Update NEWS

Error messages caused by incoming packets need to be rate limited
to avoid filling up disk space.

NEWS

@@ -1,3 +1,34 @@
+New in version 1.23.1
+=====================
+
+Security fixes
+--------------
+* Don't reply to invalid cmdmon packets (CVE-2010-0292)
+* Limit client log memory size (CVE-2010-0293)
+* Limit rate of syslog messages (CVE-2010-0294)
+
+New in version 1.23
+===================
+
+* Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD
+* Fix serious sign-extension error in handling IP addresses
+* RTC support can be excluded at compile time
+* Make sources gcc-4 compatible
+* Fix various compiler warnings
+* Handle fluctuations in peer distance better.
+* Fixed handling of stratum zero.
+* Fix various problems for 64-bit systems
+* Flush chronyc output streams after each command, to allow it to be driven
+  through pipes
+* Manpage improvements
+
+Version 1.22
+============
+
+This release number was claimed by a release that Mandriva made to patch
+important bugs in 1.21.  The official numbering has jumped to 1.23 as a
+consequence.
+
 New in version 1.21
 ===================
 

chrony.texi

@@ -1177,6 +1177,7 @@ directives can occur in any order in the file.
 * manual directive::            Allow manual entry using chronyc's settime cmd.
 * maxupdateskew directive::     Stop bad estimates upsetting machine clock
 * noclientlog directive::       Prevent chronyd from gathering data about clients
+* clientloglimit directive::    Set client log memory limit
 * peer directive::              Specify an NTP peer
 * pidfile directive::           Specify the file where chronyd's pid is written
 * port directive::              Set port to use for NTP packets
@@ -2066,6 +2067,21 @@ This directive, which takes no arguments, specifies that client accesses
 are not to be logged.  Normally they are logged, allowing statistics to
 be reported using the @code{clients} command in @code{chronyc}.
 @c }}}
+@c {{{ clientloglimit
+@node clientloglimit directive
+@subsection clientloglimit
+This directive specifies the maximum size of the memory allocated to
+log client accesses.  When the limit is reached, only information for
+clients that have already been logged will be updated.  If 0 is
+specified, the memory size will be unlimited.  The default is 524288
+bytes.
+
+An example of the use of this directive is
+
+@example
+clientloglimit 1048576
+@end example
+@c }}}
 @c {{{ peer
 @node peer directive
 @subsection peer

clientlog.c

@@ -40,6 +40,7 @@
 #include "memory.h"
 #include "reports.h"
 #include "util.h"
+#include "logging.h"
 
 /* Number of bits of address per layer of the table.  This value has
    been chosen on the basis that a server will predominantly be serving
@@ -86,6 +87,13 @@ static int max_nodes = 0;
 /* Flag indicating whether facility is turned on or not */
 static int active = 0;
 
+/* Flag indicating whether memory allocation limit has been reached
+   and no new nodes or subnets should be allocated */
+static int alloc_limit_reached;
+
+static unsigned long alloc_limit;
+static unsigned long alloced;
+
 /* ================================================== */
 
 static void
@@ -128,6 +136,9 @@ CLG_Initialise(void)
   max_nodes = 0;
   n_nodes = 0;
 
+  alloced = 0;
+  alloc_limit = CNF_GetClientLogLimit();
+  alloc_limit_reached = 0;
 }
 
 /* ================================================== */
@@ -140,11 +151,25 @@ CLG_Finalise(void)
 
 /* ================================================== */
 
+static void check_alloc_limit() {
+  if (alloc_limit_reached)
+    return;
+
+  if (alloced >= alloc_limit) {
+    LOG(LOGS_WARN, LOGF_ClientLog, "Client log memory limit reached");
+    alloc_limit_reached = 1;
+  }
+}
+
+/* ================================================== */
+
 static void
 create_subnet(Subnet *parent_subnet, int the_entry)
 {
   parent_subnet->entry[the_entry] = (void *) MallocNew(Subnet);
   clear_subnet((Subnet *) parent_subnet->entry[the_entry]);
+  alloced += sizeof (Subnet);
+  check_alloc_limit();
 }
 
 /* ================================================== */
@@ -157,6 +182,8 @@ create_node(Subnet *parent_subnet, int the_entry)
   parent_subnet->entry[the_entry] = (void *) new_node;
   clear_node(new_node);
 
+  alloced += sizeof (Node);
+
   if (n_nodes == max_nodes) {
     if (nodes) {
       max_nodes += NODE_TABLE_INCREMENT;
@@ -168,8 +195,10 @@ create_node(Subnet *parent_subnet, int the_entry)
       max_nodes = NODE_TABLE_INCREMENT;
       nodes = MallocArray(Node *, max_nodes);
     }
+    alloced += sizeof (Node *) * (max_nodes - n_nodes);
   }
   nodes[n_nodes++] = (Node *) new_node;
+  check_alloc_limit();
 }
 
 /* ================================================== */
@@ -195,11 +224,15 @@ find_subnet(Subnet *subnet, CLG_IP_Addr addr, int bits_left)
 
   if (new_bits_left > 0) {
     if (!subnet->entry[this_subnet]) {
+      if (alloc_limit_reached)
+        return NULL;
       create_subnet(subnet, this_subnet);
     }
     return find_subnet((Subnet *) subnet->entry[this_subnet], new_subnet, new_bits_left);
   } else {
     if (!subnet->entry[this_subnet]) {
+      if (alloc_limit_reached)
+        return NULL;
       create_node(subnet, this_subnet);
     }
     return subnet->entry[this_subnet];
@@ -248,6 +281,8 @@ CLG_LogNTPClientAccess (CLG_IP_Addr client, time_t now)
   Node *node;
   if (active) {
     node = (Node *) find_subnet(&top_subnet, client, 32);
+    if (node == NULL)
+      return;
     node->ip_addr = client;
     ++node->client_hits;
     node->last_ntp_hit = now;
@@ -262,6 +297,8 @@ CLG_LogNTPPeerAccess(CLG_IP_Addr client, time_t now)
   Node *node;
   if (active) {
     node = (Node *) find_subnet(&top_subnet, client, 32);
+    if (node == NULL)
+      return;
     node->ip_addr = client;
     ++node->peer_hits;
     node->last_ntp_hit = now;
@@ -276,6 +313,8 @@ CLG_LogCommandAccess(CLG_IP_Addr client, CLG_Command_Type type, time_t now)
   Node *node;
   if (active) {
     node = (Node *) find_subnet(&top_subnet, client, 32);
+    if (node == NULL)
+      return;
     node->ip_addr = client;
     node->last_cmd_hit = now;
     switch (type) {

cmdmon.c

@@ -654,7 +654,7 @@ transmit_reply(CMD_Reply *msg, struct sockaddr_in *where_to)
   status = sendto(sock_fd, (void *) msg, tx_message_length, 0,
                   (struct sockaddr *) where_to, sizeof(struct sockaddr_in));
 
-  if (status < 0) {
+  if (status < 0 && !LOG_RateLimited()) {
     remote_ip = ntohl(where_to->sin_addr.s_addr);
     remote_port = ntohs(where_to->sin_port);
     LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
@@ -1593,6 +1593,7 @@ read_from_cmd_socket(void *anything)
   int valid_ts;
   int authenticated;
   int localhost;
+  int allowed;
   unsigned short rx_command;
   unsigned long rx_message_token;
   unsigned long tx_message_token;
@@ -1642,20 +1643,43 @@ read_from_cmd_socket(void *anything)
 
   localhost = (remote_ip == 0x7f000001UL);
 
-  if ((!ADF_IsAllowed(access_auth_table, remote_ip)) &&
-      (!localhost)) {
+  allowed = ADF_IsAllowed(access_auth_table, remote_ip) || localhost;
+
+  if ((read_length < offsetof(CMD_Request, data)) ||
+      (rx_message.version != PROTO_VERSION_NUMBER) ||
+      (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) ||
+      (rx_message.res1 != 0) ||
+      (rx_message.res2 != 0)) {
+
+    /* We don't know how to process anything like this */
+    if (allowed)
+      CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+    
+    return;
+  }
+
+  if (read_length != expected_length) {
+    if (!LOG_RateLimited()) {
+      LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
+    }
+    if (allowed)
+      CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
+    /* For now, just ignore the packet.  We may want to send a reply
+       back eventually */
+    return;
+  }
+
+  if (!allowed) {
     /* The client is not allowed access, so don't waste any more time
        on him.  Note that localhost is always allowed access
        regardless of the defined access rules - otherwise, we could
        shut ourselves out completely! */
 
-    /* We ought to find another way to log this, there is an attack
-       here against the host because an adversary can just keep
-       hitting us with bad packets until our log file(s) fill up. */
-
-    LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
-        UTI_IPToDottedQuad(remote_ip),
-        remote_port);
+    if (!LOG_RateLimited()) {
+      LOG(LOGS_WARN, LOGF_CmdMon, "Command packet received from unauthorised host %s port %d",
+          UTI_IPToDottedQuad(remote_ip),
+          remote_port);
+    }
 
     tx_message.status = htons(STT_NOHOSTACCESS);
     transmit_reply(&tx_message, &where_from);
@@ -1664,25 +1688,6 @@ read_from_cmd_socket(void *anything)
   }
 
 
-  if (read_length != expected_length) {
-    LOG(LOGS_WARN, LOGF_CmdMon, "Read incorrectly sized packet from %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
-    CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
-    /* For now, just ignore the packet.  We may want to send a reply
-       back eventually */
-    return;
-  }
-
-  if ((rx_message.version != PROTO_VERSION_NUMBER) ||
-      (rx_message.pkt_type != PKT_TYPE_CMD_REQUEST) ||
-      (rx_message.res1 != 0) ||
-      (rx_message.res2 != 0)) {
-
-    /* We don't know how to process anything like this */
-    CLG_LogCommandAccess(remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
-    
-    return;
-  }
-
   rx_command = ntohs(rx_message.command);
 
   /* OK, we have a valid message.  Now dispatch on message type and process it. */
@@ -1759,7 +1764,7 @@ read_from_cmd_socket(void *anything)
       tx_message_length = PKL_ReplyLength(prev_tx_message);
       status = sendto(sock_fd, (void *) prev_tx_message, tx_message_length, 0,
                       (struct sockaddr *) &where_from, sizeof(where_from));
-      if (status < 0) {
+      if (status < 0 && !LOG_RateLimited()) {
         LOG(LOGS_WARN, LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToDottedQuad(remote_ip), remote_port);
       }
       return;
@@ -1809,7 +1814,7 @@ read_from_cmd_socket(void *anything)
     tx_message.status = htons(STT_INVALID);
     tx_message.reply = htons(RPY_NULL);
   } else {
-    int allowed = 0;
+    allowed = 0;
 
     /* Check level of authority required to issue the command */
     switch(permissions[rx_command]) {
@@ -1879,7 +1884,7 @@ read_from_cmd_socket(void *anything)
 
         case REQ_LOGON:
           /* If the log-on fails, record the reason why */
-          if (!issue_token) {
+          if (!issue_token && !LOG_RateLimited()) {
             LOG(LOGS_WARN, LOGF_CmdMon,
                 "Bad command logon from %s port %d (md5_ok=%d valid_ts=%d)\n",
                 UTI_IPToDottedQuad(remote_ip),

conf.c

@@ -83,6 +83,7 @@ static void parse_cmddeny(const char *);
 static void parse_cmdport(const char *);
 static void parse_rtconutc(const char *);
 static void parse_noclientlog(const char *);
+static void parse_clientloglimit(const char *);
 static void parse_logchange(const char *);
 static void parse_mailonchange(const char *);
 static void parse_bindaddress(const char *);
@@ -146,6 +147,9 @@ static double mail_change_threshold = 0.0;
    memory */
 static int no_client_log = 0;
 
+/* Limit memory allocated for the clients log */
+static unsigned long client_log_limit = 524288;
+
 /* IP address (host order) for binding the NTP socket to.  0 means INADDR_ANY
    will be used */
 static unsigned long bind_address = 0UL;
@@ -200,6 +204,7 @@ static const Command commands[] = {
   {"cmdport", 7, parse_cmdport},
   {"rtconutc", 8, parse_rtconutc},
   {"noclientlog", 11, parse_noclientlog},
+  {"clientloglimit", 14, parse_clientloglimit},
   {"logchange", 9, parse_logchange},
   {"mailonchange", 12, parse_mailonchange},
   {"bindaddress", 11, parse_bindaddress},
@@ -634,6 +639,21 @@ parse_noclientlog(const char *line)
 
 /* ================================================== */
 
+static void
+parse_clientloglimit(const char *line)
+{
+  if (sscanf(line, "%lu", &client_log_limit) != 1) {
+    LOG(LOGS_WARN, LOGF_Configure, "Could not read clientlog memory limit at line %d", line_number);
+  }
+
+  if (client_log_limit == 0) {
+    /* unlimited */
+    client_log_limit = (unsigned long)-1;
+  }
+}
+
+/* ================================================== */
+
 static void
 parse_logchange(const char *line)
 {
@@ -1195,6 +1215,14 @@ CNF_GetNoClientLog(void)
 
 /* ================================================== */
 
+unsigned long
+CNF_GetClientLogLimit(void)
+{
+  return client_log_limit;
+}
+
+/* ================================================== */
+
 void
 CNF_GetBindAddress(unsigned long *addr)
 {

conf.h

@@ -59,6 +59,7 @@ extern int CNF_GetRTCOnUTC(void);
 extern void CNF_GetLogChange(int *enabled, double *threshold);
 extern void CNF_GetMailOnChange(int *enabled, double *threshold, char **user);
 extern int CNF_GetNoClientLog(void);
+extern unsigned long CNF_GetClientLogLimit(void);
 extern void CNF_GetBindAddress(unsigned long *addr);
 extern void CNF_GetBindCommandAddress(unsigned long *addr);
 extern char *CNF_GetPidFile(void);

configure

@@ -133,6 +133,7 @@ For better control, use the options below.
   --readline-inc-dir=DIR Specify where readline include directory is
   --readline-lib-dir=DIR Specify where readline lib directory is
   --with-ncurses-library=DIR Specify where ncurses lib directory is
+  --disable-rtc          Don't include RTC even on Linux
 
 Fine tuning of the installation directories:
   --infodir=DIR          info documentation [PREFIX/info]
@@ -172,6 +173,7 @@ SYSDEFS=""
 
 # Support for readline (on by default)
 feat_readline=1
+feat_rtc=1
 readline_lib=""
 readline_inc=""
 ncurses_lib=""
@@ -206,6 +208,9 @@ do
     --mandir=* )
       SETMANDIR=`echo $option | sed -e 's/^.*=//;'`
     ;;
+    --disable-rtc)
+      feat_rtc=0
+    ;;
     --help | -h )
       usage
       exit 0
@@ -238,7 +243,11 @@ case $SYSTEM in
     esac
     ;;
     Linux* )
-        EXTRA_OBJECTS="sys_linux.o wrap_adjtimex.o rtc_linux.o"
+        EXTRA_OBJECTS="sys_linux.o wrap_adjtimex.o"
+        if [ $feat_rtc -eq 1 ] ; then
+            EXTRA_OBJECTS+=" rtc_linux.o"
+            EXTRA_DEFS+=" -DFEAT_RTC=1"
+        fi
         SYSDEFS="-DLINUX"
         echo "Configuring for " $SYSTEM
         if [ "${MACHINE}" = "alpha" ]; then

io_linux.h

@@ -6,7 +6,7 @@
 
 /* Hmm.  These constants vary a bit between systems. */
 /* (__sh__ includes both sh and sh64) */
-#if defined(__i386__) || defined(__sh__)
+#if defined(__i386__) || defined(__sh__) || defined(__arm__)||defined(__x86_64__)
 #define CHRONY_IOC_NRBITS	8
 #define CHRONY_IOC_TYPEBITS	8
 #define CHRONY_IOC_SIZEBITS	14

logging.c

@@ -40,6 +40,8 @@ static int initialised = 0;
 
 static int is_detached = 0;
 
+static time_t last_limited = 0;
+
 #ifdef WINNT
 static FILE *logfile;
 #endif
@@ -214,3 +216,19 @@ LOG_GoDaemon(void)
 }
 
 /* ================================================== */
+
+int
+LOG_RateLimited(void)
+{
+  time_t now;
+
+  now = time(NULL);
+
+  if (last_limited + 10 > now && last_limited <= now)
+    return 1;
+
+  last_limited = now;
+  return 0;
+}
+
+/* ================================================== */

logging.h

@@ -53,6 +53,7 @@ typedef enum {
   LOGF_Local,
   LOGF_Util,
   LOGF_Main,
+  LOGF_ClientLog,
   LOGF_Configure,
   LOGF_CmdMon,
   LOGF_Acquire,
@@ -84,6 +85,9 @@ extern void LOG_Position(const char *filename, int line_number, const char *func
 
 extern void LOG_GoDaemon(void);
 
+/* Return zero once per 10 seconds */
+extern int LOG_RateLimited(void);
+
 /* Line logging macro.  If the compiler is GNU C, we take advantage of
    being able to get the function name also. */
 #if defined(__GNUC__)

make_release

@@ -19,7 +19,7 @@ if (-d "RELEASES/$subdir") {
   system ("rm -rf RELEASES/$subdir");
 }
 
-system ("git-tar-tree $version RELEASES/${subdir} | tar xf -");
+system ("git-archive --format=tar --prefix=RELEASES/${subdir}/ $version | tar xf -");
 die "git-tar-tree failed" if ($? != 0);
 
 chdir "RELEASES";

nameserv.c

@@ -39,7 +39,7 @@ unsigned long
 DNS_Name2IPAddress(const char *name)
 {
   struct hostent *host;
-  char *address0;
+  unsigned char *address0;
   unsigned long result;
 
   host = gethostbyname(name);

ntp_core.c

@@ -196,6 +196,9 @@ struct NCR_Instance_Record {
 /* Maximum allowed stratum */
 #define NTP_MAX_STRATUM 15
 
+/* INVALID or Unkown  stratum from external server  as per the NTP 4 docs */
+#define NTP_INVALID_STRATUM 0
+
 /* ================================================== */
 
 static ADF_AuthTable access_auth_table;
@@ -539,7 +542,13 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
 
   /* Generate transmit packet */
   message.lvm = ((leap << 6) &0xc0) | ((version << 3) & 0x38) | (my_mode & 0x07); 
-  message.stratum = our_stratum;
+  if (our_stratum <= NTP_MAX_STRATUM) {
+    message.stratum = our_stratum;
+  } else {
+    /* (WGU) to handle NTP  "Invalid" stratum as per the NTP V4 documents. */
+    message.stratum = NTP_INVALID_STRATUM;
+  }
+ 
   message.poll = my_poll;
   message.precision = LCL_GetSysPrecisionAsLog();
 
@@ -983,6 +992,12 @@ receive_packet(NTP_Packet *message, struct timeval *now, NCR_Instance inst, int
     test6 = 1; /* Succeeded */
   }
 
+  /* (WGU) Set stratum to greater than any valid if incoming is 0 */
+  /* as per the NPT v4 documentation*/
+  if (message->stratum <= NTP_INVALID_STRATUM) {
+    message->stratum = NTP_MAX_STRATUM + 1;
+  }
+
   /* Test 7 checks that the stratum in the packet is appropriate */
   if ((message->stratum > REF_GetOurStratum()) ||
       (message->stratum > NTP_MAX_STRATUM)) {
@@ -1343,7 +1358,7 @@ process_known
                         &inst->local_ntp_tx,
                         &inst->remote_addr);
 
-      } else {
+      } else if (!LOG_RateLimited()) {
         LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
             UTI_IPToDottedQuad(inst->remote_addr.ip_addr),
             inst->remote_addr.port);
@@ -1511,7 +1526,7 @@ NCR_ProcessNoauthUnknown(NTP_Packet *message, struct timeval *now, NTP_Remote_Ad
                       remote_addr);
       
     }
-  } else {
+  } else if (!LOG_RateLimited()) {
     LOG(LOGS_WARN, LOGF_NtpCore, "NTP packet received from unauthorised host %s port %d",
         UTI_IPToDottedQuad(remote_addr->ip_addr),
         remote_addr->port);

ntp_io.c

@@ -243,8 +243,9 @@ NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
   remote.sin_addr.s_addr = htonl(remote_addr->ip_addr);
 
   if (sendto(sock_fd, (void *) packet, NTP_NORMAL_PACKET_SIZE, 0,
-             (struct sockaddr *) &remote, sizeof(remote)) < 0) {
-    LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to :%s%d : %s",
+             (struct sockaddr *) &remote, sizeof(remote)) < 0 &&
+      !LOG_RateLimited()) {
+    LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
         UTI_IPToDottedQuad(remote_addr->ip_addr), remote_addr->port, strerror(errno));
   }
 
@@ -266,8 +267,9 @@ NIO_SendAuthenticatedPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
   remote.sin_addr.s_addr = htonl(remote_addr->ip_addr);
 
   if (sendto(sock_fd, (void *) packet, sizeof(NTP_Packet), 0,
-             (struct sockaddr *) &remote, sizeof(remote)) < 0) {
-    LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to :%s%d : %s",
+             (struct sockaddr *) &remote, sizeof(remote)) < 0 &&
+      !LOG_RateLimited()) {
+    LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
         UTI_IPToDottedQuad(remote_addr->ip_addr), remote_addr->port, strerror(errno));
   }
 

rtc.c

@@ -33,7 +33,7 @@
 #include "logging.h"
 #include "conf.h"
 
-#if defined LINUX
+#if defined LINUX && defined FEAT_RTC
 #include "rtc_linux.h"
 #endif /* defined LINUX */
 
@@ -53,7 +53,7 @@ static struct {
   void (*cycle_logfile)(void);
 } driver =
 {
-#if defined LINUX
+#if defined LINUX && defined FEAT_RTC
   RTC_Linux_Initialise,
   RTC_Linux_Finalise,
   RTC_Linux_TimePreInit,

rtc_linux.c

@@ -174,7 +174,7 @@ static double file_ref_offset, file_rate_ppm;
 /* ================================================== */
 
 /* Flag to remember whether to assume the RTC is running on UTC */
-static int rtc_on_utc = 0;
+static int rtc_on_utc = 1;
 
 /* ================================================== */
 
@@ -226,15 +226,18 @@ accumulate_sample(time_t rtc, struct timeval *sys)
     discard_samples(NEW_FIRST_WHEN_FULL);
   }
 
-  rtc_sec[n_samples] = rtc;
 
   /* Always use most recent sample as reference */
+  /* use sample only if n_sample is not negative*/
+  if(n_samples >=0)
+  {
   rtc_ref = rtc;
-
+  rtc_sec[n_samples] = rtc;
   rtc_trim[n_samples] = 0.0;
   system_times[n_samples] = *sys;
-  ++n_samples;
   ++n_samples_since_regression;
+  }
+  ++n_samples;
   return;
   
 }
@@ -742,7 +745,11 @@ handle_initial_trim(void)
   run_regression(1, &coefs_valid, &coef_ref_time, &coef_seconds_fast, &coef_gain_rate);
 
   n_samples_since_regression = 0;
-  n_samples = 0;
+
+  /* Set sample number to -1 so the next sample is not used, as it will not yet be corrected for System Trim*/
+
+  n_samples = -1;
+
 
   read_coefs_from_file();
 
@@ -866,6 +873,8 @@ read_from_device(void *any)
   int error = 0;
 
   status = read(fd, &data, sizeof(data));
+  if (operating_mode == OM_NORMAL)
+      status = read(fd, &data, sizeof(data));
   if (status < 0) {
     /* This looks like a bad error : the file descriptor was indicating it was
      * ready to read but we couldn't read anything.  Give up. */

sourcestats.c

@@ -373,9 +373,9 @@ find_best_sample_index(SST_Stats inst, double *times_back)
 /* This defines the assumed ratio between the standard deviation of
    the samples and the peer distance as measured from the round trip
    time.  E.g. a value of 4 means that we think the standard deviation
-   is a quarter of the peer distance */
+   is four times the fluctuation  of the peer distance */
 
-#define SD_TO_DIST_RATIO 8.0
+#define SD_TO_DIST_RATIO 1.0
 
 /* ================================================== */
 /* This function runs the linear regression operation on the data.  It