|
|
- From: Pekka Helenius <fincer89@hotmail.com>
- Date: Sun, 02 Aug 2020 14:12:40 +0300
- Subject: Unhardcode NTP server, client and constraint UDP & TCP port numbers
-
-
- --- a/src/client.c 2020-08-02 02:03:13.840286484 +0300
- +++ b/src/client.c 2020-08-02 02:04:23.993619892 +0300
- @@ -76,13 +76,13 @@ client_addr_init(struct ntp_peer *p)
- case AF_INET:
- sa_in = (struct sockaddr_in *)&h->ss;
- if (ntohs(sa_in->sin_port) == 0)
- - sa_in->sin_port = htons(123);
- + sa_in->sin_port = htons(p->addr_head.port);
- p->state = STATE_DNS_DONE;
- break;
- case AF_INET6:
- sa_in6 = (struct sockaddr_in6 *)&h->ss;
- if (ntohs(sa_in6->sin6_port) == 0)
- - sa_in6->sin6_port = htons(123);
- + sa_in6->sin6_port = htons(p->addr_head.port);
- p->state = STATE_DNS_DONE;
- break;
- default:
- @@ -122,9 +122,10 @@ client_nextaddr(struct ntp_peer *p)
- p->shift = 0;
- p->trustlevel = TRUSTLEVEL_PATHETIC;
-
- - if (p->addr == NULL)
- + if (p->addr == NULL) {
- p->addr = p->addr_head.a;
- - else if ((p->addr = p->addr->next) == NULL)
- + p->port = p->addr_head.port;
- + } else if ((p->addr = p->addr->next) == NULL)
- return (1);
-
- return (0);
- --- a/src/ntp.c 2020-07-31 23:34:32.000000000 +0300
- +++ b/src/ntp.c 2020-08-01 00:56:09.608057581 +0300
- @@ -603,6 +603,8 @@ ntp_dispatch_imsg_dns(void)
- peer->addr_head.name;
- npeer->addr_head.pool =
- peer->addr_head.pool;
- + npeer->addr_head.port =
- + peer->addr_head.port;
- client_peer_init(npeer);
- npeer->state = STATE_DNS_DONE;
- peer_add(npeer);
- @@ -611,6 +613,7 @@ ntp_dispatch_imsg_dns(void)
- h->next = peer->addr;
- peer->addr = h;
- peer->addr_head.a = peer->addr;
- + peer->addr_head.port = peer->port;
- peer->state = STATE_DNS_DONE;
- }
- }
- --- a/src/config.c 2020-07-31 23:11:30.000000000 +0300
- +++ b/src/config.c 2020-08-01 01:02:14.468057965 +0300
- @@ -196,3 +196,10 @@ new_constraint(void)
- return (p);
- }
-
- +int
- +intdup(int in)
- +{
- + int *out;
- + out = ∈
- + return *out;
- +}
- --- a/src/ntpd.h 2020-07-31 23:00:51.000000000 +0300
- +++ b/src/ntpd.h 2020-08-01 01:27:06.418059534 +0300
- @@ -95,7 +95,7 @@
- #define CONSTRAINT_SCAN_INTERVAL (15*60)
- #define CONSTRAINT_SCAN_TIMEOUT (10)
- #define CONSTRAINT_MARGIN (2.0*60)
- -#define CONSTRAINT_PORT "443" /* HTTPS port */
- +
- #define CONSTRAINT_MAXHEADERLENGTH 8192
- #define CONSTRAINT_PASSFD (STDERR_FILENO + 1)
-
- @@ -121,6 +121,7 @@ struct listen_addr {
- struct sockaddr_storage sa;
- int fd;
- int rtable;
- + int port;
- };
-
- struct ntp_addr {
- @@ -132,14 +133,17 @@ struct ntp_addr {
- struct ntp_addr_wrap {
- char *name;
- char *path;
- + int port;
- struct ntp_addr *a;
- u_int8_t pool;
- };
-
- struct ntp_addr_msg {
- struct ntp_addr a;
- + int port;
- size_t namelen;
- size_t pathlen;
- + size_t portlen;
- };
-
- struct ntp_status {
- @@ -184,6 +188,7 @@ struct ntp_peer {
- u_int8_t trusted;
- int lasterror;
- int senderrors;
- + int port;
- };
-
- struct ntp_sensor {
- @@ -206,6 +211,7 @@ struct constraint {
- TAILQ_ENTRY(constraint) entry;
- struct ntp_addr_wrap addr_head;
- struct ntp_addr *addr;
- + int port;
- int senderrors;
- enum client_state state;
- u_int32_t id;
- @@ -365,6 +371,7 @@ void host_dns_free(struct ntp_addr *)
- struct ntp_peer *new_peer(void);
- struct ntp_conf_sensor *new_sensor(char *);
- struct constraint *new_constraint(void);
- +int intdup(int);
-
- /* ntp_msg.c */
- int ntp_getmsg(struct sockaddr *, char *, ssize_t, struct ntp_msg *);
- @@ -401,6 +408,7 @@ void priv_constraint_kill(u_int32_t);
- int priv_constraint_dispatch(struct pollfd *);
- void priv_constraint_check_child(pid_t, int);
- char *get_string(u_int8_t *, size_t);
- +int intlen(int);
-
- /* util.c */
- double gettime_corrected(void);
- --- a/src/constraint.c 2020-08-02 01:56:09.060286035 +0300
- +++ b/src/constraint.c 2020-08-02 01:56:47.110286075 +0300
- @@ -66,11 +66,11 @@ void priv_constraint_readquery(struct c
- uint8_t **);
-
- struct httpsdate *
- - httpsdate_init(const char *, const char *, const char *,
- + httpsdate_init(const char *, const int *, const char *,
- const char *, const u_int8_t *, size_t);
- void httpsdate_free(void *);
- int httpsdate_request(struct httpsdate *, struct timeval *);
- -void *httpsdate_query(const char *, const char *, const char *,
- +void *httpsdate_query(const char *, const int *, const char *,
- const char *, const u_int8_t *, size_t,
- struct timeval *, struct timeval *);
-
- @@ -125,13 +125,13 @@ constraint_addr_init(struct constraint *
- case AF_INET:
- sa_in = (struct sockaddr_in *)&h->ss;
- if (ntohs(sa_in->sin_port) == 0)
- - sa_in->sin_port = htons(443);
- + sa_in->sin_port = htons(cstr->addr_head.port);
- cstr->state = STATE_DNS_DONE;
- break;
- case AF_INET6:
- sa_in6 = (struct sockaddr_in6 *)&h->ss;
- if (ntohs(sa_in6->sin6_port) == 0)
- - sa_in6->sin6_port = htons(443);
- + sa_in6->sin6_port = htons(cstr->addr_head.port);
- cstr->state = STATE_DNS_DONE;
- break;
- default:
- @@ -206,6 +206,7 @@ constraint_query(struct constraint *cstr
-
- memset(&am, 0, sizeof(am));
- memcpy(&am.a, cstr->addr, sizeof(am.a));
- + memcpy(&am.port, &cstr->addr_head.port, sizeof(am.port));
-
- iov[iov_cnt].iov_base = &am;
- iov[iov_cnt++].iov_len = sizeof(am);
- @@ -219,6 +220,11 @@ constraint_query(struct constraint *cstr
- iov[iov_cnt].iov_base = cstr->addr_head.path;
- iov[iov_cnt++].iov_len = am.pathlen;
- }
- + if (cstr->addr_head.port) {
- + am.portlen = intlen(cstr->addr_head.port) + 1;
- + iov[iov_cnt].iov_base = &cstr->addr_head.port;
- + iov[iov_cnt++].iov_len = am.portlen;
- + }
-
- imsg_composev(ibuf_main, IMSG_CONSTRAINT_QUERY,
- cstr->id, 0, -1, iov, iov_cnt);
- @@ -246,7 +252,7 @@ priv_constraint_msg(u_int32_t id, u_int8
- return;
- }
- memcpy(&am, data, sizeof(am));
- - if (len != (sizeof(am) + am.namelen + am.pathlen)) {
- + if (len != (sizeof(am) + am.namelen + am.pathlen + am.portlen)) {
- log_warnx("constraint id %d: invalid query received", id);
- return;
- }
- @@ -301,6 +307,7 @@ priv_constraint_readquery(struct constra
- int n;
- struct imsg imsg;
- size_t mlen;
- + int port;
-
- /* Read the message our parent left us. */
- if (((n = imsg_read(&cstr->ibuf)) == -1 && errno != EAGAIN) || n == 0)
- @@ -324,7 +331,7 @@ priv_constraint_readquery(struct constra
- );
-
- memcpy(am, imsg.data, sizeof(*am));
- - if (mlen != (sizeof(*am) + am->namelen + am->pathlen))
- + if (mlen != (sizeof(*am) + am->namelen + am->pathlen + am->portlen))
- fatalx("constraint: invalid message length received from parent process (%s)",
- __func__
- );
- @@ -334,12 +341,15 @@ priv_constraint_readquery(struct constra
- fatal("constraint: can't allocate memory (%s)", __func__);
-
- memcpy(h, &am->a, sizeof(*h));
- + memcpy(&port, &am->port, sizeof(port));
- h->next = NULL;
- -
- +
- cstr->id = imsg.hdr.peerid;
- cstr->addr = h;
- cstr->addr_head.a = h;
- -
- + cstr->port = port;
- + cstr->addr_head.port = port;
- +
- dptr = imsg.data;
- memcpy(*data, dptr + sizeof(*am), mlen - sizeof(*am));
- imsg_free(&imsg);
- @@ -434,10 +444,14 @@ priv_constraint_child(const char *pw_dir
- get_string(data, am.pathlen)) == NULL)
- fatalx("constraint %s: invalid path", addr);
- }
- + if (am.portlen) {
- + if (cstr.addr_head.port == 0)
- + fatalx("constraint %s: invalid port", addr);
- + }
-
- /* Run! */
- if ((ctx = httpsdate_query(addr,
- - CONSTRAINT_PORT, cstr.addr_head.name, cstr.addr_head.path,
- + &cstr.addr_head.port, cstr.addr_head.name, cstr.addr_head.path,
- conf->ca, conf->ca_len, &rectv, &xmttv)) == NULL) {
- log_debug("constraint %s: failed to get proper time results", addr);
- /* Abort with failure but without warning */
- @@ -800,8 +814,14 @@ constraint_msg_dns(u_int32_t id, u_int8_
- ncstr->addr_head.a = h;
- ncstr->addr_head.name = strdup(cstr->addr_head.name);
- ncstr->addr_head.path = strdup(cstr->addr_head.path);
- + ncstr->addr_head.port = intdup(cstr->addr_head.port);
- +
- + // Unless we do this, we have value 0 in ncstr->port
- + ncstr->port = intdup(cstr->port);
- +
- if (ncstr->addr_head.name == NULL ||
- - ncstr->addr_head.path == NULL)
- + ncstr->addr_head.path == NULL ||
- + ncstr->addr_head.port == 0 || ncstr->port == 0)
- fatal("constraint id %d: DNS dispatching failed: invalid data", id);
- ncstr->addr_head.pool = cstr->addr_head.pool;
- ncstr->state = STATE_DNS_DONE;
- @@ -811,6 +831,7 @@ constraint_msg_dns(u_int32_t id, u_int8_
- h->next = ncstr->addr;
- ncstr->addr = h;
- ncstr->addr_head.a = h;
- + // TODO missing port?
- }
- } while (len);
-
- @@ -912,10 +933,11 @@ constraint_check(double val)
- }
-
- struct httpsdate *
- -httpsdate_init(const char *addr, const char *port, const char *hostname,
- +httpsdate_init(const char *addr, const int *port, const char *hostname,
- const char *path, const u_int8_t *ca, size_t ca_len)
- {
- struct httpsdate *httpsdate = NULL;
- + char port_s[sizeof(port)];
-
- if ((httpsdate = calloc(1, sizeof(*httpsdate))) == NULL)
- goto fail;
- @@ -923,8 +945,10 @@ httpsdate_init(const char *addr, const c
- if (hostname == NULL)
- hostname = addr;
-
- + sprintf(port_s, "%d", *port);
- +
- if ((httpsdate->tls_addr = strdup(addr)) == NULL ||
- - (httpsdate->tls_port = strdup(port)) == NULL ||
- + (httpsdate->tls_port = strdup(port_s)) == NULL ||
- (httpsdate->tls_hostname = strdup(hostname)) == NULL ||
- (httpsdate->tls_path = strdup(path)) == NULL)
- goto fail;
- @@ -1098,7 +1122,7 @@ httpsdate_request(struct httpsdate *http
- }
-
- void *
- -httpsdate_query(const char *addr, const char *port, const char *hostname,
- +httpsdate_query(const char *addr, const int *port, const char *hostname,
- const char *path, const u_int8_t *ca, size_t ca_len,
- struct timeval *rectv, struct timeval *xmttv)
- {
- @@ -1183,3 +1207,17 @@ get_string(u_int8_t *ptr, size_t len)
-
- return strndup(ptr, i);
- }
- +
- +int
- +intlen(int val)
- +{
- + int n = 1;
- + if (val < 0)
- + return 0;
- + while(val > 9) {
- + n++;
- + val /= 10;
- + }
- +
- + return val;
- +}
- --- a/src/parse.y 2020-07-31 23:57:08.000000000 +0300
- +++ b/src/parse.y 2020-08-01 01:51:28.041394057 +0300
- @@ -60,6 +60,7 @@ int findeol(void);
- struct sockaddr_in query_addr4;
- struct sockaddr_in6 query_addr6;
- int poolseqnum;
- +struct servent *se;
-
- struct opts {
- int weight;
- @@ -68,6 +69,7 @@ struct opts {
- int rtable;
- int trusted;
- char *refstr;
- + int port;
- } opts;
- void opts_default(void);
-
- @@ -86,18 +88,21 @@ typedef struct {
- %token LISTEN ON CONSTRAINT CONSTRAINTS FROM QUERY TRUSTED
- %token SERVER SERVERS SENSOR CORRECTION RTABLE REFID STRATUM WEIGHT
- %token ERROR
- +%token PORT
- %token <v.string> STRING
- %token <v.number> NUMBER
- %type <v.addr> address url urllist
- %type <v.opts> listen_opts listen_opts_l listen_opt
- %type <v.opts> server_opts server_opts_l server_opt
- %type <v.opts> sensor_opts sensor_opts_l sensor_opt
- +%type <v.opts> constraint_opts constraint_opts_l constraint_opt
- %type <v.opts> correction
- %type <v.opts> rtable
- %type <v.opts> refid
- %type <v.opts> stratum
- %type <v.opts> weight
- %type <v.opts> trusted
- +%type <v.opts> port
- %%
-
- grammar : /* empty */
- @@ -125,6 +130,10 @@ main : LISTEN ON address listen_opts {
- fatal("can't allocate memory for listening address");
- la->fd = -1;
- la->rtable = $4.rtable;
- +
- + if ($4.port != 0)
- + la->port = $4.port;
- +
- memcpy(&la->sa, &h->ss,
- sizeof(struct sockaddr_storage));
- TAILQ_INSERT_TAIL(&conf->listen_addrs, la,
- @@ -186,10 +195,22 @@ main : LISTEN ON address listen_opts {
- p->trusted = $3.trusted;
- conf->trusted_peers = conf->trusted_peers ||
- $3.trusted;
- +
- + if ($3.port == 0) {
- + if ((se = getservbyname("ntp", "udp")) == NULL) {
- + fatal("new server: can't find default system information for NTP protocol (getservbyname)");
- + } else {
- + $3.port = ntohs(se->s_port);
- + }
- + }
- + p->port = $3.port;
- + $2->port = p->port;
- +
- p->query_addr4 = query_addr4;
- p->query_addr6 = query_addr6;
- p->addr = h;
- p->addr_head.a = h;
- + p->addr_head.port = intdup($2->port);
- p->addr_head.pool = ++poolseqnum;
- p->addr_head.name = strdup($2->name);
- if (p->addr_head.name == NULL)
- @@ -228,9 +249,21 @@ main : LISTEN ON address listen_opts {
- p->trusted = $3.trusted;
- conf->trusted_peers = conf->trusted_peers ||
- $3.trusted;
- +
- + if ($3.port == 0) {
- + if ((se = getservbyname("ntp", "udp")) == NULL) {
- + fatal("new server: can't find default system information for NTP protocol (getservbyname)");
- + } else {
- + $3.port = ntohs(se->s_port);
- + }
- + }
- + p->port = $3.port;
- + $2->port = p->port;
- +
- p->query_addr4 = query_addr4;
- p->query_addr6 = query_addr6;
- p->addr_head.a = p->addr;
- + p->addr_head.port = intdup($2->port);
- p->addr_head.pool = 0;
- p->addr_head.name = strdup($2->name);
- if (p->addr_head.name == NULL)
- @@ -241,7 +274,7 @@ main : LISTEN ON address listen_opts {
- free($2->name);
- free($2);
- }
- - | CONSTRAINTS FROM url {
- + | CONSTRAINTS FROM url constraint_opts {
- struct constraint *p;
- struct ntp_addr *h, *next;
-
- @@ -266,6 +299,17 @@ main : LISTEN ON address listen_opts {
- p = new_constraint();
- p->addr = h;
- p->addr_head.a = h;
- +
- + if ($4.port == 0) {
- + if ((se = getservbyname("https", "tcp")) == NULL) {
- + fatal("new constraint: can't find default system information for HTTPS protocol (getservbyname)");
- + } else {
- + $4.port = ntohs(se->s_port);
- + }
- + }
- + p->port = $4.port;
- + p->addr_head.port = intdup($4.port);
- +
- p->addr_head.pool = ++poolseqnum;
- p->addr_head.name = strdup($3->name);
- p->addr_head.path = strdup($3->path);
- @@ -281,7 +325,7 @@ main : LISTEN ON address listen_opts {
- free($3->name);
- free($3);
- }
- - | CONSTRAINT FROM urllist {
- + | CONSTRAINT FROM urllist constraint_opts {
- struct constraint *p;
- struct ntp_addr *h, *next;
-
- @@ -304,6 +348,17 @@ main : LISTEN ON address listen_opts {
- }
-
- p->addr_head.a = p->addr;
- +
- + if ($4.port == 0) {
- + if ((se = getservbyname("https", "tcp")) == NULL) {
- + fatal("new constraint: can't find default system information for HTTPS protocol (getservbyname)");
- + } else {
- + $4.port = ntohs(se->s_port);
- + }
- + }
- + p->port = $4.port;
- + p->addr_head.port = intdup($4.port);
- +
- p->addr_head.pool = 0;
- p->addr_head.name = strdup($3->name);
- p->addr_head.path = strdup($3->path);
- @@ -410,6 +465,7 @@ listen_opts_l : listen_opts_l listen_opt
- | listen_opt
- ;
- listen_opt : rtable
- + | port
- ;
-
- server_opts : { opts_default(); }
- @@ -422,6 +478,18 @@ server_opts_l : server_opts_l server_opt
- ;
- server_opt : weight
- | trusted
- + | port
- + ;
- +
- +constraint_opts : { opts_default(); }
- + constraint_opts_l
- + { $$ = opts; }
- + | { opts_default(); $$ = opts; }
- + ;
- +constraint_opts_l : constraint_opts_l constraint_opt
- + | constraint_opt
- + ;
- +constraint_opt : port
- ;
-
- sensor_opts : { opts_default(); }
- @@ -478,6 +546,17 @@ weight : WEIGHT NUMBER {
- }
- opts.weight = $2;
- }
- + ;
- +
- +port : PORT NUMBER {
- + if ($2 < 1 || $2 > 65535) {
- + yyerror("port must be between 1 and 65535");
- + YYERROR;
- + }
- + opts.port = $2;
- + }
- + ;
- +
- rtable : RTABLE NUMBER {
- #ifdef RT_TABLEID_MAX
- if ($2 < 0 || $2 > RT_TABLEID_MAX) {
- @@ -502,6 +581,7 @@ opts_default(void)
- memset(&opts, 0, sizeof opts);
- opts.weight = 1;
- opts.stratum = 1;
- + opts.port = 0;
- }
-
- struct keywords {
- @@ -542,6 +622,7 @@ lookup(char *s)
- { "from", FROM},
- { "listen", LISTEN},
- { "on", ON},
- + { "port", PORT},
- { "query", QUERY},
- { "refid", REFID},
- { "rtable", RTABLE},
- --- a/src/server.c 2020-08-01 00:04:05.000000000 +0300
- +++ b/src/server.c 2020-08-01 01:14:42.328058753 +0300
- @@ -107,14 +107,18 @@ setup_listeners(struct servent *se, stru
- for (la = TAILQ_FIRST(&lconf->listen_addrs); la; ) {
- switch (la->sa.ss_family) {
- case AF_INET:
- - if (((struct sockaddr_in *)&la->sa)->sin_port == 0)
- - ((struct sockaddr_in *)&la->sa)->sin_port =
- - se->s_port;
- + if ((la->port == 0) && \
- + (((struct sockaddr_in *)&la->sa)->sin_port == 0))
- + ((struct sockaddr_in *)&la->sa)->sin_port = se->s_port;
- + else
- + ((struct sockaddr_in *)&la->sa)->sin_port = ntohs(la->port);
- break;
- case AF_INET6:
- - if (((struct sockaddr_in6 *)&la->sa)->sin6_port == 0)
- - ((struct sockaddr_in6 *)&la->sa)->sin6_port =
- - se->s_port;
- + if ((la->port == 0) && \
- + (((struct sockaddr_in6 *)&la->sa)->sin6_port == 0))
- + ((struct sockaddr_in6 *)&la->sa)->sin6_port = se->s_port;
- + else
- + ((struct sockaddr_in6 *)&la->sa)->sin6_port = ntohs(la->port);
- break;
- case AF_UNSPEC:
- nla = TAILQ_NEXT(la, entry);
- --- a/src/ntpd.conf.5 2020-07-31 23:00:51.000000000 +0300
- +++ b/src/ntpd.conf.5 2020-08-01 01:22:25.424725907 +0300
- @@ -14,7 +14,7 @@
- .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
- .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .\"
- -.Dd $Mdocdate: May 16 2020 $
- +.Dd $Mdocdate: August 01 2020 $
- .Dt NTPD.CONF 5
- .Os
- .Sh NAME
- @@ -37,6 +37,7 @@ The basic configuration options are as f
- .Bl -tag -width Ds
- .It Xo Ic listen on Ar address
- .Op Ic rtable Ar table-id
- +.Op Ic port Ar port-number
- .Xc
- .Xr ntpd 8
- has the ability to sync the local clock to remote NTP servers and, if
- @@ -62,6 +63,12 @@ keyword will specify which routing table
- By default
- .Xr ntpd 8
- will listen using the current routing table.
- +The optional
- +.Ic port
- +keyword will specify which local UDP port the NTP server process should use for inbound connections.
- +By default
- +.Xr ntpd 8
- +will listen to UDP port 123 for new client connections.
- For example:
- .Bd -literal -offset indent
- listen on *
- @@ -72,6 +79,7 @@ or
- listen on 127.0.0.1
- listen on ::1
- listen on 127.0.0.1 rtable 4
- +listen on 127.0.0.1 port 1230
- .Ed
- .It Ic query from Ar sourceaddr
- Specify a local IP address the
- @@ -165,6 +173,7 @@ than a server with a weight of 1.
- .It Xo Ic server Ar address
- .Op Ic trusted
- .Op Ic weight Ar weight-value
- +.Op Ic port Ar port-number
- .Xc
- Specify the IP address or the hostname of an NTP
- server to synchronize to.
- @@ -182,6 +191,7 @@ For example:
- .Bd -literal -offset indent
- server 10.0.0.2 weight 5
- server ntp.example.org weight 1
- +server ntp.foo.org port 123
- .Ed
- .Pp
- To provide redundancy, it is good practice to configure multiple servers.
- @@ -190,6 +200,7 @@ network latency.
- .It Xo Ic servers Ar address
- .Op Ic trusted
- .Op Ic weight Ar weight-value
- +.Op Ic port Ar port-number
- .Xc
- As with
- .Cm server ,
- @@ -204,6 +215,7 @@ For example:
- .Bd -literal -offset indent
- servers pool.ntp.org
- servers pool.ntp.org weight 5
- +servers pool.ntp.org weight 6 port 123
- .Ed
- .El
- .Sh CONSTRAINTS
- @@ -227,8 +239,13 @@ without libtls causes
- to log a warning message on startup.
- .Bl -tag -width Ds
- .It Ic constraint from Ar url [ip...]
- +.Op Ic port Ar port-number
- Specify the URL, IP address or the hostname of an HTTPS server to
- -provide a constraint.
- +provide a constraint. The optional
- +.Ic port
- +number is an HTTPS server port to connect to. By default
- +.Xr ntpd 8
- +will connect to remote TCP port 443.
- If the url is followed by one or more addresses the url and addresses will be
- tried until a working one is found.
- The url path and expected certificate name is always taken from the
- @@ -242,8 +259,10 @@ will calculate a median constraint from
- server ntp.example.org
- constraint from www.example.com
- constraint from "https://9.9.9.9" "2620:fe::9"
- +constraint from www.google.com port 443
- .Ed
- .It Ic constraints from Ar url
- +.Op Ic port Ar port-number
- As with
- .Ic constraint from ,
- specify the URL, IP address or the hostname of an HTTPS server to
- @@ -251,10 +270,16 @@ provide a constraint.
- Should the hostname resolve to multiple IP addresses,
- .Xr ntpd 8
- will calculate a median constraint from all of them.
- +The optional
- +.Ic port
- +number is an HTTPS server port to connect to. By default
- +.Xr ntpd 8
- +will connect to remote TCP port 443.
- For example:
- .Bd -literal -offset indent
- servers pool.ntp.org
- constraints from "https://www.google.com/"
- +constraints from "https://duckduckgo.com/" port 443
- .Ed
- .El
- .Sh FILES
|