OpenNTPD daemon with OpenSSL implementation & flexible configurability
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1972 lines
61 KiB

  1. From: Pekka Helenius <fincer89@hotmail.com>
  2. Date: Tue, 04 Aug 2020 01:52:15 +0300
  3. Subject: Unhardcode majority of configuration settings, update manual
  4. --- a/src/sensors.c 2020-07-31 23:58:46.000000000 +0300
  5. +++ b/src/sensors.c 2020-08-03 23:12:53.431633678 +0300
  6. @@ -145,7 +145,7 @@ sensor_add(int sensordev, char *dxname)
  7. s->sensordevid = sensordev;
  8. if (cs->refstr == NULL)
  9. - memcpy(&s->refid, SENSOR_DEFAULT_REFID, sizeof(s->refid));
  10. + memcpy(&s->refid, conf->sensor_default_refid, sizeof(s->refid));
  11. else {
  12. s->refid = 0;
  13. strncpy((char *)&s->refid, cs->refstr, sizeof(s->refid));
  14. @@ -174,12 +174,12 @@ sensor_query(struct ntp_sensor *s)
  15. double sens_time;
  16. if (conf->settime)
  17. - s->next = getmonotime() + SENSOR_QUERY_INTERVAL_SETTIME;
  18. + s->next = getmonotime() + conf->sensor_query_interval_settime;
  19. else
  20. - s->next = getmonotime() + SENSOR_QUERY_INTERVAL;
  21. + s->next = getmonotime() + conf->sensor_query_interval;
  22. /* rcvd is walltime here, monotime in client.c. not used elsewhere */
  23. - if (s->update.rcvd < time(NULL) - SENSOR_DATA_MAXAGE)
  24. + if (s->update.rcvd < time(NULL) - conf->sensor_data_maxage)
  25. s->update.good = 0;
  26. if (!sensor_probe(s->sensordevid, dxname, &sensor)) {
  27. --- a/src/ntpd.c 2020-08-03 23:29:45.150837701 +0300
  28. +++ b/src/ntpd.c 2020-08-03 23:48:03.062564686 +0300
  29. @@ -58,10 +58,10 @@ void ntpd_adjfreq(double, int);
  30. void ntpd_settime(double);
  31. void readfreq(void);
  32. int writefreq(double);
  33. -void ctl_main(int, char*[]);
  34. +void ctl_main(int, char*[], const struct ntpd_conf *);
  35. const char *ctl_lookup_option(char *, const char **);
  36. void show_status_msg(struct imsg *);
  37. -void show_peer_msg(struct imsg *, int);
  38. +void show_peer_msg(struct imsg *, int, const struct ntpd_conf *);
  39. void show_sensor_msg(struct imsg *, int);
  40. void update_time_sync_status(int);
  41. @@ -135,7 +135,7 @@ auto_preconditions(const struct ntpd_con
  42. #endif
  43. constraints = !TAILQ_EMPTY(&cnf->constraints);
  44. return !cnf->settime && (constraints || cnf->trusted_peers ||
  45. - conf->trusted_sensors) && securelevel == 0;
  46. + cnf->trusted_sensors) && securelevel == 0;
  47. }
  48. #define POLL_MAX 8
  49. @@ -171,15 +171,16 @@ main(int argc, char *argv[])
  50. __progname = get_progname(argv[0]);
  51. - if (strcmp(__progname, "ntpctl") == 0) {
  52. - ctl_main(argc, argv);
  53. - /* NOTREACHED */
  54. - }
  55. -
  56. conffile = CONFFILE;
  57. memset(&lconf, 0, sizeof(lconf));
  58. + if (strcmp(__progname, "ntpctl") == 0) {
  59. + parse_config(conffile, &lconf);
  60. + ctl_main(argc, argv, &lconf);
  61. + /* NOTREACHED */
  62. + }
  63. +
  64. #ifndef HAVE_SETPROCTITLE
  65. /* Prepare for later setproctitle emulation */
  66. saved_argv = calloc(argc + 1, sizeof(*saved_argv));
  67. @@ -253,8 +254,8 @@ main(int argc, char *argv[])
  68. if (geteuid())
  69. errx(1, "main process: need root privileges");
  70. - if ((pw = getpwnam(NTPD_USER)) == NULL)
  71. - errx(1, "main process: unknown user %s", NTPD_USER);
  72. + if ((pw = getpwnam(conf->ntpd_user)) == NULL)
  73. + errx(1, "main process: unknown user %s", conf->ntpd_user);
  74. lconf.automatic = auto_preconditions(&lconf);
  75. if (lconf.automatic)
  76. @@ -277,7 +278,7 @@ main(int argc, char *argv[])
  77. fatalx("main process: process '%s' failed (%s)", pname, __func__);
  78. } else {
  79. - if ((control_check(CTLSOCKET)) == -1)
  80. + if ((control_check(conf->ctlsocket)) == -1)
  81. fatalx("OpenNTPD is already running");
  82. }
  83. @@ -295,7 +296,7 @@ main(int argc, char *argv[])
  84. }
  85. } else {
  86. settime_deadline = getmonotime();
  87. - timeout = 100;
  88. + timeout = conf->settime_timeout;
  89. }
  90. if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC,
  91. @@ -311,6 +312,10 @@ main(int argc, char *argv[])
  92. start_child(NTP_PROC_NAME, pipe_chld[1], argc0, argv0);
  93. log_procinit("[priv]");
  94. +
  95. + if (lconf.debug)
  96. + print_conf(&lconf);
  97. +
  98. readfreq();
  99. signal(SIGTERM, sighdlr);
  100. @@ -370,7 +375,7 @@ main(int argc, char *argv[])
  101. }
  102. if (nfds == 0 && lconf.settime &&
  103. - getmonotime() > settime_deadline + SETTIME_TIMEOUT) {
  104. + getmonotime() > settime_deadline + conf->settime_timeout) {
  105. lconf.settime = 0;
  106. timeout = INFTIM;
  107. log_init(logdest, lconf.verbose, LOG_DAEMON);
  108. @@ -520,7 +525,7 @@ ntpd_adjtime(double d)
  109. {
  110. int synced = 0;
  111. static int firstadj = 1;
  112. - double threshold = (double)LOG_NEGLIGIBLE_ADJTIME / 1000;
  113. + double threshold = (double)conf->log_negligible_adjtime / 1000;
  114. d += getoffset();
  115. if (d >= threshold || d <= -1 * threshold)
  116. @@ -581,8 +586,8 @@ ntpd_adjfreq(double relfreq, int wrlog)
  117. r = writefreq(curfreq / 1e9 / (1LL << 32));
  118. ppmfreq = relfreq * 1e6;
  119. if (wrlog) {
  120. - if (ppmfreq >= LOG_NEGLIGIBLE_ADJFREQ ||
  121. - ppmfreq <= -LOG_NEGLIGIBLE_ADJFREQ)
  122. + if (ppmfreq >= conf->log_negligible_adjfreq ||
  123. + ppmfreq <= -(conf->log_negligible_adjfreq))
  124. log_info("main process: adjusting clock frequency by %f to %f ppm%s",
  125. ppmfreq, curfreq / 1e3 / (1LL << 32),
  126. r ? "" : " (no drift file)");
  127. @@ -634,13 +639,13 @@ readfreq(void)
  128. int fd;
  129. double d;
  130. - fd = open(DRIFTFILE, O_RDWR);
  131. + fd = open(conf->driftfile, O_RDWR);
  132. if (fd == -1) {
  133. - log_warnx("main process: creating new drift file %s", DRIFTFILE);
  134. + log_warnx("main process: creating new drift file %s", conf->driftfile);
  135. current = 0;
  136. if (adjfreq(&current, NULL) == -1)
  137. log_warn("main process: frequency reset failed");
  138. - freqfp = fopen(DRIFTFILE, "w");
  139. + freqfp = fopen(conf->driftfile, "w");
  140. return;
  141. }
  142. @@ -654,7 +659,7 @@ readfreq(void)
  143. d /= 1e6; /* scale from ppm */
  144. ntpd_adjfreq(d, 0);
  145. } else
  146. - log_warnx("main process: drift file %s is empty", DRIFTFILE);
  147. + log_warnx("main process: drift file %s is empty", conf->driftfile);
  148. }
  149. }
  150. @@ -671,7 +676,7 @@ writefreq(double d)
  151. r = fprintf(freqfp, "%.3f\n", d * 1e6); /* scale to ppm */
  152. if (r < 0 || fflush(freqfp) != 0) {
  153. if (warnonce) {
  154. - log_warnx("main process: can't write drift file %s", DRIFTFILE);
  155. + log_warnx("main process: can't write drift file %s", conf->driftfile);
  156. warnonce = 0;
  157. }
  158. clearerr(freqfp);
  159. @@ -679,13 +684,13 @@ writefreq(double d)
  160. }
  161. off = ftello(freqfp);
  162. if (off == -1 || ftruncate(fileno(freqfp), off) == -1)
  163. - log_warnx("main process: can't truncate drift file %s", DRIFTFILE);
  164. + log_warnx("main process: can't truncate drift file %s", conf->driftfile);
  165. fsync(fileno(freqfp));
  166. return 1;
  167. }
  168. void
  169. -ctl_main(int argc, char *argv[])
  170. +ctl_main(int argc, char *argv[], const struct ntpd_conf *cconf)
  171. {
  172. struct sockaddr_un sa;
  173. struct imsg imsg;
  174. @@ -693,7 +698,7 @@ ctl_main(int argc, char *argv[])
  175. int fd, n, done, ch, action;
  176. char *sockname;
  177. - sockname = CTLSOCKET;
  178. + sockname = cconf->ctlsocket;
  179. if (argc < 2) {
  180. usage();
  181. @@ -741,6 +746,7 @@ ctl_main(int argc, char *argv[])
  182. memset(&sa, 0, sizeof(sa));
  183. sa.sun_family = AF_UNIX;
  184. +
  185. if (strlcpy(sa.sun_path, sockname, sizeof(sa.sun_path)) >=
  186. sizeof(sa.sun_path))
  187. errx(1, "ntpctl: control socket name is too long");
  188. @@ -799,7 +805,7 @@ ctl_main(int argc, char *argv[])
  189. done = 1;
  190. break;
  191. case CTL_SHOW_PEERS:
  192. - show_peer_msg(&imsg, 0);
  193. + show_peer_msg(&imsg, 0, cconf);
  194. if (imsg.hdr.type ==
  195. IMSG_CTL_SHOW_PEERS_END)
  196. done = 1;
  197. @@ -816,7 +822,7 @@ ctl_main(int argc, char *argv[])
  198. show_status_msg(&imsg);
  199. break;
  200. case IMSG_CTL_SHOW_PEERS:
  201. - show_peer_msg(&imsg, 1);
  202. + show_peer_msg(&imsg, 1, cconf);
  203. break;
  204. case IMSG_CTL_SHOW_SENSORS:
  205. show_sensor_msg(&imsg, 1);
  206. @@ -911,7 +917,7 @@ show_status_msg(struct imsg *imsg)
  207. }
  208. void
  209. -show_peer_msg(struct imsg *imsg, int calledfromshowall)
  210. +show_peer_msg(struct imsg *imsg, int calledfromshowall, const struct ntpd_conf *pconf)
  211. {
  212. struct ctl_show_peer *cpeer;
  213. int cnt;
  214. @@ -953,7 +959,7 @@ show_peer_msg(struct imsg *imsg, int cal
  215. cpeer->weight, cpeer->trustlevel, stratum,
  216. (long long)cpeer->next, (long long)cpeer->poll);
  217. - if (cpeer->trustlevel >= TRUSTLEVEL_BADPEER)
  218. + if (cpeer->trustlevel >= pconf->trustlevel_badpeer)
  219. printf(" %12.3fms %9.3fms %8.3fms\n", cpeer->offset,
  220. cpeer->delay, cpeer->jitter);
  221. else
  222. --- a/src/ntp.c 2020-08-01 15:22:42.000000000 +0300
  223. +++ b/src/ntp.c 2020-08-03 23:08:32.397143675 +0300
  224. @@ -55,7 +55,7 @@ int ntp_dispatch_imsg_dns(void);
  225. void peer_add(struct ntp_peer *);
  226. void peer_remove(struct ntp_peer *);
  227. int inpool(struct sockaddr_storage *,
  228. - struct sockaddr_storage[MAX_SERVERS_DNS], size_t);
  229. + struct sockaddr_storage[conf->max_servers_dns], size_t);
  230. void
  231. ntp_sighdlr(int sig)
  232. @@ -258,12 +258,12 @@ ntp_main(struct ntpd_conf *nconf, struct
  233. sent_cnt++;
  234. }
  235. if (p->deadline > 0 && p->deadline <= getmonotime()) {
  236. - timeout = 300;
  237. + timeout = conf->interval_query_timeout;
  238. log_debug("NTP client: NTP peer %s - no reply received in time, "
  239. "next query in %ds", log_sockaddr(
  240. (struct sockaddr *)&p->addr->ss), timeout);
  241. - if (p->trustlevel >= TRUSTLEVEL_BADPEER &&
  242. - (p->trustlevel /= 2) < TRUSTLEVEL_BADPEER)
  243. + if (p->trustlevel >= conf->trustlevel_badpeer &&
  244. + (p->trustlevel /= 2) < conf->trustlevel_badpeer)
  245. log_info("NTP client: NTP peer %s is invalid now",
  246. log_sockaddr(
  247. (struct sockaddr *)&p->addr->ss));
  248. @@ -273,17 +273,17 @@ ntp_main(struct ntpd_conf *nconf, struct
  249. }
  250. set_next(p, timeout);
  251. }
  252. - if (p->senderrors > MAX_SEND_ERRORS) {
  253. + if (p->senderrors > conf->max_send_errors) {
  254. log_debug("NTP client: NTP peer %s - failed to send query, "
  255. "next query in %ds", log_sockaddr(
  256. (struct sockaddr *)&p->addr->ss),
  257. - INTERVAL_QUERY_PATHETIC);
  258. + conf->interval_query_pathetic);
  259. p->senderrors = 0;
  260. if (client_nextaddr(p) == 1) {
  261. peer_addr_head_clear(p);
  262. client_nextaddr(p);
  263. }
  264. - set_next(p, INTERVAL_QUERY_PATHETIC);
  265. + set_next(p, conf->interval_query_pathetic);
  266. }
  267. if (p->next > 0 && p->next < nextaction)
  268. nextaction = p->next;
  269. @@ -304,13 +304,13 @@ ntp_main(struct ntpd_conf *nconf, struct
  270. (conf->trusted_sensors || constraint_cnt == 0 ||
  271. conf->constraint_median != 0)) {
  272. if (last_sensor_scan == 0 ||
  273. - last_sensor_scan + SENSOR_SCAN_INTERVAL <= getmonotime()) {
  274. + last_sensor_scan + conf->sensor_scan_interval <= getmonotime()) {
  275. sensors_cnt = sensor_scan();
  276. last_sensor_scan = getmonotime();
  277. }
  278. if (sensors_cnt == 0 &&
  279. - nextaction > last_sensor_scan + SENSOR_SCAN_INTERVAL)
  280. - nextaction = last_sensor_scan + SENSOR_SCAN_INTERVAL;
  281. + nextaction > last_sensor_scan + conf->sensor_scan_interval)
  282. + nextaction = last_sensor_scan + conf->sensor_scan_interval;
  283. sensors_cnt = 0;
  284. TAILQ_FOREACH(s, &conf->ntp_sensors, entry) {
  285. if (conf->settime && s->offsets[0].offset)
  286. @@ -482,7 +482,7 @@ ntp_dispatch_imsg(void)
  287. int
  288. inpool(struct sockaddr_storage *a,
  289. - struct sockaddr_storage old[MAX_SERVERS_DNS], size_t n)
  290. + struct sockaddr_storage old[conf->max_servers_dns], size_t n)
  291. {
  292. size_t i;
  293. @@ -506,7 +506,7 @@ int
  294. ntp_dispatch_imsg_dns(void)
  295. {
  296. struct imsg imsg;
  297. - struct sockaddr_storage existing[MAX_SERVERS_DNS];
  298. + struct sockaddr_storage existing[conf->max_servers_dns];
  299. struct ntp_peer *peer, *npeer, *tmp;
  300. u_int16_t dlen;
  301. u_char *p;
  302. @@ -558,7 +558,7 @@ ntp_dispatch_imsg_dns(void)
  303. if (dlen == 0) { /* no data -> temp error */
  304. log_warnx("DNS lookup temporary failed");
  305. peer->state = STATE_DNS_TEMPFAIL;
  306. - if (conf->tmpfail++ == TRIES_AUTO_DNSFAIL)
  307. + if (conf->tmpfail++ == conf->tries_auto_dnsfail)
  308. priv_settime(0, "of DNS failures");
  309. break;
  310. }
  311. @@ -690,7 +690,7 @@ priv_adjfreq(double offset)
  312. conf->freq.y += offset;
  313. conf->freq.xx += curtime * curtime;
  314. - if (conf->freq.samples % FREQUENCY_SAMPLES != 0)
  315. + if (conf->freq.samples % conf->frequency_samples != 0)
  316. return;
  317. freq =
  318. @@ -698,10 +698,10 @@ priv_adjfreq(double offset)
  319. /
  320. (conf->freq.xx - conf->freq.x * conf->freq.x / conf->freq.samples);
  321. - if (freq > MAX_FREQUENCY_ADJUST)
  322. - freq = MAX_FREQUENCY_ADJUST;
  323. - else if (freq < -MAX_FREQUENCY_ADJUST)
  324. - freq = -MAX_FREQUENCY_ADJUST;
  325. + if (freq > conf->max_frequency_adjust)
  326. + freq = conf->max_frequency_adjust;
  327. + else if (freq < -(conf->max_frequency_adjust))
  328. + freq = -(conf->max_frequency_adjust);
  329. imsg_compose(ibuf_main, IMSG_ADJFREQ, 0, 0, -1, &freq, sizeof(freq));
  330. conf->filters |= FILTER_ADJFREQ;
  331. @@ -724,7 +724,7 @@ priv_adjtime(void)
  332. double offset_median;
  333. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  334. - if (p->trustlevel < TRUSTLEVEL_BADPEER)
  335. + if (p->trustlevel < conf->trustlevel_badpeer)
  336. continue;
  337. if (!p->update.good)
  338. return (1);
  339. @@ -744,7 +744,7 @@ priv_adjtime(void)
  340. fatal("main process: can't allocate memory for time adjustment");
  341. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  342. - if (p->trustlevel < TRUSTLEVEL_BADPEER)
  343. + if (p->trustlevel < conf->trustlevel_badpeer)
  344. continue;
  345. for (j = 0; j < p->weight; j++)
  346. offsets[i++] = &p->update;
  347. @@ -841,13 +841,13 @@ update_scale(double offset)
  348. if (offset < 0)
  349. offset = -offset;
  350. - if (offset > QSCALE_OFF_MAX || !conf->status.synced ||
  351. + if (offset > conf->qscale_off_max || !conf->status.synced ||
  352. conf->freq.num < 3)
  353. conf->scale = 1;
  354. - else if (offset < QSCALE_OFF_MIN)
  355. - conf->scale = QSCALE_OFF_MAX / QSCALE_OFF_MIN;
  356. + else if (offset < conf->qscale_off_min)
  357. + conf->scale = conf->qscale_off_max / conf->qscale_off_min;
  358. else
  359. - conf->scale = QSCALE_OFF_MAX / offset;
  360. + conf->scale = conf->qscale_off_max / offset;
  361. }
  362. time_t
  363. @@ -865,7 +865,7 @@ error_interval(void)
  364. {
  365. time_t interval, r;
  366. - interval = INTERVAL_QUERY_PATHETIC * QSCALE_OFF_MAX / QSCALE_OFF_MIN;
  367. + interval = conf->interval_query_pathetic * conf->qscale_off_max / conf->qscale_off_min;
  368. r = arc4random_uniform(interval / 10);
  369. return (interval + r);
  370. }
  371. --- a/src/control.c 2020-07-31 23:23:56.000000000 +0300
  372. +++ b/src/control.c 2020-08-03 23:06:05.136249122 +0300
  373. @@ -317,7 +317,7 @@ build_show_status(struct ctl_show_status
  374. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  375. cs->peercnt++;
  376. - if (p->trustlevel >= TRUSTLEVEL_BADPEER)
  377. + if (p->trustlevel >= conf->trustlevel_badpeer)
  378. cs->valid_peers++;
  379. }
  380. TAILQ_FOREACH(s, &conf->ntp_sensors, entry) {
  381. @@ -424,7 +424,7 @@ build_show_sensor(struct ctl_show_sensor
  382. now = getmonotime();
  383. - memcpy(&refid, SENSOR_DEFAULT_REFID, sizeof(refid));
  384. + memcpy(&refid, conf->sensor_default_refid, sizeof(refid));
  385. refid = refid == s->refid ? 0 : s->refid;
  386. snprintf(cs->sensor_desc, sizeof(cs->sensor_desc),
  387. @@ -445,7 +445,7 @@ build_show_sensor(struct ctl_show_sensor
  388. cs->good = s->update.good;
  389. cs->stratum = s->offsets[shift].status.stratum;
  390. cs->next = s->next - now < 0 ? 0 : s->next - now;
  391. - cs->poll = SENSOR_QUERY_INTERVAL;
  392. + cs->poll = conf->sensor_query_interval;
  393. cs->offset = s->offsets[shift].offset * 1000.0;
  394. cs->correction = (double)s->correction / 1000.0;
  395. }
  396. --- a/src/constraint.c 2020-08-02 01:57:36.430286127 +0300
  397. +++ b/src/constraint.c 2020-08-02 01:57:57.020286149 +0300
  398. @@ -165,8 +165,8 @@ constraint_query(struct constraint *cstr
  399. /* Proceed and query the time */
  400. break;
  401. case STATE_DNS_TEMPFAIL:
  402. - if (now > cstr->last + (cstr->dnstries >= TRIES_AUTO_DNSFAIL ?
  403. - CONSTRAINT_RETRY_INTERVAL : INTERVAL_AUIO_DNSFAIL)) {
  404. + if (now > cstr->last + (cstr->dnstries >= conf->tries_auto_dnsfail ?
  405. + conf->constraint_retry_interval : conf->interval_auto_dnsfail)) {
  406. cstr->dnstries++;
  407. /* Retry resolving the address */
  408. constraint_init(cstr);
  409. @@ -174,7 +174,7 @@ constraint_query(struct constraint *cstr
  410. }
  411. return (-1);
  412. case STATE_QUERY_SENT:
  413. - if (cstr->last + CONSTRAINT_SCAN_TIMEOUT > now) {
  414. + if (cstr->last + conf->constraint_scan_timeout > now) {
  415. /* The caller should expect a reply */
  416. return (0);
  417. }
  418. @@ -186,7 +186,7 @@ constraint_query(struct constraint *cstr
  419. cstr->state = STATE_TIMEOUT;
  420. return (-1);
  421. case STATE_INVALID:
  422. - if (cstr->last + CONSTRAINT_SCAN_INTERVAL > now) {
  423. + if (cstr->last + conf->constraint_scan_interval > now) {
  424. /* Nothing to do */
  425. return (-1);
  426. }
  427. @@ -745,7 +745,7 @@ constraint_msg_close(u_int32_t id, u_int
  428. log_debug("constraint %s: no reply"
  429. " received in time, next query in %ds",
  430. log_sockaddr((struct sockaddr *)
  431. - &cstr->addr->ss), CONSTRAINT_SCAN_INTERVAL);
  432. + &cstr->addr->ss), conf->constraint_scan_interval);
  433. cnt = 0;
  434. TAILQ_FOREACH(tmp, &conf->constraints, entry)
  435. @@ -920,9 +920,9 @@ constraint_check(double val)
  436. tv.tv_usec = 0;
  437. diff = fabs(val - gettime_from_timeval(&tv));
  438. - if (diff > CONSTRAINT_MARGIN) {
  439. + if (diff > conf->constraint_margin) {
  440. if (conf->constraint_errors++ >
  441. - (CONSTRAINT_ERROR_MARGIN * peer_cnt)) {
  442. + (conf->constraint_error_margin * peer_cnt)) {
  443. constraint_reset();
  444. }
  445. @@ -999,7 +999,7 @@ int
  446. httpsdate_request(struct httpsdate *httpsdate, struct timeval *when)
  447. {
  448. char timebuf1[32], timebuf2[32];
  449. - size_t outlen = 0, maxlength = CONSTRAINT_MAXHEADERLENGTH, len;
  450. + size_t outlen = 0, maxlength = conf->constraint_maxheaderlength, len;
  451. char *line, *p, *buf;
  452. time_t httptime, notbefore, notafter;
  453. struct tm *tm;
  454. --- a/src/config.c 2020-08-01 01:02:14.000000000 +0300
  455. +++ b/src/config.c 2020-08-01 11:35:05.758097319 +0300
  456. @@ -115,7 +115,7 @@ host_dns1(const char *s, struct ntp_addr
  457. return (-1);
  458. }
  459. - for (res = res0; res && cnt < MAX_SERVERS_DNS; res = res->ai_next) {
  460. + for (res = res0; res && cnt < conf->max_servers_dns; res = res->ai_next) {
  461. if (res->ai_family != AF_INET &&
  462. res->ai_family != AF_INET6)
  463. continue;
  464. --- a/src/client.c 2020-08-02 02:04:55.666953258 +0300
  465. +++ b/src/client.c 2020-08-03 23:12:14.368300303 +0300
  466. @@ -57,7 +57,7 @@ client_peer_init(struct ntp_peer *p)
  467. p->query->msg.status = MODE_CLIENT | (NTP_VERSION << 3);
  468. p->state = STATE_NONE;
  469. p->shift = 0;
  470. - p->trustlevel = TRUSTLEVEL_PATHETIC;
  471. + p->trustlevel = conf->trustlevel_pathetic;
  472. p->lasterror = 0;
  473. p->senderrors = 0;
  474. @@ -120,7 +120,7 @@ client_nextaddr(struct ntp_peer *p)
  475. }
  476. p->shift = 0;
  477. - p->trustlevel = TRUSTLEVEL_PATHETIC;
  478. + p->trustlevel = conf->trustlevel_pathetic;
  479. if (p->addr == NULL) {
  480. p->addr = p->addr_head.a;
  481. @@ -148,10 +148,10 @@ client_query(struct ntp_peer *p)
  482. if (p->addr == NULL && client_nextaddr(p) == -1) {
  483. if (conf->settime)
  484. - set_next(p, INTERVAL_AUIO_DNSFAIL);
  485. + set_next(p, conf->interval_auto_dnsfail);
  486. else
  487. - set_next(p, MAXIMUM(SETTIME_TIMEOUT,
  488. - scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
  489. + set_next(p, MAXIMUM(conf->settime_timeout,
  490. + scale_interval(conf->interval_query_aggressive)));
  491. return (0);
  492. }
  493. @@ -200,8 +200,8 @@ client_query(struct ntp_peer *p)
  494. client_nextaddr(p);
  495. if (p->addr == NULL)
  496. p->addr = p->addr_head.a;
  497. - set_next(p, MAXIMUM(SETTIME_TIMEOUT,
  498. - scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
  499. + set_next(p, MAXIMUM(conf->settime_timeout,
  500. + scale_interval(conf->interval_query_aggressive)));
  501. p->senderrors++;
  502. return (-1);
  503. } else
  504. @@ -239,14 +239,14 @@ client_query(struct ntp_peer *p)
  505. if (ntp_sendmsg(p->query->fd, NULL, &p->query->msg) == -1) {
  506. p->senderrors++;
  507. - set_next(p, INTERVAL_QUERY_PATHETIC);
  508. - p->trustlevel = TRUSTLEVEL_PATHETIC;
  509. + set_next(p, conf->interval_query_pathetic);
  510. + p->trustlevel = conf->trustlevel_pathetic;
  511. return (-1);
  512. }
  513. p->senderrors = 0;
  514. p->state = STATE_QUERY_SENT;
  515. - set_deadline(p, QUERYTIME_MAX);
  516. + set_deadline(p, conf->querytime_max);
  517. return (0);
  518. }
  519. @@ -263,7 +263,7 @@ void
  520. handle_auto(uint8_t trusted, double offset)
  521. {
  522. static int count;
  523. - static double v[AUTO_REPLIES];
  524. + double v[conf->auto_replies];
  525. /*
  526. * It happens the (constraint) resolves initially fail, don't give up
  527. @@ -272,7 +272,7 @@ handle_auto(uint8_t trusted, double offs
  528. if (!trusted && conf->constraint_median == 0)
  529. return;
  530. - if (offset < AUTO_THRESHOLD) {
  531. + if (offset < conf->auto_threshold) {
  532. /* don't bother */
  533. priv_settime(0, "NTP client: NTP peer offset is negative or close enough");
  534. return;
  535. @@ -281,13 +281,13 @@ handle_auto(uint8_t trusted, double offs
  536. v[count++] = offset;
  537. if (count < AUTO_REPLIES)
  538. return;
  539. -
  540. +
  541. /* we have enough */
  542. qsort(v, count, sizeof(double), auto_cmp);
  543. - if (AUTO_REPLIES % 2 == 0)
  544. - offset = (v[AUTO_REPLIES / 2 - 1] + v[AUTO_REPLIES / 2]) / 2;
  545. + if (conf->auto_replies % 2 == 0)
  546. + offset = (v[conf->auto_replies / 2 - 1] + v[conf->auto_replies / 2]) / 2;
  547. else
  548. - offset = v[AUTO_REPLIES / 2];
  549. + offset = v[conf->auto_replies / 2];
  550. priv_settime(offset, "");
  551. }
  552. @@ -451,22 +451,22 @@ client_dispatch(struct ntp_peer *p, u_in
  553. } else
  554. p->reply[p->shift].status.send_refid = msg.xmttime.fractionl;
  555. - if (p->trustlevel < TRUSTLEVEL_PATHETIC)
  556. - interval = scale_interval(INTERVAL_QUERY_PATHETIC);
  557. - else if (p->trustlevel < TRUSTLEVEL_AGGRESSIVE)
  558. + if (p->trustlevel < conf->trustlevel_pathetic)
  559. + interval = scale_interval(conf->interval_query_pathetic);
  560. + else if (p->trustlevel < conf->trustlevel_aggressive)
  561. interval = (conf->settime && conf->automatic) ?
  562. - INTERVAL_QUERY_ULTRA_VIOLENCE :
  563. - scale_interval(INTERVAL_QUERY_AGGRESSIVE);
  564. + conf->interval_query_ultra_violence :
  565. + scale_interval(conf->interval_query_aggressive);
  566. else
  567. - interval = scale_interval(INTERVAL_QUERY_NORMAL);
  568. + interval = scale_interval(conf->interval_query_normal);
  569. set_next(p, interval);
  570. p->state = STATE_REPLY_RECEIVED;
  571. /* every received reply which we do not discard increases trust */
  572. - if (p->trustlevel < TRUSTLEVEL_MAX) {
  573. - if (p->trustlevel < TRUSTLEVEL_BADPEER &&
  574. - p->trustlevel + 1 >= TRUSTLEVEL_BADPEER)
  575. + if (p->trustlevel < conf->trustlevel_max) {
  576. + if (p->trustlevel < conf->trustlevel_badpeer &&
  577. + p->trustlevel + 1 >= conf->trustlevel_badpeer)
  578. log_info("NTP client: NTP peer %s is valid now",
  579. log_sockaddr((struct sockaddr *)&p->addr->ss));
  580. p->trustlevel++;
  581. --- a/src/ntpd.h 2020-08-01 01:27:06.000000000 +0300
  582. +++ b/src/ntpd.h 2020-08-03 23:10:00.839597442 +0300
  583. @@ -56,6 +56,8 @@
  584. #define INTERVAL_QUERY_AGGRESSIVE 5
  585. #define INTERVAL_QUERY_ULTRA_VIOLENCE 1 /* used at startup for auto */
  586. +#define INTERVAL_QUERY_TIMEOUT 300
  587. +
  588. #define TRUSTLEVEL_BADPEER 6
  589. #define TRUSTLEVEL_PATHETIC 2
  590. #define TRUSTLEVEL_AGGRESSIVE 8
  591. @@ -69,7 +71,7 @@
  592. #define QUERYTIME_MAX 15 /* single query might take n secs max */
  593. #define OFFSET_ARRAY_SIZE 8
  594. #define SENSOR_OFFSETS 6
  595. -#define SETTIME_TIMEOUT 15 /* max seconds to wait with -s */
  596. +#define SETTIME_TIMEOUT 100 /* max seconds to wait when settime == 1 */
  597. #define LOG_NEGLIGIBLE_ADJTIME 32 /* negligible drift to not log (ms) */
  598. #define LOG_NEGLIGIBLE_ADJFREQ 0.05 /* negligible rate to not log (ppm) */
  599. #define FREQUENCY_SAMPLES 8 /* samples for est. of permanent drift */
  600. @@ -80,7 +82,7 @@
  601. #define FILTER_ADJFREQ 0x01 /* set after doing adjfreq */
  602. #define AUTO_REPLIES 4 /* # of ntp replies we want for auto */
  603. #define AUTO_THRESHOLD 60 /* dont bother auto setting < this */
  604. -#define INTERVAL_AUIO_DNSFAIL 1 /* DNS tmpfail interval for auto */
  605. +#define INTERVAL_AUTO_DNSFAIL 1 /* DNS tmpfail interval for auto */
  606. #define TRIES_AUTO_DNSFAIL 4 /* DNS tmpfail quick retries */
  607. @@ -268,6 +270,59 @@ struct ntpd_conf {
  608. size_t ca_len;
  609. int tmpfail;
  610. char *pid_file;
  611. +
  612. + char *ntpd_user;
  613. + char *driftfile;
  614. + char *ctlsocket;
  615. +
  616. + int interval_query_normal;
  617. + int interval_query_pathetic;
  618. + int interval_query_aggressive;
  619. + int interval_query_ultra_violence;
  620. +
  621. + int interval_query_timeout;
  622. +
  623. + int trustlevel_badpeer;
  624. + int trustlevel_pathetic;
  625. + int trustlevel_aggressive;
  626. + int trustlevel_max;
  627. +
  628. + int max_servers_dns;
  629. +
  630. + double qscale_off_min;
  631. + double qscale_off_max;
  632. +
  633. + int querytime_max;
  634. + int settime_timeout;
  635. +
  636. + int log_negligible_adjtime;
  637. + double log_negligible_adjfreq;
  638. +
  639. + int frequency_samples;
  640. + double max_frequency_adjust;
  641. +
  642. + int max_send_errors;
  643. +
  644. + u_int8_t filter_adjfreq;
  645. +
  646. + int auto_replies;
  647. + int auto_threshold;
  648. + int interval_auto_dnsfail;
  649. + int tries_auto_dnsfail;
  650. +
  651. + int sensor_query_interval_settime;
  652. + int sensor_data_maxage;
  653. + int sensor_query_interval;
  654. + int sensor_scan_interval;
  655. + char *sensor_default_refid;
  656. +
  657. + double constraint_error_margin;
  658. + int constraint_retry_interval;
  659. + int constraint_scan_interval;
  660. + int constraint_scan_timeout;
  661. + double constraint_margin;
  662. +
  663. + int constraint_maxheaderlength;
  664. };
  665. struct ctl_show_status {
  666. @@ -363,6 +418,7 @@ extern struct ctl_conns ctl_conns;
  667. /* parse.y */
  668. int parse_config(const char *, struct ntpd_conf *);
  669. +void print_conf(struct ntpd_conf *);
  670. /* config.c */
  671. void host(const char *, struct ntp_addr **);
  672. --- a/src/parse.y 2020-08-01 01:51:28.000000000 +0300
  673. +++ b/src/parse.y 2020-08-03 23:11:12.796264187 +0300
  674. @@ -52,7 +52,6 @@ int yyerror(const char *, ...)
  675. __attribute__((__format__ (printf, 1, 2)))
  676. __attribute__((__nonnull__ (1)));
  677. int kw_cmp(const void *, const void *);
  678. -int lookup(char *);
  679. int lgetc(int);
  680. int lungetc(int);
  681. int findeol(void);
  682. @@ -70,12 +69,15 @@ struct opts {
  683. int trusted;
  684. char *refstr;
  685. int port;
  686. + int pos_num;
  687. + double pos_decimal;
  688. } opts;
  689. void opts_default(void);
  690. typedef struct {
  691. union {
  692. int64_t number;
  693. + double decimal;
  694. char *string;
  695. struct ntp_addr_wrap *addr;
  696. struct opts opts;
  697. @@ -89,8 +91,64 @@ typedef struct {
  698. %token SERVER SERVERS SENSOR CORRECTION RTABLE REFID STRATUM WEIGHT
  699. %token ERROR
  700. %token PORT
  701. +
  702. +%token _NTPD_USER
  703. +%token _DRIFTFILE
  704. +%token _CTLSOCKET
  705. +
  706. +%token _INTERVAL_QUERY_NORMAL
  707. +%token _INTERVAL_QUERY_PATHETIC
  708. +%token _INTERVAL_QUERY_AGGRESSIVE
  709. +%token _INTERVAL_QUERY_ULTRA_VIOLENCE
  710. +
  711. +%token _INTERVAL_QUERY_TIMEOUT
  712. +
  713. +%token _TRUSTLEVEL_BADPEER
  714. +%token _TRUSTLEVEL_PATHETIC
  715. +%token _TRUSTLEVEL_AGGRESSIVE
  716. +%token _TRUSTLEVEL_MAX
  717. +
  718. +%token _MAX_SERVERS_DNS
  719. +
  720. +%token _QSCALE_OFF_MIN
  721. +%token _QSCALE_OFF_MAX
  722. +
  723. +%token _QUERYTIME_MAX
  724. +%token _SETTIME_TIMEOUT
  725. +
  726. +%token _LOG_NEGLIGIBLE_ADJTIME
  727. +%token _LOG_NEGLIGIBLE_ADJFREQ
  728. +
  729. +%token _FREQUENCY_SAMPLES
  730. +%token _MAX_FREQUENCY_ADJUST
  731. +
  732. +%token _MAX_SEND_ERRORS
  733. +
  734. +%token _FILTER_ADJFREQ
  735. +
  736. +%token _AUTO_REPLIES
  737. +%token _AUTO_THRESHOLD
  738. +
  739. +%token _INTERVAL_AUTO_DNSFAIL
  740. +%token _TRIES_AUTO_DNSFAIL
  741. +
  742. +%token _SENSOR_DATA_MAXAGE
  743. +%token _SENSOR_QUERY_INTERVAL
  744. +%token _SENSOR_SCAN_INTERVAL
  745. +
  746. +%token _SENSOR_DEFAULT_REFID
  747. +
  748. +%token _CONSTRAINT_ERROR_MARGIN
  749. +%token _CONSTRAINT_RETRY_INTERVAL
  750. +%token _CONSTRAINT_SCAN_INTERVAL
  751. +%token _CONSTRAINT_SCAN_TIMEOUT
  752. +%token _CONSTRAINT_MARGIN
  753. +
  754. +%token _CONSTRAINT_MAXHEADERLENGTH
  755. +
  756. %token <v.string> STRING
  757. %token <v.number> NUMBER
  758. +%token <v.decimal> NUMBER_DOUBLE
  759. %type <v.addr> address url urllist
  760. %type <v.opts> listen_opts listen_opts_l listen_opt
  761. %type <v.opts> server_opts server_opts_l server_opt
  762. @@ -103,6 +161,9 @@ typedef struct {
  763. %type <v.opts> weight
  764. %type <v.opts> trusted
  765. %type <v.opts> port
  766. +
  767. +%type <v.opts> pos_num
  768. +%type <v.opts> pos_decimal
  769. %%
  770. grammar : /* empty */
  771. @@ -385,6 +446,161 @@ main : LISTEN ON address listen_opts {
  772. free($2);
  773. TAILQ_INSERT_TAIL(&conf->ntp_conf_sensors, s, entry);
  774. }
  775. +
  776. + | _NTPD_USER STRING {
  777. + conf->ntpd_user = $2;
  778. + }
  779. + | _DRIFTFILE STRING {
  780. + conf->driftfile = $2;
  781. + }
  782. + | _CTLSOCKET STRING {
  783. + conf->ctlsocket = $2;
  784. + }
  785. +
  786. + | _INTERVAL_QUERY_NORMAL pos_num {
  787. + conf->interval_query_normal = $2.pos_num;
  788. + }
  789. + | _INTERVAL_QUERY_PATHETIC pos_num {
  790. + conf->interval_query_pathetic = $2.pos_num;
  791. + }
  792. + | _INTERVAL_QUERY_AGGRESSIVE pos_num {
  793. + conf->interval_query_aggressive = $2.pos_num;
  794. + }
  795. + | _INTERVAL_QUERY_ULTRA_VIOLENCE pos_num {
  796. + conf->interval_query_ultra_violence = $2.pos_num;
  797. + }
  798. +
  799. + | _INTERVAL_QUERY_TIMEOUT pos_num {
  800. + conf->interval_query_timeout = $2.pos_num;
  801. + }
  802. +
  803. + | _TRUSTLEVEL_BADPEER pos_num {
  804. + conf->trustlevel_badpeer = $2.pos_num;
  805. + }
  806. + | _TRUSTLEVEL_PATHETIC pos_num {
  807. + conf->trustlevel_pathetic = $2.pos_num;
  808. + }
  809. + | _TRUSTLEVEL_AGGRESSIVE pos_num {
  810. + conf->trustlevel_aggressive = $2.pos_num;
  811. + }
  812. + | _TRUSTLEVEL_MAX pos_num {
  813. + conf->trustlevel_max = $2.pos_num;
  814. + }
  815. +
  816. + | _MAX_SERVERS_DNS pos_num {
  817. + conf->max_servers_dns = $2.pos_num;
  818. + }
  819. +
  820. + | _QSCALE_OFF_MIN pos_decimal {
  821. + conf->qscale_off_min = $2.pos_decimal;
  822. + }
  823. + | _QSCALE_OFF_MAX pos_decimal {
  824. + conf->qscale_off_max = $2.pos_decimal;
  825. + }
  826. +
  827. + | _QUERYTIME_MAX pos_num {
  828. + conf->querytime_max = $2.pos_num;
  829. + }
  830. + | _SETTIME_TIMEOUT pos_num {
  831. + conf->settime_timeout = $2.pos_num;
  832. + }
  833. +
  834. + | _LOG_NEGLIGIBLE_ADJTIME pos_num {
  835. + conf->log_negligible_adjtime = $2.pos_num;
  836. + }
  837. + | _LOG_NEGLIGIBLE_ADJFREQ pos_decimal {
  838. + conf->log_negligible_adjfreq = $2.pos_decimal;
  839. + }
  840. +
  841. + | _FREQUENCY_SAMPLES pos_num {
  842. + conf->frequency_samples = $2.pos_num;
  843. + }
  844. + | _MAX_FREQUENCY_ADJUST pos_decimal {
  845. + conf->max_frequency_adjust = $2.pos_decimal;
  846. + }
  847. +
  848. + | _MAX_SEND_ERRORS pos_num {
  849. + conf->max_send_errors = $2.pos_num;
  850. + }
  851. +
  852. + | _AUTO_REPLIES pos_num {
  853. + conf->auto_replies = $2.pos_num;
  854. + }
  855. + | _AUTO_THRESHOLD pos_num {
  856. + conf->auto_threshold = $2.pos_num;
  857. + }
  858. + | _INTERVAL_AUTO_DNSFAIL pos_num {
  859. + conf->interval_auto_dnsfail = $2.pos_num;
  860. + }
  861. + | _TRIES_AUTO_DNSFAIL pos_num {
  862. + conf->tries_auto_dnsfail = $2.pos_num;
  863. + }
  864. +
  865. + | _FILTER_ADJFREQ STRING {
  866. + u_int8_t val;
  867. +
  868. + if (strcmp("true", $2) == 0) {
  869. + val = 0x01;
  870. + } else if (strcmp("false", $2) == 0) {
  871. + val = 0x00;
  872. + } else {
  873. + yyerror("option filter_adjfreq expects either 'true' or 'false'");
  874. + YYERROR;
  875. + }
  876. +
  877. + conf->filter_adjfreq = val;
  878. + }
  879. +
  880. + | _SENSOR_DATA_MAXAGE pos_num {
  881. + conf->sensor_data_maxage = $2.pos_num;
  882. + }
  883. + | _SENSOR_QUERY_INTERVAL pos_num {
  884. + conf->sensor_query_interval = $2.pos_num;
  885. + }
  886. + | _SENSOR_SCAN_INTERVAL pos_num {
  887. + conf->sensor_scan_interval = $2.pos_num;
  888. + }
  889. +
  890. + | _SENSOR_DEFAULT_REFID STRING {
  891. + conf->sensor_default_refid = $2;
  892. + }
  893. +
  894. + | _CONSTRAINT_ERROR_MARGIN pos_num {
  895. + conf->constraint_error_margin = $2.pos_num;
  896. + }
  897. + | _CONSTRAINT_RETRY_INTERVAL pos_num {
  898. + conf->constraint_retry_interval = $2.pos_num;
  899. + }
  900. + | _CONSTRAINT_SCAN_INTERVAL pos_num {
  901. + conf->constraint_scan_interval = $2.pos_num;
  902. + }
  903. + | _CONSTRAINT_SCAN_TIMEOUT pos_num {
  904. + conf->constraint_scan_timeout = $2.pos_num;
  905. + }
  906. + | _CONSTRAINT_MARGIN pos_num {
  907. + conf->constraint_margin = (double)$2.pos_num;
  908. + }
  909. + | _CONSTRAINT_MAXHEADERLENGTH pos_num {
  910. + conf->constraint_maxheaderlength = $2.pos_num;
  911. + }
  912. + ;
  913. +
  914. +pos_num : NUMBER {
  915. + if ($1 < 0) {
  916. + yyerror("must be a positive number");
  917. + YYERROR;
  918. + }
  919. + $$.pos_num = $1;
  920. + }
  921. + ;
  922. +
  923. +pos_decimal : NUMBER_DOUBLE {
  924. + if ($1 < 0) {
  925. + yyerror("must be a positive decimal number");
  926. + YYERROR;
  927. + }
  928. + $$.pos_decimal = $1;
  929. + }
  930. ;
  931. address : STRING {
  932. @@ -587,8 +803,12 @@ opts_default(void)
  933. struct keywords {
  934. const char *k_name;
  935. int k_val;
  936. + const char *k_times;
  937. + int k_seen;
  938. };
  939. +struct keywords *lookup(char *);
  940. +
  941. int
  942. yyerror(const char *fmt, ...)
  943. {
  944. @@ -611,37 +831,80 @@ kw_cmp(const void *k, const void *e)
  945. return (strcmp(k, ((const struct keywords *)e)->k_name));
  946. }
  947. -int
  948. +struct keywords *
  949. lookup(char *s)
  950. {
  951. - /* this has to be sorted always */
  952. - static const struct keywords keywords[] = {
  953. - { "constraint", CONSTRAINT},
  954. - { "constraints", CONSTRAINTS},
  955. - { "correction", CORRECTION},
  956. - { "from", FROM},
  957. - { "listen", LISTEN},
  958. - { "on", ON},
  959. - { "port", PORT},
  960. - { "query", QUERY},
  961. - { "refid", REFID},
  962. - { "rtable", RTABLE},
  963. - { "sensor", SENSOR},
  964. - { "server", SERVER},
  965. - { "servers", SERVERS},
  966. - { "stratum", STRATUM},
  967. - { "trusted", TRUSTED},
  968. - { "weight", WEIGHT}
  969. + /* NOTE: this has to be sorted always! */
  970. + // NOTE: Because dynamic k_seen has been added, const definition is removed
  971. + // from this data structure. If you want to keep const, already set k_seen
  972. + // value can't be changed from its initial value.
  973. + static struct keywords keywords[] = {
  974. + { "auto_replies", _AUTO_REPLIES, "single" },
  975. + { "auto_threshold", _AUTO_THRESHOLD, "single" },
  976. + { "constraint", CONSTRAINT, "multiple" },
  977. + { "constraint_error_margin", _CONSTRAINT_ERROR_MARGIN, "single" },
  978. + { "constraint_margin", _CONSTRAINT_MARGIN, "single" },
  979. + { "constraint_maxheaderlength", _CONSTRAINT_MAXHEADERLENGTH, "single" },
  980. + { "constraint_retry_interval", _CONSTRAINT_RETRY_INTERVAL, "single" },
  981. + { "constraint_scan_interval", _CONSTRAINT_SCAN_INTERVAL, "single" },
  982. + { "constraint_scan_timeout", _CONSTRAINT_SCAN_TIMEOUT, "single" },
  983. + { "constraints", CONSTRAINTS, "multiple" },
  984. + { "correction", CORRECTION, "multiple" },
  985. + { "ctlsocket", _CTLSOCKET, "single" },
  986. + { "driftfile", _DRIFTFILE, "single" },
  987. + { "filter_adjfreq", _FILTER_ADJFREQ, "single" },
  988. + { "frequency_samples", _FREQUENCY_SAMPLES, "single" },
  989. + { "from", FROM, "multiple" },
  990. + { "interval_auto_dnsfail", _INTERVAL_AUTO_DNSFAIL, "single" },
  991. + { "interval_query_aggressive", _INTERVAL_QUERY_AGGRESSIVE, "single" },
  992. + { "interval_query_normal", _INTERVAL_QUERY_NORMAL, "single" },
  993. + { "interval_query_pathetic", _INTERVAL_QUERY_PATHETIC, "single" },
  994. + { "interval_query_timeout", _INTERVAL_QUERY_TIMEOUT, "single" },
  995. + { "interval_query_ultra_violence", _INTERVAL_QUERY_ULTRA_VIOLENCE, "single" },
  996. + { "listen", LISTEN, "multiple" },
  997. + { "log_negligible_adjfreq", _LOG_NEGLIGIBLE_ADJFREQ, "single" },
  998. + { "log_negligible_adjtime", _LOG_NEGLIGIBLE_ADJTIME, "single" },
  999. + { "max_frequency_adjust", _MAX_FREQUENCY_ADJUST, "single" },
  1000. + { "max_send_errors", _MAX_SEND_ERRORS, "single" },
  1001. + { "max_servers_dns", _MAX_SERVERS_DNS, "single" },
  1002. + { "ntpd_user", _NTPD_USER, "single" },
  1003. + { "on", ON, "multiple" },
  1004. + { "port", PORT, "multiple" },
  1005. + { "qscale_off_min", _QSCALE_OFF_MIN, "single" },
  1006. + { "qscale_off_max", _QSCALE_OFF_MAX, "single" },
  1007. + { "query", QUERY, "multiple" },
  1008. + { "querytime_max", _QUERYTIME_MAX, "single" },
  1009. + { "refid", REFID, "multiple" },
  1010. + { "rtable", RTABLE, "multiple" },
  1011. + { "sensor", SENSOR, "multiple" },
  1012. + { "sensor_data_maxage", _SENSOR_DATA_MAXAGE, "single" },
  1013. + { "sensor_default_refid", _SENSOR_DEFAULT_REFID, "single" },
  1014. + { "sensor_query_interval", _SENSOR_QUERY_INTERVAL, "single" },
  1015. + { "sensor_scan_interval", _SENSOR_SCAN_INTERVAL, "single" },
  1016. + { "server", SERVER, "multiple" },
  1017. + { "servers", SERVERS, "multiple" },
  1018. + { "settime_timeout", _SETTIME_TIMEOUT, "single" },
  1019. + { "stratum", STRATUM, "multiple" },
  1020. + { "tries_auto_dnsfail", _TRIES_AUTO_DNSFAIL, "single" },
  1021. + { "trusted", TRUSTED, "multiple" },
  1022. + { "trustlevel_aggressive", _TRUSTLEVEL_AGGRESSIVE, "single" },
  1023. + { "trustlevel_badpeer", _TRUSTLEVEL_BADPEER, "single" },
  1024. + { "trustlevel_max", _TRUSTLEVEL_MAX, "single" },
  1025. + { "trustlevel_pathetic", _TRUSTLEVEL_PATHETIC, "single" },
  1026. + { "weight", WEIGHT, "multiple" },
  1027. };
  1028. - const struct keywords *p;
  1029. + struct keywords *p;
  1030. + // Compare supplied character buffer and keywords[0]
  1031. p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
  1032. sizeof(keywords[0]), kw_cmp);
  1033. - if (p)
  1034. - return (p->k_val);
  1035. - else
  1036. - return (STRING);
  1037. + /*
  1038. + * When having non-keyword (i.e. invalid keyword) value,
  1039. + * we return NULL. Therefore, return value must separately
  1040. + * be checked if it is used anywhere.
  1041. + */
  1042. + return (p);
  1043. }
  1044. #define MAXPUSHBACK 128
  1045. @@ -743,8 +1006,9 @@ yylex(void)
  1046. {
  1047. u_char buf[8096];
  1048. u_char *p;
  1049. + char *derr;
  1050. int quotec, next, c;
  1051. - int token;
  1052. + struct keywords *token;
  1053. p = buf;
  1054. while ((c = lgetc(0)) == ' ' || c == '\t')
  1055. @@ -805,7 +1069,7 @@ yylex(void)
  1056. yyerror("string is too long");
  1057. return (findeol());
  1058. }
  1059. - } while ((c = lgetc(0)) != EOF && isdigit(c));
  1060. + } while ((c = lgetc(0)) != EOF && (isdigit(c) || c == '.'));
  1061. lungetc(c);
  1062. if (p == buf + 1 && buf[0] == '-')
  1063. goto nodigits;
  1064. @@ -816,10 +1080,23 @@ yylex(void)
  1065. yylval.v.number = strtonum(buf, LLONG_MIN,
  1066. LLONG_MAX, &errstr);
  1067. if (errstr) {
  1068. +
  1069. + // Fall back. Check if it is actually a decimal number
  1070. + yylval.v.decimal = strtod(buf, &derr);
  1071. + if (*derr != 0) {
  1072. + // Fall back. Assume it is actually a string (e.g. IP address)
  1073. + yylval.v.string = strdup(buf);
  1074. + return (STRING);
  1075. + // If not a string, syntax error is returned in further checks
  1076. + }
  1077. + return (NUMBER_DOUBLE);
  1078. + /*
  1079. yyerror("\"%s\" invalid number: %s",
  1080. buf, errstr);
  1081. return (findeol());
  1082. + */
  1083. }
  1084. +
  1085. return (NUMBER);
  1086. } else {
  1087. nodigits:
  1088. @@ -847,11 +1124,47 @@ nodigits:
  1089. } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
  1090. lungetc(c);
  1091. *p = '\0';
  1092. - if ((token = lookup(buf)) == STRING)
  1093. - if ((yylval.v.string = strdup(buf)) == NULL)
  1094. - fatal("can't allocate memory for buffered string");
  1095. - return (token);
  1096. +
  1097. + /*
  1098. + * When having *non-null* value for token, we have a validated
  1099. + * keyword argument (integer) in place. In other cases,
  1100. + * we assume integer value of STRING, generated dynamically
  1101. + * by Bison yyParser. This STRING integer value is used for
  1102. + * further argument checks where ever STRING keyworded
  1103. + * arguments are used.
  1104. + * Furthermore, we limit count of arguments which are meant
  1105. + * to be defined only once by a user. This is defined by
  1106. + * values of token->k_seen and token->k_times individually
  1107. + * for each supplied argument.
  1108. + */
  1109. + if ((token = lookup(buf)) != NULL) {
  1110. +
  1111. + if (!token->k_seen)
  1112. + token->k_seen = 0;
  1113. +
  1114. + if (strcmp("multiple", token->k_times) == 0) {
  1115. + return (token->k_val);
  1116. +
  1117. + } else if ((strcmp("single", token->k_times) == 0) &&
  1118. + token->k_seen == 0) {
  1119. + token->k_seen = 1;
  1120. + return (token->k_val);
  1121. +
  1122. + } else {
  1123. + yyerror("option %s is already set", token->k_name);
  1124. + return (c);
  1125. + }
  1126. +
  1127. + } else {
  1128. + if ((yylval.v.string = strdup(buf)) == NULL) {
  1129. + fatal("can't duplicate memory for buffered string");
  1130. + } else {
  1131. + return STRING;
  1132. + }
  1133. + }
  1134. +
  1135. }
  1136. +
  1137. if (c == '\n') {
  1138. yylval.lineno = file->lineno;
  1139. file->lineno++;
  1140. @@ -902,12 +1215,193 @@ popfile(void)
  1141. return (file ? 0 : EOF);
  1142. }
  1143. +void
  1144. +checkvalues(const double a, char *aa, const double b, char *bb)
  1145. +{
  1146. + if (a <= b)
  1147. + fatalx("error in configuration values: %s can't be greater or equal than %s", bb, aa);
  1148. +}
  1149. +
  1150. +// NTP Configuration defaults
  1151. +void
  1152. +init_conf(struct ntpd_conf *conf)
  1153. +{
  1154. + conf->ntpd_user = NTPD_USER; // _ntp;
  1155. +
  1156. + conf->driftfile = DRIFTFILE; // /var/db/ntpd.drift;
  1157. + conf->ctlsocket = CTLSOCKET; // /var/run/ntpd.sock;
  1158. +
  1159. + conf->interval_query_normal = INTERVAL_QUERY_NORMAL; // 30;
  1160. + conf->interval_query_pathetic = INTERVAL_QUERY_PATHETIC; // 60;
  1161. + conf->interval_query_aggressive = INTERVAL_QUERY_AGGRESSIVE; // 5;
  1162. + conf->interval_query_ultra_violence = INTERVAL_QUERY_ULTRA_VIOLENCE; // 1;
  1163. +
  1164. + conf->interval_query_timeout = INTERVAL_QUERY_TIMEOUT; // 300;
  1165. +
  1166. + conf->trustlevel_badpeer = TRUSTLEVEL_BADPEER; // 6;
  1167. + conf->trustlevel_pathetic = TRUSTLEVEL_PATHETIC; // 2;
  1168. + conf->trustlevel_aggressive = TRUSTLEVEL_AGGRESSIVE; // 8;
  1169. + conf->trustlevel_max = TRUSTLEVEL_MAX; // 10;
  1170. +
  1171. + /* maximum number of servers from DNS query */
  1172. + conf->max_servers_dns = MAX_SERVERS_DNS; // 8;
  1173. +
  1174. + conf->qscale_off_min = QSCALE_OFF_MIN; // 0.001;
  1175. + conf->qscale_off_max = QSCALE_OFF_MAX; // 0.050;
  1176. +
  1177. + /* single query might take n secs max */
  1178. + conf->querytime_max = QUERYTIME_MAX; // 15;
  1179. + /* max seconds to wait with -s */
  1180. + conf->settime_timeout = SETTIME_TIMEOUT; // 100;
  1181. +
  1182. + /* negligible drift to not log (ms) */
  1183. + conf->log_negligible_adjtime = LOG_NEGLIGIBLE_ADJTIME; // 32;
  1184. +
  1185. + /* negligible rate to not log (ppm) */
  1186. + conf->log_negligible_adjfreq = LOG_NEGLIGIBLE_ADJFREQ; // 0.05;
  1187. +
  1188. + /* samples for est. of permanent drift */
  1189. + conf->frequency_samples = FREQUENCY_SAMPLES; // 8;
  1190. +
  1191. + /* max correction per iteration */
  1192. + conf->max_frequency_adjust = MAX_FREQUENCY_ADJUST; // 128e-5;
  1193. +
  1194. + /* max send errors before reconnect */
  1195. + conf->max_send_errors = MAX_SEND_ERRORS; // 3;
  1196. +
  1197. + /* set after doing adjfreq */
  1198. + conf->filter_adjfreq = FILTER_ADJFREQ; // 0x01;
  1199. +
  1200. + /* # of ntp replies we want for auto */
  1201. + conf->auto_replies = AUTO_REPLIES; // 4;
  1202. +
  1203. + /* dont bother auto setting < this */
  1204. + conf->auto_threshold = AUTO_THRESHOLD; // 60;
  1205. +
  1206. + /* DNS tmpfail interval for auto */
  1207. + conf->interval_auto_dnsfail = INTERVAL_AUTO_DNSFAIL; // 1;
  1208. +
  1209. + /* DNS tmpfail quick retries */
  1210. + conf->tries_auto_dnsfail = TRIES_AUTO_DNSFAIL; // 4;
  1211. +
  1212. + conf->sensor_data_maxage = SENSOR_DATA_MAXAGE; // 15*60;
  1213. + conf->sensor_query_interval = SENSOR_QUERY_INTERVAL; // 15;
  1214. + conf->sensor_scan_interval = SENSOR_SCAN_INTERVAL; // 1*60;
  1215. +
  1216. + conf->sensor_default_refid = SENSOR_DEFAULT_REFID; // "HARD";
  1217. +
  1218. + conf->constraint_error_margin = CONSTRAINT_ERROR_MARGIN; // 4;
  1219. + conf->constraint_retry_interval = CONSTRAINT_RETRY_INTERVAL; // 15;
  1220. + conf->constraint_scan_interval = CONSTRAINT_SCAN_INTERVAL; // 15*60;
  1221. + conf->constraint_scan_timeout = CONSTRAINT_SCAN_TIMEOUT; // 10;
  1222. + conf->constraint_margin = CONSTRAINT_MARGIN; // 2.0*60;
  1223. +
  1224. + conf->constraint_maxheaderlength = CONSTRAINT_MAXHEADERLENGTH; // 8192;
  1225. +}
  1226. +
  1227. +void
  1228. +print_conf(struct ntpd_conf *lconf)
  1229. +{
  1230. + char* boolean[5];
  1231. + struct constraint *cstr;
  1232. + struct ntp_conf_sensor *sens;
  1233. + struct ntp_peer *peer;
  1234. +
  1235. + fprintf(stdout, "\n");
  1236. + fprintf(stdout, "Current configuration:\n\n");
  1237. + fprintf(stdout, "NTPd user: %s\n", conf->ntpd_user);
  1238. + fprintf(stdout, "Drift file: %s\n", conf->driftfile);
  1239. + fprintf(stdout, "CTL socket file: %s\n", conf->ctlsocket);
  1240. + fprintf(stdout, "\n");
  1241. + fprintf(stdout, "Query interval (normal): %d seconds\n", conf->interval_query_normal);
  1242. + fprintf(stdout, "Query interval (pathetic): %d seconds\n", conf->interval_query_pathetic);
  1243. + fprintf(stdout, "Query interval (aggressive): %d seconds\n", conf->interval_query_aggressive);
  1244. + fprintf(stdout, "Query interval (ultra violent): %d seconds\n", conf->interval_query_ultra_violence);
  1245. + fprintf(stdout, "\n");
  1246. + fprintf(stdout, "Query interval after reply timeout: %d seconds\n", conf->interval_query_timeout);
  1247. + fprintf(stdout, "\n");
  1248. + fprintf(stdout, "Trust level (bad peer): %d\n", conf->trustlevel_badpeer);
  1249. + fprintf(stdout, "Trust level (pathetic): %d\n", conf->trustlevel_pathetic);
  1250. + fprintf(stdout, "Trust level (aggressive): %d\n", conf->trustlevel_aggressive);
  1251. + fprintf(stdout, "Trust level (maximum): %d\n", conf->trustlevel_max);
  1252. + fprintf(stdout, "\n");
  1253. + fprintf(stdout, "Query time (maximum): %d seconds\n", conf->querytime_max);
  1254. + fprintf(stdout, "Start up timeout in auto mode: %d seconds\n", conf->settime_timeout);
  1255. + fprintf(stdout, "\n");
  1256. + fprintf(stdout, "Maximum number of retrievable servers from a DNS query: %d\n", conf->max_servers_dns);
  1257. + fprintf(stdout, "\n");
  1258. + fprintf(stdout, "Time adjustment minimum scale: %.4f seconds\n", conf->qscale_off_min);
  1259. + fprintf(stdout, "Time adjustment maximum scale: %.4f seconds\n", conf->qscale_off_max);
  1260. + fprintf(stdout, "\n");
  1261. + fprintf(stdout, "Neglible drift time to not log: %d milliseconds\n", conf->log_negligible_adjtime);
  1262. + fprintf(stdout, "Neglible frequency rate to not log: %f ppm\n", conf->log_negligible_adjfreq);
  1263. + fprintf(stdout, "\n");
  1264. + fprintf(stdout, "Frequency samples for estimation of permanent drift: %d\n", conf->frequency_samples);
  1265. + fprintf(stdout, "Maximum frequency correction per iteration: %f\n", conf->max_frequency_adjust);
  1266. + fprintf(stdout, "\n");
  1267. + fprintf(stdout, "Maximum send errors before reconnection: %d\n", conf->max_send_errors);
  1268. + fprintf(stdout, "\n");
  1269. +
  1270. + if ((conf->filter_adjfreq) == 0x01)
  1271. + *boolean = "true";
  1272. + else if ((conf->filter_adjfreq) == 0x00)
  1273. + *boolean = "false";
  1274. +
  1275. + fprintf(stdout, "Filter frequency adjustment after maximum frequency correction: %s\n", *boolean);
  1276. + fprintf(stdout, "\n");
  1277. + fprintf(stdout, "NTP replies for auto mode: %d seconds\n", conf->auto_replies);
  1278. + fprintf(stdout, "Threshold count for auto mode: %d\n", conf->auto_threshold);
  1279. + fprintf(stdout, "DNS failure interval for auto mode: %d\n", conf->interval_auto_dnsfail);
  1280. + fprintf(stdout, "DNS retries on failure in auto mode: %d\n", conf->tries_auto_dnsfail);
  1281. + fprintf(stdout, "\n");
  1282. + fprintf(stdout, "Sensor query interval: %d seconds\n", conf->sensor_query_interval);
  1283. + fprintf(stdout, "Sensor data maximum age: %d seconds\n", conf->sensor_data_maxage);
  1284. + fprintf(stdout, "Sensor scan interval: %d seconds\n", conf->sensor_scan_interval);
  1285. + fprintf(stdout, "\n");
  1286. + fprintf(stdout, "Sensor default reference ID string: %s\n", conf->sensor_default_refid);
  1287. + fprintf(stdout, "\n");
  1288. + fprintf(stdout, "Constraint error margin: %.2f seconds\n", conf->constraint_error_margin);
  1289. + fprintf(stdout, "Constraint default margin: %.2f seconds\n", conf->constraint_margin);
  1290. + fprintf(stdout, "\n");
  1291. + fprintf(stdout, "Constraint retry interval: %d seconds\n", conf->constraint_retry_interval);
  1292. + fprintf(stdout, "Constraint scan interval: %d seconds\n", conf->constraint_scan_interval);
  1293. + fprintf(stdout, "Constraint scan timeout: %d seconds\n", conf->constraint_scan_timeout);
  1294. + fprintf(stdout, "Constraint maximum HTTP header length: %d bytes\n", conf->constraint_maxheaderlength);
  1295. + fprintf(stdout, "\n");
  1296. +
  1297. + TAILQ_FOREACH(sens, &conf->ntp_conf_sensors, entry) {
  1298. + fprintf(stdout, "Configuration: sensor %s, refid %s stratum %d weight %d\n",
  1299. + sens->device,
  1300. + sens->refstr,
  1301. + sens->stratum,
  1302. + sens->weight
  1303. + );
  1304. + }
  1305. +
  1306. + TAILQ_FOREACH(peer, &conf->ntp_peers, entry) {
  1307. + fprintf(stdout, "Configuration: NTP server %s on remote UDP port %d\n",
  1308. + peer->addr_head.name,
  1309. + peer->addr_head.port
  1310. + );
  1311. + }
  1312. +
  1313. + TAILQ_FOREACH(cstr, &conf->constraints, entry) {
  1314. + fprintf(stdout, "Configuration: HTTPS constraint server %s on remote TCP port %d\n",
  1315. + cstr->addr_head.name,
  1316. + cstr->addr_head.port
  1317. + );
  1318. + }
  1319. + fprintf(stdout, "\n");
  1320. +}
  1321. +
  1322. int
  1323. parse_config(const char *filename, struct ntpd_conf *xconf)
  1324. {
  1325. int errors = 0;
  1326. conf = xconf;
  1327. + init_conf(conf);
  1328. +
  1329. TAILQ_INIT(&conf->listen_addrs);
  1330. TAILQ_INIT(&conf->ntp_peers);
  1331. TAILQ_INIT(&conf->ntp_conf_sensors);
  1332. @@ -922,5 +1416,18 @@ parse_config(const char *filename, struc
  1333. errors = file->errors;
  1334. popfile();
  1335. + // Rough checks for conflicting values
  1336. + checkvalues(conf->qscale_off_max, "qscale_off_max",
  1337. + conf->qscale_off_min, "qscale_off_min");
  1338. +
  1339. + checkvalues(conf->trustlevel_max, "trustlevel_max",
  1340. + conf->trustlevel_aggressive, "trustlevel_aggressive");
  1341. +
  1342. + checkvalues(conf->trustlevel_aggressive, "trustlevel_aggressive",
  1343. + conf->trustlevel_badpeer, "trustlevel_badpeer");
  1344. +
  1345. + checkvalues(conf->trustlevel_badpeer, "trustlevel_badpeer",
  1346. + conf->trustlevel_pathetic, "trustlevel_pathetic");
  1347. +
  1348. return (errors ? -1 : 0);
  1349. }
  1350. --- a/src/ntpd.conf.5 2020-08-01 01:22:25.000000000 +0300
  1351. +++ b/src/ntpd.conf.5 2020-08-03 23:07:12.770476926 +0300
  1352. @@ -14,7 +14,7 @@
  1353. .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  1354. .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  1355. .\"
  1356. -.Dd $Mdocdate: August 01 2020 $
  1357. +.Dd $Mdocdate: August 02 2020 $
  1358. .Dt NTPD.CONF 5
  1359. .Os
  1360. .Sh NAME
  1361. @@ -31,8 +31,10 @@ has the following format:
  1362. Empty lines and lines beginning with the
  1363. .Sq #
  1364. character are ignored.
  1365. -.Pp
  1366. -Keywords may be specified multiple times within the configuration file.
  1367. +.Ed
  1368. +.El
  1369. +.Sh BASIC KEYWORDS
  1370. +Basic keywords may be specified multiple times within the configuration file.
  1371. The basic configuration options are as follows:
  1372. .Bl -tag -width Ds
  1373. .It Xo Ic listen on Ar address
  1374. @@ -282,12 +284,505 @@ constraints from "https://www.google.com
  1375. constraints from "https://duckduckgo.com/" port 443
  1376. .Ed
  1377. .El
  1378. +.Sh ADVANCED KEYWORDS
  1379. +Some
  1380. +.Xr ntpd 8
  1381. +default configuration values can be overridden, thus offering better
  1382. +adaption to system policy and flexibility for system administrators. Advanced
  1383. +keywords may be specified only once within the configuration file. The
  1384. +following values can be changed from the highlighted defaults:
  1385. +.Bl -tag -width Ds
  1386. +
  1387. +.It Ic auto_replies Ar number
  1388. +During OpenNTPD initialization, all NTP peers get automatic time offset value,
  1389. +if pre-conditions for automatic interval adjustment are being met. The
  1390. +conditions are as follows: OpenNTPD configuration has constraints,
  1391. +.Ic trusted
  1392. +NTP peers or
  1393. +.Ic trusted
  1394. +sensors and current internally defined
  1395. +process security level is 0. In this case, initial time offset value
  1396. +is set to 1 which, in return, triggers automatic offset calculation.
  1397. +.Pp
  1398. +In the automatic offset calculation, a
  1399. +.Ic trusted
  1400. +NTP peer offset values are being counted for each peer. For each peer an independent
  1401. +pool size is determined by
  1402. +.Ic auto_replies
  1403. +value, ignoring the last value. For instance, with
  1404. +.Ic auto_replies
  1405. +value 4, first 3 NTP peer offset values are considered for a single NTP peer,
  1406. +and a median offset value of these collected 3 offset values is calculated
  1407. +and used for time adjustment.
  1408. +.Bd -literal -offset indent
  1409. +.Bl -tag -width "Default:" -compact
  1410. +.It Default:
  1411. +4
  1412. +.El
  1413. +.Ed
  1414. +.It Ic auto_threshold Ar number
  1415. +In OpenNTPD initial automatic time offset calculation, three conditions
  1416. +are being considered for NTP peers: is a NTP peer
  1417. +.Ic trusted
  1418. +and current overall constraint-based median offset not 0, and whether an initial NTP
  1419. +peer time offset exceeds value of
  1420. +.Ic auto_threshold
  1421. +\&. If these conditions are met, then
  1422. +.Ic auto_threshold
  1423. +value may be considered. If NTP peer current time offset value is less than
  1424. +.Ic auto_threshold
  1425. +, then the system time offset value is considered to be already OK, and
  1426. +OpenNTPD stops calculating automatic offset value from further NTP
  1427. +peer queries. In this case, median offset value is not calculated.
  1428. +.Bd -literal -offset indent
  1429. +.Bl -tag -width "Default:" -compact
  1430. +.It Default:
  1431. +60
  1432. +.El
  1433. +.Ed
  1434. +.It Ic interval_auto_dnsfail Ar seconds
  1435. +In automatic NTP peer offset calculation mode (during OpenNTPD initialization),
  1436. +if NTP peer IP address is still unresolved (unknown), the next query is
  1437. +attempted in
  1438. +.Ic interval_auto_dnsfail
  1439. +seconds. Applies to unresolved constraint IP addresses, as well.
  1440. +.Bd -literal -offset indent
  1441. +.Bl -tag -width "Default:" -compact
  1442. +.It Default:
  1443. +1
  1444. +.El
  1445. +.Ed
  1446. +.It Ic tries_auto_dnsfail Ar number
  1447. +Maximum number of attempts to resolve a constraint IP address(es) with a
  1448. +DNS query before falling back from
  1449. +.Ic constraint_retry_interval
  1450. +to
  1451. +.Ic interval_auto_dnsfail
  1452. +\& in constraint initialization.
  1453. +.Bd -literal -offset indent
  1454. +.Bl -tag -width "Default:" -compact
  1455. +.It Default:
  1456. +4
  1457. +.El
  1458. +.Ed
  1459. +.It Ic constraint_error_margin Ar number
  1460. +Accepted number of errors during constraint process. If error count exceeds
  1461. +this value multiplied by calculated peer count, constraint connection will
  1462. +be reseted and a new constraint is retrieved.
  1463. +.Bd -literal -offset indent
  1464. +.Bl -tag -width "Default:" -compact
  1465. +.It Default:
  1466. +4
  1467. +.El
  1468. +.Ed
  1469. +.It Ic constraint_margin Ar seconds
  1470. +Acceptable time difference between retrieved HTTP header time value and
  1471. +calculated time value in seconds. HTTP header time values exceeding this
  1472. +margin value will be ignored.
  1473. +.Bd -literal -offset indent
  1474. +.Bl -tag -width "Default:" -compact
  1475. +.It Default:
  1476. +120
  1477. +.El
  1478. +.Ed
  1479. +.It Ic constraint_maxheaderlength Ar length
  1480. +Maximum allowed HTTP header length of constraint HTTPS server reply to
  1481. +be fetched in bytes. If the value is exceeded during processing,
  1482. +nothing is returned and constraint check fails.
  1483. +.Bd -literal -offset indent
  1484. +.Bl -tag -width "Default:" -compact
  1485. +.It Default:
  1486. +8192
  1487. +.El
  1488. +.Ed
  1489. +.It Ic constraint_scan_interval Ar seconds
  1490. +Constraint HTTPS servers scan interval in seconds.
  1491. +.Bd -literal -offset indent
  1492. +.Bl -tag -width "Default:" -compact
  1493. +.It Default:
  1494. +900
  1495. +.El
  1496. +.Ed
  1497. +.It Ic constraint_scan_timeout Ar seconds
  1498. +Maximum connection establishment time to a constraint HTTPS server in seconds.
  1499. +.Bd -literal -offset indent
  1500. +.Bl -tag -width "Default:" -compact
  1501. +.It Default:
  1502. +10
  1503. +.El
  1504. +.Ed
  1505. +.It Ic ctlsocket Ar path-to-file
  1506. +.Xr ntpd 8
  1507. +socket file path.
  1508. +.Bd -literal -offset indent
  1509. +.Bl -tag -width "Default:" -compact
  1510. +.It Default:
  1511. +/var/run/ntpd.sock
  1512. +.El
  1513. +.Ed
  1514. +.It Ic driftfile Ar path-to-file
  1515. +.Xr ntpd 8
  1516. +drift file path.
  1517. +.Bd -literal -offset indent
  1518. +.Bl -tag -width "Default:" -compact
  1519. +.It Default:
  1520. +/var/db/ntpd.drift
  1521. +.El
  1522. +.Ed
  1523. +.It Ic filter_adjfreq Ar true | false
  1524. +Whether to reset frequency filters after frequency adjustment.
  1525. +.Bd -literal -offset indent
  1526. +.Bl -tag -width "Default:" -compact
  1527. +.It Default:
  1528. +true
  1529. +.El
  1530. +.Ed
  1531. +.It Ic frequency_samples Ar number
  1532. +Number of frequency samples for estimating permanent drift value.
  1533. +.Bd -literal -offset indent
  1534. +.Bl -tag -width "Default:" -compact
  1535. +.It Default:
  1536. +8
  1537. +.El
  1538. +.Ed
  1539. +.It Ic trustlevel_pathetic Ar number
  1540. +Initial trust level for a new, timed out or erroneous remote NTP
  1541. +server. Every received and non-discarded reply increases trust
  1542. +for the server. The trust level is used for setting used
  1543. +.Ic interval_query_*
  1544. +value for the server and keeping track of valid remote NTP servers.
  1545. +.Pp
  1546. +A server having this trust level uses remote NTP query interval
  1547. +value
  1548. +.Ic interval_query_aggressive
  1549. +\&.
  1550. +.Bd -literal -offset indent
  1551. +.Bl -tag -width "Default:" -compact
  1552. +.It Default:
  1553. +2
  1554. +.El
  1555. +.Ed
  1556. +.It Ic trustlevel_badpeer Ar number
  1557. +If a replying remote NTP server has trust level one number
  1558. +less than this value, the server gets trusted. In this case,
  1559. +the server can achieve maximum trust level
  1560. +.Ic trustlevel_max
  1561. +\&. This trust level is preceded by trust level
  1562. +.Ic trustlevel_pathetic
  1563. +and followed by trust level
  1564. +.Ic trustlevel_aggressive
  1565. +\&.
  1566. +.Pp
  1567. +A NTP server having trust level value
  1568. +.Ic trustlevel_badpeer
  1569. +, or value greater than
  1570. +.Ic trustlevel_pathetic
  1571. +but less than
  1572. +.Ic trustlevel_aggressive
  1573. +uses remote NTP query interval value
  1574. +.Ic interval_query_aggressive
  1575. +\&.
  1576. +.Pp
  1577. +In a case of NTP server reply time out, if the server has at
  1578. +least trust level value
  1579. +.Ic trustlevel_badpeer
  1580. +and the trust level value divided by 2 is less than the
  1581. +.Ic trustlevel_badpeer
  1582. +value, the server will be invalidated and falls back to
  1583. +initial trust level
  1584. +.Ic trustlevel_pathetic
  1585. +\&.
  1586. +.Bd -literal -offset indent
  1587. +.Bl -tag -width "Default:" -compact
  1588. +.It Default:
  1589. +6
  1590. +.El
  1591. +.Ed
  1592. +.It Ic trustlevel_aggressive Ar number
  1593. +Aggressive trust level is preceded by trust level
  1594. +.Ic trustlevel_badpeer
  1595. +and followed by trust level
  1596. +.Ic trustlevel_max
  1597. +\&. If a remote NTP server current trust level is at least value
  1598. +.Ic trustlevel_pathetic
  1599. +but less than this value, used remote NTP query interval is
  1600. +determined by value
  1601. +.Ic interval_query_aggressive
  1602. +\&. A server with exact trust level
  1603. +.Ic trustlevel_aggressive
  1604. +uses query interval
  1605. +.Ic interval_query_normal
  1606. +(see
  1607. +.Ic trustlevel_max
  1608. +below).
  1609. +.Bd -literal -offset indent
  1610. +.Bl -tag -width "Default:" -compact
  1611. +.It Default:
  1612. +8
  1613. +.El
  1614. +.Ed
  1615. +.It Ic trustlevel_max Ar number
  1616. +Maximum trust level follows trust level
  1617. +.Ic trustlevel_aggressive
  1618. +\&. This is the maximum trust level which a remote
  1619. +NTP server can achieve. A server having at least trust level of
  1620. +.Ic trustlevel_aggressive
  1621. +uses remote NTP query interval value
  1622. +.Ic interval_query_normal
  1623. +\&.
  1624. +.Bd -literal -offset indent
  1625. +.Bl -tag -width "Default:" -compact
  1626. +.It Default:
  1627. +10
  1628. +.El
  1629. +.Ed
  1630. +.It Ic interval_query_pathetic Ar seconds
  1631. +Remote NTP server query interval in seconds for servers with
  1632. +a trust level value less than
  1633. +.Ic trustlevel_pathetic
  1634. +\&. Practically never used.
  1635. +This value is not the final query interval value but used
  1636. +in a combination with a dynamic offset scale value, determined by
  1637. +.Ic qscale_off_min
  1638. +and
  1639. +.Ic qscale_off_max
  1640. +\&.
  1641. +.Bd -literal -offset indent
  1642. +.Bl -tag -width "Default:" -compact
  1643. +.It Default:
  1644. +60
  1645. +.El
  1646. +.Ed
  1647. +.It Ic interval_query_ultra_violence Ar seconds
  1648. +Remote NTP server query interval in seconds for servers
  1649. +with a trust level value greater than
  1650. +.Ic trustlevel_pathetic
  1651. +but less than
  1652. +.Ic trustlevel_aggressive
  1653. +in a case where a NTP peer does not still have large enough
  1654. +pool of already queried offset time values for its offset
  1655. +time median calculation (checked against value
  1656. +.Ic auto replies
  1657. +) or is not
  1658. +.Ic trusted
  1659. +, interval value
  1660. +.Ic interval_query_ultra_violence
  1661. +may be triggered. Applies only to NTP offset calculation
  1662. +automatic mode.
  1663. +.Pp
  1664. +In most cases,
  1665. +.Ic interval_query_aggressive
  1666. +is used instead. Dynamic offset scale value factors
  1667. +.Ic qscale_off_min
  1668. +and
  1669. +.Ic qscale_off_max
  1670. +are ignored.
  1671. +.Bd -literal -offset indent
  1672. +.Bl -tag -width "Default:" -compact
  1673. +.It Default:
  1674. +1
  1675. +.El
  1676. +.Ed
  1677. +.It Ic interval_query_aggressive Ar seconds
  1678. +Remote NTP server query interval in seconds for servers
  1679. +with a trust level value greater than
  1680. +.Ic trustlevel_pathetic
  1681. +but less than
  1682. +.Ic trustlevel_aggressive
  1683. +\&. Applies only, if automatic NTP peer query state is finished.
  1684. +This value is not the final query interval value but used
  1685. +in a combination with a dynamic offset scale value, determined by
  1686. +.Ic qscale_off_min
  1687. +and
  1688. +.Ic qscale_off_max
  1689. +\&.
  1690. +.Bd -literal -offset indent
  1691. +.Bl -tag -width "Default:" -compact
  1692. +.It Default:
  1693. +5
  1694. +.El
  1695. +.Ed
  1696. +.It Ic interval_query_normal Ar seconds
  1697. +Remote NTP server query interval in seconds for servers with
  1698. +a trust level value between
  1699. +.Ic trustlevel_aggressive
  1700. +and
  1701. +.Ic trustlevel_max
  1702. +\&. This value is not the final query interval value but used
  1703. +in a combination with a dynamic offset scale value, determined by
  1704. +.Ic qscale_off_min
  1705. +and
  1706. +.Ic qscale_off_max
  1707. +\&.
  1708. +.Bd -literal -offset indent
  1709. +.Bl -tag -width "Default:" -compact
  1710. +.It Default:
  1711. +30
  1712. +.El
  1713. +.Ed
  1714. +.It Ic interval_query_timeout Ar seconds
  1715. +Retry time in seconds after failed connection attempt to a remote NTP server.
  1716. +.Bd -literal -offset indent
  1717. +.Bl -tag -width "Default:" -compact
  1718. +.It Default:
  1719. +300
  1720. +.El
  1721. +.Ed
  1722. +.It Ic log_negligible_adjfreq Ar ppm
  1723. +Negligible frequency rate to not log in PPM.
  1724. +.Bd -literal -offset indent
  1725. +.Bl -tag -width "Default:" -compact
  1726. +.It Default:
  1727. +0.05
  1728. +.El
  1729. +.Ed
  1730. +.It Ic log_negligible_adjtime Ar milliseconds
  1731. +Negligible drift time to not log in milliseconds.
  1732. +.Bd -literal -offset indent
  1733. +.Bl -tag -width "Default:" -compact
  1734. +.It Default:
  1735. +32
  1736. +.El
  1737. +.Ed
  1738. +.It Ic max_frequency_adjust Ar decimal
  1739. +Maximum allowed frequency correction per iteration.
  1740. +.Bd -literal -offset indent
  1741. +.Bl -tag -width "Default:" -compact
  1742. +.It Default:
  1743. +0.0128
  1744. +.El
  1745. +.Ed
  1746. +.It Ic max_send_errors Ar number
  1747. +Maximum number of errors tolerated before reconnecting to a remote NTP server.
  1748. +.Bd -literal -offset indent
  1749. +.Bl -tag -width "Default:" -compact
  1750. +.It Default:
  1751. +3
  1752. +.El
  1753. +.Ed
  1754. +.It Ic max_servers_dns Ar number
  1755. +Maximum number of remote NTP server IP addresses fetched per DNS query.
  1756. +.Bd -literal -offset indent
  1757. +.Bl -tag -width "Default:" -compact
  1758. +.It Default:
  1759. +8
  1760. +.El
  1761. +.Ed
  1762. +.It Ic ntpd_user Ar user name
  1763. +.Xr ntpd 8
  1764. +process user name. Group name and working directory are internally fetched by
  1765. +.Xr getpwnam 3
  1766. +\&.
  1767. +.Bd -literal -offset indent
  1768. +.Bl -tag -width "Default:" -compact
  1769. +.It Default:
  1770. +ntp
  1771. +.El
  1772. +.Ed
  1773. +.It Ic qscale_off_min Ar decimal
  1774. +Minimum scale value used for dynamically adjusting NTP server query
  1775. +interval time. If median NTP server & sensor offset value is lower
  1776. +than this value, then this value is used for scale calculation as
  1777. +minimum value. Otherwise, the offset value is used as minimum
  1778. +value. The offset value is a combined median value, based on all
  1779. +NTP server & sensor offset values.
  1780. +.Pp
  1781. +The determined frequency scale is
  1782. +.Ic qscale_off_max
  1783. +/ {
  1784. +.Ic qscale_off_min
  1785. +OR median offset }
  1786. +\&.
  1787. +.Pp
  1788. +In the end, the calculated scale value is multiplied one of
  1789. +.Ic interval_query_*
  1790. +values (pathetic, aggressive, normal)
  1791. +on a client side, and ultimately used for dynamic adjustment of
  1792. +client-side NTP server query interval time for
  1793. +.Xr ntpd 8
  1794. +process.
  1795. +.Bd -literal -offset indent
  1796. +.Bl -tag -width "Default:" -compact
  1797. +.It Default:
  1798. +0.001
  1799. +.El
  1800. +.Ed
  1801. +.It Ic qscale_off_max Ar decimal
  1802. +Maximum scale value used for dynamically adjusting NTP server query
  1803. +interval time. This value is used either with a median NTP server &
  1804. +sensor offset value, described in
  1805. +.Ic qscale_off_min
  1806. +section, or directly with the value
  1807. +.Ic qscale_off_min
  1808. +\&. The more detailed description about further use of this value is above
  1809. +and in
  1810. +.Ic interval_query_*
  1811. +sections.
  1812. +.Bd -literal -offset indent
  1813. +.Bl -tag -width "Default:" -compact
  1814. +.It Default:
  1815. +0.050
  1816. +.El
  1817. +.Ed
  1818. +.It Ic querytime_max Ar seconds
  1819. +Maximum time reserved for a single NTP server query in seconds.
  1820. +.Bd -literal -offset indent
  1821. +.Bl -tag -width "Default:" -compact
  1822. +.It Default:
  1823. +15
  1824. +.El
  1825. +.Ed
  1826. +.It Ic sensor_data_maxage Ar seconds
  1827. +Sensor data maximum valid age in seconds.
  1828. +.Bd -literal -offset indent
  1829. +.Bl -tag -width "Default:" -compact
  1830. +.It Default:
  1831. +900
  1832. +.El
  1833. +.Ed
  1834. +.It Ic sensor_default_refid Ar string
  1835. +Sensor default reference ID string.
  1836. +.Bd -literal -offset indent
  1837. +.Bl -tag -width "Default:" -compact
  1838. +.It Default:
  1839. +"HARD"
  1840. +.El
  1841. +.Ed
  1842. +.It Ic sensor_query_interval Ar seconds
  1843. +Sensor query interval in seconds.
  1844. +.Bd -literal -offset indent
  1845. +.Bl -tag -width "Default:" -compact
  1846. +.It Default:
  1847. +15
  1848. +.El
  1849. +.Ed
  1850. +.It Ic sensor_scan_interval Ar seconds
  1851. +Scan interval for new sensors in seconds.
  1852. +.Bd -literal -offset indent
  1853. +.Bl -tag -width "Default:" -compact
  1854. +.It Default:
  1855. +60
  1856. +.El
  1857. +.Ed
  1858. +.It Ic settime_timeout Ar seconds
  1859. +Maximum time to wait for a constraint to reply during OpenNTPD initial automatic mode.
  1860. +.Bd -literal -offset indent
  1861. +.Bl -tag -width "Default:" -compact
  1862. +.It Default:
  1863. +100
  1864. +.Ed
  1865. +.El
  1866. .Sh FILES
  1867. .Bl -tag -width /etc/examples/ntpd.conf -compact
  1868. .It Pa /etc/ntpd.conf
  1869. Default
  1870. .Xr ntpd 8
  1871. configuration file.
  1872. +.It Pa /var/db/ntpd.drift
  1873. +Default drift file.
  1874. +.It Pa /var/run/ntpd.sock
  1875. +Default socket file for communication with
  1876. +.Xr ntpctl 8 .
  1877. .It Pa /etc/examples/ntpd.conf
  1878. Example configuration file.
  1879. .El
  1880. --- a/src/client.c 2020-08-03 23:12:14.368300303 +0300
  1881. +++ b/src/client.c 2020-08-03 23:09:41.036264088 +0300
  1882. @@ -279,7 +279,7 @@ handle_auto(uint8_t trusted, double offs
  1883. }
  1884. /* collect some more */
  1885. v[count++] = offset;
  1886. - if (count < AUTO_REPLIES)
  1887. + if (count < conf->auto_replies)
  1888. return;
  1889. /* we have enough */