we have ntpctl now and ntpd doesn't need redundant/obsolete features.
Pointed out by naddy@, with input from zhuk@ (SIGINFO doesn't need SIG_IGN)
OK deraadt@
non-sensical. The dns lookups happened in the process routing table
(usually '0'), which is very likely to have different results from the
other routing domains. If you do depend on having this behaviour,
you'll need to use pf to cross the rtable boundary.
"listen on * rtable X" is still supported.
Users of "server * rtable X" will need to switch to launching ntpd with
"route -T X exec /usr/sbin/ntpd"
OK deraadt@
This helps the ntp process to a) give a better pledge(2) and to b)
keep the promise of "saving the world again... on time" by removing
the delays that have been introduced by expensive constraint forks.
The new design offers better privsep but introduces a few more imsgs
and runs a little bit more code in the privileged parent. The
privileged code is minimal, carefully checked, and does not attempt to
"parse" any contents; the forked constraints instantly drop all
privileges and pledge to "stdio inet".
OK beck@ deraadt@
including fork/exec cost, it would be better if constraints were
forked from the master process, which would then tell the ntp
engine. That would increase accuracy and security.
Lots of conversations with reyk and bcook
than < for the comparison. Otherwise, if we don't do enough work
in the loop to advance the clock (for instance if the network is
down) we may end up calling poll() multiple times with no timeout,
racking up CPU time for no real reason. OK bcook@
henning@ 9 years ago because of an issue with the /dev/hotplug device
- it does not support multiple readers opening it. Nobody ever cared
enough to fix it so it is time to sent the dead code to the Attic.
OK henning@ (feeling sad about it), mpi@ and others
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
Previously, when there is an even number of offsets, we did the average
of the two middle offets but would set the REFID from one of them.
Instead, we simply select the middle offset with the lowest delay.
diff from Mike Miller <mmiller mgm51 com> (many thanks!)
OK phessler@, henning@
This basically adds the "rtable %d" keyword to "listen on", "server",
"servers" keywords, to specify which routing table to use.
OK henning@ claudio@ sthen@
manpage reviewed by jmc@
offset. This avoids future frequency adjustments based on measurements of a
clock that was being adjusted. End result: more stable clock and better
frequency convergence.
Also, fix a mis-ordered structure member while I'm here.
ok henning
the offset since we use monotime for these for some time now, and monotime
is not affected by system time changes (like, duh, that was the reason for
the change). PR5927
reason: the parent process must never ever block, but the dns routines can.
last not least this fixes ntpd -s 'hanging' for a long time.
tested by a couple of people
This allows recovery after an IP address change (e.g. on dialup links).
Also move the update of "nextaction" timeout below the deadline check.
OK henning@
happens when a SIGINFO is received, or when the majority of peers or
sensors is bad. The latter with a maximum of once per 24 hour.
ok henning@ ckuethe@ mbalmer@
symbol, follow the guidelines from K&R: only one definition of a
global symbol (and possibly more declarations). Rename some vars
here and there to avoid shadowing. ok henning@
when we adjust time. This prevents ntpd from going wild when using
sensor time sources; ok henning@ (on an earlier version) and a LOT
of testing by naddy@
rzalamena