DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 17:45:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: DWS:4.0
Branches Tags
DWS:master DWS:3.5-stable DWS:2.4-stable DWS:1.31-security DWS:2.2-security DWS:1.29-security DWS:1.23-security
DWS:4.8 DWS:4.8-pre1 DWS:4.7 DWS:4.7-pre1 DWS:4.6.1 DWS:4.6 DWS:4.6-pre1 DWS:4.5 DWS:4.5-pre1 DWS:4.4 DWS:4.4-pre2 DWS:4.4-pre1 DWS:4.3 DWS:4.3-pre1 DWS:4.2 DWS:4.2-pre1 DWS:4.1 DWS:4.1-pre1 DWS:4.0 DWS:4.0-pre4 DWS:4.0-pre3 DWS:3.5.1 DWS:4.0-pre2 DWS:4.0-pre1 DWS:3.5 DWS:3.5-pre1 DWS:3.4 DWS:3.4-pre1 DWS:3.3 DWS:3.3-pre1 DWS:3.2 DWS:3.2-pre2 DWS:3.2-pre1 DWS:3.1 DWS:3.1-pre1 DWS:3.0 DWS:3.0-pre3 DWS:3.0-pre2 DWS:3.0-pre1 DWS:2.4.1 DWS:2.4 DWS:2.4-pre1 DWS:2.3 DWS:2.3-pre1 DWS:1.31.2 DWS:2.2.1 DWS:2.2 DWS:2.2-pre2 DWS:2.2-pre1 DWS:2.1.1 DWS:2.1 DWS:2.1-pre1 DWS:2.0 DWS:2.0-pre2 DWS:1.31.1 DWS:2.0-pre1 DWS:1.31 DWS:1.31-pre1 DWS:1.30 DWS:1.30-pre1 DWS:1.29.1 DWS:1.29 DWS:1.28 DWS:1.28-pre1 DWS:1.27 DWS:1.27-pre1 DWS:1.26 DWS:1.26-pre1 DWS:1.25 DWS:1.25-pre2 DWS:1.25-pre1 DWS:1.24 DWS:1.23.1 DWS:1.24-pre1 DWS:1.23 DWS:1.23-pre1 DWS:mandriva-1.22 DWS:1.21 DWS:1.20
...
compare: DWS:4.1-pre1
Branches Tags
DWS:master DWS:3.5-stable DWS:2.4-stable DWS:1.31-security DWS:2.2-security DWS:1.29-security DWS:1.23-security
DWS:4.8 DWS:4.8-pre1 DWS:4.7 DWS:4.7-pre1 DWS:4.6.1 DWS:4.6 DWS:4.6-pre1 DWS:4.5 DWS:4.5-pre1 DWS:4.4 DWS:4.4-pre2 DWS:4.4-pre1 DWS:4.3 DWS:4.3-pre1 DWS:4.2 DWS:4.2-pre1 DWS:4.1 DWS:4.1-pre1 DWS:4.0 DWS:4.0-pre4 DWS:4.0-pre3 DWS:3.5.1 DWS:4.0-pre2 DWS:4.0-pre1 DWS:3.5 DWS:3.5-pre1 DWS:3.4 DWS:3.4-pre1 DWS:3.3 DWS:3.3-pre1 DWS:3.2 DWS:3.2-pre2 DWS:3.2-pre1 DWS:3.1 DWS:3.1-pre1 DWS:3.0 DWS:3.0-pre3 DWS:3.0-pre2 DWS:3.0-pre1 DWS:2.4.1 DWS:2.4 DWS:2.4-pre1 DWS:2.3 DWS:2.3-pre1 DWS:1.31.2 DWS:2.2.1 DWS:2.2 DWS:2.2-pre2 DWS:2.2-pre1 DWS:2.1.1 DWS:2.1 DWS:2.1-pre1 DWS:2.0 DWS:2.0-pre2 DWS:1.31.1 DWS:2.0-pre1 DWS:1.31 DWS:1.31-pre1 DWS:1.30 DWS:1.30-pre1 DWS:1.29.1 DWS:1.29 DWS:1.28 DWS:1.28-pre1 DWS:1.27 DWS:1.27-pre1 DWS:1.26 DWS:1.26-pre1 DWS:1.25 DWS:1.25-pre2 DWS:1.25-pre1 DWS:1.24 DWS:1.23.1 DWS:1.24-pre1 DWS:1.23 DWS:1.23-pre1 DWS:mandriva-1.22 DWS:1.21 DWS:1.20

90 Commits
4.0 ... 4.1-pre1

Author SHA1 Message Date
Miroslav Lichvar
9d869d8709 doc: update NEWS 2021-04-22 10:44:50 +02:00
Miroslav Lichvar
4f94e22b4b doc: update README 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
d9b720471d ntp: fix address in error message 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
039b388c82 nameserv: avoid sockaddr_in6 with disabled IPv6 support 
Fixes: 10c760a80c ("nameserv: require getaddrinfo() and getnameinfo()")
 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
3f6528da77 test: extend 129-reload test 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
4f43c060a3 sources: fix loading of refclock dump files 
Allow zero stratum in loaded dump files.

Fixes: f8610d69f0 ("sources: improve handling of dump files and their format")
 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
3e55fe6919 sources: don't print NULL string to dump file 
For reference clocks, which don't have a name, print "." instead of
NULL.

Fixes: f8610d69f0 ("sources: improve handling of dump files and their format")
 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
754097944b nts: handle negotiated server as FQDN 
The NTS RFC requires the recipient of the Server Negotiation NTS-KE
record to handle the name as a fully qualified domain name. Add a
trailing dot if not present to force the name to be resolved as one.
 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
dd6a25edf2 test: extend 106-refclock test 2021-04-22 10:20:31 +02:00
Miroslav Lichvar
e697833976 doc: improve description of allow directive 
Prefer CIDR notation, clarify use of hostnames and order of allow/deny
directives, refer to the accheck command.
 2021-04-22 10:20:31 +02:00
Bryan Christianson
40d80624f6 sys_timex: remove workaround for broken ntp_adjtime on macOS 
Early beta releases of macOS Big Sur had a signed/unsigned error in
Apple's implementation of ntp_adjtime. Apple have since fixed this error
and the workaround is no longer required.
 2021-04-20 15:30:47 +02:00
Miroslav Lichvar
9a716cc284 doc: improve FAQ 2021-04-15 15:17:13 +02:00
Miroslav Lichvar
13a78ecd2f conf: require sourcedir files to be terminated by newline 
When reading a *.sources file require that each line is termined by the
newline character to avoid processing an unfinished line, e.g. due to an
unexpected call of the reload command when the file is being written in
place.
 2021-04-15 15:17:13 +02:00
Miroslav Lichvar
a9f0c681cb test: make system tests more reliable 2021-04-15 15:17:13 +02:00
Miroslav Lichvar
862aa285a2 test: update and extend 110-chronyc test 2021-04-15 15:17:13 +02:00
Miroslav Lichvar
84d2811800 ntp: add copy option 
When separate client and server instances of chronyd are running on one
computer (e.g. for security or performance reasons) and are synchronized
to each other, the server instance provides a reference ID based on the
local address used for synchronization of its NTP clock, which breaks
detection of synchronization loops for its own clients.

Add a "copy" option to specify that the server and client are closely
related, no loop can form between them, and the client should assume the
reference ID and stratum of the server to fix detection of loops between
the server and clients of the client.
 2021-04-15 15:17:13 +02:00
Miroslav Lichvar
635a9d3f5a ntp: clamp remote stratum 
Don't set the remote stratum (used for polling adjustments) to values
larger than 16.
 2021-04-15 15:17:13 +02:00
Miroslav Lichvar
81f7f6ddf0 ntp: don't update source status with unsynchronized data 
Don't update the leap and stratum used in source selection if they
indicate an unsynchronized source.

Fixes: 2582be8754 ("sources: separate update of leap status")
 2021-04-15 15:16:39 +02:00
Uwe Kleine-König
aa22c515ce refclock: drop return after LOG_FATAL 
The LOG_FATAL macro expands to (emitting the message and then) exit(1).
So a return after LOG_FATAL isn't reached. Drop all those to simplify
the code a bit.
 2021-04-12 09:24:07 +02:00
Miroslav Lichvar
2ca2c85365 ntp: fix loop test for special reference modes 
It is not sufficient to check for disabled server sockets as they are
not open only after the special reference modes end (e.g. initstepslew).

Fixes: 004986310d ("ntp: skip loop test if no server socket is open")
 2021-04-07 17:14:22 +02:00
Foster Snowhill
966e6fd939 sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp 
This system call is required by the DSCP marking feature introduced in commit
6a5665ca58 ("conf: add dscp directive").

Before this change, enabling seccomp filtering (chronyd -F 1) and specifying a
custom DSCP value in the configuration (for example "dscp 46") caused the
process to be killed by seccomp due to IP_TOS not being allowed by the filter.

Tested before and after the change on Ubuntu 21.04, kernel 5.11.0-13-generic.
IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it.

Signed-off-by: Foster Snowhill <forst@forstwoof.ru>
 2021-04-07 17:14:22 +02:00
Miroslav Lichvar
4f0dd72cf0 doc: improve chrony.conf man page 2021-04-07 17:14:22 +02:00
Miroslav Lichvar
69aa2eff99 doc: improve FAQ 
Add new questions, fix typos and version-specific information.
 2021-04-07 17:14:09 +02:00
Miroslav Lichvar
3e1ec36ca5 test: extend 103-initstepslew test 2021-04-07 16:55:38 +02:00
Miroslav Lichvar
224ab8ddb1 test: enable valgrind in more tests 2021-03-24 17:50:33 +01:00
Miroslav Lichvar
307c2ec70f test: extend 106-refclock test 2021-03-18 17:41:36 +01:00
Miroslav Lichvar
5381fb4ee9 refclock: increase PPS lock limit 
Increase the maximum acceptable offset of the PPS lock reference from
20% to 40% of the PPS interval to not require the refclock offset to be
specified in configuration so accurately, or enable operation with a
highly unstable reference clock.
 2021-03-18 17:41:28 +01:00
Miroslav Lichvar
3812ec2aa2 declare variables set from signal handlers as volatile 
Make sure variables set from signal handlers are not cached in
registers.
 2021-03-18 17:38:18 +01:00
Kamil Dudka
4e7690ebec configure: use well-known file name conftest.c 
... for configuration checks.  Compiler wrappers check for this name
in order to skip any instrumentation of the build that is intended
for regular source files only.
 2021-03-15 10:42:48 +01:00
Miroslav Lichvar
cf3d976a68 test: extend ntp_sources unit test 2021-03-11 11:47:48 +01:00
Miroslav Lichvar
26fc28c056 test: drop logging suspension 
Instead of selectively suspending logging by redirecting messages to
/dev/null, increase the default minimum log severity to FATAL. In the
debug mode, all messages are printed.
 2021-03-11 11:47:31 +01:00
Miroslav Lichvar
d2117ab697 cmdmon: return error if doffset command fails 2021-03-04 17:26:00 +01:00
Miroslav Lichvar
52b29f673f cmdmon: convert doffset request to float 2021-03-04 17:26:00 +01:00
Miroslav Lichvar
e86b60a9d7 local: return status from offset accumulation 
Change the functions accumulating offset to return success or failure.
 2021-03-04 17:26:00 +01:00
Miroslav Lichvar
53501b743f client: report invalid values in doffset and dfreq commands 2021-03-04 17:26:00 +01:00
Miroslav Lichvar
c61ddb70da test: extend util unit test 2021-03-04 17:26:00 +01:00
Miroslav Lichvar
9339766bfe test: use env shebang in all bash scripts 
This allows the scripts to be executed on systems that don't have bash
in /bin. This fixes "make check".
 2021-03-04 12:36:36 +01:00
Miroslav Lichvar
f60410016a test: extend 007-cmdmon system test 2021-03-04 12:36:36 +01:00
Miroslav Lichvar
7a02371698 util: require inet_pton() 
Always use inet_pton() for converting IP addresses. It should be
available on all currently supported systems.
 2021-03-04 12:36:36 +01:00
Miroslav Lichvar
579d8c9907 nameserv: avoid unnecessary getaddrinfo() calls 
Check if the name passed to DNS_Name2IPAddress() is an IP address
before calling getaddrinfo(), which can be much slower and work
differently on different systems.
 2021-03-04 12:36:36 +01:00
Miroslav Lichvar
10c760a80c nameserv: require getaddrinfo() and getnameinfo() 
Remove support for the long-deprecated gethostbyname() and
gethostbyaddr() functions.
 2021-03-04 12:36:36 +01:00
Miroslav Lichvar
2d39a12f51 cmdmon: fix responding to IPv4 addresses on FreeBSD 
On FreeBSD, the source address cannot be specified when sending a
message on a socket bound to a non-any IPv4 address, e.g. in default
configuration 127.0.0.1. In this case, make the address unspecified.

This is similar to commit 6af39d63aa ("ntp: don't use IP_SENDSRCADDR
on bound socket").

Fixes: f06c1cfa97 ("cmdmon: respond from same address")
 2021-03-04 12:36:36 +01:00
Miroslav Lichvar
517b1ae29a main: suppress info messages with -p option 
Log (to stderr) only warnings and higher when printing the
configuration to suppress the "chronyd starting" message.
 2021-03-04 12:36:23 +01:00
Miroslav Lichvar
b7347d931b sys_linux: check if statx syscall is defined 
statx seems to be missing in older kernel and libseccomp headers, still
used on some supported systems.
 2021-03-03 10:04:07 +01:00
Miroslav Lichvar
4f878ba144 main: warn if running with root privileges 
Log a warning message if the main process has not dropped the root
privileges, i.e. when the compiled-in user or user specified by the user
directive or -u option is root.
 2021-02-25 17:06:14 +01:00
Miroslav Lichvar
8acdb5d1e2 refclock: warn if lock refid is invalid 
Log a warning message if the specified lock refid doesn't match any
existing refclock or it matches the refclock which has the lock option
itself.
 2021-02-25 17:06:13 +01:00
Miroslav Lichvar
62f2d5736d refclock: warn if maxlockage is too small 
Log a warning message if the interval covered by the maxlockage at the
PPS rate of a refclock is shorter than driver poll of the locked
refclock.

Reported-by: Matt Corallo <ntp-lists@mattcorallo.com>
 2021-02-25 17:06:10 +01:00
Miroslav Lichvar
dc22df93f5 ntp: restart resolving on online command 
If the online command is received when the resolver is running, start
it again as soon as it finishes instead of waiting for the timer.

This should reduce the time needed to get all sources resolved on boot
if chronyd is started before the network is online and the chronyc
online command is issued before the first round of resolving can finish,
e.g. due to an unreachable DNS server in resolv.conf.
 2021-02-25 17:02:58 +01:00
Miroslav Lichvar
d898bd246b test: extend 139-nts test 2021-02-18 17:44:04 +01:00
Miroslav Lichvar
ebf0ff2c0d cmdmon: set certset for new sources 
Add the new certset option to the cmdmon protocol.
 2021-02-18 17:44:04 +01:00
Miroslav Lichvar
cc77b0e9fd conf: add certset option to NTP sources 
Allow the set of trusted certificates to be selected for each NTP
source individually.
 2021-02-18 17:44:04 +01:00
Miroslav Lichvar
a8bc25e543 conf: add set selection to ntstrustedcerts 
Add an optional set-ID argument to the ntstrustedcerts directive to
enable multiple sets of trusted certificates to be specified.
 2021-02-18 17:44:04 +01:00
Miroslav Lichvar
6615bb1b78 nts: add support for multiple sets of trusted certificates 
Modify the session, NTS-KE, and NTS-NTP code to support multiple sets of
trusted certificates and identify the sets by a 32-bit ID.
 2021-02-18 17:44:04 +01:00
Miroslav Lichvar
f650b8c515 configure: check for O_NOFOLLOW flag 
If the O_NOFOLLOW flag used by open() is not defined, try it with
_GNU_SOURCE. This is needed with glibc-2.11 and earlier.

Reported-by: Marius Rohde <marius.rohde@meinberg.de>
 2021-02-16 13:59:41 +01:00
Christian Ehrhardt
ae2e0318d1 sys_linux: allow statx and fstatat64 in seccomp filter 
With glibc 2.33 on armhf statx and fstatat64 are triggered.
Allow this call to un-break chrony on such platforms.

Without this e.g. test 005-scfilter fails and with ltrace -rTS reports:
a)
  0.001684 SYS_397(11, 0xf75def08, 6144, 2047 <no return ...>
  0.759239 +++ killed by SIGSYS +++
b)
  0.003749 SYS_327(-100, 0xffdbcc3c, 0xffdbcb50, 0)
  0.000821 --- SIGSYS (Bad system call) ---

Current armhf syscalls from:
https://github.com/torvalds/linux/blob/v5.10/arch/arm/tools/syscall.tbl

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
 2021-02-12 11:01:22 +01:00
Miroslav Lichvar
26ce610155 nts: allow ntstrustedcerts to specify directory 
If the specified path is a directory, load all certificates in the
directory.
 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
316d47e3b4 nts: allow multiple files with trusted certificates 
Allow the ntstrustedcerts directive to be specified multiple times.
 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
90557cf1ba nts: allow multiple server keys and certificates 
Allow the ntsservercert and ntsserverkey directives to be specified
multiple times to enable the NTS-KE server to operate under multiple
names.
 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
80e627c86b nts: define type for credentials 
Add a NKSN_Credentials type to avoid referring to it as void *.
 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
0e4995e10b nts: split creating server and client credentials 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
a598983f9b client: fix sourcename command to accept ID addresses 
Fix the command to print the name corresponding to an unresolved
address.
 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
27641876c5 ntp: simplify NSR_Finalise() 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
4d139eeca6 ntp: limit number of sources 
Don't rely on assertions and running out of memory to terminate if
an extremely large number of sources is added. Set the maximum number
to 65536 to have a practical limit where chronyd still has a chance to
appear functional with some operations having a quadratic time
complexity.
 2021-02-11 16:13:39 +01:00
Miroslav Lichvar
3f2806c19c nts: reset NTP address/port if removed in NTS-KE 
When an NTS-KE server stops providing the NTP address or port, change
them to the original values to avoid the client getting stuck
with a non-responding address/port.
 2021-02-11 15:24:12 +01:00
Miroslav Lichvar
e297df78e4 nts: load cookies early 
Instead of waiting for the first request, try to load the cookies as
soon as the instance is created, or the NTS address is changed.

This enables loading of dump files for servers that are negotiated in
NTS-KE.
 2021-02-11 09:52:57 +01:00
Miroslav Lichvar
c1d56ede3f nts: rework update of NTP server address 
In the NTS-NTP client instance, maintain a local copy of the NTP address
instead of using a pointer to the NCR's address, which may change at
unexpected times.

Also, change the NNC_CreateInstance() to accept only the NTP port to
make it clear the initial NTP address is the same as the NTS-KE address
and to make it consistent with NNC_ChangeAddress(), which accepts only
one address.
 2021-02-11 09:52:57 +01:00
Miroslav Lichvar
2e52aca3bf ntp: avoid recursive update of address 
Allow NSR_UpdateSourceNtpAddress() to be (indirectly) called from
NCR_CreateInstance() and NCR_ChangeRemoteAddress(). In these cases, save
the addresses and make the update later when the function calls return.
 2021-02-11 09:52:57 +01:00
Miroslav Lichvar
b0fc5832f4 ntp: require port match in address update 
In NSR_UpdateSourceNtpAddress() and other updates of the address require
that the old port matches the current source's port.
 2021-02-11 09:52:57 +01:00
Miroslav Lichvar
cf6af112e1 test: extend 129-reload test 2021-02-04 17:48:51 +01:00
Miroslav Lichvar
fa3052e776 sources: set reference after loading dump files 
After loading the dump files with the -r option, immediately perform a
source selection with forced setting of the reference. This shortens the
interval when a restarted server doesn't respond with synchronized time.
It no longer needs to wait for the first measurement from the best
source (which had to pass all the filters).
 2021-02-04 17:48:47 +01:00
Miroslav Lichvar
f8610d69f0 sources: improve handling of dump files and their format 
Check for write errors when saving dump files. Don't save files with no
samples. Add more sanity checks for loaded data.

Extend the file format to include an identifier, the reachability
register, leap status, name, and authentication flag. Avoid loading
unauthenticated data after switching authentication on. Change format
and order of some fields to simplify parsing. Drop fields that were kept
only for compatibility.

The dump files now contain all information needed to perform the source
selection and update the reference.

There is no support kept for the old file format. Loading of old dump
files will fail after upgrading to new version.
 2021-02-04 17:44:27 +01:00
Miroslav Lichvar
1a8dcce84f sources: update stratum with leap status 
Remove stratum from the NTP sample and update it together with the leap
status. This enables a faster update when samples are dropped by the NTP
filters.
 2021-02-04 17:43:47 +01:00
Miroslav Lichvar
f74eb67567 sourcestats: move stratum to sources 
The stratum value is not needed in sourcestats. Keep it in the source
itself.
 2021-02-04 17:43:29 +01:00
Miroslav Lichvar
144fcdde34 main: fix typo in comment 2021-02-03 17:51:47 +01:00
Miroslav Lichvar
3cef7f975c main: cancel clock correction before dumping sources 
On exit, cancel the remaining clock correction before measurements are
saved to dumpdir to fix them for the state in which chronyd will start
again.
 2021-02-03 11:06:00 +01:00
Baruch Siach
a2372b0c3a sys_linux: fix build with older kernel headers 
The renameat2 system call was introduced in kernel version 3.15. Fix
build against older headers.
 2021-01-28 15:32:03 +01:00
Miroslav Lichvar
362d7c517d test: improve NTS tests 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
62389b7e50 nts: support servers specified by IP address 
Certificates can include IP addresses as alternative names to enable
clients to verify such certificates without knowing the hostname.

Accept an IP address as a name in the NTS-NTP client and modify the
session code to not set the SNI in this case.
 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
eb9e6701fd ntp: allow replacement of sources specified by IP address 
For sources specified by an IP address, keep the original address as the
source's name and pass it to the NCR instance. Allow the sources to go
through the replacement process if their address has changed.

This will be useful with NTS-KE negotiation.

The IP-based source names are now provided via cmdmon. This means
chronyc -n and -N can show two different addresses for a source.
 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
b585954b21 ntp: fix NULL pointer 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
82ddc6a883 test: support ss as netstat replacement 
netstat is considered obsolete on Linux. It is replaced by ss from
iproute. Support both tools for the test port selection.
 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
624b76e86e test: fix port selection to disable grep output 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
4dd0aece02 test: make 120-selectoptions more reliable 
Remove packet interval checks with long delays as the tests are much
more likely to end when the client is waiting for a response. Increase
the base delay to make selection with two sources more reliable.

Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
e85fb0c25e socket: add debug message for unexpected control message 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
fc8783a933 socket: check length of received control messages 
Make sure each processed control messages has the expected length.
Beside improved safety, this should prevent potential issues with broken
timestamps on systems that support both 64-bit and 32-bit time_t.
 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
e7897eb9cc sched: stop dispatching timeouts on exit 
Check in the dispatch loop whether the need_to_exit flag was set.
 2021-01-14 18:17:48 +01:00
Miroslav Lichvar
59e8b79034 sched: improve infinite loop detection 
The "infinite loop in scheduling" fatal error was observed on a system
running out of memory. Presumably, the execution of the process slowed
down due to memory thrashing so much that the dispatching loop wasn't
able to break with a single server polled at a 16-second interval.

To allow recovery in such a case, require for the error more than
20 handled timeouts and a rate higher than 100 per second.

Reported-by: Jamie Gruener <jamie.gruener@biospatial.io>
 2021-01-14 18:17:39 +01:00
Michael Witten
fb7475bf59 rtc: log error message when driver initialisation fails 2020-12-15 10:49:07 +01:00
Michael Witten
cd98516cae doc: diagnose problem with RTC interrupts on Linux 
This commit updates the FAQ with a new entry.

chronyd's Linux RTC driver (rtc_linux.c) requires the following ioctl
requests to be functional:

  RTC_UIE_ON
  RTC_UIE_OFF

However, a Linux system's RTC driver does not necessarily implement them,
as noted in these previous commits:

  d66b2f2b24
  rtc: handle RTCs that don't support interrupts
  Tue Dec 10 17:45:28 2019 +0100

  bff3f51d13
  rtc: extend check for RTCs that don't support interrupts
  Thu Dec 12 12:50:19 2019 +0100

Fortunately, the Linux kernel can be built with software emulation of
these hardware requests, by enabling the following config variable:

  CONFIG_RTC_INTF_DEV_UIE_EMUL
    Provides an emulation for RTC_UIE if the underlying rtc chip
    driver does not expose RTC_UIE ioctls. Those requests generate
    once-per-second update interrupts, used for synchronization.

    The emulation code will read the time from the hardware
    clock several times per second, please enable this option
    only if you know that you really need it.

This commit records these facts for the benefit of the user.
 2020-12-15 10:41:53 +01:00
Miroslav Lichvar
e399d8dd1f doc: fix ntsntpserver reference in chrony.conf man page 
Fix the name of ntsntpserver directive in ntsrotate description.

Reported-By: Phil Roberts <phil@robertskeys.net>
 2020-11-26 15:09:38 +01:00
122 changed files with 2485 additions and 867 deletions
Expand all files Collapse all files

24
NEWS
View File

@@ -1,3 +1,27 @@
New in version 4.1
==================
Enhancements
------------
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter
* Restart ongoing name resolution on online command
Bug fixes
---------
* Fix responding to IPv4 command requests on FreeBSD
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE server
New in version 4.0
==================

7
README
View File

@@ -91,7 +91,7 @@ Acknowledgements
In writing the chronyd program, extensive use has been made of the NTPv3 (RFC
1305) and NTPv4 (RFC 5905) specification. The source code of the xntpd/ntpd
implementation written by Dennis Fergusson, Lars Mathiesen, David Mills, and
others, has been used to check the details of the protocol.
others has been used to check the details of the protocol.
The following people have provided patches and other major contributions
to chrony:
@@ -108,6 +108,7 @@ Erik Bryer <ebryer@spots.ab.ca>
Jonathan Cameron <jic23@cam.ac.uk>
Bryan Christianson <bryan@whatroute.net>
Juliusz Chroboczek <jch@pps.jussieu.fr>
Kamil Dudka <kdudka@redhat.com>
Christian Ehrhardt <christian.ehrhardt@canonical.com>
Paul Elliott <pelliott@io.com>
Robert Fairley <rfairley@redhat.com>
@@ -124,6 +125,7 @@ Jachym Holecek <jakym@volny.cz>
Håkan Johansson <f96hajo@chalmers.se>
Jim Knoble <jmknoble@pobox.com>
Antti Jrvinen <costello@iki.fi>
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Eric Lammerts <eric@lammerts.org>
Stefan Lucke <stefan@lucke.in-berlin.de>
Victor Lum <viclum@vanu.com>
@@ -137,6 +139,8 @@ Denny Page <dennypage@me.com>
Chris Perl <cperl@janestreet.com>
Gautier PHILIPPON <gautier.philippon@ensimag.grenoble-inp.fr>
Andreas Piesk <apiesk@virbus.de>
Baruch Siach <baruch@tkos.co.il>
Foster Snowhill <forst@forstwoof.ru>
Andreas Steinmetz <ast@domdv.de>
NAKAMURA Takumi <takumi@ps.sakura.ne.jp>
Timo Teras <timo.teras@iki.fi>
@@ -148,6 +152,7 @@ Bernhard M. Wiedemann <bwiedemann@suse.de>
Joachim Wiedorn <ad_debian@joonet.de>
Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
Ulrich Windl <ulrich.windl@rz.uni-regensburg.de>
Michael Witten <mfwitten@gmail.com>
Doug Woodward <dougw@whistler.com>
Thomas Zajic <zlatko@zlatko.fdns.net>

12
candm.h
View File

@@ -108,7 +108,8 @@
#define REQ_CLIENT_ACCESSES_BY_INDEX3 68
#define REQ_SELECT_DATA 69
#define REQ_RELOAD_SOURCES 70
#define N_REQUEST_TYPES 71
#define REQ_DOFFSET2 71
#define N_REQUEST_TYPES 72
/* Structure used to exchange timespecs independent of time_t size */
typedef struct {
@@ -268,6 +269,7 @@ typedef struct {
#define REQ_ADDSRC_INTERLEAVED 0x80
#define REQ_ADDSRC_BURST 0x100
#define REQ_ADDSRC_NTS 0x200
#define REQ_ADDSRC_COPY 0x400
typedef struct {
uint32_t type;
@@ -292,7 +294,8 @@ typedef struct {
Float offset;
uint32_t flags;
int32_t filter_length;
uint32_t reserved[3];
uint32_t cert_set;
uint32_t reserved[2];
int32_t EOR;
} REQ_NTP_Source;
@@ -307,8 +310,7 @@ typedef struct {
} REQ_Dfreq;
typedef struct {
int32_t sec;
int32_t usec;
Float doffset;
int32_t EOR;
} REQ_Doffset;
@@ -403,7 +405,7 @@ typedef struct {
domain socket.
Version 6 (no authentication) : changed format of client accesses by index
(using new request/reply types) and manual timestamp, added new fields and
(two times), delta offset, and manual timestamp, added new fields and
flags to NTP source request and report, made length of manual list constant,
added new commands: authdata, ntpdata, onoffline, refresh, reset,
selectdata, serverstats, shutdown, sourcename

43
client.c
View File

@@ -61,7 +61,7 @@ static ARR_Instance server_addresses;
static int sock_fd = -1;
static int quit = 0;
static volatile int quit = 0;
static int on_terminal = 0;
@@ -987,35 +987,38 @@ process_cmd_cmdaccheck(CMD_Request *msg, char *line)
/* ================================================== */
static void
static int
process_cmd_dfreq(CMD_Request *msg, char *line)
{
double dfreq;
msg->command = htons(REQ_DFREQ);
if (sscanf(line, "%lf", &dfreq) == 1) {
msg->data.dfreq.dfreq = UTI_FloatHostToNetwork(dfreq);
} else {
msg->data.dfreq.dfreq = UTI_FloatHostToNetwork(0.0);
if (sscanf(line, "%lf", &dfreq) != 1) {
LOG(LOGS_ERR, "Invalid value");
return 0;
}
msg->data.dfreq.dfreq = UTI_FloatHostToNetwork(dfreq);
return 1;
}
/* ================================================== */
static void
static int
process_cmd_doffset(CMD_Request *msg, char *line)
{
struct timeval tv;
double doffset;
msg->command = htons(REQ_DOFFSET);
if (sscanf(line, "%lf", &doffset) == 1) {
UTI_DoubleToTimeval(doffset, &tv);
msg->data.doffset.sec = htonl(tv.tv_sec);
msg->data.doffset.usec = htonl(tv.tv_usec);
} else {
msg->data.doffset.sec = htonl(0);
msg->data.doffset.usec = htonl(0);
msg->command = htons(REQ_DOFFSET2);
if (sscanf(line, "%lf", &doffset) != 1) {
LOG(LOGS_ERR, "Invalid value");
return 0;
}
msg->data.doffset.doffset = UTI_FloatHostToNetwork(doffset);
return 1;
}
/* ================================================== */
@@ -1095,11 +1098,13 @@ process_cmd_add_source(CMD_Request *msg, char *line)
(data.params.interleaved ? REQ_ADDSRC_INTERLEAVED : 0) |
(data.params.burst ? REQ_ADDSRC_BURST : 0) |
(data.params.nts ? REQ_ADDSRC_NTS : 0) |
(data.params.copy ? REQ_ADDSRC_COPY : 0) |
(data.params.sel_options & SRC_SELECT_PREFER ? REQ_ADDSRC_PREFER : 0) |
(data.params.sel_options & SRC_SELECT_NOSELECT ? REQ_ADDSRC_NOSELECT : 0) |
(data.params.sel_options & SRC_SELECT_TRUST ? REQ_ADDSRC_TRUST : 0) |
(data.params.sel_options & SRC_SELECT_REQUIRE ? REQ_ADDSRC_REQUIRE : 0));
msg->data.ntp_source.filter_length = htonl(data.params.filter_length);
msg->data.ntp_source.cert_set = htonl(data.params.cert_set);
memset(msg->data.ntp_source.reserved, 0, sizeof (msg->data.ntp_source.reserved));
result = 1;
@@ -2086,7 +2091,7 @@ process_cmd_sourcename(char *line)
IPAddr ip_addr;
char name[256];
if (!UTI_StringToIP(line, &ip_addr)) {
if (!parse_source_address(line, &ip_addr)) {
LOG(LOGS_ERR, "Could not read address");
return 0;
}
@@ -3266,12 +3271,12 @@ process_line(char *line)
do_normal_submit = process_cmd_deny(&tx_message, line);
}
} else if (!strcmp(command, "dfreq")) {
process_cmd_dfreq(&tx_message, line);
do_normal_submit = process_cmd_dfreq(&tx_message, line);
} else if (!strcmp(command, "dns")) {
ret = process_cmd_dns(line);
do_normal_submit = 0;
} else if (!strcmp(command, "doffset")) {
process_cmd_doffset(&tx_message, line);
do_normal_submit = process_cmd_doffset(&tx_message, line);
} else if (!strcmp(command, "dump")) {
process_cmd_dump(&tx_message, line);
} else if (!strcmp(command, "exit")) {

32
cmdmon.c
View File

@@ -62,6 +62,9 @@ static int sock_fdu;
static int sock_fd4;
static int sock_fd6;
/* Flag indicating the IPv4 socket is bound to an address */
static int bound_sock_fd4;
/* Flag indicating whether this module has been initialised or not */
static int initialised = 0;
@@ -140,6 +143,7 @@ static const char permissions[] = {
PERMIT_AUTH, /* CLIENT_ACCESSES_BY_INDEX3 */
PERMIT_AUTH, /* SELECT_DATA */
PERMIT_AUTH, /* RELOAD_SOURCES */
PERMIT_AUTH, /* DOFFSET2 */
};
/* ================================================== */
@@ -179,6 +183,9 @@ open_socket(int family)
return INVALID_SOCK_FD;
}
if (family == IPADDR_INET4)
bound_sock_fd4 = local_addr.ip_addr.addr.in4 != INADDR_ANY;
break;
case IPADDR_UNSPEC:
local_path = CNF_GetBindCommandPath();
@@ -244,6 +251,8 @@ CAM_Initialise(void)
initialised = 1;
bound_sock_fd4 = 0;
sock_fdu = INVALID_SOCK_FD;
sock_fd4 = open_socket(IPADDR_INET4);
sock_fd6 = open_socket(IPADDR_INET6);
@@ -310,6 +319,12 @@ transmit_reply(int sock_fd, int request_length, SCK_Message *message)
!SCK_IsLinkLocalIPAddress(&message->remote_addr.ip.ip_addr))
message->if_index = INVALID_IF_INDEX;
#if !defined(HAVE_IN_PKTINFO) && defined(IP_SENDSRCADDR)
/* On FreeBSD a local IPv4 address cannot be specified on bound socket */
if (message->local_addr.ip.family == IPADDR_INET4 && (sock_fd != sock_fd4 || bound_sock_fd4))
message->local_addr.ip.family = IPADDR_UNSPEC;
#endif
if (!SCK_SendMessage(sock_fd, message, 0))
return;
}
@@ -735,6 +750,7 @@ handle_add_source(CMD_Request *rx_message, CMD_Reply *tx_message)
params.filter_length = ntohl(rx_message->data.ntp_source.filter_length);
params.authkey = ntohl(rx_message->data.ntp_source.authkey);
params.nts_port = ntohl(rx_message->data.ntp_source.nts_port);
params.cert_set = ntohl(rx_message->data.ntp_source.cert_set);
params.max_delay = UTI_FloatNetworkToHost(rx_message->data.ntp_source.max_delay);
params.max_delay_ratio =
UTI_FloatNetworkToHost(rx_message->data.ntp_source.max_delay_ratio);
@@ -751,6 +767,7 @@ handle_add_source(CMD_Request *rx_message, CMD_Reply *tx_message)
params.interleaved = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_INTERLEAVED ? 1 : 0;
params.burst = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_BURST ? 1 : 0;
params.nts = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_NTS ? 1 : 0;
params.copy = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_COPY ? 1 : 0;
params.sel_options =
(ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_PREFER ? SRC_SELECT_PREFER : 0) |
(ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_NOSELECT ? SRC_SELECT_NOSELECT : 0) |
@@ -841,13 +858,14 @@ handle_dfreq(CMD_Request *rx_message, CMD_Reply *tx_message)
static void
handle_doffset(CMD_Request *rx_message, CMD_Reply *tx_message)
{
long sec, usec;
double doffset;
sec = (int32_t)ntohl(rx_message->data.doffset.sec);
usec = (int32_t)ntohl(rx_message->data.doffset.usec);
doffset = (double) sec + 1.0e-6 * (double) usec;
LOG(LOGS_INFO, "Accumulated delta offset of %.6f seconds", doffset);
LCL_AccumulateOffset(doffset, 0.0);
doffset = UTI_FloatNetworkToHost(rx_message->data.doffset.doffset);
if (!LCL_AccumulateOffset(doffset, 0.0)) {
tx_message->status = htons(STT_FAILED);
} else {
LOG(LOGS_INFO, "Accumulated delta offset of %.6f seconds", doffset);
}
}
/* ================================================== */
@@ -1622,7 +1640,7 @@ read_from_cmd_socket(int sock_fd, int event, void *anything)
handle_dfreq(&rx_message, &tx_message);
break;
case REQ_DOFFSET:
case REQ_DOFFSET2:
handle_doffset(&rx_message, &tx_message);
break;

7
cmdparse.c
View File

@@ -64,7 +64,9 @@ CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src)
src->params.sel_options = 0;
src->params.nts = 0;
src->params.nts_port = SRC_DEFAULT_NTSPORT;
src->params.copy = 0;
src->params.authkey = INACTIVE_AUTHKEY;
src->params.cert_set = SRC_DEFAULT_CERTSET;
src->params.max_delay = SRC_DEFAULT_MAXDELAY;
src->params.max_delay_ratio = SRC_DEFAULT_MAXDELAYRATIO;
src->params.max_delay_dev_ratio = SRC_DEFAULT_MAXDELAYDEVRATIO;
@@ -90,6 +92,8 @@ CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src)
src->params.auto_offline = 1;
} else if (!strcasecmp(cmd, "burst")) {
src->params.burst = 1;
} else if (!strcasecmp(cmd, "copy")) {
src->params.copy = 1;
} else if (!strcasecmp(cmd, "iburst")) {
src->params.iburst = 1;
} else if (!strcasecmp(cmd, "offline")) {
@@ -102,6 +106,9 @@ CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src)
src->params.sel_options |= SRC_SELECT_REQUIRE;
} else if (!strcasecmp(cmd, "trust")) {
src->params.sel_options |= SRC_SELECT_TRUST;
} else if (!strcasecmp(cmd, "certset")) {
if (sscanf(line, "%"SCNu32"%n", &src->params.cert_set, &n) != 1)
return 0;
} else if (!strcasecmp(cmd, "key")) {
if (sscanf(line, "%"SCNu32"%n", &src->params.authkey, &n) != 1 ||
src->params.authkey == INACTIVE_AUTHKEY)

104
conf.c
View File

@@ -76,6 +76,8 @@ static void parse_log(char *);
static void parse_mailonchange(char *);
static void parse_makestep(char *);
static void parse_maxchange(char *);
static void parse_ntsserver(char *, ARR_Instance files);
static void parse_ntstrustedcerts(char *);
static void parse_ratelimit(char *line, int *enabled, int *interval,
int *burst, int *leak);
static void parse_refclock(char *);
@@ -252,14 +254,15 @@ static char *user;
/* NTS server and client configuration */
static char *nts_dump_dir = NULL;
static char *nts_ntp_server = NULL;
static char *nts_server_cert_file = NULL;
static char *nts_server_key_file = NULL;
static ARR_Instance nts_server_cert_files; /* array of (char *) */
static ARR_Instance nts_server_key_files; /* array of (char *) */
static int nts_server_port = NKE_PORT;
static int nts_server_processes = 1;
static int nts_server_connections = 100;
static int nts_refresh = 2419200; /* 4 weeks */
static int nts_rotate = 604800; /* 1 week */
static char *nts_trusted_cert_file = NULL;
static ARR_Instance nts_trusted_certs_paths; /* array of (char *) */
static ARR_Instance nts_trusted_certs_ids; /* array of uint32_t */
/* Number of clock updates needed to enable certificate time checks */
static int no_cert_time_check = 0;
@@ -388,6 +391,11 @@ CNF_Initialise(int r, int client_only)
ntp_restrictions = ARR_CreateInstance(sizeof (AllowDeny));
cmd_restrictions = ARR_CreateInstance(sizeof (AllowDeny));
nts_server_cert_files = ARR_CreateInstance(sizeof (char *));
nts_server_key_files = ARR_CreateInstance(sizeof (char *));
nts_trusted_certs_paths = ARR_CreateInstance(sizeof (char *));
nts_trusted_certs_ids = ARR_CreateInstance(sizeof (uint32_t));
rtc_device = Strdup(DEFAULT_RTC_DEVICE);
hwclock_file = Strdup(DEFAULT_HWCLOCK_FILE);
user = Strdup(DEFAULT_USER);
@@ -426,6 +434,12 @@ CNF_Finalise(void)
Free(((RefclockParameters *)ARR_GetElement(refclock_sources, i))->driver_name);
Free(((RefclockParameters *)ARR_GetElement(refclock_sources, i))->driver_parameter);
}
for (i = 0; i < ARR_GetSize(nts_server_cert_files); i++)
Free(*(char **)ARR_GetElement(nts_server_cert_files, i));
for (i = 0; i < ARR_GetSize(nts_server_key_files); i++)
Free(*(char **)ARR_GetElement(nts_server_key_files, i));
for (i = 0; i < ARR_GetSize(nts_trusted_certs_paths); i++)
Free(*(char **)ARR_GetElement(nts_trusted_certs_paths, i));
ARR_DestroyInstance(init_sources);
ARR_DestroyInstance(ntp_sources);
@@ -437,6 +451,11 @@ CNF_Finalise(void)
ARR_DestroyInstance(ntp_restrictions);
ARR_DestroyInstance(cmd_restrictions);
ARR_DestroyInstance(nts_server_cert_files);
ARR_DestroyInstance(nts_server_key_files);
ARR_DestroyInstance(nts_trusted_certs_paths);
ARR_DestroyInstance(nts_trusted_certs_ids);
Free(drift_file);
Free(dumpdir);
Free(hwclock_file);
@@ -457,9 +476,6 @@ CNF_Finalise(void)
Free(tempcomp_point_file);
Free(nts_dump_dir);
Free(nts_ntp_server);
Free(nts_server_cert_file);
Free(nts_server_key_file);
Free(nts_trusted_cert_file);
}
/* ================================================== */
@@ -643,8 +659,6 @@ CNF_ParseLine(const char *filename, int number, char *line)
} else if (!strcasecmp(command, "ntsratelimit")) {
parse_ratelimit(p, &nts_ratelimit_enabled, &nts_ratelimit_interval,
&nts_ratelimit_burst, &nts_ratelimit_leak);
} else if (!strcasecmp(command, "ntstrustedcerts")) {
parse_string(p, &nts_trusted_cert_file);
} else if (!strcasecmp(command, "ntscachedir") ||
!strcasecmp(command, "ntsdumpdir")) {
parse_string(p, &nts_dump_dir);
@@ -659,9 +673,11 @@ CNF_ParseLine(const char *filename, int number, char *line)
} else if (!strcasecmp(command, "ntsrotate")) {
parse_int(p, &nts_rotate);
} else if (!strcasecmp(command, "ntsservercert")) {
parse_string(p, &nts_server_cert_file);
parse_ntsserver(p, nts_server_cert_files);
} else if (!strcasecmp(command, "ntsserverkey")) {
parse_string(p, &nts_server_key_file);
parse_ntsserver(p, nts_server_key_files);
} else if (!strcasecmp(command, "ntstrustedcerts")) {
parse_ntstrustedcerts(p);
} else if (!strcasecmp(command, "peer")) {
parse_source(p, command, 1);
} else if (!strcasecmp(command, "pidfile")) {
@@ -1158,6 +1174,41 @@ parse_mailonchange(char *line)
/* ================================================== */
static void
parse_ntsserver(char *line, ARR_Instance files)
{
char *file = NULL;
parse_string(line, &file);
ARR_AppendElement(files, &file);
}
/* ================================================== */
static void
parse_ntstrustedcerts(char *line)
{
uint32_t id;
char *path;
if (get_number_of_args(line) == 2) {
path = CPS_SplitWord(line);
if (sscanf(line, "%"SCNu32, &id) != 1)
command_parse_error();
} else {
check_number_of_args(line, 1);
path = line;
id = 0;
}
path = Strdup(path);
ARR_AppendElement(nts_trusted_certs_paths, &path);
ARR_AppendElement(nts_trusted_certs_ids, &id);
}
/* ================================================== */
static void
parse_allow_deny(char *line, ARR_Instance restrictions, int allow)
{
@@ -1643,8 +1694,9 @@ load_source_file(const char *filename)
return;
while (fgets(line, sizeof (line), f)) {
if (strlen(line) >= MAX_LINE_LENGTH)
continue;
/* Require lines to be terminated */
if (line[0] == '\0' || line[strlen(line) - 1] != '\n')
break;
CPS_NormalizeLine(line);
if (line[0] == '\0')
@@ -2515,18 +2567,16 @@ CNF_GetNtsNtpServer(void)
/* ================================================== */
char *
CNF_GetNtsServerCertFile(void)
int
CNF_GetNtsServerCertAndKeyFiles(const char ***certs, const char ***keys)
{
return nts_server_cert_file;
}
*certs = ARR_GetElements(nts_server_cert_files);
*keys = ARR_GetElements(nts_server_key_files);
/* ================================================== */
if (ARR_GetSize(nts_server_cert_files) != ARR_GetSize(nts_server_key_files))
LOG_FATAL("Uneven number of NTS certs and keys");
char *
CNF_GetNtsServerKeyFile(void)
{
return nts_server_key_file;
return ARR_GetSize(nts_server_cert_files);
}
/* ================================================== */
@@ -2571,10 +2621,16 @@ CNF_GetNtsRotate(void)
/* ================================================== */
char *
CNF_GetNtsTrustedCertFile(void)
int
CNF_GetNtsTrustedCertsPaths(const char ***paths, uint32_t **ids)
{
return nts_trusted_cert_file;
*paths = ARR_GetElements(nts_trusted_certs_paths);
*ids = ARR_GetElements(nts_trusted_certs_ids);
if (ARR_GetSize(nts_trusted_certs_paths) != ARR_GetSize(nts_trusted_certs_ids))
assert(0);
return ARR_GetSize(nts_trusted_certs_paths);
}
/* ================================================== */

5
conf.h
View File

@@ -153,14 +153,13 @@ extern int CNF_GetHwTsInterface(unsigned int index, CNF_HwTsInterface **iface);
extern char *CNF_GetNtsDumpDir(void);
extern char *CNF_GetNtsNtpServer(void);
extern char *CNF_GetNtsServerCertFile(void);
extern char *CNF_GetNtsServerKeyFile(void);
extern int CNF_GetNtsServerCertAndKeyFiles(const char ***certs, const char ***keys);
extern int CNF_GetNtsServerPort(void);
extern int CNF_GetNtsServerProcesses(void);
extern int CNF_GetNtsServerConnections(void);
extern int CNF_GetNtsRefresh(void);
extern int CNF_GetNtsRotate(void);
extern char *CNF_GetNtsTrustedCertFile(void);
extern int CNF_GetNtsTrustedCertsPaths(const char ***paths, uint32_t **ids);
extern int CNF_GetNoSystemCert(void);
extern int CNF_GetNoCertTimeCheck(void);

31
configure vendored
View File

@@ -33,13 +33,13 @@ test_code () {
echo "int main(int argc, char **argv) {"
echo "$code"
echo "return 0; }"
) > docheck.c
) > conftest.c
echo "docheck.c:" >> config.log
cat docheck.c >> config.log
echo $MYCC $MYCFLAGS $MYCPPFLAGS $cflags -o docheck docheck.c $ldflags \
echo "conftest.c:" >> config.log
cat conftest.c >> config.log
echo $MYCC $MYCFLAGS $MYCPPFLAGS $cflags -o conftest conftest.c $ldflags \
$MYLDFLAGS >> config.log
$MYCC $MYCFLAGS $MYCPPFLAGS $cflags -o docheck docheck.c $ldflags \
$MYCC $MYCFLAGS $MYCPPFLAGS $cflags -o conftest conftest.c $ldflags \
$MYLDFLAGS >> config.log 2>&1
if [ $? -eq 0 ]
@@ -50,7 +50,7 @@ test_code () {
echo "No"
result=1
fi
rm -f docheck.c docheck
rm -f conftest.c conftest
echo >> config.log
return $result
}
@@ -655,6 +655,20 @@ then
fi
fi
if ! test_code 'O_NOFOLLOW flag' 'sys/types.h sys/stat.h fcntl.h' '' "$LIBS" \
'return open("/dev/null", O_NOFOLLOW);'
then
if test_code 'O_NOFOLLOW flag with _GNU_SOURCE' 'sys/types.h sys/stat.h fcntl.h' \
'-D_GNU_SOURCE' "$LIBS" \
'return open("/dev/null", O_NOFOLLOW);'
then
add_def _GNU_SOURCE
else
echo "error: open() does not support O_NOFOLLOW flag"
exit 1
fi
fi
if [ $try_clock_gettime = "1" ]; then
if test_code 'clock_gettime()' 'time.h' '' '' \
'clock_gettime(CLOCK_REALTIME, NULL);'
@@ -670,10 +684,11 @@ if [ $try_clock_gettime = "1" ]; then
fi
fi
if test_code 'getaddrinfo()' 'sys/types.h sys/socket.h netdb.h' '' "$LIBS" \
if ! test_code 'getaddrinfo()' 'sys/types.h sys/socket.h netdb.h' '' "$LIBS" \
'return getaddrinfo(0, 0, 0, 0);'
then
add_def HAVE_GETADDRINFO
echo "error: getaddrinfo() not found"
exit 1
fi
if [ $feat_asyncdns = "1" ] && \

304
doc/chrony.conf.adoc
View File

@@ -116,6 +116,12 @@ mechanism. Unlike with the *key* option, the server and client do not need to
share a key in a key file. NTS has a Key Establishment (NTS-KE) protocol using
the Transport Layer Security (TLS) protocol to get the keys and cookies
required by NTS for authentication of NTP packets.
*certset* _ID_:::
This option specifies which set of trusted certificates should be used to verify
the server's certificate when the *nts* option is enabled. Sets of certificates
can be specified with the <<ntstrustedcerts,*ntstrustedcerts*>> directive. The
default set is 0, which by default contains certificates of the system's
default trusted certificate authorities.
*maxdelay* _delay_:::
*chronyd* uses the network round-trip delay to the server to determine how
accurate a particular measurement is likely to be. Long round-trip delays
@@ -125,9 +131,9 @@ of the messages was delayed the measurement error is likely to be substantial.
For small variations in the round-trip delay, *chronyd* uses a weighting scheme
when processing the measurements. However, beyond a certain level of delay the
measurements are likely to be so corrupted as to be useless. (This is
particularly so on dial-up or other slow links, where a long delay probably
indicates a highly asymmetric delay caused by the response waiting behind a lot
of packets related to a download of some sort).
particularly so on wireless networks and other slow links, where a long delay
probably indicates a highly asymmetric delay caused by the response waiting
behind a lot of packets related to a download of some sort).
+
If the user knows that round trip delays above a certain level should cause the
measurement to be ignored, this level can be defined with the *maxdelay*
@@ -138,7 +144,7 @@ round-trip delay of 0.3 seconds or more should be ignored. The default value is
This option is similar to the *maxdelay* option above. *chronyd* keeps a record
of the minimum round-trip delay amongst the previous measurements that it has
buffered. If a measurement has a round trip delay that is greater than the
maxdelayratio times the minimum delay, it will be rejected.
specified ratio times the minimum delay, it will be rejected.
*maxdelaydevratio* _ratio_:::
If a measurement has a ratio of the increase in the round-trip delay from the
minimum delay amongst the previous measurements to the standard deviation of
@@ -261,7 +267,7 @@ will send two extra packets instead of one.
When the synchronisation source is selected from available sources, sources
with lower stratum are normally slightly preferred. This option can be used to
increase stratum of the source to the specified minimum, so *chronyd* will
avoid selecting that source. This is useful with low stratum sources that are
avoid selecting that source. This is useful with low-stratum sources that are
known to be unreliable or inaccurate and which should be used only when other
sources are unreachable.
*version* _version_:::
@@ -272,6 +278,15 @@ specified by the *key* option and which authentication hash function the key
is using. If the output size of the hash function is longer than 160 bits, the
default version is 3 for compatibility with older *chronyd* servers. Otherwise,
the default version is 4.
*copy*:::
This option specifies that the server and client are closely related, their
configuration does not allow a synchronisation loop to form between them, and
the client is allowed to assume the reference ID and stratum of the server.
This is useful when multiple instances of `chronyd` are running on one computer
(e.g. for security or performance reasons), one primarily operating as a client
to synchronise the system clock and other instances started with the *-x*
option to operate as NTP servers for other computers with their NTP clocks
synchronised to the first instance.
[[pool]]*pool* _name_ [_option_]...::
The syntax of this directive is similar to that for the <<server,*server*>>
@@ -314,7 +329,7 @@ address of this host. *chronyd* does not support ephemeral associations.
This directive can be used multiple times to specify multiple peers.
+
The following options of the *server* directive do not work in the *peer*
directive: *iburst*, *burst*, *nts*, *presend*.
directive: *iburst*, *burst*, *nts*, *presend*, *copy*.
+
When using the *xleave* option, both peers must support and have enabled the
interleaved mode, otherwise the synchronisation will work in one direction
@@ -341,19 +356,8 @@ recommended to use two separate client/server associations (specified by the
<<server,*server*>> directive on both hosts) instead.
[[initstepslew]]*initstepslew* _step-threshold_ [_hostname_]...::
In normal operation, *chronyd* slews the time when it needs to adjust the
system clock. For example, to correct a system clock which is 1 second slow,
*chronyd* slightly increases the amount by which the system clock is advanced
on each clock interrupt, until the error is removed. Note that at no time does
time run backwards with this method.
+
On most Unix systems it is not desirable to step the system clock, because many
programs rely on time advancing monotonically forwards.
+
When the *chronyd* daemon is initially started, it is possible that the system
clock is considerably in error. Attempting to correct such an error by slewing
might not be sensible, since it might take several hours to correct the error by
this means.
(This directive is deprecated in favour of the <<makestep,*makestep*>>
directive.)
+
The purpose of the *initstepslew* directive is to allow *chronyd* to make a
rapid measurement of the system clock error at boot time, and to correct the
@@ -374,29 +378,30 @@ error. *chronyd* then enters its normal operating mode.
An example of the use of the directive is:
+
----
initstepslew 30 foo.example.net bar.example.net
initstepslew 30 foo.example.net bar.example.net baz.example.net
----
+
where 2 NTP servers are used to make the measurement. The _30_ indicates that
where 3 NTP servers are used to make the measurement. The _30_ indicates that
if the system's error is found to be 30 seconds or less, a slew will be used to
correct it; if the error is above 30 seconds, a step will be used.
+
The *initstepslew* directive can also be used in an isolated LAN environment,
where the clocks are set manually. The most stable computer is chosen as the
master, and the other computers are slaved to it. If each of the slaves is
configured with the <<local,*local*>> directive, the master can be set up with
an *initstepslew* directive which references some or all of the slaves. Then,
if the master machine has to be rebooted, the slaves can be relied on to act
analogously to a flywheel and preserve the time for a short period while the
master completes its reboot.
primary server and the other computers are its clients. If each of the clients
is configured with the <<local,*local*>> directive, the server can be set up
with an *initstepslew* directive which references some or all of the clients.
Then, if the server machine has to be rebooted, the clients can be relied on to
act analogously to a flywheel and preserve the time for a short period while
the server completes its reboot.
+
The *initstepslew* directive is functionally similar to a combination of the
<<makestep,*makestep*>> and <<server,*server*>> directives with the *iburst*
option. The main difference is that the *initstepslew* servers are used only
before normal operation begins and that the foreground *chronyd* process waits
for *initstepslew* to finish before exiting. This is useful to prevent programs
started in the boot sequence after *chronyd* from reading the clock before it
has been stepped.
for *initstepslew* to finish before exiting. This prevent programs started in
the boot sequence after *chronyd* from reading the clock before it has been
stepped. With the *makestep* directive, the
<<chronyc.adoc#waitsync,*waitsync*>> command of *chronyc* can be used instead.
[[refclock]]*refclock* _driver_ _parameter_[:__option__]... [_option_]...::
The *refclock* directive specifies a hardware reference clock to be used as a
@@ -694,6 +699,10 @@ or the <<chronyc.adoc#dump,*dump*>> command in *chronyc* is issued.
+
If the directory does not exist, it will be created automatically.
+
The *-r* option of *chronyd* enables loading of the dump files on start. All
dump files found in the directory will be removed after start, even if the *-r*
option is not present.
+
An example of the directive is:
+
----
@@ -748,25 +757,49 @@ This directory is used also by the <<ntsdumpdir2,NTS server>> to save keys.
[[ntsrefresh]]*ntsrefresh* _interval_::
This directive specifies the maximum interval between NTS-KE handshakes (in
seconds) in order to refresh the keys authenticating NTP packets. The default
value is 2419200 (4 weeks).
value is 2419200 (4 weeks) and the maximum value is 2^31-1 (68 years).
[[ntstrustedcerts]]*ntstrustedcerts* _file_::
This directive specifies a file containing certificates (in the PEM format) of
trusted certificate authorities (CA) that should be used to verify certificates
of NTS servers in addition to the system's default trusted CAs (if the
*nosystemcert* directive is not present).
[[ntstrustedcerts]]*ntstrustedcerts* [_set-ID_] _file_|_directory_::
This directive specifies a file or directory containing certificates (in the
PEM format) of trusted certificate authorities (CA) which can be used to
verify certificates of NTS servers.
+
The optional _set-ID_ argument is a number in the range 0 through 2^32-1, which
selects the set of certificates where certificates from the specified file
or directory are added. The default ID is 0, which is a set containing the
system's default trusted CAs (unless the *nosystemcert* directive is present).
All other sets are empty by default. A set of certificates can be selected for
verification of an NTS server by the *certset* option in the *server* or *pool*
directive.
+
This directive can be used multiple times to specify one or more sets of
trusted certificates, each containing certificates from one or more files
and/or directories.
+
It is not necessary to restart *chronyd* in order to reload the certificates if
they change (e.g. after a renewal).
+
An example is:
+
----
ntstrustedcerts /etc/pki/nts/foo.crt
ntstrustedcerts 1 /etc/pki/nts/bar.crt
ntstrustedcerts 1 /etc/pki/nts/baz.crt
ntstrustedcerts 2 /etc/pki/nts/qux.crt
----
[[nosystemcert]]*nosystemcert*::
This directive disables the system's default trusted CAs.
This directive disables the system's default trusted CAs. Only certificates
specified by the *ntstrustedcerts* directive will be trusted.
[[nocerttimecheck]]*nocerttimecheck* _limit_::
This directive disables the checks of the activation and expiration times of
certificates for the specified number of clock updates. It allows the NTS
authentication mechanism to be used on computers which start with wrong time
(e.g. due to not having an RTC or backup battery). Disabling the time checks
has important security implications, e.g. if an NTP server was ever
compromised, its certificate could be used in an attack after the expiration
time. The default value is 0, which means the time checks are always enabled.
has important security implications and should be used only as a last resort,
preferably with a minimal number of trusted certificates. The default value is
0, which means the time checks are always enabled.
+
An example of the directive is:
+
@@ -870,11 +903,11 @@ source combining algorithm and only the selected source will be used to control
the system clock.
[[maxdistance]]*maxdistance* _distance_::
The *maxdistance* directive sets the maximum allowed root distance of the
sources to not be rejected by the source selection algorithm. The distance
includes the accumulated dispersion, which might be large when the source is no
longer synchronised, and half of the total round-trip delay to the primary
source.
The *maxdistance* directive sets the maximum root distance of a source to be
acceptable for synchronisation of the clock. Sources that have a distance
larger than the specified distance will be rejected. The distance estimates the
maximum error of the source. It includes the root dispersion and half of the
root delay (round-trip time) accumulated on the path to the primary source.
+
By default, the maximum root distance is 3 seconds.
+
@@ -1091,10 +1124,10 @@ duration = sqrt(4 / wander)
----
[[leapsectz]]*leapsectz* _timezone_::
This directive specifies a timezone in the system tz database which *chronyd*
can use to determine when will the next leap second occur and what is the
current offset between TAI and UTC. It will periodically check if 23:59:59 and
23:59:60 are valid times in the timezone. This typically works with the
This directive specifies a timezone in the system timezone database which
*chronyd* can use to determine when will the next leap second occur and what is
the current offset between TAI and UTC. It will periodically check if 23:59:59
and 23:59:60 are valid times in the timezone. This normally works with the
_right/UTC_ timezone.
+
When a leap second is announced, the timezone needs to be updated at least 12
@@ -1131,16 +1164,17 @@ Wed Dec 31 23:59:60 UTC 2008
[[makestep]]*makestep* _threshold_ _limit_::
Normally *chronyd* will cause the system to gradually correct any time offset,
by slowing down or speeding up the clock as required. In certain situations,
the system clock might be so far adrift that this slewing process would take a
very long time to correct the system clock.
e.g. when *chronyd* is initially started, the system clock might be so far
adrift that this slewing process would take a very long time to correct the
system clock.
+
This directive forces *chronyd* to step the system clock if the adjustment is
larger than a threshold value, but only if there were no more clock updates
since *chronyd* was started than a specified limit (a negative value can be
used to disable the limit).
since *chronyd* was started than the specified limit. A negative value disables
the limit.
+
This is particularly useful when using reference clocks, because the
<<initstepslew,*initstepslew*>> directive works only with NTP sources.
On most systems it is desirable to step the system clock only on boot, before
starting programs that rely on time advancing monotonically forwards.
+
An example of the use of this directive is:
+
@@ -1202,8 +1236,8 @@ The *maxupdateskew* directive sets the threshold for determining whether an
estimate might be so unreliable that it should not be used. By default, the
threshold is 1000 ppm.
+
Typical values for _skew-in-ppm_ might be 100 for a dial-up connection to
servers over a phone line, and 5 or 10 for a computer on a LAN.
Typical values for _skew-in-ppm_ might be 100 for NTP sources polled over a
wireless network, and 10 or smaller for sources on a local wired network.
+
It should be noted that this is not the only means of protection against using
unreliable estimates. At all times, *chronyd* keeps track of both the estimated
@@ -1322,28 +1356,21 @@ Examples of the use of the directive are as follows:
+
----
allow 1.2.3.4
allow 1.2
allow 3.4.5.0/24
allow 3.4.5
allow 6.7.8/22
allow 6.7.8.9/22
allow 2001:db8::/32
allow 0/0
allow ::/0
allow
----
+
The first directive allows a node with IPv4 address _1.2.3.4_ to be an NTP
client of this computer.
The second directive allows any node with an IPv4 address of the form _1.2.x.y_
(with _x_ and _y_ arbitrary) to be an NTP client of this computer. Likewise,
the third directive allows any node with an IPv4 address of the form _3.4.5.x_
to have client NTP access. The fourth and fifth forms allow access from any
node with an IPv4 address of the form _6.7.8.x_, _6.7.9.x_, _6.7.10.x_ or
_6.7.11.x_ (with _x_ arbitrary), i.e. the value 22 is the number of bits
defining the specified subnet. In the fifth form, the final byte is ignored.
The sixth form is used for IPv6 addresses. The seventh and eighth forms allow
access by any IPv4 and IPv6 node respectively. The ninth forms allows access by
any node (IPv4 or IPv6).
The first directive allows access from an IPv4 address. The second directive
allows access from all computers in an IPv4 subnet specified in the CIDR
notation. The third directive specifies the same subnet using a simpler
notation where the prefix length is determined by the number of dots. The
fourth directive specifies an IPv6 subnet. The fifth and sixth directives allow
access from all IPv4 and IPv6 addresses respectively. The seventh directive
allows access from all addresses (both IPv4 or IPv6).
+
A second form of the directive, *allow all*, has a greater effect, depending on
the ordering of directives in the configuration file. To illustrate the effect,
@@ -1351,32 +1378,43 @@ consider the two examples:
+
----
allow 1.2.3.4
deny 1.2.3
allow 1.2
deny 1.2.3.0/24
allow 1.2.0.0/16
----
+
and
+
----
allow 1.2.3.4
deny 1.2.3
allow all 1.2
deny 1.2.3.0/24
allow all 1.2.0.0/16
----
+
In the first example, the effect is the same regardless of what order the three
directives are given in. So the _1.2.x.y_ subnet is allowed access, except for
the _1.2.3.x_ subnet, which is denied access, however the host _1.2.3.4_ is
allowed access.
directives are given in. So the _1.2.0.0/16_ subnet is allowed access, except
for the _1.2.3.0/24_ subnet, which is denied access, however the host _1.2.3.4_
is allowed access.
+
In the second example, the *allow all 1.2* directives overrides the effect of
_any_ previous directive relating to a subnet within the specified subnet.
Within a configuration file this capability is probably rather moot; however,
it is of greater use for reconfiguration at run-time via *chronyc* with the
<<chronyc.adoc#allow,*allow all*>> command.
In the second example, the *allow all 1.2.0.0/16* directive overrides the
effect of _any_ previous directive relating to a subnet within the specified
subnet. Within a configuration file this capability is probably rather moot;
however, it is of greater use for reconfiguration at run-time via *chronyc*
with the <<chronyc.adoc#allow,*allow all*>> command.
+
The directive allows a hostname to be specified instead of an IP address, but
the name must be resolvable when *chronyd* is started (i.e. *chronyd* needs
to be started when the network is already up and DNS is working).
The rules are internally represented as a tree of tables with one level per
four bits of the IPv4 or IPv6 address. The order of the *allow* and *deny*
directives matters if they modify the same records of one table, i.e. if one
subnet is included in the other subnet and their prefix lengths are at the same
level. For example, _1.2.3.0/28_ and _1.2.3.0/29_ are in different tables, but
_1.2.3.0/25_ and _1.2.3.0/28_ are in the same table. The configuration can be
verified for individual addresses with the <<chronyc.adoc#accheck,*accheck*>>
command in *chronyc*.
+
A hostname can be specified in the directives instead of the IP address, but
the name must be resolvable when *chronyd* is started, i.e. the network is
already up and DNS is working. If the hostname resolves to multiple addresses,
only the first address (in the order returned by the system resolver) will be
allowed or denied.
+
Note, if the <<initstepslew,*initstepslew*>> directive is used in the
configuration file, each of the computers listed in that directive must allow
@@ -1430,14 +1468,14 @@ This directive can be used multiple times to specify multiple addresses.
The syntax is as follows:
+
----
broadcast 30 192.168.1.255
broadcast 60 192.168.2.255 12123
broadcast 60 ff02::101
broadcast 32 192.168.1.255
broadcast 64 192.168.2.255 12123
broadcast 64 ff02::101
----
+
In the first example, the destination port defaults to UDP port 123 (the normal NTP
port). In the second example, the destination port is specified as 12123. The
first parameter in each case (30 or 60 respectively) is the interval in seconds
first parameter in each case (32 or 64 respectively) is the interval in seconds
between broadcast packets being sent. The second parameter in each case is the
broadcast address to send the packet to. This should correspond to the
broadcast address of one of the network interfaces on the computer where
@@ -1461,10 +1499,8 @@ This directive specifies the maximum amount of memory that *chronyd* is allowed
to allocate for logging of client accesses and the state that *chronyd* as an
NTP server needs to support the interleaved mode for its clients. The default
limit is 524288 bytes, which is sufficient for monitoring about four thousand
clients at the same time.
+
In older *chrony* versions if the limit was set to 0, the memory allocation was
unlimited.
clients at the same time. The maximum value is 2^32-1 (4 GB) on 32-bit systems
and 2^35 (32 GB) on 64-bit systems.
+
An example of the use of this directive is:
+
@@ -1566,11 +1602,25 @@ The port will be open only when a certificate and key is specified by the
[[ntsservercert]]*ntsservercert* _file_::
This directive specifies a file containing a certificate in the PEM format
for *chronyd* to operate as an NTS server.
for *chronyd* to operate as an NTS server. The file should also include
any intermediate certificates that the clients will need to validate the
server's certificate.
+
This directive can be used multiple times to specify multiple certificates for
different names of the server.
+
The files are loaded only once. *chronyd* needs to be restarted in order to
load a renewed certificate. The <<ntsdumpdir,*ntsdumpdir*>> and
<<dumpdir,*dumpdir*>> directives with the *-r* option of *chronyd* are
recommended for a near-seamless server operation.
[[ntsserverkey]]*ntsserverkey* _file_::
This directive specifies a file containing a private key in the PEM format
for *chronyd* to operate as an NTS server.
+
This directive can be used multiple times to specify multiple keys. The number
of keys must be the same as the number of certificates and the corresponding
files must be specified in the same order.
[[ntsprocesses]]*ntsprocesses* _processes_::
This directive specifies how many helper processes will *chronyd* operating
@@ -1581,7 +1631,9 @@ process will be started and all NTS-KE requests will be handled by the main
[[maxntsconnections]]*maxntsconnections* _connections_::
This directive specifies the maximum number of concurrent NTS-KE connections
per process that the NTS server will accept. The default value is 100.
per process that the NTS server will accept. The default value is 100. The
maximum practical value is half of the system *FD_SETSIZE* constant (usually
1024).
[[ntsdumpdir2]]*ntsdumpdir* _directory_::
This directive specifies a directory where *chronyd* operating as an NTS server
@@ -1599,7 +1651,8 @@ ntsdumpdir @CHRONYVARDIR@
This directory is used also by the <<ntsdumpdir1,NTS client>> to save NTS cookies.
[[ntsntpserver]]*ntsntpserver* _hostname_::
This directive specifies the hostname or address of the NTP server(s) which is
This directive specifies the hostname (as a fully qualified domain name) or
address of the NTP server(s) which is
provided in the NTS-KE response to the clients. It allows the NTS-KE server to
be separated from the NTP server. However, the servers need to share the keys,
i.e. external key management needs to be enabled by setting
@@ -1613,7 +1666,7 @@ _/dev/urandom_ device. The server keeps two previous keys to give the clients
time to get new cookies encrypted by the latest key. The interval is measured
as the server's operating time, i.e. the actual interval can be longer if
*chronyd* is not running continuously. The default interval is 604800 seconds
(1 week).
(1 week). The maximum value is 2^31-1 (68 years).
+
The automatic rotation of the keys can be disabled by setting *ntsrotate* to 0.
In this case the keys are assumed to be managed externally. *chronyd* will not
@@ -1622,7 +1675,7 @@ the <<chronyc.adoc#rekey,*rekey*>> command is issued in *chronyc*. The file can
be periodically copied from another server running *chronyd* (which does
not have *ntsrotate* set to 0) in order to have one or more servers dedicated
to NTS-KE. The NTS-KE servers need to be configured with the
<<ntsntpname,*ntsntpname*>> directive to point the clients to the right NTP
<<ntsntpserver,*ntsntpserver*>> directive to point the clients to the right NTP
server.
+
An example of the directive is:
@@ -2262,7 +2315,8 @@ confdir @SYSCONFDIR@/chrony.d
[[sourcedir]]*sourcedir* _directory_...::
The *sourcedir* directive is identical to the *confdir* directive, except the
configuration files have the _.sources_ suffix, they can only specify NTP
sources (i.e. use the *server*, *pool*, and *peer* directive), and can be
sources (i.e. the *server*, *pool*, and *peer* directives), they are expected
to have all lines terminated by the newline character, and they can be
reloaded by the <<chronyc.adoc#reload,*reload sources*>> command in
*chronyc*. It is particularly useful with dynamic sources like NTP servers
received from a DHCP server, which can be written to a file specific to the
@@ -2617,22 +2671,22 @@ This section shows how to configure *chronyd* for computers that never have
network connectivity to any computer which ultimately derives its time from a
reference clock.
In this situation, one computer is selected to be the master timeserver. The
other computers are either direct clients of the master, or clients of clients.
In this situation, one computer is selected to be the primary timeserver. The
other computers are either direct clients of the server, or clients of clients.
The <<local,*local*>> directive enables a local reference mode, which allows
*chronyd* to appear synchronised even when it is not.
The rate value in the master's drift file needs to be set to the average rate
at which the master gains or loses time. *chronyd* includes support for this,
The rate value in the server's drift file needs to be set to the average rate
at which the server gains or loses time. *chronyd* includes support for this,
in the form of the <<manual,*manual*>> directive and the
<<chronyc.adoc#settime,*settime*>> command in the *chronyc* program.
If the master is rebooted, *chronyd* can re-read the drift rate from the drift
file. However, the master has no accurate estimate of the current time. To get
around this, the system can be configured so that the master can initially set
If the server is rebooted, *chronyd* can re-read the drift rate from the drift
file. However, the server has no accurate estimate of the current time. To get
around this, the system can be configured so that the server can initially set
itself to a '`majority-vote`' of selected clients' times; this allows the
clients to '`flywheel`' the master while it is rebooting.
clients to '`flywheel`' the server while it is rebooting.
The <<smoothtime,*smoothtime*>> directive is useful when the clocks of the
clients need to stay close together when the local time is adjusted by the
@@ -2641,8 +2695,8 @@ activated by the <<chronyc.adoc#smoothtime,*smoothtime activate*>> command when
the local time is ready to be served. After that point, any adjustments will be
smoothed out.
A typical configuration file for the master (called _master_) might be
(assuming the clients and the master are in the _192.168.165.x_ subnet):
A typical configuration file for the server (called _ntp.local_) might be
(assuming the clients and the server are in the _192.168.165.x_ subnet):
----
initstepslew 1 client1 client3 client6
@@ -2654,11 +2708,11 @@ smoothtime 400 0.01
rtcsync
----
For the clients that have to resynchronise the master when it restarts,
For the clients that have to resynchronise the server when it restarts,
the configuration file might be:
----
server master iburst
server ntp.local iburst
driftfile @CHRONYVARDIR@/drift
allow 192.168.165.0/24
makestep 1.0 3
@@ -2668,22 +2722,22 @@ rtcsync
The rest of the clients would be the same, except that the *allow* directive is
not required.
If there is no suitable computer to be designated as the master, or there is a
requirement to keep the clients synchronised even when it fails, the *orphan*
option of the *local* directive enables a special mode where the master is
selected from multiple computers automatically. They all need to use the same
*local* configuration and poll one another. The server with the smallest
reference ID (which is based on its IP address) will take the role of the
master and others will be synchronised to it. When it fails, the server with
the second smallest reference ID will take over and so on.
If there is no suitable computer to be designated as the primary server, or
there is a requirement to keep the clients synchronised even when it fails, the
*orphan* option of the *local* directive enables a special mode where the
server is selected from multiple computers automatically. They all need to use
the same *local* configuration and poll one another. The server with the
smallest reference ID (which is based on its IP address) will take the role of
the primary server and others will be synchronised to it. When it fails, the
server with the second smallest reference ID will take over and so on.
A configuration file for the first server might be (assuming there are three
servers called _master1_, _master2_, and _master3_):
servers called _ntp1.local_, _ntp2.local_, and _ntp3.local_):
----
initstepslew 1 master2 master3
server master2
server master3
initstepslew 1 ntp2.local ntp3.local
server ntp2.local
server ntp3.local
driftfile @CHRONYVARDIR@/drift
local stratum 8 orphan
manual

23
doc/chronyc.adoc
View File

@@ -78,11 +78,10 @@ This option disables resolving of IP addresses to hostnames, e.g. to avoid slow
DNS lookups. Long addresses will not be truncated to fit into the column.
*-N*::
This option enables printing of the original names of NTP sources that were
specified in the configuration file, or *chronyc* commands, and are internally
used by *chronyd*. Without the *-n* and *-N* option, the names of NTP sources
are obtained from reverse DNS lookups and can be different from the original
names.
This option enables printing of original hostnames or IP addresses of NTP
sources that were specified in the configuration file, or *chronyc* commands.
Without the *-n* and *-N* option, the printed hostnames are obtained from
reverse DNS lookups and can be different from the specified hostnames.
*-c*::
This option enables printing of reports in a comma-separated values (CSV)
@@ -1134,11 +1133,8 @@ The effect of the allow command is identical to the
The syntax is illustrated in the following examples:
+
----
allow foo.example.net
allow all 1.2
allow 3.4.5
allow 6.7.8/22
allow 6.7.8.9/22
allow 1.2.3.4
allow all 3.4.5.0/24
allow 2001:db8:789a::/48
allow 0/0
allow ::/0
@@ -1153,11 +1149,8 @@ The effect of the allow command is identical to the
The syntax is illustrated in the following examples:
+
----
deny foo.example.net
deny all 1.2
deny 3.4.5
deny 6.7.8/22
deny 6.7.8.9/22
deny 1.2.3.4
deny all 3.4.5.0/24
deny 2001:db8:789a::/48
deny 0/0
deny ::/0

304
doc/faq.adoc
View File

@@ -49,9 +49,11 @@ website.
First, the client needs to know which NTP servers it should ask for the current
time. They are specified by the `server` or `pool` directive. The `pool`
directive can be used for names that resolve to multiple addresses. For good
reliability the client should have at least three servers. The `iburst` option
speeds up the initial synchronisation.
directive is used with names that resolve to multiple addresses of different
servers. For reliable operation, the client should have at least three servers.
The `iburst` option enables a burst of requests to speed up the initial
synchronisation.
To stabilise the initial synchronisation on the next start, the estimated drift
of the system clock is saved to a file specified by the `driftfile` directive.
@@ -67,7 +69,7 @@ next boot from the RTC, the `rtcsync` directive enables a mode in which the
system time is periodically copied to the RTC. It is supported on Linux and
macOS.
If you want to use public NTP servers from the
If you wanted to use public NTP servers from the
https://www.pool.ntp.org/[pool.ntp.org] project, the minimal _chrony.conf_ file
could be:
@@ -80,9 +82,16 @@ rtcsync
=== How do I make an NTP server?
You need to add an `allow` directive to the _chrony.conf_ file in order to open
the NTP port and allow `chronyd` to reply to client requests. `allow` with no
specified subnet allows access from all IPv4 and IPv6 addresses.
By default, `chronyd` does not operate as an NTP server. You need to add an
`allow` directive to the _chrony.conf_ file in order for `chronyd` to open the
server NTP port and respond to client requests.
----
allow 192.168.1.0/24
----
An `allow` directive with no specified subnet allows access from all IPv4 and
IPv6 addresses.
=== Should all computers on a LAN be clients of an external server?
@@ -128,21 +137,136 @@ versions or implementations of the libraries might make different system calls.
If the filter is missing some system call, `chronyd` could be killed even in
normal operation.
=== How can I make the system clock more secure?
An NTP client synchronising the system clock to an NTP server is susceptible to
various attacks, which can break applications and network protocols relying on
accuracy of the clock (e.g. DNSSEC, Kerberos, TLS, WireGuard).
Generally, a man-in-the-middle (MITM) attacker between the client and server
can
* make fake responses, or modify real responses from the server, to create an
arbitrarily large time and frequency offset, make the server appear more
accurate, insert a leap second, etc.
* delay the requests and/or responses to create a limited time offset and
temporarily also a limited frequency offset
* drop the requests or responses to prevent updates of the clock with new
measurements
* redirect the requests to a different server
The attacks can be combined for a greater effect. The attacker can delay
packets to create a significant frequency offset first and then drop all
subsequent packets to let the clock quickly drift away from the true time.
The attacker might also be able to control the server's clock.
Some attacks cannot be prevented. Monitoring is needed for detection, e.g. the
reachability register in the `sources` report shows missing packets. The extent
to which the attacker can control the client's clock depends on its
configuration.
Enable authentication to prevent `chronyd` from accepting modified, fake, or
redirected packets. It can be enabled with a symmetric key specified by the
`key` option, or Network Time Security (NTS) by the `nts` option (supported
since `chrony` version 4.0). The server needs to support the selected
authentication mechanism. Symmetric keys have to be configured on both client
and server, and each client must have its own key (one per server).
The maximum offset that the attacker can insert in an NTP measurement by
delaying packets can be limited by the `maxdelay` option. The default value is
3 seconds. The measured delay is reported as the peer delay in the `ntpdata`
report and `measurements` log. Set the `maxdelay` option to a value larger than
the maximum value that is normally observed. Note that the delay can increase
significantly even when not under an attack, e.g. when the network is congested
or the routing has changed.
The maximum accepted change in time offset between clock updates can be limited
by the `maxchange` directive. Larger changes in the offset will be ignored or
cause `chronyd` to exit. Note that the attacker can get around this limit by
splitting the offset into multiple smaller offsets and/or creating a large
frequency offset. When this directive is used, `chronyd` will have to be
restarted after a successful attack. It will not be able to recover on its own.
It must not be restarted automatically (e.g. by the service manager).
The impact of a large accepted time offset can be reduced by disabling clock
steps, i.e. by not using the `makestep` and `initstepslew` directives. The
offset will be slowly corrected by speeding up or slowing down the clock at a
rate which can be limited by the `maxslewrate` directive. Disabling clock steps
completely is practical only if the clock cannot gain a larger error on its
own, e.g. when the computer is shut down or suspended, and the `maxslewrate`
limit is large enough to correct an expected error in an acceptable time. The
`rtcfile` directive with the `-s` option can be used to compensate for the RTC
drift.
A more practical approach is to enable `makestep` for a limited number of clock
updates (the 2nd argument of the directive) and limit the offset change in all
updates by the `maxchange` directive. The attacker will be able to make only a
limited step and only if the attack starts in a short window after booting the
computer, or when `chronyd` is restarted without the `-R` option.
The frequency offset can be limited by the `maxdrift` directive. The measured
frequency offset is reported in the drift file, `tracking` report, and
`tracking` log. Set `maxdrift` to a value larger than the maximum absolute
value that is normally observed. Note that the frequency of the clock can
change due to aging of the crystal, differences in calibration of the clock
source between reboots, migrated virtual machine, etc. A typical computer clock
has a drift smaller than 100 parts per million (ppm), but much larger drifts
are possible (e.g. in some virtual machines).
Use only trusted servers, which you expect to be well configured and managed,
using authentication for their own servers, etc. Use multiple servers, ideally
in different locations. The attacker will have to deal with a majority of the
servers in order to pass the source selection and update the clock with a large
offset. Use the `minsources` directive to increase the required number of
selectable sources to make the selection more robust.
Do not specify servers as peers. The symmetric mode is less secure than the
client/server mode. If not authenticated, it is vulnerable to off-path
denial-of-service attacks, and even when it is authenticated, it is still
susceptible to replay attacks.
Mixing of authenticated and unauthenticated servers should generally be
avoided. If mixing is necessary (e.g. for a more accurate and stable
synchronisation to a closer server which does not support authentication), the
authenticated servers should be configured as trusted and required to not allow
the unauthenticated servers to override the authenticated servers in the source
selection. Since `chrony` version 4.0, the selection options are enabled in
such a case automatically. This behaviour can be disabled or modified by the
`authselmode` directive.
An example of a client configuration limiting the impact of the attacks could
be
----
server foo.example.net iburst nts maxdelay 0.1
server bar.example.net iburst nts maxdelay 0.2
server baz.example.net iburst nts maxdelay 0.05
server qux.example.net iburst nts maxdelay 0.1
server quux.example.net iburst nts maxdelay 0.1
minsources 3
maxchange 100 0 0
makestep 0.001 1
maxdrift 100
maxslewrate 100
driftfile /var/lib/chrony/drift
ntsdumpdir /var/lib/chrony
rtcsync
----
=== How can I improve the accuracy of the system clock with NTP sources?
Select NTP servers that are well synchronised, stable and close to your
network. It is better to use more than one server, three or four is usually
network. It is better to use more than one server. Three or four is usually
recommended as the minimum, so `chronyd` can detect servers that serve false
time and combine measurements from multiple sources.
If you have a network card with hardware timestamping supported on Linux, it
can be enabled by the `hwtimestamp` directive in the _chrony.conf_ file. It
should make local receive and transmit timestamps of NTP packets much more
accurate.
can be enabled by the `hwtimestamp` directive. It should make local receive and
transmit timestamps of NTP packets much more stable and accurate.
There are also useful options which can be set in the `server` directive, they
are `minpoll`, `maxpoll`, `polltarget`, `maxdelay`, `maxdelayratio`,
`maxdelaydevratio`, and `xleave`.
The `server` directive has some useful options: `minpoll`, `maxpoll`,
`polltarget`, `maxdelay`, `maxdelayratio`, `maxdelaydevratio`, `xleave`,
`filter`.
The first three options set the minimum and maximum allowed polling interval,
and how should be the actual interval adjusted in the specified range. Their
@@ -177,7 +301,7 @@ LAN could be
server ntp.local minpoll 2 maxpoll 4 polltarget 30
----
The maxdelay options are useful to ignore measurements with an unusally large
The maxdelay options are useful to ignore measurements with an unusually large
delay (e.g. due to congestion in the network) and improve the stability of the
synchronisation. The `maxdelaydevratio` option could be added to the example
with local NTP server
@@ -187,8 +311,8 @@ server ntp.local minpoll 2 maxpoll 4 polltarget 30 maxdelaydevratio 2
----
If your server supports the interleaved mode (e.g. it is running `chronyd`),
the `xleave` option should be added to the `server` directive in order to allow
the server to send the client more accurate transmit timestamps (kernel or
the `xleave` option should be added to the `server` directive to enable the
server to provide the client with more accurate transmit timestamps (kernel or
preferably hardware). For example:
----
@@ -237,7 +361,7 @@ well synchronised and responding to all requests. If not synchronised or
responding, it would take about 10 seconds for `chronyd` to give up and exit
with a non-zero status. A faster configuration is possible. A single server can
be used instead of four servers, the number of measurements can be reduced with
the `maxsamples` option to one (supported in `chrony` version 4.0), and a
the `maxsamples` option to one (supported since `chrony` version 4.0), and a
timeout can be specified with the `-t` option. The following command would take
only up to about one second.
@@ -284,18 +408,49 @@ and be unsuitable for monitoring.
=== Can NTP server be separated from NTP client?
Yes, it is possible to run multiple instances of `chronyd` on the same
computer. One can be configured as an NTP client, and another as a server. They
need to use different pidfiles, NTP ports, command ports, and Unix domain
command sockets. The server instance should be started with the `-x` option to
avoid touching the clock. It can be configured to serve the system time with
the `local` directive, or synchronise its NTP clock to the client instance
running on localhost using a non-standard NTP port.
Yes, it is possible to run multiple instances of `chronyd` on a computer at the
same time. One can operate primarily as an NTP client to synchronise the system
clock and another as a server for other computers. If they use the same
filesystem, they need to be configured with different pidfiles, Unix domain
command sockets, and any other file or directory specified in the configuration
file. If they run in the same network namespace, they need to use different NTP
and command ports, or bind the ports to different addresses or interfaces.
On Linux, starting with `chrony` version 4.0, it is also possible to run
multiple server instances sharing a port to utilise multiple cores of the CPU.
Note that the client/server interleaved mode requires that all packets from an
address are handled by the same server instance.
The server instance should be started with the `-x` option to prevent it from
adjusting the system clock and interfering with the client instance. It can be
configured as a client to synchronise its NTP clock to other servers, or the
client instance running on the same computer. In the latter case, the `copy`
option (added in `chrony` version 4.1) can be used to assume the reference ID
and stratum of the client instance, which enables detection of synchronisation
loops with its own clients.
On Linux, starting with `chrony` version 4.0, it is possible to run multiple
server instances sharing a port to better utilise multiple cores of the CPU.
Note that for rate limiting and client/server interleaved mode to work well
it is necessary that all packets received from the same address are handled by
the same server instance.
An example configuration of the client instance could be
----
pool pool.ntp.org iburst
allow 127.0.0.1
port 11123
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
----
and configuration of the first server instance could be
----
server 127.0.0.1 port 11123 minpoll 0 maxpoll 0 copy
allow
cmdport 11323
bindcmdaddress /var/run/chrony/chronyd-server1.sock
pidfile /var/run/chronyd-server1.pid
driftfile /var/lib/chrony/drift-server1
----
=== Should be a leap smear enabled on NTP server?
@@ -308,7 +463,7 @@ e.g. when the clients cannot be configured to handle the leap seconds as
needed, or their number is so large that configuring them all would be
impractical. The clients should use only one leap-smearing server, or multiple
identically configured leap-smearing servers. Note that some clients can get
leap seconds from external sources (e.g. with the `leapsectz` directive in
leap seconds from other sources (e.g. with the `leapsectz` directive in
`chrony`) and they will not work correctly with a leap smearing server.
=== Does `chrony` support PTP?
@@ -355,7 +510,6 @@ When `chronyd` is receiving responses from the servers, the output of the
this:
----
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* foo.example.net 2 6 377 34 +484us[ -157us] +/- 30ms
@@ -379,6 +533,19 @@ example:
0 sources with unknown address
----
=== Is name resolution working correctly?
NTP servers specified by their hostname (instead of an IP address) have to have
their names resolved before `chronyd` can send any requests to them. If the
`activity` command prints a non-zero number of sources with unknown address,
there is an issue with the resolution. Typically, a DNS server is specified in
_/etc/resolv.conf_. Make sure it is working correctly.
Since `chrony` version 4.0, you can run `chronyc -N sources -a` command to
print all sources, even those that do not have a known address yet, with their
names as they were specified in the configuration. This can be useful to verify
that the names specified in the configuration are used as expected.
=== Is `chronyd` allowed to step the system clock?
By default, `chronyd` adjusts the clock gradually by slowing it down or
@@ -405,6 +572,50 @@ to
makestep 1 -1
----
=== Using NTS?
The Network Time Security (NTS) mechanism uses Transport Layer Security (TLS)
to establish the keys needed for authentication of NTP packets.
Run the `authdata` command to check whether the key establishment was
successful:
----
# chronyc -N authdata
Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen
=========================================================================
foo.example.net NTS 1 15 256 33m 0 0 8 100
bar.example.net NTS 1 15 256 33m 0 0 8 100
baz.example.net NTS 1 15 256 33m 0 0 8 100
----
The KeyID, Type, and KLen columns should have non-zero values. If they are
zero, check the system log for error messages from `chronyd`. One possible
cause of failure is a firewall blocking the client's connection to the server's
TCP port 4460.
Another possible cause of failure is a certificate that is failing to verify
because the client's clock is wrong. This is a chicken-and-egg problem with NTS.
You might need to manually correct the date, or temporarily disable NTS, in
order to get NTS working. If your computer has an RTC and it is backed up by a
good battery, this operation should be needed only once, assuming the RTC will
be set periodically with the `rtcsync` directive, or compensated with the
`rtcfile` directive and the `-s` option.
If the computer does not have an RTC or battery, you can use the `-s` option
without `rtcfile` directive to restore time of the last shutdown or reboot from
the drift file. The clock will start behind the true time, but if the computer
was not shut down for too long and the server's certificate was not renewed too
close to its expiration, it should be sufficient for the time checks to
succeed.
As a last resort, you can disable the time checks by the `nocerttimecheck`
directive. This has some important security implications. To reduce the
security risk, you can use the `nosystemcert` and `ntstrustedcerts` directives
to disable the system's default trusted certificate authorities and trust only
a minimal set of selected authorities needed to validate the certificates of
used NTP servers.
=== Using a Windows NTP server?
A common issue with Windows NTP servers is that they report a very large root
@@ -556,7 +767,7 @@ more than few seconds per day.
There are two approaches how `chronyd` can work with it. One is to use the
`rtcsync` directive, which tells `chronyd` to enable a kernel mode which sets
the RTC from the system clock every 11 minutes. `chronyd` itself won't touch
the RTC from the system clock every 11 minutes. `chronyd` itself will not touch
the RTC. If the computer is not turned off for a long time, the RTC should
still be close to the true time when the system clock will be initialised from
it on the next boot.
@@ -571,12 +782,12 @@ it is not strictly necessary if its only purpose is to set the system clock when
=== Does `hwclock` have to be disabled?
The `hwclock` program is often set-up by default in the boot and shutdown
scripts with many Linux installations. With the kernel RTC synchronisation
The `hwclock` program is run by default in the boot and/or shutdown
scripts in some Linux installations. With the kernel RTC synchronisation
(`rtcsync` directive), the RTC will be set also every 11 minutes as long as the
system clock is synchronised. If you want to use ``chronyd``'s RTC monitoring
(`rtcfile` directive), it is important to disable `hwclock` in the shutdown
procedure. If you do not that, it will over-write the RTC with a new value, unknown
procedure. If you do not do that, it will overwrite the RTC with a new value, unknown
to `chronyd`. At the next reboot, `chronyd` started with the `-s` option will
compensate this (wrong) time with its estimate of how far the RTC has drifted
whilst the power was off, giving a meaningless initial system time.
@@ -597,6 +808,19 @@ things
Some other program running on the system might be using the device.
=== When I start `chronyd`, the log says `Could not enable RTC interrupt : Invalid argument` (or it may say `disable`)
Your real-time clock hardware might not support the required ioctl requests:
* `RTC_UIE_ON`
* `RTC_UIE_OFF`
A possible solution could be to build the Linux kernel with support for software
emulation instead; try enabling the following configuration option when building
the Linux kernel:
* `CONFIG_RTC_INTF_DEV_UIE_EMUL`
=== What if my computer does not have an RTC or backup battery?
In this case you can still use the `-s` option to set the system clock to the
@@ -653,11 +877,11 @@ When two computers are synchronised to each other using the client/server or
symmetric NTP mode, there is an expectation that NTP measurements between the
two computers made on both ends show an average offset close to zero.
With `chronyd` that can be expected only when the interleaved mode (`xleave`
option) is enabled. Otherwise, `chronyd` will use different transmit timestamps
(e.g. daemon timestamp vs kernel timestamp) for serving time and
synchronisation of its own clock, which creates an asymmetry in the
timestamping and causes the other end to measure a significant offset.
With `chronyd` that can be expected only when the interleaved mode is enabled
by the `xleave` option. Otherwise, `chronyd` will use different transmit
timestamps (e.g. daemon timestamp vs kernel timestamp) for serving time and
synchronisation of its own clock, which will cause the other computer to
measure a significant offset.
== Operating systems

25
local.c
View File

@@ -505,7 +505,7 @@ LCL_AccumulateDeltaFrequency(double dfreq)
/* ================================================== */
void
int
LCL_AccumulateOffset(double offset, double corr_rate)
{
struct timespec raw, cooked;
@@ -517,12 +517,14 @@ LCL_AccumulateOffset(double offset, double corr_rate)
LCL_CookTime(&raw, &cooked, NULL);
if (!check_offset(&cooked, offset))
return;
return 0;
(*drv_accrue_offset)(offset, corr_rate);
/* Dispatch to all handlers */
invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeAdjust);
return 1;
}
/* ================================================== */
@@ -586,7 +588,7 @@ LCL_NotifyLeap(int leap)
/* ================================================== */
void
int
LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
{
struct timespec raw, cooked;
@@ -598,7 +600,7 @@ LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
LCL_CookTime(&raw, &cooked, NULL);
if (!check_offset(&cooked, doffset))
return;
return 0;
old_freq_ppm = current_freq_ppm;
@@ -620,6 +622,8 @@ LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate)
/* Dispatch to all handlers */
invoke_parameter_change_handlers(&raw, &cooked, dfreq, doffset, LCL_ChangeAdjust);
return 1;
}
/* ================================================== */
@@ -687,6 +691,19 @@ LCL_MakeStep(void)
/* ================================================== */
void
LCL_CancelOffsetCorrection(void)
{
struct timespec raw;
double correction;
LCL_ReadRawTime(&raw);
LCL_GetOffsetCorrection(&raw, &correction, NULL);
LCL_AccumulateOffset(correction, 0.0);
}
/* ================================================== */
int
LCL_CanSystemLeap(void)
{

7
local.h
View File

@@ -149,7 +149,7 @@ extern void LCL_AccumulateDeltaFrequency(double dfreq);
forwards (i.e. it is currently slow of true time). Provided is also
a suggested correction rate (correction time * offset). */
extern void LCL_AccumulateOffset(double offset, double corr_rate);
extern int LCL_AccumulateOffset(double offset, double corr_rate);
/* Routine to apply an immediate offset by doing a sudden step if
possible. (Intended for use after an initial estimate of offset has
@@ -171,7 +171,7 @@ extern void LCL_NotifyLeap(int leap);
/* Perform the combination of modifying the frequency and applying
a slew, in one easy step */
extern void LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate);
extern int LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate);
/* Routine to read the system precision as a log to base 2 value. */
extern int LCL_GetSysPrecisionAsLog(void);
@@ -197,6 +197,9 @@ extern void LCL_Finalise(void);
to a timezone problem. */
extern int LCL_MakeStep(void);
/* Routine to cancel the outstanding system clock correction */
extern void LCL_CancelOffsetCorrection(void);
/* Check if the system driver supports leap seconds, i.e. LCL_SetSystemLeap
does something */
extern int LCL_CanSystemLeap(void);

7
main.c
View File

@@ -104,6 +104,7 @@ MAI_CleanupAndExit(void)
{
if (!initialised) exit(exit_status);
LCL_CancelOffsetCorrection();
SRC_DumpSources();
/* Don't update clock when removing sources */
@@ -183,7 +184,7 @@ ntp_source_resolving_end(void)
NSR_AutoStartSources();
/* Special modes can end only when sources update their reachability.
Give up immediatelly if there are no active sources. */
Give up immediately if there are no active sources. */
if (ref_mode != REF_ModeNormal && !SRC_ActiveSources()) {
REF_SetUnsynchronised();
}
@@ -491,6 +492,7 @@ int main
user_check = 0;
nofork = 1;
system_log = 0;
log_severity = LOGS_WARN;
break;
case 'P':
sched_priority = parse_int_arg(optarg);
@@ -627,6 +629,9 @@ int main
if (!geteuid() && (pw->pw_uid || pw->pw_gid))
SYS_DropRoot(pw->pw_uid, pw->pw_gid, SYS_MAIN_PROCESS);
if (!geteuid())
LOG(LOGS_WARN, "Running with root privileges");
REF_Initialise();
SST_Initialise();
NSR_Initialise();

83
nameserv.c
View File

@@ -50,12 +50,24 @@ DNS_SetAddressFamily(int family)
DNS_Status
DNS_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs)
{
#ifdef HAVE_GETADDRINFO
struct addrinfo hints, *res, *ai;
int i, result;
IPAddr ip;
max_addrs = MIN(max_addrs, DNS_MAX_ADDRESSES);
for (i = 0; i < max_addrs; i++)
ip_addrs[i].family = IPADDR_UNSPEC;
/* Avoid calling getaddrinfo() if the name is an IP address */
if (UTI_StringToIP(name, &ip)) {
if (address_family != IPADDR_UNSPEC && ip.family != address_family)
return DNS_Failure;
if (max_addrs >= 1)
ip_addrs[0] = ip;
return DNS_Success;
}
memset(&hints, 0, sizeof (hints));
switch (address_family) {
@@ -107,48 +119,9 @@ DNS_Name2IPAddress(const char *name, IPAddr *ip_addrs, int max_addrs)
}
}
for (; i < max_addrs; i++)
ip_addrs[i].family = IPADDR_UNSPEC;
freeaddrinfo(res);
return !max_addrs || ip_addrs[0].family != IPADDR_UNSPEC ? DNS_Success : DNS_Failure;
#else
struct hostent *host;
int i;
if (address_family != IPADDR_UNSPEC && address_family != IPADDR_INET4)
return DNS_Failure;
max_addrs = MIN(max_addrs, DNS_MAX_ADDRESSES);
host = gethostbyname(name);
if (host == NULL) {
if (h_errno == TRY_AGAIN)
return DNS_TryAgain;
} else {
if (host->h_addrtype != AF_INET || !host->h_addr_list[0])
return DNS_Failure;
for (i = 0; host->h_addr_list[i] && i < max_addrs; i++) {
ip_addrs[i].family = IPADDR_INET4;
ip_addrs[i].addr.in4 = ntohl(*(uint32_t *)host->h_addr_list[i]);
}
for (; i < max_addrs; i++)
ip_addrs[i].family = IPADDR_UNSPEC;
return DNS_Success;
}
#ifdef FORCE_DNSRETRY
return DNS_TryAgain;
#else
return DNS_Failure;
#endif
#endif
}
/* ================================================== */
@@ -157,9 +130,11 @@ int
DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len)
{
char *result = NULL;
#ifdef FEAT_IPV6
struct sockaddr_in6 in6;
struct sockaddr_in6 saddr;
#else
struct sockaddr_in saddr;
#endif
IPSockAddr ip_saddr;
socklen_t slen;
char hbuf[NI_MAXHOST];
@@ -167,29 +142,9 @@ DNS_IPAddress2Name(IPAddr *ip_addr, char *name, int len)
ip_saddr.ip_addr = *ip_addr;
ip_saddr.port = 0;
slen = SCK_IPSockAddrToSockaddr(&ip_saddr, (struct sockaddr *)&in6, sizeof (in6));
if (!getnameinfo((struct sockaddr *)&in6, slen, hbuf, sizeof (hbuf), NULL, 0, 0))
slen = SCK_IPSockAddrToSockaddr(&ip_saddr, (struct sockaddr *)&saddr, sizeof (saddr));
if (!getnameinfo((struct sockaddr *)&saddr, slen, hbuf, sizeof (hbuf), NULL, 0, 0))
result = hbuf;
#else
struct hostent *host;
uint32_t addr;
switch (ip_addr->family) {
case IPADDR_INET4:
addr = htonl(ip_addr->addr.in4);
host = gethostbyaddr((const char *) &addr, sizeof (ip_addr), AF_INET);
break;
#ifdef FEAT_IPV6
case IPADDR_INET6:
host = gethostbyaddr((const void *) ip_addr->addr.in6, sizeof (ip_addr->addr.in6), AF_INET6);
break;
#endif
default:
host = NULL;
}
if (host)
result = host->h_name;
#endif
if (result == NULL)
result = UTI_IPToString(ip_addr);

1
ntp.h
View File

@@ -152,7 +152,6 @@ typedef struct {
double peer_dispersion;
double root_delay;
double root_dispersion;
int stratum;
} NTP_Sample;
#endif /* GOT_NTP_H */

5
ntp_auth.c
View File

@@ -161,11 +161,12 @@ NAU_CreateSymmetricInstance(uint32_t key_id)
/* ================================================== */
NAU_Instance
NAU_CreateNtsInstance(IPSockAddr *nts_address, const char *name, const IPSockAddr *ntp_address)
NAU_CreateNtsInstance(IPSockAddr *nts_address, const char *name, uint32_t cert_set,
uint16_t ntp_port)
{
NAU_Instance instance = create_instance(NTP_AUTH_NTS);
instance->nts = NNC_CreateInstance(nts_address, name, ntp_address);
instance->nts = NNC_CreateInstance(nts_address, name, cert_set, ntp_port);
return instance;
}

2
ntp_auth.h
View File

@@ -37,7 +37,7 @@ typedef struct NAU_Instance_Record *NAU_Instance;
extern NAU_Instance NAU_CreateNoneInstance(void);
extern NAU_Instance NAU_CreateSymmetricInstance(uint32_t key_id);
extern NAU_Instance NAU_CreateNtsInstance(IPSockAddr *nts_address, const char *name,
const IPSockAddr *ntp_address);
uint32_t cert_set, uint16_t ntp_port);
/* Destroy an instance */
extern void NAU_DestroyInstance(NAU_Instance instance);

26
ntp_core.c
View File

@@ -107,6 +107,8 @@ struct NCR_Instance_Record {
int min_stratum; /* Increase stratum in received packets to the
minimum */
int copy; /* Boolean suppressing own refid and stratum */
int poll_target; /* Target number of sourcestats samples */
int version; /* Version set in packets for server/peer */
@@ -560,6 +562,7 @@ NCR_CreateInstance(NTP_Remote_Address *remote_addr, NTP_Source_Type type,
result->auto_iburst = params->iburst;
result->auto_burst = params->burst;
result->auto_offline = params->auto_offline;
result->copy = params->copy && result->mode == MODE_CLIENT;
result->poll_target = params->poll_target;
if (params->nts) {
@@ -571,7 +574,8 @@ NCR_CreateInstance(NTP_Remote_Address *remote_addr, NTP_Source_Type type,
nts_address.ip_addr = remote_addr->ip_addr;
nts_address.port = params->nts_port;
result->auth = NAU_CreateNtsInstance(&nts_address, name, &result->remote_addr);
result->auth = NAU_CreateNtsInstance(&nts_address, name, params->cert_set,
result->remote_addr.port);
} else if (params->authkey != INACTIVE_AUTHKEY) {
result->auth = NAU_CreateSymmetricInstance(params->authkey);
} else {
@@ -703,7 +707,6 @@ NCR_ChangeRemoteAddress(NCR_Instance inst, NTP_Remote_Address *remote_addr, int
memset(&inst->report, 0, sizeof (inst->report));
NCR_ResetInstance(inst);
/* Update the authentication-specific address before NTP address */
if (!ntp_only)
NAU_ChangeAddress(inst->auth, &remote_addr->ip_addr);
@@ -1381,9 +1384,8 @@ check_sync_loop(NCR_Instance inst, NTP_Packet *message, NTP_Local_Address *local
NTP_Leap leap_status;
uint32_t our_ref_id;
/* Check if a server socket is open, i.e. a client or peer can actually
be synchronised to us */
if (!NIO_IsServerSocketOpen())
/* Check if a client or peer can be synchronised to us */
if (!NIO_IsServerSocketOpen() || REF_GetMode() != REF_ModeNormal)
return 1;
/* Check if the source indicates that it is synchronised to our address
@@ -1678,7 +1680,6 @@ process_response(NCR_Instance inst, NTP_Local_Address *local_addr,
sample.root_delay = pkt_root_delay + sample.peer_delay;
sample.root_dispersion = pkt_root_dispersion + sample.peer_dispersion;
sample.stratum = MAX(message->stratum, inst->min_stratum);
/* Update the NTP timestamps. If it's a valid packet from a synchronised
source, the timestamps may be used later when processing a packet in the
@@ -1761,14 +1762,23 @@ process_response(NCR_Instance inst, NTP_Local_Address *local_addr,
if (valid_packet) {
inst->remote_poll = message->poll;
inst->remote_stratum = message->stratum != NTP_INVALID_STRATUM ?
message->stratum : NTP_MAX_STRATUM;
MIN(message->stratum, NTP_MAX_STRATUM) : NTP_MAX_STRATUM;
inst->prev_local_poll = inst->local_poll;
inst->prev_tx_count = inst->tx_count;
inst->tx_count = 0;
SRC_UpdateReachability(inst->source, synced_packet);
SRC_SetLeapStatus(inst->source, pkt_leap);
if (synced_packet) {
if (inst->copy && inst->remote_stratum > 0) {
/* Assume the reference ID and stratum of the server */
inst->remote_stratum--;
SRC_SetRefid(inst->source, ntohl(message->reference_id), &inst->remote_addr.ip_addr);
}
SRC_UpdateStatus(inst->source, MAX(inst->remote_stratum, inst->min_stratum), pkt_leap);
}
if (good_packet) {
/* Adjust the polling interval, accumulate the sample, etc. */

147
ntp_sources.c
View File

@@ -45,6 +45,9 @@
/* ================================================== */
/* Maximum number of sources */
#define MAX_SOURCES 65536
/* Record type private to this file, used to store information about
particular sources */
typedef struct {
@@ -53,7 +56,8 @@ typedef struct {
(an IPADDR_ID address means the address
is not resolved yet) */
NCR_Instance data; /* Data for the protocol engine for this source */
char *name; /* Name of the source, may be NULL */
char *name; /* Name of the source as it was specified
(may be an IP address) */
int pool_id; /* ID of the pool from which was this source
added or INVALID_POOL */
int tentative; /* Flag indicating there was no valid response
@@ -72,6 +76,9 @@ static int n_sources;
/* Flag indicating new sources will be started automatically when added */
static int auto_start_sources = 0;
/* Flag indicating a record is currently being modified */
static int record_lock;
/* Last assigned address ID */
static uint32_t last_address_id = 0;
@@ -100,6 +107,7 @@ struct UnresolvedSource {
static struct UnresolvedSource *unresolved_sources = NULL;
static int resolving_interval = 0;
static int resolving_restart = 0;
static SCH_TimeoutID resolving_id;
static struct UnresolvedSource *resolving_source = NULL;
static NSR_SourceResolvingEndHandler resolving_end_handler = NULL;
@@ -122,11 +130,21 @@ struct SourcePool {
/* Array of SourcePool (indexed by their ID) */
static ARR_Instance pools;
/* Requested update of a source's address */
struct AddressUpdate {
NTP_Remote_Address old_address;
NTP_Remote_Address new_address;
};
/* Update saved when record_lock is true */
static struct AddressUpdate saved_address_update;
/* ================================================== */
/* Forward prototypes */
static void resolve_sources(void);
static void rehash_records(void);
static void handle_saved_address_update(void);
static void clean_source_record(SourceRecord *record);
static void remove_pool_sources(int pool_id, int tentative, int unresolved);
static void remove_unresolved_source(struct UnresolvedSource *us);
@@ -181,14 +199,7 @@ NSR_Initialise(void)
void
NSR_Finalise(void)
{
SourceRecord *record;
unsigned int i;
for (i = 0; i < ARR_GetSize(records); i++) {
record = get_record(i);
if (record->remote_addr)
clean_source_record(record);
}
NSR_RemoveAllSources();
LCL_RemoveParameterChangeHandler(slew_sources, NULL);
@@ -275,6 +286,8 @@ rehash_records(void)
unsigned int i, old_size, new_size;
int slot;
assert(!record_lock);
old_size = ARR_GetSize(records);
temp_records = MallocArray(SourceRecord, old_size);
@@ -317,6 +330,11 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
/* Find empty bin & check that we don't have the address already */
if (find_slot2(remote_addr, &slot) != 0) {
return NSR_AlreadyInUse;
} else if (!name && !UTI_IsIPReal(&remote_addr->ip_addr)) {
/* Name is required for non-real addresses */
return NSR_InvalidName;
} else if (n_sources >= MAX_SOURCES) {
return NSR_TooManySources;
} else {
if (remote_addr->ip_addr.family != IPADDR_INET4 &&
remote_addr->ip_addr.family != IPADDR_INET6 &&
@@ -331,14 +349,20 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
assert(0);
}
assert(!record_lock);
record_lock = 1;
record = get_record(slot);
record->data = NCR_CreateInstance(remote_addr, type, params, name);
assert(!name || !UTI_IsStringIP(name));
record->name = Strdup(name ? name : UTI_IPToString(&remote_addr->ip_addr));
record->data = NCR_CreateInstance(remote_addr, type, params, record->name);
record->remote_addr = NCR_GetRemoteAddress(record->data);
record->name = name ? Strdup(name) : NULL;
record->pool_id = pool_id;
record->tentative = 1;
record->conf_id = conf_id;
record_lock = 0;
if (record->pool_id != INVALID_POOL) {
get_pool(record->pool_id)->sources++;
if (!UTI_IsIPReal(&remote_addr->ip_addr))
@@ -348,6 +372,9 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
if (auto_start_sources && UTI_IsIPReal(&remote_addr->ip_addr))
NCR_StartInstance(record->data);
/* The new instance is allowed to change its address immediately */
handle_saved_address_update();
return NSR_Success;
}
}
@@ -365,7 +392,7 @@ change_source_address(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr
char *name;
found = find_slot2(old_addr, &slot1);
if (found == 0)
if (found != 2)
return NSR_NoSuchSource;
/* Make sure there is no other source using the new address (with the same
@@ -374,9 +401,16 @@ change_source_address(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr
if (found == 2 || (found != 0 && slot1 != slot2))
return NSR_AlreadyInUse;
assert(!record_lock);
record_lock = 1;
record = get_record(slot1);
NCR_ChangeRemoteAddress(record->data, new_addr, !replacement);
record->remote_addr = NCR_GetRemoteAddress(record->data);
if (record->remote_addr != NCR_GetRemoteAddress(record->data) ||
UTI_CompareIPs(&record->remote_addr->ip_addr, &new_addr->ip_addr, NULL) != 0)
assert(0);
if (!UTI_IsIPReal(&old_addr->ip_addr) && UTI_IsIPReal(&new_addr->ip_addr)) {
if (auto_start_sources)
NCR_StartInstance(record->data);
@@ -391,6 +425,8 @@ change_source_address(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr
get_pool(record->pool_id)->confirmed_sources--;
}
record_lock = 0;
name = record->name;
severity = UTI_IsIPReal(&old_addr->ip_addr) ? LOGS_INFO : LOGS_DEBUG;
@@ -400,10 +436,10 @@ change_source_address(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr
LOG(severity, "Source %s %s %s (%s)", UTI_IPToString(&old_addr->ip_addr),
replacement ? "replaced with" : "changed to",
UTI_IPToString(&new_addr->ip_addr), name ? name : "");
UTI_IPToString(&new_addr->ip_addr), name);
} else {
LOG(severity, "Source %s (%s) changed port to %d",
UTI_IPToString(&new_addr->ip_addr), name ? name : "", new_addr->port);
UTI_IPToString(&new_addr->ip_addr), name, new_addr->port);
}
return NSR_Success;
@@ -411,6 +447,24 @@ change_source_address(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr
/* ================================================== */
static void
handle_saved_address_update(void)
{
if (!UTI_IsIPReal(&saved_address_update.old_address.ip_addr))
return;
if (change_source_address(&saved_address_update.old_address,
&saved_address_update.new_address, 0) != NSR_Success)
/* This is expected to happen only if the old address is wrong */
LOG(LOGS_ERR, "Could not change %s to %s",
UTI_IPSockAddrToString(&saved_address_update.old_address),
UTI_IPSockAddrToString(&saved_address_update.new_address));
saved_address_update.old_address.ip_addr.family = IPADDR_UNSPEC;
}
/* ================================================== */
static int
replace_source_connectable(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr)
{
@@ -422,6 +476,8 @@ replace_source_connectable(NTP_Remote_Address *old_addr, NTP_Remote_Address *new
if (change_source_address(old_addr, new_addr, 1) == NSR_AlreadyInUse)
return 0;
handle_saved_address_update();
return 1;
}
@@ -524,6 +580,13 @@ name_resolve_handler(DNS_Status status, int n_addrs, IPAddr *ip_addrs, void *any
if (status == DNS_Failure || UTI_IsIPReal(&us->address.ip_addr) || is_resolved(us))
remove_unresolved_source(us);
/* If a restart was requested and this was the last source in the list,
start with the first source again (if there still is one) */
if (!next && resolving_restart) {
next = unresolved_sources;
resolving_restart = 0;
}
resolving_source = next;
if (next) {
@@ -663,8 +726,7 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
NTP_Remote_Address remote_addr;
int i, new_sources, pool_id;
/* If the name is an IP address, don't bother with full resolving now
or later when trying to replace the source */
/* If the name is an IP address, add the source with the address directly */
if (UTI_StringToIP(name, &remote_addr.ip_addr)) {
remote_addr.port = port;
return NSR_AddSource(&remote_addr, type, params, conf_id);
@@ -737,7 +799,7 @@ NSR_ResolveSources(void)
{
/* Try to resolve unresolved sources now */
if (unresolved_sources) {
/* Make sure no resolving is currently running */
/* Allow only one resolving to be running at a time */
if (!resolving_source) {
if (resolving_id != 0) {
SCH_RemoveTimeout(resolving_id);
@@ -745,6 +807,9 @@ NSR_ResolveSources(void)
resolving_interval--;
}
resolve_sources();
} else {
/* Try again as soon as the current resolving ends */
resolving_restart = 1;
}
} else {
/* No unresolved sources, we are done */
@@ -796,8 +861,7 @@ clean_source_record(SourceRecord *record)
record->remote_addr = NULL;
NCR_DestroyInstance(record->data);
if (record->name)
Free(record->name);
Free(record->name);
n_sources--;
}
@@ -870,7 +934,8 @@ resolve_source_replacement(SourceRecord *record)
{
struct UnresolvedSource *us;
DEBUG_LOG("trying to replace %s", UTI_IPToString(&record->remote_addr->ip_addr));
DEBUG_LOG("trying to replace %s (%s)",
UTI_IPToString(&record->remote_addr->ip_addr), record->name);
us = MallocNew(struct UnresolvedSource);
us->name = Strdup(record->name);
@@ -894,6 +959,7 @@ NSR_HandleBadSource(IPAddr *address)
static struct timespec last_replacement;
struct timespec now;
SourceRecord *record;
IPAddr ip_addr;
double diff;
int slot;
@@ -902,8 +968,10 @@ NSR_HandleBadSource(IPAddr *address)
record = get_record(slot);
/* Only sources with a name can be replaced */
if (!record->name)
/* Don't try to replace a source specified by an IP address unless the
address changed since the source was added (e.g. by NTS-KE) */
if (UTI_StringToIP(record->name, &ip_addr) &&
UTI_CompareIPs(&record->remote_addr->ip_addr, &ip_addr, NULL) == 0)
return;
/* Don't resolve names too frequently */
@@ -928,7 +996,7 @@ NSR_RefreshAddresses(void)
for (i = 0; i < ARR_GetSize(records); i++) {
record = get_record(i);
if (!record->remote_addr || !record->name)
if (!record->remote_addr)
continue;
resolve_source_replacement(record);
@@ -940,10 +1008,28 @@ NSR_RefreshAddresses(void)
NSR_Status
NSR_UpdateSourceNtpAddress(NTP_Remote_Address *old_addr, NTP_Remote_Address *new_addr)
{
if (new_addr->ip_addr.family == IPADDR_UNSPEC)
int slot;
if (!UTI_IsIPReal(&old_addr->ip_addr) || !UTI_IsIPReal(&new_addr->ip_addr))
return NSR_InvalidAF;
return change_source_address(old_addr, new_addr, 0);
if (UTI_CompareIPs(&old_addr->ip_addr, &new_addr->ip_addr, NULL) != 0 &&
find_slot(&new_addr->ip_addr, &slot))
return NSR_AlreadyInUse;
/* If a record is being modified (e.g. by change_source_address(), or the
source is just being created), postpone the change to avoid corruption */
if (!record_lock)
return change_source_address(old_addr, new_addr, 0);
if (UTI_IsIPReal(&saved_address_update.old_address.ip_addr))
return NSR_TooManySources;
saved_address_update.old_address = *old_addr;
saved_address_update.new_address = *new_addr;
return NSR_Success;
}
/* ================================================== */
@@ -992,17 +1078,12 @@ NSR_GetLocalRefid(IPAddr *address)
char *
NSR_GetName(IPAddr *address)
{
SourceRecord *record;
int slot;
if (!find_slot(address, &slot))
return 0;
return NULL;
record = get_record(slot);
if (record->name)
return record->name;
return UTI_IPToString(&record->remote_addr->ip_addr);
return get_record(slot)->name;
}
/* ================================================== */

7
ntp_sources.h
View File

@@ -91,15 +91,16 @@ extern void NSR_HandleBadSource(IPAddr *address);
/* Procedure to resolve all names again */
extern void NSR_RefreshAddresses(void);
/* Procedure to update the address of a source */
/* Procedure to update the address of a source. The update may be
postponed. */
extern NSR_Status NSR_UpdateSourceNtpAddress(NTP_Remote_Address *old_addr,
NTP_Remote_Address *new_addr);
/* Procedure to get local reference ID corresponding to a source */
extern uint32_t NSR_GetLocalRefid(IPAddr *address);
/* Procedure to get the name of a source. If the source doesn't have a name,
it returns a temporary string containing formatted address. */
/* Procedure to get the name of a source as it was specified (it may be
an IP address) */
extern char *NSR_GetName(IPAddr *address);
/* This routine is called by ntp_io when a new packet arrives off the network */

60
nts_ke_client.c
View File

@@ -44,6 +44,7 @@
struct NKC_Instance_Record {
char *name;
IPSockAddr address;
NKSN_Credentials credentials;
NKSN_Instance session;
int destroying;
int got_response;
@@ -52,14 +53,14 @@ struct NKC_Instance_Record {
NKE_Context context;
NKE_Cookie cookies[NKE_MAX_COOKIES];
int num_cookies;
char server_name[NKE_MAX_RECORD_BODY_LENGTH + 1];
char server_name[NKE_MAX_RECORD_BODY_LENGTH + 2];
IPSockAddr ntp_address;
};
/* ================================================== */
static void *client_credentials = NULL;
static int client_credentials_refs = 0;
static NKSN_Credentials default_credentials = NULL;
static int default_credentials_refs = 0;
/* ================================================== */
@@ -253,6 +254,17 @@ handle_message(void *arg)
if (inst->resolving_name)
return 0;
if (!UTI_StringToIP(inst->server_name, &inst->ntp_address.ip_addr)) {
int length = strlen(inst->server_name);
/* Add a trailing dot if not present to force the name to be
resolved as a fully qualified domain name */
if (length < 1 || length + 1 >= sizeof (inst->server_name))
return 0;
if (inst->server_name[length - 1] != '.') {
inst->server_name[length] = '.';
inst->server_name[length + 1] = '\0';
}
DNS_Name2IPAddressAsync(inst->server_name, name_resolve_handler, inst);
inst->resolving_name = 1;
}
@@ -266,9 +278,12 @@ handle_message(void *arg)
/* ================================================== */
NKC_Instance
NKC_CreateInstance(IPSockAddr *address, const char *name)
NKC_CreateInstance(IPSockAddr *address, const char *name, uint32_t cert_set)
{
const char **trusted_certs;
uint32_t *certs_ids;
NKC_Instance inst;
int n_certs;
inst = MallocNew(struct NKC_Instance_Record);
@@ -279,10 +294,21 @@ NKC_CreateInstance(IPSockAddr *address, const char *name)
inst->destroying = 0;
inst->got_response = 0;
/* Share the credentials with other client instances */
if (!client_credentials)
client_credentials = NKSN_CreateCertCredentials(NULL, NULL, CNF_GetNtsTrustedCertFile());
client_credentials_refs++;
n_certs = CNF_GetNtsTrustedCertsPaths(&trusted_certs, &certs_ids);
/* Share the credentials among clients using the default set of trusted
certificates, which likely contains most certificates */
if (cert_set == 0) {
if (!default_credentials)
default_credentials = NKSN_CreateClientCertCredentials(trusted_certs, certs_ids,
n_certs, cert_set);
inst->credentials = default_credentials;
if (default_credentials)
default_credentials_refs++;
} else {
inst->credentials = NKSN_CreateClientCertCredentials(trusted_certs, certs_ids,
n_certs, cert_set);
}
return inst;
}
@@ -296,10 +322,16 @@ NKC_DestroyInstance(NKC_Instance inst)
Free(inst->name);
client_credentials_refs--;
if (client_credentials_refs <= 0 && client_credentials) {
NKSN_DestroyCertCredentials(client_credentials);
client_credentials = NULL;
if (inst->credentials) {
if (inst->credentials == default_credentials) {
default_credentials_refs--;
if (default_credentials_refs <= 0) {
NKSN_DestroyCertCredentials(default_credentials);
default_credentials = NULL;
}
} else {
NKSN_DestroyCertCredentials(inst->credentials);
}
}
/* If the asynchronous resolver is running, let the handler free
@@ -325,7 +357,7 @@ NKC_Start(NKC_Instance inst)
inst->got_response = 0;
if (!client_credentials) {
if (!inst->credentials) {
DEBUG_LOG("Missing client credentials");
return 0;
}
@@ -347,7 +379,7 @@ NKC_Start(NKC_Instance inst)
}
/* Start an NTS-KE session */
if (!NKSN_StartSession(inst->session, sock_fd, label, client_credentials, CLIENT_TIMEOUT)) {
if (!NKSN_StartSession(inst->session, sock_fd, label, inst->credentials, CLIENT_TIMEOUT)) {
SCK_CloseSocket(sock_fd);
return 0;
}

2
nts_ke_client.h
View File

@@ -33,7 +33,7 @@
typedef struct NKC_Instance_Record *NKC_Instance;
/* Create a client NTS-KE instance */
extern NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name);
extern NKC_Instance NKC_CreateInstance(IPSockAddr *address, const char *name, uint32_t cert_set);
/* Destroy an instance */
extern void NKC_DestroyInstance(NKC_Instance inst);

17
nts_ke_server.c
View File

@@ -95,7 +95,7 @@ static int initialised = 0;
/* Array of NKSN instances */
static ARR_Instance sessions;
static void *server_credentials;
static NKSN_Credentials server_credentials;
/* ================================================== */
@@ -678,13 +678,14 @@ void
NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level)
{
int i, processes, sock_fd1, sock_fd2;
const char **certs, **keys;
char prefix[16];
pid_t pid;
helper_sock_fd = INVALID_SOCK_FD;
is_helper = 0;
if (!CNF_GetNtsServerCertFile() || !CNF_GetNtsServerKeyFile())
if (CNF_GetNtsServerCertAndKeyFiles(&certs, &keys) <= 0)
return;
processes = CNF_GetNtsServerProcesses();
@@ -728,21 +729,19 @@ NKS_PreInitialise(uid_t uid, gid_t gid, int scfilter_level)
void
NKS_Initialise(void)
{
char *cert, *key;
const char **certs, **keys;
int i, n_certs_keys;
double key_delay;
int i;
server_sock_fd4 = INVALID_SOCK_FD;
server_sock_fd6 = INVALID_SOCK_FD;
cert = CNF_GetNtsServerCertFile();
key = CNF_GetNtsServerKeyFile();
if (!cert || !key)
n_certs_keys = CNF_GetNtsServerCertAndKeyFiles(&certs, &keys);
if (n_certs_keys <= 0)
return;
if (helper_sock_fd == INVALID_SOCK_FD) {
server_credentials = NKSN_CreateCertCredentials(cert, key, NULL);
server_credentials = NKSN_CreateServerCertCredentials(certs, keys, n_certs_keys);
if (!server_credentials)
return;
} else {

91
nts_ke_session.c
View File

@@ -225,9 +225,13 @@ create_tls_session(int server_mode, int sock_fd, const char *server_name,
}
if (!server_mode) {
r = gnutls_server_name_set(session, GNUTLS_NAME_DNS, server_name, strlen(server_name));
if (r < 0)
goto error;
assert(server_name);
if (!UTI_IsStringIP(server_name)) {
r = gnutls_server_name_set(session, GNUTLS_NAME_DNS, server_name, strlen(server_name));
if (r < 0)
goto error;
}
flags = 0;
@@ -637,11 +641,13 @@ deinit_gnutls(void)
/* ================================================== */
void *
NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs)
static NKSN_Credentials
create_credentials(const char **certs, const char **keys, int n_certs_keys,
const char **trusted_certs, uint32_t *trusted_certs_ids,
int n_trusted_certs, uint32_t trusted_cert_set)
{
gnutls_certificate_credentials_t credentials = NULL;
int r;
int i, r;
init_gnutls();
@@ -649,29 +655,50 @@ NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs)
if (r < 0)
goto error;
if (cert && key) {
r = gnutls_certificate_set_x509_key_file(credentials, cert, key,
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
if (certs && keys) {
if (trusted_certs || trusted_certs_ids)
assert(0);
for (i = 0; i < n_certs_keys; i++) {
r = gnutls_certificate_set_x509_key_file(credentials, certs[i], keys[i],
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
}
} else {
if (!CNF_GetNoSystemCert()) {
if (certs || keys || n_certs_keys > 0)
assert(0);
if (trusted_cert_set == 0 && !CNF_GetNoSystemCert()) {
r = gnutls_certificate_set_x509_system_trust(credentials);
if (r < 0)
goto error;
}
if (trusted_certs) {
r = gnutls_certificate_set_x509_trust_file(credentials, trusted_certs,
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
if (trusted_certs && trusted_certs_ids) {
for (i = 0; i < n_trusted_certs; i++) {
struct stat buf;
if (trusted_certs_ids[i] != trusted_cert_set)
continue;
if (stat(trusted_certs[i], &buf) == 0 && S_ISDIR(buf.st_mode))
r = gnutls_certificate_set_x509_trust_dir(credentials, trusted_certs[i],
GNUTLS_X509_FMT_PEM);
else
r = gnutls_certificate_set_x509_trust_file(credentials, trusted_certs[i],
GNUTLS_X509_FMT_PEM);
if (r < 0)
goto error;
DEBUG_LOG("Added %d trusted certs from %s", r, trusted_certs[i]);
}
}
}
credentials_counter++;
return credentials;
return (NKSN_Credentials)credentials;
error:
LOG(LOGS_ERR, "Could not set credentials : %s", gnutls_strerror(r));
@@ -683,10 +710,27 @@ error:
/* ================================================== */
void
NKSN_DestroyCertCredentials(void *credentials)
NKSN_Credentials
NKSN_CreateServerCertCredentials(const char **certs, const char **keys, int n_certs_keys)
{
gnutls_certificate_free_credentials(credentials);
return create_credentials(certs, keys, n_certs_keys, NULL, NULL, 0, 0);
}
/* ================================================== */
NKSN_Credentials
NKSN_CreateClientCertCredentials(const char **certs, uint32_t *ids,
int n_certs_ids, uint32_t trusted_cert_set)
{
return create_credentials(NULL, NULL, 0, certs, ids, n_certs_ids, trusted_cert_set);
}
/* ================================================== */
void
NKSN_DestroyCertCredentials(NKSN_Credentials credentials)
{
gnutls_certificate_free_credentials((gnutls_certificate_credentials_t)credentials);
credentials_counter--;
deinit_gnutls();
}
@@ -734,12 +778,13 @@ NKSN_DestroyInstance(NKSN_Instance inst)
int
NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label,
void *credentials, double timeout)
NKSN_Credentials credentials, double timeout)
{
assert(inst->state == KE_STOPPED);
inst->tls_session = create_tls_session(inst->server, sock_fd, inst->server_name,
credentials, priority_cache);
(gnutls_certificate_credentials_t)credentials,
priority_cache);
if (!inst->tls_session)
return 0;

16
nts_ke_session.h
View File

@@ -30,19 +30,25 @@
#include "nts_ke.h"
#include "siv.h"
typedef struct NKSN_Credentials_Record *NKSN_Credentials;
typedef struct NKSN_Instance_Record *NKSN_Instance;
/* Handler for received NTS-KE messages. A zero return code stops
the session. */
typedef int (*NKSN_MessageHandler)(void *arg);
/* Get client or server credentials using certificates of trusted CAs,
or a server certificate and key. The credentials may be shared between
/* Get server or client credentials using a server certificate and key,
or certificates of trusted CAs. The credentials may be shared between
different clients or servers. */
extern void *NKSN_CreateCertCredentials(char *cert, char *key, char *trusted_certs);
extern NKSN_Credentials NKSN_CreateServerCertCredentials(const char **certs, const char **keys,
int n_certs_keys);
extern NKSN_Credentials NKSN_CreateClientCertCredentials(const char **certs, uint32_t *ids,
int n_certs_ids,
uint32_t trusted_cert_set);
/* Destroy the credentials */
extern void NKSN_DestroyCertCredentials(void *credentials);
extern void NKSN_DestroyCertCredentials(NKSN_Credentials credentials);
/* Create an instance */
extern NKSN_Instance NKSN_CreateInstance(int server_mode, const char *server_name,
@@ -53,7 +59,7 @@ extern void NKSN_DestroyInstance(NKSN_Instance inst);
/* Start a new NTS-KE session */
extern int NKSN_StartSession(NKSN_Instance inst, int sock_fd, const char *label,
void *credentials, double timeout);
NKSN_Credentials credentials, double timeout);
/* Begin an NTS-KE message. A request should be made right after starting
the session and response should be made in the message handler. */

54
nts_ntp_client.c
View File

@@ -50,14 +50,20 @@
#define DUMP_IDENTIFIER "NNC0\n"
struct NNC_Instance_Record {
const IPSockAddr *ntp_address;
/* Address of NTS-KE server */
IPSockAddr nts_address;
/* Hostname or IP address for certificate verification */
char *name;
/* ID of trusted certificates */
uint32_t cert_set;
/* Configured NTP port */
uint16_t default_ntp_port;
/* Address of NTP server (can be negotiated in NTS-KE) */
IPSockAddr ntp_address;
NKC_Instance nke;
SIV_Instance siv;
int load_attempt;
int nke_attempts;
double next_nke_attempt;
double last_nke_success;
@@ -91,7 +97,6 @@ reset_instance(NNC_Instance inst)
SIV_DestroyInstance(inst->siv);
inst->siv = NULL;
inst->load_attempt = 0;
inst->nke_attempts = 0;
inst->next_nke_attempt = 0.0;
inst->last_nke_success = 0.0;
@@ -111,20 +116,26 @@ reset_instance(NNC_Instance inst)
/* ================================================== */
NNC_Instance
NNC_CreateInstance(IPSockAddr *nts_address, const char *name, const IPSockAddr *ntp_address)
NNC_CreateInstance(IPSockAddr *nts_address, const char *name, uint32_t cert_set, uint16_t ntp_port)
{
NNC_Instance inst;
inst = MallocNew(struct NNC_Instance_Record);
inst->ntp_address = ntp_address;
inst->nts_address = *nts_address;
inst->name = name ? Strdup(name) : NULL;
inst->name = Strdup(name);
inst->cert_set = cert_set;
inst->default_ntp_port = ntp_port;
inst->ntp_address.ip_addr = nts_address->ip_addr;
inst->ntp_address.port = ntp_port;
inst->siv = NULL;
inst->nke = NULL;
reset_instance(inst);
/* Try to reload saved keys and cookies */
load_cookies(inst);
return inst;
}
@@ -165,13 +176,13 @@ set_ntp_address(NNC_Instance inst, NTP_Remote_Address *negotiated_address)
{
NTP_Remote_Address old_address, new_address;
old_address = *inst->ntp_address;
old_address = inst->ntp_address;
new_address = *negotiated_address;
if (new_address.ip_addr.family == IPADDR_UNSPEC)
new_address.ip_addr = old_address.ip_addr;
new_address.ip_addr = inst->nts_address.ip_addr;
if (new_address.port == 0)
new_address.port = old_address.port;
new_address.port = inst->default_ntp_port;
if (UTI_CompareIPs(&old_address.ip_addr, &new_address.ip_addr, NULL) == 0 &&
old_address.port == new_address.port)
@@ -184,6 +195,8 @@ set_ntp_address(NNC_Instance inst, NTP_Remote_Address *negotiated_address)
return 0;
}
inst->ntp_address = new_address;
return 1;
}
@@ -223,13 +236,7 @@ get_cookies(NNC_Instance inst)
return 0;
}
if (!inst->name) {
LOG(LOGS_ERR, "Missing name of %s for NTS-KE",
UTI_IPToString(&inst->nts_address.ip_addr));
return 0;
}
inst->nke = NKC_CreateInstance(&inst->nts_address, inst->name);
inst->nke = NKC_CreateInstance(&inst->nts_address, inst->name, inst->cert_set);
inst->nke_attempts++;
update_next_nke_attempt(inst, now);
@@ -288,12 +295,6 @@ NNC_PrepareForAuth(NNC_Instance inst)
UTI_GetRandomBytes(inst->uniq_id, sizeof (inst->uniq_id));
UTI_GetRandomBytes(inst->nonce, sizeof (inst->nonce));
/* Try to reload saved keys and cookies (once for the NTS-KE address) */
if (!inst->load_attempt) {
load_cookies(inst);
inst->load_attempt = 1;
}
/* Get new cookies if there are not any, or they are no longer usable */
if (!check_cookies(inst)) {
if (!get_cookies(inst))
@@ -524,10 +525,13 @@ NNC_ChangeAddress(NNC_Instance inst, IPAddr *address)
save_cookies(inst);
inst->nts_address.ip_addr = *address;
inst->ntp_address.ip_addr = *address;
reset_instance(inst);
DEBUG_LOG("NTS reset");
load_cookies(inst);
}
/* ================================================== */
@@ -541,7 +545,7 @@ save_cookies(NNC_Instance inst)
FILE *f;
int i;
if (inst->num_cookies < 1 || !inst->name || !UTI_IsIPReal(&inst->nts_address.ip_addr))
if (inst->num_cookies < 1 || !UTI_IsIPReal(&inst->nts_address.ip_addr))
return;
dump_dir = CNF_GetNtsDumpDir();
@@ -560,7 +564,7 @@ save_cookies(NNC_Instance inst)
if (fprintf(f, "%s%s\n%.1f\n%s %d\n%u %d ",
DUMP_IDENTIFIER, inst->name, context_time,
UTI_IPToString(&inst->ntp_address->ip_addr), inst->ntp_address->port,
UTI_IPToString(&inst->ntp_address.ip_addr), inst->ntp_address.port,
inst->context_id, (int)inst->context.algorithm) < 0 ||
!UTI_BytesToHex(inst->context.s2c.key, inst->context.s2c.length, buf, sizeof (buf)) ||
fprintf(f, "%s ", buf) < 0 ||
@@ -623,7 +627,7 @@ load_cookies(NNC_Instance inst)
if (!fgets(line, sizeof (line), f) || strcmp(line, DUMP_IDENTIFIER) != 0 ||
!fgets(line, sizeof (line), f) || UTI_SplitString(line, words, MAX_WORDS) != 1 ||
!inst->name || strcmp(words[0], inst->name) != 0 ||
strcmp(words[0], inst->name) != 0 ||
!fgets(line, sizeof (line), f) || UTI_SplitString(line, words, MAX_WORDS) != 1 ||
sscanf(words[0], "%lf", &context_time) != 1 ||
!fgets(line, sizeof (line), f) || UTI_SplitString(line, words, MAX_WORDS) != 2 ||

2
nts_ntp_client.h
View File

@@ -34,7 +34,7 @@
typedef struct NNC_Instance_Record *NNC_Instance;
extern NNC_Instance NNC_CreateInstance(IPSockAddr *nts_address, const char *name,
const IPSockAddr *ntp_address);
uint32_t cert_set, uint16_t ntp_port);
extern void NNC_DestroyInstance(NNC_Instance inst);
extern int NNC_PrepareForAuth(NNC_Instance inst);
extern int NNC_GenerateRequestAuth(NNC_Instance inst, NTP_Packet *packet,

4
nts_ntp_server.c
View File

@@ -59,8 +59,10 @@ struct NtsServer *server;
void
NNS_Initialise(void)
{
const char **certs, **keys;
/* Create an NTS-NTP server instance only if NTS-KE server is enabled */
if (!CNF_GetNtsServerCertFile() || !CNF_GetNtsServerKeyFile()) {
if (CNF_GetNtsServerCertAndKeyFiles(&certs, &keys) <= 0) {
server = NULL;
return;
}

3
pktlength.c
View File

@@ -87,7 +87,7 @@ static const struct request_length request_lengths[] = {
REQ_LENGTH_ENTRY(del_source, null), /* DEL_SOURCE */
REQ_LENGTH_ENTRY(null, null), /* WRITERTC */
REQ_LENGTH_ENTRY(dfreq, null), /* DFREQ */
REQ_LENGTH_ENTRY(doffset, null), /* DOFFSET */
{ 0, 0 }, /* DOFFSET - not supported */
REQ_LENGTH_ENTRY(null, tracking), /* TRACKING */
REQ_LENGTH_ENTRY(sourcestats, sourcestats), /* SOURCESTATS */
REQ_LENGTH_ENTRY(null, rtc), /* RTCREPORT */
@@ -128,6 +128,7 @@ static const struct request_length request_lengths[] = {
client_accesses_by_index), /* CLIENT_ACCESSES_BY_INDEX3 */
REQ_LENGTH_ENTRY(select_data, select_data), /* SELECT_DATA */
REQ_LENGTH_ENTRY(null, null), /* RELOAD_SOURCES */
REQ_LENGTH_ENTRY(doffset, null), /* DOFFSET2 */
};
static const uint16_t reply_lengths[] = {

55
refclock.c
View File

@@ -40,6 +40,9 @@
#include "samplefilt.h"
#include "sched.h"
/* Maximum offset of locked reference as a fraction of the PPS interval */
#define PPS_LOCK_LIMIT 0.4
/* list of refclock drivers */
extern RefclockDriver RCL_SHM_driver;
extern RefclockDriver RCL_SOCK_driver;
@@ -267,7 +270,7 @@ RCL_AddRefclock(RefclockParameters *params)
void
RCL_StartRefclocks(void)
{
unsigned int i, j, n;
unsigned int i, j, n, lock_index;
n = ARR_GetSize(refclocks);
@@ -277,13 +280,31 @@ RCL_StartRefclocks(void)
SRC_SetActive(inst->source);
inst->timeout_id = SCH_AddTimeoutByDelay(0.0, poll_timeout, (void *)inst);
if (inst->lock_ref) {
/* Replace lock refid with index to refclocks */
for (j = 0; j < n && get_refclock(j)->ref_id != inst->lock_ref; j++)
;
inst->lock_ref = j < n ? j : -1;
} else
inst->lock_ref = -1;
/* Replace lock refid with the refclock's index, or -1 if not valid */
lock_index = -1;
if (inst->lock_ref != 0) {
for (j = 0; j < n; j++) {
RCL_Instance inst2 = get_refclock(j);
if (inst->lock_ref != inst2->ref_id)
continue;
if (inst->driver->poll && inst2->driver->poll &&
(double)inst->max_lock_age / inst->pps_rate < UTI_Log2ToDouble(inst2->driver_poll))
LOG(LOGS_WARN, "%s maxlockage too small for %s",
UTI_RefidToString(inst->ref_id), UTI_RefidToString(inst2->ref_id));
lock_index = j;
break;
}
if (lock_index == -1 || lock_index == i)
LOG(LOGS_WARN, "Invalid lock refid %s", UTI_RefidToString(inst->lock_ref));
}
inst->lock_ref = lock_index;
}
}
@@ -415,12 +436,6 @@ accumulate_sample(RCL_Instance instance, struct timespec *sample_time, double of
sample.peer_dispersion = dispersion;
sample.root_dispersion = dispersion;
/* Handle special case when PPS is used with the local reference */
if (instance->pps_active && instance->lock_ref == -1)
sample.stratum = pps_stratum(instance, &sample.time);
else
sample.stratum = instance->stratum;
return SPF_AccumulateSample(instance->filter, &sample);
}
@@ -565,7 +580,7 @@ RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
offset += shift;
if (fabs(ref_sample.offset - offset) +
ref_sample.root_dispersion + dispersion >= 0.2 / rate) {
ref_sample.root_dispersion + dispersion > PPS_LOCK_LIMIT / rate) {
DEBUG_LOG("refclock pulse ignored offdiff=%.9f refdisp=%.9f disp=%.9f",
ref_sample.offset - offset, ref_sample.root_dispersion, dispersion);
return 0;
@@ -685,7 +700,7 @@ static void
poll_timeout(void *arg)
{
NTP_Sample sample;
int poll;
int poll, stratum;
RCL_Instance inst = (RCL_Instance)arg;
@@ -701,8 +716,14 @@ poll_timeout(void *arg)
inst->driver_polled = 0;
if (SPF_GetFilteredSample(inst->filter, &sample)) {
/* Handle special case when PPS is used with the local reference */
if (inst->pps_active && inst->lock_ref == -1)
stratum = pps_stratum(inst, &sample.time);
else
stratum = inst->stratum;
SRC_UpdateReachability(inst->source, 1);
SRC_SetLeapStatus(inst->source, inst->leap_status);
SRC_UpdateStatus(inst->source, stratum, inst->leap_status);
SRC_AccumulateSample(inst->source, &sample);
SRC_SelectSource(inst->source);

4
refclock_phc.c
View File

@@ -66,10 +66,8 @@ static int phc_initialise(RCL_Instance instance)
path = RCL_GetDriverParameter(instance);
phc_fd = SYS_Linux_OpenPHC(path, 0);
if (phc_fd < 0) {
if (phc_fd < 0)
LOG_FATAL("Could not open PHC");
return 0;
}
phc = MallocNew(struct phc_instance);
phc->fd = phc_fd;

31
refclock_pps.c
View File

@@ -61,49 +61,36 @@ static int pps_initialise(RCL_Instance instance) {
edge_clear = RCL_GetDriverOption(instance, "clear") ? 1 : 0;
fd = open(path, O_RDWR);
if (fd < 0) {
if (fd < 0)
LOG_FATAL("Could not open %s : %s", path, strerror(errno));
return 0;
}
UTI_FdSetCloexec(fd);
if (time_pps_create(fd, &handle) < 0) {
if (time_pps_create(fd, &handle) < 0)
LOG_FATAL("time_pps_create() failed on %s : %s", path, strerror(errno));
return 0;
}
if (time_pps_getcap(handle, &mode) < 0) {
if (time_pps_getcap(handle, &mode) < 0)
LOG_FATAL("time_pps_getcap() failed on %s : %s", path, strerror(errno));
return 0;
}
if (time_pps_getparams(handle, &params) < 0) {
if (time_pps_getparams(handle, &params) < 0)
LOG_FATAL("time_pps_getparams() failed on %s : %s", path, strerror(errno));
return 0;
}
if (!edge_clear) {
if (!(mode & PPS_CAPTUREASSERT)) {
if (!(mode & PPS_CAPTUREASSERT))
LOG_FATAL("CAPTUREASSERT not supported on %s", path);
return 0;
}
params.mode |= PPS_CAPTUREASSERT;
params.mode &= ~PPS_CAPTURECLEAR;
} else {
if (!(mode & PPS_CAPTURECLEAR)) {
if (!(mode & PPS_CAPTURECLEAR))
LOG_FATAL("CAPTURECLEAR not supported on %s", path);
return 0;
}
params.mode |= PPS_CAPTURECLEAR;
params.mode &= ~PPS_CAPTUREASSERT;
}
if (time_pps_setparams(handle, &params) < 0) {
if (time_pps_setparams(handle, &params) < 0)
LOG_FATAL("time_pps_setparams() failed on %s : %s", path, strerror(errno));
return 0;
}
pps = MallocNew(struct pps_instance);
pps->handle = handle;

2
rtc.c
View File

@@ -148,6 +148,8 @@ RTC_Initialise(int initial_set)
if (driver.init) {
if ((driver.init)()) {
driver_initialised = 1;
} else {
LOG(LOGS_ERR, "RTC driver could not be initialised");
}
} else {
LOG(LOGS_ERR, "RTC not supported on this operating system");

1
samplefilt.c
View File

@@ -386,7 +386,6 @@ combine_selected_samples(SPF_Instance filter, int n, NTP_Sample *result)
result->root_dispersion = MAX(disp, mean_root_dispersion);
result->peer_delay = mean_peer_delay;
result->root_delay = mean_root_delay;
result->stratum = last_sample->stratum;
return 1;
}

33
sched.c
View File

@@ -111,7 +111,8 @@ static struct timespec last_class_dispatch[SCH_NumberOfClasses];
/* ================================================== */
static int need_to_exit;
/* Flag terminating the main loop, which can be set from a signal handler */
static volatile int need_to_exit;
/* ================================================== */
@@ -498,12 +499,15 @@ SCH_RemoveTimeout(SCH_TimeoutID id)
static void
dispatch_timeouts(struct timespec *now) {
unsigned long n_done, n_entries_on_start;
TimerQueueEntry *ptr;
SCH_TimeoutHandler handler;
SCH_ArbitraryArgument arg;
int n_done = 0, n_entries_on_start = n_timer_queue_entries;
while (1) {
n_entries_on_start = n_timer_queue_entries;
n_done = 0;
do {
LCL_ReadRawTime(now);
if (!(n_timer_queue_entries > 0 &&
@@ -526,16 +530,21 @@ dispatch_timeouts(struct timespec *now) {
/* Increment count of timeouts handled */
++n_done;
/* If more timeouts were handled than there were in the timer queue on
start and there are now, assume some code is scheduling timeouts with
negative delays and abort. Make the actual limit higher in case the
machine is temporarily overloaded and dispatching the handlers takes
more time than was delay of a scheduled timeout. */
if (n_done > n_timer_queue_entries * 4 &&
n_done > n_entries_on_start * 4) {
/* If the number of dispatched timeouts is significantly larger than the
length of the queue on start and now, assume there is a bug causing
an infinite loop by constantly adding a timeout with a zero or negative
delay. Check the actual rate of timeouts to avoid false positives in
case the execution slowed down so much (e.g. due to memory thrashing)
that it repeatedly takes more time to handle the timeout than is its
delay. This is a safety mechanism intended to stop a full-speed flood
of NTP requests due to a bug in the NTP polling. */
if (n_done > 20 &&
n_done > 4 * MAX(n_timer_queue_entries, n_entries_on_start) &&
fabs(UTI_DiffTimespecsToDouble(now, &last_select_ts_raw)) / n_done < 0.01)
LOG_FATAL("Possible infinite loop in scheduling");
}
}
} while (!need_to_exit);
}
/* ================================================== */

47
socket.c
View File

@@ -737,6 +737,17 @@ init_message_nonaddress(SCK_Message *message)
/* ================================================== */
static int
match_cmsg(struct cmsghdr *cmsg, int level, int type, size_t length)
{
if (cmsg->cmsg_type == type && cmsg->cmsg_level == level &&
(length == 0 || cmsg->cmsg_len == CMSG_LEN(length)))
return 1;
return 0;
}
/* ================================================== */
static int
process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
SCK_Message *message)
@@ -794,8 +805,10 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
}
for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) {
if (0) {
}
#ifdef HAVE_IN_PKTINFO
if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO) {
else if (match_cmsg(cmsg, IPPROTO_IP, IP_PKTINFO, sizeof (struct in_pktinfo))) {
struct in_pktinfo ipi;
if (message->addr_type != SCK_ADDR_IP)
@@ -807,7 +820,7 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
message->if_index = ipi.ipi_ifindex;
}
#elif defined(IP_RECVDSTADDR)
if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_RECVDSTADDR) {
else if (match_cmsg(cmsg, IPPROTO_IP, IP_RECVDSTADDR, sizeof (struct in_addr))) {
struct in_addr addr;
if (message->addr_type != SCK_ADDR_IP)
@@ -818,9 +831,8 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
message->local_addr.ip.family = IPADDR_INET4;
}
#endif
#ifdef HAVE_IN6_PKTINFO
if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO) {
else if (match_cmsg(cmsg, IPPROTO_IPV6, IPV6_PKTINFO, sizeof (struct in6_pktinfo))) {
struct in6_pktinfo ipi;
if (message->addr_type != SCK_ADDR_IP)
@@ -833,25 +845,23 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
message->if_index = ipi.ipi6_ifindex;
}
#endif
#ifdef SCM_TIMESTAMP
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMP) {
else if (match_cmsg(cmsg, SOL_SOCKET, SCM_TIMESTAMP, sizeof (struct timeval))) {
struct timeval tv;
memcpy(&tv, CMSG_DATA(cmsg), sizeof (tv));
UTI_TimevalToTimespec(&tv, &message->timestamp.kernel);
}
#endif
#ifdef SCM_TIMESTAMPNS
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPNS) {
else if (match_cmsg(cmsg, SOL_SOCKET, SCM_TIMESTAMPNS, sizeof (message->timestamp.kernel))) {
memcpy(&message->timestamp.kernel, CMSG_DATA(cmsg), sizeof (message->timestamp.kernel));
}
#endif
#ifdef HAVE_LINUX_TIMESTAMPING
#ifdef HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING_PKTINFO) {
else if (match_cmsg(cmsg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
sizeof (struct scm_ts_pktinfo))) {
struct scm_ts_pktinfo ts_pktinfo;
memcpy(&ts_pktinfo, CMSG_DATA(cmsg), sizeof (ts_pktinfo));
@@ -859,17 +869,17 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
message->timestamp.l2_length = ts_pktinfo.pkt_length;
}
#endif
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING) {
else if (match_cmsg(cmsg, SOL_SOCKET, SCM_TIMESTAMPING,
sizeof (struct scm_timestamping))) {
struct scm_timestamping ts3;
memcpy(&ts3, CMSG_DATA(cmsg), sizeof (ts3));
message->timestamp.kernel = ts3.ts[0];
message->timestamp.hw = ts3.ts[2];
}
if ((cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR) ||
(cmsg->cmsg_level == SOL_IPV6 && cmsg->cmsg_type == IPV6_RECVERR)) {
else if ((match_cmsg(cmsg, SOL_IP, IP_RECVERR, 0) ||
match_cmsg(cmsg, SOL_IPV6, IPV6_RECVERR, 0)) &&
cmsg->cmsg_len >= CMSG_LEN(sizeof (struct sock_extended_err))) {
struct sock_extended_err err;
memcpy(&err, CMSG_DATA(cmsg), sizeof (err));
@@ -881,8 +891,7 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
}
}
#endif
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
else if (match_cmsg(cmsg, SOL_SOCKET, SCM_RIGHTS, 0)) {
if (!(flags & SCK_FLAG_MSG_DESCRIPTOR) || cmsg->cmsg_len != CMSG_LEN(sizeof (int))) {
int i, fd;
@@ -896,6 +905,10 @@ process_header(struct msghdr *msg, int msg_length, int sock_fd, int flags,
memcpy(&message->descriptor, CMSG_DATA(cmsg), sizeof (message->descriptor));
}
}
else {
DEBUG_LOG("Unexpected control message level=%d type=%d len=%d",
cmsg->cmsg_level, cmsg->cmsg_type, (int)cmsg->cmsg_len);
}
}
if (!r && message->descriptor != INVALID_SOCK_FD)

174
sources.c
View File

@@ -54,7 +54,6 @@ static int initialised = 0;
/* ================================================== */
/* Structure used to hold info for selecting between sources */
struct SelectInfo {
int stratum;
int select_ok;
double std_dev;
double root_distance;
@@ -132,7 +131,10 @@ struct SRC_Instance_Record {
struct SelectInfo sel_info;
/* Latest leap status */
/* Current stratum */
int stratum;
/* Current leap status */
NTP_Leap leap;
/* Flag indicating the source has a leap second vote */
@@ -175,6 +177,9 @@ static double reselect_distance;
static double stratum_weight;
static double combine_limit;
/* Identifier of the dump file */
#define DUMP_IDENTIFIER "SRC0\n"
/* ================================================== */
/* Forward prototype */
@@ -313,6 +318,7 @@ SRC_ResetInstance(SRC_Instance instance)
instance->distant = 0;
instance->status = SRC_BAD_STATS;
instance->sel_score = 1.0;
instance->stratum = 0;
instance->leap = LEAP_Unsynchronised;
instance->leap_vote = 0;
@@ -371,8 +377,10 @@ get_leap_status(void)
/* ================================================== */
void
SRC_SetLeapStatus(SRC_Instance inst, NTP_Leap leap)
SRC_UpdateStatus(SRC_Instance inst, int stratum, NTP_Leap leap)
{
inst->stratum = stratum;
if (REF_IsLeapSecondClose(NULL, 0.0))
return;
@@ -398,9 +406,9 @@ SRC_AccumulateSample(SRC_Instance inst, NTP_Sample *sample)
assert(initialised);
DEBUG_LOG("src=%s ts=%s offset=%e delay=%e disp=%e stratum=%d",
DEBUG_LOG("src=%s ts=%s offset=%e delay=%e disp=%e",
source_to_string(inst), UTI_TimespecToString(&sample->time), -sample->offset,
sample->root_delay, sample->root_dispersion, sample->stratum);
sample->root_delay, sample->root_dispersion);
if (REF_IsLeapSecondClose(&sample->time, sample->offset)) {
LOG(LOGS_INFO, "Dropping sample around leap second");
@@ -581,7 +589,7 @@ log_selection_source(const char *format, SRC_Instance inst)
name = source_to_string(inst);
ntp_name = inst->type == SRC_NTP ? NSR_GetName(inst->ip_addr) : NULL;
if (ntp_name && strcmp(name, ntp_name) != 0)
if (ntp_name)
snprintf(buf, sizeof (buf), "%s (%s)", name, ntp_name);
else
snprintf(buf, sizeof (buf), "%s", name);
@@ -808,7 +816,7 @@ SRC_SelectSource(SRC_Instance updated_inst)
}
si = &sources[i]->sel_info;
SST_GetSelectionData(sources[i]->stats, &now, &si->stratum,
SST_GetSelectionData(sources[i]->stats, &now,
&si->lo_limit, &si->hi_limit, &si->root_distance,
&si->std_dev, &first_sample_ago,
&si->last_sample_ago, &si->select_ok);
@@ -890,10 +898,10 @@ SRC_SelectSource(SRC_Instance updated_inst)
source can settle down to a state where only one server is serving its
local unsychronised time and others are synchronised to it. */
if (si->stratum >= orphan_stratum && sources[i]->type == SRC_NTP) {
if (sources[i]->stratum >= orphan_stratum && sources[i]->type == SRC_NTP) {
mark_source(sources[i], SRC_ORPHAN);
if (si->stratum == orphan_stratum && sources[i]->reachability &&
if (sources[i]->stratum == orphan_stratum && sources[i]->reachability &&
(orphan_source == INVALID_SOURCE ||
sources[i]->ref_id < sources[orphan_source]->ref_id))
orphan_source = i;
@@ -1131,10 +1139,10 @@ SRC_SelectSource(SRC_Instance updated_inst)
/* Find minimum stratum */
index = sel_sources[0];
min_stratum = sources[index]->sel_info.stratum;
min_stratum = sources[index]->stratum;
for (i = 1; i < n_sel_sources; i++) {
index = sel_sources[i];
stratum = sources[index]->sel_info.stratum;
stratum = sources[index]->stratum;
if (stratum < min_stratum)
min_stratum = stratum;
}
@@ -1147,7 +1155,7 @@ SRC_SelectSource(SRC_Instance updated_inst)
if (selected_source_index != INVALID_SOURCE)
sel_src_distance = sources[selected_source_index]->sel_info.root_distance +
(sources[selected_source_index]->sel_info.stratum - min_stratum) * stratum_weight;
(sources[selected_source_index]->stratum - min_stratum) * stratum_weight;
for (i = 0; i < n_sources; i++) {
/* Reset score for non-selectable sources */
@@ -1159,7 +1167,7 @@ SRC_SelectSource(SRC_Instance updated_inst)
}
distance = sources[i]->sel_info.root_distance +
(sources[i]->sel_info.stratum - min_stratum) * stratum_weight;
(sources[i]->stratum - min_stratum) * stratum_weight;
if (sources[i]->type == SRC_NTP)
distance += reselect_distance;
@@ -1247,7 +1255,7 @@ SRC_SelectSource(SRC_Instance updated_inst)
combined = combine_sources(n_sel_sources, &ref_time, &src_offset, &src_offset_sd,
&src_frequency, &src_frequency_sd, &src_skew);
REF_SetReference(sources[selected_source_index]->sel_info.stratum,
REF_SetReference(sources[selected_source_index]->stratum,
leap_status, combined,
sources[selected_source_index]->ref_id,
sources[selected_source_index]->ip_addr,
@@ -1320,24 +1328,60 @@ add_dispersion(double dispersion, void *anything)
/* ================================================== */
static
FILE *open_dumpfile(SRC_Instance inst, char mode)
static int
get_dumpfile(SRC_Instance inst, char *filename, size_t len)
{
char filename[64], *dumpdir;
/* Use the IP address, or reference ID with reference clocks */
switch (inst->type) {
case SRC_NTP:
if (!UTI_IsIPReal(inst->ip_addr) ||
snprintf(filename, len, "%s", source_to_string(inst)) >= len)
return 0;
break;
case SRC_REFCLOCK:
if (snprintf(filename, len, "refid:%08"PRIx32, inst->ref_id) >= len)
return 0;
break;
default:
assert(0);
}
return 1;
}
/* ================================================== */
static void
save_source(SRC_Instance inst)
{
char filename[64], *dumpdir, *ntp_name;
FILE *f;
dumpdir = CNF_GetDumpDir();
if (!dumpdir)
return NULL;
return;
/* Include IP address in the name for NTP sources, or reference ID in hex */
if (inst->type == SRC_NTP && UTI_IsIPReal(inst->ip_addr))
snprintf(filename, sizeof (filename), "%s", source_to_string(inst));
else if (inst->type == SRC_REFCLOCK)
snprintf(filename, sizeof (filename), "refid:%08"PRIx32, inst->ref_id);
else
return NULL;
if (!get_dumpfile(inst, filename, sizeof (filename)))
return;
return UTI_OpenFile(dumpdir, filename, ".dat", mode, 0644);
f = UTI_OpenFile(dumpdir, filename, ".dat", 'w', 0644);
if (!f)
return;
ntp_name = inst->type == SRC_NTP ? NSR_GetName(inst->ip_addr) : ".";
if (fprintf(f, "%s%s\n%d %o %d %d %d\n",
DUMP_IDENTIFIER, ntp_name, inst->authenticated,
(unsigned int)inst->reachability, inst->reachability_size,
inst->stratum, (int)inst->leap) < 0 ||
!SST_SaveToFile(inst->stats, f)) {
fclose(f);
if (!UTI_RemoveFile(dumpdir, filename, ".dat"))
;
return;
}
fclose(f);
}
/* ================================================== */
@@ -1346,16 +1390,60 @@ FILE *open_dumpfile(SRC_Instance inst, char mode)
void
SRC_DumpSources(void)
{
FILE *out;
int i;
for (i = 0; i < n_sources; i++) {
out = open_dumpfile(sources[i], 'w');
if (!out)
continue;
SST_SaveToFile(sources[i]->stats, out);
fclose(out);
for (i = 0; i < n_sources; i++)
save_source(sources[i]);
}
/* ================================================== */
#define MAX_WORDS 1
static void
load_source(SRC_Instance inst)
{
char filename[64], line[256], *dumpdir, *ntp_name, *words[MAX_WORDS];
int auth, leap, reach_size, stratum;
unsigned int reach;
FILE *f;
dumpdir = CNF_GetDumpDir();
if (!dumpdir)
return;
if (!get_dumpfile(inst, filename, sizeof (filename)))
return;
f = UTI_OpenFile(dumpdir, filename, ".dat", 'r', 0);
if (!f)
return;
ntp_name = inst->type == SRC_NTP ? NSR_GetName(inst->ip_addr) : NULL;
if (!fgets(line, sizeof (line), f) || strcmp(line, DUMP_IDENTIFIER) != 0 ||
!fgets(line, sizeof (line), f) || UTI_SplitString(line, words, MAX_WORDS) != 1 ||
(inst->type == SRC_NTP && (!ntp_name || strcmp(words[0], ntp_name) != 0)) ||
!fgets(line, sizeof (line), f) ||
sscanf(words[0], "%d %o %d %d %d",
&auth, &reach, &reach_size, &stratum, &leap) != 5 ||
(!auth && inst->authenticated) ||
stratum < 0 || stratum >= NTP_MAX_STRATUM ||
leap < LEAP_Normal || leap >= LEAP_Unsynchronised ||
!SST_LoadFromFile(inst->stats, f)) {
LOG(LOGS_WARN, "Could not load dump file for %s", source_to_string(inst));
fclose(f);
return;
}
inst->reachability = reach & ((1U << SOURCE_REACH_BITS) - 1);
inst->reachability_size = CLAMP(0, reach_size, SOURCE_REACH_BITS);
inst->stratum = stratum;
inst->leap = leap;
LOG(LOGS_INFO, "Loaded dump file for %s", source_to_string(inst));
fclose(f);
}
/* ================================================== */
@@ -1363,21 +1451,17 @@ SRC_DumpSources(void)
void
SRC_ReloadSources(void)
{
FILE *in;
int i;
for (i = 0; i < n_sources; i++) {
in = open_dumpfile(sources[i], 'r');
if (!in)
continue;
if (!SST_LoadFromFile(sources[i]->stats, in))
LOG(LOGS_WARN, "Could not load dump file for %s",
source_to_string(sources[i]));
else
LOG(LOGS_INFO, "Loaded dump file for %s",
source_to_string(sources[i]));
fclose(in);
load_source(sources[i]);
/* Allow an immediate update of the reference */
sources[i]->updates++;
}
/* Select sources and set the reference */
SRC_SelectSource(NULL);
}
/* ================================================== */
@@ -1492,6 +1576,8 @@ SRC_ReportSource(int index, RPT_SourceReport *report, struct timespec *now)
report->ip_addr.family = IPADDR_INET4;
}
report->stratum = src->stratum;
switch (src->status) {
case SRC_FALSETICKER:
report->state = RPT_FALSETICKER;

4
sources.h
View File

@@ -87,8 +87,8 @@ extern void SRC_SetRefid(SRC_Instance instance, uint32_t ref_id, IPAddr *addr);
/* Function to get access to the sourcestats instance */
extern SST_Stats SRC_GetSourcestats(SRC_Instance instance);
/* Function to set the current leap status according to the source */
extern void SRC_SetLeapStatus(SRC_Instance instance, NTP_Leap leap);
/* Function to update the stratum and leap status of the source */
extern void SRC_UpdateStatus(SRC_Instance instance, int stratum, NTP_Leap leap);
/* Function to accumulate a new sample from the source */
extern void SRC_AccumulateSample(SRC_Instance instance, NTP_Sample *sample);

112
sourcestats.c
View File

@@ -177,9 +177,6 @@ struct SST_Stats_Record {
/* This array contains the root dispersions of each sample at the
time of the measurements */
double root_dispersions[MAX_SAMPLES];
/* The stratum from the last accumulated sample */
int stratum;
};
/* ================================================== */
@@ -321,7 +318,6 @@ SST_AccumulateSample(SST_Stats inst, NTP_Sample *sample)
inst->peer_dispersions[m] = sample->peer_dispersion;
inst->root_delays[m] = sample->root_delay;
inst->root_dispersions[m] = sample->root_dispersion;
inst->stratum = sample->stratum;
if (inst->peer_delays[n] < inst->fixed_min_delay)
inst->peer_delays[n] = 2.0 * inst->fixed_min_delay - inst->peer_delays[n];
@@ -650,7 +646,6 @@ SST_GetFrequencyRange(SST_Stats inst,
void
SST_GetSelectionData(SST_Stats inst, struct timespec *now,
int *stratum,
double *offset_lo_limit,
double *offset_hi_limit,
double *root_distance,
@@ -670,7 +665,6 @@ SST_GetSelectionData(SST_Stats inst, struct timespec *now,
i = get_runsbuf_index(inst, inst->best_single_sample);
j = get_buf_index(inst, inst->best_single_sample);
*stratum = inst->stratum;
*std_dev = inst->std_dev;
sample_elapsed = fabs(UTI_DiffTimespecsToDouble(now, &inst->sample_times[i]));
@@ -858,38 +852,30 @@ SST_GetDelayTestData(SST_Stats inst, struct timespec *sample_time,
/* This is used to save the register to a file, so that we can reload
it after restarting the daemon */
void
int
SST_SaveToFile(SST_Stats inst, FILE *out)
{
int m, i, j;
fprintf(out, "%d\n", inst->n_samples);
if (inst->n_samples < 1)
return 0;
if (fprintf(out, "%d %d\n", inst->n_samples, inst->asymmetry_run) < 0)
return 0;
for(m = 0; m < inst->n_samples; m++) {
i = get_runsbuf_index(inst, m);
j = get_buf_index(inst, m);
fprintf(out,
#ifdef HAVE_LONG_TIME_T
"%08"PRIx64" %08lx %.6e %.6e %.6e %.6e %.6e %.6e %.6e %d\n",
(uint64_t)inst->sample_times[i].tv_sec,
#else
"%08lx %08lx %.6e %.6e %.6e %.6e %.6e %.6e %.6e %d\n",
(unsigned long)inst->sample_times[i].tv_sec,
#endif
(unsigned long)inst->sample_times[i].tv_nsec / 1000,
inst->offsets[i],
inst->orig_offsets[j],
inst->peer_delays[i],
inst->peer_dispersions[j],
inst->root_delays[j],
inst->root_dispersions[j],
1.0, /* used to be inst->weights[i] */
inst->stratum /* used to be an array */);
if (fprintf(out, "%s %.6e %.6e %.6e %.6e %.6e %.6e\n",
UTI_TimespecToString(&inst->sample_times[i]),
inst->offsets[i], inst->orig_offsets[j],
inst->peer_delays[i], inst->peer_dispersions[j],
inst->root_delays[j], inst->root_dispersions[j]) < 0)
return 0;
}
fprintf(out, "%d\n", inst->asymmetry_run);
return 1;
}
/* ================================================== */
@@ -898,65 +884,32 @@ SST_SaveToFile(SST_Stats inst, FILE *out)
int
SST_LoadFromFile(SST_Stats inst, FILE *in)
{
#ifdef HAVE_LONG_TIME_T
uint64_t sec;
#else
unsigned long sec;
#endif
unsigned long usec;
int i;
char line[1024];
double weight;
int i, n_samples, arun;
double sample_time;
char line[256];
if (!fgets(line, sizeof (line), in) ||
sscanf(line, "%d %d", &n_samples, &arun) != 2 ||
n_samples < 1 || n_samples > MAX_SAMPLES)
return 0;
SST_ResetInstance(inst);
if (fgets(line, sizeof(line), in) &&
sscanf(line, "%d", &inst->n_samples) == 1 &&
inst->n_samples >= 0 && inst->n_samples <= MAX_SAMPLES) {
for (i = 0; i < n_samples; i++) {
if (!fgets(line, sizeof (line), in) ||
sscanf(line, "%lf %lf %lf %lf %lf %lf %lf",
&sample_time, &inst->offsets[i], &inst->orig_offsets[i],
&inst->peer_delays[i], &inst->peer_dispersions[i],
&inst->root_delays[i], &inst->root_dispersions[i]) != 7)
return 0;
for (i=0; i<inst->n_samples; i++) {
if (!fgets(line, sizeof(line), in) ||
(sscanf(line,
#ifdef HAVE_LONG_TIME_T
"%"SCNx64"%lx%lf%lf%lf%lf%lf%lf%lf%d\n",
#else
"%lx%lx%lf%lf%lf%lf%lf%lf%lf%d\n",
#endif
&(sec), &(usec),
&(inst->offsets[i]),
&(inst->orig_offsets[i]),
&(inst->peer_delays[i]),
&(inst->peer_dispersions[i]),
&(inst->root_delays[i]),
&(inst->root_dispersions[i]),
&weight, /* not used anymore */
&inst->stratum) != 10)) {
/* This is the branch taken if the read FAILED */
inst->n_samples = 0; /* Load abandoned if any sign of corruption */
return 0;
} else {
/* This is the branch taken if the read is SUCCESSFUL */
inst->sample_times[i].tv_sec = sec;
inst->sample_times[i].tv_nsec = 1000 * usec;
UTI_NormaliseTimespec(&inst->sample_times[i]);
}
}
/* This field was not saved in older versions */
if (!fgets(line, sizeof(line), in) || sscanf(line, "%d\n", &inst->asymmetry_run) != 1)
inst->asymmetry_run = 0;
} else {
inst->n_samples = 0; /* Load abandoned if any sign of corruption */
return 0;
/* Some resolution is lost in the double format, but that's ok */
UTI_DoubleToTimespec(sample_time, &inst->sample_times[i]);
}
if (!inst->n_samples)
return 1;
inst->n_samples = n_samples;
inst->last_sample = inst->n_samples - 1;
inst->asymmetry_run = CLAMP(-MAX_ASYMMETRY_RUN, arun, MAX_ASYMMETRY_RUN);
find_min_delay_sample(inst);
SST_DoNewRegression(inst);
@@ -978,7 +931,6 @@ SST_DoSourceReport(SST_Stats inst, RPT_SourceReport *report, struct timespec *no
report->orig_latest_meas = inst->orig_offsets[j];
report->latest_meas = inst->offsets[i];
report->latest_meas_err = 0.5*inst->root_delays[j] + inst->root_dispersions[j];
report->stratum = inst->stratum;
/* Align the sample time to reduce the leak of the receive timestamp */
last_sample_time = inst->sample_times[i];

3
sourcestats.h
View File

@@ -69,7 +69,6 @@ extern void SST_GetFrequencyRange(SST_Stats inst, double *lo, double *hi);
/* Get data needed for selection */
extern void
SST_GetSelectionData(SST_Stats inst, struct timespec *now,
int *stratum,
double *offset_lo_limit,
double *offset_hi_limit,
double *root_distance,
@@ -120,7 +119,7 @@ extern int SST_GetDelayTestData(SST_Stats inst, struct timespec *sample_time,
double *last_sample_ago, double *predicted_offset,
double *min_delay, double *skew, double *std_dev);
extern void SST_SaveToFile(SST_Stats inst, FILE *out);
extern int SST_SaveToFile(SST_Stats inst, FILE *out);
extern int SST_LoadFromFile(SST_Stats inst, FILE *in);

3
srcparams.h
View File

@@ -54,7 +54,9 @@ typedef struct {
int sel_options;
int nts;
int nts_port;
int copy;
uint32_t authkey;
uint32_t cert_set;
double max_delay;
double max_delay_ratio;
double max_delay_dev_ratio;
@@ -77,6 +79,7 @@ typedef struct {
#define SRC_DEFAULT_MAXSAMPLES (-1)
#define SRC_DEFAULT_ASYMMETRY 1.0
#define SRC_DEFAULT_NTSPORT 4460
#define SRC_DEFAULT_CERTSET 0
#define INACTIVE_AUTHKEY 0
/* Flags for source selection */

3
stubs.c
View File

@@ -491,7 +491,8 @@ NNS_GenerateResponseAuth(NTP_Packet *request, NTP_PacketInfo *req_info,
}
NNC_Instance
NNC_CreateInstance(IPSockAddr *nts_address, const char *name, const IPSockAddr *ntp_address)
NNC_CreateInstance(IPSockAddr *nts_address, const char *name, uint32_t cert_set,
uint16_t ntp_port)
{
return NULL;
}

8
sys_linux.c
View File

@@ -537,6 +537,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
SCMP_SYS(fchownat),
SCMP_SYS(fstat),
SCMP_SYS(fstat64),
SCMP_SYS(fstatat64),
SCMP_SYS(getdents),
SCMP_SYS(getdents64),
SCMP_SYS(lseek),
@@ -547,11 +548,16 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
SCMP_SYS(readlinkat),
SCMP_SYS(rename),
SCMP_SYS(renameat),
#ifdef __NR_renameat2
SCMP_SYS(renameat2),
#endif
SCMP_SYS(stat),
SCMP_SYS(stat64),
SCMP_SYS(statfs),
SCMP_SYS(statfs64),
#ifdef __NR_statx
SCMP_SYS(statx),
#endif
SCMP_SYS(unlink),
SCMP_SYS(unlinkat),
@@ -615,7 +621,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
};
const static int socket_options[][2] = {
{ SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND },
{ SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS },
#ifdef FEAT_IPV6
{ SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO },
#endif

7
sys_timex.c
View File

@@ -75,13 +75,6 @@ convert_timex_frequency(const struct timex *txc)
freq_ppm = txc->freq / FREQ_SCALE;
#ifdef MACOSX
/* Temporary workaround for Apple bug treating freq as unsigned number */
if (freq_ppm > 32767) {
freq_ppm -= 65536;
}
#endif
return -freq_ppm;
}

6
sysincl.h
View File

@@ -28,6 +28,7 @@
#ifndef GOT_SYSINCL_H
#define GOT_SYSINCL_H
#include <arpa/inet.h>
#include <assert.h>
#include <ctype.h>
#include <errno.h>
@@ -61,11 +62,6 @@
#include <sys/timex.h>
#endif
#ifdef FEAT_IPV6
/* For inet_ntop() */
#include <arpa/inet.h>
#endif
#ifdef HAVE_GETRANDOM
#include <sys/random.h>
#endif

9
test/compilation/003-sanitizers
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
# Run the unit and simulation tests with different compiler sanitizers
# and under valgrind
@@ -80,7 +80,12 @@ for CC in gcc clang; do
echo
pushd test/simulation || exit 1
CLKNETSIM_RANDOM_SEED=101 ./run -i 1 || exit 1
export CLKNETSIM_RANDOM_SEED=101
if [ "$arch_opts" = "" -a "$san_options" = "" ]; then
CLKNETSIM_CLIENT_WRAPPER=valgrind ./run -i 1 || exit 1
else
./run -i 1 || exit 1
fi
popd
done
done

2
test/simulation/001-defaults
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/002-largenetwork
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/003-largefreqoffset
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/004-largetimeoffset
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/005-externalstep
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/006-largejitter
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/007-largewander
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/008-ntpera
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "NTP eras"

2
test/simulation/009-sourceselection
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/010-multrecv
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/011-asymjitter
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/012-daemonts
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/013-nameserv
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/101-poll
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "minpoll/maxpoll options"

2
test/simulation/102-iburst
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "iburst option"

33
test/simulation/103-initstepslew
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "initstepslew directive"
@@ -9,6 +9,7 @@ time_rms_limit=1e-3
limit=100
client_conf="initstepslew 5 192.168.123.1"
client_server_conf="#"
min_sync_time=6
max_sync_time=35
@@ -18,6 +19,7 @@ for time_offset in -2.0 -0.2 0.2 2.0; do
check_chronyd_exit || test_fail
check_packet_interval || test_fail
check_sync || test_fail
check_log_messages "00:00:0.Z System's initial.*slew" 1 1 || test_fail
done
min_sync_time=5
@@ -27,6 +29,35 @@ for time_offset in -1e8 -1e2 1e2 1e8; do
run_test || test_fail
check_packet_interval || test_fail
check_sync || test_fail
check_log_messages "System's initial.*step" 1 1 || test_fail
done
time_offset=3
limit=500
servers=2
falsetickers=1
client_conf="initstepslew 5 192.168.123.1 192.168.123.2"
client_server_conf="server 192.168.123.2"
min_sync_time=360
max_sync_time=450
run_test || test_fail
check_chronyd_exit || test_fail
check_packet_interval || test_fail
check_sync || test_fail
check_log_messages "00:03:2.Z No suitable source for initstepslew" 1 1 || test_fail
client_conf="initstepslew 5 192.168.123.1 192.168.123.2"
min_sync_time=1
max_sync_time=500
server_conf="deny all"
run_test || test_fail
check_chronyd_exit || test_fail
check_packet_interval || test_fail
check_sync && test_fail
check_log_messages "00:00:1.Z No suitable source for initstepslew" 1 1 || test_fail
test_pass

2
test/simulation/104-driftfile
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "driftfile directive"

2
test/simulation/105-ntpauth
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

79
test/simulation/106-refclock
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "SHM refclock"
@@ -16,7 +16,9 @@ chronyc_start=70
chronyc_conf="tracking"
for refclock in "SHM 0" "PHC /dev/ptp0"; do
client_conf="refclock $refclock stratum 3 delay 1e-3 refid GPS"
client_conf="refclock $refclock stratum 3 delay 1e-3 refid GPS
logdir tmp
log refclocks"
run_test || test_fail
check_chronyd_exit || test_fail
@@ -29,6 +31,79 @@ Root delay : 0.001000000 seconds
.*
Update interval : 16\.. seconds
.*$" || test_fail
check_file_messages "20.* GPS.*[0-9] N " 997 1001 refclocks.log || test_fail
check_file_messages "20.* GPS.*- N " 61 63 refclocks.log || test_fail
rm -f tmp/refclocks.log
done
if check_config_h 'FEAT_PPS 1'; then
refclock_offset=0.35
refclock_jitter=0.05
client_conf="
refclock SHM 0 refid NMEA noselect
refclock PPS /dev/pps0 lock NMEA
logdir tmp
log refclocks"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_chronyc_output "^Reference ID.*50505331 \(PPS1\)
Stratum.*: 1
.*
Root delay : 0\.000000001 seconds
.*$" || test_fail
check_file_messages "20.* PPS1.*[0-9] N " 620 740 refclocks.log || test_fail
check_file_messages "20.* PPS1.*- N " 60 63 refclocks.log || test_fail
rm -f tmp/refclocks.log
client_conf="
refclock SHM 0 noselect
refclock PPS /dev/pps0
local
logdir tmp
log refclocks"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_chronyc_output "^Reference ID.*50505331 \(PPS1\)
Stratum.*: 10
.*
Root delay : 0\.000000001 seconds
.*$" || test_fail
check_file_messages "20.* PPS1.*[0-9] N " 997 1001 refclocks.log || test_fail
check_file_messages "20.* PPS1.*- N " 60 63 refclocks.log || test_fail
rm -f tmp/refclocks.log
min_sync_time=100
max_sync_time=220
chronyc_start=220
client_conf="
refclock SHM 0 refid NMEA offset 0.35 delay 0.1
refclock PPS /dev/pps0
logdir tmp
log refclocks"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_chronyc_output "^Reference ID.*50505331 \(PPS1\)
Stratum.*: 1
.*
Root delay : 0\.000000001 seconds
.*$" || test_fail
check_file_messages "20.* PPS1.*[0-9] N " 800 940 refclocks.log || test_fail
check_file_messages "20.* PPS1.*- N " 50 63 refclocks.log || test_fail
rm -f tmp/refclocks.log
fi
test_pass

2
test/simulation/107-allowdeny
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/108-peer
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/109-makestep
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "makestep directive"

23
test/simulation/110-chronyc
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
@@ -101,7 +101,7 @@ limit=1
for chronyc_conf in \
"accheck 1.2.3.4" \
"add peer 10.0.0.0 minpoll 2 maxpoll 6" \
"add server 10.0.0.0 minpoll 6 maxpoll 10 iburst burst key 1 maxdelay 1e-3 maxdelayratio 10.0 maxdelaydevratio 10.0 mindelay 1e-4 asymmetry 0.5 offset 1e-5 minsamples 6 maxsamples 6 filter 3 offline auto_offline prefer noselect trust require xleave polltarget 20 port 123 presend 7 minstratum 3 version 4" \
"add server 10.0.0.0 minpoll 6 maxpoll 10 iburst burst key 1 certset 2 maxdelay 1e-3 maxdelayratio 10.0 maxdelaydevratio 10.0 mindelay 1e-4 asymmetry 0.5 offset 1e-5 minsamples 6 maxsamples 6 filter 3 offline auto_offline prefer noselect trust require xleave polltarget 20 port 123 presend 7 minstratum 3 version 4 nts ntsport 4460 copy" \
"add server node1.net1.clk" \
"allow 1.2.3.4" \
"allow 1.2" \
@@ -223,4 +223,23 @@ keygen 7 AES256"
7 AES256 HEX:................................................................\$" || test_fail
fi
# Pass every fourth request
base_delay=$(cat <<-EOF | tr -d '\n'
(+ 1e-4
(* -1
(equal 0.1 from 2)
(equal 0.1 (min (% (sum 1) 4) 1) 1)))
EOF
)
limit=15
chronyc_conf="sources"
run_test || test_fail
check_chronyc_output "^506 Cannot talk to daemon$" || test_fail
chronyc_conf="retries 3
sources"
run_test || test_fail
check_chronyc_output "^MS.*0ns$" || test_fail
test_pass

2
test/simulation/111-knownclient
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/112-port
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/113-leapsecond
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/114-presend
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "presend option"

2
test/simulation/115-cmdmontime
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/116-minsources
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/117-fallbackdrift
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "fallback drift"

2
test/simulation/118-maxdelay
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "maxdelay options"

2
test/simulation/119-smoothtime
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

7
test/simulation/120-selectoptions
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
@@ -16,7 +16,6 @@ server 192.168.123.3 trust"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_packet_interval || test_fail
check_sync || test_fail
client_server_conf="
@@ -27,7 +26,6 @@ server 192.168.123.3 prefer"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_packet_interval || test_fail
# This check is expected to fail
check_sync && test_fail
@@ -36,10 +34,9 @@ base_delay=1.1
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_packet_interval || test_fail
check_sync || test_fail
base_delay=$default_base_delay
base_delay=1e-3
falsetickers=1
client_server_conf="

2
test/simulation/121-orphan
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/122-xleave
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "interleaved mode"

2
test/simulation/123-mindelay
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/124-tai
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/125-packetloss
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/126-burst
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/127-filter
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/128-nocontrol
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

85
test/simulation/129-reload
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
@@ -13,6 +13,10 @@ client_conf="dumpdir tmp
maxupdateskew 10000"
run_test || test_fail
check_chronyd_exit || test_fail
check_log_messages "Loaded dump file" 0 0 || test_fail
check_file_messages "." 6 6 192.168.123.1.dat || test_fail
client_start=$limit
limit=1000
@@ -23,4 +27,83 @@ check_source_selection || test_fail
check_packet_interval || test_fail
check_sync || test_fail
check_log_messages "Loaded dump file" 1 1 || test_fail
check_file_messages "." 10 30 192.168.123.1.dat || test_fail
rm -f tmp/*.dat
client_start=0
limit=200
jitter=1e-6
client_conf="dumpdir tmp
maxupdateskew 1e-6
maxslewrate 1e-6"
run_test || test_fail
check_chronyd_exit || test_fail
check_log_messages "Loaded dump file" 0 0 || test_fail
check_file_messages "." 8 8 192.168.123.1.dat || test_fail
cp tmp/192.168.123.1.dat tmp/backup.dat
client_start=$limit
limit=1000
min_sync_time=201
max_sync_time=203
client_server_options="offline"
client_conf="dumpdir tmp"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_packet_interval || test_fail
check_sync || test_fail
check_log_messages "Loaded dump file" 1 1 || test_fail
check_file_messages "." 8 8 192.168.123.1.dat || test_fail
cp -f tmp/backup.dat tmp/192.168.123.1.dat
client_server_options="key 1"
run_test || test_fail
check_chronyd_exit || test_fail
check_sync && test_fail
check_log_messages "Could not load dump file" 1 1 || test_fail
check_log_messages "Loaded dump file" 0 0 || test_fail
client_server_options=""
if check_config_h 'FEAT_REFCLOCK 1'; then
refclock_jitter=1e-6
servers=0
client_start=0
limit=40
min_sync_time=56
max_sync_time=58
client_chronyd_options="-r"
client_conf="dumpdir tmp
refclock SHM 0"
run_test || test_fail
check_chronyd_exit || test_fail
check_log_messages "Loaded dump file" 0 0 || test_fail
check_file_messages "." 6 6 refid:53484d30.dat || test_fail
client_start=$limit
limit=300
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Loaded dump file" 1 1 || test_fail
check_file_messages "." 6 23 refid:53484d30.dat || test_fail
rm -f tmp/*.dat
fi
test_pass

2
test/simulation/130-quit
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/131-maxchange
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/132-logchange
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/133-hwtimestamp
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/134-log
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/135-ratelimit
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
test_start "ratelimit directive"

2
test/simulation/136-broadcast
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/137-pool
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

2
test/simulation/138-syncloop
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common

227
test/simulation/139-nts
View File

@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash
. ./test.common
@@ -9,25 +9,29 @@ certtool --help &> /dev/null || test_skip
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s')
cat > tmp/cert.cfg <<EOF
cn = "node1.net1.clk"
serial = 001
activation_date = "2010-01-01 00:00:00 UTC"
expiration_date = "2010-01-02 00:00:00 UTC"
#dns_name = "node1.net1.clk"
signing_key
encryption_key
EOF
for i in 1 2; do
cat > tmp/cert$i.cfg <<-EOF
cn = "node$i.net1.clk"
dns_name = "node$i.net1.clk"
ip_address = "192.168.123.$i"
serial = 001
activation_date = "2010-01-01 00:00:00 UTC"
expiration_date = "2010-01-02 00:00:00 UTC"
signing_key
encryption_key
EOF
certtool --generate-privkey --key-type=ed25519 --outfile tmp/server.key &> tmp/log.certtool
certtool --generate-self-signed --load-privkey tmp/server.key \
--template tmp/cert.cfg --outfile tmp/server.crt &>> tmp/log.certtool
certtool --generate-privkey --key-type=ed25519 --outfile tmp/server$i.key &> \
tmp/log.certtool$i
certtool --generate-self-signed --load-privkey tmp/server$i.key \
--template tmp/cert$i.cfg --outfile tmp/server$i.crt &>> tmp/log.certtool$i
done
max_sync_time=400
dns=1
server_conf="
ntsserverkey tmp/server.key
ntsservercert tmp/server.crt
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 66
ntsdumpdir tmp
@@ -35,7 +39,9 @@ ntsdumpdir tmp
client_server_options="minpoll 6 maxpoll 6 nts"
client_conf="
nosystemcert
ntstrustedcerts tmp/server.crt
ntstrustedcerts /dev/null
ntstrustedcerts tmp/server1.crt
ntstrustedcerts /dev/null
logdir tmp
log rawmeasurements"
@@ -101,7 +107,7 @@ export CLKNETSIM_START_DATE=$(date -d 'Jan 2 00:00:01 UTC 2010' +'%s')
client_conf="
nosystemcert
ntstrustedcerts tmp/server.crt"
ntstrustedcerts tmp/server1.crt"
run_test || test_fail
check_chronyd_exit || test_fail
@@ -122,52 +128,185 @@ check_sync || test_fail
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s')
server_conf="
ntsserverkey tmp/server.key
ntsservercert tmp/server.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp
ntsntpserver 192.168.123.2"
client_conf="
nosystemcert
ntstrustedcerts tmp/server.crt
ntstrustedcerts tmp/server1.crt
ntsrefresh 500"
client_server_conf="server node1.net1.clk $client_server_options"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
for dns in 1 0; do
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp"
check_file_messages " 2 1 .* 4460 " 50 100 log.packets || test_fail
check_file_messages " 2 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 6 8 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 6 8 || test_fail
if [ $dns != 0 ]; then
server_conf+="
ntsntpserver node2.net1.clk"
client_server_conf="server node1.net1.clk $client_server_options"
else
server_conf+="
ntsntpserver 192.168.123.2"
client_server_conf="server 192.168.123.1 $client_server_options"
fi
servers=1
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 4460 " 50 100 log.packets || test_fail
check_file_messages " 2 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 6 8 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 6 8 || test_fail
servers=2
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 4460 " 100 150 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 1 1 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 0 0 || test_fail
server_conf+="
ntsratelimit interval 12 burst 1 leak 4"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 25 50 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 2 6 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 1 6 || test_fail
done
servers=2
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsntpserver node2.net1.clk
port 11123
ntsdumpdir tmp"
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntsdumpdir tmp"
client_server_conf="server 192.168.123.1 $client_server_options"
rm -f tmp/*.nts
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 4460 " 100 150 log.packets || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 1 1 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 0 0 || test_fail
server_conf+="
ntsratelimit interval 12 burst 1 leak 4"
for dns in 1 0; do
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
done
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp"
head -n 8 tmp/192.168.123.1.nts > tmp/192.168.123.1.nts_
mv tmp/192.168.123.1.nts_ tmp/192.168.123.1.nts
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_file_messages " 3 1 .* 11123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 11123 " 3 3 log.packets || test_fail
dns=1
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsserverkey tmp/server2.key
ntsservercert tmp/server2.crt
ntsprocesses 0"
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntstrustedcerts tmp/server2.crt
minsources 2"
client_server_conf=""
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntstrustedcerts 1 tmp/server1.crt
ntstrustedcerts 2 tmp/server2.crt
ntstrustedcerts 3 tmp/server2.crt"
client_server_conf="
server node1.net1.clk $client_server_options certset 0
server node2.net1.clk $client_server_options certset 2"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 123 " 100 200 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 100 200 log.packets || test_fail
client_server_conf="
server node1.net1.clk $client_server_options certset 2
server node2.net1.clk $client_server_options"
client_chronyd_options="-d -d"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 25 50 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 2 6 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 1 6 || test_fail
check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
client_conf="
nosystemcert
ntstrustedcerts tmp/nosuch.crt
ntstrustedcerts 2 tmp/nosuch.crt"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
test_pass

Some files were not shown because too many files have changed in this diff Show More