OpenNTPD daemon with OpenSSL implementation & flexible configurability
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

678 lines
20 KiB

  1. From: Pekka Helenius <fincer89@hotmail.com>
  2. Date: Sun, 02 Aug 2020 20:55:36 +0300
  3. Subject: Unhardcode NTP server, client and constraint UDP & TCP port numbers
  4. --- a/src/client.c 2020-08-02 02:03:13.840286484 +0300
  5. +++ b/src/client.c 2020-08-02 02:04:23.993619892 +0300
  6. @@ -76,13 +76,13 @@ client_addr_init(struct ntp_peer *p)
  7. case AF_INET:
  8. sa_in = (struct sockaddr_in *)&h->ss;
  9. if (ntohs(sa_in->sin_port) == 0)
  10. - sa_in->sin_port = htons(123);
  11. + sa_in->sin_port = htons(p->addr_head.port);
  12. p->state = STATE_DNS_DONE;
  13. break;
  14. case AF_INET6:
  15. sa_in6 = (struct sockaddr_in6 *)&h->ss;
  16. if (ntohs(sa_in6->sin6_port) == 0)
  17. - sa_in6->sin6_port = htons(123);
  18. + sa_in6->sin6_port = htons(p->addr_head.port);
  19. p->state = STATE_DNS_DONE;
  20. break;
  21. default:
  22. @@ -122,9 +122,10 @@ client_nextaddr(struct ntp_peer *p)
  23. p->shift = 0;
  24. p->trustlevel = TRUSTLEVEL_PATHETIC;
  25. - if (p->addr == NULL)
  26. + if (p->addr == NULL) {
  27. p->addr = p->addr_head.a;
  28. - else if ((p->addr = p->addr->next) == NULL)
  29. + p->port = p->addr_head.port;
  30. + } else if ((p->addr = p->addr->next) == NULL)
  31. return (1);
  32. return (0);
  33. --- a/src/ntp.c 2020-07-31 23:34:32.000000000 +0300
  34. +++ b/src/ntp.c 2020-08-01 00:56:09.608057581 +0300
  35. @@ -603,6 +603,8 @@ ntp_dispatch_imsg_dns(void)
  36. peer->addr_head.name;
  37. npeer->addr_head.pool =
  38. peer->addr_head.pool;
  39. + npeer->addr_head.port =
  40. + peer->addr_head.port;
  41. client_peer_init(npeer);
  42. npeer->state = STATE_DNS_DONE;
  43. peer_add(npeer);
  44. @@ -611,6 +613,7 @@ ntp_dispatch_imsg_dns(void)
  45. h->next = peer->addr;
  46. peer->addr = h;
  47. peer->addr_head.a = peer->addr;
  48. + peer->addr_head.port = peer->port;
  49. peer->state = STATE_DNS_DONE;
  50. }
  51. }
  52. --- a/src/config.c 2020-07-31 23:11:30.000000000 +0300
  53. +++ b/src/config.c 2020-08-01 01:02:14.468057965 +0300
  54. @@ -196,3 +196,10 @@ new_constraint(void)
  55. return (p);
  56. }
  57. +int
  58. +intdup(int in)
  59. +{
  60. + int *out;
  61. + out = &in;
  62. + return *out;
  63. +}
  64. --- a/src/ntpd.h 2020-07-31 23:00:51.000000000 +0300
  65. +++ b/src/ntpd.h 2020-08-01 01:27:06.418059534 +0300
  66. @@ -95,7 +95,7 @@
  67. #define CONSTRAINT_SCAN_INTERVAL (15*60)
  68. #define CONSTRAINT_SCAN_TIMEOUT (10)
  69. #define CONSTRAINT_MARGIN (2.0*60)
  70. -#define CONSTRAINT_PORT "443" /* HTTPS port */
  71. +
  72. #define CONSTRAINT_MAXHEADERLENGTH 8192
  73. #define CONSTRAINT_PASSFD (STDERR_FILENO + 1)
  74. @@ -121,6 +121,7 @@ struct listen_addr {
  75. struct sockaddr_storage sa;
  76. int fd;
  77. int rtable;
  78. + int port;
  79. };
  80. struct ntp_addr {
  81. @@ -132,14 +133,17 @@ struct ntp_addr {
  82. struct ntp_addr_wrap {
  83. char *name;
  84. char *path;
  85. + int port;
  86. struct ntp_addr *a;
  87. u_int8_t pool;
  88. };
  89. struct ntp_addr_msg {
  90. struct ntp_addr a;
  91. + int port;
  92. size_t namelen;
  93. size_t pathlen;
  94. + size_t portlen;
  95. };
  96. struct ntp_status {
  97. @@ -184,6 +188,7 @@ struct ntp_peer {
  98. u_int8_t trusted;
  99. int lasterror;
  100. int senderrors;
  101. + int port;
  102. };
  103. struct ntp_sensor {
  104. @@ -206,6 +211,7 @@ struct constraint {
  105. TAILQ_ENTRY(constraint) entry;
  106. struct ntp_addr_wrap addr_head;
  107. struct ntp_addr *addr;
  108. + int port;
  109. int senderrors;
  110. enum client_state state;
  111. u_int32_t id;
  112. @@ -365,6 +371,7 @@ void host_dns_free(struct ntp_addr *)
  113. struct ntp_peer *new_peer(void);
  114. struct ntp_conf_sensor *new_sensor(char *);
  115. struct constraint *new_constraint(void);
  116. +int intdup(int);
  117. /* ntp_msg.c */
  118. int ntp_getmsg(struct sockaddr *, char *, ssize_t, struct ntp_msg *);
  119. @@ -401,6 +408,7 @@ void priv_constraint_kill(u_int32_t);
  120. int priv_constraint_dispatch(struct pollfd *);
  121. void priv_constraint_check_child(pid_t, int);
  122. char *get_string(u_int8_t *, size_t);
  123. +int intlen(int);
  124. /* util.c */
  125. double gettime_corrected(void);
  126. --- a/src/constraint.c 2020-08-02 01:56:09.060286035 +0300
  127. +++ b/src/constraint.c 2020-08-02 01:56:47.110286075 +0300
  128. @@ -66,11 +66,11 @@ void priv_constraint_readquery(struct c
  129. uint8_t **);
  130. struct httpsdate *
  131. - httpsdate_init(const char *, const char *, const char *,
  132. + httpsdate_init(const char *, const int *, const char *,
  133. const char *, const u_int8_t *, size_t);
  134. void httpsdate_free(void *);
  135. int httpsdate_request(struct httpsdate *, struct timeval *);
  136. -void *httpsdate_query(const char *, const char *, const char *,
  137. +void *httpsdate_query(const char *, const int *, const char *,
  138. const char *, const u_int8_t *, size_t,
  139. struct timeval *, struct timeval *);
  140. @@ -125,13 +125,13 @@ constraint_addr_init(struct constraint *
  141. case AF_INET:
  142. sa_in = (struct sockaddr_in *)&h->ss;
  143. if (ntohs(sa_in->sin_port) == 0)
  144. - sa_in->sin_port = htons(443);
  145. + sa_in->sin_port = htons(cstr->addr_head.port);
  146. cstr->state = STATE_DNS_DONE;
  147. break;
  148. case AF_INET6:
  149. sa_in6 = (struct sockaddr_in6 *)&h->ss;
  150. if (ntohs(sa_in6->sin6_port) == 0)
  151. - sa_in6->sin6_port = htons(443);
  152. + sa_in6->sin6_port = htons(cstr->addr_head.port);
  153. cstr->state = STATE_DNS_DONE;
  154. break;
  155. default:
  156. @@ -206,6 +206,7 @@ constraint_query(struct constraint *cstr
  157. memset(&am, 0, sizeof(am));
  158. memcpy(&am.a, cstr->addr, sizeof(am.a));
  159. + memcpy(&am.port, &cstr->addr_head.port, sizeof(am.port));
  160. iov[iov_cnt].iov_base = &am;
  161. iov[iov_cnt++].iov_len = sizeof(am);
  162. @@ -219,6 +220,11 @@ constraint_query(struct constraint *cstr
  163. iov[iov_cnt].iov_base = cstr->addr_head.path;
  164. iov[iov_cnt++].iov_len = am.pathlen;
  165. }
  166. + if (cstr->addr_head.port) {
  167. + am.portlen = intlen(cstr->addr_head.port) + 1;
  168. + iov[iov_cnt].iov_base = &cstr->addr_head.port;
  169. + iov[iov_cnt++].iov_len = am.portlen;
  170. + }
  171. imsg_composev(ibuf_main, IMSG_CONSTRAINT_QUERY,
  172. cstr->id, 0, -1, iov, iov_cnt);
  173. @@ -246,7 +252,7 @@ priv_constraint_msg(u_int32_t id, u_int8
  174. return;
  175. }
  176. memcpy(&am, data, sizeof(am));
  177. - if (len != (sizeof(am) + am.namelen + am.pathlen)) {
  178. + if (len != (sizeof(am) + am.namelen + am.pathlen + am.portlen)) {
  179. log_warnx("constraint id %d: invalid query received", id);
  180. return;
  181. }
  182. @@ -301,6 +307,7 @@ priv_constraint_readquery(struct constra
  183. int n;
  184. struct imsg imsg;
  185. size_t mlen;
  186. + int port;
  187. /* Read the message our parent left us. */
  188. if (((n = imsg_read(&cstr->ibuf)) == -1 && errno != EAGAIN) || n == 0)
  189. @@ -324,7 +331,7 @@ priv_constraint_readquery(struct constra
  190. );
  191. memcpy(am, imsg.data, sizeof(*am));
  192. - if (mlen != (sizeof(*am) + am->namelen + am->pathlen))
  193. + if (mlen != (sizeof(*am) + am->namelen + am->pathlen + am->portlen))
  194. fatalx("constraint: invalid message length received from parent process (%s)",
  195. __func__
  196. );
  197. @@ -334,12 +341,15 @@ priv_constraint_readquery(struct constra
  198. fatal("constraint: can't allocate memory (%s)", __func__);
  199. memcpy(h, &am->a, sizeof(*h));
  200. + memcpy(&port, &am->port, sizeof(port));
  201. h->next = NULL;
  202. -
  203. +
  204. cstr->id = imsg.hdr.peerid;
  205. cstr->addr = h;
  206. cstr->addr_head.a = h;
  207. -
  208. + cstr->port = port;
  209. + cstr->addr_head.port = port;
  210. +
  211. dptr = imsg.data;
  212. memcpy(*data, dptr + sizeof(*am), mlen - sizeof(*am));
  213. imsg_free(&imsg);
  214. @@ -434,10 +444,14 @@ priv_constraint_child(const char *pw_dir
  215. get_string(data, am.pathlen)) == NULL)
  216. fatalx("constraint %s: invalid path", addr);
  217. }
  218. + if (am.portlen) {
  219. + if (cstr.addr_head.port == 0)
  220. + fatalx("constraint %s: invalid port", addr);
  221. + }
  222. /* Run! */
  223. if ((ctx = httpsdate_query(addr,
  224. - CONSTRAINT_PORT, cstr.addr_head.name, cstr.addr_head.path,
  225. + &cstr.addr_head.port, cstr.addr_head.name, cstr.addr_head.path,
  226. conf->ca, conf->ca_len, &rectv, &xmttv)) == NULL) {
  227. log_debug("constraint %s: failed to get proper time results", addr);
  228. /* Abort with failure but without warning */
  229. @@ -800,8 +814,14 @@ constraint_msg_dns(u_int32_t id, u_int8_
  230. ncstr->addr_head.a = h;
  231. ncstr->addr_head.name = strdup(cstr->addr_head.name);
  232. ncstr->addr_head.path = strdup(cstr->addr_head.path);
  233. + ncstr->addr_head.port = intdup(cstr->addr_head.port);
  234. +
  235. + // Unless we do this, we have value 0 in ncstr->port
  236. + ncstr->port = intdup(cstr->port);
  237. +
  238. if (ncstr->addr_head.name == NULL ||
  239. - ncstr->addr_head.path == NULL)
  240. + ncstr->addr_head.path == NULL ||
  241. + ncstr->addr_head.port == 0 || ncstr->port == 0)
  242. fatal("constraint id %d: DNS dispatching failed: invalid data", id);
  243. ncstr->addr_head.pool = cstr->addr_head.pool;
  244. ncstr->state = STATE_DNS_DONE;
  245. @@ -811,6 +831,7 @@ constraint_msg_dns(u_int32_t id, u_int8_
  246. h->next = ncstr->addr;
  247. ncstr->addr = h;
  248. ncstr->addr_head.a = h;
  249. + // TODO missing port?
  250. }
  251. } while (len);
  252. @@ -912,10 +933,11 @@ constraint_check(double val)
  253. }
  254. struct httpsdate *
  255. -httpsdate_init(const char *addr, const char *port, const char *hostname,
  256. +httpsdate_init(const char *addr, const int *port, const char *hostname,
  257. const char *path, const u_int8_t *ca, size_t ca_len)
  258. {
  259. struct httpsdate *httpsdate = NULL;
  260. + char port_s[sizeof(port)];
  261. if ((httpsdate = calloc(1, sizeof(*httpsdate))) == NULL)
  262. goto fail;
  263. @@ -923,8 +945,10 @@ httpsdate_init(const char *addr, const c
  264. if (hostname == NULL)
  265. hostname = addr;
  266. + sprintf(port_s, "%d", *port);
  267. +
  268. if ((httpsdate->tls_addr = strdup(addr)) == NULL ||
  269. - (httpsdate->tls_port = strdup(port)) == NULL ||
  270. + (httpsdate->tls_port = strdup(port_s)) == NULL ||
  271. (httpsdate->tls_hostname = strdup(hostname)) == NULL ||
  272. (httpsdate->tls_path = strdup(path)) == NULL)
  273. goto fail;
  274. @@ -1098,7 +1122,7 @@ httpsdate_request(struct httpsdate *http
  275. }
  276. void *
  277. -httpsdate_query(const char *addr, const char *port, const char *hostname,
  278. +httpsdate_query(const char *addr, const int *port, const char *hostname,
  279. const char *path, const u_int8_t *ca, size_t ca_len,
  280. struct timeval *rectv, struct timeval *xmttv)
  281. {
  282. @@ -1183,3 +1207,17 @@ get_string(u_int8_t *ptr, size_t len)
  283. return strndup(ptr, i);
  284. }
  285. +
  286. +int
  287. +intlen(int val)
  288. +{
  289. + int n = 1;
  290. + if (val < 0)
  291. + return 0;
  292. + while(val > 9) {
  293. + n++;
  294. + val /= 10;
  295. + }
  296. +
  297. + return val;
  298. +}
  299. --- a/src/parse.y 2020-07-31 23:57:08.000000000 +0300
  300. +++ b/src/parse.y 2020-08-01 01:51:28.041394057 +0300
  301. @@ -60,6 +60,7 @@ int findeol(void);
  302. struct sockaddr_in query_addr4;
  303. struct sockaddr_in6 query_addr6;
  304. int poolseqnum;
  305. +struct servent *se;
  306. struct opts {
  307. int weight;
  308. @@ -68,6 +69,7 @@ struct opts {
  309. int rtable;
  310. int trusted;
  311. char *refstr;
  312. + int port;
  313. } opts;
  314. void opts_default(void);
  315. @@ -86,18 +88,21 @@ typedef struct {
  316. %token LISTEN ON CONSTRAINT CONSTRAINTS FROM QUERY TRUSTED
  317. %token SERVER SERVERS SENSOR CORRECTION RTABLE REFID STRATUM WEIGHT
  318. %token ERROR
  319. +%token PORT
  320. %token <v.string> STRING
  321. %token <v.number> NUMBER
  322. %type <v.addr> address url urllist
  323. %type <v.opts> listen_opts listen_opts_l listen_opt
  324. %type <v.opts> server_opts server_opts_l server_opt
  325. %type <v.opts> sensor_opts sensor_opts_l sensor_opt
  326. +%type <v.opts> constraint_opts constraint_opts_l constraint_opt
  327. %type <v.opts> correction
  328. %type <v.opts> rtable
  329. %type <v.opts> refid
  330. %type <v.opts> stratum
  331. %type <v.opts> weight
  332. %type <v.opts> trusted
  333. +%type <v.opts> port
  334. %%
  335. grammar : /* empty */
  336. @@ -125,6 +130,10 @@ main : LISTEN ON address listen_opts {
  337. fatal("can't allocate memory for listening address");
  338. la->fd = -1;
  339. la->rtable = $4.rtable;
  340. +
  341. + if ($4.port != 0)
  342. + la->port = $4.port;
  343. +
  344. memcpy(&la->sa, &h->ss,
  345. sizeof(struct sockaddr_storage));
  346. TAILQ_INSERT_TAIL(&conf->listen_addrs, la,
  347. @@ -186,10 +195,22 @@ main : LISTEN ON address listen_opts {
  348. p->trusted = $3.trusted;
  349. conf->trusted_peers = conf->trusted_peers ||
  350. $3.trusted;
  351. +
  352. + if ($3.port == 0) {
  353. + if ((se = getservbyname("ntp", "udp")) == NULL) {
  354. + fatal("new server: can't find default system information for NTP protocol (getservbyname)");
  355. + } else {
  356. + $3.port = ntohs(se->s_port);
  357. + }
  358. + }
  359. + p->port = $3.port;
  360. + $2->port = p->port;
  361. +
  362. p->query_addr4 = query_addr4;
  363. p->query_addr6 = query_addr6;
  364. p->addr = h;
  365. p->addr_head.a = h;
  366. + p->addr_head.port = intdup($2->port);
  367. p->addr_head.pool = ++poolseqnum;
  368. p->addr_head.name = strdup($2->name);
  369. if (p->addr_head.name == NULL)
  370. @@ -228,9 +249,21 @@ main : LISTEN ON address listen_opts {
  371. p->trusted = $3.trusted;
  372. conf->trusted_peers = conf->trusted_peers ||
  373. $3.trusted;
  374. +
  375. + if ($3.port == 0) {
  376. + if ((se = getservbyname("ntp", "udp")) == NULL) {
  377. + fatal("new server: can't find default system information for NTP protocol (getservbyname)");
  378. + } else {
  379. + $3.port = ntohs(se->s_port);
  380. + }
  381. + }
  382. + p->port = $3.port;
  383. + $2->port = p->port;
  384. +
  385. p->query_addr4 = query_addr4;
  386. p->query_addr6 = query_addr6;
  387. p->addr_head.a = p->addr;
  388. + p->addr_head.port = intdup($2->port);
  389. p->addr_head.pool = 0;
  390. p->addr_head.name = strdup($2->name);
  391. if (p->addr_head.name == NULL)
  392. @@ -241,7 +274,7 @@ main : LISTEN ON address listen_opts {
  393. free($2->name);
  394. free($2);
  395. }
  396. - | CONSTRAINTS FROM url {
  397. + | CONSTRAINTS FROM url constraint_opts {
  398. struct constraint *p;
  399. struct ntp_addr *h, *next;
  400. @@ -266,6 +299,17 @@ main : LISTEN ON address listen_opts {
  401. p = new_constraint();
  402. p->addr = h;
  403. p->addr_head.a = h;
  404. +
  405. + if ($4.port == 0) {
  406. + if ((se = getservbyname("https", "tcp")) == NULL) {
  407. + fatal("new constraint: can't find default system information for HTTPS protocol (getservbyname)");
  408. + } else {
  409. + $4.port = ntohs(se->s_port);
  410. + }
  411. + }
  412. + p->port = $4.port;
  413. + p->addr_head.port = intdup($4.port);
  414. +
  415. p->addr_head.pool = ++poolseqnum;
  416. p->addr_head.name = strdup($3->name);
  417. p->addr_head.path = strdup($3->path);
  418. @@ -281,7 +325,7 @@ main : LISTEN ON address listen_opts {
  419. free($3->name);
  420. free($3);
  421. }
  422. - | CONSTRAINT FROM urllist {
  423. + | CONSTRAINT FROM urllist constraint_opts {
  424. struct constraint *p;
  425. struct ntp_addr *h, *next;
  426. @@ -304,6 +348,17 @@ main : LISTEN ON address listen_opts {
  427. }
  428. p->addr_head.a = p->addr;
  429. +
  430. + if ($4.port == 0) {
  431. + if ((se = getservbyname("https", "tcp")) == NULL) {
  432. + fatal("new constraint: can't find default system information for HTTPS protocol (getservbyname)");
  433. + } else {
  434. + $4.port = ntohs(se->s_port);
  435. + }
  436. + }
  437. + p->port = $4.port;
  438. + p->addr_head.port = intdup($4.port);
  439. +
  440. p->addr_head.pool = 0;
  441. p->addr_head.name = strdup($3->name);
  442. p->addr_head.path = strdup($3->path);
  443. @@ -410,6 +465,7 @@ listen_opts_l : listen_opts_l listen_opt
  444. | listen_opt
  445. ;
  446. listen_opt : rtable
  447. + | port
  448. ;
  449. server_opts : { opts_default(); }
  450. @@ -422,6 +478,18 @@ server_opts_l : server_opts_l server_opt
  451. ;
  452. server_opt : weight
  453. | trusted
  454. + | port
  455. + ;
  456. +
  457. +constraint_opts : { opts_default(); }
  458. + constraint_opts_l
  459. + { $$ = opts; }
  460. + | { opts_default(); $$ = opts; }
  461. + ;
  462. +constraint_opts_l : constraint_opts_l constraint_opt
  463. + | constraint_opt
  464. + ;
  465. +constraint_opt : port
  466. ;
  467. sensor_opts : { opts_default(); }
  468. @@ -478,6 +546,17 @@ weight : WEIGHT NUMBER {
  469. }
  470. opts.weight = $2;
  471. }
  472. + ;
  473. +
  474. +port : PORT NUMBER {
  475. + if ($2 < 1 || $2 > 65535) {
  476. + yyerror("port must be between 1 and 65535");
  477. + YYERROR;
  478. + }
  479. + opts.port = $2;
  480. + }
  481. + ;
  482. +
  483. rtable : RTABLE NUMBER {
  484. #ifdef RT_TABLEID_MAX
  485. if ($2 < 0 || $2 > RT_TABLEID_MAX) {
  486. @@ -502,6 +581,7 @@ opts_default(void)
  487. memset(&opts, 0, sizeof opts);
  488. opts.weight = 1;
  489. opts.stratum = 1;
  490. + opts.port = 0;
  491. }
  492. struct keywords {
  493. @@ -542,6 +622,7 @@ lookup(char *s)
  494. { "from", FROM},
  495. { "listen", LISTEN},
  496. { "on", ON},
  497. + { "port", PORT},
  498. { "query", QUERY},
  499. { "refid", REFID},
  500. { "rtable", RTABLE},
  501. --- a/src/server.c 2020-08-01 00:04:05.000000000 +0300
  502. +++ b/src/server.c 2020-08-01 01:14:42.328058753 +0300
  503. @@ -107,14 +107,18 @@ setup_listeners(struct servent *se, stru
  504. for (la = TAILQ_FIRST(&lconf->listen_addrs); la; ) {
  505. switch (la->sa.ss_family) {
  506. case AF_INET:
  507. - if (((struct sockaddr_in *)&la->sa)->sin_port == 0)
  508. - ((struct sockaddr_in *)&la->sa)->sin_port =
  509. - se->s_port;
  510. + if ((la->port == 0) && \
  511. + (((struct sockaddr_in *)&la->sa)->sin_port == 0))
  512. + ((struct sockaddr_in *)&la->sa)->sin_port = se->s_port;
  513. + else
  514. + ((struct sockaddr_in *)&la->sa)->sin_port = ntohs(la->port);
  515. break;
  516. case AF_INET6:
  517. - if (((struct sockaddr_in6 *)&la->sa)->sin6_port == 0)
  518. - ((struct sockaddr_in6 *)&la->sa)->sin6_port =
  519. - se->s_port;
  520. + if ((la->port == 0) && \
  521. + (((struct sockaddr_in6 *)&la->sa)->sin6_port == 0))
  522. + ((struct sockaddr_in6 *)&la->sa)->sin6_port = se->s_port;
  523. + else
  524. + ((struct sockaddr_in6 *)&la->sa)->sin6_port = ntohs(la->port);
  525. break;
  526. case AF_UNSPEC:
  527. nla = TAILQ_NEXT(la, entry);
  528. --- a/src/ntpd.conf.5 2020-07-31 23:00:51.000000000 +0300
  529. +++ b/src/ntpd.conf.5 2020-08-01 01:22:25.424725907 +0300
  530. @@ -14,7 +14,7 @@
  531. .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  532. .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  533. .\"
  534. -.Dd $Mdocdate: May 16 2020 $
  535. +.Dd $Mdocdate: August 01 2020 $
  536. .Dt NTPD.CONF 5
  537. .Os
  538. .Sh NAME
  539. @@ -37,6 +37,7 @@ The basic configuration options are as f
  540. .Bl -tag -width Ds
  541. .It Xo Ic listen on Ar address
  542. .Op Ic rtable Ar table-id
  543. +.Op Ic port Ar port-number
  544. .Xc
  545. .Xr ntpd 8
  546. has the ability to sync the local clock to remote NTP servers and, if
  547. @@ -62,6 +63,12 @@ keyword will specify which routing table
  548. By default
  549. .Xr ntpd 8
  550. will listen using the current routing table.
  551. +The optional
  552. +.Ic port
  553. +keyword will specify which local UDP port the NTP server process should use for inbound connections.
  554. +By default
  555. +.Xr ntpd 8
  556. +will listen to UDP port 123 for new client connections.
  557. For example:
  558. .Bd -literal -offset indent
  559. listen on *
  560. @@ -72,6 +79,7 @@ or
  561. listen on 127.0.0.1
  562. listen on ::1
  563. listen on 127.0.0.1 rtable 4
  564. +listen on 127.0.0.1 port 1230
  565. .Ed
  566. .It Ic query from Ar sourceaddr
  567. Specify a local IP address the
  568. @@ -165,6 +173,7 @@ than a server with a weight of 1.
  569. .It Xo Ic server Ar address
  570. .Op Ic trusted
  571. .Op Ic weight Ar weight-value
  572. +.Op Ic port Ar port-number
  573. .Xc
  574. Specify the IP address or the hostname of an NTP
  575. server to synchronize to.
  576. @@ -182,6 +191,7 @@ For example:
  577. .Bd -literal -offset indent
  578. server 10.0.0.2 weight 5
  579. server ntp.example.org weight 1
  580. +server ntp.foo.org port 123
  581. .Ed
  582. .Pp
  583. To provide redundancy, it is good practice to configure multiple servers.
  584. @@ -190,6 +200,7 @@ network latency.
  585. .It Xo Ic servers Ar address
  586. .Op Ic trusted
  587. .Op Ic weight Ar weight-value
  588. +.Op Ic port Ar port-number
  589. .Xc
  590. As with
  591. .Cm server ,
  592. @@ -204,6 +215,7 @@ For example:
  593. .Bd -literal -offset indent
  594. servers pool.ntp.org
  595. servers pool.ntp.org weight 5
  596. +servers pool.ntp.org weight 6 port 123
  597. .Ed
  598. .El
  599. .Sh CONSTRAINTS
  600. @@ -227,8 +239,13 @@ without libtls causes
  601. to log a warning message on startup.
  602. .Bl -tag -width Ds
  603. .It Ic constraint from Ar url [ip...]
  604. +.Op Ic port Ar port-number
  605. Specify the URL, IP address or the hostname of an HTTPS server to
  606. -provide a constraint.
  607. +provide a constraint. The optional
  608. +.Ic port
  609. +number is an HTTPS server port to connect to. By default
  610. +.Xr ntpd 8
  611. +will connect to remote TCP port 443.
  612. If the url is followed by one or more addresses the url and addresses will be
  613. tried until a working one is found.
  614. The url path and expected certificate name is always taken from the
  615. @@ -242,8 +259,10 @@ will calculate a median constraint from
  616. server ntp.example.org
  617. constraint from www.example.com
  618. constraint from "https://9.9.9.9" "2620:fe::9"
  619. +constraint from www.google.com port 443
  620. .Ed
  621. .It Ic constraints from Ar url
  622. +.Op Ic port Ar port-number
  623. As with
  624. .Ic constraint from ,
  625. specify the URL, IP address or the hostname of an HTTPS server to
  626. @@ -251,10 +270,16 @@ provide a constraint.
  627. Should the hostname resolve to multiple IP addresses,
  628. .Xr ntpd 8
  629. will calculate a median constraint from all of them.
  630. +The optional
  631. +.Ic port
  632. +number is an HTTPS server port to connect to. By default
  633. +.Xr ntpd 8
  634. +will connect to remote TCP port 443.
  635. For example:
  636. .Bd -literal -offset indent
  637. servers pool.ntp.org
  638. constraints from "https://www.google.com/"
  639. +constraints from "https://duckduckgo.com/" port 443
  640. .Ed
  641. .El
  642. .Sh FILES