the ntp timestamp wrapping in 2036.

used in situations where https constraints cannot be used and we still want
auto settime. Result of discussion with and ok deraadt@

and net config can change as well. So if a peer does not respond,
throw it out of the pool if it's a pool member and re-resolve to
find a replacement. Hold on to good peers so we end up with a good
set of peers. ok benno@

an (auto) settime or give up. 15s timeout is still in effect. ok florian@

engine does not know if we're in startup mode, so use a small interval
the first few times there.

(booting, constraint(s) defined) set the time but only if the clock
should be moved forward by more than a minute, based on ntp replies
that satisfied the constraints. Tested by many; ok deraadt@

with once the clock is synced. ok deraadt@ florian@

address for outgoing ntp queries.
From Job Snijders, thanks!
with feedback and ok henning@

part of the original ISC license that we use in OpenBSD.  Done for
files were Henning is the original author.
OK henning@ deraadt@

non-sensical.  The dns lookups happened in the process routing table
(usually '0'), which is very likely to have different results from the
other routing domains.  If you do depend on having this behaviour,
you'll need to use pf to cross the rtable boundary.
"listen on * rtable X" is still supported.
Users of "server * rtable X" will need to switch to launching ntpd with
"route -T X exec /usr/sbin/ntpd"
OK deraadt@

ok phessler@ deraadt@

Original fix from Romuald Delavergne. ok henning@

allows to get constraint addresses even if network/DNS is not
available at startup (or system boot).
thumbs up & OK henning@

time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses.  This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present.  This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@

This simplifies things and make action = -1 no longer a dead store.
Also, spell FALLTHROUGH consistently.
reported by fritjof@alokat.org

Match what parse.y expects it to return.
ok millert@

peanuts -- but all work has to start somewhere.

suggested by deraadt@ re: more general MIN/MAX cleanups

Switch to local definitions where MAX is needed.
discussed with deraadt@

probably more 32-bit platforms).
Problem noticed by tobiasu@; ok tobiasu@ dtucker@ sthen@ benno@

OK claudio@ henning@

diff from Mike Miller <mmiller mgm51 com> (many thanks!)
OK phessler@, henning@, todd@

ntp_sendmsg().  They have been removed from the function body in the past
but not from the argument list.
From Maxime Villard

This basically adds the "rtable %d" keyword to "listen on", "server",
"servers" keywords, to specify which routing table to use.
OK henning@ claudio@ sthen@
manpage reviewed by jmc@

reply instead of doing it in ntpd itself by getting the time we read
from the socket. based on a diff from mickey hacked in shape by me,
lots of testing and review from ckuethe and sthen, theo and claudio like it
too

input & ok theo

Don't log kiss code for now.

address as ref ID (RFC4330).  ok henning@

return the address of the synchronization source as reference
identification.  Remove the obsolete special casing specified in RFC2030.
ok henning@

This allows recovery after an IP address change (e.g. on dialup links).
Also move the update of "nextaction" timeout below the deadline check.
OK henning@

empty while in the -s period, so the poll timeout actually times out
if there are no interfaces available. ok henning@

do not have more than one dns request outstanding per peer. resolves
slow recovery when resolving fails initially, without clogging the
pipe with lots of dns requests; tested by Jason George; ok deraadt@

time, and make ntpd use that to send the next uery to an ntp peer and the
like. this has the advantage that changes to the clock do not interfere
with the intervals. for example, when we start on machines without an
RTC and the initial settime (-s) kicks in, intervals were strange.
idea from amandal@entrisphere.com, this implementation by me
tested ckuethe, phessler, mbalmer, ok mbalmer

From: amandal@entrisphere.com

From: amandal@entrisphere.com

too. from amandal@entrisphere.com

overcompensating. From DragonFly, uses recent adjtime(2) changes,
so you'll need a recent kernel. ok henning@

ok henning@

it will wait until the next poll.
ok henning@

first bits from a way to long flight