Allowing upstream servers of ntp being in multiple routing tables is

non-sensical. The dns lookups happened in the process routing table (usually '0'), which is very likely to have different results from the other routing domains. If you do depend on having this behaviour, you'll need to use pf to cross the rtable boundary. "listen on * rtable X" is still supported. Users of "server * rtable X" will need to switch to launching ntpd with "route -T X exec /usr/sbin/ntpd" OK deraadt@
9 years ago · e4a72ca09e
--- a/src/usr.sbin/ntpd/client.c
+++ b/src/usr.sbin/ntpd/client.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: client.c,v 1.102 2015/07/18 00:53:44 bcook Exp $ */
 /*	$OpenBSD: client.c,v 1.103 2015/10/23 14:52:20 phessler Exp $ */

 /*
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -142,10 +142,6 @@ client_query(struct ntp_peer *p)
 		    0)) == -1)
 			fatal("client_query socket");

 		if (p->rtable != -1 &&
 		    setsockopt(p->query->fd, SOL_SOCKET, SO_RTABLE,
 		    &p->rtable, sizeof(p->rtable)) == -1)
 			fatal("client_query setsockopt SO_RTABLE");
 		if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
 			if (errno == ECONNREFUSED || errno == ENETUNREACH ||
 			    errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
@ -248,11 +244,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
 		return (0);
 	}

 	if (p->rtable != -1 &&
 	    setsockopt(p->query->fd, SOL_SOCKET, SO_RTABLE, &p->rtable,
 	    sizeof(p->rtable)) == -1)
 		fatal("client_dispatch setsockopt SO_RTABLE");

 	for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL;
 	    cmsg = CMSG_NXTHDR(&somsg, cmsg)) {
 		if (cmsg->cmsg_level == SOL_SOCKET &&
@ -393,10 +384,10 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
 	}

 	log_debug("reply from %s: offset %f delay %f, "
 	    "next query %llds %s",
 	    "next query %llds",
 	    log_sockaddr((struct sockaddr *)&p->addr->ss),
 	    p->reply[p->shift].offset, p->reply[p->shift].delay,
 	    (long long)interval, print_rtable(p->rtable));
 	    (long long)interval);

 	client_update(p);
 	if (settime)
--- a/src/usr.sbin/ntpd/control.c
+++ b/src/usr.sbin/ntpd/control.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: control.c,v 1.6 2015/07/18 00:53:44 bcook Exp $ */
 /*	$OpenBSD: control.c,v 1.7 2015/10/23 14:52:20 phessler Exp $ */

 /*
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -333,8 +333,7 @@ build_show_peer(struct ctl_show_peer *cp, struct ntp_peer *p)
 		addr_head_name = p->addr_head.name;

 	snprintf(cp->peer_desc, sizeof(cp->peer_desc),
 	    "%s %s%s %s", a, pool, addr_head_name,
 	    print_rtable(p->rtable) );
 	    "%s %s%s", a, pool, addr_head_name);

 	validdelaycnt = best = 0;
 	cp->offset = cp->delay = 0.0;
--- a/src/usr.sbin/ntpd/ntp.c
+++ b/src/usr.sbin/ntpd/ntp.c
@ -1,4 +1,4 @@
 /*	$OpenBSD: ntp.c,v 1.137 2015/10/12 06:50:08 reyk Exp $ */
 /*	$OpenBSD: ntp.c,v 1.138 2015/10/23 14:52:20 phessler Exp $ */

 /*
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -271,9 +271,8 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
 			if (p->deadline > 0 && p->deadline <= getmonotime()) {
 				timeout = 300;
 				log_debug("no reply from %s received in time, "
 				    "next query %ds %s", log_sockaddr(
 				    (struct sockaddr *)&p->addr->ss), timeout,
 				    print_rtable(p->rtable));
 				    "next query %ds", log_sockaddr(
 				    (struct sockaddr *)&p->addr->ss), timeout);
 				if (p->trustlevel >= TRUSTLEVEL_BADPEER &&
 				    (p->trustlevel /= 2) < TRUSTLEVEL_BADPEER)
 					log_info("peer %s now invalid",
@ -545,7 +544,6 @@ ntp_dispatch_imsg_dns(void)
 					npeer->addr_head.name =
 					    peer->addr_head.name;
 					npeer->addr_head.pool = 1;
 					npeer->rtable = peer->rtable;
 					client_peer_init(npeer);
 					npeer->state = STATE_DNS_DONE;
 					peer_add(npeer);
@ -832,9 +830,8 @@ report_peers(int always)
 					    (struct sockaddr *)&p->addr->ss);
 				if (p->addr_head.pool)
 					pool = "from pool ";
 				log_warnx("bad peer %s%s (%s) %s",
 				    pool, p->addr_head.name, a,
 				    print_rtable(p->rtable));
 				log_warnx("bad peer %s%s (%s)",
 				    pool, p->addr_head.name, a);
 			}
 		}
 	}
--- a/src/usr.sbin/ntpd/ntpd.conf.5
+++ b/src/usr.sbin/ntpd/ntpd.conf.5
@ -1,4 +1,4 @@
 .\" $OpenBSD: ntpd.conf.5,v 1.32 2015/08/28 02:59:29 deraadt Exp $
 .\" $OpenBSD: ntpd.conf.5,v 1.33 2015/10/23 14:52:20 phessler Exp $
 .\"
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 .\"
@ -14,7 +14,7 @@
 .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .Dd $Mdocdate: August 28 2015 $
 .Dd $Mdocdate: October 23 2015 $
 .Dt NTPD.CONF 5
 .Os
 .Sh NAME
@ -130,17 +130,12 @@ A stratum value other than the default of 1 can be assigned using
 the stratum keyword.
 .It Xo Ic server Ar address
 .Op Ic weight Ar weight-value
 .Op Ic rtable Ar table-id
 .Xc
 Specify the IP address or the hostname of an NTP
 server to synchronize to.
 If it appears multiple times,
 .Xr ntpd 8
 will try to synchronize to all of the servers specified.
 The
 .Cm rtable
 option specifies which routing table should be used for connection attempts.
 Hostname resolution will still happen using the default routing table.
 If a hostname resolves to multiple IPv4 and/or IPv6 addresses,
 .Xr ntpd 8
 uses the first address.
@ -151,7 +146,7 @@ is found.
 For example:
 .Bd -literal -offset indent
 server 10.0.0.2 weight 5
 server ntp.example.org weight 1 rtable 4
 server ntp.example.org weight 1
 .Ed
 .Pp
 To provide redundancy, it is good practice to configure multiple servers.
@ -159,7 +154,6 @@ In general, best accuracy is obtained by using servers that have a low
 network latency.
 .It Xo Ic servers Ar address
 .Op Ic weight Ar weight-value
 .Op Ic rtable Ar table-id
 .Xc
 As with
 .Cm server ,
@ -173,7 +167,7 @@ will try to synchronize to all of them.
 For example:
 .Bd -literal -offset indent
 servers pool.ntp.org
 servers pool.ntp.org rtable 5
 servers pool.ntp.org weight 5
 .Ed
 .El
 .Sh CONSTRAINTS
@ -231,9 +225,3 @@ The
 .Nm
 file format first appeared in
 .Ox 3.6 .
 .Sh CAVEATS
 When using different
 .Cm rtable
 options,
 .Xr ntpd 8
 must be started in rtable 0.
--- a/src/usr.sbin/ntpd/ntpd.h
+++ b/src/usr.sbin/ntpd/ntpd.h
@ -1,4 +1,4 @@
 /*	$OpenBSD: ntpd.h,v 1.122 2015/10/12 06:50:08 reyk Exp $ */
 /*	$OpenBSD: ntpd.h,v 1.123 2015/10/23 14:52:20 phessler Exp $ */

 /*
 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -104,7 +104,6 @@ struct listen_addr {
 struct ntp_addr {
 	struct ntp_addr		*next;
 	struct sockaddr_storage	 ss;
 	int			 rtable;
 };

 struct ntp_addr_wrap {
@ -159,7 +158,6 @@ struct ntp_peer {
 	u_int8_t			 weight;
 	int				 lasterror;
 	int				 senderrors;
 	int				 rtable;
 };

 struct ntp_sensor {
--- a/src/usr.sbin/ntpd/parse.y
+++ b/src/usr.sbin/ntpd/parse.y
@ -1,4 +1,4 @@
 /*	$OpenBSD: parse.y,v 1.63 2015/07/18 00:53:44 bcook Exp $ */
 /*	$OpenBSD: parse.y,v 1.64 2015/10/23 14:52:20 phessler Exp $ */

 /*
 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -106,8 +106,6 @@ main		: LISTEN ON address listen_opts	{
 			struct listen_addr	*la;
 			struct ntp_addr		*h, *next;

 			if ($3->a)
 				$3->a->rtable = $4.rtable;
 			if ((h = $3->a) == NULL &&
 			    (host_dns($3->name, &h) == -1 || !h)) {
 				yyerror("could not resolve \"%s\"", $3->name);
@ -155,7 +153,6 @@ main		: LISTEN ON address listen_opts	{

 				p = new_peer();
 				p->weight = $3.weight;
 				p->rtable = $3.rtable;
 				p->addr = h;
 				p->addr_head.a = h;
 				p->addr_head.pool = 1;
@ -164,7 +161,7 @@ main		: LISTEN ON address listen_opts	{
 					fatal(NULL);
 				if (p->addr != NULL)
 					p->state = STATE_DNS_DONE;
 				if (!(p->rtable > 0 && p->addr))
 				if (!(p->addr))
 					TAILQ_INSERT_TAIL(&conf->ntp_peers,
 					    p, entry);
 				h = next;
@ -195,7 +192,6 @@ main		: LISTEN ON address listen_opts	{
 			}

 			p->weight = $3.weight;
 			p->rtable = $3.rtable;
 			p->addr_head.a = p->addr;
 			p->addr_head.pool = 0;
 			p->addr_head.name = strdup($2->name);
@ -203,7 +199,7 @@ main		: LISTEN ON address listen_opts	{
 				fatal(NULL);
 			if (p->addr != NULL)
 				p->state = STATE_DNS_DONE;
 			if (!(p->rtable > 0 && p->addr))
 			if (!(p->addr))
 				TAILQ_INSERT_TAIL(&conf->ntp_peers, p, entry);
 			free($2->name);
 			free($2);
@ -355,7 +351,6 @@ server_opts_l	: server_opts_l server_opt
 		| server_opt
 		;
 server_opt	: weight
 		| rtable
 		;

 sensor_opts	:	{ opts_default(); }
@ -428,7 +423,6 @@ opts_default(void)
 {
 	memset(&opts, 0, sizeof opts);
 	opts.weight = 1;
 	opts.rtable = -1;
 	opts.stratum = 1;
 }