doc: update NEWS

Include all authors from the git repository.

.gitignore

@@ -1,19 +1,28 @@
 .deps
 .vimrc
+*.gcda
+*.gcno
 *.o
 *.swp
-RELEASES
-Makefile
-chrony.conf.5
-chrony.info
-chrony.html
-chrony.texi
-chrony.txt
-chronyc
-chronyc.1
-chronyd
-chronyd.8
-config.h
-config.log
+*.dSYM
+*.DS_Store
+core.*
 tags
-version.h
+/RELEASES
+/Makefile
+/chronyc
+/chronyd
+/config.h
+/config.log
+/doc/Makefile
+/doc/*.html
+/doc/*.man
+/doc/*.man.in
+/doc/*.txt
+/getdate.c
+/version.h
+/test/simulation/clknetsim
+/test/simulation/tmp
+/test/unit/Makefile
+/test/unit/*.test
+/test/unit/*.o

INSTALL

@@ -1,95 +0,0 @@
-The software is distributed as source code which has to be compiled.
-
-PARTS OF THE SOFTWARE ARE HIGHLY SYSTEM-SPECIFIC AND NON-PORTABLE.
-UNLESS YOU ARE RUNNING A SUPPORTED SYSTEM, BE PREPARED FOR SOME
-PROGRAMMING!
-
-After unpacking the source code, change directory into it, and type
-
-    ./configure
-
-This is a shell script that automatically determines the system type.
-There is a single optional parameter, --prefix which indicates the
-directory tree where the software should be installed.  For example,
-
-    ./configure --prefix=/opt/free
-
-will install the chronyd daemon into /opt/free/sbin and the chronyc
-control program into /opt/free/bin.  The default value for the prefix
-is /usr/local.
-
-The configure script assumes you want to use gcc as your compiler.
-If you want to use a different compiler, you can configure this way:
-
-    CC=cc CFLAGS=-O ./configure --prefix=/opt/free
-
-for Bourne-family shells, or
-    
-    setenv CC cc
-    setenv CFLAGS -O
-    ./configure --prefix=/opt/free
-
-for C-family shells.
-
-If the software cannot (yet) be built on your system, an error message
-will be shown.  Otherwise, `Makefile' will be generated.
-
-If editline or readline library is available, chronyc will be built
-with line editing support.  If you don't want this, specify the
---disable-readline flag to configure.  Please refer to the chrony.txt
-file for more information.
-
-If a `timepps.h' header is available, chronyd will be built with PPS
-API reference clock driver.  If the header is installed in a location
-that isn't normally searched by the compiler, you can add it to the
-searched locations by setting CPPFLAGS variable to -I/path/to/timepps.
-
-Now type
-
-    make
-
-to build the programs.
-
-If you want to build the manual in plain text, HTML and info versions, type
-
-    make docs
-
-Once the programs have been successfully compiled, they need to be
-installed in their target locations.  This step normally needs to be
-performed by the superuser, and requires the following command to be
-entered.
-
-    make install
-
-This will install the binaries, plain text manual and manpages.
-
-To install the HTML and info versions of the manual as well, enter the command
-
-    make install-docs
-
-If you want chrony to appear in the top level info directory listing, you need
-to run the install-info command manually after this step.  install-info takes 2
-arguments.  The first is the path to the chrony.info file you have just
-installed.  This will be the argument you gave to --prefix when you configured
-(/usr/local by default), with /share/info/chrony.info on the end.  The second
-argument is the location of the file called 'dir'.  This will typically be
-/usr/share/info/dir.  So the typical command line would be
-
-    install-info /usr/local/share/info/chrony.info /usr/share/info/dir
-
-Now that the software is successfully installed, the next step is to
-set up a configuration file.  The contents of this depend on the
-network environment in which the computer operates.  Typical scenarios
-are described in the manual.  The simplest case is for a computer with
-a permanent Internet connection - suppose you want to use public NTP
-servers from the pool.ntp.org project as your time reference.  You would
-create an /etc/chrony.conf file containing
-
-    server 0.pool.ntp.org
-    server 1.pool.ntp.org
-    server 2.pool.ntp.org
-    driftfile /var/lib/chrony/drift
-
-and then run /usr/local/sbin/chronyd.
-
-

Makefile.in

@@ -24,9 +24,6 @@
 SYSCONFDIR=@SYSCONFDIR@
 BINDIR=@BINDIR@
 SBINDIR=@SBINDIR@
-MANDIR=@MANDIR@
-INFODIR=@INFODIR@
-DOCDIR=@DOCDIR@
 LOCALSTATEDIR=@LOCALSTATEDIR@
 CHRONYVARDIR=@CHRONYVARDIR@
 
@@ -38,18 +35,13 @@ DESTDIR=
 
 HASH_OBJ = @HASH_OBJ@
 
-OBJS = util.o sched.o regress.o local.o \
-	sys.o main.o ntp_io.o ntp_core.o ntp_sources.o \
-	sources.o sourcestats.o reference.o \
-	logging.o conf.o cmdmon.o keys.o \
-	nameserv.o acquire.o manual.o addrfilt.o \
-	cmdparse.o mkdirpp.o rtc.o pktlength.o clientlog.o \
-	broadcast.o refclock.o refclock_shm.o refclock_sock.o \
-	refclock_pps.o tempcomp.o $(HASH_OBJ)
+OBJS = array.o cmdparse.o conf.o local.o logging.o main.o memory.o \
+       reference.o regress.o rtc.o samplefilt.o sched.o sources.o sourcestats.o stubs.o \
+       smooth.o sys.o sys_null.o tempcomp.o util.o $(HASH_OBJ)
 
 EXTRA_OBJS=@EXTRA_OBJECTS@
 
-CLI_OBJS = client.o nameserv.o getdate.o cmdparse.o \
+CLI_OBJS = array.o client.o cmdparse.o getdate.o memory.o nameserv.o \
            pktlength.o util.o $(HASH_OBJ)
 
 ALL_OBJS = $(OBJS) $(EXTRA_OBJS) $(CLI_OBJS)
@@ -66,26 +58,27 @@ EXTRA_CLI_LIBS=@EXTRA_CLI_LIBS@
 all : chronyd chronyc
 
 chronyd : $(OBJS) $(EXTRA_OBJS)
-	$(CC) $(CFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LDFLAGS) @HASH_LINK@ $(LIBS) $(EXTRA_LIBS)
+	$(CC) $(CFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_LIBS)
 
 chronyc : $(CLI_OBJS)
-	$(CC) $(CFLAGS) -o chronyc $(CLI_OBJS) $(LDFLAGS) @READLINE_LINK@ @HASH_LINK@ $(LIBS) $(EXTRA_CLI_LIBS)
-
-client.o : client.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) @READLINE_COMPILE@ -c $<
-
-$(HASH_OBJ) : $(patsubst %.o,%.c,$(HASH_OBJ))
-	$(CC) $(CFLAGS) $(CPPFLAGS) @HASH_COMPILE@ -c $<
+	$(CC) $(CFLAGS) -o chronyc $(CLI_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_CLI_LIBS)
 
 distclean : clean
-	-rm -f Makefile
-	-rm -f chrony.conf.5 chrony.texi chronyc.1 chronyd.8
+	$(MAKE) -C doc distclean
+	$(MAKE) -C test/unit distclean
+	-rm -f .DS_Store
+	-rm -f Makefile config.h config.log
 
 clean :
-	-rm -f *.o *.s chronyc chronyd core *~ chrony.info chrony.html chrony.txt
+	-rm -f *.o *.s chronyc chronyd core.* *~
+	-rm -f *.gcda *.gcno
 	-rm -rf .deps
+	-rm -rf *.dSYM
 
-getdate.c : ;
+getdate.c : getdate.y
+	bison -o getdate.c getdate.y
+
+# This can be used to force regeneration of getdate.c
 getdate :
 	bison -o getdate.c getdate.y
 
@@ -96,11 +89,6 @@ install: chronyd chronyc
 	[ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR)
 	[ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR)
 	[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
-	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
-	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
-	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
 	[ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR)
 	if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi
 	if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi
@@ -108,20 +96,13 @@ install: chronyd chronyc
 	chmod 755 $(DESTDIR)$(SBINDIR)/chronyd
 	cp chronyc $(DESTDIR)$(BINDIR)/chronyc
 	chmod 755 $(DESTDIR)$(BINDIR)/chronyc
-	cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt
-	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt
-	cp COPYING $(DESTDIR)$(DOCDIR)/COPYING
-	chmod 644 $(DESTDIR)$(DOCDIR)/COPYING
-	cp README $(DESTDIR)$(DOCDIR)/README
-	chmod 644 $(DESTDIR)$(DOCDIR)/README
-	cp chrony.1 $(DESTDIR)$(MANDIR)/man1
-	chmod 644 $(DESTDIR)$(MANDIR)/man1/chrony.1
-	cp chronyc.1 $(DESTDIR)$(MANDIR)/man1
-	chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1
-	cp chronyd.8 $(DESTDIR)$(MANDIR)/man8
-	chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8
-	cp chrony.conf.5 $(DESTDIR)$(MANDIR)/man5
-	chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+	$(MAKE) -C doc install
+
+docs :
+	$(MAKE) -C doc docs
+
+install-docs :
+	$(MAKE) -C doc install-docs
 
 %.o : %.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
@@ -129,31 +110,24 @@ install: chronyd chronyc
 %.s : %.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -S $<
 
-install-docs : docs
-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
-	cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt
-	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt
-	cp chrony.html $(DESTDIR)$(DOCDIR)/chrony.html
-	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.html
-	[ -d $(DESTDIR)$(INFODIR) ] || mkdir -p $(DESTDIR)$(INFODIR)
-	cp chrony.info* $(DESTDIR)$(INFODIR)
-	chmod 644 $(DESTDIR)$(INFODIR)/chrony.info*
+quickcheck : chronyd chronyc
+	$(MAKE) -C test/unit check
+	cd test/simulation && ./run
+	cd test/system && ./run
 
-docs : chrony.txt chrony.html chrony.info
+check : chronyd chronyc
+	$(MAKE) -C test/unit check
+	cd test/simulation && ./run -i 20 -m 2
+	cd test/system && ./run
 
-chrony.txt : chrony.texi
-	makeinfo --no-headers --number-sections -o chrony.txt chrony.texi
+print-chronyd-objects :
+	@echo $(OBJS) $(EXTRA_OBJS)
 
-chrony.html : chrony.texi
-	command -v texi2html > /dev/null 2>&1 && texi2html chrony.texi || \
-	  makeinfo --no-split --html --number-sections -o chrony.html chrony.texi
-
-chrony.info : chrony.texi
-	makeinfo chrony.texi
-
-# This is only relevant if you're maintaining the website!
-faq.php : faq.txt faqgen.pl
-	perl faqgen.pl < faq.txt > faq.php
+Makefile : Makefile.in configure
+	@echo
+	@echo Makefile needs to be regenerated, run ./configure
+	@echo
+	@exit 1
 
 .deps:
 	@mkdir .deps

NEWS

@@ -1,3 +1,430 @@
+New in version 3.5
+==================
+
+Enhancements
+------------
+* Add support for more accurate reading of PHC on Linux 5.0
+* Add support for memory locking and real-time priority on FreeBSD,
+  NetBSD, Solaris
+* Update seccomp filter to work on more architectures
+* Validate refclock driver options
+
+Bug fixes
+---------
+* Fix bindaddress directive on FreeBSD
+* Fix transposition of hardware RX timestamp on Linux 4.13 and later
+* Fix building on non-glibc systems
+
+New in version 3.4
+==================
+
+Enhancements
+------------
+* Add filter option to server/pool/peer directive
+* Add minsamples and maxsamples options to hwtimestamp directive
+* Add support for faster frequency adjustments in Linux 4.19
+* Change default pidfile to /var/run/chrony/chronyd.pid to allow
+  chronyd without root privileges to remove it on exit
+* Disable sub-second polling intervals for distant NTP sources
+* Extend range of supported sub-second polling intervals
+* Get/set IPv4 destination/source address of NTP packets on FreeBSD
+* Make burst options and command useful with short polling intervals
+* Modify auto_offline option to activate when sending request failed
+* Respond from interface that received NTP request if possible
+* Add onoffline command to switch between online and offline state
+  according to current system network configuration
+* Improve example NetworkManager dispatcher script
+
+Bug fixes
+---------
+* Avoid waiting in Linux getrandom system call
+* Fix PPS support on FreeBSD and NetBSD
+
+New in version 3.3
+==================
+
+Enhancements
+------------
+* Add burst option to server/pool directive
+* Add stratum and tai options to refclock directive
+* Add support for Nettle crypto library
+* Add workaround for missing kernel receive timestamps on Linux
+* Wait for late hardware transmit timestamps
+* Improve source selection with unreachable sources
+* Improve protection against replay attacks on symmetric mode
+* Allow PHC refclock to use socket in /var/run/chrony
+* Add shutdown command to stop chronyd
+* Simplify format of response to manual list command
+* Improve handling of unknown responses in chronyc
+
+Bug fixes
+---------
+* Respond to NTPv1 client requests with zero mode
+* Fix -x option to not require CAP_SYS_TIME under non-root user
+* Fix acquisitionport directive to work with privilege separation
+* Fix handling of socket errors on Linux to avoid high CPU usage
+* Fix chronyc to not get stuck in infinite loop after clock step
+
+New in version 3.2
+==================
+
+Enhancements
+------------
+* Improve stability with NTP sources and reference clocks
+* Improve stability with hardware timestamping
+* Improve support for NTP interleaved modes
+* Control frequency of system clock on macOS 10.13 and later
+* Set TAI-UTC offset of system clock with leapsectz directive
+* Minimise data in client requests to improve privacy
+* Allow transmit-only hardware timestamping
+* Add support for new timestamping options introduced in Linux 4.13
+* Add root delay, root dispersion and maximum error to tracking log
+* Add mindelay and asymmetry options to server/peer/pool directive
+* Add extpps option to PHC refclock to timestamp external PPS signal
+* Add pps option to refclock directive to treat any refclock as PPS
+* Add width option to refclock directive to filter wrong pulse edges
+* Add rxfilter option to hwtimestamp directive
+* Add -x option to disable control of system clock
+* Add -l option to log to specified file instead of syslog
+* Allow multiple command-line options to be specified together
+* Allow starting without root privileges with -Q option
+* Update seccomp filter for new glibc versions
+* Dump history on exit by default with dumpdir directive
+* Use hardening compiler options by default
+
+Bug fixes
+---------
+* Don't drop PHC samples with low-resolution system clock
+* Ignore outliers in PHC tracking, RTC tracking, manual input
+* Increase polling interval when peer is not responding
+* Exit with error message when include directive fails
+* Don't allow slash after hostname in allow/deny directive/command
+* Try to connect to all addresses in chronyc before giving up
+
+New in version 3.1
+==================
+
+Enhancements
+------------
+* Add support for precise cross timestamping of PHC on Linux
+* Add minpoll, precision, nocrossts options to hwtimestamp directive
+* Add rawmeasurements option to log directive and modify measurements
+  option to log only valid measurements from synchronised sources
+* Allow sub-second polling interval with NTP sources
+
+Bug fixes
+---------
+* Fix time smoothing in interleaved mode
+
+New in version 3.0
+==================
+
+Enhancements
+------------
+* Add support for software and hardware timestamping on Linux
+* Add support for client/server and symmetric interleaved modes
+* Add support for MS-SNTP authentication in Samba
+* Add support for truncated MACs in NTPv4 packets
+* Estimate and correct for asymmetric network jitter
+* Increase default minsamples and polltarget to improve stability
+  with very low jitter
+* Add maxjitter directive to limit source selection by jitter
+* Add offset option to server/pool/peer directive
+* Add maxlockage option to refclock directive
+* Add -t option to chronyd to exit after specified time
+* Add partial protection against replay attacks on symmetric mode
+* Don't reset polling interval when switching sources to online state
+* Allow rate limiting with very short intervals
+* Improve maximum server throughput on Linux and NetBSD
+* Remove dump files after start
+* Add tab-completion to chronyc with libedit/readline
+* Add ntpdata command to print details about NTP measurements
+* Allow all source options to be set in add server/peer command
+* Indicate truncated addresses/hostnames in chronyc output
+* Print reference IDs as hexadecimal numbers to avoid confusion with
+  IPv4 addresses
+
+Bug fixes
+---------
+* Fix crash with disabled asynchronous name resolving
+
+New in version 2.4.1
+====================
+
+Bug fixes
+---------
+* Fix processing of kernel timestamps on non-Linux systems
+* Fix crash with smoothtime directive
+* Fix validation of refclock sample times
+* Fix parsing of refclock directive
+
+New in version 2.4
+==================
+
+Enhancements
+------------
+* Add orphan option to local directive for orphan mode compatible with ntpd
+* Add distance option to local directive to set activation threshold
+  (1 second by default)
+* Add maxdrift directive to set maximum allowed drift of system clock
+* Try to replace NTP sources exceeding maximum distance
+* Randomise source replacement to avoid getting stuck with bad sources
+* Randomise selection of sources from pools on start
+* Ignore reference timestamp as ntpd doesn't always set it correctly
+* Modify tracking report to use same values as seen by NTP clients
+* Add -c option to chronyc to write reports in CSV format
+* Provide detailed manual pages
+
+Bug fixes
+---------
+* Fix SOCK refclock to work correctly when not specified as last refclock
+* Fix initstepslew and -q/-Q options to accept time from own NTP clients
+* Fix authentication with keys using 512-bit hash functions
+* Fix crash on exit when multiple signals are received
+* Fix conversion of very small floating-point numbers in command packets
+
+Removed features
+----------------
+* Drop documentation in Texinfo format
+
+New in version 2.3
+==================
+
+Enhancements
+------------
+* Add support for NTP and command response rate limiting
+* Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
+* Add require and trust options for source selection
+* Enable logchange by default (1 second threshold)
+* Set RTC on Mac OS X with rtcsync directive
+* Allow binding to NTP port after dropping root privileges on NetBSD
+* Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
+* Resolve names in separate process when seccomp filter is enabled
+* Replace old records in client log when memory limit is reached
+* Don't reveal local time and synchronisation state in client packets
+* Don't keep client sockets open for longer than necessary
+* Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly
+* Warn when using keys shorter than 80 bits
+* Add keygen command to generate random keys easily
+* Add serverstats command to report NTP and command packet statistics
+
+Bug fixes
+---------
+* Fix clock correction after making step on Mac OS X
+* Fix building on Solaris
+
+New in version 2.2.1
+====================
+
+Security fixes
+--------------
+* Restrict authentication of NTP server/peer to specified key (CVE-2016-1567)
+
+New in version 2.2
+==================
+
+Enhancements
+------------
+* Add support for configuration and monitoring over Unix domain socket
+  (accessible by root or chrony user when root privileges are dropped)
+* Add support for system call filtering with seccomp on Linux (experimental)
+* Add support for dropping root privileges on NetBSD
+* Control frequency of system clock on FreeBSD, NetBSD, Solaris
+* Add system leap second handling mode on FreeBSD, NetBSD, Solaris
+* Add dynamic drift removal on Mac OS X
+* Add support for setting real-time priority on Mac OS X
+* Add maxdistance directive to limit source selection by root distance
+  (3 seconds by default)
+* Add refresh command to get new addresses of NTP sources
+* Allow wildcard patterns in include directive
+* Restore time from driftfile with -s option if later than RTC time
+* Add configure option to set default hwclockfile
+* Add -d option to chronyc to enable debug messages
+* Allow multiple addresses to be specified for chronyc with -h option
+  and reconnect when no valid reply is received
+* Make check interval in waitsync command configurable
+
+Bug fixes
+---------
+* Fix building on NetBSD, Solaris
+* Restore time from driftfile with -s option if reading RTC failed
+
+Removed features
+----------------
+* Drop support for authentication with command key (run-time configuration
+  is now allowed only for local users that can access the Unix domain socket)
+
+New in version 2.1.1
+====================
+
+Bug fixes
+---------
+* Fix clock stepping by integer number of seconds on Linux
+
+New in version 2.1
+==================
+
+Enhancements
+------------
+* Add support for Mac OS X
+* Try to replace unreachable and falseticker servers/peers specified
+  by name like pool sources
+* Add leaponly option to smoothtime directive to allow synchronised
+  leap smear between multiple servers
+* Use specific reference ID when smoothing served time
+* Add smoothing command to report time smoothing status
+* Add smoothtime command to activate or reset time smoothing
+
+Bug fixes
+---------
+* Fix crash in source selection with preferred sources
+* Fix resetting of time smoothing
+* Include packet precision in peer dispersion
+* Fix crash in chronyc on invalid command syntax
+
+New in version 2.0
+==================
+
+Enhancements
+------------
+* Update to NTP version 4 (RFC 5905)
+* Add pool directive to specify pool of NTP servers
+* Add leapsecmode directive to select how to correct clock for leap second
+* Add smoothtime directive to smooth served time and enable leap smear
+* Add minsources directive to set required number of selectable sources
+* Add minsamples and maxsamples options for all sources
+* Add tempcomp configuration with list of points
+* Allow unlimited number of NTP sources, refclocks and keys
+* Allow unreachable sources to remain selected
+* Improve source selection
+* Handle offline sources as unreachable
+* Open NTP server port only when necessary (client access is allowed by
+  allow directive/command or peer/broadcast is configured)
+* Change default bindcmdaddress to loopback address
+* Change default maxdelay to 3 seconds
+* Change default stratumweight to 0.001
+* Update adjtimex synchronisation status
+* Use system headers for adjtimex
+* Check for memory allocation errors
+* Reduce memory usage
+* Add configure options to compile without NTP, cmdmon, refclock support
+* Extend makestep command to set automatic clock stepping
+
+Bug fixes
+---------
+* Add sanity checks for time and frequency offset
+* Don't report synchronised status during leap second
+* Don't combine reference clocks with close NTP sources
+* Fix accepting requests from configured sources
+* Fix initial fallback drift setting
+
+New in version 1.31.1
+=====================
+
+Security fixes
+--------------
+* Protect authenticated symmetric NTP associations against DoS attacks
+  (CVE-2015-1853)
+* Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821)
+* Fix initialization of reply slots for authenticated commands (CVE-2015-1822)
+
+New in version 1.31
+===================
+
+Enhancements
+------------
+* Support operation in other NTP eras (next era begins in 2036),
+  NTP time is mapped to [-50, +86] years around build date by default
+* Restore time from driftfile with -s when RTC is missing/unsupported
+* Close connected client sockets when not waiting for reply
+* Use one client socket with random port when acquisitionport is 0
+* Use NTP packets instead of UDP echo for presend
+* Don't adjust polling interval when sending fails
+* Allow binding to addresses that don't exist yet
+* Ignore measurements around leap second
+* Improve detection of unexpected time jumps
+* Include example of logrotate configuration, systemd services and
+  NetworkManager dispatcher script
+
+Bug fixes
+---------
+* Reconnect client sockets for each request to follow changes
+  in network configuration automatically
+* Restart timer when polling interval is changed on reset
+
+New in version 1.30
+===================
+
+Enhancements
+------------
+* Add asynchronous name resolving with POSIX threads
+* Add PTP hardware clock (PHC) refclock driver
+* Add new generic clock driver to slew by adjusting frequency only
+  (without kernel PLL or adjtime) and use it on Linux
+* Add rtcautotrim directive to trim RTC automatically
+* Add hwclockfile directive to share RTC LOCAL/UTC setting with hwclock
+* Add maxslewrate directive to set maximum allowed slew rate
+* Add maxdispersion option for refclocks
+* Add -q/-Q options to set clock/print offset once and exit
+* Allow directives to be specified on chronyd command line
+* Replace frequency scaling in Linux driver with retaining of tick
+* Try to detect unexpected forward time jumps and reset state
+* Exit with non-zero code when maxchange limit is reached
+* Improve makestep to not start and stop slew unnecessarily
+* Change default corrtimeratio to 3.0 to improve frequency accuracy
+* Announce leap second only on last day of June and December
+* Use separate connected client sockets for each NTP server
+* Remove separate NTP implementation used for initstepslew
+* Limit maximum minpoll set by KoD RATE to default maxpoll
+* Don't send NTP requests with unknown key
+* Print warning when source is added with unknown key
+* Take leap second in PPS refclock from locked source
+* Make reading of RTC for initial trim more reliable
+* Don't create cmdmon sockets when cmdport is 0
+* Add configure option to set default user to drop root privileges
+* Add configure option to compile with debug messages
+* Print debug messages when -d is used more than once
+* Change format of messages written to terminal with -d
+* Write fatal messages also to stderr with -n
+* Use IP_RECVERR socket option in chronyc to not wait unnecessarily
+* Shorten default chronyc timeout for localhost
+* Change default hostname in chronyc from localhost to 127.0.0.1
+* Print error message on invalid syntax with all chronyc commands
+* Include simulation test suite using clknetsim
+
+Bug fixes
+---------
+* Fix crash when selecting with multiple preferred sources
+* Fix frequency calculation with large frequency offsets
+* Fix code writing drift and RTC files to compile correctly
+* Fix -4/-6 options in chronyc to not reset hostname set by -h
+* Fix refclock sample validation with sub-second polling interval
+* Set stratum correctly with non-PPS SOCK refclock and local stratum
+* Modify dispersion accounting in refclocks to prevent PPS getting
+  stuck with large dispersion and not accepting new samples
+
+New in version 1.29.1
+=====================
+
+Security fixes
+--------------
+* Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021)
+  (incompatible with previous protocol version, chronyc supports both)
+
+New in version 1.29
+===================
+
+Security fixes
+--------------
+* Fix crash when processing crafted commands (CVE-2012-4502)
+  (possible with IP addresses allowed by cmdallow and localhost)
+* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES
+  replies (CVE-2012-4503) (not used by chronyc)
+
+Other changes
+-------------
+* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
+
 New in version 1.28
 ===================
 

README

@@ -2,88 +2,54 @@ This is the README for chrony.
 
 What is chrony?
 ===============
-Chrony is a pair of programs for maintaining the accuracy of computer
-clocks.
 
-chronyd is a (background) daemon program that can be started at boot
-time.  This does most of the work.
+chrony is a versatile implementation of the Network Time Protocol (NTP).
+It can synchronise the system clock with NTP servers, reference clocks
+(e.g. GPS receiver), and manual input using wristwatch and keyboard.
+It can also operate as an NTPv4 (RFC 5905) server and peer to provide
+a time service to other computers in the network.
 
-chronyc is a command-line interface program which can be used to
-monitor chronyd's performance and to change various operating
-parameters whilst it is running.
+It is designed to perform well in a wide range of conditions, including
+intermittent network connections, heavily congested networks, changing
+temperatures (ordinary computer clocks are sensitive to temperature),
+and systems that do not run continuosly, or run on a virtual machine.
 
-chronyd's main function is to obtain measurements of the true (UTC)
-time from one of several sources, and correct the system clock
-accordingly.  It also works out the rate at which the system clock
-gains or loses time and uses this information to keep it accurate
-between measurements from the reference.
-
-The reference time can be derived from Network Time Protocol (NTP)
-servers, reference clocks, or wristwatch-and-keyboard (via chronyc).
-The main source of information about the Network Time Protocol is
-http://www.ntp.org.
-
-It is designed so that it can work on computers which only have
-intermittent access to reference sources, for example computers which
-use a dial-up account to access the Internet or laptops.  Of course, it
-will work well on computers with permanent connections too.
-
-In addition, on Linux it can monitor the system's real time clock
-performance, so the system can maintain accurate time even across
-reboots.
-
-Typical accuracies available between 2 machines are
-
-On an ethernet LAN : 100-200 microseconds, often much better
-On a V32bis dial-up modem connection : 10's of milliseconds (from one
-session to the next)
-
-With a good reference clock the accuracy can reach one microsecond.
-
-chronyd can also operate as an RFC1305-compatible NTP server and peer.
+Typical accuracy between two machines synchronised over the Internet is
+within a few milliseconds; on a LAN, accuracy is typically in tens of
+microseconds.  With hardware timestamping, or a hardware reference clock,
+sub-microsecond accuracy may be possible.
 
+Two programs are included in chrony, chronyd is a daemon that can be
+started at boot time and chronyc is a command-line interface program
+which can be used to monitor chronyd's performance and to change various
+operating parameters whilst it is running.
 
 What will chrony run on?
 ========================
 
-Chrony can be successfully built and run on
-
-1. Linux 2.2.x, 2.3.x, 2.4.x, 2.6.x, 3.x
-
-2. Solaris 2.5/2.5.1/2.6/2.7/2.8 (various platforms) 
-
-3. SunOS 4.1.4 (Sparc 2 and Sparc 20)
-
-4. BSD/386 v1.1 has been reported to work using the SunOS 4.1 driver.
-
-5. NetBSD.
-
-Any other system will require a porting exercise.  You would need to
-start from one of the existing system-specific drivers and look into
-the quirks of certain system calls and the kernel on your target
-system.  (This is described in the manual).
+The software is known to work on Linux, FreeBSD, NetBSD, macOS and
+Solaris.  Closely related systems may work too.  Any other system will
+likely require a porting exercise.  You would need to start from one
+of the existing system-specific drivers and look into the quirks of
+certain system calls and the kernel on your target system.
 
 How do I set it up?
 ===================
 
 The file INSTALL gives instructions.  On supported systems the
-compilation process should be automatic.
-
-You will need an ANSI C compiler -- gcc is recommended.
-
-The manual (in texinfo and text formats) describes how to set the
-software up for the less straightforward cases.
+compilation process should be automatic.  You will need a C compiler,
+e.g. gcc or clang.
 
 What documentation is there?
 ============================
 
-A manual is supplied in Texinfo format (chrony.texi) and
-ready-formatted plain text (chrony.txt) in the distribution.
+The distribution includes manual pages and a document containing
+Frequently Asked Questions (FAQ).
 
-There is also information available on the chrony web pages, accessible
+The documentation is also available on the chrony web pages, accessible
 through the URL 
 
-    http://chrony.tuxfamily.org/
+    https://chrony.tuxfamily.org/
 
 Where are new versions announced?
 =================================
@@ -94,8 +60,7 @@ by sending mail with the subject "subscribe" to
 
 chrony-announce-request@chrony.tuxfamily.org
 
-These messages will be copied to chrony-users (see below).  New versions
-are announced also on Freshmeat (http://freshmeat.net/).
+These messages will be copied to chrony-users (see below).
 
 How can I get support for chrony?
 and where can I discuss new features, possible bugs etc?
@@ -115,131 +80,85 @@ chrony-dev-request@chrony.tuxfamily.org
 
 as applicable.
 
+When you are reporting a bug, please send us all the information you can.
+Unfortunately, chrony has proven to be one of those programs where it is very
+difficult to reproduce bugs in a different environment. So we may have to
+interact with you quite a lot to obtain enough extra logging and tracing to
+pin-point the problem in some cases. Please be patient and plan for this!
 
-Author
-======
+License
+=======
+
+chrony is distributed under the GNU General Public License version 2.
+
+Authors
+=======
 
 Richard P. Curnow <rc@rc0.org.uk>
-
-
-Maintainers
-===========
-
-John Hasler <john@dhh.gt.org>
 Miroslav Lichvar <mlichvar@redhat.com>
 
-
 Acknowledgements
 ================
 
+In writing the chronyd program, extensive use has been made of RFC 1305
+and RFC 5905, written by David Mills. The source code of the NTP reference
+implementation has been used to check the details of the protocol.
+
 The following people have provided patches and other major contributions
 to the program :
 
+Lonnie Abelbeck <lonnie@abelbeck.com>
 Benny Lyne Amorsen <benny@amorsen.dk>
-    Patch to add minstratum option
-
 Andrew Bishop <amb@gedanken.demon.co.uk>
-    Fixes for bugs in logging when in daemon mode
-    Fixes for compiler warnings
-    Robustness improvements for drift file
-    Improve installation (directory checking etc)
-    Entries in contrib directory
-    Improvements to 'sources' and 'sourcestats' output from chronyc
-    Improvements to documentation
-    Investigation of required dosynctodr behaviour for various Solaris
-      versions.
-
+Vincent Blut <vincent.debian@free.fr>
 Stephan I. Boettcher <stephan@nevis1.columbia.edu>
-    Entries in contrib directory
-
+Goswin Brederlow <brederlo@informatik.uni-tuebingen.de>
+Leigh Brown <leigh@solinno.co.uk>
 Erik Bryer <ebryer@spots.ab.ca>
-    Entries in contrib directory
-
+Jonathan Cameron <jic23@cam.ac.uk>
+Bryan Christianson <bryan@whatroute.net>
 Juliusz Chroboczek <jch@pps.jussieu.fr>
-    Fix install rule in Makefile if chronyd file is in use.
-
+Christian Ehrhardt <christian.ehrhardt@canonical.com>
 Paul Elliott <pelliott@io.com>
-    DNSchrony (in contrib directory), a tool for handling NTP servers
-    with variable IP addresses.
-
+Stefan R. Filipek <srfilipek@gmail.com>
 Mike Fleetwood <mike@rockover.demon.co.uk>
-    Fixes for compiler warnings
-
 Alexander Gretencord <arutha@gmx.de>
-    Changes to installation directory system to make it easier for
-    package builders.
-
+Andrew Griffiths <agriffit@redhat.com>
 Walter Haidinger <walter.haidinger@gmx.at>
-    Providing me with login access to a Linux installation where v1.12
-    wouldn't compile, so I could develop the fixes for v1.13.  Also, for
-    providing the disc space so I can keep an independent backup of the
-    sources.
-
 Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
-    Port to NetBSD
-
 John Hasler <john@dhh.gt.org>
-    Changes to support 64 bit machines (i.e. those where
-      sizeof(unsigned long) > 4)
-    Bug fix to initstepslew directive
-    Fix to remove potential buffer overrun errors.
-    Memory locking and real-time scheduler support
-    Fix fault where chronyd enters an endless loop
-
+Tjalling Hattink <t.hattink@fugro.nl>
 Liam Hatton <me@liamhatton.com>
-    Advice on configuring for Linux on PPC
-
 Jachym Holecek <jakym@volny.cz>
-    Patch to make Linux real time clock work with devfs
-
 Håkan Johansson <f96hajo@chalmers.se>
-    Patch to avoid large values in sources and sourcestats output
-
 Jim Knoble <jmknoble@pobox.com>
-    Fixes for compiler warnings
-
 Antti Jrvinen <costello@iki.fi>
-    Advice on configuring for BSD/386
-
-Miroslav Lichvar <mlichvar@redhat.com>
-    Reference clock support
-    IPv6 support
-    Linux capabilities support
-    Leap second support
-    Improved source selection
-    Improved sample history trimming
-    Improved polling interval adjustment
-    Improved stability with temporary asymmetric delays
-    Temperature compensation
-    Many other bug fixes and improvements
-
+Eric Lammerts <eric@lammerts.org>
+Stefan Lucke <stefan@lucke.in-berlin.de>
+Victor Lum <viclum@vanu.com>
+Kevin Lyda <kevin@ie.suberic.net>
+Paul Menzel <paulepanter@users.sourceforge.net>
+Vladimir Michl <vladimir.michl@seznam.cz>
 Victor Moroz <vim@prv.adlum.ru>
-    Patch to support Linux with HZ!=100
-
 Kalle Olavi Niemitalo  <tosi@stekt.oulu.fi>
-    acquisitionport support
-
 Frank Otto <sandwichmacher@web.de>
-    Handling arbitrary HZ values
-
+Denny Page <dennypage@me.com>
+Chris Perl <cperl@janestreet.com>
+Gautier PHILIPPON <gautier.philippon@ensimag.grenoble-inp.fr>
 Andreas Piesk <apiesk@virbus.de>
-    Patch to make chronyc use the readline library if available
-
+Andreas Steinmetz <ast@domdv.de>
+NAKAMURA Takumi <takumi@ps.sakura.ne.jp>
 Timo Teras <timo.teras@iki.fi>
-    Patch to reply correctly on multihomed hosts
-
+Bill Unruh <unruh@physics.ubc.ca>
+Stephen Wadeley <swadeley@redhat.com>
+Bernhard Weiss <lisnablagh@web.de>
 Wolfgang Weisselberg <weissel@netcologne.de>
-    Entries in contrib directory
-
+Bernhard M. Wiedemann <bwiedemann@suse.de>
+Joachim Wiedorn <ad_debian@joonet.de>
 Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
-    Many robustness and security improvements
-    
-Ulrich Windl <ulrich.windl@rz.uni-regensburg.de> for the
-    Providing me with information about the Linux 2.2 kernel
-    functionality compared to 2.0.
-
+Ulrich Windl <ulrich.windl@rz.uni-regensburg.de>
 Doug Woodward <dougw@whistler.com>
-    Advice on configuring for Solaris 2.8 on x86
+Thomas Zajic <zlatko@zlatko.fdns.net>
 
-Many other people have contributed bug reports and suggestions.  I'm
-sorry I can't identify all of you individually.
+Many other people have contributed bug reports and suggestions.  We are sorry
+we cannot identify all of you individually.

acquire.c

@@ -1,796 +0,0 @@
-/*
-  chronyd/chronyc - Programs for keeping computer clocks accurate.
-
- **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2003
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- * 
- **********************************************************************
-
-  =======================================================================
-
-  Processing to perform the equivalent of what ntpdate does.  That is,
-  make a rapid-fire set of measurements to a designated set of
-  sources, and step or slew the local clock to bring it into line with
-  the result.
-
-  This is kept completely separate of the main chronyd processing, by
-  using a separate socket for sending/receiving the measurement
-  packets.  That way, ntp_core.c can be kept completely independent of
-  this functionality.
-  
-  A few of the finer points of how to construct valid RFC1305 packets
-  and validate responses for this case have been cribbed from the
-  ntpdate source.
-
-  */
-
-#include "config.h"
-
-#include "sysincl.h"
-
-#include "acquire.h"
-#include "memory.h"
-#include "sched.h"
-#include "local.h"
-#include "logging.h"
-#include "ntp.h"
-#include "util.h"
-#include "main.h"
-#include "conf.h"
-
-/* ================================================== */
-
-/* Interval between firing off the first sample to successive sources */
-#define INTER_SOURCE_START (0.2)
-
-#define MAX_SAMPLES 8
-
-#define MAX_DEAD_PROBES 4
-#define N_GOOD_SAMPLES 4
-
-#define RETRANSMISSION_TIMEOUT (1.0)
-
-#define NTP_VERSION 3
-#define NTP_MAX_COMPAT_VERSION 4
-#define NTP_MIN_COMPAT_VERSION 2
-
-typedef struct {
-  IPAddr ip_addr;               /* Address of the server */
-  int sanity;                   /* Flag indicating whether source
-                                   looks sane or not */
-  int n_dead_probes;            /* Number of probes sent to the server
-                                   since a good one */
-  int n_samples;                /* Number of samples accumulated */
-  int n_total_samples;          /* Total number of samples received
-                                   including useless ones */
-  double offsets[MAX_SAMPLES];  /* In seconds, positive means local
-                                   clock is fast of reference */
-  double root_distances[MAX_SAMPLES]; /* in seconds */
-  double inter_lo;              /* Low end of estimated range of offset */
-  double inter_hi;              /* High end of estimated range of offset */
-
-  NTP_int64 last_tx;            /* Transmit timestamp in last packet
-                                   transmitted to source. */
-
-  int timer_running;
-  SCH_TimeoutID timeout_id;
-} SourceRecord;
-
-static SourceRecord *sources;
-static int n_sources;
-static int n_started_sources;
-static int n_completed_sources;
-
-static double init_slew_threshold;
-
-union sockaddr_in46 {
-  struct sockaddr_in in4;
-#ifdef HAVE_IPV6
-  struct sockaddr_in6 in6;
-#endif
-  struct sockaddr u;
-};
-
-static int sock_fd4 = -1;
-#ifdef HAVE_IPV6
-static int sock_fd6 = -1;
-#endif
-
-/* ================================================== */
-
-static void (*saved_after_hook)(void *) = NULL;
-static void *saved_after_hook_anything = NULL;
-
-/* ================================================== */
-
-typedef struct {
-  double offset;
-  enum {LO, HIGH} type;
-  int index;
-} Endpoint;
-
-typedef struct {
-  double lo;
-  double hi;
-} Interval;
-
-/* ================================================== */
-
-static void read_from_socket(void *anything);
-static void transmit_timeout(void *x);
-static void wind_up_acquisition(void);
-static void start_source_timeout_handler(void *not_used);
-
-/* ================================================== */
-
-static SCH_TimeoutID source_start_timeout_id;
-
-/* ================================================== */
-
-void
-ACQ_Initialise(void)
-{
-}
-
-
-/* ================================================== */
-
-void
-ACQ_Finalise(void)
-{
-}
-
-/* ================================================== */
-
-static int
-prepare_socket(int family)
-{
-  unsigned short port_number = CNF_GetAcquisitionPort();
-  int sock_fd;
-  socklen_t addrlen;
-
-  sock_fd = socket(family, SOCK_DGRAM, 0);
-
-  if (sock_fd < 0) {
-    LOG_FATAL(LOGF_Acquire, "Could not open socket : %s", strerror(errno));
-  }
-
-  /* Close on exec */
-  UTI_FdSetCloexec(sock_fd);
-
-  if (port_number == 0) {
-    /* Don't bother binding this socket - we're not fussed what port
-       number it gets */
-  } else {
-    union sockaddr_in46 my_addr;
-
-    memset(&my_addr, 0, sizeof (my_addr));
-
-    switch (family) {
-      case AF_INET:
-        my_addr.in4.sin_family = family;
-        my_addr.in4.sin_port = htons(port_number);
-        my_addr.in4.sin_addr.s_addr = htonl(INADDR_ANY);
-        addrlen = sizeof (my_addr.in4);
-        break;
-#ifdef HAVE_IPV6
-      case AF_INET6:
-        my_addr.in6.sin6_family = family;
-        my_addr.in6.sin6_port = htons(port_number);
-        my_addr.in6.sin6_addr = in6addr_any;
-        addrlen = sizeof (my_addr.in6);
-        break;
-#endif
-      default:
-        assert(0);
-    }
-
-    if (bind(sock_fd, &my_addr.u, addrlen) < 0) {
-      LOG(LOGS_ERR, LOGF_Acquire, "Could not bind socket : %s", strerror(errno));
-      /* but keep running */
-    }
-  }
-
-  SCH_AddInputFileHandler(sock_fd, read_from_socket, (void *)(long)sock_fd);
-
-  return sock_fd;
-}
-/* ================================================== */
-
-static void
-initialise_io(int family)
-{
-  if (family == IPADDR_INET4 || family == IPADDR_UNSPEC)
-    sock_fd4 = prepare_socket(AF_INET);
-#ifdef HAVE_IPV6
-  if (family == IPADDR_INET6 || family == IPADDR_UNSPEC)
-    sock_fd6 = prepare_socket(AF_INET6);
-#endif
-}
-
-/* ================================================== */
-
-static void
-finalise_io(void)
-{
-  if (sock_fd4 >= 0) {
-    SCH_RemoveInputFileHandler(sock_fd4);
-    close(sock_fd4);
-  }
-  sock_fd4 = -1;
-#ifdef HAVE_IPV6
-  if (sock_fd6 >= 0) {
-    SCH_RemoveInputFileHandler(sock_fd6);
-    close(sock_fd6);
-  }
-  sock_fd6 = -1;
-#endif
-}
-
-/* ================================================== */
-
-static void
-probe_source(SourceRecord *src)
-{
-  NTP_Packet pkt;
-  int version = NTP_VERSION;
-  NTP_Mode my_mode = MODE_CLIENT;
-  struct timeval cooked;
-  union sockaddr_in46 his_addr;
-  int sock_fd;
-  socklen_t addrlen;
-  uint32_t ts_fuzz;
-
-#if 0
-  printf("Sending probe to %s sent=%d samples=%d\n", UTI_IPToString(&src->ip_addr), src->n_probes_sent, src->n_samples);
-#endif
-
-  pkt.lvm = (((LEAP_Unsynchronised << 6) & 0xc0) |
-             ((version << 3) & 0x38) |
-             ((my_mode) & 0x7));
-
-  pkt.stratum = 0;
-  pkt.poll = 4;
-  pkt.precision = -6; /* as ntpdate */
-  pkt.root_delay = UTI_DoubleToInt32(1.0); /* 1 second */
-  pkt.root_dispersion = UTI_DoubleToInt32(1.0); /* likewise */
-  pkt.reference_id = 0;
-  pkt.reference_ts.hi = 0; /* Set to 0 */
-  pkt.reference_ts.lo = 0; /* Set to 0 */
-  pkt.originate_ts.hi = 0; /* Set to 0 */
-  pkt.originate_ts.lo = 0; /* Set to 0 */
-  pkt.receive_ts.hi = 0;   /* Set to 0 */
-  pkt.receive_ts.lo = 0;   /* Set to 0 */
-
-  /* And do transmission */
-
-  memset(&his_addr, 0, sizeof (his_addr));
-  switch (src->ip_addr.family) {
-    case IPADDR_INET4:
-      his_addr.in4.sin_addr.s_addr = htonl(src->ip_addr.addr.in4);
-      his_addr.in4.sin_port = htons(123); /* Fixed for now */
-      his_addr.in4.sin_family = AF_INET;
-      addrlen = sizeof (his_addr.in4);
-      sock_fd = sock_fd4;
-      break;
-#ifdef HAVE_IPV6
-    case IPADDR_INET6:
-      memcpy(&his_addr.in6.sin6_addr.s6_addr, &src->ip_addr.addr.in6,
-          sizeof (his_addr.in6.sin6_addr.s6_addr));
-      his_addr.in6.sin6_port = htons(123); /* Fixed for now */
-      his_addr.in6.sin6_family = AF_INET6;
-      addrlen = sizeof (his_addr.in6);
-      sock_fd = sock_fd6;
-      break;
-#endif
-    default:
-      assert(0);
-  }
-
-
-  ts_fuzz = UTI_GetNTPTsFuzz(LCL_GetSysPrecisionAsLog());
-  LCL_ReadCookedTime(&cooked, NULL);
-  UTI_TimevalToInt64(&cooked, &pkt.transmit_ts, ts_fuzz);
-
-  if (sendto(sock_fd, (void *) &pkt, NTP_NORMAL_PACKET_SIZE,
-             0,
-             &his_addr.u, addrlen) < 0) {
-    LOG(LOGS_WARN, LOGF_Acquire, "Could not send to %s : %s",
-        UTI_IPToString(&src->ip_addr),
-        strerror(errno));
-  }
-
-  src->last_tx = pkt.transmit_ts;
-
-  ++(src->n_dead_probes);
-  src->timer_running = 1;
-  src->timeout_id = SCH_AddTimeoutByDelay(RETRANSMISSION_TIMEOUT, transmit_timeout, (void *) src);
-}
-
-/* ================================================== */
-
-static void
-transmit_timeout(void *x)
-{
-  SourceRecord *src = (SourceRecord *) x;
-
-  src->timer_running = 0;
-
-#if 0
-  printf("Timeout expired for server %s\n", UTI_IPToString(&src->ip_addr));
-#endif
-
-  if (src->n_dead_probes < MAX_DEAD_PROBES) {
-    probe_source(src);
-  } else {
-    /* Source has croaked or is taking too long to respond */
-    ++n_completed_sources;
-    if (n_completed_sources == n_sources) {
-      wind_up_acquisition();
-    }
-  }
-}
-
-/* ================================================== */
-
-#define MAX_STRATUM 15
-
-static void
-process_receive(NTP_Packet *msg, SourceRecord *src, struct timeval *now)
-{
-
-  unsigned long lvm;
-  int leap, version, mode;
-  double root_delay, root_dispersion;
-  double total_root_delay, total_root_dispersion, total_root_distance;
-
-  struct timeval local_orig, local_average, remote_rx, remote_tx, remote_average;
-  double remote_interval, local_interval;
-  double delta, theta, epsilon;
-  int n;
-  
-  /* Most of the checks are from ntpdate */
-
-  /* Need to do something about authentication */
-
-  lvm = msg->lvm;
-  leap = (lvm >> 6) & 0x3;
-  version = (lvm >> 3) & 0x7;
-  mode = lvm & 0x7;
-
-  if ((leap == LEAP_Unsynchronised) ||
-      (version  < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) ||
-      (mode != MODE_SERVER && mode != MODE_PASSIVE)) {
-    return;
-  }
-
-  if (msg->stratum > MAX_STRATUM) {
-    return;
-  }
-
-  /* Check whether server is responding to our last request */
-  if ((msg->originate_ts.hi != src->last_tx.hi) ||
-      (msg->originate_ts.lo != src->last_tx.lo)) {
-    return;
-  }
-
-  /* Check that the server is sane */
-  if (((msg->originate_ts.hi == 0) && (msg->originate_ts.lo == 0)) ||
-      ((msg->receive_ts.hi == 0) && (msg->receive_ts.lo) == 0)) {
-    return;
-  }
-
-  root_delay = UTI_Int32ToDouble(msg->root_delay);
-  root_dispersion = UTI_Int32ToDouble(msg->root_dispersion);
-
-  UTI_Int64ToTimeval(&src->last_tx, &local_orig);
-  UTI_Int64ToTimeval(&msg->receive_ts, &remote_rx);
-  UTI_Int64ToTimeval(&msg->transmit_ts, &remote_tx);
-  UTI_AverageDiffTimevals(&remote_rx, &remote_tx, &remote_average, &remote_interval);
-  UTI_AverageDiffTimevals(&local_orig, now, &local_average, &local_interval);
-
-  delta = local_interval - remote_interval;
-
-  /* Defined as positive if we are fast.  Note this sign convention is
-     opposite to that used in ntp_core.c */
-
-  UTI_DiffTimevalsToDouble(&theta, &local_average, &remote_average);
-  
-  /* Could work out epsilon - leave till later */
-  epsilon = 0.0;
-
-  total_root_delay = fabs(delta) + root_delay;
-  total_root_dispersion = epsilon + root_dispersion;
-  total_root_distance = 0.5 * fabs(total_root_delay) + total_root_dispersion;
-
-  n = src->n_samples;
-#if 0
-  printf("Sample %d theta=%.6f delta=%.6f root_del=%.6f root_disp=%.6f root_dist=%.6f\n",
-         n, theta, delta, total_root_delay, total_root_dispersion, total_root_distance);
-#endif
-  src->offsets[n] = theta;
-  src->root_distances[n] = total_root_distance;
-  ++(src->n_samples);
-
-}
-
-/* ================================================== */
-
-static void
-read_from_socket(void *anything)
-{
-  int status;
-  ReceiveBuffer msg;
-  union sockaddr_in46 his_addr;
-  int sock_fd;
-  socklen_t his_addr_len;
-  int flags;
-  int message_length;
-  IPAddr remote_ip;
-  int i, ok;
-  struct timeval now;
-  SourceRecord *src;
-
-  flags = 0;
-  message_length = sizeof(msg);
-  his_addr_len = sizeof(his_addr);
-
-  /* Get timestamp */
-  SCH_GetLastEventTime(&now, NULL, NULL);
-
-  sock_fd = (long)anything;
-  status = recvfrom (sock_fd, (char *)&msg, message_length, flags,
-                     &his_addr.u, &his_addr_len);
-
-  if (status < 0) {
-    LOG(LOGS_WARN, LOGF_Acquire, "Error reading from socket, %s", strerror(errno));
-    return;
-  }
-  
-  switch (his_addr.u.sa_family) {
-    case AF_INET:
-      remote_ip.family = IPADDR_INET4;
-      remote_ip.addr.in4 = ntohl(his_addr.in4.sin_addr.s_addr);
-      break;
-#ifdef HAVE_IPV6
-    case AF_INET6:
-      remote_ip.family = IPADDR_INET6;
-      memcpy(&remote_ip.addr.in6, his_addr.in6.sin6_addr.s6_addr,
-          sizeof (remote_ip.addr.in6));
-      break;
-#endif
-    default:
-      assert(0);
-  }
-
-#if 0
-  printf("Got message from %s\n", UTI_IPToString(&remote_ip));
-#endif
-  
-  /* Find matching host */
-  ok = 0;
-  for (i=0; i<n_sources; i++) {
-    if (UTI_CompareIPs(&remote_ip, &sources[i].ip_addr, NULL) == 0) {
-      ok = 1;
-      break;
-    }
-  }
-
-  if (ok) {
-
-    src = sources + i;
-    ++src->n_total_samples;
-
-    src->n_dead_probes = 0; /* reset this when we actually receive something */
-
-    /* If we got into this function, we know the retransmission timeout has not
-       expired for the source */
-    if (src->timer_running) {
-      SCH_RemoveTimeout(src->timeout_id);
-      src->timer_running = 0;
-    }
-
-    process_receive(&msg.ntp_pkt, src, &now);
-
-    /* Check if server done and requeue timeout */
-    if ((src->n_samples >= N_GOOD_SAMPLES) ||
-        (src->n_total_samples >= MAX_SAMPLES)) {
-      ++n_completed_sources;
-#if 0
-      printf("Source %s completed\n", UTI_IPToString(&src->ip_addr));
-#endif
-      if (n_completed_sources == n_sources) {
-        wind_up_acquisition();
-      }
-    } else {
-      
-      /* Send the next probe */
-      probe_source(src);
-
-    }
-  }
-
-}
-
-/* ================================================== */
-
-static void
-start_next_source(void)
-{
-  probe_source(sources + n_started_sources);
-#if 0
-  printf("Trying to start source %s\n", UTI_IPToString(&sources[n_started_sources].ip_addr));
-#endif
-  n_started_sources++;
-  
-  if (n_started_sources < n_sources) {
-    source_start_timeout_id = SCH_AddTimeoutByDelay(INTER_SOURCE_START, start_source_timeout_handler, NULL);
-  }
-}
-
-/* ================================================== */
-
-static int
-endpoint_compare(const void *a, const void *b)
-{
-  const Endpoint *aa = (const Endpoint *) a;
-  const Endpoint *bb = (const Endpoint *) b;
-
-  if (aa->offset < bb->offset) {
-    return -1;
-  } else if (aa->offset > bb->offset) {
-    return +1;
-  } else {
-    return 0;
-  }
-}
-
-/* ================================================== */
-
-static void
-process_measurements(void)
-{
-
-  SourceRecord *s;
-  Endpoint *eps;
-  int i, j;
-  int n_sane_sources;
-  double lo, hi;
-  double inter_lo, inter_hi;
-
-  int depth;
-  int best_depth;
-  int n_at_best_depth;
-  Interval *intervals;
-  double estimated_offset;
-  int index1, index2;
-
-  n_sane_sources = 0;
-
-  /* First, get a consistent interval for each source.  Those for
-     which this is not possible are considered to be insane. */
-
-  for (i=0; i<n_sources; i++) {
-    s = sources + i;
-    /* If we got no measurements, the source is insane */
-    if (s->n_samples == 0) {
-      s->sanity = 0;
-    } else {
-      s->sanity = 1; /* so far ... */
-      lo = s->offsets[0] - s->root_distances[0];
-      hi = s->offsets[0] + s->root_distances[0];
-      inter_lo = lo;
-      inter_hi = hi;
-      for (j=1; j<s->n_samples; j++) {
-        lo = s->offsets[j] - s->root_distances[j];
-        hi = s->offsets[j] + s->root_distances[j];
-        if ((inter_hi <= lo) || (inter_lo >= hi)) {
-          /* Oh dear, we won't get an interval for this source */
-          s->sanity = 0;
-          break;
-        } else {
-          inter_lo = (lo < inter_lo) ? inter_lo : lo;
-          inter_hi = (hi > inter_hi) ? inter_hi : hi;
-        }
-      }
-      if (s->sanity) {
-        s->inter_lo = inter_lo;
-        s->inter_hi = inter_hi;
-      }
-    }
-
-    if (s->sanity) {
-      ++n_sane_sources;
-    }
-
-  }
-
-  /* Now build the endpoint list, similar to the RFC1305 clock
-     selection algorithm. */
-  eps = MallocArray(Endpoint, 2*n_sane_sources);
-  intervals = MallocArray(Interval, n_sane_sources);
-
-  j = 0;
-  for (i=0; i<n_sources; i++) {
-    s = sources + i;
-    if (s->sanity) {
-      eps[j].offset = s->inter_lo;
-      eps[j].type = LO;
-      eps[j].index = i;
-      eps[j+1].offset = s->inter_hi;
-      eps[j+1].type = HIGH;
-      eps[j+1].index = i;
-      j += 2;
-    }
-  }
-
-  qsort(eps, 2*n_sane_sources, sizeof(Endpoint), endpoint_compare);
-
-  /* Now do depth searching algorithm */
-  n_at_best_depth = best_depth = depth = 0;
-  for (i=0; i<2*n_sane_sources; i++) {
-
-#if 0
-    fprintf(stderr, "Endpoint type %s source index %d [ip=%s] offset=%.6f\n",
-            (eps[i].type == LO) ? "LO" : "HIGH",
-            eps[i].index,
-            UTI_IPToString(&sources[eps[i].index].ip_addr),
-            eps[i].offset);
-#endif
-
-    switch (eps[i].type) {
-      case LO:
-        depth++;
-        if (depth > best_depth) {
-          best_depth = depth;
-          n_at_best_depth = 0;
-          intervals[0].lo = eps[i].offset;
-        } else if (depth == best_depth) {
-          intervals[n_at_best_depth].lo = eps[i].offset;
-        } else {
-          /* Nothing to do */
-        }
-
-        break;
-
-      case HIGH:
-        if (depth == best_depth) {
-          intervals[n_at_best_depth].hi = eps[i].offset;
-          n_at_best_depth++;
-        }
-
-        depth--;
-
-        break;
-
-    }
-  }
-
-  if (best_depth > 0) {
-    if ((n_at_best_depth % 2) == 1) {
-      index1 = (n_at_best_depth - 1) / 2;
-      estimated_offset = 0.5 * (intervals[index1].lo + intervals[index1].hi);
-    } else {
-      index2 = (n_at_best_depth / 2);
-      index1 = index2 - 1;
-      estimated_offset = 0.5 * (intervals[index1].lo + intervals[index2].hi);
-    }
-
-
-    /* Apply a step change to the system clock.  As per sign
-       convention in local.c and its children, a positive offset means
-       the system clock is fast of the reference, i.e. it needs to be
-       stepped backwards. */
-
-    if (fabs(estimated_offset) > init_slew_threshold) {
-      LOG(LOGS_INFO, LOGF_Acquire, "System's initial offset : %.6f seconds %s of true (step)",
-          fabs(estimated_offset),
-          (estimated_offset >= 0) ? "fast" : "slow");
-      LCL_ApplyStepOffset(estimated_offset);
-    } else {
-      LOG(LOGS_INFO, LOGF_Acquire, "System's initial offset : %.6f seconds %s of true (slew)",
-          fabs(estimated_offset),
-          (estimated_offset >= 0) ? "fast" : "slow");
-      LCL_AccumulateOffset(estimated_offset, 0.0);
-    }
-
-  } else {
-    LOG(LOGS_WARN, LOGF_Acquire, "No intersecting endpoints found");
-  }  
-
-  Free(intervals);
-  Free(eps);
-        
-}
-
-/* ================================================== */
-
-static void
-wind_up_acquisition(void)
-{
-
-  /* Now process measurements */
-  process_measurements();
-
-  Free(sources);
-
-  finalise_io();
-
-  if (saved_after_hook) {
-    (saved_after_hook)(saved_after_hook_anything);
-  }
-
-}
-
-/* ================================================== */
-
-static void
-start_source_timeout_handler(void *not_used)
-{
-
-  start_next_source();
-}
-
-/* ================================================== */
-
-void
-ACQ_StartAcquisition(int n, IPAddr *ip_addrs, double threshold, void (*after_hook)(void *), void *anything)
-{
-
-  int i, ip4, ip6;
-  int k, duplicate_ip;
-
-  saved_after_hook = after_hook;
-  saved_after_hook_anything = anything;
-
-  init_slew_threshold = threshold;
-
-  n_started_sources = 0;
-  n_completed_sources = 0;
-  n_sources = 0;
-  sources = MallocArray(SourceRecord, n);
-
-  for (i = ip4 = ip6 = 0; i < n; i++) {
-    /* check for duplicate IP addresses and ignore them */
-    duplicate_ip = 0;
-    for (k = 0; k < i; k++) {
-      duplicate_ip |= UTI_CompareIPs(&(sources[k].ip_addr),
-                                     &ip_addrs[i],
-                                     NULL) == 0;
-    }
-    if (!duplicate_ip) {
-      sources[n_sources].ip_addr = ip_addrs[i];
-      sources[n_sources].n_samples = 0;
-      sources[n_sources].n_total_samples = 0;
-      sources[n_sources].n_dead_probes = 0;
-      if (ip_addrs[i].family == IPADDR_INET4)
-        ip4++;
-      else if (ip_addrs[i].family == IPADDR_INET6)
-        ip6++;
-      n_sources++;
-    } else {
-      LOG(LOGS_WARN, LOGF_Acquire, "Ignoring duplicate source: %s",
-          UTI_IPToString(&ip_addrs[i]));
-    }
-  }
-
-  initialise_io((ip4 && ip6) ? IPADDR_UNSPEC : (ip4 ? IPADDR_INET4 : IPADDR_INET6));
-
-  /* Start sampling first source */
-  start_next_source();
-}
-
-/* ================================================== */

addressing.h

@@ -42,13 +42,21 @@ typedef struct {
     uint8_t in6[16];
   } addr;
   uint16_t family;
+  uint16_t _pad;
 } IPAddr;
 
 typedef struct {
   IPAddr ip_addr;
-  IPAddr local_ip_addr;
   unsigned short port;
 } NTP_Remote_Address;
 
+#define INVALID_IF_INDEX -1
+
+typedef struct {
+  IPAddr ip_addr;
+  int if_index;
+  int sock_fd;
+} NTP_Local_Address;
+
 #endif /* GOT_ADDRESSING_H */
 

addrfilt.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997,1998,1999,2000,2001,2002,2005
- * Copyright (C) Miroslav Lichvar  2009
+ * Copyright (C) Miroslav Lichvar  2009, 2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -62,7 +62,7 @@ split_ip6(IPAddr *ip, uint32_t *dst)
   int i;
 
   for (i = 0; i < 4; i++)
-    dst[i] = ip->addr.in6[i * 4 + 0] << 24 |
+    dst[i] = (uint32_t)ip->addr.in6[i * 4 + 0] << 24 |
              ip->addr.in6[i * 4 + 1] << 16 |
              ip->addr.in6[i * 4 + 2] << 8 |
              ip->addr.in6[i * 4 + 3];
@@ -199,7 +199,10 @@ set_subnet(TableNode *start_node,
 
       /* How many subnet entries to set : 1->8, 2->4, 3->2 */
       N = 1 << (NBITS-bits_to_go);
-      subnet = get_subnet(ip, bits_consumed);
+
+      subnet = get_subnet(ip, bits_consumed) & ~(N - 1);
+      assert(subnet + N <= TABLE_SIZE);
+
       if (!(node->extended)) {
         open_node(node);
       }
@@ -363,114 +366,38 @@ ADF_IsAllowed(ADF_AuthTable table,
 
 /* ================================================== */
 
-#if defined TEST
-
-static void print_node(TableNode *node, uint32_t *addr, int ip_len, int shift, int subnet_bits)
+static int
+is_any_allowed(TableNode *node, State parent)
 {
-  uint32_t new_addr[4];
+  State state;
   int i;
-  TableNode *sub_node;
 
-  for (i=0; i<subnet_bits; i++) putchar(' ');
+  state = node->state != AS_PARENT ? node->state : parent;
+  assert(state != AS_PARENT);
 
-  if (ip_len == 1)
-      printf("%d.%d.%d.%d",
-          ((addr[0] >> 24) & 255),
-          ((addr[0] >> 16) & 255),
-          ((addr[0] >>  8) & 255),
-          ((addr[0]      ) & 255));
-  else {
-    for (i=0; i<4; i++) {
-      if (addr[i])
-        printf("%d.%d.%d.%d",
-            ((addr[i] >> 24) & 255),
-            ((addr[i] >> 16) & 255),
-            ((addr[i] >>  8) & 255),
-            ((addr[i]      ) & 255));
-      putchar(i < 3 ? ':' : '\0');
-    }
-  }
-  printf("/%d : %s\n",
-         subnet_bits,
-         (node->state == ALLOW) ? "allow" :
-         (node->state == DENY)  ? "deny" : "as parent");
   if (node->extended) {
-    for (i=0; i<16; i++) {
-      sub_node = &(node->extended[i]);
-      new_addr[0] = addr[0];
-      new_addr[1] = addr[1];
-      new_addr[2] = addr[2];
-      new_addr[3] = addr[3];
-      new_addr[ip_len - 1 - shift / 32] |= ((uint32_t)i << (shift % 32));
-      print_node(sub_node, new_addr, ip_len, shift - 4, subnet_bits + 4);
+    for (i = 0; i < TABLE_SIZE; i++) {
+      if (is_any_allowed(&node->extended[i], state))
+        return 1;
     }
+  } else if (state == ALLOW) {
+    return 1;
   }
-}
 
-
-static void print_table(ADF_AuthTable table)
-{
-  uint32_t addr[4];
-
-  memset(addr, 0, sizeof (addr));
-  printf("IPv4 table:\n");
-  print_node(&table->base4, addr, 1, 28, 0);
-
-  memset(addr, 0, sizeof (addr));
-  printf("IPv6 table:\n");
-  print_node(&table->base6, addr, 4, 124, 0);
+  return 0;
 }
 
 /* ================================================== */
 
-int main (int argc, char **argv)
+int
+ADF_IsAnyAllowed(ADF_AuthTable table, int family)
 {
-  IPAddr ip;
-  ADF_AuthTable table;
-  table = ADF_CreateTable();
-
-  ip.family = IPADDR_INET4;
-
-  ip.addr.in4 = 0x7e800000;
-  ADF_Allow(table, &ip, 9);
-  ip.addr.in4 = 0x7ecc0000;
-  ADF_Deny(table, &ip, 14);
-#if 0
-  ip.addr.in4 = 0x7f000001;
-  ADF_Deny(table, &ip, 32);
-  ip.addr.in4 = 0x7f000000;
-  ADF_Allow(table, &ip, 8);
-#endif
-
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-  ip.addr.in4 ^= 1;
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-
-  ip.family = IPADDR_INET6;
-
-  memcpy(ip.addr.in6, "abcdefghijklmnop", 16);
-  ADF_Deny(table, &ip, 66);
-  ADF_Allow(table, &ip, 59);
-
-  memcpy(ip.addr.in6, "xbcdefghijklmnop", 16);
-  ADF_Deny(table, &ip, 128);
-  ip.addr.in6[15] ^= 3;
-  ADF_Allow(table, &ip, 127);
-
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-  ip.addr.in4 ^= 1;
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-
-  print_table(table);
-
-  ADF_DestroyTable(table);
-  return 0;
+  switch (family) {
+    case IPADDR_INET4:
+      return is_any_allowed(&table->base4, AS_PARENT);
+    case IPADDR_INET6:
+      return is_any_allowed(&table->base6, AS_PARENT);
+    default:
+      return 0;
+  }
 }
-
-
-
-#endif /* defined TEST */
-
-
-
-

addrfilt.h

@@ -72,4 +72,9 @@ extern void ADF_DestroyTable(ADF_AuthTable table);
 extern int ADF_IsAllowed(ADF_AuthTable table,
                          IPAddr *ip);
 
+/* Check if at least one address from a given family is allowed by
+   the rules in the table */
+extern int ADF_IsAnyAllowed(ADF_AuthTable table,
+                            int family);
+
 #endif /* GOT_ADDRFILT_H */

array.c

@@ -0,0 +1,130 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Functions implementing an array with automatic memory allocation.
+
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "memory.h"
+
+struct ARR_Instance_Record {
+  void *data;
+  unsigned int elem_size;
+  unsigned int used;
+  unsigned int allocated;
+};
+
+ARR_Instance
+ARR_CreateInstance(unsigned int elem_size)
+{
+  ARR_Instance array;
+
+  assert(elem_size > 0);
+
+  array = MallocNew(struct ARR_Instance_Record);
+
+  array->data = NULL;
+  array->elem_size = elem_size;
+  array->used = 0;
+  array->allocated = 0;
+
+  return array;
+}
+
+void
+ARR_DestroyInstance(ARR_Instance array)
+{
+  Free(array->data);
+  Free(array);
+}
+
+static void
+realloc_array(ARR_Instance array, unsigned int min_size)
+{
+  assert(min_size <= 2 * min_size);
+  if (array->allocated >= min_size && array->allocated <= 2 * min_size)
+    return;
+
+  if (array->allocated < min_size) {
+    while (array->allocated < min_size)
+      array->allocated = array->allocated ? 2 * array->allocated : 1;
+  } else {
+    array->allocated = min_size;
+  }
+
+  array->data = Realloc2(array->data, array->allocated, array->elem_size);
+}
+
+void *
+ARR_GetNewElement(ARR_Instance array)
+{
+  array->used++;
+  realloc_array(array, array->used);
+  return ARR_GetElement(array, array->used - 1);
+}
+
+void *
+ARR_GetElement(ARR_Instance array, unsigned int index)
+{
+  assert(index < array->used);
+  return (void *)((char *)array->data + (size_t)index * array->elem_size);
+}
+
+void *
+ARR_GetElements(ARR_Instance array)
+{
+  /* Return a non-NULL pointer when the array has zero size */
+  if (!array->data) {
+    assert(!array->used);
+    return array;
+  }
+
+  return array->data;
+}
+
+void
+ARR_AppendElement(ARR_Instance array, void *element)
+{
+  void *e;
+
+  e = ARR_GetNewElement(array);
+  memcpy(e, element, array->elem_size);
+}
+
+void
+ARR_SetSize(ARR_Instance array, unsigned int size)
+{
+  realloc_array(array, size);
+  array->used = size;
+}
+
+unsigned int
+ARR_GetSize(ARR_Instance array)
+{
+  return array->used;
+}

array.h

@@ -0,0 +1,56 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Header file for array functions.
+  */
+
+#ifndef GOT_ARRAY_H
+#define GOT_ARRAY_H
+
+typedef struct ARR_Instance_Record *ARR_Instance;
+
+/* Create a new array with given element size */
+extern ARR_Instance ARR_CreateInstance(unsigned int elem_size);
+
+/* Destroy the array */
+extern void ARR_DestroyInstance(ARR_Instance array);
+
+/* Return pointer to a new element added to the end of the array */
+extern void *ARR_GetNewElement(ARR_Instance array);
+
+/* Return element with given index */
+extern void *ARR_GetElement(ARR_Instance array, unsigned int index);
+
+/* Return pointer to the internal array of elements */
+extern void *ARR_GetElements(ARR_Instance array);
+
+/* Add a new element to the end of the array */
+extern void ARR_AppendElement(ARR_Instance array, void *element);
+
+/* Set the size of the array */
+extern void ARR_SetSize(ARR_Instance array, unsigned int size);
+
+/* Return current size of the array */
+extern unsigned int ARR_GetSize(ARR_Instance array);
+
+#endif

broadcast.c

@@ -1,156 +0,0 @@
-/*
-  chronyd/chronyc - Programs for keeping computer clocks accurate.
-
- **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- * 
- **********************************************************************
-
-  =======================================================================
-
-  Deal with broadcast server functions.
-  */
-
-#include "config.h"
-
-#include "sysincl.h"
-#include "memory.h"
-
-#include "addressing.h"
-#include "broadcast.h"
-#include "sched.h"
-#include "ntp.h"
-#include "local.h"
-#include "reference.h"
-#include "util.h"
-#include "ntp_io.h"
-
-typedef struct {
-  NTP_Remote_Address addr;
-  int interval;
-} Destination;
-static Destination *destinations = 0;
-static int n_destinations = 0;
-static int max_destinations = 0;
-
-void
-BRD_Initialise(void)
-{
-}
-
-/* ================================================== */
-
-void
-BRD_Finalise(void)
-{
-}
-
-/* ================================================== */
-/* This is a cut-down version of what transmit_packet in ntp_core.c does */
-
-static void
-timeout_handler(void *arbitrary)
-{
-  Destination *d = (Destination *) arbitrary;
-  NTP_Packet message;
-  /* Parameters read from reference module */
-  int version;
-  int leap;
-  int are_we_synchronised, our_stratum;
-  NTP_Leap leap_status;
-  uint32_t our_ref_id, ts_fuzz;
-  struct timeval our_ref_time;
-  double our_root_delay, our_root_dispersion;
-  struct timeval local_transmit;
-
-  version = 3;
-
-  LCL_ReadCookedTime(&local_transmit, NULL);
-  REF_GetReferenceParams(&local_transmit,
-                         &are_we_synchronised, &leap_status,
-                         &our_stratum,
-                         &our_ref_id, &our_ref_time,
-                         &our_root_delay, &our_root_dispersion);
-
-
-  if (are_we_synchronised) {
-    leap = (int) leap_status;
-  } else {
-    leap = LEAP_Unsynchronised;
-  }
-
-  message.lvm = ((leap << 6) &0xc0) | ((version << 3) & 0x38) | (MODE_BROADCAST & 0x07);
-  message.stratum = our_stratum;
-  message.poll = 6; /* FIXME: what should this be? */
-  message.precision = LCL_GetSysPrecisionAsLog();
-
-  /* If we're sending a client mode packet and we aren't synchronized yet, 
-     we might have to set up artificial values for some of these parameters */
-  message.root_delay = UTI_DoubleToInt32(our_root_delay);
-  message.root_dispersion = UTI_DoubleToInt32(our_root_dispersion);
-
-  message.reference_id = htonl((NTP_int32) our_ref_id);
-
-  /* Now fill in timestamps */
-  UTI_TimevalToInt64(&our_ref_time, &message.reference_ts, 0);
-  message.originate_ts.hi = 0UL;
-  message.originate_ts.lo = 0UL;
-  message.receive_ts.hi = 0UL;
-  message.receive_ts.lo = 0UL;
-
-  ts_fuzz = UTI_GetNTPTsFuzz(message.precision);
-  LCL_ReadCookedTime(&local_transmit, NULL);
-  UTI_TimevalToInt64(&local_transmit, &message.transmit_ts, ts_fuzz);
-  NIO_SendNormalPacket(&message, &d->addr);
-
-  /* Requeue timeout.  Don't care if interval drifts gradually, so just do it
-   * at the end. */
-  SCH_AddTimeoutInClass((double) d->interval, 1.0, 0.02,
-                        SCH_NtpBroadcastClass,
-                        timeout_handler, (void *) d);
-
-
-}
-
-/* ================================================== */
-
-void 
-BRD_AddDestination(IPAddr *addr, unsigned short port, int interval)
-{
-  if (max_destinations == n_destinations) {
-    /* Expand array */
-    max_destinations += 8;
-    if (destinations) {
-      destinations = ReallocArray(Destination, max_destinations, destinations);
-    } else {
-      destinations = MallocArray(Destination, max_destinations);
-    }
-  }
-
-  destinations[n_destinations].addr.ip_addr = *addr;
-  destinations[n_destinations].addr.local_ip_addr.family = IPADDR_UNSPEC;
-  destinations[n_destinations].addr.port = port;
-  destinations[n_destinations].interval = interval;
-
-  SCH_AddTimeoutInClass((double) interval, 1.0, 0.0,
-                        SCH_NtpBroadcastClass,
-                        timeout_handler, (void *)(destinations + n_destinations));
-  
-  ++n_destinations;
-
-}
-
-

candm.h

@@ -31,7 +31,6 @@
 
 #include "sysincl.h"
 #include "addressing.h"
-#include "hash.h"
 
 /* This is the default port to use for CANDM, if no alternative is
    defined */
@@ -88,18 +87,28 @@
 #define REQ_MODIFY_MAXDELAYDEVRATIO 47
 #define REQ_RESELECT 48
 #define REQ_RESELECTDISTANCE 49
-#define N_REQUEST_TYPES 50
+#define REQ_MODIFY_MAKESTEP 50
+#define REQ_SMOOTHING 51
+#define REQ_SMOOTHTIME 52
+#define REQ_REFRESH 53
+#define REQ_SERVER_STATS 54
+#define REQ_CLIENT_ACCESSES_BY_INDEX2 55
+#define REQ_LOCAL2 56
+#define REQ_NTP_DATA 57
+#define REQ_ADD_SERVER2 58
+#define REQ_ADD_PEER2 59
+#define REQ_ADD_SERVER3 60
+#define REQ_ADD_PEER3 61
+#define REQ_SHUTDOWN 62
+#define REQ_ONOFFLINE 63
+#define N_REQUEST_TYPES 64
 
-/* Special utoken value used to log on with first exchange being the
-   password.  (This time value has long since gone by) */
-#define SPECIAL_UTOKEN 0x10101010
-
-/* Structure used to exchange timevals independent on size of time_t */
+/* Structure used to exchange timespecs independent of time_t size */
 typedef struct {
   uint32_t tv_sec_high;
   uint32_t tv_sec_low;
   uint32_t tv_nsec;
-} Timeval;
+} Timespec;
 
 /* This is used in tv_sec_high for 32-bit timestamps */
 #define TV_NOHIGHSEC 0x7fffffff
@@ -115,6 +124,10 @@ typedef struct {
    pktlength.c, to get the number of bytes that ought to be
    transmitted for each packet type. */
 
+typedef struct {
+  int32_t EOR;
+} REQ_Null;
+
 typedef struct {
   IPAddr mask;
   IPAddr address;
@@ -188,18 +201,26 @@ typedef struct {
 } REQ_Modify_Maxupdateskew;
 
 typedef struct {
-  Timeval ts;
+  int32_t limit;
+  Float threshold;
+  int32_t EOR;
+} REQ_Modify_Makestep;
+
+typedef struct {
+  Timespec ts;
   int32_t EOR;
 } REQ_Logon;
 
 typedef struct {
-  Timeval ts;
+  Timespec ts;
   int32_t EOR;
 } REQ_Settime;
 
 typedef struct {
   int32_t on_off;
   int32_t stratum;
+  Float distance;
+  int32_t orphan;
   int32_t EOR;
 } REQ_Local;
 
@@ -208,19 +229,11 @@ typedef struct {
   int32_t EOR;
 } REQ_Manual;
 
-typedef struct {
-  int32_t EOR;
-} REQ_N_Sources;
-
 typedef struct {
   int32_t index;
   int32_t EOR;
 } REQ_Source_Data;
 
-typedef struct {
-  int32_t EOR;
-} REQ_Rekey;
-
 typedef struct {
   IPAddr ip;
   int32_t subnet_bits;
@@ -238,6 +251,10 @@ typedef struct {
 #define REQ_ADDSRC_IBURST 0x4
 #define REQ_ADDSRC_PREFER 0x8
 #define REQ_ADDSRC_NOSELECT 0x10
+#define REQ_ADDSRC_TRUST 0x20
+#define REQ_ADDSRC_REQUIRE 0x40
+#define REQ_ADDSRC_INTERLEAVED 0x80
+#define REQ_ADDSRC_BURST 0x100
 
 typedef struct {
   IPAddr ip_addr;
@@ -245,10 +262,22 @@ typedef struct {
   int32_t minpoll;
   int32_t maxpoll;
   int32_t presend_minpoll;
+  uint32_t min_stratum;
+  uint32_t poll_target;
+  uint32_t version;
+  uint32_t max_sources;
+  int32_t min_samples;
+  int32_t max_samples;
   uint32_t authkey;
   Float max_delay;
   Float max_delay_ratio;
+  Float max_delay_dev_ratio;
+  Float min_delay;
+  Float asymmetry;
+  Float offset;
   uint32_t flags;
+  int32_t filter_length;
+  uint32_t reserved[3];
   int32_t EOR;
 } REQ_NTP_Source;
 
@@ -257,10 +286,6 @@ typedef struct {
   int32_t EOR;
 } REQ_Del_Source;
 
-typedef struct {
-  int32_t EOR;
-} REQ_WriteRtc;
-
 typedef struct {
   Float dfreq;
   int32_t EOR;
@@ -272,80 +297,44 @@ typedef struct {
   int32_t EOR;
 } REQ_Doffset;
 
-typedef struct {
-  int32_t EOR;
-} REQ_Tracking;
-
 typedef struct {
   uint32_t index;
   int32_t EOR;
 } REQ_Sourcestats;
 
-typedef struct {
-  int32_t EOR;
-} REQ_RTCReport;
-
-typedef struct {
-  int32_t EOR;
-} REQ_TrimRTC;
-
-typedef struct {
-  int32_t EOR;
-} REQ_CycleLogs;
-
-typedef struct {
-  IPAddr ip;
-  uint32_t bits_specd;
-} REQ_SubnetsAccessed_Subnet;
-
-#define MAX_SUBNETS_ACCESSED 8
-
-typedef struct {
-  uint32_t n_subnets;
-  REQ_SubnetsAccessed_Subnet subnets[MAX_SUBNETS_ACCESSED];
-} REQ_SubnetsAccessed;
-
 /* This is based on the response size rather than the
    request size */
 #define MAX_CLIENT_ACCESSES 8
 
-typedef struct {
-  uint32_t n_clients;
-  IPAddr client_ips[MAX_CLIENT_ACCESSES];
-} REQ_ClientAccesses;  
-
 typedef struct {
   uint32_t first_index;
-  uint32_t n_indices;
+  uint32_t n_clients;
   int32_t EOR;
 } REQ_ClientAccessesByIndex;
 
-typedef struct {
-  int32_t EOR;
-} REQ_ManualList;
-
 typedef struct {
   int32_t index;
   int32_t EOR;
 } REQ_ManualDelete;
 
-typedef struct {
-  int32_t EOR;
-} REQ_MakeStep;
-
-typedef struct {
-  int32_t EOR;
-} REQ_Activity;
-
-typedef struct {
-  int32_t EOR;
-} REQ_Reselect;
-
 typedef struct {
   Float distance;
   int32_t EOR;
 } REQ_ReselectDistance;
 
+#define REQ_SMOOTHTIME_RESET 0
+#define REQ_SMOOTHTIME_ACTIVATE 1
+
+typedef struct {
+  int32_t option;
+  int32_t EOR;
+} REQ_SmoothTime;
+
+typedef struct {
+  IPAddr ip_addr;
+  int32_t EOR;
+} REQ_NTPData;
+
 /* ================================================== */
 
 #define PKT_TYPE_CMD_REQUEST 1
@@ -370,14 +359,36 @@ typedef struct {
    modify polltarget, modify maxdelaydevratio, reselect, reselectdistance
 
    Version 5 : auth data moved to the end of the packet to allow hashes with
-   different sizes, extended sources, tracking and activity reports
+   different sizes, extended sources, tracking and activity reports, dropped
+   subnets accessed and client accesses
+
+   Version 6 : added padding to requests to prevent amplification attack,
+   changed maximum number of samples in manual list to 16, new commands: modify
+   makestep, smoothing, smoothtime
+
+   Support for authentication was removed later in version 6 of the protocol
+   and commands that required authentication are allowed only locally over Unix
+   domain socket.
+
+   Version 6 (no authentication) : changed format of client accesses by index
+   (using new request/reply types) and manual timestamp, added new fields and
+   flags to NTP source request and report, made length of manual list constant,
+   added new commands: ntpdata, refresh, serverstats, shutdown
  */
 
-#define PROTO_VERSION_NUMBER 5
+#define PROTO_VERSION_NUMBER 6
 
-/* The oldest protocol version that is compatible enough with
-   the current version to report a version mismatch */
-#define PROTO_VERSION_MISMATCH_COMPAT 4
+/* The oldest protocol versions that are compatible enough with the current
+   version to report a version mismatch for the server and the client */
+#define PROTO_VERSION_MISMATCH_COMPAT_SERVER 5
+#define PROTO_VERSION_MISMATCH_COMPAT_CLIENT 4
+
+/* The first protocol version using padding in requests */
+#define PROTO_VERSION_PADDING 6
+
+/* The maximum length of padding in request packet, currently
+   defined by MANUAL_LIST */
+#define MAX_PADDING_LENGTH 396
 
 /* ================================================== */
 
@@ -391,10 +402,11 @@ typedef struct {
                              (count up from zero for same sequence
                              number) */
   uint32_t sequence; /* Client's sequence number */
-  uint32_t utoken; /* Unique token per incarnation of daemon */
-  uint32_t token; /* Command token (to prevent replay attack) */
+  uint32_t pad1;
+  uint32_t pad2;
 
   union {
+    REQ_Null null;
     REQ_Online online;
     REQ_Offline offline;
     REQ_Burst burst;
@@ -407,39 +419,29 @@ typedef struct {
     REQ_Modify_Minstratum modify_minstratum;
     REQ_Modify_Polltarget modify_polltarget;
     REQ_Modify_Maxupdateskew modify_maxupdateskew;
+    REQ_Modify_Makestep modify_makestep;
     REQ_Logon logon;
     REQ_Settime settime;
     REQ_Local local;
     REQ_Manual manual;
-    REQ_N_Sources n_sources;
     REQ_Source_Data source_data;
-    REQ_Rekey rekey;
     REQ_Allow_Deny allow_deny;
     REQ_Ac_Check ac_check;
     REQ_NTP_Source ntp_source;
     REQ_Del_Source del_source;
-    REQ_WriteRtc writertc;
     REQ_Dfreq dfreq;
     REQ_Doffset doffset;
-    REQ_Tracking tracking;
     REQ_Sourcestats sourcestats;
-    REQ_RTCReport rtcreport;
-    REQ_TrimRTC trimrtc;
-    REQ_CycleLogs cyclelogs;
-    REQ_SubnetsAccessed subnets_accessed;
-    REQ_ClientAccesses client_accesses;
     REQ_ClientAccessesByIndex client_accesses_by_index;
-    REQ_ManualList manual_list;
     REQ_ManualDelete manual_delete;
-    REQ_MakeStep make_step;
-    REQ_Activity activity;
-    REQ_Reselect reselect;
     REQ_ReselectDistance reselect_distance;
+    REQ_SmoothTime smoothtime;
+    REQ_NTPData ntp_data;
   } data; /* Command specific parameters */
 
-  /* authentication of the packet, there is no hole after the actual data
-     from the data union, this field only sets the maximum auth size */
-  uint8_t auth[MAX_HASH_LENGTH];
+  /* Padding used to prevent traffic amplification.  It only defines the
+     maximum size of the packet, there is no hole after the data field. */
+  uint8_t padding[MAX_PADDING_LENGTH];
 
 } CMD_Request;
 
@@ -465,7 +467,13 @@ typedef struct {
 #define RPY_CLIENT_ACCESSES_BY_INDEX 10
 #define RPY_MANUAL_LIST 11
 #define RPY_ACTIVITY 12
-#define N_REPLY_TYPES 13
+#define RPY_SMOOTHING 13
+#define RPY_SERVER_STATS 14
+#define RPY_CLIENT_ACCESSES_BY_INDEX2 15
+#define RPY_NTP_DATA 16
+#define RPY_MANUAL_TIMESTAMP2 17
+#define RPY_MANUAL_LIST2 18
+#define N_REPLY_TYPES 19
 
 /* Status codes */
 #define STT_SUCCESS 0
@@ -478,6 +486,7 @@ typedef struct {
 #define STT_BADSUBNET 7
 #define STT_ACCESSALLOWED 8
 #define STT_ACCESSDENIED 9
+/* Deprecated */
 #define STT_NOHOSTACCESS 10
 #define STT_SOURCEALREADYKNOWN 11
 #define STT_TOOMANYSOURCES 12
@@ -511,10 +520,12 @@ typedef struct {
 
 #define RPY_SD_FLAG_NOSELECT 0x1
 #define RPY_SD_FLAG_PREFER 0x2
+#define RPY_SD_FLAG_TRUST 0x4
+#define RPY_SD_FLAG_REQUIRE 0x8
 
 typedef struct {
   IPAddr ip_addr;
-  uint16_t poll;
+  int16_t poll;
   uint16_t stratum;
   uint16_t state;
   uint16_t mode;
@@ -532,7 +543,7 @@ typedef struct {
   IPAddr ip_addr;
   uint16_t stratum;
   uint16_t leap_status;
-  Timeval ref_time;
+  Timespec ref_time;
   Float current_correction;
   Float last_offset;
   Float rms_offset;
@@ -560,7 +571,7 @@ typedef struct {
 } RPY_Sourcestats;
 
 typedef struct {
-  Timeval ref_time;
+  Timespec ref_time;
   uint16_t n_samples;
   uint16_t n_runs;
   uint32_t span_seconds;
@@ -570,7 +581,7 @@ typedef struct {
 } RPY_Rtc;
 
 typedef struct {
-  uint32_t centiseconds;
+  Float offset;
   Float dfreq_ppm;
   Float new_afreq_ppm;
   int32_t EOR;
@@ -578,42 +589,39 @@ typedef struct {
 
 typedef struct {
   IPAddr ip;
-  uint32_t bits_specd;
-  uint32_t bitmap[8];
-} RPY_SubnetsAccessed_Subnet;
-
-typedef struct {
-  uint32_t n_subnets;
-  RPY_SubnetsAccessed_Subnet subnets[MAX_SUBNETS_ACCESSED];
-} RPY_SubnetsAccessed;
-
-typedef struct {
-  IPAddr ip;
-  uint32_t client_hits;
-  uint32_t peer_hits;
-  uint32_t cmd_hits_auth;
-  uint32_t cmd_hits_normal;
-  uint32_t cmd_hits_bad;
+  uint32_t ntp_hits;
+  uint32_t cmd_hits;
+  uint32_t ntp_drops;
+  uint32_t cmd_drops;
+  int8_t ntp_interval;
+  int8_t cmd_interval;
+  int8_t ntp_timeout_interval;
+  int8_t pad;
   uint32_t last_ntp_hit_ago;
   uint32_t last_cmd_hit_ago;
 } RPY_ClientAccesses_Client;
 
-typedef struct {
-  uint32_t n_clients;
-  RPY_ClientAccesses_Client clients[MAX_CLIENT_ACCESSES];
-} RPY_ClientAccesses;
-
 typedef struct {
   uint32_t n_indices;      /* how many indices there are in the server's table */
   uint32_t next_index;     /* the index 1 beyond those processed on this call */
   uint32_t n_clients;      /* the number of valid entries in the following array */
   RPY_ClientAccesses_Client clients[MAX_CLIENT_ACCESSES];
+  int32_t EOR;
 } RPY_ClientAccessesByIndex;
 
-#define MAX_MANUAL_LIST_SAMPLES 32
+typedef struct {
+  uint32_t ntp_hits;
+  uint32_t cmd_hits;
+  uint32_t ntp_drops;
+  uint32_t cmd_drops;
+  uint32_t log_drops;
+  int32_t EOR;
+} RPY_ServerStats;
+
+#define MAX_MANUAL_LIST_SAMPLES 16
 
 typedef struct {
-  Timeval when;
+  Timespec when;
   Float slewed_offset;
   Float orig_offset;
   Float residual;
@@ -622,6 +630,7 @@ typedef struct {
 typedef struct {
   uint32_t n_samples;
   RPY_ManualListSample samples[MAX_MANUAL_LIST_SAMPLES];
+  int32_t EOR;
 } RPY_ManualList;
 
 typedef struct {
@@ -633,6 +642,52 @@ typedef struct {
   int32_t EOR;
 } RPY_Activity;
 
+#define RPY_SMT_FLAG_ACTIVE 0x1
+#define RPY_SMT_FLAG_LEAPONLY 0x2
+
+typedef struct {
+  uint32_t flags;
+  Float offset;
+  Float freq_ppm;
+  Float wander_ppm;
+  Float last_update_ago;
+  Float remaining_time;
+  int32_t EOR;
+} RPY_Smoothing;
+
+#define RPY_NTP_FLAGS_TESTS 0x3ff
+#define RPY_NTP_FLAG_INTERLEAVED 0x4000
+#define RPY_NTP_FLAG_AUTHENTICATED 0x8000
+
+typedef struct {
+  IPAddr remote_addr;
+  IPAddr local_addr;
+  uint16_t remote_port;
+  uint8_t leap;
+  uint8_t version;
+  uint8_t mode;
+  uint8_t stratum;
+  int8_t poll;
+  int8_t precision;
+  Float root_delay;
+  Float root_dispersion;
+  uint32_t ref_id;
+  Timespec ref_time;
+  Float offset;
+  Float peer_delay;
+  Float peer_dispersion;
+  Float response_time;
+  Float jitter_asymmetry;
+  uint16_t flags;
+  uint8_t tx_tss_char;
+  uint8_t rx_tss_char;
+  uint32_t total_tx_count;
+  uint32_t total_rx_count;
+  uint32_t total_valid_count;
+  uint32_t reserved[4];
+  int32_t EOR;
+} RPY_NTPData;
+
 typedef struct {
   uint8_t version;
   uint8_t pkt_type;
@@ -641,13 +696,13 @@ typedef struct {
   uint16_t command; /* Which command is being replied to */
   uint16_t reply; /* Which format of reply this is */
   uint16_t status; /* Status of command processing */
-  uint16_t number; /* Which packet this is in reply sequence */
-  uint16_t total; /* Number of replies to expect in this sequence */
-  uint16_t pad1; /* Get up to 4 byte alignment */
+  uint16_t pad1; /* Padding for compatibility and 4 byte alignment */
+  uint16_t pad2;
+  uint16_t pad3;
   uint32_t sequence; /* Echo of client's sequence number */
-  uint32_t utoken; /* Unique token per incarnation of daemon */
-  uint32_t token; /* New command token (only if command was successfully
-                          authenticated) */
+  uint32_t pad4;
+  uint32_t pad5;
+
   union {
     RPY_Null null;
     RPY_N_Sources n_sources;
@@ -656,17 +711,14 @@ typedef struct {
     RPY_Tracking tracking;
     RPY_Sourcestats sourcestats;
     RPY_Rtc rtc;
-    RPY_SubnetsAccessed subnets_accessed;
-    RPY_ClientAccesses client_accesses;
     RPY_ClientAccessesByIndex client_accesses_by_index;
+    RPY_ServerStats server_stats;
     RPY_ManualList manual_list;
     RPY_Activity activity;
+    RPY_Smoothing smoothing;
+    RPY_NTPData ntp_data;
   } data; /* Reply specific parameters */
 
-  /* authentication of the packet, there is no hole after the actual data
-     from the data union, this field only sets the maximum auth size */
-  uint8_t auth[MAX_HASH_LENGTH];
-
 } CMD_Reply;
 
 /* ================================================== */

chrony.1

@@ -1,70 +0,0 @@
-.TH CHRONY 1 "@MAN_DATE@" "chrony @VERSION@" "User's Manual"
-.SH NAME
-chrony \- programs for keeping computer clocks accurate
-
-.SH SYNOPSIS
-\fBchronyc\fR [\fIOPTIONS\fR]
-
-\fBchronyd\fR [\fIOPTIONS\fR]
-
-.SH DESCRIPTION
-\fBchrony\fR is a pair of programs for keeping computer clocks accurate.
-\fIchronyd\fR is a background (daemon) program and \fIchronyc\fR is a
-command-line interface to it. Time reference sources for chronyd can be
-RFC1305 NTP servers, human (via keyboard and \fIchronyc\fR), or the computer's
-real-time clock at boot time (Linux only). chronyd can determine the rate at
-which the computer gains or loses time and compensate for it while no external
-reference is present. Its use of NTP servers can be switched on and off
-(through \fIchronyc\fR) to support computers with dial-up/intermittent access
-to the Internet, and it can also act as an RFC1305-compatible NTP server.
-
-.SH USAGE
-\fIchronyc\fR is a command-line interface program which can be used to
-monitor \fIchronyd\fR's performance and to change various operating
-parameters whilst it is running.
-
-\fIchronyd\fR's main function is to obtain measurements of the true (UTC)
-time from one of several sources, and correct the system clock
-accordingly.  It also works out the rate at which the system clock
-gains or loses time and uses this information to keep it accurate
-between measurements from the reference.
-
-The reference time can be derived from either Network Time Protocol
-(NTP) servers, reference clocks, or wristwatch-and-keyboard (via \fIchronyc\fR).
-The main source of information about the Network Time Protocol is
-\fIhttp://www.ntp.org\fR.
-
-It is designed so that it can work on computers which only have
-intermittent access to reference sources, for example computers which
-use a dial-up account to access the Internet or laptops.  Of course, it
-will work well on computers with permanent connections too.
-
-In addition, on Linux it can monitor the system's real time clock
-performance, so the system can maintain accurate time even across
-reboots.
-
-Typical accuracies available between 2 machines are
-
-On an ethernet LAN : 100-200 microseconds, often much better
-On a V32bis dial-up modem connection : 10's of milliseconds (from one
-session to the next)
-
-With a good reference clock the accuracy can reach one microsecond.
-
-\fIchronyd\fR can also operate as an RFC1305-compatible NTP server and peer.
-
-.SH "SEE ALSO"
-.BR chronyc(1),
-.BR chrony(1)
-
-.I http://chrony.tuxfamily.org/
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part
-of "The Missing Man Pages Project".  Please see
-\fIhttp://www.netmeister.org/misc/m2p2/index.html\fR for details.
-
-The complete chrony documentation is supplied in texinfo format.
-

chrony.conf.5.in

@@ -1,52 +0,0 @@
-.TH chrony.conf 5 "@MAN_DATE@" "chrony @VERSION@" "Configuration Files"
-.SH NAME
-chrony.conf \- chronyd configuration file
-
-.SH SYNOPSIS
-.B @SYSCONFDIR@/chrony.conf
-
-.SH DESCRIPTION
-\fIchrony\fR is a pair of programs for maintaining the accuracy of computer
-clocks. \fIchronyd\fR is a background daemon program that can be started at
-boot time.
-
-Assuming that you have found some servers, you need to set up a
-configuration file to run \fIchrony\fR.  The (compiled-in) default location
-for this file is \fB@SYSCONFDIR@/chrony.conf\fR.  Assuming that your ntp servers
-are called `a.b.c' and `d.e.f', your \fBchrony.conf\fR file could contain
-as a minimum
-
-     server a.b.c
-     server d.e.f
-     server g.h.i
-
-However, you will probably want to include some of the other directives
-described in detail in the documentation supplied with the distribution
-(\fIchrony.txt\fR and \fIchrony.texi\fR). The following directives will be
-particularly useful : `driftfile', `commandkey', `keyfile'.  The smallest
-useful configuration file would look something like
-
-     server a.b.c
-     server d.e.f
-     server g.h.i
-     keyfile @SYSCONFDIR@/chrony.keys
-     commandkey 1
-     driftfile @CHRONYVARDIR@/drift
-
-
-.SH "SEE ALSO"
-.BR chrony(1),
-.BR chronyc(1),
-.BR chronyd(8)
-
-.I http://chrony.tuxfamily.org/
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part of "The Missing
-Man Pages Project".  Please see \fIhttp://www.netmeister.org/misc/m2p2/index.html\fR
-for details.
-
-The complete chrony documentation is supplied in texinfo format.
-

chrony.spec.sample

@@ -1,57 +0,0 @@
-%global chrony_version @@VERSION@@
-%if 0%(echo %{chrony_version} | grep -q pre && echo 1)
-%global prerelease %(echo %{chrony_version} | sed 's/.*-//')
-%endif
-Summary: An NTP client/server
-Name: chrony
-Version: %(echo %{chrony_version} | sed 's/-.*//')
-Release: %{!?prerelease:1}%{?prerelease:0.1.%{prerelease}}
-Source: chrony-%{version}%{?prerelease:-%{prerelease}}.tar.gz
-License: GPLv2
-Group: Applications/Utilities
-BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(id -u -n)
-Requires: info
-
-%description
-chrony is a client and server for the Network Time Protocol (NTP).
-This program keeps your computer's clock accurate. It was specially
-designed to support systems with intermittent Internet connections,
-but it also works well in permanently connected environments. It can
-also use hardware reference clocks, the system real-time clock, or
-manual input as time references.
-
-%prep
-%setup -q -n %{name}-%{version}%{?prerelease:-%{prerelease}}
-
-%build
-./configure \
-	--prefix=%{_prefix} \
-	--bindir=%{_bindir} \
-	--sbindir=%{_sbindir} \
-	--infodir=%{_infodir} \
-	--mandir=%{_mandir}
-make
-make chrony.txt
-make chrony.info
-
-%install
-rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT
-rm -rf $RPM_BUILD_ROOT%{_docdir}
-mkdir -p $RPM_BUILD_ROOT%{_infodir}
-cp chrony.info* $RPM_BUILD_ROOT%{_infodir}
-
-%files
-%{_sbindir}/chronyd
-%{_bindir}/chronyc
-%{_infodir}/chrony.info*
-%{_mandir}/man1/chrony.1.gz
-%{_mandir}/man1/chronyc.1.gz
-%{_mandir}/man5/chrony.conf.5.gz
-%{_mandir}/man8/chronyd.8.gz
-%doc README
-%doc chrony.txt
-%doc COPYING
-%doc examples/chrony.conf.example*
-%doc examples/chrony.keys.example
-

chrony_timex.h

@@ -1,73 +0,0 @@
-/* Taken from /usr/include/linux/timex.h.  Avoids the need to
- * include kernel header files. */
-
-#ifndef CHRONY_TIMEX_H
-#define CHRONY_TIMEX_H
-
-#include <sys/time.h>
-
-struct timex {
-	unsigned int modes;	/* mode selector */
-	long offset;		/* time offset (usec) */
-	long freq;		/* frequency offset (scaled ppm) */
-	long maxerror;		/* maximum error (usec) */
-	long esterror;		/* estimated error (usec) */
-	int status;		/* clock command/status */
-	long constant;		/* pll time constant */
-	long precision;		/* clock precision (usec) (read only) */
-	long tolerance;		/* clock frequency tolerance (ppm)
-				 * (read only)
-				 */
-	struct timeval time;	/* (read only) */
-	long tick;		/* (modified) usecs between clock ticks */
-
-	long ppsfreq;           /* pps frequency (scaled ppm) (ro) */
-	long jitter;            /* pps jitter (us) (ro) */
-	int shift;              /* interval duration (s) (shift) (ro) */
-	long stabil;            /* pps stability (scaled ppm) (ro) */
-	long jitcnt;            /* jitter limit exceeded (ro) */
-	long calcnt;            /* calibration intervals (ro) */
-	long errcnt;            /* calibration errors (ro) */
-	long stbcnt;            /* stability limit exceeded (ro) */
-
-	int  :32; int  :32; int  :32; int  :32;
-	int  :32; int  :32; int  :32; int  :32;
-	int  :32; int  :32; int  :32; int  :32;
-};
-
-#define ADJ_OFFSET		0x0001  /* time offset */
-#define ADJ_FREQUENCY		0x0002	/* frequency offset */
-#define ADJ_MAXERROR		0x0004	/* maximum time error */
-#define ADJ_STATUS		0x0010	/* clock status */
-#define ADJ_TIMECONST		0x0020  /* pll time constant */
-#define ADJ_SETOFFSET		0x0100  /* add 'time' to current time */
-#define ADJ_NANO		0x2000  /* select nanosecond resolution */
-#define ADJ_TICK		0x4000	/* tick value */
-#define ADJ_OFFSET_SINGLESHOT	0x8001	/* old-fashioned adjtime */
-#define ADJ_OFFSET_SS_READ	0xa001  /* read-only adjtime */
-
-#define SHIFT_USEC 16		/* frequency offset scale (shift) */
-
-#define STA_PLL		0x0001	/* enable PLL updates (rw) */
-#define STA_PPSFREQ	0x0002	/* enable PPS freq discipline (rw) */
-#define STA_PPSTIME	0x0004	/* enable PPS time discipline (rw) */
-#define STA_FLL		0x0008	/* select frequency-lock mode (rw) */
-
-#define STA_INS		0x0010	/* insert leap (rw) */
-#define STA_DEL		0x0020	/* delete leap (rw) */
-#define STA_UNSYNC	0x0040	/* clock unsynchronized (rw) */
-#define STA_FREQHOLD	0x0080	/* hold frequency (rw) */
-
-#define STA_PPSSIGNAL	0x0100	/* PPS signal present (ro) */
-#define STA_PPSJITTER	0x0200	/* PPS signal jitter exceeded (ro) */
-#define STA_PPSWANDER	0x0400	/* PPS signal wander exceeded (ro) */
-#define STA_PPSERROR	0x0800	/* PPS signal calibration error (ro) */
-
-#define STA_CLOCKERR	0x1000	/* clock hardware fault (ro) */
-#define STA_NANO	0x2000  /* resolution (0 = us, 1 = ns) (ro) */
-
-/* This doesn't seem to be in any include files !! */
-
-extern int adjtimex(struct timex *);
-
-#endif /* CHRONY_TIMEX_H */

chronyc.1.in

@@ -1,75 +0,0 @@
-.TH CHRONYC 1 "@MAN_DATE@" "chrony @VERSION@" "User's Manual"
-.SH NAME
-chronyc \- command-line interface for chronyd
-
-.SH SYNOPSIS
-.B chronyc
-[\fIOPTIONS\fR]
-
-.SH DESCRIPTION
-\fIchrony\fR is a pair of programs for maintaining the accuracy of computer
-clocks.
-
-\fBchronyc\fR is a command-line interface program which can be used to
-monitor \fIchronyd\fR's performance and to change various operating
-parameters whilst it is running.
-
-.SH USAGE
-A detailed description of all commands supported by \fBchronyc\fR is available
-via the documentation supplied with the distribution (\fIchrony.txt\fR and
-\fIchrony.texi\fR).
-
-.SH OPTIONS
-A summary of the options supported by \fBchronyc\fR is included below.
-
-.TP
-\fB\-h\fR \fIhostname\fR
-specify hostname
-.TP
-\fB\-p\fR \fIport-number\fR
-specify port-number
-.TP
-\fB\-n\fR
-display raw IP addresses (don't attempt to look up hostnames)
-.TP
-\fB\-4\fR
-resolve hostnames only to IPv4 addresses
-.TP
-\fB\-6\fR
-resolve hostnames only to IPv6 addresses
-.TP
-\fB\-m\fR
-allow multiple commands to be specified on the command line.  Each argument
-will be interpreted as a whole command.
-.TP
-\fB\-f\fR \fIconf-file\fR
-This option can be used to specify an alternate location for the
-configuration file (default \fI@SYSCONFDIR@/chrony.conf\fR). The configuration file is
-needed for the \fB-a\fR option.
-.TP
-\fB\-a\fR
-With this option chronyc will try to authenticate automatically on
-start. It will read the configuration file, read the command key from the
-keyfile and run the authhash and password commands.
-.TP
-\fIcommand\fR
-specify command.  If no command is given, chronyc will read commands
-interactively.
-
-.SH BUGS
-To report bugs, please visit \fIhttp://chrony.tuxfamily.org\fR
-
-.SH "SEE ALSO"
-.BR chronyd(8),
-.BR chrony(1)
-
-.I http://chrony.tuxfamily.org/
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part of "The Missing
-Man Pages Project".  Please see \fIhttp://www.netmeister.org/misc/m2p2/index.html\fR
-for details.
-
-The complete chrony documentation is supplied in texinfo format.

chronyd.8.in

@@ -1,139 +0,0 @@
-.TH CHRONYD 8 "@MAN_DATE@" "chrony @VERSION@" "System Administration"
-.SH NAME
-chronyd \- chrony background daemon
-
-.SH SYNOPSIS
-.B chronyd
-[\fIOPTIONS\fR]
-
-.SH DESCRIPTION
-\fIchrony\fR is a pair of programs for maintaining the accuracy of computer
-clocks. \fBchronyd\fR is a background daemon program that can be started at boot
-time.
-
-\fBchronyd\fR is a daemon which runs in background on the
-system.  It obtains measurements (e.g. via the network) of the
-system's offset relative to other systems, and adjusts the system
-time accordingly.  For isolated systems, the user can periodically
-enter the correct time by hand (using \fIchronyc\fR).  In either case,
-\fBchronyd\fR determines the rate at which the computer
-gains or loses time, and compensates for this.
-
-.SH USAGE
-\fBchronyd\fR is usually started at boot-time and requires superuser
-privileges.
-
-If \fBchronyd\fR has been installed to its default location
-\fI@SBINDIR@/chronyd\fR, starting it is simply a matter of entering the
-command:
-
-\fI@SBINDIR@/chronyd\fR
-
-Information messages and warnings will be logged to syslog.
-
-
-.SH OPTIONS
-A summary of the options supported by \fBchronyd\fR is included below.
-
-.TP
-\fB\-P\fR \fIpriority\fR
-This option will select the SCHED_FIFO real-time scheduler at the specified
-priority (which must be between 0 and 100).  This mode is supported only on
-Linux.
-.TP
-.B \-m
-This option will lock chronyd into RAM so that it will never be paged out.
-This mode is only supported on Linux.
-.TP
-.B \-n
-When run in this mode, the program will not detach itself from the
-terminal.
-.TP
-.B \-d
-When run in this mode, the program will not detach itself from the
-terminal, and all messages will be sent to the terminal instead of
-to syslog.
-.TP
-\fB\-f\fR \fIconf-file\fR
-This option can be used to specify an alternate location for the
-configuration file (default \fI@SYSCONFDIR@/chrony.conf\fR).
-.TP
-.B \-r
-This option will reload sample histories for each of the servers being used.
-These histories are created by using the \fIdump\fR command in \fIchronyc\fR,
-or by setting the \fIdumponexit\fR directive in the configuration file.  This
-option is useful if you want to stop and restart \fBchronyd\fR briefly for any
-reason, e.g. to install a new version.  However, it only makes sense on
-systems where the kernel can maintain clock compensation whilst not under
-\fBchronyd\fR's control.  The only version where this happens so far is Linux.
-On systems where this is not the case, e.g. Solaris and SunOS the option
-should not be used.
-.TP
-.B \-R
-When this option is used, the \fIinitstepslew\fR directive and the
-\fImakestep\fR directive used with a positive limit will be ignored. This
-option is useful when restarting \fBchronyd\fR and can be used in conjuction
-with the \fB-r\fR option.
-.TP
-.B \-s
-This option will set the system clock from the computer's real-time
-clock.  This is analogous to supplying the \fI-s\fR flag to the
-\fI/sbin/clock\fR program during the Linux boot sequence.
-
-Support for real-time clocks is limited at present - the criteria
-are described in the section on the \fIrtcfile\fR directive in the
-documentation supplied with the distribution.
-
-If \fBchronyd\fR cannot support the real time clock on your computer,
-this option cannot be used and a warning message will be logged to
-the syslog.
-
-If used in conjunction with the \fB-r\fR flag, \fBchronyd\fR will attempt
-to preserve the old samples after setting the system clock from
-the real time clock.  This can be used to allow \fBchronyd\fR to
-perform long term averaging of the gain or loss rate across system
-reboots, and is useful for dial-up systems that are shut down when
-not in use.  For this to work well, it relies on \fBchronyd\fR having
-been able to determine accurate statistics for the difference
-between the real time clock and system clock last time the
-computer was on.
-.TP
-\fB\-u\fR \fIuser\fR
-When this option is used, chronyd will drop root privileges to the specified
-user.  So far, it works only on Linux when compiled with capabilities support.
-.TP
-.B \-v
-This option displays \fBchronyd\fR's version number to the terminal and exits
-.TP
-.B \-4
-Resolve hostnames only to IPv4 addresses and create only IPv4 sockets.
-.TP
-.B \-6
-Resolve hostnames only to IPv6 addresses and create only IPv6 sockets.
-
-.SH FILES
-\fI@SYSCONFDIR@/chrony.conf\fR
-
-.SH BUGS
-To report bugs, please visit \fIhttp://chrony.tuxfamily.org/\fR
-
-.SH "SEE ALSO"
-\fBchronyd\fR is documented in detail in the documentation supplied with the
-distribution (\fIchrony.txt\fR and \fIchrony.texi\fR) and is also available
-from \fIhttp://go.to/chrony\fR
-
-.BR chrony(1),
-.BR chronyc(1),
-.BR chrony.conf(5),
-.BR hwclock(8),
-.BR ntpd(8)
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part
-of "The Missing Man Pages Project".  Please see
-\fIhttp://www.netmeister.org/misc/m2p2/index.html\fR for details.
-
-The complete chrony documentation is supplied in texinfo format.
-

clientlog.h

@@ -31,55 +31,20 @@
 #include "sysincl.h"
 #include "reports.h"
 
-/* Enough to hold flags for 256 hosts in a class C */
-typedef uint32_t CLG_Bitmap[8];
-
 extern void CLG_Initialise(void);
 extern void CLG_Finalise(void);
-extern void CLG_LogNTPClientAccess(IPAddr *client, time_t now);
-extern void CLG_LogNTPPeerAccess(IPAddr *client, time_t now);
-
-/* When logging command packets, there are several subtypes */
-
-typedef enum {
-  CLG_CMD_AUTH,                 /* authenticated */
-  CLG_CMD_NORMAL,               /* normal */
-  CLG_CMD_BAD_PKT               /* bad version or packet length */
-} CLG_Command_Type;
-
-extern void CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now);
+extern int CLG_GetClientIndex(IPAddr *client);
+extern int CLG_LogNTPAccess(IPAddr *client, struct timespec *now);
+extern int CLG_LogCommandAccess(IPAddr *client, struct timespec *now);
+extern int CLG_LimitNTPResponseRate(int index);
+extern int CLG_LimitCommandResponseRate(int index);
+extern void CLG_GetNtpTimestamps(int index, NTP_int64 **rx_ts, NTP_int64 **tx_ts);
+extern int CLG_GetNtpMinPoll(void);
 
 /* And some reporting functions, for use by chronyc. */
-/* TBD */
-
-typedef enum {
-  CLG_SUCCESS,                  /* All is well */
-  CLG_EMPTYSUBNET,              /* No hosts logged in requested subnet */
-  CLG_BADSUBNET,                /* Subnet requested is not 0, 8, 16 or 24 bits */
-  CLG_INACTIVE,                 /* Facility not active */
-  CLG_INDEXTOOLARGE             /* Node index is higher than number of nodes present */
-} CLG_Status;
-
-/* For bits=0, 8, 16, flag which immediate subnets of that subnet are
-   known.  For bits=24, flag which hosts in that subnet are known.
-   Other values, return 0 (failed) */
-
-extern CLG_Status CLG_GetSubnetBitmap(IPAddr *subnet, int bits, CLG_Bitmap result);
-
-extern CLG_Status
-CLG_GetClientAccessReportByIP(IPAddr *ip, RPT_ClientAccess_Report *report, time_t now);
-
-CLG_Status
-CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *report,
-                                 time_t now, unsigned long *n_indices);
-
-/* And an iterating function, to call 'fn' for each client or peer
-   that has accessed us since 'since'. */
-
-extern void CLG_IterateNTPClients
-(void (*fn)(IPAddr *client, void *arb),
- void *arb,
- time_t since);
 
+extern int CLG_GetNumberOfIndices(void);
+extern int CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *report, struct timespec *now);
+extern void CLG_GetServerStatsReport(RPT_ServerStatsReport *report);
 
 #endif /* GOT_CLIENTLOG_H */

cmdmon.h

@@ -33,6 +33,7 @@ extern void CAM_Initialise(int family);
 
 extern void CAM_Finalise(void);
 
+extern void CAM_OpenUnixSocket(void);
 extern int CAM_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all);
 extern int CAM_CheckAccessRestriction(IPAddr *ip_addr);
 

cmdparse.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2013
+ * Copyright (C) Miroslav Lichvar  2013-2014, 2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -34,163 +34,171 @@
 #include "cmdparse.h"
 #include "memory.h"
 #include "nameserv.h"
+#include "ntp.h"
 #include "util.h"
 
 /* ================================================== */
 
-CPS_Status
+int
 CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src)
 {
   char *hostname, *cmd;
-  int ok, n, done;
-  CPS_Status result;
+  int n;
   
   src->port = SRC_DEFAULT_PORT;
   src->params.minpoll = SRC_DEFAULT_MINPOLL;
   src->params.maxpoll = SRC_DEFAULT_MAXPOLL;
+  src->params.connectivity = SRC_ONLINE;
+  src->params.auto_offline = 0;
   src->params.presend_minpoll = SRC_DEFAULT_PRESEND_MINPOLL;
+  src->params.burst = 0;
+  src->params.iburst = 0;
+  src->params.min_stratum = SRC_DEFAULT_MINSTRATUM;
+  src->params.poll_target = SRC_DEFAULT_POLLTARGET;
+  src->params.version = 0;
+  src->params.max_sources = SRC_DEFAULT_MAXSOURCES;
+  src->params.min_samples = SRC_DEFAULT_MINSAMPLES;
+  src->params.max_samples = SRC_DEFAULT_MAXSAMPLES;
+  src->params.filter_length = 0;
+  src->params.interleaved = 0;
+  src->params.sel_options = 0;
   src->params.authkey = INACTIVE_AUTHKEY;
   src->params.max_delay = SRC_DEFAULT_MAXDELAY;
   src->params.max_delay_ratio = SRC_DEFAULT_MAXDELAYRATIO;
   src->params.max_delay_dev_ratio = SRC_DEFAULT_MAXDELAYDEVRATIO;
-  src->params.online = 1;
-  src->params.auto_offline = 0;
-  src->params.iburst = 0;
-  src->params.min_stratum = SRC_DEFAULT_MINSTRATUM;
-  src->params.poll_target = SRC_DEFAULT_POLLTARGET;
-  src->params.sel_option = SRC_SelectNormal;
+  src->params.min_delay = 0.0;
+  src->params.asymmetry = SRC_DEFAULT_ASYMMETRY;
+  src->params.offset = 0.0;
 
-  result = CPS_Success;
-  
   hostname = line;
   line = CPS_SplitWord(line);
 
-  if (!*hostname) {
-    result = CPS_BadHost;
-    ok = 0;
-  } else {
-    /* Parse subfields */
-    ok = 1;
-    done = 0;
-    do {
-      cmd = line;
-      line = CPS_SplitWord(line);
+  if (!*hostname)
+    return 0;
 
-      if (*cmd) {
-        if (!strcasecmp(cmd, "port")) {
-          if (sscanf(line, "%hu%n", &src->port, &n) != 1) {
-            result = CPS_BadPort;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "minpoll")) {
-          if (sscanf(line, "%d%n", &src->params.minpoll, &n) != 1) {
-            result = CPS_BadMinpoll;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxpoll")) {
-          if (sscanf(line, "%d%n", &src->params.maxpoll, &n) != 1) {
-            result = CPS_BadMaxpoll;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "presend")) {
-          if (sscanf(line, "%d%n", &src->params.presend_minpoll, &n) != 1) {
-            result = CPS_BadPresend;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxdelaydevratio")) {
-          if (sscanf(line, "%lf%n", &src->params.max_delay_dev_ratio, &n) != 1) {
-            result = CPS_BadMaxdelaydevratio;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxdelayratio")) {
-          if (sscanf(line, "%lf%n", &src->params.max_delay_ratio, &n) != 1) {
-            result = CPS_BadMaxdelayratio;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxdelay")) {
-          if (sscanf(line, "%lf%n", &src->params.max_delay, &n) != 1) {
-            result = CPS_BadMaxdelay;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "key")) {
-          if (sscanf(line, "%lu%n", &src->params.authkey, &n) != 1) {
-            result = CPS_BadKey;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "offline")) {
-          src->params.online = 0;
+  src->name = hostname;
 
-        } else if (!strcasecmp(cmd, "auto_offline")) {
-          src->params.auto_offline = 1;
-        
-        } else if (!strcasecmp(cmd, "iburst")) {
-          src->params.iburst = 1;
+  /* Parse options */
+  for (; *line; line += n) {
+    cmd = line;
+    line = CPS_SplitWord(line);
+    n = 0;
 
-        } else if (!strcasecmp(cmd, "minstratum")) {
-          if (sscanf(line, "%d%n", &src->params.min_stratum, &n) != 1) {
-            result = CPS_BadMinstratum;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-
-        } else if (!strcasecmp(cmd, "polltarget")) {
-          if (sscanf(line, "%d%n", &src->params.poll_target, &n) != 1) {
-            result = CPS_BadPolltarget;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-
-        } else if (!strcasecmp(cmd, "noselect")) {
-          src->params.sel_option = SRC_SelectNoselect;
-        
-        } else if (!strcasecmp(cmd, "prefer")) {
-          src->params.sel_option = SRC_SelectPrefer;
-        
-        } else {
-          result = CPS_BadOption;
-          ok = 0;
-          done = 1;
-        }
-      } else {
-        done = 1;
-      }
-    } while (!done);
+    if (!strcasecmp(cmd, "auto_offline")) {
+      src->params.auto_offline = 1;
+    } else if (!strcasecmp(cmd, "burst")) {
+      src->params.burst = 1;
+    } else if (!strcasecmp(cmd, "iburst")) {
+      src->params.iburst = 1;
+    } else if (!strcasecmp(cmd, "offline")) {
+      src->params.connectivity = SRC_OFFLINE;
+    } else if (!strcasecmp(cmd, "noselect")) {
+      src->params.sel_options |= SRC_SELECT_NOSELECT;
+    } else if (!strcasecmp(cmd, "prefer")) {
+      src->params.sel_options |= SRC_SELECT_PREFER;
+    } else if (!strcasecmp(cmd, "require")) {
+      src->params.sel_options |= SRC_SELECT_REQUIRE;
+    } else if (!strcasecmp(cmd, "trust")) {
+      src->params.sel_options |= SRC_SELECT_TRUST;
+    } else if (!strcasecmp(cmd, "key")) {
+      if (sscanf(line, "%"SCNu32"%n", &src->params.authkey, &n) != 1 ||
+          src->params.authkey == INACTIVE_AUTHKEY)
+        return 0;
+    } else if (!strcasecmp(cmd, "asymmetry")) {
+      if (sscanf(line, "%lf%n", &src->params.asymmetry, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "filter")) {
+      if (sscanf(line, "%d%n", &src->params.filter_length, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxdelay")) {
+      if (sscanf(line, "%lf%n", &src->params.max_delay, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxdelayratio")) {
+      if (sscanf(line, "%lf%n", &src->params.max_delay_ratio, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxdelaydevratio")) {
+      if (sscanf(line, "%lf%n", &src->params.max_delay_dev_ratio, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxpoll")) {
+      if (sscanf(line, "%d%n", &src->params.maxpoll, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxsamples")) {
+      if (sscanf(line, "%d%n", &src->params.max_samples, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxsources")) {
+      if (sscanf(line, "%d%n", &src->params.max_sources, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "mindelay")) {
+      if (sscanf(line, "%lf%n", &src->params.min_delay, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "minpoll")) {
+      if (sscanf(line, "%d%n", &src->params.minpoll, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "minsamples")) {
+      if (sscanf(line, "%d%n", &src->params.min_samples, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "minstratum")) {
+      if (sscanf(line, "%d%n", &src->params.min_stratum, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "offset")) {
+      if (sscanf(line, "%lf%n", &src->params.offset, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "port")) {
+      if (sscanf(line, "%hu%n", &src->port, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "polltarget")) {
+      if (sscanf(line, "%d%n", &src->params.poll_target, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "presend")) {
+      if (sscanf(line, "%d%n", &src->params.presend_minpoll, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "version")) {
+      if (sscanf(line, "%d%n", &src->params.version, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "xleave")) {
+      src->params.interleaved = 1;
+    } else {
+      return 0;
+    }
   }
 
-  if (ok) {
-    src->name = strdup(hostname);
+  return 1;
+}
+
+/* ================================================== */
+
+int
+CPS_ParseLocal(char *line, int *stratum, int *orphan, double *distance)
+{
+  int n;
+  char *cmd;
+
+  *stratum = 10;
+  *distance = 1.0;
+  *orphan = 0;
+
+  while (*line) {
+    cmd = line;
+    line = CPS_SplitWord(line);
+
+    if (!strcasecmp(cmd, "stratum")) {
+      if (sscanf(line, "%d%n", stratum, &n) != 1 ||
+          *stratum >= NTP_MAX_STRATUM || *stratum <= 0)
+        return 0;
+    } else if (!strcasecmp(cmd, "orphan")) {
+      *orphan = 1;
+      n = 0;
+    } else if (!strcasecmp(cmd, "distance")) {
+      if (sscanf(line, "%lf%n", distance, &n) != 1)
+        return 0;
+    } else {
+      return 0;
+    }
+
+    line += n;
   }
 
-  return result;
-    
+  return 1;
 }
 
 /* ================================================== */
@@ -203,7 +211,7 @@ CPS_NormalizeLine(char *line)
 
   /* Remove white-space at beginning and replace white-spaces with space char */
   for (p = q = line; *p; p++) {
-    if (isspace(*p)) {
+    if (isspace((unsigned char)*p)) {
       if (!space)
         *q++ = ' ';
       space = 1;
@@ -233,15 +241,15 @@ CPS_SplitWord(char *line)
   char *p = line, *q = line;
 
   /* Skip white-space before the word */
-  while (*q && isspace(*q))
+  while (*q && isspace((unsigned char)*q))
     q++;
 
   /* Move the word to the beginning */
-  while (*q && !isspace(*q))
+  while (*q && !isspace((unsigned char)*q))
     *p++ = *q++;
 
   /* Find the next word */
-  while (*q && isspace(*q))
+  while (*q && isspace((unsigned char)*q))
     q++;
 
   *p = '\0';
@@ -253,7 +261,7 @@ CPS_SplitWord(char *line)
 /* ================================================== */
 
 int
-CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key)
+CPS_ParseKey(char *line, uint32_t *id, const char **hash, char **key)
 {
   char *s1, *s2, *s3, *s4;
 
@@ -266,7 +274,7 @@ CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key)
   if (!*s2 || *s4)
     return 0;
 
-  if (sscanf(s1, "%lu", id) != 1)
+  if (sscanf(s1, "%"SCNu32, id) != 1)
     return 0;
 
   if (*s3) {

cmdparse.h

@@ -30,22 +30,6 @@
 #include "srcparams.h"
 #include "addressing.h"
 
-typedef enum {
-  CPS_Success,
-  CPS_BadOption,
-  CPS_BadHost,
-  CPS_BadPort,
-  CPS_BadMinpoll,
-  CPS_BadMaxpoll,
-  CPS_BadPresend,
-  CPS_BadMaxdelaydevratio,
-  CPS_BadMaxdelayratio,
-  CPS_BadMaxdelay,
-  CPS_BadKey,
-  CPS_BadMinstratum,
-  CPS_BadPolltarget
-} CPS_Status;
-
 typedef struct {
   char *name;
   unsigned short port;
@@ -53,8 +37,11 @@ typedef struct {
 } CPS_NTP_Source;
 
 /* Parse a command to add an NTP server or peer */
-extern CPS_Status CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src);
+extern int CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src);
   
+/* Parse a command to enable local reference */
+extern int CPS_ParseLocal(char *line, int *stratum, int *orphan, double *distance);
+
 /* Remove extra white-space and comments */
 extern void CPS_NormalizeLine(char *line);
 
@@ -62,6 +49,6 @@ extern void CPS_NormalizeLine(char *line);
 extern char *CPS_SplitWord(char *line);
 
 /* Parse a key from keyfile */
-extern int CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key);
+extern int CPS_ParseKey(char *line, uint32_t *id, const char **hash, char **key);
 
 #endif /* GOT_CMDPARSE_H */

conf.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
+ * Copyright (C) Miroslav Lichvar  2013-2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -28,26 +29,30 @@
 #define GOT_CONF_H
 
 #include "addressing.h"
+#include "reference.h"
 
-extern void CNF_SetRestarted(int);
+extern void CNF_Initialise(int restarted, int client_only);
+extern void CNF_Finalise(void);
 
 extern char *CNF_GetRtcDevice(void);
 
 extern void CNF_ReadFile(const char *filename);
+extern void CNF_ParseLine(const char *filename, int number, char *line);
 
+extern void CNF_CreateDirs(uid_t uid, gid_t gid);
+
+extern void CNF_AddInitSources(void);
 extern void CNF_AddSources(void);
 extern void CNF_AddBroadcasts(void);
 extern void CNF_AddRefclocks(void);
 
-extern void CNF_ProcessInitStepSlew(void (*after_hook)(void *), void *anything);
-
-extern unsigned short CNF_GetAcquisitionPort(void);
-extern unsigned short CNF_GetNTPPort(void);
+extern int CNF_GetAcquisitionPort(void);
+extern int CNF_GetNTPPort(void);
 extern char *CNF_GetDriftFile(void);
 extern char *CNF_GetLogDir(void);
 extern char *CNF_GetDumpDir(void);
 extern int CNF_GetLogBanner(void);
-extern int CNF_GetLogMeasurements(void);
+extern int CNF_GetLogMeasurements(int *raw);
 extern int CNF_GetLogStatistics(void);
 extern int CNF_GetLogTracking(void);
 extern int CNF_GetLogRtc(void);
@@ -55,48 +60,83 @@ extern int CNF_GetLogRefclocks(void);
 extern int CNF_GetLogTempComp(void);
 extern char *CNF_GetKeysFile(void);
 extern char *CNF_GetRtcFile(void);
-extern unsigned long CNF_GetCommandKey(void);
-extern int CNF_GetGenerateCommandKey(void);
-extern int CNF_GetDumpOnExit(void);
 extern int CNF_GetManualEnabled(void);
 extern int CNF_GetCommandPort(void);
-extern int CNF_GetRTCOnUTC(void);
-extern int CNF_GetRTCSync(void);
+extern int CNF_GetRtcOnUtc(void);
+extern int CNF_GetRtcSync(void);
 extern void CNF_GetMakeStep(int *limit, double *threshold);
 extern void CNF_GetMaxChange(int *delay, int *ignore, double *offset);
-extern void CNF_GetLogChange(int *enabled, double *threshold);
+extern double CNF_GetLogChange(void);
 extern void CNF_GetMailOnChange(int *enabled, double *threshold, char **user);
 extern int CNF_GetNoClientLog(void);
 extern unsigned long CNF_GetClientLogLimit(void);
 extern void CNF_GetFallbackDrifts(int *min, int *max);
 extern void CNF_GetBindAddress(int family, IPAddr *addr);
+extern void CNF_GetBindAcquisitionAddress(int family, IPAddr *addr);
 extern void CNF_GetBindCommandAddress(int family, IPAddr *addr);
+extern char *CNF_GetBindCommandPath(void);
+extern char *CNF_GetNtpSigndSocket(void);
 extern char *CNF_GetPidFile(void);
+extern REF_LeapMode CNF_GetLeapSecMode(void);
 extern char *CNF_GetLeapSecTimezone(void);
-extern void CNF_GetLinuxHz(int *set, int *hz);
-extern void CNF_GetLinuxFreqScale(int *set, double *freq_scale);
 
 /* Value returned in ppm, as read from file */
 extern double CNF_GetMaxUpdateSkew(void);
 extern double CNF_GetMaxClockError(void);
+extern double CNF_GetMaxDrift(void);
 extern double CNF_GetCorrectionTimeRatio(void);
+extern double CNF_GetMaxSlewRate(void);
 
+extern double CNF_GetMaxDistance(void);
+extern double CNF_GetMaxJitter(void);
 extern double CNF_GetReselectDistance(void);
 extern double CNF_GetStratumWeight(void);
 extern double CNF_GetCombineLimit(void);
 
-extern int CNF_AllowLocalReference(int *stratum);
+extern int CNF_AllowLocalReference(int *stratum, int *orphan, double *distance);
 
 extern void CNF_SetupAccessRestrictions(void);
 
 extern int CNF_GetSchedPriority(void);
 extern int CNF_GetLockMemory(void);
 
-extern void CNF_GetTempComp(char **file, double *interval, double *T0, double *k0, double *k1, double *k2);
+extern int CNF_GetNTPRateLimit(int *interval, int *burst, int *leak);
+extern int CNF_GetCommandRateLimit(int *interval, int *burst, int *leak);
+extern void CNF_GetSmooth(double *max_freq, double *max_wander, int *leap_only);
+extern void CNF_GetTempComp(char **file, double *interval, char **point_file, double *T0, double *k0, double *k1, double *k2);
 
 extern char *CNF_GetUser(void);
 
 extern int CNF_GetMaxSamples(void);
 extern int CNF_GetMinSamples(void);
 
+extern int CNF_GetMinSources(void);
+
+extern double CNF_GetRtcAutotrim(void);
+extern char *CNF_GetHwclockFile(void);
+
+extern int CNF_GetInitSources(void);
+extern double CNF_GetInitStepThreshold(void);
+
+typedef enum {
+  CNF_HWTS_RXFILTER_ANY,
+  CNF_HWTS_RXFILTER_NONE,
+  CNF_HWTS_RXFILTER_NTP,
+  CNF_HWTS_RXFILTER_ALL,
+} CNF_HwTs_RxFilter;
+
+typedef struct {
+  char *name;
+  int minpoll;
+  int min_samples;
+  int max_samples;
+  int nocrossts;
+  CNF_HwTs_RxFilter rxfilter;
+  double precision;
+  double tx_comp;
+  double rx_comp;
+} CNF_HwTsInterface;
+
+extern int CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface);
+
 #endif /* GOT_CONF_H */

configure

@@ -4,34 +4,13 @@
 # chronyd/chronyc - Programs for keeping computer clocks accurate.
 #
 # Copyright (C) Richard P. Curnow  1997-2003
-# Copyright (C) Miroslav Lichvar  2009, 2012
+# Copyright (C) Bryan Christianson  2016
+# Copyright (C) Miroslav Lichvar  2009, 2012-2018
 #
 # =======================================================================
 
-rm -f config.h config.log
-
 # This configure script determines the operating system type and version
 
-if [ "x${CC}" = "x" ]; then
-  MYCC="gcc"
-else
-  MYCC="${CC}"
-fi
-
-if [ "x${CFLAGS}" = "x" ]; then
-  MYCFLAGS="-O2 -g"
-else
-  MYCFLAGS="${CFLAGS}"
-fi
-
-MYCPPFLAGS="${CPPFLAGS}"
-
-if [ "x${MYCC}" = "xgcc" ]; then
-  MYCFLAGS="${MYCFLAGS} -Wmissing-prototypes -Wall"
-fi
-
-MYLDFLAGS="${LDFLAGS}"
-
 # ======================================================================
 # FUNCTIONS
 
@@ -43,9 +22,10 @@ test_code () {
   ldflags=$4
   code=$5
 
-  echo -n "Checking for $name : "
+  printf "%s" "Checking for $name : "
 
   (
+    echo "#include \"config.h\""
     for h in $headers; do
       echo "#include <$h>"
     done
@@ -101,29 +81,47 @@ For better control, use the options below.
   --disable-readline     Disable line editing support
   --without-readline     Don't use GNU readline even if it is available
   --without-editline     Don't use editline even if it is available
-  --readline-dir=DIR     Specify parent of readline include and lib directories
-  --readline-inc-dir=DIR Specify where readline include directory is
-  --readline-lib-dir=DIR Specify where readline lib directory is
+  --with-readline-includes=DIR Specify where readline include directory is
+  --with-readline-library=DIR Specify where readline lib directory is
   --with-ncurses-library=DIR Specify where ncurses lib directory is
+  --disable-sechash      Disable support for hashes other than MD5
+  --without-nettle       Don't use nettle even if it is available
   --without-nss          Don't use NSS even if it is available
   --without-tomcrypt     Don't use libtomcrypt even if it is available
+  --disable-cmdmon       Disable command and monitoring support
+  --disable-ntp          Disable NTP support
+  --disable-refclock     Disable reference clock support
+  --disable-phc          Disable PHC refclock driver
+  --disable-pps          Disable PPS refclock driver
   --disable-ipv6         Disable IPv6 support
-  --disable-pps          Disable PPS API support
   --disable-rtc          Don't include RTC even on Linux
-  --disable-linuxcaps    Disable Linux capabilities support
+  --disable-privdrop     Disable support for dropping root privileges
+  --without-libcap       Don't use libcap even if it is available
+  --enable-scfilter      Enable support for system call filtering
+  --without-seccomp      Don't use seccomp even if it is available
+  --disable-asyncdns     Disable asynchronous name resolving
   --disable-forcednsretry Don't retry on permanent DNS error
+  --without-clock-gettime Don't use clock_gettime() even if it is available
+  --disable-timestamping Disable support for SW/HW timestamping
+  --enable-ntp-signd     Enable support for MS-SNTP authentication in Samba
+  --with-ntp-era=SECONDS Specify earliest assumed NTP time in seconds
+                         since 1970-01-01 [50*365 days ago]
+  --with-user=USER       Specify default chronyd user [root]
+  --with-hwclockfile=PATH Specify default path to hwclock(8) adjtime file
+  --with-pidfile=PATH    Specify default pidfile [/var/run/chrony/chronyd.pid]
+  --with-rtcdevice=PATH  Specify default path to RTC device [/dev/rtc]
   --with-sendmail=PATH   Path to sendmail binary [/usr/lib/sendmail]
-  --enable-trace         Enable tracing
+  --enable-debug         Enable debugging support
 
 Fine tuning of the installation directories:
   --sysconfdir=DIR       chrony.conf location [/etc]
   --bindir=DIR           user executables [EPREFIX/bin]
   --sbindir=DIR          system admin executables [EPREFIX/sbin]
   --datarootdir=DIR      data root [PREFIX/share]
-  --infodir=DIR          info documentation [DATAROOTDIR/info]
   --mandir=DIR           man documentation [DATAROOTDIR/man]
   --docdir=DIR           documentation root [DATAROOTDIR/doc/chrony]
   --localstatedir=DIR    modifiable single-machine data [/var]
+  --chronyrundir=DIR     location for chrony sockets [LOCALSTATEDIR/run/chrony]
   --chronyvardir=DIR     location for chrony data [LOCALSTATEDIR/lib/chrony]
 
 Overriding system detection when cross-compiling:
@@ -155,6 +153,29 @@ add_def () {
   fi
 }
 #}}}
+#{{{ pkg_config
+pkg_config () {
+  type pkg-config > /dev/null 2> /dev/null || return 1
+
+  pkg-config $@ 2> /dev/null
+}
+#}}}
+#{{{ get_features
+get_features () {
+  ff=1
+  for f; do
+    if [ "$ff" = "0" ]; then
+      printf " "
+    fi
+    if grep "define FEAT_$f" config.h > /dev/null; then
+      printf "%s" "+$f"
+    else
+      printf "%s" "-$f"
+    fi
+    ff=0
+  done
+}
+#}}}
 
 # ======================================================================
 
@@ -170,31 +191,54 @@ EXTRA_OBJECTS=""
 EXTRA_DEFS=""
 SYSDEFS=""
 
-# Support for readline (on by default)
+feat_debug=0
+feat_cmdmon=1
+feat_ntp=1
+feat_refclock=1
 feat_readline=1
 try_readline=1
 try_editline=1
+feat_sechash=1
+try_nettle=1
 try_nss=1
 try_tomcrypt=1
 feat_rtc=1
 try_rtc=0
-feat_linuxcaps=1
-try_linuxcaps=0
+feat_droproot=1
+try_libcap=-1
+try_clockctl=0
+feat_scfilter=0
+try_seccomp=-1
+priv_ops=""
 readline_lib=""
 readline_inc=""
 ncurses_lib=""
 feat_ipv6=1
+feat_phc=1
+try_phc=0
 feat_pps=1
 try_setsched=0
 try_lockmem=0
+feat_asyncdns=1
 feat_forcednsretry=1
+try_clock_gettime=1
+try_recvmmsg=1
+feat_timestamping=1
+try_timestamping=0
+feat_ntp_signd=0
+ntp_era_split=""
+use_pthread=0
+default_user="root"
+default_hwclockfile=""
+default_pidfile="/var/run/chrony/chronyd.pid"
+default_rtcdevice="/dev/rtc"
 mail_program="/usr/lib/sendmail"
 
 for option
 do
     case "$option" in
-    --enable-trace )
-      add_def TRACEON
+    --enable-debug )
+      feat_debug=1
     ;;
     --disable-readline )
       feat_readline=0
@@ -232,9 +276,6 @@ do
     --datarootdir=* )
       SETDATAROOTDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
-    --infodir=* )
-      SETINFODIR=`echo $option | sed -e 's/^.*=//;'`
-    ;;
     --mandir=* )
       SETMANDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
@@ -244,27 +285,87 @@ do
     --localstatedir=* )
       SETLOCALSTATEDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --chronyrundir=* | --chronysockdir=* )
+      SETCHRONYRUNDIR=`echo $option | sed -e 's/^.*=//;'`
+    ;;
     --chronyvardir=* )
       SETCHRONYVARDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --disable-cmdmon)
+      feat_cmdmon=0
+    ;;
+    --disable-ntp)
+      feat_ntp=0
+    ;;
+    --disable-refclock)
+      feat_refclock=0
+    ;;
     --disable-rtc)
       feat_rtc=0
     ;;
     --disable-ipv6)
       feat_ipv6=0
     ;;
+    --disable-phc)
+      feat_phc=0
+    ;;
     --disable-pps)
       feat_pps=0
     ;;
-    --disable-linuxcaps)
-      feat_linuxcaps=0
+    --disable-privdrop)
+      feat_droproot=0
+    ;;
+    --without-libcap|--disable-linuxcaps)
+      try_libcap=0
+    ;;
+    --enable-scfilter)
+      feat_scfilter=1
+    ;;
+    --disable-scfilter)
+      feat_scfilter=0
+    ;;
+    --without-seccomp)
+      try_seccomp=0
+    ;;
+    --disable-asyncdns)
+      feat_asyncdns=0
     ;;
     --disable-forcednsretry)
       feat_forcednsretry=0
     ;;
+    --without-clock-gettime)
+      try_clock_gettime=0
+    ;;
+    --disable-timestamping)
+      feat_timestamping=0
+    ;;
+    --enable-ntp-signd)
+      feat_ntp_signd=1
+    ;;
+    --with-ntp-era=* )
+      ntp_era_split=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-user=* )
+      default_user=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-hwclockfile=* )
+      default_hwclockfile=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-pidfile=* )
+      default_pidfile=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-rtcdevice=* )
+      default_rtcdevice=`echo $option | sed -e 's/^.*=//;'`
+    ;;
     --with-sendmail=* )
       mail_program=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --disable-sechash )
+      feat_sechash=0
+    ;;
+    --without-nettle )
+      try_nettle=0
+    ;;
     --without-nss )
       try_nss=0
     ;;
@@ -289,76 +390,206 @@ do
     esac
 done
 
+rm -f config.h config.log
+
 SYSTEM=${OPERATINGSYSTEM}-${MACHINE}
 
-case $SYSTEM in
-    SunOS-sun4* )
-    case $VERSION in
-        4.* )
-            EXTRA_OBJECTS="sys_sunos.o strerror.o"
-            EXTRA_LIBS="-lkvm"
-            add_def SUNOS
-            echo "Configuring for SunOS (" $SYSTEM "version" $VERSION ")"
-        ;;
-        5.* )
-            EXTRA_OBJECTS="sys_solaris.o"
-            EXTRA_LIBS="-lsocket -lnsl -lkvm -lelf"
-            EXTRA_CLI_LIBS="-lsocket -lnsl"
-            add_def SOLARIS
-            echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")"
-        ;;
-    esac
-    ;;
-    Linux* )
-        EXTRA_OBJECTS="sys_linux.o wrap_adjtimex.o"
-        try_linuxcaps=1
+case $OPERATINGSYSTEM in
+    Linux)
+        EXTRA_OBJECTS="sys_generic.o sys_linux.o sys_timex.o sys_posix.o"
+        [ $try_libcap != "0" ] && try_libcap=1
         try_rtc=1
+        [ $try_seccomp != "0" ] && try_seccomp=1
+        try_timestamping=1
         try_setsched=1
         try_lockmem=1
+        try_phc=1
         add_def LINUX
         echo "Configuring for " $SYSTEM
-        if [ "${MACHINE}" = "alpha" ]; then
-           echo "Enabling -mieee"
-           # FIXME: Should really test for GCC
-           MYCFLAGS="$MYCFLAGS -mieee"
+    ;;
+    FreeBSD)
+        # recvmmsg() seems to be broken on FreeBSD 11.0 and it's just
+        # a wrapper around recvmsg()
+        try_recvmmsg=0
+        EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o sys_posix.o"
+        try_setsched=1
+        try_lockmem=1
+        add_def FREEBSD
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIME ADJUSTTIMEX SETTIME BINDSOCKET"
         fi
-    ;;
-
-    BSD/386-i[3456]86|FreeBSD-i386|FreeBSD-amd64 )
-        # Antti Jrvinen <costello@iki.fi> reported that this system can
-        # be supported with the SunOS 4.x driver files.
-        EXTRA_OBJECTS="sys_sunos.o strerror.o"
-        EXTRA_LIBS="-lkvm"
-        add_def SUNOS
-        echo "Configuring for $SYSTEM (using SunOS driver)"
-    ;;
-    NetBSD-* )
-        EXTRA_OBJECTS="sys_netbsd.o"
-        EXTRA_LIBS="-lkvm"
-        SYSDEFS=""
         echo "Configuring for $SYSTEM"
     ;;
-    SunOS-i86pc* )                                          
-        # Doug Woodward <dougw@whistler.com> reported that this configuration
-        # works for Solaris 2.8 / SunOS 5.8 on x86 platforms
-        EXTRA_OBJECTS="sys_solaris.o"                
-        EXTRA_LIBS="-lsocket -lnsl -lkvm -lelf"      
-        EXTRA_CLI_LIBS="-lsocket -lnsl"                              
+    NetBSD)
+        EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o sys_posix.o"
+        try_clockctl=1
+        try_setsched=1
+        try_lockmem=1
+        add_def NETBSD
+        echo "Configuring for $SYSTEM"
+    ;;
+    Darwin)
+        EXTRA_OBJECTS="sys_macosx.o"
+        EXTRA_LIBS="-lresolv"
+        EXTRA_CLI_LIBS="-lresolv"
+        add_def MACOSX
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIME SETTIME BINDSOCKET"
+        fi
+        major=`echo $VERSION | cut -d. -f1`
+        # ntp_adjtime is not available in macOS 10.12 (Darwin 16.x.x) and earlier
+        if [ $major -gt "16" ]; then
+          add_def HAVE_MACOS_SYS_TIMEX
+          EXTRA_OBJECTS="$EXTRA_OBJECTS sys_generic.o sys_netbsd.o sys_timex.o"
+          if [ $feat_droproot = "1" ]; then
+            priv_ops="$priv_ops ADJUSTTIMEX"
+          fi
+        fi
+        echo "Configuring for macOS (" $SYSTEM "macOS version" $VERSION ")"
+    ;;
+    SunOS)
+        EXTRA_OBJECTS="sys_generic.o sys_solaris.o sys_timex.o sys_posix.o"
+        EXTRA_LIBS="-lsocket -lnsl -lresolv"
+        EXTRA_CLI_LIBS="-lsocket -lnsl -lresolv"
+        try_setsched=1
+        try_lockmem=1
         add_def SOLARIS
+        # These are needed to have msg_control in struct msghdr
+        add_def __EXTENSIONS__
+        add_def _XOPEN_SOURCE 1
+        add_def _XOPEN_SOURCE_EXTENDED 1
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIMEX SETTIME BINDSOCKET"
+        fi
         echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")" 
     ;;                                                                        
-    CYGWIN32_NT-i[3456]86 )
-        EXTRA_OBJECTS="sys_winnt.o"
-        EXTRA_LIBS=""
-        add_def WINNT
-        echo "Configuring for Windows NT (Cygwin32)"
-    ;;
     * )
-        echo "Sorry, I don't know how to build this software on your system."
+        echo "error: $SYSTEM is not supported (yet?)"
         exit 1
     ;;
 esac
 
+if [ $feat_debug = "1" ]; then
+  add_def FEAT_DEBUG
+fi
+add_def DEBUG $feat_debug
+
+if [ $feat_cmdmon = "1" ]; then
+  add_def FEAT_CMDMON
+  EXTRA_OBJECTS="$EXTRA_OBJECTS cmdmon.o manual.o pktlength.o"
+fi
+
+if [ $feat_ntp = "1" ]; then
+  add_def FEAT_NTP
+  EXTRA_OBJECTS="$EXTRA_OBJECTS ntp_core.o ntp_io.o ntp_sources.o"
+  if [ $feat_ntp_signd = "1" ]; then
+    add_def FEAT_SIGND
+    EXTRA_OBJECTS="$EXTRA_OBJECTS ntp_signd.o"
+  fi
+else
+  feat_asyncdns=0
+  feat_timestamping=0
+fi
+
+if [ "$feat_cmdmon" = "1" ] || [ $feat_ntp = "1" ]; then
+  EXTRA_OBJECTS="$EXTRA_OBJECTS addrfilt.o clientlog.o keys.o nameserv.o"
+else
+  feat_ipv6=0
+fi
+
+if [ $feat_refclock = "1" ]; then
+  add_def FEAT_REFCLOCK
+  EXTRA_OBJECTS="$EXTRA_OBJECTS refclock.o refclock_phc.o refclock_pps.o refclock_shm.o refclock_sock.o"
+fi
+
+MYCC="$CC"
+MYCFLAGS="$CFLAGS"
+MYCPPFLAGS="$CPPFLAGS"
+MYLDFLAGS="$LDFLAGS"
+
+if [ "x$MYCC" = "x" ]; then
+  for cc in gcc clang cc ""; do
+    if [ "x$cc" = "x" ]; then
+      echo "error: no C compiler found"
+      exit 1
+    fi
+    MYCC=$cc
+    if test_code "$MYCC" '' '' '' ''; then
+      break
+    fi
+  done
+else
+  if ! test_code "$MYCC" '' '' '' ''; then
+    echo "error: C compiler $MYCC cannot create executables"
+    exit 1
+  fi
+fi
+
+if [ "x$MYCFLAGS" = "x" ]; then
+  MYCFLAGS="-O2 -g"
+
+  TESTCFLAGS="-D_FORTIFY_SOURCE=2 -fPIE"
+  TESTLDFLAGS="-pie -Wl,-z,relro,-z,now"
+  if test_code 'hardening compiler options' '' "$TESTCFLAGS" "$TESTLDFLAGS" ''; then
+    MYCFLAGS="$MYCFLAGS $TESTCFLAGS"
+    MYLDFLAGS="$MYLDFLAGS $TESTLDFLAGS"
+  fi
+  TESTCFLAGS="-fstack-protector-strong --param=ssp-buffer-size=4"
+  if test_code '-fstack-protector-strong' '' "$TESTCFLAGS" '' ''; then
+    MYCFLAGS="$MYCFLAGS $TESTCFLAGS"
+  else
+    TESTCFLAGS="-fstack-protector --param=ssp-buffer-size=4"
+    if test_code '-fstack-protector' '' "$TESTCFLAGS" '' ''; then
+      MYCFLAGS="$MYCFLAGS $TESTCFLAGS"
+    fi
+  fi
+fi
+
+if [ "x$MYCC" = "xgcc" ] || [ "x$MYCC" = "xclang" ]; then
+  MYCFLAGS="$MYCFLAGS -Wmissing-prototypes -Wall"
+fi
+
+if test_code '64-bit time_t' 'time.h' '' '' '
+  char x[sizeof(time_t) > 4 ? 1 : -1] = {0};
+  return x[0];'
+then
+  add_def HAVE_LONG_TIME_T 1
+
+  if [ "x$ntp_era_split" != "x" ]; then
+    split_seconds=$ntp_era_split
+    split_days=0
+  else
+    if [ "x$SOURCE_DATE_EPOCH" != "x" ]; then
+      split_seconds=$SOURCE_DATE_EPOCH
+    else
+      split_seconds=`date '+%s'`
+    fi
+    if [ "x$split_seconds" = "x" ]; then
+      echo "error: could not get current time, --with-ntp-era option is needed"
+      exit 1
+    fi
+    split_days=$((50 * 365))
+  fi
+
+  add_def NTP_ERA_SPLIT "(${split_seconds}LL - $split_days * 24 * 3600)"
+
+  date_format='+%Y-%m-%dT%H:%M:%SZ'
+
+  # Print the full NTP interval if a suitable date is found
+  if [ "x`date -u -d '1970-01-01 UTC 9 days ago 5 seconds 3 seconds' \
+    $date_format 2> /dev/null`" = "x1969-12-23T00:00:08Z" ]
+  then
+    time1="`date -u -d "1970-01-01 UTC $split_days days ago $split_seconds seconds" \
+      $date_format`"
+    time2="`date -u -d "1970-01-01 UTC $split_days days ago $split_seconds seconds 4294967296 seconds" \
+      $date_format`"
+    echo "NTP time mapped to $time1/$time2"
+  fi
+fi
+
 MATHCODE='return (int) pow(2.0, log(sqrt((double)argc)));'
 if test_code 'math' 'math.h' '' '' "$MATHCODE"; then
   LIBS=""
@@ -366,34 +597,33 @@ else
   if test_code 'math in -lm' 'math.h' '' '-lm' "$MATHCODE"; then
     LIBS="-lm"
   else
-    echo "Can't compile/link a program which uses sqrt(), log(), pow(), bailing out"
+    echo "error: could not compile/link a program which uses sqrt(), log(), pow()"
     exit 1
   fi
 fi
   
-if test_code '<stdint.h>' 'stdint.h' '' '' ''; then
-  add_def HAS_STDINT_H
-fi
-
-if test_code '<inttypes.h>' 'inttypes.h' '' '' ''; then
-  add_def HAS_INTTYPES_H
+if test_code 'struct in_pktinfo' 'sys/socket.h netinet/in.h' '' '' '
+  struct in_pktinfo ipi;
+  return sizeof (ipi.ipi_spec_dst.s_addr) + IP_PKTINFO;'
+then
+  add_def HAVE_IN_PKTINFO
 fi
 
 if [ $feat_ipv6 = "1" ] && \
-  test_code 'IPv6 support' 'arpa/inet.h sys/socket.h netinet/in.h' '' '' '
+  test_code 'IPv6 support' 'arpa/inet.h sys/socket.h netinet/in.h' '' "$EXTRA_LIBS" '
     struct sockaddr_in6 n;
     char p[100];
     n.sin6_addr = in6addr_any;
     return !inet_ntop(AF_INET6, &n.sin6_addr.s6_addr, p, sizeof(p));'
 then
-  add_def HAVE_IPV6
-  if test_code 'in6_pktinfo' 'sys/socket.h netinet/in.h' '' '' '
-    return sizeof(struct in6_pktinfo);'
+  add_def FEAT_IPV6
+  if test_code 'struct in6_pktinfo' 'sys/socket.h netinet/in.h' '' '' '
+    return sizeof (struct in6_pktinfo) + IPV6_PKTINFO;'
   then
     add_def HAVE_IN6_PKTINFO
   else
-    if test_code 'in6_pktinfo with _GNU_SOURCE' 'sys/socket.h netinet/in.h' \
-      '-D_GNU_SOURCE' '' 'return sizeof(struct in6_pktinfo);'
+    if test_code 'struct in6_pktinfo with _GNU_SOURCE' 'sys/socket.h netinet/in.h' \
+      '-D_GNU_SOURCE' '' 'return sizeof (struct in6_pktinfo) + IPV6_PKTINFO;'
     then
       add_def _GNU_SOURCE
       add_def HAVE_IN6_PKTINFO
@@ -401,13 +631,94 @@ then
   fi
 fi
 
+if [ $try_clock_gettime = "1" ]; then
+  if test_code 'clock_gettime()' 'time.h' '' '' \
+    'clock_gettime(CLOCK_REALTIME, NULL);'
+  then
+    add_def HAVE_CLOCK_GETTIME
+  else
+    if test_code 'clock_gettime() in -lrt' 'time.h' '' '-lrt' \
+      'clock_gettime(CLOCK_REALTIME, NULL);'
+    then
+      add_def HAVE_CLOCK_GETTIME
+      EXTRA_LIBS="$EXTRA_LIBS -lrt"
+    fi
+  fi
+fi
+
+if test_code 'getaddrinfo()' 'sys/types.h sys/socket.h netdb.h' '' "$EXTRA_LIBS" \
+  'return getaddrinfo(0, 0, 0, 0);'
+then
+  add_def HAVE_GETADDRINFO
+fi
+
+if [ $feat_asyncdns = "1" ] && \
+  test_code 'pthread' 'pthread.h' '-pthread' '' \
+    'return (int)pthread_create((void *)1, NULL, (void *)1, NULL);'
+then
+  add_def FEAT_ASYNCDNS
+  add_def USE_PTHREAD_ASYNCDNS
+  EXTRA_OBJECTS="$EXTRA_OBJECTS nameserv_async.o"
+  use_pthread=1
+fi
+
+if test_code 'arc4random_buf()' 'stdlib.h' '' '' 'arc4random_buf(NULL, 0);'; then
+  add_def HAVE_ARC4RANDOM
+fi
+
+if test_code 'getrandom()' 'stdlib.h sys/random.h' '' '' \
+    'return getrandom(NULL, 256, 0);'; then
+  add_def HAVE_GETRANDOM
+fi
+
+RECVMMSG_CODE='
+  struct mmsghdr hdr;
+  return !recvmmsg(0, &hdr, 1, MSG_DONTWAIT, 0);'
+if [ $try_recvmmsg = "1" ]; then
+  if test_code 'recvmmsg()' 'sys/socket.h' '' "$EXTRA_LIBS" "$RECVMMSG_CODE"; then
+    add_def HAVE_RECVMMSG
+  else
+    if test_code 'recvmmsg() with _GNU_SOURCE' 'sys/socket.h' '-D_GNU_SOURCE' \
+      "$EXTRA_LIBS" "$RECVMMSG_CODE"
+    then
+      add_def _GNU_SOURCE
+      add_def HAVE_RECVMMSG
+    fi
+  fi
+fi
+
+if [ $feat_timestamping = "1" ] && [ $try_timestamping = "1" ] &&
+  test_code 'SW/HW timestamping' 'sys/types.h sys/socket.h linux/net_tstamp.h
+                                  linux/errqueue.h linux/ptp_clock.h' '' '' '
+    int val = SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_RX_SOFTWARE |
+              SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_OPT_CMSG;
+    return sizeof (struct scm_timestamping) + SCM_TSTAMP_SND + PTP_SYS_OFFSET +
+           setsockopt(0, SOL_SOCKET, SO_SELECT_ERR_QUEUE + SO_TIMESTAMPING,
+                      &val, sizeof (val));'
+then
+  add_def HAVE_LINUX_TIMESTAMPING
+  EXTRA_OBJECTS="$EXTRA_OBJECTS hwclock.o ntp_io_linux.o"
+
+  if test_code 'other timestamping options' \
+    'sys/types.h sys/socket.h linux/net_tstamp.h' '' '' '
+    struct scm_ts_pktinfo pktinfo;
+    pktinfo.if_index = pktinfo.pkt_length = 0;
+    return pktinfo.if_index + pktinfo.pkt_length + HWTSTAMP_FILTER_NTP_ALL +
+           SCM_TIMESTAMPING_PKTINFO +
+           SOF_TIMESTAMPING_OPT_PKTINFO + SOF_TIMESTAMPING_OPT_TX_SWHW;'; then
+    add_def HAVE_LINUX_TIMESTAMPING_RXFILTER_NTP 1
+    add_def HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO 1
+    add_def HAVE_LINUX_TIMESTAMPING_OPT_TX_SWHW 1
+  fi
+fi
+
 timepps_h=""
-if [ $feat_pps = "1" ]; then
-  if test_code '<sys/timepps.h>' 'sys/timepps.h' '' '' ''; then
+if [ $feat_refclock = "1" ] && [ $feat_pps = "1" ]; then
+  if test_code '<sys/timepps.h>' 'inttypes.h time.h sys/timepps.h' '' '' ''; then
     timepps_h="sys/timepps.h"
     add_def HAVE_SYS_TIMEPPS_H
   else
-    if test_code '<timepps.h>' 'timepps.h' '' '' ''; then
+    if test_code '<timepps.h>' 'inttypes.h time.h timepps.h' '' '' ''; then
       timepps_h="timepps.h"
       add_def HAVE_TIMEPPS_H
     fi
@@ -415,24 +726,51 @@ if [ $feat_pps = "1" ]; then
 fi
 
 if [ "x$timepps_h" != "x" ] && \
-  test_code 'PPSAPI' "string.h $timepps_h" '' '' '
-    pps_handle_t h;
+  test_code 'PPSAPI' "inttypes.h string.h time.h $timepps_h" '' '' '
+    pps_handle_t h = 0;
     pps_info_t i;
     struct timespec ts;
     return time_pps_fetch(h, PPS_TSFMT_TSPEC, &i, &ts);'
 then
-  add_def HAVE_PPSAPI
+  add_def FEAT_PPS
 fi
 
-if [ $feat_linuxcaps = "1" ] && [ $try_linuxcaps = "1" ] && \
+if [ $feat_droproot = "1" ] && [ $try_libcap = "1" ] && \
   test_code \
-    linuxcaps \
+    libcap \
     'sys/types.h pwd.h sys/prctl.h sys/capability.h grp.h' \
     '' '-lcap' \
     'prctl(PR_SET_KEEPCAPS, 1);cap_set_proc(cap_from_text("cap_sys_time=ep"));'
 then
-    add_def FEAT_LINUXCAPS
-    EXTRA_LIBS="-lcap"
+    add_def FEAT_PRIVDROP
+    EXTRA_LIBS="$EXTRA_LIBS -lcap"
+fi
+
+if [ $feat_droproot = "1" ] && [ $try_clockctl = "1" ] && \
+  test_code '<sys/clockctl.h>' 'sys/clockctl.h' '' '' ''
+then
+  add_def FEAT_PRIVDROP
+  priv_ops="BINDSOCKET"
+fi
+
+if [ $feat_scfilter = "1" ] && [ $try_seccomp = "1" ] && \
+  test_code seccomp 'seccomp.h' '' '-lseccomp' \
+    'seccomp_init(SCMP_ACT_KILL);'
+then
+  add_def FEAT_SCFILTER
+  # NAME2IPADDRESS shouldn't be enabled with other operations as the helper
+  # process works on one request at the time and the async resolver could
+  # block the main thread
+  priv_ops="NAME2IPADDRESS RELOADDNS"
+  EXTRA_LIBS="$EXTRA_LIBS -lseccomp"
+fi
+
+if [ "x$priv_ops" != "x" ]; then
+  EXTRA_OBJECTS="$EXTRA_OBJECTS privops.o"
+  add_def PRIVOPS_HELPER
+  for o in $priv_ops; do
+    add_def PRIVOPS_$o
+  done
 fi
 
 if [ $feat_rtc = "1" ] && [ $try_rtc = "1" ] && \
@@ -443,34 +781,51 @@ then
     add_def FEAT_RTC
 fi
 
+if [ $feat_refclock = "1" ] && [ $feat_phc = "1" ] && [ $try_phc = "1" ] && \
+  grep '#define HAVE_CLOCK_GETTIME' config.h > /dev/null && \
+  test_code '<linux/ptp_clock.h>' 'sys/ioctl.h linux/ptp_clock.h' '' '' \
+    'ioctl(1, PTP_CLOCK_GETCAPS + PTP_SYS_OFFSET, 0);'
+then
+  grep 'HAVE_LINUX_TIMESTAMPING' config.h > /dev/null ||
+    EXTRA_OBJECTS="$EXTRA_OBJECTS hwclock.o"
+  add_def FEAT_PHC
+fi
+
 if [ $try_setsched = "1" ] && \
   test_code \
-    'sched_setscheduler()' \
-    'sched.h' '' '' '
+    'pthread_setschedparam()' \
+    'pthread.h sched.h' '-pthread' '' '
      struct sched_param sched;
      sched_get_priority_max(SCHED_FIFO);
-     sched_setscheduler(0, SCHED_FIFO, &sched);'
+     pthread_setschedparam(pthread_self(), SCHED_FIFO, &sched);'
 then
-  add_def HAVE_SCHED_SETSCHEDULER
+  add_def HAVE_PTHREAD_SETSCHEDPARAM
+  use_pthread=1
 fi
 
 if [ $try_lockmem = "1" ] && \
   test_code \
     'mlockall()' \
-    'sys/mman.h sys/resource.h' '' '' '
-     struct rlimit rlim;
-     setrlimit(RLIMIT_MEMLOCK, &rlim);
+    'sys/mman.h' '' '' '
      mlockall(MCL_CURRENT|MCL_FUTURE);'
 then
   add_def HAVE_MLOCKALL
 fi
+if [ $try_lockmem = "1" ] && \
+  test_code \
+    'setrlimit(RLIMIT_MEMLOCK, ...)' \
+    'sys/resource.h' '' '' '
+     struct rlimit rlim;
+     setrlimit(RLIMIT_MEMLOCK, &rlim);'
+then
+  add_def HAVE_SETRLIMIT_MEMLOCK
+fi
 
 if [ $feat_forcednsretry = "1" ]
 then
   add_def FORCE_DNSRETRY
 fi
 
-READLINE_COMPILE=""
 READLINE_LINK=""
 if [ $feat_readline = "1" ]; then
   if [ $try_editline = "1" ]; then
@@ -480,19 +835,19 @@ if [ $feat_readline = "1" ]; then
     then
       add_def FEAT_READLINE
       add_def USE_EDITLINE
-      READLINE_COMPILE="$readline_inc"
+      MYCPPFLAGS="$MYCPPFLAGS $readline_inc"
       READLINE_LINK="$readline_lib -ledit"
     fi
   fi
 
   if [ "x$READLINE_LINK" = "x" ] && [ $try_readline = "1" ]; then
     if test_code readline 'stdio.h readline/readline.h readline/history.h' \
-      "$readline_inc" "$readline_lib $ncurses_lib -lreadline" \
+      "$readline_inc" "$readline_lib -lreadline" \
       'add_history(readline("prompt"));'
     then
       add_def FEAT_READLINE
-      READLINE_COMPILE="$readline_inc"
-      READLINE_LINK="$readline_lib $ncurses_lib -lreadline"
+      MYCPPFLAGS="$MYCPPFLAGS $readline_inc"
+      READLINE_LINK="$readline_lib -lreadline"
     fi
   fi
 
@@ -503,41 +858,63 @@ if [ $feat_readline = "1" ]; then
       'add_history(readline("prompt"));'
     then
       add_def FEAT_READLINE
-      READLINE_COMPILE="$readline_inc"
+      MYCPPFLAGS="$MYCPPFLAGS $readline_inc"
       READLINE_LINK="$readline_lib $ncurses_lib -lreadline -lncurses"
     fi
   fi
+
+  EXTRA_CLI_LIBS="$EXTRA_CLI_LIBS $READLINE_LINK"
 fi
 
 HASH_OBJ="hash_intmd5.o"
-HASH_COMPILE=""
 HASH_LINK=""
 
-if [ $try_nss = "1" ]; then
-  test_cflags="`pkg-config --cflags nss`"
-  test_link="`pkg-config --libs-only-L nss` -lfreebl3"
+if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ]  && [ $try_nettle = "1" ]; then
+  test_cflags="`pkg_config --cflags nettle`"
+  test_link="`pkg_config --libs nettle`"
+  if test_code 'nettle' 'nettle/nettle-meta.h nettle/sha2.h' \
+    "$test_cflags" "$test_link" \
+    'return nettle_hashes[0]->context_size;'
+  then
+    HASH_OBJ="hash_nettle.o"
+    HASH_LINK="$test_link"
+    LIBS="$LIBS $HASH_LINK"
+    MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
+    add_def FEAT_SECHASH
+  fi
+fi
+
+if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ]  && [ $try_nss = "1" ]; then
+  test_cflags="`pkg_config --cflags nss`"
+  test_link="`pkg_config --libs-only-L nss` -lfreebl3"
   if test_code 'NSS' 'nss.h hasht.h nsslowhash.h' \
     "$test_cflags" "$test_link" \
     'NSSLOWHASH_Begin(NSSLOWHASH_NewContext(NSSLOW_Init(), HASH_AlgSHA512));'
   then
     HASH_OBJ="hash_nss.o"
-    HASH_COMPILE="$test_cflags"
     HASH_LINK="$test_link"
-    add_def GENERATE_SHA1_KEY
+    LIBS="$LIBS $HASH_LINK"
+    MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
+    add_def FEAT_SECHASH
   fi
 fi
 
-if [ "x$HASH_LINK" = "x" ] && [ $try_tomcrypt = "1" ]; then
+if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_tomcrypt = "1" ]; then
   if test_code 'tomcrypt' 'tomcrypt.h' '-I/usr/include/tomcrypt' '-ltomcrypt' \
     'hash_memory_multi(find_hash("md5"), NULL, NULL, NULL, 0, NULL, 0);'
   then
     HASH_OBJ="hash_tomcrypt.o"
-    HASH_COMPILE="-I/usr/include/tomcrypt"
     HASH_LINK="-ltomcrypt"
-    add_def GENERATE_SHA1_KEY
+    LIBS="$LIBS $HASH_LINK"
+    MYCPPFLAGS="$MYCPPFLAGS -I/usr/include/tomcrypt"
+    add_def FEAT_SECHASH
   fi
 fi
 
+if [ $use_pthread = "1" ]; then
+  MYCFLAGS="$MYCFLAGS -pthread"
+fi
+
 SYSCONFDIR=/etc
 if [ "x$SETSYSCONFDIR" != "x" ]; then
   SYSCONFDIR=$SETSYSCONFDIR
@@ -568,11 +945,6 @@ if [ "x$SETDATAROOTDIR" != "x" ]; then
   DATAROOTDIR=$SETDATAROOTDIR
 fi
 
-INFODIR=${DATAROOTDIR}/info
-if [ "x$SETINFODIR" != "x" ]; then
-  INFODIR=$SETINFODIR
-fi
-
 MANDIR=${DATAROOTDIR}/man
 if [ "x$SETMANDIR" != "x" ]; then
   MANDIR=$SETMANDIR
@@ -588,44 +960,64 @@ if [ "x$SETLOCALSTATEDIR" != "x" ]; then
   LOCALSTATEDIR=$SETLOCALSTATEDIR
 fi
 
+CHRONYRUNDIR=${LOCALSTATEDIR}/run/chrony
+if [ "x$SETCHRONYRUNDIR" != "x" ]; then
+  CHRONYRUNDIR=$SETCHRONYRUNDIR
+fi
+
 CHRONYVARDIR=${LOCALSTATEDIR}/lib/chrony
 if [ "x$SETCHRONYVARDIR" != "x" ]; then
   CHRONYVARDIR=$SETCHRONYVARDIR
 fi
 
 add_def DEFAULT_CONF_FILE "\"$SYSCONFDIR/chrony.conf\""
+add_def DEFAULT_HWCLOCK_FILE "\"$default_hwclockfile\""
+add_def DEFAULT_PID_FILE "\"$default_pidfile\""
+add_def DEFAULT_RTC_DEVICE "\"$default_rtcdevice\""
+add_def DEFAULT_USER "\"$default_user\""
+add_def DEFAULT_COMMAND_SOCKET "\"$CHRONYRUNDIR/chronyd.sock\""
 add_def MAIL_PROGRAM "\"$mail_program\""
 
+common_features="`get_features SECHASH IPV6 DEBUG`"
+chronyc_features="`get_features READLINE`"
+chronyd_features="`get_features CMDMON NTP REFCLOCK RTC PRIVDROP SCFILTER SIGND ASYNCDNS`"
+add_def CHRONYC_FEATURES "\"$chronyc_features $common_features\""
+add_def CHRONYD_FEATURES "\"$chronyd_features $common_features\""
+echo "Features : $chronyd_features $chronyc_features $common_features"
+
 if [ -f version.txt ]; then
-  add_def CHRONY_VERSION "\"`cat version.txt`\""
+  CHRONY_VERSION="`cat version.txt`"
 else
-  add_def CHRONY_VERSION "\"DEVELOPMENT\""
+  CHRONY_VERSION="DEVELOPMENT"
 fi
 
-for f in Makefile chrony.conf.5 chrony.texi chronyc.1 chronyd.8
+add_def CHRONY_VERSION "\"${CHRONY_VERSION}\""
+
+for f in Makefile doc/Makefile test/unit/Makefile
 do
   echo Creating $f
   sed -e "s%@EXTRA_OBJECTS@%${EXTRA_OBJECTS}%;\
           s%@CC@%${MYCC}%;\
           s%@CFLAGS@%${MYCFLAGS}%;\
-          s%@CPPFLAGS@%${CPPFLAGS}%;\
+          s%@CPPFLAGS@%${MYCPPFLAGS}%;\
           s%@LIBS@%${LIBS}%;\
           s%@LDFLAGS@%${MYLDFLAGS}%;\
           s%@EXTRA_LIBS@%${EXTRA_LIBS}%;\
           s%@EXTRA_CLI_LIBS@%${EXTRA_CLI_LIBS}%;\
-          s%@READLINE_COMPILE@%${READLINE_COMPILE}%;\
-          s%@READLINE_LINK@%${READLINE_LINK}%;\
           s%@HASH_OBJ@%${HASH_OBJ}%;\
-          s%@HASH_LINK@%${HASH_LINK}%;\
-          s%@HASH_COMPILE@%${HASH_COMPILE}%;\
           s%@SYSCONFDIR@%${SYSCONFDIR}%;\
           s%@BINDIR@%${BINDIR}%;\
           s%@SBINDIR@%${SBINDIR}%;\
           s%@DOCDIR@%${DOCDIR}%;\
           s%@MANDIR@%${MANDIR}%;\
-          s%@INFODIR@%${INFODIR}%;\
           s%@LOCALSTATEDIR@%${LOCALSTATEDIR}%;\
-          s%@CHRONYVARDIR@%${CHRONYVARDIR}%;"\
+          s%@CHRONYRUNDIR@%${CHRONYRUNDIR}%;\
+          s%@CHRONYVARDIR@%${CHRONYVARDIR}%;\
+          s%@DEFAULT_HWCLOCK_FILE@%${default_hwclockfile}%;\
+          s%@DEFAULT_PID_FILE@%${default_pidfile}%;\
+          s%@DEFAULT_RTC_DEVICE@%${default_rtcdevice}%;\
+          s%@DEFAULT_USER@%${default_user}%;\
+          s%@CHRONY_VERSION@%${CHRONY_VERSION}%;" \
           < ${f}.in > $f
 done
 

contrib/DNSchrony/COPYING

@@ -1,339 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.

contrib/DNSchrony/DNSchrony.pl

@@ -1,583 +0,0 @@
-#!/usr/bin/perl
-#                Copyright (C) Paul Elliott 2002
-my($copyrighttext) =  <<'EOF';
-#                Copyright (C) Paul Elliott 2002
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program; if not, write to the Free Software
-#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#   SEE COPYING FOR DETAILS
-EOF
-
-#modules we use.
-
-use Socket;
-use Getopt::Std;
-use Net::DNS;
-use Tie::Syslog;
-use File::Temp qw/ :mktemp  /;
-use File::Copy;
-
-local($res) = new Net::DNS::Resolver;
-
-#dns lookup of IP address.
-#returns ip or errorstring.
-sub gethostaddr($)                                 #get ip address from host
-{
-  my($host) = shift;
-  $query = $res->search($host);
-  if ($query) {
-    foreach $rr ($query->answer) {
-      next unless $rr->type eq "A";
-      print $rr->address, "\n" if  $pedebug;
-      return $rr->address;
-    }
-  } else {
-    print "query failed: ", $res->errorstring, "\n" if $pedebug;
-    return $res->errorstring;
-  }	
-
-}
-
-#send messages to syslog
-
-sub Log($$)
-  {
-    if ($log) {
-      my($level) = shift;
-      my($mess) =shift;
-
-      tie *MYLOG, 'Tie::Syslog',$level,$0,'pid','unix';
-      print MYLOG $mess;
-
-      untie *MYLOG;
-    }
-  }
-
-#send message to output or syslog
-#and die.
-
-sub BadDie($)
-{
-  my($myerr) =$!;
-  my($mess)=shift;
-
-  if($log){
-      tie *MYLOG, 'Tie::Syslog','local0.err',$0,'pid','unix';
-      print MYLOG $mess;
-      print MYLOG $myerr;
-
-      untie *MYLOG;
-
-  } else {
-    print "$mess\n$myerr\n";
-  }
-  die $mess;
-}
-
-sub isIpAddr($)                     #return true if looks like ip address
-{
-  my($ip) = shift;
-  return 1 if ( $ip =~ m/$ipOnlyPAT/ );
-  return 0;
-}
-sub isHostname($)                     #return true if looks like ip address
-{
-  my($ip) = shift;
-  return 1 if ( $ip =~ m/$hostnameOnlyPAT/ );
-  return 0;
-}
-
-#send commands to chronyc by piping.
-sub chronyc($)                              #send commands to chronyc
-{
-  my($command) = shift;
-  my($err) = "/var/tmp/chronyc.log";
-  my($chronyP) = "/usr/local/bin/chronyc";
-  open(CHRONY, "| $chronyP 1>$err 2>&1");
-
-  print CHRONY "$passwd$command\n";
-
-  close(CHRONY);
-
-  Log('local0.info',"chronyc command issued=$command");
-                                   #look at status lines till return bad.
-  open( IN, "<$err");
-  my($status);
-  while (<IN>) {
-  $status = $_;
-
-    unless ( m/\A200 OK/ ) {
-      last;
-    }
-
-  }
-
-  $status ="" if ( $status =~ m/\A200 OK/ );
-  close(IN);
-  unlink $err;
-  Log('local0.info',"chronyc results=$status");
-  return $status;
-
-}
-
-#common patterns
-
-# an ip address patern
-local($ipPAT) = qr/\d{1,3}(?:\.\d{1,3}){3}/;
-# an hostname pattern
-local($hostnamePAT) = qr/\w+(?:\.\w+)*/;
-#line with hostname only
-local($hostnameOnlyPAT) = qr/\A$hostnamePAT\Z/;
-#line with ip address only
-local($ipOnlyPAT) =qr/\A$ipPAT\Z/;
-
-#options hash
-my(%opts);
-
-
-getopts('nuadslPSC', \%opts);
-
-local($log) = ( $opts{'l'} ) ? 1 : 0;
-
-my($offline) = !( $opts{'n'} ) ;
-my($offlineS) = ( $opts{'n'} ) ? " " : " offline" ;
-
-# paul elliotts secret debug var. no one will ever find out about it.
-local($pedebug)=( ($ENV{"PAULELLIOTTDEBUG"}) or ($opts{P}) );
-
-if ($opts{C}) {
-
-  print $copyrighttext;
-  exit 0;
-}
-
-
-print <<"EOF" unless $opts{'S'};
-$0, Copyright (C) 2002 Paul Elliott
-$0 comes with ABSOLUTELY NO WARRANTY; for details
-invoke $0 -C.  This is free software, and you are welcome
-to redistribute it under certain conditions; invoke $0 -C
-for details.
-EOF
-
-
-
-local($passwd);
-
-# password to send to chronyc
-my($pl) = $ENV{"CHRONYPASSWORD"};
-
-#password comand to send to chronyc
-if ( $pl ) {
-  $passwd = "password $pl\n";
-} else {
-  $passwd = "";
-}
-print "passwd=$passwd\n" if ($pedebug);
-
-my(%host2ip);
-
-# hash of arrays. host2ip{$host}[0] is ip address for this host
-# host2ip{$host}[1]   is rest of paramenters for this host exc offline.
-
-#if debuging do chrony.conf in current directory.
-my($listfile) =( ($pedebug) ? "./chrony.conf" : "/etc/chrony.conf") ;
-
-# This section reads in the old data about
-# hostnames IP addresses and server parameters
-# data is stored as it would be in chrony.conf
-# file i.e.:
-#># HOSTNAME
-#>server IPADDR minpoll 5 maxpoll 10 maxdelay 0.4 offline 
-#
-# the parameter offline is omitted if the -n switch is specified.
-# first parameter is the filename of the file usually
-# is /etc/DNSchrony.conf
-# this is where we store the list of DNS hosts.
-# hosts with static IP address shold be kept in chrony.conf
-
-# this is header that marks dnyamic host section
-my($noedithead)=<<'EOF';
-## DNSchrony dynamic dns server section. DO NOT EDIT
-## per entry FORMAT:
-##        |--------------------------------------------|
-##        |#HOSTNAME                                   |
-##        |server IP-ADDRESS extra-params [ offline ]  |
-##        |--------------------------------------------|
-EOF
-#patern that recognizes above.
-my($noeditheadPAT) = 
-qr/\#\#\s+DNSchrony\s+dynamic\s+dns\s+server\s+section\.\s+DO\s+NOT\s+EDIT\s*/;
-
-#end of header marker.
-my($noeditheadend)=<<'EOF';
-## END OF DNSchrony dynamic dns server section.
-EOF
-
-#pattern that matches above.
-my($noeditheadendPAT)=
-qr/\#\#\s+END\s+OF\s+DNSchrony\s+dynamic\s+dns\s+server\s+section.\s*/;
-
-#array to hold non dns portion of chrony.conf
-my(@chronyDconf);
-
-
-my($ip);
-my($rest);
-my($host);
-
-# for each entry in the list of hosts....
-open(READIN, "<$listfile") or  BadDie("Can not open $listfile");
-
-# read till dynamic patern read save in @chronyDconf
-
-while ( <READIN> ) {
-  
-  my($line) = $_;
-
-  last if ( m/\A$noeditheadPAT\Z/ );
-
-  push(@chronyDconf,$line);
-
-}
-
-while ( <READIN> ) {
- 
-   #end loop when end of header encountered
-   last if ( m/\A$noeditheadendPAT/ );
-
-   # parse the line giving ip address, extra pamamters, and host
-   #do host comment line first
-   ($host) = m{
-	       \A\#\s*
-	       ($hostnamePAT)
-               \s*\z
-              }xio;
-
-  #no match skip this line.
-  next unless (  $host );
-
-  # read next line
-  $_ = <READIN>;
-
-  # parse out ip address extra parameters.
-  ($ip,$rest) =
-  m{
-    \A
-    \s*
-    server                                       #server comand
-    \s+
-    ($ipPAT)                                     #ip address
-    (?ixo: \s )
-    \s*
-    (
-    (?(?!
-            (?iox: offline )?                    #skip to offline #
-            \s*                                  #or #
-            \Z
-    ).)*
-    )
-    (?ixo:
-     \s*
-     (?ixo: offline )?                          #consume to #
-     \s*
-     \Z
-    )
-    }xio ;
-
-  #if failure again.
-  next unless (  $ip );
-
-  $rest =~ s/\s*\z//;                          #remove trail blanks
-                                               #from parameters
-  # store the data in the list
-  # key is host name value is
-  # array [0] is ip address
-  #       [1] is other parameters
-  $host2ip{$host} = [$ip,$rest] ;
-  print "ip=$ip rest=$rest host=$host<\n" if $pedebug;
-
-}
-#read trailing line into @chronyDconf
-while ( <READIN> ) {
-
-  push(@chronyDconf,$_);
-
-}
-
-close(READIN) or BadDie("can not close $listfile");
-
-#if the add command:
-# command can be HOST=IPADDRESS OTHER_PARAMETERS
-# means add the server trust the ip address geven with out a dns lookup
-# good for when dns is down but we know the ip addres
-# or
-#    HOST OTHER_PARAMETERS
-#we lookup the ip address with dns.
-
-if ($opts{'a'}) {
-  my($param)= shift;
-
-
-  # parse the param is it hostname
-  if ( ($host,$ip) = $param =~ m/\A($hostnamePAT)=($ipPAT)\Z/ ) {
-    printf "ip=$ip host=$host\n" if ($pedebug);
-  } else {
-
-    $host = $param;
-
-    # get the ip address
-    $ip = gethostaddr($host);
-
-    if ( ! isIpAddr($ip) or ! isHostname($host) ) {
-      print "query failed: ", $ip, "host=$host\n" if $pedebug;
-      exit 1;
-    } 
-  }
-  printf "ip=$ip host=$host\n" if ($pedebug);
-
-  # add the server using chronyc
-  my($status) = chronyc("add server $ip $rest");
-  if ($status) {		#chronyc error
-    print "chronyc failed, status=$status\n";
-    exit 1;
-  }
-
-  # get rest of arguements
-  $rest = join( ' ', @ARGV);
-  print "rest=$rest\n" if ($pedebug);
-
-  #save node in hash
-  $host2ip{$host} = [$ip,$rest] ;
-  print "ip=$ip rest=$rest host=$host<\n" if $pedebug;
-
-}
-
-#delete command if arguement is ip address
-#just delete it
-#if a hostname look it up
-#then delete it.
-
-if ($opts{'d'}) {
-  $host = shift;
-
-  #get host name is it ap address
-  if ( isIpAddr($host) ) {                           # if ip address
-    my($hostIT);
-    my($found) =0;
-    foreach $hostIT (keys(%host2ip) ) {               #search for match
-      if ( $host2ip{$hostIT}[0] eq $host) {
-	$found=1;                                     #record match
-      }
-    }                                                 #end of search
-    if ($found) {                                     #if match found
-      my($status) = chronyc("delete $host");          #chronyc
-      if ($status) {                                  #chronyc error
-	print "chronyc failed, status=$status\n";
-	exit 1;
-      } else {                                        #reiterate
-	foreach $hostIT (keys(%host2ip) ) {
-	  if ( $host2ip{$hostIT}[0] eq $host) {
-	    delete $host2ip{$hostIT};                 #deleting match hosts
-	  }
-	}
-
-      }
-
-    }
-  } else {                                          #else not ip address
-                                                    #must be hostname
-    if ( ! $host2ip{$host} ) {
-      print "No such host as $host listed\n";
-      exit 1;
-    }
-                                                    #get ip address
-    $ip=gethostaddr($host);
-    if ( ! isIpAddr($ip) ) {                        #no ip address
-      print "query failed: ", $ip, "\n" if $pedebug;
-      exit 1;
-    } 
-
-    printf "ip=$ip host=$host\n" if ($pedebug);
-
-    my($listed_host_ip) = $host2ip{$host}[0];       # get the ip address saved
-
-    if ( $ip ne $listed_host_ip) {
-      print 
-	"Info: listed host ip=>$listed_host_ip".
-        "< is different from DNS ip=>$ip<\n";
-      $ip = $listed_host_ip;
-    }
-
-    # delete the server
-    my($status) = chronyc("delete $listed_host_ip\n");
-
-    if ($status) {
-      print "chronyc failed, status=$status\n";
-      exit 1;
-    }
-    #delete table entry
-    delete$host2ip{$host};
-  }
-
-}
-
-#update for each host who's dns ip address has changed
-#delete the old server and add the new. update the record.
-if ($opts{'u'}) {
-  my($command);
-
-  my(%prospective);                        # store new IP address we
-                                           #are thinking of changing.
-
-  Log('local0.info',
-      "Now searching for modified DNS entries.");
-
-  foreach $host (keys(%host2ip)) {         #for each listed host
-    my($old_ip) = $host2ip{$host}[0];      #get old ip
-    $rest       = $host2ip{$host}[1];      #extra params
-
-    $ip         = gethostaddr($host);      #get new ip from dns
-                                           #if error
-    if ( ! isIpAddr($ip) or ! isHostname($host) ) {
-      print "query failed: ", $ip, "host=$host\n";
-
-      Log('local0.err',"query failed: ". $ip . "host=$host");
-      
-      exit 1;
-    } 
-
-    next if($ip eq $old_ip);                #if ip not changed, skip
-
-    Log('local0.info',"Ip address for $host has changed. Old IP address=".
-                      "$old_ip, new IP address=$ip");
-    # add command to delete old host, add the new.
-    $command = $command . "delete $old_ip\n" .
-               "add server $ip $rest\n";
-
-    # we are now thinking about changing this host ip
-    $prospective{$host} = [$ip,$rest];
-  }
-  # submit all the accumulated chronyc commands if any.
-  if ($command) {
-    $status = chronyc($command);
-    if ($status) {
-      print "chronyc failed, status=$status\n";
-      Log('local0.err',"query failed: ". $ip . "host=$host");
-      exit 1;
-    }
-  } else {                                  #if no commands exit
-    exit 0;                                 #because no rewrite of file needed
-  }
-
-  #copy prospective modifications back into main table.
-  #we now know that all these mods were done with chronyc
-  foreach $host (keys(%prospective)) {
-    my($ip) = $prospective{$host}[0];
-    $rest       = $prospective{$host}[1];
-    $host2ip{$host} = [$ip,$rest];
-  }
-}
-
-#starting for each entry we have read in from the old list
-# add the server in chronyc
-# this option is seldom used.
-
-if ($opts{'s'}) {
-  my($command)="";
-
-  foreach $host (keys(%host2ip)) {
-    $command = $command . "add server $host2ip{$host}[0] ".
-                          "$host2ip{$host}[1]\n";
-  }
-  my($status) = chronyc($command);
-  if ($status) {
-    print "chronyc failed, status=$status\n";
-    exit 1;
-  }
-
-}
-# write out the data file in format
-#># HOSTNAME
-#>server IPADDRESS extra parameters [offline] 
-# offline is omitted if -n switch is specified.
-
-my(@value);
-my($such);
-{
-  # to start out we write to temporary file.
-  (my($writeout) , my($outname)) = mkstemp( "${listfile}.outXXXXXXX");
-
-  $outname or BadDie("can not open for $listfile");
-
-
-  # save the chrony.conf part!
-  # and write the DYNAMIC header
-  print $writeout @chronyDconf, $noedithead;
-
-
-  # for each entry
-  foreach $host (keys(%host2ip) ){
-
-    #write the record
-
-    # write the comment that indicates the hostname
-    # and the server command.
-    print $writeout 
-     "\# $host\nserver $host2ip{$host}[0] $host2ip{$host}[1]${offlineS}\n" ;
-
-    print 
-     "server $host2ip{$host}[0] $host2ip{$host}[1]${offlineS}\# $host\n" 
-     if $pedebug;
-
-  }
-
-  #WRITE THE end of dnyamic marker comment
-  print $writeout $noeditheadend;
-
-  # close the output file which was a temporary file.
-  close($writeout) or BadDie("can not close $outname");
-
-  # we now begin a intracate dance to make the the temporary
-  # the main chrony.conf
-  #
-  # if there is a chrony.conf.BAK save it to a temporary.
-  # rename chrony.conf to chrony.conf.BAK
-  # rename the temporary to chrony.conf
-  # if there already was a chrony.conf.BAK, unlink the copy of this.
-
-  my($backname) = "$listfile\.BAK";
-  my($backplain)  = ( -f $backname );
-  my($saveback);
-  #if chrony.conf.BAK exists rename to a temporary.
-  if ($backplain ) {
-
-    $saveback = mktemp("${backname}.bakXXXXXXX");
-    move($backname,$saveback) or 
-         BadDie "unable to move $backname to $savename";
-
-  }
-
-  # rename old chrony.conf to chrony.conf.BAK
-  move($listfile,$backname) or
-       BadDie "unable to move $listfile to $backname";
-
-  # rename our output to chrony.conf
-  move($outname,$listfile) or
-       BadDie "unable to move $outname to $listfile";
-
-  #if there was a temporary chrony.conf.BAK that we saved to temp
-  #unlink it
-  unlink($saveback) or BadDie "unable to unlink $saveback" if($backplain);
-  
-}

contrib/DNSchrony/DNSchronyADD

@@ -1,21 +0,0 @@
-#!/usr/bin/bash
-
-# $1 is chrony password.
-# $2 is hostname to add or hostname=ipaddres
-# $3-$9 is rest of extra server parameters
-
-FIRST="$1"
-HOST="$2"
-shift 2
-
-#remaining parameters a the other paramaters to server command
-#excluding "offline"
-ARGS="$*"
-
-#if none use default taken from chrony documentation.
-DEF="minpoll 5 maxpoll 10 maxdelay 0.4"
-
-DARGS=${ARGS:-$DEF}
-
-CHRONYPASSWORD=$FIRST \
-/usr/local/bin/DNSchrony.pl -a  "$HOST" "$DARGS"

contrib/DNSchrony/DNSchronyDELETE

@@ -1,7 +0,0 @@
-#!/usr/bin/bash
-
-# $1 is chrony password.
-# $2 host to be deleted if ip nn.n.n.n then no DNS used
-
-CHRONYPASSWORD=$1 \
-/usr/local/bin/DNSchrony.pl -d  $2

contrib/DNSchrony/DNSchronyUPDATE

@@ -1,7 +0,0 @@
-#!/usr/bin/bash
-
-# $1 is chrony password.
-
-
-CHRONYPASSWORD=$1 \
-/usr/local/bin/DNSchrony.pl -ulS

contrib/DNSchrony/README

@@ -1,166 +0,0 @@
-                Copyright (C) Paul Elliott 2002
-
-
-DNSchrony.pl version -2.0
-
-Problem: If you look at the list of secondary NTP servers:
-http://www.eecis.udel.edu/~mills/ntp/clock2.htm
-
-you will find statements like this:
-
-"Note: IP addresses are subject to change; please use DNS"
-
-These servers represent a problem for chrony. Chrony is a program
-designed to work on hosts with an intermittent connection to the
-internet. Often no DNS is available when chrony starts. As chrony
-is currently designed, chronyd never sees a DNS host name. If a
-user specifies one when using chronyc's "add server" command, the
-DNS lookup is done by chronyc and an IP address is passed to chronyd.
-
-One can imagine I suppose, a redesign to chrony in which chronyd
-keeps track of DNS changes. But this has problems, all the time
-chronyd is fooling around with DNS, it would not be keeping track
-of its prime function, what the clocks and NTP servers are saying.
-This could result in poorer performance. Or perhaps you say that
-chronyd should be multi threaded. One thread to fool with DNS
-and another to keep track of time. But this introduces a great
-deal of complexity, and complexity is the enemy of elegant robust
-code. Besides, Richard probably has better things to do.
-
-I have attempted to address this problem with a humble perl script,
-which I now release under the GPL: DNSchrony.pl
-
-PLEA FOR HELP FROM EXPERIENCED PERL HACKERS.
-
-Please go thru the code and find errors and improvements.
-I am not quite an polished perl hacker. Please fix bugs and
-make improvements. It needs better documentation. Someone
-who knows how, put in some POD.
-
-END OF PLEA
-
-Philosophy of DNSchrony.pl: keep a list of servers that use
-DNS. From time to time, hopefully when DNS is up, go thru
-the list lookup all the hostnames and see if any ip addresses have
-changed. If any have changed, update our list and do chronyc
-"delete" and "add server" commands so that chronyd now talks to
-the right NTP server.
-
-Additional nuance: keep the list in /etc/chrony.conf in the
-form of comments starting with "#" and "server" commands
-legal in a chrony.conf file. Format of a list entry:
-
-# hostname
-server IP-ADDRESS extra server parameters
-
-These entries are delimited by special comments that allow
-DNSchrony.pl to find them and also tell humans not to mess with them.
-
-Example of such a section of a chrony.conf file:
-
-dumpdir /var/log/chrony
-rtcfile /etc/chrony.rtc
-
-## DNSchrony dynamic dns server section. DO NOT EDIT
-## per entry FORMAT:
-##        |--------------------------------------------|
-##        |#HOSTNAME                                   |
-##        |server IP-ADDRESS extra-params [ offline ]  |
-##        |--------------------------------------------|
-# tock.greyware.com
-server 208.14.208.44 minpoll 5 maxpoll 10 maxdelay 0.4 offline
-# tick.greyware.com
-server 208.14.208.19 minpoll 5 maxpoll 10 maxdelay 0.4 offline
-# ntppub.tamu.edu
-server 128.194.254.9 minpoll 5 maxpoll 10 maxdelay 0.4 offline
-## END OF DNSchrony dynamic dns server section.
-
-This allows the list of dynamic DNS servers to be preserved
-when chronyd is stoped/started.
-
-All servers that do not have ip addresses subject to change
-should be put in the regular part of chrony.conf as described
-in the chrony documentation.
-
-Security philosophy: DNSchrony does no security checking but
-relies on other security factors.
-
-Users without the privilege to modify /etc/chrony.conf and the
-directory /etc will be unable to use DNSchrony to do so, because
-of file protections. DNSchrony passes thru passwords to chronyc.
-Users that do not know the correct chronyc  password will be
-unable to get chronyd do do anything. Thus, DNSchrony passes
-the buck to these other security features.
-
-INSTALLATION:
-
-copy the files:  DNSchronyADD DNSchronyUPDATE DNSchronyDELETE DNSchrony.pl
-to /usr/local/bin. Backup the file /etc/chrony.conf leave hosts
-with static ip addresses in this file.
-
-DNSchrony uses the following perl modules. See that they are installed.
-Get them from CPAN if needed.
-
-Net::DNS, Tie::Syslog, Getopt::Std, Socket, File.
-
-Cause DNSchronyUPDATE bash script to run from time to time when DNS
-is working. If you have a dialup, one way to do this would be to
-modify your /etc/ppp/ip-up.local file as follows:
-
-cat <<EOF | /usr/local/bin/chronyc
-password mysecret
-online
-EOF
-# update all of the dynamic servers and save the result.
-# do not wait for response
-
-nohup /usr/local/bin/DNSchronyUPDATE mysecret >/dev/null 2>&1 &
-
-Since this file contains the chronyc password you will want to set the
-file permissions so that just everybody will not be able to read
-it. But you already did that when you put in the chronyc command.  Any
-other way to make DNSchronyUPDATE run perodicly when DNS is up will
-also work.
-
-To add a server with a varying IP address one could run:
-/usr/local/bin/DNSchronyADD mysecret tock.greyware.com
-
-or if you want to specify different server parameters you
-could say:
-
-/usr/local/bin/DNSchronyADD mysecret tock.greyware.com "minpoll 10 maxpoll 20 maxdelay 0.8"
-
-The DNSchronyADD's default for these parameters is:
-"minpoll 5 maxpoll 10 maxdelay 0.4" values that are often shown
-as examples in the chrony documentation.
-
-If DNS is not running now but you know the IP address, you can say:
-/usr/local/bin/DNSchronyADD mysecret tock.greyware.com=208.14.208.44
-
-Of course, the IP address will be checked next time DNSchronyUPDATE
-runs.
-
-To delete dynamic DNS a server:
-/usr/local/bin/DNSchronyDELETE mysecret tock.greyware.com
-
-To change parameters delete and re-add.
-
-Of course, in all of the above "mysecret" is your chronyc password
-which SHOULD NOT BE "mysecret".
-----------------------------------------------
-DNSchrony.pl is covered by the GPL
-#                Copyright (C) Paul Elliott 2002
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program; if not, write to the Free Software
-#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#   SEE COPYING FOR DETAILS

contrib/DNSchrony/ip-up.local

@@ -1,22 +0,0 @@
-#example file /etc/ppp/ip-up.local
-#originally from SuSE distribution
-#modified for chrony
-cat <<EOF | /usr/local/bin/chronyc
-password mysecret
-online
-EOF
-# update all of the dynamic servers and save the result.
-# do not wait for response
-
-nohup /usr/local/bin/DNSchronyUPDATE mysecret >/dev/null 2>&1 &
-#other stuff who knows?
-
-# The following lines added for Linux-HA support             # Heartbeat
-DEVFILE=`echo $DEVICE | sed -e 's!^/dev/!!' -e 's!/!.!g'` # Heartbeat
-OUTFILE=/var/run/ppp.d/$DEVFILE                             # Heartbeat
-(                    # Heartbeat
-echo "$IPREMOTE"    # Heartbeat
-echo "$IFNAME"      # Heartbeat
-echo "$PPPD_PID"    # Heartbeat
-echo "$IPLOCAL"     # Heartbeat
-) > $OUTFILE        # Heartbeat

contrib/bryan_christianson_1/README.txt

@@ -0,0 +1,103 @@
+Notes for installing chrony on macOS
+Author: Bryan Christianson (bryan@whatroute.net)
+------------------------------------------------
+
+These files are for those admins/users who would prefer to install chrony
+from the source distribution and are intended as guidelines rather than
+being definitive. They can be edited with a plain text editor, such as
+vi, emacs or your favourite IDE (Xcode)
+
+It is assumed you are comfortable with installing software from the
+terminal command line and know how to use sudo to acquire root access.
+
+If you are not familiar with the macOS command line then
+please consider using ChronyControl from http://whatroute.net/chronycontrol.html
+
+ChronyControl provides a gui wrapper for installing these files and sets the
+necessary permissions on each file.
+
+
+Install the chrony software
+---------------------------
+
+You will need xcode and the commandline additions to build and install chrony.
+These can be obtained from Apple's website via the App Store.
+
+cd to the chrony directory
+./configure
+make
+sudo make install
+
+chrony is now installed in default locations (/usr/local/sbin/chronyd,
+/usr/local/bin/chronyc)
+
+Create a chrony.conf file - see the chrony website for details
+
+The support files here assume the following directives are specified in the
+chrony.conf file
+
+keyfile /etc/chrony.d/chrony.keys
+driftfile /var/db/chrony/chrony.drift
+bindcmdaddress /var/db/chrony/chronyd.sock
+logdir /var/log/chrony
+dumpdir /var/db/chrony
+
+Install this file as /etc/chrony.d/chrony.conf and create
+the directories specified in the above directives if they don't exist.
+You will need root permissions to create the directories.
+
+
+Running chronyd
+---------------
+At this point chronyd *could* be run as a daemon. Apple discourage running
+daemons and their preferred method uses the launchd facility. The
+support files here provide a launchd configuration file for chronyd and also
+a shell script and launchd configuration file to rotate the chronyd logs on a daily basis.
+
+
+Support files
+-------------
+Dates and sizes may differ
+-rw-r--r--  1 yourname  staff  2084  4 Aug 22:54 README.txt
+-rwxr-xr-x  1 yourname  staff   676  4 Aug 21:18 chronylogrotate.sh
+-rw-r--r--  1 yourname  staff   543 18 Jul 20:10 org.tuxfamily.chronyc.plist
+-rw-r--r--  1 yourname  staff   511 19 Jun 18:30 org.tuxfamily.chronyd.plist
+
+If you have used chrony support directories other than those suggested, you
+will need to edit each file and make the appropriate changes.
+
+
+Installing the support files
+----------------------------
+
+1. chronylogrotate.sh
+This is a simple shell script that deletes old log files. Unfortunately because
+of the need to run chronyc, the standard macOS logrotation does not work with
+chrony logs.
+
+This script runs on a daily basis under control of launchd and should be
+installed in the /usr/local/bin directory
+
+sudo cp chronylogrotate.sh /usr/local/bin
+sudo chmod +x /usr/local/bin/chronylogrotate.sh
+sudo chown root:wheel /usr/local/bin/chronylogrotate.sh
+
+
+2. org.tuxfamily.chronyc.plist
+This file is the launchd plist that runs logrotation each day. You may
+wish to edit this file to change the time of day at which the rotation
+will run, currently 04:05 am
+
+sudo cp org.tuxfamily.chronyc.plist /Library/LaunchDaemons
+sudo chown root:wheel /Library/LaunchDaemons/org.tuxfamily.chronyc.plist
+sudo chmod 0644 /Library/LaunchDaemons/org.tuxfamily.chronyc.plist
+sudo launchctl load -w /Library/LaunchDaemons/org.tuxfamily.chronyc.plist
+
+
+3. org.tuxfamily.chronyd.plist
+This file is the launchd plist that runs chronyd when the Macintosh starts.
+
+sudo cp org.tuxfamily.chronyd.plist /Library/LaunchDaemons
+sudo chown root:wheel /Library/LaunchDaemons/org.tuxfamily.chronyd.plist
+sudo chmod 0644 /Library/LaunchDaemons/org.tuxfamily.chronyd.plist
+sudo launchctl load -w /Library/LaunchDaemons/org.tuxfamily.chronyd.plist

contrib/bryan_christianson_1/chronylogrotate.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+#  chronyd/chronyc - Programs for keeping computer clocks accurate.
+#
+#  **********************************************************************
+#  * Copyright (C) Bryan Christianson  2015
+#  *
+#  * This program is free software; you can redistribute it and/or modify
+#  * it under the terms of version 2 of the GNU General Public License as
+#  * published by the Free Software Foundation.
+#  *
+#  * This program is distributed in the hope that it will be useful, but
+#  * WITHOUT ANY WARRANTY; without even the implied warranty of
+#  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  * General Public License for more details.
+#  *
+#  * You should have received a copy of the GNU General Public License along
+#  * with this program; if not, write to the Free Software Foundation, Inc.,
+#  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#  *
+#  **********************************************************************
+
+LOGDIR=/var/log/chrony
+
+rotate () {
+  prefix=$1
+
+  rm -f $prefix.log.10
+
+  for (( count=9; count>= 0; count-- ))
+  do
+    next=$(( $count+1 ))
+    if [ -f $prefix.log.$count ]; then
+      mv $prefix.log.$count $prefix.log.$next
+    fi
+  done
+
+  if [ -f $prefix.log ]; then
+    mv $prefix.log $prefix.log.0
+  fi
+}
+
+if [ ! -e "$LOGDIR" ]; then
+  logger -s "missing directory: $LOGDIR"
+  exit 1
+fi
+
+cd $LOGDIR
+
+rotate measurements
+rotate statistics
+rotate tracking
+
+#
+# signal chronyd via chronyc
+/usr/local/bin/chronyc cyclelogs > /dev/null
+
+exit $?

contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.tuxfamily.logrotate</string>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/bin/sh</string>
+		<string>/usr/local/bin/chronylogrotate.sh</string>
+	</array>
+	<key>StartCalendarInterval</key>
+	<dict>
+		<key>Minute</key>
+		<integer>5</integer>
+		<key>Hour</key>
+		<integer>4</integer>
+	</dict>
+</dict>
+</plist>

contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.tuxfamily.chronyd</string>
+	<key>Program</key>
+	<string>/usr/local/sbin/chronyd</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>chronyd</string>
+		<string>-n</string>
+		<string>-f</string>
+		<string>/private/etc/chrony.d/chrony.conf</string>
+	</array>
+	<key>KeepAlive</key>
+	<true/>
+</dict>
+</plist>

doc/Makefile.in

@@ -0,0 +1,76 @@
+ADOC = asciidoctor
+ADOC_FLAGS =
+SED = sed
+HTML_TO_TXT = w3m -dump -T text/html
+
+MAN_FILES = chrony.conf.man chronyc.man chronyd.man
+TXT_FILES = faq.txt installation.txt
+HTML_FILES = $(MAN_FILES:%.man=%.html) $(TXT_FILES:%.txt=%.html)
+MAN_IN_FILES = $(MAN_FILES:%.man=%.man.in)
+
+SYSCONFDIR = @SYSCONFDIR@
+BINDIR = @BINDIR@
+SBINDIR = @SBINDIR@
+MANDIR = @MANDIR@
+DOCDIR = @DOCDIR@
+CHRONYRUNDIR = @CHRONYRUNDIR@
+CHRONYVARDIR = @CHRONYVARDIR@
+CHRONY_VERSION = @CHRONY_VERSION@
+DEFAULT_USER = @DEFAULT_USER@
+DEFAULT_HWCLOCK_FILE = @DEFAULT_HWCLOCK_FILE@
+DEFAULT_PID_FILE = @DEFAULT_PID_FILE@
+DEFAULT_RTC_DEVICE = @DEFAULT_RTC_DEVICE@
+
+SED_COMMANDS = "s%\@SYSCONFDIR\@%$(SYSCONFDIR)%g;\
+	       s%\@BINDIR\@%$(BINDIR)%g;\
+	       s%\@SBINDIR\@%$(SBINDIR)%g;\
+	       s%\@CHRONY_VERSION\@%$(CHRONY_VERSION)%g;\
+	       s%\@DEFAULT_HWCLOCK_FILE\@%$(DEFAULT_HWCLOCK_FILE)%g;\
+	       s%\@DEFAULT_PID_FILE\@%$(DEFAULT_PID_FILE)%g;\
+	       s%\@DEFAULT_RTC_DEVICE\@%$(DEFAULT_RTC_DEVICE)%g;\
+	       s%\@DEFAULT_USER\@%$(DEFAULT_USER)%g;\
+	       s%\@CHRONYRUNDIR\@%$(CHRONYRUNDIR)%g;\
+	       s%\@CHRONYVARDIR\@%$(CHRONYVARDIR)%g;"
+
+man: $(MAN_FILES) $(MAN_IN_FILES)
+html: $(HTML_FILES)
+txt: $(TXT_FILES)
+docs: man html
+
+%.html: %.adoc
+	$(ADOC) $(ADOC_FLAGS) -b html -o - $< | $(SED) -e $(SED_COMMANDS) > $@
+
+%.man.in: %.adoc
+	$(ADOC) $(ADOC_FLAGS) -b manpage -o $@ $<
+
+%.man: %.man.in
+	$(SED) -e $(SED_COMMANDS) < $< > $@
+
+%.txt: %.html
+	$(HTML_TO_TXT) < $< > $@
+
+install: $(MAN_FILES)
+	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
+	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+	cp chronyc.man $(DESTDIR)$(MANDIR)/man1/chronyc.1
+	chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1
+	cp chronyd.man $(DESTDIR)$(MANDIR)/man8/chronyd.8
+	chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8
+	cp chrony.conf.man $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+	chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+
+install-docs: $(HTML_FILES)
+	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
+	for f in $(HTML_FILES); do \
+	  cp $$f $(DESTDIR)$(DOCDIR); \
+	  chmod 644 $(DESTDIR)$(DOCDIR)/$$f; \
+	done
+
+clean:
+	rm -f $(MAN_FILES) $(TXT_FILES) $(HTML_FILES)
+	rm -f $(MAN_IN_FILES)
+
+distclean:
+	rm -f $(MAN_FILES) $(TXT_FILES) $(HTML_FILES)
+	rm -f Makefile

doc/chronyd.adoc

@@ -0,0 +1,186 @@
+// This file is part of chrony
+//
+// Copyright (C) Richard P. Curnow  1997-2003
+// Copyright (C) Miroslav Lichvar  2009-2017
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of version 2 of the GNU General Public License as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+= chronyd(8)
+:doctype: manpage
+:man manual: System Administration
+:man source: chrony @CHRONY_VERSION@
+
+== NAME
+
+chronyd - chrony daemon
+
+== SYNOPSIS
+
+*chronyd* [_OPTION_]... [_DIRECTIVE_]...
+
+== DESCRIPTION
+
+*chronyd* is a daemon for synchronisation of the system clock. It can
+synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver),
+and manual input using wristwatch and keyboard via *chronyc*. It can also
+operate as an NTPv4 (RFC 5905) server and peer to provide a time service to
+other computers in the network.
+
+If no configuration directives are specified on the command line, *chronyd*
+will read them from a configuration file. The compiled-in default location of
+the file is _@SYSCONFDIR@/chrony.conf_.
+
+Information messages and warnings will be logged to syslog.
+
+== OPTIONS
+
+*-4*::
+With this option hostnames will be resolved only to IPv4 addresses and only
+IPv4 sockets will be created.
+
+*-6*::
+With this option hostnames will be resolved only to IPv6 addresses and only
+IPv6 sockets will be created.
+
+*-f* _file_::
+This option can be used to specify an alternate location for the configuration
+file (default _@SYSCONFDIR@/chrony.conf_).
+
+*-n*::
+When run in this mode, the program will not detach itself from the terminal.
+
+*-d*::
+When run in this mode, the program will not detach itself from the terminal,
+and all messages will be written to the terminal instead of syslog. When
+*chronyd* was compiled with debugging support, this option can be used twice to
+print also debugging messages.
+
+*-l* _file_::
+This option specifies a file which should be used for logging instead of syslog
+or terminal.
+
+*-q*::
+When run in this mode, *chronyd* will set the system clock once and exit. It
+will not detach from the terminal.
+
+*-Q*::
+This option is similar to the *-q* option, except it only prints the offset
+without making any corrections of the clock and it allows *chronyd* to be
+started without root privileges.
+
+*-r*::
+This option will try to reload and then delete files containing sample
+histories for each of the servers and reference clocks being used. The
+files are expected to be in the directory specified by the
+<<chrony.conf.adoc#dumpdir,*dumpdir*>>
+directive in the configuration file. This option is useful if you want to stop
+and restart *chronyd* briefly for any reason, e.g. to install a new version.
+However, it should be used only on systems where the kernel can maintain clock
+compensation whilst not under *chronyd*'s control (i.e. Linux, FreeBSD, NetBSD,
+Solaris, and macOS 10.13 or later).
+
+*-R*::
+When this option is used, the <<chrony.conf.adoc#initstepslew,*initstepslew*>>
+directive and the <<chrony.conf.adoc#makestep,*makestep*>> directive used with
+a positive limit will be ignored. This option is useful when restarting
+*chronyd* and can be used in conjunction with the *-r* option.
+
+*-s*::
+This option will set the system clock from the computer's real-time clock (RTC)
+or to the last modification time of the file specified by the
+<<chrony.conf.adoc#driftfile,*driftfile*>> directive. Real-time clocks are
+supported only on Linux.
++
+If used in conjunction with the *-r* flag, *chronyd* will attempt to preserve
+the old samples after setting the system clock from the RTC. This can be used
+to allow *chronyd* to perform long term averaging of the gain or loss rate
+across system reboots, and is useful for systems with intermittent access to
+network that are shut down when not in use. For this to work well, it relies
+on *chronyd* having been able to determine accurate statistics for the
+difference between the RTC and system clock last time the computer was on.
++
+If the last modification time of the drift file is later than both the current
+time and the RTC time, the system time will be set to it to restore the time
+when *chronyd* was previously stopped. This is useful on computers that have no
+RTC or the RTC is broken (e.g. it has no battery).
+
+*-t* _timeout_::
+This option sets a timeout (in seconds) after which *chronyd* will exit. If the
+clock is not synchronised, it will exit with a non-zero status. This is useful
+with the *-q* or *-Q* option to shorten the maximum time waiting for
+measurements, or with the *-r* option to limit the time when *chronyd* is
+running, but still allow it to adjust the frequency of the system clock.
+
+*-u* _user_::
+This option sets the name of the system user to which *chronyd* will switch
+after start in order to drop root privileges. It overrides the
+<<chrony.conf.adoc#user,*user*>> directive (default _@DEFAULT_USER@_).
++
+On Linux, *chronyd* needs to be compiled with support for the *libcap* library.
+On macOS, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
+The child process retains root privileges, but can only perform a very limited
+range of privileged system calls on behalf of the parent.
+
+*-F* _level_::
+This option configures a system call filter when *chronyd* is compiled with
+support for the Linux secure computing (seccomp) facility. In level 1 the
+process is killed when a forbidden system call is made, in level -1 the SIGSYS
+signal is thrown instead and in level 0 the filter is disabled (default 0).
++
+It's recommended to enable the filter only when it's known to work on the
+version of the system where *chrony* is installed as the filter needs to allow
+also system calls made from libraries that *chronyd* is using (e.g. libc) and
+different versions or implementations of the libraries may make different
+system calls. If the filter is missing some system call, *chronyd* could be
+killed even in normal operation.
+
+*-P* _priority_::
+On Linux, this option will select the SCHED_FIFO real-time scheduler at the
+specified priority (which must be between 0 and 100). On macOS, this option
+must have either a value of 0 (the default) to disable the thread time
+constraint policy or 1 for the policy to be enabled. Other systems do not
+support this option.
+
+*-m*::
+This option will lock *chronyd* into RAM so that it will never be paged out.
+This mode is only supported on Linux.
+
+*-x*::
+This option disables the control of the system clock. *chronyd* will not try to
+make any adjustments of the clock. It will assume the clock is free running and
+still track its offset and frequency relative to the estimated true time. This
+option allows *chronyd* to run without the capability to adjust or set the
+system clock (e.g. in some containers) in order to operate as an NTP server. It
+is not recommended to run *chronyd* (with or without *-x*) when another process
+is controlling the system clock.
+
+*-v*::
+With this option *chronyd* will print version number to the terminal and exit.
+
+== FILES
+
+_@SYSCONFDIR@/chrony.conf_
+
+== SEE ALSO
+
+<<chronyc.adoc#,*chronyc(1)*>>, <<chrony.conf.adoc#,*chrony.conf(5)*>>
+
+== BUGS
+
+For instructions on how to report bugs, please visit
+https://chrony.tuxfamily.org/.
+
+== AUTHORS
+
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.

doc/faq.adoc

@@ -0,0 +1,553 @@
+// This file is part of chrony
+//
+// Copyright (C) Richard P. Curnow  1997-2003
+// Copyright (C) Miroslav Lichvar  2014-2016
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of version 2 of the GNU General Public License as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+= Frequently Asked Questions
+:toc:
+:numbered:
+
+== `chrony` compared to other programs
+
+=== How does `chrony` compare to `ntpd`?
+
+`chronyd` was designed to work well in a wide range of conditions and it can
+usually synchronise the system clock faster and with better time accuracy. It
+doesn't implement some of the less useful NTP modes like broadcast client or
+multicast server/client.
+
+If your computer is connected to the Internet only for few minutes at a time,
+the network connection is often congested, you turn your computer off or
+suspend it frequently, the clock is not very stable (e.g. there are rapid
+changes in the temperature or it's a virtual machine), or you want to use NTP
+on an isolated network with no hardware reference clocks in sight, `chrony`
+will probably work much better for you.
+
+For a more detailed comparison of features and performance, see the
+https://chrony.tuxfamily.org/comparison.html[comparison page] on the `chrony`
+website.
+
+== Configuration issues
+
+=== What is the minimum recommended configuration for an NTP client?
+
+First, the client needs to know which NTP servers it should ask for the current
+time. They are specified by the `server` or `pool` directive. The `pool`
+directive can be used for names that resolve to multiple addresses. For good
+reliability the client should have at least three servers. The `iburst` option
+speeds up the initial synchronisation.
+
+To stabilise the initial synchronisation on the next start, the estimated drift
+of the system clock is saved to a file specified by the `driftfile` directive.
+
+If the system clock can be far from the true time after boot for any reason,
+`chronyd` should be allowed to correct it quickly by stepping instead of
+slewing, which would take a very long time. The `makestep` directive does
+that.
+
+In order to keep the real-time clock (RTC) close to the true time, so the
+system time is reasonably close to the true time when it's initialised on the
+next boot from the RTC, the `rtcsync` directive enables a mode in which the
+system time is periodically copied to the RTC. It is supported on Linux and
+macOS.
+
+If you want to use public NTP servers from the
+http://www.pool.ntp.org/[pool.ntp.org] project, the minimal _chrony.conf_ file
+could be:
+
+----
+pool pool.ntp.org iburst
+driftfile /var/lib/chrony/drift
+makestep 1 3
+rtcsync
+----
+
+=== How do I make an NTP server from an NTP client?
+
+You need to add an `allow` directive to the _chrony.conf_ file in order to open
+the NTP port and allow `chronyd` to reply to client requests. `allow` with no
+specified subnet allows access from all IPv4 and IPv6 addresses.
+
+=== I have several computers on a LAN. Should be all clients of an external server?
+
+The best configuration is usually to make one computer the server, with
+the others as clients of it. Add a `local` directive to the server's
+_chrony.conf_ file. This configuration will be better because
+
+* the load on the external connection is less
+* the load on the external NTP server(s) is less
+* if your external connection goes down, the computers on the LAN
+  will maintain a common time with each other.
+
+=== Must I specify servers by IP address if DNS is not available on chronyd start?
+
+No. Starting from version 1.25, `chronyd` will keep trying to resolve
+the names specified by the `server`, `pool`, and `peer` directives in an
+increasing interval until it succeeds. The `online` command can be issued from
+`chronyc` to force `chronyd` to try to resolve the names immediately.
+
+=== How can I make `chronyd` more secure?
+
+If you don't need to serve time to NTP clients or peers, you can add `port 0`
+to the _chrony.conf_ file to completely disable the NTP server functionality
+and prevent NTP requests from reaching `chronyd`. Starting from version 2.0,
+the NTP server port is open only when client access is allowed by the `allow`
+directive or command, an NTP peer is configured, or the `broadcast` directive
+is used.
+
+If you don't need to use `chronyc` remotely, you can add the following
+directives to the configuration file to bind the command sockets to the
+loopback interface. This is done by default since version 2.0.
+
+----
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+----
+
+If you don't need to use `chronyc` at all or you need to run `chronyc` only
+under the root or _chrony_ user (which can access `chronyd` through a Unix
+domain socket since version 2.2), you can disable the internet command sockets
+completely by adding `cmdport 0` to the configuration file.
+
+You can specify an unprivileged user with the `-u` option, or the `user`
+directive in the _chrony.conf_ file, to which `chronyd` will switch after start
+in order to drop root privileges. The configure script has a `--with-user`
+option, which sets the default user. On Linux, `chronyd` needs to be compiled
+with support for the `libcap` library. On other systems, `chronyd` forks into
+two processes. The child process retains root privileges, but can only perform
+a very limited range of privileged system calls on behalf of the parent.
+
+Also, if `chronyd` is compiled with support for the Linux secure computing
+(seccomp) facility, you can enable a system call filter with the `-F` option.
+It will significantly reduce the kernel attack surface and possibly prevent
+kernel exploits from the `chronyd` process if it's compromised. It's
+recommended to enable the filter only when it's known to work on the version of
+the system where `chrony` is installed as the filter needs to allow also system
+calls made from libraries that `chronyd` is using (e.g. libc) and different
+versions or implementations of the libraries may make different system calls.
+If the filter is missing some system call, `chronyd` could be killed even in
+normal operation.
+
+=== How can I improve the accuracy of the system clock with NTP sources?
+
+Select NTP servers that are well synchronised, stable and close to your
+network. It's better to use more than one server, three or four is usually
+recommended as the minimum, so `chronyd` can detect servers that serve false
+time and combine measurements from multiple sources.
+
+If you have a network card with hardware timestamping supported on Linux, it
+can be enabled by the *hwtimestamp* directive in the _chrony.conf_ file. It
+should make local receive and transmit timestamps of NTP packets much more
+accurate.
+
+There are also useful options which can be set in the `server` directive, they
+are `minpoll`, `maxpoll`, `polltarget`, `maxdelay`, `maxdelayratio`,
+`maxdelaydevratio`, and `xleave`.
+
+The first three options set the minimum and maximum allowed polling interval,
+and how should be the actual interval adjusted in the specified range. Their
+default values are 6 (64 seconds) for `minpoll`, 10 (1024 seconds) for
+`maxpoll` and 8 (samples) for `polltarget`. The default values should be used
+for general servers on the Internet. With your own NTP servers, or if you have
+permission to poll some servers more frequently, setting these options for
+shorter polling intervals may significantly improve the accuracy of the system
+clock.
+
+The optimal polling interval depends mainly on two factors, stability of the
+network latency and stability of the system clock (which mainly depends on the
+temperature sensitivity of the crystal oscillator and the maximum rate of the
+temperature change).
+
+Generally, if the `sourcestats` command usually reports a small number of
+samples retained for a source (e.g. fewer than 16), a shorter polling interval
+should be considered. If the number of samples is usually at the maximum of 64,
+a longer polling interval may work better.
+
+An example of the directive for an NTP server on the Internet that you are
+allowed to poll frequently could be
+
+----
+server foo.example.net minpoll 4 maxpoll 6 polltarget 16
+----
+
+An example using shorter polling intervals with a server located in the same
+LAN could be
+
+----
+server ntp.local minpoll 2 maxpoll 4 polltarget 30
+----
+
+The maxdelay options are useful to ignore measurements with an unusally large
+delay (e.g. due to congestion in the network) and improve the stability of the
+synchronisation. The `maxdelaydevratio` option could be added to the example
+with local NTP server
+
+----
+server ntp.local minpoll 2 maxpoll 4 polltarget 30 maxdelaydevratio 2
+----
+
+If your server supports the interleaved mode (e.g. it is running `chronyd`),
+the `xleave` option should be added to the `server` directive in order to allow
+the server to send the client more accurate transmit timestamps (kernel or
+preferably hardware). For example:
+
+----
+server ntp.local minpoll 2 maxpoll 4 xleave
+----
+
+When combined with local hardware timestamping, good network switches, and even
+shorter polling intervals, a sub-microsecond accuracy and stability of a few
+tens of nanoseconds may be possible. For example:
+
+----
+server ntp.local minpoll 0 maxpoll 0 xleave
+hwtimestamp eth0
+----
+
+For best stability, the CPU should be running at a constant frequency (i.e.
+disabled power saving and performance boosting). Energy-Efficient Ethernet
+(EEE) should be disabled in the network. The switches should be configured to
+prioritize NTP packets, especially if the network is expected to be heavily
+loaded.
+
+If it is acceptable for NTP clients in the network to send requests at an
+excessive rate, a sub-second polling interval may be specified. A median filter
+can be enabled in order to update the clock at a reduced rate with more stable
+measurements. For example:
+
+----
+server ntp.local minpoll -6 maxpoll -6 filter 15 xleave
+hwtimestamp eth0 minpoll -6
+----
+
+=== Does `chronyd` have an ntpdate mode?
+
+Yes. With the `-q` option `chronyd` will set the system clock once and exit.
+With the `-Q` option it will print the measured offset without setting the
+clock. If you don't want to use a configuration file, NTP servers can be
+specified on the command line. For example:
+
+----
+# chronyd -q 'pool pool.ntp.org iburst'
+----
+
+=== Can `chronyd` be configured to control the clock like `ntpd`?
+
+It is not possible to perfectly emulate `ntpd`, but there are some options that
+can configure `chronyd` to behave more like `ntpd`.
+
+In the following example the `minsamples` directive slows down the response to
+changes in the frequency and offset of the clock. The `maxslewrate` and
+`corrtimeratio` directives reduce the maximum frequency error due to an offset
+correction and the `maxdrift` directive reduces the maximum assumed frequency
+error of the clock. The `makestep` directive enables a step threshold and the
+`maxchange` directive enables a panic threshold. The `maxclockerror` directive
+increases the minimum dispersion rate.
+
+----
+minsamples 32
+maxslewrate 500
+corrtimeratio 100
+maxdrift 500
+makestep 0.128 -1
+maxchange 1000 1 1
+maxclockerror 15
+----
+
+=== What happened to the `commandkey` and `generatecommandkey` directives?
+
+They were removed in version 2.2. Authentication is no longer supported in the
+command protocol. Commands that required authentication are now allowed only
+through a Unix domain socket, which is accessible only by the root and _chrony_
+users. If you need to configure `chronyd` remotely or locally without the root
+password, please consider using ssh and/or sudo to run `chronyc` under the root
+or _chrony_ user on the host where `chronyd` is running.
+
+== Computer is not synchronising
+
+This is the most common problem. There are a number of reasons, see the
+following questions.
+
+=== Behind a firewall?
+
+Check the `Reach` value printed by the ``chronyc``'s `sources` command. If it's
+zero, it means `chronyd` did not get any valid responses from the NTP server
+you are trying to use. If there is a firewall between you and the server, the
+packets may be blocked. Try using a tool like `wireshark` or `tcpdump` to see
+if you're getting any responses from the server.
+
+When `chronyd` is receiving responses from the servers, the output of the
+`sources` command issued few minutes after `chronyd` start might look like
+this:
+
+----
+210 Number of sources = 3
+MS Name/IP address         Stratum Poll Reach LastRx Last sample
+===============================================================================
+^* foo.example.net               2   6   377    34   +484us[ -157us] +/-   30ms
+^- bar.example.net               2   6   377    34    +33ms[  +32ms] +/-   47ms
+^+ baz.example.net               3   6   377    35  -1397us[-2033us] +/-   60ms
+----
+
+=== Are NTP servers specified with the `offline` option?
+
+Check that you're using ``chronyc``'s `online` and `offline` commands
+appropriately. The `activity` command prints the number of sources that are
+currently online and offline. For example:
+
+----
+200 OK
+3 sources online
+0 sources offline
+0 sources doing burst (return to online)
+0 sources doing burst (return to offline)
+0 sources with unknown address
+----
+
+=== Is `chronyd` allowed to step the system clock?
+
+By default, `chronyd` adjusts the clock gradually by slowing it down or
+speeding it up. If the clock is too far from the true time, it will take
+a long time to correct the error. The `System time` value printed by the
+``chronyc``'s `tracking` command is the remaining correction that needs to be
+applied to the system clock.
+
+The `makestep` directive can be used to allow `chronyd` to step the clock. For
+example, if _chrony.conf_ had
+
+----
+makestep 1 3
+----
+
+the clock would be stepped in the first three updates if its offset was larger
+than one second. Normally, it's recommended to allow the step only in the first
+few updates, but in some cases (e.g. a computer without an RTC or virtual
+machine which can be suspended and resumed with an incorrect time) it may be
+necessary to allow the step on any clock update. The example above would change
+to
+
+----
+makestep 1 -1
+----
+
+=== Using a Windows NTP server?
+
+A common issue with Windows NTP servers is that they report a very large root
+dispersion (e.g. three seconds or more), which causes `chronyd` to ignore the
+server for being too inaccurate. The `sources` command may show a valid
+measurement, but the server is not selected for synchronisation. You can check
+the root dispersion of the server with the ``chronyc``'s `ntpdata` command.
+
+The `maxdistance` value needs to be increased in _chrony.conf_ to enable
+synchronisation to such a server. For example:
+
+----
+maxdistance 16.0
+----
+
+=== Using a PPS reference clock?
+
+A pulse-per-second (PPS) reference clock requires a non-PPS time source to
+determine which second of UTC corresponds to each pulse. If it is another
+reference clock specified with the `lock` option in the `refclock` directive,
+the offset between the two reference clocks must be smaller than 0.2 seconds in
+order for the PPS reference clock to work. With NMEA reference clocks it is
+common to have a larger offset. It needs to be corrected with the `offset`
+option.
+
+One approach to find out a good value of the `offset` option is to configure
+the reference clocks with the `noselect` option and compare them to an NTP
+server. For example, if the `sourcestats` command showed
+
+----
+Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
+==============================================================================
+PPS0                        0   0     0     +0.000   2000.000     +0ns  4000ms
+NMEA                       58  30   231    -96.494     38.406   +504ms  6080us
+foo.example.net             7   3   200     -2.991     16.141   -107us   492us
+----
+
+the offset of the NMEA source would need to be increased by about 0.504
+seconds. It does not have to be very accurate. As long as the offset of the
+NMEA reference clock stays below 0.2 seconds, the PPS reference clock should be
+able to determine the seconds corresponding to the pulses and allow the samples
+to be used for synchronisation.
+
+== Issues with `chronyc`
+
+=== I keep getting the error `506 Cannot talk to daemon`
+
+When accessing `chronyd` remotely, make sure that the _chrony.conf_ file (on
+the computer where `chronyd` is running) has a `cmdallow` entry for the
+computer you are running `chronyc` on and an appropriate `bindcmdaddress`
+directive. This isn't necessary for localhost.
+
+Perhaps `chronyd` is not running. Try using the `ps` command (e.g. on Linux,
+`ps -auxw`) to see if it's running. Or try `netstat -a` and see if the ports
+123/udp and 323/udp are listening. If `chronyd` is not running, you may have a
+problem with the way you are trying to start it (e.g. at boot time).
+
+Perhaps you have a firewall set up in a way that blocks packets on port
+323/udp. You need to amend the firewall configuration in this case.
+
+=== I keep getting the error `501 Not authorised`
+
+Since version 2.2, the `password` command doesn't do anything and `chronyc`
+needs to run locally under the root or _chrony_ user, which are allowed to
+access the ``chronyd``'s Unix domain command socket.
+
+With older versions, you need to authenticate with the `password` command first
+or use the `-a` option to authenticate automatically on start. The
+configuration file needs to specify a file which contains keys (`keyfile`
+directive) and which key in the key file should be used for `chronyc`
+authentication (`commandkey` directive).
+
+=== Why does `chronyc tracking` always print an IPv4 address as reference ID?
+
+The reference ID is a 32-bit value and in versions before 3.0 it was printed in
+quad-dotted notation, even if the reference source did not actually have an
+IPv4 address. For IPv4 addresses, the reference ID is equal to the address, but
+for IPv6 addresses it is the first 32 bits of the MD5 sum of the address. For
+reference clocks, the reference ID is the value specified with the `refid`
+option in the `refclock` directive.
+
+Since version 3.0, the reference ID is printed as a hexadecimal number to avoid
+confusion with IPv4 addresses.
+
+If you need to get the IP address of the current reference source, use the `-n`
+option to disable resolving of IP addresses and read the second field (printed
+in parentheses) on the `Reference ID` line.
+
+=== Is the `chronyc` / `chronyd` protocol documented anywhere?
+
+Only by the source code. See _cmdmon.c_ (`chronyd` side) and _client.c_
+(`chronyc` side).
+
+== Real-time clock issues
+
+=== What is the real-time clock (RTC)?
+
+This is the clock which keeps the time even when your computer is turned off.
+It is used to initialise the system clock on boot. It normally doesn't drift
+more than few seconds per day.
+
+There are two approaches how `chronyd` can work with it. One is to use the
+`rtcsync` directive, which tells `chronyd` to enable a kernel mode which sets
+the RTC from the system clock every 11 minutes. `chronyd` itself won't touch
+the RTC. If the computer is not turned off for a long time, the RTC should
+still be close to the true time when the system clock will be initialised from
+it on the next boot.
+
+The other option is to use the `rtcfile` directive, which tells `chronyd` to
+monitor the rate at which the RTC gains or loses time. When `chronyd` is
+started with the `-s` option on the next boot, it will set the system time from
+the RTC and also compensate for the drift it has measured previously. The
+`rtcautotrim` directive can be used to keep the RTC close to the true time, but
+it's not strictly necessary if its only purpose is to set the system clock when
+`chronyd` is started on boot. See the documentation for details.
+
+=== I want to use ``chronyd``'s RTC support. Must I disable `hwclock`?
+
+The `hwclock` program is often set-up by default in the boot and shutdown
+scripts with many Linux installations. With the kernel RTC synchronisation
+(`rtcsync` directive), the RTC will be set also every 11 minutes as long as the
+system clock is synchronised. If you want to use ``chronyd``'s RTC monitoring
+(`rtcfile` directive), it's important to disable `hwclock` in the shutdown
+procedure. If you don't, it will over-write the RTC with a new value, unknown
+to `chronyd`. At the next reboot, `chronyd` started with the `-s` option will
+compensate this (wrong) time with its estimate of how far the RTC has drifted
+whilst the power was off, giving a meaningless initial system time.
+
+There is no need to remove `hwclock` from the boot process, as long as `chronyd`
+is started after it has run.
+
+=== I just keep getting the `513 RTC driver not running` message
+
+For the real-time clock support to work, you need the following three
+things
+
+* an RTC in your computer
+* a Linux kernel with enabled RTC support
+* an `rtcfile` directive in your _chrony.conf_ file
+
+=== I get `Could not open /dev/rtc, Device or resource busy` in my syslog file
+
+Some other program running on the system may be using the device.
+
+=== What if my computer does not have an RTC or backup battery?
+
+In this case you can still use the `-s` option to set the system clock to the
+last modification time of the drift file, which should correspond to the system
+time when `chronyd` was previously stopped. The initial system time will be
+increasing across reboots and applications started after `chronyd` will not
+observe backward steps.
+
+== NTP-specific issues
+
+=== Can `chronyd` be driven from broadcast/multicast NTP servers?
+
+No, the broadcast/multicast client mode is not supported and there is currently
+no plan to implement it. While the mode may be useful to simplify configuration
+of clients in large networks, it is inherently less accurate and less secure
+(even with authentication) than the ordinary client/server mode.
+
+When configuring a large number of clients in a network, it is recommended to
+use the `pool` directive with a DNS name which resolves to addresses of
+multiple NTP servers. The clients will automatically replace the servers when
+they become unreachable, or otherwise unsuitable for synchronisation, with new
+servers from the pool.
+
+Even with very modest hardware, an NTP server can serve time to hundreds of
+thousands of clients using the ordinary client/server mode.
+
+=== Can `chronyd` transmit broadcast NTP packets?
+
+Yes, the `broadcast` directive can be used to enable the broadcast server mode
+to serve time to clients in the network which support the broadcast client mode
+(it's not supported in `chronyd`, see the previous question).
+
+=== Can `chronyd` keep the system clock a fixed offset away from real time?
+
+Yes. Starting from version 3.0, an offset can be specified by the `offset`
+option for all time sources in the _chrony.conf_ file.
+
+=== What happens if the network connection is dropped without using ``chronyc``'s `offline` command first?
+
+`chronyd` will keep trying to access the sources that it thinks are online, and
+it will take longer before new measurements are actually made and the clock is
+corrected when the network is connected again. If the sources were set to
+offline, `chronyd` would make new measurements immediately after issuing the
+`online` command.
+
+Unless the network connection lasts only few minutes (less than the maximum
+polling interval), the delay is usually not a problem, and it may be acceptable
+to keep all sources online all the time.
+
+== Operating systems
+
+=== Does `chrony` support Windows?
+
+No. The `chronyc` program (the command-line client used for configuring
+`chronyd` while it is running) has been successfully built and run under
+Cygwin in the past. `chronyd` is not portable, because part of it is
+very system-dependent. It needs adapting to work with Windows'
+equivalent of the adjtimex() call, and it needs to be made to work as a
+service.
+
+=== Are there any plans to support Windows?
+
+We have no plans to do this. Anyone is welcome to pick this work up and
+contribute it back to the project.

doc/installation.adoc

@@ -0,0 +1,230 @@
+// This file is part of chrony
+//
+// Copyright (C) Richard P. Curnow  1997-2003
+// Copyright (C) Miroslav Lichvar  2009-2016
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of version 2 of the GNU General Public License as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+= Installation
+
+The software is distributed as source code which has to be compiled. The source
+code is supplied in the form of a gzipped tar file, which unpacks to a
+subdirectory identifying the name and version of the program.
+
+The following programs and libraries with their development files are needed to
+build `chrony`:
+
+* C compiler (gcc or clang recommended)
+* GNU Make
+* Nettle, NSS, or LibTomCrypt (optional)
+* Editline (optional)
+* libcap (Linux only, optional)
+* libseccomp (Linux only, optional)
+* timepps.h header (optional)
+* Asciidoctor (for HTML documentation)
+* Bash (for testing)
+
+After unpacking the source code, change directory into it, and type
+
+----
+./configure
+----
+
+This is a shell script that automatically determines the system type. There is
+an optional parameter `--prefix`, which indicates the directory tree where the
+software should be installed. For example,
+
+----
+./configure --prefix=/opt/free
+----
+
+will install the `chronyd` daemon into `/opt/free/sbin` and the `chronyc`
+control program into `/opt/free/bin`. The default value for the prefix is
+`/usr/local`.
+
+The `configure` script assumes you want to use `gcc` as your compiler. If you
+want to use a different compiler, you can configure this way:
+
+----
+CC=cc ./configure --prefix=/opt/free
+----
+
+for Bourne-family shells, or
+
+----
+setenv CC cc
+setenv CFLAGS -O
+./configure --prefix=/opt/free
+----
+
+for C-family shells.
+
+If the software cannot (yet) be built on your system, an error message will be
+shown. Otherwise, `Makefile` will be generated.
+
+On Linux, if development files for the libcap library are available, `chronyd`
+will be built with support for dropping root privileges. On other systems no
+extra library is needed. The default user which `chronyd` should run as can be
+specified with the `--with-user` option of the `configure` script.
+
+If development files for the POSIX threads library are available, `chronyd`
+will be built with support for asynchronous resolving of hostnames specified in
+the `server`, `peer`, and `pool` directives. This allows `chronyd` operating as
+a server to respond to client requests when resolving a hostname. If you don't
+want to enable the support, specify the `--disable-asyncdns` flag to
+`configure`.
+
+If development files for the https://www.lysator.liu.se/~nisse/nettle/[Nettle],
+https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS[NSS], or
+http://www.libtom.net/LibTomCrypt/[libtomcrypt] library are available,
+`chronyd` will be built with support for other cryptographic hash functions
+than MD5, which can be used for NTP authentication with a symmetric key. If you
+don't want to enable the support, specify the `--disable-sechash` flag to
+`configure`.
+
+If development files for the editline or readline library are available,
+`chronyc` will be built with line editing support. If you don't want this,
+specify the `--disable-readline` flag to `configure`.
+
+If a `timepps.h` header is available (e.g. from the
+http://linuxpps.org[LinuxPPS project]), `chronyd` will be built with PPS API
+reference clock driver. If the header is installed in a location that isn't
+normally searched by the compiler, you can add it to the searched locations by
+setting the `CPPFLAGS` variable to `-I/path/to/timepps`.
+
+The `--help` option can be specified to `configure` to print all options
+supported by the script.
+
+Now type
+
+----
+make
+----
+
+to build the programs.
+
+If you want to build the manual in HTML, type
+
+----
+make docs
+----
+
+Once the programs have been successfully compiled, they need to be installed in
+their target locations. This step normally needs to be performed by the
+superuser, and requires the following command to be entered.
+
+----
+make install
+----
+
+This will install the binaries and man pages.
+
+To install the HTML version of the manual, enter the command
+
+----
+make install-docs
+----
+
+Now that the software is successfully installed, the next step is to set up a
+configuration file. The default location of the file is _/etc/chrony.conf_.
+Several examples of configuration with comments are included in the examples
+directory. Suppose you want to use public NTP servers from the pool.ntp.org
+project as your time reference. A minimal useful configuration file could be
+
+----
+pool pool.ntp.org iburst
+makestep 1.0 3
+rtcsync
+----
+
+Then, `chronyd` can be run. For security reasons, it's recommended to create an
+unprivileged user for `chronyd` and specify it with the `-u` command-line
+option or the `user` directive in the configuration file, or set the default
+user with the `--with-user` configure option before building.
+
+== Support for system call filtering
+
+`chronyd` can be built with support for the Linux secure computing (seccomp)
+facility. This requires development files for the
+https://github.com/seccomp/libseccomp[libseccomp] library and the
+`--enable-scfilter` option specified to `configure`. The `-F` option of
+`chronyd` will enable a system call filter, which should significantly reduce
+the kernel attack surface and possibly prevent kernel exploits from `chronyd`
+if it is compromised.
+
+== Support for line editing libraries
+
+`chronyc` can be built with support for line editing, this allows you to use
+the cursor keys to replay and edit old commands. Two libraries are supported
+which provide such functionality, editline and GNU readline.
+
+Please note that readline since version 6.0 is licensed under GPLv3+ which is
+incompatible with chrony's license GPLv2. You should use editline instead if
+you don't want to use older readline versions.
+
+The `configure` script will automatically enable the line editing support if
+one of the supported libraries is available. If they are both available, the
+editline library will be used.
+
+If you don't want to use it (in which case `chronyc` will use a minimal command
+line interface), invoke `configure` like this:
+
+----
+./configure --disable-readline other-options...
+----
+
+If you have editline, readline or ncurses installed in locations that aren't
+normally searched by the compiler and linker, you need to use extra options:
+
+`--with-readline-includes=directory_name`::
+  This defines the name of the directory above the one where `readline.h` is.
+  `readline.h` is assumed to be in `editline` or `readline` subdirectory of the
+  named directory.
+
+`--with-readline-library=directory_name`::
+  This defines the directory containing the `libedit.a` or `libedit.so` file,
+  or `libreadline.a` or `libreadline.so` file.
+
+`--with-ncurses-library=directory_name`::
+  This defines the directory containing the `libncurses.a` or `libncurses.so`
+  file.
+
+== Extra options for package builders
+
+The `configure` and `make` procedures have some extra options that may be
+useful if you are building a distribution package for `chrony`.
+
+The `--mandir=DIR` option to `configure` specifies an installation directory
+for the man pages. This overrides the `man` subdirectory of the argument to the
+`--prefix` option.
+
+----
+./configure --prefix=/usr --mandir=/usr/share/man
+----
+
+to set both options together.
+
+The final option is the `DESTDIR` option to the `make` command. For example,
+you could use the commands
+
+----
+./configure --prefix=/usr --mandir=/usr/share/man
+make all docs
+make install DESTDIR=./tmp
+cd tmp
+tar cvf - . | gzip -9 > chrony.tar.gz
+----
+
+to build a package. When untarred within the root directory, this will install
+the files to the intended final locations.

examples/chrony-wait.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Wait for chrony to synchronize system clock
+Documentation=man:chronyc(1)
+After=chronyd.service
+Requires=chronyd.service
+Before=time-sync.target
+Wants=time-sync.target
+
+[Service]
+Type=oneshot
+# Wait up to ~10 minutes for chronyd to synchronize and the remaining
+# clock correction to be less than 0.1 seconds
+ExecStart=/usr/bin/chronyc -h 127.0.0.1,::1 waitsync 600 0.1 0.0 1
+RemainAfterExit=yes
+StandardOutput=null
+
+[Install]
+WantedBy=multi-user.target

examples/chrony.conf.example1

@@ -0,0 +1,12 @@
+# Use public NTP servers from the pool.ntp.org project.
+pool pool.ntp.org iburst
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync

examples/chrony.conf.example2

@@ -1,46 +1,38 @@
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server 0.pool.ntp.org iburst
-server 1.pool.ntp.org iburst
-server 2.pool.ntp.org iburst
-server 3.pool.ntp.org iburst
-
-# Ignore stratum in source selection.
-stratumweight 0
+pool pool.ntp.org iburst
 
 # Record the rate at which the system clock gains/losses time.
 driftfile /var/lib/chrony/drift
 
-# Enable kernel RTC synchronization.
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
 rtcsync
 
-# In first three updates step the system clock instead of slew
-# if the adjustment is larger than 100 seconds.
-makestep 100 3
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
 
 # Allow NTP client access from local network.
-#allow 192.168/16
+#allow 192.168.0.0/16
 
-# Listen for commands only on localhost.
-bindcmdaddress 127.0.0.1
-bindcmdaddress ::1
-
-# Serve time even if not synchronized to any NTP server.
+# Serve time even if not synchronized to a time source.
 #local stratum 10
 
-keyfile /etc/chrony.keys
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
 
-# Specify the key used as password for chronyc.
-commandkey 1
-
-# Generate command key if missing.
-generatecommandkey
-
-# Disable logging of client accesses.
-noclientlog
-
-# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
-logchange 0.5
+# Get TAI-UTC offset and leap seconds from the system tz database.
+#leapsectz right/UTC
 
+# Specify directory for log files.
 logdir /var/log/chrony
+
+# Select which information is logged.
 #log measurements statistics tracking

examples/chrony.conf.example3

@@ -5,22 +5,6 @@
 # want to enable.  The more obscure options are not included.  Refer
 # to the documentation for these.
 #
-# Copyright 2002 Richard P. Curnow
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of version 2 of the GNU General Public License as
-# published by the Free Software Foundation.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-# 
-#
 #######################################################################
 ### COMMENTS
 # Any of the following lines are comments (you have a choice of
@@ -43,44 +27,36 @@
 # you can access at http://support.ntp.org/bin/view/Servers/WebHome or
 # you can use servers from the pool.ntp.org project.
 
-! server 0.pool.ntp.org iburst
-! server 1.pool.ntp.org iburst
-! server 2.pool.ntp.org iburst
+! server foo.example.net iburst
+! server bar.example.net iburst
+! server baz.example.net iburst
+
+! pool pool.ntp.org iburst
  
-# However, for dial-up use you probably want these instead.  The word
-# 'offline' means that the server is not visible at boot time.  Use
-# chronyc's 'online' command to tell chronyd that these servers have
-# become visible after you go on-line.
-
-! server 0.pool.ntp.org offline
-! server 1.pool.ntp.org offline
-! server 2.pool.ntp.org offline
-
-# You may want to specify NTP 'peers' instead.  If you run a network
-# with a lot of computers and want several computers running chrony to
-# have the 'front-line' interface to the public NTP servers, you can
-# 'peer' these machines together to increase robustness.
-
-! peer ntp0.my-company.com
-
-# There are other options to the 'server' and 'peer' directives that you
-# might want to use.  For example, you can ignore measurements whose
-# round-trip-time is too large (indicating that the measurement is
-# probably useless, because you don't know which way the measurement
-# message got held up.)  Consult the full documentation for details.
-
 #######################################################################
 ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
 #
 # To avoid changes being made to your computer's gain/loss compensation
 # when the measurement history is too erratic, you might want to enable
-# one of the following lines.  The first seems good for dial-up (or
-# other high-latency connections like slow leased lines), the second
-# seems OK for a LAN environment.
+# one of the following lines.  The first seems good with servers on the
+# Internet, the second seems OK for a LAN environment.
 
 ! maxupdateskew 100
 ! maxupdateskew 5
 
+# If you want to increase the minimum number of selectable sources
+# required to update the system clock in order to make the
+# synchronisation more reliable, uncomment (and edit) the following
+# line.
+
+! minsources 2
+
+# If your computer has a good stable clock (e.g. it is not a virtual
+# machine), you might also want to reduce the maximum assumed drift
+# (frequency error) of the clock (the value is specified in ppm).
+
+! maxdrift 100
+
 #######################################################################
 ### FILENAMES ETC
 # Chrony likes to keep information about your computer's clock in files.
@@ -91,20 +67,10 @@
 
 driftfile /var/lib/chrony/drift
 
-# If you want to use the program called chronyc to configure aspects of
-# chronyd's operation once it is running (e.g. tell it the Internet link
-# has gone up or down), you need a password.  This is stored in the
-# following keys file.  (You also need keys to support authenticated NTP
-# exchanges between cooperating machines.)  Again, this option is
-# assumed by default.
+# If you want to enable NTP authentication with symmetric keys, you will need
+# to uncomment the following line and edit the file to set up the keys.
 
-keyfile /etc/chrony.keys
-
-# Tell chronyd which numbered key in the file is used as the password
-# for chronyc. (You can pick any integer up to 2**32-1.  '1' is just a
-# default.  Using another value will _NOT_ increase security.)
-
-commandkey 1
+! keyfile /etc/chrony.keys
 
 # chronyd can save the measurement history for the servers to files when
 # it it exits.  This is useful in 2 situations:
@@ -129,20 +95,26 @@ commandkey 1
 # still running and bail out.  If you want to change the path to the PID
 # file, uncomment this line and edit it.  The default path is shown.
 
-! pidfile /var/run/chronyd.pid
+! pidfile /var/run/chrony/chronyd.pid
+
+# If the system timezone database is kept up to date and includes the
+# right/UTC timezone, chronyd can use it to determine the current
+# TAI-UTC offset and when will the next leap second occur.
+
+! leapsectz right/UTC
 
 #######################################################################
 ### INITIAL CLOCK CORRECTION
 # This option is useful to quickly correct the clock on start if it's
-# off by a large amount.  The value '10' means that if the error is less
-# than 10 seconds, it will be gradually removed by speeding up or
-# slowing down your computer's clock until it is correct.  If the error
-# is above 10 seconds, an immediate time jump will be applied to correct
-# it.  The value '1' means the step is allowed only on the first update
-# of the clock.  Some software can get upset if the system clock jumps
+# off by a large amount.  The value '1.0' means that if the error is less
+# than 1 second, it will be gradually removed by speeding up or slowing
+# down your computer's clock until it is correct.  If the error is above
+# 1 second, an immediate time jump will be applied to correct it.  The
+# value '3' means the step is allowed only in the first three updates of
+# the clock.  Some software can get upset if the system clock jumps
 # (especially backwards), so be careful!
 
-! makestep 10 1
+! makestep 1.0 3
 
 #######################################################################
 ### LOGGING
@@ -203,16 +175,22 @@ commandkey 1
 # machine accesses it.  The information can be accessed by the 'clients'
 # command of chronyc.  You can disable this facility by uncommenting the
 # following line.  This will save a bit of memory if you have many
-# clients.
+# clients and it will also disable support for the interleaved mode.
 
 ! noclientlog
 
 # The clientlog size is limited to 512KB by default.  If you have many
-# clients, especially in many different subnets, you might want to
-# increase the limit. 
+# clients, you might want to increase the limit.
 
 ! clientloglimit 4194304
 
+# By default, chronyd tries to respond to all valid NTP requests from
+# allowed addresses.  If you want to limit the response rate for NTP
+# clients that are sending requests too frequently, uncomment and edit
+# the following line.
+
+! ratelimit interval 3 burst 8
+
 #######################################################################
 ### REPORTING BIG CLOCK CHANGES
 # Perhaps you want to know if chronyd suddenly detects any large error
@@ -230,13 +208,19 @@ commandkey 1
 # several people, you need to set up a mailing list or sendmail alias
 # for them and use the address of that.)
 
-! mailonchange wibble@foobar.org 0.5
+! mailonchange wibble@foo.example.net 0.5
 
 #######################################################################
 ### COMMAND ACCESS
 # The program chronyc is used to show the current operation of chronyd
 # and to change parts of its configuration whilst it is running.
 
+# By default chronyd binds to the loopback interface.  Uncomment the
+# following lines to allow receiving command packets from remote hosts.
+
+! bindcmdaddress 0.0.0.0
+! bindcmdaddress ::
+
 # Normally, chronyd will only allow connections from chronyc on the same
 # machine as itself.  This is for security.  If you have a subnet
 # 192.168.*.* and you want to be able to use chronyc from any machine on
@@ -249,10 +233,20 @@ commandkey 1
 # syntax and meaning is the same as for 'allow' and 'deny', except that
 # 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
 
-# NOTE, even if the host where you run chronyc is granted access, you
-# still need a command key set up and you have to know the password to
-# put into chronyc to allow you to modify chronyd's parameters.  By
-# default all you can do is view information about chronyd's operation.
+# Rate limiting can be enabled also for command packets.  (Note,
+# commands from localhost are never limited.)
+
+! cmdratelimit interval -4 burst 16
+
+#######################################################################
+### HARDWARE TIMESTAMPING
+# On Linux, if the network interface controller and its driver support
+# hardware timestamping, it can significantly improve the accuracy of
+# synchronisation. It can be enabled on specified interfaces only, or it
+# can be enabled on all interfaces that support it.
+
+! hwtimestamp eth0
+! hwtimestamp *
 
 #######################################################################
 ### REAL TIME CLOCK
@@ -283,6 +277,12 @@ commandkey 1
 
 ! rtcdevice /dev/misc/rtc
 
+# Alternatively, if not using the -s option, this directive can be used
+# to enable a mode in which the RTC is periodically set to the system
+# time, with no tracking of its drift.
+
+! rtcsync
+
 #######################################################################
 ### REAL TIME SCHEDULER
 # This directive tells chronyd to use the real-time FIFO scheduler with the

examples/chrony.keys.example

@@ -1,29 +1,13 @@
-#######################################################################
+# This is an example chrony keys file.  It enables authentication of NTP
+# packets with symmetric keys when its location is specified by the keyfile
+# directive in chrony.conf(5).  It should be readable only by root and the
+# user under which chronyd is running.
 #
-# This is an example chrony keys file.  You should copy it to /etc/chrony.keys
-# after editing it to set up the key(s) you want to use.  It should be readable
-# only by root or the user chronyd drops the root privileges to.  In most
-# situations, you will require a single key (the 'commandkey') so that you can
-# supply a password to chronyc to enable you to modify chronyd's operation
-# whilst it is running.
-#
-# Copyright 2002 Richard P. Curnow
-#
-######################################################################
+# Don't use the example keys!  It's recommended to generate random keys using
+# the chronyc keygen command.
 
 # Examples of valid keys:
 
-#1 ALongAndRandomPassword
-#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC
-#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C
-
-# The keys should be random for maximum security.  If you wanted to use a key
-# with ID 1 as your commandkey (i.e. chronyc password) you would put
-# "commandkey 1" into chrony.conf.  If no commandkey is present in the keys
-# file and the generatecommandkey directive is specified in chrony.conf,
-# a random commandkey will be generated and added to the keys file
-# automatically on chronyd start.
-
-# You might want to define more keys if you use the authentication facility
-# in the network time protocol to authenticate request/response packets between
-# trusted clients and servers.
+#1 MD5 AVeryLongAndRandomPassword
+#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
+#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995

examples/chrony.logrotate

@@ -0,0 +1,8 @@
+/var/log/chrony/*.log {
+    missingok
+    nocreate
+    sharedscripts
+    postrotate
+        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
+    endscript
+}

examples/chrony.nm-dispatcher

@@ -0,0 +1,15 @@
+#!/bin/sh
+# This is a NetworkManager dispatcher / networkd-dispatcher script for
+# chronyd to set its NTP sources online or offline when a network interface
+# is configured or removed
+
+export LC_ALL=C
+
+# For NetworkManager consider only up/down events
+[ $# -ge 2 ] && [ "$2" != "up" ] && [ "$2" != "down" ] && exit 0
+
+# Note: for networkd-dispatcher routable.d ~= on and off.d ~= off
+
+chronyc onoffline > /dev/null 2>&1
+
+exit 0

examples/chronyd.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=NTP client/server
+Documentation=man:chronyd(8) man:chrony.conf(5)
+After=ntpdate.service sntp.service ntpd.service
+Conflicts=ntpd.service systemd-timesyncd.service
+ConditionCapability=CAP_SYS_TIME
+
+[Service]
+Type=forking
+PIDFile=/var/run/chrony/chronyd.pid
+EnvironmentFile=-/etc/sysconfig/chronyd
+ExecStart=/usr/sbin/chronyd $OPTIONS
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target

faq.txt

@@ -1,299 +0,0 @@
-@@PROLOGUE
-<html>
-<head>
-<title>Frequently asked questions</title>
-<meta name="description" content="Chrony FAQ (frequently asked questions)">
-<meta name="keywords" content="chrony,network time protocol,NTP,RFC 1305,dial-up connection,real time clock,RTC,Linux,FAQ,frequently asked questns">
-<?php
-  $root = ".";
-  include "$root/styles.php";
-?>
-</head>
-
-<body>
-<?php
-  include 'main_banner.php';
-  include 'header.php';
-?>
-<?php pretty_h1("Introduction") ?>
-<p>
-This is a set of questions and answers to common problems and issues.
-<p>
-As we receive more emails about the software, we will add new questions
-to this page.
-<hr>
-<p>
-The developers can be reached via the chrony-dev mailing list.  See 
-<a href="#question_1.4">question 1.4.</a> for details.
-<hr>
-
-<br clear=all>
-@@ENDPROLOGUE
-S: Administrative issues
-
-Q: Where can I get chrony source code?
-Tarballs are available via the <b>Download</b> link on the Chrony
-Web site.  For the current development from the developers' version control
-system see the <b>Git</b> link on the Web site.
-
-Q: Are there any packaged versions of chrony?
-We are aware of packages for Debian, Fedora, Gentoo, Mandriva, Slackware,
-and Ubuntu.  We are not involved with how these are built or distributed.
-
-Q: Where is the home page?
-It is currently at <a href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org/</a>. 
-
-Q: Is there a mailing list?
-Yes, it's currently at chrony-users@chrony.tuxfamily.org. There is a low-volume
-list called chrony-announce which is just for announcements of new releases or
-similar matters of high importance.  You can join the lists by sending a
-message with the subject subscribe to <a href="mailto:chrony-users-request@chrony.tuxfamily.org">chrony-users-request@chrony.tuxfamily.org</a> or
-<a href="mailto:chrony-announce-request@chrony.tuxfamily.org">chrony-announce-request@chrony.tuxfamily.org</a> respectively.
-
-For those who want to contribute to the development of chrony, there is a
-developers' mailing list.  You can subscribe by sending mail with the
-subject subscribe to
-<a href="mailto:chrony-dev-request@chrony.tuxfamily.org">chrony-dev-request@chrony.tuxfamily.org</a>.
-
-Q: What licence is applied to chrony?
-Starting from version 1.15, chrony is licensed under the GNU General Public
-License, Version 2.  Versions prior to 1.15 were licensed under a custom BSD-like
-license.
-
-S: Chrony compared to other programs
-Q: How does chrony compare to xntpd?
-If your computer is permenently connected, or connected for long periods (that
-is, for the several hours it takes xntpd to settle down), or you need to
-support hardware reference clocks to your computer, then xntpd will work fine.
-Apart from not supporting hardware clocks, chrony will work fine too.
-
-If your computer connects to the 'net for 5 minutes once a day (or something
-like that), or you turn your (Linux v2.0) computer off when you're not using
-it, or you want to use NTP on an isolated network with no hardware clocks in
-sight, chrony will work much better for you.
-
-The reason I wrote chrony was that I could not get xntpd to do
-anything sensible on my PC at home, which is connected to the 'net for
-about 5 minutes once or twice a day, mainly to upload/download email
-and news.  Nowadays it is also turned off for 22-23 hours a day, when
-not in use.  I wanted a program which would :
-
-- slew the time to correct it when I go online and NTP servers become visible
-
-- determine the rate at which the computer gains or loses time and use this
-  information to keep it reasonably correct between connects to the 'net.  This
-  has to be done using a method that does not care about the intermittent
-  availability of the references or the fact the computer is turned off between
-  groups of measurements..
-
-- maintain the time across reboots, by working out the error and drift rate of
-  the computer's real-time clock and using this information to set the system
-  clock correctly at boot up. (In the last few months, it became impossible for
-  me to leave my computer powered permanently.)
-
-Also, when working with isolated networks with no true time references
-at all, I found xntpd gave me no help with managing the local clock's
-gain/loss rate on the NTP master node (which I set from my watch).  I
-added some automated support in chrony to deal with this.
-
-S: Selection of NTP servers
-Q: I have several computers on a LAN.  Should I make one the master, or make them all clients of an external server?
-I think the best configuration is to make one computer the master, with the
-others as clients of it.  Add a 'local' directive to the master's chrony.conf
-file.  This configuration will be better because
-
-* the load on the external connection is less
-* the load on the external NTP server(s) is less
-* if your external connection goes down, the computers on the LAN will maintain
-  a common time with each other.
-
-S: Addressing issues
-Q: I get the following error message : "Could not get IP adress for localhost"
-Add a line like the following to your /etc/hosts file
-    127.0.0.1   localhost
-
-Q: I have problems if I put the names of my NTP servers in the chrony.conf file.
-If you have no connection to the Internet at boot time, chrony won't be able to
-turn the names into IP addresses when it starts.  There seem to be 2 solutions:
-
-1. Put the numeric IP addresses in the chrony.conf file
-or
-2. Put the server->IP address mappings in your /etc/hosts file and ensure that
-   /etc/host.conf reads 'order hosts,bind'.
-
-The problem is that chronyd (currently) isn't designed in a way that allows
-hostname->IP address lookups during normal operation.  I hope to work on this
-problem very soon.
-
-S: My computer is not synchronising.
-This is the most common problem.  There are a number of reasons, see the
-following questions.
-
-Q: Behind a firewall?
-If there is a firewall between you and the NTP server you're trying to use,
-the packets may be blocked.  Try using a tool like etherfind or tcpdump to see
-if you're getting responses from the server.  If you have an external modem,
-see if the receive light blinks straight after the transmit light (when the
-link is quiet apart from the NTP traffic.)  Try adding 'log measurements' to
-the chrony.conf file and look in the measurements.log file after chrony has
-been running for a short period.  See if any measurements appear.
-
-Most people run chronyd on the firewall itself, to avoid all issues of UDP
-packet forwarding and/or masquerading.
-
-Q: Do you have a non-permanant (i.e. intermittent) Internet connection?
-Check that you're using chronyc's 'online' and 'offline' commands
-appropriately.  Again, check in measurements.log to see if you're getting any
-data back from the server.
-
-Q: In measurements.log, do the '7' and '8' flag columns always show zero?
-Do you have a 'local stratum X' directive in the chrony.conf file?  If X is
-lower than the stratum of the server you're trying to use, this situation will
-arise.  You should always make X quite high (e.g. 10) in this directive.
-
-S: Issues with chronyc
-
-Q: I keep getting the error '510 No command access from this host --- Reply not authenticated'.
-Make sure that the chrony.conf file (on the computer where chronyd is running)
-has a 'cmdallow' entry for the computer you are running chronyc on.  This
-shouldn't be necessary for localhost, but some people still seem to need an
-entry like 'cmdallow 127.0.0.1'.  (It would be good to understand why problem
-only affects some people).
-
-Q: I cannot log in from chronyc to carry out privileged tasks.
-This is the second most common problem.
-
-Perhaps your /etc/chrony.keys file is badly formatted.  Make sure that the
-final line has a line feed at the end, otherwise the key on that line will work
-as though the last character is missing.  (Note, this bug was fixed in version
-1.16.)
-
-Q: When I enter a command and hit &lt;Return&gt;, chronyc hangs
-This probably means that chronyc cannot communicate with chronyd.
-
-Perhaps chronyd is not running.  Try using the ps command (e.g. on Linux, 'ps
--auxw') to see if it's running.  Or try 'netstat -a' and see if the ports
-123/udp and 323/udp are listening.  If chronyd is not running, you may have a
-problem with the way you are trying to start it (e.g. at boot time).
-
-Perhaps you have a firewall set up in a way that blocks packets on port
-323/udp.  You need to amend the firewall configuration in this case.
-
-Q: Is the chronyc&lt;-&gt;chronyd protocol documented anywhere?
-Only by the source code :-)  See cmdmon.c (chronyd side) and client.c (chronyc
-side).
-
-S: Real-time clock issues.
-Q: What is the real-time clock (RTC)?
-This is the clock which keeps the time even when your computer is turned off.
-It works with 1 second resolution.   chronyd can monitor the rate at which the
-real-time clock gains or loses time, and compensate for it when you set the
-system time from it at the next reboot.  See the documentation for details.
-
-Q: I want to use chronyd's real-time clock support.  Must I disable hwclock?
-The hwclock program is often set-up by default in the boot and shutdown scripts
-with many Linux installations.  If you want to use chronyd's real-time clock
-support, the important thing is to disable hwclock in the <b>shutdown</b>
-procedure.  If you don't, it will over-write the RTC with a new value, unknown
-to chronyd.  At the next reboot, chronyd will compensate this (wrong) time with
-its estimate of how far the RTC has drifted whilst the power was off, giving a
-meaningless initial system time.
-
-There is no need to remove hwclock from the boot process, as long as chronyd is
-started after it has run.
-
-Q: I just keep getting the '513 RTC driver not running' message
-For the real time clock support to work, you need the following three things:
-                                                                                                                                    
-* a kernel that is supported (e.g. 2.2 onwards)                                                                                     
-* enhanced RTC support compiled into the kernel                                                                                     
-* an 'rtcfile' directive in your chrony.conf file.                                                                                  
-
-S: Microsoft Windows
-
-Q: Does chrony support Windows?
-No.  The chronyc program (the command-line client used for configuring
-chronyd while it is running) has been successfully built and run under Cygwin
-in the past.  chronyd is not portable, because part of it is very
-system-dependent.  It needs adapting to work with Windows' equivalent of the
-adjtimex() call, and it needs to be made to work as an NT service.
-
-Q: Are there any plans to support Windows?
-We have no plans to do this.  Anyone is welcome to pick this work up and
-contribute it back to the project.
-
-Q: What alternative NTP clients are there for Windows?
-Some of the names we've seen mentioned are 
-   - Automachron
-   - NetTime (nettime.sourceforge.net)
-
-S: NTP-specific issues
-Q: Can chrony be driven from broadcast NTP servers?
-No.  I remember looking at how they worked when I was first writing chrony.
-Since the 'target market' then was dial-up systems, broadcast packets were not
-relevant so I didn't bother working out how to deal with the complexities of
-doing the delay estimation.
-
-I no longer have root access to a LAN environment to develop and test broadcast
-server support.  Neither have I the time to work on this.  I would be very
-happy to accept a patch from anyone who can develop, test and debug the
-necessary changes!
-
-Q: Can chronyd transmit broadcast NTP packets (e.g. to synchronise other computers on a private LAN)?
-Yes.  Starting from version 1.17, chrony has this capability.
-
-Q: Can chrony keep the system clock a fixed offset away from real time?
-I have not experimented much, but I don't believe this would be possible as
-the program currently stands.
-
-Q: What happens if the network connection is dropped without using chronyc's 'offline' command first?
-In this case chronyd will keep trying to access the server(s) that it thinks
-are online.  Eventually it will decide that they are unreachable and no longer
-consider itself synchronised to them.  If you have other computers on your LAN
-accessing the computer that is affected this way, they too will become
-'unsynchronised', unless you have the 'local' directive set up on the master
-computer.
-
-The 'auto_offline' option to the 'server' entry in the chrony.conf file may be
-useful to avoid this situation.
-
-S: Development
-
-Q: Can I get the source via git from anywhere?
-Yes.  See the Git link at <a
-href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org</a> for
-information.
-
-S: Linux-specific issues
-
-Q: Why does the source code include kernel header files?
-The program needs to see the definitions of structures used to interact with
-the real time clock (via /dev/rtc) and with the adjtimex() system call.  Sadly
-this has led to a number of compilation problems with newer kernels which have
-been increasingly hard to fix in a way that makes the code compilable on all
-Linux kernel versions (from 2.0 up anyway, I doubt 1.x still works.)  Hopefully
-the situation will not deteriorate further with future kernel versions.
-
-Q: I get "Could not open /dev/rtc, Device or resource busy" in my syslog file.
-Check that you haven't accidentally got two copies of chronyd running (perhaps
-defined in different start-up scripts.)
-
-S: Solaris-specific issues
-Q: On Solaris 2.8, I get an error message about not being able to open kvm to change dosynctodr.
-(The dosynctodr variable controls whether Solaris couples the equivalent of its
-BIOS clock into its system clock at regular intervals).  The Solaris port of
-chrony was developed in the Solaris 2.5 era.  Some aspect of the Solaris kernel
-has changed which prevents the same technique working.  I no longer have root
-access to any Solaris machines to work on this, and am reliant on somebody
-developing the patch and testing it.  A good starting point would be to see if
-xntpd has been modified to work for Solaris 2.8.
-
-@@EPILOGUE
-<hr>
-
-Back to
-<a href="mailto:rc@rc0.org.uk?subject=chrony">the author</a>'s
-<a href="http://www.rc0.org.uk/">main page</a>
-</body>
-</html>
-@@ENDEPILOGUE

faqgen.pl

@@ -1,140 +0,0 @@
-#!/usr/bin/env perl
-
-# $Header
-
-# Copyright 2001 Richard P. Curnow
-# LICENCE
-
-# A script to generate an HTML FAQ page from a text input file.  The input is assumed to consist of the following:
-# Lines starting with 'S:'.  These introduce sections.
-# Lines starting with 'Q:'.  These are the topics of questions.
-# Body text (either as an introduction to the sections, or as answers to the questions.
-# The body text is set as pre-formatted.
-
-$| = 1;
-
-@prologue = ();
-@epilogue = ();
-
-@sections=();  # section titles
-@sect_text=(); # introductory text in sections
-
-@questions=(); # questions in sections
-@answers=();   # answers to questions
-
-$sn = -1;
-$had_q = 0;
-
-#{{{ Parse input 
-while (<>) {
-    if (m/\@\@PROLOG/o) {
-        while (<>) {
-            last if (m/^\@\@ENDPROLOG/);
-            push (@prologue, $_);
-        }
-    } elsif (m/\@\@EPILOG/o) {
-        while (<>) {
-            last if (m/^\@\@ENDEPILOG/);
-            push (@epilogue, $_);
-        }
-    } elsif (m/^[sS]:[ \t]*(.*)$/) {
-        chomp;
-        $qn = -1;
-        ++$sn;
-        $sections[$sn] = &guard($1);
-        $sect_text[$sn] = "";
-        $questions[$sn] = [ ];
-        $answers[$sn] = [ ];
-        $had_q = 0;
-    } elsif (/^[qQ]:[ \t]*(.*)$/) {
-        chomp;
-        die unless ($sn >= 0);
-        ++$qn;
-        $questions[$sn]->[$qn] = &guard($1);
-        $had_q = 1;
-    } else {
-        if ($had_q) {
-            if ($qn >= 0) {
-                $answers[$sn]->[$qn] .= $_;
-            }
-        } else {
-            if ($sect_text[$sn] ne "" || $_ !~ /^\s*$/) {
-                $sect_text[$sn] .= $_;
-            }
-        }
-    }
-}
-#}}}
-
-# Emit file header
-if ($#prologue >= 0) {
-    print @prologue;
-} else {
-print <<EOF;
-<html>
-<head>
-<title>
-Chrony Frequently Asked Questions
-</title>
-</head>
-<body>
-<font face=\"arial,helvetica\" size=+4><b>Table of contents</b></font>
-EOF
-}
-
-# Emit table of contents
-print "<ul>\n";
-for $sn (0 .. $#sections) {
-    print "<b><li> <a href=\"#section_".($sn+1)."\">".($sn+1).".</a> ".$sections[$sn]."</b>\n";
-    print "  <ul>\n";
-    for $qn (0 .. $#{$questions[$sn]}) {
-        $sq = ($sn+1).".".($qn+1);
-        print "  <li> <a href=\"#question_".$sq."\">".$sq.".</a> ".$questions[$sn]->[$qn]."\n";
-        #print "  <li> ".$sq.". ".$questions[$sn]->[$qn]."\n";
-    }
-    print "  </ul>\n";
-}
-print "</ul>\n";
-
-# Emit main sections
-for $sn (0 .. $#sections) {
-    print "<hr>\n";
-    print "<a name=section_".($sn+1).">\n";
-    #print "<b><font size=+2 face=\"arial,helvetica\">".($sn+1).". ".$sections[$sn]."</font></b>\n";
-    print "<?php pretty_h2(\"".($sn+1).". ".$sections[$sn]."\"); ?>\n";
-    if ($sect_text[$sn] ne "") {
-        print "<pre>\n";
-        print $sect_text[$sn];
-        print "</pre>\n";
-    }
-    for $qn (0 .. $#{$questions[$sn]}) {
-        $sq = ($sn+1).".".($qn+1);
-        print "<p>\n";
-        print "<a name=question_".$sq.">\n";
-        print "<font size=+1 face=\"arial,helvetica\">".$sq.". ".$questions[$sn]->[$qn]."</font>\n";
-        print "<pre>\n";
-        print $answers[$sn]->[$qn];
-        print "</pre>\n";
-    }
-}
-
-# Print footer
-if ($#epilogue >= 0) {
-    print @epilogue;
-} else {
-print <<EOF;
-</body>
-</html>
-EOF
-}
-
-
-#{{{  sub guard {
-sub guard {
-# Hide wierd tags etc
-    my ($x) = @_;
-    return $x;
-}
-#}}}
-
-

getdate.y

@@ -8,12 +8,7 @@
 **  This code is in the public domain and has no copyright.
 */
 
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-# ifdef HAVE_ALLOCA_H
-#  include <alloca.h>
-# endif
-#endif
+#include "config.h"
 
 /* Since the code of getdate.y is not included in the Emacs executable
    itself, there is no need to #define static in this file.  Even if
@@ -711,7 +706,7 @@ LookupWord (buff)
   /* Make it lowercase. */
   for (p = buff; *p; p++)
     if (ISUPPER ((unsigned char) *p))
-      *p = tolower (*p);
+      *p = tolower ((unsigned char) *p);
 
   if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0)
     {

hash.h

@@ -38,4 +38,6 @@ extern unsigned int HSH_Hash(int id,
     const unsigned char *in2, unsigned int in2_len,
     unsigned char *out, unsigned int out_len);
 
+extern void HSH_Finalise(void);
+
 #endif

hash_intmd5.c

@@ -29,6 +29,7 @@
 #include "sysincl.h"
 #include "hash.h"
 #include "memory.h"
+#include "util.h"
 
 #include "md5.c"
 
@@ -49,16 +50,20 @@ HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
     const unsigned char *in2, unsigned int in2_len,
     unsigned char *out, unsigned int out_len)
 {
-  if (out_len < 16)
-    return 0;
-
   MD5Init(&ctx);
   MD5Update(&ctx, in1, in1_len);
   if (in2)
     MD5Update(&ctx, in2, in2_len);
   MD5Final(&ctx);
 
-  memcpy(out, ctx.digest, 16);
+  out_len = MIN(out_len, 16);
 
-  return 16;
+  memcpy(out, ctx.digest, out_len);
+
+  return out_len;
+}
+
+void
+HSH_Finalise(void)
+{
 }

hash_nettle.c

@@ -0,0 +1,120 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2018
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Routines implementing crypto hashing using the nettle library.
+
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include <nettle/nettle-meta.h>
+
+#include "hash.h"
+#include "memory.h"
+
+struct hash {
+  const char *name;
+  const char *int_name;
+  const struct nettle_hash *nettle_hash;
+  void *context;
+};
+
+static struct hash hashes[] = {
+  { "MD5", "md5", NULL, NULL },
+  { "RMD160", "ripemd160", NULL, NULL },
+  { "SHA1", "sha1", NULL, NULL },
+  { "SHA256", "sha256", NULL, NULL },
+  { "SHA384", "sha384", NULL, NULL },
+  { "SHA512", "sha512", NULL, NULL },
+  { "SHA3-224", "sha3_224", NULL, NULL },
+  { "SHA3-256", "sha3_256", NULL, NULL },
+  { "SHA3-384", "sha3_384", NULL, NULL },
+  { "SHA3-512", "sha3_512", NULL, NULL },
+  { NULL, NULL, NULL, NULL }
+};
+
+int
+HSH_GetHashId(const char *name)
+{
+  int id, nid;
+
+  for (id = 0; hashes[id].name; id++) {
+    if (!strcmp(name, hashes[id].name))
+      break;
+  }
+
+  if (!hashes[id].name)
+    return -1;
+
+  if (hashes[id].context)
+    return id;
+
+  for (nid = 0; nettle_hashes[nid]; nid++) {
+    if (!strcmp(hashes[id].int_name, nettle_hashes[nid]->name))
+      break;
+  }
+
+  if (!nettle_hashes[nid] || !nettle_hashes[nid]->context_size || !nettle_hashes[nid]->init)
+    return -1;
+
+  hashes[id].nettle_hash = nettle_hashes[nid];
+  hashes[id].context = Malloc(hashes[id].nettle_hash->context_size);
+
+  return id;
+}
+
+unsigned int
+HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
+         const unsigned char *in2, unsigned int in2_len,
+         unsigned char *out, unsigned int out_len)
+{
+  const struct nettle_hash *hash;
+  void *context;
+
+  hash = hashes[id].nettle_hash;
+  context = hashes[id].context;
+
+  if (out_len > hash->digest_size)
+    out_len = hash->digest_size;
+
+  hash->init(context);
+  hash->update(context, in1_len, in1);
+  if (in2)
+    hash->update(context, in2_len, in2);
+  hash->digest(context, out_len, out);
+
+  return out_len;
+}
+
+void
+HSH_Finalise(void)
+{
+  int i;
+
+  for (i = 0; hashes[i].name; i++) {
+    if (hashes[i].context)
+      Free(hashes[i].context);
+  }
+}

hash_nss.c

@@ -25,12 +25,14 @@
 
   */
 
+#include "config.h"
+
 #include <nss.h>
 #include <hasht.h>
 #include <nsslowhash.h>
 
-/* #include "config.h" */
 #include "hash.h"
+#include "util.h"
 
 static NSSLOWInitContext *ictx;
 
@@ -77,13 +79,31 @@ HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
     const unsigned char *in2, unsigned int in2_len,
     unsigned char *out, unsigned int out_len)
 {
-  unsigned int ret;
+  unsigned char buf[MAX_HASH_LENGTH];
+  unsigned int ret = 0;
 
   NSSLOWHASH_Begin(hashes[id].context);
   NSSLOWHASH_Update(hashes[id].context, in1, in1_len);
   if (in2)
     NSSLOWHASH_Update(hashes[id].context, in2, in2_len);
-  NSSLOWHASH_End(hashes[id].context, out, &ret, out_len);
+  NSSLOWHASH_End(hashes[id].context, buf, &ret, sizeof (buf));
+
+  ret = MIN(ret, out_len);
+  memcpy(out, buf, ret);
 
   return ret;
 }
+
+void
+HSH_Finalise(void)
+{
+  int i;
+
+  for (i = 0; hashes[i].name; i++) {
+    if (hashes[i].context)
+      NSSLOWHASH_Destroy(hashes[i].context);
+  }
+
+  if (ictx)
+    NSSLOW_Shutdown(ictx);
+}

hash_tomcrypt.c

@@ -2,7 +2,7 @@
   chronyd/chronyc - Programs for keeping computer clocks accurate.
 
  **********************************************************************
- * Copyright (C) Miroslav Lichvar  2012
+ * Copyright (C) Miroslav Lichvar  2012, 2018
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -29,6 +29,7 @@
 
 #include "config.h"
 #include "hash.h"
+#include "util.h"
 
 struct hash {
   const char *name;
@@ -62,6 +63,12 @@ static const struct hash hashes[] = {
 #ifdef LTC_SHA512
   { "SHA512", "sha512", &sha512_desc },
 #endif
+#ifdef LTC_SHA3
+  { "SHA3-224", "sha3-224", &sha3_224_desc },
+  { "SHA3-256", "sha3-256", &sha3_256_desc },
+  { "SHA3-384", "sha3-384", &sha3_384_desc },
+  { "SHA3-512", "sha3-512", &sha3_512_desc },
+#endif
 #ifdef LTC_TIGER
   { "TIGER", "tiger", &tiger_desc },
 #endif
@@ -99,18 +106,28 @@ HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
     const unsigned char *in2, unsigned int in2_len,
     unsigned char *out, unsigned int out_len)
 {
+  unsigned char buf[MAX_HASH_LENGTH];
   unsigned long len;
   int r;
 
-  len = out_len;
+  len = sizeof (buf);
   if (in2)
-    r = hash_memory_multi(id, out, &len,
-        in1, (unsigned long)in1_len, in2, (unsigned long)in2_len, NULL, 0);
+    r = hash_memory_multi(id, buf, &len,
+                          in1, (unsigned long)in1_len,
+                          in2, (unsigned long)in2_len, NULL, 0);
   else
-    r = hash_memory(id, in1, in1_len, out, &len);
+    r = hash_memory(id, in1, in1_len, buf, &len);
 
   if (r != CRYPT_OK)
     return 0;
 
+  len = MIN(len, out_len);
+  memcpy(out, buf, len);
+
   return len;
 }
+
+void
+HSH_Finalise(void)
+{
+}

hwclock.c

@@ -0,0 +1,227 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016-2018
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Tracking of hardware clocks (e.g. RTC, PHC)
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "hwclock.h"
+#include "local.h"
+#include "logging.h"
+#include "memory.h"
+#include "regress.h"
+#include "util.h"
+
+/* Minimum and maximum number of samples per clock */
+#define MIN_SAMPLES 2
+#define MAX_SAMPLES 64
+
+/* Maximum acceptable frequency offset of the clock */
+#define MAX_FREQ_OFFSET (2.0 / 3.0)
+
+struct HCL_Instance_Record {
+  /* HW and local reference timestamp */
+  struct timespec hw_ref;
+  struct timespec local_ref;
+
+  /* Samples stored as intervals (uncorrected for frequency error)
+     relative to local_ref and hw_ref */
+  double *x_data;
+  double *y_data;
+
+  /* Minimum, maximum and current number of samples */
+  int min_samples;
+  int max_samples;
+  int n_samples;
+
+  /* Maximum error of the last sample */
+  double last_err;
+
+  /* Minimum interval between samples */
+  double min_separation;
+
+  /* Flag indicating the offset and frequency values are valid */
+  int valid_coefs;
+
+  /* Estimated offset and frequency of HW clock relative to local clock */
+  double offset;
+  double frequency;
+};
+
+/* ================================================== */
+
+static void
+handle_slew(struct timespec *raw, struct timespec *cooked, double dfreq,
+            double doffset, LCL_ChangeType change_type, void *anything)
+{
+  HCL_Instance clock;
+  double delta;
+
+  clock = anything;
+
+  if (clock->n_samples)
+    UTI_AdjustTimespec(&clock->local_ref, cooked, &clock->local_ref, &delta, dfreq, doffset);
+  if (clock->valid_coefs)
+    clock->frequency /= 1.0 - dfreq;
+}
+
+/* ================================================== */
+
+HCL_Instance
+HCL_CreateInstance(int min_samples, int max_samples, double min_separation)
+{
+  HCL_Instance clock;
+
+  min_samples = CLAMP(MIN_SAMPLES, min_samples, MAX_SAMPLES);
+  max_samples = CLAMP(MIN_SAMPLES, max_samples, MAX_SAMPLES);
+  max_samples = MAX(min_samples, max_samples);
+
+  clock = MallocNew(struct HCL_Instance_Record);
+  clock->x_data = MallocArray(double, max_samples);
+  clock->y_data = MallocArray(double, max_samples);
+  clock->x_data[max_samples - 1] = 0.0;
+  clock->y_data[max_samples - 1] = 0.0;
+  clock->min_samples = min_samples;
+  clock->max_samples = max_samples;
+  clock->n_samples = 0;
+  clock->valid_coefs = 0;
+  clock->min_separation = min_separation;
+
+  LCL_AddParameterChangeHandler(handle_slew, clock);
+
+  return clock;
+}
+
+/* ================================================== */
+
+void HCL_DestroyInstance(HCL_Instance clock)
+{
+  LCL_RemoveParameterChangeHandler(handle_slew, clock);
+  Free(clock->y_data);
+  Free(clock->x_data);
+  Free(clock);
+}
+
+/* ================================================== */
+
+int
+HCL_NeedsNewSample(HCL_Instance clock, struct timespec *now)
+{
+  if (!clock->n_samples ||
+      fabs(UTI_DiffTimespecsToDouble(now, &clock->local_ref)) >= clock->min_separation)
+    return 1;
+
+  return 0;
+}
+
+/* ================================================== */
+
+void
+HCL_AccumulateSample(HCL_Instance clock, struct timespec *hw_ts,
+                     struct timespec *local_ts, double err)
+{
+  double hw_delta, local_delta, local_freq, raw_freq;
+  int i, n_runs, best_start;
+
+  local_freq = 1.0 - LCL_ReadAbsoluteFrequency() / 1.0e6;
+
+  /* Shift old samples */
+  if (clock->n_samples) {
+    if (clock->n_samples >= clock->max_samples)
+      clock->n_samples--;
+
+    hw_delta = UTI_DiffTimespecsToDouble(hw_ts, &clock->hw_ref);
+    local_delta = UTI_DiffTimespecsToDouble(local_ts, &clock->local_ref) / local_freq;
+
+    if (hw_delta <= 0.0 || local_delta < clock->min_separation / 2.0) {
+      clock->n_samples = 0;
+      DEBUG_LOG("HW clock reset interval=%f", local_delta);
+    }
+
+    for (i = clock->max_samples - clock->n_samples; i < clock->max_samples; i++) {
+      clock->y_data[i - 1] = clock->y_data[i] - hw_delta;
+      clock->x_data[i - 1] = clock->x_data[i] - local_delta;
+    }
+  }
+
+  clock->n_samples++;
+  clock->hw_ref = *hw_ts;
+  clock->local_ref = *local_ts;
+  clock->last_err = err;
+
+  /* Get new coefficients */
+  clock->valid_coefs =
+    RGR_FindBestRobustRegression(clock->x_data + clock->max_samples - clock->n_samples,
+                                 clock->y_data + clock->max_samples - clock->n_samples,
+                                 clock->n_samples, 1.0e-10, &clock->offset, &raw_freq,
+                                 &n_runs, &best_start);
+
+  if (!clock->valid_coefs) {
+    DEBUG_LOG("HW clock needs more samples");
+    return;
+  }
+
+  clock->frequency = raw_freq / local_freq;
+
+  /* Drop unneeded samples */
+  if (clock->n_samples > clock->min_samples)
+    clock->n_samples -= MIN(best_start, clock->n_samples - clock->min_samples);
+
+  /* If the fit doesn't cross the error interval of the last sample,
+     or the frequency is not sane, drop all samples and start again */
+  if (fabs(clock->offset) > err ||
+      fabs(clock->frequency - 1.0) > MAX_FREQ_OFFSET) {
+    DEBUG_LOG("HW clock reset");
+    clock->n_samples = 0;
+    clock->valid_coefs = 0;
+  }
+
+  DEBUG_LOG("HW clock samples=%d offset=%e freq=%e raw_freq=%e err=%e ref_diff=%e",
+            clock->n_samples, clock->offset, clock->frequency - 1.0, raw_freq - 1.0, err,
+            UTI_DiffTimespecsToDouble(&clock->hw_ref, &clock->local_ref));
+}
+
+/* ================================================== */
+
+int
+HCL_CookTime(HCL_Instance clock, struct timespec *raw, struct timespec *cooked, double *err)
+{
+  double offset, elapsed;
+
+  if (!clock->valid_coefs)
+    return 0;
+
+  elapsed = UTI_DiffTimespecsToDouble(raw, &clock->hw_ref);
+  offset = elapsed / clock->frequency - clock->offset;
+  UTI_AddDoubleToTimespec(&clock->local_ref, offset, cooked);
+
+  /* Fow now, just return the error of the last sample */
+  if (err)
+    *err = clock->last_err;
+
+  return 1;
+}

hwclock.h

@@ -0,0 +1,49 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Header for tracking of hardware clocks */
+
+#ifndef GOT_HWCLOCK_H
+#define GOT_HWCLOCK_H
+
+typedef struct HCL_Instance_Record *HCL_Instance;
+
+/* Create a new HW clock instance */
+extern HCL_Instance HCL_CreateInstance(int min_samples, int max_samples,
+                                       double min_separation);
+
+/* Destroy a HW clock instance */
+extern void HCL_DestroyInstance(HCL_Instance clock);
+
+/* Check if a new sample should be accumulated at this time */
+extern int HCL_NeedsNewSample(HCL_Instance clock, struct timespec *now);
+
+/* Accumulate a new sample */
+extern void HCL_AccumulateSample(HCL_Instance clock, struct timespec *hw_ts,
+                                 struct timespec *local_ts, double err);
+
+/* Convert raw hardware time to cooked local time */
+extern int HCL_CookTime(HCL_Instance clock, struct timespec *raw, struct timespec *cooked,
+                        double *err);
+
+#endif

keys.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2012-2013
+ * Copyright (C) Miroslav Lichvar  2012-2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -30,6 +30,7 @@
 
 #include "sysincl.h"
 
+#include "array.h"
 #include "keys.h"
 #include "cmdparse.h"
 #include "conf.h"
@@ -38,82 +39,35 @@
 #include "local.h"
 #include "logging.h"
 
+/* Consider 80 bits as the absolute minimum for a secure key */
+#define MIN_SECURE_KEY_LENGTH 10
 
 typedef struct {
-  unsigned long id;
+  uint32_t id;
   char *val;
   int len;
   int hash_id;
   int auth_delay;
 } Key;
 
-#define MAX_KEYS 256
+static ARR_Instance keys;
 
-static int n_keys;
-static Key keys[MAX_KEYS];
-
-static int command_key_valid;
-static int command_key_id;
 static int cache_valid;
-static unsigned long cache_key_id;
+static uint32_t cache_key_id;
 static int cache_key_pos;
 
 /* ================================================== */
 
-static int
-generate_key(unsigned long key_id)
+static void
+free_keys(void)
 {
-#ifdef GENERATE_SHA1_KEY
-  unsigned char key[20];
-  const char *hashname = "SHA1";
-#else
-  unsigned char key[16];
-  const char *hashname = "MD5";
-#endif
-  const char *key_file, *rand_dev = "/dev/urandom";
-  FILE *f;
-  struct stat st;
-  int i;
+  unsigned int i;
 
-  key_file = CNF_GetKeysFile();
+  for (i = 0; i < ARR_GetSize(keys); i++)
+    Free(((Key *)ARR_GetElement(keys, i))->val);
 
-  if (!key_file)
-    return 0;
-
-  f = fopen(rand_dev, "r");
-  if (!f || fread(key, sizeof (key), 1, f) != 1) {
-    if (f)
-      fclose(f);
-    LOG_FATAL(LOGF_Keys, "Could not read %s", rand_dev);
-    return 0;
-  }
-  fclose(f);
-
-  f = fopen(key_file, "a");
-  if (!f) {
-    LOG_FATAL(LOGF_Keys, "Could not open keyfile %s for writing", key_file);
-    return 0;
-  }
-
-  /* Make sure the keyfile is not world-readable */
-  if (stat(key_file, &st) || chmod(key_file, st.st_mode & 0770)) {
-    fclose(f);
-    LOG_FATAL(LOGF_Keys, "Could not change permissions of keyfile %s", key_file);
-    return 0;
-  }
-
-  fprintf(f, "\n%lu %s HEX:", key_id, hashname);
-  for (i = 0; i < sizeof (key); i++)
-    fprintf(f, "%02hhX", key[i]);
-  fprintf(f, "\n");
-  fclose(f);
-
-  /* Erase the key from stack */
-  memset(key, 0, sizeof (key));
-
-  LOG(LOGS_INFO, LOGF_Keys, "Generated key %lu", key_id);
-
-  return 1;
+  ARR_SetSize(keys, 0);
+  cache_valid = 0;
 }
 
 /* ================================================== */
@@ -121,15 +75,9 @@ generate_key(unsigned long key_id)
 void
 KEY_Initialise(void)
 {
-  n_keys = 0;
-  command_key_valid = 0;
+  keys = ARR_CreateInstance(sizeof (Key));
   cache_valid = 0;
   KEY_Reload();
-
-  if (CNF_GetGenerateCommandKey() && !KEY_KeyKnown(KEY_GetCommandKey())) {
-    if (generate_key(KEY_GetCommandKey()))
-      KEY_Reload();
-  }
 }
 
 /* ================================================== */
@@ -137,37 +85,79 @@ KEY_Initialise(void)
 void
 KEY_Finalise(void)
 {
+  free_keys();
+  ARR_DestroyInstance(keys);
+}
+
+/* ================================================== */
+
+static Key *
+get_key(unsigned int index)
+{
+  return ((Key *)ARR_GetElements(keys)) + index;
 }
 
 /* ================================================== */
 
 static int
-determine_hash_delay(int key_id)
+determine_hash_delay(uint32_t key_id)
 {
   NTP_Packet pkt;
-  struct timeval before, after;
-  unsigned long usecs, min_usecs=0;
-  int i;
+  struct timespec before, after;
+  double diff, min_diff;
+  int i, nsecs;
+
+  memset(&pkt, 0, sizeof (pkt));
 
   for (i = 0; i < 10; i++) {
     LCL_ReadRawTime(&before);
-    KEY_GenerateAuth(key_id, (unsigned char *)&pkt, NTP_NORMAL_PACKET_SIZE,
+    KEY_GenerateAuth(key_id, (unsigned char *)&pkt, NTP_NORMAL_PACKET_LENGTH,
         (unsigned char *)&pkt.auth_data, sizeof (pkt.auth_data));
     LCL_ReadRawTime(&after);
 
-    usecs = (after.tv_sec - before.tv_sec) * 1000000 + (after.tv_usec - before.tv_usec);
+    diff = UTI_DiffTimespecsToDouble(&after, &before);
 
-    if (i == 0 || usecs < min_usecs) {
-      min_usecs = usecs;
-    }
+    if (i == 0 || min_diff > diff)
+      min_diff = diff;
   }
 
-#if 0
-  LOG(LOGS_INFO, LOGF_Keys, "authentication delay for key %lu: %d useconds", key_id, min_usecs);
-#endif
-
   /* Add on a bit extra to allow for copying, conversions etc */
-  return min_usecs + (min_usecs >> 4);
+  nsecs = 1.0625e9 * min_diff;
+
+  DEBUG_LOG("authentication delay for key %"PRIu32": %d nsecs", key_id, nsecs);
+
+  return nsecs;
+}
+
+/* ================================================== */
+/* Decode password encoded in ASCII or HEX */
+
+static int
+decode_password(char *key)
+{
+  int i, j, len = strlen(key);
+  char buf[3], *p;
+
+  if (!strncmp(key, "ASCII:", 6)) {
+    memmove(key, key + 6, len - 6);
+    return len - 6;
+  } else if (!strncmp(key, "HEX:", 4)) {
+    if ((len - 4) % 2)
+      return 0;
+
+    for (i = 0, j = 4; j + 1 < len; i++, j += 2) {
+      buf[0] = key[j], buf[1] = key[j + 1], buf[2] = '\0';
+      key[i] = strtol(buf, &p, 16);
+
+      if (p != buf + 2)
+        return 0;
+    }
+
+    return i;
+  } else {
+    /* assume ASCII */
+    return len;
+  }
 }
 
 /* ================================================== */
@@ -195,18 +185,14 @@ compare_keys_by_id(const void *a, const void *b)
 void
 KEY_Reload(void)
 {
-  int i, line_number;
+  unsigned int i, line_number;
   FILE *in;
-  unsigned long key_id;
+  uint32_t key_id;
   char line[2048], *keyval, *key_file;
   const char *hashname;
+  Key key;
 
-  for (i=0; i<n_keys; i++) {
-    Free(keys[i].val);
-  }
-  n_keys = 0;
-  command_key_valid = 0;
-  cache_valid = 0;
+  free_keys();
 
   key_file = CNF_GetKeysFile();
   line_number = 0;
@@ -216,7 +202,7 @@ KEY_Reload(void)
 
   in = fopen(key_file, "r");
   if (!in) {
-    LOG(LOGS_WARN, LOGF_Keys, "Could not open keyfile %s", key_file);
+    LOG(LOGS_WARN, "Could not open keyfile %s", key_file);
     return;
   }
 
@@ -228,26 +214,26 @@ KEY_Reload(void)
       continue;
 
     if (!CPS_ParseKey(line, &key_id, &hashname, &keyval)) {
-      LOG(LOGS_WARN, LOGF_Keys, "Could not parse key at line %d in file %s", line_number, key_file);
+      LOG(LOGS_WARN, "Could not parse key at line %u in file %s", line_number, key_file);
       continue;
     }
 
-    keys[n_keys].hash_id = HSH_GetHashId(hashname);
-    if (keys[n_keys].hash_id < 0) {
-      LOG(LOGS_WARN, LOGF_Keys, "Unknown hash function in key %lu", key_id);
+    key.hash_id = HSH_GetHashId(hashname);
+    if (key.hash_id < 0) {
+      LOG(LOGS_WARN, "Unknown hash function in key %"PRIu32, key_id);
       continue;
     }
 
-    keys[n_keys].len = UTI_DecodePasswordFromText(keyval);
-    if (!keys[n_keys].len) {
-      LOG(LOGS_WARN, LOGF_Keys, "Could not decode password in key %lu", key_id);
+    key.len = decode_password(keyval);
+    if (!key.len) {
+      LOG(LOGS_WARN, "Could not decode password in key %"PRIu32, key_id);
       continue;
     }
 
-    keys[n_keys].id = key_id;
-    keys[n_keys].val = MallocArray(char, keys[n_keys].len);
-    memcpy(keys[n_keys].val, keyval, keys[n_keys].len);
-    n_keys++;
+    key.id = key_id;
+    key.val = MallocArray(char, key.len);
+    memcpy(key.val, keyval, key.len);
+    ARR_AppendElement(keys, &key);
   }
 
   fclose(in);
@@ -255,143 +241,173 @@ KEY_Reload(void)
   /* Sort keys into order.  Note, if there's a duplicate, it is
      arbitrary which one we use later - the user should have been
      more careful! */
-  qsort((void *) keys, n_keys, sizeof(Key), compare_keys_by_id);
+  qsort(ARR_GetElements(keys), ARR_GetSize(keys), sizeof (Key), compare_keys_by_id);
 
   /* Check for duplicates */
-  for (i = 1; i < n_keys; i++) {
-    if (keys[i - 1].id == keys[i].id) {
-      LOG(LOGS_WARN, LOGF_Keys, "Detected duplicate key %lu", key_id);
-    }
+  for (i = 1; i < ARR_GetSize(keys); i++) {
+    if (get_key(i - 1)->id == get_key(i)->id)
+      LOG(LOGS_WARN, "Detected duplicate key %"PRIu32, get_key(i - 1)->id);
   }
 
   /* Erase any passwords from stack */
   memset(line, 0, sizeof (line));
 
-  for (i=0; i<n_keys; i++) {
-    keys[i].auth_delay = determine_hash_delay(keys[i].id);
-  }
+  for (i = 0; i < ARR_GetSize(keys); i++)
+    get_key(i)->auth_delay = determine_hash_delay(get_key(i)->id);
 }
 
 /* ================================================== */
 
 static int
-lookup_key(unsigned long id)
+lookup_key(uint32_t id)
 {
-  Key specimen, *where;
+  Key specimen, *where, *keys_ptr;
   int pos;
 
+  keys_ptr = ARR_GetElements(keys);
   specimen.id = id;
-  where = (Key *) bsearch((void *)&specimen, (void *)keys, n_keys, sizeof(Key), compare_keys_by_id);
+  where = (Key *)bsearch((void *)&specimen, keys_ptr, ARR_GetSize(keys),
+                         sizeof (Key), compare_keys_by_id);
   if (!where) {
     return -1;
   } else {
-    pos = where - keys;
+    pos = where - keys_ptr;
     return pos;
   }
 }
 
 /* ================================================== */
 
-static int
-get_key_pos(unsigned long key_id)
-{
-  if (!cache_valid || key_id != cache_key_id) {
-    cache_valid = 1;
-    cache_key_pos = lookup_key(key_id);
-    cache_key_id = key_id;
-  }
-
-  return cache_key_pos;
-}
-
-/* ================================================== */
-
-unsigned long
-KEY_GetCommandKey(void)
-{
-  if (!command_key_valid) {
-    command_key_id = CNF_GetCommandKey();
-  }
-
-  return command_key_id;
-}
-
-/* ================================================== */
-
-int
-KEY_KeyKnown(unsigned long key_id)
+static Key *
+get_key_by_id(uint32_t key_id)
 {
   int position;
 
-  if (cache_valid && (key_id == cache_key_id)) {
-    return 1;
-  } else {
+  if (cache_valid && key_id == cache_key_id)
+    return get_key(cache_key_pos);
 
-    position = lookup_key(key_id);
+  position = lookup_key(key_id);
 
-    if (position >= 0) {
-      /* Store key in cache, we will probably be using it in a
-         minute... */
-      cache_valid = 1;
-      cache_key_pos = position;
-      cache_key_id = key_id;
-      return 1;
-    } else {
-      return 0;
-    }
+  if (position >= 0) {
+    cache_valid = 1;
+    cache_key_pos = position;
+    cache_key_id = key_id;
+
+    return get_key(position);
   }
+
+  return NULL;
 }
 
 /* ================================================== */
 
 int
-KEY_GetAuthDelay(unsigned long key_id)
+KEY_KeyKnown(uint32_t key_id)
 {
-  int key_pos;
-
-  key_pos = get_key_pos(key_id);
-
-  if (key_pos < 0) {
-    return 0;
-  }
-
-  return keys[key_pos].auth_delay;
+  return get_key_by_id(key_id) != NULL;
 }
 
 /* ================================================== */
 
 int
-KEY_GenerateAuth(unsigned long key_id, const unsigned char *data, int data_len,
+KEY_GetAuthDelay(uint32_t key_id)
+{
+  Key *key;
+
+  key = get_key_by_id(key_id);
+
+  if (!key)
+    return 0;
+
+  return key->auth_delay;
+}
+
+/* ================================================== */
+
+int
+KEY_GetAuthLength(uint32_t key_id)
+{
+  unsigned char buf[MAX_HASH_LENGTH];
+  Key *key;
+
+  key = get_key_by_id(key_id);
+
+  if (!key)
+    return 0;
+
+  return HSH_Hash(key->hash_id, buf, 0, buf, 0, buf, sizeof (buf));
+}
+
+/* ================================================== */
+
+int
+KEY_CheckKeyLength(uint32_t key_id)
+{
+  Key *key;
+
+  key = get_key_by_id(key_id);
+
+  if (!key)
+    return 0;
+
+  return key->len >= MIN_SECURE_KEY_LENGTH;
+}
+
+/* ================================================== */
+
+static int
+generate_ntp_auth(int hash_id, const unsigned char *key, int key_len,
+                  const unsigned char *data, int data_len,
+                  unsigned char *auth, int auth_len)
+{
+  return HSH_Hash(hash_id, key, key_len, data, data_len, auth, auth_len);
+}
+
+/* ================================================== */
+
+static int
+check_ntp_auth(int hash_id, const unsigned char *key, int key_len,
+               const unsigned char *data, int data_len,
+               const unsigned char *auth, int auth_len, int trunc_len)
+{
+  unsigned char buf[MAX_HASH_LENGTH];
+  int hash_len;
+
+  hash_len = generate_ntp_auth(hash_id, key, key_len, data, data_len, buf, sizeof (buf));
+
+  return MIN(hash_len, trunc_len) == auth_len && !memcmp(buf, auth, auth_len);
+}
+
+/* ================================================== */
+
+int
+KEY_GenerateAuth(uint32_t key_id, const unsigned char *data, int data_len,
     unsigned char *auth, int auth_len)
 {
-  int key_pos;
+  Key *key;
 
-  key_pos = get_key_pos(key_id);
+  key = get_key_by_id(key_id);
 
-  if (key_pos < 0) {
+  if (!key)
     return 0;
-  }
 
-  return UTI_GenerateNTPAuth(keys[key_pos].hash_id,
-      (unsigned char *)keys[key_pos].val, keys[key_pos].len,
-      data, data_len, auth, auth_len);
+  return generate_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len,
+                           data, data_len, auth, auth_len);
 }
 
 /* ================================================== */
 
 int
-KEY_CheckAuth(unsigned long key_id, const unsigned char *data, int data_len,
-    const unsigned char *auth, int auth_len)
+KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
+              const unsigned char *auth, int auth_len, int trunc_len)
 {
-  int key_pos;
+  Key *key;
 
-  key_pos = get_key_pos(key_id);
+  key = get_key_by_id(key_id);
 
-  if (key_pos < 0) {
+  if (!key)
     return 0;
-  }
 
-  return UTI_CheckNTPAuth(keys[key_pos].hash_id,
-      (unsigned char *)keys[key_pos].val, keys[key_pos].len,
-      data, data_len, auth, auth_len);
+  return check_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len,
+                        data, data_len, auth, auth_len, trunc_len);
 }

keys.h

@@ -27,20 +27,22 @@
 #ifndef GOT_KEYS_H
 #define GOT_KEYS_H
 
+#include "sysincl.h"
+
 extern void KEY_Initialise(void);
 extern void KEY_Finalise(void);
 
 extern void KEY_Reload(void);
 
-extern unsigned long KEY_GetCommandKey(void);
+extern int KEY_GetKey(uint32_t key_id, char **key, int *len);
+extern int KEY_KeyKnown(uint32_t key_id);
+extern int KEY_GetAuthDelay(uint32_t key_id);
+extern int KEY_GetAuthLength(uint32_t key_id);
+extern int KEY_CheckKeyLength(uint32_t key_id);
 
-extern int KEY_GetKey(unsigned long key_id, char **key, int *len);
-extern int KEY_KeyKnown(unsigned long key_id);
-extern int KEY_GetAuthDelay(unsigned long key_id);
-
-extern int KEY_GenerateAuth(unsigned long key_id, const unsigned char *data,
+extern int KEY_GenerateAuth(uint32_t key_id, const unsigned char *data,
     int data_len, unsigned char *auth, int auth_len);
-extern int KEY_CheckAuth(unsigned long key_id, const unsigned char *data,
-    int data_len, const unsigned char *auth, int auth_len);
+extern int KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
+                         const unsigned char *auth, int auth_len, int trunc_len);
 
 #endif /* GOT_KEYS_H */

local.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2011
+ * Copyright (C) Miroslav Lichvar  2011, 2014-2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -36,6 +36,7 @@
 #include "local.h"
 #include "localp.h"
 #include "memory.h"
+#include "smooth.h"
 #include "util.h"
 #include "logging.h"
 
@@ -44,6 +45,9 @@
 /* Variable to store the current frequency, in ppm */
 static double current_freq_ppm;
 
+/* Maximum allowed frequency, in ppm */
+static double max_freq_ppm;
+
 /* Temperature compensation, in ppm */
 static double temp_comp_ppm;
 
@@ -56,6 +60,7 @@ static lcl_AccrueOffsetDriver drv_accrue_offset;
 static lcl_ApplyStepOffsetDriver drv_apply_step_offset;
 static lcl_OffsetCorrectionDriver drv_offset_convert;
 static lcl_SetLeapDriver drv_set_leap;
+static lcl_SetSyncStatusDriver drv_set_sync_status;
 
 /* ================================================== */
 
@@ -101,36 +106,47 @@ static double max_clock_error;
    under 1s of busy waiting. */
 #define NITERS 100
 
+#define NSEC_PER_SEC 1000000000
+
 static void
 calculate_sys_precision(void)
 {
-  struct timeval tv, old_tv;
-  int dusec, best_dusec;
-  int iters;
+  struct timespec ts, old_ts;
+  int iters, diff, best;
 
-  gettimeofday(&old_tv, NULL);
-  best_dusec = 1000000; /* Assume we must be better than a second */
+  LCL_ReadRawTime(&old_ts);
+
+  /* Assume we must be better than a second */
+  best = NSEC_PER_SEC;
   iters = 0;
+
   do {
-    gettimeofday(&tv, NULL);
-    dusec = 1000000*(tv.tv_sec - old_tv.tv_sec) + (tv.tv_usec - old_tv.tv_usec);
-    old_tv = tv;
-    if (dusec > 0)  {
-      if (dusec < best_dusec) {
-        best_dusec = dusec;
-      }
+    LCL_ReadRawTime(&ts);
+
+    diff = NSEC_PER_SEC * (ts.tv_sec - old_ts.tv_sec) + (ts.tv_nsec - old_ts.tv_nsec);
+
+    old_ts = ts;
+    if (diff > 0) {
+      if (diff < best)
+        best = diff;
       iters++;
     }
   } while (iters < NITERS);
 
-  assert(best_dusec > 0);
+  assert(best > 0);
 
-  precision_quantum = best_dusec * 1.0e-6;
+  precision_quantum = 1.0e-9 * best;
+
+  /* Get rounded log2 value of the measured precision */
   precision_log = 0;
-  while (best_dusec < 500000) {
+  while (best < 707106781) {
     precision_log--;
-    best_dusec *= 2;
+    best *= 2;
   }
+
+  assert(precision_log >= -30);
+
+  DEBUG_LOG("Clock precision %.9f (%d)", precision_quantum, precision_log);
 }
 
 /* ================================================== */
@@ -156,6 +172,11 @@ LCL_Initialise(void)
 
   calculate_sys_precision();
 
+  /* This is the maximum allowed frequency offset in ppm, the time must
+     never stop or run backwards */
+  max_freq_ppm = CNF_GetMaxDrift();
+  max_freq_ppm = CLAMP(0.0, max_freq_ppm, 500000.0);
+
   max_clock_error = CNF_GetMaxClockError() * 1e-6;
 }
 
@@ -164,6 +185,13 @@ LCL_Initialise(void)
 void
 LCL_Finalise(void)
 {
+  while (change_list.next != &change_list)
+    LCL_RemoveParameterChangeHandler(change_list.next->handler,
+                                     change_list.next->anything);
+
+  while (dispersion_notify_list.next != &dispersion_notify_list)
+    LCL_RemoveDispersionNotifyHandler(dispersion_notify_list.next->handler,
+                                      dispersion_notify_list.next->anything);
 }
 
 /* ================================================== */
@@ -243,7 +271,29 @@ void LCL_RemoveParameterChangeHandler(LCL_ParameterChangeHandler handler, void *
   ptr->next->prev = ptr->prev;
   ptr->prev->next = ptr->next;
 
-  free(ptr);
+  Free(ptr);
+}
+
+/* ================================================== */
+
+int
+LCL_IsFirstParameterChangeHandler(LCL_ParameterChangeHandler handler)
+{
+  return change_list.next->handler == handler;
+}
+
+/* ================================================== */
+
+static void
+invoke_parameter_change_handlers(struct timespec *raw, struct timespec *cooked,
+                                 double dfreq, double doffset,
+                                 LCL_ChangeType change_type)
+{
+  ChangeListEntry *ptr;
+
+  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
+    (ptr->handler)(raw, cooked, dfreq, doffset, change_type, ptr->anything);
+  }
 }
 
 /* ================================================== */
@@ -298,27 +348,33 @@ void LCL_RemoveDispersionNotifyHandler(LCL_DispersionNotifyHandler handler, void
   ptr->next->prev = ptr->prev;
   ptr->prev->next = ptr->next;
 
-  free(ptr);
-}
-
-/* ================================================== */
-/* At the moment, this is just gettimeofday(), because
-   I can't think of a Unix system where it would not be */
-
-void
-LCL_ReadRawTime(struct timeval *result)
-{
-  if (gettimeofday(result, NULL) < 0) {
-    LOG_FATAL(LOGF_Local, "gettimeofday() failed");
-  }
+  Free(ptr);
 }
 
 /* ================================================== */
 
 void
-LCL_ReadCookedTime(struct timeval *result, double *err)
+LCL_ReadRawTime(struct timespec *ts)
 {
-  struct timeval raw;
+#if HAVE_CLOCK_GETTIME
+  if (clock_gettime(CLOCK_REALTIME, ts) < 0)
+    LOG_FATAL("clock_gettime() failed : %s", strerror(errno));
+#else
+  struct timeval tv;
+
+  if (gettimeofday(&tv, NULL) < 0)
+    LOG_FATAL("gettimeofday() failed : %s", strerror(errno));
+
+  UTI_TimevalToTimespec(&tv, ts);
+#endif
+}
+
+/* ================================================== */
+
+void
+LCL_ReadCookedTime(struct timespec *result, double *err)
+{
+  struct timespec raw;
 
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, result, err);
@@ -327,18 +383,18 @@ LCL_ReadCookedTime(struct timeval *result, double *err)
 /* ================================================== */
 
 void
-LCL_CookTime(struct timeval *raw, struct timeval *cooked, double *err)
+LCL_CookTime(struct timespec *raw, struct timespec *cooked, double *err)
 {
   double correction;
 
   LCL_GetOffsetCorrection(raw, &correction, err);
-  UTI_AddDoubleToTimeval(raw, correction, cooked);
+  UTI_AddDoubleToTimespec(raw, correction, cooked);
 }
 
 /* ================================================== */
 
 void
-LCL_GetOffsetCorrection(struct timeval *raw, double *correction, double *err)
+LCL_GetOffsetCorrection(struct timespec *raw, double *correction, double *err)
 {
   /* Call system specific driver to get correction */
   (*drv_offset_convert)(raw, correction, err);
@@ -363,16 +419,44 @@ LCL_ReadAbsoluteFrequency(void)
 }
 
 /* ================================================== */
+
+static double
+clamp_freq(double freq)
+{
+  if (freq <= max_freq_ppm && freq >= -max_freq_ppm)
+    return freq;
+
+  LOG(LOGS_WARN, "Frequency %.1f ppm exceeds allowed maximum", freq);
+
+  return CLAMP(-max_freq_ppm, freq, max_freq_ppm);
+}
+
+/* ================================================== */
+
+static int
+check_offset(struct timespec *now, double offset)
+{
+  /* Check if the time will be still sane with accumulated offset */
+  if (UTI_IsTimeOffsetSane(now, -offset))
+      return 1;
+
+  LOG(LOGS_WARN, "Adjustment of %.1f seconds is invalid", -offset);
+  return 0;
+}
+
+/* ================================================== */
+
 /* This involves both setting the absolute frequency with the
    system-specific driver, as well as calling all notify handlers */
 
 void
 LCL_SetAbsoluteFrequency(double afreq_ppm)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
   double dfreq;
   
+  afreq_ppm = clamp_freq(afreq_ppm);
+
   /* Apply temperature compensation */
   if (temp_comp_ppm != 0.0) {
     afreq_ppm = afreq_ppm * (1.0 - 1.0e-6 * temp_comp_ppm) - temp_comp_ppm;
@@ -382,15 +466,13 @@ LCL_SetAbsoluteFrequency(double afreq_ppm)
   
   afreq_ppm = (*drv_set_freq)(afreq_ppm);
 
-  dfreq = (afreq_ppm - current_freq_ppm) / (1.0e6 + current_freq_ppm);
+  dfreq = (afreq_ppm - current_freq_ppm) / (1.0e6 - current_freq_ppm);
 
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, dfreq, 0.0, 0, ptr->anything);
-  }
+  invoke_parameter_change_handlers(&raw, &cooked, dfreq, 0.0, LCL_ChangeAdjust);
 
   current_freq_ppm = afreq_ppm;
 
@@ -401,8 +483,7 @@ LCL_SetAbsoluteFrequency(double afreq_ppm)
 void
 LCL_AccumulateDeltaFrequency(double dfreq)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
   double old_freq_ppm;
 
   old_freq_ppm = current_freq_ppm;
@@ -411,20 +492,19 @@ LCL_AccumulateDeltaFrequency(double dfreq)
    are handled in units of ppm, whereas the 'dfreq' argument is in
    terms of the gradient of the (offset) v (local time) function. */
 
-  current_freq_ppm = (1.0 + dfreq) * current_freq_ppm + 1.0e6 * dfreq;
+  current_freq_ppm += dfreq * (1.0e6 - current_freq_ppm);
+
+  current_freq_ppm = clamp_freq(current_freq_ppm);
 
   /* Call the system-specific driver for setting the frequency */
   current_freq_ppm = (*drv_set_freq)(current_freq_ppm);
-  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 + old_freq_ppm);
+  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 - old_freq_ppm);
 
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, dfreq, 0.0, 0, ptr->anything);
-  }
-
+  invoke_parameter_change_handlers(&raw, &cooked, dfreq, 0.0, LCL_ChangeAdjust);
 }
 
 /* ================================================== */
@@ -432,8 +512,7 @@ LCL_AccumulateDeltaFrequency(double dfreq)
 void
 LCL_AccumulateOffset(double offset, double corr_rate)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
 
   /* In this case, the cooked time to be passed to the notify clients
      has to be the cooked time BEFORE the change was made */
@@ -441,22 +520,21 @@ LCL_AccumulateOffset(double offset, double corr_rate)
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
+  if (!check_offset(&cooked, offset))
+      return;
+
   (*drv_accrue_offset)(offset, corr_rate);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, 0.0, offset, 0, ptr->anything);
-  }
-
+  invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeAdjust);
 }
 
 /* ================================================== */
 
-void
+int
 LCL_ApplyStepOffset(double offset)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
 
   /* In this case, the cooked time to be passed to the notify clients
      has to be the cooked time BEFORE the change was made */
@@ -464,38 +542,58 @@ LCL_ApplyStepOffset(double offset)
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
-  (*drv_apply_step_offset)(offset);
+  if (!check_offset(&raw, offset))
+      return 0;
 
-  /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, 0.0, offset, 1, ptr->anything);
+  if (!(*drv_apply_step_offset)(offset)) {
+    LOG(LOGS_ERR, "Could not step system clock");
+    return 0;
   }
 
+  /* Reset smoothing on all clock steps */
+  SMT_Reset(&cooked);
+
+  /* Dispatch to all handlers */
+  invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeStep);
+
+  return 1;
 }
 
 /* ================================================== */
 
 void
-LCL_NotifyExternalTimeStep(struct timeval *raw, struct timeval *cooked,
+LCL_NotifyExternalTimeStep(struct timespec *raw, struct timespec *cooked,
     double offset, double dispersion)
 {
-  ChangeListEntry *ptr;
-
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(raw, cooked, 0.0, offset, 1, ptr->anything);
-  }
+  invoke_parameter_change_handlers(raw, cooked, 0.0, offset, LCL_ChangeUnknownStep);
 
   lcl_InvokeDispersionNotifyHandlers(dispersion);
 }
 
 /* ================================================== */
 
+void
+LCL_NotifyLeap(int leap)
+{
+  struct timespec raw, cooked;
+
+  LCL_ReadRawTime(&raw);
+  LCL_CookTime(&raw, &cooked, NULL);
+
+  /* Smooth the leap second out */
+  SMT_Leap(&cooked, leap);
+
+  /* Dispatch to all handlers as if the clock was stepped */
+  invoke_parameter_change_handlers(&raw, &cooked, 0.0, -leap, LCL_ChangeStep);
+}
+
+/* ================================================== */
+
 void
 LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
   double old_freq_ppm;
 
   LCL_ReadRawTime(&raw);
@@ -503,30 +601,29 @@ LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
      to the change we are about to make */
   LCL_CookTime(&raw, &cooked, NULL);
 
+  if (!check_offset(&cooked, doffset))
+      return;
+
   old_freq_ppm = current_freq_ppm;
 
   /* Work out new absolute frequency.  Note that absolute frequencies
    are handled in units of ppm, whereas the 'dfreq' argument is in
    terms of the gradient of the (offset) v (local time) function. */
-  current_freq_ppm = (1.0 + dfreq) * old_freq_ppm + 1.0e6 * dfreq;
+  current_freq_ppm += dfreq * (1.0e6 - current_freq_ppm);
 
-#ifdef TRACEON
-  LOG(LOGS_INFO, LOGF_Local, "old_freq=%.3fppm new_freq=%.3fppm offset=%.6fsec",
+  current_freq_ppm = clamp_freq(current_freq_ppm);
+
+  DEBUG_LOG("old_freq=%.3fppm new_freq=%.3fppm offset=%.6fsec",
       old_freq_ppm, current_freq_ppm, doffset);
-#endif
 
   /* Call the system-specific driver for setting the frequency */
   current_freq_ppm = (*drv_set_freq)(current_freq_ppm);
-  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 + old_freq_ppm);
+  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 - old_freq_ppm);
 
   (*drv_accrue_offset)(doffset, corr_rate);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, dfreq, doffset, 0, ptr->anything);
-  }
-
-
+  invoke_parameter_change_handlers(&raw, &cooked, dfreq, doffset, LCL_ChangeAdjust);
 }
 
 /* ================================================== */
@@ -550,7 +647,8 @@ lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq,
                           lcl_AccrueOffsetDriver accrue_offset,
                           lcl_ApplyStepOffsetDriver apply_step_offset,
                           lcl_OffsetCorrectionDriver offset_convert,
-                          lcl_SetLeapDriver set_leap)
+                          lcl_SetLeapDriver set_leap,
+                          lcl_SetSyncStatusDriver set_sync_status)
 {
   drv_read_freq = read_freq;
   drv_set_freq = set_freq;
@@ -558,46 +656,54 @@ lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq,
   drv_apply_step_offset = apply_step_offset;
   drv_offset_convert = offset_convert;
   drv_set_leap = set_leap;
+  drv_set_sync_status = set_sync_status;
 
   current_freq_ppm = (*drv_read_freq)();
 
-#ifdef TRACEON
-  LOG(LOGS_INFO, LOGF_Local, "Local freq=%.3fppm", current_freq_ppm);
-#endif
+  DEBUG_LOG("Local freq=%.3fppm", current_freq_ppm);
 }
 
 /* ================================================== */
 /* Look at the current difference between the system time and the NTP
-   time, and make a step to cancel it if it's larger than the threshold. */
+   time, and make a step to cancel it. */
 
 int
-LCL_MakeStep(double threshold)
+LCL_MakeStep(void)
 {
-  struct timeval raw;
+  struct timespec raw;
   double correction;
 
   LCL_ReadRawTime(&raw);
   LCL_GetOffsetCorrection(&raw, &correction, NULL);
 
-  if (fabs(correction) <= threshold)
-    return 0;
+  if (!check_offset(&raw, -correction))
+      return 0;
 
   /* Cancel remaining slew and make the step */
   LCL_AccumulateOffset(correction, 0.0);
-  LCL_ApplyStepOffset(-correction);
+  if (!LCL_ApplyStepOffset(-correction))
+    return 0;
 
-  LOG(LOGS_WARN, LOGF_Local, "System clock was stepped by %.3f seconds", correction);
+  LOG(LOGS_WARN, "System clock was stepped by %.6f seconds", correction);
 
   return 1;
 }
 
 /* ================================================== */
 
+int
+LCL_CanSystemLeap(void)
+{
+  return drv_set_leap ? 1 : 0;
+}
+
+/* ================================================== */
+
 void
-LCL_SetLeap(int leap)
+LCL_SetSystemLeap(int leap, int tai_offset)
 {
   if (drv_set_leap) {
-    (drv_set_leap)(leap);
+    (drv_set_leap)(leap, tai_offset);
   }
 }
 
@@ -630,3 +736,13 @@ LCL_SetTempComp(double comp)
 }
 
 /* ================================================== */
+
+void
+LCL_SetSyncStatus(int synchronised, double est_error, double max_error)
+{
+  if (drv_set_sync_status) {
+    (drv_set_sync_status)(synchronised, est_error, max_error);
+  }
+}
+
+/* ================================================== */

local.h

@@ -31,9 +31,8 @@
 
 #include "sysincl.h"
 
-/* Read the system clock.  This is analogous to gettimeofday(),
-   but with the timezone information ignored */
-extern void LCL_ReadRawTime(struct timeval *);
+/* Read the system clock */
+extern void LCL_ReadRawTime(struct timespec *ts);
 
 /* Read the system clock, corrected according to all accumulated
    drifts and uncompensated offsets.
@@ -44,15 +43,15 @@ extern void LCL_ReadRawTime(struct timeval *);
    adjtime()-like interface to correct offsets, and to adjust the
    frequency), we must correct the raw time to get this value */
 
-extern void LCL_ReadCookedTime(struct timeval *t, double *err);
+extern void LCL_ReadCookedTime(struct timespec *ts, double *err);
 
 /* Convert raw time to cooked. */
-extern void LCL_CookTime(struct timeval *raw, struct timeval *cooked, double *err);
+extern void LCL_CookTime(struct timespec *raw, struct timespec *cooked, double *err);
 
 /* Read the current offset between the system clock and true time
    (i.e. 'cooked' - 'raw') (in seconds). */
 
-extern void LCL_GetOffsetCorrection(struct timeval *raw, double *correction, double *err);
+extern void LCL_GetOffsetCorrection(struct timespec *raw, double *correction, double *err);
 
 /* Type of routines that may be invoked as callbacks when there is a
    change to the frequency or offset.
@@ -67,16 +66,22 @@ extern void LCL_GetOffsetCorrection(struct timeval *raw, double *correction, dou
    doffset : delta offset applied (positive => make local system fast
    by that amount, negative => make it slow by that amount)
 
-   is_step_change : true if change is being applied as a jump (using
-   settimeofday rather than adjtime)
+   change_type : what type of change is being applied
    
    anything : Passthrough argument from call to registration routine */
 
 
+typedef enum {
+  LCL_ChangeAdjust,
+  LCL_ChangeStep,
+  LCL_ChangeUnknownStep
+} LCL_ChangeType;
+
 typedef void (*LCL_ParameterChangeHandler)
-     (struct timeval *raw, struct timeval *cooked,
+     (struct timespec *raw, struct timespec *cooked,
       double dfreq,
-      double doffset, int is_step_change,
+      double doffset,
+      LCL_ChangeType change_type,
       void *anything
       );
 
@@ -86,6 +91,9 @@ extern void LCL_AddParameterChangeHandler(LCL_ParameterChangeHandler handler, vo
 /* Remove a handler */
 extern void LCL_RemoveParameterChangeHandler(LCL_ParameterChangeHandler, void *anything);
 
+/* Check if a handler is invoked first when dispatching */
+extern int LCL_IsFirstParameterChangeHandler(LCL_ParameterChangeHandler handler);
+
 /* Function type for handlers to be called back when an indeterminate
    offset is introduced into the local time.  This situation occurs
    when the frequency must be adjusted to effect a clock slew and
@@ -150,13 +158,17 @@ extern void LCL_AccumulateOffset(double offset, double corr_rate);
    the system clock is fast on true time, i.e. it needs to be stepped
    backwards. (Same convention as for AccumulateOffset routine). */
 
-extern void LCL_ApplyStepOffset(double offset);
+extern int LCL_ApplyStepOffset(double offset);
 
 /* Routine to invoke notify handlers on an unexpected time jump
    in system clock */
-extern void LCL_NotifyExternalTimeStep(struct timeval *raw, struct timeval *cooked,
+extern void LCL_NotifyExternalTimeStep(struct timespec *raw, struct timespec *cooked,
     double offset, double dispersion);
 
+/* Routine to invoke notify handlers on leap second when the system clock
+   doesn't correct itself */
+extern void LCL_NotifyLeap(int leap);
+
 /* Perform the combination of modifying the frequency and applying
    a slew, in one easy step */
 extern void LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate);
@@ -183,12 +195,17 @@ extern void LCL_Finalise(void);
 /* Routine to convert the outstanding system clock error to a step and
    apply it, e.g. if the system clock has ended up an hour wrong due
    to a timezone problem. */
-extern int LCL_MakeStep(double threshold);
+extern int LCL_MakeStep(void);
 
-/* Routine to schedule a leap second. Leap second will be inserted
-   at the end of the day if argument is positive, deleted if negative,
-   and zero cancels scheduled leap second. */
-extern void LCL_SetLeap(int leap);
+/* Check if the system driver supports leap seconds, i.e. LCL_SetSystemLeap
+   does something */
+extern int LCL_CanSystemLeap(void);
+
+/* Routine to set the system clock to correct itself for a leap second and also
+   set its TAI-UTC offset.  If supported, leap second will be inserted at the
+   end of the day if the argument is positive, deleted if negative, and zero
+   resets the setting. */
+extern void LCL_SetSystemLeap(int leap, int tai_offset);
 
 /* Routine to set a frequency correction (in ppm) that should be applied
    to local clock to compensate for temperature changes.  A positive
@@ -197,4 +214,8 @@ extern void LCL_SetLeap(int leap);
    due to clamping or rounding). */
 extern double LCL_SetTempComp(double comp);
 
+/* Routine to update the synchronisation status in the kernel to allow other
+   applications to know if the system clock is synchronised and error bounds */
+extern void LCL_SetSyncStatus(int synchronised, double est_error, double max_error);
+
 #endif /* GOT_LOCAL_H */

localp.h

@@ -47,15 +47,18 @@ typedef void (*lcl_AccrueOffsetDriver)(double offset, double corr_rate);
 
 /* System driver to apply a step offset. A positive argument means step
    the clock forwards. */
-typedef void (*lcl_ApplyStepOffsetDriver)(double offset);
+typedef int (*lcl_ApplyStepOffsetDriver)(double offset);
 
 /* System driver to convert a raw time to an adjusted (cooked) time.
    The number of seconds returned in 'corr' have to be added to the
    raw time to get the corrected time */
-typedef void (*lcl_OffsetCorrectionDriver)(struct timeval *raw, double *corr, double *err);
+typedef void (*lcl_OffsetCorrectionDriver)(struct timespec *raw, double *corr, double *err);
 
-/* System driver to schedule leap second */
-typedef void (*lcl_SetLeapDriver)(int leap);
+/* System driver to schedule leap seconds and set TAI-UTC offset */
+typedef void (*lcl_SetLeapDriver)(int leap, int tai_offset);
+
+/* System driver to set the synchronisation status */
+typedef void (*lcl_SetSyncStatusDriver)(int synchronised, double est_error, double max_error);
 
 extern void lcl_InvokeDispersionNotifyHandlers(double dispersion);
 
@@ -65,6 +68,7 @@ lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq,
                           lcl_AccrueOffsetDriver accrue_offset,
                           lcl_ApplyStepOffsetDriver apply_step_offset,
                           lcl_OffsetCorrectionDriver offset_convert,
-                          lcl_SetLeapDriver set_leap);
+                          lcl_SetLeapDriver set_leap,
+                          lcl_SetSyncStatusDriver set_sync_status);
 
 #endif /* GOT_LOCALP_H */

logging.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2011-2012
+ * Copyright (C) Miroslav Lichvar  2011-2014, 2018
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -31,22 +31,23 @@
 
 #include "conf.h"
 #include "logging.h"
-#include "mkdirpp.h"
 #include "util.h"
 
+/* This is used by DEBUG_LOG macro */
+int log_debug_enabled = 0;
+
 /* ================================================== */
 /* Flag indicating we have initialised */
 static int initialised = 0;
 
+static FILE *file_log;
 static int system_log = 0;
 
 static int parent_fd = 0;
 
-static time_t last_limited = 0;
-
-#ifdef WINNT
-static FILE *logfile;
-#endif
+#define DEBUG_LEVEL_PRINT_FUNCTION 2
+#define DEBUG_LEVEL_PRINT_DEBUG 2
+static int debug_level = 0;
 
 struct LogFile {
   const char *name;
@@ -69,10 +70,7 @@ void
 LOG_Initialise(void)
 {
   initialised = 1;
-
-#ifdef WINNT
-  logfile = fopen("./chronyd.err", "a");
-#endif
+  file_log = stderr;
 }
 
 /* ================================================== */
@@ -81,15 +79,11 @@ LOG_Initialise(void)
 void
 LOG_Finalise(void)
 {
-#ifdef WINNT
-  if (logfile) {
-    fclose(logfile);
-  }
-#else
-  if (system_log) {
+  if (system_log)
     closelog();
-  }
-#endif
+
+  if (file_log)
+    fclose(file_log);
 
   LOG_CycleLogFiles();
 
@@ -98,98 +92,133 @@ LOG_Finalise(void)
 
 /* ================================================== */
 
-void
-LOG_Line_Function(LOG_Severity severity, LOG_Facility facility, const char *format, ...)
+static void log_message(int fatal, LOG_Severity severity, const char *message)
 {
-  char buf[2048];
-  va_list other_args;
-  va_start(other_args, format);
-  vsnprintf(buf, sizeof(buf), format, other_args);
-  va_end(other_args);
-#ifdef WINNT
-  if (logfile) {
-    fprintf(logfile, "%s\n", buf);
-  }
-#else
   if (system_log) {
+    int priority;
     switch (severity) {
+      case LOGS_DEBUG:
+        priority = LOG_DEBUG;
+        break;
       case LOGS_INFO:
-        syslog(LOG_INFO, "%s", buf);
+        priority = LOG_INFO;
         break;
       case LOGS_WARN:
-        syslog(LOG_WARNING, "%s", buf);
+        priority = LOG_WARNING;
         break;
       case LOGS_ERR:
-      default:
-        syslog(LOG_ERR, "%s", buf);
+        priority = LOG_ERR;
         break;
+      case LOGS_FATAL:
+        priority = LOG_CRIT;
+        break;
+      default:
+        assert(0);
     }
-  } else {
-    fprintf(stderr, "%s\n", buf);
+    syslog(priority, fatal ? "Fatal error : %s" : "%s", message);
+  } else if (file_log) {
+    fprintf(file_log, fatal ? "Fatal error : %s\n" : "%s\n", message);
   }
-#endif
 }
 
 /* ================================================== */
 
-void
-LOG_Fatal_Function(LOG_Facility facility, const char *format, ...)
+void LOG_Message(LOG_Severity severity,
+#if DEBUG > 0
+                 int line_number, const char *filename, const char *function_name,
+#endif
+                 const char *format, ...)
 {
   char buf[2048];
   va_list other_args;
+  time_t t;
+  struct tm *tm;
+
+  if (!system_log && file_log) {
+    /* Don't clutter up syslog with timestamps and internal debugging info */
+    time(&t);
+    tm = gmtime(&t);
+    if (tm) {
+      strftime(buf, sizeof (buf), "%Y-%m-%dT%H:%M:%SZ", tm);
+      fprintf(file_log, "%s ", buf);
+    }
+#if DEBUG > 0
+    if (debug_level >= DEBUG_LEVEL_PRINT_FUNCTION)
+      fprintf(file_log, "%s:%d:(%s) ", filename, line_number, function_name);
+#endif
+  }
+
   va_start(other_args, format);
   vsnprintf(buf, sizeof(buf), format, other_args);
   va_end(other_args);
 
-#ifdef WINNT
-  if (logfile) {
-    fprintf(logfile, "Fatal error : %s\n", buf);
-  }
-#else
-  if (system_log) {
-    syslog(LOG_CRIT, "Fatal error : %s", buf);
-  } else {
-    fprintf(stderr, "Fatal error : %s\n", buf);
-  }
-  if (parent_fd) {
-    if (write(parent_fd, buf, strlen(buf) + 1) < 0)
-      ; /* Not much we can do here */
-  }
-#endif
+  switch (severity) {
+    case LOGS_DEBUG:
+    case LOGS_INFO:
+    case LOGS_WARN:
+    case LOGS_ERR:
+      log_message(0, severity, buf);
+      break;
+    case LOGS_FATAL:
+      log_message(1, severity, buf);
 
-  exit(1);
+      /* Send the message also to the foreground process if it is
+         still running, or stderr if it is still open */
+      if (parent_fd > 0) {
+        if (write(parent_fd, buf, strlen(buf) + 1) < 0)
+          ; /* Not much we can do here */
+      } else if (system_log && parent_fd == 0) {
+        system_log = 0;
+        log_message(1, severity, buf);
+      }
+      break;
+    default:
+      assert(0);
+  }
 }
 
 /* ================================================== */
 
 void
-LOG_Position(const char *filename, int line_number, const char *function_name)
+LOG_OpenFileLog(const char *log_file)
 {
-#ifdef WINNT
-#else
-  time_t t;
-  struct tm stm;
-  char buf[64];
-  if (!system_log) {
-    /* Don't clutter up syslog with internal debugging info */
-    time(&t);
-    stm = *gmtime(&t);
-    strftime(buf, sizeof(buf), "%d-%H:%M:%S", &stm);
-    fprintf(stderr, "%s:%d:(%s)[%s] ", filename, line_number, function_name, buf);
+  FILE *f;
+
+  if (log_file) {
+    f = fopen(log_file, "a");
+    if (!f)
+      LOG_FATAL("Could not open log file %s", log_file);
+  } else {
+    f = stderr;
   }
-#endif
+
+  /* Enable line buffering */
+  setvbuf(f, NULL, _IOLBF, BUFSIZ);
+
+  if (file_log && file_log != stderr)
+    fclose(file_log);
+
+  file_log = f;
 }
 
+
 /* ================================================== */
 
 void
 LOG_OpenSystemLog(void)
 {
-#ifdef WINNT
-#else
   system_log = 1;
   openlog("chronyd", LOG_PID, LOG_DAEMON);
-#endif
+}
+
+/* ================================================== */
+
+void LOG_SetDebugLevel(int level)
+{
+  debug_level = level;
+  if (level >= DEBUG_LEVEL_PRINT_DEBUG) {
+    log_debug_enabled = 1;
+  }
 }
 
 /* ================================================== */
@@ -198,6 +227,8 @@ void
 LOG_SetParentFd(int fd)
 {
   parent_fd = fd;
+  if (file_log == stderr)
+    file_log = NULL;
 }
 
 /* ================================================== */
@@ -207,22 +238,7 @@ LOG_CloseParentFd()
 {
   if (parent_fd > 0)
     close(parent_fd);
-}
-
-/* ================================================== */
-
-int
-LOG_RateLimited(void)
-{
-  time_t now;
-
-  now = time(NULL);
-
-  if (last_limited + 10 > now && last_limited <= now)
-    return 1;
-
-  last_limited = now;
-  return 0;
+  parent_fd = -1;
 }
 
 /* ================================================== */
@@ -252,12 +268,18 @@ LOG_FileWrite(LOG_FileID id, const char *format, ...)
     return;
 
   if (!logfiles[id].file) {
-    char filename[512];
+    char filename[512], *logdir = CNF_GetLogDir();
+
+    if (logdir[0] == '\0') {
+      LOG(LOGS_WARN, "logdir not specified");
+      logfiles[id].name = NULL;
+      return;
+    }
 
     if (snprintf(filename, sizeof(filename), "%s/%s.log",
-          CNF_GetLogDir(), logfiles[id].name) >= sizeof(filename) ||
+                 logdir, logfiles[id].name) >= sizeof (filename) ||
         !(logfiles[id].file = fopen(filename, "a"))) {
-      LOG(LOGS_WARN, LOGF_Refclock, "Couldn't open logfile %s for update", filename);
+      LOG(LOGS_WARN, "Could not open log file %s", filename);
       logfiles[id].name = NULL;
       return;
     }
@@ -292,20 +314,6 @@ LOG_FileWrite(LOG_FileID id, const char *format, ...)
 
 /* ================================================== */
 
-void
-LOG_CreateLogFileDir(void)
-{
-  const char *logdir;
-
-  logdir = CNF_GetLogDir();
-
-  if (!mkdir_and_parents(logdir)) {
-    LOG(LOGS_ERR, LOGF_Logging, "Could not create directory %s", logdir);
-  }
-}
-
-/* ================================================== */
-
 void
 LOG_CycleLogFiles(void)
 {

logging.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2013-2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -28,46 +29,53 @@
 #ifndef GOT_LOGGING_H
 #define GOT_LOGGING_H
 
+#include "sysincl.h"
+
+/* Flag indicating whether debug messages are logged */
+extern int log_debug_enabled;
+
+/* Line logging macros.  If the compiler is GNU C, we take advantage of
+   being able to get the function name also. */
+
+#ifdef __GNUC__
+#define FUNCTION_NAME __FUNCTION__
+#define FORMAT_ATTRIBUTE_PRINTF(str, first) __attribute__ ((format (printf, str, first)))
+#else
+#define FUNCTION_NAME ""
+#define FORMAT_ATTRIBUTE_PRINTF(str, first)
+#endif
+
+#if DEBUG > 0
+#define LOG_MESSAGE(severity, ...) \
+  LOG_Message(severity, __LINE__, __FILE__, FUNCTION_NAME, __VA_ARGS__)
+#else
+#define LOG_MESSAGE(severity, ...) \
+  LOG_Message(severity, __VA_ARGS__)
+#endif
+
+#define DEBUG_LOG(...) \
+  do { \
+    if (DEBUG && log_debug_enabled) \
+      LOG_MESSAGE(LOGS_DEBUG, __VA_ARGS__); \
+  } while (0)
+
+#define LOG_FATAL(...) \
+  do { \
+    LOG_MESSAGE(LOGS_FATAL, __VA_ARGS__); \
+    exit(1); \
+  } while (0)
+
+#define LOG(severity, ...) LOG_MESSAGE(severity, __VA_ARGS__)
+
 /* Definition of severity */
 typedef enum {
   LOGS_INFO,
   LOGS_WARN,
-  LOGS_ERR
+  LOGS_ERR,
+  LOGS_FATAL,
+  LOGS_DEBUG
 } LOG_Severity;
 
-/* Definition of facility.  Each message is tagged with who generated
-   it, so that the user can customise what level of reporting he gets
-   for each area of the software */
-typedef enum {
-  LOGF_Reference,
-  LOGF_NtpIO,
-  LOGF_NtpCore,
-  LOGF_NtpSources,
-  LOGF_Scheduler,
-  LOGF_SourceStats,
-  LOGF_Sources,
-  LOGF_Local,
-  LOGF_Util,
-  LOGF_Main,
-  LOGF_ClientLog,
-  LOGF_Configure,
-  LOGF_CmdMon,
-  LOGF_Acquire,
-  LOGF_Manual,
-  LOGF_Keys,
-  LOGF_Logging,
-  LOGF_Rtc,
-  LOGF_Regress,
-  LOGF_Sys,
-  LOGF_SysLinux,
-  LOGF_SysNetBSD,
-  LOGF_SysSolaris,
-  LOGF_SysSunOS,
-  LOGF_SysWinnt,
-  LOGF_RtcLinux,
-  LOGF_Refclock
-} LOG_Facility;
-
 /* Init function */
 extern void LOG_Initialise(void);
 
@@ -75,44 +83,43 @@ extern void LOG_Initialise(void);
 extern void LOG_Finalise(void);
 
 /* Line logging function */
-extern void LOG_Line_Function(LOG_Severity severity, LOG_Facility facility, const char *format, ...);
+#if DEBUG > 0
+FORMAT_ATTRIBUTE_PRINTF(5, 6)
+extern void LOG_Message(LOG_Severity severity, int line_number, const char *filename,
+                        const char *function_name, const char *format, ...);
+#else
+FORMAT_ATTRIBUTE_PRINTF(2, 3)
+extern void LOG_Message(LOG_Severity severity, const char *format, ...);
+#endif
 
-/* Logging function for fatal errors */
-extern void LOG_Fatal_Function(LOG_Facility facility, const char *format, ...);
+/* Set debug level:
+   0, 1 - only non-debug messages are logged
+   2    - debug messages are logged too, all messages are prefixed with
+          filename, line, and function name
+   */
+extern void LOG_SetDebugLevel(int level);
 
-/* Position in code reporting function */
-extern void LOG_Position(const char *filename, int line_number, const char *function_name);
+/* Log messages to a file instead of stderr, or stderr again if NULL */
+extern void LOG_OpenFileLog(const char *log_file);
 
 /* Log messages to syslog instead of stderr */
 extern void LOG_OpenSystemLog(void);
 
-/* Send fatal message also to the foreground process */
+/* Stop using stderr and send fatal message to the foreground process */
 extern void LOG_SetParentFd(int fd);
 
 /* Close the pipe to the foreground process so it can exit */
 extern void LOG_CloseParentFd(void);
 
-/* Return zero once per 10 seconds */
-extern int LOG_RateLimited(void);
-
-/* Line logging macro.  If the compiler is GNU C, we take advantage of
-   being able to get the function name also. */
-#if defined(__GNUC__)
-#define LOG LOG_Position(__FILE__, __LINE__, __FUNCTION__); LOG_Line_Function
-#define LOG_FATAL LOG_Position(__FILE__, __LINE__, __FUNCTION__); LOG_Fatal_Function
-#else
-#define LOG LOG_Position(__FILE__, __LINE__, ""); LOG_Line_Function
-#define LOG_FATAL LOG_Position(__FILE__, __LINE__, ""); LOG_Fatal_Function
-#endif /* defined (__GNUC__) */
-
 /* File logging functions */
 
 typedef int LOG_FileID;
 
 extern LOG_FileID LOG_FileOpen(const char *name, const char *banner);
+
+FORMAT_ATTRIBUTE_PRINTF(2, 3)
 extern void LOG_FileWrite(LOG_FileID id, const char *format, ...);
 
-extern void LOG_CreateLogFileDir(void);
 extern void LOG_CycleLogFiles(void);
 
 #endif /* GOT_LOGGING_H */

main.c

@@ -4,7 +4,7 @@
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
  * Copyright (C) John G. Hasler  2009
- * Copyright (C) Miroslav Lichvar  2012
+ * Copyright (C) Miroslav Lichvar  2012-2018
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -35,6 +35,7 @@
 #include "local.h"
 #include "sys.h"
 #include "ntp_io.h"
+#include "ntp_signd.h"
 #include "ntp_sources.h"
 #include "ntp_core.h"
 #include "sources.h"
@@ -44,14 +45,15 @@
 #include "conf.h"
 #include "cmdmon.h"
 #include "keys.h"
-#include "acquire.h"
 #include "manual.h"
 #include "rtc.h"
 #include "refclock.h"
 #include "clientlog.h"
-#include "broadcast.h"
 #include "nameserv.h"
+#include "privops.h"
+#include "smooth.h"
 #include "tempcomp.h"
+#include "util.h"
 
 /* ================================================== */
 
@@ -60,16 +62,34 @@
 
 static int initialised = 0;
 
-/* ================================================== */
+static int exit_status = 0;
 
 static int reload = 0;
 
+static REF_Mode ref_mode = REF_ModeNormal;
+
+/* ================================================== */
+
+static void
+do_platform_checks(void)
+{
+  /* Require at least 32-bit integers, two's complement representation and
+     the usual implementation of conversion of unsigned integers */
+  assert(sizeof (int) >= 4);
+  assert(-1 == ~0);
+  assert((int32_t)4294967295U == (int32_t)-1);
+}
+
 /* ================================================== */
 
 static void
 delete_pidfile(void)
 {
   const char *pidfile = CNF_GetPidFile();
+
+  if (!pidfile[0])
+    return;
+
   /* Don't care if this fails, there's not a lot we can do */
   unlink(pidfile);
 }
@@ -79,36 +99,42 @@ delete_pidfile(void)
 void
 MAI_CleanupAndExit(void)
 {
-  if (!initialised) exit(0);
+  if (!initialised) exit(exit_status);
   
-  if (CNF_GetDumpOnExit()) {
+  if (CNF_GetDumpDir()[0] != '\0') {
     SRC_DumpSources();
   }
 
+  /* Don't update clock when removing sources */
+  REF_SetMode(REF_ModeIgnore);
+
+  SMT_Finalise();
   TMC_Finalise();
   MNL_Finalise();
-  ACQ_Finalise();
   CLG_Finalise();
+  NSD_Finalise();
   NSR_Finalise();
-  NCR_Finalise();
-  BRD_Finalise();
   SST_Finalise();
-  REF_Finalise();
+  NCR_Finalise();
+  NIO_Finalise();
+  CAM_Finalise();
   KEY_Finalise();
   RCL_Finalise();
   SRC_Finalise();
+  REF_Finalise();
   RTC_Finalise();
-  CAM_Finalise();
-  NIO_Finalise();
   SYS_Finalise();
   SCH_Finalise();
   LCL_Finalise();
+  PRV_Finalise();
 
   delete_pidfile();
   
+  CNF_Finalise();
+  HSH_Finalise();
   LOG_Finalise();
 
-  exit(0);
+  exit(exit_status);
 }
 
 /* ================================================== */
@@ -123,13 +149,20 @@ signal_cleanup(int x)
 /* ================================================== */
 
 static void
-post_acquire_hook(void *anything)
+quit_timeout(void *arg)
 {
-  /* Close the pipe to the foreground process so it can exit */
-  LOG_CloseParentFd();
+  /* Return with non-zero status if the clock is not synchronised */
+  exit_status = REF_GetOurStratum() >= NTP_MAX_STRATUM;
+  SCH_QuitProgram();
+}
+
+/* ================================================== */
+
+static void
+ntp_source_resolving_end(void)
+{
+  NSR_SetSourceResolvingEndHandler(NULL);
 
-  CNF_AddSources();
-  CNF_AddBroadcasts();
   if (reload) {
     /* Note, we want reload to come well after the initialisation from
        the real time clock - this gives us a fighting chance that the
@@ -137,10 +170,63 @@ post_acquire_hook(void *anything)
        semblence of validity about it. */
     SRC_ReloadSources();
   }
-  CNF_SetupAccessRestrictions();
 
+  SRC_RemoveDumpFiles();
   RTC_StartMeasurements();
   RCL_StartRefclocks();
+  NSR_StartSources();
+  NSR_AutoStartSources();
+
+  /* Special modes can end only when sources update their reachability.
+     Give up immediatelly if there are no active sources. */
+  if (ref_mode != REF_ModeNormal && !SRC_ActiveSources()) {
+    REF_SetUnsynchronised();
+  }
+}
+
+/* ================================================== */
+
+static void
+post_init_ntp_hook(void *anything)
+{
+  if (ref_mode == REF_ModeInitStepSlew) {
+    /* Remove the initstepslew sources and set normal mode */
+    NSR_RemoveAllSources();
+    ref_mode = REF_ModeNormal;
+    REF_SetMode(ref_mode);
+  }
+
+  /* Close the pipe to the foreground process so it can exit */
+  LOG_CloseParentFd();
+
+  CNF_AddSources();
+  CNF_AddBroadcasts();
+
+  NSR_SetSourceResolvingEndHandler(ntp_source_resolving_end);
+  NSR_ResolveSources();
+}
+
+/* ================================================== */
+
+static void
+reference_mode_end(int result)
+{
+  switch (ref_mode) {
+    case REF_ModeNormal:
+    case REF_ModeUpdateOnce:
+    case REF_ModePrintOnce:
+      exit_status = !result;
+      SCH_QuitProgram();
+      break;
+    case REF_ModeInitStepSlew:
+      /* Switch to the normal mode, the delay is used to prevent polling
+         interval shorter than the burst interval if some configured servers
+         were used also for initstepslew */
+      SCH_AddTimeoutByDelay(2.0, post_init_ntp_hook, NULL);
+      break;
+    default:
+      assert(0);
+  }
 }
 
 /* ================================================== */
@@ -148,88 +234,82 @@ post_acquire_hook(void *anything)
 static void
 post_init_rtc_hook(void *anything)
 {
-  CNF_ProcessInitStepSlew(post_acquire_hook, NULL);
-}
-
-/* ================================================== */
-/* Return 1 if the process exists on the system. */
-
-static int
-does_process_exist(int pid)
-{
-  int status;
-  status = getsid(pid);
-  if (status >= 0) {
-    return 1;
+  if (CNF_GetInitSources() > 0) {
+    CNF_AddInitSources();
+    NSR_StartSources();
+    assert(REF_GetMode() != REF_ModeNormal);
+    /* Wait for mode end notification */
   } else {
-    return 0;
+    (post_init_ntp_hook)(NULL);
   }
 }
 
 /* ================================================== */
 
-static int
-maybe_another_chronyd_running(int *other_pid)
+static void
+check_pidfile(void)
 {
   const char *pidfile = CNF_GetPidFile();
   FILE *in;
   int pid, count;
   
-  *other_pid = 0;
-
   in = fopen(pidfile, "r");
-  if (!in) return 0;
+  if (!in)
+    return;
 
   count = fscanf(in, "%d", &pid);
   fclose(in);
   
-  if (count != 1) return 0;
+  if (count != 1)
+    return;
 
-  *other_pid = pid;
-  return does_process_exist(pid);
-  
+  if (getsid(pid) < 0)
+    return;
+
+  LOG_FATAL("Another chronyd may already be running (pid=%d), check %s",
+            pid, pidfile);
 }
 
 /* ================================================== */
 
 static void
-write_lockfile(void)
+write_pidfile(void)
 {
   const char *pidfile = CNF_GetPidFile();
   FILE *out;
 
+  if (!pidfile[0])
+    return;
+
   out = fopen(pidfile, "w");
   if (!out) {
-    LOG(LOGS_ERR, LOGF_Main, "could not open lockfile %s for writing", pidfile);
+    LOG_FATAL("Could not open %s : %s", pidfile, strerror(errno));
   } else {
-    fprintf(out, "%d\n", getpid());
+    fprintf(out, "%d\n", (int)getpid());
     fclose(out);
   }
 }
 
 /* ================================================== */
 
+#define DEV_NULL "/dev/null"
+
 static void
 go_daemon(void)
 {
-#ifdef WINNT
-
-
-#else
-
   int pid, fd, pipefd[2];
 
   /* Create pipe which will the daemon use to notify the grandparent
      when it's initialised or send an error message */
   if (pipe(pipefd)) {
-    LOG(LOGS_ERR, LOGF_Logging, "Could not detach, pipe failed : %s", strerror(errno));
+    LOG_FATAL("pipe() failed : %s", strerror(errno));
   }
 
   /* Does this preserve existing signal handlers? */
   pid = fork();
 
   if (pid < 0) {
-    LOG(LOGS_ERR, LOGF_Logging, "Could not detach, fork failed : %s", strerror(errno));
+    LOG_FATAL("fork() failed : %s", strerror(errno));
   } else if (pid > 0) {
     /* In the 'grandparent' */
     char message[1024];
@@ -240,7 +320,8 @@ go_daemon(void)
     if (r) {
       if (r > 0) {
         /* Print the error message from the child */
-        fprintf(stderr, "%.1024s\n", message);
+        message[sizeof (message) - 1] = '\0';
+        fprintf(stderr, "%s\n", message);
       }
       exit(1);
     } else
@@ -254,7 +335,7 @@ go_daemon(void)
     pid = fork();
 
     if (pid < 0) {
-      LOG(LOGS_ERR, LOGF_Logging, "Could not detach, fork failed : %s", strerror(errno));
+      LOG_FATAL("fork() failed : %s", strerror(errno));
     } else if (pid > 0) {
       exit(0); /* In the 'parent' */
     } else {
@@ -262,7 +343,7 @@ go_daemon(void)
 
       /* Change current directory to / */
       if (chdir("/") < 0) {
-        LOG(LOGS_ERR, LOGF_Logging, "Could not chdir to / : %s", strerror(errno));
+        LOG_FATAL("chdir() failed : %s", strerror(errno));
       }
 
       /* Don't keep stdin/out/err from before. But don't close
@@ -273,10 +354,44 @@ go_daemon(void)
       }
 
       LOG_SetParentFd(pipefd[1]);
+
+      /* Open /dev/null as new stdin/out/err */
+      errno = 0;
+      if (open(DEV_NULL, O_RDONLY) != STDIN_FILENO ||
+          open(DEV_NULL, O_WRONLY) != STDOUT_FILENO ||
+          open(DEV_NULL, O_RDWR) != STDERR_FILENO)
+        LOG_FATAL("Could not open %s : %s", DEV_NULL, strerror(errno));
     }
   }
+}
 
-#endif
+/* ================================================== */
+
+static void
+print_help(const char *progname)
+{
+      printf("Usage: %s [-4|-6] [-n|-d] [-q|-Q] [-r] [-R] [-s] [-t TIMEOUT] [-f FILE|COMMAND...]\n",
+             progname);
+}
+
+/* ================================================== */
+
+static void
+print_version(void)
+{
+  printf("chronyd (chrony) version %s (%s)\n", CHRONY_VERSION, CHRONYD_FEATURES);
+}
+
+/* ================================================== */
+
+static int
+parse_int_arg(const char *arg)
+{
+  int i;
+
+  if (sscanf(arg, "%d", &i) != 1)
+    LOG_FATAL("Invalid argument %s", arg);
+  return i;
 }
 
 /* ================================================== */
@@ -285,106 +400,164 @@ int main
 (int argc, char **argv)
 {
   const char *conf_file = DEFAULT_CONF_FILE;
-  char *user = NULL;
-  int debug = 0, nofork = 0, address_family = IPADDR_UNSPEC;
-  int do_init_rtc = 0, restarted = 0;
-  int other_pid;
-  int lock_memory = 0, sched_priority = 0;
+  const char *progname = argv[0];
+  char *user = NULL, *log_file = NULL;
+  struct passwd *pw;
+  int opt, debug = 0, nofork = 0, address_family = IPADDR_UNSPEC;
+  int do_init_rtc = 0, restarted = 0, client_only = 0, timeout = 0;
+  int scfilter_level = 0, lock_memory = 0, sched_priority = 0;
+  int clock_control = 1, system_log = 1;
+  int config_args = 0;
+
+  do_platform_checks();
 
   LOG_Initialise();
 
-  /* Parse command line options */
-  while (++argv, (--argc)>0) {
-
-    if (!strcmp("-f", *argv)) {
-      ++argv, --argc;
-      conf_file = *argv;
-    } else if (!strcmp("-P", *argv)) {
-      ++argv, --argc;
-      if (argc == 0 || sscanf(*argv, "%d", &sched_priority) != 1) {
-        LOG_FATAL(LOGF_Main, "Bad scheduler priority");
-      }
-    } else if (!strcmp("-m", *argv)) {
-      lock_memory = 1;
-    } else if (!strcmp("-r", *argv)) {
-      reload = 1;
-    } else if (!strcmp("-R", *argv)) {
-      restarted = 1;
-    } else if (!strcmp("-u", *argv)) {
-      ++argv, --argc;
-      if (argc == 0) {
-        LOG_FATAL(LOGF_Main, "Missing user name");
-      } else {
-        user = *argv;
-      }
-    } else if (!strcmp("-s", *argv)) {
-      do_init_rtc = 1;
-    } else if (!strcmp("-v", *argv) || !strcmp("--version",*argv)) {
-      /* This write to the terminal is OK, it comes before we turn into a daemon */
-      printf("chronyd (chrony) version %s\n", CHRONY_VERSION);
-      exit(0);
-    } else if (!strcmp("-n", *argv)) {
-      nofork = 1;
-    } else if (!strcmp("-d", *argv)) {
-      debug = 1;
-      nofork = 1;
-    } else if (!strcmp("-4", *argv)) {
-      address_family = IPADDR_INET4;
-    } else if (!strcmp("-6", *argv)) {
-      address_family = IPADDR_INET6;
-    } else {
-      LOG_FATAL(LOGF_Main, "Unrecognized command line option [%s]", *argv);
+  /* Parse (undocumented) long command-line options */
+  for (optind = 1; optind < argc; optind++) {
+    if (!strcmp("--help", argv[optind])) {
+      print_help(progname);
+      return 0;
+    } else if (!strcmp("--version", argv[optind])) {
+      print_version();
+      return 0;
     }
   }
 
-  if (getuid() != 0) {
-    /* This write to the terminal is OK, it comes before we turn into a daemon */
-    fprintf(stderr,"Not superuser\n");
-    exit(1);
+  optind = 1;
+
+  /* Parse short command-line options */
+  while ((opt = getopt(argc, argv, "46df:F:hl:mnP:qQrRst:u:vx")) != -1) {
+    switch (opt) {
+      case '4':
+      case '6':
+        address_family = opt == '4' ? IPADDR_INET4 : IPADDR_INET6;
+        break;
+      case 'd':
+        debug++;
+        nofork = 1;
+        system_log = 0;
+        break;
+      case 'f':
+        conf_file = optarg;
+        break;
+      case 'F':
+        scfilter_level = parse_int_arg(optarg);
+        break;
+      case 'l':
+        log_file = optarg;
+        break;
+      case 'm':
+        lock_memory = 1;
+        break;
+      case 'n':
+        nofork = 1;
+        break;
+      case 'P':
+        sched_priority = parse_int_arg(optarg);
+        break;
+      case 'q':
+        ref_mode = REF_ModeUpdateOnce;
+        nofork = 1;
+        client_only = 0;
+        system_log = 0;
+        break;
+      case 'Q':
+        ref_mode = REF_ModePrintOnce;
+        nofork = 1;
+        client_only = 1;
+        clock_control = 0;
+        system_log = 0;
+        break;
+      case 'r':
+        reload = 1;
+        break;
+      case 'R':
+        restarted = 1;
+        break;
+      case 's':
+        do_init_rtc = 1;
+        break;
+      case 't':
+        timeout = parse_int_arg(optarg);
+        break;
+      case 'u':
+        user = optarg;
+        break;
+      case 'v':
+        print_version();
+        return 0;
+      case 'x':
+        clock_control = 0;
+        break;
+      default:
+        print_help(progname);
+        return opt != 'h';
+    }
   }
 
+  if (getuid() && !client_only)
+    LOG_FATAL("Not superuser");
+
   /* Turn into a daemon */
   if (!nofork) {
     go_daemon();
   }
 
-  if (!debug) {
+  if (log_file) {
+    LOG_OpenFileLog(log_file);
+  } else if (system_log) {
     LOG_OpenSystemLog();
   }
   
-  LOG(LOGS_INFO, LOGF_Main, "chronyd version %s starting", CHRONY_VERSION);
+  LOG_SetDebugLevel(debug);
+  
+  LOG(LOGS_INFO, "chronyd version %s starting (%s)", CHRONY_VERSION, CHRONYD_FEATURES);
 
   DNS_SetAddressFamily(address_family);
 
-  CNF_SetRestarted(restarted);
-  CNF_ReadFile(conf_file);
+  CNF_Initialise(restarted, client_only);
 
-  /* Check whether another chronyd may already be running.  Do this after
-   * forking, so that message logging goes to the right place (i.e. syslog), in
-   * case this chronyd is being run from a boot script. */
-  if (maybe_another_chronyd_running(&other_pid)) {
-    LOG_FATAL(LOGF_Main, "Another chronyd may already be running (pid=%d), check lockfile (%s)",
-              other_pid, CNF_GetPidFile());
+  /* Parse the config file or the remaining command line arguments */
+  config_args = argc - optind;
+  if (!config_args) {
+    CNF_ReadFile(conf_file);
+  } else {
+    for (; optind < argc; optind++)
+      CNF_ParseLine(NULL, config_args + optind - argc + 1, argv[optind]);
   }
 
-  /* Write our lockfile to prevent other chronyds running.  This has *GOT* to
-   * be done *AFTER* the daemon-creation fork() */
-  write_lockfile();
+  /* Check whether another chronyd may already be running */
+  check_pidfile();
 
-  if (do_init_rtc) {
-    RTC_TimePreInit();
-  }
+  if (!user)
+    user = CNF_GetUser();
 
+  pw = getpwnam(user);
+  if (!pw)
+    LOG_FATAL("Could not get user/group ID of %s", user);
+
+  /* Create directories for sockets, log files, and dump files */
+  CNF_CreateDirs(pw->pw_uid, pw->pw_gid);
+
+  /* Write our pidfile to prevent other instances from running */
+  write_pidfile();
+
+  PRV_Initialise();
   LCL_Initialise();
   SCH_Initialise();
-  SYS_Initialise();
-  NIO_Initialise(address_family);
-  CAM_Initialise(address_family);
-  RTC_Initialise();
+  SYS_Initialise(clock_control);
+  RTC_Initialise(do_init_rtc);
   SRC_Initialise();
   RCL_Initialise();
   KEY_Initialise();
 
+  /* Open privileged ports before dropping root */
+  CAM_Initialise(address_family);
+  NIO_Initialise(address_family);
+  NCR_Initialise();
+  CNF_SetupAccessRestrictions();
+
   /* Command-line switch must have priority */
   if (!sched_priority) {
     sched_priority = CNF_GetSchedPriority();
@@ -397,46 +570,50 @@ int main
     SYS_LockMemory();
   }
 
-  if (!user) {
-    user = CNF_GetUser();
-  }
-  if (user) {
-    SYS_DropRoot(user);
-  }
-
-  LOG_CreateLogFileDir();
+  /* Drop root privileges if the specified user has a non-zero UID */
+  if (!geteuid() && (pw->pw_uid || pw->pw_gid))
+    SYS_DropRoot(pw->pw_uid, pw->pw_gid);
 
   REF_Initialise();
   SST_Initialise();
-  BRD_Initialise();
-  NCR_Initialise();
   NSR_Initialise();
+  NSD_Initialise();
   CLG_Initialise();
-  ACQ_Initialise();
   MNL_Initialise();
   TMC_Initialise();
+  SMT_Initialise();
 
   /* From now on, it is safe to do finalisation on exit */
   initialised = 1;
 
+  UTI_SetQuitSignalsHandler(signal_cleanup, 1);
+
+  CAM_OpenUnixSocket();
+
+  if (scfilter_level)
+    SYS_EnableSystemCallFilter(scfilter_level);
+
+  if (ref_mode == REF_ModeNormal && CNF_GetInitSources() > 0) {
+    ref_mode = REF_ModeInitStepSlew;
+  }
+
+  REF_SetModeEndHandler(reference_mode_end);
+  REF_SetMode(ref_mode);
+
+  if (timeout > 0)
+    SCH_AddTimeoutByDelay(timeout, quit_timeout, NULL);
+
   if (do_init_rtc) {
     RTC_TimeInit(post_init_rtc_hook, NULL);
   } else {
     post_init_rtc_hook(NULL);
   }
 
-  signal(SIGINT, signal_cleanup);
-  signal(SIGTERM, signal_cleanup);
-#if !defined(WINNT)
-  signal(SIGQUIT, signal_cleanup);
-  signal(SIGHUP, signal_cleanup);
-#endif /* WINNT */
-
   /* The program normally runs under control of the main loop in
      the scheduler. */
   SCH_MainLoop();
 
-  LOG(LOGS_INFO, LOGF_Main, "chronyd exiting");
+  LOG(LOGS_INFO, "chronyd exiting");
 
   MAI_CleanupAndExit();
 

make_release

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-LANG=C
+LANG=C.UTF-8
 export LANG
 
 if [ $# -ne 1 ]; then
@@ -9,8 +9,8 @@ if [ $# -ne 1 ]; then
 fi
 
 version=$1
+tag=$version
 subdir=chrony-${version}
-mandate=$(date +'%B %Y')
 
 umask 022
 
@@ -21,34 +21,31 @@ fi
 
 [ -d RELEASES ] || mkdir RELEASES
 
-git tag -s $version || exit 1
-
 rm -rf RELEASES/$subdir
 
-git archive --format=tar --prefix=RELEASES/${subdir}/ $version | \
+if [ $version != test ]; then
+  git tag -s $tag || exit 1
+else
+  tag=HEAD
+fi
+
+git archive --format=tar --prefix=RELEASES/${subdir}/ $tag | \
   tar xf - || exit 1
 
 cd RELEASES/$subdir || exit 1
 
 echo $version > version.txt
 
-sed -e "s%@@VERSION@@%${version}%" < chrony.spec.sample > chrony.spec
+./configure && make -C doc man txt || exit 1
 
-for m in chrony.1.in chronyc.1.in chrony.conf.5.in chronyd.8.in; do
-  sed -e "s%@VERSION@%${version}%;s%@MAN_DATE@%${mandate}%" \
-    < $m > ${m}_
-  mv -f ${m}_ $m
-done
+iconv -f utf-8 -t ascii//TRANSLIT < doc/installation.txt > INSTALL
+iconv -f utf-8 -t ascii//TRANSLIT < doc/faq.txt > FAQ
 
-./configure && make chrony.txt || exit 1
-mv chrony.txt chrony.txt_
 make distclean
-mv chrony.txt_ chrony.txt
-
-rm -f faqgen.pl make_release chrony.spec.sample .gitignore
+rm -f make_release .gitignore
 
 cd ..
-tar cvf - $subdir | gzip -9 > ${subdir}.tar.gz
-gpg -b -a -o ${subdir}-tar-gz-asc.txt ${subdir}.tar.gz
-
+tar cv --owner root --group root $subdir | gzip -9 > ${subdir}.tar.gz
 
+[ $version != test ] && \
+  gpg -b -a -o ${subdir}-tar-gz-asc.txt ${subdir}.tar.gz

manual.c

@@ -47,33 +47,28 @@ static int enabled = 0;
 
 /* More recent samples at highest indices */
 typedef struct {
-  struct timeval when; /* This is our 'cooked' time */
+  struct timespec when; /* This is our 'cooked' time */
   double orig_offset; /*+ Not modified by slew samples */
   double offset; /*+ if we are fast of the supplied reference */
   double residual; /*+ regression residual (sign convention given by
                      (measured-predicted)) */
 } Sample;
 
+#define MIN_SAMPLE_SEPARATION 1.0
+
 #define MAX_SAMPLES 16
 
 static Sample samples[16];
 static int n_samples;
 
-static int replace_margin;
-static int error;
-
-/* Eventually these constants need to be user-defined in conf file */
-#define REPLACE_MARGIN 300
-#define ERROR_MARGIN 0.2
-
 /* ================================================== */
 
 static void
-slew_samples(struct timeval *raw,
-             struct timeval *cooked, 
+slew_samples(struct timespec *raw,
+             struct timespec *cooked,
              double dfreq,
              double doffset,
-             int is_step_change,
+             LCL_ChangeType change_type,
              void *not_used);
 
 /* ================================================== */
@@ -89,9 +84,6 @@ MNL_Initialise(void)
 
   n_samples = 0;
 
-  replace_margin = REPLACE_MARGIN;
-  error = ERROR_MARGIN;
-
   LCL_AddParameterChangeHandler(slew_samples, NULL);
 }
 
@@ -105,7 +97,8 @@ MNL_Finalise(void)
 /* ================================================== */
 
 static void
-estimate_and_set_system(struct timeval *now, int offset_provided, double offset, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm)
+estimate_and_set_system(struct timespec *now, int offset_provided, double offset,
+                        double *reg_offset, double *dfreq_ppm, double *new_afreq_ppm)
 {
   double agos[MAX_SAMPLES], offsets[MAX_SAMPLES];
   double b0, b1;
@@ -116,32 +109,26 @@ estimate_and_set_system(struct timeval *now, int offset_provided, double offset,
   int found_freq;
   double slew_by;
 
+  b0 = offset_provided ? offset : 0.0;
+  b1 = freq = 0.0;
+  found_freq = 0;
+
   if (n_samples > 1) {
     for (i=0; i<n_samples; i++) {
-      UTI_DiffTimevalsToDouble(&agos[i], &samples[n_samples-1].when, &samples[i].when);
+      agos[i] = UTI_DiffTimespecsToDouble(&samples[n_samples - 1].when, &samples[i].when);
       offsets[i] = samples[i].offset;
     }
     
-    RGR_FindBestRobustRegression(agos, offsets, n_samples,
-                                 1.0e-8, /* 0.01ppm easily good enough for this! */
-                                 &b0, &b1, &n_runs, &best_start);
-    
-    
-    /* Ignore b0 from regression; treat offset as being the most
-       recently entered value.  (If the administrator knows he's put
-       an outlier in, he will rerun the settime operation.)   However,
-       the frequency estimate comes from the regression. */
-    
-    freq = -b1;
-    found_freq = 1;
-  } else {
-    if (offset_provided) {
-      b0 = offset;
-    } else {
-      b0 = 0.0;
+    if (RGR_FindBestRobustRegression(agos, offsets, n_samples, 1.0e-8,
+                                     &b0, &b1, &n_runs, &best_start)) {
+      /* Ignore b0 from regression; treat offset as being the most
+         recently entered value.  (If the administrator knows he's put
+         an outlier in, he will rerun the settime operation.)   However,
+         the frequency estimate comes from the regression. */
+      freq = -b1;
+      found_freq = 1;
     }
-    b1 = freq = 0.0;
-    found_freq = 0;
+  } else {
     agos[0] = 0.0;
     offsets[0] = b0;
   }
@@ -153,21 +140,20 @@ estimate_and_set_system(struct timeval *now, int offset_provided, double offset,
   }
   
   if (found_freq) {
-    LOG(LOGS_INFO, LOGF_Manual,
-        "Making a frequency change of %.3f ppm and a slew of %.6f",
+    LOG(LOGS_INFO, "Making a frequency change of %.3f ppm and a slew of %.6f",
         1.0e6 * freq, slew_by);
     
     REF_SetManualReference(now,
                            slew_by,
                            freq, skew);
   } else {
-    LOG(LOGS_INFO, LOGF_Manual, "Making a slew of %.6f", slew_by);
+    LOG(LOGS_INFO, "Making a slew of %.6f", slew_by);
     REF_SetManualReference(now,
                            slew_by,
                            0.0, skew);
   }
   
-  if (offset_cs) *offset_cs = (long)(0.5 + 100.0 * b0);
+  if (reg_offset) *reg_offset = b0;
   if (dfreq_ppm) *dfreq_ppm = 1.0e6 * freq;
   if (new_afreq_ppm) *new_afreq_ppm = LCL_ReadAbsoluteFrequency();
   
@@ -181,18 +167,28 @@ estimate_and_set_system(struct timeval *now, int offset_provided, double offset,
 /* ================================================== */
 
 int
-MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm)
+MNL_AcceptTimestamp(struct timespec *ts, double *reg_offset, double *dfreq_ppm, double *new_afreq_ppm)
 {
-  struct timeval now;
-  double offset;
+  struct timespec now;
+  double offset, diff;
   int i;
 
   if (enabled) {
-
-    /* Check whether timestamp is within margin of old one */
     LCL_ReadCookedTime(&now, NULL);
 
-    UTI_DiffTimevalsToDouble(&offset, &now, ts);
+    /* Make sure the provided timestamp is sane and the sample
+       is not too close to the last one */
+
+    if (!UTI_IsTimeOffsetSane(ts, 0.0))
+     return 0;
+
+    if (n_samples) {
+      diff = UTI_DiffTimespecsToDouble(&now, &samples[n_samples - 1].when);
+      if (diff < MIN_SAMPLE_SEPARATION)
+        return 0;
+    }
+
+    offset = UTI_DiffTimespecsToDouble(&now, ts);
 
     /* Check if buffer full up */
     if (n_samples == MAX_SAMPLES) {
@@ -208,7 +204,7 @@ MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, doub
     samples[n_samples].orig_offset = offset;
     ++n_samples;
 
-    estimate_and_set_system(&now, 1, offset, offset_cs, dfreq_ppm, new_afreq_ppm);
+    estimate_and_set_system(&now, 1, offset, reg_offset, dfreq_ppm, new_afreq_ppm);
 
     return 1;
 
@@ -222,17 +218,22 @@ MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, doub
 /* ================================================== */
 
 static void
-slew_samples(struct timeval *raw,
-             struct timeval *cooked, 
+slew_samples(struct timespec *raw,
+             struct timespec *cooked,
              double dfreq,
              double doffset,
-             int is_step_change,
+             LCL_ChangeType change_type,
              void *not_used)
 {
   double delta_time;
   int i;
+
+  if (change_type == LCL_ChangeUnknownStep) {
+    MNL_Reset();
+  }
+
   for (i=0; i<n_samples; i++) {
-    UTI_AdjustTimeval(&samples[i].when, cooked, &samples[i].when, &delta_time,
+    UTI_AdjustTimespec(&samples[i].when, cooked, &samples[i].when, &delta_time,
         dfreq, doffset);
     samples[i].offset += delta_time;
   }
@@ -263,6 +264,14 @@ MNL_Reset(void)
   n_samples = 0;
 }
 
+/* ================================================== */
+
+int
+MNL_IsEnabled(void)
+{
+  return enabled;
+}
+
 /* ================================================== */
 /* Generate report data for the REQ_MANUAL_LIST command/monitoring
    protocol */
@@ -294,7 +303,7 @@ int
 MNL_DeleteSample(int index)
 {
   int i;
-  struct timeval now;
+  struct timespec now;
 
   if ((index < 0) || (index >= n_samples)) {
     return 0;

manual.h

@@ -33,11 +33,12 @@
 
 extern void MNL_Initialise(void);
 extern void MNL_Finalise(void);
-extern int MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm);
+extern int MNL_AcceptTimestamp(struct timespec *ts, double *reg_offset, double *dfreq_ppm, double *new_afreq_ppm);
 
 extern void MNL_Enable(void);
 extern void MNL_Disable(void);
 extern void MNL_Reset(void);
+extern int MNL_IsEnabled(void);
 
 extern void MNL_ReportSamples(RPT_ManualSamplesReport *report, int max, int *n);
 extern int MNL_DeleteSample(int index);

memory.c

@@ -0,0 +1,93 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014, 2017
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Utility functions for memory allocation.
+
+  */
+
+#include "config.h"
+
+#include "logging.h"
+#include "memory.h"
+
+void *
+Malloc(size_t size)
+{
+  void *r;
+
+  r = malloc(size);
+  if (!r && size)
+    LOG_FATAL("Could not allocate memory");
+
+  return r;
+}
+
+void *
+Realloc(void *ptr, size_t size)
+{
+  void *r;
+
+  r = realloc(ptr, size);
+  if (!r && size)
+    LOG_FATAL("Could not allocate memory");
+
+  return r;
+}
+
+static size_t
+get_array_size(size_t nmemb, size_t size)
+{
+  size_t array_size;
+
+  array_size = nmemb * size;
+
+  /* Check for overflow */
+  if (nmemb > 0 && array_size / nmemb != size)
+    LOG_FATAL("Could not allocate memory");
+
+  return array_size;
+}
+
+void *
+Malloc2(size_t nmemb, size_t size)
+{
+  return Malloc(get_array_size(nmemb, size));
+}
+
+void *
+Realloc2(void *ptr, size_t nmemb, size_t size)
+{
+  return Realloc(ptr, get_array_size(nmemb, size));
+}
+
+char *
+Strdup(const char *s)
+{
+  void *r;
+
+  r = strdup(s);
+  if (!r)
+    LOG_FATAL("Could not allocate memory");
+
+  return r;
+}

memory.h

@@ -27,11 +27,19 @@
 #ifndef GOT_MEMORY_H
 #define GOT_MEMORY_H
 
-#define Malloc(x) malloc(x)
-#define MallocNew(T) ((T *) malloc(sizeof(T)))
-#define MallocArray(T, n) ((T *) malloc((n) * sizeof(T)))
-#define Realloc(x,y) realloc(x,y)
-#define ReallocArray(T,n,x) ((T *) realloc((void *)(x), (n)*sizeof(T)))
+#include "sysincl.h"
+
+/* Wrappers checking for errors */
+extern void *Malloc(size_t size);
+extern void *Realloc(void *ptr, size_t size);
+extern void *Malloc2(size_t nmemb, size_t size);
+extern void *Realloc2(void *ptr, size_t nmemb, size_t size);
+extern char *Strdup(const char *s);
+
+/* Convenient macros */
+#define MallocNew(T) ((T *) Malloc(sizeof(T)))
+#define MallocArray(T, n) ((T *) Malloc2(n, sizeof(T)))
+#define ReallocArray(T, n, x) ((T *) Realloc2((void *)(x), n, sizeof(T)))
 #define Free(x) free(x)
 
 #endif /* GOT_MEMORY_H */

mkdirpp.c

@@ -1,134 +0,0 @@
-/*
-  chronyd/chronyc - Programs for keeping computer clocks accurate.
-
- **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- * 
- **********************************************************************
-
-  =======================================================================
-
-  A function for creating a directory and any parent directories that
-  don't exist.
-
-  */
-
-#include "config.h"
-
-#include "sysincl.h"
-
-#include "mkdirpp.h"
-
-static int
-do_dir(char *p)
-{
-  int status;
-  struct stat buf;
-
-#if defined(TEST)
-  fprintf(stderr, "do_dir(%s)\n", p);
-#endif
-
-  /* See if directory exists */
-  status = stat(p, &buf);
-
-  if (status < 0) {
-    if (errno == ENOENT) {
-      /* Try to create directory */
-      status = mkdir(p, 0755);
-      return status;
-    } else {
-      return status;
-    }
-  }
-
-  if (!S_ISDIR(buf.st_mode)) {
-    return -1;
-  }
-
-  return 0;
-}
-
-/* ================================================== */
-/* Return 0 if the directory couldn't be created, 1 if it could (or
-   already existed) */
-
-int
-mkdir_and_parents(const char *path)
-{
-  char *p;
-  int len;
-  int i, j, k, last;
-  len = strlen(path);
-
-  p = (char *) malloc(1 + len);
-
-  i = k = 0;
-  while (1) {
-    p[i++] = path[k++];
-    
-    if (path[k] == '/' || !path[k]) {
-      p[i] = 0;
-
-      if (do_dir(p) < 0) {
-        free(p);
-        return 0;
-      }
-
-      if (!path[k]) {
-        /* End of the string */
-        break;
-      }
-
-      /* check whether its a trailing / or group of / */
-      last = 1;
-      j = k+1;
-      while (path[j]) {
-        if (path[j] != '/') {
-          k = j - 1; /* Pick up a / into p[] thru the assignment at the top of the loop */
-          last = 0;
-          break;
-        }
-        j++;
-      }
-
-      if (last) {
-        break;
-      }
-    }
-
-    if (!path[k]) break;
-
-  }  
-
-  free(p);
-  return 1;
-
-}
-
-/* ================================================== */
-
-#if defined(TEST)
-int main(int argc, char **argv) {
-  if (argc > 1) {
-    /* Invert sense of result */
-    return mkdir_and_parents(argv[1]) ? 0 : 1;
-  } else {
-    return 1;
-  }
-}
-#endif
-                                  

nameserv.c

@@ -30,6 +30,9 @@
 
 #include "sysincl.h"
 
+#include <netdb.h>
+#include <resolv.h>
+
 #include "nameserv.h"
 #include "util.h"
 
@@ -44,14 +47,28 @@ DNS_SetAddressFamily(int family)
 }
 
 DNS_Status 
-DNS_Name2IPAddress(const char *name, IPAddr *addr)
+DNS_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs)
 {
-#ifdef HAVE_IPV6
+#ifdef HAVE_GETADDRINFO
   struct addrinfo hints, *res, *ai;
-  int result;
-  
+  int i, result;
+
+  max_addrs = MIN(max_addrs, DNS_MAX_ADDRESSES);
+
   memset(&hints, 0, sizeof (hints));
-  hints.ai_family = AF_UNSPEC;
+
+  switch (address_family) {
+    case IPADDR_INET4:
+      hints.ai_family = AF_INET;
+      break;
+#ifdef FEAT_IPV6
+    case IPADDR_INET6:
+      hints.ai_family = AF_INET6;
+      break;
+#endif
+    default:
+      hints.ai_family = AF_UNSPEC;
+  }
   hints.ai_socktype = SOCK_STREAM;
 
   result = getaddrinfo(name, NULL, &hints, &res);
@@ -64,38 +81,60 @@ DNS_Name2IPAddress(const char *name, IPAddr *addr)
 #endif
   }
 
-  for (ai = res; !result && ai != NULL; ai = ai->ai_next) {
+  for (ai = res, i = 0; i < max_addrs && ai != NULL; ai = ai->ai_next) {
     switch (ai->ai_family) {
       case AF_INET:
-        addr->family = IPADDR_INET4;
-        addr->addr.in4 = ntohl(((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr);
-        result = 1;
+        if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET4)
+          continue;
+        ip_addrs[i].family = IPADDR_INET4;
+        ip_addrs[i].addr.in4 = ntohl(((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr);
+        i++;
         break;
-#ifdef HAVE_IPV6
+#ifdef FEAT_IPV6
       case AF_INET6:
-        addr->family = IPADDR_INET6;
-        memcpy(&addr->addr.in6, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr.s6_addr, sizeof (addr->addr.in6));
-        result = 1;
+        if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET6)
+          continue;
+        ip_addrs[i].family = IPADDR_INET6;
+        memcpy(&ip_addrs[i].addr.in6, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr.s6_addr,
+               sizeof (ip_addrs->addr.in6));
+        i++;
         break;
 #endif
     }
-    if (result && address_family != IPADDR_UNSPEC && address_family != addr->family)
-      result = 0;
   }
 
+  for (; i < max_addrs; i++)
+        ip_addrs[i].family = IPADDR_UNSPEC;
+
   freeaddrinfo(res);
-  return result ? DNS_Success : DNS_Failure;
+
+  return !max_addrs || ip_addrs[0].family != IPADDR_UNSPEC ? DNS_Success : DNS_Failure;
 #else
   struct hostent *host;
+  int i;
   
+  if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET4)
+    return DNS_Failure;
+
+  max_addrs = MIN(max_addrs, DNS_MAX_ADDRESSES);
+
   host = gethostbyname(name);
 
   if (host == NULL) {
     if (h_errno == TRY_AGAIN)
       return DNS_TryAgain;
   } else {
-    addr->family = IPADDR_INET4;
-    addr->addr.in4 = ntohl(*(uint32_t *)host->h_addr_list[0]);
+    if (host->h_addrtype != AF_INET || !host->h_addr_list[0])
+      return DNS_Failure;
+
+    for (i = 0; host->h_addr_list[i] && i < max_addrs; i++) {
+      ip_addrs[i].family = IPADDR_INET4;
+      ip_addrs[i].addr.in4 = ntohl(*(uint32_t *)host->h_addr_list[i]);
+    }
+
+    for (; i < max_addrs; i++)
+      ip_addrs[i].family = IPADDR_UNSPEC;
+
     return DNS_Success;
   }
 
@@ -115,33 +154,14 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len)
 {
   char *result = NULL;
 
-#ifdef HAVE_IPV6
-  struct sockaddr_in in4;
+#ifdef FEAT_IPV6
   struct sockaddr_in6 in6;
+  socklen_t slen;
   char hbuf[NI_MAXHOST];
 
-  switch (ip_addr->family) {
-    case IPADDR_INET4:
-      memset(&in4, 0, sizeof (in4));
-#ifdef SIN6_LEN
-      in4.sin_len = sizeof (in4);
-#endif
-      in4.sin_family = AF_INET;
-      in4.sin_addr.s_addr = htonl(ip_addr->addr.in4);
-      if (!getnameinfo((const struct sockaddr *)&in4, sizeof (in4), hbuf, sizeof (hbuf), NULL, 0, 0))
-        result = hbuf;
-      break;
-    case IPADDR_INET6:
-      memset(&in6, 0, sizeof (in6));
-#ifdef SIN6_LEN
-      in6.sin6_len = sizeof (in6);
-#endif
-      in6.sin6_family = AF_INET6;
-      memcpy(&in6.sin6_addr.s6_addr, ip_addr->addr.in6, sizeof (in6.sin6_addr.s6_addr));
-      if (!getnameinfo((const struct sockaddr *)&in6, sizeof (in6), hbuf, sizeof (hbuf), NULL, 0, 0))
-        result = hbuf;
-      break;
-  }
+  slen = UTI_IPAndPortToSockaddr(ip_addr, 0, (struct sockaddr *)&in6);
+  if (!getnameinfo((struct sockaddr *)&in6, slen, hbuf, sizeof (hbuf), NULL, 0, 0))
+    result = hbuf;
 #else
   struct hostent *host;
   uint32_t addr;
@@ -151,7 +171,7 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len)
       addr = htonl(ip_addr->addr.in4);
       host = gethostbyaddr((const char *) &addr, sizeof (ip_addr), AF_INET);
       break;
-#ifdef HAVE_IPV6
+#ifdef FEAT_IPV6
     case IPADDR_INET6:
       host = gethostbyaddr((const void *) ip_addr->addr.in6, sizeof (ip_addr->addr.in6), AF_INET6);
       break;

nameserv.h

@@ -39,7 +39,10 @@ typedef enum {
 /* Resolve names only to selected address family */
 extern void DNS_SetAddressFamily(int family);
 
-extern DNS_Status DNS_Name2IPAddress(const char *name, IPAddr *addr);
+/* Maximum number of addresses returned by DNS_Name2IPAddress */
+#define DNS_MAX_ADDRESSES 16
+
+extern DNS_Status DNS_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs);
 
 extern int DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len);
 

nameserv_async.c

@@ -0,0 +1,133 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Functions to asynchronously convert name to IP address
+
+  */
+
+#include "config.h"
+#include "sysincl.h"
+
+#include "nameserv_async.h"
+#include "logging.h"
+#include "memory.h"
+#include "privops.h"
+#include "sched.h"
+#include "util.h"
+
+#ifdef USE_PTHREAD_ASYNCDNS
+#include <pthread.h>
+
+/* ================================================== */
+
+struct DNS_Async_Instance {
+  const char *name;
+  DNS_Status status;
+  IPAddr addresses[DNS_MAX_ADDRESSES];
+  DNS_NameResolveHandler handler;
+  void *arg;
+
+  pthread_t thread;
+  int pipe[2];
+};
+
+static int resolving_threads = 0;
+
+/* ================================================== */
+
+static void *
+start_resolving(void *anything)
+{
+  struct DNS_Async_Instance *inst = (struct DNS_Async_Instance *)anything;
+
+  inst->status = PRV_Name2IPAddress(inst->name, inst->addresses, DNS_MAX_ADDRESSES);
+
+  /* Notify the main thread that the result is ready */
+  if (write(inst->pipe[1], "", 1) < 0)
+    ;
+
+  return NULL;
+}
+
+/* ================================================== */
+
+static void
+end_resolving(int fd, int event, void *anything)
+{
+  struct DNS_Async_Instance *inst = (struct DNS_Async_Instance *)anything;
+  int i;
+
+  if (pthread_join(inst->thread, NULL)) {
+    LOG_FATAL("pthread_join() failed");
+  }
+
+  resolving_threads--;
+
+  SCH_RemoveFileHandler(inst->pipe[0]);
+  close(inst->pipe[0]);
+  close(inst->pipe[1]);
+
+  for (i = 0; inst->status == DNS_Success && i < DNS_MAX_ADDRESSES &&
+              inst->addresses[i].family != IPADDR_UNSPEC; i++)
+    ;
+
+  (inst->handler)(inst->status, i, inst->addresses, inst->arg);
+
+  Free(inst);
+}
+
+/* ================================================== */
+
+void
+DNS_Name2IPAddressAsync(const char *name, DNS_NameResolveHandler handler, void *anything)
+{
+  struct DNS_Async_Instance *inst;
+
+  inst = MallocNew(struct DNS_Async_Instance);
+  inst->name = name;
+  inst->handler = handler;
+  inst->arg = anything;
+  inst->status = DNS_Failure;
+
+  if (pipe(inst->pipe)) {
+    LOG_FATAL("pipe() failed");
+  }
+
+  UTI_FdSetCloexec(inst->pipe[0]);
+  UTI_FdSetCloexec(inst->pipe[1]);
+
+  resolving_threads++;
+  assert(resolving_threads <= 1);
+
+  if (pthread_create(&inst->thread, NULL, start_resolving, inst)) {
+    LOG_FATAL("pthread_create() failed");
+  }
+
+  SCH_AddFileHandler(inst->pipe[0], SCH_FILE_INPUT, end_resolving, inst);
+}
+
+/* ================================================== */
+
+#else
+#error
+#endif

nameserv_async.h

@@ -0,0 +1,40 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Header for asynchronous nameserver functions
+  */
+
+
+#ifndef GOT_NAMESERV_ASYNC_H
+#define GOT_NAMESERV_ASYNC_H
+
+#include "nameserv.h"
+
+/* Function type for callback to process the result */
+typedef void (*DNS_NameResolveHandler)(DNS_Status status, int n_addrs, IPAddr *ip_addrs, void *anything);
+
+/* Request resolving of a name to IP address. The handler will be
+   called when the result is available. */
+extern void DNS_Name2IPAddressAsync(const char *name, DNS_NameResolveHandler handler, void *anything);
+
+#endif

ntp.h

@@ -38,7 +38,30 @@ typedef struct {
 
 typedef uint32_t NTP_int32;
 
-#define MAX_NTP_AUTH_DATA_LEN MAX_HASH_LENGTH
+/* The UDP port number used by NTP */
+#define NTP_PORT 123
+
+/* The NTP protocol version that we support */
+#define NTP_VERSION 4
+
+/* Maximum stratum number (infinity) */
+#define NTP_MAX_STRATUM 16
+
+/* The minimum valid length of an extension field */
+#define NTP_MIN_EXTENSION_LENGTH 16
+
+/* The maximum assumed length of all extension fields in received
+   packets (RFC 5905 doesn't specify a limit on length or number of
+   extension fields in one packet) */
+#define NTP_MAX_EXTENSIONS_LENGTH 1024
+
+/* The minimum and maximum supported length of MAC */
+#define NTP_MIN_MAC_LENGTH (4 + 16)
+#define NTP_MAX_MAC_LENGTH (4 + MAX_HASH_LENGTH)
+
+/* The maximum length of MAC in NTPv4 packets which allows deterministic
+   parsing of extension fields (RFC 7822) */
+#define NTP_MAX_V4_MAC_LENGTH (4 + 20)
 
 /* Type definition for leap bits */
 typedef enum {
@@ -69,24 +92,48 @@ typedef struct {
   NTP_int64 originate_ts;
   NTP_int64 receive_ts;
   NTP_int64 transmit_ts;
+
+  /* Optional extension fields, we don't send packets with them yet */
+  /* uint8_t extensions[] */
+
+  /* Optional message authentication code (MAC) */
   NTP_int32 auth_keyid;
-  uint8_t auth_data[MAX_NTP_AUTH_DATA_LEN];
+  uint8_t auth_data[NTP_MAX_MAC_LENGTH - 4];
 } NTP_Packet;
 
-/* We have to declare a buffer type to hold a datagram read from the
-   network.  Even though we won't be using them (yet?!), this must be
-   large enough to hold NTP control messages. */
+#define NTP_NORMAL_PACKET_LENGTH (int)offsetof(NTP_Packet, auth_keyid)
 
-/* Define the maximum number of bytes that can be read in a single
-   message.  (This is cribbed from ntp.h in the xntpd source code). */
-
-#define MAX_NTP_MESSAGE_SIZE (468+12+16+4)
-
-typedef union {
+/* The buffer used to hold a datagram read from the network */
+typedef struct {
   NTP_Packet ntp_pkt;
-  uint8_t arbitrary[MAX_NTP_MESSAGE_SIZE];
-} ReceiveBuffer;
+  uint8_t extensions[NTP_MAX_EXTENSIONS_LENGTH];
+} NTP_Receive_Buffer;
 
-#define NTP_NORMAL_PACKET_SIZE offsetof(NTP_Packet, auth_keyid)
+/* Macros to work with the lvm field */
+#define NTP_LVM_TO_LEAP(lvm) (((lvm) >> 6) & 0x3)
+#define NTP_LVM_TO_VERSION(lvm) (((lvm) >> 3) & 0x7)
+#define NTP_LVM_TO_MODE(lvm) ((lvm) & 0x7)
+#define NTP_LVM(leap, version, mode) \
+  ((((leap) << 6) & 0xc0) | (((version) << 3) & 0x38) | ((mode) & 0x07))
+
+/* Special NTP reference IDs */
+#define NTP_REFID_UNSYNC 0x0UL
+#define NTP_REFID_LOCAL 0x7F7F0101UL /* 127.127.1.1 */
+#define NTP_REFID_SMOOTH 0x7F7F01FFUL /* 127.127.1.255 */
+
+/* Structure used to save NTP measurements.  time is the local time at which
+   the sample is to be considered to have been made and offset is the offset at
+   the time (positive indicates that the local clock is slow relative to the
+   source).  root_delay/root_dispersion include peer_delay/peer_dispersion. */
+typedef struct {
+  struct timespec time;
+  double offset;
+  double peer_delay;
+  double peer_dispersion;
+  double root_delay;
+  double root_dispersion;
+  int stratum;
+  NTP_Leap leap;
+} NTP_Sample;
 
 #endif /* GOT_NTP_H */

ntp_core.h

@@ -38,6 +38,18 @@ typedef enum {
   NTP_SERVER, NTP_PEER
 } NTP_Source_Type;
 
+typedef enum {
+  NTP_TS_DAEMON = 0,
+  NTP_TS_KERNEL,
+  NTP_TS_HARDWARE
+} NTP_Timestamp_Source;
+
+typedef struct {
+  struct timespec ts;
+  double err;
+  NTP_Timestamp_Source source;
+} NTP_Local_Timestamp;
+
 /* This is a private data type used for storing the instance record for
    each source that we are chiming with */
 typedef struct NCR_Instance_Record *NCR_Instance;
@@ -52,23 +64,44 @@ extern NCR_Instance NCR_GetInstance(NTP_Remote_Address *remote_addr, NTP_Source_
 /* Destroy an instance */
 extern void NCR_DestroyInstance(NCR_Instance instance);
 
+/* Start an instance */
+extern void NCR_StartInstance(NCR_Instance instance);
+
+/* Reset an instance */
+extern void NCR_ResetInstance(NCR_Instance inst);
+
+/* Reset polling interval of an instance */
+extern void NCR_ResetPoll(NCR_Instance instance);
+
+/* Change the remote address of an instance */
+extern void NCR_ChangeRemoteAddress(NCR_Instance inst, NTP_Remote_Address *remote_addr);
+
 /* This routine is called when a new packet arrives off the network,
    and it relates to a source we have an ongoing protocol exchange with */
-extern void NCR_ProcessKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data, int length);
+extern int NCR_ProcessRxKnown(NCR_Instance inst, NTP_Local_Address *local_addr,
+                              NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length);
 
 /* This routine is called when a new packet arrives off the network,
    and we do not recognize its source */
-extern void NCR_ProcessUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr, int length);
+extern void NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                                 NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length);
+
+/* This routine is called when a packet is sent to a source we have
+   an ongoing protocol exchange with */
+extern void NCR_ProcessTxKnown(NCR_Instance inst, NTP_Local_Address *local_addr,
+                               NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length);
+
+/* This routine is called when a packet is sent to a destination we
+   do not recognize */
+extern void NCR_ProcessTxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                                 NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length);
 
 /* Slew receive and transmit times in instance records */
-extern void NCR_SlewTimes(NCR_Instance inst, struct timeval *when, double dfreq, double doffset);
+extern void NCR_SlewTimes(NCR_Instance inst, struct timespec *when, double dfreq, double doffset);
 
-/* Take a particular source online (i.e. start sampling it) */
-extern void NCR_TakeSourceOnline(NCR_Instance inst);
-
-/* Take a particular source offline (i.e. stop sampling it, without
-   marking it unreachable in the source selection stuff) */
-extern void NCR_TakeSourceOffline(NCR_Instance inst);
+/* Take a particular source online (i.e. start sampling it) or offline
+   (i.e. stop sampling it) */
+extern void NCR_SetConnectivity(NCR_Instance inst, SRC_Connectivity connectivity);
 
 extern void NCR_ModifyMinpoll(NCR_Instance inst, int new_minpoll);
 
@@ -86,7 +119,8 @@ extern void NCR_ModifyPolltarget(NCR_Instance inst, int new_poll_target);
 
 extern void NCR_InitiateSampleBurst(NCR_Instance inst, int n_good_samples, int n_total_samples);
 
-extern void NCR_ReportSource(NCR_Instance inst, RPT_SourceReport *report, struct timeval *now);
+extern void NCR_ReportSource(NCR_Instance inst, RPT_SourceReport *report, struct timespec *now);
+extern void NCR_GetNTPReport(NCR_Instance inst, RPT_NTPReport *report);
 
 extern int NCR_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all);
 extern int NCR_CheckAccessRestriction(IPAddr *ip_addr);
@@ -96,6 +130,10 @@ extern void NCR_IncrementActivityCounters(NCR_Instance inst, int *online, int *o
 
 extern NTP_Remote_Address *NCR_GetRemoteAddress(NCR_Instance instance);
 
+extern uint32_t NCR_GetLocalRefid(NCR_Instance inst);
+
 extern int NCR_IsSyncPeer(NCR_Instance instance);
 
+extern void NCR_AddBroadcastDestination(IPAddr *addr, unsigned short port, int interval);
+
 #endif /* GOT_NTP_CORE_H */

ntp_io.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -37,13 +38,26 @@ extern void NIO_Initialise(int family);
 /* Function to finalise the module */
 extern void NIO_Finalise(void);
 
+/* Function to obtain a socket for sending client packets */
+extern int NIO_OpenClientSocket(NTP_Remote_Address *remote_addr);
+
+/* Function to obtain a socket for sending server/peer packets */
+extern int NIO_OpenServerSocket(NTP_Remote_Address *remote_addr);
+
+/* Function to close a socket returned by NIO_OpenClientSocket() */
+extern void NIO_CloseClientSocket(int sock_fd);
+
+/* Function to close a socket returned by NIO_OpenServerSocket() */
+extern void NIO_CloseServerSocket(int sock_fd);
+
+/* Function to check if socket is a server socket */
+extern int NIO_IsServerSocket(int sock_fd);
+
+/* Function to check if client packets can be sent to a server */
+extern int NIO_IsServerConnectable(NTP_Remote_Address *remote_addr);
+
 /* Function to transmit a packet */
-extern void NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr);
-
-/* Function to transmit an authenticated packet */
-extern void NIO_SendAuthenticatedPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr, int auth_len);
-
-/* Function to send a datagram to a remote machine's UDP echo port. */
-extern void NIO_SendEcho(NTP_Remote_Address *remote_addr);
+extern int NIO_SendPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr,
+                          NTP_Local_Address *local_addr, int length, int process_tx);
 
 #endif /* GOT_NTP_IO_H */

ntp_io_linux.c

@@ -0,0 +1,867 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016-2018
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Functions for NTP I/O specific to Linux
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include <ifaddrs.h>
+#include <linux/errqueue.h>
+#include <linux/ethtool.h>
+#include <linux/net_tstamp.h>
+#include <linux/sockios.h>
+#include <net/if.h>
+
+#include "array.h"
+#include "conf.h"
+#include "hwclock.h"
+#include "local.h"
+#include "logging.h"
+#include "ntp_core.h"
+#include "ntp_io.h"
+#include "ntp_io_linux.h"
+#include "ntp_sources.h"
+#include "sched.h"
+#include "sys_linux.h"
+#include "util.h"
+
+union sockaddr_in46 {
+  struct sockaddr_in in4;
+#ifdef FEAT_IPV6
+  struct sockaddr_in6 in6;
+#endif
+  struct sockaddr u;
+};
+
+struct Interface {
+  char name[IF_NAMESIZE];
+  int if_index;
+  int phc_fd;
+  int phc_mode;
+  int phc_nocrossts;
+  /* Link speed in mbit/s */
+  int link_speed;
+  /* Start of UDP data at layer 2 for IPv4 and IPv6 */
+  int l2_udp4_ntp_start;
+  int l2_udp6_ntp_start;
+  /* Precision of PHC readings */
+  double precision;
+  /* Compensation of errors in TX and RX timestamping */
+  double tx_comp;
+  double rx_comp;
+  HCL_Instance clock;
+};
+
+/* Number of PHC readings per HW clock sample */
+#define PHC_READINGS 10
+
+/* Minimum interval between PHC readings */
+#define MIN_PHC_POLL -6
+
+/* Maximum acceptable offset between HW and daemon/kernel timestamp */
+#define MAX_TS_DELAY 1.0
+
+/* Array of Interfaces */
+static ARR_Instance interfaces;
+
+/* RX/TX and TX-specific timestamping socket options */
+static int ts_flags;
+static int ts_tx_flags;
+
+/* Flag indicating the socket options can't be changed in control messages */
+static int permanent_ts_options;
+
+/* When sending client requests to a close and fast server, it is possible that
+   a response will be received before the HW transmit timestamp of the request
+   itself.  To avoid processing of the response without the HW timestamp, we
+   monitor events returned by select() and suspend reading of packets from the
+   receive queue for up to 200 microseconds.  As the requests are normally
+   separated by at least 200 milliseconds, it is sufficient to monitor and
+   suspend one socket at a time. */
+static int monitored_socket;
+static int suspended_socket;
+static SCH_TimeoutID resume_timeout_id;
+
+#define RESUME_TIMEOUT 200.0e-6
+
+/* Unbound socket keeping the kernel RX timestamping permanently enabled
+   in order to avoid a race condition between receiving a server response
+   and the kernel actually starting to timestamp received packets after
+   enabling the timestamping and sending a request */
+static int dummy_rxts_socket;
+
+#define INVALID_SOCK_FD -3
+
+/* ================================================== */
+
+static int
+add_interface(CNF_HwTsInterface *conf_iface)
+{
+  struct ethtool_ts_info ts_info;
+  struct hwtstamp_config ts_config;
+  struct ifreq req;
+  int sock_fd, if_index, phc_fd, req_hwts_flags;
+  unsigned int i;
+  struct Interface *iface;
+
+  /* Check if the interface was not already added */
+  for (i = 0; i < ARR_GetSize(interfaces); i++) {
+    if (!strcmp(conf_iface->name, ((struct Interface *)ARR_GetElement(interfaces, i))->name))
+      return 1;
+  }
+
+  sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+  if (sock_fd < 0)
+    return 0;
+
+  memset(&req, 0, sizeof (req));
+  memset(&ts_info, 0, sizeof (ts_info));
+
+  if (snprintf(req.ifr_name, sizeof (req.ifr_name), "%s", conf_iface->name) >=
+      sizeof (req.ifr_name)) {
+    close(sock_fd);
+    return 0;
+  }
+
+  if (ioctl(sock_fd, SIOCGIFINDEX, &req)) {
+    DEBUG_LOG("ioctl(%s) failed : %s", "SIOCGIFINDEX", strerror(errno));
+    close(sock_fd);
+    return 0;
+  }
+
+  if_index = req.ifr_ifindex;
+
+  ts_info.cmd = ETHTOOL_GET_TS_INFO;
+  req.ifr_data = (char *)&ts_info;
+
+  if (ioctl(sock_fd, SIOCETHTOOL, &req)) {
+    DEBUG_LOG("ioctl(%s) failed : %s", "SIOCETHTOOL", strerror(errno));
+    close(sock_fd);
+    return 0;
+  }
+
+  req_hwts_flags = SOF_TIMESTAMPING_RX_HARDWARE | SOF_TIMESTAMPING_TX_HARDWARE |
+                   SOF_TIMESTAMPING_RAW_HARDWARE;
+  if ((ts_info.so_timestamping & req_hwts_flags) != req_hwts_flags) {
+    DEBUG_LOG("HW timestamping not supported on %s", req.ifr_name);
+    close(sock_fd);
+    return 0;
+  }
+
+  if (ts_info.phc_index < 0) {
+    DEBUG_LOG("PHC missing on %s", req.ifr_name);
+    close(sock_fd);
+    return 0;
+  }
+
+  ts_config.flags = 0;
+  ts_config.tx_type = HWTSTAMP_TX_ON;
+
+  switch (conf_iface->rxfilter) {
+    case CNF_HWTS_RXFILTER_ANY:
+#ifdef HAVE_LINUX_TIMESTAMPING_RXFILTER_NTP
+      if (ts_info.rx_filters & (1 << HWTSTAMP_FILTER_NTP_ALL))
+        ts_config.rx_filter = HWTSTAMP_FILTER_NTP_ALL;
+      else
+#endif
+      if (ts_info.rx_filters & (1 << HWTSTAMP_FILTER_ALL))
+        ts_config.rx_filter = HWTSTAMP_FILTER_ALL;
+      else
+        ts_config.rx_filter = HWTSTAMP_FILTER_NONE;
+      break;
+    case CNF_HWTS_RXFILTER_NONE:
+      ts_config.rx_filter = HWTSTAMP_FILTER_NONE;
+      break;
+#ifdef HAVE_LINUX_TIMESTAMPING_RXFILTER_NTP
+    case CNF_HWTS_RXFILTER_NTP:
+      ts_config.rx_filter = HWTSTAMP_FILTER_NTP_ALL;
+      break;
+#endif
+    default:
+      ts_config.rx_filter = HWTSTAMP_FILTER_ALL;
+      break;
+  }
+
+  req.ifr_data = (char *)&ts_config;
+
+  if (ioctl(sock_fd, SIOCSHWTSTAMP, &req)) {
+    DEBUG_LOG("ioctl(%s) failed : %s", "SIOCSHWTSTAMP", strerror(errno));
+    close(sock_fd);
+    return 0;
+  }
+
+  close(sock_fd);
+
+  phc_fd = SYS_Linux_OpenPHC(NULL, ts_info.phc_index);
+  if (phc_fd < 0)
+    return 0;
+
+  iface = ARR_GetNewElement(interfaces);
+
+  snprintf(iface->name, sizeof (iface->name), "%s", conf_iface->name);
+  iface->if_index = if_index;
+  iface->phc_fd = phc_fd;
+  iface->phc_mode = 0;
+  iface->phc_nocrossts = conf_iface->nocrossts;
+
+  /* Start with 1 gbit and no VLANs or IPv4/IPv6 options */
+  iface->link_speed = 1000;
+  iface->l2_udp4_ntp_start = 42;
+  iface->l2_udp6_ntp_start = 62;
+
+  iface->precision = conf_iface->precision;
+  iface->tx_comp = conf_iface->tx_comp;
+  iface->rx_comp = conf_iface->rx_comp;
+
+  iface->clock = HCL_CreateInstance(conf_iface->min_samples, conf_iface->max_samples,
+                                    UTI_Log2ToDouble(MAX(conf_iface->minpoll, MIN_PHC_POLL)));
+
+  LOG(LOGS_INFO, "Enabled HW timestamping %son %s",
+      ts_config.rx_filter == HWTSTAMP_FILTER_NONE ? "(TX only) " : "", iface->name);
+
+  return 1;
+}
+
+/* ================================================== */
+
+static int
+add_all_interfaces(CNF_HwTsInterface *conf_iface_all)
+{
+  CNF_HwTsInterface conf_iface;
+  struct ifaddrs *ifaddr, *ifa;
+  int r;
+
+  conf_iface = *conf_iface_all;
+
+  if (getifaddrs(&ifaddr)) {
+    DEBUG_LOG("getifaddrs() failed : %s", strerror(errno));
+    return 0;
+  }
+
+  for (r = 0, ifa = ifaddr; ifa; ifa = ifa->ifa_next) {
+    conf_iface.name = ifa->ifa_name;
+    if (add_interface(&conf_iface))
+      r = 1;
+  }
+  
+  freeifaddrs(ifaddr);
+
+  /* Return success if at least one interface was added */
+  return r;
+}
+
+/* ================================================== */
+
+static void
+update_interface_speed(struct Interface *iface)
+{
+  struct ethtool_cmd cmd;
+  struct ifreq req;
+  int sock_fd, link_speed;
+
+  sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+  if (sock_fd < 0)
+    return;
+
+  memset(&req, 0, sizeof (req));
+  memset(&cmd, 0, sizeof (cmd));
+
+  snprintf(req.ifr_name, sizeof (req.ifr_name), "%s", iface->name);
+  cmd.cmd = ETHTOOL_GSET;
+  req.ifr_data = (char *)&cmd;
+
+  if (ioctl(sock_fd, SIOCETHTOOL, &req)) {
+    DEBUG_LOG("ioctl(%s) failed : %s", "SIOCETHTOOL", strerror(errno));
+    close(sock_fd);
+    return;
+  }
+
+  close(sock_fd);
+
+  link_speed = ethtool_cmd_speed(&cmd);
+
+  if (iface->link_speed != link_speed) {
+    iface->link_speed = link_speed;
+    DEBUG_LOG("Updated speed of %s to %d Mb/s", iface->name, link_speed);
+  }
+}
+
+/* ================================================== */
+
+#if defined(HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO) || defined(HAVE_LINUX_TIMESTAMPING_OPT_TX_SWHW)
+static int
+check_timestamping_option(int option)
+{
+  int sock_fd;
+
+  sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+  if (sock_fd < 0)
+    return 0;
+
+  if (setsockopt(sock_fd, SOL_SOCKET, SO_TIMESTAMPING, &option, sizeof (option)) < 0) {
+    DEBUG_LOG("Could not enable timestamping option %x", (unsigned int)option);
+    close(sock_fd);
+    return 0;
+  }
+
+  close(sock_fd);
+  return 1;
+}
+#endif
+
+/* ================================================== */
+
+static int
+open_dummy_socket(void)
+{
+  int sock_fd, events = 0;
+
+  if ((sock_fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0
+#ifdef FEAT_IPV6
+      && (sock_fd = socket(AF_INET6, SOCK_DGRAM, 0)) < 0
+#endif
+     )
+    return INVALID_SOCK_FD;
+
+  if (!NIO_Linux_SetTimestampSocketOptions(sock_fd, 1, &events)) {
+    close(sock_fd);
+    return INVALID_SOCK_FD;
+  }
+
+  UTI_FdSetCloexec(sock_fd);
+  return sock_fd;
+}
+
+/* ================================================== */
+
+void
+NIO_Linux_Initialise(void)
+{
+  CNF_HwTsInterface *conf_iface;
+  unsigned int i;
+  int hwts;
+
+  interfaces = ARR_CreateInstance(sizeof (struct Interface));
+
+  /* Enable HW timestamping on specified interfaces.  If "*" was specified, try
+     all interfaces.  If no interface was specified, enable SW timestamping. */
+
+  for (i = hwts = 0; CNF_GetHwTsInterface(i, &conf_iface); i++) {
+    if (!strcmp("*", conf_iface->name))
+      continue;
+    if (!add_interface(conf_iface))
+      LOG_FATAL("Could not enable HW timestamping on %s", conf_iface->name);
+    hwts = 1;
+  }
+
+  for (i = 0; CNF_GetHwTsInterface(i, &conf_iface); i++) {
+    if (strcmp("*", conf_iface->name))
+      continue;
+    if (add_all_interfaces(conf_iface))
+      hwts = 1;
+    break;
+  }
+
+  ts_flags = SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_RX_SOFTWARE;
+  ts_tx_flags = SOF_TIMESTAMPING_TX_SOFTWARE;
+
+  if (hwts) {
+    ts_flags |= SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_RX_HARDWARE;
+    ts_tx_flags |= SOF_TIMESTAMPING_TX_HARDWARE;
+#ifdef HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO
+    if (check_timestamping_option(SOF_TIMESTAMPING_OPT_PKTINFO))
+      ts_flags |= SOF_TIMESTAMPING_OPT_PKTINFO;
+#endif
+#ifdef HAVE_LINUX_TIMESTAMPING_OPT_TX_SWHW
+    if (check_timestamping_option(SOF_TIMESTAMPING_OPT_TX_SWHW))
+      ts_flags |= SOF_TIMESTAMPING_OPT_TX_SWHW;
+#endif
+  }
+
+  /* Enable IP_PKTINFO in messages looped back to the error queue */
+  ts_flags |= SOF_TIMESTAMPING_OPT_CMSG;
+
+  /* Kernels before 4.7 ignore timestamping flags set in control messages */
+  permanent_ts_options = !SYS_Linux_CheckKernelVersion(4, 7);
+
+  monitored_socket = INVALID_SOCK_FD;
+  suspended_socket = INVALID_SOCK_FD;
+  dummy_rxts_socket = INVALID_SOCK_FD;
+}
+
+/* ================================================== */
+
+void
+NIO_Linux_Finalise(void)
+{
+  struct Interface *iface;
+  unsigned int i;
+
+  if (dummy_rxts_socket != INVALID_SOCK_FD)
+    close(dummy_rxts_socket);
+
+  for (i = 0; i < ARR_GetSize(interfaces); i++) {
+    iface = ARR_GetElement(interfaces, i);
+    HCL_DestroyInstance(iface->clock);
+    close(iface->phc_fd);
+  }
+
+  ARR_DestroyInstance(interfaces);
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_SetTimestampSocketOptions(int sock_fd, int client_only, int *events)
+{
+  int val, flags;
+
+  if (!ts_flags)
+    return 0;
+
+  /* Enable SCM_TIMESTAMPING control messages and the socket's error queue in
+     order to receive our transmitted packets with more accurate timestamps */
+
+  val = 1;
+  flags = ts_flags;
+
+  if (client_only || permanent_ts_options)
+    flags |= ts_tx_flags;
+
+  if (setsockopt(sock_fd, SOL_SOCKET, SO_SELECT_ERR_QUEUE, &val, sizeof (val)) < 0) {
+    LOG(LOGS_ERR, "Could not set %s socket option", "SO_SELECT_ERR_QUEUE");
+    ts_flags = 0;
+    return 0;
+  }
+
+  if (setsockopt(sock_fd, SOL_SOCKET, SO_TIMESTAMPING, &flags, sizeof (flags)) < 0) {
+    LOG(LOGS_ERR, "Could not set %s socket option", "SO_TIMESTAMPING");
+    ts_flags = 0;
+    return 0;
+  }
+
+  *events |= SCH_FILE_EXCEPTION;
+  return 1;
+}
+
+/* ================================================== */
+
+static void
+resume_socket(int sock_fd)
+{
+  if (monitored_socket == sock_fd)
+    monitored_socket = INVALID_SOCK_FD;
+
+  if (sock_fd == INVALID_SOCK_FD || sock_fd != suspended_socket)
+    return;
+
+  suspended_socket = INVALID_SOCK_FD;
+
+  SCH_SetFileHandlerEvent(sock_fd, SCH_FILE_INPUT, 1);
+
+  DEBUG_LOG("Resumed RX processing %s timeout fd=%d",
+            resume_timeout_id ? "before" : "on", sock_fd);
+
+  if (resume_timeout_id) {
+    SCH_RemoveTimeout(resume_timeout_id);
+    resume_timeout_id = 0;
+  }
+}
+
+/* ================================================== */
+
+static void
+resume_timeout(void *arg)
+{
+  resume_timeout_id = 0;
+  resume_socket(suspended_socket);
+}
+
+/* ================================================== */
+
+static void
+suspend_socket(int sock_fd)
+{
+  resume_socket(suspended_socket);
+
+  suspended_socket = sock_fd;
+
+  SCH_SetFileHandlerEvent(suspended_socket, SCH_FILE_INPUT, 0);
+  resume_timeout_id = SCH_AddTimeoutByDelay(RESUME_TIMEOUT, resume_timeout, NULL);
+
+  DEBUG_LOG("Suspended RX processing fd=%d", sock_fd);
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_ProcessEvent(int sock_fd, int event)
+{
+  if (sock_fd != monitored_socket)
+    return 0;
+
+  if (event == SCH_FILE_INPUT) {
+    suspend_socket(monitored_socket);
+    monitored_socket = INVALID_SOCK_FD;
+
+    /* Don't process the message yet */
+    return 1;
+  }
+
+  return 0;
+}
+
+/* ================================================== */
+
+static struct Interface *
+get_interface(int if_index)
+{
+  struct Interface *iface;
+  unsigned int i;
+
+  for (i = 0; i < ARR_GetSize(interfaces); i++) {
+    iface = ARR_GetElement(interfaces, i);
+    if (iface->if_index != if_index)
+      continue;
+
+    return iface;
+  }
+
+  return NULL;
+}
+
+/* ================================================== */
+
+static void
+process_hw_timestamp(struct Interface *iface, struct timespec *hw_ts,
+                     NTP_Local_Timestamp *local_ts, int rx_ntp_length, int family,
+                     int l2_length)
+{
+  struct timespec sample_phc_ts, sample_sys_ts, sample_local_ts, ts;
+  double rx_correction, ts_delay, phc_err, local_err;
+
+  if (HCL_NeedsNewSample(iface->clock, &local_ts->ts)) {
+    if (!SYS_Linux_GetPHCSample(iface->phc_fd, iface->phc_nocrossts, iface->precision,
+                                &iface->phc_mode, &sample_phc_ts, &sample_sys_ts,
+                                &phc_err))
+      return;
+
+    LCL_CookTime(&sample_sys_ts, &sample_local_ts, &local_err);
+    HCL_AccumulateSample(iface->clock, &sample_phc_ts, &sample_local_ts,
+                         phc_err + local_err);
+
+    update_interface_speed(iface);
+  }
+
+  /* We need to transpose RX timestamps as hardware timestamps are normally
+     preamble timestamps and RX timestamps in NTP are supposed to be trailer
+     timestamps.  If we don't know the length of the packet at layer 2, we
+     make an assumption that UDP data start at the same position as in the
+     last transmitted packet which had a HW TX timestamp. */
+  if (rx_ntp_length && iface->link_speed) {
+    if (!l2_length)
+      l2_length = (family == IPADDR_INET4 ? iface->l2_udp4_ntp_start :
+                   iface->l2_udp6_ntp_start) + rx_ntp_length;
+
+    /* Include the frame check sequence (FCS) */
+    l2_length += 4;
+
+    rx_correction = l2_length / (1.0e6 / 8 * iface->link_speed);
+
+    UTI_AddDoubleToTimespec(hw_ts, rx_correction, hw_ts);
+  }
+
+  if (!HCL_CookTime(iface->clock, hw_ts, &ts, &local_err))
+    return;
+
+  if (!rx_ntp_length && iface->tx_comp)
+    UTI_AddDoubleToTimespec(&ts, iface->tx_comp, &ts);
+  else if (rx_ntp_length && iface->rx_comp)
+    UTI_AddDoubleToTimespec(&ts, -iface->rx_comp, &ts);
+
+  ts_delay = UTI_DiffTimespecsToDouble(&local_ts->ts, &ts);
+
+  if (fabs(ts_delay) > MAX_TS_DELAY) {
+    DEBUG_LOG("Unacceptable timestamp delay %.9f", ts_delay);
+    return;
+  }
+
+  local_ts->ts = ts;
+  local_ts->err = local_err;
+  local_ts->source = NTP_TS_HARDWARE;
+}
+
+/* ================================================== */
+/* Extract UDP data from a layer 2 message.  Supported is Ethernet
+   with optional VLAN tags. */
+
+static int
+extract_udp_data(unsigned char *msg, NTP_Remote_Address *remote_addr, int len)
+{
+  unsigned char *msg_start = msg;
+  union sockaddr_in46 addr;
+
+  remote_addr->ip_addr.family = IPADDR_UNSPEC;
+  remote_addr->port = 0;
+
+  /* Skip MACs */
+  if (len < 12)
+    return 0;
+  len -= 12, msg += 12;
+
+  /* Skip VLAN tag(s) if present */
+  while (len >= 4 && msg[0] == 0x81 && msg[1] == 0x00)
+    len -= 4, msg += 4;
+
+  /* Skip IPv4 or IPv6 ethertype */
+  if (len < 2 || !((msg[0] == 0x08 && msg[1] == 0x00) ||
+                   (msg[0] == 0x86 && msg[1] == 0xdd)))
+    return 0;
+  len -= 2, msg += 2;
+
+  /* Parse destination address and port from IPv4/IPv6 and UDP headers */
+  if (len >= 20 && msg[0] >> 4 == 4) {
+    int ihl = (msg[0] & 0xf) * 4;
+
+    if (len < ihl + 8 || msg[9] != 17)
+      return 0;
+
+    memcpy(&addr.in4.sin_addr.s_addr, msg + 16, sizeof (uint32_t));
+    addr.in4.sin_port = *(uint16_t *)(msg + ihl + 2);
+    addr.in4.sin_family = AF_INET;
+    len -= ihl + 8, msg += ihl + 8;
+#ifdef FEAT_IPV6
+  } else if (len >= 48 && msg[0] >> 4 == 6) {
+    int eh_len, next_header = msg[6];
+
+    memcpy(&addr.in6.sin6_addr.s6_addr, msg + 24, 16);
+    len -= 40, msg += 40;
+
+    /* Skip IPv6 extension headers if present */
+    while (next_header != 17) {
+      switch (next_header) {
+        case 44:  /* Fragment Header */
+          /* Process only the first fragment */
+          if (ntohs(*(uint16_t *)(msg + 2)) >> 3 != 0)
+            return 0;
+          eh_len = 8;
+          break;
+        case 0:   /* Hop-by-Hop Options */
+        case 43:  /* Routing Header */
+        case 60:  /* Destination Options */
+        case 135: /* Mobility Header */
+          eh_len = 8 * (msg[1] + 1);
+          break;
+        case 51:  /* Authentication Header */
+          eh_len = 4 * (msg[1] + 2);
+          break;
+        default:
+          return 0;
+      }
+
+      if (eh_len < 8 || len < eh_len + 8)
+        return 0;
+
+      next_header = msg[0];
+      len -= eh_len, msg += eh_len;
+    }
+
+    addr.in6.sin6_port = *(uint16_t *)(msg + 2);
+    addr.in6.sin6_family = AF_INET6;
+    len -= 8, msg += 8;
+#endif
+  } else {
+    return 0;
+  }
+
+  UTI_SockaddrToIPAndPort(&addr.u, &remote_addr->ip_addr, &remote_addr->port);
+
+  /* Move the message to fix alignment of its fields */
+  if (len > 0)
+    memmove(msg_start, msg, len);
+
+  return len;
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_ProcessMessage(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                         NTP_Local_Timestamp *local_ts, struct msghdr *hdr, int length)
+{
+  struct Interface *iface;
+  struct cmsghdr *cmsg;
+  int is_tx, ts_if_index, l2_length;
+
+  is_tx = hdr->msg_flags & MSG_ERRQUEUE;
+  iface = NULL;
+  ts_if_index = local_addr->if_index;
+  l2_length = 0;
+
+  for (cmsg = CMSG_FIRSTHDR(hdr); cmsg; cmsg = CMSG_NXTHDR(hdr, cmsg)) {
+#ifdef HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO
+    if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING_PKTINFO) {
+      struct scm_ts_pktinfo ts_pktinfo;
+
+      memcpy(&ts_pktinfo, CMSG_DATA(cmsg), sizeof (ts_pktinfo));
+
+      ts_if_index = ts_pktinfo.if_index;
+      l2_length = ts_pktinfo.pkt_length;
+
+      DEBUG_LOG("Received HW timestamp info if=%d length=%d", ts_if_index, l2_length);
+    }
+#endif
+
+    if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING) {
+      struct scm_timestamping ts3;
+
+      memcpy(&ts3, CMSG_DATA(cmsg), sizeof (ts3));
+
+      if (!UTI_IsZeroTimespec(&ts3.ts[2])) {
+        iface = get_interface(ts_if_index);
+        if (iface) {
+          process_hw_timestamp(iface, &ts3.ts[2], local_ts, !is_tx ? length : 0,
+                               remote_addr->ip_addr.family, l2_length);
+        } else {
+          DEBUG_LOG("HW clock not found for interface %d", ts_if_index);
+        }
+
+        /* If a HW transmit timestamp was received, resume processing
+           of non-error messages on this socket */
+        if (is_tx)
+          resume_socket(local_addr->sock_fd);
+      }
+
+      if (local_ts->source == NTP_TS_DAEMON && !UTI_IsZeroTimespec(&ts3.ts[0]) &&
+          (!is_tx || UTI_IsZeroTimespec(&ts3.ts[2]))) {
+        LCL_CookTime(&ts3.ts[0], &local_ts->ts, &local_ts->err);
+        local_ts->source = NTP_TS_KERNEL;
+      }
+    }
+
+    if ((cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) ||
+        (cmsg->cmsg_level == SOL_IPV6 && cmsg->cmsg_type == IPV6_RECVERR)) {
+      struct sock_extended_err err;
+
+      memcpy(&err, CMSG_DATA(cmsg), sizeof (err));
+
+      if (err.ee_errno != ENOMSG || err.ee_info != SCM_TSTAMP_SND ||
+          err.ee_origin != SO_EE_ORIGIN_TIMESTAMPING) {
+        DEBUG_LOG("Unknown extended error");
+        /* Drop the message */
+        return 1;
+      }
+    }
+  }
+
+  /* If the kernel is slow with enabling RX timestamping, open a dummy
+     socket to keep the kernel RX timestamping permanently enabled */
+  if (!is_tx && local_ts->source == NTP_TS_DAEMON && ts_flags) {
+    DEBUG_LOG("Missing kernel RX timestamp");
+    if (dummy_rxts_socket == INVALID_SOCK_FD)
+      dummy_rxts_socket = open_dummy_socket();
+  }
+
+  /* Return the message if it's not received from the error queue */
+  if (!is_tx)
+    return 0;
+
+  /* The data from the error queue includes all layers up to UDP.  We have to
+     extract the UDP data and also the destination address with port as there
+     currently doesn't seem to be a better way to get them both. */
+  l2_length = length;
+  length = extract_udp_data(hdr->msg_iov[0].iov_base, remote_addr, length);
+
+  DEBUG_LOG("Received %d (%d) bytes from error queue for %s:%d fd=%d if=%d tss=%u",
+            l2_length, length, UTI_IPToString(&remote_addr->ip_addr), remote_addr->port,
+            local_addr->sock_fd, local_addr->if_index, local_ts->source);
+
+  /* Update assumed position of UDP data at layer 2 for next received packet */
+  if (iface && length) {
+    if (remote_addr->ip_addr.family == IPADDR_INET4)
+      iface->l2_udp4_ntp_start = l2_length - length;
+    else if (remote_addr->ip_addr.family == IPADDR_INET6)
+      iface->l2_udp6_ntp_start = l2_length - length;
+  }
+
+  /* Drop the message if it has no timestamp or its processing failed */
+  if (local_ts->source == NTP_TS_DAEMON) {
+    DEBUG_LOG("Missing TX timestamp");
+    return 1;
+  }
+
+  if (length < NTP_NORMAL_PACKET_LENGTH)
+    return 1;
+
+  NSR_ProcessTx(remote_addr, local_addr, local_ts,
+                (NTP_Packet *)hdr->msg_iov[0].iov_base, length);
+
+  return 1;
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_RequestTxTimestamp(struct msghdr *msg, int cmsglen, int sock_fd)
+{
+  struct cmsghdr *cmsg;
+
+  if (!ts_flags)
+    return cmsglen;
+
+  /* If a HW transmit timestamp is requested on a client socket, monitor
+     events on the socket in order to avoid processing of a fast response
+     without the HW timestamp of the request */
+  if (ts_tx_flags & SOF_TIMESTAMPING_TX_HARDWARE && !NIO_IsServerSocket(sock_fd))
+    monitored_socket = sock_fd;
+
+  /* Check if TX timestamping is disabled on this socket */
+  if (permanent_ts_options || !NIO_IsServerSocket(sock_fd))
+    return cmsglen;
+
+  /* Add control message that will enable TX timestamping for this message.
+     Don't use CMSG_NXTHDR as the one in glibc is buggy for creating new
+     control messages. */
+  cmsg = (struct cmsghdr *)((char *)CMSG_FIRSTHDR(msg) + cmsglen);
+  memset(cmsg, 0, CMSG_SPACE(sizeof (ts_tx_flags)));
+  cmsglen += CMSG_SPACE(sizeof (ts_tx_flags));
+
+  cmsg->cmsg_level = SOL_SOCKET;
+  cmsg->cmsg_type = SO_TIMESTAMPING;
+  cmsg->cmsg_len = CMSG_LEN(sizeof (ts_tx_flags));
+
+  memcpy(CMSG_DATA(cmsg), &ts_tx_flags, sizeof (ts_tx_flags));
+
+  return cmsglen;
+}
+
+/* ================================================== */
+
+void
+NIO_Linux_NotifySocketClosing(int sock_fd)
+{
+  resume_socket(sock_fd);
+}

ntp_io_linux.h

@@ -0,0 +1,45 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  This is the header file for the Linux-specific NTP socket I/O bits.
+  */
+
+#ifndef GOT_NTP_IO_LINUX_H
+#define GOT_NTP_IO_LINUX_H
+
+extern void NIO_Linux_Initialise(void);
+
+extern void NIO_Linux_Finalise(void);
+
+extern int NIO_Linux_SetTimestampSocketOptions(int sock_fd, int client_only, int *events);
+
+extern int NIO_Linux_ProcessEvent(int sock_fd, int event);
+
+extern int NIO_Linux_ProcessMessage(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                                    NTP_Local_Timestamp *local_ts, struct msghdr *hdr, int length);
+
+extern int NIO_Linux_RequestTxTimestamp(struct msghdr *msg, int cmsglen, int sock_fd);
+
+extern void NIO_Linux_NotifySocketClosing(int sock_fd);
+
+#endif

ntp_signd.c

@@ -0,0 +1,379 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Support for MS-SNTP authentication in Samba (ntp_signd)
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "conf.h"
+#include "logging.h"
+#include "ntp_io.h"
+#include "ntp_signd.h"
+#include "sched.h"
+#include "util.h"
+
+/* Declarations per samba/source4/librpc/idl/ntp_signd.idl */
+
+#define SIGND_VERSION 0
+
+typedef enum {
+  SIGN_TO_CLIENT = 0,
+  ASK_SERVER_TO_SIGN = 1,
+  CHECK_SERVER_SIGNATURE = 2,
+  SIGNING_SUCCESS = 3,
+  SIGNING_FAILURE = 4,
+} SigndOp;
+
+typedef struct {
+  uint32_t length;
+  uint32_t version;
+  uint32_t op;
+  uint16_t packet_id;
+  uint16_t _pad;
+  uint32_t key_id;
+  NTP_Packet packet_to_sign;
+} SigndRequest;
+
+typedef struct {
+  uint32_t length;
+  uint32_t version;
+  uint32_t op;
+  uint32_t packet_id;
+  NTP_Packet signed_packet;
+} SigndResponse;
+
+typedef struct {
+  NTP_Remote_Address remote_addr;
+  NTP_Local_Address local_addr;
+
+  int sent;
+  int received;
+  int request_length;
+  struct timespec request_ts;
+  SigndRequest request;
+  SigndResponse response;
+} SignInstance;
+
+/* As the communication with ntp_signd is asynchronous, incoming packets are
+   saved in a queue in order to avoid loss when they come in bursts */
+
+#define MAX_QUEUE_LENGTH 16U
+#define NEXT_QUEUE_INDEX(index) (((index) + 1) % MAX_QUEUE_LENGTH)
+#define IS_QUEUE_EMPTY() (queue_head == queue_tail)
+
+/* Fixed-size array of SignInstance */
+static ARR_Instance queue;
+static unsigned int queue_head;
+static unsigned int queue_tail;
+
+#define INVALID_SOCK_FD -1
+
+/* Unix domain socket connected to ntp_signd */
+static int sock_fd;
+
+#define MIN_AUTH_DELAY 1.0e-5
+#define MAX_AUTH_DELAY 1.0e-2
+
+/* Average time needed for signing one packet.  This is used to adjust the
+   transmit timestamp in NTP packets.  The timestamp won't be very accurate as
+   the delay is variable, but it should be good enough for MS-SNTP clients. */
+static double auth_delay;
+
+/* Flag indicating if the MS-SNTP authentication is enabled */
+static int enabled;
+
+/* ================================================== */
+
+static void read_write_socket(int sock_fd, int event, void *anything);
+
+/* ================================================== */
+
+static void
+close_socket(void)
+{
+  SCH_RemoveFileHandler(sock_fd);
+  close(sock_fd);
+  sock_fd = INVALID_SOCK_FD;
+
+  /* Empty the queue */
+  queue_head = queue_tail = 0;
+}
+
+/* ================================================== */
+
+static int
+open_socket(void)
+{
+  struct sockaddr_un s;
+
+  if (sock_fd >= 0)
+    return 1;
+
+  sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (sock_fd < 0) {
+    DEBUG_LOG("Could not open signd socket : %s", strerror(errno));
+    return 0;
+  }
+
+  UTI_FdSetCloexec(sock_fd);
+  SCH_AddFileHandler(sock_fd, SCH_FILE_INPUT, read_write_socket, NULL);
+
+  s.sun_family = AF_UNIX;
+  if (snprintf(s.sun_path, sizeof (s.sun_path), "%s/socket",
+               CNF_GetNtpSigndSocket()) >= sizeof (s.sun_path)) {
+    DEBUG_LOG("signd socket path too long");
+    close_socket();
+    return 0;
+  }
+
+  if (connect(sock_fd, (struct sockaddr *)&s, sizeof (s)) < 0) {
+    DEBUG_LOG("Could not connect to signd : %s", strerror(errno));
+    close_socket();
+    return 0;
+  }
+
+  DEBUG_LOG("Connected to signd");
+
+  return 1;
+}
+
+/* ================================================== */
+
+static void
+process_response(SignInstance *inst)
+{
+  struct timespec ts;
+  double delay;
+
+  if (ntohs(inst->request.packet_id) != ntohl(inst->response.packet_id)) {
+    DEBUG_LOG("Invalid response ID");
+    return;
+  }
+
+  if (ntohl(inst->response.op) != SIGNING_SUCCESS) {
+    DEBUG_LOG("Signing failed");
+    return;
+  }
+
+  /* Check if the file descriptor is still valid */
+  if (!NIO_IsServerSocket(inst->local_addr.sock_fd)) {
+    DEBUG_LOG("Invalid NTP socket");
+    return;
+  }
+
+  SCH_GetLastEventTime(NULL, NULL, &ts);
+  delay = UTI_DiffTimespecsToDouble(&ts, &inst->request_ts);
+
+  DEBUG_LOG("Signing succeeded (delay %f)", delay);
+
+  /* Send the signed NTP packet */
+  NIO_SendPacket(&inst->response.signed_packet, &inst->remote_addr, &inst->local_addr,
+                 ntohl(inst->response.length) + sizeof (inst->response.length) -
+                 offsetof(SigndResponse, signed_packet), 0);
+
+  /* Update exponential moving average of the authentication delay */
+  delay = CLAMP(MIN_AUTH_DELAY, delay, MAX_AUTH_DELAY);
+  auth_delay += 0.1 * (delay - auth_delay);
+}
+
+/* ================================================== */
+
+static void
+read_write_socket(int sock_fd, int event, void *anything)
+{
+  SignInstance *inst;
+  uint32_t response_length;
+  int s;
+
+  inst = ARR_GetElement(queue, queue_head);
+
+  if (event == SCH_FILE_OUTPUT) {
+    assert(!IS_QUEUE_EMPTY());
+    assert(inst->sent < inst->request_length);
+
+    if (!inst->sent)
+      SCH_GetLastEventTime(NULL, NULL, &inst->request_ts);
+
+    s = send(sock_fd, (char *)&inst->request + inst->sent,
+             inst->request_length - inst->sent, 0);
+
+    if (s < 0) {
+      DEBUG_LOG("signd socket error: %s", strerror(errno));
+      close_socket();
+      return;
+    }
+
+    DEBUG_LOG("Sent %d bytes to signd", s);
+    inst->sent += s;
+
+    /* Try again later if the request is not complete yet */
+    if (inst->sent < inst->request_length)
+      return;
+
+    /* Disable output and wait for a response */
+    SCH_SetFileHandlerEvent(sock_fd, SCH_FILE_OUTPUT, 0);
+  }
+
+  if (event == SCH_FILE_INPUT) {
+    if (IS_QUEUE_EMPTY()) {
+        DEBUG_LOG("Unexpected signd response");
+        close_socket();
+        return;
+    }
+
+    assert(inst->received < sizeof (inst->response));
+    s = recv(sock_fd, (char *)&inst->response + inst->received,
+             sizeof (inst->response) - inst->received, 0);
+
+    if (s <= 0) {
+      if (s < 0)
+        DEBUG_LOG("signd socket error: %s", strerror(errno));
+      else
+        DEBUG_LOG("signd socket closed");
+
+      close_socket();
+      return;
+    }
+
+    DEBUG_LOG("Received %d bytes from signd", s);
+    inst->received += s;
+
+    if (inst->received < sizeof (inst->response.length))
+      return;
+
+    response_length = ntohl(inst->response.length) + sizeof (inst->response.length);
+
+    if (response_length < offsetof(SigndResponse, signed_packet) ||
+        response_length > sizeof (SigndResponse)) {
+      DEBUG_LOG("Invalid response length");
+      close_socket();
+      return;
+    }
+
+    /* Wait for more data if not complete yet */
+    if (inst->received < response_length)
+      return;
+
+    process_response(inst);
+
+    /* Move the head and enable output for the next packet */
+    queue_head = NEXT_QUEUE_INDEX(queue_head);
+    if (!IS_QUEUE_EMPTY())
+      SCH_SetFileHandlerEvent(sock_fd, SCH_FILE_OUTPUT, 1);
+  }
+}
+
+/* ================================================== */
+
+void
+NSD_Initialise()
+{
+  sock_fd = INVALID_SOCK_FD;
+  auth_delay = MIN_AUTH_DELAY;
+  enabled = CNF_GetNtpSigndSocket() && CNF_GetNtpSigndSocket()[0];
+
+  if (!enabled)
+    return;
+
+  queue = ARR_CreateInstance(sizeof (SignInstance));
+  ARR_SetSize(queue, MAX_QUEUE_LENGTH);
+  queue_head = queue_tail = 0;
+
+  LOG(LOGS_INFO, "MS-SNTP authentication enabled");
+}
+
+/* ================================================== */
+
+void
+NSD_Finalise()
+{
+  if (!enabled)
+    return;
+  if (sock_fd != INVALID_SOCK_FD)
+    close_socket();
+  ARR_DestroyInstance(queue);
+}
+
+/* ================================================== */
+
+extern int NSD_GetAuthDelay(uint32_t key_id)
+{
+  return 1.0e9 * auth_delay;
+}
+
+/* ================================================== */
+
+int
+NSD_SignAndSendPacket(uint32_t key_id, NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr, int length)
+{
+  SignInstance *inst;
+
+  if (!enabled) {
+    DEBUG_LOG("signd disabled");
+    return 0;
+  }
+
+  if (queue_head == NEXT_QUEUE_INDEX(queue_tail)) {
+    DEBUG_LOG("signd queue full");
+    return 0;
+  }
+
+  if (length != NTP_NORMAL_PACKET_LENGTH) {
+    DEBUG_LOG("Invalid packet length");
+    return 0;
+  }
+
+  if (!open_socket())
+    return 0;
+
+  inst = ARR_GetElement(queue, queue_tail);
+  inst->remote_addr = *remote_addr;
+  inst->local_addr = *local_addr;
+  inst->sent = 0;
+  inst->received = 0;
+  inst->request_length = offsetof(SigndRequest, packet_to_sign) + length;
+
+  /* The length field doesn't include itself */
+  inst->request.length = htonl(inst->request_length - sizeof (inst->request.length));
+  inst->request.version = htonl(SIGND_VERSION);
+  inst->request.op = htonl(SIGN_TO_CLIENT);
+  inst->request.packet_id = htons(queue_tail);
+  inst->request._pad = 0;
+  inst->request.key_id = htonl(key_id);
+
+  memcpy(&inst->request.packet_to_sign, packet, length);
+
+  /* Enable output if there was no pending request */
+  if (IS_QUEUE_EMPTY())
+    SCH_SetFileHandlerEvent(sock_fd, SCH_FILE_OUTPUT, 1);
+
+  queue_tail = NEXT_QUEUE_INDEX(queue_tail);
+
+  DEBUG_LOG("Packet added to signd queue (%u:%u)", queue_head, queue_tail);
+
+  return 1;
+}

ntp_signd.h

@@ -2,7 +2,7 @@
   chronyd/chronyc - Programs for keeping computer clocks accurate.
 
  **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -21,25 +21,24 @@
 
   =======================================================================
 
-  Header file for acquisition module
-  */
+  Header for MS-SNTP authentication via Samba (ntp_signd) */
 
-#ifndef GOT_ACQUIRE_H
-#define GOT_ACQUIRE_H
+#ifndef GOT_NTP_SIGND_H
+#define GOT_NTP_SIGND_H
 
 #include "addressing.h"
+#include "ntp.h"
 
-typedef struct ACQ_SourceRecord *ACQ_Source;
+/* Initialisation function */
+extern void NSD_Initialise(void);
 
-extern void ACQ_Initialise(void);
+/* Finalisation function */
+extern void NSD_Finalise(void);
 
-extern void ACQ_Finalise(void);
+/* Function to get an estimate of delay due to signing */
+extern int NSD_GetAuthDelay(uint32_t key_id);
 
-extern void ACQ_StartAcquisition(int n, IPAddr *ip_addrs, double init_slew_threshold,
-                                 void (*after_hook)(void *), void *anything);
+/* Function to sign an NTP packet and send it */
+extern int NSD_SignAndSendPacket(uint32_t key_id, NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr, int length);
 
-extern void ACQ_AccumulateSample(ACQ_Source acq_source, double offset, double root_distance);
-
-extern void ACQ_MissedSample(ACQ_Source acq_source);
-
-#endif /* GOT_ACQUIRE_H */
+#endif

ntp_sources.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -49,19 +50,50 @@ typedef enum {
 /* Procedure to add a new server or peer source. */
 extern NSR_Status NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type, SourceParameters *params);
 
-/* Procedure to add a new server or peer source with currently unknown address.
-   The name will be periodically resolved in exponentially increasing intervals
-   until it succeeds or fails with a non-temporary error. */
-extern void NSR_AddUnresolvedSource(char *name, int port, NTP_Source_Type type, SourceParameters *params);
+/* Procedure to add a new server, peer source, or pool of servers specified by
+   name instead of address.  The name is resolved in exponentially increasing
+   intervals until it succeeds or fails with a non-temporary error. */
+extern void NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type, SourceParameters *params);
 
-/* Procedure to try resolve unresolved sources immediately. */
+/* Function type for handlers to be called back when an attempt
+ * (possibly unsuccessful) to resolve unresolved sources ends */
+typedef void (*NSR_SourceResolvingEndHandler)(void);
+
+/* Set the handler, or NULL to disable the notification */
+extern void NSR_SetSourceResolvingEndHandler(NSR_SourceResolvingEndHandler handler);
+
+/* Procedure to start resolving unresolved sources */
 extern void NSR_ResolveSources(void);
 
+/* Procedure to start all sources */
+extern void NSR_StartSources(void);
+
+/* Start new sources automatically */
+extern void NSR_AutoStartSources(void);
+
 /* Procedure to remove a source */
 extern NSR_Status NSR_RemoveSource(NTP_Remote_Address *remote_addr);
 
+/* Procedure to remove all sources */
+extern void NSR_RemoveAllSources(void);
+
+/* Procedure to try to find a replacement for a bad source */
+extern void NSR_HandleBadSource(IPAddr *address);
+
+/* Procedure to resolve all names again */
+extern void NSR_RefreshAddresses(void);
+
+/* Procedure to get local reference ID corresponding to a source */
+extern uint32_t NSR_GetLocalRefid(IPAddr *address);
+
 /* This routine is called by ntp_io when a new packet arrives off the network */
-extern void NSR_ProcessReceive(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr, int length);
+extern void NSR_ProcessRx(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                          NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length);
+
+/* This routine is called by ntp_io when a packet was sent to the network and
+   an accurate transmit timestamp was captured */
+extern void NSR_ProcessTx(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                          NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length);
 
 /* Initialisation function */
 extern void NSR_Initialise(void);
@@ -70,14 +102,9 @@ extern void NSR_Initialise(void);
 extern void NSR_Finalise(void);
 
 /* This routine is used to indicate that sources whose IP addresses
-   match a particular subnet should be set online again.  Returns a
-   flag indicating whether any hosts matched the address */
-extern int NSR_TakeSourcesOnline(IPAddr *mask, IPAddr *address);
-
-/* This routine is used to indicate that sources whose IP addresses
-   match a particular subnet should be set offline.  Returns a flag
-   indicating whether any hosts matched the address */
-extern int NSR_TakeSourcesOffline(IPAddr *mask, IPAddr *address);
+   match a particular subnet should be set online or offline.  It returns
+   a flag indicating whether any hosts matched the address. */
+extern int NSR_SetConnectivity(IPAddr *mask, IPAddr *address, SRC_Connectivity connectivity);
 
 extern int NSR_ModifyMinpoll(IPAddr *address, int new_minpoll);
 
@@ -95,7 +122,9 @@ extern int NSR_ModifyPolltarget(IPAddr *address, int new_poll_target);
 
 extern int NSR_InitiateSampleBurst(int n_good_samples, int n_total_samples, IPAddr *mask, IPAddr *address);
 
-extern void NSR_ReportSource(RPT_SourceReport *report, struct timeval *now);
+extern void NSR_ReportSource(RPT_SourceReport *report, struct timespec *now);
+
+extern int NSR_GetNTPReport(RPT_NTPReport *report);
 
 extern void NSR_GetActivityReport(RPT_ActivityReport *report);
 

pktlength.c

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014-2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -33,215 +34,171 @@
 #include "util.h"
 #include "pktlength.h"
 
+#define PADDING_LENGTH_(request_length, reply_length) \
+  (uint16_t)((request_length) < (reply_length) ? (reply_length) - (request_length) : 0)
+
+#define PADDING_LENGTH(request_data, reply_data) \
+  PADDING_LENGTH_(offsetof(CMD_Request, request_data), offsetof(CMD_Reply, reply_data))
+
+#define REQ_LENGTH_ENTRY(request_data_field, reply_data_field) \
+  { offsetof(CMD_Request, data.request_data_field.EOR), \
+    PADDING_LENGTH(data.request_data_field.EOR, data.reply_data_field.EOR) }
+
+#define RPY_LENGTH_ENTRY(reply_data_field) \
+  offsetof(CMD_Reply, data.reply_data_field.EOR)
+
+/* ================================================== */
+
+struct request_length {
+  uint16_t command;
+  uint16_t padding;
+};
+
+static const struct request_length request_lengths[] = {
+  REQ_LENGTH_ENTRY(null, null),                 /* NULL */
+  REQ_LENGTH_ENTRY(online, null),               /* ONLINE */
+  REQ_LENGTH_ENTRY(offline, null),              /* OFFLINE */
+  REQ_LENGTH_ENTRY(burst, null),                /* BURST */
+  REQ_LENGTH_ENTRY(modify_minpoll, null),       /* MODIFY_MINPOLL */
+  REQ_LENGTH_ENTRY(modify_maxpoll, null),       /* MODIFY_MAXPOLL */
+  REQ_LENGTH_ENTRY(dump, null),                 /* DUMP */
+  REQ_LENGTH_ENTRY(modify_maxdelay, null),      /* MODIFY_MAXDELAY */
+  REQ_LENGTH_ENTRY(modify_maxdelayratio, null), /* MODIFY_MAXDELAYRATIO */
+  REQ_LENGTH_ENTRY(modify_maxupdateskew, null), /* MODIFY_MAXUPDATESKEW */
+  REQ_LENGTH_ENTRY(logon, null),                /* LOGON */
+  REQ_LENGTH_ENTRY(settime, manual_timestamp),  /* SETTIME */
+  { 0, 0 },                                     /* LOCAL */
+  REQ_LENGTH_ENTRY(manual, null),               /* MANUAL */
+  REQ_LENGTH_ENTRY(null, n_sources),            /* N_SOURCES */
+  REQ_LENGTH_ENTRY(source_data, source_data),   /* SOURCE_DATA */
+  REQ_LENGTH_ENTRY(null, null),                 /* REKEY */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* ALLOW */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* ALLOWALL */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* DENY */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* DENYALL */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDALLOW */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDALLOWALL */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDDENY */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDDENYALL */
+  REQ_LENGTH_ENTRY(ac_check, null),             /* ACCHECK */
+  REQ_LENGTH_ENTRY(ac_check, null),             /* CMDACCHECK */
+  { 0, 0 },                                     /* ADD_SERVER */
+  { 0, 0 },                                     /* ADD_PEER */
+  REQ_LENGTH_ENTRY(del_source, null),           /* DEL_SOURCE */
+  REQ_LENGTH_ENTRY(null, null),                 /* WRITERTC */
+  REQ_LENGTH_ENTRY(dfreq, null),                /* DFREQ */
+  REQ_LENGTH_ENTRY(doffset, null),              /* DOFFSET */
+  REQ_LENGTH_ENTRY(null, tracking),             /* TRACKING */
+  REQ_LENGTH_ENTRY(sourcestats, sourcestats),   /* SOURCESTATS */
+  REQ_LENGTH_ENTRY(null, rtc),                  /* RTCREPORT */
+  REQ_LENGTH_ENTRY(null, null),                 /* TRIMRTC */
+  REQ_LENGTH_ENTRY(null, null),                 /* CYCLELOGS */
+  { 0, 0 },                                     /* SUBNETS_ACCESSED - not supported */
+  { 0, 0 },                                     /* CLIENT_ACCESSES - not supported */
+  { 0, 0 },                                     /* CLIENT_ACCESSES_BY_INDEX - not supported */
+  REQ_LENGTH_ENTRY(null, manual_list),          /* MANUAL_LIST */
+  REQ_LENGTH_ENTRY(manual_delete, null),        /* MANUAL_DELETE */
+  REQ_LENGTH_ENTRY(null, null),                 /* MAKESTEP */
+  REQ_LENGTH_ENTRY(null, activity),             /* ACTIVITY */
+  REQ_LENGTH_ENTRY(modify_minstratum, null),    /* MODIFY_MINSTRATUM */
+  REQ_LENGTH_ENTRY(modify_polltarget, null),    /* MODIFY_POLLTARGET */
+  REQ_LENGTH_ENTRY(modify_maxdelaydevratio, null), /* MODIFY_MAXDELAYDEVRATIO */
+  REQ_LENGTH_ENTRY(null, null),                 /* RESELECT */
+  REQ_LENGTH_ENTRY(reselect_distance, null),    /* RESELECTDISTANCE */
+  REQ_LENGTH_ENTRY(modify_makestep, null),      /* MODIFY_MAKESTEP */
+  REQ_LENGTH_ENTRY(null, smoothing),            /* SMOOTHING */
+  REQ_LENGTH_ENTRY(smoothtime, null),           /* SMOOTHTIME */
+  REQ_LENGTH_ENTRY(null, null),                 /* REFRESH */
+  REQ_LENGTH_ENTRY(null, server_stats),         /* SERVER_STATS */
+  REQ_LENGTH_ENTRY(client_accesses_by_index,
+                   client_accesses_by_index),   /* CLIENT_ACCESSES_BY_INDEX2 */
+  REQ_LENGTH_ENTRY(local, null),                /* LOCAL2 */
+  REQ_LENGTH_ENTRY(ntp_data, ntp_data),         /* NTP_DATA */
+  { 0, 0 },                                     /* ADD_SERVER2 */
+  { 0, 0 },                                     /* ADD_PEER2 */
+  REQ_LENGTH_ENTRY(ntp_source, null),           /* ADD_SERVER3 */
+  REQ_LENGTH_ENTRY(ntp_source, null),           /* ADD_PEER3 */
+  REQ_LENGTH_ENTRY(null, null),                 /* SHUTDOWN */
+  REQ_LENGTH_ENTRY(null, null),                 /* ONOFFLINE */
+};
+
+static const uint16_t reply_lengths[] = {
+  0,                                            /* empty slot */
+  RPY_LENGTH_ENTRY(null),                       /* NULL */
+  RPY_LENGTH_ENTRY(n_sources),                  /* N_SOURCES */
+  RPY_LENGTH_ENTRY(source_data),                /* SOURCE_DATA */
+  0,                                            /* MANUAL_TIMESTAMP */
+  RPY_LENGTH_ENTRY(tracking),                   /* TRACKING */
+  RPY_LENGTH_ENTRY(sourcestats),                /* SOURCESTATS */
+  RPY_LENGTH_ENTRY(rtc),                        /* RTC */
+  0,                                            /* SUBNETS_ACCESSED - not supported */
+  0,                                            /* CLIENT_ACCESSES - not supported */
+  0,                                            /* CLIENT_ACCESSES_BY_INDEX - not supported */
+  0,                                            /* MANUAL_LIST - not supported */
+  RPY_LENGTH_ENTRY(activity),                   /* ACTIVITY */
+  RPY_LENGTH_ENTRY(smoothing),                  /* SMOOTHING */
+  RPY_LENGTH_ENTRY(server_stats),               /* SERVER_STATS */
+  RPY_LENGTH_ENTRY(client_accesses_by_index),   /* CLIENT_ACCESSES_BY_INDEX2 */
+  RPY_LENGTH_ENTRY(ntp_data),                   /* NTP_DATA */
+  RPY_LENGTH_ENTRY(manual_timestamp),           /* MANUAL_TIMESTAMP2 */
+  RPY_LENGTH_ENTRY(manual_list),                /* MANUAL_LIST2 */
+};
+
 /* ================================================== */
 
 int
 PKL_CommandLength(CMD_Request *r)
 {
-  int type;
+  uint32_t type;
+  int command_length;
+
+  assert(sizeof (request_lengths) / sizeof (request_lengths[0]) == N_REQUEST_TYPES);
+
   type = ntohs(r->command);
-  if (type < 0 || type >= N_REQUEST_TYPES) {
+  if (type >= N_REQUEST_TYPES)
     return 0;
-  } else {
-    switch (type) {
-      
-      case REQ_NULL:
-        return offsetof(CMD_Request, data);
-      case REQ_ONLINE:
-        return offsetof(CMD_Request, data.online.EOR);
-      case REQ_OFFLINE:
-        return offsetof(CMD_Request, data.offline.EOR);
-      case REQ_BURST:
-        return offsetof(CMD_Request, data.burst.EOR);
-      case REQ_MODIFY_MINPOLL:
-        return offsetof(CMD_Request, data.modify_minpoll.EOR);
-      case REQ_MODIFY_MAXPOLL:
-        return offsetof(CMD_Request, data.modify_maxpoll.EOR);
-      case REQ_DUMP:
-        return offsetof(CMD_Request, data.dump.EOR);
-      case REQ_MODIFY_MAXDELAY:
-        return offsetof(CMD_Request, data.modify_maxdelay.EOR);
-      case REQ_MODIFY_MAXDELAYRATIO:
-        return offsetof(CMD_Request, data.modify_maxdelayratio.EOR);
-      case REQ_MODIFY_MAXDELAYDEVRATIO:
-        return offsetof(CMD_Request, data.modify_maxdelaydevratio.EOR);
-      case REQ_MODIFY_MAXUPDATESKEW:
-        return offsetof(CMD_Request, data.modify_maxupdateskew.EOR);
-      case REQ_LOGON :
-        return offsetof(CMD_Request, data.logon.EOR);
-      case REQ_SETTIME :
-        return offsetof(CMD_Request, data.settime.EOR);
-      case REQ_LOCAL :
-        return offsetof(CMD_Request, data.local.EOR);
-      case REQ_MANUAL :
-        return offsetof(CMD_Request, data.manual.EOR);
-      case REQ_N_SOURCES :
-        return offsetof(CMD_Request, data.n_sources.EOR);
-      case REQ_SOURCE_DATA :
-        return offsetof(CMD_Request, data.source_data.EOR);
-      case REQ_REKEY :
-        return offsetof(CMD_Request, data.rekey.EOR);
-      case REQ_ALLOW :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_ALLOWALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_DENY :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_DENYALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDALLOW :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDALLOWALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDDENY :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDDENYALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_ACCHECK :
-        return offsetof(CMD_Request, data.ac_check.EOR);
-      case REQ_CMDACCHECK :
-        return offsetof(CMD_Request, data.ac_check.EOR);
-      case REQ_ADD_SERVER :
-        return offsetof(CMD_Request, data.ntp_source.EOR);
-      case REQ_ADD_PEER :
-        return offsetof(CMD_Request, data.ntp_source.EOR);
-      case REQ_DEL_SOURCE :
-        return offsetof(CMD_Request, data.del_source.EOR);
-      case REQ_WRITERTC :
-        return offsetof(CMD_Request, data.writertc.EOR);
-      case REQ_DFREQ :
-        return offsetof(CMD_Request, data.dfreq.EOR);
-      case REQ_DOFFSET :
-        return offsetof(CMD_Request, data.doffset.EOR);
-      case REQ_TRACKING :
-        return offsetof(CMD_Request, data.tracking.EOR);
-      case REQ_SOURCESTATS :
-        return offsetof(CMD_Request, data.sourcestats.EOR);
-      case REQ_RTCREPORT :
-        return offsetof(CMD_Request, data.rtcreport.EOR);
-      case REQ_TRIMRTC :
-        return offsetof(CMD_Request, data.trimrtc.EOR);
-      case REQ_CYCLELOGS :
-        return offsetof(CMD_Request, data.cyclelogs.EOR);
-      case REQ_SUBNETS_ACCESSED :
-        {
-          unsigned long ns;
-          ns = ntohl(r->data.subnets_accessed.n_subnets);
-          return (offsetof(CMD_Request, data.subnets_accessed.subnets) +
-                  ns * sizeof(REQ_SubnetsAccessed_Subnet));
-        }
-      case REQ_CLIENT_ACCESSES:
-        {
-          unsigned long nc;
-          nc = ntohl(r->data.client_accesses.n_clients);
-          return (offsetof(CMD_Request, data.client_accesses.client_ips) +
-                  nc * sizeof(unsigned long));
-        }
-      case REQ_CLIENT_ACCESSES_BY_INDEX:
-        return offsetof(CMD_Request, data.client_accesses_by_index.EOR);
-      case REQ_MANUAL_LIST:
-        return offsetof(CMD_Request, data.manual_list.EOR);
-      case REQ_MANUAL_DELETE:
-        return offsetof(CMD_Request, data.manual_delete.EOR);
-      case REQ_MAKESTEP:
-        return offsetof(CMD_Request, data.make_step.EOR);
-      case REQ_ACTIVITY:
-        return offsetof(CMD_Request, data.activity.EOR);
-      case REQ_RESELECT:
-        return offsetof(CMD_Request, data.reselect.EOR);
-      case REQ_RESELECTDISTANCE:
-        return offsetof(CMD_Request, data.reselect_distance.EOR);
-      case REQ_MODIFY_MINSTRATUM:
-        return offsetof(CMD_Request, data.modify_minstratum.EOR);
-      case REQ_MODIFY_POLLTARGET:
-        return offsetof(CMD_Request, data.modify_polltarget.EOR);
-      default:
-        /* If we fall through the switch, it most likely means we've forgotten to implement a new case */
-        assert(0);
-    }
-  }
 
-  /* Catch-all case */
-  return 0;
+  command_length = request_lengths[type].command;
+  if (!command_length)
+    return 0;
 
+  return command_length + PKL_CommandPaddingLength(r);
 }
 
+/* ================================================== */
+
+int
+PKL_CommandPaddingLength(CMD_Request *r)
+{
+  uint32_t type;
+
+  if (r->version < PROTO_VERSION_PADDING)
+    return 0;
+
+  type = ntohs(r->command);
+
+  if (type >= N_REQUEST_TYPES)
+    return 0;
+
+  return request_lengths[ntohs(r->command)].padding;
+}
 
 /* ================================================== */
 
 int
 PKL_ReplyLength(CMD_Reply *r)
 {
-  int type;
-  type = ntohs(r->reply);
-  /* Note that reply type codes start from 1, not 0 */
-  if (type < 1 || type >= N_REPLY_TYPES) {
-    return 0;
-  } else {
-    switch (type) {
-      case RPY_NULL:
-        return offsetof(CMD_Reply, data.null.EOR);
-      case RPY_N_SOURCES:
-        return offsetof(CMD_Reply, data.n_sources.EOR);
-      case RPY_SOURCE_DATA:
-        return offsetof(CMD_Reply, data.source_data.EOR);
-      case RPY_MANUAL_TIMESTAMP:
-        return offsetof(CMD_Reply, data.manual_timestamp.EOR);
-      case RPY_TRACKING:
-        return offsetof(CMD_Reply, data.tracking.EOR);
-      case RPY_SOURCESTATS:
-        return offsetof(CMD_Reply, data.sourcestats.EOR);
-      case RPY_RTC:
-        return offsetof(CMD_Reply, data.rtc.EOR);
-      case RPY_SUBNETS_ACCESSED :
-        {
-          unsigned long ns = ntohl(r->data.subnets_accessed.n_subnets);
-          if (r->status == htons(STT_SUCCESS)) {
-            return (offsetof(CMD_Reply, data.subnets_accessed.subnets) +
-                    ns * sizeof(RPY_SubnetsAccessed_Subnet));
-          } else {
-            return offsetof(CMD_Reply, data);
-          }
-        }
-      case RPY_CLIENT_ACCESSES:
-        {
-          unsigned long nc = ntohl(r->data.client_accesses.n_clients);
-          if (r->status == htons(STT_SUCCESS)) {
-            return (offsetof(CMD_Reply, data.client_accesses.clients) +
-                    nc * sizeof(RPY_ClientAccesses_Client));
-          } else {
-            return offsetof(CMD_Reply, data);
-          }
-        }
-      case RPY_CLIENT_ACCESSES_BY_INDEX:
-        {
-          unsigned long nc = ntohl(r->data.client_accesses_by_index.n_clients);
-          if (r->status == htons(STT_SUCCESS)) {
-            return (offsetof(CMD_Reply, data.client_accesses_by_index.clients) +
-                    nc * sizeof(RPY_ClientAccesses_Client));
-          } else {
-            return offsetof(CMD_Reply, data);
-          }
-        }
-      case RPY_MANUAL_LIST:
-        {
-          unsigned long ns = ntohl(r->data.manual_list.n_samples);
-          if (r->status == htons(STT_SUCCESS)) {
-            return (offsetof(CMD_Reply, data.manual_list.samples) +
-                    ns * sizeof(RPY_ManualListSample));
-          } else {
-            return offsetof(CMD_Reply, data);
-          }
-        }
-      case RPY_ACTIVITY:
-        return offsetof(CMD_Reply, data.activity.EOR);
-        
-      default:
-        assert(0);
-    }
-  }
+  uint32_t type;
 
-  return 0;
+  assert(sizeof (reply_lengths) / sizeof (reply_lengths[0]) == N_REPLY_TYPES);
+
+  type = ntohs(r->reply);
+
+  /* Note that reply type codes start from 1, not 0 */
+  if (type < 1 || type >= N_REPLY_TYPES)
+    return 0;
+
+  return reply_lengths[type];
 }
 
 /* ================================================== */

pktlength.h

@@ -33,6 +33,8 @@
 
 extern int PKL_CommandLength(CMD_Request *r);
 
+extern int PKL_CommandPaddingLength(CMD_Request *r);
+
 extern int PKL_ReplyLength(CMD_Reply *r);
 
 #endif /* GOT_PKTLENGTH_H */

privops.c

@@ -0,0 +1,731 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Bryan Christianson 2015
+ * Copyright (C) Miroslav Lichvar  2017
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ **********************************************************************
+
+  =======================================================================
+
+  Perform privileged operations over a unix socket to a privileged fork.
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "conf.h"
+#include "nameserv.h"
+#include "logging.h"
+#include "privops.h"
+#include "util.h"
+
+#define OP_ADJUSTTIME     1024
+#define OP_ADJUSTTIMEX    1025
+#define OP_SETTIME        1026
+#define OP_BINDSOCKET     1027
+#define OP_NAME2IPADDRESS 1028
+#define OP_RELOADDNS      1029
+#define OP_QUIT           1099
+
+union sockaddr_in46 {
+  struct sockaddr_in in4;
+#ifdef FEAT_IPV6
+  struct sockaddr_in6 in6;
+#endif
+  struct sockaddr u;
+};
+
+/* daemon request structs */
+
+typedef struct {
+  struct timeval tv;
+} ReqAdjustTime;
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+typedef struct {
+  struct timex tmx;
+} ReqAdjustTimex;
+#endif
+
+typedef struct {
+  struct timeval tv;
+} ReqSetTime;
+
+typedef struct {
+  int sock;
+  socklen_t sa_len;
+  union sockaddr_in46 sa;
+} ReqBindSocket;
+
+typedef struct {
+  char name[256];
+} ReqName2IPAddress;
+
+typedef struct {
+  int op;
+  union {
+    ReqAdjustTime adjust_time;
+#ifdef PRIVOPS_ADJUSTTIMEX
+    ReqAdjustTimex adjust_timex;
+#endif
+    ReqSetTime set_time;
+    ReqBindSocket bind_socket;
+#ifdef PRIVOPS_NAME2IPADDRESS
+    ReqName2IPAddress name_to_ipaddress;
+#endif
+  } data;
+} PrvRequest;
+
+/* helper response structs */
+
+typedef struct {
+  struct timeval tv;
+} ResAdjustTime;
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+typedef struct {
+  struct timex tmx;
+} ResAdjustTimex;
+#endif
+
+typedef struct {
+  IPAddr addresses[DNS_MAX_ADDRESSES];
+} ResName2IPAddress;
+
+typedef struct {
+  char msg[256];
+} ResFatalMsg;
+
+typedef struct {
+  int fatal_error;
+  int rc;
+  int res_errno;
+  union {
+    ResFatalMsg fatal_msg;
+    ResAdjustTime adjust_time;
+#ifdef PRIVOPS_ADJUSTTIMEX
+    ResAdjustTimex adjust_timex;
+#endif
+#ifdef PRIVOPS_NAME2IPADDRESS
+    ResName2IPAddress name_to_ipaddress;
+#endif
+  } data;
+} PrvResponse;
+
+static int helper_fd;
+static pid_t helper_pid;
+
+static int
+have_helper(void)
+{
+  return helper_fd >= 0;
+}
+
+/* ======================================================================= */
+
+/* HELPER - prepare fatal error for daemon */
+static void
+res_fatal(PrvResponse *res, const char *fmt, ...)
+{
+  va_list ap;
+
+  res->fatal_error = 1;
+  va_start(ap, fmt);
+  vsnprintf(res->data.fatal_msg.msg, sizeof (res->data.fatal_msg.msg), fmt, ap);
+  va_end(ap);
+}
+
+/* ======================================================================= */
+
+/* HELPER - send response to the fd */
+
+static int
+send_response(int fd, const PrvResponse *res)
+{
+  if (send(fd, res, sizeof (*res), 0) != sizeof (*res))
+    return 0;
+
+  return 1;
+}
+
+/* ======================================================================= */
+/* receive daemon request plus optional file descriptor over a unix socket */
+
+static int
+receive_from_daemon(int fd, PrvRequest *req)
+{
+  struct msghdr msg;
+  struct cmsghdr *cmsg;
+  struct iovec iov;
+  char cmsgbuf[256];
+
+  iov.iov_base = req;
+  iov.iov_len = sizeof (*req);
+
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = (void *)cmsgbuf;
+  msg.msg_controllen = sizeof (cmsgbuf);
+  msg.msg_flags = MSG_WAITALL;
+
+  /* read the data */
+  if (recvmsg(fd, &msg, 0) != sizeof (*req))
+    return 0;
+
+  if (req->op == OP_BINDSOCKET) {
+    /* extract transferred descriptor */
+    req->data.bind_socket.sock = -1;
+    for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+      if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
+        memcpy(&req->data.bind_socket.sock, CMSG_DATA(cmsg), sizeof (int));
+    }
+
+    /* return error if valid descriptor not found */
+    if (req->data.bind_socket.sock < 0)
+      return 0;
+  }
+
+  return 1;
+}
+
+/* ======================================================================= */
+
+/* HELPER - perform adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIME
+static void
+do_adjust_time(const ReqAdjustTime *req, PrvResponse *res)
+{
+  res->rc = adjtime(&req->tv, &res->data.adjust_time.tv);
+  if (res->rc)
+    res->res_errno = errno;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform ntp_adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+static void
+do_adjust_timex(const ReqAdjustTimex *req, PrvResponse *res)
+{
+  res->data.adjust_timex.tmx = req->tmx;
+  res->rc = ntp_adjtime(&res->data.adjust_timex.tmx);
+  if (res->rc < 0)
+    res->res_errno = errno;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform settimeofday() */
+
+#ifdef PRIVOPS_SETTIME
+static void
+do_set_time(const ReqSetTime *req, PrvResponse *res)
+{
+  res->rc = settimeofday(&req->tv, NULL);
+  if (res->rc)
+    res->res_errno = errno;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform bind() */
+
+#ifdef PRIVOPS_BINDSOCKET
+static void
+do_bind_socket(ReqBindSocket *req, PrvResponse *res)
+{
+  unsigned short port;
+  IPAddr ip;
+  int sock_fd;
+  struct sockaddr *sa;
+  socklen_t sa_len;
+
+  sa = &req->sa.u;
+  sa_len = req->sa_len;
+  sock_fd = req->sock;
+
+  UTI_SockaddrToIPAndPort(sa, &ip, &port);
+  if (port && port != CNF_GetNTPPort() && port != CNF_GetAcquisitionPort()) {
+    close(sock_fd);
+    res_fatal(res, "Invalid port %d", port);
+    return;
+  }
+
+  res->rc = bind(sock_fd, sa, sa_len);
+  if (res->rc)
+    res->res_errno = errno;
+
+  /* sock is still open on daemon side, but we're done with it in the helper */
+  close(sock_fd);
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform DNS_Name2IPAddress() */
+
+#ifdef PRIVOPS_NAME2IPADDRESS
+static void
+do_name_to_ipaddress(ReqName2IPAddress *req, PrvResponse *res)
+{
+  /* make sure the string is terminated */
+  req->name[sizeof (req->name) - 1] = '\0';
+
+  res->rc = DNS_Name2IPAddress(req->name, res->data.name_to_ipaddress.addresses,
+                               DNS_MAX_ADDRESSES);
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform DNS_Reload() */
+
+#ifdef PRIVOPS_RELOADDNS
+static void
+do_reload_dns(PrvResponse *res)
+{
+  DNS_Reload();
+  res->rc = 0;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - main loop - action requests from the daemon */
+
+static void
+helper_main(int fd)
+{
+  PrvRequest req;
+  PrvResponse res;
+  int quit = 0;
+
+  while (!quit) {
+    if (!receive_from_daemon(fd, &req))
+      /* read error or closed input - we cannot recover - give up */
+      break;
+
+    memset(&res, 0, sizeof (res));
+
+    switch (req.op) {
+#ifdef PRIVOPS_ADJUSTTIME
+      case OP_ADJUSTTIME:
+        do_adjust_time(&req.data.adjust_time, &res);
+        break;
+#endif
+#ifdef PRIVOPS_ADJUSTTIMEX
+      case OP_ADJUSTTIMEX:
+        do_adjust_timex(&req.data.adjust_timex, &res);
+        break;
+#endif
+#ifdef PRIVOPS_SETTIME
+      case OP_SETTIME:
+        do_set_time(&req.data.set_time, &res);
+        break;
+#endif
+#ifdef PRIVOPS_BINDSOCKET
+      case OP_BINDSOCKET:
+        do_bind_socket(&req.data.bind_socket, &res);
+        break;
+#endif
+#ifdef PRIVOPS_NAME2IPADDRESS
+      case OP_NAME2IPADDRESS:
+        do_name_to_ipaddress(&req.data.name_to_ipaddress, &res);
+        break;
+#endif
+#ifdef PRIVOPS_RELOADDNS
+      case OP_RELOADDNS:
+        do_reload_dns(&res);
+        break;
+#endif
+      case OP_QUIT:
+        quit = 1;
+        continue;
+
+      default:
+        res_fatal(&res, "Unexpected operator %d", req.op);
+        break;
+    }
+
+    send_response(fd, &res);
+  }
+
+  close(fd);
+  exit(0);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - receive helper response */
+
+static void
+receive_response(PrvResponse *res)
+{
+  int resp_len;
+
+  resp_len = recv(helper_fd, res, sizeof (*res), 0);
+  if (resp_len < 0)
+    LOG_FATAL("Could not read from helper : %s", strerror(errno));
+  if (resp_len != sizeof (*res))
+    LOG_FATAL("Invalid helper response");
+
+  if (res->fatal_error)
+    LOG_FATAL("Error in helper : %s", res->data.fatal_msg.msg);
+
+  DEBUG_LOG("Received response rc=%d", res->rc);
+
+  /* if operation failed in the helper, set errno so daemon can print log message */
+  if (res->res_errno)
+    errno = res->res_errno;
+}
+
+/* ======================================================================= */
+
+/* DAEMON - send daemon request to the helper */
+
+static void
+send_request(PrvRequest *req)
+{
+  struct msghdr msg;
+  struct iovec iov;
+  char cmsgbuf[256];
+
+  iov.iov_base = req;
+  iov.iov_len = sizeof (*req);
+
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_flags = 0;
+
+  if (req->op == OP_BINDSOCKET) {
+    /* send file descriptor as a control message */
+    struct cmsghdr *cmsg;
+    int *ptr_send_fd;
+
+    msg.msg_control = cmsgbuf;
+    msg.msg_controllen = CMSG_SPACE(sizeof (int));
+
+    cmsg = CMSG_FIRSTHDR(&msg);
+    memset(cmsg, 0, CMSG_SPACE(sizeof (int)));
+
+    cmsg->cmsg_level = SOL_SOCKET;
+    cmsg->cmsg_type = SCM_RIGHTS;
+    cmsg->cmsg_len = CMSG_LEN(sizeof (int));
+
+    ptr_send_fd = (int *)CMSG_DATA(cmsg);
+    *ptr_send_fd = req->data.bind_socket.sock;
+  }
+
+  if (sendmsg(helper_fd, &msg, 0) < 0) {
+    /* don't try to send another request from exit() */
+    helper_fd = -1;
+    LOG_FATAL("Could not send to helper : %s", strerror(errno));
+  }
+
+  DEBUG_LOG("Sent request op=%d", req->op);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - send daemon request and wait for response */
+
+static void
+submit_request(PrvRequest *req, PrvResponse *res)
+{
+  send_request(req);
+  receive_response(res);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - send the helper a request to exit and wait until it exits */
+
+static void
+stop_helper(void)
+{
+  PrvRequest req;
+  int status;
+
+  if (!have_helper())
+    return;
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_QUIT;
+  send_request(&req);
+
+  waitpid(helper_pid, &status, 0);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - request adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIME
+int
+PRV_AdjustTime(const struct timeval *delta, struct timeval *olddelta)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  if (!have_helper() || delta == NULL)
+    /* helper is not running or read adjustment call */
+    return adjtime(delta, olddelta);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_ADJUSTTIME;
+  req.data.adjust_time.tv = *delta;
+
+  submit_request(&req, &res);
+
+  if (olddelta)
+    *olddelta = res.data.adjust_time.tv;
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request ntp_adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+int
+PRV_AdjustTimex(struct timex *tmx)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  if (!have_helper())
+    return ntp_adjtime(tmx);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_ADJUSTTIMEX;
+  req.data.adjust_timex.tmx = *tmx;
+
+  submit_request(&req, &res);
+
+  *tmx = res.data.adjust_timex.tmx;
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request settimeofday() */
+
+#ifdef PRIVOPS_SETTIME
+int
+PRV_SetTime(const struct timeval *tp, const struct timezone *tzp)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  /* only support setting the time */
+  assert(tp != NULL);
+  assert(tzp == NULL);
+
+  if (!have_helper())
+    return settimeofday(tp, NULL);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_SETTIME;
+  req.data.set_time.tv = *tp;
+
+  submit_request(&req, &res);
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request bind() */
+
+#ifdef PRIVOPS_BINDSOCKET
+int
+PRV_BindSocket(int sock, struct sockaddr *address, socklen_t address_len)
+{
+  PrvRequest req;
+  PrvResponse res;
+  IPAddr ip;
+  unsigned short port;
+
+  UTI_SockaddrToIPAndPort(address, &ip, &port);
+  if (port && port != CNF_GetNTPPort() && port != CNF_GetAcquisitionPort())
+    assert(0);
+
+  if (!have_helper())
+    return bind(sock, address, address_len);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_BINDSOCKET;
+  req.data.bind_socket.sock = sock;
+  req.data.bind_socket.sa_len = address_len;
+  memcpy(&req.data.bind_socket.sa.u, address, address_len);
+
+  submit_request(&req, &res);
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request DNS_Name2IPAddress() */
+
+#ifdef PRIVOPS_NAME2IPADDRESS
+int
+PRV_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs)
+{
+  PrvRequest req;
+  PrvResponse res;
+  int i;
+
+  if (!have_helper())
+    return DNS_Name2IPAddress(name, ip_addrs, max_addrs);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_NAME2IPADDRESS;
+  if (snprintf(req.data.name_to_ipaddress.name, sizeof (req.data.name_to_ipaddress.name),
+               "%s", name) >= sizeof (req.data.name_to_ipaddress.name)) {
+    DEBUG_LOG("Name too long");
+    return DNS_Failure;
+  }
+
+  submit_request(&req, &res);
+
+  for (i = 0; i < max_addrs && i < DNS_MAX_ADDRESSES; i++)
+    ip_addrs[i] = res.data.name_to_ipaddress.addresses[i];
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request res_init() */
+
+#ifdef PRIVOPS_RELOADDNS
+void
+PRV_ReloadDNS(void)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  if (!have_helper()) {
+    DNS_Reload();
+    return;
+  }
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_RELOADDNS;
+
+  submit_request(&req, &res);
+  assert(!res.rc);
+}
+#endif
+
+/* ======================================================================= */
+
+void
+PRV_Initialise(void)
+{
+  helper_fd = -1;
+}
+
+/* ======================================================================= */
+
+/* DAEMON - setup socket(s) then fork to run the helper */
+/* must be called before privileges are dropped */
+
+void
+PRV_StartHelper(void)
+{
+  pid_t pid;
+  int fd, sock_pair[2];
+
+  if (have_helper())
+    LOG_FATAL("Helper already running");
+
+  if (
+#ifdef SOCK_SEQPACKET
+      socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sock_pair) &&
+#endif
+      socketpair(AF_UNIX, SOCK_DGRAM, 0, sock_pair))
+    LOG_FATAL("socketpair() failed : %s", strerror(errno));
+
+  UTI_FdSetCloexec(sock_pair[0]);
+  UTI_FdSetCloexec(sock_pair[1]);
+
+  pid = fork();
+  if (pid < 0)
+    LOG_FATAL("fork() failed : %s", strerror(errno));
+
+  if (pid == 0) {
+    /* child process */
+    close(sock_pair[0]);
+
+    /* close other descriptors inherited from the parent process */
+    for (fd = 0; fd < 1024; fd++) {
+      if (fd != sock_pair[1])
+        close(fd);
+    }
+
+    /* ignore signals, the process will exit on OP_QUIT request */
+    UTI_SetQuitSignalsHandler(SIG_IGN, 1);
+
+    helper_main(sock_pair[1]);
+
+  } else {
+    /* parent process */
+    close(sock_pair[1]);
+    helper_fd = sock_pair[0];
+    helper_pid = pid;
+
+    /* stop the helper even when not exiting cleanly from the main function */
+    atexit(stop_helper);
+  }
+}
+
+/* ======================================================================= */
+
+/* DAEMON - graceful shutdown of the helper */
+
+void
+PRV_Finalise(void)
+{
+  if (!have_helper())
+    return;
+
+  stop_helper();
+  close(helper_fd);
+  helper_fd = -1;
+}

privops.h

@@ -0,0 +1,77 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Bryan Christianson 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ **********************************************************************
+
+  =======================================================================
+
+  Perform privileged operations over a unix socket to a privileged fork.
+
+*/
+
+#ifndef GOT_PRIVOPS_H
+#define GOT_PRIVOPS_H
+
+#ifdef PRIVOPS_ADJUSTTIME
+int PRV_AdjustTime(const struct timeval *delta, struct timeval *olddelta);
+#else
+#define PRV_AdjustTime adjtime
+#endif
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+int PRV_AdjustTimex(struct timex *txc);
+#else
+#define PRV_AdjustTimex ntp_adjtime
+#endif
+
+#ifdef PRIVOPS_SETTIME
+int PRV_SetTime(const struct timeval *tp, const struct timezone *tzp);
+#else
+#define PRV_SetTime settimeofday
+#endif
+
+#ifdef PRIVOPS_BINDSOCKET
+int PRV_BindSocket(int sock, struct sockaddr *address, socklen_t address_len);
+#else
+#define PRV_BindSocket bind
+#endif
+
+#ifdef PRIVOPS_NAME2IPADDRESS
+int PRV_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs);
+#else
+#define PRV_Name2IPAddress DNS_Name2IPAddress
+#endif
+
+#ifdef PRIVOPS_RELOADDNS
+void PRV_ReloadDNS(void);
+#else
+#define PRV_ReloadDNS DNS_Reload
+#endif
+
+#ifdef PRIVOPS_HELPER
+void PRV_Initialise(void);
+void PRV_StartHelper(void);
+void PRV_Finalise(void);
+#else
+#define PRV_Initialise()
+#define PRV_StartHelper()
+#define PRV_Finalise()
+#endif
+
+#endif