd 4.2.8p3\n\
|
||||
puts(_("ntpd 4.2.8p4\n\
|
||||
Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation, all rights reserved.\n\
|
||||
This is free software. It is licensed for use, modification and\n\
|
||||
redistribution under the terms of the NTP License, copies of which\n\
|
||||
@ -1670,7 +1670,7 @@ implied warranty.\n"));
|
||||
puts(_("output version information and exit"));
|
||||
|
||||
/* referenced via ntpdOptions.pzUsageTitle */
|
||||
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p3\n\
|
||||
puts(_("ntpd - NTP daemon program - Ver. 4.2.8p4\n\
|
||||
Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
|
||||
\t\t[ <server1> ... <serverN> ]\n"));
|
||||
|
||||
@ -1678,7 +1678,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\
|
||||
puts(_("\n"));
|
||||
|
||||
/* referenced via ntpdOptions.pzFullVersion */
|
||||
puts(_("ntpd 4.2.8p3"));
|
||||
puts(_("ntpd 4.2.8p4"));
|
||||
|
||||
/* referenced via ntpdOptions.pzFullUsage */
|
||||
puts(_("<<<NOT-FOUND>>>"));
|
||||
|
@ -236,6 +236,8 @@ when you have permission to do so from the owner of the target host.
|
||||
Finally,
|
||||
in the past many startup scripts would run
|
||||
.Xr ntpdate 1ntpdatemdoc
|
||||
or
|
||||
.Xr sntp 1sntpmdoc
|
||||
to get the system clock close to correct before starting
|
||||
.Xr ntpd 1ntpdmdoc ,
|
||||
but this was never more than a mediocre hack and is no longer needed.
|
||||
@ -245,7 +247,9 @@ and you still need to set the system time before starting
|
||||
.Nm ,
|
||||
please open a bug report and document what is going on,
|
||||
and then look at using
|
||||
.Xr sntp 1sntpmdoc .
|
||||
.Xr sntp 1sntpmdoc
|
||||
if you really need to set the clock before starting
|
||||
.Nm .
|
||||
.Pp
|
||||
There is a way to start
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
|
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* EDIT THIS FILE WITH CAUTION (ntpd-opts.h)
|
||||
*
|
||||
* It has been AutoGen-ed June 29, 2015 at 04:28:18 PM by AutoGen 5.18.5
|
||||
* It has been AutoGen-ed October 21, 2015 at 12:35:59 PM by AutoGen 5.18.5
|
||||
* From the definitions ntpd-opts.def
|
||||
* and the template file options
|
||||
*
|
||||
@ -106,9 +106,9 @@ typedef enum {
|
||||
/** count of all options for ntpd */
|
||||
#define OPTION_CT 38
|
||||
/** ntpd version */
|
||||
#define NTPD_VERSION "4.2.8p3"
|
||||
#define NTPD_VERSION "4.2.8p4"
|
||||
/** Full ntpd version text */
|
||||
#define NTPD_FULL_VERSION "ntpd 4.2.8p3"
|
||||
#define NTPD_FULL_VERSION "ntpd 4.2.8p4"
|
||||
|
||||
/**
|
||||
* Interface defines for all options. Replace "n" with the UPPER_CASED
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpd 1ntpdman "29 Jun 2015" "4.2.8p3" "User Commands"
|
||||
.TH ntpd 1ntpdman "21 Oct 2015" "4.2.8p4" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LZaapD/ag-XZa4nD)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:24 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -602,6 +602,8 @@ when you have permission to do so from the owner of the target host.
|
||||
Finally,
|
||||
in the past many startup scripts would run
|
||||
\fCntpdate\f[]\fR(1ntpdatemdoc)\f[]
|
||||
or
|
||||
\fCsntp\f[]\fR(1sntpmdoc)\f[]
|
||||
to get the system clock close to correct before starting
|
||||
\fCntpd\f[]\fR(1ntpdmdoc)\f[],
|
||||
but this was never more than a mediocre hack and is no longer needed.
|
||||
@ -611,7 +613,9 @@ and you still need to set the system time before starting
|
||||
\f\*[B-Font]ntpd\fP,
|
||||
please open a bug report and document what is going on,
|
||||
and then look at using
|
||||
\fCsntp\f[]\fR(1sntpmdoc)\f[].
|
||||
\fCsntp\f[]\fR(1sntpmdoc)\f[]
|
||||
if you really need to set the clock before starting
|
||||
\f\*[B-Font]ntpd\fP.
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd June 29 2015
|
||||
.Dd October 21 2015
|
||||
.Dt NTPD 1ntpdmdoc User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:41 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -532,6 +532,8 @@ when you have permission to do so from the owner of the target host.
|
||||
Finally,
|
||||
in the past many startup scripts would run
|
||||
.Xr ntpdate 1ntpdatemdoc
|
||||
or
|
||||
.Xr sntp 1sntpmdoc
|
||||
to get the system clock close to correct before starting
|
||||
.Xr ntpd 1ntpdmdoc ,
|
||||
but this was never more than a mediocre hack and is no longer needed.
|
||||
@ -541,7 +543,9 @@ and you still need to set the system time before starting
|
||||
.Nm ,
|
||||
please open a bug report and document what is going on,
|
||||
and then look at using
|
||||
.Xr sntp 1sntpmdoc .
|
||||
.Xr sntp 1sntpmdoc
|
||||
if you really need to set the clock before starting
|
||||
.Nm .
|
||||
.Pp
|
||||
There is a way to start
|
||||
.Xr ntpd 1ntpdmdoc
|
||||
|
@ -27,6 +27,14 @@
|
||||
#include "ntp_libopts.h"
|
||||
#include "ntpd-opts.h"
|
||||
|
||||
/* there's a short treatise below what the thread stuff is for */
|
||||
#if defined(HAVE_PTHREADS) && HAVE_PTHREADS && !defined(NO_THREADS)
|
||||
# ifdef HAVE_PTHREAD_H
|
||||
# include <pthread.h>
|
||||
# endif
|
||||
# define NEED_PTHREAD_WARMUP
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_UNISTD_H
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
@ -179,12 +187,6 @@ struct passwd *pw;
|
||||
int waitsync_fd_to_close = -1; /* -w/--wait-sync */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Initializing flag. All async routines watch this and only do their
|
||||
* thing when it is clear.
|
||||
*/
|
||||
int initializing;
|
||||
|
||||
/*
|
||||
* Version declaration
|
||||
*/
|
||||
@ -238,6 +240,68 @@ static void library_unexpected_error(const char *, int,
|
||||
#endif /* !SIM */
|
||||
|
||||
|
||||
/* Bug2332 unearthed a problem in the interaction of reduced user
|
||||
* privileges, the limits on memory usage and some versions of the
|
||||
* pthread library on Linux systems. The 'pthread_cancel()' function and
|
||||
* likely some others need to track the stack of the thread involved,
|
||||
* and uses a function that comes from GCC (--> libgcc_s.so) to do
|
||||
* this. Unfortunately the developers of glibc decided to load the
|
||||
* library on demand, which speeds up program start but can cause
|
||||
* trouble here: Due to all the things NTPD does to limit its resource
|
||||
* usage, this deferred load of libgcc_s does not always work once the
|
||||
* restrictions are in effect.
|
||||
*
|
||||
* One way out of this was attempting a forced link against libgcc_s
|
||||
* when possible because it makes the library available immediately
|
||||
* without deferred load. (The symbol resolution would still be dynamic
|
||||
* and on demand, but the code would already be in the process image.)
|
||||
*
|
||||
* This is a tricky thing to do, since it's not necessary everywhere,
|
||||
* not possible everywhere, has shown to break the build of other
|
||||
* programs in the NTP suite and is now generally frowned upon.
|
||||
*
|
||||
* So we take a different approach here: We creat a worker thread that does
|
||||
* actually nothing except waiting for cancellation and cancel it. If
|
||||
* this is done before all the limitations are put in place, the
|
||||
* machinery is pre-heated and all the runtime stuff should be in place
|
||||
* and useable when needed.
|
||||
*
|
||||
* This uses only the standard pthread API and should work with all
|
||||
* implementations of pthreads. It is not necessary everywhere, but it's
|
||||
* cheap enough to go on nearly unnoticed.
|
||||
*/
|
||||
#ifdef NEED_PTHREAD_WARMUP
|
||||
|
||||
/* simple thread function: sleep until cancelled, just to exercise
|
||||
* thread cancellation.
|
||||
*/
|
||||
static void*
|
||||
my_pthread_warmup_worker(
|
||||
void *thread_args)
|
||||
{
|
||||
(void)thread_args;
|
||||
for (;;)
|
||||
sleep(10);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* pre-heat threading: create a thread and cancel it, just to exercise
|
||||
* thread cancellation.
|
||||
*/
|
||||
static void
|
||||
my_pthread_warmup(void)
|
||||
{
|
||||
pthread_t thread;
|
||||
int rc;
|
||||
rc = pthread_create(
|
||||
&thread, NULL, my_pthread_warmup_worker, NULL);
|
||||
if (0 == rc) {
|
||||
pthread_cancel(thread);
|
||||
pthread_join(thread, NULL);
|
||||
}
|
||||
}
|
||||
|
||||
#endif /*defined(NEED_PTHREAD_WARMUP)*/
|
||||
|
||||
|
||||
void
|
||||
@ -451,6 +515,10 @@ ntpdmain(
|
||||
int zero;
|
||||
# endif
|
||||
|
||||
# ifdef NEED_PTHREAD_WARMUP
|
||||
my_pthread_warmup();
|
||||
# endif
|
||||
|
||||
# ifdef HAVE_UMASK
|
||||
uv = umask(0);
|
||||
if (uv)
|
||||
@ -791,13 +859,16 @@ ntpdmain(
|
||||
*/
|
||||
getconfig(argc, argv);
|
||||
|
||||
if (do_memlock) {
|
||||
if (-1 == cur_memlock) {
|
||||
# if defined(HAVE_MLOCKALL)
|
||||
/*
|
||||
* lock the process into memory
|
||||
*/
|
||||
if (!HAVE_OPT(SAVECONFIGQUIT) &&
|
||||
0 != mlockall(MCL_CURRENT|MCL_FUTURE))
|
||||
if ( !HAVE_OPT(SAVECONFIGQUIT)
|
||||
# ifdef RLIMIT_MEMLOCK
|
||||
&& -1 != DFLT_RLIMIT_MEMLOCK
|
||||
# endif
|
||||
&& 0 != mlockall(MCL_CURRENT|MCL_FUTURE))
|
||||
msyslog(LOG_ERR, "mlockall(): %m");
|
||||
# else /* !HAVE_MLOCKALL follows */
|
||||
# ifdef HAVE_PLOCK
|
||||
@ -937,10 +1008,17 @@ ntpdmain(
|
||||
msyslog(LOG_ERR, "Cannot setegid() to group `%s': %m", group);
|
||||
exit (-1);
|
||||
}
|
||||
if (group)
|
||||
setgroups(1, &sw_gid);
|
||||
else
|
||||
initgroups(pw->pw_name, pw->pw_gid);
|
||||
if (group) {
|
||||
if (0 != setgroups(1, &sw_gid)) {
|
||||
msyslog(LOG_ERR, "setgroups(1, %d) failed: %m", sw_gid);
|
||||
exit (-1);
|
||||
}
|
||||
}
|
||||
else if (pw)
|
||||
if (0 != initgroups(pw->pw_name, pw->pw_gid)) {
|
||||
msyslog(LOG_ERR, "initgroups(<%s>, %d) filed: %m", pw->pw_name, pw->pw_gid);
|
||||
exit (-1);
|
||||
}
|
||||
if (user && setuid(sw_uid)) {
|
||||
msyslog(LOG_ERR, "Cannot setuid() to user `%s': %m", user);
|
||||
exit (-1);
|
||||
|
@ -39,7 +39,7 @@ The program can operate in any of several modes, including client/server,
|
||||
symmetric and broadcast modes, and with both symmetric-key and public-key
|
||||
cryptography.
|
||||
|
||||
<p>This document applies to version 4.2.8p3 of <code>ntpd</code>.
|
||||
<p>This document applies to version 4.2.8p4 of <code>ntpd</code>.
|
||||
|
||||
<ul class="menu">
|
||||
<li><a accesskey="1" href="#ntpd-Description">ntpd Description</a>: Description
|
||||
@ -220,7 +220,7 @@ the usage text by passing it through a pager program.
|
||||
used to select the program, defaulting to <span class="file">more</span>. Both will exit
|
||||
with a status code of 0.
|
||||
|
||||
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p3-RC3
|
||||
<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p4-sec-RC2
|
||||
Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \
|
||||
[ <server1> ... <serverN> ]
|
||||
Flg Arg Option-Name Description
|
||||
|
@ -10,11 +10,11 @@
|
||||
.ds B-Font B
|
||||
.ds I-Font I
|
||||
.ds R-Font R
|
||||
.TH ntpd @NTPD_MS@ "29 Jun 2015" "4.2.8p3" "User Commands"
|
||||
.TH ntpd @NTPD_MS@ "21 Oct 2015" "4.2.8p4" "User Commands"
|
||||
.\"
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-LZaapD/ag-XZa4nD)
|
||||
.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-dUaOfK/ag-qUaGeK)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:24 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:11 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agman-cmd.tpl
|
||||
.SH NAME
|
||||
@ -602,6 +602,8 @@ when you have permission to do so from the owner of the target host.
|
||||
Finally,
|
||||
in the past many startup scripts would run
|
||||
\fCntpdate\f[]\fR(@NTPDATE_MS@)\f[]
|
||||
or
|
||||
\fCsntp\f[]\fR(@SNTP_MS@)\f[]
|
||||
to get the system clock close to correct before starting
|
||||
\fCntpd\f[]\fR(@NTPD_MS@)\f[],
|
||||
but this was never more than a mediocre hack and is no longer needed.
|
||||
@ -611,7 +613,9 @@ and you still need to set the system time before starting
|
||||
\f\*[B-Font]ntpd\fP,
|
||||
please open a bug report and document what is going on,
|
||||
and then look at using
|
||||
\fCsntp\f[]\fR(@SNTP_MS@)\f[].
|
||||
\fCsntp\f[]\fR(@SNTP_MS@)\f[]
|
||||
if you really need to set the clock before starting
|
||||
\f\*[B-Font]ntpd\fP.
|
||||
.sp \n(Ppu
|
||||
.ne 2
|
||||
|
||||
|
@ -1,9 +1,9 @@
|
||||
.Dd June 29 2015
|
||||
.Dd October 21 2015
|
||||
.Dt NTPD @NTPD_MS@ User Commands
|
||||
.Os
|
||||
.\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc)
|
||||
.\"
|
||||
.\" It has been AutoGen-ed June 29, 2015 at 04:30:41 PM by AutoGen 5.18.5
|
||||
.\" It has been AutoGen-ed October 21, 2015 at 12:38:30 PM by AutoGen 5.18.5
|
||||
.\" From the definitions ntpd-opts.def
|
||||
.\" and the template file agmdoc-cmd.tpl
|
||||
.Sh NAME
|
||||
@ -532,6 +532,8 @@ when you have permission to do so from the owner of the target host.
|
||||
Finally,
|
||||
in the past many startup scripts would run
|
||||
.Xr ntpdate @NTPDATE_MS@
|
||||
or
|
||||
.Xr sntp @SNTP_MS@
|
||||
to get the system clock close to correct before starting
|
||||
.Xr ntpd @NTPD_MS@ ,
|
||||
but this was never more than a mediocre hack and is no longer needed.
|
||||
@ -541,7 +543,9 @@ and you still need to set the system time before starting
|
||||
.Nm ,
|
||||
please open a bug report and document what is going on,
|
||||
and then look at using
|
||||
.Xr sntp @SNTP_MS@ .
|
||||
.Xr sntp @SNTP_MS@
|
||||
if you really need to set the clock before starting
|
||||
.Nm .
|
||||
.Pp
|
||||
There is a way to start
|
||||
.Xr ntpd @NTPD_MS@
|
||||
|
@ -1,4 +1,5 @@
|
||||
#include <config.h>
|
||||
#include <rc_cmdlength.h>
|
||||
|
||||
#if HAVE_UNISTD_H
|
||||
# include <unistd.h>
|
||||
|
@ -657,7 +657,7 @@ arc_start(
|
||||
return 0;
|
||||
}
|
||||
close(temp_fd);
|
||||
temp_fd = -1;
|
||||
temp_fd = -1; /* not used after this, at *this* time. */
|
||||
|
||||
#ifndef SYS_WINNT
|
||||
if (-1 == fcntl(fd, F_SETFL, 0)) /* clear the descriptor flags */
|
||||
|
@ -1194,7 +1194,7 @@ chu_a(
|
||||
* only if the maximum distance is at least MINSYNC.
|
||||
*/
|
||||
up->syndist = k = 0;
|
||||
val = -16;
|
||||
// val = -16;
|
||||
for (i = -1; i < 2; i++) {
|
||||
temp = up->cbuf[i + 4] & 0xf;
|
||||
if (i >= 0)
|
||||
|
@ -1113,9 +1113,9 @@ strtojint(
|
||||
/* Now try to convert a sequence of digits. */
|
||||
hold = cp;
|
||||
accu = 0;
|
||||
while (isdigit(*(const unsigned char*)cp)) {
|
||||
while (isdigit(*(const u_char*)cp)) {
|
||||
flags |= (accu > limit_lo);
|
||||
accu = accu * 10 + (*(const unsigned char*)cp++ - '0');
|
||||
accu = accu * 10 + (*(const u_char*)cp++ - '0');
|
||||
flags |= (accu > limit_hi);
|
||||
}
|
||||
/* Check for empty conversion (no digits seen). */
|
||||
@ -2086,8 +2086,8 @@ convert_ascii_time(
|
||||
return FALSE; /* could not parse the mandatory stuff! */
|
||||
if (*ep == '.') {
|
||||
dw = 100000000u;
|
||||
while (isdigit(*(unsigned char*)++ep)) {
|
||||
ts.tv_nsec += (*(unsigned char*)ep - '0') * dw;
|
||||
while (isdigit(*(u_char*)++ep)) {
|
||||
ts.tv_nsec += (*(u_char*)ep - '0') * dw;
|
||||
dw /= 10u;
|
||||
}
|
||||
}
|
||||
@ -2189,16 +2189,16 @@ log_data(
|
||||
char *dtop = s_lbuf + sizeof(s_lbuf) - 1; /* for NUL */
|
||||
|
||||
while (sptr != stop && dptr != dtop) {
|
||||
if (*sptr == '\\') {
|
||||
u_char uch = (u_char)*sptr++;
|
||||
if (uch == '\\') {
|
||||
dptr = add_string(dptr, dtop, "\\\\");
|
||||
} else if (isprint(*sptr)) {
|
||||
*dptr++ = *sptr;
|
||||
} else if (isprint(uch)) {
|
||||
*dptr++ = (char)uch;
|
||||
} else {
|
||||
char fbuf[6];
|
||||
snprintf(fbuf, sizeof(fbuf), "\\%03o", *(const u_char*)sptr);
|
||||
snprintf(fbuf, sizeof(fbuf), "\\%03o", uch);
|
||||
dptr = add_string(dptr, dtop, fbuf);
|
||||
}
|
||||
sptr++;
|
||||
}
|
||||
*dptr = '\0';
|
||||
mprintf("%s[%s]: '%s'\n", up->logname, what, s_lbuf);
|
||||
|
@ -55,15 +55,7 @@
|
||||
*
|
||||
* Fudge Factors
|
||||
*
|
||||
* If fudge flag1 is lit, the leap second bit is set in the peer
|
||||
* status word. It should be set early in the day of a leap second
|
||||
* event and set dark on the day after the event.
|
||||
*
|
||||
* Note the fudge time1 and time2 have been deprecated. The fudge time1
|
||||
* was intended to apply a bias offset. This can be done using the Unix
|
||||
* date command. The fudge time2 was intended to apply a bias frequency.
|
||||
* This can be done using the frequency file and/or the freq
|
||||
* configuration command.
|
||||
* None currently supported.
|
||||
*/
|
||||
/*
|
||||
* Local interface definitions
|
||||
@ -179,9 +171,7 @@ local_poll(
|
||||
/*
|
||||
* Ramble through the usual filtering and grooming code, which
|
||||
* is essentially a no-op and included mostly for pretty
|
||||
* billboards. We allow a one-time time adjustment using fudge
|
||||
* time1 (s) and a continuous frequency adjustment using fudge
|
||||
* time 2 (ppm).
|
||||
* billboards.
|
||||
*/
|
||||
poll_time = current_time;
|
||||
refclock_process_offset(pp, pp->lastrec, pp->lastrec, 0);
|
||||
@ -215,10 +205,6 @@ local_poll(
|
||||
pp->disp = 0;
|
||||
pp->jitter = 0;
|
||||
#else /* KERNEL_PLL LOCKCLOCK */
|
||||
if (pp->sloppyclockflag & CLK_FLAG1)
|
||||
pp->leap = LEAP_ADDSECOND;
|
||||
else
|
||||
pp->leap = LEAP_NOWARNING;
|
||||
pp->disp = DISPERSION;
|
||||
pp->jitter = 0;
|
||||
#endif /* KERNEL_PLL LOCKCLOCK */
|
||||
|
@ -810,9 +810,10 @@ nmea_receive(
|
||||
ZERO(tofs);
|
||||
ZERO(date);
|
||||
ZERO(gpsw);
|
||||
sentence = 0;
|
||||
rc_date = 0;
|
||||
rc_time = 0;
|
||||
sentence = 0; // Should never be needed.
|
||||
rc_date = 0; // Should never be needed.
|
||||
rc_time = 0; // Should never be needed.
|
||||
|
||||
/*
|
||||
* Read the timecode and timestamp, then initialise field
|
||||
* processing. The <CR><LF> at the NMEA line end is translated
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user