doc: update NEWS

Accept HW timestamp only if it doesn't differ from the kernel/daemon
timestamp by more than one second.

.gitignore

@@ -2,18 +2,24 @@
 .vimrc
 *.o
 *.swp
-RELEASES
-Makefile
-chrony.conf.5
-chrony.info
-chrony.html
-chrony.texi
-chrony.txt
-chronyc
-chronyc.1
-chronyd
-chronyd.8
-config.h
-config.log
+*.dSYM
+*.DS_Store
 tags
-version.h
+/RELEASES
+/Makefile
+/chronyc
+/chronyd
+/config.h
+/config.log
+/doc/Makefile
+/doc/*.html
+/doc/*.man
+/doc/*.man.in
+/doc/*.txt
+/getdate.c
+/version.h
+/test/simulation/clknetsim
+/test/simulation/tmp
+/test/unit/Makefile
+/test/unit/*.test
+/test/unit/*.o

INSTALL

@@ -1,95 +0,0 @@
-The software is distributed as source code which has to be compiled.
-
-PARTS OF THE SOFTWARE ARE HIGHLY SYSTEM-SPECIFIC AND NON-PORTABLE.
-UNLESS YOU ARE RUNNING A SUPPORTED SYSTEM, BE PREPARED FOR SOME
-PROGRAMMING!
-
-After unpacking the source code, change directory into it, and type
-
-    ./configure
-
-This is a shell script that automatically determines the system type.
-There is a single optional parameter, --prefix which indicates the
-directory tree where the software should be installed.  For example,
-
-    ./configure --prefix=/opt/free
-
-will install the chronyd daemon into /opt/free/sbin and the chronyc
-control program into /opt/free/bin.  The default value for the prefix
-is /usr/local.
-
-The configure script assumes you want to use gcc as your compiler.
-If you want to use a different compiler, you can configure this way:
-
-    CC=cc CFLAGS=-O ./configure --prefix=/opt/free
-
-for Bourne-family shells, or
-    
-    setenv CC cc
-    setenv CFLAGS -O
-    ./configure --prefix=/opt/free
-
-for C-family shells.
-
-If the software cannot (yet) be built on your system, an error message
-will be shown.  Otherwise, `Makefile' will be generated.
-
-If editline or readline library is available, chronyc will be built
-with line editing support.  If you don't want this, specify the
---disable-readline flag to configure.  Please refer to the chrony.txt
-file for more information.
-
-If a `timepps.h' header is available, chronyd will be built with PPS
-API reference clock driver.  If the header is installed in a location
-that isn't normally searched by the compiler, you can add it to the
-searched locations by setting CPPFLAGS variable to -I/path/to/timepps.
-
-Now type
-
-    make
-
-to build the programs.
-
-If you want to build the manual in plain text, HTML and info versions, type
-
-    make docs
-
-Once the programs have been successfully compiled, they need to be
-installed in their target locations.  This step normally needs to be
-performed by the superuser, and requires the following command to be
-entered.
-
-    make install
-
-This will install the binaries, plain text manual and manpages.
-
-To install the HTML and info versions of the manual as well, enter the command
-
-    make install-docs
-
-If you want chrony to appear in the top level info directory listing, you need
-to run the install-info command manually after this step.  install-info takes 2
-arguments.  The first is the path to the chrony.info file you have just
-installed.  This will be the argument you gave to --prefix when you configured
-(/usr/local by default), with /share/info/chrony.info on the end.  The second
-argument is the location of the file called 'dir'.  This will typically be
-/usr/share/info/dir.  So the typical command line would be
-
-    install-info /usr/local/share/info/chrony.info /usr/share/info/dir
-
-Now that the software is successfully installed, the next step is to
-set up a configuration file.  The contents of this depend on the
-network environment in which the computer operates.  Typical scenarios
-are described in the manual.  The simplest case is for a computer with
-a permanent Internet connection - suppose you want to use public NTP
-servers from the pool.ntp.org project as your time reference.  You would
-create an /etc/chrony.conf file containing
-
-    server 0.pool.ntp.org
-    server 1.pool.ntp.org
-    server 2.pool.ntp.org
-    driftfile /var/lib/chrony/drift
-
-and then run /usr/local/sbin/chronyd.
-
-

Makefile.in

@@ -24,9 +24,6 @@
 SYSCONFDIR=@SYSCONFDIR@
 BINDIR=@BINDIR@
 SBINDIR=@SBINDIR@
-MANDIR=@MANDIR@
-INFODIR=@INFODIR@
-DOCDIR=@DOCDIR@
 LOCALSTATEDIR=@LOCALSTATEDIR@
 CHRONYVARDIR=@CHRONYVARDIR@
 
@@ -38,18 +35,13 @@ DESTDIR=
 
 HASH_OBJ = @HASH_OBJ@
 
-OBJS = util.o sched.o regress.o local.o \
-	sys.o main.o ntp_io.o ntp_core.o ntp_sources.o \
-	sources.o sourcestats.o reference.o \
-	logging.o conf.o cmdmon.o keys.o \
-	nameserv.o acquire.o manual.o addrfilt.o \
-	cmdparse.o mkdirpp.o rtc.o pktlength.o clientlog.o \
-	broadcast.o refclock.o refclock_shm.o refclock_sock.o \
-	refclock_pps.o tempcomp.o $(HASH_OBJ)
+OBJS = array.o cmdparse.o conf.o local.o logging.o main.o memory.o \
+       reference.o regress.o rtc.o sched.o sources.o sourcestats.o stubs.o \
+       sys.o smooth.o tempcomp.o util.o $(HASH_OBJ)
 
 EXTRA_OBJS=@EXTRA_OBJECTS@
 
-CLI_OBJS = client.o nameserv.o getdate.o cmdparse.o \
+CLI_OBJS = array.o client.o cmdparse.o getdate.o memory.o nameserv.o \
            pktlength.o util.o $(HASH_OBJ)
 
 ALL_OBJS = $(OBJS) $(EXTRA_OBJS) $(CLI_OBJS)
@@ -66,26 +58,26 @@ EXTRA_CLI_LIBS=@EXTRA_CLI_LIBS@
 all : chronyd chronyc
 
 chronyd : $(OBJS) $(EXTRA_OBJS)
-	$(CC) $(CFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LDFLAGS) @HASH_LINK@ $(LIBS) $(EXTRA_LIBS)
+	$(CC) $(CFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_LIBS)
 
 chronyc : $(CLI_OBJS)
-	$(CC) $(CFLAGS) -o chronyc $(CLI_OBJS) $(LDFLAGS) @READLINE_LINK@ @HASH_LINK@ $(LIBS) $(EXTRA_CLI_LIBS)
-
-client.o : client.c
-	$(CC) $(CFLAGS) $(CPPFLAGS) @READLINE_COMPILE@ -c $<
-
-$(HASH_OBJ) : $(patsubst %.o,%.c,$(HASH_OBJ))
-	$(CC) $(CFLAGS) $(CPPFLAGS) @HASH_COMPILE@ -c $<
+	$(CC) $(CFLAGS) -o chronyc $(CLI_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_CLI_LIBS)
 
 distclean : clean
-	-rm -f Makefile
-	-rm -f chrony.conf.5 chrony.texi chronyc.1 chronyd.8
+	-rm -f .DS_Store
+	-rm -f Makefile config.h config.log
+	$(MAKE) -C doc distclean
+	$(MAKE) -C test/unit distclean
 
 clean :
-	-rm -f *.o *.s chronyc chronyd core *~ chrony.info chrony.html chrony.txt
+	-rm -f *.o *.s chronyc chronyd core *~
 	-rm -rf .deps
+	-rm -rf *.dSYM
 
-getdate.c : ;
+getdate.c : getdate.y
+	bison -o getdate.c getdate.y
+
+# This can be used to force regeneration of getdate.c
 getdate :
 	bison -o getdate.c getdate.y
 
@@ -96,11 +88,6 @@ install: chronyd chronyc
 	[ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR)
 	[ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR)
 	[ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
-	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
-	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
-	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
 	[ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR)
 	if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi
 	if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi
@@ -108,20 +95,13 @@ install: chronyd chronyc
 	chmod 755 $(DESTDIR)$(SBINDIR)/chronyd
 	cp chronyc $(DESTDIR)$(BINDIR)/chronyc
 	chmod 755 $(DESTDIR)$(BINDIR)/chronyc
-	cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt
-	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt
-	cp COPYING $(DESTDIR)$(DOCDIR)/COPYING
-	chmod 644 $(DESTDIR)$(DOCDIR)/COPYING
-	cp README $(DESTDIR)$(DOCDIR)/README
-	chmod 644 $(DESTDIR)$(DOCDIR)/README
-	cp chrony.1 $(DESTDIR)$(MANDIR)/man1
-	chmod 644 $(DESTDIR)$(MANDIR)/man1/chrony.1
-	cp chronyc.1 $(DESTDIR)$(MANDIR)/man1
-	chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1
-	cp chronyd.8 $(DESTDIR)$(MANDIR)/man8
-	chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8
-	cp chrony.conf.5 $(DESTDIR)$(MANDIR)/man5
-	chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+	$(MAKE) -C doc install
+
+docs :
+	$(MAKE) -C doc docs
+
+install-docs :
+	$(MAKE) -C doc install-docs
 
 %.o : %.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
@@ -129,31 +109,15 @@ install: chronyd chronyc
 %.s : %.c
 	$(CC) $(CFLAGS) $(CPPFLAGS) -S $<
 
-install-docs : docs
-	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
-	cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt
-	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt
-	cp chrony.html $(DESTDIR)$(DOCDIR)/chrony.html
-	chmod 644 $(DESTDIR)$(DOCDIR)/chrony.html
-	[ -d $(DESTDIR)$(INFODIR) ] || mkdir -p $(DESTDIR)$(INFODIR)
-	cp chrony.info* $(DESTDIR)$(INFODIR)
-	chmod 644 $(DESTDIR)$(INFODIR)/chrony.info*
+check : chronyd chronyc
+	$(MAKE) -C test/unit check
+	cd test/simulation && ./run
 
-docs : chrony.txt chrony.html chrony.info
-
-chrony.txt : chrony.texi
-	makeinfo --no-headers --number-sections -o chrony.txt chrony.texi
-
-chrony.html : chrony.texi
-	command -v texi2html > /dev/null 2>&1 && texi2html chrony.texi || \
-	  makeinfo --no-split --html --number-sections -o chrony.html chrony.texi
-
-chrony.info : chrony.texi
-	makeinfo chrony.texi
-
-# This is only relevant if you're maintaining the website!
-faq.php : faq.txt faqgen.pl
-	perl faqgen.pl < faq.txt > faq.php
+Makefile : Makefile.in configure
+	@echo
+	@echo Makefile needs to be regenerated, run ./configure
+	@echo
+	@exit 1
 
 .deps:
 	@mkdir .deps

NEWS

@@ -1,3 +1,290 @@
+New in version 3.0
+==================
+
+Enhancements
+------------
+* Add support for software and hardware timestamping on Linux
+* Add support for client/server and symmetric interleaved modes
+* Add support for MS-SNTP authentication in Samba
+* Add support for truncated MACs in NTPv4 packets
+* Estimate and correct for asymmetric network jitter
+* Increase default minsamples and polltarget to improve stability
+  with very low jitter
+* Add maxjitter directive to limit source selection by jitter
+* Add offset option to server/pool/peer directive
+* Add maxlockage option to refclock directive
+* Add -t option to chronyd to exit after specified time
+* Add partial protection against replay attacks on symmetric mode
+* Don't reset polling interval when switching sources to online state
+* Allow rate limiting with very short intervals
+* Improve maximum server throughput on Linux and NetBSD
+* Remove dump files after start
+* Add tab-completion to chronyc with libedit/readline
+* Add ntpdata command to print details about NTP measurements
+* Allow all source options to be set in add server/peer command
+* Indicate truncated addresses/hostnames in chronyc output
+* Print reference IDs as hexadecimal numbers to avoid confusion with
+  IPv4 addresses
+
+Bug fixes
+---------
+* Fix crash with disabled asynchronous name resolving
+
+New in version 2.4.1
+====================
+
+Bug fixes
+---------
+* Fix processing of kernel timestamps on non-Linux systems
+* Fix crash with smoothtime directive
+* Fix validation of refclock sample times
+* Fix parsing of refclock directive
+
+New in version 2.4
+==================
+
+Enhancements
+------------
+* Add orphan option to local directive for orphan mode compatible with ntpd
+* Add distance option to local directive to set activation threshold
+  (1 second by default)
+* Add maxdrift directive to set maximum allowed drift of system clock
+* Try to replace NTP sources exceeding maximum distance
+* Randomise source replacement to avoid getting stuck with bad sources
+* Randomise selection of sources from pools on start
+* Ignore reference timestamp as ntpd doesn't always set it correctly
+* Modify tracking report to use same values as seen by NTP clients
+* Add -c option to chronyc to write reports in CSV format
+* Provide detailed manual pages
+
+Bug fixes
+---------
+* Fix SOCK refclock to work correctly when not specified as last refclock
+* Fix initstepslew and -q/-Q options to accept time from own NTP clients
+* Fix authentication with keys using 512-bit hash functions
+* Fix crash on exit when multiple signals are received
+* Fix conversion of very small floating-point numbers in command packets
+
+Removed features
+----------------
+* Drop documentation in Texinfo format
+
+New in version 2.3
+==================
+
+Enhancements
+------------
+* Add support for NTP and command response rate limiting
+* Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris
+* Add require and trust options for source selection
+* Enable logchange by default (1 second threshold)
+* Set RTC on Mac OS X with rtcsync directive
+* Allow binding to NTP port after dropping root privileges on NetBSD
+* Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled
+* Resolve names in separate process when seccomp filter is enabled
+* Replace old records in client log when memory limit is reached
+* Don't reveal local time and synchronisation state in client packets
+* Don't keep client sockets open for longer than necessary
+* Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly
+* Warn when using keys shorter than 80 bits
+* Add keygen command to generate random keys easily
+* Add serverstats command to report NTP and command packet statistics
+
+Bug fixes
+---------
+* Fix clock correction after making step on Mac OS X
+* Fix building on Solaris
+
+New in version 2.2.1
+====================
+
+Security fixes
+--------------
+* Restrict authentication of NTP server/peer to specified key (CVE-2016-1567)
+
+New in version 2.2
+==================
+
+Enhancements
+------------
+* Add support for configuration and monitoring over Unix domain socket
+  (accessible by root or chrony user when root privileges are dropped)
+* Add support for system call filtering with seccomp on Linux (experimental)
+* Add support for dropping root privileges on NetBSD
+* Control frequency of system clock on FreeBSD, NetBSD, Solaris
+* Add system leap second handling mode on FreeBSD, NetBSD, Solaris
+* Add dynamic drift removal on Mac OS X
+* Add support for setting real-time priority on Mac OS X
+* Add maxdistance directive to limit source selection by root distance
+  (3 seconds by default)
+* Add refresh command to get new addresses of NTP sources
+* Allow wildcard patterns in include directive
+* Restore time from driftfile with -s option if later than RTC time
+* Add configure option to set default hwclockfile
+* Add -d option to chronyc to enable debug messages
+* Allow multiple addresses to be specified for chronyc with -h option
+  and reconnect when no valid reply is received
+* Make check interval in waitsync command configurable
+
+Bug fixes
+---------
+* Fix building on NetBSD, Solaris
+* Restore time from driftfile with -s option if reading RTC failed
+
+Removed features
+----------------
+* Drop support for authentication with command key (run-time configuration
+  is now allowed only for local users that can access the Unix domain socket)
+
+New in version 2.1.1
+====================
+
+Bug fixes
+---------
+* Fix clock stepping by integer number of seconds on Linux
+
+New in version 2.1
+==================
+
+Enhancements
+------------
+* Add support for Mac OS X
+* Try to replace unreachable and falseticker servers/peers specified
+  by name like pool sources
+* Add leaponly option to smoothtime directive to allow synchronised
+  leap smear between multiple servers
+* Use specific reference ID when smoothing served time
+* Add smoothing command to report time smoothing status
+* Add smoothtime command to activate or reset time smoothing
+
+Bug fixes
+---------
+* Fix crash in source selection with preferred sources
+* Fix resetting of time smoothing
+* Include packet precision in peer dispersion
+* Fix crash in chronyc on invalid command syntax
+
+New in version 2.0
+==================
+
+Enhancements
+------------
+* Update to NTP version 4 (RFC 5905)
+* Add pool directive to specify pool of NTP servers
+* Add leapsecmode directive to select how to correct clock for leap second
+* Add smoothtime directive to smooth served time and enable leap smear
+* Add minsources directive to set required number of selectable sources
+* Add minsamples and maxsamples options for all sources
+* Add tempcomp configuration with list of points
+* Allow unlimited number of NTP sources, refclocks and keys
+* Allow unreachable sources to remain selected
+* Improve source selection
+* Handle offline sources as unreachable
+* Open NTP server port only when necessary (client access is allowed by
+  allow directive/command or peer/broadcast is configured)
+* Change default bindcmdaddress to loopback address
+* Change default maxdelay to 3 seconds
+* Change default stratumweight to 0.001
+* Update adjtimex synchronisation status
+* Use system headers for adjtimex
+* Check for memory allocation errors
+* Reduce memory usage
+* Add configure options to compile without NTP, cmdmon, refclock support
+* Extend makestep command to set automatic clock stepping
+
+Bug fixes
+---------
+* Add sanity checks for time and frequency offset
+* Don't report synchronised status during leap second
+* Don't combine reference clocks with close NTP sources
+* Fix accepting requests from configured sources
+* Fix initial fallback drift setting
+
+New in version 1.31.1
+=====================
+
+Security fixes
+--------------
+* Protect authenticated symmetric NTP associations against DoS attacks
+  (CVE-2015-1853)
+* Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821)
+* Fix initialization of reply slots for authenticated commands (CVE-2015-1822)
+
+New in version 1.31
+===================
+
+Enhancements
+------------
+* Support operation in other NTP eras (next era begins in 2036),
+  NTP time is mapped to [-50, +86] years around build date by default
+* Restore time from driftfile with -s when RTC is missing/unsupported
+* Close connected client sockets when not waiting for reply
+* Use one client socket with random port when acquisitionport is 0
+* Use NTP packets instead of UDP echo for presend
+* Don't adjust polling interval when sending fails
+* Allow binding to addresses that don't exist yet
+* Ignore measurements around leap second
+* Improve detection of unexpected time jumps
+* Include example of logrotate configuration, systemd services and
+  NetworkManager dispatcher script
+
+Bug fixes
+---------
+* Reconnect client sockets for each request to follow changes
+  in network configuration automatically
+* Restart timer when polling interval is changed on reset
+
+New in version 1.30
+===================
+
+Enhancements
+------------
+* Add asynchronous name resolving with POSIX threads
+* Add PTP hardware clock (PHC) refclock driver
+* Add new generic clock driver to slew by adjusting frequency only
+  (without kernel PLL or adjtime) and use it on Linux
+* Add rtcautotrim directive to trim RTC automatically
+* Add hwclockfile directive to share RTC LOCAL/UTC setting with hwclock
+* Add maxslewrate directive to set maximum allowed slew rate
+* Add maxdispersion option for refclocks
+* Add -q/-Q options to set clock/print offset once and exit
+* Allow directives to be specified on chronyd command line
+* Replace frequency scaling in Linux driver with retaining of tick
+* Try to detect unexpected forward time jumps and reset state
+* Exit with non-zero code when maxchange limit is reached
+* Improve makestep to not start and stop slew unnecessarily
+* Change default corrtimeratio to 3.0 to improve frequency accuracy
+* Announce leap second only on last day of June and December
+* Use separate connected client sockets for each NTP server
+* Remove separate NTP implementation used for initstepslew
+* Limit maximum minpoll set by KoD RATE to default maxpoll
+* Don't send NTP requests with unknown key
+* Print warning when source is added with unknown key
+* Take leap second in PPS refclock from locked source
+* Make reading of RTC for initial trim more reliable
+* Don't create cmdmon sockets when cmdport is 0
+* Add configure option to set default user to drop root privileges
+* Add configure option to compile with debug messages
+* Print debug messages when -d is used more than once
+* Change format of messages written to terminal with -d
+* Write fatal messages also to stderr with -n
+* Use IP_RECVERR socket option in chronyc to not wait unnecessarily
+* Shorten default chronyc timeout for localhost
+* Change default hostname in chronyc from localhost to 127.0.0.1
+* Print error message on invalid syntax with all chronyc commands
+* Include simulation test suite using clknetsim
+
+Bug fixes
+---------
+* Fix crash when selecting with multiple preferred sources
+* Fix frequency calculation with large frequency offsets
+* Fix code writing drift and RTC files to compile correctly
+* Fix -4/-6 options in chronyc to not reset hostname set by -h
+* Fix refclock sample validation with sub-second polling interval
+* Set stratum correctly with non-PPS SOCK refclock and local stratum
+* Modify dispersion accounting in refclocks to prevent PPS getting
+  stuck with large dispersion and not accepting new samples
+
 New in version 1.29.1
 =====================
 

README

@@ -2,66 +2,36 @@ This is the README for chrony.
 
 What is chrony?
 ===============
-Chrony is a pair of programs for maintaining the accuracy of computer
-clocks.
 
-chronyd is a (background) daemon program that can be started at boot
-time.  This does most of the work.
+chrony is a versatile implementation of the Network Time Protocol (NTP).
+It can synchronize the system clock with NTP servers, reference clocks
+(e.g. GPS receiver), and manual input using wristwatch and keyboard.
+It can also operate as an NTPv4 (RFC 5905) server and peer to provide
+a time service to other computers in the network.
 
-chronyc is a command-line interface program which can be used to
-monitor chronyd's performance and to change various operating
-parameters whilst it is running.
+It is designed to perform well in a wide range of conditions, including
+intermittent network connections, heavily congested networks, changing
+temperatures (ordinary computer clocks are sensitive to temperature),
+and systems that do not run continuosly, or run on a virtual machine.
 
-chronyd's main function is to obtain measurements of the true (UTC)
-time from one of several sources, and correct the system clock
-accordingly.  It also works out the rate at which the system clock
-gains or loses time and uses this information to keep it accurate
-between measurements from the reference.
-
-The reference time can be derived from Network Time Protocol (NTP)
-servers, reference clocks, or wristwatch-and-keyboard (via chronyc).
-The main source of information about the Network Time Protocol is
-http://www.ntp.org.
-
-It is designed so that it can work on computers which only have
-intermittent access to reference sources, for example computers which
-use a dial-up account to access the Internet or laptops.  Of course, it
-will work well on computers with permanent connections too.
-
-In addition, on Linux it can monitor the system's real time clock
-performance, so the system can maintain accurate time even across
-reboots.
-
-Typical accuracies available between 2 machines are
-
-On an ethernet LAN : 100-200 microseconds, often much better
-On a V32bis dial-up modem connection : 10's of milliseconds (from one
-session to the next)
-
-With a good reference clock the accuracy can reach one microsecond.
-
-chronyd can also operate as an RFC1305-compatible NTP server and peer.
+Typical accuracy between two machines synchronised over the Internet is
+within a few milliseconds; on a LAN, accuracy is typically in tens of
+microseconds.  With hardware timestamping or a hardware reference clock
+sub-microsecond accuracy may be possible.
 
+Two programs are included in chrony, chronyd is a daemon that can be
+started at boot time and chronyc is a command-line interface program
+which can be used to monitor chronyd's performance and to change various
+operating parameters whilst it is running.
 
 What will chrony run on?
 ========================
 
-Chrony can be successfully built and run on
-
-1. Linux 2.2.x, 2.3.x, 2.4.x, 2.6.x, 3.x
-
-2. Solaris 2.5/2.5.1/2.6/2.7/2.8 (various platforms) 
-
-3. SunOS 4.1.4 (Sparc 2 and Sparc 20)
-
-4. BSD/386 v1.1 has been reported to work using the SunOS 4.1 driver.
-
-5. NetBSD.
-
-Any other system will require a porting exercise.  You would need to
-start from one of the existing system-specific drivers and look into
-the quirks of certain system calls and the kernel on your target
-system.  (This is described in the manual).
+The software is known to work on Linux, FreeBSD, NetBSD, macOS and
+Solaris.  Closely related systems may work too.  Any other system will
+likely require a porting exercise.  You would need to start from one
+of the existing system-specific drivers and look into the quirks of
+certain system calls and the kernel on your target system.
 
 How do I set it up?
 ===================
@@ -83,7 +53,7 @@ ready-formatted plain text (chrony.txt) in the distribution.
 There is also information available on the chrony web pages, accessible
 through the URL 
 
-    http://chrony.tuxfamily.org/
+    https://chrony.tuxfamily.org/
 
 Where are new versions announced?
 =================================
@@ -94,8 +64,7 @@ by sending mail with the subject "subscribe" to
 
 chrony-announce-request@chrony.tuxfamily.org
 
-These messages will be copied to chrony-users (see below).  New versions
-are announced also on Freshmeat (http://freshmeat.net/).
+These messages will be copied to chrony-users (see below).
 
 How can I get support for chrony?
 and where can I discuss new features, possible bugs etc?
@@ -115,26 +84,36 @@ chrony-dev-request@chrony.tuxfamily.org
 
 as applicable.
 
+When you are reporting a bug, please send us all the information you can.
+Unfortunately, chrony has proven to be one of those programs where it is very
+difficult to reproduce bugs in a different environment. So we may have to
+interact with you quite a lot to obtain enough extra logging and tracing to
+pin-point the problem in some cases. Please be patient and plan for this!
 
-Author
-======
+License
+=======
+
+chrony is distributed under the GNU General Public License version 2.
+
+Authors
+=======
 
 Richard P. Curnow <rc@rc0.org.uk>
-
-
-Maintainers
-===========
-
-John Hasler <john@dhh.gt.org>
 Miroslav Lichvar <mlichvar@redhat.com>
 
-
 Acknowledgements
 ================
 
+In writing the chronyd program, extensive use has been made of RFC 1305
+and RFC 5905, written by David Mills. The source code of the NTP reference
+implementation has been used to check the details of the protocol.
+
 The following people have provided patches and other major contributions
 to the program :
 
+Lonnie Abelbeck <lonnie@abelbeck.com>
+    Patch to add tab-completion to chronyc
+
 Benny Lyne Amorsen <benny@amorsen.dk>
     Patch to add minstratum option
 
@@ -155,6 +134,11 @@ Stephan I. Boettcher <stephan@nevis1.columbia.edu>
 Erik Bryer <ebryer@spots.ab.ca>
     Entries in contrib directory
 
+Bryan Christianson <bryan@whatroute.net>
+    Support for macOS
+    Support for privilege separation
+    Entries in contrib directory
+
 Juliusz Chroboczek <jch@pps.jussieu.fr>
     Fix install rule in Makefile if chronyd file is in use.
 
@@ -169,6 +153,9 @@ Alexander Gretencord <arutha@gmx.de>
     Changes to installation directory system to make it easier for
     package builders.
 
+Andrew Griffiths <agriffit@redhat.com>
+    Patch to add support for seccomp filter
+
 Walter Haidinger <walter.haidinger@gmx.at>
     Providing me with login access to a Linux installation where v1.12
     wouldn't compile, so I could develop the fixes for v1.13.  Also, for
@@ -179,6 +166,7 @@ Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
     Port to NetBSD
 
 John Hasler <john@dhh.gt.org>
+    Project and website at tuxfamily.org
     Changes to support 64 bit machines (i.e. those where
       sizeof(unsigned long) > 4)
     Bug fix to initstepslew directive
@@ -186,6 +174,11 @@ John Hasler <john@dhh.gt.org>
     Memory locking and real-time scheduler support
     Fix fault where chronyd enters an endless loop
 
+Tjalling Hattink <t.hattink@fugro.nl>
+    Fix scheduler to allow stepping clock from timeout handler
+    Patch to take leap second in PPS refclock from locked source
+    Patch to make reading of RTC for initial trim more reliable
+
 Liam Hatton <me@liamhatton.com>
     Advice on configuring for Linux on PPC
 
@@ -201,18 +194,6 @@ Jim Knoble <jmknoble@pobox.com>
 Antti Jrvinen <costello@iki.fi>
     Advice on configuring for BSD/386
 
-Miroslav Lichvar <mlichvar@redhat.com>
-    Reference clock support
-    IPv6 support
-    Linux capabilities support
-    Leap second support
-    Improved source selection
-    Improved sample history trimming
-    Improved polling interval adjustment
-    Improved stability with temporary asymmetric delays
-    Temperature compensation
-    Many other bug fixes and improvements
-
 Victor Moroz <vim@prv.adlum.ru>
     Patch to support Linux with HZ!=100
 
@@ -222,12 +203,21 @@ Kalle Olavi Niemitalo  <tosi@stekt.oulu.fi>
 Frank Otto <sandwichmacher@web.de>
     Handling arbitrary HZ values
 
+Gautier PHILIPPON <gautier.philippon@ensimag.grenoble-inp.fr>
+    Patch to add refresh command to chronyc
+
 Andreas Piesk <apiesk@virbus.de>
     Patch to make chronyc use the readline library if available
 
 Timo Teras <timo.teras@iki.fi>
     Patch to reply correctly on multihomed hosts
 
+Bill Unruh <unruh@physics.ubc.ca>
+    Advice on statistics
+
+Stephen Wadeley <swadeley@redhat.com>
+    Improvements to man pages
+
 Wolfgang Weisselberg <weissel@netcologne.de>
     Entries in contrib directory
 
@@ -241,5 +231,5 @@ Ulrich Windl <ulrich.windl@rz.uni-regensburg.de> for the
 Doug Woodward <dougw@whistler.com>
     Advice on configuring for Solaris 2.8 on x86
 
-Many other people have contributed bug reports and suggestions.  I'm
-sorry I can't identify all of you individually.
+Many other people have contributed bug reports and suggestions.  We are sorry
+we cannot identify all of you individually.

acquire.c

@@ -1,796 +0,0 @@
-/*
-  chronyd/chronyc - Programs for keeping computer clocks accurate.
-
- **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2003
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- * 
- **********************************************************************
-
-  =======================================================================
-
-  Processing to perform the equivalent of what ntpdate does.  That is,
-  make a rapid-fire set of measurements to a designated set of
-  sources, and step or slew the local clock to bring it into line with
-  the result.
-
-  This is kept completely separate of the main chronyd processing, by
-  using a separate socket for sending/receiving the measurement
-  packets.  That way, ntp_core.c can be kept completely independent of
-  this functionality.
-  
-  A few of the finer points of how to construct valid RFC1305 packets
-  and validate responses for this case have been cribbed from the
-  ntpdate source.
-
-  */
-
-#include "config.h"
-
-#include "sysincl.h"
-
-#include "acquire.h"
-#include "memory.h"
-#include "sched.h"
-#include "local.h"
-#include "logging.h"
-#include "ntp.h"
-#include "util.h"
-#include "main.h"
-#include "conf.h"
-
-/* ================================================== */
-
-/* Interval between firing off the first sample to successive sources */
-#define INTER_SOURCE_START (0.2)
-
-#define MAX_SAMPLES 8
-
-#define MAX_DEAD_PROBES 4
-#define N_GOOD_SAMPLES 4
-
-#define RETRANSMISSION_TIMEOUT (1.0)
-
-#define NTP_VERSION 3
-#define NTP_MAX_COMPAT_VERSION 4
-#define NTP_MIN_COMPAT_VERSION 2
-
-typedef struct {
-  IPAddr ip_addr;               /* Address of the server */
-  int sanity;                   /* Flag indicating whether source
-                                   looks sane or not */
-  int n_dead_probes;            /* Number of probes sent to the server
-                                   since a good one */
-  int n_samples;                /* Number of samples accumulated */
-  int n_total_samples;          /* Total number of samples received
-                                   including useless ones */
-  double offsets[MAX_SAMPLES];  /* In seconds, positive means local
-                                   clock is fast of reference */
-  double root_distances[MAX_SAMPLES]; /* in seconds */
-  double inter_lo;              /* Low end of estimated range of offset */
-  double inter_hi;              /* High end of estimated range of offset */
-
-  NTP_int64 last_tx;            /* Transmit timestamp in last packet
-                                   transmitted to source. */
-
-  int timer_running;
-  SCH_TimeoutID timeout_id;
-} SourceRecord;
-
-static SourceRecord *sources;
-static int n_sources;
-static int n_started_sources;
-static int n_completed_sources;
-
-static double init_slew_threshold;
-
-union sockaddr_in46 {
-  struct sockaddr_in in4;
-#ifdef HAVE_IPV6
-  struct sockaddr_in6 in6;
-#endif
-  struct sockaddr u;
-};
-
-static int sock_fd4 = -1;
-#ifdef HAVE_IPV6
-static int sock_fd6 = -1;
-#endif
-
-/* ================================================== */
-
-static void (*saved_after_hook)(void *) = NULL;
-static void *saved_after_hook_anything = NULL;
-
-/* ================================================== */
-
-typedef struct {
-  double offset;
-  enum {LO, HIGH} type;
-  int index;
-} Endpoint;
-
-typedef struct {
-  double lo;
-  double hi;
-} Interval;
-
-/* ================================================== */
-
-static void read_from_socket(void *anything);
-static void transmit_timeout(void *x);
-static void wind_up_acquisition(void);
-static void start_source_timeout_handler(void *not_used);
-
-/* ================================================== */
-
-static SCH_TimeoutID source_start_timeout_id;
-
-/* ================================================== */
-
-void
-ACQ_Initialise(void)
-{
-}
-
-
-/* ================================================== */
-
-void
-ACQ_Finalise(void)
-{
-}
-
-/* ================================================== */
-
-static int
-prepare_socket(int family)
-{
-  unsigned short port_number = CNF_GetAcquisitionPort();
-  int sock_fd;
-  socklen_t addrlen;
-
-  sock_fd = socket(family, SOCK_DGRAM, 0);
-
-  if (sock_fd < 0) {
-    LOG_FATAL(LOGF_Acquire, "Could not open socket : %s", strerror(errno));
-  }
-
-  /* Close on exec */
-  UTI_FdSetCloexec(sock_fd);
-
-  if (port_number == 0) {
-    /* Don't bother binding this socket - we're not fussed what port
-       number it gets */
-  } else {
-    union sockaddr_in46 my_addr;
-
-    memset(&my_addr, 0, sizeof (my_addr));
-
-    switch (family) {
-      case AF_INET:
-        my_addr.in4.sin_family = family;
-        my_addr.in4.sin_port = htons(port_number);
-        my_addr.in4.sin_addr.s_addr = htonl(INADDR_ANY);
-        addrlen = sizeof (my_addr.in4);
-        break;
-#ifdef HAVE_IPV6
-      case AF_INET6:
-        my_addr.in6.sin6_family = family;
-        my_addr.in6.sin6_port = htons(port_number);
-        my_addr.in6.sin6_addr = in6addr_any;
-        addrlen = sizeof (my_addr.in6);
-        break;
-#endif
-      default:
-        assert(0);
-    }
-
-    if (bind(sock_fd, &my_addr.u, addrlen) < 0) {
-      LOG(LOGS_ERR, LOGF_Acquire, "Could not bind socket : %s", strerror(errno));
-      /* but keep running */
-    }
-  }
-
-  SCH_AddInputFileHandler(sock_fd, read_from_socket, (void *)(long)sock_fd);
-
-  return sock_fd;
-}
-/* ================================================== */
-
-static void
-initialise_io(int family)
-{
-  if (family == IPADDR_INET4 || family == IPADDR_UNSPEC)
-    sock_fd4 = prepare_socket(AF_INET);
-#ifdef HAVE_IPV6
-  if (family == IPADDR_INET6 || family == IPADDR_UNSPEC)
-    sock_fd6 = prepare_socket(AF_INET6);
-#endif
-}
-
-/* ================================================== */
-
-static void
-finalise_io(void)
-{
-  if (sock_fd4 >= 0) {
-    SCH_RemoveInputFileHandler(sock_fd4);
-    close(sock_fd4);
-  }
-  sock_fd4 = -1;
-#ifdef HAVE_IPV6
-  if (sock_fd6 >= 0) {
-    SCH_RemoveInputFileHandler(sock_fd6);
-    close(sock_fd6);
-  }
-  sock_fd6 = -1;
-#endif
-}
-
-/* ================================================== */
-
-static void
-probe_source(SourceRecord *src)
-{
-  NTP_Packet pkt;
-  int version = NTP_VERSION;
-  NTP_Mode my_mode = MODE_CLIENT;
-  struct timeval cooked;
-  union sockaddr_in46 his_addr;
-  int sock_fd;
-  socklen_t addrlen;
-  uint32_t ts_fuzz;
-
-#if 0
-  printf("Sending probe to %s sent=%d samples=%d\n", UTI_IPToString(&src->ip_addr), src->n_probes_sent, src->n_samples);
-#endif
-
-  pkt.lvm = (((LEAP_Unsynchronised << 6) & 0xc0) |
-             ((version << 3) & 0x38) |
-             ((my_mode) & 0x7));
-
-  pkt.stratum = 0;
-  pkt.poll = 4;
-  pkt.precision = -6; /* as ntpdate */
-  pkt.root_delay = UTI_DoubleToInt32(1.0); /* 1 second */
-  pkt.root_dispersion = UTI_DoubleToInt32(1.0); /* likewise */
-  pkt.reference_id = 0;
-  pkt.reference_ts.hi = 0; /* Set to 0 */
-  pkt.reference_ts.lo = 0; /* Set to 0 */
-  pkt.originate_ts.hi = 0; /* Set to 0 */
-  pkt.originate_ts.lo = 0; /* Set to 0 */
-  pkt.receive_ts.hi = 0;   /* Set to 0 */
-  pkt.receive_ts.lo = 0;   /* Set to 0 */
-
-  /* And do transmission */
-
-  memset(&his_addr, 0, sizeof (his_addr));
-  switch (src->ip_addr.family) {
-    case IPADDR_INET4:
-      his_addr.in4.sin_addr.s_addr = htonl(src->ip_addr.addr.in4);
-      his_addr.in4.sin_port = htons(123); /* Fixed for now */
-      his_addr.in4.sin_family = AF_INET;
-      addrlen = sizeof (his_addr.in4);
-      sock_fd = sock_fd4;
-      break;
-#ifdef HAVE_IPV6
-    case IPADDR_INET6:
-      memcpy(&his_addr.in6.sin6_addr.s6_addr, &src->ip_addr.addr.in6,
-          sizeof (his_addr.in6.sin6_addr.s6_addr));
-      his_addr.in6.sin6_port = htons(123); /* Fixed for now */
-      his_addr.in6.sin6_family = AF_INET6;
-      addrlen = sizeof (his_addr.in6);
-      sock_fd = sock_fd6;
-      break;
-#endif
-    default:
-      assert(0);
-  }
-
-
-  ts_fuzz = UTI_GetNTPTsFuzz(LCL_GetSysPrecisionAsLog());
-  LCL_ReadCookedTime(&cooked, NULL);
-  UTI_TimevalToInt64(&cooked, &pkt.transmit_ts, ts_fuzz);
-
-  if (sendto(sock_fd, (void *) &pkt, NTP_NORMAL_PACKET_SIZE,
-             0,
-             &his_addr.u, addrlen) < 0) {
-    LOG(LOGS_WARN, LOGF_Acquire, "Could not send to %s : %s",
-        UTI_IPToString(&src->ip_addr),
-        strerror(errno));
-  }
-
-  src->last_tx = pkt.transmit_ts;
-
-  ++(src->n_dead_probes);
-  src->timer_running = 1;
-  src->timeout_id = SCH_AddTimeoutByDelay(RETRANSMISSION_TIMEOUT, transmit_timeout, (void *) src);
-}
-
-/* ================================================== */
-
-static void
-transmit_timeout(void *x)
-{
-  SourceRecord *src = (SourceRecord *) x;
-
-  src->timer_running = 0;
-
-#if 0
-  printf("Timeout expired for server %s\n", UTI_IPToString(&src->ip_addr));
-#endif
-
-  if (src->n_dead_probes < MAX_DEAD_PROBES) {
-    probe_source(src);
-  } else {
-    /* Source has croaked or is taking too long to respond */
-    ++n_completed_sources;
-    if (n_completed_sources == n_sources) {
-      wind_up_acquisition();
-    }
-  }
-}
-
-/* ================================================== */
-
-#define MAX_STRATUM 15
-
-static void
-process_receive(NTP_Packet *msg, SourceRecord *src, struct timeval *now)
-{
-
-  unsigned long lvm;
-  int leap, version, mode;
-  double root_delay, root_dispersion;
-  double total_root_delay, total_root_dispersion, total_root_distance;
-
-  struct timeval local_orig, local_average, remote_rx, remote_tx, remote_average;
-  double remote_interval, local_interval;
-  double delta, theta, epsilon;
-  int n;
-  
-  /* Most of the checks are from ntpdate */
-
-  /* Need to do something about authentication */
-
-  lvm = msg->lvm;
-  leap = (lvm >> 6) & 0x3;
-  version = (lvm >> 3) & 0x7;
-  mode = lvm & 0x7;
-
-  if ((leap == LEAP_Unsynchronised) ||
-      (version  < NTP_MIN_COMPAT_VERSION || version > NTP_MAX_COMPAT_VERSION) ||
-      (mode != MODE_SERVER && mode != MODE_PASSIVE)) {
-    return;
-  }
-
-  if (msg->stratum > MAX_STRATUM) {
-    return;
-  }
-
-  /* Check whether server is responding to our last request */
-  if ((msg->originate_ts.hi != src->last_tx.hi) ||
-      (msg->originate_ts.lo != src->last_tx.lo)) {
-    return;
-  }
-
-  /* Check that the server is sane */
-  if (((msg->originate_ts.hi == 0) && (msg->originate_ts.lo == 0)) ||
-      ((msg->receive_ts.hi == 0) && (msg->receive_ts.lo) == 0)) {
-    return;
-  }
-
-  root_delay = UTI_Int32ToDouble(msg->root_delay);
-  root_dispersion = UTI_Int32ToDouble(msg->root_dispersion);
-
-  UTI_Int64ToTimeval(&src->last_tx, &local_orig);
-  UTI_Int64ToTimeval(&msg->receive_ts, &remote_rx);
-  UTI_Int64ToTimeval(&msg->transmit_ts, &remote_tx);
-  UTI_AverageDiffTimevals(&remote_rx, &remote_tx, &remote_average, &remote_interval);
-  UTI_AverageDiffTimevals(&local_orig, now, &local_average, &local_interval);
-
-  delta = local_interval - remote_interval;
-
-  /* Defined as positive if we are fast.  Note this sign convention is
-     opposite to that used in ntp_core.c */
-
-  UTI_DiffTimevalsToDouble(&theta, &local_average, &remote_average);
-  
-  /* Could work out epsilon - leave till later */
-  epsilon = 0.0;
-
-  total_root_delay = fabs(delta) + root_delay;
-  total_root_dispersion = epsilon + root_dispersion;
-  total_root_distance = 0.5 * fabs(total_root_delay) + total_root_dispersion;
-
-  n = src->n_samples;
-#if 0
-  printf("Sample %d theta=%.6f delta=%.6f root_del=%.6f root_disp=%.6f root_dist=%.6f\n",
-         n, theta, delta, total_root_delay, total_root_dispersion, total_root_distance);
-#endif
-  src->offsets[n] = theta;
-  src->root_distances[n] = total_root_distance;
-  ++(src->n_samples);
-
-}
-
-/* ================================================== */
-
-static void
-read_from_socket(void *anything)
-{
-  int status;
-  ReceiveBuffer msg;
-  union sockaddr_in46 his_addr;
-  int sock_fd;
-  socklen_t his_addr_len;
-  int flags;
-  int message_length;
-  IPAddr remote_ip;
-  int i, ok;
-  struct timeval now;
-  SourceRecord *src;
-
-  flags = 0;
-  message_length = sizeof(msg);
-  his_addr_len = sizeof(his_addr);
-
-  /* Get timestamp */
-  SCH_GetLastEventTime(&now, NULL, NULL);
-
-  sock_fd = (long)anything;
-  status = recvfrom (sock_fd, (char *)&msg, message_length, flags,
-                     &his_addr.u, &his_addr_len);
-
-  if (status < 0) {
-    LOG(LOGS_WARN, LOGF_Acquire, "Error reading from socket, %s", strerror(errno));
-    return;
-  }
-  
-  switch (his_addr.u.sa_family) {
-    case AF_INET:
-      remote_ip.family = IPADDR_INET4;
-      remote_ip.addr.in4 = ntohl(his_addr.in4.sin_addr.s_addr);
-      break;
-#ifdef HAVE_IPV6
-    case AF_INET6:
-      remote_ip.family = IPADDR_INET6;
-      memcpy(&remote_ip.addr.in6, his_addr.in6.sin6_addr.s6_addr,
-          sizeof (remote_ip.addr.in6));
-      break;
-#endif
-    default:
-      assert(0);
-  }
-
-#if 0
-  printf("Got message from %s\n", UTI_IPToString(&remote_ip));
-#endif
-  
-  /* Find matching host */
-  ok = 0;
-  for (i=0; i<n_sources; i++) {
-    if (UTI_CompareIPs(&remote_ip, &sources[i].ip_addr, NULL) == 0) {
-      ok = 1;
-      break;
-    }
-  }
-
-  if (ok) {
-
-    src = sources + i;
-    ++src->n_total_samples;
-
-    src->n_dead_probes = 0; /* reset this when we actually receive something */
-
-    /* If we got into this function, we know the retransmission timeout has not
-       expired for the source */
-    if (src->timer_running) {
-      SCH_RemoveTimeout(src->timeout_id);
-      src->timer_running = 0;
-    }
-
-    process_receive(&msg.ntp_pkt, src, &now);
-
-    /* Check if server done and requeue timeout */
-    if ((src->n_samples >= N_GOOD_SAMPLES) ||
-        (src->n_total_samples >= MAX_SAMPLES)) {
-      ++n_completed_sources;
-#if 0
-      printf("Source %s completed\n", UTI_IPToString(&src->ip_addr));
-#endif
-      if (n_completed_sources == n_sources) {
-        wind_up_acquisition();
-      }
-    } else {
-      
-      /* Send the next probe */
-      probe_source(src);
-
-    }
-  }
-
-}
-
-/* ================================================== */
-
-static void
-start_next_source(void)
-{
-  probe_source(sources + n_started_sources);
-#if 0
-  printf("Trying to start source %s\n", UTI_IPToString(&sources[n_started_sources].ip_addr));
-#endif
-  n_started_sources++;
-  
-  if (n_started_sources < n_sources) {
-    source_start_timeout_id = SCH_AddTimeoutByDelay(INTER_SOURCE_START, start_source_timeout_handler, NULL);
-  }
-}
-
-/* ================================================== */
-
-static int
-endpoint_compare(const void *a, const void *b)
-{
-  const Endpoint *aa = (const Endpoint *) a;
-  const Endpoint *bb = (const Endpoint *) b;
-
-  if (aa->offset < bb->offset) {
-    return -1;
-  } else if (aa->offset > bb->offset) {
-    return +1;
-  } else {
-    return 0;
-  }
-}
-
-/* ================================================== */
-
-static void
-process_measurements(void)
-{
-
-  SourceRecord *s;
-  Endpoint *eps;
-  int i, j;
-  int n_sane_sources;
-  double lo, hi;
-  double inter_lo, inter_hi;
-
-  int depth;
-  int best_depth;
-  int n_at_best_depth;
-  Interval *intervals;
-  double estimated_offset;
-  int index1, index2;
-
-  n_sane_sources = 0;
-
-  /* First, get a consistent interval for each source.  Those for
-     which this is not possible are considered to be insane. */
-
-  for (i=0; i<n_sources; i++) {
-    s = sources + i;
-    /* If we got no measurements, the source is insane */
-    if (s->n_samples == 0) {
-      s->sanity = 0;
-    } else {
-      s->sanity = 1; /* so far ... */
-      lo = s->offsets[0] - s->root_distances[0];
-      hi = s->offsets[0] + s->root_distances[0];
-      inter_lo = lo;
-      inter_hi = hi;
-      for (j=1; j<s->n_samples; j++) {
-        lo = s->offsets[j] - s->root_distances[j];
-        hi = s->offsets[j] + s->root_distances[j];
-        if ((inter_hi <= lo) || (inter_lo >= hi)) {
-          /* Oh dear, we won't get an interval for this source */
-          s->sanity = 0;
-          break;
-        } else {
-          inter_lo = (lo < inter_lo) ? inter_lo : lo;
-          inter_hi = (hi > inter_hi) ? inter_hi : hi;
-        }
-      }
-      if (s->sanity) {
-        s->inter_lo = inter_lo;
-        s->inter_hi = inter_hi;
-      }
-    }
-
-    if (s->sanity) {
-      ++n_sane_sources;
-    }
-
-  }
-
-  /* Now build the endpoint list, similar to the RFC1305 clock
-     selection algorithm. */
-  eps = MallocArray(Endpoint, 2*n_sane_sources);
-  intervals = MallocArray(Interval, n_sane_sources);
-
-  j = 0;
-  for (i=0; i<n_sources; i++) {
-    s = sources + i;
-    if (s->sanity) {
-      eps[j].offset = s->inter_lo;
-      eps[j].type = LO;
-      eps[j].index = i;
-      eps[j+1].offset = s->inter_hi;
-      eps[j+1].type = HIGH;
-      eps[j+1].index = i;
-      j += 2;
-    }
-  }
-
-  qsort(eps, 2*n_sane_sources, sizeof(Endpoint), endpoint_compare);
-
-  /* Now do depth searching algorithm */
-  n_at_best_depth = best_depth = depth = 0;
-  for (i=0; i<2*n_sane_sources; i++) {
-
-#if 0
-    fprintf(stderr, "Endpoint type %s source index %d [ip=%s] offset=%.6f\n",
-            (eps[i].type == LO) ? "LO" : "HIGH",
-            eps[i].index,
-            UTI_IPToString(&sources[eps[i].index].ip_addr),
-            eps[i].offset);
-#endif
-
-    switch (eps[i].type) {
-      case LO:
-        depth++;
-        if (depth > best_depth) {
-          best_depth = depth;
-          n_at_best_depth = 0;
-          intervals[0].lo = eps[i].offset;
-        } else if (depth == best_depth) {
-          intervals[n_at_best_depth].lo = eps[i].offset;
-        } else {
-          /* Nothing to do */
-        }
-
-        break;
-
-      case HIGH:
-        if (depth == best_depth) {
-          intervals[n_at_best_depth].hi = eps[i].offset;
-          n_at_best_depth++;
-        }
-
-        depth--;
-
-        break;
-
-    }
-  }
-
-  if (best_depth > 0) {
-    if ((n_at_best_depth % 2) == 1) {
-      index1 = (n_at_best_depth - 1) / 2;
-      estimated_offset = 0.5 * (intervals[index1].lo + intervals[index1].hi);
-    } else {
-      index2 = (n_at_best_depth / 2);
-      index1 = index2 - 1;
-      estimated_offset = 0.5 * (intervals[index1].lo + intervals[index2].hi);
-    }
-
-
-    /* Apply a step change to the system clock.  As per sign
-       convention in local.c and its children, a positive offset means
-       the system clock is fast of the reference, i.e. it needs to be
-       stepped backwards. */
-
-    if (fabs(estimated_offset) > init_slew_threshold) {
-      LOG(LOGS_INFO, LOGF_Acquire, "System's initial offset : %.6f seconds %s of true (step)",
-          fabs(estimated_offset),
-          (estimated_offset >= 0) ? "fast" : "slow");
-      LCL_ApplyStepOffset(estimated_offset);
-    } else {
-      LOG(LOGS_INFO, LOGF_Acquire, "System's initial offset : %.6f seconds %s of true (slew)",
-          fabs(estimated_offset),
-          (estimated_offset >= 0) ? "fast" : "slow");
-      LCL_AccumulateOffset(estimated_offset, 0.0);
-    }
-
-  } else {
-    LOG(LOGS_WARN, LOGF_Acquire, "No intersecting endpoints found");
-  }  
-
-  Free(intervals);
-  Free(eps);
-        
-}
-
-/* ================================================== */
-
-static void
-wind_up_acquisition(void)
-{
-
-  /* Now process measurements */
-  process_measurements();
-
-  Free(sources);
-
-  finalise_io();
-
-  if (saved_after_hook) {
-    (saved_after_hook)(saved_after_hook_anything);
-  }
-
-}
-
-/* ================================================== */
-
-static void
-start_source_timeout_handler(void *not_used)
-{
-
-  start_next_source();
-}
-
-/* ================================================== */
-
-void
-ACQ_StartAcquisition(int n, IPAddr *ip_addrs, double threshold, void (*after_hook)(void *), void *anything)
-{
-
-  int i, ip4, ip6;
-  int k, duplicate_ip;
-
-  saved_after_hook = after_hook;
-  saved_after_hook_anything = anything;
-
-  init_slew_threshold = threshold;
-
-  n_started_sources = 0;
-  n_completed_sources = 0;
-  n_sources = 0;
-  sources = MallocArray(SourceRecord, n);
-
-  for (i = ip4 = ip6 = 0; i < n; i++) {
-    /* check for duplicate IP addresses and ignore them */
-    duplicate_ip = 0;
-    for (k = 0; k < i; k++) {
-      duplicate_ip |= UTI_CompareIPs(&(sources[k].ip_addr),
-                                     &ip_addrs[i],
-                                     NULL) == 0;
-    }
-    if (!duplicate_ip) {
-      sources[n_sources].ip_addr = ip_addrs[i];
-      sources[n_sources].n_samples = 0;
-      sources[n_sources].n_total_samples = 0;
-      sources[n_sources].n_dead_probes = 0;
-      if (ip_addrs[i].family == IPADDR_INET4)
-        ip4++;
-      else if (ip_addrs[i].family == IPADDR_INET6)
-        ip6++;
-      n_sources++;
-    } else {
-      LOG(LOGS_WARN, LOGF_Acquire, "Ignoring duplicate source: %s",
-          UTI_IPToString(&ip_addrs[i]));
-    }
-  }
-
-  initialise_io((ip4 && ip6) ? IPADDR_UNSPEC : (ip4 ? IPADDR_INET4 : IPADDR_INET6));
-
-  /* Start sampling first source */
-  start_next_source();
-}
-
-/* ================================================== */

addressing.h

@@ -42,13 +42,18 @@ typedef struct {
     uint8_t in6[16];
   } addr;
   uint16_t family;
+  uint16_t _pad;
 } IPAddr;
 
 typedef struct {
   IPAddr ip_addr;
-  IPAddr local_ip_addr;
   unsigned short port;
 } NTP_Remote_Address;
 
+typedef struct {
+  IPAddr ip_addr;
+  int sock_fd;
+} NTP_Local_Address;
+
 #endif /* GOT_ADDRESSING_H */
 

addrfilt.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997,1998,1999,2000,2001,2002,2005
- * Copyright (C) Miroslav Lichvar  2009
+ * Copyright (C) Miroslav Lichvar  2009, 2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -62,7 +62,7 @@ split_ip6(IPAddr *ip, uint32_t *dst)
   int i;
 
   for (i = 0; i < 4; i++)
-    dst[i] = ip->addr.in6[i * 4 + 0] << 24 |
+    dst[i] = (uint32_t)ip->addr.in6[i * 4 + 0] << 24 |
              ip->addr.in6[i * 4 + 1] << 16 |
              ip->addr.in6[i * 4 + 2] << 8 |
              ip->addr.in6[i * 4 + 3];
@@ -199,7 +199,10 @@ set_subnet(TableNode *start_node,
 
       /* How many subnet entries to set : 1->8, 2->4, 3->2 */
       N = 1 << (NBITS-bits_to_go);
-      subnet = get_subnet(ip, bits_consumed);
+
+      subnet = get_subnet(ip, bits_consumed) & ~(N - 1);
+      assert(subnet + N <= TABLE_SIZE);
+
       if (!(node->extended)) {
         open_node(node);
       }
@@ -363,114 +366,38 @@ ADF_IsAllowed(ADF_AuthTable table,
 
 /* ================================================== */
 
-#if defined TEST
-
-static void print_node(TableNode *node, uint32_t *addr, int ip_len, int shift, int subnet_bits)
+static int
+is_any_allowed(TableNode *node, State parent)
 {
-  uint32_t new_addr[4];
+  State state;
   int i;
-  TableNode *sub_node;
 
-  for (i=0; i<subnet_bits; i++) putchar(' ');
+  state = node->state != AS_PARENT ? node->state : parent;
+  assert(state != AS_PARENT);
 
-  if (ip_len == 1)
-      printf("%d.%d.%d.%d",
-          ((addr[0] >> 24) & 255),
-          ((addr[0] >> 16) & 255),
-          ((addr[0] >>  8) & 255),
-          ((addr[0]      ) & 255));
-  else {
-    for (i=0; i<4; i++) {
-      if (addr[i])
-        printf("%d.%d.%d.%d",
-            ((addr[i] >> 24) & 255),
-            ((addr[i] >> 16) & 255),
-            ((addr[i] >>  8) & 255),
-            ((addr[i]      ) & 255));
-      putchar(i < 3 ? ':' : '\0');
-    }
-  }
-  printf("/%d : %s\n",
-         subnet_bits,
-         (node->state == ALLOW) ? "allow" :
-         (node->state == DENY)  ? "deny" : "as parent");
   if (node->extended) {
-    for (i=0; i<16; i++) {
-      sub_node = &(node->extended[i]);
-      new_addr[0] = addr[0];
-      new_addr[1] = addr[1];
-      new_addr[2] = addr[2];
-      new_addr[3] = addr[3];
-      new_addr[ip_len - 1 - shift / 32] |= ((uint32_t)i << (shift % 32));
-      print_node(sub_node, new_addr, ip_len, shift - 4, subnet_bits + 4);
+    for (i = 0; i < TABLE_SIZE; i++) {
+      if (is_any_allowed(&node->extended[i], state))
+        return 1;
     }
+  } else if (state == ALLOW) {
+    return 1;
   }
-}
 
-
-static void print_table(ADF_AuthTable table)
-{
-  uint32_t addr[4];
-
-  memset(addr, 0, sizeof (addr));
-  printf("IPv4 table:\n");
-  print_node(&table->base4, addr, 1, 28, 0);
-
-  memset(addr, 0, sizeof (addr));
-  printf("IPv6 table:\n");
-  print_node(&table->base6, addr, 4, 124, 0);
+  return 0;
 }
 
 /* ================================================== */
 
-int main (int argc, char **argv)
+int
+ADF_IsAnyAllowed(ADF_AuthTable table, int family)
 {
-  IPAddr ip;
-  ADF_AuthTable table;
-  table = ADF_CreateTable();
-
-  ip.family = IPADDR_INET4;
-
-  ip.addr.in4 = 0x7e800000;
-  ADF_Allow(table, &ip, 9);
-  ip.addr.in4 = 0x7ecc0000;
-  ADF_Deny(table, &ip, 14);
-#if 0
-  ip.addr.in4 = 0x7f000001;
-  ADF_Deny(table, &ip, 32);
-  ip.addr.in4 = 0x7f000000;
-  ADF_Allow(table, &ip, 8);
-#endif
-
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-  ip.addr.in4 ^= 1;
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-
-  ip.family = IPADDR_INET6;
-
-  memcpy(ip.addr.in6, "abcdefghijklmnop", 16);
-  ADF_Deny(table, &ip, 66);
-  ADF_Allow(table, &ip, 59);
-
-  memcpy(ip.addr.in6, "xbcdefghijklmnop", 16);
-  ADF_Deny(table, &ip, 128);
-  ip.addr.in6[15] ^= 3;
-  ADF_Allow(table, &ip, 127);
-
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-  ip.addr.in4 ^= 1;
-  printf("allowed: %d\n", ADF_IsAllowed(table, &ip));
-
-  print_table(table);
-
-  ADF_DestroyTable(table);
-  return 0;
+  switch (family) {
+    case IPADDR_INET4:
+      return is_any_allowed(&table->base4, AS_PARENT);
+    case IPADDR_INET6:
+      return is_any_allowed(&table->base6, AS_PARENT);
+    default:
+      return 0;
+  }
 }
-
-
-
-#endif /* defined TEST */
-
-
-
-

addrfilt.h

@@ -72,4 +72,9 @@ extern void ADF_DestroyTable(ADF_AuthTable table);
 extern int ADF_IsAllowed(ADF_AuthTable table,
                          IPAddr *ip);
 
+/* Check if at least one address from a given family is allowed by
+   the rules in the table */
+extern int ADF_IsAnyAllowed(ADF_AuthTable table,
+                            int family);
+
 #endif /* GOT_ADDRFILT_H */

array.c

@@ -0,0 +1,135 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Functions implementing an array with automatic memory allocation.
+
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "memory.h"
+
+struct ARR_Instance_Record {
+  void *data;
+  unsigned int elem_size;
+  unsigned int used;
+  unsigned int allocated;
+};
+
+ARR_Instance
+ARR_CreateInstance(unsigned int elem_size)
+{
+  ARR_Instance array;
+
+  assert(elem_size > 0);
+
+  array = MallocNew(struct ARR_Instance_Record);
+
+  array->data = NULL;
+  array->elem_size = elem_size;
+  array->used = 0;
+  array->allocated = 0;
+
+  return array;
+}
+
+void
+ARR_DestroyInstance(ARR_Instance array)
+{
+  Free(array->data);
+  Free(array);
+}
+
+static void
+realloc_array(ARR_Instance array, unsigned int min_size)
+{
+  size_t data_size;
+
+  assert(min_size <= 2 * min_size);
+  if (array->allocated >= min_size && array->allocated <= 2 * min_size)
+    return;
+
+  if (array->allocated < min_size) {
+    while (array->allocated < min_size)
+      array->allocated = array->allocated ? 2 * array->allocated : 1;
+  } else {
+    array->allocated = min_size;
+  }
+
+  data_size = (size_t)array->elem_size * array->allocated;
+  assert(data_size / array->elem_size == array->allocated);
+
+  array->data = Realloc(array->data, data_size);
+}
+
+void *
+ARR_GetNewElement(ARR_Instance array)
+{
+  array->used++;
+  realloc_array(array, array->used);
+  return ARR_GetElement(array, array->used - 1);
+}
+
+void *
+ARR_GetElement(ARR_Instance array, unsigned int index)
+{
+  assert(index < array->used);
+  return (void *)((char *)array->data + (size_t)index * array->elem_size);
+}
+
+void *
+ARR_GetElements(ARR_Instance array)
+{
+  /* Return a non-NULL pointer when the array has zero size */
+  if (!array->data) {
+    assert(!array->used);
+    return array;
+  }
+
+  return array->data;
+}
+
+void
+ARR_AppendElement(ARR_Instance array, void *element)
+{
+  void *e;
+
+  e = ARR_GetNewElement(array);
+  memcpy(e, element, array->elem_size);
+}
+
+void
+ARR_SetSize(ARR_Instance array, unsigned int size)
+{
+  realloc_array(array, size);
+  array->used = size;
+}
+
+unsigned int
+ARR_GetSize(ARR_Instance array)
+{
+  return array->used;
+}

array.h

@@ -0,0 +1,56 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Header file for array functions.
+  */
+
+#ifndef GOT_ARRAY_H
+#define GOT_ARRAY_H
+
+typedef struct ARR_Instance_Record *ARR_Instance;
+
+/* Create a new array with given element size */
+extern ARR_Instance ARR_CreateInstance(unsigned int elem_size);
+
+/* Destroy the array */
+extern void ARR_DestroyInstance(ARR_Instance array);
+
+/* Return pointer to a new element added to the end of the array */
+extern void *ARR_GetNewElement(ARR_Instance array);
+
+/* Return element with given index */
+extern void *ARR_GetElement(ARR_Instance array, unsigned int index);
+
+/* Return pointer to the internal array of elements */
+extern void *ARR_GetElements(ARR_Instance array);
+
+/* Add a new element to the end of the array */
+extern void ARR_AppendElement(ARR_Instance array, void *element);
+
+/* Set the size of the array */
+extern void ARR_SetSize(ARR_Instance array, unsigned int size);
+
+/* Return current size of the array */
+extern unsigned int ARR_GetSize(ARR_Instance array);
+
+#endif

broadcast.c

@@ -1,156 +0,0 @@
-/*
-  chronyd/chronyc - Programs for keeping computer clocks accurate.
-
- **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- * 
- **********************************************************************
-
-  =======================================================================
-
-  Deal with broadcast server functions.
-  */
-
-#include "config.h"
-
-#include "sysincl.h"
-#include "memory.h"
-
-#include "addressing.h"
-#include "broadcast.h"
-#include "sched.h"
-#include "ntp.h"
-#include "local.h"
-#include "reference.h"
-#include "util.h"
-#include "ntp_io.h"
-
-typedef struct {
-  NTP_Remote_Address addr;
-  int interval;
-} Destination;
-static Destination *destinations = 0;
-static int n_destinations = 0;
-static int max_destinations = 0;
-
-void
-BRD_Initialise(void)
-{
-}
-
-/* ================================================== */
-
-void
-BRD_Finalise(void)
-{
-}
-
-/* ================================================== */
-/* This is a cut-down version of what transmit_packet in ntp_core.c does */
-
-static void
-timeout_handler(void *arbitrary)
-{
-  Destination *d = (Destination *) arbitrary;
-  NTP_Packet message;
-  /* Parameters read from reference module */
-  int version;
-  int leap;
-  int are_we_synchronised, our_stratum;
-  NTP_Leap leap_status;
-  uint32_t our_ref_id, ts_fuzz;
-  struct timeval our_ref_time;
-  double our_root_delay, our_root_dispersion;
-  struct timeval local_transmit;
-
-  version = 3;
-
-  LCL_ReadCookedTime(&local_transmit, NULL);
-  REF_GetReferenceParams(&local_transmit,
-                         &are_we_synchronised, &leap_status,
-                         &our_stratum,
-                         &our_ref_id, &our_ref_time,
-                         &our_root_delay, &our_root_dispersion);
-
-
-  if (are_we_synchronised) {
-    leap = (int) leap_status;
-  } else {
-    leap = LEAP_Unsynchronised;
-  }
-
-  message.lvm = ((leap << 6) &0xc0) | ((version << 3) & 0x38) | (MODE_BROADCAST & 0x07);
-  message.stratum = our_stratum;
-  message.poll = 6; /* FIXME: what should this be? */
-  message.precision = LCL_GetSysPrecisionAsLog();
-
-  /* If we're sending a client mode packet and we aren't synchronized yet, 
-     we might have to set up artificial values for some of these parameters */
-  message.root_delay = UTI_DoubleToInt32(our_root_delay);
-  message.root_dispersion = UTI_DoubleToInt32(our_root_dispersion);
-
-  message.reference_id = htonl((NTP_int32) our_ref_id);
-
-  /* Now fill in timestamps */
-  UTI_TimevalToInt64(&our_ref_time, &message.reference_ts, 0);
-  message.originate_ts.hi = 0UL;
-  message.originate_ts.lo = 0UL;
-  message.receive_ts.hi = 0UL;
-  message.receive_ts.lo = 0UL;
-
-  ts_fuzz = UTI_GetNTPTsFuzz(message.precision);
-  LCL_ReadCookedTime(&local_transmit, NULL);
-  UTI_TimevalToInt64(&local_transmit, &message.transmit_ts, ts_fuzz);
-  NIO_SendNormalPacket(&message, &d->addr);
-
-  /* Requeue timeout.  Don't care if interval drifts gradually, so just do it
-   * at the end. */
-  SCH_AddTimeoutInClass((double) d->interval, 1.0, 0.02,
-                        SCH_NtpBroadcastClass,
-                        timeout_handler, (void *) d);
-
-
-}
-
-/* ================================================== */
-
-void 
-BRD_AddDestination(IPAddr *addr, unsigned short port, int interval)
-{
-  if (max_destinations == n_destinations) {
-    /* Expand array */
-    max_destinations += 8;
-    if (destinations) {
-      destinations = ReallocArray(Destination, max_destinations, destinations);
-    } else {
-      destinations = MallocArray(Destination, max_destinations);
-    }
-  }
-
-  destinations[n_destinations].addr.ip_addr = *addr;
-  destinations[n_destinations].addr.local_ip_addr.family = IPADDR_UNSPEC;
-  destinations[n_destinations].addr.port = port;
-  destinations[n_destinations].interval = interval;
-
-  SCH_AddTimeoutInClass((double) interval, 1.0, 0.0,
-                        SCH_NtpBroadcastClass,
-                        timeout_handler, (void *)(destinations + n_destinations));
-  
-  ++n_destinations;
-
-}
-
-

candm.h

@@ -31,7 +31,6 @@
 
 #include "sysincl.h"
 #include "addressing.h"
-#include "hash.h"
 
 /* This is the default port to use for CANDM, if no alternative is
    defined */
@@ -88,18 +87,24 @@
 #define REQ_MODIFY_MAXDELAYDEVRATIO 47
 #define REQ_RESELECT 48
 #define REQ_RESELECTDISTANCE 49
-#define N_REQUEST_TYPES 50
+#define REQ_MODIFY_MAKESTEP 50
+#define REQ_SMOOTHING 51
+#define REQ_SMOOTHTIME 52
+#define REQ_REFRESH 53
+#define REQ_SERVER_STATS 54
+#define REQ_CLIENT_ACCESSES_BY_INDEX2 55
+#define REQ_LOCAL2 56
+#define REQ_NTP_DATA 57
+#define REQ_ADD_SERVER2 58
+#define REQ_ADD_PEER2 59
+#define N_REQUEST_TYPES 60
 
-/* Special utoken value used to log on with first exchange being the
-   password.  (This time value has long since gone by) */
-#define SPECIAL_UTOKEN 0x10101010
-
-/* Structure used to exchange timevals independent on size of time_t */
+/* Structure used to exchange timespecs independent of time_t size */
 typedef struct {
   uint32_t tv_sec_high;
   uint32_t tv_sec_low;
   uint32_t tv_nsec;
-} Timeval;
+} Timespec;
 
 /* This is used in tv_sec_high for 32-bit timestamps */
 #define TV_NOHIGHSEC 0x7fffffff
@@ -115,6 +120,10 @@ typedef struct {
    pktlength.c, to get the number of bytes that ought to be
    transmitted for each packet type. */
 
+typedef struct {
+  int32_t EOR;
+} REQ_Null;
+
 typedef struct {
   IPAddr mask;
   IPAddr address;
@@ -188,18 +197,26 @@ typedef struct {
 } REQ_Modify_Maxupdateskew;
 
 typedef struct {
-  Timeval ts;
+  int32_t limit;
+  Float threshold;
+  int32_t EOR;
+} REQ_Modify_Makestep;
+
+typedef struct {
+  Timespec ts;
   int32_t EOR;
 } REQ_Logon;
 
 typedef struct {
-  Timeval ts;
+  Timespec ts;
   int32_t EOR;
 } REQ_Settime;
 
 typedef struct {
   int32_t on_off;
   int32_t stratum;
+  Float distance;
+  int32_t orphan;
   int32_t EOR;
 } REQ_Local;
 
@@ -208,19 +225,11 @@ typedef struct {
   int32_t EOR;
 } REQ_Manual;
 
-typedef struct {
-  int32_t EOR;
-} REQ_N_Sources;
-
 typedef struct {
   int32_t index;
   int32_t EOR;
 } REQ_Source_Data;
 
-typedef struct {
-  int32_t EOR;
-} REQ_Rekey;
-
 typedef struct {
   IPAddr ip;
   int32_t subnet_bits;
@@ -238,6 +247,9 @@ typedef struct {
 #define REQ_ADDSRC_IBURST 0x4
 #define REQ_ADDSRC_PREFER 0x8
 #define REQ_ADDSRC_NOSELECT 0x10
+#define REQ_ADDSRC_TRUST 0x20
+#define REQ_ADDSRC_REQUIRE 0x40
+#define REQ_ADDSRC_INTERLEAVED 0x80
 
 typedef struct {
   IPAddr ip_addr;
@@ -245,9 +257,17 @@ typedef struct {
   int32_t minpoll;
   int32_t maxpoll;
   int32_t presend_minpoll;
+  uint32_t min_stratum;
+  uint32_t poll_target;
+  uint32_t version;
+  uint32_t max_sources;
+  int32_t min_samples;
+  int32_t max_samples;
   uint32_t authkey;
   Float max_delay;
   Float max_delay_ratio;
+  Float max_delay_dev_ratio;
+  Float offset;
   uint32_t flags;
   int32_t EOR;
 } REQ_NTP_Source;
@@ -257,10 +277,6 @@ typedef struct {
   int32_t EOR;
 } REQ_Del_Source;
 
-typedef struct {
-  int32_t EOR;
-} REQ_WriteRtc;
-
 typedef struct {
   Float dfreq;
   int32_t EOR;
@@ -272,68 +288,44 @@ typedef struct {
   int32_t EOR;
 } REQ_Doffset;
 
-typedef struct {
-  int32_t EOR;
-} REQ_Tracking;
-
 typedef struct {
   uint32_t index;
   int32_t EOR;
 } REQ_Sourcestats;
 
-typedef struct {
-  int32_t EOR;
-} REQ_RTCReport;
-
-typedef struct {
-  int32_t EOR;
-} REQ_TrimRTC;
-
-typedef struct {
-  int32_t EOR;
-} REQ_CycleLogs;
-
-typedef struct {
-  IPAddr ip;
-  uint32_t bits_specd;
-} REQ_SubnetsAccessed_Subnet;
-
 /* This is based on the response size rather than the
    request size */
 #define MAX_CLIENT_ACCESSES 8
 
 typedef struct {
   uint32_t first_index;
-  uint32_t n_indices;
+  uint32_t n_clients;
   int32_t EOR;
 } REQ_ClientAccessesByIndex;
 
-typedef struct {
-  int32_t EOR;
-} REQ_ManualList;
-
 typedef struct {
   int32_t index;
   int32_t EOR;
 } REQ_ManualDelete;
 
-typedef struct {
-  int32_t EOR;
-} REQ_MakeStep;
-
-typedef struct {
-  int32_t EOR;
-} REQ_Activity;
-
-typedef struct {
-  int32_t EOR;
-} REQ_Reselect;
-
 typedef struct {
   Float distance;
   int32_t EOR;
 } REQ_ReselectDistance;
 
+#define REQ_SMOOTHTIME_RESET 0
+#define REQ_SMOOTHTIME_ACTIVATE 1
+
+typedef struct {
+  int32_t option;
+  int32_t EOR;
+} REQ_SmoothTime;
+
+typedef struct {
+  IPAddr ip_addr;
+  int32_t EOR;
+} REQ_NTPData;
+
 /* ================================================== */
 
 #define PKT_TYPE_CMD_REQUEST 1
@@ -362,7 +354,16 @@ typedef struct {
    subnets accessed and client accesses
 
    Version 6 : added padding to requests to prevent amplification attack,
-   changed maximum number of samples in manual list to 16
+   changed maximum number of samples in manual list to 16, new commands: modify
+   makestep, smoothing, smoothtime
+
+   Support for authentication was removed later in version 6 of the protocol
+   and commands that required authentication are allowed only locally over Unix
+   domain socket.
+
+   Version 6 (no authentication) : changed format of client accesses by index
+   (using new request/reply types), new fields and flags in NTP source request
+   and report, new commands: ntpdata, refresh, serverstats
  */
 
 #define PROTO_VERSION_NUMBER 6
@@ -376,7 +377,7 @@ typedef struct {
 #define PROTO_VERSION_PADDING 6
 
 /* The maximum length of padding in request packet, currently
-   defined by CLIENT_ACCESSES_BY_INDEX and MANUAL_LIST */
+   defined by MANUAL_LIST */
 #define MAX_PADDING_LENGTH 396
 
 /* ================================================== */
@@ -391,10 +392,11 @@ typedef struct {
                              (count up from zero for same sequence
                              number) */
   uint32_t sequence; /* Client's sequence number */
-  uint32_t utoken; /* Unique token per incarnation of daemon */
-  uint32_t token; /* Command token (to prevent replay attack) */
+  uint32_t pad1;
+  uint32_t pad2;
 
   union {
+    REQ_Null null;
     REQ_Online online;
     REQ_Offline offline;
     REQ_Burst burst;
@@ -407,43 +409,30 @@ typedef struct {
     REQ_Modify_Minstratum modify_minstratum;
     REQ_Modify_Polltarget modify_polltarget;
     REQ_Modify_Maxupdateskew modify_maxupdateskew;
+    REQ_Modify_Makestep modify_makestep;
     REQ_Logon logon;
     REQ_Settime settime;
     REQ_Local local;
     REQ_Manual manual;
-    REQ_N_Sources n_sources;
     REQ_Source_Data source_data;
-    REQ_Rekey rekey;
     REQ_Allow_Deny allow_deny;
     REQ_Ac_Check ac_check;
     REQ_NTP_Source ntp_source;
     REQ_Del_Source del_source;
-    REQ_WriteRtc writertc;
     REQ_Dfreq dfreq;
     REQ_Doffset doffset;
-    REQ_Tracking tracking;
     REQ_Sourcestats sourcestats;
-    REQ_RTCReport rtcreport;
-    REQ_TrimRTC trimrtc;
-    REQ_CycleLogs cyclelogs;
     REQ_ClientAccessesByIndex client_accesses_by_index;
-    REQ_ManualList manual_list;
     REQ_ManualDelete manual_delete;
-    REQ_MakeStep make_step;
-    REQ_Activity activity;
-    REQ_Reselect reselect;
     REQ_ReselectDistance reselect_distance;
+    REQ_SmoothTime smoothtime;
+    REQ_NTPData ntp_data;
   } data; /* Command specific parameters */
 
-  /* The following fields only set the maximum size of the packet.
-     There are no holes between them and the actual data. */
-
-  /* Padding used to prevent traffic amplification */
+  /* Padding used to prevent traffic amplification.  It only defines the
+     maximum size of the packet, there is no hole after the data field. */
   uint8_t padding[MAX_PADDING_LENGTH];
 
-  /* Authentication data */
-  uint8_t auth[MAX_HASH_LENGTH];
-
 } CMD_Request;
 
 /* ================================================== */
@@ -468,7 +457,11 @@ typedef struct {
 #define RPY_CLIENT_ACCESSES_BY_INDEX 10
 #define RPY_MANUAL_LIST 11
 #define RPY_ACTIVITY 12
-#define N_REPLY_TYPES 13
+#define RPY_SMOOTHING 13
+#define RPY_SERVER_STATS 14
+#define RPY_CLIENT_ACCESSES_BY_INDEX2 15
+#define RPY_NTP_DATA 16
+#define N_REPLY_TYPES 17
 
 /* Status codes */
 #define STT_SUCCESS 0
@@ -515,10 +508,12 @@ typedef struct {
 
 #define RPY_SD_FLAG_NOSELECT 0x1
 #define RPY_SD_FLAG_PREFER 0x2
+#define RPY_SD_FLAG_TRUST 0x4
+#define RPY_SD_FLAG_REQUIRE 0x8
 
 typedef struct {
   IPAddr ip_addr;
-  uint16_t poll;
+  int16_t poll;
   uint16_t stratum;
   uint16_t state;
   uint16_t mode;
@@ -536,7 +531,7 @@ typedef struct {
   IPAddr ip_addr;
   uint16_t stratum;
   uint16_t leap_status;
-  Timeval ref_time;
+  Timespec ref_time;
   Float current_correction;
   Float last_offset;
   Float rms_offset;
@@ -564,7 +559,7 @@ typedef struct {
 } RPY_Sourcestats;
 
 typedef struct {
-  Timeval ref_time;
+  Timespec ref_time;
   uint16_t n_samples;
   uint16_t n_runs;
   uint32_t span_seconds;
@@ -582,17 +577,14 @@ typedef struct {
 
 typedef struct {
   IPAddr ip;
-  uint32_t bits_specd;
-  uint32_t bitmap[8];
-} RPY_SubnetsAccessed_Subnet;
-
-typedef struct {
-  IPAddr ip;
-  uint32_t client_hits;
-  uint32_t peer_hits;
-  uint32_t cmd_hits_auth;
-  uint32_t cmd_hits_normal;
-  uint32_t cmd_hits_bad;
+  uint32_t ntp_hits;
+  uint32_t cmd_hits;
+  uint32_t ntp_drops;
+  uint32_t cmd_drops;
+  int8_t ntp_interval;
+  int8_t cmd_interval;
+  int8_t ntp_timeout_interval;
+  int8_t pad;
   uint32_t last_ntp_hit_ago;
   uint32_t last_cmd_hit_ago;
 } RPY_ClientAccesses_Client;
@@ -605,10 +597,19 @@ typedef struct {
   int32_t EOR;
 } RPY_ClientAccessesByIndex;
 
+typedef struct {
+  uint32_t ntp_hits;
+  uint32_t cmd_hits;
+  uint32_t ntp_drops;
+  uint32_t cmd_drops;
+  uint32_t log_drops;
+  int32_t EOR;
+} RPY_ServerStats;
+
 #define MAX_MANUAL_LIST_SAMPLES 16
 
 typedef struct {
-  Timeval when;
+  Timespec when;
   Float slewed_offset;
   Float orig_offset;
   Float residual;
@@ -629,6 +630,52 @@ typedef struct {
   int32_t EOR;
 } RPY_Activity;
 
+#define RPY_SMT_FLAG_ACTIVE 0x1
+#define RPY_SMT_FLAG_LEAPONLY 0x2
+
+typedef struct {
+  uint32_t flags;
+  Float offset;
+  Float freq_ppm;
+  Float wander_ppm;
+  Float last_update_ago;
+  Float remaining_time;
+  int32_t EOR;
+} RPY_Smoothing;
+
+#define RPY_NTP_FLAGS_TESTS 0x3ff
+#define RPY_NTP_FLAG_INTERLEAVED 0x4000
+#define RPY_NTP_FLAG_AUTHENTICATED 0x8000
+
+typedef struct {
+  IPAddr remote_addr;
+  IPAddr local_addr;
+  uint16_t remote_port;
+  uint8_t leap;
+  uint8_t version;
+  uint8_t mode;
+  uint8_t stratum;
+  int8_t poll;
+  int8_t precision;
+  Float root_delay;
+  Float root_dispersion;
+  uint32_t ref_id;
+  Timespec ref_time;
+  Float offset;
+  Float peer_delay;
+  Float peer_dispersion;
+  Float response_time;
+  Float jitter_asymmetry;
+  uint16_t flags;
+  uint8_t tx_tss_char;
+  uint8_t rx_tss_char;
+  uint32_t total_tx_count;
+  uint32_t total_rx_count;
+  uint32_t total_valid_count;
+  uint32_t reserved[4];
+  int32_t EOR;
+} RPY_NTPData;
+
 typedef struct {
   uint8_t version;
   uint8_t pkt_type;
@@ -637,13 +684,13 @@ typedef struct {
   uint16_t command; /* Which command is being replied to */
   uint16_t reply; /* Which format of reply this is */
   uint16_t status; /* Status of command processing */
-  uint16_t number; /* Which packet this is in reply sequence */
-  uint16_t total; /* Number of replies to expect in this sequence */
-  uint16_t pad1; /* Get up to 4 byte alignment */
+  uint16_t pad1; /* Padding for compatibility and 4 byte alignment */
+  uint16_t pad2;
+  uint16_t pad3;
   uint32_t sequence; /* Echo of client's sequence number */
-  uint32_t utoken; /* Unique token per incarnation of daemon */
-  uint32_t token; /* New command token (only if command was successfully
-                          authenticated) */
+  uint32_t pad4;
+  uint32_t pad5;
+
   union {
     RPY_Null null;
     RPY_N_Sources n_sources;
@@ -653,14 +700,13 @@ typedef struct {
     RPY_Sourcestats sourcestats;
     RPY_Rtc rtc;
     RPY_ClientAccessesByIndex client_accesses_by_index;
+    RPY_ServerStats server_stats;
     RPY_ManualList manual_list;
     RPY_Activity activity;
+    RPY_Smoothing smoothing;
+    RPY_NTPData ntp_data;
   } data; /* Reply specific parameters */
 
-  /* authentication of the packet, there is no hole after the actual data
-     from the data union, this field only sets the maximum auth size */
-  uint8_t auth[MAX_HASH_LENGTH];
-
 } CMD_Reply;
 
 /* ================================================== */

chrony.1

@@ -1,70 +0,0 @@
-.TH CHRONY 1 "@MAN_DATE@" "chrony @VERSION@" "User's Manual"
-.SH NAME
-chrony \- programs for keeping computer clocks accurate
-
-.SH SYNOPSIS
-\fBchronyc\fR [\fIOPTIONS\fR]
-
-\fBchronyd\fR [\fIOPTIONS\fR]
-
-.SH DESCRIPTION
-\fBchrony\fR is a pair of programs for keeping computer clocks accurate.
-\fIchronyd\fR is a background (daemon) program and \fIchronyc\fR is a
-command-line interface to it. Time reference sources for chronyd can be
-RFC1305 NTP servers, human (via keyboard and \fIchronyc\fR), or the computer's
-real-time clock at boot time (Linux only). chronyd can determine the rate at
-which the computer gains or loses time and compensate for it while no external
-reference is present. Its use of NTP servers can be switched on and off
-(through \fIchronyc\fR) to support computers with dial-up/intermittent access
-to the Internet, and it can also act as an RFC1305-compatible NTP server.
-
-.SH USAGE
-\fIchronyc\fR is a command-line interface program which can be used to
-monitor \fIchronyd\fR's performance and to change various operating
-parameters whilst it is running.
-
-\fIchronyd\fR's main function is to obtain measurements of the true (UTC)
-time from one of several sources, and correct the system clock
-accordingly.  It also works out the rate at which the system clock
-gains or loses time and uses this information to keep it accurate
-between measurements from the reference.
-
-The reference time can be derived from either Network Time Protocol
-(NTP) servers, reference clocks, or wristwatch-and-keyboard (via \fIchronyc\fR).
-The main source of information about the Network Time Protocol is
-\fIhttp://www.ntp.org\fR.
-
-It is designed so that it can work on computers which only have
-intermittent access to reference sources, for example computers which
-use a dial-up account to access the Internet or laptops.  Of course, it
-will work well on computers with permanent connections too.
-
-In addition, on Linux it can monitor the system's real time clock
-performance, so the system can maintain accurate time even across
-reboots.
-
-Typical accuracies available between 2 machines are
-
-On an ethernet LAN : 100-200 microseconds, often much better
-On a V32bis dial-up modem connection : 10's of milliseconds (from one
-session to the next)
-
-With a good reference clock the accuracy can reach one microsecond.
-
-\fIchronyd\fR can also operate as an RFC1305-compatible NTP server and peer.
-
-.SH "SEE ALSO"
-.BR chronyc(1),
-.BR chrony(1)
-
-.I http://chrony.tuxfamily.org/
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part
-of "The Missing Man Pages Project".  Please see
-\fIhttp://www.netmeister.org/misc/m2p2/index.html\fR for details.
-
-The complete chrony documentation is supplied in texinfo format.
-

chrony.conf.5.in

@@ -1,52 +0,0 @@
-.TH chrony.conf 5 "@MAN_DATE@" "chrony @VERSION@" "Configuration Files"
-.SH NAME
-chrony.conf \- chronyd configuration file
-
-.SH SYNOPSIS
-.B @SYSCONFDIR@/chrony.conf
-
-.SH DESCRIPTION
-\fIchrony\fR is a pair of programs for maintaining the accuracy of computer
-clocks. \fIchronyd\fR is a background daemon program that can be started at
-boot time.
-
-Assuming that you have found some servers, you need to set up a
-configuration file to run \fIchrony\fR.  The (compiled-in) default location
-for this file is \fB@SYSCONFDIR@/chrony.conf\fR.  Assuming that your ntp servers
-are called `a.b.c' and `d.e.f', your \fBchrony.conf\fR file could contain
-as a minimum
-
-     server a.b.c
-     server d.e.f
-     server g.h.i
-
-However, you will probably want to include some of the other directives
-described in detail in the documentation supplied with the distribution
-(\fIchrony.txt\fR and \fIchrony.texi\fR). The following directives will be
-particularly useful : `driftfile', `commandkey', `keyfile'.  The smallest
-useful configuration file would look something like
-
-     server a.b.c
-     server d.e.f
-     server g.h.i
-     keyfile @SYSCONFDIR@/chrony.keys
-     commandkey 1
-     driftfile @CHRONYVARDIR@/drift
-
-
-.SH "SEE ALSO"
-.BR chrony(1),
-.BR chronyc(1),
-.BR chronyd(8)
-
-.I http://chrony.tuxfamily.org/
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part of "The Missing
-Man Pages Project".  Please see \fIhttp://www.netmeister.org/misc/m2p2/index.html\fR
-for details.
-
-The complete chrony documentation is supplied in texinfo format.
-

chrony_timex.h

@@ -1,73 +0,0 @@
-/* Taken from /usr/include/linux/timex.h.  Avoids the need to
- * include kernel header files. */
-
-#ifndef CHRONY_TIMEX_H
-#define CHRONY_TIMEX_H
-
-#include <sys/time.h>
-
-struct timex {
-	unsigned int modes;	/* mode selector */
-	long offset;		/* time offset (usec) */
-	long freq;		/* frequency offset (scaled ppm) */
-	long maxerror;		/* maximum error (usec) */
-	long esterror;		/* estimated error (usec) */
-	int status;		/* clock command/status */
-	long constant;		/* pll time constant */
-	long precision;		/* clock precision (usec) (read only) */
-	long tolerance;		/* clock frequency tolerance (ppm)
-				 * (read only)
-				 */
-	struct timeval time;	/* (read only) */
-	long tick;		/* (modified) usecs between clock ticks */
-
-	long ppsfreq;           /* pps frequency (scaled ppm) (ro) */
-	long jitter;            /* pps jitter (us) (ro) */
-	int shift;              /* interval duration (s) (shift) (ro) */
-	long stabil;            /* pps stability (scaled ppm) (ro) */
-	long jitcnt;            /* jitter limit exceeded (ro) */
-	long calcnt;            /* calibration intervals (ro) */
-	long errcnt;            /* calibration errors (ro) */
-	long stbcnt;            /* stability limit exceeded (ro) */
-
-	int  :32; int  :32; int  :32; int  :32;
-	int  :32; int  :32; int  :32; int  :32;
-	int  :32; int  :32; int  :32; int  :32;
-};
-
-#define ADJ_OFFSET		0x0001  /* time offset */
-#define ADJ_FREQUENCY		0x0002	/* frequency offset */
-#define ADJ_MAXERROR		0x0004	/* maximum time error */
-#define ADJ_STATUS		0x0010	/* clock status */
-#define ADJ_TIMECONST		0x0020  /* pll time constant */
-#define ADJ_SETOFFSET		0x0100  /* add 'time' to current time */
-#define ADJ_NANO		0x2000  /* select nanosecond resolution */
-#define ADJ_TICK		0x4000	/* tick value */
-#define ADJ_OFFSET_SINGLESHOT	0x8001	/* old-fashioned adjtime */
-#define ADJ_OFFSET_SS_READ	0xa001  /* read-only adjtime */
-
-#define SHIFT_USEC 16		/* frequency offset scale (shift) */
-
-#define STA_PLL		0x0001	/* enable PLL updates (rw) */
-#define STA_PPSFREQ	0x0002	/* enable PPS freq discipline (rw) */
-#define STA_PPSTIME	0x0004	/* enable PPS time discipline (rw) */
-#define STA_FLL		0x0008	/* select frequency-lock mode (rw) */
-
-#define STA_INS		0x0010	/* insert leap (rw) */
-#define STA_DEL		0x0020	/* delete leap (rw) */
-#define STA_UNSYNC	0x0040	/* clock unsynchronized (rw) */
-#define STA_FREQHOLD	0x0080	/* hold frequency (rw) */
-
-#define STA_PPSSIGNAL	0x0100	/* PPS signal present (ro) */
-#define STA_PPSJITTER	0x0200	/* PPS signal jitter exceeded (ro) */
-#define STA_PPSWANDER	0x0400	/* PPS signal wander exceeded (ro) */
-#define STA_PPSERROR	0x0800	/* PPS signal calibration error (ro) */
-
-#define STA_CLOCKERR	0x1000	/* clock hardware fault (ro) */
-#define STA_NANO	0x2000  /* resolution (0 = us, 1 = ns) (ro) */
-
-/* This doesn't seem to be in any include files !! */
-
-extern int adjtimex(struct timex *);
-
-#endif /* CHRONY_TIMEX_H */

chronyc.1.in

@@ -1,75 +0,0 @@
-.TH CHRONYC 1 "@MAN_DATE@" "chrony @VERSION@" "User's Manual"
-.SH NAME
-chronyc \- command-line interface for chronyd
-
-.SH SYNOPSIS
-.B chronyc
-[\fIOPTIONS\fR]
-
-.SH DESCRIPTION
-\fIchrony\fR is a pair of programs for maintaining the accuracy of computer
-clocks.
-
-\fBchronyc\fR is a command-line interface program which can be used to
-monitor \fIchronyd\fR's performance and to change various operating
-parameters whilst it is running.
-
-.SH USAGE
-A detailed description of all commands supported by \fBchronyc\fR is available
-via the documentation supplied with the distribution (\fIchrony.txt\fR and
-\fIchrony.texi\fR).
-
-.SH OPTIONS
-A summary of the options supported by \fBchronyc\fR is included below.
-
-.TP
-\fB\-h\fR \fIhostname\fR
-specify hostname
-.TP
-\fB\-p\fR \fIport-number\fR
-specify port-number
-.TP
-\fB\-n\fR
-display raw IP addresses (don't attempt to look up hostnames)
-.TP
-\fB\-4\fR
-resolve hostnames only to IPv4 addresses
-.TP
-\fB\-6\fR
-resolve hostnames only to IPv6 addresses
-.TP
-\fB\-m\fR
-allow multiple commands to be specified on the command line.  Each argument
-will be interpreted as a whole command.
-.TP
-\fB\-f\fR \fIconf-file\fR
-This option can be used to specify an alternate location for the
-configuration file (default \fI@SYSCONFDIR@/chrony.conf\fR). The configuration file is
-needed for the \fB-a\fR option.
-.TP
-\fB\-a\fR
-With this option chronyc will try to authenticate automatically on
-start. It will read the configuration file, read the command key from the
-keyfile and run the authhash and password commands.
-.TP
-\fIcommand\fR
-specify command.  If no command is given, chronyc will read commands
-interactively.
-
-.SH BUGS
-To report bugs, please visit \fIhttp://chrony.tuxfamily.org\fR
-
-.SH "SEE ALSO"
-.BR chronyd(8),
-.BR chrony(1)
-
-.I http://chrony.tuxfamily.org/
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part of "The Missing
-Man Pages Project".  Please see \fIhttp://www.netmeister.org/misc/m2p2/index.html\fR
-for details.
-
-The complete chrony documentation is supplied in texinfo format.

chronyd.8.in

@@ -1,139 +0,0 @@
-.TH CHRONYD 8 "@MAN_DATE@" "chrony @VERSION@" "System Administration"
-.SH NAME
-chronyd \- chrony background daemon
-
-.SH SYNOPSIS
-.B chronyd
-[\fIOPTIONS\fR]
-
-.SH DESCRIPTION
-\fIchrony\fR is a pair of programs for maintaining the accuracy of computer
-clocks. \fBchronyd\fR is a background daemon program that can be started at boot
-time.
-
-\fBchronyd\fR is a daemon which runs in background on the
-system.  It obtains measurements (e.g. via the network) of the
-system's offset relative to other systems, and adjusts the system
-time accordingly.  For isolated systems, the user can periodically
-enter the correct time by hand (using \fIchronyc\fR).  In either case,
-\fBchronyd\fR determines the rate at which the computer
-gains or loses time, and compensates for this.
-
-.SH USAGE
-\fBchronyd\fR is usually started at boot-time and requires superuser
-privileges.
-
-If \fBchronyd\fR has been installed to its default location
-\fI@SBINDIR@/chronyd\fR, starting it is simply a matter of entering the
-command:
-
-\fI@SBINDIR@/chronyd\fR
-
-Information messages and warnings will be logged to syslog.
-
-
-.SH OPTIONS
-A summary of the options supported by \fBchronyd\fR is included below.
-
-.TP
-\fB\-P\fR \fIpriority\fR
-This option will select the SCHED_FIFO real-time scheduler at the specified
-priority (which must be between 0 and 100).  This mode is supported only on
-Linux.
-.TP
-.B \-m
-This option will lock chronyd into RAM so that it will never be paged out.
-This mode is only supported on Linux.
-.TP
-.B \-n
-When run in this mode, the program will not detach itself from the
-terminal.
-.TP
-.B \-d
-When run in this mode, the program will not detach itself from the
-terminal, and all messages will be sent to the terminal instead of
-to syslog.
-.TP
-\fB\-f\fR \fIconf-file\fR
-This option can be used to specify an alternate location for the
-configuration file (default \fI@SYSCONFDIR@/chrony.conf\fR).
-.TP
-.B \-r
-This option will reload sample histories for each of the servers being used.
-These histories are created by using the \fIdump\fR command in \fIchronyc\fR,
-or by setting the \fIdumponexit\fR directive in the configuration file.  This
-option is useful if you want to stop and restart \fBchronyd\fR briefly for any
-reason, e.g. to install a new version.  However, it only makes sense on
-systems where the kernel can maintain clock compensation whilst not under
-\fBchronyd\fR's control.  The only version where this happens so far is Linux.
-On systems where this is not the case, e.g. Solaris and SunOS the option
-should not be used.
-.TP
-.B \-R
-When this option is used, the \fIinitstepslew\fR directive and the
-\fImakestep\fR directive used with a positive limit will be ignored. This
-option is useful when restarting \fBchronyd\fR and can be used in conjuction
-with the \fB-r\fR option.
-.TP
-.B \-s
-This option will set the system clock from the computer's real-time
-clock.  This is analogous to supplying the \fI-s\fR flag to the
-\fI/sbin/clock\fR program during the Linux boot sequence.
-
-Support for real-time clocks is limited at present - the criteria
-are described in the section on the \fIrtcfile\fR directive in the
-documentation supplied with the distribution.
-
-If \fBchronyd\fR cannot support the real time clock on your computer,
-this option cannot be used and a warning message will be logged to
-the syslog.
-
-If used in conjunction with the \fB-r\fR flag, \fBchronyd\fR will attempt
-to preserve the old samples after setting the system clock from
-the real time clock.  This can be used to allow \fBchronyd\fR to
-perform long term averaging of the gain or loss rate across system
-reboots, and is useful for dial-up systems that are shut down when
-not in use.  For this to work well, it relies on \fBchronyd\fR having
-been able to determine accurate statistics for the difference
-between the real time clock and system clock last time the
-computer was on.
-.TP
-\fB\-u\fR \fIuser\fR
-When this option is used, chronyd will drop root privileges to the specified
-user.  So far, it works only on Linux when compiled with capabilities support.
-.TP
-.B \-v
-This option displays \fBchronyd\fR's version number to the terminal and exits
-.TP
-.B \-4
-Resolve hostnames only to IPv4 addresses and create only IPv4 sockets.
-.TP
-.B \-6
-Resolve hostnames only to IPv6 addresses and create only IPv6 sockets.
-
-.SH FILES
-\fI@SYSCONFDIR@/chrony.conf\fR
-
-.SH BUGS
-To report bugs, please visit \fIhttp://chrony.tuxfamily.org/\fR
-
-.SH "SEE ALSO"
-\fBchronyd\fR is documented in detail in the documentation supplied with the
-distribution (\fIchrony.txt\fR and \fIchrony.texi\fR) and is also available
-from \fIhttp://go.to/chrony\fR
-
-.BR chrony(1),
-.BR chronyc(1),
-.BR chrony.conf(5),
-.BR hwclock(8),
-.BR ntpd(8)
-
-.SH AUTHOR
-Richard Curnow <rc@rc0.org.uk>
-
-This man-page was written by Jan Schaumann <jschauma@netmeister.org> as part
-of "The Missing Man Pages Project".  Please see
-\fIhttp://www.netmeister.org/misc/m2p2/index.html\fR for details.
-
-The complete chrony documentation is supplied in texinfo format.
-

clientlog.h

@@ -31,55 +31,19 @@
 #include "sysincl.h"
 #include "reports.h"
 
-/* Enough to hold flags for 256 hosts in a class C */
-typedef uint32_t CLG_Bitmap[8];
-
 extern void CLG_Initialise(void);
 extern void CLG_Finalise(void);
-extern void CLG_LogNTPClientAccess(IPAddr *client, time_t now);
-extern void CLG_LogNTPPeerAccess(IPAddr *client, time_t now);
-
-/* When logging command packets, there are several subtypes */
-
-typedef enum {
-  CLG_CMD_AUTH,                 /* authenticated */
-  CLG_CMD_NORMAL,               /* normal */
-  CLG_CMD_BAD_PKT               /* bad version or packet length */
-} CLG_Command_Type;
-
-extern void CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now);
+extern int CLG_GetClientIndex(IPAddr *client);
+extern int CLG_LogNTPAccess(IPAddr *client, struct timespec *now);
+extern int CLG_LogCommandAccess(IPAddr *client, struct timespec *now);
+extern int CLG_LimitNTPResponseRate(int index);
+extern int CLG_LimitCommandResponseRate(int index);
+extern void CLG_GetNtpTimestamps(int index, NTP_int64 **rx_ts, NTP_int64 **tx_ts);
 
 /* And some reporting functions, for use by chronyc. */
-/* TBD */
-
-typedef enum {
-  CLG_SUCCESS,                  /* All is well */
-  CLG_EMPTYSUBNET,              /* No hosts logged in requested subnet */
-  CLG_BADSUBNET,                /* Subnet requested is not 0, 8, 16 or 24 bits */
-  CLG_INACTIVE,                 /* Facility not active */
-  CLG_INDEXTOOLARGE             /* Node index is higher than number of nodes present */
-} CLG_Status;
-
-/* For bits=0, 8, 16, flag which immediate subnets of that subnet are
-   known.  For bits=24, flag which hosts in that subnet are known.
-   Other values, return 0 (failed) */
-
-extern CLG_Status CLG_GetSubnetBitmap(IPAddr *subnet, int bits, CLG_Bitmap result);
-
-extern CLG_Status
-CLG_GetClientAccessReportByIP(IPAddr *ip, RPT_ClientAccess_Report *report, time_t now);
-
-CLG_Status
-CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *report,
-                                 time_t now, unsigned long *n_indices);
-
-/* And an iterating function, to call 'fn' for each client or peer
-   that has accessed us since 'since'. */
-
-extern void CLG_IterateNTPClients
-(void (*fn)(IPAddr *client, void *arb),
- void *arb,
- time_t since);
 
+extern int CLG_GetNumberOfIndices(void);
+extern int CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *report, struct timespec *now);
+extern void CLG_GetServerStatsReport(RPT_ServerStatsReport *report);
 
 #endif /* GOT_CLIENTLOG_H */

cmdmon.h

@@ -33,6 +33,7 @@ extern void CAM_Initialise(int family);
 
 extern void CAM_Finalise(void);
 
+extern void CAM_OpenUnixSocket(void);
 extern int CAM_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all);
 extern int CAM_CheckAccessRestriction(IPAddr *ip_addr);
 

cmdparse.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2013
+ * Copyright (C) Miroslav Lichvar  2013-2014, 2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -34,163 +34,156 @@
 #include "cmdparse.h"
 #include "memory.h"
 #include "nameserv.h"
+#include "ntp.h"
 #include "util.h"
 
 /* ================================================== */
 
-CPS_Status
+int
 CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src)
 {
   char *hostname, *cmd;
-  int ok, n, done;
-  CPS_Status result;
+  int n;
   
   src->port = SRC_DEFAULT_PORT;
   src->params.minpoll = SRC_DEFAULT_MINPOLL;
   src->params.maxpoll = SRC_DEFAULT_MAXPOLL;
+  src->params.online = 1;
+  src->params.auto_offline = 0;
   src->params.presend_minpoll = SRC_DEFAULT_PRESEND_MINPOLL;
+  src->params.iburst = 0;
+  src->params.min_stratum = SRC_DEFAULT_MINSTRATUM;
+  src->params.poll_target = SRC_DEFAULT_POLLTARGET;
+  src->params.version = 0;
+  src->params.max_sources = SRC_DEFAULT_MAXSOURCES;
+  src->params.min_samples = SRC_DEFAULT_MINSAMPLES;
+  src->params.max_samples = SRC_DEFAULT_MAXSAMPLES;
+  src->params.interleaved = 0;
+  src->params.sel_options = 0;
   src->params.authkey = INACTIVE_AUTHKEY;
   src->params.max_delay = SRC_DEFAULT_MAXDELAY;
   src->params.max_delay_ratio = SRC_DEFAULT_MAXDELAYRATIO;
   src->params.max_delay_dev_ratio = SRC_DEFAULT_MAXDELAYDEVRATIO;
-  src->params.online = 1;
-  src->params.auto_offline = 0;
-  src->params.iburst = 0;
-  src->params.min_stratum = SRC_DEFAULT_MINSTRATUM;
-  src->params.poll_target = SRC_DEFAULT_POLLTARGET;
-  src->params.sel_option = SRC_SelectNormal;
+  src->params.offset = 0.0;
 
-  result = CPS_Success;
-  
   hostname = line;
   line = CPS_SplitWord(line);
 
-  if (!*hostname) {
-    result = CPS_BadHost;
-    ok = 0;
-  } else {
-    /* Parse subfields */
-    ok = 1;
-    done = 0;
-    do {
-      cmd = line;
-      line = CPS_SplitWord(line);
+  if (!*hostname)
+    return 0;
 
-      if (*cmd) {
-        if (!strcasecmp(cmd, "port")) {
-          if (sscanf(line, "%hu%n", &src->port, &n) != 1) {
-            result = CPS_BadPort;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "minpoll")) {
-          if (sscanf(line, "%d%n", &src->params.minpoll, &n) != 1) {
-            result = CPS_BadMinpoll;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxpoll")) {
-          if (sscanf(line, "%d%n", &src->params.maxpoll, &n) != 1) {
-            result = CPS_BadMaxpoll;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "presend")) {
-          if (sscanf(line, "%d%n", &src->params.presend_minpoll, &n) != 1) {
-            result = CPS_BadPresend;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxdelaydevratio")) {
-          if (sscanf(line, "%lf%n", &src->params.max_delay_dev_ratio, &n) != 1) {
-            result = CPS_BadMaxdelaydevratio;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxdelayratio")) {
-          if (sscanf(line, "%lf%n", &src->params.max_delay_ratio, &n) != 1) {
-            result = CPS_BadMaxdelayratio;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "maxdelay")) {
-          if (sscanf(line, "%lf%n", &src->params.max_delay, &n) != 1) {
-            result = CPS_BadMaxdelay;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "key")) {
-          if (sscanf(line, "%lu%n", &src->params.authkey, &n) != 1) {
-            result = CPS_BadKey;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-        } else if (!strcasecmp(cmd, "offline")) {
-          src->params.online = 0;
+  src->name = hostname;
 
-        } else if (!strcasecmp(cmd, "auto_offline")) {
-          src->params.auto_offline = 1;
-        
-        } else if (!strcasecmp(cmd, "iburst")) {
-          src->params.iburst = 1;
+  /* Parse options */
+  for (; *line; line += n) {
+    cmd = line;
+    line = CPS_SplitWord(line);
+    n = 0;
 
-        } else if (!strcasecmp(cmd, "minstratum")) {
-          if (sscanf(line, "%d%n", &src->params.min_stratum, &n) != 1) {
-            result = CPS_BadMinstratum;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-
-        } else if (!strcasecmp(cmd, "polltarget")) {
-          if (sscanf(line, "%d%n", &src->params.poll_target, &n) != 1) {
-            result = CPS_BadPolltarget;
-            ok = 0;
-            done = 1;
-          } else {
-            line += n;
-          }
-
-        } else if (!strcasecmp(cmd, "noselect")) {
-          src->params.sel_option = SRC_SelectNoselect;
-        
-        } else if (!strcasecmp(cmd, "prefer")) {
-          src->params.sel_option = SRC_SelectPrefer;
-        
-        } else {
-          result = CPS_BadOption;
-          ok = 0;
-          done = 1;
-        }
-      } else {
-        done = 1;
-      }
-    } while (!done);
+    if (!strcasecmp(cmd, "auto_offline")) {
+      src->params.auto_offline = 1;
+    } else if (!strcasecmp(cmd, "iburst")) {
+      src->params.iburst = 1;
+    } else if (!strcasecmp(cmd, "offline")) {
+      src->params.online = 0;
+    } else if (!strcasecmp(cmd, "noselect")) {
+      src->params.sel_options |= SRC_SELECT_NOSELECT;
+    } else if (!strcasecmp(cmd, "prefer")) {
+      src->params.sel_options |= SRC_SELECT_PREFER;
+    } else if (!strcasecmp(cmd, "require")) {
+      src->params.sel_options |= SRC_SELECT_REQUIRE;
+    } else if (!strcasecmp(cmd, "trust")) {
+      src->params.sel_options |= SRC_SELECT_TRUST;
+    } else if (!strcasecmp(cmd, "key")) {
+      if (sscanf(line, "%"SCNu32"%n", &src->params.authkey, &n) != 1 ||
+          src->params.authkey == INACTIVE_AUTHKEY)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxdelay")) {
+      if (sscanf(line, "%lf%n", &src->params.max_delay, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxdelayratio")) {
+      if (sscanf(line, "%lf%n", &src->params.max_delay_ratio, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxdelaydevratio")) {
+      if (sscanf(line, "%lf%n", &src->params.max_delay_dev_ratio, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxpoll")) {
+      if (sscanf(line, "%d%n", &src->params.maxpoll, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxsamples")) {
+      if (sscanf(line, "%d%n", &src->params.max_samples, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "maxsources")) {
+      if (sscanf(line, "%d%n", &src->params.max_sources, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "minpoll")) {
+      if (sscanf(line, "%d%n", &src->params.minpoll, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "minsamples")) {
+      if (sscanf(line, "%d%n", &src->params.min_samples, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "minstratum")) {
+      if (sscanf(line, "%d%n", &src->params.min_stratum, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "offset")) {
+      if (sscanf(line, "%lf%n", &src->params.offset, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "port")) {
+      if (sscanf(line, "%hu%n", &src->port, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "polltarget")) {
+      if (sscanf(line, "%d%n", &src->params.poll_target, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "presend")) {
+      if (sscanf(line, "%d%n", &src->params.presend_minpoll, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "version")) {
+      if (sscanf(line, "%d%n", &src->params.version, &n) != 1)
+        return 0;
+    } else if (!strcasecmp(cmd, "xleave")) {
+      src->params.interleaved = 1;
+    } else {
+      return 0;
+    }
   }
 
-  if (ok) {
-    src->name = strdup(hostname);
+  return 1;
+}
+
+/* ================================================== */
+
+int
+CPS_ParseLocal(char *line, int *stratum, int *orphan, double *distance)
+{
+  int n;
+  char *cmd;
+
+  *stratum = 10;
+  *distance = 1.0;
+  *orphan = 0;
+
+  while (*line) {
+    cmd = line;
+    line = CPS_SplitWord(line);
+
+    if (!strcasecmp(cmd, "stratum")) {
+      if (sscanf(line, "%d%n", stratum, &n) != 1 ||
+          *stratum >= NTP_MAX_STRATUM || *stratum <= 0)
+        return 0;
+    } else if (!strcasecmp(cmd, "orphan")) {
+      *orphan = 1;
+      n = 0;
+    } else if (!strcasecmp(cmd, "distance")) {
+      if (sscanf(line, "%lf%n", distance, &n) != 1)
+        return 0;
+    } else {
+      return 0;
+    }
+
+    line += n;
   }
 
-  return result;
-    
+  return 1;
 }
 
 /* ================================================== */
@@ -203,7 +196,7 @@ CPS_NormalizeLine(char *line)
 
   /* Remove white-space at beginning and replace white-spaces with space char */
   for (p = q = line; *p; p++) {
-    if (isspace(*p)) {
+    if (isspace((unsigned char)*p)) {
       if (!space)
         *q++ = ' ';
       space = 1;
@@ -233,15 +226,15 @@ CPS_SplitWord(char *line)
   char *p = line, *q = line;
 
   /* Skip white-space before the word */
-  while (*q && isspace(*q))
+  while (*q && isspace((unsigned char)*q))
     q++;
 
   /* Move the word to the beginning */
-  while (*q && !isspace(*q))
+  while (*q && !isspace((unsigned char)*q))
     *p++ = *q++;
 
   /* Find the next word */
-  while (*q && isspace(*q))
+  while (*q && isspace((unsigned char)*q))
     q++;
 
   *p = '\0';
@@ -253,7 +246,7 @@ CPS_SplitWord(char *line)
 /* ================================================== */
 
 int
-CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key)
+CPS_ParseKey(char *line, uint32_t *id, const char **hash, char **key)
 {
   char *s1, *s2, *s3, *s4;
 
@@ -266,7 +259,7 @@ CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key)
   if (!*s2 || *s4)
     return 0;
 
-  if (sscanf(s1, "%lu", id) != 1)
+  if (sscanf(s1, "%"SCNu32, id) != 1)
     return 0;
 
   if (*s3) {

cmdparse.h

@@ -30,22 +30,6 @@
 #include "srcparams.h"
 #include "addressing.h"
 
-typedef enum {
-  CPS_Success,
-  CPS_BadOption,
-  CPS_BadHost,
-  CPS_BadPort,
-  CPS_BadMinpoll,
-  CPS_BadMaxpoll,
-  CPS_BadPresend,
-  CPS_BadMaxdelaydevratio,
-  CPS_BadMaxdelayratio,
-  CPS_BadMaxdelay,
-  CPS_BadKey,
-  CPS_BadMinstratum,
-  CPS_BadPolltarget
-} CPS_Status;
-
 typedef struct {
   char *name;
   unsigned short port;
@@ -53,8 +37,11 @@ typedef struct {
 } CPS_NTP_Source;
 
 /* Parse a command to add an NTP server or peer */
-extern CPS_Status CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src);
+extern int CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src);
   
+/* Parse a command to enable local reference */
+extern int CPS_ParseLocal(char *line, int *stratum, int *orphan, double *distance);
+
 /* Remove extra white-space and comments */
 extern void CPS_NormalizeLine(char *line);
 
@@ -62,6 +49,6 @@ extern void CPS_NormalizeLine(char *line);
 extern char *CPS_SplitWord(char *line);
 
 /* Parse a key from keyfile */
-extern int CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key);
+extern int CPS_ParseKey(char *line, uint32_t *id, const char **hash, char **key);
 
 #endif /* GOT_CMDPARSE_H */

conf.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
+ * Copyright (C) Miroslav Lichvar  2013-2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -28,21 +29,25 @@
 #define GOT_CONF_H
 
 #include "addressing.h"
+#include "reference.h"
 
-extern void CNF_SetRestarted(int);
+extern void CNF_Initialise(int restarted);
+extern void CNF_Finalise(void);
 
 extern char *CNF_GetRtcDevice(void);
 
 extern void CNF_ReadFile(const char *filename);
+extern void CNF_ParseLine(const char *filename, int number, char *line);
 
+extern void CNF_CreateDirs(uid_t uid, gid_t gid);
+
+extern void CNF_AddInitSources(void);
 extern void CNF_AddSources(void);
 extern void CNF_AddBroadcasts(void);
 extern void CNF_AddRefclocks(void);
 
-extern void CNF_ProcessInitStepSlew(void (*after_hook)(void *), void *anything);
-
-extern unsigned short CNF_GetAcquisitionPort(void);
-extern unsigned short CNF_GetNTPPort(void);
+extern int CNF_GetAcquisitionPort(void);
+extern int CNF_GetNTPPort(void);
 extern char *CNF_GetDriftFile(void);
 extern char *CNF_GetLogDir(void);
 extern char *CNF_GetDumpDir(void);
@@ -55,48 +60,65 @@ extern int CNF_GetLogRefclocks(void);
 extern int CNF_GetLogTempComp(void);
 extern char *CNF_GetKeysFile(void);
 extern char *CNF_GetRtcFile(void);
-extern unsigned long CNF_GetCommandKey(void);
-extern int CNF_GetGenerateCommandKey(void);
 extern int CNF_GetDumpOnExit(void);
 extern int CNF_GetManualEnabled(void);
 extern int CNF_GetCommandPort(void);
-extern int CNF_GetRTCOnUTC(void);
-extern int CNF_GetRTCSync(void);
+extern int CNF_GetRtcOnUtc(void);
+extern int CNF_GetRtcSync(void);
 extern void CNF_GetMakeStep(int *limit, double *threshold);
 extern void CNF_GetMaxChange(int *delay, int *ignore, double *offset);
-extern void CNF_GetLogChange(int *enabled, double *threshold);
+extern double CNF_GetLogChange(void);
 extern void CNF_GetMailOnChange(int *enabled, double *threshold, char **user);
 extern int CNF_GetNoClientLog(void);
 extern unsigned long CNF_GetClientLogLimit(void);
 extern void CNF_GetFallbackDrifts(int *min, int *max);
 extern void CNF_GetBindAddress(int family, IPAddr *addr);
+extern void CNF_GetBindAcquisitionAddress(int family, IPAddr *addr);
 extern void CNF_GetBindCommandAddress(int family, IPAddr *addr);
+extern char *CNF_GetBindCommandPath(void);
+extern char *CNF_GetNtpSigndSocket(void);
 extern char *CNF_GetPidFile(void);
+extern REF_LeapMode CNF_GetLeapSecMode(void);
 extern char *CNF_GetLeapSecTimezone(void);
-extern void CNF_GetLinuxHz(int *set, int *hz);
-extern void CNF_GetLinuxFreqScale(int *set, double *freq_scale);
 
 /* Value returned in ppm, as read from file */
 extern double CNF_GetMaxUpdateSkew(void);
 extern double CNF_GetMaxClockError(void);
+extern double CNF_GetMaxDrift(void);
 extern double CNF_GetCorrectionTimeRatio(void);
+extern double CNF_GetMaxSlewRate(void);
 
+extern double CNF_GetMaxDistance(void);
+extern double CNF_GetMaxJitter(void);
 extern double CNF_GetReselectDistance(void);
 extern double CNF_GetStratumWeight(void);
 extern double CNF_GetCombineLimit(void);
 
-extern int CNF_AllowLocalReference(int *stratum);
+extern int CNF_AllowLocalReference(int *stratum, int *orphan, double *distance);
 
 extern void CNF_SetupAccessRestrictions(void);
 
 extern int CNF_GetSchedPriority(void);
 extern int CNF_GetLockMemory(void);
 
-extern void CNF_GetTempComp(char **file, double *interval, double *T0, double *k0, double *k1, double *k2);
+extern int CNF_GetNTPRateLimit(int *interval, int *burst, int *leak);
+extern int CNF_GetCommandRateLimit(int *interval, int *burst, int *leak);
+extern void CNF_GetSmooth(double *max_freq, double *max_wander, int *leap_only);
+extern void CNF_GetTempComp(char **file, double *interval, char **point_file, double *T0, double *k0, double *k1, double *k2);
 
 extern char *CNF_GetUser(void);
 
 extern int CNF_GetMaxSamples(void);
 extern int CNF_GetMinSamples(void);
 
+extern int CNF_GetMinSources(void);
+
+extern double CNF_GetRtcAutotrim(void);
+extern char *CNF_GetHwclockFile(void);
+
+extern int CNF_GetInitSources(void);
+extern double CNF_GetInitStepThreshold(void);
+
+extern int CNF_GetHwTsInterface(unsigned int index, char **name, double *tx_comp, double *rx_comp);
+
 #endif /* GOT_CONF_H */

configure

@@ -4,34 +4,12 @@
 # chronyd/chronyc - Programs for keeping computer clocks accurate.
 #
 # Copyright (C) Richard P. Curnow  1997-2003
-# Copyright (C) Miroslav Lichvar  2009, 2012
+# Copyright (C) Miroslav Lichvar  2009, 2012-2015
 #
 # =======================================================================
 
-rm -f config.h config.log
-
 # This configure script determines the operating system type and version
 
-if [ "x${CC}" = "x" ]; then
-  MYCC="gcc"
-else
-  MYCC="${CC}"
-fi
-
-if [ "x${CFLAGS}" = "x" ]; then
-  MYCFLAGS="-O2 -g"
-else
-  MYCFLAGS="${CFLAGS}"
-fi
-
-MYCPPFLAGS="${CPPFLAGS}"
-
-if [ "x${MYCC}" = "xgcc" ]; then
-  MYCFLAGS="${MYCFLAGS} -Wmissing-prototypes -Wall"
-fi
-
-MYLDFLAGS="${LDFLAGS}"
-
 # ======================================================================
 # FUNCTIONS
 
@@ -43,9 +21,10 @@ test_code () {
   ldflags=$4
   code=$5
 
-  echo -n "Checking for $name : "
+  printf "%s" "Checking for $name : "
 
   (
+    echo "#include \"config.h\""
     for h in $headers; do
       echo "#include <$h>"
     done
@@ -101,29 +80,46 @@ For better control, use the options below.
   --disable-readline     Disable line editing support
   --without-readline     Don't use GNU readline even if it is available
   --without-editline     Don't use editline even if it is available
-  --readline-dir=DIR     Specify parent of readline include and lib directories
-  --readline-inc-dir=DIR Specify where readline include directory is
-  --readline-lib-dir=DIR Specify where readline lib directory is
+  --with-readline-includes=DIR Specify where readline include directory is
+  --with-readline-library=DIR Specify where readline lib directory is
   --with-ncurses-library=DIR Specify where ncurses lib directory is
+  --disable-sechash      Disable support for hashes other than MD5
   --without-nss          Don't use NSS even if it is available
   --without-tomcrypt     Don't use libtomcrypt even if it is available
+  --disable-cmdmon       Disable command and monitoring support
+  --disable-ntp          Disable NTP support
+  --disable-refclock     Disable reference clock support
+  --disable-phc          Disable PHC refclock driver
+  --disable-pps          Disable PPS refclock driver
   --disable-ipv6         Disable IPv6 support
-  --disable-pps          Disable PPS API support
   --disable-rtc          Don't include RTC even on Linux
-  --disable-linuxcaps    Disable Linux capabilities support
+  --disable-privdrop     Disable support for dropping root privileges
+  --without-libcap       Don't use libcap even if it is available
+  --enable-scfilter      Enable support for system call filtering
+  --without-seccomp      Don't use seccomp even if it is available
+  --disable-asyncdns     Disable asynchronous name resolving
   --disable-forcednsretry Don't retry on permanent DNS error
+  --without-clock-gettime Don't use clock_gettime() even if it is available
+  --disable-timestamping Disable support for SW/HW timestamping
+  --enable-ntp-signd     Enable support for MS-SNTP authentication in Samba
+  --with-ntp-era=SECONDS Specify earliest assumed NTP time in seconds
+                         since 1970-01-01 [50*365 days ago]
+  --with-user=USER       Specify default chronyd user [root]
+  --with-hwclockfile=PATH Specify default path to hwclock(8) adjtime file
+  --with-pidfile=PATH    Specify default pidfile [/var/run/chronyd.pid]
+  --with-rtcdevice=PATH  Specify default path to RTC device [/dev/rtc]
   --with-sendmail=PATH   Path to sendmail binary [/usr/lib/sendmail]
-  --enable-trace         Enable tracing
+  --enable-debug         Enable debugging support
 
 Fine tuning of the installation directories:
   --sysconfdir=DIR       chrony.conf location [/etc]
   --bindir=DIR           user executables [EPREFIX/bin]
   --sbindir=DIR          system admin executables [EPREFIX/sbin]
   --datarootdir=DIR      data root [PREFIX/share]
-  --infodir=DIR          info documentation [DATAROOTDIR/info]
   --mandir=DIR           man documentation [DATAROOTDIR/man]
   --docdir=DIR           documentation root [DATAROOTDIR/doc/chrony]
   --localstatedir=DIR    modifiable single-machine data [/var]
+  --chronyrundir=DIR     location for chrony sockets [LOCALSTATEDIR/run/chrony]
   --chronyvardir=DIR     location for chrony data [LOCALSTATEDIR/lib/chrony]
 
 Overriding system detection when cross-compiling:
@@ -155,6 +151,29 @@ add_def () {
   fi
 }
 #}}}
+#{{{ pkg_config
+pkg_config () {
+  type pkg-config > /dev/null 2> /dev/null || return 1
+
+  pkg-config $@ 2> /dev/null
+}
+#}}}
+#{{{ get_features
+get_features () {
+  ff=1
+  for f; do
+    if [ "$ff" = "0" ]; then
+      printf " "
+    fi
+    if grep "define FEAT_$f" config.h > /dev/null; then
+      printf "%s" "+$f"
+    else
+      printf "%s" "-$f"
+    fi
+    ff=0
+  done
+}
+#}}}
 
 # ======================================================================
 
@@ -170,31 +189,52 @@ EXTRA_OBJECTS=""
 EXTRA_DEFS=""
 SYSDEFS=""
 
-# Support for readline (on by default)
+feat_debug=0
+feat_cmdmon=1
+feat_ntp=1
+feat_refclock=1
 feat_readline=1
 try_readline=1
 try_editline=1
+feat_sechash=1
 try_nss=1
 try_tomcrypt=1
 feat_rtc=1
 try_rtc=0
-feat_linuxcaps=1
-try_linuxcaps=0
+feat_droproot=1
+try_libcap=-1
+try_clockctl=0
+feat_scfilter=0
+try_seccomp=-1
+priv_ops=""
 readline_lib=""
 readline_inc=""
 ncurses_lib=""
 feat_ipv6=1
+feat_phc=1
+try_phc=0
 feat_pps=1
 try_setsched=0
 try_lockmem=0
+feat_asyncdns=1
 feat_forcednsretry=1
+try_clock_gettime=1
+try_recvmmsg=1
+feat_timestamping=1
+try_timestamping=0
+feat_ntp_signd=0
+ntp_era_split=""
+default_user="root"
+default_hwclockfile=""
+default_pidfile="/var/run/chronyd.pid"
+default_rtcdevice="/dev/rtc"
 mail_program="/usr/lib/sendmail"
 
 for option
 do
     case "$option" in
-    --enable-trace )
-      add_def TRACEON
+    --enable-debug )
+      feat_debug=1
     ;;
     --disable-readline )
       feat_readline=0
@@ -232,9 +272,6 @@ do
     --datarootdir=* )
       SETDATAROOTDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
-    --infodir=* )
-      SETINFODIR=`echo $option | sed -e 's/^.*=//;'`
-    ;;
     --mandir=* )
       SETMANDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
@@ -244,27 +281,84 @@ do
     --localstatedir=* )
       SETLOCALSTATEDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --chronyrundir=* | --chronysockdir=* )
+      SETCHRONYRUNDIR=`echo $option | sed -e 's/^.*=//;'`
+    ;;
     --chronyvardir=* )
       SETCHRONYVARDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --disable-cmdmon)
+      feat_cmdmon=0
+    ;;
+    --disable-ntp)
+      feat_ntp=0
+    ;;
+    --disable-refclock)
+      feat_refclock=0
+    ;;
     --disable-rtc)
       feat_rtc=0
     ;;
     --disable-ipv6)
       feat_ipv6=0
     ;;
+    --disable-phc)
+      feat_phc=0
+    ;;
     --disable-pps)
       feat_pps=0
     ;;
-    --disable-linuxcaps)
-      feat_linuxcaps=0
+    --disable-privdrop)
+      feat_droproot=0
+    ;;
+    --without-libcap|--disable-linuxcaps)
+      try_libcap=0
+    ;;
+    --enable-scfilter)
+      feat_scfilter=1
+    ;;
+    --disable-scfilter)
+      feat_scfilter=0
+    ;;
+    --without-seccomp)
+      try_seccomp=0
+    ;;
+    --disable-asyncdns)
+      feat_asyncdns=0
     ;;
     --disable-forcednsretry)
       feat_forcednsretry=0
     ;;
+    --without-clock-gettime)
+      try_clock_gettime=0
+    ;;
+    --disable-timestamping)
+      feat_timestamping=0
+    ;;
+    --enable-ntp-signd)
+      feat_ntp_signd=1
+    ;;
+    --with-ntp-era=* )
+      ntp_era_split=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-user=* )
+      default_user=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-hwclockfile=* )
+      default_hwclockfile=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-pidfile=* )
+      default_pidfile=`echo $option | sed -e 's/^.*=//;'`
+    ;;
+    --with-rtcdevice=* )
+      default_rtcdevice=`echo $option | sed -e 's/^.*=//;'`
+    ;;
     --with-sendmail=* )
       mail_program=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --disable-sechash )
+      feat_sechash=0
+    ;;
     --without-nss )
       try_nss=0
     ;;
@@ -289,76 +383,169 @@ do
     esac
 done
 
+rm -f config.h config.log
+
 SYSTEM=${OPERATINGSYSTEM}-${MACHINE}
 
-case $SYSTEM in
-    SunOS-sun4* )
-    case $VERSION in
-        4.* )
-            EXTRA_OBJECTS="sys_sunos.o strerror.o"
-            EXTRA_LIBS="-lkvm"
-            add_def SUNOS
-            echo "Configuring for SunOS (" $SYSTEM "version" $VERSION ")"
-        ;;
-        5.* )
-            EXTRA_OBJECTS="sys_solaris.o"
-            EXTRA_LIBS="-lsocket -lnsl -lkvm -lelf"
-            EXTRA_CLI_LIBS="-lsocket -lnsl"
-            add_def SOLARIS
-            echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")"
-        ;;
-    esac
-    ;;
-    Linux* )
-        EXTRA_OBJECTS="sys_linux.o wrap_adjtimex.o"
-        try_linuxcaps=1
+case $OPERATINGSYSTEM in
+    Linux)
+        EXTRA_OBJECTS="sys_generic.o sys_linux.o sys_timex.o"
+        [ $try_libcap != "0" ] && try_libcap=1
         try_rtc=1
+        [ $try_seccomp != "0" ] && try_seccomp=1
+        try_timestamping=1
         try_setsched=1
         try_lockmem=1
+        try_phc=1
         add_def LINUX
         echo "Configuring for " $SYSTEM
-        if [ "${MACHINE}" = "alpha" ]; then
-           echo "Enabling -mieee"
-           # FIXME: Should really test for GCC
-           MYCFLAGS="$MYCFLAGS -mieee"
+    ;;
+    FreeBSD)
+        # recvmmsg() seems to be broken on FreeBSD 11.0 and it's just
+        # a wrapper around recvmsg()
+        try_recvmmsg=0
+        EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o"
+        add_def FREEBSD
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIME ADJUSTTIMEX SETTIME BINDSOCKET"
         fi
-    ;;
-
-    BSD/386-i[3456]86|FreeBSD-i386|FreeBSD-amd64 )
-        # Antti Jrvinen <costello@iki.fi> reported that this system can
-        # be supported with the SunOS 4.x driver files.
-        EXTRA_OBJECTS="sys_sunos.o strerror.o"
-        EXTRA_LIBS="-lkvm"
-        add_def SUNOS
-        echo "Configuring for $SYSTEM (using SunOS driver)"
-    ;;
-    NetBSD-* )
-        EXTRA_OBJECTS="sys_netbsd.o"
-        EXTRA_LIBS="-lkvm"
-        SYSDEFS=""
         echo "Configuring for $SYSTEM"
     ;;
-    SunOS-i86pc* )                                          
-        # Doug Woodward <dougw@whistler.com> reported that this configuration
-        # works for Solaris 2.8 / SunOS 5.8 on x86 platforms
-        EXTRA_OBJECTS="sys_solaris.o"                
-        EXTRA_LIBS="-lsocket -lnsl -lkvm -lelf"      
-        EXTRA_CLI_LIBS="-lsocket -lnsl"                              
+    NetBSD)
+        EXTRA_OBJECTS="sys_generic.o sys_netbsd.o sys_timex.o"
+        try_clockctl=1
+        add_def NETBSD
+        echo "Configuring for $SYSTEM"
+    ;;
+    Darwin)
+        EXTRA_OBJECTS="sys_macosx.o"
+        EXTRA_LIBS="-lresolv"
+        EXTRA_CLI_LIBS="-lresolv"
+        add_def MACOSX
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIME SETTIME BINDSOCKET"
+        fi
+        echo "Configuring for macOS (" $SYSTEM "macOS version" $VERSION ")"
+    ;;
+    SunOS)
+        EXTRA_OBJECTS="sys_generic.o sys_solaris.o sys_timex.o"
+        EXTRA_LIBS="-lsocket -lnsl -lresolv"
+        EXTRA_CLI_LIBS="-lsocket -lnsl -lresolv"
         add_def SOLARIS
+        # These are needed to have msg_control in struct msghdr
+        add_def __EXTENSIONS__
+        add_def _XOPEN_SOURCE 1
+        add_def _XOPEN_SOURCE_EXTENDED 1
+        if [ $feat_droproot = "1" ]; then
+          add_def FEAT_PRIVDROP
+          priv_ops="ADJUSTTIMEX SETTIME BINDSOCKET"
+        fi
         echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")" 
     ;;                                                                        
-    CYGWIN32_NT-i[3456]86 )
-        EXTRA_OBJECTS="sys_winnt.o"
-        EXTRA_LIBS=""
-        add_def WINNT
-        echo "Configuring for Windows NT (Cygwin32)"
-    ;;
     * )
-        echo "Sorry, I don't know how to build this software on your system."
+        echo "error: $SYSTEM is not supported (yet?)"
         exit 1
     ;;
 esac
 
+if [ $feat_debug = "1" ]; then
+  add_def FEAT_DEBUG
+fi
+add_def DEBUG $feat_debug
+
+if [ $feat_cmdmon = "1" ]; then
+  add_def FEAT_CMDMON
+  EXTRA_OBJECTS="$EXTRA_OBJECTS cmdmon.o manual.o pktlength.o"
+fi
+
+if [ $feat_ntp = "1" ]; then
+  add_def FEAT_NTP
+  EXTRA_OBJECTS="$EXTRA_OBJECTS ntp_core.o ntp_io.o ntp_sources.o"
+  if [ $feat_ntp_signd = "1" ]; then
+    add_def FEAT_SIGND
+    EXTRA_OBJECTS="$EXTRA_OBJECTS ntp_signd.o"
+  fi
+else
+  feat_asyncdns=0
+  feat_timestamping=0
+fi
+
+if [ "$feat_cmdmon" = "1" ] || [ $feat_ntp = "1" ]; then
+  EXTRA_OBJECTS="$EXTRA_OBJECTS addrfilt.o clientlog.o keys.o nameserv.o"
+else
+  feat_ipv6=0
+fi
+
+if [ $feat_refclock = "1" ]; then
+  add_def FEAT_REFCLOCK
+  EXTRA_OBJECTS="$EXTRA_OBJECTS refclock.o refclock_phc.o refclock_pps.o refclock_shm.o refclock_sock.o"
+fi
+
+MYCC="$CC"
+MYCFLAGS="$CFLAGS"
+MYCPPFLAGS="$CPPFLAGS"
+MYLDFLAGS="$LDFLAGS"
+
+if [ "x$MYCC" = "x" ]; then
+  MYCC=gcc
+  if ! test_code "$MYCC" '' '' '' ''; then
+    MYCC=cc
+    if ! test_code "$MYCC" '' '' '' ''; then
+      echo "error: no C compiler found"
+      exit 1
+    fi
+  fi
+else
+  if ! test_code "$MYCC" '' '' '' ''; then
+    echo "error: C compiler $MYCC cannot create executables"
+    exit 1
+  fi
+fi
+
+if [ "x$MYCFLAGS" = "x" ]; then
+  MYCFLAGS="-O2 -g"
+fi
+
+if [ "x$MYCC" = "xgcc" ]; then
+  MYCFLAGS="$MYCFLAGS -Wmissing-prototypes -Wall"
+fi
+
+if test_code '64-bit time_t' 'time.h' '' '' '
+  char x[sizeof(time_t) > 4 ? 1 : -1] = {0};
+  return x[0];'
+then
+  add_def HAVE_LONG_TIME_T 1
+
+  if [ "x$ntp_era_split" != "x" ]; then
+    split_seconds=$ntp_era_split
+    split_days=0
+  else
+    split_seconds=`date '+%s'`
+    if [ "x$split_seconds" = "x" ]; then
+      echo "error: could not get current time, --with-ntp-era option is needed"
+      exit 1
+    fi
+    split_days=$((50 * 365))
+  fi
+
+  add_def NTP_ERA_SPLIT "(${split_seconds}LL - $split_days * 24 * 3600)"
+
+  date_format='+%Y-%m-%dT%H:%M:%SZ'
+
+  # Print the full NTP interval if a suitable date is found
+  if [ "x`date -u -d '1970-01-01 UTC 9 days ago 5 seconds 3 seconds' \
+    $date_format 2> /dev/null`" = "x1969-12-23T00:00:08Z" ]
+  then
+    time1="`date -u -d "1970-01-01 UTC $split_days days ago $split_seconds seconds" \
+      $date_format`"
+    time2="`date -u -d "1970-01-01 UTC $split_days days ago $split_seconds seconds 4294967296 seconds" \
+      $date_format`"
+    echo "NTP time mapped to $time1/$time2"
+  fi
+fi
+
 MATHCODE='return (int) pow(2.0, log(sqrt((double)argc)));'
 if test_code 'math' 'math.h' '' '' "$MATHCODE"; then
   LIBS=""
@@ -366,34 +553,41 @@ else
   if test_code 'math in -lm' 'math.h' '' '-lm' "$MATHCODE"; then
     LIBS="-lm"
   else
-    echo "Can't compile/link a program which uses sqrt(), log(), pow(), bailing out"
+    echo "error: could not compile/link a program which uses sqrt(), log(), pow()"
     exit 1
   fi
 fi
   
 if test_code '<stdint.h>' 'stdint.h' '' '' ''; then
-  add_def HAS_STDINT_H
+  add_def HAVE_STDINT_H
 fi
 
 if test_code '<inttypes.h>' 'inttypes.h' '' '' ''; then
-  add_def HAS_INTTYPES_H
+  add_def HAVE_INTTYPES_H
+fi
+
+if test_code 'struct in_pktinfo' 'sys/socket.h netinet/in.h' '' '' '
+  struct in_pktinfo ipi;
+  return sizeof (ipi.ipi_spec_dst.s_addr) + IP_PKTINFO;'
+then
+  add_def HAVE_IN_PKTINFO
 fi
 
 if [ $feat_ipv6 = "1" ] && \
-  test_code 'IPv6 support' 'arpa/inet.h sys/socket.h netinet/in.h' '' '' '
+  test_code 'IPv6 support' 'arpa/inet.h sys/socket.h netinet/in.h' '' "$EXTRA_LIBS" '
     struct sockaddr_in6 n;
     char p[100];
     n.sin6_addr = in6addr_any;
     return !inet_ntop(AF_INET6, &n.sin6_addr.s6_addr, p, sizeof(p));'
 then
-  add_def HAVE_IPV6
-  if test_code 'in6_pktinfo' 'sys/socket.h netinet/in.h' '' '' '
-    return sizeof(struct in6_pktinfo);'
+  add_def FEAT_IPV6
+  if test_code 'struct in6_pktinfo' 'sys/socket.h netinet/in.h' '' '' '
+    return sizeof (struct in6_pktinfo) + IPV6_PKTINFO;'
   then
     add_def HAVE_IN6_PKTINFO
   else
-    if test_code 'in6_pktinfo with _GNU_SOURCE' 'sys/socket.h netinet/in.h' \
-      '-D_GNU_SOURCE' '' 'return sizeof(struct in6_pktinfo);'
+    if test_code 'struct in6_pktinfo with _GNU_SOURCE' 'sys/socket.h netinet/in.h' \
+      '-D_GNU_SOURCE' '' 'return sizeof (struct in6_pktinfo) + IPV6_PKTINFO;'
     then
       add_def _GNU_SOURCE
       add_def HAVE_IN6_PKTINFO
@@ -401,8 +595,72 @@ then
   fi
 fi
 
+if [ $try_clock_gettime = "1" ]; then
+  if test_code 'clock_gettime()' 'time.h' '' '' \
+    'clock_gettime(CLOCK_REALTIME, NULL);'
+  then
+    add_def HAVE_CLOCK_GETTIME
+  else
+    if test_code 'clock_gettime() in -lrt' 'time.h' '' '-lrt' \
+      'clock_gettime(CLOCK_REALTIME, NULL);'
+    then
+      add_def HAVE_CLOCK_GETTIME
+      EXTRA_LIBS="$EXTRA_LIBS -lrt"
+    fi
+  fi
+fi
+
+if test_code 'getaddrinfo()' 'sys/types.h sys/socket.h netdb.h' '' "$EXTRA_LIBS" \
+  'return getaddrinfo(0, 0, 0, 0);'
+then
+  add_def HAVE_GETADDRINFO
+fi
+
+if [ $feat_asyncdns = "1" ] && \
+  test_code 'pthread' 'pthread.h' '-pthread' '' \
+    'return pthread_create((void *)1, NULL, (void *)1, NULL);'
+then
+  add_def FEAT_ASYNCDNS
+  add_def USE_PTHREAD_ASYNCDNS
+  EXTRA_OBJECTS="$EXTRA_OBJECTS nameserv_async.o"
+  MYCFLAGS="$MYCFLAGS -pthread"
+fi
+
+if test_code 'arc4random_buf()' 'stdlib.h' '' '' 'arc4random_buf(NULL, 0);'; then
+  add_def HAVE_ARC4RANDOM
+fi
+
+RECVMMSG_CODE='
+  struct mmsghdr hdr;
+  return !recvmmsg(0, &hdr, 1, MSG_DONTWAIT, 0);'
+if [ $try_recvmmsg = "1" ]; then
+  if test_code 'recvmmsg()' 'sys/socket.h' '' "$EXTRA_LIBS" "$RECVMMSG_CODE"; then
+    add_def HAVE_RECVMMSG
+  else
+    if test_code 'recvmmsg() with _GNU_SOURCE' 'sys/socket.h' '-D_GNU_SOURCE' \
+      "$EXTRA_LIBS" "$RECVMMSG_CODE"
+    then
+      add_def _GNU_SOURCE
+      add_def HAVE_RECVMMSG
+    fi
+  fi
+fi
+
+if [ $feat_timestamping = "1" ] && [ $try_timestamping = "1" ] &&
+  test_code 'SW/HW timestamping' 'sys/types.h sys/socket.h linux/net_tstamp.h
+                                  linux/errqueue.h linux/ptp_clock.h' '' '' '
+    int val = SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_RX_SOFTWARE |
+              SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_OPT_CMSG;
+    return sizeof (struct scm_timestamping) + SCM_TSTAMP_SND + PTP_SYS_OFFSET +
+           setsockopt(0, SOL_SOCKET, SO_SELECT_ERR_QUEUE + SO_TIMESTAMPING,
+                      &val, sizeof (val));'
+then
+  add_def HAVE_LINUX_TIMESTAMPING
+  EXTRA_OBJECTS="$EXTRA_OBJECTS hwclock.o ntp_io_linux.o"
+fi
+
 timepps_h=""
-if [ $feat_pps = "1" ]; then
+if [ $feat_refclock = "1" ] && [ $feat_pps = "1" ]; then
   if test_code '<sys/timepps.h>' 'sys/timepps.h' '' '' ''; then
     timepps_h="sys/timepps.h"
     add_def HAVE_SYS_TIMEPPS_H
@@ -416,23 +674,50 @@ fi
 
 if [ "x$timepps_h" != "x" ] && \
   test_code 'PPSAPI' "string.h $timepps_h" '' '' '
-    pps_handle_t h;
+    pps_handle_t h = 0;
     pps_info_t i;
     struct timespec ts;
     return time_pps_fetch(h, PPS_TSFMT_TSPEC, &i, &ts);'
 then
-  add_def HAVE_PPSAPI
+  add_def FEAT_PPS
 fi
 
-if [ $feat_linuxcaps = "1" ] && [ $try_linuxcaps = "1" ] && \
+if [ $feat_droproot = "1" ] && [ $try_libcap = "1" ] && \
   test_code \
-    linuxcaps \
+    libcap \
     'sys/types.h pwd.h sys/prctl.h sys/capability.h grp.h' \
     '' '-lcap' \
     'prctl(PR_SET_KEEPCAPS, 1);cap_set_proc(cap_from_text("cap_sys_time=ep"));'
 then
-    add_def FEAT_LINUXCAPS
-    EXTRA_LIBS="-lcap"
+    add_def FEAT_PRIVDROP
+    EXTRA_LIBS="$EXTRA_LIBS -lcap"
+fi
+
+if [ $feat_droproot = "1" ] && [ $try_clockctl = "1" ] && \
+  test_code '<sys/clockctl.h>' 'sys/clockctl.h' '' '' ''
+then
+  add_def FEAT_PRIVDROP
+  priv_ops="BINDSOCKET"
+fi
+
+if [ $feat_scfilter = "1" ] && [ $try_seccomp = "1" ] && \
+  test_code seccomp 'seccomp.h' '' '-lseccomp' \
+    'seccomp_init(SCMP_ACT_KILL);'
+then
+  add_def FEAT_SCFILTER
+  # NAME2IPADDRESS shouldn't be enabled with other operations as the helper
+  # process works on one request at the time and the async resolver could
+  # block the main thread
+  priv_ops="NAME2IPADDRESS"
+  EXTRA_LIBS="$EXTRA_LIBS -lseccomp"
+fi
+
+if [ "x$priv_ops" != "x" ]; then
+  EXTRA_OBJECTS="$EXTRA_OBJECTS privops.o"
+  add_def PRIVOPS_HELPER
+  for o in $priv_ops; do
+    add_def PRIVOPS_$o
+  done
 fi
 
 if [ $feat_rtc = "1" ] && [ $try_rtc = "1" ] && \
@@ -443,6 +728,14 @@ then
     add_def FEAT_RTC
 fi
 
+if [ $feat_refclock = "1" ] && [ $feat_phc = "1" ] && [ $try_phc = "1" ] && \
+  grep '#define HAVE_CLOCK_GETTIME' config.h > /dev/null && \
+  test_code '<linux/ptp_clock.h>' 'sys/ioctl.h linux/ptp_clock.h' '' '' \
+    'ioctl(1, PTP_CLOCK_GETCAPS, 0);'
+then
+  add_def FEAT_PHC
+fi
+
 if [ $try_setsched = "1" ] && \
   test_code \
     'sched_setscheduler()' \
@@ -470,7 +763,6 @@ then
   add_def FORCE_DNSRETRY
 fi
 
-READLINE_COMPILE=""
 READLINE_LINK=""
 if [ $feat_readline = "1" ]; then
   if [ $try_editline = "1" ]; then
@@ -480,19 +772,19 @@ if [ $feat_readline = "1" ]; then
     then
       add_def FEAT_READLINE
       add_def USE_EDITLINE
-      READLINE_COMPILE="$readline_inc"
+      MYCPPFLAGS="$MYCPPFLAGS $readline_inc"
       READLINE_LINK="$readline_lib -ledit"
     fi
   fi
 
   if [ "x$READLINE_LINK" = "x" ] && [ $try_readline = "1" ]; then
     if test_code readline 'stdio.h readline/readline.h readline/history.h' \
-      "$readline_inc" "$readline_lib $ncurses_lib -lreadline" \
+      "$readline_inc" "$readline_lib -lreadline" \
       'add_history(readline("prompt"));'
     then
       add_def FEAT_READLINE
-      READLINE_COMPILE="$readline_inc"
-      READLINE_LINK="$readline_lib $ncurses_lib -lreadline"
+      MYCPPFLAGS="$MYCPPFLAGS $readline_inc"
+      READLINE_LINK="$readline_lib -lreadline"
     fi
   fi
 
@@ -503,38 +795,41 @@ if [ $feat_readline = "1" ]; then
       'add_history(readline("prompt"));'
     then
       add_def FEAT_READLINE
-      READLINE_COMPILE="$readline_inc"
+      MYCPPFLAGS="$MYCPPFLAGS $readline_inc"
       READLINE_LINK="$readline_lib $ncurses_lib -lreadline -lncurses"
     fi
   fi
+
+  EXTRA_CLI_LIBS="$EXTRA_CLI_LIBS $READLINE_LINK"
 fi
 
 HASH_OBJ="hash_intmd5.o"
-HASH_COMPILE=""
 HASH_LINK=""
 
-if [ $try_nss = "1" ]; then
-  test_cflags="`pkg-config --cflags nss`"
-  test_link="`pkg-config --libs-only-L nss` -lfreebl3"
+if [ $feat_sechash = "1" ] && [ $try_nss = "1" ]; then
+  test_cflags="`pkg_config --cflags nss`"
+  test_link="`pkg_config --libs-only-L nss` -lfreebl3"
   if test_code 'NSS' 'nss.h hasht.h nsslowhash.h' \
     "$test_cflags" "$test_link" \
     'NSSLOWHASH_Begin(NSSLOWHASH_NewContext(NSSLOW_Init(), HASH_AlgSHA512));'
   then
     HASH_OBJ="hash_nss.o"
-    HASH_COMPILE="$test_cflags"
     HASH_LINK="$test_link"
-    add_def GENERATE_SHA1_KEY
+    LIBS="$LIBS $HASH_LINK"
+    MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
+    add_def FEAT_SECHASH
   fi
 fi
 
-if [ "x$HASH_LINK" = "x" ] && [ $try_tomcrypt = "1" ]; then
+if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_tomcrypt = "1" ]; then
   if test_code 'tomcrypt' 'tomcrypt.h' '-I/usr/include/tomcrypt' '-ltomcrypt' \
     'hash_memory_multi(find_hash("md5"), NULL, NULL, NULL, 0, NULL, 0);'
   then
     HASH_OBJ="hash_tomcrypt.o"
-    HASH_COMPILE="-I/usr/include/tomcrypt"
     HASH_LINK="-ltomcrypt"
-    add_def GENERATE_SHA1_KEY
+    LIBS="$LIBS $HASH_LINK"
+    MYCPPFLAGS="$MYCPPFLAGS -I/usr/include/tomcrypt"
+    add_def FEAT_SECHASH
   fi
 fi
 
@@ -568,11 +863,6 @@ if [ "x$SETDATAROOTDIR" != "x" ]; then
   DATAROOTDIR=$SETDATAROOTDIR
 fi
 
-INFODIR=${DATAROOTDIR}/info
-if [ "x$SETINFODIR" != "x" ]; then
-  INFODIR=$SETINFODIR
-fi
-
 MANDIR=${DATAROOTDIR}/man
 if [ "x$SETMANDIR" != "x" ]; then
   MANDIR=$SETMANDIR
@@ -588,44 +878,64 @@ if [ "x$SETLOCALSTATEDIR" != "x" ]; then
   LOCALSTATEDIR=$SETLOCALSTATEDIR
 fi
 
+CHRONYRUNDIR=${LOCALSTATEDIR}/run/chrony
+if [ "x$SETCHRONYRUNDIR" != "x" ]; then
+  CHRONYRUNDIR=$SETCHRONYRUNDIR
+fi
+
 CHRONYVARDIR=${LOCALSTATEDIR}/lib/chrony
 if [ "x$SETCHRONYVARDIR" != "x" ]; then
   CHRONYVARDIR=$SETCHRONYVARDIR
 fi
 
 add_def DEFAULT_CONF_FILE "\"$SYSCONFDIR/chrony.conf\""
+add_def DEFAULT_HWCLOCK_FILE "\"$default_hwclockfile\""
+add_def DEFAULT_PID_FILE "\"$default_pidfile\""
+add_def DEFAULT_RTC_DEVICE "\"$default_rtcdevice\""
+add_def DEFAULT_USER "\"$default_user\""
+add_def DEFAULT_COMMAND_SOCKET "\"$CHRONYRUNDIR/chronyd.sock\""
 add_def MAIL_PROGRAM "\"$mail_program\""
 
+common_features="`get_features IPV6 DEBUG`"
+chronyc_features="`get_features READLINE`"
+chronyd_features="`get_features CMDMON NTP REFCLOCK RTC PRIVDROP SCFILTER SECHASH SIGND ASYNCDNS`"
+add_def CHRONYC_FEATURES "\"$chronyc_features $common_features\""
+add_def CHRONYD_FEATURES "\"$chronyd_features $common_features\""
+echo "Features : $chronyd_features $chronyc_features $common_features"
+
 if [ -f version.txt ]; then
-  add_def CHRONY_VERSION "\"`cat version.txt`\""
+  CHRONY_VERSION="`cat version.txt`"
 else
-  add_def CHRONY_VERSION "\"DEVELOPMENT\""
+  CHRONY_VERSION="DEVELOPMENT"
 fi
 
-for f in Makefile chrony.conf.5 chrony.texi chronyc.1 chronyd.8
+add_def CHRONY_VERSION "\"${CHRONY_VERSION}\""
+
+for f in Makefile doc/Makefile test/unit/Makefile
 do
   echo Creating $f
   sed -e "s%@EXTRA_OBJECTS@%${EXTRA_OBJECTS}%;\
           s%@CC@%${MYCC}%;\
           s%@CFLAGS@%${MYCFLAGS}%;\
-          s%@CPPFLAGS@%${CPPFLAGS}%;\
+          s%@CPPFLAGS@%${MYCPPFLAGS}%;\
           s%@LIBS@%${LIBS}%;\
           s%@LDFLAGS@%${MYLDFLAGS}%;\
           s%@EXTRA_LIBS@%${EXTRA_LIBS}%;\
           s%@EXTRA_CLI_LIBS@%${EXTRA_CLI_LIBS}%;\
-          s%@READLINE_COMPILE@%${READLINE_COMPILE}%;\
-          s%@READLINE_LINK@%${READLINE_LINK}%;\
           s%@HASH_OBJ@%${HASH_OBJ}%;\
-          s%@HASH_LINK@%${HASH_LINK}%;\
-          s%@HASH_COMPILE@%${HASH_COMPILE}%;\
           s%@SYSCONFDIR@%${SYSCONFDIR}%;\
           s%@BINDIR@%${BINDIR}%;\
           s%@SBINDIR@%${SBINDIR}%;\
           s%@DOCDIR@%${DOCDIR}%;\
           s%@MANDIR@%${MANDIR}%;\
-          s%@INFODIR@%${INFODIR}%;\
           s%@LOCALSTATEDIR@%${LOCALSTATEDIR}%;\
-          s%@CHRONYVARDIR@%${CHRONYVARDIR}%;"\
+          s%@CHRONYRUNDIR@%${CHRONYRUNDIR}%;\
+          s%@CHRONYVARDIR@%${CHRONYVARDIR}%;\
+          s%@DEFAULT_HWCLOCK_FILE@%${default_hwclockfile}%;\
+          s%@DEFAULT_PID_FILE@%${default_pidfile}%;\
+          s%@DEFAULT_RTC_DEVICE@%${default_rtcdevice}%;\
+          s%@DEFAULT_USER@%${default_user}%;\
+          s%@CHRONY_VERSION@%${CHRONY_VERSION}%;" \
           < ${f}.in > $f
 done
 

contrib/DNSchrony/COPYING

@@ -1,339 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License along
-    with this program; if not, write to the Free Software Foundation, Inc.,
-    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.

contrib/DNSchrony/DNSchrony.pl

@@ -1,583 +0,0 @@
-#!/usr/bin/perl
-#                Copyright (C) Paul Elliott 2002
-my($copyrighttext) =  <<'EOF';
-#                Copyright (C) Paul Elliott 2002
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program; if not, write to the Free Software
-#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#   SEE COPYING FOR DETAILS
-EOF
-
-#modules we use.
-
-use Socket;
-use Getopt::Std;
-use Net::DNS;
-use Tie::Syslog;
-use File::Temp qw/ :mktemp  /;
-use File::Copy;
-
-local($res) = new Net::DNS::Resolver;
-
-#dns lookup of IP address.
-#returns ip or errorstring.
-sub gethostaddr($)                                 #get ip address from host
-{
-  my($host) = shift;
-  $query = $res->search($host);
-  if ($query) {
-    foreach $rr ($query->answer) {
-      next unless $rr->type eq "A";
-      print $rr->address, "\n" if  $pedebug;
-      return $rr->address;
-    }
-  } else {
-    print "query failed: ", $res->errorstring, "\n" if $pedebug;
-    return $res->errorstring;
-  }	
-
-}
-
-#send messages to syslog
-
-sub Log($$)
-  {
-    if ($log) {
-      my($level) = shift;
-      my($mess) =shift;
-
-      tie *MYLOG, 'Tie::Syslog',$level,$0,'pid','unix';
-      print MYLOG $mess;
-
-      untie *MYLOG;
-    }
-  }
-
-#send message to output or syslog
-#and die.
-
-sub BadDie($)
-{
-  my($myerr) =$!;
-  my($mess)=shift;
-
-  if($log){
-      tie *MYLOG, 'Tie::Syslog','local0.err',$0,'pid','unix';
-      print MYLOG $mess;
-      print MYLOG $myerr;
-
-      untie *MYLOG;
-
-  } else {
-    print "$mess\n$myerr\n";
-  }
-  die $mess;
-}
-
-sub isIpAddr($)                     #return true if looks like ip address
-{
-  my($ip) = shift;
-  return 1 if ( $ip =~ m/$ipOnlyPAT/ );
-  return 0;
-}
-sub isHostname($)                     #return true if looks like ip address
-{
-  my($ip) = shift;
-  return 1 if ( $ip =~ m/$hostnameOnlyPAT/ );
-  return 0;
-}
-
-#send commands to chronyc by piping.
-sub chronyc($)                              #send commands to chronyc
-{
-  my($command) = shift;
-  my($err) = "/var/tmp/chronyc.log";
-  my($chronyP) = "/usr/local/bin/chronyc";
-  open(CHRONY, "| $chronyP 1>$err 2>&1");
-
-  print CHRONY "$passwd$command\n";
-
-  close(CHRONY);
-
-  Log('local0.info',"chronyc command issued=$command");
-                                   #look at status lines till return bad.
-  open( IN, "<$err");
-  my($status);
-  while (<IN>) {
-  $status = $_;
-
-    unless ( m/\A200 OK/ ) {
-      last;
-    }
-
-  }
-
-  $status ="" if ( $status =~ m/\A200 OK/ );
-  close(IN);
-  unlink $err;
-  Log('local0.info',"chronyc results=$status");
-  return $status;
-
-}
-
-#common patterns
-
-# an ip address patern
-local($ipPAT) = qr/\d{1,3}(?:\.\d{1,3}){3}/;
-# an hostname pattern
-local($hostnamePAT) = qr/\w+(?:\.\w+)*/;
-#line with hostname only
-local($hostnameOnlyPAT) = qr/\A$hostnamePAT\Z/;
-#line with ip address only
-local($ipOnlyPAT) =qr/\A$ipPAT\Z/;
-
-#options hash
-my(%opts);
-
-
-getopts('nuadslPSC', \%opts);
-
-local($log) = ( $opts{'l'} ) ? 1 : 0;
-
-my($offline) = !( $opts{'n'} ) ;
-my($offlineS) = ( $opts{'n'} ) ? " " : " offline" ;
-
-# paul elliotts secret debug var. no one will ever find out about it.
-local($pedebug)=( ($ENV{"PAULELLIOTTDEBUG"}) or ($opts{P}) );
-
-if ($opts{C}) {
-
-  print $copyrighttext;
-  exit 0;
-}
-
-
-print <<"EOF" unless $opts{'S'};
-$0, Copyright (C) 2002 Paul Elliott
-$0 comes with ABSOLUTELY NO WARRANTY; for details
-invoke $0 -C.  This is free software, and you are welcome
-to redistribute it under certain conditions; invoke $0 -C
-for details.
-EOF
-
-
-
-local($passwd);
-
-# password to send to chronyc
-my($pl) = $ENV{"CHRONYPASSWORD"};
-
-#password comand to send to chronyc
-if ( $pl ) {
-  $passwd = "password $pl\n";
-} else {
-  $passwd = "";
-}
-print "passwd=$passwd\n" if ($pedebug);
-
-my(%host2ip);
-
-# hash of arrays. host2ip{$host}[0] is ip address for this host
-# host2ip{$host}[1]   is rest of paramenters for this host exc offline.
-
-#if debuging do chrony.conf in current directory.
-my($listfile) =( ($pedebug) ? "./chrony.conf" : "/etc/chrony.conf") ;
-
-# This section reads in the old data about
-# hostnames IP addresses and server parameters
-# data is stored as it would be in chrony.conf
-# file i.e.:
-#># HOSTNAME
-#>server IPADDR minpoll 5 maxpoll 10 maxdelay 0.4 offline 
-#
-# the parameter offline is omitted if the -n switch is specified.
-# first parameter is the filename of the file usually
-# is /etc/DNSchrony.conf
-# this is where we store the list of DNS hosts.
-# hosts with static IP address shold be kept in chrony.conf
-
-# this is header that marks dnyamic host section
-my($noedithead)=<<'EOF';
-## DNSchrony dynamic dns server section. DO NOT EDIT
-## per entry FORMAT:
-##        |--------------------------------------------|
-##        |#HOSTNAME                                   |
-##        |server IP-ADDRESS extra-params [ offline ]  |
-##        |--------------------------------------------|
-EOF
-#patern that recognizes above.
-my($noeditheadPAT) = 
-qr/\#\#\s+DNSchrony\s+dynamic\s+dns\s+server\s+section\.\s+DO\s+NOT\s+EDIT\s*/;
-
-#end of header marker.
-my($noeditheadend)=<<'EOF';
-## END OF DNSchrony dynamic dns server section.
-EOF
-
-#pattern that matches above.
-my($noeditheadendPAT)=
-qr/\#\#\s+END\s+OF\s+DNSchrony\s+dynamic\s+dns\s+server\s+section.\s*/;
-
-#array to hold non dns portion of chrony.conf
-my(@chronyDconf);
-
-
-my($ip);
-my($rest);
-my($host);
-
-# for each entry in the list of hosts....
-open(READIN, "<$listfile") or  BadDie("Can not open $listfile");
-
-# read till dynamic patern read save in @chronyDconf
-
-while ( <READIN> ) {
-  
-  my($line) = $_;
-
-  last if ( m/\A$noeditheadPAT\Z/ );
-
-  push(@chronyDconf,$line);
-
-}
-
-while ( <READIN> ) {
- 
-   #end loop when end of header encountered
-   last if ( m/\A$noeditheadendPAT/ );
-
-   # parse the line giving ip address, extra pamamters, and host
-   #do host comment line first
-   ($host) = m{
-	       \A\#\s*
-	       ($hostnamePAT)
-               \s*\z
-              }xio;
-
-  #no match skip this line.
-  next unless (  $host );
-
-  # read next line
-  $_ = <READIN>;
-
-  # parse out ip address extra parameters.
-  ($ip,$rest) =
-  m{
-    \A
-    \s*
-    server                                       #server comand
-    \s+
-    ($ipPAT)                                     #ip address
-    (?ixo: \s )
-    \s*
-    (
-    (?(?!
-            (?iox: offline )?                    #skip to offline #
-            \s*                                  #or #
-            \Z
-    ).)*
-    )
-    (?ixo:
-     \s*
-     (?ixo: offline )?                          #consume to #
-     \s*
-     \Z
-    )
-    }xio ;
-
-  #if failure again.
-  next unless (  $ip );
-
-  $rest =~ s/\s*\z//;                          #remove trail blanks
-                                               #from parameters
-  # store the data in the list
-  # key is host name value is
-  # array [0] is ip address
-  #       [1] is other parameters
-  $host2ip{$host} = [$ip,$rest] ;
-  print "ip=$ip rest=$rest host=$host<\n" if $pedebug;
-
-}
-#read trailing line into @chronyDconf
-while ( <READIN> ) {
-
-  push(@chronyDconf,$_);
-
-}
-
-close(READIN) or BadDie("can not close $listfile");
-
-#if the add command:
-# command can be HOST=IPADDRESS OTHER_PARAMETERS
-# means add the server trust the ip address geven with out a dns lookup
-# good for when dns is down but we know the ip addres
-# or
-#    HOST OTHER_PARAMETERS
-#we lookup the ip address with dns.
-
-if ($opts{'a'}) {
-  my($param)= shift;
-
-
-  # parse the param is it hostname
-  if ( ($host,$ip) = $param =~ m/\A($hostnamePAT)=($ipPAT)\Z/ ) {
-    printf "ip=$ip host=$host\n" if ($pedebug);
-  } else {
-
-    $host = $param;
-
-    # get the ip address
-    $ip = gethostaddr($host);
-
-    if ( ! isIpAddr($ip) or ! isHostname($host) ) {
-      print "query failed: ", $ip, "host=$host\n" if $pedebug;
-      exit 1;
-    } 
-  }
-  printf "ip=$ip host=$host\n" if ($pedebug);
-
-  # add the server using chronyc
-  my($status) = chronyc("add server $ip $rest");
-  if ($status) {		#chronyc error
-    print "chronyc failed, status=$status\n";
-    exit 1;
-  }
-
-  # get rest of arguements
-  $rest = join( ' ', @ARGV);
-  print "rest=$rest\n" if ($pedebug);
-
-  #save node in hash
-  $host2ip{$host} = [$ip,$rest] ;
-  print "ip=$ip rest=$rest host=$host<\n" if $pedebug;
-
-}
-
-#delete command if arguement is ip address
-#just delete it
-#if a hostname look it up
-#then delete it.
-
-if ($opts{'d'}) {
-  $host = shift;
-
-  #get host name is it ap address
-  if ( isIpAddr($host) ) {                           # if ip address
-    my($hostIT);
-    my($found) =0;
-    foreach $hostIT (keys(%host2ip) ) {               #search for match
-      if ( $host2ip{$hostIT}[0] eq $host) {
-	$found=1;                                     #record match
-      }
-    }                                                 #end of search
-    if ($found) {                                     #if match found
-      my($status) = chronyc("delete $host");          #chronyc
-      if ($status) {                                  #chronyc error
-	print "chronyc failed, status=$status\n";
-	exit 1;
-      } else {                                        #reiterate
-	foreach $hostIT (keys(%host2ip) ) {
-	  if ( $host2ip{$hostIT}[0] eq $host) {
-	    delete $host2ip{$hostIT};                 #deleting match hosts
-	  }
-	}
-
-      }
-
-    }
-  } else {                                          #else not ip address
-                                                    #must be hostname
-    if ( ! $host2ip{$host} ) {
-      print "No such host as $host listed\n";
-      exit 1;
-    }
-                                                    #get ip address
-    $ip=gethostaddr($host);
-    if ( ! isIpAddr($ip) ) {                        #no ip address
-      print "query failed: ", $ip, "\n" if $pedebug;
-      exit 1;
-    } 
-
-    printf "ip=$ip host=$host\n" if ($pedebug);
-
-    my($listed_host_ip) = $host2ip{$host}[0];       # get the ip address saved
-
-    if ( $ip ne $listed_host_ip) {
-      print 
-	"Info: listed host ip=>$listed_host_ip".
-        "< is different from DNS ip=>$ip<\n";
-      $ip = $listed_host_ip;
-    }
-
-    # delete the server
-    my($status) = chronyc("delete $listed_host_ip\n");
-
-    if ($status) {
-      print "chronyc failed, status=$status\n";
-      exit 1;
-    }
-    #delete table entry
-    delete$host2ip{$host};
-  }
-
-}
-
-#update for each host who's dns ip address has changed
-#delete the old server and add the new. update the record.
-if ($opts{'u'}) {
-  my($command);
-
-  my(%prospective);                        # store new IP address we
-                                           #are thinking of changing.
-
-  Log('local0.info',
-      "Now searching for modified DNS entries.");
-
-  foreach $host (keys(%host2ip)) {         #for each listed host
-    my($old_ip) = $host2ip{$host}[0];      #get old ip
-    $rest       = $host2ip{$host}[1];      #extra params
-
-    $ip         = gethostaddr($host);      #get new ip from dns
-                                           #if error
-    if ( ! isIpAddr($ip) or ! isHostname($host) ) {
-      print "query failed: ", $ip, "host=$host\n";
-
-      Log('local0.err',"query failed: ". $ip . "host=$host");
-      
-      exit 1;
-    } 
-
-    next if($ip eq $old_ip);                #if ip not changed, skip
-
-    Log('local0.info',"Ip address for $host has changed. Old IP address=".
-                      "$old_ip, new IP address=$ip");
-    # add command to delete old host, add the new.
-    $command = $command . "delete $old_ip\n" .
-               "add server $ip $rest\n";
-
-    # we are now thinking about changing this host ip
-    $prospective{$host} = [$ip,$rest];
-  }
-  # submit all the accumulated chronyc commands if any.
-  if ($command) {
-    $status = chronyc($command);
-    if ($status) {
-      print "chronyc failed, status=$status\n";
-      Log('local0.err',"query failed: ". $ip . "host=$host");
-      exit 1;
-    }
-  } else {                                  #if no commands exit
-    exit 0;                                 #because no rewrite of file needed
-  }
-
-  #copy prospective modifications back into main table.
-  #we now know that all these mods were done with chronyc
-  foreach $host (keys(%prospective)) {
-    my($ip) = $prospective{$host}[0];
-    $rest       = $prospective{$host}[1];
-    $host2ip{$host} = [$ip,$rest];
-  }
-}
-
-#starting for each entry we have read in from the old list
-# add the server in chronyc
-# this option is seldom used.
-
-if ($opts{'s'}) {
-  my($command)="";
-
-  foreach $host (keys(%host2ip)) {
-    $command = $command . "add server $host2ip{$host}[0] ".
-                          "$host2ip{$host}[1]\n";
-  }
-  my($status) = chronyc($command);
-  if ($status) {
-    print "chronyc failed, status=$status\n";
-    exit 1;
-  }
-
-}
-# write out the data file in format
-#># HOSTNAME
-#>server IPADDRESS extra parameters [offline] 
-# offline is omitted if -n switch is specified.
-
-my(@value);
-my($such);
-{
-  # to start out we write to temporary file.
-  (my($writeout) , my($outname)) = mkstemp( "${listfile}.outXXXXXXX");
-
-  $outname or BadDie("can not open for $listfile");
-
-
-  # save the chrony.conf part!
-  # and write the DYNAMIC header
-  print $writeout @chronyDconf, $noedithead;
-
-
-  # for each entry
-  foreach $host (keys(%host2ip) ){
-
-    #write the record
-
-    # write the comment that indicates the hostname
-    # and the server command.
-    print $writeout 
-     "\# $host\nserver $host2ip{$host}[0] $host2ip{$host}[1]${offlineS}\n" ;
-
-    print 
-     "server $host2ip{$host}[0] $host2ip{$host}[1]${offlineS}\# $host\n" 
-     if $pedebug;
-
-  }
-
-  #WRITE THE end of dnyamic marker comment
-  print $writeout $noeditheadend;
-
-  # close the output file which was a temporary file.
-  close($writeout) or BadDie("can not close $outname");
-
-  # we now begin a intracate dance to make the the temporary
-  # the main chrony.conf
-  #
-  # if there is a chrony.conf.BAK save it to a temporary.
-  # rename chrony.conf to chrony.conf.BAK
-  # rename the temporary to chrony.conf
-  # if there already was a chrony.conf.BAK, unlink the copy of this.
-
-  my($backname) = "$listfile\.BAK";
-  my($backplain)  = ( -f $backname );
-  my($saveback);
-  #if chrony.conf.BAK exists rename to a temporary.
-  if ($backplain ) {
-
-    $saveback = mktemp("${backname}.bakXXXXXXX");
-    move($backname,$saveback) or 
-         BadDie "unable to move $backname to $savename";
-
-  }
-
-  # rename old chrony.conf to chrony.conf.BAK
-  move($listfile,$backname) or
-       BadDie "unable to move $listfile to $backname";
-
-  # rename our output to chrony.conf
-  move($outname,$listfile) or
-       BadDie "unable to move $outname to $listfile";
-
-  #if there was a temporary chrony.conf.BAK that we saved to temp
-  #unlink it
-  unlink($saveback) or BadDie "unable to unlink $saveback" if($backplain);
-  
-}

contrib/DNSchrony/DNSchronyADD

@@ -1,21 +0,0 @@
-#!/usr/bin/bash
-
-# $1 is chrony password.
-# $2 is hostname to add or hostname=ipaddres
-# $3-$9 is rest of extra server parameters
-
-FIRST="$1"
-HOST="$2"
-shift 2
-
-#remaining parameters a the other paramaters to server command
-#excluding "offline"
-ARGS="$*"
-
-#if none use default taken from chrony documentation.
-DEF="minpoll 5 maxpoll 10 maxdelay 0.4"
-
-DARGS=${ARGS:-$DEF}
-
-CHRONYPASSWORD=$FIRST \
-/usr/local/bin/DNSchrony.pl -a  "$HOST" "$DARGS"

contrib/DNSchrony/DNSchronyDELETE

@@ -1,7 +0,0 @@
-#!/usr/bin/bash
-
-# $1 is chrony password.
-# $2 host to be deleted if ip nn.n.n.n then no DNS used
-
-CHRONYPASSWORD=$1 \
-/usr/local/bin/DNSchrony.pl -d  $2

contrib/DNSchrony/DNSchronyUPDATE

@@ -1,7 +0,0 @@
-#!/usr/bin/bash
-
-# $1 is chrony password.
-
-
-CHRONYPASSWORD=$1 \
-/usr/local/bin/DNSchrony.pl -ulS

contrib/DNSchrony/README

@@ -1,166 +0,0 @@
-                Copyright (C) Paul Elliott 2002
-
-
-DNSchrony.pl version -2.0
-
-Problem: If you look at the list of secondary NTP servers:
-http://www.eecis.udel.edu/~mills/ntp/clock2.htm
-
-you will find statements like this:
-
-"Note: IP addresses are subject to change; please use DNS"
-
-These servers represent a problem for chrony. Chrony is a program
-designed to work on hosts with an intermittent connection to the
-internet. Often no DNS is available when chrony starts. As chrony
-is currently designed, chronyd never sees a DNS host name. If a
-user specifies one when using chronyc's "add server" command, the
-DNS lookup is done by chronyc and an IP address is passed to chronyd.
-
-One can imagine I suppose, a redesign to chrony in which chronyd
-keeps track of DNS changes. But this has problems, all the time
-chronyd is fooling around with DNS, it would not be keeping track
-of its prime function, what the clocks and NTP servers are saying.
-This could result in poorer performance. Or perhaps you say that
-chronyd should be multi threaded. One thread to fool with DNS
-and another to keep track of time. But this introduces a great
-deal of complexity, and complexity is the enemy of elegant robust
-code. Besides, Richard probably has better things to do.
-
-I have attempted to address this problem with a humble perl script,
-which I now release under the GPL: DNSchrony.pl
-
-PLEA FOR HELP FROM EXPERIENCED PERL HACKERS.
-
-Please go thru the code and find errors and improvements.
-I am not quite an polished perl hacker. Please fix bugs and
-make improvements. It needs better documentation. Someone
-who knows how, put in some POD.
-
-END OF PLEA
-
-Philosophy of DNSchrony.pl: keep a list of servers that use
-DNS. From time to time, hopefully when DNS is up, go thru
-the list lookup all the hostnames and see if any ip addresses have
-changed. If any have changed, update our list and do chronyc
-"delete" and "add server" commands so that chronyd now talks to
-the right NTP server.
-
-Additional nuance: keep the list in /etc/chrony.conf in the
-form of comments starting with "#" and "server" commands
-legal in a chrony.conf file. Format of a list entry:
-
-# hostname
-server IP-ADDRESS extra server parameters
-
-These entries are delimited by special comments that allow
-DNSchrony.pl to find them and also tell humans not to mess with them.
-
-Example of such a section of a chrony.conf file:
-
-dumpdir /var/log/chrony
-rtcfile /etc/chrony.rtc
-
-## DNSchrony dynamic dns server section. DO NOT EDIT
-## per entry FORMAT:
-##        |--------------------------------------------|
-##        |#HOSTNAME                                   |
-##        |server IP-ADDRESS extra-params [ offline ]  |
-##        |--------------------------------------------|
-# tock.greyware.com
-server 208.14.208.44 minpoll 5 maxpoll 10 maxdelay 0.4 offline
-# tick.greyware.com
-server 208.14.208.19 minpoll 5 maxpoll 10 maxdelay 0.4 offline
-# ntppub.tamu.edu
-server 128.194.254.9 minpoll 5 maxpoll 10 maxdelay 0.4 offline
-## END OF DNSchrony dynamic dns server section.
-
-This allows the list of dynamic DNS servers to be preserved
-when chronyd is stoped/started.
-
-All servers that do not have ip addresses subject to change
-should be put in the regular part of chrony.conf as described
-in the chrony documentation.
-
-Security philosophy: DNSchrony does no security checking but
-relies on other security factors.
-
-Users without the privilege to modify /etc/chrony.conf and the
-directory /etc will be unable to use DNSchrony to do so, because
-of file protections. DNSchrony passes thru passwords to chronyc.
-Users that do not know the correct chronyc  password will be
-unable to get chronyd do do anything. Thus, DNSchrony passes
-the buck to these other security features.
-
-INSTALLATION:
-
-copy the files:  DNSchronyADD DNSchronyUPDATE DNSchronyDELETE DNSchrony.pl
-to /usr/local/bin. Backup the file /etc/chrony.conf leave hosts
-with static ip addresses in this file.
-
-DNSchrony uses the following perl modules. See that they are installed.
-Get them from CPAN if needed.
-
-Net::DNS, Tie::Syslog, Getopt::Std, Socket, File.
-
-Cause DNSchronyUPDATE bash script to run from time to time when DNS
-is working. If you have a dialup, one way to do this would be to
-modify your /etc/ppp/ip-up.local file as follows:
-
-cat <<EOF | /usr/local/bin/chronyc
-password mysecret
-online
-EOF
-# update all of the dynamic servers and save the result.
-# do not wait for response
-
-nohup /usr/local/bin/DNSchronyUPDATE mysecret >/dev/null 2>&1 &
-
-Since this file contains the chronyc password you will want to set the
-file permissions so that just everybody will not be able to read
-it. But you already did that when you put in the chronyc command.  Any
-other way to make DNSchronyUPDATE run perodicly when DNS is up will
-also work.
-
-To add a server with a varying IP address one could run:
-/usr/local/bin/DNSchronyADD mysecret tock.greyware.com
-
-or if you want to specify different server parameters you
-could say:
-
-/usr/local/bin/DNSchronyADD mysecret tock.greyware.com "minpoll 10 maxpoll 20 maxdelay 0.8"
-
-The DNSchronyADD's default for these parameters is:
-"minpoll 5 maxpoll 10 maxdelay 0.4" values that are often shown
-as examples in the chrony documentation.
-
-If DNS is not running now but you know the IP address, you can say:
-/usr/local/bin/DNSchronyADD mysecret tock.greyware.com=208.14.208.44
-
-Of course, the IP address will be checked next time DNSchronyUPDATE
-runs.
-
-To delete dynamic DNS a server:
-/usr/local/bin/DNSchronyDELETE mysecret tock.greyware.com
-
-To change parameters delete and re-add.
-
-Of course, in all of the above "mysecret" is your chronyc password
-which SHOULD NOT BE "mysecret".
-----------------------------------------------
-DNSchrony.pl is covered by the GPL
-#                Copyright (C) Paul Elliott 2002
-#   This program is free software; you can redistribute it and/or modify
-#   it under the terms of the GNU General Public License as published by
-#   the Free Software Foundation; either version 2 of the License, or
-#   (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be useful,
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#   GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program; if not, write to the Free Software
-#   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-#   SEE COPYING FOR DETAILS

contrib/DNSchrony/ip-up.local

@@ -1,22 +0,0 @@
-#example file /etc/ppp/ip-up.local
-#originally from SuSE distribution
-#modified for chrony
-cat <<EOF | /usr/local/bin/chronyc
-password mysecret
-online
-EOF
-# update all of the dynamic servers and save the result.
-# do not wait for response
-
-nohup /usr/local/bin/DNSchronyUPDATE mysecret >/dev/null 2>&1 &
-#other stuff who knows?
-
-# The following lines added for Linux-HA support             # Heartbeat
-DEVFILE=`echo $DEVICE | sed -e 's!^/dev/!!' -e 's!/!.!g'` # Heartbeat
-OUTFILE=/var/run/ppp.d/$DEVFILE                             # Heartbeat
-(                    # Heartbeat
-echo "$IPREMOTE"    # Heartbeat
-echo "$IFNAME"      # Heartbeat
-echo "$PPPD_PID"    # Heartbeat
-echo "$IPLOCAL"     # Heartbeat
-) > $OUTFILE        # Heartbeat

contrib/bryan_christianson_1/README.txt

@@ -0,0 +1,103 @@
+Notes for installing chrony on macOS
+Author: Bryan Christianson (bryan@whatroute.net)
+------------------------------------------------
+
+These files are for those admins/users who would prefer to install chrony
+from the source distribution and are intended as guidelines rather than
+being definitive. They can be edited with a plain text editor, such as
+vi, emacs or your favourite IDE (Xcode)
+
+It is assumed you are comfortable with installing software from the
+terminal command line and know how to use sudo to acquire root access.
+
+If you are not familiar with the macOS command line then
+please consider using ChronyControl from http://whatroute.net/chronycontrol.html
+
+ChronyControl provides a gui wrapper for installing these files and sets the
+necessary permissions on each file.
+
+
+Install the chrony software
+---------------------------
+
+You will need xcode and the commandline additions to build and install chrony.
+These can be obtained from Apple's website via the App Store.
+
+cd to the chrony directory
+./configure
+make
+sudo make install
+
+chrony is now installed in default locations (/usr/local/sbin/chronyd,
+/usr/local/bin/chronyc)
+
+Create a chrony.conf file - see the chrony website for details
+
+The support files here assume the following directives are specified in the
+chrony.conf file
+
+keyfile /etc/chrony.d/chrony.keys
+driftfile /var/db/chrony/chrony.drift
+bindcmdaddress /var/db/chrony/chronyd.sock
+logdir /var/log/chrony
+dumpdir /var/db/chrony
+
+Install this file as /etc/chrony.d/chrony.conf and create
+the directories specified in the above directives if they don't exist.
+You will need root permissions to create the directories.
+
+
+Running chronyd
+---------------
+At this point chronyd *could* be run as a daemon. Apple discourage running
+daemons and their preferred method uses the launchd facility. The
+support files here provide a launchd configuration file for chronyd and also
+a shell script and launchd configuration file to rotate the chronyd logs on a daily basis.
+
+
+Support files
+-------------
+Dates and sizes may differ
+-rw-r--r--  1 yourname  staff  2084  4 Aug 22:54 README.txt
+-rwxr-xr-x  1 yourname  staff   676  4 Aug 21:18 chronylogrotate.sh
+-rw-r--r--  1 yourname  staff   543 18 Jul 20:10 org.tuxfamily.chronyc.plist
+-rw-r--r--  1 yourname  staff   511 19 Jun 18:30 org.tuxfamily.chronyd.plist
+
+If you have used chrony support directories other than those suggested, you
+will need to edit each file and make the appropriate changes.
+
+
+Installing the support files
+----------------------------
+
+1. chronylogrotate.sh
+This is a simple shell script that deletes old log files. Unfortunately because
+of the need to run chronyc, the standard macOS logrotation does not work with
+chrony logs.
+
+This script runs on a daily basis under control of launchd and should be
+installed in the /usr/local/bin directory
+
+sudo cp chronylogrotate.sh /usr/local/bin
+sudo chmod +x /usr/local/bin/chronylogrotate.sh
+sudo chown root:wheel /usr/local/bin/chronylogrotate.sh
+
+
+2. org.tuxfamily.chronyc.plist
+This file is the launchd plist that runs logrotation each day. You may
+wish to edit this file to change the time of day at which the rotation
+will run, currently 04:05 am
+
+sudo cp org.tuxfamily.chronyc.plist /Library/LaunchDaemons
+sudo chown root:wheel /Library/LaunchDaemons/org.tuxfamily.chronyc.plist
+sudo chmod 0644 /Library/LaunchDaemons/org.tuxfamily.chronyc.plist
+sudo launchctl load -w /Library/LaunchDaemons/org.tuxfamily.chronyc.plist
+
+
+3. org.tuxfamily.chronyd.plist
+This file is the launchd plist that runs chronyd when the Macintosh starts.
+
+sudo cp org.tuxfamily.chronyd.plist /Library/LaunchDaemons
+sudo chown root:wheel /Library/LaunchDaemons/org.tuxfamily.chronyd.plist
+sudo chmod 0644 /Library/LaunchDaemons/org.tuxfamily.chronyd.plist
+sudo launchctl load -w /Library/LaunchDaemons/org.tuxfamily.chronyd.plist

contrib/bryan_christianson_1/chronylogrotate.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+
+#  chronyd/chronyc - Programs for keeping computer clocks accurate.
+#
+#  **********************************************************************
+#  * Copyright (C) Bryan Christianson  2015
+#  *
+#  * This program is free software; you can redistribute it and/or modify
+#  * it under the terms of version 2 of the GNU General Public License as
+#  * published by the Free Software Foundation.
+#  *
+#  * This program is distributed in the hope that it will be useful, but
+#  * WITHOUT ANY WARRANTY; without even the implied warranty of
+#  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+#  * General Public License for more details.
+#  *
+#  * You should have received a copy of the GNU General Public License along
+#  * with this program; if not, write to the Free Software Foundation, Inc.,
+#  * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#  *
+#  **********************************************************************
+
+LOGDIR=/var/log/chrony
+
+rotate () {
+  prefix=$1
+
+  rm -f $prefix.log.10
+
+  for (( count=9; count>= 0; count-- ))
+  do
+    next=$(( $count+1 ))
+    if [ -f $prefix.log.$count ]; then
+      mv $prefix.log.$count $prefix.log.$next
+    fi
+  done
+
+  if [ -f $prefix.log ]; then
+    mv $prefix.log $prefix.log.0
+  fi
+}
+
+if [ ! -e "$LOGDIR" ]; then
+  logger -s "missing directory: $LOGDIR"
+  exit 1
+fi
+
+cd $LOGDIR
+
+rotate measurements
+rotate statistics
+rotate tracking
+
+#
+# signal chronyd via chronyc
+/usr/local/bin/chronyc cyclelogs > /dev/null
+
+exit $?

contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.tuxfamily.logrotate</string>
+	<key>KeepAlive</key>
+	<false/>
+	<key>ProgramArguments</key>
+	<array>
+		<string>/bin/sh</string>
+		<string>/usr/local/bin/chronylogrotate.sh</string>
+	</array>
+	<key>StartCalendarInterval</key>
+	<dict>
+		<key>Minute</key>
+		<integer>5</integer>
+		<key>Hour</key>
+		<integer>4</integer>
+	</dict>
+</dict>
+</plist>

contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>Label</key>
+	<string>org.tuxfamily.chronyd</string>
+	<key>Program</key>
+	<string>/usr/local/sbin/chronyd</string>
+	<key>ProgramArguments</key>
+	<array>
+		<string>chronyd</string>
+		<string>-n</string>
+		<string>-f</string>
+		<string>/private/etc/chrony.d/chrony.conf</string>
+	</array>
+	<key>KeepAlive</key>
+	<true/>
+</dict>
+</plist>

doc/Makefile.in

@@ -0,0 +1,76 @@
+ADOC = asciidoctor
+ADOC_FLAGS =
+SED = sed
+HTML_TO_TXT = w3m -dump -T text/html
+
+MAN_FILES = chrony.conf.man chronyc.man chronyd.man
+TXT_FILES = faq.txt installation.txt
+HTML_FILES = $(MAN_FILES:%.man=%.html) $(TXT_FILES:%.txt=%.html)
+MAN_IN_FILES = $(MAN_FILES:%.man=%.man.in)
+
+SYSCONFDIR = @SYSCONFDIR@
+BINDIR = @BINDIR@
+SBINDIR = @SBINDIR@
+MANDIR = @MANDIR@
+DOCDIR = @DOCDIR@
+CHRONYRUNDIR = @CHRONYRUNDIR@
+CHRONYVARDIR = @CHRONYVARDIR@
+CHRONY_VERSION = @CHRONY_VERSION@
+DEFAULT_USER = @DEFAULT_USER@
+DEFAULT_HWCLOCK_FILE = @DEFAULT_HWCLOCK_FILE@
+DEFAULT_PID_FILE = @DEFAULT_PID_FILE@
+DEFAULT_RTC_DEVICE = @DEFAULT_RTC_DEVICE@
+
+SED_COMMANDS = "s%\@SYSCONFDIR\@%$(SYSCONFDIR)%g;\
+	       s%\@BINDIR\@%$(BINDIR)%g;\
+	       s%\@SBINDIR\@%$(SBINDIR)%g;\
+	       s%\@CHRONY_VERSION\@%$(CHRONY_VERSION)%g;\
+	       s%\@DEFAULT_HWCLOCK_FILE\@%$(DEFAULT_HWCLOCK_FILE)%g;\
+	       s%\@DEFAULT_PID_FILE\@%$(DEFAULT_PID_FILE)%g;\
+	       s%\@DEFAULT_RTC_DEVICE\@%$(DEFAULT_RTC_DEVICE)%g;\
+	       s%\@DEFAULT_USER\@%$(DEFAULT_USER)%g;\
+	       s%\@CHRONYRUNDIR\@%$(CHRONYRUNDIR)%g;\
+	       s%\@CHRONYVARDIR\@%$(CHRONYVARDIR)%g;"
+
+man: $(MAN_FILES) $(MAN_IN_FILES)
+html: $(HTML_FILES)
+txt: $(TXT_FILES)
+docs: man html
+
+%.html: %.adoc
+	$(ADOC) $(ADOC_FLAGS) -b html -o - $< | $(SED) -e $(SED_COMMANDS) > $@
+
+%.man.in: %.adoc
+	$(ADOC) $(ADOC_FLAGS) -b manpage -o $@ $<
+
+%.man: %.man.in
+	$(SED) -e $(SED_COMMANDS) < $< > $@
+
+%.txt: %.html
+	$(HTML_TO_TXT) < $< > $@
+
+install: $(MAN_FILES)
+	[ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1
+	[ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+	[ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+	cp chronyc.man $(DESTDIR)$(MANDIR)/man1/chronyc.1
+	chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1
+	cp chronyd.man $(DESTDIR)$(MANDIR)/man8/chronyd.8
+	chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8
+	cp chrony.conf.man $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+	chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5
+
+install-docs: $(HTML_FILES)
+	[ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR)
+	for f in $(HTML_FILES); do \
+	  cp $$f $(DESTDIR)$(DOCDIR); \
+	  chmod 644 $(DESTDIR)$(DOCDIR)/$$f; \
+	done
+
+clean:
+	rm -f $(MAN_FILES) $(TXT_FILES) $(HTML_FILES)
+	rm -f $(MAN_IN_FILES)
+
+distclean:
+	rm -f $(MAN_FILES) $(TXT_FILES) $(HTML_FILES)
+	rm -f Makefile

doc/chronyd.adoc

@@ -0,0 +1,172 @@
+// This file is part of chrony
+//
+// Copyright (C) Richard P. Curnow  1997-2003
+// Copyright (C) Miroslav Lichvar  2009-2016
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of version 2 of the GNU General Public License as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+= chronyd(8)
+:doctype: manpage
+:man manual: System Administration
+:man source: chrony @CHRONY_VERSION@
+
+== NAME
+
+chronyd - chrony daemon
+
+== SYNOPSIS
+
+*chronyd* [_OPTION_]... [_DIRECTIVE_]...
+
+== DESCRIPTION
+
+*chronyd* is a daemon for synchronisation of the system clock. It can
+synchronise the clock with NTP servers, reference clocks (e.g. a GPS receiver),
+and manual input using wristwatch and keyboard via *chronyc*. It can also
+operate as an NTPv4 (RFC 5905) server and peer to provide a time service to
+other computers in the network.
+
+If no configuration directives are specified on the command line, *chronyd*
+will read them from a configuration file. The compiled-in default location of
+the file is _@SYSCONFDIR@/chrony.conf_.
+
+Information messages and warnings will be logged to syslog.
+
+== OPTIONS
+
+*-4*::
+With this option hostnames will be resolved only to IPv4 addresses and only
+IPv4 sockets will be created.
+
+*-6*::
+With this option hostnames will be resolved only to IPv6 addresses and only
+IPv6 sockets will be created.
+
+*-f* _file_::
+This option can be used to specify an alternate location for the configuration
+file (default _@SYSCONFDIR@/chrony.conf_).
+
+*-n*::
+When run in this mode, the program will not detach itself from the terminal.
+
+*-d*::
+When run in this mode, the program will not detach itself from the terminal,
+and all messages will be sent to the terminal instead of to syslog. When
+*chronyd* was compiled with debugging support, this option can be used twice to
+print also debugging messages.
+
+*-q*::
+When run in this mode, *chronyd* will set the system clock once and exit. It
+will not detach from the terminal.
+
+*-Q*::
+This option is similar to *-q*, but it will only print the offset without any
+corrections of the clock.
+
+*-r*::
+This option will try to reload and then delete files containing sample
+histories for each of the servers and reference clocks being used. These
+histories are created by using the <<chronyc.adoc#dump,*dump*>> command in
+*chronyc*, or by setting the <<chrony.conf.adoc#dumponexit,*dumponexit*>>
+directive in the configuration file. This option is useful if you want to stop
+and restart *chronyd* briefly for any reason, e.g. to install a new version.
+However, it should be used only on systems where the kernel can maintain clock
+compensation whilst not under *chronyd*'s control (i.e. Linux, FreeBSD, NetBSD
+and Solaris).
+
+*-R*::
+When this option is used, the <<chrony.conf.adoc#initstepslew,*initstepslew*>>
+directive and the <<chrony.conf.adoc#makestep,*makestep*>> directive used with
+a positive limit will be ignored. This option is useful when restarting
+*chronyd* and can be used in conjunction with the *-r* option.
+
+*-s*::
+This option will set the system clock from the computer's real-time clock (RTC)
+or to the last modification time of the file specified by the
+<<chrony.conf.adoc#driftfile,*driftfile*>> directive. Real-time clocks are
+supported only on Linux.
++
+If used in conjunction with the *-r* flag, *chronyd* will attempt to preserve
+the old samples after setting the system clock from the RTC. This can be used
+to allow *chronyd* to perform long term averaging of the gain or loss rate
+across system reboots, and is useful for systems with intermittent access to
+network that are shut down when not in use. For this to work well, it relies
+on *chronyd* having been able to determine accurate statistics for the
+difference between the RTC and system clock last time the computer was on.
++
+If the last modification time of the drift file is later than both the current
+time and the RTC time, the system time will be set to it to restore the time
+when *chronyd* was previously stopped. This is useful on computers that have no
+RTC or the RTC is broken (e.g. it has no battery).
+
+*-t* _timeout_::
+This option sets a timeout (in seconds) after which *chronyd* will exit. If the
+clock is not synchronised, it will exit with a non-zero status. This is useful
+with the *-q* or *-Q* option to shorten the maximum time waiting for
+measurements, or with the *-r* option to limit the time when *chronyd* is
+running, but still allow it to adjust the frequency of the system clock.
+
+*-u* _user_::
+This option sets the name of the system user to which *chronyd* will switch
+after start in order to drop root privileges. It overrides the
+<<chrony.conf.adoc#user,*user*>> directive (default _@DEFAULT_USER@_).
++
+On Linux, *chronyd* needs to be compiled with support for the *libcap* library.
+On macOS, FreeBSD, NetBSD and Solaris *chronyd* forks into two processes.
+The child process retains root privileges, but can only perform a very limited
+range of privileged system calls on behalf of the parent.
+
+*-F* _level_::
+This option configures a system call filter when *chronyd* is compiled with
+support for the Linux secure computing (seccomp) facility. In level 1 the
+process is killed when a forbidden system call is made, in level -1 the SYSSIG
+signal is thrown instead and in level 0 the filter is disabled (default 0).
++
+It's recommended to enable the filter only when it's known to work on the
+version of the system where *chrony* is installed as the filter needs to allow
+also system calls made from libraries that *chronyd* is using (e.g. libc) and
+different versions or implementations of the libraries may make different
+system calls. If the filter is missing some system call, *chronyd* could be
+killed even in normal operation.
+
+*-P* _priority_::
+On Linux, this option will select the SCHED_FIFO real-time scheduler at the
+specified priority (which must be between 0 and 100). On macOS, this option
+must have either a value of 0 (the default) to disable the thread time
+constraint policy or 1 for the policy to be enabled. Other systems do not
+support this option.
+
+*-m*::
+This option will lock *chronyd* into RAM so that it will never be paged out.
+This mode is only supported on Linux.
+
+*-v*::
+With this option *chronyd* will print version number to the terminal and exit.
+
+== FILES
+
+_@SYSCONFDIR@/chrony.conf_
+
+== SEE ALSO
+
+<<chronyc.adoc#,*chronyc(1)*>>, <<chrony.conf.adoc#,*chrony.conf(5)*>>
+
+== BUGS
+
+For instructions on how to report bugs, please visit
+https://chrony.tuxfamily.org/.
+
+== AUTHORS
+
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.

doc/faq.adoc

@@ -0,0 +1,423 @@
+// This file is part of chrony
+//
+// Copyright (C) Richard P. Curnow  1997-2003
+// Copyright (C) Miroslav Lichvar  2014-2016
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of version 2 of the GNU General Public License as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+= Frequently Asked Questions
+:toc:
+:numbered:
+
+== `chrony` compared to other programs
+
+=== How does `chrony` compare to `ntpd`?
+
+`chronyd` was designed to work well in a wide range of conditions and it can
+usually synchronise the system clock faster and with better time accuracy. It
+doesn't implement some of the less useful NTP modes like broadcast client or
+multicast server/client.
+
+If your computer is connected to the Internet only for few minutes at a time,
+the network connection is often congested, you turn your computer off or
+suspend it frequently, the clock is not very stable (e.g. there are rapid
+changes in the temperature or it's a virtual machine), or you want to use NTP
+on an isolated network with no hardware reference clocks in sight, `chrony`
+will probably work much better for you.
+
+For a more detailed comparison of features and performance, see the
+https://chrony.tuxfamily.org/comparison.html[comparison page] on the `chrony`
+website.
+
+== Configuration issues
+
+=== What is the minimum recommended configuration for an NTP client?
+
+First, the client needs to know which NTP servers it should ask for the current
+time. They are specified by the `server` or `pool` directive. The `pool`
+directive can be used for names that resolve to multiple addresses. For good
+reliability the client should have at least three servers. The `iburst` option
+speeds up the initial synchronisation.
+
+To stabilize the initial synchronisation on the next start, the estimated drift
+of the system clock is saved to a file specified by the `driftfile` directive.
+
+If the system clock can be far from the true time after boot for any reason,
+`chronyd` should be allowed to correct it quickly by stepping instead of
+slewing, which would take a very long time. The `makestep` directive does
+that.
+
+In order to keep the real-time clock (RTC) close to the true time, so the
+system time is reasonably close to the true time when it's initialized on the
+next boot from the RTC, the `rtcsync` directive enables a mode in which the
+system time is periodically copied to the RTC. It is supported on Linux and
+macOS.
+
+If you want to use public NTP servers from the
+http://www.pool.ntp.org/[pool.ntp.org] project, the minimal _chrony.conf_ file
+could be:
+
+----
+pool pool.ntp.org iburst
+driftfile /var/lib/chrony/drift
+makestep 1 3
+rtcsync
+----
+
+=== How do I make an NTP server from an NTP client?
+
+You need to add an `allow` directive to the _chrony.conf_ file in order to open
+the NTP port and allow `chronyd` to reply to client requests. `allow` with no
+specified subnet allows all IPv4 and IPv6 addresses.
+
+=== I have several computers on a LAN. Should be all clients of an external server?
+
+The best configuration is usually to make one computer the server, with
+the others as clients of it. Add a `local` directive to the server's
+_chrony.conf_ file. This configuration will be better because
+
+* the load on the external connection is less
+* the load on the external NTP server(s) is less
+* if your external connection goes down, the computers on the LAN
+  will maintain a common time with each other.
+
+=== Must I specify servers by IP address if DNS is not available on chronyd start?
+
+No. Starting from version 1.25, `chronyd` will keep trying to resolve
+the names specified by the `server`, `pool`, and `peer` directives in an
+increasing interval until it succeeds. The `online` command can be issued from
+`chronyc` to try to resolve them immediately.
+
+=== How can I make `chronyd` more secure?
+
+If you don't need to serve time to NTP clients or peers, you can add `port 0`
+to the _chrony.conf_ file to completely disable the NTP server functionality
+and prevent NTP requests from reaching `chronyd`. Starting from version 2.0,
+the NTP server port is open only when client access is allowed by the `allow`
+directive or command, an NTP peer is configured, or the `broadcast` directive
+is used.
+
+If you don't need to use `chronyc` remotely, you can add the following
+directives to the configuration file to bind the command sockets to the
+loopback interface. This is done by default since version 2.0.
+
+----
+bindcmdaddress 127.0.0.1
+bindcmdaddress ::1
+----
+
+If you don't need to use `chronyc` at all or you need to run `chronyc` only
+under the root or _chrony_ user (which can access `chronyd` through a Unix
+domain socket since version 2.2), you can disable the internet command sockets
+completely by adding `cmdport 0` to the configuration file.
+
+You can specify an unprivileged user with the `-u` option, or the `user`
+directive in the _chrony.conf_ file, to which `chronyd` will switch after start
+in order to drop root privileges. The configure script has a `--with-user`
+option, which sets the default user. On Linux, `chronyd` needs to be compiled
+with support for the `libcap` library. On other systems, `chronyd` forks into
+two processes. The child process retains root privileges, but can only perform
+a very limited range of privileged system calls on behalf of the parent.
+
+Also, if `chronyd` is compiled with support for the Linux secure computing
+(seccomp) facility, you can enable a system call filter with the `-F` option.
+It will significantly reduce the kernel attack surface and possibly prevent
+kernel exploits from the `chronyd` process if it's compromised. It's
+recommended to enable the filter only when it's known to work on the version of
+the system where `chrony` is installed as the filter needs to allow also system
+calls made from libraries that `chronyd` is using (e.g. libc) and different
+versions or implementations of the libraries may make different system calls.
+If the filter is missing some system call, `chronyd` could be killed even in
+normal operation.
+
+=== How can I improve the accuracy of the system clock with NTP sources?
+
+Select NTP servers that are well synchronised, stable and close to your
+network. It's better to use more than one server, three or four is usually
+recommended as the minimum, so `chronyd` can detect servers that serve false
+time and combine measurements from multiple sources.
+
+If you have a network card with hardware timestamping supported on Linux, it
+can be enabled by the *hwtimestamp* directive in the _chrony.conf_ file. It
+should make local receive and transmit timestamps of NTP packets much more
+accurate.
+
+There are also useful options which can be set in the `server` directive, they
+are `minpoll`, `maxpoll`, `polltarget`, `maxdelay`, `maxdelayratio`,
+`maxdelaydevratio`, and `xleave`.
+
+The first three options set the minimum and maximum allowed polling interval,
+and how should be the actual interval adjusted in the specified range. Their
+default values are 6 (64 seconds) for `minpoll`, 10 (1024 seconds) for
+`maxpoll` and 8 (samples) for `polltarget`. The default values should be used
+for general servers on the Internet. With your own NTP servers or if have
+permission to poll some servers more frequently, setting these options for
+shorter polling intervals may significantly improve the accuracy of the system
+clock.
+
+The optimal polling interval depends mainly on two factors, stability of the
+network latency and stability of the system clock (which mainly depends on the
+temperature sensitivity of the crystal oscillator and the maximum rate of the
+temperature change).
+
+An example of the directive for an NTP server on the Internet that you are
+allowed to poll frequently could be
+
+----
+server foo.example.net minpoll 4 maxpoll 6 polltarget 16
+----
+
+An example using very short polling intervals for a server located in the same
+LAN could be
+
+----
+server ntp.local minpoll 2 maxpoll 4 polltarget 30
+----
+
+The maxdelay options are useful to ignore measurements with larger delay (e.g.
+due to congestion in the network) and improve the stability of the
+synchronisation. The `maxdelaydevratio` option could be added to the example
+with local NTP server
+
+----
+server ntp.local minpoll 2 maxpoll 4 polltarget 30 maxdelaydevratio 2
+----
+
+If your server supports the interleaved mode, the `xleave` option should be
+added to the `server` directive in order to receive server's more accurate
+hardware or kernel transmit timestamps. When combined with local hardware
+timestamping, a sub-microsecond accuracy may be possible. An example could be
+
+----
+server ntp.local minpoll 2 maxpoll 2 xleave
+hwtimestamp eth0
+----
+
+=== What happened to the `commandkey` and `generatecommandkey` directives?
+
+They were removed in version 2.2. Authentication is no longer supported in the
+command protocol. Commands that required authentication are now allowed only
+through a Unix domain socket, which is accessible only by the root and _chrony_
+users. If you need to configure `chronyd` remotely or locally without the root
+password, please consider using ssh and/or sudo to run `chronyc` under the root
+or _chrony_ user on the host where `chronyd` is running.
+
+== Computer is not synchronising
+
+This is the most common problem. There are a number of reasons, see the
+following questions.
+
+=== Behind a firewall?
+
+Check the `Reach` value printed by the ``chronyc``'s `sources` command. If it's
+zero, it means `chronyd` did not get any valid responses from the NTP server
+you are trying to use. If there is a firewall between you and the server, the
+packets may be blocked. Try using a tool like `wireshark` or `tcpdump` to see
+if you're getting any responses from the server.
+
+When `chronyd` is receiving responses from the servers, the output of the
+`sources` command issued few minutes after `chronyd` start might look like
+this:
+
+----
+210 Number of sources = 3
+MS Name/IP address         Stratum Poll Reach LastRx Last sample
+===============================================================================
+^* foo.example.net               2   6   377    34   +484us[ -157us] +/-   30ms
+^- bar.example.net               2   6   377    34    +33ms[  +32ms] +/-   47ms
+^+ baz.example.net               3   6   377    35  -1397us[-2033us] +/-   60ms
+----
+
+=== Are NTP servers specified with the `offline` option?
+
+Check that you're using ``chronyc``'s `online` and `offline` commands
+appropriately. Again, check in _measurements.log_ to see if you're getting any
+data back from the server.
+
+=== Is `chronyd` allowed to step the system clock?
+
+By default, `chronyd` adjusts the clock gradually by slowing it down or
+speeding it up. If the clock is too far from the true time, it will take
+a long time to correct the error. The `System time` value printed by the
+``chronyc``'s `tracking` command is the remaining correction that needs to be
+applied to the system clock.
+
+The `makestep` directive can be used to allow `chronyd` to step the clock. For
+example, if _chrony.conf_ had
+
+----
+makestep 1 3
+----
+
+the clock would be stepped in the first three updates if its offset was larger
+than one second. Normally, it's recommended to allow the step only in the first
+few updates, but in some cases (e.g. a computer without an RTC or virtual
+machine which can be suspended and resumed with an incorrect time) it may be
+necessary to allow the step on any clock update. The example above would change
+to
+
+----
+makestep 1 -1
+----
+
+== Issues with `chronyc`
+
+=== I keep getting the error `506 Cannot talk to daemon`
+
+When accessing `chronyd` remotely, make sure that the _chrony.conf_ file (on
+the computer where `chronyd` is running) has a `cmdallow` entry for the
+computer you are running `chronyc` on and an appropriate `bindcmdaddress`
+directive. This isn't necessary for localhost.
+
+Perhaps `chronyd` is not running. Try using the `ps` command (e.g. on Linux,
+`ps -auxw`) to see if it's running. Or try `netstat -a` and see if the ports
+123/udp and 323/udp are listening. If `chronyd` is not running, you may have a
+problem with the way you are trying to start it (e.g. at boot time).
+
+Perhaps you have a firewall set up in a way that blocks packets on port
+323/udp. You need to amend the firewall configuration in this case.
+
+=== I keep getting the error `501 Not authorised`
+
+Since version 2.2, the `password` command doesn't do anything and `chronyc`
+needs to run locally under the root or _chrony_ user, which are allowed to
+access the ``chronyd``'s Unix domain command socket.
+
+With older versions, you need to authenticate with the `password` command first
+or use the `-a` option to authenticate automatically on start. The
+configuration file needs to specify a file which contains keys (`keyfile`
+directive) and which key in the key file should be used for `chronyc`
+authentication (`commandkey` directive).
+
+=== Why does `chronyc tracking` always print an IPv4 address as reference ID?
+
+The reference ID is a 32-bit value and in versions before 3.0 it was printed in
+quad-dotted notation, even if the reference source did not actually have an
+IPv4 address. For IPv4 addresses, the reference ID is equal to the address, but
+for IPv6 addresses it is the first 32 bits of the MD5 sum of the address. For
+reference clocks, the reference ID is the value specified with the `refid`
+option in the `refclock` directive.
+
+Since version 3.0, the reference ID is printed as a hexadecimal number to avoid
+confusion with IPv4 addresses.
+
+If you need to get the IP address of the current reference source, use the `-n`
+option to disable resolving of IP addresses and read the second field (printed
+in parentheses) on the `Reference ID` line.
+
+=== Is the `chronyc` / `chronyd` protocol documented anywhere?
+
+Only by the source code. See _cmdmon.c_ (`chronyd` side) and _client.c_
+(`chronyc` side).
+
+== Real-time clock issues
+
+=== What is the real-time clock (RTC)?
+
+This is the clock which keeps the time even when your computer is turned off.
+It is used to initialize the system clock on boot. It normally doesn't drift
+more than few seconds per day.
+
+There are two approaches how `chronyd` can work with it. One is to use the
+`rtcsync` directive, which tells `chronyd` to enable a kernel mode which sets
+the RTC from the system clock every 11 minutes. `chronyd` itself won't touch
+the RTC. If the computer is not turned off for a long time, the RTC should
+still be close to the true time when the system clock will be initialized from
+it on the next boot.
+
+The other option is to use the `rtcfile` directive, which tells `chronyd` to
+monitor the rate at which the RTC gains or loses time. When `chronyd` is
+started with the `-s` option on the next boot, it will set the system time from
+the RTC and also compensate for the drift it has measured previously. The
+`rtcautotrim` directive can be used to keep the RTC close to the true time, but
+it's not strictly necessary if its only purpose is to set the system clock when
+`chronyd` is started on boot. See the documentation for details.
+
+=== I want to use ``chronyd``'s RTC support. Must I disable `hwclock`?
+
+The `hwclock` program is often set-up by default in the boot and shutdown
+scripts with many Linux installations. With the kernel RTC synchronisation
+(`rtcsync` directive), the RTC will be set also every 11 minutes as long as the
+system clock is synchronised. If you want to use ``chronyd``'s RTC monitoring
+(`rtcfile` directive), it's important to disable `hwclock` in the shutdown
+procedure. If you don't, it will over-write the RTC with a new value, unknown
+to `chronyd`. At the next reboot, `chronyd` started with the `-s` option will
+compensate this (wrong) time with its estimate of how far the RTC has drifted
+whilst the power was off, giving a meaningless initial system time.
+
+There is no need to remove `hwclock` from the boot process, as long as `chronyd`
+is started after it has run.
+
+=== I just keep getting the `513 RTC driver not running` message
+
+For the real-time clock support to work, you need the following three
+things
+
+* an RTC in your computer
+* a Linux kernel with enabled RTC support
+* an `rtcfile` directive in your _chrony.conf_ file
+
+=== I get `Could not open /dev/rtc, Device or resource busy` in my syslog file
+
+Some other program running on the system may be using the device.
+
+== NTP-specific issues
+
+=== Can `chronyd` be driven from broadcast NTP servers?
+
+No, the broadcast client mode is not supported and there is currently no plan
+to implement it. The broadcast and multicast modes are inherently less
+accurate and less secure (even with authentication) than the ordinary
+server/client mode and they are not as useful as they used to be. Even with
+very modest hardware a single NTP server can serve time to hundreds of
+thousands of clients using the ordinary mode.
+
+=== Can `chronyd` transmit broadcast NTP packets?
+
+Yes, the `broadcast` directive can be used to enable the broadcast server mode
+to serve time to clients in the network which support the broadcast client mode
+(it's not supported in `chronyd`, see the previous question).
+
+=== Can `chronyd` keep the system clock a fixed offset away from real time?
+
+Yes. Starting from version 3.0, an offset can be specified by the `offset`
+option for all time sources in the _chrony.conf_ file.
+
+=== What happens if the network connection is dropped without using ``chronyc``'s `offline` command first?
+
+`chronyd` will keep trying to access the server(s) that it thinks are online.
+When the network is connected again, it will take some time (on average half of
+the maximum polling interval) before new measurements are made and the clock is
+corrected. If the servers were set to offline and the `online` command was
+issued when the network was connected, `chronyd` would make new measurements
+immediately.
+
+The `auto_offline` option to the `server` entry in the _chrony.conf_ file may
+be useful to switch the servers to the offline state automatically.
+
+== Operating systems
+
+=== Does `chrony` support Windows?
+
+No. The `chronyc` program (the command-line client used for configuring
+`chronyd` while it is running) has been successfully built and run under
+Cygwin in the past. `chronyd` is not portable, because part of it is
+very system-dependent. It needs adapting to work with Windows'
+equivalent of the adjtimex() call, and it needs to be made to work as a
+service.
+
+=== Are there any plans to support Windows?
+
+We have no plans to do this. Anyone is welcome to pick this work up and
+contribute it back to the project.

doc/installation.adoc

@@ -0,0 +1,189 @@
+// This file is part of chrony
+//
+// Copyright (C) Richard P. Curnow  1997-2003
+// Copyright (C) Miroslav Lichvar  2009-2016
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of version 2 of the GNU General Public License as
+// published by the Free Software Foundation.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+= Installation
+
+The software is distributed as source code which has to be compiled. The source
+code is supplied in the form of a gzipped tar file, which unpacks to a
+subdirectory identifying the name and version of the program.
+
+After unpacking the source code, change directory into it, and type
+
+----
+./configure
+----
+
+This is a shell script that automatically determines the system type. There is
+a single optional parameter, `--prefix` which indicates the directory tree
+where the software should be installed. For example,
+
+----
+./configure --prefix=/opt/free
+----
+
+will install the `chronyd` daemon into `/opt/free/sbin` and the `chronyc`
+control program into `/opt/free/bin`. The default value for the prefix is
+`/usr/local`.
+
+The configure script assumes you want to use gcc as your compiler. If you want
+to use a different compiler, you can configure this way:
+
+----
+CC=cc CFLAGS=-O ./configure --prefix=/opt/free
+----
+
+for Bourne-family shells, or
+
+----
+setenv CC cc
+setenv CFLAGS -O
+./configure --prefix=/opt/free
+----
+
+for C-family shells.
+
+If the software cannot (yet) be built on your system, an error message will be
+shown. Otherwise, `Makefile` will be generated.
+
+On Linux, if development files for the libcap library are available, `chronyd`
+will be built with support for dropping root privileges. On other systems no
+extra library is needed. The default user which `chronyd` should run as can be
+specified with the `--with-user` option of the configure script.
+
+If development files for the editline or readline library are available,
+`chronyc` will be built with line editing support. If you don't want this,
+specify the `--disable-readline` flag to configure.
+
+If a `timepps.h` header is available (e.g. from the
+http://linuxpps.org[LinuxPPS project]), `chronyd` will be built with PPS API
+reference clock driver. If the header is installed in a location that isn't
+normally searched by the compiler, you can add it to the searched locations by
+setting the `CPPFLAGS` variable to `-I/path/to/timepps`.
+
+Now type
+
+----
+make
+----
+
+to build the programs.
+
+If you want to build the manual in HTML, type
+
+----
+make docs
+----
+
+Once the programs have been successfully compiled, they need to be installed in
+their target locations. This step normally needs to be performed by the
+superuser, and requires the following command to be entered.
+
+----
+make install
+----
+
+This will install the binaries and man pages.
+
+To install the HTML version of the manual, enter the command
+
+----
+make install-docs
+----
+
+Now that the software is successfully installed, the next step is to set up a
+configuration file. The default location of the file is _/etc/chrony.conf_.
+Several examples of configuration with comments are included in the examples
+directory. Suppose you want to use public NTP servers from the pool.ntp.org
+project as your time reference. A minimal useful configuration file could be
+
+----
+pool pool.ntp.org iburst
+makestep 1.0 3
+rtcsync
+----
+
+Then, `chronyd` can be run. For security reasons, it's recommended to create an
+unprivileged user for `chronyd` and specify it with the `-u` command-line
+option or the `user` directive in the configuration file, or set the default
+user with the `--with-user` configure option before building.
+
+== Support for line editing libraries
+
+`chronyc` can be built with support for line editing, this allows you to use
+the cursor keys to replay and edit old commands. Two libraries are supported
+which provide such functionality, editline and GNU readline.
+
+Please note that readline since version 6.0 is licensed under GPLv3+ which is
+incompatible with chrony's license GPLv2. You should use editline instead if
+you don't want to use older readline versions.
+
+The configure script will automatically enable the line editing support if one
+of the supported libraries is available. If they are both available, the
+editline library will be used.
+
+If you don't want to use it (in which case chronyc will use a minimal command
+line interface), invoke configure like this:
+
+----
+./configure --disable-readline other-options...
+----
+
+If you have editline, readline or ncurses installed in locations that aren't
+normally searched by the compiler and linker, you need to use extra options:
+
+`--with-readline-includes=directory_name`::
+  This defines the name of the directory above the one where `readline.h` is.
+  `readline.h` is assumed to be in `editline` or `readline` subdirectory of the
+  named directory.
+
+`--with-readline-library=directory_name`::
+  This defines the directory containing the `libedit.a` or `libedit.so` file,
+  or `libreadline.a` or `libreadline.so` file.
+
+`--with-ncurses-library=directory_name`::
+  This defines the directory containing the `libncurses.a` or `libncurses.so`
+  file.
+
+== Extra options for package builders
+
+The configure and make procedures have some extra options that may be useful if
+you are building a distribution package for chrony.
+
+The `--mandir=DIR` option to configure specifies an install directory for the
+man pages. This overrides the `man` subdirectory of the argument to the
+--prefix option.
+
+----
+./configure --prefix=/usr --mandir=/usr/share/man
+----
+
+to set both options together.
+
+The final option is the `DESTDIR` option to the make command. For example, you
+could use the commands
+
+----
+./configure --prefix=/usr --mandir=/usr/share/man
+make all docs
+make install DESTDIR=./tmp
+cd tmp
+tar cvf - . | gzip -9 > chrony.tar.gz
+----
+
+to build a package. When untarred within the root directory, this will install
+the files to the intended final locations.

examples/chrony-wait.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Wait for chrony to synchronize system clock
+After=chronyd.service
+Requires=chronyd.service
+Before=time-sync.target
+Wants=time-sync.target
+
+[Service]
+Type=oneshot
+# Wait up to ~10 minutes for chronyd to synchronize and the remaining
+# clock correction to be less than 0.1 seconds
+ExecStart=/usr/bin/chronyc -h 127.0.0.1,::1 waitsync 600 0.1 0.0 1
+RemainAfterExit=yes
+StandardOutput=null
+
+[Install]
+WantedBy=multi-user.target

examples/chrony.conf.example1

@@ -0,0 +1,12 @@
+# Use public NTP servers from the pool.ntp.org project.
+pool pool.ntp.org iburst
+
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+
+# In first three updates step the system clock instead of slew
+# if the adjustment is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync

examples/chrony.conf.example2

@@ -1,46 +1,28 @@
 # Use public servers from the pool.ntp.org project.
 # Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server 0.pool.ntp.org iburst
-server 1.pool.ntp.org iburst
-server 2.pool.ntp.org iburst
-server 3.pool.ntp.org iburst
-
-# Ignore stratum in source selection.
-stratumweight 0
+pool pool.ntp.org iburst
 
 # Record the rate at which the system clock gains/losses time.
 driftfile /var/lib/chrony/drift
 
-# Enable kernel RTC synchronization.
-rtcsync
-
 # In first three updates step the system clock instead of slew
-# if the adjustment is larger than 10 seconds.
-makestep 10 3
+# if the adjustment is larger than 1 second.
+makestep 1.0 3
+
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
 
 # Allow NTP client access from local network.
 #allow 192.168/16
 
-# Listen for commands only on localhost.
-bindcmdaddress 127.0.0.1
-bindcmdaddress ::1
-
 # Serve time even if not synchronized to any NTP server.
 #local stratum 10
 
-keyfile /etc/chrony.keys
-
-# Specify the key used as password for chronyc.
-commandkey 1
-
-# Generate command key if missing.
-generatecommandkey
-
-# Disable logging of client accesses.
-noclientlog
-
-# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
-logchange 0.5
+# Specify file containing keys for NTP authentication.
+#keyfile /etc/chrony.keys
 
+# Specify directory for log files.
 logdir /var/log/chrony
+
+# Select which information is logged.
 #log measurements statistics tracking

examples/chrony.conf.example3

@@ -5,22 +5,6 @@
 # want to enable.  The more obscure options are not included.  Refer
 # to the documentation for these.
 #
-# Copyright 2002 Richard P. Curnow
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of version 2 of the GNU General Public License as
-# published by the Free Software Foundation.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-# 
-#
 #######################################################################
 ### COMMENTS
 # Any of the following lines are comments (you have a choice of
@@ -43,25 +27,29 @@
 # you can access at http://support.ntp.org/bin/view/Servers/WebHome or
 # you can use servers from the pool.ntp.org project.
 
-! server 0.pool.ntp.org iburst
-! server 1.pool.ntp.org iburst
-! server 2.pool.ntp.org iburst
+! server foo.example.net iburst
+! server bar.example.net iburst
+! server baz.example.net iburst
+
+! pool pool.ntp.org iburst
  
 # However, for dial-up use you probably want these instead.  The word
 # 'offline' means that the server is not visible at boot time.  Use
 # chronyc's 'online' command to tell chronyd that these servers have
 # become visible after you go on-line.
 
-! server 0.pool.ntp.org offline
-! server 1.pool.ntp.org offline
-! server 2.pool.ntp.org offline
+! server foo.example.net offline
+! server bar.example.net offline
+! server baz.example.net offline
+
+! pool pool.ntp.org offline
 
 # You may want to specify NTP 'peers' instead.  If you run a network
 # with a lot of computers and want several computers running chrony to
 # have the 'front-line' interface to the public NTP servers, you can
 # 'peer' these machines together to increase robustness.
 
-! peer ntp0.my-company.com
+! peer foo.example.net
 
 # There are other options to the 'server' and 'peer' directives that you
 # might want to use.  For example, you can ignore measurements whose
@@ -91,20 +79,10 @@
 
 driftfile /var/lib/chrony/drift
 
-# If you want to use the program called chronyc to configure aspects of
-# chronyd's operation once it is running (e.g. tell it the Internet link
-# has gone up or down), you need a password.  This is stored in the
-# following keys file.  (You also need keys to support authenticated NTP
-# exchanges between cooperating machines.)  Again, this option is
-# assumed by default.
+# If you want to enable NTP authentication with symmetric keys, you will need
+# to uncomment the following line and edit the file to set up the keys.
 
-keyfile /etc/chrony.keys
-
-# Tell chronyd which numbered key in the file is used as the password
-# for chronyc. (You can pick any integer up to 2**32-1.  '1' is just a
-# default.  Using another value will _NOT_ increase security.)
-
-commandkey 1
+! keyfile /etc/chrony.keys
 
 # chronyd can save the measurement history for the servers to files when
 # it it exits.  This is useful in 2 situations:
@@ -134,15 +112,15 @@ commandkey 1
 #######################################################################
 ### INITIAL CLOCK CORRECTION
 # This option is useful to quickly correct the clock on start if it's
-# off by a large amount.  The value '10' means that if the error is less
-# than 10 seconds, it will be gradually removed by speeding up or
-# slowing down your computer's clock until it is correct.  If the error
-# is above 10 seconds, an immediate time jump will be applied to correct
-# it.  The value '1' means the step is allowed only on the first update
-# of the clock.  Some software can get upset if the system clock jumps
+# off by a large amount.  The value '1.0' means that if the error is less
+# than 1 second, it will be gradually removed by speeding up or slowing
+# down your computer's clock until it is correct.  If the error is above
+# 1 second, an immediate time jump will be applied to correct it.  The
+# value '3' means the step is allowed only in the first three updates of
+# the clock.  Some software can get upset if the system clock jumps
 # (especially backwards), so be careful!
 
-! makestep 10 1
+! makestep 1.0 3
 
 #######################################################################
 ### LOGGING
@@ -213,6 +191,13 @@ commandkey 1
 
 ! clientloglimit 4194304
 
+# By default, chronyd tries to respond to all valid NTP requests from
+# allowed addresses.  If you want to limit the response rate for NTP
+# clients that are sending requests too frequently, uncomment and edit
+# the following line.
+
+! limitrate interval 3 burst 8
+
 #######################################################################
 ### REPORTING BIG CLOCK CHANGES
 # Perhaps you want to know if chronyd suddenly detects any large error
@@ -230,13 +215,19 @@ commandkey 1
 # several people, you need to set up a mailing list or sendmail alias
 # for them and use the address of that.)
 
-! mailonchange wibble@foobar.org 0.5
+! mailonchange wibble@foo.example.net 0.5
 
 #######################################################################
 ### COMMAND ACCESS
 # The program chronyc is used to show the current operation of chronyd
 # and to change parts of its configuration whilst it is running.
 
+# By default chronyd binds to the loopback interface.  Uncomment the
+# following lines to allow receiving command packets from remote hosts.
+
+! bindcmdaddress 0.0.0.0
+! bindcmdaddress ::
+
 # Normally, chronyd will only allow connections from chronyc on the same
 # machine as itself.  This is for security.  If you have a subnet
 # 192.168.*.* and you want to be able to use chronyc from any machine on
@@ -249,10 +240,10 @@ commandkey 1
 # syntax and meaning is the same as for 'allow' and 'deny', except that
 # 'cmdallow' and 'cmddeny' control access to the chronyd's command port.
 
-# NOTE, even if the host where you run chronyc is granted access, you
-# still need a command key set up and you have to know the password to
-# put into chronyc to allow you to modify chronyd's parameters.  By
-# default all you can do is view information about chronyd's operation.
+# Rate limiting can be enabled also for command packets.  (Note,
+# commands from localhost are never limited.)
+
+! cmdratelimit interval 1 burst 16
 
 #######################################################################
 ### REAL TIME CLOCK

examples/chrony.keys.example

@@ -1,29 +1,12 @@
-#######################################################################
+# This is an example chrony keys file.  It is used for NTP authentication with
+# symmetric keys.  It should be readable only by root or the user to which
+# chronyd is configured to switch to after start.
 #
-# This is an example chrony keys file.  You should copy it to /etc/chrony.keys
-# after editing it to set up the key(s) you want to use.  It should be readable
-# only by root or the user chronyd drops the root privileges to.  In most
-# situations, you will require a single key (the 'commandkey') so that you can
-# supply a password to chronyc to enable you to modify chronyd's operation
-# whilst it is running.
-#
-# Copyright 2002 Richard P. Curnow
-#
-######################################################################
+# Don't use the example keys!  It's recommended to generate random keys using
+# the chronyc keygen command.
 
 # Examples of valid keys:
 
-#1 ALongAndRandomPassword
-#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC
-#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C
-
-# The keys should be random for maximum security.  If you wanted to use a key
-# with ID 1 as your commandkey (i.e. chronyc password) you would put
-# "commandkey 1" into chrony.conf.  If no commandkey is present in the keys
-# file and the generatecommandkey directive is specified in chrony.conf,
-# a random commandkey will be generated and added to the keys file
-# automatically on chronyd start.
-
-# You might want to define more keys if you use the authentication facility
-# in the network time protocol to authenticate request/response packets between
-# trusted clients and servers.
+#1 MD5 AVeryLongAndRandomPassword
+#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
+#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995

examples/chrony.logrotate

@@ -0,0 +1,8 @@
+/var/log/chrony/*.log {
+    missingok
+    nocreate
+    sharedscripts
+    postrotate
+        /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true
+    endscript
+}

examples/chrony.nm-dispatcher

@@ -0,0 +1,17 @@
+#!/bin/sh
+# This is a NetworkManager dispatcher script for chronyd to set its NTP sources
+# online/offline when a default route is configured/removed on the system.
+
+export LC_ALL=C
+
+if [ "$2" = "up" ]; then
+	/sbin/ip route list dev "$1" | grep -q '^default' &&
+		/usr/bin/chronyc online > /dev/null 2>&1
+fi
+
+if [ "$2" = "down" ]; then
+	/sbin/ip route list | grep -q '^default' ||
+		/usr/bin/chronyc offline > /dev/null 2>&1
+fi
+
+exit 0

examples/chrony.spec

@@ -10,7 +10,6 @@ Source: chrony-%{version}%{?prerelease:-%{prerelease}}.tar.gz
 License: GPLv2
 Group: Applications/Utilities
 BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(id -u -n)
-Requires: info
 
 %description
 chrony is a client and server for the Network Time Protocol (NTP).
@@ -28,30 +27,20 @@ manual input as time references.
 	--prefix=%{_prefix} \
 	--bindir=%{_bindir} \
 	--sbindir=%{_sbindir} \
-	--infodir=%{_infodir} \
 	--mandir=%{_mandir}
 make
-make chrony.txt
-make chrony.info
 
 %install
 rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
-rm -rf $RPM_BUILD_ROOT%{_docdir}
-mkdir -p $RPM_BUILD_ROOT%{_infodir}
-cp chrony.info* $RPM_BUILD_ROOT%{_infodir}
 
 %files
 %{_sbindir}/chronyd
 %{_bindir}/chronyc
-%{_infodir}/chrony.info*
-%{_mandir}/man1/chrony.1.gz
 %{_mandir}/man1/chronyc.1.gz
 %{_mandir}/man5/chrony.conf.5.gz
 %{_mandir}/man8/chronyd.8.gz
-%doc README
-%doc chrony.txt
-%doc COPYING
+%doc README FAQ NEWS COPYING
 %doc examples/chrony.conf.example*
 %doc examples/chrony.keys.example
 

examples/chronyd.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=NTP client/server
+After=ntpdate.service sntp.service ntpd.service
+Conflicts=ntpd.service systemd-timesyncd.service
+
+[Service]
+Type=forking
+PIDFile=/var/run/chronyd.pid
+EnvironmentFile=-/etc/sysconfig/chronyd
+ExecStart=/usr/sbin/chronyd $OPTIONS
+
+[Install]
+WantedBy=multi-user.target

faq.txt

@@ -1,286 +0,0 @@
-@@PROLOGUE
-<html>
-<head>
-<title>Frequently asked questions</title>
-<meta name="description" content="Chrony FAQ (frequently asked questions)">
-<meta name="keywords" content="chrony,network time protocol,NTP,RFC 1305,dial-up connection,real time clock,RTC,Linux,FAQ,frequently asked questns">
-<?php
-  $root = ".";
-  include "$root/styles.php";
-?>
-</head>
-
-<body>
-<?php
-  include 'main_banner.php';
-  include 'header.php';
-?>
-<?php pretty_h1("Introduction") ?>
-<p>
-This is a set of questions and answers to common problems and issues.
-<p>
-As we receive more emails about the software, we will add new questions
-to this page.
-<hr>
-<p>
-The developers can be reached via the chrony-dev mailing list.  See 
-<a href="#question_1.4">question 1.4.</a> for details.
-<hr>
-
-<br clear=all>
-@@ENDPROLOGUE
-S: Administrative issues
-
-Q: Where can I get chrony source code?
-Tarballs are available via the <b>Download</b> link on the Chrony
-Web site.  For the current development from the developers' version control
-system see the <b>Git</b> link on the Web site.
-
-Q: Are there any packaged versions of chrony?
-We are aware of packages for Debian, Fedora, Gentoo, Mandriva, Slackware,
-and Ubuntu.  We are not involved with how these are built or distributed.
-
-Q: Where is the home page?
-It is currently at <a href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org/</a>. 
-
-Q: Is there a mailing list?
-Yes, it's currently at chrony-users@chrony.tuxfamily.org. There is a low-volume
-list called chrony-announce which is just for announcements of new releases or
-similar matters of high importance.  You can join the lists by sending a
-message with the subject subscribe to <a href="mailto:chrony-users-request@chrony.tuxfamily.org">chrony-users-request@chrony.tuxfamily.org</a> or
-<a href="mailto:chrony-announce-request@chrony.tuxfamily.org">chrony-announce-request@chrony.tuxfamily.org</a> respectively.
-
-For those who want to contribute to the development of chrony, there is a
-developers' mailing list.  You can subscribe by sending mail with the
-subject subscribe to
-<a href="mailto:chrony-dev-request@chrony.tuxfamily.org">chrony-dev-request@chrony.tuxfamily.org</a>.
-
-Q: What licence is applied to chrony?
-Starting from version 1.15, chrony is licensed under the GNU General Public
-License, Version 2.  Versions prior to 1.15 were licensed under a custom BSD-like
-license.
-
-S: Chrony compared to other programs
-Q: How does chrony compare to xntpd?
-If your computer is permenently connected, or connected for long periods (that
-is, for the several hours it takes xntpd to settle down), or you need to
-support hardware reference clocks to your computer, then xntpd will work fine.
-Apart from not supporting hardware clocks, chrony will work fine too.
-
-If your computer connects to the 'net for 5 minutes once a day (or something
-like that), or you turn your Linux computer off when you're not using
-it, or you want to use NTP on an isolated network with no hardware clocks in
-sight, chrony will work much better for you.
-
-The reason I wrote chrony was that I could not get xntpd to do
-anything sensible on my PC at home, which is connected to the 'net for
-about 5 minutes once or twice a day, mainly to upload/download email
-and news.  Nowadays it is also turned off for 22-23 hours a day, when
-not in use.  I wanted a program which would :
-
-- slew the time to correct it when I go online and NTP servers become visible
-
-- determine the rate at which the computer gains or loses time and use this
-  information to keep it reasonably correct between connects to the 'net.  This
-  has to be done using a method that does not care about the intermittent
-  availability of the references or the fact the computer is turned off between
-  groups of measurements..
-
-- maintain the time across reboots, by working out the error and drift rate of
-  the computer's real-time clock and using this information to set the system
-  clock correctly at boot up. (In the last few months, it became impossible for
-  me to leave my computer powered permanently.)
-
-Also, when working with isolated networks with no true time references
-at all, I found xntpd gave me no help with managing the local clock's
-gain/loss rate on the NTP master node (which I set from my watch).  I
-added some automated support in chrony to deal with this.
-
-S: Selection of NTP servers
-Q: I have several computers on a LAN.  Should I make one the master, or make them all clients of an external server?
-I think the best configuration is to make one computer the master, with the
-others as clients of it.  Add a 'local' directive to the master's chrony.conf
-file.  This configuration will be better because
-
-* the load on the external connection is less
-* the load on the external NTP server(s) is less
-* if your external connection goes down, the computers on the LAN will maintain
-  a common time with each other.
-
-S: Addressing issues
-Q: I get the following error message : "Could not get IP adress for localhost"
-Add a line like the following to your /etc/hosts file
-    127.0.0.1   localhost
-
-Q: I have problems if I put the names of my NTP servers in the chrony.conf file.
-If you have no connection to the Internet at boot time, chrony won't be able to
-turn the names into IP addresses when it starts.  There seem to be 2 solutions:
-
-1. Put the numeric IP addresses in the chrony.conf file
-or
-2. Put the server->IP address mappings in your /etc/hosts file and ensure that
-   /etc/host.conf reads 'order hosts,bind'.
-
-The problem is that chronyd (currently) isn't designed in a way that allows
-hostname->IP address lookups during normal operation.  I hope to work on this
-problem very soon.
-
-S: My computer is not synchronising.
-This is the most common problem.  There are a number of reasons, see the
-following questions.
-
-Q: Behind a firewall?
-If there is a firewall between you and the NTP server you're trying to use,
-the packets may be blocked.  Try using a tool like etherfind or tcpdump to see
-if you're getting responses from the server.  If you have an external modem,
-see if the receive light blinks straight after the transmit light (when the
-link is quiet apart from the NTP traffic.)  Try adding 'log measurements' to
-the chrony.conf file and look in the measurements.log file after chrony has
-been running for a short period.  See if any measurements appear.
-
-Most people run chronyd on the firewall itself, to avoid all issues of UDP
-packet forwarding and/or masquerading.
-
-Q: Do you have a non-permanant (i.e. intermittent) Internet connection?
-Check that you're using chronyc's 'online' and 'offline' commands
-appropriately.  Again, check in measurements.log to see if you're getting any
-data back from the server.
-
-Q: In measurements.log, do the '7' and '8' flag columns always show zero?
-Do you have a 'local stratum X' directive in the chrony.conf file?  If X is
-lower than the stratum of the server you're trying to use, this situation will
-arise.  You should always make X quite high (e.g. 10) in this directive.
-
-S: Issues with chronyc
-
-Q: I keep getting the error '506 Cannot talk to daemon'.
-Make sure that the chrony.conf file (on the computer where chronyd is running)
-has a 'cmdallow' entry for the computer you are running chronyc on.  This
-isn't necessary for localhost.
-
-Perhaps chronyd is not running.  Try using the ps command (e.g. on Linux, 'ps
--auxw') to see if it's running.  Or try 'netstat -a' and see if the ports
-123/udp and 323/udp are listening.  If chronyd is not running, you may have a
-problem with the way you are trying to start it (e.g. at boot time).
-
-Perhaps you have a firewall set up in a way that blocks packets on port
-323/udp.  You need to amend the firewall configuration in this case.
-
-Q: Is the chronyc&lt;-&gt;chronyd protocol documented anywhere?
-Only by the source code :-)  See cmdmon.c (chronyd side) and client.c (chronyc
-side).
-
-S: Real-time clock issues.
-Q: What is the real-time clock (RTC)?
-This is the clock which keeps the time even when your computer is turned off.
-It works with 1 second resolution.   chronyd can monitor the rate at which the
-real-time clock gains or loses time, and compensate for it when you set the
-system time from it at the next reboot.  See the documentation for details.
-
-Q: I want to use chronyd's real-time clock support.  Must I disable hwclock?
-The hwclock program is often set-up by default in the boot and shutdown scripts
-with many Linux installations.  If you want to use chronyd's real-time clock
-support, the important thing is to disable hwclock in the <b>shutdown</b>
-procedure.  If you don't, it will over-write the RTC with a new value, unknown
-to chronyd.  At the next reboot, chronyd will compensate this (wrong) time with
-its estimate of how far the RTC has drifted whilst the power was off, giving a
-meaningless initial system time.
-
-There is no need to remove hwclock from the boot process, as long as chronyd is
-started after it has run.
-
-Q: I just keep getting the '513 RTC driver not running' message
-For the real time clock support to work, you need the following three things:
-                                                                                                                                    
-* a kernel that is supported (e.g. 2.2 onwards)                                                                                     
-* enhanced RTC support compiled into the kernel                                                                                     
-* an 'rtcfile' directive in your chrony.conf file.                                                                                  
-
-S: Microsoft Windows
-
-Q: Does chrony support Windows?
-No.  The chronyc program (the command-line client used for configuring
-chronyd while it is running) has been successfully built and run under Cygwin
-in the past.  chronyd is not portable, because part of it is very
-system-dependent.  It needs adapting to work with Windows' equivalent of the
-adjtimex() call, and it needs to be made to work as an NT service.
-
-Q: Are there any plans to support Windows?
-We have no plans to do this.  Anyone is welcome to pick this work up and
-contribute it back to the project.
-
-Q: What alternative NTP clients are there for Windows?
-Some of the names we've seen mentioned are 
-   - Automachron
-   - NetTime (nettime.sourceforge.net)
-
-S: NTP-specific issues
-Q: Can chrony be driven from broadcast NTP servers?
-No.  I remember looking at how they worked when I was first writing chrony.
-Since the 'target market' then was dial-up systems, broadcast packets were not
-relevant so I didn't bother working out how to deal with the complexities of
-doing the delay estimation.
-
-I no longer have root access to a LAN environment to develop and test broadcast
-server support.  Neither have I the time to work on this.  I would be very
-happy to accept a patch from anyone who can develop, test and debug the
-necessary changes!
-
-Q: Can chronyd transmit broadcast NTP packets (e.g. to synchronise other computers on a private LAN)?
-Yes.  Starting from version 1.17, chrony has this capability.
-
-Q: Can chrony keep the system clock a fixed offset away from real time?
-I have not experimented much, but I don't believe this would be possible as
-the program currently stands.
-
-Q: What happens if the network connection is dropped without using chronyc's 'offline' command first?
-In this case chronyd will keep trying to access the server(s) that it thinks
-are online.  Eventually it will decide that they are unreachable and no longer
-consider itself synchronised to them.  If you have other computers on your LAN
-accessing the computer that is affected this way, they too will become
-'unsynchronised', unless you have the 'local' directive set up on the master
-computer.
-
-The 'auto_offline' option to the 'server' entry in the chrony.conf file may be
-useful to avoid this situation.
-
-S: Development
-
-Q: Can I get the source via git from anywhere?
-Yes.  See the Git link at <a
-href="http://chrony.tuxfamily.org/">http://chrony.tuxfamily.org</a> for
-information.
-
-S: Linux-specific issues
-
-Q: Why does the source code include kernel header files?
-The program needs to see the definitions of structures used to interact with
-the real time clock (via /dev/rtc) and with the adjtimex() system call.  Sadly
-this has led to a number of compilation problems with newer kernels which have
-been increasingly hard to fix in a way that makes the code compilable on all
-Linux kernel versions.  Hopefully
-the situation will not deteriorate further with future kernel versions.
-
-Q: I get "Could not open /dev/rtc, Device or resource busy" in my syslog file.
-Check that you haven't accidentally got two copies of chronyd running (perhaps
-defined in different start-up scripts.)
-
-S: Solaris-specific issues
-Q: On Solaris 2.8, I get an error message about not being able to open kvm to change dosynctodr.
-(The dosynctodr variable controls whether Solaris couples the equivalent of its
-BIOS clock into its system clock at regular intervals).  The Solaris port of
-chrony was developed in the Solaris 2.5 era.  Some aspect of the Solaris kernel
-has changed which prevents the same technique working.  I no longer have root
-access to any Solaris machines to work on this, and am reliant on somebody
-developing the patch and testing it.  A good starting point would be to see if
-xntpd has been modified to work for Solaris 2.8.
-
-@@EPILOGUE
-<hr>
-
-Back to
-<a href="mailto:rc@rc0.org.uk?subject=chrony">the author</a>'s
-<a href="http://www.rc0.org.uk/">main page</a>
-</body>
-</html>
-@@ENDEPILOGUE

faqgen.pl

@@ -1,140 +0,0 @@
-#!/usr/bin/env perl
-
-# $Header
-
-# Copyright 2001 Richard P. Curnow
-# LICENCE
-
-# A script to generate an HTML FAQ page from a text input file.  The input is assumed to consist of the following:
-# Lines starting with 'S:'.  These introduce sections.
-# Lines starting with 'Q:'.  These are the topics of questions.
-# Body text (either as an introduction to the sections, or as answers to the questions.
-# The body text is set as pre-formatted.
-
-$| = 1;
-
-@prologue = ();
-@epilogue = ();
-
-@sections=();  # section titles
-@sect_text=(); # introductory text in sections
-
-@questions=(); # questions in sections
-@answers=();   # answers to questions
-
-$sn = -1;
-$had_q = 0;
-
-#{{{ Parse input 
-while (<>) {
-    if (m/\@\@PROLOG/o) {
-        while (<>) {
-            last if (m/^\@\@ENDPROLOG/);
-            push (@prologue, $_);
-        }
-    } elsif (m/\@\@EPILOG/o) {
-        while (<>) {
-            last if (m/^\@\@ENDEPILOG/);
-            push (@epilogue, $_);
-        }
-    } elsif (m/^[sS]:[ \t]*(.*)$/) {
-        chomp;
-        $qn = -1;
-        ++$sn;
-        $sections[$sn] = &guard($1);
-        $sect_text[$sn] = "";
-        $questions[$sn] = [ ];
-        $answers[$sn] = [ ];
-        $had_q = 0;
-    } elsif (/^[qQ]:[ \t]*(.*)$/) {
-        chomp;
-        die unless ($sn >= 0);
-        ++$qn;
-        $questions[$sn]->[$qn] = &guard($1);
-        $had_q = 1;
-    } else {
-        if ($had_q) {
-            if ($qn >= 0) {
-                $answers[$sn]->[$qn] .= $_;
-            }
-        } else {
-            if ($sect_text[$sn] ne "" || $_ !~ /^\s*$/) {
-                $sect_text[$sn] .= $_;
-            }
-        }
-    }
-}
-#}}}
-
-# Emit file header
-if ($#prologue >= 0) {
-    print @prologue;
-} else {
-print <<EOF;
-<html>
-<head>
-<title>
-Chrony Frequently Asked Questions
-</title>
-</head>
-<body>
-<font face=\"arial,helvetica\" size=+4><b>Table of contents</b></font>
-EOF
-}
-
-# Emit table of contents
-print "<ul>\n";
-for $sn (0 .. $#sections) {
-    print "<b><li> <a href=\"#section_".($sn+1)."\">".($sn+1).".</a> ".$sections[$sn]."</b>\n";
-    print "  <ul>\n";
-    for $qn (0 .. $#{$questions[$sn]}) {
-        $sq = ($sn+1).".".($qn+1);
-        print "  <li> <a href=\"#question_".$sq."\">".$sq.".</a> ".$questions[$sn]->[$qn]."\n";
-        #print "  <li> ".$sq.". ".$questions[$sn]->[$qn]."\n";
-    }
-    print "  </ul>\n";
-}
-print "</ul>\n";
-
-# Emit main sections
-for $sn (0 .. $#sections) {
-    print "<hr>\n";
-    print "<a name=section_".($sn+1).">\n";
-    #print "<b><font size=+2 face=\"arial,helvetica\">".($sn+1).". ".$sections[$sn]."</font></b>\n";
-    print "<?php pretty_h2(\"".($sn+1).". ".$sections[$sn]."\"); ?>\n";
-    if ($sect_text[$sn] ne "") {
-        print "<pre>\n";
-        print $sect_text[$sn];
-        print "</pre>\n";
-    }
-    for $qn (0 .. $#{$questions[$sn]}) {
-        $sq = ($sn+1).".".($qn+1);
-        print "<p>\n";
-        print "<a name=question_".$sq.">\n";
-        print "<font size=+1 face=\"arial,helvetica\">".$sq.". ".$questions[$sn]->[$qn]."</font>\n";
-        print "<pre>\n";
-        print $answers[$sn]->[$qn];
-        print "</pre>\n";
-    }
-}
-
-# Print footer
-if ($#epilogue >= 0) {
-    print @epilogue;
-} else {
-print <<EOF;
-</body>
-</html>
-EOF
-}
-
-
-#{{{  sub guard {
-sub guard {
-# Hide wierd tags etc
-    my ($x) = @_;
-    return $x;
-}
-#}}}
-
-

getdate.y

@@ -8,12 +8,7 @@
 **  This code is in the public domain and has no copyright.
 */
 
-#ifdef HAVE_CONFIG_H
-# include <config.h>
-# ifdef HAVE_ALLOCA_H
-#  include <alloca.h>
-# endif
-#endif
+#include "config.h"
 
 /* Since the code of getdate.y is not included in the Emacs executable
    itself, there is no need to #define static in this file.  Even if
@@ -711,7 +706,7 @@ LookupWord (buff)
   /* Make it lowercase. */
   for (p = buff; *p; p++)
     if (ISUPPER ((unsigned char) *p))
-      *p = tolower (*p);
+      *p = tolower ((unsigned char) *p);
 
   if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0)
     {

hash.h

@@ -38,4 +38,6 @@ extern unsigned int HSH_Hash(int id,
     const unsigned char *in2, unsigned int in2_len,
     unsigned char *out, unsigned int out_len);
 
+extern void HSH_Finalise(void);
+
 #endif

hash_intmd5.c

@@ -62,3 +62,8 @@ HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
 
   return 16;
 }
+
+void
+HSH_Finalise(void)
+{
+}

hash_nss.c

@@ -25,11 +25,12 @@
 
   */
 
+#include "config.h"
+
 #include <nss.h>
 #include <hasht.h>
 #include <nsslowhash.h>
 
-/* #include "config.h" */
 #include "hash.h"
 
 static NSSLOWInitContext *ictx;
@@ -87,3 +88,17 @@ HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
 
   return ret;
 }
+
+void
+HSH_Finalise(void)
+{
+  int i;
+
+  for (i = 0; hashes[i].name; i++) {
+    if (hashes[i].context)
+      NSSLOWHASH_Destroy(hashes[i].context);
+  }
+
+  if (ictx)
+    NSSLOW_Shutdown(ictx);
+}

hash_tomcrypt.c

@@ -114,3 +114,8 @@ HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len,
 
   return len;
 }
+
+void
+HSH_Finalise(void)
+{
+}

hwclock.c

@@ -0,0 +1,208 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Tracking of hardware clocks (e.g. RTC, PHC)
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "hwclock.h"
+#include "local.h"
+#include "logging.h"
+#include "memory.h"
+#include "regress.h"
+#include "util.h"
+
+/* Maximum number of samples per clock */
+#define MAX_SAMPLES 16
+
+/* Minimum interval between samples (in seconds) */
+#define MIN_SAMPLE_SEPARATION 1.0
+
+struct HCL_Instance_Record {
+  /* HW and local reference timestamp */
+  struct timespec hw_ref;
+  struct timespec local_ref;
+
+  /* Samples stored as intervals (uncorrected for frequency error)
+     relative to local_ref and hw_ref */
+  double x_data[MAX_SAMPLES];
+  double y_data[MAX_SAMPLES];
+
+  /* Number of samples */
+  int n_samples;
+
+  /* Maximum error of the last sample */
+  double last_err;
+
+  /* Flag indicating the offset and frequency values are valid */
+  int valid_coefs;
+
+  /* Estimated offset and frequency of HW clock relative to local clock */
+  double offset;
+  double frequency;
+};
+
+/* ================================================== */
+
+static void
+handle_slew(struct timespec *raw, struct timespec *cooked, double dfreq,
+            double doffset, LCL_ChangeType change_type, void *anything)
+{
+  HCL_Instance clock;
+  double delta;
+
+  clock = anything;
+
+  if (clock->n_samples)
+    UTI_AdjustTimespec(&clock->local_ref, cooked, &clock->local_ref, &delta, dfreq, doffset);
+  if (clock->valid_coefs)
+    clock->frequency /= 1.0 - dfreq;
+}
+
+/* ================================================== */
+
+HCL_Instance
+HCL_CreateInstance(void)
+{
+  HCL_Instance clock;
+
+  clock = MallocNew(struct HCL_Instance_Record);
+  clock->x_data[MAX_SAMPLES - 1] = 0.0;
+  clock->y_data[MAX_SAMPLES - 1] = 0.0;
+  clock->n_samples = 0;
+  clock->valid_coefs = 0;
+
+  LCL_AddParameterChangeHandler(handle_slew, clock);
+
+  return clock;
+}
+
+/* ================================================== */
+
+void HCL_DestroyInstance(HCL_Instance clock)
+{
+  LCL_RemoveParameterChangeHandler(handle_slew, clock);
+  Free(clock);
+}
+
+/* ================================================== */
+
+int
+HCL_NeedsNewSample(HCL_Instance clock, struct timespec *now)
+{
+  if (!clock->n_samples ||
+      fabs(UTI_DiffTimespecsToDouble(now, &clock->local_ref)) >= MIN_SAMPLE_SEPARATION)
+    return 1;
+
+  return 0;
+}
+
+/* ================================================== */
+
+void
+HCL_AccumulateSample(HCL_Instance clock, struct timespec *hw_ts,
+                     struct timespec *local_ts, double err)
+{
+  double hw_delta, local_delta, local_freq, raw_freq;
+  int i, n_runs, best_start;
+
+  local_freq = 1.0 - LCL_ReadAbsoluteFrequency() / 1.0e6;
+
+  /* Shift old samples */
+  if (clock->n_samples) {
+    if (clock->n_samples >= MAX_SAMPLES)
+      clock->n_samples--;
+
+    hw_delta = UTI_DiffTimespecsToDouble(hw_ts, &clock->hw_ref);
+    local_delta = UTI_DiffTimespecsToDouble(local_ts, &clock->local_ref) / local_freq;
+
+    if (hw_delta <= 0.0 || local_delta < MIN_SAMPLE_SEPARATION / 2.0) {
+      clock->n_samples = 0;
+      DEBUG_LOG(LOGF_HwClocks, "HW clock reset interval=%f", local_delta);
+    }
+
+    for (i = MAX_SAMPLES - clock->n_samples; i < MAX_SAMPLES; i++) {
+      clock->y_data[i - 1] = clock->y_data[i] - hw_delta;
+      clock->x_data[i - 1] = clock->x_data[i] - local_delta;
+    }
+  }
+
+  clock->n_samples++;
+  clock->hw_ref = *hw_ts;
+  clock->local_ref = *local_ts;
+  clock->last_err = err;
+
+  /* Get new coefficients */
+  clock->valid_coefs =
+    RGR_FindBestRobustRegression(clock->x_data + MAX_SAMPLES - clock->n_samples,
+                                 clock->y_data + MAX_SAMPLES - clock->n_samples,
+                                 clock->n_samples, 1.0e-9, &clock->offset, &raw_freq,
+                                 &n_runs, &best_start);
+
+  if (!clock->valid_coefs) {
+    DEBUG_LOG(LOGF_HwClocks, "HW clock needs more samples");
+    return;
+  }
+
+  clock->frequency = raw_freq / local_freq;
+
+  /* Drop unneeded samples */
+  clock->n_samples -= best_start;
+
+  /* If the fit doesn't cross the error interval of the last sample, throw away
+     all previous samples and keep only the frequency estimate */
+  if (fabs(clock->offset) > err) {
+    DEBUG_LOG(LOGF_HwClocks, "HW clock reset offset=%e", clock->offset);
+    clock->offset = 0.0;
+    clock->n_samples = 1;
+  }
+
+  DEBUG_LOG(LOGF_HwClocks, "HW clock samples=%d offset=%e freq=%.9e raw_freq=%.9e err=%e ref_diff=%e",
+            clock->n_samples, clock->offset, clock->frequency, raw_freq, err,
+            UTI_DiffTimespecsToDouble(&clock->hw_ref, &clock->local_ref));
+}
+
+/* ================================================== */
+
+int
+HCL_CookTime(HCL_Instance clock, struct timespec *raw, struct timespec *cooked, double *err)
+{
+  double offset, elapsed;
+
+  if (!clock->valid_coefs)
+    return 0;
+
+  elapsed = UTI_DiffTimespecsToDouble(raw, &clock->hw_ref);
+  offset = clock->offset + elapsed / clock->frequency;
+  UTI_AddDoubleToTimespec(&clock->local_ref, offset, cooked);
+
+  /* Fow now, just return the error of the last sample */
+  if (err)
+    *err = clock->last_err;
+
+  return 1;
+}

hwclock.h

@@ -0,0 +1,48 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Header for tracking of hardware clocks */
+
+#ifndef GOT_HWCLOCK_H
+#define GOT_HWCLOCK_H
+
+typedef struct HCL_Instance_Record *HCL_Instance;
+
+/* Create a new HW clock instance */
+extern HCL_Instance HCL_CreateInstance(void);
+
+/* Destroy a HW clock instance */
+extern void HCL_DestroyInstance(HCL_Instance clock);
+
+/* Check if a new sample should be accumulated at this time */
+extern int HCL_NeedsNewSample(HCL_Instance clock, struct timespec *now);
+
+/* Accumulate a new sample */
+extern void HCL_AccumulateSample(HCL_Instance clock, struct timespec *hw_ts,
+                                 struct timespec *local_ts, double err);
+
+/* Convert raw hardware time to cooked local time */
+extern int HCL_CookTime(HCL_Instance clock, struct timespec *raw, struct timespec *cooked,
+                        double *err);
+
+#endif

keys.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2012-2013
+ * Copyright (C) Miroslav Lichvar  2012-2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -30,6 +30,7 @@
 
 #include "sysincl.h"
 
+#include "array.h"
 #include "keys.h"
 #include "cmdparse.h"
 #include "conf.h"
@@ -38,82 +39,35 @@
 #include "local.h"
 #include "logging.h"
 
+/* Consider 80 bits as the absolute minimum for a secure key */
+#define MIN_SECURE_KEY_LENGTH 10
 
 typedef struct {
-  unsigned long id;
+  uint32_t id;
   char *val;
   int len;
   int hash_id;
   int auth_delay;
 } Key;
 
-#define MAX_KEYS 256
+static ARR_Instance keys;
 
-static int n_keys;
-static Key keys[MAX_KEYS];
-
-static int command_key_valid;
-static int command_key_id;
 static int cache_valid;
-static unsigned long cache_key_id;
+static uint32_t cache_key_id;
 static int cache_key_pos;
 
 /* ================================================== */
 
-static int
-generate_key(unsigned long key_id)
+static void
+free_keys(void)
 {
-#ifdef GENERATE_SHA1_KEY
-  unsigned char key[20];
-  const char *hashname = "SHA1";
-#else
-  unsigned char key[16];
-  const char *hashname = "MD5";
-#endif
-  const char *key_file, *rand_dev = "/dev/urandom";
-  FILE *f;
-  struct stat st;
-  int i;
+  unsigned int i;
 
-  key_file = CNF_GetKeysFile();
+  for (i = 0; i < ARR_GetSize(keys); i++)
+    Free(((Key *)ARR_GetElement(keys, i))->val);
 
-  if (!key_file)
-    return 0;
-
-  f = fopen(rand_dev, "r");
-  if (!f || fread(key, sizeof (key), 1, f) != 1) {
-    if (f)
-      fclose(f);
-    LOG_FATAL(LOGF_Keys, "Could not read %s", rand_dev);
-    return 0;
-  }
-  fclose(f);
-
-  f = fopen(key_file, "a");
-  if (!f) {
-    LOG_FATAL(LOGF_Keys, "Could not open keyfile %s for writing", key_file);
-    return 0;
-  }
-
-  /* Make sure the keyfile is not world-readable */
-  if (stat(key_file, &st) || chmod(key_file, st.st_mode & 0770)) {
-    fclose(f);
-    LOG_FATAL(LOGF_Keys, "Could not change permissions of keyfile %s", key_file);
-    return 0;
-  }
-
-  fprintf(f, "\n%lu %s HEX:", key_id, hashname);
-  for (i = 0; i < sizeof (key); i++)
-    fprintf(f, "%02hhX", key[i]);
-  fprintf(f, "\n");
-  fclose(f);
-
-  /* Erase the key from stack */
-  memset(key, 0, sizeof (key));
-
-  LOG(LOGS_INFO, LOGF_Keys, "Generated key %lu", key_id);
-
-  return 1;
+  ARR_SetSize(keys, 0);
+  cache_valid = 0;
 }
 
 /* ================================================== */
@@ -121,15 +75,9 @@ generate_key(unsigned long key_id)
 void
 KEY_Initialise(void)
 {
-  n_keys = 0;
-  command_key_valid = 0;
+  keys = ARR_CreateInstance(sizeof (Key));
   cache_valid = 0;
   KEY_Reload();
-
-  if (CNF_GetGenerateCommandKey() && !KEY_KeyKnown(KEY_GetCommandKey())) {
-    if (generate_key(KEY_GetCommandKey()))
-      KEY_Reload();
-  }
 }
 
 /* ================================================== */
@@ -137,37 +85,77 @@ KEY_Initialise(void)
 void
 KEY_Finalise(void)
 {
+  free_keys();
+  ARR_DestroyInstance(keys);
+}
+
+/* ================================================== */
+
+static Key *
+get_key(unsigned int index)
+{
+  return ((Key *)ARR_GetElements(keys)) + index;
 }
 
 /* ================================================== */
 
 static int
-determine_hash_delay(int key_id)
+determine_hash_delay(uint32_t key_id)
 {
   NTP_Packet pkt;
-  struct timeval before, after;
-  unsigned long usecs, min_usecs=0;
-  int i;
+  struct timespec before, after;
+  double diff, min_diff;
+  int i, nsecs;
 
   for (i = 0; i < 10; i++) {
     LCL_ReadRawTime(&before);
-    KEY_GenerateAuth(key_id, (unsigned char *)&pkt, NTP_NORMAL_PACKET_SIZE,
+    KEY_GenerateAuth(key_id, (unsigned char *)&pkt, NTP_NORMAL_PACKET_LENGTH,
         (unsigned char *)&pkt.auth_data, sizeof (pkt.auth_data));
     LCL_ReadRawTime(&after);
 
-    usecs = (after.tv_sec - before.tv_sec) * 1000000 + (after.tv_usec - before.tv_usec);
+    diff = UTI_DiffTimespecsToDouble(&after, &before);
 
-    if (i == 0 || usecs < min_usecs) {
-      min_usecs = usecs;
-    }
+    if (i == 0 || min_diff > diff)
+      min_diff = diff;
   }
 
-#if 0
-  LOG(LOGS_INFO, LOGF_Keys, "authentication delay for key %lu: %d useconds", key_id, min_usecs);
-#endif
-
   /* Add on a bit extra to allow for copying, conversions etc */
-  return min_usecs + (min_usecs >> 4);
+  nsecs = 1.0625e9 * min_diff;
+
+  DEBUG_LOG(LOGF_Keys, "authentication delay for key %"PRIu32": %d nsecs", key_id, nsecs);
+
+  return nsecs;
+}
+
+/* ================================================== */
+/* Decode password encoded in ASCII or HEX */
+
+static int
+decode_password(char *key)
+{
+  int i, j, len = strlen(key);
+  char buf[3], *p;
+
+  if (!strncmp(key, "ASCII:", 6)) {
+    memmove(key, key + 6, len - 6);
+    return len - 6;
+  } else if (!strncmp(key, "HEX:", 4)) {
+    if ((len - 4) % 2)
+      return 0;
+
+    for (i = 0, j = 4; j + 1 < len; i++, j += 2) {
+      buf[0] = key[j], buf[1] = key[j + 1], buf[2] = '\0';
+      key[i] = strtol(buf, &p, 16);
+
+      if (p != buf + 2)
+        return 0;
+    }
+
+    return i;
+  } else {
+    /* assume ASCII */
+    return len;
+  }
 }
 
 /* ================================================== */
@@ -195,18 +183,14 @@ compare_keys_by_id(const void *a, const void *b)
 void
 KEY_Reload(void)
 {
-  int i, line_number;
+  unsigned int i, line_number;
   FILE *in;
-  unsigned long key_id;
+  uint32_t key_id;
   char line[2048], *keyval, *key_file;
   const char *hashname;
+  Key key;
 
-  for (i=0; i<n_keys; i++) {
-    Free(keys[i].val);
-  }
-  n_keys = 0;
-  command_key_valid = 0;
-  cache_valid = 0;
+  free_keys();
 
   key_file = CNF_GetKeysFile();
   line_number = 0;
@@ -232,22 +216,22 @@ KEY_Reload(void)
       continue;
     }
 
-    keys[n_keys].hash_id = HSH_GetHashId(hashname);
-    if (keys[n_keys].hash_id < 0) {
-      LOG(LOGS_WARN, LOGF_Keys, "Unknown hash function in key %lu", key_id);
+    key.hash_id = HSH_GetHashId(hashname);
+    if (key.hash_id < 0) {
+      LOG(LOGS_WARN, LOGF_Keys, "Unknown hash function in key %"PRIu32, key_id);
       continue;
     }
 
-    keys[n_keys].len = UTI_DecodePasswordFromText(keyval);
-    if (!keys[n_keys].len) {
-      LOG(LOGS_WARN, LOGF_Keys, "Could not decode password in key %lu", key_id);
+    key.len = decode_password(keyval);
+    if (!key.len) {
+      LOG(LOGS_WARN, LOGF_Keys, "Could not decode password in key %"PRIu32, key_id);
       continue;
     }
 
-    keys[n_keys].id = key_id;
-    keys[n_keys].val = MallocArray(char, keys[n_keys].len);
-    memcpy(keys[n_keys].val, keyval, keys[n_keys].len);
-    n_keys++;
+    key.id = key_id;
+    key.val = MallocArray(char, key.len);
+    memcpy(key.val, keyval, key.len);
+    ARR_AppendElement(keys, &key);
   }
 
   fclose(in);
@@ -255,143 +239,173 @@ KEY_Reload(void)
   /* Sort keys into order.  Note, if there's a duplicate, it is
      arbitrary which one we use later - the user should have been
      more careful! */
-  qsort((void *) keys, n_keys, sizeof(Key), compare_keys_by_id);
+  qsort(ARR_GetElements(keys), ARR_GetSize(keys), sizeof (Key), compare_keys_by_id);
 
   /* Check for duplicates */
-  for (i = 1; i < n_keys; i++) {
-    if (keys[i - 1].id == keys[i].id) {
-      LOG(LOGS_WARN, LOGF_Keys, "Detected duplicate key %lu", key_id);
-    }
+  for (i = 1; i < ARR_GetSize(keys); i++) {
+    if (get_key(i - 1)->id == get_key(i)->id)
+      LOG(LOGS_WARN, LOGF_Keys, "Detected duplicate key %"PRIu32, get_key(i - 1)->id);
   }
 
   /* Erase any passwords from stack */
   memset(line, 0, sizeof (line));
 
-  for (i=0; i<n_keys; i++) {
-    keys[i].auth_delay = determine_hash_delay(keys[i].id);
-  }
+  for (i = 0; i < ARR_GetSize(keys); i++)
+    get_key(i)->auth_delay = determine_hash_delay(get_key(i)->id);
 }
 
 /* ================================================== */
 
 static int
-lookup_key(unsigned long id)
+lookup_key(uint32_t id)
 {
-  Key specimen, *where;
+  Key specimen, *where, *keys_ptr;
   int pos;
 
+  keys_ptr = ARR_GetElements(keys);
   specimen.id = id;
-  where = (Key *) bsearch((void *)&specimen, (void *)keys, n_keys, sizeof(Key), compare_keys_by_id);
+  where = (Key *)bsearch((void *)&specimen, keys_ptr, ARR_GetSize(keys),
+                         sizeof (Key), compare_keys_by_id);
   if (!where) {
     return -1;
   } else {
-    pos = where - keys;
+    pos = where - keys_ptr;
     return pos;
   }
 }
 
 /* ================================================== */
 
-static int
-get_key_pos(unsigned long key_id)
-{
-  if (!cache_valid || key_id != cache_key_id) {
-    cache_valid = 1;
-    cache_key_pos = lookup_key(key_id);
-    cache_key_id = key_id;
-  }
-
-  return cache_key_pos;
-}
-
-/* ================================================== */
-
-unsigned long
-KEY_GetCommandKey(void)
-{
-  if (!command_key_valid) {
-    command_key_id = CNF_GetCommandKey();
-  }
-
-  return command_key_id;
-}
-
-/* ================================================== */
-
-int
-KEY_KeyKnown(unsigned long key_id)
+static Key *
+get_key_by_id(uint32_t key_id)
 {
   int position;
 
-  if (cache_valid && (key_id == cache_key_id)) {
-    return 1;
-  } else {
+  if (cache_valid && key_id == cache_key_id)
+    return get_key(cache_key_pos);
 
-    position = lookup_key(key_id);
+  position = lookup_key(key_id);
 
-    if (position >= 0) {
-      /* Store key in cache, we will probably be using it in a
-         minute... */
-      cache_valid = 1;
-      cache_key_pos = position;
-      cache_key_id = key_id;
-      return 1;
-    } else {
-      return 0;
-    }
+  if (position >= 0) {
+    cache_valid = 1;
+    cache_key_pos = position;
+    cache_key_id = key_id;
+
+    return get_key(position);
   }
+
+  return NULL;
 }
 
 /* ================================================== */
 
 int
-KEY_GetAuthDelay(unsigned long key_id)
+KEY_KeyKnown(uint32_t key_id)
 {
-  int key_pos;
-
-  key_pos = get_key_pos(key_id);
-
-  if (key_pos < 0) {
-    return 0;
-  }
-
-  return keys[key_pos].auth_delay;
+  return get_key_by_id(key_id) != NULL;
 }
 
 /* ================================================== */
 
 int
-KEY_GenerateAuth(unsigned long key_id, const unsigned char *data, int data_len,
+KEY_GetAuthDelay(uint32_t key_id)
+{
+  Key *key;
+
+  key = get_key_by_id(key_id);
+
+  if (!key)
+    return 0;
+
+  return key->auth_delay;
+}
+
+/* ================================================== */
+
+int
+KEY_GetAuthLength(uint32_t key_id)
+{
+  unsigned char buf[MAX_HASH_LENGTH];
+  Key *key;
+
+  key = get_key_by_id(key_id);
+
+  if (!key)
+    return 0;
+
+  return HSH_Hash(key->hash_id, buf, 0, buf, 0, buf, sizeof (buf));
+}
+
+/* ================================================== */
+
+int
+KEY_CheckKeyLength(uint32_t key_id)
+{
+  Key *key;
+
+  key = get_key_by_id(key_id);
+
+  if (!key)
+    return 0;
+
+  return key->len >= MIN_SECURE_KEY_LENGTH;
+}
+
+/* ================================================== */
+
+static int
+generate_ntp_auth(int hash_id, const unsigned char *key, int key_len,
+                  const unsigned char *data, int data_len,
+                  unsigned char *auth, int auth_len)
+{
+  return HSH_Hash(hash_id, key, key_len, data, data_len, auth, auth_len);
+}
+
+/* ================================================== */
+
+static int
+check_ntp_auth(int hash_id, const unsigned char *key, int key_len,
+               const unsigned char *data, int data_len,
+               const unsigned char *auth, int auth_len, int trunc_len)
+{
+  unsigned char buf[MAX_HASH_LENGTH];
+  int hash_len;
+
+  hash_len = generate_ntp_auth(hash_id, key, key_len, data, data_len, buf, sizeof (buf));
+
+  return MIN(hash_len, trunc_len) == auth_len && !memcmp(buf, auth, auth_len);
+}
+
+/* ================================================== */
+
+int
+KEY_GenerateAuth(uint32_t key_id, const unsigned char *data, int data_len,
     unsigned char *auth, int auth_len)
 {
-  int key_pos;
+  Key *key;
 
-  key_pos = get_key_pos(key_id);
+  key = get_key_by_id(key_id);
 
-  if (key_pos < 0) {
+  if (!key)
     return 0;
-  }
 
-  return UTI_GenerateNTPAuth(keys[key_pos].hash_id,
-      (unsigned char *)keys[key_pos].val, keys[key_pos].len,
-      data, data_len, auth, auth_len);
+  return generate_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len,
+                           data, data_len, auth, auth_len);
 }
 
 /* ================================================== */
 
 int
-KEY_CheckAuth(unsigned long key_id, const unsigned char *data, int data_len,
-    const unsigned char *auth, int auth_len)
+KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
+              const unsigned char *auth, int auth_len, int trunc_len)
 {
-  int key_pos;
+  Key *key;
 
-  key_pos = get_key_pos(key_id);
+  key = get_key_by_id(key_id);
 
-  if (key_pos < 0) {
+  if (!key)
     return 0;
-  }
 
-  return UTI_CheckNTPAuth(keys[key_pos].hash_id,
-      (unsigned char *)keys[key_pos].val, keys[key_pos].len,
-      data, data_len, auth, auth_len);
+  return check_ntp_auth(key->hash_id, (unsigned char *)key->val, key->len,
+                        data, data_len, auth, auth_len, trunc_len);
 }

keys.h

@@ -27,20 +27,22 @@
 #ifndef GOT_KEYS_H
 #define GOT_KEYS_H
 
+#include "sysincl.h"
+
 extern void KEY_Initialise(void);
 extern void KEY_Finalise(void);
 
 extern void KEY_Reload(void);
 
-extern unsigned long KEY_GetCommandKey(void);
+extern int KEY_GetKey(uint32_t key_id, char **key, int *len);
+extern int KEY_KeyKnown(uint32_t key_id);
+extern int KEY_GetAuthDelay(uint32_t key_id);
+extern int KEY_GetAuthLength(uint32_t key_id);
+extern int KEY_CheckKeyLength(uint32_t key_id);
 
-extern int KEY_GetKey(unsigned long key_id, char **key, int *len);
-extern int KEY_KeyKnown(unsigned long key_id);
-extern int KEY_GetAuthDelay(unsigned long key_id);
-
-extern int KEY_GenerateAuth(unsigned long key_id, const unsigned char *data,
+extern int KEY_GenerateAuth(uint32_t key_id, const unsigned char *data,
     int data_len, unsigned char *auth, int auth_len);
-extern int KEY_CheckAuth(unsigned long key_id, const unsigned char *data,
-    int data_len, const unsigned char *auth, int auth_len);
+extern int KEY_CheckAuth(uint32_t key_id, const unsigned char *data, int data_len,
+                         const unsigned char *auth, int auth_len, int trunc_len);
 
 #endif /* GOT_KEYS_H */

local.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2011
+ * Copyright (C) Miroslav Lichvar  2011, 2014-2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -36,6 +36,7 @@
 #include "local.h"
 #include "localp.h"
 #include "memory.h"
+#include "smooth.h"
 #include "util.h"
 #include "logging.h"
 
@@ -44,6 +45,9 @@
 /* Variable to store the current frequency, in ppm */
 static double current_freq_ppm;
 
+/* Maximum allowed frequency, in ppm */
+static double max_freq_ppm;
+
 /* Temperature compensation, in ppm */
 static double temp_comp_ppm;
 
@@ -56,6 +60,7 @@ static lcl_AccrueOffsetDriver drv_accrue_offset;
 static lcl_ApplyStepOffsetDriver drv_apply_step_offset;
 static lcl_OffsetCorrectionDriver drv_offset_convert;
 static lcl_SetLeapDriver drv_set_leap;
+static lcl_SetSyncStatusDriver drv_set_sync_status;
 
 /* ================================================== */
 
@@ -101,36 +106,45 @@ static double max_clock_error;
    under 1s of busy waiting. */
 #define NITERS 100
 
+#define NSEC_PER_SEC 1000000000
+
 static void
 calculate_sys_precision(void)
 {
-  struct timeval tv, old_tv;
-  int dusec, best_dusec;
-  int iters;
+  struct timespec ts, old_ts;
+  int iters, diff, best;
 
-  gettimeofday(&old_tv, NULL);
-  best_dusec = 1000000; /* Assume we must be better than a second */
+  LCL_ReadRawTime(&old_ts);
+
+  /* Assume we must be better than a second */
+  best = NSEC_PER_SEC;
   iters = 0;
+
   do {
-    gettimeofday(&tv, NULL);
-    dusec = 1000000*(tv.tv_sec - old_tv.tv_sec) + (tv.tv_usec - old_tv.tv_usec);
-    old_tv = tv;
-    if (dusec > 0)  {
-      if (dusec < best_dusec) {
-        best_dusec = dusec;
-      }
+    LCL_ReadRawTime(&ts);
+
+    diff = NSEC_PER_SEC * (ts.tv_sec - old_ts.tv_sec) + (ts.tv_nsec - old_ts.tv_nsec);
+
+    old_ts = ts;
+    if (diff > 0) {
+      if (diff < best)
+        best = diff;
       iters++;
     }
   } while (iters < NITERS);
 
-  assert(best_dusec > 0);
+  assert(best > 0);
 
-  precision_quantum = best_dusec * 1.0e-6;
+  precision_quantum = 1.0e-9 * best;
+
+  /* Get rounded log2 value of the measured precision */
   precision_log = 0;
-  while (best_dusec < 500000) {
+  while (best < 707106781) {
     precision_log--;
-    best_dusec *= 2;
+    best *= 2;
   }
+
+  DEBUG_LOG(LOGF_Local, "Clock precision %.9f (%d)", precision_quantum, precision_log);
 }
 
 /* ================================================== */
@@ -156,6 +170,11 @@ LCL_Initialise(void)
 
   calculate_sys_precision();
 
+  /* This is the maximum allowed frequency offset in ppm, the time must
+     never stop or run backwards */
+  max_freq_ppm = CNF_GetMaxDrift();
+  max_freq_ppm = CLAMP(0.0, max_freq_ppm, 500000.0);
+
   max_clock_error = CNF_GetMaxClockError() * 1e-6;
 }
 
@@ -164,6 +183,13 @@ LCL_Initialise(void)
 void
 LCL_Finalise(void)
 {
+  while (change_list.next != &change_list)
+    LCL_RemoveParameterChangeHandler(change_list.next->handler,
+                                     change_list.next->anything);
+
+  while (dispersion_notify_list.next != &dispersion_notify_list)
+    LCL_RemoveDispersionNotifyHandler(dispersion_notify_list.next->handler,
+                                      dispersion_notify_list.next->anything);
 }
 
 /* ================================================== */
@@ -243,7 +269,29 @@ void LCL_RemoveParameterChangeHandler(LCL_ParameterChangeHandler handler, void *
   ptr->next->prev = ptr->prev;
   ptr->prev->next = ptr->next;
 
-  free(ptr);
+  Free(ptr);
+}
+
+/* ================================================== */
+
+int
+LCL_IsFirstParameterChangeHandler(LCL_ParameterChangeHandler handler)
+{
+  return change_list.next->handler == handler;
+}
+
+/* ================================================== */
+
+static void
+invoke_parameter_change_handlers(struct timespec *raw, struct timespec *cooked,
+                                 double dfreq, double doffset,
+                                 LCL_ChangeType change_type)
+{
+  ChangeListEntry *ptr;
+
+  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
+    (ptr->handler)(raw, cooked, dfreq, doffset, change_type, ptr->anything);
+  }
 }
 
 /* ================================================== */
@@ -298,27 +346,33 @@ void LCL_RemoveDispersionNotifyHandler(LCL_DispersionNotifyHandler handler, void
   ptr->next->prev = ptr->prev;
   ptr->prev->next = ptr->next;
 
-  free(ptr);
-}
-
-/* ================================================== */
-/* At the moment, this is just gettimeofday(), because
-   I can't think of a Unix system where it would not be */
-
-void
-LCL_ReadRawTime(struct timeval *result)
-{
-  if (gettimeofday(result, NULL) < 0) {
-    LOG_FATAL(LOGF_Local, "gettimeofday() failed");
-  }
+  Free(ptr);
 }
 
 /* ================================================== */
 
 void
-LCL_ReadCookedTime(struct timeval *result, double *err)
+LCL_ReadRawTime(struct timespec *ts)
 {
-  struct timeval raw;
+#if HAVE_CLOCK_GETTIME
+  if (clock_gettime(CLOCK_REALTIME, ts) < 0)
+    LOG_FATAL(LOGF_Local, "clock_gettime() failed : %s", strerror(errno));
+#else
+  struct timeval tv;
+
+  if (gettimeofday(&tv, NULL) < 0)
+    LOG_FATAL(LOGF_Local, "gettimeofday() failed : %s", strerror(errno));
+
+  UTI_TimevalToTimespec(&tv, ts);
+#endif
+}
+
+/* ================================================== */
+
+void
+LCL_ReadCookedTime(struct timespec *result, double *err)
+{
+  struct timespec raw;
 
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, result, err);
@@ -327,18 +381,18 @@ LCL_ReadCookedTime(struct timeval *result, double *err)
 /* ================================================== */
 
 void
-LCL_CookTime(struct timeval *raw, struct timeval *cooked, double *err)
+LCL_CookTime(struct timespec *raw, struct timespec *cooked, double *err)
 {
   double correction;
 
   LCL_GetOffsetCorrection(raw, &correction, err);
-  UTI_AddDoubleToTimeval(raw, correction, cooked);
+  UTI_AddDoubleToTimespec(raw, correction, cooked);
 }
 
 /* ================================================== */
 
 void
-LCL_GetOffsetCorrection(struct timeval *raw, double *correction, double *err)
+LCL_GetOffsetCorrection(struct timespec *raw, double *correction, double *err)
 {
   /* Call system specific driver to get correction */
   (*drv_offset_convert)(raw, correction, err);
@@ -363,16 +417,44 @@ LCL_ReadAbsoluteFrequency(void)
 }
 
 /* ================================================== */
+
+static double
+clamp_freq(double freq)
+{
+  if (freq <= max_freq_ppm && freq >= -max_freq_ppm)
+    return freq;
+
+  LOG(LOGS_WARN, LOGF_Local, "Frequency %.1f ppm exceeds allowed maximum", freq);
+
+  return CLAMP(-max_freq_ppm, freq, max_freq_ppm);
+}
+
+/* ================================================== */
+
+static int
+check_offset(struct timespec *now, double offset)
+{
+  /* Check if the time will be still sane with accumulated offset */
+  if (UTI_IsTimeOffsetSane(now, -offset))
+      return 1;
+
+  LOG(LOGS_WARN, LOGF_Local, "Adjustment of %.1f seconds is invalid", -offset);
+  return 0;
+}
+
+/* ================================================== */
+
 /* This involves both setting the absolute frequency with the
    system-specific driver, as well as calling all notify handlers */
 
 void
 LCL_SetAbsoluteFrequency(double afreq_ppm)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
   double dfreq;
   
+  afreq_ppm = clamp_freq(afreq_ppm);
+
   /* Apply temperature compensation */
   if (temp_comp_ppm != 0.0) {
     afreq_ppm = afreq_ppm * (1.0 - 1.0e-6 * temp_comp_ppm) - temp_comp_ppm;
@@ -382,15 +464,13 @@ LCL_SetAbsoluteFrequency(double afreq_ppm)
   
   afreq_ppm = (*drv_set_freq)(afreq_ppm);
 
-  dfreq = (afreq_ppm - current_freq_ppm) / (1.0e6 + current_freq_ppm);
+  dfreq = (afreq_ppm - current_freq_ppm) / (1.0e6 - current_freq_ppm);
 
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, dfreq, 0.0, 0, ptr->anything);
-  }
+  invoke_parameter_change_handlers(&raw, &cooked, dfreq, 0.0, LCL_ChangeAdjust);
 
   current_freq_ppm = afreq_ppm;
 
@@ -401,8 +481,7 @@ LCL_SetAbsoluteFrequency(double afreq_ppm)
 void
 LCL_AccumulateDeltaFrequency(double dfreq)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
   double old_freq_ppm;
 
   old_freq_ppm = current_freq_ppm;
@@ -411,20 +490,19 @@ LCL_AccumulateDeltaFrequency(double dfreq)
    are handled in units of ppm, whereas the 'dfreq' argument is in
    terms of the gradient of the (offset) v (local time) function. */
 
-  current_freq_ppm = (1.0 + dfreq) * current_freq_ppm + 1.0e6 * dfreq;
+  current_freq_ppm += dfreq * (1.0e6 - current_freq_ppm);
+
+  current_freq_ppm = clamp_freq(current_freq_ppm);
 
   /* Call the system-specific driver for setting the frequency */
   current_freq_ppm = (*drv_set_freq)(current_freq_ppm);
-  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 + old_freq_ppm);
+  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 - old_freq_ppm);
 
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, dfreq, 0.0, 0, ptr->anything);
-  }
-
+  invoke_parameter_change_handlers(&raw, &cooked, dfreq, 0.0, LCL_ChangeAdjust);
 }
 
 /* ================================================== */
@@ -432,8 +510,7 @@ LCL_AccumulateDeltaFrequency(double dfreq)
 void
 LCL_AccumulateOffset(double offset, double corr_rate)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
 
   /* In this case, the cooked time to be passed to the notify clients
      has to be the cooked time BEFORE the change was made */
@@ -441,22 +518,21 @@ LCL_AccumulateOffset(double offset, double corr_rate)
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
+  if (!check_offset(&cooked, offset))
+      return;
+
   (*drv_accrue_offset)(offset, corr_rate);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, 0.0, offset, 0, ptr->anything);
-  }
-
+  invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeAdjust);
 }
 
 /* ================================================== */
 
-void
+int
 LCL_ApplyStepOffset(double offset)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
 
   /* In this case, the cooked time to be passed to the notify clients
      has to be the cooked time BEFORE the change was made */
@@ -464,38 +540,58 @@ LCL_ApplyStepOffset(double offset)
   LCL_ReadRawTime(&raw);
   LCL_CookTime(&raw, &cooked, NULL);
 
-  (*drv_apply_step_offset)(offset);
+  if (!check_offset(&raw, offset))
+      return 0;
 
-  /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, 0.0, offset, 1, ptr->anything);
+  if (!(*drv_apply_step_offset)(offset)) {
+    LOG(LOGS_ERR, LOGF_Local, "Could not step clock");
+    return 0;
   }
 
+  /* Reset smoothing on all clock steps */
+  SMT_Reset(&cooked);
+
+  /* Dispatch to all handlers */
+  invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeStep);
+
+  return 1;
 }
 
 /* ================================================== */
 
 void
-LCL_NotifyExternalTimeStep(struct timeval *raw, struct timeval *cooked,
+LCL_NotifyExternalTimeStep(struct timespec *raw, struct timespec *cooked,
     double offset, double dispersion)
 {
-  ChangeListEntry *ptr;
-
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(raw, cooked, 0.0, offset, 1, ptr->anything);
-  }
+  invoke_parameter_change_handlers(raw, cooked, 0.0, offset, LCL_ChangeUnknownStep);
 
   lcl_InvokeDispersionNotifyHandlers(dispersion);
 }
 
 /* ================================================== */
 
+void
+LCL_NotifyLeap(int leap)
+{
+  struct timespec raw, cooked;
+
+  LCL_ReadRawTime(&raw);
+  LCL_CookTime(&raw, &cooked, NULL);
+
+  /* Smooth the leap second out */
+  SMT_Leap(&cooked, leap);
+
+  /* Dispatch to all handlers as if the clock was stepped */
+  invoke_parameter_change_handlers(&raw, &cooked, 0.0, -leap, LCL_ChangeStep);
+}
+
+/* ================================================== */
+
 void
 LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
 {
-  ChangeListEntry *ptr;
-  struct timeval raw, cooked;
+  struct timespec raw, cooked;
   double old_freq_ppm;
 
   LCL_ReadRawTime(&raw);
@@ -503,30 +599,29 @@ LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
      to the change we are about to make */
   LCL_CookTime(&raw, &cooked, NULL);
 
+  if (!check_offset(&cooked, doffset))
+      return;
+
   old_freq_ppm = current_freq_ppm;
 
   /* Work out new absolute frequency.  Note that absolute frequencies
    are handled in units of ppm, whereas the 'dfreq' argument is in
    terms of the gradient of the (offset) v (local time) function. */
-  current_freq_ppm = (1.0 + dfreq) * old_freq_ppm + 1.0e6 * dfreq;
+  current_freq_ppm += dfreq * (1.0e6 - current_freq_ppm);
 
-#ifdef TRACEON
-  LOG(LOGS_INFO, LOGF_Local, "old_freq=%.3fppm new_freq=%.3fppm offset=%.6fsec",
+  current_freq_ppm = clamp_freq(current_freq_ppm);
+
+  DEBUG_LOG(LOGF_Local, "old_freq=%.3fppm new_freq=%.3fppm offset=%.6fsec",
       old_freq_ppm, current_freq_ppm, doffset);
-#endif
 
   /* Call the system-specific driver for setting the frequency */
   current_freq_ppm = (*drv_set_freq)(current_freq_ppm);
-  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 + old_freq_ppm);
+  dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 - old_freq_ppm);
 
   (*drv_accrue_offset)(doffset, corr_rate);
 
   /* Dispatch to all handlers */
-  for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) {
-    (ptr->handler)(&raw, &cooked, dfreq, doffset, 0, ptr->anything);
-  }
-
-
+  invoke_parameter_change_handlers(&raw, &cooked, dfreq, doffset, LCL_ChangeAdjust);
 }
 
 /* ================================================== */
@@ -550,7 +645,8 @@ lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq,
                           lcl_AccrueOffsetDriver accrue_offset,
                           lcl_ApplyStepOffsetDriver apply_step_offset,
                           lcl_OffsetCorrectionDriver offset_convert,
-                          lcl_SetLeapDriver set_leap)
+                          lcl_SetLeapDriver set_leap,
+                          lcl_SetSyncStatusDriver set_sync_status)
 {
   drv_read_freq = read_freq;
   drv_set_freq = set_freq;
@@ -558,43 +654,51 @@ lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq,
   drv_apply_step_offset = apply_step_offset;
   drv_offset_convert = offset_convert;
   drv_set_leap = set_leap;
+  drv_set_sync_status = set_sync_status;
 
   current_freq_ppm = (*drv_read_freq)();
 
-#ifdef TRACEON
-  LOG(LOGS_INFO, LOGF_Local, "Local freq=%.3fppm", current_freq_ppm);
-#endif
+  DEBUG_LOG(LOGF_Local, "Local freq=%.3fppm", current_freq_ppm);
 }
 
 /* ================================================== */
 /* Look at the current difference between the system time and the NTP
-   time, and make a step to cancel it if it's larger than the threshold. */
+   time, and make a step to cancel it. */
 
 int
-LCL_MakeStep(double threshold)
+LCL_MakeStep(void)
 {
-  struct timeval raw;
+  struct timespec raw;
   double correction;
 
   LCL_ReadRawTime(&raw);
   LCL_GetOffsetCorrection(&raw, &correction, NULL);
 
-  if (fabs(correction) <= threshold)
-    return 0;
+  if (!check_offset(&raw, -correction))
+      return 0;
 
   /* Cancel remaining slew and make the step */
   LCL_AccumulateOffset(correction, 0.0);
-  LCL_ApplyStepOffset(-correction);
+  if (!LCL_ApplyStepOffset(-correction))
+    return 0;
 
-  LOG(LOGS_WARN, LOGF_Local, "System clock was stepped by %.3f seconds", correction);
+  LOG(LOGS_WARN, LOGF_Local, "System clock was stepped by %.6f seconds", correction);
 
   return 1;
 }
 
 /* ================================================== */
 
+int
+LCL_CanSystemLeap(void)
+{
+  return drv_set_leap ? 1 : 0;
+}
+
+/* ================================================== */
+
 void
-LCL_SetLeap(int leap)
+LCL_SetSystemLeap(int leap)
 {
   if (drv_set_leap) {
     (drv_set_leap)(leap);
@@ -630,3 +734,13 @@ LCL_SetTempComp(double comp)
 }
 
 /* ================================================== */
+
+void
+LCL_SetSyncStatus(int synchronised, double est_error, double max_error)
+{
+  if (drv_set_sync_status) {
+    (drv_set_sync_status)(synchronised, est_error, max_error);
+  }
+}
+
+/* ================================================== */

local.h

@@ -31,9 +31,8 @@
 
 #include "sysincl.h"
 
-/* Read the system clock.  This is analogous to gettimeofday(),
-   but with the timezone information ignored */
-extern void LCL_ReadRawTime(struct timeval *);
+/* Read the system clock */
+extern void LCL_ReadRawTime(struct timespec *ts);
 
 /* Read the system clock, corrected according to all accumulated
    drifts and uncompensated offsets.
@@ -44,15 +43,15 @@ extern void LCL_ReadRawTime(struct timeval *);
    adjtime()-like interface to correct offsets, and to adjust the
    frequency), we must correct the raw time to get this value */
 
-extern void LCL_ReadCookedTime(struct timeval *t, double *err);
+extern void LCL_ReadCookedTime(struct timespec *ts, double *err);
 
 /* Convert raw time to cooked. */
-extern void LCL_CookTime(struct timeval *raw, struct timeval *cooked, double *err);
+extern void LCL_CookTime(struct timespec *raw, struct timespec *cooked, double *err);
 
 /* Read the current offset between the system clock and true time
    (i.e. 'cooked' - 'raw') (in seconds). */
 
-extern void LCL_GetOffsetCorrection(struct timeval *raw, double *correction, double *err);
+extern void LCL_GetOffsetCorrection(struct timespec *raw, double *correction, double *err);
 
 /* Type of routines that may be invoked as callbacks when there is a
    change to the frequency or offset.
@@ -67,16 +66,22 @@ extern void LCL_GetOffsetCorrection(struct timeval *raw, double *correction, dou
    doffset : delta offset applied (positive => make local system fast
    by that amount, negative => make it slow by that amount)
 
-   is_step_change : true if change is being applied as a jump (using
-   settimeofday rather than adjtime)
+   change_type : what type of change is being applied
    
    anything : Passthrough argument from call to registration routine */
 
 
+typedef enum {
+  LCL_ChangeAdjust,
+  LCL_ChangeStep,
+  LCL_ChangeUnknownStep
+} LCL_ChangeType;
+
 typedef void (*LCL_ParameterChangeHandler)
-     (struct timeval *raw, struct timeval *cooked,
+     (struct timespec *raw, struct timespec *cooked,
       double dfreq,
-      double doffset, int is_step_change,
+      double doffset,
+      LCL_ChangeType change_type,
       void *anything
       );
 
@@ -86,6 +91,9 @@ extern void LCL_AddParameterChangeHandler(LCL_ParameterChangeHandler handler, vo
 /* Remove a handler */
 extern void LCL_RemoveParameterChangeHandler(LCL_ParameterChangeHandler, void *anything);
 
+/* Check if a handler is invoked first when dispatching */
+extern int LCL_IsFirstParameterChangeHandler(LCL_ParameterChangeHandler handler);
+
 /* Function type for handlers to be called back when an indeterminate
    offset is introduced into the local time.  This situation occurs
    when the frequency must be adjusted to effect a clock slew and
@@ -150,13 +158,17 @@ extern void LCL_AccumulateOffset(double offset, double corr_rate);
    the system clock is fast on true time, i.e. it needs to be stepped
    backwards. (Same convention as for AccumulateOffset routine). */
 
-extern void LCL_ApplyStepOffset(double offset);
+extern int LCL_ApplyStepOffset(double offset);
 
 /* Routine to invoke notify handlers on an unexpected time jump
    in system clock */
-extern void LCL_NotifyExternalTimeStep(struct timeval *raw, struct timeval *cooked,
+extern void LCL_NotifyExternalTimeStep(struct timespec *raw, struct timespec *cooked,
     double offset, double dispersion);
 
+/* Routine to invoke notify handlers on leap second when the system clock
+   doesn't correct itself */
+extern void LCL_NotifyLeap(int leap);
+
 /* Perform the combination of modifying the frequency and applying
    a slew, in one easy step */
 extern void LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate);
@@ -183,12 +195,16 @@ extern void LCL_Finalise(void);
 /* Routine to convert the outstanding system clock error to a step and
    apply it, e.g. if the system clock has ended up an hour wrong due
    to a timezone problem. */
-extern int LCL_MakeStep(double threshold);
+extern int LCL_MakeStep(void);
 
-/* Routine to schedule a leap second. Leap second will be inserted
-   at the end of the day if argument is positive, deleted if negative,
-   and zero cancels scheduled leap second. */
-extern void LCL_SetLeap(int leap);
+/* Check if the system driver supports leap seconds, i.e. LCL_SetSystemLeap
+   does something */
+extern int LCL_CanSystemLeap(void);
+
+/* Routine to set the system clock to correct itself for a leap second if
+   supported.  Leap second will be inserted at the end of the day if the
+   argument is positive, deleted if negative, and zero resets the setting. */
+extern void LCL_SetSystemLeap(int leap);
 
 /* Routine to set a frequency correction (in ppm) that should be applied
    to local clock to compensate for temperature changes.  A positive
@@ -197,4 +213,8 @@ extern void LCL_SetLeap(int leap);
    due to clamping or rounding). */
 extern double LCL_SetTempComp(double comp);
 
+/* Routine to update the synchronisation status in the kernel to allow other
+   applications to know if the system clock is synchronised and error bounds */
+extern void LCL_SetSyncStatus(int synchronised, double est_error, double max_error);
+
 #endif /* GOT_LOCAL_H */

localp.h

@@ -47,16 +47,19 @@ typedef void (*lcl_AccrueOffsetDriver)(double offset, double corr_rate);
 
 /* System driver to apply a step offset. A positive argument means step
    the clock forwards. */
-typedef void (*lcl_ApplyStepOffsetDriver)(double offset);
+typedef int (*lcl_ApplyStepOffsetDriver)(double offset);
 
 /* System driver to convert a raw time to an adjusted (cooked) time.
    The number of seconds returned in 'corr' have to be added to the
    raw time to get the corrected time */
-typedef void (*lcl_OffsetCorrectionDriver)(struct timeval *raw, double *corr, double *err);
+typedef void (*lcl_OffsetCorrectionDriver)(struct timespec *raw, double *corr, double *err);
 
 /* System driver to schedule leap second */
 typedef void (*lcl_SetLeapDriver)(int leap);
 
+/* System driver to set the synchronisation status */
+typedef void (*lcl_SetSyncStatusDriver)(int synchronised, double est_error, double max_error);
+
 extern void lcl_InvokeDispersionNotifyHandlers(double dispersion);
 
 extern void
@@ -65,6 +68,7 @@ lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq,
                           lcl_AccrueOffsetDriver accrue_offset,
                           lcl_ApplyStepOffsetDriver apply_step_offset,
                           lcl_OffsetCorrectionDriver offset_convert,
-                          lcl_SetLeapDriver set_leap);
+                          lcl_SetLeapDriver set_leap,
+                          lcl_SetSyncStatusDriver set_sync_status);
 
 #endif /* GOT_LOCALP_H */

logging.c

@@ -3,7 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
- * Copyright (C) Miroslav Lichvar  2011-2012
+ * Copyright (C) Miroslav Lichvar  2011-2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -31,9 +31,11 @@
 
 #include "conf.h"
 #include "logging.h"
-#include "mkdirpp.h"
 #include "util.h"
 
+/* This is used by DEBUG_LOG macro */
+int log_debug_enabled = 0;
+
 /* ================================================== */
 /* Flag indicating we have initialised */
 static int initialised = 0;
@@ -42,11 +44,9 @@ static int system_log = 0;
 
 static int parent_fd = 0;
 
-static time_t last_limited = 0;
-
-#ifdef WINNT
-static FILE *logfile;
-#endif
+#define DEBUG_LEVEL_PRINT_FUNCTION 2
+#define DEBUG_LEVEL_PRINT_DEBUG 2
+static int debug_level = 0;
 
 struct LogFile {
   const char *name;
@@ -69,10 +69,6 @@ void
 LOG_Initialise(void)
 {
   initialised = 1;
-
-#ifdef WINNT
-  logfile = fopen("./chronyd.err", "a");
-#endif
 }
 
 /* ================================================== */
@@ -81,15 +77,9 @@ LOG_Initialise(void)
 void
 LOG_Finalise(void)
 {
-#ifdef WINNT
-  if (logfile) {
-    fclose(logfile);
-  }
-#else
   if (system_log) {
     closelog();
   }
-#endif
 
   LOG_CycleLogFiles();
 
@@ -98,86 +88,90 @@ LOG_Finalise(void)
 
 /* ================================================== */
 
-void
-LOG_Line_Function(LOG_Severity severity, LOG_Facility facility, const char *format, ...)
+static void log_message(int fatal, LOG_Severity severity, const char *message)
 {
-  char buf[2048];
-  va_list other_args;
-  va_start(other_args, format);
-  vsnprintf(buf, sizeof(buf), format, other_args);
-  va_end(other_args);
-#ifdef WINNT
-  if (logfile) {
-    fprintf(logfile, "%s\n", buf);
-  }
-#else
   if (system_log) {
+    int priority;
     switch (severity) {
+      case LOGS_DEBUG:
+        priority = LOG_DEBUG;
+        break;
       case LOGS_INFO:
-        syslog(LOG_INFO, "%s", buf);
+        priority = LOG_INFO;
         break;
       case LOGS_WARN:
-        syslog(LOG_WARNING, "%s", buf);
+        priority = LOG_WARNING;
         break;
       case LOGS_ERR:
-      default:
-        syslog(LOG_ERR, "%s", buf);
+        priority = LOG_ERR;
         break;
+      case LOGS_FATAL:
+        priority = LOG_CRIT;
+        break;
+      default:
+        assert(0);
     }
+    syslog(priority, fatal ? "Fatal error : %s" : "%s", message);
   } else {
-    fprintf(stderr, "%s\n", buf);
+    fprintf(stderr, fatal ? "Fatal error : %s\n" : "%s\n", message);
   }
-#endif
 }
 
 /* ================================================== */
 
-void
-LOG_Fatal_Function(LOG_Facility facility, const char *format, ...)
+void LOG_Message(LOG_Severity severity,
+#if DEBUG > 0
+                 LOG_Facility facility, int line_number,
+                 const char *filename, const char *function_name,
+#endif
+                 const char *format, ...)
 {
   char buf[2048];
   va_list other_args;
+  time_t t;
+  struct tm stm;
+
+  if (!system_log) {
+    /* Don't clutter up syslog with timestamps and internal debugging info */
+    time(&t);
+    stm = *gmtime(&t);
+    strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%SZ", &stm);
+    fprintf(stderr, "%s ", buf);
+#if DEBUG > 0
+    if (debug_level >= DEBUG_LEVEL_PRINT_FUNCTION)
+      fprintf(stderr, "%s:%d:(%s) ", filename, line_number, function_name);
+#endif
+  }
+
   va_start(other_args, format);
   vsnprintf(buf, sizeof(buf), format, other_args);
   va_end(other_args);
 
-#ifdef WINNT
-  if (logfile) {
-    fprintf(logfile, "Fatal error : %s\n", buf);
-  }
-#else
-  if (system_log) {
-    syslog(LOG_CRIT, "Fatal error : %s", buf);
-  } else {
-    fprintf(stderr, "Fatal error : %s\n", buf);
-  }
-  if (parent_fd) {
-    if (write(parent_fd, buf, strlen(buf) + 1) < 0)
-      ; /* Not much we can do here */
-  }
-#endif
+  switch (severity) {
+    case LOGS_DEBUG:
+    case LOGS_INFO:
+    case LOGS_WARN:
+    case LOGS_ERR:
+      log_message(0, severity, buf);
+      break;
+    case LOGS_FATAL:
+      log_message(1, severity, buf);
 
-  exit(1);
-}
-
-/* ================================================== */
-
-void
-LOG_Position(const char *filename, int line_number, const char *function_name)
-{
-#ifdef WINNT
-#else
-  time_t t;
-  struct tm stm;
-  char buf[64];
-  if (!system_log) {
-    /* Don't clutter up syslog with internal debugging info */
-    time(&t);
-    stm = *gmtime(&t);
-    strftime(buf, sizeof(buf), "%d-%H:%M:%S", &stm);
-    fprintf(stderr, "%s:%d:(%s)[%s] ", filename, line_number, function_name, buf);
+      /* With syslog, send the message also to the grandparent
+         process or write it to stderr if not detached */
+      if (system_log) {
+        if (parent_fd > 0) {
+          if (write(parent_fd, buf, strlen(buf) + 1) < 0)
+            ; /* Not much we can do here */
+        } else if (parent_fd == 0) {
+          system_log = 0;
+          log_message(1, severity, buf);
+        }
+      }
+      break;
+    default:
+      assert(0);
   }
-#endif
 }
 
 /* ================================================== */
@@ -185,11 +179,18 @@ LOG_Position(const char *filename, int line_number, const char *function_name)
 void
 LOG_OpenSystemLog(void)
 {
-#ifdef WINNT
-#else
   system_log = 1;
   openlog("chronyd", LOG_PID, LOG_DAEMON);
-#endif
+}
+
+/* ================================================== */
+
+void LOG_SetDebugLevel(int level)
+{
+  debug_level = level;
+  if (level >= DEBUG_LEVEL_PRINT_DEBUG) {
+    log_debug_enabled = 1;
+  }
 }
 
 /* ================================================== */
@@ -207,22 +208,7 @@ LOG_CloseParentFd()
 {
   if (parent_fd > 0)
     close(parent_fd);
-}
-
-/* ================================================== */
-
-int
-LOG_RateLimited(void)
-{
-  time_t now;
-
-  now = time(NULL);
-
-  if (last_limited + 10 > now && last_limited <= now)
-    return 1;
-
-  last_limited = now;
-  return 0;
+  parent_fd = -1;
 }
 
 /* ================================================== */
@@ -252,12 +238,18 @@ LOG_FileWrite(LOG_FileID id, const char *format, ...)
     return;
 
   if (!logfiles[id].file) {
-    char filename[512];
+    char filename[512], *logdir = CNF_GetLogDir();
+
+    if (logdir[0] == '\0') {
+      LOG(LOGS_WARN, LOGF_Logging, "logdir not specified");
+      logfiles[id].name = NULL;
+      return;
+    }
 
     if (snprintf(filename, sizeof(filename), "%s/%s.log",
-          CNF_GetLogDir(), logfiles[id].name) >= sizeof(filename) ||
+                 logdir, logfiles[id].name) >= sizeof (filename) ||
         !(logfiles[id].file = fopen(filename, "a"))) {
-      LOG(LOGS_WARN, LOGF_Refclock, "Couldn't open logfile %s for update", filename);
+      LOG(LOGS_WARN, LOGF_Logging, "Could not open log file %s", filename);
       logfiles[id].name = NULL;
       return;
     }
@@ -292,20 +284,6 @@ LOG_FileWrite(LOG_FileID id, const char *format, ...)
 
 /* ================================================== */
 
-void
-LOG_CreateLogFileDir(void)
-{
-  const char *logdir;
-
-  logdir = CNF_GetLogDir();
-
-  if (!mkdir_and_parents(logdir)) {
-    LOG(LOGS_ERR, LOGF_Logging, "Could not create directory %s", logdir);
-  }
-}
-
-/* ================================================== */
-
 void
 LOG_CycleLogFiles(void)
 {

logging.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2013-2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -28,11 +29,51 @@
 #ifndef GOT_LOGGING_H
 #define GOT_LOGGING_H
 
+#include "sysincl.h"
+
+/* Flag indicating whether debug messages are logged */
+extern int log_debug_enabled;
+
+/* Line logging macros.  If the compiler is GNU C, we take advantage of
+   being able to get the function name also. */
+
+#ifdef __GNUC__
+#define FUNCTION_NAME __FUNCTION__
+#define FORMAT_ATTRIBUTE_PRINTF(str, first) __attribute__ ((format (printf, str, first)))
+#else
+#define FUNCTION_NAME ""
+#define FORMAT_ATTRIBUTE_PRINTF(str, first)
+#endif
+
+#if DEBUG > 0
+#define LOG_MESSAGE(severity, facility, ...) \
+  LOG_Message(severity, facility, __LINE__, __FILE__, FUNCTION_NAME, __VA_ARGS__)
+#else
+#define LOG_MESSAGE(severity, facility, ...) \
+  LOG_Message(severity, __VA_ARGS__)
+#endif
+
+#define DEBUG_LOG(facility, ...) \
+  do { \
+    if (DEBUG && log_debug_enabled) \
+      LOG_MESSAGE(LOGS_DEBUG, facility, __VA_ARGS__); \
+  } while (0)
+
+#define LOG_FATAL(facility, ...) \
+  do { \
+    LOG_MESSAGE(LOGS_FATAL, facility, __VA_ARGS__); \
+    exit(1); \
+  } while (0)
+
+#define LOG(severity, facility, ...) LOG_MESSAGE(severity, facility, __VA_ARGS__)
+
 /* Definition of severity */
 typedef enum {
   LOGS_INFO,
   LOGS_WARN,
-  LOGS_ERR
+  LOGS_ERR,
+  LOGS_FATAL,
+  LOGS_DEBUG
 } LOG_Severity;
 
 /* Definition of facility.  Each message is tagged with who generated
@@ -41,7 +82,9 @@ typedef enum {
 typedef enum {
   LOGF_Reference,
   LOGF_NtpIO,
+  LOGF_NtpIOLinux,
   LOGF_NtpCore,
+  LOGF_NtpSignd,
   LOGF_NtpSources,
   LOGF_Scheduler,
   LOGF_SourceStats,
@@ -49,6 +92,8 @@ typedef enum {
   LOGF_Local,
   LOGF_Util,
   LOGF_Main,
+  LOGF_Memory,
+  LOGF_Client,
   LOGF_ClientLog,
   LOGF_Configure,
   LOGF_CmdMon,
@@ -56,16 +101,23 @@ typedef enum {
   LOGF_Manual,
   LOGF_Keys,
   LOGF_Logging,
+  LOGF_Nameserv,
+  LOGF_PrivOps,
   LOGF_Rtc,
   LOGF_Regress,
   LOGF_Sys,
+  LOGF_SysGeneric,
   LOGF_SysLinux,
+  LOGF_SysMacOSX,
   LOGF_SysNetBSD,
   LOGF_SysSolaris,
-  LOGF_SysSunOS,
+  LOGF_SysTimex,
   LOGF_SysWinnt,
+  LOGF_TempComp,
   LOGF_RtcLinux,
-  LOGF_Refclock
+  LOGF_Refclock,
+  LOGF_HwClocks,
+  LOGF_Smooth,
 } LOG_Facility;
 
 /* Init function */
@@ -75,13 +127,22 @@ extern void LOG_Initialise(void);
 extern void LOG_Finalise(void);
 
 /* Line logging function */
-extern void LOG_Line_Function(LOG_Severity severity, LOG_Facility facility, const char *format, ...);
+#if DEBUG > 0
+FORMAT_ATTRIBUTE_PRINTF(6, 7)
+extern void LOG_Message(LOG_Severity severity, LOG_Facility facility,
+                        int line_number, const char *filename,
+                        const char *function_name, const char *format, ...);
+#else
+FORMAT_ATTRIBUTE_PRINTF(2, 3)
+extern void LOG_Message(LOG_Severity severity, const char *format, ...);
+#endif
 
-/* Logging function for fatal errors */
-extern void LOG_Fatal_Function(LOG_Facility facility, const char *format, ...);
-
-/* Position in code reporting function */
-extern void LOG_Position(const char *filename, int line_number, const char *function_name);
+/* Set debug level:
+   0, 1 - only non-debug messages are logged
+   2    - debug messages are logged too, all messages are prefixed with
+          filename, line, and function name
+   */
+extern void LOG_SetDebugLevel(int level);
 
 /* Log messages to syslog instead of stderr */
 extern void LOG_OpenSystemLog(void);
@@ -92,27 +153,15 @@ extern void LOG_SetParentFd(int fd);
 /* Close the pipe to the foreground process so it can exit */
 extern void LOG_CloseParentFd(void);
 
-/* Return zero once per 10 seconds */
-extern int LOG_RateLimited(void);
-
-/* Line logging macro.  If the compiler is GNU C, we take advantage of
-   being able to get the function name also. */
-#if defined(__GNUC__)
-#define LOG LOG_Position(__FILE__, __LINE__, __FUNCTION__); LOG_Line_Function
-#define LOG_FATAL LOG_Position(__FILE__, __LINE__, __FUNCTION__); LOG_Fatal_Function
-#else
-#define LOG LOG_Position(__FILE__, __LINE__, ""); LOG_Line_Function
-#define LOG_FATAL LOG_Position(__FILE__, __LINE__, ""); LOG_Fatal_Function
-#endif /* defined (__GNUC__) */
-
 /* File logging functions */
 
 typedef int LOG_FileID;
 
 extern LOG_FileID LOG_FileOpen(const char *name, const char *banner);
+
+FORMAT_ATTRIBUTE_PRINTF(2, 3)
 extern void LOG_FileWrite(LOG_FileID id, const char *format, ...);
 
-extern void LOG_CreateLogFileDir(void);
 extern void LOG_CycleLogFiles(void);
 
 #endif /* GOT_LOGGING_H */

main.c

@@ -4,7 +4,7 @@
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2003
  * Copyright (C) John G. Hasler  2009
- * Copyright (C) Miroslav Lichvar  2012
+ * Copyright (C) Miroslav Lichvar  2012-2015
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -35,6 +35,7 @@
 #include "local.h"
 #include "sys.h"
 #include "ntp_io.h"
+#include "ntp_signd.h"
 #include "ntp_sources.h"
 #include "ntp_core.h"
 #include "sources.h"
@@ -44,14 +45,15 @@
 #include "conf.h"
 #include "cmdmon.h"
 #include "keys.h"
-#include "acquire.h"
 #include "manual.h"
 #include "rtc.h"
 #include "refclock.h"
 #include "clientlog.h"
-#include "broadcast.h"
 #include "nameserv.h"
+#include "privops.h"
+#include "smooth.h"
 #include "tempcomp.h"
+#include "util.h"
 
 /* ================================================== */
 
@@ -60,10 +62,24 @@
 
 static int initialised = 0;
 
-/* ================================================== */
+static int exit_status = 0;
 
 static int reload = 0;
 
+static REF_Mode ref_mode = REF_ModeNormal;
+
+/* ================================================== */
+
+static void
+do_platform_checks(void)
+{
+  /* Require at least 32-bit integers, two's complement representation and
+     the usual implementation of conversion of unsigned integers */
+  assert(sizeof (int) >= 4);
+  assert(-1 == ~0);
+  assert((int32_t)4294967295U == (int32_t)-1);
+}
+
 /* ================================================== */
 
 static void
@@ -79,36 +95,43 @@ delete_pidfile(void)
 void
 MAI_CleanupAndExit(void)
 {
-  if (!initialised) exit(0);
+  if (!initialised) exit(exit_status);
   
   if (CNF_GetDumpOnExit()) {
     SRC_DumpSources();
   }
 
+  /* Don't update clock when removing sources */
+  REF_SetMode(REF_ModeIgnore);
+
+  SMT_Finalise();
   TMC_Finalise();
   MNL_Finalise();
-  ACQ_Finalise();
   CLG_Finalise();
+  NSD_Finalise();
   NSR_Finalise();
-  NCR_Finalise();
-  BRD_Finalise();
   SST_Finalise();
-  REF_Finalise();
+  NCR_Finalise();
+  NIO_Finalise();
+  CAM_Finalise();
   KEY_Finalise();
   RCL_Finalise();
   SRC_Finalise();
+  REF_Finalise();
   RTC_Finalise();
-  CAM_Finalise();
-  NIO_Finalise();
   SYS_Finalise();
   SCH_Finalise();
   LCL_Finalise();
+  PRV_Finalise();
 
   delete_pidfile();
   
+  CNF_Finalise();
   LOG_Finalise();
 
-  exit(0);
+  HSH_Finalise();
+
+  exit(exit_status);
 }
 
 /* ================================================== */
@@ -123,13 +146,20 @@ signal_cleanup(int x)
 /* ================================================== */
 
 static void
-post_acquire_hook(void *anything)
+quit_timeout(void *arg)
 {
-  /* Close the pipe to the foreground process so it can exit */
-  LOG_CloseParentFd();
+  /* Return with non-zero status if the clock is not synchronised */
+  exit_status = REF_GetOurStratum() >= NTP_MAX_STRATUM;
+  SCH_QuitProgram();
+}
+
+/* ================================================== */
+
+static void
+ntp_source_resolving_end(void)
+{
+  NSR_SetSourceResolvingEndHandler(NULL);
 
-  CNF_AddSources();
-  CNF_AddBroadcasts();
   if (reload) {
     /* Note, we want reload to come well after the initialisation from
        the real time clock - this gives us a fighting chance that the
@@ -137,10 +167,63 @@ post_acquire_hook(void *anything)
        semblence of validity about it. */
     SRC_ReloadSources();
   }
-  CNF_SetupAccessRestrictions();
 
+  SRC_RemoveDumpFiles();
   RTC_StartMeasurements();
   RCL_StartRefclocks();
+  NSR_StartSources();
+  NSR_AutoStartSources();
+
+  /* Special modes can end only when sources update their reachability.
+     Give up immediatelly if there are no active sources. */
+  if (ref_mode != REF_ModeNormal && !SRC_ActiveSources()) {
+    REF_SetUnsynchronised();
+  }
+}
+
+/* ================================================== */
+
+static void
+post_init_ntp_hook(void *anything)
+{
+  if (ref_mode == REF_ModeInitStepSlew) {
+    /* Remove the initstepslew sources and set normal mode */
+    NSR_RemoveAllSources();
+    ref_mode = REF_ModeNormal;
+    REF_SetMode(ref_mode);
+  }
+
+  /* Close the pipe to the foreground process so it can exit */
+  LOG_CloseParentFd();
+
+  CNF_AddSources();
+  CNF_AddBroadcasts();
+
+  NSR_SetSourceResolvingEndHandler(ntp_source_resolving_end);
+  NSR_ResolveSources();
+}
+
+/* ================================================== */
+
+static void
+reference_mode_end(int result)
+{
+  switch (ref_mode) {
+    case REF_ModeNormal:
+    case REF_ModeUpdateOnce:
+    case REF_ModePrintOnce:
+      exit_status = !result;
+      SCH_QuitProgram();
+      break;
+    case REF_ModeInitStepSlew:
+      /* Switch to the normal mode, the delay is used to prevent polling
+         interval shorter than the burst interval if some configured servers
+         were used also for initstepslew */
+      SCH_AddTimeoutByDelay(2.0, post_init_ntp_hook, NULL);
+      break;
+    default:
+      assert(0);
+  }
 }
 
 /* ================================================== */
@@ -148,7 +231,14 @@ post_acquire_hook(void *anything)
 static void
 post_init_rtc_hook(void *anything)
 {
-  CNF_ProcessInitStepSlew(post_acquire_hook, NULL);
+  if (CNF_GetInitSources() > 0) {
+    CNF_AddInitSources();
+    NSR_StartSources();
+    assert(REF_GetMode() != REF_ModeNormal);
+    /* Wait for mode end notification */
+  } else {
+    (post_init_ntp_hook)(NULL);
+  }
 }
 
 /* ================================================== */
@@ -200,9 +290,9 @@ write_lockfile(void)
 
   out = fopen(pidfile, "w");
   if (!out) {
-    LOG(LOGS_ERR, LOGF_Main, "could not open lockfile %s for writing", pidfile);
+    LOG_FATAL(LOGF_Main, "could not open lockfile %s for writing", pidfile);
   } else {
-    fprintf(out, "%d\n", getpid());
+    fprintf(out, "%d\n", (int)getpid());
     fclose(out);
   }
 }
@@ -212,24 +302,19 @@ write_lockfile(void)
 static void
 go_daemon(void)
 {
-#ifdef WINNT
-
-
-#else
-
   int pid, fd, pipefd[2];
 
   /* Create pipe which will the daemon use to notify the grandparent
      when it's initialised or send an error message */
   if (pipe(pipefd)) {
-    LOG(LOGS_ERR, LOGF_Logging, "Could not detach, pipe failed : %s", strerror(errno));
+    LOG_FATAL(LOGF_Main, "Could not detach, pipe failed : %s", strerror(errno));
   }
 
   /* Does this preserve existing signal handlers? */
   pid = fork();
 
   if (pid < 0) {
-    LOG(LOGS_ERR, LOGF_Logging, "Could not detach, fork failed : %s", strerror(errno));
+    LOG_FATAL(LOGF_Main, "Could not detach, fork failed : %s", strerror(errno));
   } else if (pid > 0) {
     /* In the 'grandparent' */
     char message[1024];
@@ -254,7 +339,7 @@ go_daemon(void)
     pid = fork();
 
     if (pid < 0) {
-      LOG(LOGS_ERR, LOGF_Logging, "Could not detach, fork failed : %s", strerror(errno));
+      LOG_FATAL(LOGF_Main, "Could not detach, fork failed : %s", strerror(errno));
     } else if (pid > 0) {
       exit(0); /* In the 'parent' */
     } else {
@@ -262,7 +347,7 @@ go_daemon(void)
 
       /* Change current directory to / */
       if (chdir("/") < 0) {
-        LOG(LOGS_ERR, LOGF_Logging, "Could not chdir to / : %s", strerror(errno));
+        LOG_FATAL(LOGF_Main, "Could not chdir to / : %s", strerror(errno));
       }
 
       /* Don't keep stdin/out/err from before. But don't close
@@ -275,8 +360,6 @@ go_daemon(void)
       LOG_SetParentFd(pipefd[1]);
     }
   }
-
-#endif
 }
 
 /* ================================================== */
@@ -285,11 +368,17 @@ int main
 (int argc, char **argv)
 {
   const char *conf_file = DEFAULT_CONF_FILE;
+  const char *progname = argv[0];
   char *user = NULL;
+  struct passwd *pw;
   int debug = 0, nofork = 0, address_family = IPADDR_UNSPEC;
-  int do_init_rtc = 0, restarted = 0;
+  int do_init_rtc = 0, restarted = 0, timeout = 0;
   int other_pid;
-  int lock_memory = 0, sched_priority = 0;
+  int scfilter_level = 0, lock_memory = 0, sched_priority = 0;
+  int system_log = 1;
+  int config_args = 0;
+
+  do_platform_checks();
 
   LOG_Initialise();
 
@@ -317,30 +406,55 @@ int main
       } else {
         user = *argv;
       }
+    } else if (!strcmp("-F", *argv)) {
+      ++argv, --argc;
+      if (argc == 0 || sscanf(*argv, "%d", &scfilter_level) != 1)
+        LOG_FATAL(LOGF_Main, "Bad syscall filter level");
     } else if (!strcmp("-s", *argv)) {
       do_init_rtc = 1;
     } else if (!strcmp("-v", *argv) || !strcmp("--version",*argv)) {
       /* This write to the terminal is OK, it comes before we turn into a daemon */
-      printf("chronyd (chrony) version %s\n", CHRONY_VERSION);
-      exit(0);
+      printf("chronyd (chrony) version %s (%s)\n", CHRONY_VERSION, CHRONYD_FEATURES);
+      return 0;
     } else if (!strcmp("-n", *argv)) {
       nofork = 1;
     } else if (!strcmp("-d", *argv)) {
-      debug = 1;
+      debug++;
       nofork = 1;
+      system_log = 0;
+    } else if (!strcmp("-q", *argv)) {
+      ref_mode = REF_ModeUpdateOnce;
+      nofork = 1;
+      system_log = 0;
+    } else if (!strcmp("-Q", *argv)) {
+      ref_mode = REF_ModePrintOnce;
+      nofork = 1;
+      system_log = 0;
+    } else if (!strcmp("-t", *argv)) {
+      ++argv, --argc;
+      if (argc == 0 || sscanf(*argv, "%d", &timeout) != 1 || timeout <= 0)
+        LOG_FATAL(LOGF_Main, "Bad timeout");
     } else if (!strcmp("-4", *argv)) {
       address_family = IPADDR_INET4;
     } else if (!strcmp("-6", *argv)) {
       address_family = IPADDR_INET6;
-    } else {
+    } else if (!strcmp("-h", *argv) || !strcmp("--help", *argv)) {
+      printf("Usage: %s [-4|-6] [-n|-d] [-q|-Q] [-r] [-R] [-s] [-t TIMEOUT] [-f FILE|COMMAND...]\n",
+             progname);
+      return 0;
+    } else if (*argv[0] == '-') {
       LOG_FATAL(LOGF_Main, "Unrecognized command line option [%s]", *argv);
+    } else {
+      /* Process remaining arguments and configuration lines */
+      config_args = argc;
+      break;
     }
   }
 
   if (getuid() != 0) {
     /* This write to the terminal is OK, it comes before we turn into a daemon */
     fprintf(stderr,"Not superuser\n");
-    exit(1);
+    return 1;
   }
 
   /* Turn into a daemon */
@@ -348,16 +462,27 @@ int main
     go_daemon();
   }
 
-  if (!debug) {
+  if (system_log) {
     LOG_OpenSystemLog();
   }
   
-  LOG(LOGS_INFO, LOGF_Main, "chronyd version %s starting", CHRONY_VERSION);
+  LOG_SetDebugLevel(debug);
+  
+  LOG(LOGS_INFO, LOGF_Main, "chronyd version %s starting (%s)",
+      CHRONY_VERSION, CHRONYD_FEATURES);
 
   DNS_SetAddressFamily(address_family);
 
-  CNF_SetRestarted(restarted);
-  CNF_ReadFile(conf_file);
+  CNF_Initialise(restarted);
+
+  /* Parse the config file or the remaining command line arguments */
+  if (!config_args) {
+    CNF_ReadFile(conf_file);
+  } else {
+    do {
+      CNF_ParseLine(NULL, config_args - argc + 1, *argv);
+    } while (++argv, --argc);
+  }
 
   /* Check whether another chronyd may already be running.  Do this after
    * forking, so that message logging goes to the right place (i.e. syslog), in
@@ -371,20 +496,21 @@ int main
    * be done *AFTER* the daemon-creation fork() */
   write_lockfile();
 
-  if (do_init_rtc) {
-    RTC_TimePreInit();
-  }
-
+  PRV_Initialise();
   LCL_Initialise();
   SCH_Initialise();
   SYS_Initialise();
-  NIO_Initialise(address_family);
-  CAM_Initialise(address_family);
-  RTC_Initialise();
+  RTC_Initialise(do_init_rtc);
   SRC_Initialise();
   RCL_Initialise();
   KEY_Initialise();
 
+  /* Open privileged ports before dropping root */
+  CAM_Initialise(address_family);
+  NIO_Initialise(address_family);
+  NCR_Initialise();
+  CNF_SetupAccessRestrictions();
+
   /* Command-line switch must have priority */
   if (!sched_priority) {
     sched_priority = CNF_GetSchedPriority();
@@ -400,38 +526,52 @@ int main
   if (!user) {
     user = CNF_GetUser();
   }
-  if (user) {
-    SYS_DropRoot(user);
-  }
 
-  LOG_CreateLogFileDir();
+  if ((pw = getpwnam(user)) == NULL)
+    LOG_FATAL(LOGF_Main, "Could not get %s uid/gid", user);
+
+  /* Create all directories before dropping root */
+  CNF_CreateDirs(pw->pw_uid, pw->pw_gid);
+
+  /* Drop root privileges if the user has non-zero uid or gid */
+  if (pw->pw_uid || pw->pw_gid)
+    SYS_DropRoot(pw->pw_uid, pw->pw_gid);
 
   REF_Initialise();
   SST_Initialise();
-  BRD_Initialise();
-  NCR_Initialise();
   NSR_Initialise();
+  NSD_Initialise();
   CLG_Initialise();
-  ACQ_Initialise();
   MNL_Initialise();
   TMC_Initialise();
+  SMT_Initialise();
 
   /* From now on, it is safe to do finalisation on exit */
   initialised = 1;
 
+  UTI_SetQuitSignalsHandler(signal_cleanup);
+
+  CAM_OpenUnixSocket();
+
+  if (scfilter_level)
+    SYS_EnableSystemCallFilter(scfilter_level);
+
+  if (ref_mode == REF_ModeNormal && CNF_GetInitSources() > 0) {
+    ref_mode = REF_ModeInitStepSlew;
+  }
+
+  REF_SetModeEndHandler(reference_mode_end);
+  REF_SetMode(ref_mode);
+
+  if (timeout)
+    SCH_AddTimeoutByDelay(timeout, quit_timeout, NULL);
+
   if (do_init_rtc) {
     RTC_TimeInit(post_init_rtc_hook, NULL);
   } else {
     post_init_rtc_hook(NULL);
   }
 
-  signal(SIGINT, signal_cleanup);
-  signal(SIGTERM, signal_cleanup);
-#if !defined(WINNT)
-  signal(SIGQUIT, signal_cleanup);
-  signal(SIGHUP, signal_cleanup);
-#endif /* WINNT */
-
   /* The program normally runs under control of the main loop in
      the scheduler. */
   SCH_MainLoop();

make_release

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-LANG=C
+LANG=C.UTF-8
 export LANG
 
 if [ $# -ne 1 ]; then
@@ -9,8 +9,8 @@ if [ $# -ne 1 ]; then
 fi
 
 version=$1
+tag=$version
 subdir=chrony-${version}
-mandate=$(date +'%B %Y')
 
 umask 022
 
@@ -21,34 +21,33 @@ fi
 
 [ -d RELEASES ] || mkdir RELEASES
 
-git tag -s $version || exit 1
-
 rm -rf RELEASES/$subdir
 
-git archive --format=tar --prefix=RELEASES/${subdir}/ $version | \
+if [ $version != test ]; then
+  git tag -s $tag || exit 1
+else
+  tag=HEAD
+fi
+
+git archive --format=tar --prefix=RELEASES/${subdir}/ $tag | \
   tar xf - || exit 1
 
 cd RELEASES/$subdir || exit 1
 
 echo $version > version.txt
 
-sed -e "s%@@VERSION@@%${version}%" < chrony.spec.sample > chrony.spec
+sed -i -e "s%@@VERSION@@%${version}%" examples/chrony.spec
 
-for m in chrony.1.in chronyc.1.in chrony.conf.5.in chronyd.8.in; do
-  sed -e "s%@VERSION@%${version}%;s%@MAN_DATE@%${mandate}%" \
-    < $m > ${m}_
-  mv -f ${m}_ $m
-done
+./configure && make -C doc man txt || exit 1
+
+iconv -f utf-8 -t ascii//TRANSLIT < doc/installation.txt > INSTALL
+iconv -f utf-8 -t ascii//TRANSLIT < doc/faq.txt > FAQ
 
-./configure && make chrony.txt || exit 1
-mv chrony.txt chrony.txt_
 make distclean
-mv chrony.txt_ chrony.txt
-
-rm -f faqgen.pl make_release chrony.spec.sample .gitignore
+rm -f make_release .gitignore
 
 cd ..
-tar cvf - $subdir | gzip -9 > ${subdir}.tar.gz
-gpg -b -a -o ${subdir}-tar-gz-asc.txt ${subdir}.tar.gz
-
+tar cv --owner root --group root $subdir | gzip -9 > ${subdir}.tar.gz
 
+[ $version != test ] && \
+  gpg -b -a -o ${subdir}-tar-gz-asc.txt ${subdir}.tar.gz

manual.c

@@ -47,33 +47,28 @@ static int enabled = 0;
 
 /* More recent samples at highest indices */
 typedef struct {
-  struct timeval when; /* This is our 'cooked' time */
+  struct timespec when; /* This is our 'cooked' time */
   double orig_offset; /*+ Not modified by slew samples */
   double offset; /*+ if we are fast of the supplied reference */
   double residual; /*+ regression residual (sign convention given by
                      (measured-predicted)) */
 } Sample;
 
+#define MIN_SAMPLE_SEPARATION 1.0
+
 #define MAX_SAMPLES 16
 
 static Sample samples[16];
 static int n_samples;
 
-static int replace_margin;
-static int error;
-
-/* Eventually these constants need to be user-defined in conf file */
-#define REPLACE_MARGIN 300
-#define ERROR_MARGIN 0.2
-
 /* ================================================== */
 
 static void
-slew_samples(struct timeval *raw,
-             struct timeval *cooked, 
+slew_samples(struct timespec *raw,
+             struct timespec *cooked,
              double dfreq,
              double doffset,
-             int is_step_change,
+             LCL_ChangeType change_type,
              void *not_used);
 
 /* ================================================== */
@@ -89,9 +84,6 @@ MNL_Initialise(void)
 
   n_samples = 0;
 
-  replace_margin = REPLACE_MARGIN;
-  error = ERROR_MARGIN;
-
   LCL_AddParameterChangeHandler(slew_samples, NULL);
 }
 
@@ -105,7 +97,7 @@ MNL_Finalise(void)
 /* ================================================== */
 
 static void
-estimate_and_set_system(struct timeval *now, int offset_provided, double offset, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm)
+estimate_and_set_system(struct timespec *now, int offset_provided, double offset, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm)
 {
   double agos[MAX_SAMPLES], offsets[MAX_SAMPLES];
   double b0, b1;
@@ -118,7 +110,7 @@ estimate_and_set_system(struct timeval *now, int offset_provided, double offset,
 
   if (n_samples > 1) {
     for (i=0; i<n_samples; i++) {
-      UTI_DiffTimevalsToDouble(&agos[i], &samples[n_samples-1].when, &samples[i].when);
+      agos[i] = UTI_DiffTimespecsToDouble(&samples[n_samples - 1].when, &samples[i].when);
       offsets[i] = samples[i].offset;
     }
     
@@ -181,18 +173,28 @@ estimate_and_set_system(struct timeval *now, int offset_provided, double offset,
 /* ================================================== */
 
 int
-MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm)
+MNL_AcceptTimestamp(struct timespec *ts, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm)
 {
-  struct timeval now;
-  double offset;
+  struct timespec now;
+  double offset, diff;
   int i;
 
   if (enabled) {
-
-    /* Check whether timestamp is within margin of old one */
     LCL_ReadCookedTime(&now, NULL);
 
-    UTI_DiffTimevalsToDouble(&offset, &now, ts);
+    /* Make sure the provided timestamp is sane and the sample
+       is not too close to the last one */
+
+    if (!UTI_IsTimeOffsetSane(ts, 0.0))
+     return 0;
+
+    if (n_samples) {
+      diff = UTI_DiffTimespecsToDouble(&now, &samples[n_samples - 1].when);
+      if (diff < MIN_SAMPLE_SEPARATION)
+        return 0;
+    }
+
+    offset = UTI_DiffTimespecsToDouble(&now, ts);
 
     /* Check if buffer full up */
     if (n_samples == MAX_SAMPLES) {
@@ -222,17 +224,22 @@ MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, doub
 /* ================================================== */
 
 static void
-slew_samples(struct timeval *raw,
-             struct timeval *cooked, 
+slew_samples(struct timespec *raw,
+             struct timespec *cooked,
              double dfreq,
              double doffset,
-             int is_step_change,
+             LCL_ChangeType change_type,
              void *not_used)
 {
   double delta_time;
   int i;
+
+  if (change_type == LCL_ChangeUnknownStep) {
+    MNL_Reset();
+  }
+
   for (i=0; i<n_samples; i++) {
-    UTI_AdjustTimeval(&samples[i].when, cooked, &samples[i].when, &delta_time,
+    UTI_AdjustTimespec(&samples[i].when, cooked, &samples[i].when, &delta_time,
         dfreq, doffset);
     samples[i].offset += delta_time;
   }
@@ -263,6 +270,14 @@ MNL_Reset(void)
   n_samples = 0;
 }
 
+/* ================================================== */
+
+int
+MNL_IsEnabled(void)
+{
+  return enabled;
+}
+
 /* ================================================== */
 /* Generate report data for the REQ_MANUAL_LIST command/monitoring
    protocol */
@@ -294,7 +309,7 @@ int
 MNL_DeleteSample(int index)
 {
   int i;
-  struct timeval now;
+  struct timespec now;
 
   if ((index < 0) || (index >= n_samples)) {
     return 0;

manual.h

@@ -33,11 +33,12 @@
 
 extern void MNL_Initialise(void);
 extern void MNL_Finalise(void);
-extern int MNL_AcceptTimestamp(struct timeval *ts, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm);
+extern int MNL_AcceptTimestamp(struct timespec *ts, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm);
 
 extern void MNL_Enable(void);
 extern void MNL_Disable(void);
 extern void MNL_Reset(void);
+extern int MNL_IsEnabled(void);
 
 extern void MNL_ReportSamples(RPT_ManualSamplesReport *report, int max, int *n);
 extern int MNL_DeleteSample(int index);

memory.c

@@ -0,0 +1,67 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Utility functions for memory allocation.
+
+  */
+
+#include "config.h"
+
+#include "logging.h"
+#include "memory.h"
+
+void *
+Malloc(size_t size)
+{
+  void *r;
+
+  r = malloc(size);
+  if (!r && size)
+    LOG_FATAL(LOGF_Memory, "Could not allocate memory");
+
+  return r;
+}
+
+void *
+Realloc(void *ptr, size_t size)
+{
+  void *r;
+
+  r = realloc(ptr, size);
+  if (!r && size)
+    LOG_FATAL(LOGF_Memory, "Could not allocate memory");
+
+  return r;
+}
+
+char *
+Strdup(const char *s)
+{
+  void *r;
+
+  r = strdup(s);
+  if (!r)
+    LOG_FATAL(LOGF_Memory, "Could not allocate memory");
+
+  return r;
+}

memory.h

@@ -27,11 +27,15 @@
 #ifndef GOT_MEMORY_H
 #define GOT_MEMORY_H
 
-#define Malloc(x) malloc(x)
-#define MallocNew(T) ((T *) malloc(sizeof(T)))
-#define MallocArray(T, n) ((T *) malloc((n) * sizeof(T)))
-#define Realloc(x,y) realloc(x,y)
-#define ReallocArray(T,n,x) ((T *) realloc((void *)(x), (n)*sizeof(T)))
+/* Wrappers checking for errors */
+extern void *Malloc(size_t size);
+extern void *Realloc(void *ptr, size_t size);
+extern char *Strdup(const char *s);
+
+/* Convenient macros */
+#define MallocNew(T) ((T *) Malloc(sizeof(T)))
+#define MallocArray(T, n) ((T *) Malloc((n) * sizeof(T)))
+#define ReallocArray(T,n,x) ((T *) Realloc((void *)(x), (n)*sizeof(T)))
 #define Free(x) free(x)
 
 #endif /* GOT_MEMORY_H */

mkdirpp.c

@@ -1,134 +0,0 @@
-/*
-  chronyd/chronyc - Programs for keeping computer clocks accurate.
-
- **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
- * 
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of version 2 of the GNU General Public License as
- * published by the Free Software Foundation.
- * 
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
- * 
- **********************************************************************
-
-  =======================================================================
-
-  A function for creating a directory and any parent directories that
-  don't exist.
-
-  */
-
-#include "config.h"
-
-#include "sysincl.h"
-
-#include "mkdirpp.h"
-
-static int
-do_dir(char *p)
-{
-  int status;
-  struct stat buf;
-
-#if defined(TEST)
-  fprintf(stderr, "do_dir(%s)\n", p);
-#endif
-
-  /* See if directory exists */
-  status = stat(p, &buf);
-
-  if (status < 0) {
-    if (errno == ENOENT) {
-      /* Try to create directory */
-      status = mkdir(p, 0755);
-      return status;
-    } else {
-      return status;
-    }
-  }
-
-  if (!S_ISDIR(buf.st_mode)) {
-    return -1;
-  }
-
-  return 0;
-}
-
-/* ================================================== */
-/* Return 0 if the directory couldn't be created, 1 if it could (or
-   already existed) */
-
-int
-mkdir_and_parents(const char *path)
-{
-  char *p;
-  int len;
-  int i, j, k, last;
-  len = strlen(path);
-
-  p = (char *) malloc(1 + len);
-
-  i = k = 0;
-  while (1) {
-    p[i++] = path[k++];
-    
-    if (path[k] == '/' || !path[k]) {
-      p[i] = 0;
-
-      if (do_dir(p) < 0) {
-        free(p);
-        return 0;
-      }
-
-      if (!path[k]) {
-        /* End of the string */
-        break;
-      }
-
-      /* check whether its a trailing / or group of / */
-      last = 1;
-      j = k+1;
-      while (path[j]) {
-        if (path[j] != '/') {
-          k = j - 1; /* Pick up a / into p[] thru the assignment at the top of the loop */
-          last = 0;
-          break;
-        }
-        j++;
-      }
-
-      if (last) {
-        break;
-      }
-    }
-
-    if (!path[k]) break;
-
-  }  
-
-  free(p);
-  return 1;
-
-}
-
-/* ================================================== */
-
-#if defined(TEST)
-int main(int argc, char **argv) {
-  if (argc > 1) {
-    /* Invert sense of result */
-    return mkdir_and_parents(argv[1]) ? 0 : 1;
-  } else {
-    return 1;
-  }
-}
-#endif
-                                  

nameserv.c

@@ -44,12 +44,14 @@ DNS_SetAddressFamily(int family)
 }
 
 DNS_Status 
-DNS_Name2IPAddress(const char *name, IPAddr *addr)
+DNS_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs)
 {
-#ifdef HAVE_IPV6
+#ifdef HAVE_GETADDRINFO
   struct addrinfo hints, *res, *ai;
-  int result;
-  
+  int i, result;
+
+  max_addrs = MIN(max_addrs, DNS_MAX_ADDRESSES);
+
   memset(&hints, 0, sizeof (hints));
   hints.ai_family = AF_UNSPEC;
   hints.ai_socktype = SOCK_STREAM;
@@ -64,38 +66,60 @@ DNS_Name2IPAddress(const char *name, IPAddr *addr)
 #endif
   }
 
-  for (ai = res; !result && ai != NULL; ai = ai->ai_next) {
+  for (ai = res, i = 0; i < max_addrs && ai != NULL; ai = ai->ai_next) {
     switch (ai->ai_family) {
       case AF_INET:
-        addr->family = IPADDR_INET4;
-        addr->addr.in4 = ntohl(((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr);
-        result = 1;
+        if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET4)
+          continue;
+        ip_addrs[i].family = IPADDR_INET4;
+        ip_addrs[i].addr.in4 = ntohl(((struct sockaddr_in *)ai->ai_addr)->sin_addr.s_addr);
+        i++;
         break;
-#ifdef HAVE_IPV6
+#ifdef FEAT_IPV6
       case AF_INET6:
-        addr->family = IPADDR_INET6;
-        memcpy(&addr->addr.in6, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr.s6_addr, sizeof (addr->addr.in6));
-        result = 1;
+        if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET6)
+          continue;
+        ip_addrs[i].family = IPADDR_INET6;
+        memcpy(&ip_addrs[i].addr.in6, &((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr.s6_addr,
+               sizeof (ip_addrs->addr.in6));
+        i++;
         break;
 #endif
     }
-    if (result && address_family != IPADDR_UNSPEC && address_family != addr->family)
-      result = 0;
   }
 
+  for (; i < max_addrs; i++)
+        ip_addrs[i].family = IPADDR_UNSPEC;
+
   freeaddrinfo(res);
-  return result ? DNS_Success : DNS_Failure;
+
+  return !max_addrs || ip_addrs[0].family != IPADDR_UNSPEC ? DNS_Success : DNS_Failure;
 #else
   struct hostent *host;
+  int i;
   
+  if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET4)
+    return DNS_Failure;
+
+  max_addrs = MIN(max_addrs, DNS_MAX_ADDRESSES);
+
   host = gethostbyname(name);
 
   if (host == NULL) {
     if (h_errno == TRY_AGAIN)
       return DNS_TryAgain;
   } else {
-    addr->family = IPADDR_INET4;
-    addr->addr.in4 = ntohl(*(uint32_t *)host->h_addr_list[0]);
+    if (host->h_addrtype != AF_INET || !host->h_addr_list[0])
+      return DNS_Failure;
+
+    for (i = 0; host->h_addr_list[i] && i < max_addrs; i++) {
+      ip_addrs[i].family = IPADDR_INET4;
+      ip_addrs[i].addr.in4 = ntohl(*(uint32_t *)host->h_addr_list[i]);
+    }
+
+    for (; i < max_addrs; i++)
+      ip_addrs[i].family = IPADDR_UNSPEC;
+
     return DNS_Success;
   }
 
@@ -115,33 +139,14 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len)
 {
   char *result = NULL;
 
-#ifdef HAVE_IPV6
-  struct sockaddr_in in4;
+#ifdef FEAT_IPV6
   struct sockaddr_in6 in6;
+  socklen_t slen;
   char hbuf[NI_MAXHOST];
 
-  switch (ip_addr->family) {
-    case IPADDR_INET4:
-      memset(&in4, 0, sizeof (in4));
-#ifdef SIN6_LEN
-      in4.sin_len = sizeof (in4);
-#endif
-      in4.sin_family = AF_INET;
-      in4.sin_addr.s_addr = htonl(ip_addr->addr.in4);
-      if (!getnameinfo((const struct sockaddr *)&in4, sizeof (in4), hbuf, sizeof (hbuf), NULL, 0, 0))
-        result = hbuf;
-      break;
-    case IPADDR_INET6:
-      memset(&in6, 0, sizeof (in6));
-#ifdef SIN6_LEN
-      in6.sin6_len = sizeof (in6);
-#endif
-      in6.sin6_family = AF_INET6;
-      memcpy(&in6.sin6_addr.s6_addr, ip_addr->addr.in6, sizeof (in6.sin6_addr.s6_addr));
-      if (!getnameinfo((const struct sockaddr *)&in6, sizeof (in6), hbuf, sizeof (hbuf), NULL, 0, 0))
-        result = hbuf;
-      break;
-  }
+  slen = UTI_IPAndPortToSockaddr(ip_addr, 0, (struct sockaddr *)&in6);
+  if (!getnameinfo((struct sockaddr *)&in6, slen, hbuf, sizeof (hbuf), NULL, 0, 0))
+    result = hbuf;
 #else
   struct hostent *host;
   uint32_t addr;
@@ -151,7 +156,7 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len)
       addr = htonl(ip_addr->addr.in4);
       host = gethostbyaddr((const char *) &addr, sizeof (ip_addr), AF_INET);
       break;
-#ifdef HAVE_IPV6
+#ifdef FEAT_IPV6
     case IPADDR_INET6:
       host = gethostbyaddr((const void *) ip_addr->addr.in6, sizeof (ip_addr->addr.in6), AF_INET6);
       break;

nameserv.h

@@ -39,7 +39,10 @@ typedef enum {
 /* Resolve names only to selected address family */
 extern void DNS_SetAddressFamily(int family);
 
-extern DNS_Status DNS_Name2IPAddress(const char *name, IPAddr *addr);
+/* Maximum number of addresses returned by DNS_Name2IPAddress */
+#define DNS_MAX_ADDRESSES 16
+
+extern DNS_Status DNS_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs);
 
 extern int DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len);
 

nameserv_async.c

@@ -0,0 +1,133 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2014
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Functions to asynchronously convert name to IP address
+
+  */
+
+#include "config.h"
+#include "sysincl.h"
+
+#include "nameserv_async.h"
+#include "logging.h"
+#include "memory.h"
+#include "privops.h"
+#include "sched.h"
+#include "util.h"
+
+#ifdef USE_PTHREAD_ASYNCDNS
+#include <pthread.h>
+
+/* ================================================== */
+
+struct DNS_Async_Instance {
+  const char *name;
+  DNS_Status status;
+  IPAddr addresses[DNS_MAX_ADDRESSES];
+  DNS_NameResolveHandler handler;
+  void *arg;
+
+  pthread_t thread;
+  int pipe[2];
+};
+
+static int resolving_threads = 0;
+
+/* ================================================== */
+
+static void *
+start_resolving(void *anything)
+{
+  struct DNS_Async_Instance *inst = (struct DNS_Async_Instance *)anything;
+
+  inst->status = PRV_Name2IPAddress(inst->name, inst->addresses, DNS_MAX_ADDRESSES);
+
+  /* Notify the main thread that the result is ready */
+  if (write(inst->pipe[1], "", 1) < 0)
+    ;
+
+  return NULL;
+}
+
+/* ================================================== */
+
+static void
+end_resolving(int fd, int event, void *anything)
+{
+  struct DNS_Async_Instance *inst = (struct DNS_Async_Instance *)anything;
+  int i;
+
+  if (pthread_join(inst->thread, NULL)) {
+    LOG_FATAL(LOGF_Nameserv, "pthread_join() failed");
+  }
+
+  resolving_threads--;
+
+  SCH_RemoveFileHandler(inst->pipe[0]);
+  close(inst->pipe[0]);
+  close(inst->pipe[1]);
+
+  for (i = 0; inst->status == DNS_Success && i < DNS_MAX_ADDRESSES &&
+              inst->addresses[i].family != IPADDR_UNSPEC; i++)
+    ;
+
+  (inst->handler)(inst->status, i, inst->addresses, inst->arg);
+
+  Free(inst);
+}
+
+/* ================================================== */
+
+void
+DNS_Name2IPAddressAsync(const char *name, DNS_NameResolveHandler handler, void *anything)
+{
+  struct DNS_Async_Instance *inst;
+
+  inst = MallocNew(struct DNS_Async_Instance);
+  inst->name = name;
+  inst->handler = handler;
+  inst->arg = anything;
+  inst->status = DNS_Failure;
+
+  if (pipe(inst->pipe)) {
+    LOG_FATAL(LOGF_Nameserv, "pipe() failed");
+  }
+
+  UTI_FdSetCloexec(inst->pipe[0]);
+  UTI_FdSetCloexec(inst->pipe[1]);
+
+  resolving_threads++;
+  assert(resolving_threads <= 1);
+
+  if (pthread_create(&inst->thread, NULL, start_resolving, inst)) {
+    LOG_FATAL(LOGF_Nameserv, "pthread_create() failed");
+  }
+
+  SCH_AddFileHandler(inst->pipe[0], SCH_FILE_INPUT, end_resolving, inst);
+}
+
+/* ================================================== */
+
+#else
+#error
+#endif

nameserv_async.h

@@ -2,7 +2,7 @@
   chronyd/chronyc - Programs for keeping computer clocks accurate.
 
  **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -21,18 +21,20 @@
 
   =======================================================================
 
-  Replacement strerror function for systems that don't have it
+  Header for asynchronous nameserver functions
   */
 
-#include "config.h"
 
-#ifdef SUNOS
+#ifndef GOT_NAMESERV_ASYNC_H
+#define GOT_NAMESERV_ASYNC_H
 
-#include <errno.h>
-extern char *sys_errlist[];
+#include "nameserv.h"
 
-char *strerror(int n) {
-  return sys_errlist[n];
-}
+/* Function type for callback to process the result */
+typedef void (*DNS_NameResolveHandler)(DNS_Status status, int n_addrs, IPAddr *ip_addrs, void *anything);
 
-#endif /* SUNOS */
+/* Request resolving of a name to IP address. The handler will be
+   called when the result is available. */
+extern void DNS_Name2IPAddressAsync(const char *name, DNS_NameResolveHandler handler, void *anything);
+
+#endif

ntp.h

@@ -38,7 +38,27 @@ typedef struct {
 
 typedef uint32_t NTP_int32;
 
-#define MAX_NTP_AUTH_DATA_LEN MAX_HASH_LENGTH
+/* The NTP protocol version that we support */
+#define NTP_VERSION 4
+
+/* Maximum stratum number (infinity) */
+#define NTP_MAX_STRATUM 16
+
+/* The minimum valid length of an extension field */
+#define NTP_MIN_EXTENSION_LENGTH 16
+
+/* The maximum assumed length of all extension fields in received
+   packets (RFC 5905 doesn't specify a limit on length or number of
+   extension fields in one packet) */
+#define NTP_MAX_EXTENSIONS_LENGTH 1024
+
+/* The minimum and maximum supported length of MAC */
+#define NTP_MIN_MAC_LENGTH (4 + 16)
+#define NTP_MAX_MAC_LENGTH (4 + MAX_HASH_LENGTH)
+
+/* The maximum length of MAC in NTPv4 packets which allows deterministic
+   parsing of extension fields (RFC 7822) */
+#define NTP_MAX_V4_MAC_LENGTH (4 + 20)
 
 /* Type definition for leap bits */
 typedef enum {
@@ -69,24 +89,33 @@ typedef struct {
   NTP_int64 originate_ts;
   NTP_int64 receive_ts;
   NTP_int64 transmit_ts;
+
+  /* Optional extension fields, we don't send packets with them yet */
+  /* uint8_t extensions[] */
+
+  /* Optional message authentication code (MAC) */
   NTP_int32 auth_keyid;
-  uint8_t auth_data[MAX_NTP_AUTH_DATA_LEN];
+  uint8_t auth_data[NTP_MAX_MAC_LENGTH - 4];
 } NTP_Packet;
 
-/* We have to declare a buffer type to hold a datagram read from the
-   network.  Even though we won't be using them (yet?!), this must be
-   large enough to hold NTP control messages. */
+#define NTP_NORMAL_PACKET_LENGTH (int)offsetof(NTP_Packet, auth_keyid)
 
-/* Define the maximum number of bytes that can be read in a single
-   message.  (This is cribbed from ntp.h in the xntpd source code). */
-
-#define MAX_NTP_MESSAGE_SIZE (468+12+16+4)
-
-typedef union {
+/* The buffer used to hold a datagram read from the network */
+typedef struct {
   NTP_Packet ntp_pkt;
-  uint8_t arbitrary[MAX_NTP_MESSAGE_SIZE];
-} ReceiveBuffer;
+  uint8_t extensions[NTP_MAX_EXTENSIONS_LENGTH];
+} NTP_Receive_Buffer;
 
-#define NTP_NORMAL_PACKET_SIZE offsetof(NTP_Packet, auth_keyid)
+/* Macros to work with the lvm field */
+#define NTP_LVM_TO_LEAP(lvm) (((lvm) >> 6) & 0x3)
+#define NTP_LVM_TO_VERSION(lvm) (((lvm) >> 3) & 0x7)
+#define NTP_LVM_TO_MODE(lvm) ((lvm) & 0x7)
+#define NTP_LVM(leap, version, mode) \
+  ((((leap) << 6) & 0xc0) | (((version) << 3) & 0x38) | ((mode) & 0x07))
+
+/* Special NTP reference IDs */
+#define NTP_REFID_UNSYNC 0x0UL
+#define NTP_REFID_LOCAL 0x7F7F0101UL /* 127.127.1.1 */
+#define NTP_REFID_SMOOTH 0x7F7F01FFUL /* 127.127.1.255 */
 
 #endif /* GOT_NTP_H */

ntp_core.h

@@ -38,6 +38,18 @@ typedef enum {
   NTP_SERVER, NTP_PEER
 } NTP_Source_Type;
 
+typedef enum {
+  NTP_TS_DAEMON = 0,
+  NTP_TS_KERNEL,
+  NTP_TS_HARDWARE
+} NTP_Timestamp_Source;
+
+typedef struct {
+  struct timespec ts;
+  double err;
+  NTP_Timestamp_Source source;
+} NTP_Local_Timestamp;
+
 /* This is a private data type used for storing the instance record for
    each source that we are chiming with */
 typedef struct NCR_Instance_Record *NCR_Instance;
@@ -52,16 +64,40 @@ extern NCR_Instance NCR_GetInstance(NTP_Remote_Address *remote_addr, NTP_Source_
 /* Destroy an instance */
 extern void NCR_DestroyInstance(NCR_Instance instance);
 
+/* Start an instance */
+extern void NCR_StartInstance(NCR_Instance instance);
+
+/* Reset an instance */
+extern void NCR_ResetInstance(NCR_Instance inst);
+
+/* Reset polling interval of an instance */
+extern void NCR_ResetPoll(NCR_Instance instance);
+
+/* Change the remote address of an instance */
+extern void NCR_ChangeRemoteAddress(NCR_Instance inst, NTP_Remote_Address *remote_addr);
+
 /* This routine is called when a new packet arrives off the network,
    and it relates to a source we have an ongoing protocol exchange with */
-extern void NCR_ProcessKnown(NTP_Packet *message, struct timeval *now, double now_err, NCR_Instance data, int length);
+extern int NCR_ProcessRxKnown(NCR_Instance inst, NTP_Local_Address *local_addr,
+                              NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length);
 
 /* This routine is called when a new packet arrives off the network,
    and we do not recognize its source */
-extern void NCR_ProcessUnknown(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr, int length);
+extern void NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                                 NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length);
+
+/* This routine is called when a packet is sent to a source we have
+   an ongoing protocol exchange with */
+extern void NCR_ProcessTxKnown(NCR_Instance inst, NTP_Local_Address *local_addr,
+                               NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length);
+
+/* This routine is called when a packet is sent to a destination we
+   do not recognize */
+extern void NCR_ProcessTxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                                 NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length);
 
 /* Slew receive and transmit times in instance records */
-extern void NCR_SlewTimes(NCR_Instance inst, struct timeval *when, double dfreq, double doffset);
+extern void NCR_SlewTimes(NCR_Instance inst, struct timespec *when, double dfreq, double doffset);
 
 /* Take a particular source online (i.e. start sampling it) */
 extern void NCR_TakeSourceOnline(NCR_Instance inst);
@@ -86,7 +122,8 @@ extern void NCR_ModifyPolltarget(NCR_Instance inst, int new_poll_target);
 
 extern void NCR_InitiateSampleBurst(NCR_Instance inst, int n_good_samples, int n_total_samples);
 
-extern void NCR_ReportSource(NCR_Instance inst, RPT_SourceReport *report, struct timeval *now);
+extern void NCR_ReportSource(NCR_Instance inst, RPT_SourceReport *report, struct timespec *now);
+extern void NCR_GetNTPReport(NCR_Instance inst, RPT_NTPReport *report);
 
 extern int NCR_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all);
 extern int NCR_CheckAccessRestriction(IPAddr *ip_addr);
@@ -96,6 +133,10 @@ extern void NCR_IncrementActivityCounters(NCR_Instance inst, int *online, int *o
 
 extern NTP_Remote_Address *NCR_GetRemoteAddress(NCR_Instance instance);
 
+extern uint32_t NCR_GetLocalRefid(NCR_Instance inst);
+
 extern int NCR_IsSyncPeer(NCR_Instance instance);
 
+extern void NCR_AddBroadcastDestination(IPAddr *addr, unsigned short port, int interval);
+
 #endif /* GOT_NTP_CORE_H */

ntp_io.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -37,13 +38,23 @@ extern void NIO_Initialise(int family);
 /* Function to finalise the module */
 extern void NIO_Finalise(void);
 
+/* Function to obtain a socket for sending client packets */
+extern int NIO_OpenClientSocket(NTP_Remote_Address *remote_addr);
+
+/* Function to obtain a socket for sending server/peer packets */
+extern int NIO_OpenServerSocket(NTP_Remote_Address *remote_addr);
+
+/* Function to close a socket returned by NIO_OpenClientSocket() */
+extern void NIO_CloseClientSocket(int sock_fd);
+
+/* Function to close a socket returned by NIO_OpenServerSocket() */
+extern void NIO_CloseServerSocket(int sock_fd);
+
+/* Function to check if socket is a server socket */
+extern int NIO_IsServerSocket(int sock_fd);
+
 /* Function to transmit a packet */
-extern void NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr);
-
-/* Function to transmit an authenticated packet */
-extern void NIO_SendAuthenticatedPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr, int auth_len);
-
-/* Function to send a datagram to a remote machine's UDP echo port. */
-extern void NIO_SendEcho(NTP_Remote_Address *remote_addr);
+extern int NIO_SendPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr,
+                          NTP_Local_Address *local_addr, int length, int process_tx);
 
 #endif /* GOT_NTP_IO_H */

ntp_io_linux.c

@@ -0,0 +1,646 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Functions for NTP I/O specific to Linux
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include <ifaddrs.h>
+#include <linux/errqueue.h>
+#include <linux/ethtool.h>
+#include <linux/net_tstamp.h>
+#include <linux/ptp_clock.h>
+#include <linux/sockios.h>
+#include <net/if.h>
+
+#include "array.h"
+#include "conf.h"
+#include "hwclock.h"
+#include "local.h"
+#include "logging.h"
+#include "ntp_core.h"
+#include "ntp_io.h"
+#include "ntp_io_linux.h"
+#include "ntp_sources.h"
+#include "sched.h"
+#include "sys_linux.h"
+#include "util.h"
+
+union sockaddr_in46 {
+  struct sockaddr_in in4;
+#ifdef FEAT_IPV6
+  struct sockaddr_in6 in6;
+#endif
+  struct sockaddr u;
+};
+
+struct Interface {
+  char name[IF_NAMESIZE];
+  int if_index;
+  int phc_fd;
+  /* Link speed in mbit/s */
+  int link_speed;
+  /* Start of UDP data at layer 2 for IPv4 and IPv6 */
+  int l2_udp4_ntp_start;
+  int l2_udp6_ntp_start;
+  /* Compensation of errors in TX and RX timestamping */
+  double tx_comp;
+  double rx_comp;
+  HCL_Instance clock;
+};
+
+/* Number of PHC readings per HW clock sample */
+#define PHC_READINGS 10
+
+/* Maximum acceptable offset between HW and daemon/kernel timestamp */
+#define MAX_TS_DELAY 1.0
+
+/* Array of Interfaces */
+static ARR_Instance interfaces;
+
+/* RX/TX and TX-specific timestamping socket options */
+static int ts_flags;
+static int ts_tx_flags;
+
+/* Flag indicating the socket options can't be changed in control messages */
+static int permanent_ts_options;
+
+/* ================================================== */
+
+static int
+add_interface(const char *name, double tx_comp, double rx_comp)
+{
+  struct ethtool_ts_info ts_info;
+  struct hwtstamp_config ts_config;
+  struct ifreq req;
+  int sock_fd, if_index, phc_index, phc_fd;
+  unsigned int i;
+  struct Interface *iface;
+  char phc_path[64];
+
+  /* Check if the interface was not already added */
+  for (i = 0; i < ARR_GetSize(interfaces); i++) {
+    if (!strcmp(name, ((struct Interface *)ARR_GetElement(interfaces, i))->name))
+      return 1;
+  }
+
+  sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+  if (sock_fd < 0)
+    return 0;
+
+  memset(&req, 0, sizeof (req));
+  memset(&ts_info, 0, sizeof (ts_info));
+
+  if (snprintf(req.ifr_name, sizeof (req.ifr_name), "%s", name) >= sizeof (req.ifr_name)) {
+    close(sock_fd);
+    return 0;
+  }
+
+  if (ioctl(sock_fd, SIOCGIFINDEX, &req)) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "ioctl(%s) failed : %s", "SIOCGIFINDEX", strerror(errno));
+    close(sock_fd);
+    return 0;
+  }
+
+  if_index = req.ifr_ifindex;
+
+  ts_info.cmd = ETHTOOL_GET_TS_INFO;
+  req.ifr_data = (char *)&ts_info;
+
+  if (ioctl(sock_fd, SIOCETHTOOL, &req)) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "ioctl(%s) failed : %s", "SIOCETHTOOL", strerror(errno));
+    close(sock_fd);
+    return 0;
+  }
+
+  ts_config.flags = 0;
+  ts_config.tx_type = HWTSTAMP_TX_ON;
+  ts_config.rx_filter = HWTSTAMP_FILTER_ALL;
+  req.ifr_data = (char *)&ts_config;
+
+  if (ioctl(sock_fd, SIOCSHWTSTAMP, &req)) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "ioctl(%s) failed : %s", "SIOCSHWTSTAMP", strerror(errno));
+    close(sock_fd);
+    return 0;
+  }
+
+  close(sock_fd);
+  phc_index = ts_info.phc_index;
+
+  if (snprintf(phc_path, sizeof (phc_path), "/dev/ptp%d", phc_index) >= sizeof (phc_path))
+    return 0;
+
+  phc_fd = open(phc_path, O_RDONLY);
+  if (phc_fd < 0) {
+    LOG(LOGS_ERR, LOGF_NtpIOLinux, "Could not open %s : %s", phc_path, strerror(errno));
+    return 0;
+  }
+
+  UTI_FdSetCloexec(phc_fd);
+
+  iface = ARR_GetNewElement(interfaces);
+
+  snprintf(iface->name, sizeof (iface->name), "%s", name);
+  iface->if_index = if_index;
+  iface->phc_fd = phc_fd;
+
+  /* Start with 1 gbit and no VLANs or IPv4/IPv6 options */
+  iface->link_speed = 1000;
+  iface->l2_udp4_ntp_start = 42;
+  iface->l2_udp6_ntp_start = 62;
+
+  iface->tx_comp = tx_comp;
+  iface->rx_comp = rx_comp;
+
+  iface->clock = HCL_CreateInstance();
+
+  DEBUG_LOG(LOGF_NtpIOLinux, "Enabled HW timestamping on %s", name);
+
+  return 1;
+}
+
+/* ================================================== */
+
+static int
+add_all_interfaces(double tx_comp, double rx_comp)
+{
+  struct ifaddrs *ifaddr, *ifa;
+  int r;
+
+  if (getifaddrs(&ifaddr)) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "getifaddrs() failed : %s", strerror(errno));
+    return 0;
+  }
+
+  for (r = 0, ifa = ifaddr; ifa; ifa = ifa->ifa_next) {
+    if (add_interface(ifa->ifa_name, tx_comp, rx_comp))
+      r = 1;
+  }
+  
+  freeifaddrs(ifaddr);
+
+  /* Return success if at least one interface was added */
+  return r;
+}
+
+/* ================================================== */
+
+static void
+update_interface_speed(struct Interface *iface)
+{
+  struct ethtool_cmd cmd;
+  struct ifreq req;
+  int sock_fd;
+
+  sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
+  if (sock_fd < 0)
+    return;
+
+  memset(&req, 0, sizeof (req));
+  memset(&cmd, 0, sizeof (cmd));
+
+  snprintf(req.ifr_name, sizeof (req.ifr_name), "%s", iface->name);
+  cmd.cmd = ETHTOOL_GSET;
+  req.ifr_data = (char *)&cmd;
+
+  if (ioctl(sock_fd, SIOCETHTOOL, &req)) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "ioctl(%s) failed : %s", "SIOCETHTOOL", strerror(errno));
+    close(sock_fd);
+    return;
+  }
+
+  close(sock_fd);
+
+  iface->link_speed = ethtool_cmd_speed(&cmd);
+}
+
+/* ================================================== */
+
+void
+NIO_Linux_Initialise(void)
+{
+  double tx_comp, rx_comp;
+  char *name;
+  unsigned int i;
+  int hwts;
+
+  interfaces = ARR_CreateInstance(sizeof (struct Interface));
+
+  /* Enable HW timestamping on specified interfaces.  If "*" was specified, try
+     all interfaces.  If no interface was specified, enable SW timestamping. */
+
+  for (i = hwts = 0; CNF_GetHwTsInterface(i, &name, &tx_comp, &rx_comp); i++) {
+    if (!strcmp("*", name))
+      continue;
+    if (!add_interface(name, tx_comp, rx_comp))
+      LOG_FATAL(LOGF_NtpIO, "Could not enable HW timestamping on %s", name);
+    hwts = 1;
+  }
+
+  for (i = 0; CNF_GetHwTsInterface(i, &name, &tx_comp, &rx_comp); i++) {
+    if (strcmp("*", name))
+      continue;
+    if (add_all_interfaces(tx_comp, rx_comp))
+      hwts = 1;
+    break;
+  }
+
+  if (hwts) {
+    ts_flags = SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_RX_HARDWARE;
+    ts_tx_flags = SOF_TIMESTAMPING_TX_HARDWARE;
+  } else {
+    ts_flags = SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_RX_SOFTWARE;
+    ts_tx_flags = SOF_TIMESTAMPING_TX_SOFTWARE;
+  }
+
+  /* Enable IP_PKTINFO in messages looped back to the error queue */
+  ts_flags |= SOF_TIMESTAMPING_OPT_CMSG;
+
+  /* Kernels before 4.7 ignore timestamping flags set in control messages */
+  permanent_ts_options = !SYS_Linux_CheckKernelVersion(4, 7);
+}
+
+/* ================================================== */
+
+void
+NIO_Linux_Finalise(void)
+{
+  struct Interface *iface;
+  unsigned int i;
+
+  for (i = 0; i < ARR_GetSize(interfaces); i++) {
+    iface = ARR_GetElement(interfaces, i);
+    HCL_DestroyInstance(iface->clock);
+    close(iface->phc_fd);
+  }
+
+  ARR_DestroyInstance(interfaces);
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_SetTimestampSocketOptions(int sock_fd, int client_only, int *events)
+{
+  int val, flags;
+
+  if (!ts_flags)
+    return 0;
+
+  /* Enable SCM_TIMESTAMPING control messages and the socket's error queue in
+     order to receive our transmitted packets with more accurate timestamps */
+
+  val = 1;
+  flags = ts_flags;
+
+  if (client_only || permanent_ts_options)
+    flags |= ts_tx_flags;
+
+  if (setsockopt(sock_fd, SOL_SOCKET, SO_SELECT_ERR_QUEUE, &val, sizeof (val)) < 0) {
+    LOG(LOGS_ERR, LOGF_NtpIOLinux, "Could not set %s socket option", "SO_SELECT_ERR_QUEUE");
+    ts_flags = 0;
+    return 0;
+  }
+
+  if (setsockopt(sock_fd, SOL_SOCKET, SO_TIMESTAMPING, &flags, sizeof (flags)) < 0) {
+    LOG(LOGS_ERR, LOGF_NtpIOLinux, "Could not set %s socket option", "SO_TIMESTAMPING");
+    ts_flags = 0;
+    return 0;
+  }
+
+  *events |= SCH_FILE_EXCEPTION;
+  return 1;
+}
+
+/* ================================================== */
+
+static int
+get_phc_sample(int phc_fd, struct timespec *phc_ts, struct timespec *local_ts, double *p_delay)
+{
+  struct ptp_sys_offset sys_off;
+  struct timespec ts1, ts2, ts3, phc_tss[PHC_READINGS], sys_tss[PHC_READINGS];
+  double min_delay = 0.0, delays[PHC_READINGS], phc_sum, local_sum, local_prec;
+  int i, n;
+
+  /* Silence valgrind */
+  memset(&sys_off, 0, sizeof (sys_off));
+
+  sys_off.n_samples = PHC_READINGS;
+
+  if (ioctl(phc_fd, PTP_SYS_OFFSET, &sys_off)) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "ioctl(%s) failed : %s", "PTP_SYS_OFFSET", strerror(errno));
+    return 0;
+  }
+
+  for (i = 0; i < PHC_READINGS; i++) {
+    ts1.tv_sec = sys_off.ts[i * 2].sec;
+    ts1.tv_nsec = sys_off.ts[i * 2].nsec;
+    ts2.tv_sec = sys_off.ts[i * 2 + 1].sec;
+    ts2.tv_nsec = sys_off.ts[i * 2 + 1].nsec;
+    ts3.tv_sec = sys_off.ts[i * 2 + 2].sec;
+    ts3.tv_nsec = sys_off.ts[i * 2 + 2].nsec;
+
+    sys_tss[i] = ts1;
+    phc_tss[i] = ts2;
+    delays[i] = UTI_DiffTimespecsToDouble(&ts3, &ts1);
+
+    if (delays[i] <= 0.0)
+      /* Step in the middle of a PHC reading? */
+      return 0;
+
+    if (!i || delays[i] < min_delay)
+      min_delay = delays[i];
+  }
+
+  local_prec = LCL_GetSysPrecisionAsQuantum();
+
+  /* Combine best readings */
+  for (i = n = 0, phc_sum = local_sum = 0.0; i < PHC_READINGS; i++) {
+    if (delays[i] > min_delay + local_prec)
+      continue;
+
+    phc_sum += UTI_DiffTimespecsToDouble(&phc_tss[i], &phc_tss[0]);
+    local_sum += UTI_DiffTimespecsToDouble(&sys_tss[i], &sys_tss[0]) + delays[i] / 2.0;
+    n++;
+  }
+
+  assert(n);
+
+  UTI_AddDoubleToTimespec(&phc_tss[0], phc_sum / n, phc_ts);
+  UTI_AddDoubleToTimespec(&sys_tss[0], local_sum / n, &ts1);
+  LCL_CookTime(&ts1, local_ts, NULL);
+  *p_delay = min_delay;
+
+  return 1;
+}
+
+/* ================================================== */
+
+static struct Interface *
+get_interface(int if_index)
+{
+  struct Interface *iface;
+  unsigned int i;
+
+  for (i = 0; i < ARR_GetSize(interfaces); i++) {
+    iface = ARR_GetElement(interfaces, i);
+    if (iface->if_index != if_index)
+      continue;
+
+    return iface;
+  }
+
+  return NULL;
+}
+
+/* ================================================== */
+
+static void
+process_hw_timestamp(struct Interface *iface, struct timespec *hw_ts,
+                     NTP_Local_Timestamp *local_ts, int rx_ntp_length, int family)
+{
+  struct timespec sample_phc_ts, sample_local_ts, ts;
+  double sample_delay, rx_correction, ts_delay, err;
+  int l2_length;
+
+  if (HCL_NeedsNewSample(iface->clock, &local_ts->ts)) {
+    if (!get_phc_sample(iface->phc_fd, &sample_phc_ts, &sample_local_ts, &sample_delay))
+      return;
+
+    HCL_AccumulateSample(iface->clock, &sample_phc_ts, &sample_local_ts,
+                         sample_delay / 2.0);
+
+    update_interface_speed(iface);
+  }
+
+  /* We need to transpose RX timestamps as hardware timestamps are normally
+     preamble timestamps and RX timestamps in NTP are supposed to be trailer
+     timestamps.  Without raw sockets we don't know the length of the packet
+     at layer 2, so we make an assumption that UDP data start at the same
+     position as in the last transmitted packet which had a HW TX timestamp. */
+  if (rx_ntp_length && iface->link_speed) {
+    l2_length = (family == IPADDR_INET4 ? iface->l2_udp4_ntp_start :
+                 iface->l2_udp6_ntp_start) + rx_ntp_length + 4;
+    rx_correction = l2_length / (1.0e6 / 8 * iface->link_speed);
+
+    UTI_AddDoubleToTimespec(hw_ts, rx_correction, hw_ts);
+  }
+
+  if (!rx_ntp_length && iface->tx_comp)
+    UTI_AddDoubleToTimespec(hw_ts, iface->tx_comp, hw_ts);
+  else if (rx_ntp_length && iface->rx_comp)
+    UTI_AddDoubleToTimespec(hw_ts, -iface->rx_comp, hw_ts);
+
+  if (!HCL_CookTime(iface->clock, hw_ts, &ts, &err))
+    return;
+
+  ts_delay = UTI_DiffTimespecsToDouble(&local_ts->ts, &ts);
+
+  if (fabs(ts_delay) > MAX_TS_DELAY) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "Unacceptable timestamp delay %.9f", ts_delay);
+    return;
+  }
+
+  local_ts->ts = ts;
+  local_ts->err = err;
+  local_ts->source = NTP_TS_HARDWARE;
+}
+
+/* ================================================== */
+/* Extract UDP data from a layer 2 message.  Supported is Ethernet
+   with optional VLAN tags. */
+
+static int
+extract_udp_data(unsigned char *msg, NTP_Remote_Address *remote_addr, int len)
+{
+  unsigned char *msg_start = msg;
+  union sockaddr_in46 addr;
+
+  remote_addr->ip_addr.family = IPADDR_UNSPEC;
+  remote_addr->port = 0;
+
+  /* Skip MACs */
+  if (len < 12)
+    return 0;
+  len -= 12, msg += 12;
+
+  /* Skip VLAN tag(s) if present */
+  while (len >= 4 && msg[0] == 0x81 && msg[1] == 0x00)
+    len -= 4, msg += 4;
+
+  /* Skip IPv4 or IPv6 ethertype */
+  if (len < 2 || !((msg[0] == 0x08 && msg[1] == 0x00) ||
+                   (msg[0] == 0x86 && msg[1] == 0xdd)))
+    return 0;
+  len -= 2, msg += 2;
+
+  /* Parse destination address and port from IPv4/IPv6 and UDP headers */
+  if (len >= 20 && msg[0] >> 4 == 4) {
+    int ihl = (msg[0] & 0xf) * 4;
+
+    if (len < ihl + 8 || msg[9] != 17)
+      return 0;
+
+    memcpy(&addr.in4.sin_addr.s_addr, msg + 16, sizeof (uint32_t));
+    addr.in4.sin_port = *(uint16_t *)(msg + ihl + 2);
+    addr.in4.sin_family = AF_INET;
+    len -= ihl + 8, msg += ihl + 8;
+#ifdef FEAT_IPV6
+  } else if (len >= 48 && msg[0] >> 4 == 6) {
+    /* IPv6 extension headers are not supported */
+    if (msg[6] != 17)
+      return 0;
+
+    memcpy(&addr.in6.sin6_addr.s6_addr, msg + 24, 16);
+    addr.in6.sin6_port = *(uint16_t *)(msg + 40 + 2);
+    addr.in6.sin6_family = AF_INET6;
+    len -= 48, msg += 48;
+#endif
+  } else {
+    return 0;
+  }
+
+  UTI_SockaddrToIPAndPort(&addr.u, &remote_addr->ip_addr, &remote_addr->port);
+
+  /* Move the message to fix alignment of its fields */
+  if (len > 0)
+    memmove(msg_start, msg, len);
+
+  return len;
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_ProcessMessage(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                         NTP_Local_Timestamp *local_ts, struct msghdr *hdr,
+                         int length, int sock_fd, int if_index)
+{
+  struct Interface *iface;
+  struct cmsghdr *cmsg;
+  int is_tx, l2_length;
+
+  is_tx = hdr->msg_flags & MSG_ERRQUEUE;
+  iface = NULL;
+
+  for (cmsg = CMSG_FIRSTHDR(hdr); cmsg; cmsg = CMSG_NXTHDR(hdr, cmsg)) {
+    if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING) {
+      struct scm_timestamping ts3;
+
+      memcpy(&ts3, CMSG_DATA(cmsg), sizeof (ts3));
+
+      if (!UTI_IsZeroTimespec(&ts3.ts[0])) {
+        LCL_CookTime(&ts3.ts[0], &local_ts->ts, &local_ts->err);
+        local_ts->source = NTP_TS_KERNEL;
+      } else if (!UTI_IsZeroTimespec(&ts3.ts[2])) {
+        iface = get_interface(if_index);
+        if (iface) {
+          process_hw_timestamp(iface, &ts3.ts[2], local_ts, !is_tx ? length : 0,
+                               remote_addr->ip_addr.family);
+        } else {
+          DEBUG_LOG(LOGF_NtpIOLinux, "HW clock not found for interface %d", if_index);
+        }
+      }
+    }
+
+    if ((cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) ||
+        (cmsg->cmsg_level == SOL_IPV6 && cmsg->cmsg_type == IPV6_RECVERR)) {
+      struct sock_extended_err err;
+
+      memcpy(&err, CMSG_DATA(cmsg), sizeof (err));
+
+      if (err.ee_errno != ENOMSG || err.ee_info != SCM_TSTAMP_SND ||
+          err.ee_origin != SO_EE_ORIGIN_TIMESTAMPING) {
+        DEBUG_LOG(LOGF_NtpIOLinux, "Unknown extended error");
+        /* Drop the message */
+        return 1;
+      }
+    }
+  }
+
+  /* Return the message if it's not received from the error queue */
+  if (!is_tx)
+    return 0;
+
+  /* The data from the error queue includes all layers up to UDP.  We have to
+     extract the UDP data and also the destination address with port as there
+     currently doesn't seem to be a better way to get them both. */
+  l2_length = length;
+  length = extract_udp_data(hdr->msg_iov[0].iov_base, remote_addr, length);
+
+  DEBUG_LOG(LOGF_NtpIOLinux, "Received %d (%d) bytes from error queue for %s:%d fd=%d if=%d tss=%d",
+            l2_length, length, UTI_IPToString(&remote_addr->ip_addr), remote_addr->port,
+            sock_fd, if_index, local_ts->source);
+
+  /* Update assumed position of UDP data at layer 2 for next received packet */
+  if (iface && length) {
+    if (remote_addr->ip_addr.family == IPADDR_INET4)
+      iface->l2_udp4_ntp_start = l2_length - length;
+    else if (remote_addr->ip_addr.family == IPADDR_INET6)
+      iface->l2_udp6_ntp_start = l2_length - length;
+  }
+
+  /* Drop the message if HW timestamp is missing or its processing failed */
+  if ((ts_flags & SOF_TIMESTAMPING_RAW_HARDWARE) && local_ts->source != NTP_TS_HARDWARE) {
+    DEBUG_LOG(LOGF_NtpIOLinux, "Missing HW timestamp");
+    return 1;
+  }
+
+  if (length < NTP_NORMAL_PACKET_LENGTH)
+    return 1;
+
+  NSR_ProcessTx(remote_addr, local_addr, local_ts,
+                (NTP_Packet *)hdr->msg_iov[0].iov_base, length);
+
+  return 1;
+}
+
+/* ================================================== */
+
+int
+NIO_Linux_RequestTxTimestamp(struct msghdr *msg, int cmsglen, int sock_fd)
+{
+  struct cmsghdr *cmsg;
+
+  /* Check if TX timestamping is disabled on this socket */
+  if (permanent_ts_options || !NIO_IsServerSocket(sock_fd))
+    return cmsglen;
+
+  /* Add control message that will enable TX timestamping for this message.
+     Don't use CMSG_NXTHDR as the one in glibc is buggy for creating new
+     control messages. */
+  cmsg = (struct cmsghdr *)((char *)CMSG_FIRSTHDR(msg) + cmsglen);
+  memset(cmsg, 0, CMSG_SPACE(sizeof (ts_tx_flags)));
+  cmsglen += CMSG_SPACE(sizeof (ts_tx_flags));
+
+  cmsg->cmsg_level = SOL_SOCKET;
+  cmsg->cmsg_type = SO_TIMESTAMPING;
+  cmsg->cmsg_len = CMSG_LEN(sizeof (ts_tx_flags));
+
+  memcpy(CMSG_DATA(cmsg), &ts_tx_flags, sizeof (ts_tx_flags));
+
+  return cmsglen;
+}

ntp_io_linux.h

@@ -0,0 +1,37 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  This is the header file for the Linux-specific NTP socket I/O bits.
+  */
+
+extern void NIO_Linux_Initialise(void);
+
+extern void NIO_Linux_Finalise(void);
+
+extern int NIO_Linux_SetTimestampSocketOptions(int sock_fd, int client_only, int *events);
+
+extern int NIO_Linux_ProcessMessage(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                                    NTP_Local_Timestamp *local_ts, struct msghdr *hdr, int length,
+                                    int sock_fd, int if_index);
+
+extern int NIO_Linux_RequestTxTimestamp(struct msghdr *msg, int cmsglen, int sock_fd);

ntp_signd.c

@@ -0,0 +1,380 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2016
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  Support for MS-SNTP authentication in Samba (ntp_signd)
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "array.h"
+#include "conf.h"
+#include "logging.h"
+#include "ntp_io.h"
+#include "ntp_signd.h"
+#include "sched.h"
+#include "util.h"
+
+/* Declarations per samba/source4/librpc/idl/ntp_signd.idl */
+
+#define SIGND_VERSION 0
+
+typedef enum {
+  SIGN_TO_CLIENT = 0,
+  ASK_SERVER_TO_SIGN = 1,
+  CHECK_SERVER_SIGNATURE = 2,
+  SIGNING_SUCCESS = 3,
+  SIGNING_FAILURE = 4,
+} SigndOp;
+
+typedef struct {
+  uint32_t length;
+  uint32_t version;
+  uint32_t op;
+  uint16_t packet_id;
+  uint16_t _pad;
+  uint32_t key_id;
+  NTP_Packet packet_to_sign;
+} SigndRequest;
+
+typedef struct {
+  uint32_t length;
+  uint32_t version;
+  uint32_t op;
+  uint32_t packet_id;
+  NTP_Packet signed_packet;
+} SigndResponse;
+
+typedef struct {
+  NTP_Remote_Address remote_addr;
+  NTP_Local_Address local_addr;
+
+  int sent;
+  int received;
+  int request_length;
+  struct timespec request_ts;
+  SigndRequest request;
+  SigndResponse response;
+} SignInstance;
+
+/* As the communication with ntp_signd is asynchronous, incoming packets are
+   saved in a queue in order to avoid loss when they come in bursts */
+
+#define MAX_QUEUE_LENGTH 16U
+#define NEXT_QUEUE_INDEX(index) (((index) + 1) % MAX_QUEUE_LENGTH)
+#define IS_QUEUE_EMPTY() (queue_head == queue_tail)
+
+/* Fixed-size array of SignInstance */
+static ARR_Instance queue;
+static unsigned int queue_head;
+static unsigned int queue_tail;
+
+#define INVALID_SOCK_FD -1
+
+/* Unix domain socket connected to ntp_signd */
+static int sock_fd;
+
+#define MIN_AUTH_DELAY 1.0e-5
+#define MAX_AUTH_DELAY 1.0e-2
+
+/* Average time needed for signing one packet.  This is used to adjust the
+   transmit timestamp in NTP packets.  The timestamp won't be very accurate as
+   the delay is variable, but it should be good enough for MS-SNTP clients. */
+static double auth_delay;
+
+/* Flag indicating if the MS-SNTP authentication is enabled */
+static int enabled;
+
+/* ================================================== */
+
+static void read_write_socket(int sock_fd, int event, void *anything);
+
+/* ================================================== */
+
+static void
+close_socket(void)
+{
+  SCH_RemoveFileHandler(sock_fd);
+  close(sock_fd);
+  sock_fd = INVALID_SOCK_FD;
+
+  /* Empty the queue */
+  queue_head = queue_tail = 0;
+}
+
+/* ================================================== */
+
+static int
+open_socket(void)
+{
+  struct sockaddr_un s;
+
+  if (sock_fd >= 0)
+    return 1;
+
+  sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if (sock_fd < 0) {
+    DEBUG_LOG(LOGF_NtpSignd, "Could not open signd socket : %s", strerror(errno));
+    return 0;
+  }
+
+  UTI_FdSetCloexec(sock_fd);
+  SCH_AddFileHandler(sock_fd, SCH_FILE_INPUT, read_write_socket, NULL);
+
+  s.sun_family = AF_UNIX;
+  if (snprintf(s.sun_path, sizeof (s.sun_path), "%s/socket",
+               CNF_GetNtpSigndSocket()) >= sizeof (s.sun_path)) {
+    DEBUG_LOG(LOGF_NtpSignd, "signd socket path too long");
+    close_socket();
+    return 0;
+  }
+
+  if (connect(sock_fd, (struct sockaddr *)&s, sizeof (s)) < 0) {
+    DEBUG_LOG(LOGF_NtpSignd, "Could not connect to signd : %s", strerror(errno));
+    close_socket();
+    return 0;
+  }
+
+  DEBUG_LOG(LOGF_NtpSignd, "Connected to signd");
+
+  return 1;
+}
+
+/* ================================================== */
+
+static void
+process_response(SignInstance *inst)
+{
+  struct timespec ts;
+  double delay;
+
+  if (ntohs(inst->request.packet_id) != ntohl(inst->response.packet_id)) {
+    DEBUG_LOG(LOGF_NtpSignd, "Invalid response ID");
+    return;
+  }
+
+  if (ntohl(inst->response.op) != SIGNING_SUCCESS) {
+    DEBUG_LOG(LOGF_NtpSignd, "Signing failed");
+    return;
+  }
+
+  /* Check if the file descriptor is still valid */
+  if (!NIO_IsServerSocket(inst->local_addr.sock_fd)) {
+    DEBUG_LOG(LOGF_NtpSignd, "Invalid NTP socket");
+    return;
+  }
+
+  SCH_GetLastEventTime(NULL, NULL, &ts);
+  delay = UTI_DiffTimespecsToDouble(&ts, &inst->request_ts);
+
+  DEBUG_LOG(LOGF_NtpSignd, "Signing succeeded (delay %f)", delay);
+
+  /* Send the signed NTP packet */
+  NIO_SendPacket(&inst->response.signed_packet, &inst->remote_addr, &inst->local_addr,
+                 ntohl(inst->response.length) + sizeof (inst->response.length) -
+                 offsetof(SigndResponse, signed_packet), 0);
+
+  /* Update exponential moving average of the authentication delay */
+  delay = CLAMP(MIN_AUTH_DELAY, delay, MAX_AUTH_DELAY);
+  auth_delay += 0.1 * (delay - auth_delay);
+}
+
+/* ================================================== */
+
+static void
+read_write_socket(int sock_fd, int event, void *anything)
+{
+  SignInstance *inst;
+  uint32_t response_length;
+  int s;
+
+  inst = ARR_GetElement(queue, queue_head);
+
+  if (event == SCH_FILE_OUTPUT) {
+    assert(!IS_QUEUE_EMPTY());
+    assert(inst->sent < inst->request_length);
+
+    if (!inst->sent)
+      SCH_GetLastEventTime(NULL, NULL, &inst->request_ts);
+
+    s = send(sock_fd, (char *)&inst->request + inst->sent,
+             inst->request_length - inst->sent, 0);
+
+    if (s < 0) {
+      DEBUG_LOG(LOGF_NtpSignd, "signd socket error: %s", strerror(errno));
+      close_socket();
+      return;
+    }
+
+    DEBUG_LOG(LOGF_NtpSignd, "Sent %d bytes to signd", s);
+    inst->sent += s;
+
+    /* Try again later if the request is not complete yet */
+    if (inst->sent < inst->request_length)
+      return;
+
+    /* Disable output and wait for a response */
+    SCH_SetFileHandlerEvents(sock_fd, SCH_FILE_INPUT);
+  }
+
+  if (event == SCH_FILE_INPUT) {
+    if (IS_QUEUE_EMPTY()) {
+        DEBUG_LOG(LOGF_NtpSignd, "Unexpected signd response");
+        close_socket();
+        return;
+    }
+
+    assert(inst->received < sizeof (inst->response));
+    s = recv(sock_fd, (char *)&inst->response + inst->received,
+             sizeof (inst->response) - inst->received, 0);
+
+    if (s <= 0) {
+      if (s < 0)
+        DEBUG_LOG(LOGF_NtpSignd, "signd socket error: %s", strerror(errno));
+      else
+        DEBUG_LOG(LOGF_NtpSignd, "signd socket closed");
+
+      close_socket();
+      return;
+    }
+
+    DEBUG_LOG(LOGF_NtpSignd, "Received %d bytes from signd", s);
+    inst->received += s;
+
+    if (inst->received < sizeof (inst->response.length))
+      return;
+
+    response_length = ntohl(inst->response.length) + sizeof (inst->response.length);
+
+    if (response_length < offsetof(SigndResponse, signed_packet) ||
+        response_length > sizeof (SigndResponse)) {
+      DEBUG_LOG(LOGF_NtpSignd, "Invalid response length");
+      close_socket();
+      return;
+    }
+
+    /* Wait for more data if not complete yet */
+    if (inst->received < response_length)
+      return;
+
+    process_response(inst);
+
+    /* Move the head and enable output for the next packet */
+    queue_head = NEXT_QUEUE_INDEX(queue_head);
+    if (!IS_QUEUE_EMPTY())
+      SCH_SetFileHandlerEvents(sock_fd, SCH_FILE_INPUT | SCH_FILE_OUTPUT);
+  }
+}
+
+/* ================================================== */
+
+void
+NSD_Initialise()
+{
+  sock_fd = INVALID_SOCK_FD;
+  auth_delay = MIN_AUTH_DELAY;
+  enabled = CNF_GetNtpSigndSocket() && CNF_GetNtpSigndSocket()[0];
+
+  if (!enabled)
+    return;
+
+  queue = ARR_CreateInstance(sizeof (SignInstance));
+  ARR_SetSize(queue, MAX_QUEUE_LENGTH);
+  queue_head = queue_tail = 0;
+
+  LOG(LOGS_INFO, LOGF_NtpSignd, "MS-SNTP authentication enabled");
+}
+
+/* ================================================== */
+
+void
+NSD_Finalise()
+{
+  if (!enabled)
+    return;
+  if (sock_fd != INVALID_SOCK_FD)
+    close_socket();
+  ARR_DestroyInstance(queue);
+}
+
+/* ================================================== */
+
+extern int NSD_GetAuthDelay(uint32_t key_id)
+{
+  return 1.0e9 * auth_delay;
+}
+
+/* ================================================== */
+
+int
+NSD_SignAndSendPacket(uint32_t key_id, NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr, int length)
+{
+  SignInstance *inst;
+
+  if (!enabled) {
+    DEBUG_LOG(LOGF_NtpSignd, "signd disabled");
+    return 0;
+  }
+
+  if (queue_head == NEXT_QUEUE_INDEX(queue_tail)) {
+    DEBUG_LOG(LOGF_NtpSignd, "signd queue full");
+    return 0;
+  }
+
+  if (length != NTP_NORMAL_PACKET_LENGTH) {
+    DEBUG_LOG(LOGF_NtpSignd, "Invalid packet length");
+    return 0;
+  }
+
+  if (!open_socket())
+    return 0;
+
+  inst = ARR_GetElement(queue, queue_tail);
+  inst->remote_addr = *remote_addr;
+  inst->local_addr = *local_addr;
+  inst->sent = 0;
+  inst->received = 0;
+  inst->request_length = offsetof(SigndRequest, packet_to_sign) + length;
+
+  /* The length field doesn't include itself */
+  inst->request.length = htonl(inst->request_length - sizeof (inst->request.length));
+  inst->request.version = htonl(SIGND_VERSION);
+  inst->request.op = htonl(SIGN_TO_CLIENT);
+  inst->request.packet_id = htons(queue_tail);
+  inst->request._pad = 0;
+  inst->request.key_id = htonl(key_id);
+
+  memcpy(&inst->request.packet_to_sign, packet, length);
+
+  /* Enable output if there was no pending request */
+  if (IS_QUEUE_EMPTY())
+    SCH_SetFileHandlerEvents(sock_fd, SCH_FILE_INPUT | SCH_FILE_OUTPUT);
+
+  queue_tail = NEXT_QUEUE_INDEX(queue_tail);
+
+  DEBUG_LOG(LOGF_NtpSignd, "Packet added to signd queue (%u:%u)",
+            queue_head, queue_tail);
+
+  return 1;
+}

ntp_signd.h

@@ -2,7 +2,7 @@
   chronyd/chronyc - Programs for keeping computer clocks accurate.
 
  **********************************************************************
- * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -21,25 +21,24 @@
 
   =======================================================================
 
-  Header file for acquisition module
-  */
+  Header for MS-SNTP authentication via Samba (ntp_signd) */
 
-#ifndef GOT_ACQUIRE_H
-#define GOT_ACQUIRE_H
+#ifndef GOT_NTP_SIGND_H
+#define GOT_NTP_SIGND_H
 
 #include "addressing.h"
+#include "ntp.h"
 
-typedef struct ACQ_SourceRecord *ACQ_Source;
+/* Initialisation function */
+extern void NSD_Initialise(void);
 
-extern void ACQ_Initialise(void);
+/* Finalisation function */
+extern void NSD_Finalise(void);
 
-extern void ACQ_Finalise(void);
+/* Function to get an estimate of delay due to signing */
+extern int NSD_GetAuthDelay(uint32_t key_id);
 
-extern void ACQ_StartAcquisition(int n, IPAddr *ip_addrs, double init_slew_threshold,
-                                 void (*after_hook)(void *), void *anything);
+/* Function to sign an NTP packet and send it */
+extern int NSD_SignAndSendPacket(uint32_t key_id, NTP_Packet *packet, NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr, int length);
 
-extern void ACQ_AccumulateSample(ACQ_Source acq_source, double offset, double root_distance);
-
-extern void ACQ_MissedSample(ACQ_Source acq_source);
-
-#endif /* GOT_ACQUIRE_H */
+#endif

ntp_sources.h

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -49,19 +50,50 @@ typedef enum {
 /* Procedure to add a new server or peer source. */
 extern NSR_Status NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type, SourceParameters *params);
 
-/* Procedure to add a new server or peer source with currently unknown address.
-   The name will be periodically resolved in exponentially increasing intervals
-   until it succeeds or fails with a non-temporary error. */
-extern void NSR_AddUnresolvedSource(char *name, int port, NTP_Source_Type type, SourceParameters *params);
+/* Procedure to add a new server, peer source, or pool of servers specified by
+   name instead of address.  The name is resolved in exponentially increasing
+   intervals until it succeeds or fails with a non-temporary error. */
+extern void NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type, SourceParameters *params);
 
-/* Procedure to try resolve unresolved sources immediately. */
+/* Function type for handlers to be called back when an attempt
+ * (possibly unsuccessful) to resolve unresolved sources ends */
+typedef void (*NSR_SourceResolvingEndHandler)(void);
+
+/* Set the handler, or NULL to disable the notification */
+extern void NSR_SetSourceResolvingEndHandler(NSR_SourceResolvingEndHandler handler);
+
+/* Procedure to start resolving unresolved sources */
 extern void NSR_ResolveSources(void);
 
+/* Procedure to start all sources */
+extern void NSR_StartSources(void);
+
+/* Start new sources automatically */
+extern void NSR_AutoStartSources(void);
+
 /* Procedure to remove a source */
 extern NSR_Status NSR_RemoveSource(NTP_Remote_Address *remote_addr);
 
+/* Procedure to remove all sources */
+extern void NSR_RemoveAllSources(void);
+
+/* Procedure to try to find a replacement for a bad source */
+extern void NSR_HandleBadSource(IPAddr *address);
+
+/* Procedure to resolve all names again */
+extern void NSR_RefreshAddresses(void);
+
+/* Procedure to get local reference ID corresponding to a source */
+extern uint32_t NSR_GetLocalRefid(IPAddr *address);
+
 /* This routine is called by ntp_io when a new packet arrives off the network */
-extern void NSR_ProcessReceive(NTP_Packet *message, struct timeval *now, double now_err, NTP_Remote_Address *remote_addr, int length);
+extern void NSR_ProcessRx(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                          NTP_Local_Timestamp *rx_ts, NTP_Packet *message, int length);
+
+/* This routine is called by ntp_io when a packet was sent to the network and
+   an accurate transmit timestamp was captured */
+extern void NSR_ProcessTx(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_addr,
+                          NTP_Local_Timestamp *tx_ts, NTP_Packet *message, int length);
 
 /* Initialisation function */
 extern void NSR_Initialise(void);
@@ -95,7 +127,9 @@ extern int NSR_ModifyPolltarget(IPAddr *address, int new_poll_target);
 
 extern int NSR_InitiateSampleBurst(int n_good_samples, int n_total_samples, IPAddr *mask, IPAddr *address);
 
-extern void NSR_ReportSource(RPT_SourceReport *report, struct timeval *now);
+extern void NSR_ReportSource(RPT_SourceReport *report, struct timespec *now);
+
+extern int NSR_GetNTPReport(RPT_NTPReport *report);
 
 extern void NSR_GetActivityReport(RPT_ActivityReport *report);
 

pktlength.c

@@ -3,6 +3,7 @@
 
  **********************************************************************
  * Copyright (C) Richard P. Curnow  1997-2002
+ * Copyright (C) Miroslav Lichvar  2014-2016
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -33,138 +34,125 @@
 #include "util.h"
 #include "pktlength.h"
 
+#define PADDING_LENGTH_(request_length, reply_length) \
+  (uint16_t)((request_length) < (reply_length) ? (reply_length) - (request_length) : 0)
+
+#define PADDING_LENGTH(request_data, reply_data) \
+  PADDING_LENGTH_(offsetof(CMD_Request, request_data), offsetof(CMD_Reply, reply_data))
+
+#define REQ_LENGTH_ENTRY(request_data_field, reply_data_field) \
+  { offsetof(CMD_Request, data.request_data_field.EOR), \
+    PADDING_LENGTH(data.request_data_field.EOR, data.reply_data_field.EOR) }
+
+#define RPY_LENGTH_ENTRY(reply_data_field) \
+  offsetof(CMD_Reply, data.reply_data_field.EOR)
+
 /* ================================================== */
 
-static int
-command_unpadded_length(CMD_Request *r)
-{
-  int type;
-  type = ntohs(r->command);
-  if (type < 0 || type >= N_REQUEST_TYPES) {
-    return 0;
-  } else {
-    switch (type) {
-      
-      case REQ_NULL:
-        return offsetof(CMD_Request, data);
-      case REQ_ONLINE:
-        return offsetof(CMD_Request, data.online.EOR);
-      case REQ_OFFLINE:
-        return offsetof(CMD_Request, data.offline.EOR);
-      case REQ_BURST:
-        return offsetof(CMD_Request, data.burst.EOR);
-      case REQ_MODIFY_MINPOLL:
-        return offsetof(CMD_Request, data.modify_minpoll.EOR);
-      case REQ_MODIFY_MAXPOLL:
-        return offsetof(CMD_Request, data.modify_maxpoll.EOR);
-      case REQ_DUMP:
-        return offsetof(CMD_Request, data.dump.EOR);
-      case REQ_MODIFY_MAXDELAY:
-        return offsetof(CMD_Request, data.modify_maxdelay.EOR);
-      case REQ_MODIFY_MAXDELAYRATIO:
-        return offsetof(CMD_Request, data.modify_maxdelayratio.EOR);
-      case REQ_MODIFY_MAXDELAYDEVRATIO:
-        return offsetof(CMD_Request, data.modify_maxdelaydevratio.EOR);
-      case REQ_MODIFY_MAXUPDATESKEW:
-        return offsetof(CMD_Request, data.modify_maxupdateskew.EOR);
-      case REQ_LOGON :
-        return offsetof(CMD_Request, data.logon.EOR);
-      case REQ_SETTIME :
-        return offsetof(CMD_Request, data.settime.EOR);
-      case REQ_LOCAL :
-        return offsetof(CMD_Request, data.local.EOR);
-      case REQ_MANUAL :
-        return offsetof(CMD_Request, data.manual.EOR);
-      case REQ_N_SOURCES :
-        return offsetof(CMD_Request, data.n_sources.EOR);
-      case REQ_SOURCE_DATA :
-        return offsetof(CMD_Request, data.source_data.EOR);
-      case REQ_REKEY :
-        return offsetof(CMD_Request, data.rekey.EOR);
-      case REQ_ALLOW :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_ALLOWALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_DENY :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_DENYALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDALLOW :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDALLOWALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDDENY :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_CMDDENYALL :
-        return offsetof(CMD_Request, data.allow_deny.EOR);
-      case REQ_ACCHECK :
-        return offsetof(CMD_Request, data.ac_check.EOR);
-      case REQ_CMDACCHECK :
-        return offsetof(CMD_Request, data.ac_check.EOR);
-      case REQ_ADD_SERVER :
-        return offsetof(CMD_Request, data.ntp_source.EOR);
-      case REQ_ADD_PEER :
-        return offsetof(CMD_Request, data.ntp_source.EOR);
-      case REQ_DEL_SOURCE :
-        return offsetof(CMD_Request, data.del_source.EOR);
-      case REQ_WRITERTC :
-        return offsetof(CMD_Request, data.writertc.EOR);
-      case REQ_DFREQ :
-        return offsetof(CMD_Request, data.dfreq.EOR);
-      case REQ_DOFFSET :
-        return offsetof(CMD_Request, data.doffset.EOR);
-      case REQ_TRACKING :
-        return offsetof(CMD_Request, data.tracking.EOR);
-      case REQ_SOURCESTATS :
-        return offsetof(CMD_Request, data.sourcestats.EOR);
-      case REQ_RTCREPORT :
-        return offsetof(CMD_Request, data.rtcreport.EOR);
-      case REQ_TRIMRTC :
-        return offsetof(CMD_Request, data.trimrtc.EOR);
-      case REQ_CYCLELOGS :
-        return offsetof(CMD_Request, data.cyclelogs.EOR);
-      case REQ_SUBNETS_ACCESSED :
-      case REQ_CLIENT_ACCESSES:
-        /* No longer supported */
-        return 0;
-      case REQ_CLIENT_ACCESSES_BY_INDEX:
-        return offsetof(CMD_Request, data.client_accesses_by_index.EOR);
-      case REQ_MANUAL_LIST:
-        return offsetof(CMD_Request, data.manual_list.EOR);
-      case REQ_MANUAL_DELETE:
-        return offsetof(CMD_Request, data.manual_delete.EOR);
-      case REQ_MAKESTEP:
-        return offsetof(CMD_Request, data.make_step.EOR);
-      case REQ_ACTIVITY:
-        return offsetof(CMD_Request, data.activity.EOR);
-      case REQ_RESELECT:
-        return offsetof(CMD_Request, data.reselect.EOR);
-      case REQ_RESELECTDISTANCE:
-        return offsetof(CMD_Request, data.reselect_distance.EOR);
-      case REQ_MODIFY_MINSTRATUM:
-        return offsetof(CMD_Request, data.modify_minstratum.EOR);
-      case REQ_MODIFY_POLLTARGET:
-        return offsetof(CMD_Request, data.modify_polltarget.EOR);
-      default:
-        /* If we fall through the switch, it most likely means we've forgotten to implement a new case */
-        assert(0);
-    }
-  }
+struct request_length {
+  uint16_t command;
+  uint16_t padding;
+};
 
-  /* Catch-all case */
-  return 0;
-
-}
+static const struct request_length request_lengths[] = {
+  REQ_LENGTH_ENTRY(null, null),                 /* NULL */
+  REQ_LENGTH_ENTRY(online, null),               /* ONLINE */
+  REQ_LENGTH_ENTRY(offline, null),              /* OFFLINE */
+  REQ_LENGTH_ENTRY(burst, null),                /* BURST */
+  REQ_LENGTH_ENTRY(modify_minpoll, null),       /* MODIFY_MINPOLL */
+  REQ_LENGTH_ENTRY(modify_maxpoll, null),       /* MODIFY_MAXPOLL */
+  REQ_LENGTH_ENTRY(dump, null),                 /* DUMP */
+  REQ_LENGTH_ENTRY(modify_maxdelay, null),      /* MODIFY_MAXDELAY */
+  REQ_LENGTH_ENTRY(modify_maxdelayratio, null), /* MODIFY_MAXDELAYRATIO */
+  REQ_LENGTH_ENTRY(modify_maxupdateskew, null), /* MODIFY_MAXUPDATESKEW */
+  REQ_LENGTH_ENTRY(logon, null),                /* LOGON */
+  REQ_LENGTH_ENTRY(settime, manual_timestamp),  /* SETTIME */
+  { 0, 0 },                                     /* LOCAL */
+  REQ_LENGTH_ENTRY(manual, null),               /* MANUAL */
+  REQ_LENGTH_ENTRY(null, n_sources),            /* N_SOURCES */
+  REQ_LENGTH_ENTRY(source_data, source_data),   /* SOURCE_DATA */
+  REQ_LENGTH_ENTRY(null, null),                 /* REKEY */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* ALLOW */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* ALLOWALL */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* DENY */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* DENYALL */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDALLOW */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDALLOWALL */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDDENY */
+  REQ_LENGTH_ENTRY(allow_deny, null),           /* CMDDENYALL */
+  REQ_LENGTH_ENTRY(ac_check, null),             /* ACCHECK */
+  REQ_LENGTH_ENTRY(ac_check, null),             /* CMDACCHECK */
+  { 0, 0 },                                     /* ADD_SERVER */
+  { 0, 0 },                                     /* ADD_PEER */
+  REQ_LENGTH_ENTRY(del_source, null),           /* DEL_SOURCE */
+  REQ_LENGTH_ENTRY(null, null),                 /* WRITERTC */
+  REQ_LENGTH_ENTRY(dfreq, null),                /* DFREQ */
+  REQ_LENGTH_ENTRY(doffset, null),              /* DOFFSET */
+  REQ_LENGTH_ENTRY(null, tracking),             /* TRACKING */
+  REQ_LENGTH_ENTRY(sourcestats, sourcestats),   /* SOURCESTATS */
+  REQ_LENGTH_ENTRY(null, rtc),                  /* RTCREPORT */
+  REQ_LENGTH_ENTRY(null, null),                 /* TRIMRTC */
+  REQ_LENGTH_ENTRY(null, null),                 /* CYCLELOGS */
+  { 0, 0 },                                     /* SUBNETS_ACCESSED - not supported */
+  { 0, 0 },                                     /* CLIENT_ACCESSES - not supported */
+  { 0, 0 },                                     /* CLIENT_ACCESSES_BY_INDEX - not supported */
+  REQ_LENGTH_ENTRY(null, manual_list),          /* MANUAL_LIST */
+  REQ_LENGTH_ENTRY(manual_delete, null),        /* MANUAL_DELETE */
+  REQ_LENGTH_ENTRY(null, null),                 /* MAKESTEP */
+  REQ_LENGTH_ENTRY(null, activity),             /* ACTIVITY */
+  REQ_LENGTH_ENTRY(modify_minstratum, null),    /* MODIFY_MINSTRATUM */
+  REQ_LENGTH_ENTRY(modify_polltarget, null),    /* MODIFY_POLLTARGET */
+  REQ_LENGTH_ENTRY(modify_maxdelaydevratio, null), /* MODIFY_MAXDELAYDEVRATIO */
+  REQ_LENGTH_ENTRY(null, null),                 /* RESELECT */
+  REQ_LENGTH_ENTRY(reselect_distance, null),    /* RESELECTDISTANCE */
+  REQ_LENGTH_ENTRY(modify_makestep, null),      /* MODIFY_MAKESTEP */
+  REQ_LENGTH_ENTRY(null, smoothing),            /* SMOOTHING */
+  REQ_LENGTH_ENTRY(smoothtime, null),           /* SMOOTHTIME */
+  REQ_LENGTH_ENTRY(null, null),                 /* REFRESH */
+  REQ_LENGTH_ENTRY(null, server_stats),         /* SERVER_STATS */
+  REQ_LENGTH_ENTRY(client_accesses_by_index,
+                   client_accesses_by_index),   /* CLIENT_ACCESSES_BY_INDEX2 */
+  REQ_LENGTH_ENTRY(local, null),                /* LOCAL2 */
+  REQ_LENGTH_ENTRY(ntp_data, ntp_data),         /* NTP_DATA */
+  REQ_LENGTH_ENTRY(ntp_source, null),           /* ADD_SERVER2 */
+  REQ_LENGTH_ENTRY(ntp_source, null),           /* ADD_PEER2 */
+};
 
+static const uint16_t reply_lengths[] = {
+  0,                                            /* empty slot */
+  RPY_LENGTH_ENTRY(null),                       /* NULL */
+  RPY_LENGTH_ENTRY(n_sources),                  /* N_SOURCES */
+  RPY_LENGTH_ENTRY(source_data),                /* SOURCE_DATA */
+  RPY_LENGTH_ENTRY(manual_timestamp),           /* MANUAL_TIMESTAMP */
+  RPY_LENGTH_ENTRY(tracking),                   /* TRACKING */
+  RPY_LENGTH_ENTRY(sourcestats),                /* SOURCESTATS */
+  RPY_LENGTH_ENTRY(rtc),                        /* RTC */
+  0,                                            /* SUBNETS_ACCESSED - not supported */
+  0,                                            /* CLIENT_ACCESSES - not supported */
+  0,                                            /* CLIENT_ACCESSES_BY_INDEX - not supported */
+  0,                                            /* MANUAL_LIST - variable length */
+  RPY_LENGTH_ENTRY(activity),                   /* ACTIVITY */
+  RPY_LENGTH_ENTRY(smoothing),                  /* SMOOTHING */
+  RPY_LENGTH_ENTRY(server_stats),               /* SERVER_STATS */
+  RPY_LENGTH_ENTRY(client_accesses_by_index),   /* CLIENT_ACCESSES_BY_INDEX2 */
+  RPY_LENGTH_ENTRY(ntp_data),                   /* NTP_DATA */
+};
 
 /* ================================================== */
 
 int
 PKL_CommandLength(CMD_Request *r)
 {
+  uint32_t type;
   int command_length;
 
-  command_length = command_unpadded_length(r);
+  assert(sizeof (request_lengths) / sizeof (request_lengths[0]) == N_REQUEST_TYPES);
+
+  type = ntohs(r->command);
+  if (type >= N_REQUEST_TYPES)
+    return 0;
+
+  command_length = request_lengths[type].command;
   if (!command_length)
     return 0;
 
@@ -173,131 +161,20 @@ PKL_CommandLength(CMD_Request *r)
 
 /* ================================================== */
 
-#define PADDING_LENGTH_(request_length, reply_length) \
-  ((request_length) < (reply_length) ? (reply_length) - (request_length) : 0)
-
-#define PADDING_LENGTH(request_data, reply_data) \
-  PADDING_LENGTH_(offsetof(CMD_Request, request_data), offsetof(CMD_Reply, reply_data))
-
 int
 PKL_CommandPaddingLength(CMD_Request *r)
 {
-  int type;
+  uint32_t type;
 
   if (r->version < PROTO_VERSION_PADDING)
     return 0;
 
   type = ntohs(r->command);
 
-  if (type < 0 || type >= N_REQUEST_TYPES)
+  if (type >= N_REQUEST_TYPES)
     return 0;
 
-  switch (type) {
-    case REQ_NULL:
-      return PADDING_LENGTH(data, data.null.EOR);
-    case REQ_ONLINE:
-      return PADDING_LENGTH(data.online.EOR, data.null.EOR);
-    case REQ_OFFLINE:
-      return PADDING_LENGTH(data.offline.EOR, data.null.EOR);
-    case REQ_BURST:
-      return PADDING_LENGTH(data.burst.EOR, data.null.EOR);
-    case REQ_MODIFY_MINPOLL:
-      return PADDING_LENGTH(data.modify_minpoll.EOR, data.null.EOR);
-    case REQ_MODIFY_MAXPOLL:
-      return PADDING_LENGTH(data.modify_maxpoll.EOR, data.null.EOR);
-    case REQ_DUMP:
-      return PADDING_LENGTH(data.dump.EOR, data.null.EOR);
-    case REQ_MODIFY_MAXDELAY:
-      return PADDING_LENGTH(data.modify_maxdelay.EOR, data.null.EOR);
-    case REQ_MODIFY_MAXDELAYRATIO:
-      return PADDING_LENGTH(data.modify_maxdelayratio.EOR, data.null.EOR);
-    case REQ_MODIFY_MAXDELAYDEVRATIO:
-      return PADDING_LENGTH(data.modify_maxdelaydevratio.EOR, data.null.EOR);
-    case REQ_MODIFY_MAXUPDATESKEW:
-      return PADDING_LENGTH(data.modify_maxupdateskew.EOR, data.null.EOR);
-    case REQ_LOGON:
-      return PADDING_LENGTH(data.logon.EOR, data.null.EOR);
-    case REQ_SETTIME:
-      return PADDING_LENGTH(data.settime.EOR, data.manual_timestamp.EOR);
-    case REQ_LOCAL:
-      return PADDING_LENGTH(data.local.EOR, data.null.EOR);
-    case REQ_MANUAL:
-      return PADDING_LENGTH(data.manual.EOR, data.null.EOR);
-    case REQ_N_SOURCES:
-      return PADDING_LENGTH(data.n_sources.EOR, data.n_sources.EOR);
-    case REQ_SOURCE_DATA:
-      return PADDING_LENGTH(data.source_data.EOR, data.source_data.EOR);
-    case REQ_REKEY:
-      return PADDING_LENGTH(data.rekey.EOR, data.null.EOR);
-    case REQ_ALLOW:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_ALLOWALL:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_DENY:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_DENYALL:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_CMDALLOW:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_CMDALLOWALL:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_CMDDENY:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_CMDDENYALL:
-      return PADDING_LENGTH(data.allow_deny.EOR, data.null.EOR);
-    case REQ_ACCHECK:
-      return PADDING_LENGTH(data.ac_check.EOR, data.null.EOR);
-    case REQ_CMDACCHECK:
-      return PADDING_LENGTH(data.ac_check.EOR, data.null.EOR);
-    case REQ_ADD_SERVER:
-      return PADDING_LENGTH(data.ntp_source.EOR, data.null.EOR);
-    case REQ_ADD_PEER:
-      return PADDING_LENGTH(data.ntp_source.EOR, data.null.EOR);
-    case REQ_DEL_SOURCE:
-      return PADDING_LENGTH(data.del_source.EOR, data.null.EOR);
-    case REQ_WRITERTC:
-      return PADDING_LENGTH(data.writertc.EOR, data.null.EOR);
-    case REQ_DFREQ:
-      return PADDING_LENGTH(data.dfreq.EOR, data.null.EOR);
-    case REQ_DOFFSET:
-      return PADDING_LENGTH(data.doffset.EOR, data.null.EOR);
-    case REQ_TRACKING:
-      return PADDING_LENGTH(data.tracking.EOR, data.tracking.EOR);
-    case REQ_SOURCESTATS:
-      return PADDING_LENGTH(data.sourcestats.EOR, data.sourcestats.EOR);
-    case REQ_RTCREPORT:
-      return PADDING_LENGTH(data.rtcreport.EOR, data.rtc.EOR);
-    case REQ_TRIMRTC:
-      return PADDING_LENGTH(data.trimrtc.EOR, data.null.EOR);
-    case REQ_CYCLELOGS:
-      return PADDING_LENGTH(data.cyclelogs.EOR, data.null.EOR);
-    case REQ_SUBNETS_ACCESSED:
-    case REQ_CLIENT_ACCESSES:
-      /* No longer supported */
-      return 0;
-    case REQ_CLIENT_ACCESSES_BY_INDEX:
-      return PADDING_LENGTH(data.client_accesses_by_index.EOR, data.client_accesses_by_index.EOR);
-    case REQ_MANUAL_LIST:
-      return PADDING_LENGTH(data.manual_list.EOR, data.manual_list.EOR);
-    case REQ_MANUAL_DELETE:
-      return PADDING_LENGTH(data.manual_delete.EOR, data.null.EOR);
-    case REQ_MAKESTEP:
-      return PADDING_LENGTH(data.make_step.EOR, data.null.EOR);
-    case REQ_ACTIVITY:
-      return PADDING_LENGTH(data.activity.EOR, data.activity.EOR);
-    case REQ_RESELECT:
-      return PADDING_LENGTH(data.reselect.EOR, data.null.EOR);
-    case REQ_RESELECTDISTANCE:
-      return PADDING_LENGTH(data.reselect_distance.EOR, data.null.EOR);
-    case REQ_MODIFY_MINSTRATUM:
-      return PADDING_LENGTH(data.modify_minstratum.EOR, data.null.EOR);
-    case REQ_MODIFY_POLLTARGET:
-      return PADDING_LENGTH(data.modify_polltarget.EOR, data.null.EOR);
-    default:
-      /* If we fall through the switch, it most likely means we've forgotten to implement a new case */
-      assert(0);
-      return 0;
-  }
+  return request_lengths[ntohs(r->command)].padding;
 }
 
 /* ================================================== */
@@ -305,64 +182,32 @@ PKL_CommandPaddingLength(CMD_Request *r)
 int
 PKL_ReplyLength(CMD_Reply *r)
 {
-  int type;
+  uint32_t type;
+
+  assert(sizeof (reply_lengths) / sizeof (reply_lengths[0]) == N_REPLY_TYPES);
+
   type = ntohs(r->reply);
+
   /* Note that reply type codes start from 1, not 0 */
-  if (type < 1 || type >= N_REPLY_TYPES) {
+  if (type < 1 || type >= N_REPLY_TYPES)
     return 0;
-  } else {
-    switch (type) {
-      case RPY_NULL:
-        return offsetof(CMD_Reply, data.null.EOR);
-      case RPY_N_SOURCES:
-        return offsetof(CMD_Reply, data.n_sources.EOR);
-      case RPY_SOURCE_DATA:
-        return offsetof(CMD_Reply, data.source_data.EOR);
-      case RPY_MANUAL_TIMESTAMP:
-        return offsetof(CMD_Reply, data.manual_timestamp.EOR);
-      case RPY_TRACKING:
-        return offsetof(CMD_Reply, data.tracking.EOR);
-      case RPY_SOURCESTATS:
-        return offsetof(CMD_Reply, data.sourcestats.EOR);
-      case RPY_RTC:
-        return offsetof(CMD_Reply, data.rtc.EOR);
-      case RPY_SUBNETS_ACCESSED :
-      case RPY_CLIENT_ACCESSES:
-        /* No longer supported */
-        return 0;
-      case RPY_CLIENT_ACCESSES_BY_INDEX:
-        {
-          unsigned long nc = ntohl(r->data.client_accesses_by_index.n_clients);
-          if (r->status == htons(STT_SUCCESS)) {
-            if (nc > MAX_CLIENT_ACCESSES)
-              return 0;
-            return (offsetof(CMD_Reply, data.client_accesses_by_index.clients) +
-                    nc * sizeof(RPY_ClientAccesses_Client));
-          } else {
-            return offsetof(CMD_Reply, data);
-          }
-        }
-      case RPY_MANUAL_LIST:
-        {
-          unsigned long ns = ntohl(r->data.manual_list.n_samples);
-          if (ns > MAX_MANUAL_LIST_SAMPLES)
-            return 0;
-          if (r->status == htons(STT_SUCCESS)) {
-            return (offsetof(CMD_Reply, data.manual_list.samples) +
-                    ns * sizeof(RPY_ManualListSample));
-          } else {
-            return offsetof(CMD_Reply, data);
-          }
-        }
-      case RPY_ACTIVITY:
-        return offsetof(CMD_Reply, data.activity.EOR);
-        
-      default:
-        assert(0);
-    }
+
+  /* Length of MANUAL_LIST depends on number of samples stored in it */
+  if (type == RPY_MANUAL_LIST) {
+    uint32_t ns;
+
+    if (r->status != htons(STT_SUCCESS))
+      return offsetof(CMD_Reply, data);
+
+    ns = ntohl(r->data.manual_list.n_samples);
+    if (ns > MAX_MANUAL_LIST_SAMPLES)
+      return 0;
+
+    return offsetof(CMD_Reply, data.manual_list.samples) +
+           ns * sizeof (RPY_ManualListSample);
   }
 
-  return 0;
+  return reply_lengths[type];
 }
 
 /* ================================================== */

privops.c

@@ -0,0 +1,689 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Bryan Christianson 2015
+ * Copyright (C) Miroslav Lichvar  2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ **********************************************************************
+
+  =======================================================================
+
+  Perform privileged operations over a unix socket to a privileged fork.
+  */
+
+#include "config.h"
+
+#include "sysincl.h"
+
+#include "conf.h"
+#include "nameserv.h"
+#include "logging.h"
+#include "privops.h"
+#include "util.h"
+
+#define OP_ADJUSTTIME     1024
+#define OP_ADJUSTTIMEX    1025
+#define OP_SETTIME        1026
+#define OP_BINDSOCKET     1027
+#define OP_NAME2IPADDRESS 1028
+#define OP_QUIT           1099
+
+union sockaddr_in46 {
+  struct sockaddr_in in4;
+#ifdef FEAT_IPV6
+  struct sockaddr_in6 in6;
+#endif
+  struct sockaddr u;
+};
+
+/* daemon request structs */
+
+typedef struct {
+  struct timeval tv;
+} ReqAdjustTime;
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+typedef struct {
+  struct timex tmx;
+} ReqAdjustTimex;
+#endif
+
+typedef struct {
+  struct timeval tv;
+} ReqSetTime;
+
+typedef struct {
+  int sock;
+  socklen_t sa_len;
+  union sockaddr_in46 sa;
+} ReqBindSocket;
+
+typedef struct {
+  char name[256];
+} ReqName2IPAddress;
+
+typedef struct {
+  int op;
+  union {
+    ReqAdjustTime adjust_time;
+#ifdef PRIVOPS_ADJUSTTIMEX
+    ReqAdjustTimex adjust_timex;
+#endif
+    ReqSetTime set_time;
+    ReqBindSocket bind_socket;
+#ifdef PRIVOPS_NAME2IPADDRESS
+    ReqName2IPAddress name_to_ipaddress;
+#endif
+  } data;
+} PrvRequest;
+
+/* helper response structs */
+
+typedef struct {
+  struct timeval tv;
+} ResAdjustTime;
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+typedef struct {
+  struct timex tmx;
+} ResAdjustTimex;
+#endif
+
+typedef struct {
+  IPAddr addresses[DNS_MAX_ADDRESSES];
+} ResName2IPAddress;
+
+typedef struct {
+  char msg[256];
+} ResFatalMsg;
+
+typedef struct {
+  int fatal_error;
+  int rc;
+  int res_errno;
+  union {
+    ResFatalMsg fatal_msg;
+    ResAdjustTime adjust_time;
+#ifdef PRIVOPS_ADJUSTTIMEX
+    ResAdjustTimex adjust_timex;
+#endif
+#ifdef PRIVOPS_NAME2IPADDRESS
+    ResName2IPAddress name_to_ipaddress;
+#endif
+  } data;
+} PrvResponse;
+
+static int helper_fd;
+static pid_t helper_pid;
+
+static int
+have_helper(void)
+{
+  return helper_fd >= 0;
+}
+
+/* ======================================================================= */
+
+/* HELPER - prepare fatal error for daemon */
+static void
+res_fatal(PrvResponse *res, const char *fmt, ...)
+{
+  va_list ap;
+
+  res->fatal_error = 1;
+  va_start(ap, fmt);
+  vsnprintf(res->data.fatal_msg.msg, sizeof (res->data.fatal_msg.msg), fmt, ap);
+  va_end(ap);
+}
+
+/* ======================================================================= */
+
+/* HELPER - send response to the fd */
+
+static int
+send_response(int fd, const PrvResponse *res)
+{
+  if (send(fd, res, sizeof (*res), 0) != sizeof (*res))
+    return 0;
+
+  return 1;
+}
+
+/* ======================================================================= */
+/* receive daemon request plus optional file descriptor over a unix socket */
+
+static int
+receive_from_daemon(int fd, PrvRequest *req)
+{
+  struct msghdr msg;
+  struct cmsghdr *cmsg;
+  struct iovec iov;
+  char cmsgbuf[256];
+
+  iov.iov_base = req;
+  iov.iov_len = sizeof (*req);
+
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = (void *)cmsgbuf;
+  msg.msg_controllen = sizeof (cmsgbuf);
+  msg.msg_flags = MSG_WAITALL;
+
+  /* read the data */
+  if (recvmsg(fd, &msg, 0) != sizeof (*req))
+    return 0;
+
+  if (req->op == OP_BINDSOCKET) {
+    /* extract transferred descriptor */
+    req->data.bind_socket.sock = -1;
+    for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+      if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS)
+        memcpy(&req->data.bind_socket.sock, CMSG_DATA(cmsg), sizeof (int));
+    }
+
+    /* return error if valid descriptor not found */
+    if (req->data.bind_socket.sock < 0)
+      return 0;
+  }
+
+  return 1;
+}
+
+/* ======================================================================= */
+
+/* HELPER - perform adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIME
+static void
+do_adjust_time(const ReqAdjustTime *req, PrvResponse *res)
+{
+  res->rc = adjtime(&req->tv, &res->data.adjust_time.tv);
+  if (res->rc)
+    res->res_errno = errno;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform ntp_adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+static void
+do_adjust_timex(const ReqAdjustTimex *req, PrvResponse *res)
+{
+  res->data.adjust_timex.tmx = req->tmx;
+  res->rc = ntp_adjtime(&res->data.adjust_timex.tmx);
+  if (res->rc < 0)
+    res->res_errno = errno;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform settimeofday() */
+
+#ifdef PRIVOPS_SETTIME
+static void
+do_set_time(const ReqSetTime *req, PrvResponse *res)
+{
+  res->rc = settimeofday(&req->tv, NULL);
+  if (res->rc)
+    res->res_errno = errno;
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform bind() */
+
+#ifdef PRIVOPS_BINDSOCKET
+static void
+do_bind_socket(ReqBindSocket *req, PrvResponse *res)
+{
+  unsigned short port;
+  IPAddr ip;
+  int sock_fd;
+  struct sockaddr *sa;
+  socklen_t sa_len;
+
+  sa = &req->sa.u;
+  sa_len = req->sa_len;
+  sock_fd = req->sock;
+
+  UTI_SockaddrToIPAndPort(sa, &ip, &port);
+  if (port && port != CNF_GetNTPPort()) {
+    close(sock_fd);
+    res_fatal(res, "Invalid port %d", port);
+    return;
+  }
+
+  res->rc = bind(sock_fd, sa, sa_len);
+  if (res->rc)
+    res->res_errno = errno;
+
+  /* sock is still open on daemon side, but we're done with it in the helper */
+  close(sock_fd);
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - perform DNS_Name2IPAddress() */
+
+#ifdef PRIVOPS_NAME2IPADDRESS
+static void
+do_name_to_ipaddress(ReqName2IPAddress *req, PrvResponse *res)
+{
+  /* make sure the string is terminated */
+  req->name[sizeof (req->name) - 1] = '\0';
+
+  DNS_Reload();
+
+  res->rc = DNS_Name2IPAddress(req->name, res->data.name_to_ipaddress.addresses,
+                               DNS_MAX_ADDRESSES);
+}
+#endif
+
+/* ======================================================================= */
+
+/* HELPER - main loop - action requests from the daemon */
+
+static void
+helper_main(int fd)
+{
+  PrvRequest req;
+  PrvResponse res;
+  int quit = 0;
+
+  while (!quit) {
+    if (!receive_from_daemon(fd, &req))
+      /* read error or closed input - we cannot recover - give up */
+      break;
+
+    memset(&res, 0, sizeof (res));
+
+    switch (req.op) {
+#ifdef PRIVOPS_ADJUSTTIME
+      case OP_ADJUSTTIME:
+        do_adjust_time(&req.data.adjust_time, &res);
+        break;
+#endif
+#ifdef PRIVOPS_ADJUSTTIMEX
+      case OP_ADJUSTTIMEX:
+        do_adjust_timex(&req.data.adjust_timex, &res);
+        break;
+#endif
+#ifdef PRIVOPS_SETTIME
+      case OP_SETTIME:
+        do_set_time(&req.data.set_time, &res);
+        break;
+#endif
+#ifdef PRIVOPS_BINDSOCKET
+      case OP_BINDSOCKET:
+        do_bind_socket(&req.data.bind_socket, &res);
+        break;
+#endif
+#ifdef PRIVOPS_NAME2IPADDRESS
+      case OP_NAME2IPADDRESS:
+        do_name_to_ipaddress(&req.data.name_to_ipaddress, &res);
+        break;
+#endif
+      case OP_QUIT:
+        quit = 1;
+        continue;
+
+      default:
+        res_fatal(&res, "Unexpected operator %d", req.op);
+        break;
+    }
+
+    send_response(fd, &res);
+  }
+
+  close(fd);
+  exit(0);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - receive helper response */
+
+static void
+receive_response(PrvResponse *res)
+{
+  int resp_len;
+
+  resp_len = recv(helper_fd, res, sizeof (*res), 0);
+  if (resp_len < 0)
+    LOG_FATAL(LOGF_PrivOps, "Could not read from helper : %s", strerror(errno));
+  if (resp_len != sizeof (*res))
+    LOG_FATAL(LOGF_PrivOps, "Invalid helper response");
+
+  if (res->fatal_error)
+    LOG_FATAL(LOGF_PrivOps, "Error in helper : %s", res->data.fatal_msg.msg);
+
+  DEBUG_LOG(LOGF_PrivOps, "Received response rc=%d", res->rc);
+
+  /* if operation failed in the helper, set errno so daemon can print log message */
+  if (res->res_errno)
+    errno = res->res_errno;
+}
+
+/* ======================================================================= */
+
+/* DAEMON - send daemon request to the helper */
+
+static void
+send_request(PrvRequest *req)
+{
+  struct msghdr msg;
+  struct iovec iov;
+  char cmsgbuf[256];
+
+  iov.iov_base = req;
+  iov.iov_len = sizeof (*req);
+
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_flags = 0;
+
+  if (req->op == OP_BINDSOCKET) {
+    /* send file descriptor as a control message */
+    struct cmsghdr *cmsg;
+    int *ptr_send_fd;
+
+    msg.msg_control = cmsgbuf;
+    msg.msg_controllen = CMSG_SPACE(sizeof (int));
+
+    cmsg = CMSG_FIRSTHDR(&msg);
+    memset(cmsg, 0, CMSG_SPACE(sizeof (int)));
+
+    cmsg->cmsg_level = SOL_SOCKET;
+    cmsg->cmsg_type = SCM_RIGHTS;
+    cmsg->cmsg_len = CMSG_LEN(sizeof (int));
+
+    ptr_send_fd = (int *)CMSG_DATA(cmsg);
+    *ptr_send_fd = req->data.bind_socket.sock;
+  }
+
+  if (sendmsg(helper_fd, &msg, 0) < 0) {
+    /* don't try to send another request from exit() */
+    helper_fd = -1;
+    LOG_FATAL(LOGF_PrivOps, "Could not send to helper : %s", strerror(errno));
+  }
+
+  DEBUG_LOG(LOGF_PrivOps, "Sent request op=%d", req->op);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - send daemon request and wait for response */
+
+static void
+submit_request(PrvRequest *req, PrvResponse *res)
+{
+  send_request(req);
+  receive_response(res);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - send the helper a request to exit and wait until it exits */
+
+static void
+stop_helper(void)
+{
+  PrvRequest req;
+  int status;
+
+  if (!have_helper())
+    return;
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_QUIT;
+  send_request(&req);
+
+  waitpid(helper_pid, &status, 0);
+}
+
+/* ======================================================================= */
+
+/* DAEMON - request adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIME
+int
+PRV_AdjustTime(const struct timeval *delta, struct timeval *olddelta)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  if (!have_helper() || delta == NULL)
+    /* helper is not running or read adjustment call */
+    return adjtime(delta, olddelta);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_ADJUSTTIME;
+  req.data.adjust_time.tv = *delta;
+
+  submit_request(&req, &res);
+
+  if (olddelta)
+    *olddelta = res.data.adjust_time.tv;
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request ntp_adjtime() */
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+int
+PRV_AdjustTimex(struct timex *tmx)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  if (!have_helper())
+    return ntp_adjtime(tmx);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_ADJUSTTIMEX;
+  req.data.adjust_timex.tmx = *tmx;
+
+  submit_request(&req, &res);
+
+  *tmx = res.data.adjust_timex.tmx;
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request settimeofday() */
+
+#ifdef PRIVOPS_SETTIME
+int
+PRV_SetTime(const struct timeval *tp, const struct timezone *tzp)
+{
+  PrvRequest req;
+  PrvResponse res;
+
+  /* only support setting the time */
+  assert(tp != NULL);
+  assert(tzp == NULL);
+
+  if (!have_helper())
+    return settimeofday(tp, NULL);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_SETTIME;
+  req.data.set_time.tv = *tp;
+
+  submit_request(&req, &res);
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request bind() */
+
+#ifdef PRIVOPS_BINDSOCKET
+int
+PRV_BindSocket(int sock, struct sockaddr *address, socklen_t address_len)
+{
+  PrvRequest req;
+  PrvResponse res;
+  IPAddr ip;
+  unsigned short port;
+
+  UTI_SockaddrToIPAndPort(address, &ip, &port);
+  assert(!port || port == CNF_GetNTPPort());
+
+  if (!have_helper())
+    return bind(sock, address, address_len);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_BINDSOCKET;
+  req.data.bind_socket.sock = sock;
+  req.data.bind_socket.sa_len = address_len;
+  memcpy(&req.data.bind_socket.sa.u, address, address_len);
+
+  submit_request(&req, &res);
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+/* DAEMON - request DNS_Name2IPAddress() */
+
+#ifdef PRIVOPS_NAME2IPADDRESS
+int
+PRV_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs)
+{
+  PrvRequest req;
+  PrvResponse res;
+  int i;
+
+  if (!have_helper())
+    return DNS_Name2IPAddress(name, ip_addrs, max_addrs);
+
+  memset(&req, 0, sizeof (req));
+  req.op = OP_NAME2IPADDRESS;
+  if (snprintf(req.data.name_to_ipaddress.name, sizeof (req.data.name_to_ipaddress.name),
+               "%s", name) >= sizeof (req.data.name_to_ipaddress.name)) {
+    DEBUG_LOG(LOGF_PrivOps, "Name too long");
+    return DNS_Failure;
+  }
+
+  submit_request(&req, &res);
+
+  for (i = 0; i < max_addrs && i < DNS_MAX_ADDRESSES; i++)
+    ip_addrs[i] = res.data.name_to_ipaddress.addresses[i];
+
+  return res.rc;
+}
+#endif
+
+/* ======================================================================= */
+
+void
+PRV_Initialise(void)
+{
+  helper_fd = -1;
+}
+
+/* ======================================================================= */
+
+/* DAEMON - setup socket(s) then fork to run the helper */
+/* must be called before privileges are dropped */
+
+void
+PRV_StartHelper(void)
+{
+  pid_t pid;
+  int fd, sock_pair[2];
+
+  if (have_helper())
+    LOG_FATAL(LOGF_PrivOps, "Helper already running");
+
+  if (
+#ifdef SOCK_SEQPACKET
+      socketpair(AF_UNIX, SOCK_SEQPACKET, 0, sock_pair) &&
+#endif
+      socketpair(AF_UNIX, SOCK_DGRAM, 0, sock_pair))
+    LOG_FATAL(LOGF_PrivOps, "socketpair() failed : %s", strerror(errno));
+
+  UTI_FdSetCloexec(sock_pair[0]);
+  UTI_FdSetCloexec(sock_pair[1]);
+
+  pid = fork();
+  if (pid < 0)
+    LOG_FATAL(LOGF_PrivOps, "fork() failed : %s", strerror(errno));
+
+  if (pid == 0) {
+    /* child process */
+    close(sock_pair[0]);
+
+    /* close other descriptors inherited from the parent process */
+    for (fd = 0; fd < 1024; fd++) {
+      if (fd != sock_pair[1])
+        close(fd);
+    }
+
+    /* ignore signals, the process will exit on OP_QUIT request */
+    UTI_SetQuitSignalsHandler(SIG_IGN);
+
+    helper_main(sock_pair[1]);
+
+  } else {
+    /* parent process */
+    close(sock_pair[1]);
+    helper_fd = sock_pair[0];
+    helper_pid = pid;
+
+    /* stop the helper even when not exiting cleanly from the main function */
+    atexit(stop_helper);
+  }
+}
+
+/* ======================================================================= */
+
+/* DAEMON - graceful shutdown of the helper */
+
+void
+PRV_Finalise(void)
+{
+  if (!have_helper())
+    return;
+
+  stop_helper();
+  close(helper_fd);
+  helper_fd = -1;
+}

privops.h

@@ -0,0 +1,71 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Bryan Christianson 2015
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ **********************************************************************
+
+  =======================================================================
+
+  Perform privileged operations over a unix socket to a privileged fork.
+
+*/
+
+#ifndef GOT_PRIVOPS_H
+#define GOT_PRIVOPS_H
+
+#ifdef PRIVOPS_ADJUSTTIME
+int PRV_AdjustTime(const struct timeval *delta, struct timeval *olddelta);
+#else
+#define PRV_AdjustTime adjtime
+#endif
+
+#ifdef PRIVOPS_ADJUSTTIMEX
+int PRV_AdjustTimex(struct timex *txc);
+#else
+#define PRV_AdjustTimex ntp_adjtime
+#endif
+
+#ifdef PRIVOPS_SETTIME
+int PRV_SetTime(const struct timeval *tp, const struct timezone *tzp);
+#else
+#define PRV_SetTime settimeofday
+#endif
+
+#ifdef PRIVOPS_BINDSOCKET
+int PRV_BindSocket(int sock, struct sockaddr *address, socklen_t address_len);
+#else
+#define PRV_BindSocket bind
+#endif
+
+#ifdef PRIVOPS_NAME2IPADDRESS
+int PRV_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs);
+#else
+#define PRV_Name2IPAddress DNS_Name2IPAddress
+#endif
+
+#ifdef PRIVOPS_HELPER
+void PRV_Initialise(void);
+void PRV_StartHelper(void);
+void PRV_Finalise(void);
+#else
+#define PRV_Initialise()
+#define PRV_StartHelper()
+#define PRV_Finalise()
+#endif
+
+#endif

refclock.c

@@ -2,7 +2,7 @@
   chronyd/chronyc - Programs for keeping computer clocks accurate.
 
  **********************************************************************
- * Copyright (C) Miroslav Lichvar  2009-2011
+ * Copyright (C) Miroslav Lichvar  2009-2011, 2013-2014
  * 
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of version 2 of the GNU General Public License as
@@ -27,6 +27,7 @@
 
 #include "config.h"
 
+#include "array.h"
 #include "refclock.h"
 #include "reference.h"
 #include "conf.h"
@@ -42,11 +43,12 @@
 extern RefclockDriver RCL_SHM_driver;
 extern RefclockDriver RCL_SOCK_driver;
 extern RefclockDriver RCL_PPS_driver;
+extern RefclockDriver RCL_PHC_driver;
 
 struct FilterSample {
   double offset;
   double dispersion;
-  struct timeval sample_time;
+  struct timespec sample_time;
 };
 
 struct MedianFilter {
@@ -56,6 +58,7 @@ struct MedianFilter {
   int last;
   int avg_var_n;
   double avg_var;
+  double max_var;
   struct FilterSample *samples;
   int *selected;
   double *x_data;
@@ -73,6 +76,8 @@ struct RCL_Instance_Record {
   int poll;
   int leap_status;
   int pps_rate;
+  int pps_active;
+  int max_lock_age;
   struct MedianFilter filter;
   uint32_t ref_id;
   uint32_t lock_ref;
@@ -83,38 +88,45 @@ struct RCL_Instance_Record {
   SRC_Instance source;
 };
 
-#define MAX_RCL_SOURCES 8
-
-static struct RCL_Instance_Record refclocks[MAX_RCL_SOURCES];
-static int n_sources = 0;
+/* Array of pointers to RCL_Instance_Record */
+static ARR_Instance refclocks;
 
 static LOG_FileID logfileid;
 
-static int valid_sample_time(RCL_Instance instance, struct timeval *tv);
-static int pps_stratum(RCL_Instance instance, struct timeval *tv);
+static int valid_sample_time(RCL_Instance instance, struct timespec *raw, struct timespec *cooked);
+static int pps_stratum(RCL_Instance instance, struct timespec *ts);
 static void poll_timeout(void *arg);
-static void slew_samples(struct timeval *raw, struct timeval *cooked, double dfreq,
-             double doffset, int is_step_change, void *anything);
+static void slew_samples(struct timespec *raw, struct timespec *cooked, double dfreq,
+             double doffset, LCL_ChangeType change_type, void *anything);
 static void add_dispersion(double dispersion, void *anything);
-static void log_sample(RCL_Instance instance, struct timeval *sample_time, int filtered, int pulse, double raw_offset, double cooked_offset, double dispersion);
+static void log_sample(RCL_Instance instance, struct timespec *sample_time, int filtered, int pulse, double raw_offset, double cooked_offset, double dispersion);
 
-static void filter_init(struct MedianFilter *filter, int length);
+static void filter_init(struct MedianFilter *filter, int length, double max_dispersion);
 static void filter_fini(struct MedianFilter *filter);
 static void filter_reset(struct MedianFilter *filter);
 static double filter_get_avg_sample_dispersion(struct MedianFilter *filter);
-static void filter_add_sample(struct MedianFilter *filter, struct timeval *sample_time, double offset, double dispersion);
-static int filter_get_last_sample(struct MedianFilter *filter, struct timeval *sample_time, double *offset, double *dispersion);
+static void filter_add_sample(struct MedianFilter *filter, struct timespec *sample_time, double offset, double dispersion);
+static int filter_get_last_sample(struct MedianFilter *filter, struct timespec *sample_time, double *offset, double *dispersion);
+static int filter_get_samples(struct MedianFilter *filter);
 static int filter_select_samples(struct MedianFilter *filter);
-static int filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, double *offset, double *dispersion);
-static void filter_slew_samples(struct MedianFilter *filter, struct timeval *when, double dfreq, double doffset);
+static int filter_get_sample(struct MedianFilter *filter, struct timespec *sample_time, double *offset, double *dispersion);
+static void filter_slew_samples(struct MedianFilter *filter, struct timespec *when, double dfreq, double doffset);
 static void filter_add_dispersion(struct MedianFilter *filter, double dispersion);
 
+static RCL_Instance
+get_refclock(unsigned int index)
+{
+  return *(RCL_Instance *)ARR_GetElement(refclocks, index);
+}
+
 void
 RCL_Initialise(void)
 {
+  refclocks = ARR_CreateInstance(sizeof (RCL_Instance));
+
   CNF_AddRefclocks();
 
-  if (n_sources > 0) {
+  if (ARR_GetSize(refclocks) > 0) {
     LCL_AddParameterChangeHandler(slew_samples, NULL);
     LCL_AddDispersionNotifyHandler(add_dispersion, NULL);
   }
@@ -127,33 +139,36 @@ RCL_Initialise(void)
 void
 RCL_Finalise(void)
 {
-  int i;
+  unsigned int i;
 
-  for (i = 0; i < n_sources; i++) {
-    RCL_Instance inst = (RCL_Instance)&refclocks[i];
+  for (i = 0; i < ARR_GetSize(refclocks); i++) {
+    RCL_Instance inst = get_refclock(i);
 
     if (inst->driver->fini)
       inst->driver->fini(inst);
 
     filter_fini(&inst->filter);
     Free(inst->driver_parameter);
+    SRC_DestroyInstance(inst->source);
+    Free(inst);
   }
 
-  if (n_sources > 0) {
+  if (ARR_GetSize(refclocks) > 0) {
     LCL_RemoveParameterChangeHandler(slew_samples, NULL);
     LCL_RemoveDispersionNotifyHandler(add_dispersion, NULL);
   }
+
+  ARR_DestroyInstance(refclocks);
 }
 
 int
 RCL_AddRefclock(RefclockParameters *params)
 {
   int pps_source = 0;
+  RCL_Instance inst;
 
-  RCL_Instance inst = &refclocks[n_sources];
-
-  if (n_sources == MAX_RCL_SOURCES)
-    return 0;
+  inst = MallocNew(struct RCL_Instance_Record);
+  *(RCL_Instance *)ARR_GetNewElement(refclocks) = inst;
 
   if (strcmp(params->driver_name, "SHM") == 0) {
     inst->driver = &RCL_SHM_driver;
@@ -166,6 +181,9 @@ RCL_AddRefclock(RefclockParameters *params)
     inst->driver = &RCL_PPS_driver;
     inst->precision = 1e-9;
     pps_source = 1;
+  } else if (strcmp(params->driver_name, "PHC") == 0) {
+    inst->driver = &RCL_PHC_driver;
+    inst->precision = 1e-9;
   } else {
     LOG_FATAL(LOGF_Refclock, "unknown refclock driver %s", params->driver_name);
     return 0;
@@ -184,6 +202,8 @@ RCL_AddRefclock(RefclockParameters *params)
   inst->driver_polled = 0;
   inst->leap_status = LEAP_Normal;
   inst->pps_rate = params->pps_rate;
+  inst->pps_active = 0;
+  inst->max_lock_age = params->max_lock_age;
   inst->lock_ref = params->lock_ref_id;
   inst->offset = params->offset;
   inst->delay = params->delay;
@@ -212,9 +232,14 @@ RCL_AddRefclock(RefclockParameters *params)
     inst->ref_id = params->ref_id;
   else {
     unsigned char ref[5] = { 0, 0, 0, 0, 0 };
+    unsigned int index = ARR_GetSize(refclocks) - 1;
 
-    snprintf((char *)ref, 5, "%3.3s%d", params->driver_name, n_sources % 10);
-    inst->ref_id = ref[0] << 24 | ref[1] << 16 | ref[2] << 8 | ref[3];
+    snprintf((char *)ref, sizeof (ref), "%3.3s", params->driver_name);
+    ref[3] = index % 10 + '0';
+    if (index >= 10)
+      ref[2] = (index / 10) % 10 + '0';
+
+    inst->ref_id = (uint32_t)ref[0] << 24 | ref[1] << 16 | ref[2] << 8 | ref[3];
   }
 
   if (inst->driver->poll) {
@@ -239,15 +264,14 @@ RCL_AddRefclock(RefclockParameters *params)
       return 0;
     }
 
-  filter_init(&inst->filter, params->filter_length);
+  filter_init(&inst->filter, params->filter_length, params->max_dispersion);
 
-  inst->source = SRC_CreateNewInstance(inst->ref_id, SRC_REFCLOCK, params->sel_option, NULL);
+  inst->source = SRC_CreateNewInstance(inst->ref_id, SRC_REFCLOCK, params->sel_options, NULL,
+                                       params->min_samples, params->max_samples);
 
-#if 0
-  LOG(LOGS_INFO, LOGF_Refclock, "refclock added poll=%d dpoll=%d filter=%d",
-		  inst->poll, inst->driver_poll, params->filter_length);
-#endif
-  n_sources++;
+  DEBUG_LOG(LOGF_Refclock, "refclock %s refid=%s poll=%d dpoll=%d filter=%d",
+      params->driver_name, UTI_RefidToString(inst->ref_id),
+      inst->poll, inst->driver_poll, params->filter_length);
 
   Free(params->driver_name);
 
@@ -257,35 +281,37 @@ RCL_AddRefclock(RefclockParameters *params)
 void
 RCL_StartRefclocks(void)
 {
-  int i, j;
+  unsigned int i, j, n;
 
-  for (i = 0; i < n_sources; i++) {
-    RCL_Instance inst = &refclocks[i];
+  n = ARR_GetSize(refclocks);
 
-    SRC_SetSelectable(inst->source);
+  for (i = 0; i < n; i++) {
+    RCL_Instance inst = get_refclock(i);
+
+    SRC_SetActive(inst->source);
     inst->timeout_id = SCH_AddTimeoutByDelay(0.0, poll_timeout, (void *)inst);
 
     if (inst->lock_ref) {
       /* Replace lock refid with index to refclocks */
-      for (j = 0; j < n_sources && refclocks[j].ref_id != inst->lock_ref; j++)
+      for (j = 0; j < n && get_refclock(j)->ref_id != inst->lock_ref; j++)
         ;
-      inst->lock_ref = (j < n_sources) ? j : -1;
+      inst->lock_ref = j < n ? j : -1;
     } else
       inst->lock_ref = -1;
   }
 }
 
 void
-RCL_ReportSource(RPT_SourceReport *report, struct timeval *now)
+RCL_ReportSource(RPT_SourceReport *report, struct timespec *now)
 {
-  int i;
+  unsigned int i;
   uint32_t ref_id;
 
   assert(report->ip_addr.family == IPADDR_INET4);
   ref_id = report->ip_addr.addr.in4;
 
-  for (i = 0; i < n_sources; i++) {
-    RCL_Instance inst = &refclocks[i];
+  for (i = 0; i < ARR_GetSize(refclocks); i++) {
+    RCL_Instance inst = get_refclock(i);
     if (inst->ref_id == ref_id) {
       report->poll = inst->poll;
       report->mode = RPT_LOCAL_REFERENCE;
@@ -338,20 +364,20 @@ RCL_GetDriverOption(RCL_Instance instance, char *name)
 }
 
 int
-RCL_AddSample(RCL_Instance instance, struct timeval *sample_time, double offset, int leap)
+RCL_AddSample(RCL_Instance instance, struct timespec *sample_time, double offset, int leap)
 {
   double correction, dispersion;
-  struct timeval cooked_time;
+  struct timespec cooked_time;
 
   LCL_GetOffsetCorrection(sample_time, &correction, &dispersion);
-  UTI_AddDoubleToTimeval(sample_time, correction, &cooked_time);
-  dispersion += instance->precision + filter_get_avg_sample_dispersion(&instance->filter);
+  UTI_AddDoubleToTimespec(sample_time, correction, &cooked_time);
+  dispersion += instance->precision;
 
-  if (!valid_sample_time(instance, sample_time))
+  /* Make sure the timestamp and offset provided by the driver are sane */
+  if (!UTI_IsTimeOffsetSane(sample_time, offset) ||
+      !valid_sample_time(instance, sample_time, &cooked_time))
     return 0;
 
-  filter_add_sample(&instance->filter, &cooked_time, offset - correction + instance->offset, dispersion);
-
   switch (leap) {
     case LEAP_Normal:
     case LEAP_InsertSecond:
@@ -359,10 +385,13 @@ RCL_AddSample(RCL_Instance instance, struct timeval *sample_time, double offset,
       instance->leap_status = leap;
       break;
     default:
-      instance->leap_status = LEAP_Unsynchronised;
-      break;
+      DEBUG_LOG(LOGF_Refclock, "refclock sample ignored bad leap %d", leap);
+      return 0;
   }
 
+  filter_add_sample(&instance->filter, &cooked_time, offset - correction + instance->offset, dispersion);
+  instance->pps_active = 0;
+
   log_sample(instance, &cooked_time, 0, 0, offset, offset - correction + instance->offset, dispersion);
 
   /* for logging purposes */
@@ -373,17 +402,20 @@ RCL_AddSample(RCL_Instance instance, struct timeval *sample_time, double offset,
 }
 
 int
-RCL_AddPulse(RCL_Instance instance, struct timeval *pulse_time, double second)
+RCL_AddPulse(RCL_Instance instance, struct timespec *pulse_time, double second)
 {
   double correction, dispersion, offset;
-  struct timeval cooked_time;
+  struct timespec cooked_time;
   int rate;
+  NTP_Leap leap;
 
+  leap = LEAP_Normal;
   LCL_GetOffsetCorrection(pulse_time, &correction, &dispersion);
-  UTI_AddDoubleToTimeval(pulse_time, correction, &cooked_time);
-  dispersion += instance->precision + filter_get_avg_sample_dispersion(&instance->filter);
+  UTI_AddDoubleToTimespec(pulse_time, correction, &cooked_time);
+  dispersion += instance->precision;
 
-  if (!valid_sample_time(instance, pulse_time))
+  if (!UTI_IsTimeOffsetSane(pulse_time, 0.0) ||
+      !valid_sample_time(instance, pulse_time, &cooked_time))
     return 0;
 
   rate = instance->pps_rate;
@@ -399,16 +431,26 @@ RCL_AddPulse(RCL_Instance instance, struct timeval *pulse_time, double second)
     offset -= 1.0 / rate;
 
   if (instance->lock_ref != -1) {
-    struct timeval ref_sample_time;
+    RCL_Instance lock_refclock;
+    struct timespec ref_sample_time;
     double sample_diff, ref_offset, ref_dispersion, shift;
 
-    if (!filter_get_last_sample(&refclocks[instance->lock_ref].filter,
-          &ref_sample_time, &ref_offset, &ref_dispersion))
-      return 0;
+    lock_refclock = get_refclock(instance->lock_ref);
 
-    UTI_DiffTimevalsToDouble(&sample_diff, &cooked_time, &ref_sample_time);
-    if (fabs(sample_diff) >= 2.0 / rate)
+    if (!filter_get_last_sample(&lock_refclock->filter,
+          &ref_sample_time, &ref_offset, &ref_dispersion)) {
+      DEBUG_LOG(LOGF_Refclock, "refclock pulse ignored no ref sample");
       return 0;
+    }
+
+    ref_dispersion += filter_get_avg_sample_dispersion(&lock_refclock->filter);
+
+    sample_diff = UTI_DiffTimespecsToDouble(&cooked_time, &ref_sample_time);
+    if (fabs(sample_diff) >= (double)instance->max_lock_age / rate) {
+      DEBUG_LOG(LOGF_Refclock, "refclock pulse ignored samplediff=%.9f",
+          sample_diff);
+      return 0;
+    }
 
     /* Align the offset to the reference sample */
     if ((ref_offset - offset) >= 0.0)
@@ -418,31 +460,32 @@ RCL_AddPulse(RCL_Instance instance, struct timeval *pulse_time, double second)
 
     offset += shift;
 
-    if (fabs(ref_offset - offset) + ref_dispersion + dispersion >= 0.2 / rate)
+    if (fabs(ref_offset - offset) + ref_dispersion + dispersion >= 0.2 / rate) {
+      DEBUG_LOG(LOGF_Refclock, "refclock pulse ignored offdiff=%.9f refdisp=%.9f disp=%.9f",
+          ref_offset - offset, ref_dispersion, dispersion);
       return 0;
+    }
 
-#if 0
-    LOG(LOGS_INFO, LOGF_Refclock, "refclock pulse second=%.9f offset=%.9f offdiff=%.9f samplediff=%.9f",
+    leap = lock_refclock->leap_status;
+
+    DEBUG_LOG(LOGF_Refclock, "refclock pulse second=%.9f offset=%.9f offdiff=%.9f samplediff=%.9f",
         second, offset, ref_offset - offset, sample_diff);
-#endif
   } else {
-    struct timeval ref_time;
+    struct timespec ref_time;
     int is_synchronised, stratum;
     double root_delay, root_dispersion, distance;
-    NTP_Leap leap;
     uint32_t ref_id;
 
-    /* Ignore the pulse if we are not well synchronized */
+    /* Ignore the pulse if we are not well synchronized and the local
+       reference is not active */
 
     REF_GetReferenceParams(&cooked_time, &is_synchronised, &leap, &stratum,
         &ref_id, &ref_time, &root_delay, &root_dispersion);
     distance = fabs(root_delay) / 2 + root_dispersion;
 
-    if (!is_synchronised || distance >= 0.5 / rate) {
-#if 0
-      LOG(LOGS_INFO, LOGF_Refclock, "refclock pulse dropped second=%.9f sync=%d dist=%.9f",
-          second, is_synchronised, distance);
-#endif
+    if (leap == LEAP_Unsynchronised || distance >= 0.5 / rate) {
+      DEBUG_LOG(LOGF_Refclock, "refclock pulse ignored second=%.9f sync=%d dist=%.9f",
+          second, leap != LEAP_Unsynchronised, distance);
       /* Drop also all stored samples */
       filter_reset(&instance->filter);
       return 0;
@@ -450,7 +493,8 @@ RCL_AddPulse(RCL_Instance instance, struct timeval *pulse_time, double second)
   }
 
   filter_add_sample(&instance->filter, &cooked_time, offset, dispersion);
-  instance->leap_status = LEAP_Normal;
+  instance->leap_status = leap;
+  instance->pps_active = 1;
 
   log_sample(instance, &cooked_time, 0, 1, offset + correction - instance->offset, offset, dispersion);
 
@@ -462,39 +506,53 @@ RCL_AddPulse(RCL_Instance instance, struct timeval *pulse_time, double second)
 }
 
 static int
-valid_sample_time(RCL_Instance instance, struct timeval *tv)
+valid_sample_time(RCL_Instance instance, struct timespec *raw, struct timespec *cooked)
 {
-  struct timeval raw_time;
-  double diff;
+  struct timespec now_raw, last_sample_time;
+  double diff, last_offset, last_dispersion;
 
-  LCL_ReadRawTime(&raw_time);
-  UTI_DiffTimevalsToDouble(&diff, &raw_time, tv);
-  if (diff < 0.0 || diff > 1 << (instance->poll + 1))
+  LCL_ReadRawTime(&now_raw);
+  diff = UTI_DiffTimespecsToDouble(&now_raw, raw);
+
+  if (diff < 0.0 || diff > UTI_Log2ToDouble(instance->poll + 1) ||
+      (filter_get_samples(&instance->filter) > 0 &&
+       filter_get_last_sample(&instance->filter, &last_sample_time,
+                              &last_offset, &last_dispersion) &&
+       UTI_CompareTimespecs(&last_sample_time, cooked) >= 0)) {
+    DEBUG_LOG(LOGF_Refclock, "%s refclock sample not valid age=%.6f raw=%s cooked=%s",
+              UTI_RefidToString(instance->ref_id), diff,
+              UTI_TimespecToString(raw), UTI_TimespecToString(cooked));
     return 0;
+  }
+
   return 1;
 }
 
 static int
-pps_stratum(RCL_Instance instance, struct timeval *tv)
+pps_stratum(RCL_Instance instance, struct timespec *ts)
 {
-  struct timeval ref_time;
-  int is_synchronised, stratum, i;
+  struct timespec ref_time;
+  int is_synchronised, stratum;
+  unsigned int i;
   double root_delay, root_dispersion;
   NTP_Leap leap;
   uint32_t ref_id;
+  RCL_Instance refclock;
 
-  REF_GetReferenceParams(tv, &is_synchronised, &leap, &stratum,
+  REF_GetReferenceParams(ts, &is_synchronised, &leap, &stratum,
       &ref_id, &ref_time, &root_delay, &root_dispersion);
 
-  /* Don't change our stratum if local stratum is active
+  /* Don't change our stratum if the local reference is active
      or this is the current source */
-  if (ref_id == instance->ref_id || REF_IsLocalActive())
+  if (ref_id == instance->ref_id ||
+      (!is_synchronised && leap != LEAP_Unsynchronised))
     return stratum - 1;
 
   /* Or the current source is another PPS refclock */ 
-  for (i = 0; i < n_sources; i++) {
-    if (refclocks[i].ref_id == ref_id &&
-        refclocks[i].pps_rate && refclocks[i].lock_ref == -1)
+  for (i = 0; i < ARR_GetSize(refclocks); i++) {
+    refclock = get_refclock(i);
+    if (refclock->ref_id == ref_id &&
+        refclock->pps_active && refclock->lock_ref == -1)
       return stratum - 1;
   }
 
@@ -504,7 +562,6 @@ pps_stratum(RCL_Instance instance, struct timeval *tv)
 static void
 poll_timeout(void *arg)
 {
-  double next;
   int poll;
 
   RCL_Instance inst = (RCL_Instance)arg;
@@ -519,14 +576,14 @@ poll_timeout(void *arg)
   
   if (!(inst->driver->poll && inst->driver_polled < (1 << (inst->poll - inst->driver_poll)))) {
     double offset, dispersion;
-    struct timeval sample_time;
+    struct timespec sample_time;
     int sample_ok, stratum;
 
     sample_ok = filter_get_sample(&inst->filter, &sample_time, &offset, &dispersion);
     inst->driver_polled = 0;
 
     if (sample_ok) {
-      if (inst->pps_rate && inst->lock_ref == -1)
+      if (inst->pps_active && inst->lock_ref == -1)
         /* Handle special case when PPS is used with local stratum */
         stratum = pps_stratum(inst, &sample_time);
       else
@@ -535,6 +592,7 @@ poll_timeout(void *arg)
       SRC_UpdateReachability(inst->source, 1);
       SRC_AccumulateSample(inst->source, &sample_time, offset,
           inst->delay, dispersion, inst->delay, dispersion, stratum, inst->leap_status);
+      SRC_SelectSource(inst->source);
 
       log_sample(inst, &sample_time, 1, 0, 0.0, offset, dispersion);
     } else {
@@ -542,35 +600,34 @@ poll_timeout(void *arg)
     }
   }
 
-  if (poll >= 0)
-    next = 1 << poll;
-  else
-    next = 1.0 / (1 << -poll);
-
-  inst->timeout_id = SCH_AddTimeoutByDelay(next, poll_timeout, arg);
+  inst->timeout_id = SCH_AddTimeoutByDelay(UTI_Log2ToDouble(poll), poll_timeout, arg);
 }
 
 static void
-slew_samples(struct timeval *raw, struct timeval *cooked, double dfreq,
-             double doffset, int is_step_change, void *anything)
+slew_samples(struct timespec *raw, struct timespec *cooked, double dfreq,
+             double doffset, LCL_ChangeType change_type, void *anything)
 {
-  int i;
+  unsigned int i;
 
-  for (i = 0; i < n_sources; i++)
-    filter_slew_samples(&refclocks[i].filter, cooked, dfreq, doffset);
+  for (i = 0; i < ARR_GetSize(refclocks); i++) {
+    if (change_type == LCL_ChangeUnknownStep)
+      filter_reset(&get_refclock(i)->filter);
+    else
+      filter_slew_samples(&get_refclock(i)->filter, cooked, dfreq, doffset);
+  }
 }
 
 static void
 add_dispersion(double dispersion, void *anything)
 {
-  int i;
+  unsigned int i;
 
-  for (i = 0; i < n_sources; i++)
-    filter_add_dispersion(&refclocks[i].filter, dispersion);
+  for (i = 0; i < ARR_GetSize(refclocks); i++)
+    filter_add_dispersion(&get_refclock(i)->filter, dispersion);
 }
 
 static void
-log_sample(RCL_Instance instance, struct timeval *sample_time, int filtered, int pulse, double raw_offset, double cooked_offset, double dispersion)
+log_sample(RCL_Instance instance, struct timespec *sample_time, int filtered, int pulse, double raw_offset, double cooked_offset, double dispersion)
 {
   char sync_stats[4] = {'N', '+', '-', '?'};
 
@@ -580,7 +637,7 @@ log_sample(RCL_Instance instance, struct timeval *sample_time, int filtered, int
   if (!filtered) {
     LOG_FileWrite(logfileid, "%s.%06d %-5s %3d %1c %1d %13.6e %13.6e %10.3e",
       UTI_TimeToLogForm(sample_time->tv_sec),
-      (int)sample_time->tv_usec,
+      (int)sample_time->tv_nsec / 1000,
       UTI_RefidToString(instance->ref_id),
       instance->driver_polled,
       sync_stats[instance->leap_status],
@@ -591,7 +648,7 @@ log_sample(RCL_Instance instance, struct timeval *sample_time, int filtered, int
   } else {
     LOG_FileWrite(logfileid, "%s.%06d %-5s   - %1c -       -       %13.6e %10.3e",
       UTI_TimeToLogForm(sample_time->tv_sec),
-      (int)sample_time->tv_usec,
+      (int)sample_time->tv_nsec / 1000,
       UTI_RefidToString(instance->ref_id),
       sync_stats[instance->leap_status],
       cooked_offset,
@@ -600,7 +657,7 @@ log_sample(RCL_Instance instance, struct timeval *sample_time, int filtered, int
 }
 
 static void
-filter_init(struct MedianFilter *filter, int length)
+filter_init(struct MedianFilter *filter, int length, double max_dispersion)
 {
   if (length < 1)
     length = 1;
@@ -612,6 +669,7 @@ filter_init(struct MedianFilter *filter, int length)
   /* set first estimate to system precision */
   filter->avg_var_n = 0;
   filter->avg_var = LCL_GetSysPrecisionAsQuantum() * LCL_GetSysPrecisionAsQuantum();
+  filter->max_var = max_dispersion * max_dispersion;
   filter->samples = MallocArray(struct FilterSample, filter->length);
   filter->selected = MallocArray(int, filter->length);
   filter->x_data = MallocArray(double, filter->length);
@@ -643,7 +701,7 @@ filter_get_avg_sample_dispersion(struct MedianFilter *filter)
 }
 
 static void
-filter_add_sample(struct MedianFilter *filter, struct timeval *sample_time, double offset, double dispersion)
+filter_add_sample(struct MedianFilter *filter, struct timespec *sample_time, double offset, double dispersion)
 {
   filter->index++;
   filter->index %= filter->length;
@@ -654,10 +712,13 @@ filter_add_sample(struct MedianFilter *filter, struct timeval *sample_time, doub
   filter->samples[filter->index].sample_time = *sample_time;
   filter->samples[filter->index].offset = offset;
   filter->samples[filter->index].dispersion = dispersion;
+
+  DEBUG_LOG(LOGF_Refclock, "filter sample %d t=%s offset=%.9f dispersion=%.9f",
+      filter->index, UTI_TimespecToString(sample_time), offset, dispersion);
 }
 
 static int
-filter_get_last_sample(struct MedianFilter *filter, struct timeval *sample_time, double *offset, double *dispersion)
+filter_get_last_sample(struct MedianFilter *filter, struct timespec *sample_time, double *offset, double *dispersion)
 {
   if (filter->last < 0)
     return 0;
@@ -668,6 +729,12 @@ filter_get_last_sample(struct MedianFilter *filter, struct timeval *sample_time,
   return 1;
 }
 
+static int
+filter_get_samples(struct MedianFilter *filter)
+{
+  return filter->used;
+}
+
 static const struct FilterSample *tmp_sorted_array;
 
 static int
@@ -770,7 +837,7 @@ filter_select_samples(struct MedianFilter *filter)
 }
 
 static int
-filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, double *offset, double *dispersion)
+filter_get_sample(struct MedianFilter *filter, struct timespec *sample_time, double *offset, double *dispersion)
 {
   struct FilterSample *s, *ls;
   int i, n, dof;
@@ -787,7 +854,7 @@ filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, doub
   for (i = 0; i < n; i++) {
     s = &filter->samples[filter->selected[i]];
 
-    UTI_DiffTimevalsToDouble(&filter->x_data[i], &s->sample_time, &ls->sample_time);
+    filter->x_data[i] = UTI_DiffTimespecsToDouble(&s->sample_time, &ls->sample_time);
     filter->y_data[i] = s->offset;
     filter->w_data[i] = s->dispersion;
   }
@@ -802,8 +869,6 @@ filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, doub
   y /= n;
   e /= n;
 
-  e -= sqrt(filter->avg_var);
-
   if (n >= 4) {
     double b0, b1, s2, sb0, sb1;
 
@@ -836,6 +901,13 @@ filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, doub
     d = sqrt(var);
   }
 
+  /* drop the sample if variance is larger than allowed maximum */
+  if (filter->max_var > 0.0 && var > filter->max_var) {
+    DEBUG_LOG(LOGF_Refclock, "filter dispersion too large disp=%.9f max=%.9f",
+        sqrt(var), sqrt(filter->max_var));
+    return 0;
+  }
+
   prev_avg_var = filter->avg_var;
 
   /* update exponential moving average of the variance */
@@ -857,7 +929,7 @@ filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, doub
   if (d < e)
     d = e;
 
-  UTI_AddDoubleToTimeval(&ls->sample_time, x, sample_time);
+  UTI_AddDoubleToTimespec(&ls->sample_time, x, sample_time);
   *offset = y;
   *dispersion = d;
 
@@ -867,23 +939,27 @@ filter_get_sample(struct MedianFilter *filter, struct timeval *sample_time, doub
 }
 
 static void
-filter_slew_samples(struct MedianFilter *filter, struct timeval *when, double dfreq, double doffset)
+filter_slew_samples(struct MedianFilter *filter, struct timespec *when, double dfreq, double doffset)
 {
-  int i;
-  double delta_time, prev_offset;
-  struct timeval *sample;
+  int i, first, last;
+  double delta_time;
+  struct timespec *sample;
 
-  for (i = 0; i < filter->used; i++) {
+  if (filter->last < 0)
+    return;
+
+  /* always slew the last sample as it may be needed by PPS refclocks */
+  if (filter->used > 0) {
+    first = 0;
+    last = filter->used - 1;
+  } else {
+    first = last = filter->last;
+  }
+
+  for (i = first; i <= last; i++) {
     sample = &filter->samples[i].sample_time;
-    UTI_AdjustTimeval(sample, when, sample, &delta_time, dfreq, doffset);
-    prev_offset = filter->samples[i].offset;
+    UTI_AdjustTimespec(sample, when, sample, &delta_time, dfreq, doffset);
     filter->samples[i].offset -= delta_time;
-#if 0
-    LOG(LOGS_INFO, LOGF_Refclock, "i=%d old_off=%.9f new_off=%.9f",
-        i, prev_offset, filter->samples[i].offset);
-#else
-    (void)prev_offset;
-#endif
   }
 }
 

refclock.h

@@ -38,12 +38,16 @@ typedef struct {
   int poll;
   int filter_length;
   int pps_rate;
+  int min_samples;
+  int max_samples;
+  int sel_options;
+  int max_lock_age;
   uint32_t ref_id;
   uint32_t lock_ref_id;
   double offset;
   double delay;
   double precision;
-  SRC_SelectOption sel_option;
+  double max_dispersion;
 } RefclockParameters;
 
 typedef struct RCL_Instance_Record *RCL_Instance;
@@ -58,15 +62,14 @@ extern void RCL_Initialise(void);
 extern void RCL_Finalise(void);
 extern int RCL_AddRefclock(RefclockParameters *params);
 extern void RCL_StartRefclocks(void);
-extern void RCL_StartRefclocks(void);
-extern void RCL_ReportSource(RPT_SourceReport *report, struct timeval *now);
+extern void RCL_ReportSource(RPT_SourceReport *report, struct timespec *now);
 
 /* functions used by drivers */
 extern void RCL_SetDriverData(RCL_Instance instance, void *data);
 extern void *RCL_GetDriverData(RCL_Instance instance);
 extern char *RCL_GetDriverParameter(RCL_Instance instance);
 extern char *RCL_GetDriverOption(RCL_Instance instance, char *name);
-extern int RCL_AddSample(RCL_Instance instance, struct timeval *sample_time, double offset, int leap);
-extern int RCL_AddPulse(RCL_Instance instance, struct timeval *pulse_time, double second);
+extern int RCL_AddSample(RCL_Instance instance, struct timespec *sample_time, double offset, int leap);
+extern int RCL_AddPulse(RCL_Instance instance, struct timespec *pulse_time, double second);
 
 #endif

refclock_phc.c

@@ -0,0 +1,186 @@
+/*
+  chronyd/chronyc - Programs for keeping computer clocks accurate.
+
+ **********************************************************************
+ * Copyright (C) Miroslav Lichvar  2013
+ * 
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ * 
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ * 
+ **********************************************************************
+
+  =======================================================================
+
+  PTP hardware clock (PHC) refclock driver.
+
+  */
+
+#include "config.h"
+
+#include "refclock.h"
+
+#ifdef FEAT_PHC
+
+#include "sysincl.h"
+
+#include <linux/ptp_clock.h>
+
+#include "refclock.h"
+#include "logging.h"
+#include "util.h"
+
+/* From linux/include/linux/posix-timers.h */
+#define CPUCLOCK_MAX            3
+#define CLOCKFD                 CPUCLOCK_MAX
+#define CLOCKFD_MASK            (CPUCLOCK_PERTHREAD_MASK|CPUCLOCK_CLOCK_MASK)
+
+#define FD_TO_CLOCKID(fd)       ((~(clockid_t) (fd) << 3) | CLOCKFD)
+
+#define NUM_READINGS 10
+
+static int no_sys_offset_ioctl = 0;
+
+struct phc_reading {
+  struct timespec sys_ts1;
+  struct timespec phc_ts;;
+  struct timespec sys_ts2;
+};
+
+static int read_phc_ioctl(struct phc_reading *readings, int phc_fd, int n)
+{
+#if defined(PTP_SYS_OFFSET) && NUM_READINGS <= PTP_MAX_SAMPLES
+  struct ptp_sys_offset sys_off;
+  int i;
+
+  /* Silence valgrind */
+  memset(&sys_off, 0, sizeof (sys_off));
+
+  sys_off.n_samples = n;
+  if (ioctl(phc_fd, PTP_SYS_OFFSET, &sys_off)) {
+    LOG(LOGS_ERR, LOGF_Refclock, "ioctl(PTP_SYS_OFFSET) failed : %s", strerror(errno));
+    return 0;
+  }
+
+  for (i = 0; i < n; i++) {
+    readings[i].sys_ts1.tv_sec = sys_off.ts[i * 2].sec;
+    readings[i].sys_ts1.tv_nsec = sys_off.ts[i * 2].nsec;
+    readings[i].phc_ts.tv_sec = sys_off.ts[i * 2 + 1].sec;
+    readings[i].phc_ts.tv_nsec = sys_off.ts[i * 2 + 1].nsec;
+    readings[i].sys_ts2.tv_sec = sys_off.ts[i * 2 + 2].sec;
+    readings[i].sys_ts2.tv_nsec = sys_off.ts[i * 2 + 2].nsec;
+  }
+
+  return 1;
+#else
+  /* Not available */
+  return 0;
+#endif
+}
+
+static int read_phc_user(struct phc_reading *readings, int phc_fd, int n)
+{
+  clockid_t phc_id;
+  int i;
+
+  phc_id = FD_TO_CLOCKID(phc_fd);
+
+  for (i = 0; i < n; i++) {
+    if (clock_gettime(CLOCK_REALTIME, &readings[i].sys_ts1) ||
+        clock_gettime(phc_id, &readings[i].phc_ts) ||
+        clock_gettime(CLOCK_REALTIME, &readings[i].sys_ts2)) {
+      LOG(LOGS_ERR, LOGF_Refclock, "clock_gettime() failed : %s", strerror(errno));
+      return 0;
+    }
+  }
+
+  return 1;
+}
+
+static int phc_initialise(RCL_Instance instance)
+{
+  struct ptp_clock_caps caps;
+  int phc_fd;
+  char *path;
+
+  path = RCL_GetDriverParameter(instance);
+ 
+  phc_fd = open(path, O_RDONLY);
+  if (phc_fd < 0) {
+    LOG_FATAL(LOGF_Refclock, "open() failed on %s", path);
+    return 0;
+  }
+
+  /* Make sure it is a PHC */
+  if (ioctl(phc_fd, PTP_CLOCK_GETCAPS, &caps)) {
+    LOG_FATAL(LOGF_Refclock, "ioctl(PTP_CLOCK_GETCAPS) failed : %s", strerror(errno));
+    return 0;
+  }
+
+  UTI_FdSetCloexec(phc_fd);
+
+  RCL_SetDriverData(instance, (void *)(long)phc_fd);
+  return 1;
+}
+
+static void phc_finalise(RCL_Instance instance)
+{
+  close((long)RCL_GetDriverData(instance));
+}
+
+static int phc_poll(RCL_Instance instance)
+{
+  struct phc_reading readings[NUM_READINGS];
+  double offset = 0.0, delay, best_delay = 0.0;
+  int i, phc_fd, best;
+ 
+  phc_fd = (long)RCL_GetDriverData(instance);
+
+  if (!no_sys_offset_ioctl) {
+    if (!read_phc_ioctl(readings, phc_fd, NUM_READINGS)) {
+      no_sys_offset_ioctl = 1;
+      return 0;
+    }
+  } else {
+    if (!read_phc_user(readings, phc_fd, NUM_READINGS))
+      return 0;
+  }
+
+  /* Find the fastest reading */
+  for (i = 0; i < NUM_READINGS; i++) {
+    delay = UTI_DiffTimespecsToDouble(&readings[i].sys_ts2, &readings[i].sys_ts1);
+
+    if (!i || best_delay > delay) {
+      best = i;
+      best_delay = delay;
+    }
+  }
+
+  offset = UTI_DiffTimespecsToDouble(&readings[best].phc_ts, &readings[best].sys_ts2) +
+           best_delay / 2.0;
+
+  DEBUG_LOG(LOGF_Refclock, "PHC offset: %+.9f delay: %.9f", offset, best_delay);
+
+  return RCL_AddSample(instance, &readings[best].sys_ts2, offset, LEAP_Normal);
+}
+
+RefclockDriver RCL_PHC_driver = {
+  phc_initialise,
+  phc_finalise,
+  phc_poll
+};
+
+#else
+
+RefclockDriver RCL_PHC_driver = { NULL, NULL, NULL };
+
+#endif