time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
reason: the parent process must never ever block, but the dns routines can.
last not least this fixes ntpd -s 'hanging' for a long time.
tested by a couple of people
now. untested due to lack of hardware, and it wouldn't have worked in the
plane anyways. work in progress, currently picks up and uses all sensors
it finds, config file bits to be added soon. theo fine with this going in
hook the descriptors into the main poll and such.
we're not doing anything with the reply we recive yet, tho.
mostly hacked on the Frankfurt->Montreal flight, as batteries and those
horrible air canada seats permitted...
it is just capable of answering (s)ntp4 requests with the local time
for now.
imsg/buffer and logging framework from bgpd, ntp protocol hackery
with Alexander Guy
tedu