otto
349011c612
If a DBS resolve was done with the Checking Disabled flag, re-resolve
with once the clock is synced. ok deraadt@ florian@
5 years ago
benno
184c157e2f
add option "query from <ip>" to ntpd.conf, to specify a local IP
address for outgoing ntp queries.
From Job Snijders, thanks!
with feedback and ok henning@
7 years ago
reyk
08ed721594
Remove the oh so funny "LOSS OF MIND" from the diclaimer that was not
part of the original ISC license that we use in OpenBSD. Done for
files were Henning is the original author.
OK henning@ deraadt@
7 years ago
phessler
e4a72ca09e
Allowing upstream servers of ntp being in multiple routing tables is
non-sensical. The dns lookups happened in the process routing table
(usually '0'), which is very likely to have different results from the
other routing domains. If you do depend on having this behaviour,
you'll need to use pf to cross the rtable boundary.
"listen on * rtable X" is still supported.
Users of "server * rtable X" will need to switch to launching ntpd with
"route -T X exec /usr/sbin/ntpd"
OK deraadt@
8 years ago
bcook
cdb73978a9
replace bzero with memset
ok phessler@ deraadt@
9 years ago
bcook
d72cee2563
Avoid overflow on 32-bit time_t systems converting timeval to NTP time.
Original fix from Romuald Delavergne. ok henning@
9 years ago
reyk
2c0d96f390
Use ntpd's deferred DNS resolving for constraints as well. This
allows to get constraint addresses even if network/DNS is not
available at startup (or system boot).
thumbs up & OK henning@
9 years ago
reyk
7433fa0bce
Add support for "constraints": when configured, ntpd(8) will query the
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
9 years ago
bcook
709567d845
Use initial assignment of action to check for errors.
This simplifies things and make action = -1 no longer a dead store.
Also, spell FALLTHROUGH consistently.
reported by fritjof@alokat.org
9 years ago
bcook
e32816bab7
return -1 on host() address parsing failure, not 1.
Match what parse.y expects it to return.
ok millert@
9 years ago
deraadt
eb02123984
remove excessive/wrong use of sys/param.h
peanuts -- but all work has to start somewhere.
9 years ago
bcook
f04311c2a3
use MAXIMUM as the canonical local MAX macro.
suggested by deraadt@ re: more general MIN/MAX cleanups
9 years ago
bcook
63d93971e4
don't rely on sys/param.h having a MAX macro.
Switch to local definitions where MAX is needed.
discussed with deraadt@
9 years ago
miod
65ef63a7ad
Fix format strings involving time_t arguments, fixes `ntpd -d' on sparc (and
probably more 32-bit platforms).
Problem noticed by tobiasu@; ok tobiasu@ dtucker@ sthen@ benno@
10 years ago
phessler
590be54dcd
remove the IPv4-only check for rdomains, allows IPv6 to use them
OK claudio@ henning@
10 years ago
phessler
36ee6e401f
Add ntpctl(8), which allows us to query the locally running ntpd(8) process
diff from Mike Miller <mmiller mgm51 com> (many thanks!)
OK phessler@, henning@, todd@
10 years ago
mglocker
27f85bb7b7
Remove unused function argument variables 'len' and 'auth' from
ntp_sendmsg(). They have been removed from the function body in the past
but not from the argument list.
From Maxime Villard
11 years ago
phessler
a32e45b068
Add rdomain support to NTPd.
This basically adds the "rtable %d" keyword to "listen on", "server",
"servers" keywords, to specify which routing table to use.
OK henning@ claudio@ sthen@
manpage reviewed by jmc@
12 years ago
henning
f4727d5d25
recvmsg ENOENT noncritical too
15 years ago
henning
c9840c00e0
ENOPROTOOPT is non-fatal on recvfrom, can apparently happen with ipvshit
15 years ago
henning
eac29aab5e
use the SCM_TIMESTAMP socket option to get the time we received the
reply instead of doing it in ntpd itself by getting the time we read
from the socket. based on a diff from mickey hacked in shape by me,
lots of testing and review from ckuethe and sthen, theo and claudio like it
too
15 years ago
henning
d56fbb72de
ignore replies with timestamps after 2030 to prevent time_t / tv_sec wraps
input & ok theo
15 years ago
stevesk
00ae9b8707
I should know outside data must be vis(3)'d.
Don't log kiss code for now.
15 years ago
stevesk
5181f4815e
received refid should not be converted to host byte order; ok henning@
15 years ago
stevesk
41d74ba791
log reason when not synced; ok henning@
15 years ago
naddy
c102a69a3a
For IPv6 addresses, return the first 32 bits of the MD5 hash of the
address as ref ID (RFC4330). ok henning@
16 years ago
naddy
ca3fb2ec5f
According to the latest SNTPv4 spec in RFC4330, secondary servers
return the address of the synchronization source as reference
identification. Remove the obsolete special casing specified in RFC2030.
ok henning@
16 years ago
mpf
18c1f831f0
Reconnect a client socket after three consecutive send failures.
This allows recovery after an IP address change (e.g. on dialup links).
Also move the update of "nextaction" timeout below the deadline check.
OK henning@
16 years ago
stevesk
14460a3689
some fatal() calls that should be fatalx(); ok henning@
16 years ago
otto
2dc039e348
be a bit less aggressive retrying; this keeps the message queue
empty while in the -s period, so the poll timeout actually times out
if there are no interfaces available. ok henning@
16 years ago
otto
8c79773d1d
if resolving a name fails, be more aggressive retrying, but with care:
do not have more than one dns request outstanding per peer. resolves
slow recovery when resolving fails initially, without clogging the
pipe with lots of dns requests; tested by Jason George; ok deraadt@
17 years ago
deraadt
c34c8f6d6a
aggressive spelling fix, spotted by jbg
17 years ago
henning
4f07972cbe
use clock_gettime(CLOCK_MONOTONIC, ..) to get a monotonically increasing
time, and make ntpd use that to send the next uery to an ntp peer and the
like. this has the advantage that changes to the clock do not interfere
with the intervals. for example, when we start on machines without an
RTC and the initial settime (-s) kicks in, intervals were strange.
idea from amandal@entrisphere.com, this implementation by me
tested ckuethe, phessler, mbalmer, ok mbalmer
17 years ago
henning
9e886819ac
in client_nextaddr, check fd != -1 before close, just nicer this way
From: amandal@entrisphere.com
17 years ago
henning
43bb2c0b5f
when ntp_sendmsg fails, reset trustlevel to TRUSTLEVEL_PATHETIC
From: amandal@entrisphere.com
17 years ago
henning
8031d5c7e5
EADDRNOTAVAIL after connect is one of the soft errors where we don't abort
too. from amandal@entrisphere.com
17 years ago
otto
89f43414db
Compensate old offsets with the amount of adjustment done, avoiding
overcompensating. From DragonFly, uses recent adjtime(2) changes,
so you'll need a recent kernel. ok henning@
18 years ago
otto
24fa8ea878
Only invalidate stored replies if an adjustment was really made.
ok henning@
18 years ago
ckuethe
9325c20f99
When ntpd backs off polling due to a negative delay, tell the user how long
it will wait until the next poll.
ok henning@
18 years ago
henning
309a243757
figure out the refid to send to NTP v3 clients early and store it
first bits from a way to long flight
18 years ago
dtucker
73c6d5ec9f
Log source address for 'malformed packet' errors. ok henning@
19 years ago
dtucker
f31cfdaa27
Propogate server's leap indicator flags to clients; ok henning@
19 years ago
dtucker
4eaa821e76
Print actual error when in debug mode; ok henning@
19 years ago
dtucker
b5f096de27
add another non-fatal error for recvfrom; ok henning@
19 years ago
dtucker
f9299bb123
Save transmit time for each peer for later use as refid for SNTPv4
replies. ok henning@
19 years ago
henning
ed37b625d3
use a little state engine to keep track of delayed dns lookups and such,
eases things
tested by Jason Ackley <jason@ackley.net> Matthias Kilian
<kili@outback.escape.de> Stephen Marley <stephen@marley.org.uk> sturm@
theo ok
19 years ago
henning
f2765f2a2f
move the "reply from ... " log msg in -d mdoe uop a bit so it actually
comes before the "adjusting local clock by..." one, joerg
19 years ago
henning
7082200ffe
prevent replies with negative delay from being used, could happen with -s
From: Joerg Sonnenberger <joerg@britannica.bec.de> of dragonfly
19 years ago
henning
6801136c41
let client_query return 0 if it requested dns resolution
19 years ago
henning
356208894f
fix an error message
19 years ago