OpenNTPD daemon with OpenSSL implementation & flexible configurability
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1905 lines
60 KiB

  1. From: Pekka Helenius <fincer89@hotmail.com>
  2. Date: Sun, 02 Aug 2020 14:12:40 +0300
  3. Subject: Unhardcode majority of configuration settings, update manual
  4. --- a/src/sensors.c 2020-07-31 23:58:46.000000000 +0300
  5. +++ b/src/sensors.c 2020-08-01 12:22:05.214766958 +0300
  6. @@ -145,7 +145,7 @@ sensor_add(int sensordev, char *dxname)
  7. s->sensordevid = sensordev;
  8. if (cs->refstr == NULL)
  9. - memcpy(&s->refid, SENSOR_DEFAULT_REFID, sizeof(s->refid));
  10. + memcpy(&s->refid, conf->sensor_default_refid, sizeof(s->refid));
  11. else {
  12. s->refid = 0;
  13. strncpy((char *)&s->refid, cs->refstr, sizeof(s->refid));
  14. @@ -174,12 +174,12 @@ sensor_query(struct ntp_sensor *s)
  15. double sens_time;
  16. if (conf->settime)
  17. - s->next = getmonotime() + SENSOR_QUERY_INTERVAL_SETTIME;
  18. + s->next = getmonotime() + conf->sensor_query_interval_settime;
  19. else
  20. - s->next = getmonotime() + SENSOR_QUERY_INTERVAL;
  21. + s->next = getmonotime() + conf->sensor_query_interval;
  22. /* rcvd is walltime here, monotime in client.c. not used elsewhere */
  23. - if (s->update.rcvd < time(NULL) - SENSOR_DATA_MAXAGE)
  24. + if (s->update.rcvd < time(NULL) - conf->sensor_data_maxage)
  25. s->update.good = 0;
  26. if (!sensor_probe(s->sensordevid, dxname, &sensor)) {
  27. @@ -234,7 +234,7 @@ sensor_query(struct ntp_sensor *s)
  28. log_debug("sensor %s: offset %f", s->device,
  29. s->offsets[s->shift].offset);
  30. - if (++s->shift >= SENSOR_OFFSETS) {
  31. + if (++s->shift >= conf->sensor_offsets) {
  32. s->shift = 0;
  33. sensor_update(s);
  34. }
  35. @@ -247,19 +247,19 @@ sensor_update(struct ntp_sensor *s)
  36. struct ntp_offset **offsets;
  37. int i;
  38. - if ((offsets = calloc(SENSOR_OFFSETS, sizeof(struct ntp_offset *))) ==
  39. + if ((offsets = calloc(conf->sensor_offsets, sizeof(struct ntp_offset *))) ==
  40. NULL)
  41. fatal("sensor %s: can't allocate memory for data update", s->device);
  42. - for (i = 0; i < SENSOR_OFFSETS; i++)
  43. + for (i = 0; i < conf->sensor_offsets; i++)
  44. offsets[i] = &s->offsets[i];
  45. - qsort(offsets, SENSOR_OFFSETS, sizeof(struct ntp_offset *),
  46. + qsort(offsets, conf->sensor_offsets, sizeof(struct ntp_offset *),
  47. offset_compare);
  48. - i = SENSOR_OFFSETS / 2;
  49. + i = conf->sensor_offsets / 2;
  50. memcpy(&s->update, offsets[i], sizeof(s->update));
  51. - if (SENSOR_OFFSETS % 2 == 0) {
  52. + if (conf->sensor_offsets % 2 == 0) {
  53. s->update.offset =
  54. (offsets[i - 1]->offset + offsets[i]->offset) / 2;
  55. }
  56. --- a/src/ntpd.c 2020-08-01 16:07:32.660248971 +0300
  57. +++ b/src/ntpd.c 2020-08-01 17:13:23.406919806 +0300
  58. @@ -135,7 +135,7 @@ auto_preconditions(const struct ntpd_con
  59. #endif
  60. constraints = !TAILQ_EMPTY(&cnf->constraints);
  61. return !cnf->settime && (constraints || cnf->trusted_peers ||
  62. - conf->trusted_sensors) && securelevel == 0;
  63. + cnf->trusted_sensors) && securelevel == 0;
  64. }
  65. #define POLL_MAX 8
  66. @@ -195,14 +195,14 @@ main(int argc, char *argv[])
  67. switch (ch) {
  68. case 'd':
  69. lconf.debug = 1;
  70. - lconf.verbose = 2;
  71. + lconf.verbose = 2;
  72. break;
  73. case 'f':
  74. conffile = optarg;
  75. break;
  76. case 'n':
  77. lconf.debug = 1;
  78. - lconf.verbose = 2;
  79. + lconf.verbose = 2;
  80. lconf.noaction = 1;
  81. break;
  82. case 'P':
  83. @@ -253,8 +253,8 @@ main(int argc, char *argv[])
  84. if (geteuid())
  85. errx(1, "main process: need root privileges");
  86. - if ((pw = getpwnam(NTPD_USER)) == NULL)
  87. - errx(1, "main process: unknown user %s", NTPD_USER);
  88. + if ((pw = getpwnam(conf->ntpd_user)) == NULL)
  89. + errx(1, "main process: unknown user %s", conf->ntpd_user);
  90. lconf.automatic = auto_preconditions(&lconf);
  91. if (lconf.automatic)
  92. @@ -277,7 +277,7 @@ main(int argc, char *argv[])
  93. fatalx("main process: process '%s' failed (%s)", pname, __func__);
  94. } else {
  95. - if ((control_check(CTLSOCKET)) == -1)
  96. + if ((control_check(conf->ctlsocket)) == -1)
  97. fatalx("OpenNTPD is already running");
  98. }
  99. @@ -295,7 +295,7 @@ main(int argc, char *argv[])
  100. }
  101. } else {
  102. settime_deadline = getmonotime();
  103. - timeout = 100;
  104. + timeout = conf->settime_timeout;
  105. }
  106. if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, PF_UNSPEC,
  107. @@ -311,6 +311,10 @@ main(int argc, char *argv[])
  108. start_child(NTP_PROC_NAME, pipe_chld[1], argc0, argv0);
  109. log_procinit("[priv]");
  110. +
  111. + if (lconf.debug)
  112. + print_conf(&lconf);
  113. +
  114. readfreq();
  115. signal(SIGTERM, sighdlr);
  116. @@ -370,7 +374,7 @@ main(int argc, char *argv[])
  117. }
  118. if (nfds == 0 && lconf.settime &&
  119. - getmonotime() > settime_deadline + SETTIME_TIMEOUT) {
  120. + getmonotime() > settime_deadline + conf->settime_timeout) {
  121. lconf.settime = 0;
  122. timeout = INFTIM;
  123. log_init(logdest, lconf.verbose, LOG_DAEMON);
  124. @@ -520,7 +524,7 @@ ntpd_adjtime(double d)
  125. {
  126. int synced = 0;
  127. static int firstadj = 1;
  128. - double threshold = (double)LOG_NEGLIGIBLE_ADJTIME / 1000;
  129. + double threshold = (double)conf->log_negligible_adjtime / 1000;
  130. d += getoffset();
  131. if (d >= threshold || d <= -1 * threshold)
  132. @@ -581,8 +585,8 @@ ntpd_adjfreq(double relfreq, int wrlog)
  133. r = writefreq(curfreq / 1e9 / (1LL << 32));
  134. ppmfreq = relfreq * 1e6;
  135. if (wrlog) {
  136. - if (ppmfreq >= LOG_NEGLIGIBLE_ADJFREQ ||
  137. - ppmfreq <= -LOG_NEGLIGIBLE_ADJFREQ)
  138. + if (ppmfreq >= conf->log_negligible_adjfreq ||
  139. + ppmfreq <= -(conf->log_negligible_adjfreq))
  140. log_info("main process: adjusting clock frequency by %f to %f ppm%s",
  141. ppmfreq, curfreq / 1e3 / (1LL << 32),
  142. r ? "" : " (no drift file)");
  143. @@ -634,13 +638,13 @@ readfreq(void)
  144. int fd;
  145. double d;
  146. - fd = open(DRIFTFILE, O_RDWR);
  147. + fd = open(conf->driftfile, O_RDWR);
  148. if (fd == -1) {
  149. - log_warnx("main process: creating new drift file %s", DRIFTFILE);
  150. + log_warnx("main process: creating new drift file %s", conf->driftfile);
  151. current = 0;
  152. if (adjfreq(&current, NULL) == -1)
  153. log_warn("main process: frequency reset failed");
  154. - freqfp = fopen(DRIFTFILE, "w");
  155. + freqfp = fopen(conf->driftfile, "w");
  156. return;
  157. }
  158. @@ -654,7 +658,7 @@ readfreq(void)
  159. d /= 1e6; /* scale from ppm */
  160. ntpd_adjfreq(d, 0);
  161. } else
  162. - log_warnx("main process: drift file %s is empty", DRIFTFILE);
  163. + log_warnx("main process: drift file %s is empty", conf->driftfile);
  164. }
  165. }
  166. @@ -671,7 +675,7 @@ writefreq(double d)
  167. r = fprintf(freqfp, "%.3f\n", d * 1e6); /* scale to ppm */
  168. if (r < 0 || fflush(freqfp) != 0) {
  169. if (warnonce) {
  170. - log_warnx("main process: can't write drift file %s", DRIFTFILE);
  171. + log_warnx("main process: can't write drift file %s", conf->driftfile);
  172. warnonce = 0;
  173. }
  174. clearerr(freqfp);
  175. @@ -679,7 +683,7 @@ writefreq(double d)
  176. }
  177. off = ftello(freqfp);
  178. if (off == -1 || ftruncate(fileno(freqfp), off) == -1)
  179. - log_warnx("main process: can't truncate drift file %s", DRIFTFILE);
  180. + log_warnx("main process: can't truncate drift file %s", conf->driftfile);
  181. fsync(fileno(freqfp));
  182. return 1;
  183. }
  184. @@ -693,7 +697,7 @@ ctl_main(int argc, char *argv[])
  185. int fd, n, done, ch, action;
  186. char *sockname;
  187. - sockname = CTLSOCKET;
  188. + sockname = conf->ctlsocket;
  189. if (argc < 2) {
  190. usage();
  191. @@ -932,7 +936,7 @@ show_peer_msg(struct imsg *imsg, int cal
  192. cpeer = (struct ctl_show_peer *)imsg->data;
  193. - if (strlen(cpeer->peer_desc) > MAX_DISPLAY_WIDTH - 1)
  194. + if (strlen(cpeer->peer_desc) > conf->max_display_width - 1)
  195. fatalx("ntpctl: NTP peer description is too long");
  196. if (firsttime) {
  197. @@ -953,7 +957,7 @@ show_peer_msg(struct imsg *imsg, int cal
  198. cpeer->weight, cpeer->trustlevel, stratum,
  199. (long long)cpeer->next, (long long)cpeer->poll);
  200. - if (cpeer->trustlevel >= TRUSTLEVEL_BADPEER)
  201. + if (cpeer->trustlevel >= conf->trustlevel_badpeer)
  202. printf(" %12.3fms %9.3fms %8.3fms\n", cpeer->offset,
  203. cpeer->delay, cpeer->jitter);
  204. else
  205. @@ -982,7 +986,7 @@ show_sensor_msg(struct imsg *imsg, int c
  206. csensor = (struct ctl_show_sensor *)imsg->data;
  207. - if (strlen(csensor->sensor_desc) > MAX_DISPLAY_WIDTH - 1)
  208. + if (strlen(csensor->sensor_desc) > conf->max_display_width - 1)
  209. fatalx("ntpctl: sensor description is too long");
  210. if (firsttime) {
  211. --- a/src/ntp.c 2020-08-01 15:22:42.000000000 +0300
  212. +++ b/src/ntp.c 2020-08-01 18:38:24.803591850 +0300
  213. @@ -55,7 +55,7 @@ int ntp_dispatch_imsg_dns(void);
  214. void peer_add(struct ntp_peer *);
  215. void peer_remove(struct ntp_peer *);
  216. int inpool(struct sockaddr_storage *,
  217. - struct sockaddr_storage[MAX_SERVERS_DNS], size_t);
  218. + struct sockaddr_storage[conf->max_servers_dns], size_t);
  219. void
  220. ntp_sighdlr(int sig)
  221. @@ -258,12 +258,12 @@ ntp_main(struct ntpd_conf *nconf, struct
  222. sent_cnt++;
  223. }
  224. if (p->deadline > 0 && p->deadline <= getmonotime()) {
  225. - timeout = 300;
  226. + timeout = conf->interval_query_timeout;
  227. log_debug("NTP client: NTP peer %s - no reply received in time, "
  228. "next query in %ds", log_sockaddr(
  229. (struct sockaddr *)&p->addr->ss), timeout);
  230. - if (p->trustlevel >= TRUSTLEVEL_BADPEER &&
  231. - (p->trustlevel /= 2) < TRUSTLEVEL_BADPEER)
  232. + if (p->trustlevel >= conf->trustlevel_badpeer &&
  233. + (p->trustlevel /= 2) < conf->trustlevel_badpeer)
  234. log_info("NTP client: NTP peer %s is invalid now",
  235. log_sockaddr(
  236. (struct sockaddr *)&p->addr->ss));
  237. @@ -273,17 +273,17 @@ ntp_main(struct ntpd_conf *nconf, struct
  238. }
  239. set_next(p, timeout);
  240. }
  241. - if (p->senderrors > MAX_SEND_ERRORS) {
  242. + if (p->senderrors > conf->max_send_errors) {
  243. log_debug("NTP client: NTP peer %s - failed to send query, "
  244. "next query in %ds", log_sockaddr(
  245. (struct sockaddr *)&p->addr->ss),
  246. - INTERVAL_QUERY_PATHETIC);
  247. + conf->interval_query_pathetic);
  248. p->senderrors = 0;
  249. if (client_nextaddr(p) == 1) {
  250. peer_addr_head_clear(p);
  251. client_nextaddr(p);
  252. }
  253. - set_next(p, INTERVAL_QUERY_PATHETIC);
  254. + set_next(p, conf->interval_query_pathetic);
  255. }
  256. if (p->next > 0 && p->next < nextaction)
  257. nextaction = p->next;
  258. @@ -304,13 +304,13 @@ ntp_main(struct ntpd_conf *nconf, struct
  259. (conf->trusted_sensors || constraint_cnt == 0 ||
  260. conf->constraint_median != 0)) {
  261. if (last_sensor_scan == 0 ||
  262. - last_sensor_scan + SENSOR_SCAN_INTERVAL <= getmonotime()) {
  263. + last_sensor_scan + conf->sensor_scan_interval <= getmonotime()) {
  264. sensors_cnt = sensor_scan();
  265. last_sensor_scan = getmonotime();
  266. }
  267. if (sensors_cnt == 0 &&
  268. - nextaction > last_sensor_scan + SENSOR_SCAN_INTERVAL)
  269. - nextaction = last_sensor_scan + SENSOR_SCAN_INTERVAL;
  270. + nextaction > last_sensor_scan + conf->sensor_scan_interval)
  271. + nextaction = last_sensor_scan + conf->sensor_scan_interval;
  272. sensors_cnt = 0;
  273. TAILQ_FOREACH(s, &conf->ntp_sensors, entry) {
  274. if (conf->settime && s->offsets[0].offset)
  275. @@ -482,7 +482,7 @@ ntp_dispatch_imsg(void)
  276. int
  277. inpool(struct sockaddr_storage *a,
  278. - struct sockaddr_storage old[MAX_SERVERS_DNS], size_t n)
  279. + struct sockaddr_storage old[conf->max_servers_dns], size_t n)
  280. {
  281. size_t i;
  282. @@ -506,7 +506,7 @@ int
  283. ntp_dispatch_imsg_dns(void)
  284. {
  285. struct imsg imsg;
  286. - struct sockaddr_storage existing[MAX_SERVERS_DNS];
  287. + struct sockaddr_storage existing[conf->max_servers_dns];
  288. struct ntp_peer *peer, *npeer, *tmp;
  289. u_int16_t dlen;
  290. u_char *p;
  291. @@ -558,7 +558,7 @@ ntp_dispatch_imsg_dns(void)
  292. if (dlen == 0) { /* no data -> temp error */
  293. log_warnx("DNS lookup temporary failed");
  294. peer->state = STATE_DNS_TEMPFAIL;
  295. - if (conf->tmpfail++ == TRIES_AUTO_DNSFAIL)
  296. + if (conf->tmpfail++ == conf->tries_auto_dnsfail)
  297. priv_settime(0, "of DNS failures");
  298. break;
  299. }
  300. @@ -690,7 +690,7 @@ priv_adjfreq(double offset)
  301. conf->freq.y += offset;
  302. conf->freq.xx += curtime * curtime;
  303. - if (conf->freq.samples % FREQUENCY_SAMPLES != 0)
  304. + if (conf->freq.samples % conf->frequency_samples != 0)
  305. return;
  306. freq =
  307. @@ -698,10 +698,10 @@ priv_adjfreq(double offset)
  308. /
  309. (conf->freq.xx - conf->freq.x * conf->freq.x / conf->freq.samples);
  310. - if (freq > MAX_FREQUENCY_ADJUST)
  311. - freq = MAX_FREQUENCY_ADJUST;
  312. - else if (freq < -MAX_FREQUENCY_ADJUST)
  313. - freq = -MAX_FREQUENCY_ADJUST;
  314. + if (freq > conf->max_frequency_adjust)
  315. + freq = conf->max_frequency_adjust;
  316. + else if (freq < -(conf->max_frequency_adjust))
  317. + freq = -(conf->max_frequency_adjust);
  318. imsg_compose(ibuf_main, IMSG_ADJFREQ, 0, 0, -1, &freq, sizeof(freq));
  319. conf->filters |= FILTER_ADJFREQ;
  320. @@ -724,7 +724,7 @@ priv_adjtime(void)
  321. double offset_median;
  322. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  323. - if (p->trustlevel < TRUSTLEVEL_BADPEER)
  324. + if (p->trustlevel < conf->trustlevel_badpeer)
  325. continue;
  326. if (!p->update.good)
  327. return (1);
  328. @@ -744,7 +744,7 @@ priv_adjtime(void)
  329. fatal("main process: can't allocate memory for time adjustment");
  330. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  331. - if (p->trustlevel < TRUSTLEVEL_BADPEER)
  332. + if (p->trustlevel < conf->trustlevel_badpeer)
  333. continue;
  334. for (j = 0; j < p->weight; j++)
  335. offsets[i++] = &p->update;
  336. @@ -784,12 +784,12 @@ priv_adjtime(void)
  337. free(offsets);
  338. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  339. - for (i = 0; i < OFFSET_ARRAY_SIZE; i++)
  340. + for (i = 0; i < conf->offset_array_size; i++)
  341. p->reply[i].offset -= offset_median;
  342. p->update.good = 0;
  343. }
  344. TAILQ_FOREACH(s, &conf->ntp_sensors, entry) {
  345. - for (i = 0; i < SENSOR_OFFSETS; i++)
  346. + for (i = 0; i < conf->sensor_offsets; i++)
  347. s->offsets[i].offset -= offset_median;
  348. s->update.offset -= offset_median;
  349. }
  350. @@ -841,13 +841,13 @@ update_scale(double offset)
  351. if (offset < 0)
  352. offset = -offset;
  353. - if (offset > QSCALE_OFF_MAX || !conf->status.synced ||
  354. + if (offset > conf->qscale_off_max || !conf->status.synced ||
  355. conf->freq.num < 3)
  356. conf->scale = 1;
  357. - else if (offset < QSCALE_OFF_MIN)
  358. - conf->scale = QSCALE_OFF_MAX / QSCALE_OFF_MIN;
  359. + else if (offset < conf->qscale_off_min)
  360. + conf->scale = conf->qscale_off_max / conf->qscale_off_min;
  361. else
  362. - conf->scale = QSCALE_OFF_MAX / offset;
  363. + conf->scale = conf->qscale_off_max / offset;
  364. }
  365. time_t
  366. @@ -865,7 +865,7 @@ error_interval(void)
  367. {
  368. time_t interval, r;
  369. - interval = INTERVAL_QUERY_PATHETIC * QSCALE_OFF_MAX / QSCALE_OFF_MIN;
  370. + interval = conf->interval_query_pathetic * conf->qscale_off_max / conf->qscale_off_min;
  371. r = arc4random_uniform(interval / 10);
  372. return (interval + r);
  373. }
  374. --- a/src/control.c 2020-07-31 23:23:56.000000000 +0300
  375. +++ b/src/control.c 2020-08-01 11:49:36.991431574 +0300
  376. @@ -317,7 +317,7 @@ build_show_status(struct ctl_show_status
  377. TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
  378. cs->peercnt++;
  379. - if (p->trustlevel >= TRUSTLEVEL_BADPEER)
  380. + if (p->trustlevel >= conf->trustlevel_badpeer)
  381. cs->valid_peers++;
  382. }
  383. TAILQ_FOREACH(s, &conf->ntp_sensors, entry) {
  384. @@ -362,7 +362,7 @@ build_show_peer(struct ctl_show_peer *cp
  385. validdelaycnt = best = 0;
  386. cp->offset = cp->delay = 0.0;
  387. - for (shift = 0; shift < OFFSET_ARRAY_SIZE; shift++) {
  388. + for (shift = 0; shift < conf->offset_array_size; shift++) {
  389. if (p->reply[shift].delay > 0.0) {
  390. cp->offset += p->reply[shift].offset;
  391. cp->delay += p->reply[shift].delay;
  392. @@ -381,7 +381,7 @@ build_show_peer(struct ctl_show_peer *cp
  393. jittercnt = 0;
  394. cp->jitter = 0.0;
  395. - for (shift = 0; shift < OFFSET_ARRAY_SIZE; shift++) {
  396. + for (shift = 0; shift < conf->offset_array_size; shift++) {
  397. if (p->reply[shift].delay > 0.0 && shift != best) {
  398. cp->jitter += square(p->reply[shift].delay -
  399. p->reply[best].delay);
  400. @@ -393,7 +393,7 @@ build_show_peer(struct ctl_show_peer *cp
  401. cp->jitter = sqrt(cp->jitter);
  402. if (p->shift == 0)
  403. - shift = OFFSET_ARRAY_SIZE - 1;
  404. + shift = conf->offset_array_size - 1;
  405. else
  406. shift = p->shift - 1;
  407. @@ -424,14 +424,14 @@ build_show_sensor(struct ctl_show_sensor
  408. now = getmonotime();
  409. - memcpy(&refid, SENSOR_DEFAULT_REFID, sizeof(refid));
  410. + memcpy(&refid, conf->sensor_default_refid, sizeof(refid));
  411. refid = refid == s->refid ? 0 : s->refid;
  412. snprintf(cs->sensor_desc, sizeof(cs->sensor_desc),
  413. "%s %.4s", s->device, (char *)&refid);
  414. if (s->shift == 0)
  415. - shift = SENSOR_OFFSETS - 1;
  416. + shift = conf->sensor_offsets - 1;
  417. else
  418. shift = s->shift - 1;
  419. @@ -445,7 +445,7 @@ build_show_sensor(struct ctl_show_sensor
  420. cs->good = s->update.good;
  421. cs->stratum = s->offsets[shift].status.stratum;
  422. cs->next = s->next - now < 0 ? 0 : s->next - now;
  423. - cs->poll = SENSOR_QUERY_INTERVAL;
  424. + cs->poll = conf->sensor_query_interval;
  425. cs->offset = s->offsets[shift].offset * 1000.0;
  426. cs->correction = (double)s->correction / 1000.0;
  427. }
  428. --- a/src/constraint.c 2020-08-02 01:57:36.430286127 +0300
  429. +++ b/src/constraint.c 2020-08-02 01:57:57.020286149 +0300
  430. @@ -165,8 +165,8 @@ constraint_query(struct constraint *cstr
  431. /* Proceed and query the time */
  432. break;
  433. case STATE_DNS_TEMPFAIL:
  434. - if (now > cstr->last + (cstr->dnstries >= TRIES_AUTO_DNSFAIL ?
  435. - CONSTRAINT_RETRY_INTERVAL : INTERVAL_AUIO_DNSFAIL)) {
  436. + if (now > cstr->last + (cstr->dnstries >= conf->tries_auto_dnsfail ?
  437. + conf->constraint_retry_interval : conf->interval_auto_dnsfail)) {
  438. cstr->dnstries++;
  439. /* Retry resolving the address */
  440. constraint_init(cstr);
  441. @@ -174,7 +174,7 @@ constraint_query(struct constraint *cstr
  442. }
  443. return (-1);
  444. case STATE_QUERY_SENT:
  445. - if (cstr->last + CONSTRAINT_SCAN_TIMEOUT > now) {
  446. + if (cstr->last + conf->constraint_scan_timeout > now) {
  447. /* The caller should expect a reply */
  448. return (0);
  449. }
  450. @@ -186,7 +186,7 @@ constraint_query(struct constraint *cstr
  451. cstr->state = STATE_TIMEOUT;
  452. return (-1);
  453. case STATE_INVALID:
  454. - if (cstr->last + CONSTRAINT_SCAN_INTERVAL > now) {
  455. + if (cstr->last + conf->constraint_scan_interval > now) {
  456. /* Nothing to do */
  457. return (-1);
  458. }
  459. @@ -745,7 +745,7 @@ constraint_msg_close(u_int32_t id, u_int
  460. log_debug("constraint %s: no reply"
  461. " received in time, next query in %ds",
  462. log_sockaddr((struct sockaddr *)
  463. - &cstr->addr->ss), CONSTRAINT_SCAN_INTERVAL);
  464. + &cstr->addr->ss), conf->constraint_scan_interval);
  465. cnt = 0;
  466. TAILQ_FOREACH(tmp, &conf->constraints, entry)
  467. @@ -920,9 +920,9 @@ constraint_check(double val)
  468. tv.tv_usec = 0;
  469. diff = fabs(val - gettime_from_timeval(&tv));
  470. - if (diff > CONSTRAINT_MARGIN) {
  471. + if (diff > conf->constraint_margin) {
  472. if (conf->constraint_errors++ >
  473. - (CONSTRAINT_ERROR_MARGIN * peer_cnt)) {
  474. + (conf->constraint_error_margin * peer_cnt)) {
  475. constraint_reset();
  476. }
  477. @@ -999,7 +999,7 @@ int
  478. httpsdate_request(struct httpsdate *httpsdate, struct timeval *when)
  479. {
  480. char timebuf1[32], timebuf2[32];
  481. - size_t outlen = 0, maxlength = CONSTRAINT_MAXHEADERLENGTH, len;
  482. + size_t outlen = 0, maxlength = conf->constraint_maxheaderlength, len;
  483. char *line, *p, *buf;
  484. time_t httptime, notbefore, notafter;
  485. struct tm *tm;
  486. --- a/src/config.c 2020-08-01 01:02:14.000000000 +0300
  487. +++ b/src/config.c 2020-08-01 11:35:05.758097319 +0300
  488. @@ -115,7 +115,7 @@ host_dns1(const char *s, struct ntp_addr
  489. return (-1);
  490. }
  491. - for (res = res0; res && cnt < MAX_SERVERS_DNS; res = res->ai_next) {
  492. + for (res = res0; res && cnt < conf->max_servers_dns; res = res->ai_next) {
  493. if (res->ai_family != AF_INET &&
  494. res->ai_family != AF_INET6)
  495. continue;
  496. --- a/src/client.c 2020-08-02 02:04:55.666953258 +0300
  497. +++ b/src/client.c 2020-08-02 02:05:18.690286616 +0300
  498. @@ -57,7 +57,7 @@ client_peer_init(struct ntp_peer *p)
  499. p->query->msg.status = MODE_CLIENT | (NTP_VERSION << 3);
  500. p->state = STATE_NONE;
  501. p->shift = 0;
  502. - p->trustlevel = TRUSTLEVEL_PATHETIC;
  503. + p->trustlevel = conf->trustlevel_pathetic;
  504. p->lasterror = 0;
  505. p->senderrors = 0;
  506. @@ -120,7 +120,7 @@ client_nextaddr(struct ntp_peer *p)
  507. }
  508. p->shift = 0;
  509. - p->trustlevel = TRUSTLEVEL_PATHETIC;
  510. + p->trustlevel = conf->trustlevel_pathetic;
  511. if (p->addr == NULL) {
  512. p->addr = p->addr_head.a;
  513. @@ -148,10 +148,10 @@ client_query(struct ntp_peer *p)
  514. if (p->addr == NULL && client_nextaddr(p) == -1) {
  515. if (conf->settime)
  516. - set_next(p, INTERVAL_AUIO_DNSFAIL);
  517. + set_next(p, conf->interval_auto_dnsfail);
  518. else
  519. - set_next(p, MAXIMUM(SETTIME_TIMEOUT,
  520. - scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
  521. + set_next(p, MAXIMUM(conf->settime_timeout,
  522. + scale_interval(conf->interval_query_aggressive)));
  523. return (0);
  524. }
  525. @@ -200,8 +200,8 @@ client_query(struct ntp_peer *p)
  526. client_nextaddr(p);
  527. if (p->addr == NULL)
  528. p->addr = p->addr_head.a;
  529. - set_next(p, MAXIMUM(SETTIME_TIMEOUT,
  530. - scale_interval(INTERVAL_QUERY_AGGRESSIVE)));
  531. + set_next(p, MAXIMUM(conf->settime_timeout,
  532. + scale_interval(conf->interval_query_aggressive)));
  533. p->senderrors++;
  534. return (-1);
  535. } else
  536. @@ -239,14 +239,14 @@ client_query(struct ntp_peer *p)
  537. if (ntp_sendmsg(p->query->fd, NULL, &p->query->msg) == -1) {
  538. p->senderrors++;
  539. - set_next(p, INTERVAL_QUERY_PATHETIC);
  540. - p->trustlevel = TRUSTLEVEL_PATHETIC;
  541. + set_next(p, conf->interval_query_pathetic);
  542. + p->trustlevel = conf->trustlevel_pathetic;
  543. return (-1);
  544. }
  545. p->senderrors = 0;
  546. p->state = STATE_QUERY_SENT;
  547. - set_deadline(p, QUERYTIME_MAX);
  548. + set_deadline(p, conf->querytime_max);
  549. return (0);
  550. }
  551. @@ -263,7 +263,7 @@ void
  552. handle_auto(uint8_t trusted, double offset)
  553. {
  554. static int count;
  555. - static double v[AUTO_REPLIES];
  556. + double v[conf->auto_replies];
  557. /*
  558. * It happens the (constraint) resolves initially fail, don't give up
  559. @@ -272,7 +272,7 @@ handle_auto(uint8_t trusted, double offs
  560. if (!trusted && conf->constraint_median == 0)
  561. return;
  562. - if (offset < AUTO_THRESHOLD) {
  563. + if (offset < conf->auto_threshold) {
  564. /* don't bother */
  565. priv_settime(0, "NTP client: NTP peer offset is negative or close enough");
  566. return;
  567. @@ -281,13 +281,13 @@ handle_auto(uint8_t trusted, double offs
  568. v[count++] = offset;
  569. if (count < AUTO_REPLIES)
  570. return;
  571. -
  572. +
  573. /* we have enough */
  574. qsort(v, count, sizeof(double), auto_cmp);
  575. - if (AUTO_REPLIES % 2 == 0)
  576. - offset = (v[AUTO_REPLIES / 2 - 1] + v[AUTO_REPLIES / 2]) / 2;
  577. + if (conf->auto_replies % 2 == 0)
  578. + offset = (v[conf->auto_replies / 2 - 1] + v[conf->auto_replies / 2]) / 2;
  579. else
  580. - offset = v[AUTO_REPLIES / 2];
  581. + offset = v[conf->auto_replies / 2];
  582. priv_settime(offset, "");
  583. }
  584. @@ -451,22 +451,22 @@ client_dispatch(struct ntp_peer *p, u_in
  585. } else
  586. p->reply[p->shift].status.send_refid = msg.xmttime.fractionl;
  587. - if (p->trustlevel < TRUSTLEVEL_PATHETIC)
  588. - interval = scale_interval(INTERVAL_QUERY_PATHETIC);
  589. - else if (p->trustlevel < TRUSTLEVEL_AGGRESSIVE)
  590. + if (p->trustlevel < conf->trustlevel_pathetic)
  591. + interval = scale_interval(conf->interval_query_pathetic);
  592. + else if (p->trustlevel < conf->trustlevel_aggressive)
  593. interval = (conf->settime && conf->automatic) ?
  594. - INTERVAL_QUERY_ULTRA_VIOLENCE :
  595. - scale_interval(INTERVAL_QUERY_AGGRESSIVE);
  596. + conf->interval_query_ultra_violence :
  597. + scale_interval(conf->interval_query_aggressive);
  598. else
  599. - interval = scale_interval(INTERVAL_QUERY_NORMAL);
  600. + interval = scale_interval(conf->interval_query_normal);
  601. set_next(p, interval);
  602. p->state = STATE_REPLY_RECEIVED;
  603. /* every received reply which we do not discard increases trust */
  604. - if (p->trustlevel < TRUSTLEVEL_MAX) {
  605. - if (p->trustlevel < TRUSTLEVEL_BADPEER &&
  606. - p->trustlevel + 1 >= TRUSTLEVEL_BADPEER)
  607. + if (p->trustlevel < conf->trustlevel_max) {
  608. + if (p->trustlevel < conf->trustlevel_badpeer &&
  609. + p->trustlevel + 1 >= conf->trustlevel_badpeer)
  610. log_info("NTP client: NTP peer %s is valid now",
  611. log_sockaddr((struct sockaddr *)&p->addr->ss));
  612. p->trustlevel++;
  613. @@ -486,7 +486,7 @@ client_dispatch(struct ntp_peer *p, u_in
  614. priv_settime(p->reply[p->shift].offset, "");
  615. }
  616. - if (++p->shift >= OFFSET_ARRAY_SIZE)
  617. + if (++p->shift >= conf->offset_array_size)
  618. p->shift = 0;
  619. return (0);
  620. @@ -504,13 +504,13 @@ client_update(struct ntp_peer *p)
  621. * invalidate it and all older ones
  622. */
  623. - for (i = 0; good == 0 && i < OFFSET_ARRAY_SIZE; i++)
  624. + for (i = 0; good == 0 && i < conf->offset_array_size; i++)
  625. if (p->reply[i].good) {
  626. good++;
  627. best = i;
  628. }
  629. - for (; i < OFFSET_ARRAY_SIZE; i++)
  630. + for (; i < conf->offset_array_size; i++)
  631. if (p->reply[i].good) {
  632. good++;
  633. if (p->reply[i].delay < p->reply[best].delay)
  634. @@ -522,7 +522,7 @@ client_update(struct ntp_peer *p)
  635. memcpy(&p->update, &p->reply[best], sizeof(p->update));
  636. if (priv_adjtime() == 0) {
  637. - for (i = 0; i < OFFSET_ARRAY_SIZE; i++)
  638. + for (i = 0; i < conf->offset_array_size; i++)
  639. if (p->reply[i].rcvd <= p->reply[best].rcvd)
  640. p->reply[i].good = 0;
  641. }
  642. --- a/src/ntpd.h 2020-08-01 01:27:06.000000000 +0300
  643. +++ b/src/ntpd.h 2020-08-01 17:13:17.616919800 +0300
  644. @@ -56,6 +56,8 @@
  645. #define INTERVAL_QUERY_AGGRESSIVE 5
  646. #define INTERVAL_QUERY_ULTRA_VIOLENCE 1 /* used at startup for auto */
  647. +#define INTERVAL_QUERY_TIMEOUT 300
  648. +
  649. #define TRUSTLEVEL_BADPEER 6
  650. #define TRUSTLEVEL_PATHETIC 2
  651. #define TRUSTLEVEL_AGGRESSIVE 8
  652. @@ -69,7 +71,7 @@
  653. #define QUERYTIME_MAX 15 /* single query might take n secs max */
  654. #define OFFSET_ARRAY_SIZE 8
  655. #define SENSOR_OFFSETS 6
  656. -#define SETTIME_TIMEOUT 15 /* max seconds to wait with -s */
  657. +#define SETTIME_TIMEOUT 100 /* max seconds to wait when settime == 1 */
  658. #define LOG_NEGLIGIBLE_ADJTIME 32 /* negligible drift to not log (ms) */
  659. #define LOG_NEGLIGIBLE_ADJFREQ 0.05 /* negligible rate to not log (ppm) */
  660. #define FREQUENCY_SAMPLES 8 /* samples for est. of permanent drift */
  661. @@ -80,7 +82,7 @@
  662. #define FILTER_ADJFREQ 0x01 /* set after doing adjfreq */
  663. #define AUTO_REPLIES 4 /* # of ntp replies we want for auto */
  664. #define AUTO_THRESHOLD 60 /* dont bother auto setting < this */
  665. -#define INTERVAL_AUIO_DNSFAIL 1 /* DNS tmpfail interval for auto */
  666. +#define INTERVAL_AUTO_DNSFAIL 1 /* DNS tmpfail interval for auto */
  667. #define TRIES_AUTO_DNSFAIL 4 /* DNS tmpfail quick retries */
  668. @@ -268,6 +270,63 @@ struct ntpd_conf {
  669. size_t ca_len;
  670. int tmpfail;
  671. char *pid_file;
  672. +
  673. + char *ntpd_user;
  674. + char *driftfile;
  675. + char *ctlsocket;
  676. +
  677. + int interval_query_normal;
  678. + int interval_query_pathetic;
  679. + int interval_query_aggressive;
  680. + int interval_query_ultra_violence;
  681. +
  682. + int interval_query_timeout;
  683. +
  684. + int trustlevel_badpeer;
  685. + int trustlevel_pathetic;
  686. + int trustlevel_aggressive;
  687. + int trustlevel_max;
  688. +
  689. + int max_servers_dns;
  690. +
  691. + double qscale_off_min;
  692. + double qscale_off_max;
  693. +
  694. + int querytime_max;
  695. + int offset_array_size;
  696. + int sensor_offsets;
  697. + int settime_timeout;
  698. +
  699. + int log_negligible_adjtime;
  700. + double log_negligible_adjfreq;
  701. +
  702. + int frequency_samples;
  703. + double max_frequency_adjust;
  704. +
  705. + int max_send_errors;
  706. +
  707. + int max_display_width;
  708. +
  709. + u_int8_t filter_adjfreq;
  710. +
  711. + int auto_replies;
  712. + int auto_threshold;
  713. + int interval_auto_dnsfail;
  714. + int tries_auto_dnsfail;
  715. +
  716. + int sensor_query_interval_settime;
  717. + int sensor_data_maxage;
  718. + int sensor_query_interval;
  719. + int sensor_scan_interval;
  720. + char *sensor_default_refid;
  721. +
  722. + double constraint_error_margin;
  723. + int constraint_retry_interval;
  724. + int constraint_scan_interval;
  725. + int constraint_scan_timeout;
  726. + double constraint_margin;
  727. +
  728. + int constraint_maxheaderlength;
  729. };
  730. struct ctl_show_status {
  731. @@ -363,6 +422,7 @@ extern struct ctl_conns ctl_conns;
  732. /* parse.y */
  733. int parse_config(const char *, struct ntpd_conf *);
  734. +void print_conf(struct ntpd_conf *);
  735. /* config.c */
  736. void host(const char *, struct ntp_addr **);
  737. --- a/src/parse.y 2020-08-01 01:51:28.000000000 +0300
  738. +++ b/src/parse.y 2020-08-01 21:17:48.293601924 +0300
  739. @@ -52,7 +52,6 @@ int yyerror(const char *, ...)
  740. __attribute__((__format__ (printf, 1, 2)))
  741. __attribute__((__nonnull__ (1)));
  742. int kw_cmp(const void *, const void *);
  743. -int lookup(char *);
  744. int lgetc(int);
  745. int lungetc(int);
  746. int findeol(void);
  747. @@ -70,12 +69,15 @@ struct opts {
  748. int trusted;
  749. char *refstr;
  750. int port;
  751. + int pos_num;
  752. + double pos_decimal;
  753. } opts;
  754. void opts_default(void);
  755. typedef struct {
  756. union {
  757. int64_t number;
  758. + double decimal;
  759. char *string;
  760. struct ntp_addr_wrap *addr;
  761. struct opts opts;
  762. @@ -89,8 +91,68 @@ typedef struct {
  763. %token SERVER SERVERS SENSOR CORRECTION RTABLE REFID STRATUM WEIGHT
  764. %token ERROR
  765. %token PORT
  766. +
  767. +%token _NTPD_USER
  768. +%token _DRIFTFILE
  769. +%token _CTLSOCKET
  770. +
  771. +%token _INTERVAL_QUERY_NORMAL
  772. +%token _INTERVAL_QUERY_PATHETIC
  773. +%token _INTERVAL_QUERY_AGGRESSIVE
  774. +%token _INTERVAL_QUERY_ULTRA_VIOLENCE
  775. +
  776. +%token _INTERVAL_QUERY_TIMEOUT
  777. +
  778. +%token _TRUSTLEVEL_BADPEER
  779. +%token _TRUSTLEVEL_PATHETIC
  780. +%token _TRUSTLEVEL_AGGRESSIVE
  781. +%token _TRUSTLEVEL_MAX
  782. +
  783. +%token _MAX_SERVERS_DNS
  784. +
  785. +%token _QSCALE_OFF_MIN
  786. +%token _QSCALE_OFF_MAX
  787. +
  788. +%token _QUERYTIME_MAX
  789. +%token _OFFSET_ARRAY_SIZE
  790. +%token _SENSOR_OFFSETS
  791. +%token _SETTIME_TIMEOUT
  792. +
  793. +%token _LOG_NEGLIGIBLE_ADJTIME
  794. +%token _LOG_NEGLIGIBLE_ADJFREQ
  795. +
  796. +%token _FREQUENCY_SAMPLES
  797. +%token _MAX_FREQUENCY_ADJUST
  798. +
  799. +%token _MAX_SEND_ERRORS
  800. +
  801. +%token _MAX_DISPLAY_WIDTH
  802. +
  803. +%token _FILTER_ADJFREQ
  804. +
  805. +%token _AUTO_REPLIES
  806. +%token _AUTO_THRESHOLD
  807. +
  808. +%token _INTERVAL_AUTO_DNSFAIL
  809. +%token _TRIES_AUTO_DNSFAIL
  810. +
  811. +%token _SENSOR_DATA_MAXAGE
  812. +%token _SENSOR_QUERY_INTERVAL
  813. +%token _SENSOR_SCAN_INTERVAL
  814. +
  815. +%token _SENSOR_DEFAULT_REFID
  816. +
  817. +%token _CONSTRAINT_ERROR_MARGIN
  818. +%token _CONSTRAINT_RETRY_INTERVAL
  819. +%token _CONSTRAINT_SCAN_INTERVAL
  820. +%token _CONSTRAINT_SCAN_TIMEOUT
  821. +%token _CONSTRAINT_MARGIN
  822. +
  823. +%token _CONSTRAINT_MAXHEADERLENGTH
  824. +
  825. %token <v.string> STRING
  826. %token <v.number> NUMBER
  827. +%token <v.decimal> NUMBER_DOUBLE
  828. %type <v.addr> address url urllist
  829. %type <v.opts> listen_opts listen_opts_l listen_opt
  830. %type <v.opts> server_opts server_opts_l server_opt
  831. @@ -103,6 +165,9 @@ typedef struct {
  832. %type <v.opts> weight
  833. %type <v.opts> trusted
  834. %type <v.opts> port
  835. +
  836. +%type <v.opts> pos_num
  837. +%type <v.opts> pos_decimal
  838. %%
  839. grammar : /* empty */
  840. @@ -385,6 +450,171 @@ main : LISTEN ON address listen_opts {
  841. free($2);
  842. TAILQ_INSERT_TAIL(&conf->ntp_conf_sensors, s, entry);
  843. }
  844. +
  845. + | _NTPD_USER STRING {
  846. + conf->ntpd_user = $2;
  847. + }
  848. + | _DRIFTFILE STRING {
  849. + conf->driftfile = $2;
  850. + }
  851. + | _CTLSOCKET STRING {
  852. + conf->ctlsocket = $2;
  853. + }
  854. +
  855. + | _INTERVAL_QUERY_NORMAL pos_num {
  856. + conf->interval_query_normal = $2.pos_num;
  857. + }
  858. + | _INTERVAL_QUERY_PATHETIC pos_num {
  859. + conf->interval_query_pathetic = $2.pos_num;
  860. + }
  861. + | _INTERVAL_QUERY_AGGRESSIVE pos_num {
  862. + conf->interval_query_aggressive = $2.pos_num;
  863. + }
  864. + | _INTERVAL_QUERY_ULTRA_VIOLENCE pos_num {
  865. + conf->interval_query_ultra_violence = $2.pos_num;
  866. + }
  867. +
  868. + | _INTERVAL_QUERY_TIMEOUT pos_num {
  869. + conf->interval_query_timeout = $2.pos_num;
  870. + }
  871. +
  872. + | _TRUSTLEVEL_BADPEER pos_num {
  873. + conf->trustlevel_badpeer = $2.pos_num;
  874. + }
  875. + | _TRUSTLEVEL_PATHETIC pos_num {
  876. + conf->trustlevel_pathetic = $2.pos_num;
  877. + }
  878. + | _TRUSTLEVEL_AGGRESSIVE pos_num {
  879. + conf->trustlevel_aggressive = $2.pos_num;
  880. + }
  881. + | _TRUSTLEVEL_MAX pos_num {
  882. + conf->trustlevel_max = $2.pos_num;
  883. + }
  884. +
  885. + | _MAX_SERVERS_DNS pos_num {
  886. + conf->max_servers_dns = $2.pos_num;
  887. + }
  888. +
  889. + | _QSCALE_OFF_MIN pos_decimal {
  890. + conf->qscale_off_min = $2.pos_decimal;
  891. + }
  892. + | _QSCALE_OFF_MAX pos_decimal {
  893. + conf->qscale_off_max = $2.pos_decimal;
  894. + }
  895. +
  896. + | _QUERYTIME_MAX pos_num {
  897. + conf->querytime_max = $2.pos_num;
  898. + }
  899. + | _OFFSET_ARRAY_SIZE pos_num {
  900. + conf->offset_array_size = $2.pos_num;
  901. + }
  902. + | _SENSOR_OFFSETS pos_num {
  903. + conf->sensor_offsets = $2.pos_num;
  904. + }
  905. + | _SETTIME_TIMEOUT pos_num {
  906. + conf->settime_timeout = $2.pos_num;
  907. + }
  908. +
  909. + | _LOG_NEGLIGIBLE_ADJTIME pos_num {
  910. + conf->log_negligible_adjtime = $2.pos_num;
  911. + }
  912. + | _LOG_NEGLIGIBLE_ADJFREQ pos_decimal {
  913. + conf->log_negligible_adjfreq = $2.pos_decimal;
  914. + }
  915. +
  916. + | _FREQUENCY_SAMPLES pos_num {
  917. + conf->frequency_samples = $2.pos_num;
  918. + }
  919. + | _MAX_FREQUENCY_ADJUST pos_decimal {
  920. + conf->max_frequency_adjust = $2.pos_decimal;
  921. + }
  922. +
  923. + | _MAX_SEND_ERRORS pos_num {
  924. + conf->max_send_errors = $2.pos_num;
  925. + }
  926. +
  927. + | _MAX_DISPLAY_WIDTH pos_num {
  928. + conf->max_display_width = $2.pos_num;
  929. + }
  930. +
  931. + | _AUTO_REPLIES pos_num {
  932. + conf->auto_replies = $2.pos_num;
  933. + }
  934. + | _AUTO_THRESHOLD pos_num {
  935. + conf->auto_threshold = $2.pos_num;
  936. + }
  937. + | _INTERVAL_AUTO_DNSFAIL pos_num {
  938. + conf->interval_auto_dnsfail = $2.pos_num;
  939. + }
  940. + | _TRIES_AUTO_DNSFAIL pos_num {
  941. + conf->tries_auto_dnsfail = $2.pos_num;
  942. + }
  943. +
  944. + | _FILTER_ADJFREQ STRING {
  945. + u_int8_t val;
  946. +
  947. + if (strcmp("true", $2) == 0) {
  948. + val = 0x01;
  949. + } else if (strcmp("false", $2) == 0) {
  950. + val = 0x00;
  951. + } else {
  952. + yyerror("option filter_adjfreq expects either 'true' or 'false'");
  953. + YYERROR;
  954. + }
  955. +
  956. + conf->filter_adjfreq = val;
  957. + }
  958. +
  959. + | _SENSOR_DATA_MAXAGE pos_num {
  960. + conf->sensor_data_maxage = $2.pos_num;
  961. + }
  962. + | _SENSOR_QUERY_INTERVAL pos_num {
  963. + conf->sensor_query_interval = $2.pos_num;
  964. + }
  965. + | _SENSOR_SCAN_INTERVAL pos_num {
  966. + conf->sensor_scan_interval = $2.pos_num;
  967. + }
  968. +
  969. + | _SENSOR_DEFAULT_REFID STRING {
  970. + conf->sensor_default_refid = $2;
  971. + }
  972. +
  973. + | _CONSTRAINT_ERROR_MARGIN pos_num {
  974. + conf->constraint_error_margin = $2.pos_num;
  975. + }
  976. + | _CONSTRAINT_RETRY_INTERVAL pos_num {
  977. + conf->constraint_retry_interval = $2.pos_num;
  978. + }
  979. + | _CONSTRAINT_SCAN_INTERVAL pos_num {
  980. + conf->constraint_scan_interval = $2.pos_num;
  981. + }
  982. + | _CONSTRAINT_SCAN_TIMEOUT pos_num {
  983. + conf->constraint_scan_timeout = $2.pos_num;
  984. + }
  985. + | _CONSTRAINT_MARGIN pos_num {
  986. + conf->constraint_margin = (double)$2.pos_num;
  987. + }
  988. + | _CONSTRAINT_MAXHEADERLENGTH pos_num {
  989. + conf->constraint_maxheaderlength = $2.pos_num;
  990. + }
  991. + ;
  992. +
  993. +pos_num : NUMBER {
  994. + if ($1 < 0) {
  995. + yyerror("must be a positive number");
  996. + YYERROR;
  997. + }
  998. + $$.pos_num = $1;
  999. + }
  1000. + ;
  1001. +
  1002. +pos_decimal : NUMBER_DOUBLE {
  1003. + if ($1 < 0) {
  1004. + yyerror("must be a positive decimal number");
  1005. + YYERROR;
  1006. + }
  1007. + $$.pos_decimal = $1;
  1008. + }
  1009. ;
  1010. address : STRING {
  1011. @@ -587,8 +817,12 @@ opts_default(void)
  1012. struct keywords {
  1013. const char *k_name;
  1014. int k_val;
  1015. + const char *k_times;
  1016. + int k_seen;
  1017. };
  1018. +struct keywords *lookup(char *);
  1019. +
  1020. int
  1021. yyerror(const char *fmt, ...)
  1022. {
  1023. @@ -611,37 +845,82 @@ kw_cmp(const void *k, const void *e)
  1024. return (strcmp(k, ((const struct keywords *)e)->k_name));
  1025. }
  1026. -int
  1027. +struct keywords *
  1028. lookup(char *s)
  1029. {
  1030. - /* this has to be sorted always */
  1031. - static const struct keywords keywords[] = {
  1032. - { "constraint", CONSTRAINT},
  1033. - { "constraints", CONSTRAINTS},
  1034. - { "correction", CORRECTION},
  1035. - { "from", FROM},
  1036. - { "listen", LISTEN},
  1037. - { "on", ON},
  1038. - { "port", PORT},
  1039. - { "query", QUERY},
  1040. - { "refid", REFID},
  1041. - { "rtable", RTABLE},
  1042. - { "sensor", SENSOR},
  1043. - { "server", SERVER},
  1044. - { "servers", SERVERS},
  1045. - { "stratum", STRATUM},
  1046. - { "trusted", TRUSTED},
  1047. - { "weight", WEIGHT}
  1048. + /* NOTE: this has to be sorted always! */
  1049. + // NOTE: Because dynamic k_seen has been added, const definition is removed
  1050. + // from this data structure. If you want to keep const, already set k_seen
  1051. + // value can't be changed from its initial value.
  1052. + static struct keywords keywords[] = {
  1053. + { "auto_replies", _AUTO_REPLIES, "single" },
  1054. + { "auto_threshold", _AUTO_THRESHOLD, "single" },
  1055. + { "constraint", CONSTRAINT, "multiple" },
  1056. + { "constraint_error_margin", _CONSTRAINT_ERROR_MARGIN, "single" },
  1057. + { "constraint_margin", _CONSTRAINT_MARGIN, "single" },
  1058. + { "constraint_maxheaderlength", _CONSTRAINT_MAXHEADERLENGTH, "single" },
  1059. + { "constraint_retry_interval", _CONSTRAINT_RETRY_INTERVAL, "single" },
  1060. + { "constraint_scan_interval", _CONSTRAINT_SCAN_INTERVAL, "single" },
  1061. + { "constraint_scan_timeout", _CONSTRAINT_SCAN_TIMEOUT, "single" },
  1062. + { "constraints", CONSTRAINTS, "multiple" },
  1063. + { "correction", CORRECTION, "multiple" },
  1064. + { "ctlsocket", _CTLSOCKET, "single" },
  1065. + { "driftfile", _DRIFTFILE, "single" },
  1066. + { "filter_adjfreq", _FILTER_ADJFREQ, "single" },
  1067. + { "frequency_samples", _FREQUENCY_SAMPLES, "single" },
  1068. + { "from", FROM, "multiple" },
  1069. + { "interval_auto_dnsfail", _INTERVAL_AUTO_DNSFAIL, "single" },
  1070. + { "interval_query_aggressive", _INTERVAL_QUERY_AGGRESSIVE, "single" },
  1071. + { "interval_query_normal", _INTERVAL_QUERY_NORMAL, "single" },
  1072. + { "interval_query_pathetic", _INTERVAL_QUERY_PATHETIC, "single" },
  1073. + { "interval_query_timeout", _INTERVAL_QUERY_TIMEOUT, "single" },
  1074. + { "interval_query_ultra_violence", _INTERVAL_QUERY_ULTRA_VIOLENCE, "single" },
  1075. + { "listen", LISTEN, "multiple" },
  1076. + { "log_negligible_adjfreq", _LOG_NEGLIGIBLE_ADJFREQ, "single" },
  1077. + { "log_negligible_adjtime", _LOG_NEGLIGIBLE_ADJTIME, "single" },
  1078. + { "max_display_width", _MAX_DISPLAY_WIDTH, "single" },
  1079. + { "max_frequency_adjust", _MAX_FREQUENCY_ADJUST, "single" },
  1080. + { "max_send_errors", _MAX_SEND_ERRORS, "single" },
  1081. + { "max_servers_dns", _MAX_SERVERS_DNS, "single" },
  1082. + { "ntpd_user", _NTPD_USER, "single" },
  1083. + { "on", ON, "multiple" },
  1084. + { "port", PORT, "multiple" },
  1085. + { "qscale_off_min", _QSCALE_OFF_MIN, "single" },
  1086. + { "qscale_off_max", _QSCALE_OFF_MAX, "single" },
  1087. + { "query", QUERY, "multiple" },
  1088. + { "querytime_max", _QUERYTIME_MAX, "single" },
  1089. + { "refid", REFID, "multiple" },
  1090. + { "rtable", RTABLE, "multiple" },
  1091. + { "sensor", SENSOR, "multiple" },
  1092. + { "sensor_data_maxage", _SENSOR_DATA_MAXAGE, "single" },
  1093. + { "sensor_default_refid", _SENSOR_DEFAULT_REFID, "single" },
  1094. + { "sensor_offsets", _SENSOR_OFFSETS, "single" },
  1095. + { "sensor_query_interval", _SENSOR_QUERY_INTERVAL, "single" },
  1096. + { "sensor_scan_interval", _SENSOR_SCAN_INTERVAL, "single" },
  1097. + { "server", SERVER, "multiple" },
  1098. + { "servers", SERVERS, "multiple" },
  1099. + { "settime_timeout", _SETTIME_TIMEOUT, "single" },
  1100. + { "stratum", STRATUM, "multiple" },
  1101. + { "tries_auto_dnsfail", _TRIES_AUTO_DNSFAIL, "single" },
  1102. + { "trusted", TRUSTED, "multiple" },
  1103. + { "trustlevel_aggressive", _TRUSTLEVEL_AGGRESSIVE, "single" },
  1104. + { "trustlevel_badpeer", _TRUSTLEVEL_BADPEER, "single" },
  1105. + { "trustlevel_max", _TRUSTLEVEL_MAX, "single" },
  1106. + { "trustlevel_pathetic", _TRUSTLEVEL_PATHETIC, "single" },
  1107. + { "weight", WEIGHT, "multiple" },
  1108. };
  1109. - const struct keywords *p;
  1110. + struct keywords *p;
  1111. + // Compare supplied character buffer and keywords[0]
  1112. p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
  1113. sizeof(keywords[0]), kw_cmp);
  1114. - if (p)
  1115. - return (p->k_val);
  1116. - else
  1117. - return (STRING);
  1118. + /*
  1119. + * When having non-keyword (i.e. invalid keyword) value,
  1120. + * we return NULL. Therefore, return value must separately
  1121. + * be checked if it is used anywhere.
  1122. + */
  1123. + return (p);
  1124. }
  1125. #define MAXPUSHBACK 128
  1126. @@ -743,8 +1022,9 @@ yylex(void)
  1127. {
  1128. u_char buf[8096];
  1129. u_char *p;
  1130. + char *derr;
  1131. int quotec, next, c;
  1132. - int token;
  1133. + struct keywords *token;
  1134. p = buf;
  1135. while ((c = lgetc(0)) == ' ' || c == '\t')
  1136. @@ -805,7 +1085,7 @@ yylex(void)
  1137. yyerror("string is too long");
  1138. return (findeol());
  1139. }
  1140. - } while ((c = lgetc(0)) != EOF && isdigit(c));
  1141. + } while ((c = lgetc(0)) != EOF && (isdigit(c) || c == '.'));
  1142. lungetc(c);
  1143. if (p == buf + 1 && buf[0] == '-')
  1144. goto nodigits;
  1145. @@ -816,10 +1096,23 @@ yylex(void)
  1146. yylval.v.number = strtonum(buf, LLONG_MIN,
  1147. LLONG_MAX, &errstr);
  1148. if (errstr) {
  1149. +
  1150. + // Fall back. Check if it is actually a decimal number
  1151. + yylval.v.decimal = strtod(buf, &derr);
  1152. + if (*derr != 0) {
  1153. + // Fall back. Assume it is actually a string (e.g. IP address)
  1154. + yylval.v.string = strdup(buf);
  1155. + return (STRING);
  1156. + // If not a string, syntax error is returned in further checks
  1157. + }
  1158. + return (NUMBER_DOUBLE);
  1159. + /*
  1160. yyerror("\"%s\" invalid number: %s",
  1161. buf, errstr);
  1162. return (findeol());
  1163. + */
  1164. }
  1165. +
  1166. return (NUMBER);
  1167. } else {
  1168. nodigits:
  1169. @@ -847,11 +1140,47 @@ nodigits:
  1170. } while ((c = lgetc(0)) != EOF && (allowed_in_string(c)));
  1171. lungetc(c);
  1172. *p = '\0';
  1173. - if ((token = lookup(buf)) == STRING)
  1174. - if ((yylval.v.string = strdup(buf)) == NULL)
  1175. - fatal("can't allocate memory for buffered string");
  1176. - return (token);
  1177. +
  1178. + /*
  1179. + * When having *non-null* value for token, we have a validated
  1180. + * keyword argument (integer) in place. In other cases,
  1181. + * we assume integer value of STRING, generated dynamically
  1182. + * by Bison yyParser. This STRING integer value is used for
  1183. + * further argument checks where ever STRING keyworded
  1184. + * arguments are used.
  1185. + * Furthermore, we limit count of arguments which are meant
  1186. + * to be defined only once by a user. This is defined by
  1187. + * values of token->k_seen and token->k_times individually
  1188. + * for each supplied argument.
  1189. + */
  1190. + if ((token = lookup(buf)) != NULL) {
  1191. +
  1192. + if (!token->k_seen)
  1193. + token->k_seen = 0;
  1194. +
  1195. + if (strcmp("multiple", token->k_times) == 0) {
  1196. + return (token->k_val);
  1197. +
  1198. + } else if ((strcmp("single", token->k_times) == 0) &&
  1199. + token->k_seen == 0) {
  1200. + token->k_seen = 1;
  1201. + return (token->k_val);
  1202. +
  1203. + } else {
  1204. + yyerror("option %s is already set", token->k_name);
  1205. + return (c);
  1206. + }
  1207. +
  1208. + } else {
  1209. + if ((yylval.v.string = strdup(buf)) == NULL) {
  1210. + fatal("can't duplicate memory for buffered string");
  1211. + } else {
  1212. + return STRING;
  1213. + }
  1214. + }
  1215. +
  1216. }
  1217. +
  1218. if (c == '\n') {
  1219. yylval.lineno = file->lineno;
  1220. file->lineno++;
  1221. @@ -902,12 +1231,205 @@ popfile(void)
  1222. return (file ? 0 : EOF);
  1223. }
  1224. +void
  1225. +checkvalues(const double a, char *aa, const double b, char *bb)
  1226. +{
  1227. + if (a <= b)
  1228. + fatalx("error in configuration values: %s can't be greater or equal than %s", bb, aa);
  1229. +}
  1230. +
  1231. +// NTP Configuration defaults
  1232. +void
  1233. +init_conf(struct ntpd_conf *conf)
  1234. +{
  1235. + conf->ntpd_user = NTPD_USER; // _ntp;
  1236. +
  1237. + conf->driftfile = DRIFTFILE; // /var/db/ntpd.drift;
  1238. + conf->ctlsocket = CTLSOCKET; // /var/run/ntpd.sock;
  1239. +
  1240. + conf->interval_query_normal = INTERVAL_QUERY_NORMAL; // 30;
  1241. + conf->interval_query_pathetic = INTERVAL_QUERY_PATHETIC; // 60;
  1242. + conf->interval_query_aggressive = INTERVAL_QUERY_AGGRESSIVE; // 5;
  1243. + conf->interval_query_ultra_violence = INTERVAL_QUERY_ULTRA_VIOLENCE; // 1;
  1244. +
  1245. + conf->interval_query_timeout = INTERVAL_QUERY_TIMEOUT; // 300;
  1246. +
  1247. + conf->trustlevel_badpeer = TRUSTLEVEL_BADPEER; // 6;
  1248. + conf->trustlevel_pathetic = TRUSTLEVEL_PATHETIC; // 2;
  1249. + conf->trustlevel_aggressive = TRUSTLEVEL_AGGRESSIVE; // 8;
  1250. + conf->trustlevel_max = TRUSTLEVEL_MAX; // 10;
  1251. +
  1252. + /* maximum number of servers from DNS query */
  1253. + conf->max_servers_dns = MAX_SERVERS_DNS; // 8;
  1254. +
  1255. + conf->qscale_off_min = QSCALE_OFF_MIN; // 0.001;
  1256. + conf->qscale_off_max = QSCALE_OFF_MAX; // 0.050;
  1257. +
  1258. + /* single query might take n secs max */
  1259. + conf->querytime_max = QUERYTIME_MAX; // 15;
  1260. + /*Maximum number of allowed sensor offsets*/
  1261. + conf->offset_array_size = OFFSET_ARRAY_SIZE; // 8;
  1262. + /*Number of sensor offset values allowed for median offset value calculation*/
  1263. + conf->sensor_offsets = SENSOR_OFFSETS; // 6;
  1264. + /* max seconds to wait with -s */
  1265. + conf->settime_timeout = SETTIME_TIMEOUT; // 100;
  1266. +
  1267. + /* negligible drift to not log (ms) */
  1268. + conf->log_negligible_adjtime = LOG_NEGLIGIBLE_ADJTIME; // 32;
  1269. +
  1270. + /* negligible rate to not log (ppm) */
  1271. + conf->log_negligible_adjfreq = LOG_NEGLIGIBLE_ADJFREQ; // 0.05;
  1272. +
  1273. + /* samples for est. of permanent drift */
  1274. + conf->frequency_samples = FREQUENCY_SAMPLES; // 8;
  1275. +
  1276. + /* max correction per iteration */
  1277. + conf->max_frequency_adjust = MAX_FREQUENCY_ADJUST; // 128e-5;
  1278. +
  1279. + /* max send errors before reconnect */
  1280. + conf->max_send_errors = MAX_SEND_ERRORS; // 3;
  1281. +
  1282. + /* max chars in ctl_show report line */
  1283. + conf->max_display_width = MAX_DISPLAY_WIDTH; // 80;
  1284. +
  1285. + /* set after doing adjfreq */
  1286. + conf->filter_adjfreq = FILTER_ADJFREQ; // 0x01;
  1287. +
  1288. + /* # of ntp replies we want for auto */
  1289. + conf->auto_replies = AUTO_REPLIES; // 4;
  1290. +
  1291. + /* dont bother auto setting < this */
  1292. + conf->auto_threshold = AUTO_THRESHOLD; // 60;
  1293. +
  1294. + /* DNS tmpfail interval for auto */
  1295. + conf->interval_auto_dnsfail = INTERVAL_AUTO_DNSFAIL; // 1;
  1296. +
  1297. + /* DNS tmpfail quick retries */
  1298. + conf->tries_auto_dnsfail = TRIES_AUTO_DNSFAIL; // 4;
  1299. +
  1300. + conf->sensor_data_maxage = SENSOR_DATA_MAXAGE; // 15*60;
  1301. + conf->sensor_query_interval = SENSOR_QUERY_INTERVAL; // 15;
  1302. + conf->sensor_scan_interval = SENSOR_SCAN_INTERVAL; // 1*60;
  1303. +
  1304. + conf->sensor_default_refid = SENSOR_DEFAULT_REFID; // "HARD";
  1305. +
  1306. + conf->constraint_error_margin = CONSTRAINT_ERROR_MARGIN; // 4;
  1307. + conf->constraint_retry_interval = CONSTRAINT_RETRY_INTERVAL; // 15;
  1308. + conf->constraint_scan_interval = CONSTRAINT_SCAN_INTERVAL; // 15*60;
  1309. + conf->constraint_scan_timeout = CONSTRAINT_SCAN_TIMEOUT; // 10;
  1310. + conf->constraint_margin = CONSTRAINT_MARGIN; // 2.0*60;
  1311. +
  1312. + conf->constraint_maxheaderlength = CONSTRAINT_MAXHEADERLENGTH; // 8192;
  1313. +}
  1314. +
  1315. +void
  1316. +print_conf(struct ntpd_conf *lconf)
  1317. +{
  1318. + char* boolean[5];
  1319. + struct constraint *cstr;
  1320. + struct ntp_conf_sensor *sens;
  1321. + struct ntp_peer *peer;
  1322. +
  1323. + fprintf(stdout, "\n");
  1324. + fprintf(stdout, "Current configuration:\n\n");
  1325. + fprintf(stdout, "NTPd user: %s\n", conf->ntpd_user);
  1326. + fprintf(stdout, "Drift file: %s\n", conf->driftfile);
  1327. + fprintf(stdout, "CTL socket file: %s\n", conf->ctlsocket);
  1328. + fprintf(stdout, "\n");
  1329. + fprintf(stdout, "Query interval (normal): %d seconds\n", conf->interval_query_normal);
  1330. + fprintf(stdout, "Query interval (pathetic): %d seconds\n", conf->interval_query_pathetic);
  1331. + fprintf(stdout, "Query interval (aggressive): %d seconds\n", conf->interval_query_aggressive);
  1332. + fprintf(stdout, "Query interval (ultra violent): %d seconds\n", conf->interval_query_ultra_violence);
  1333. + fprintf(stdout, "\n");
  1334. + fprintf(stdout, "Query interval after reply timeout: %d seconds\n", conf->interval_query_timeout);
  1335. + fprintf(stdout, "\n");
  1336. + fprintf(stdout, "Trust level (bad peer): %d\n", conf->trustlevel_badpeer);
  1337. + fprintf(stdout, "Trust level (pathetic): %d\n", conf->trustlevel_pathetic);
  1338. + fprintf(stdout, "Trust level (aggressive): %d\n", conf->trustlevel_aggressive);
  1339. + fprintf(stdout, "Trust level (maximum): %d\n", conf->trustlevel_max);
  1340. + fprintf(stdout, "\n");
  1341. + fprintf(stdout, "Maximum number of allowed sensor offsets: %d\n", conf->offset_array_size);
  1342. + fprintf(stdout, "Number of sensor offset values considered for median offset value calculation: %d\n", conf->sensor_offsets);
  1343. + fprintf(stdout, "\n");
  1344. + fprintf(stdout, "Query time (maximum): %d seconds\n", conf->querytime_max);
  1345. + fprintf(stdout, "Start up timeout in auto mode: %d seconds\n", conf->settime_timeout);
  1346. + fprintf(stdout, "\n");
  1347. + fprintf(stdout, "Maximum number of retrievable servers from a DNS query: %d\n", conf->max_servers_dns);
  1348. + fprintf(stdout, "\n");
  1349. + fprintf(stdout, "Time adjustment minimum scale: %.4f seconds\n", conf->qscale_off_min);
  1350. + fprintf(stdout, "Time adjustment maximum scale: %.4f seconds\n", conf->qscale_off_max);
  1351. + fprintf(stdout, "\n");
  1352. + fprintf(stdout, "Neglible drift time to not log: %d milliseconds\n", conf->log_negligible_adjtime);
  1353. + fprintf(stdout, "Neglible frequency rate to not log: %f ppm\n", conf->log_negligible_adjfreq);
  1354. + fprintf(stdout, "\n");
  1355. + fprintf(stdout, "Frequency samples for estimation of permanent drift: %d\n", conf->frequency_samples);
  1356. + fprintf(stdout, "Maximum frequency correction per iteration: %f\n", conf->max_frequency_adjust);
  1357. + fprintf(stdout, "\n");
  1358. + fprintf(stdout, "Maximum send errors before reconnection: %d\n", conf->max_send_errors);
  1359. + fprintf(stdout, "\n");
  1360. + fprintf(stdout, "Maximum number of characters per output line: %d\n", conf->max_display_width);
  1361. + fprintf(stdout, "\n");
  1362. +
  1363. + if ((conf->filter_adjfreq) == 0x01)
  1364. + *boolean = "true";
  1365. + else if ((conf->filter_adjfreq) == 0x00)
  1366. + *boolean = "false";
  1367. +
  1368. + fprintf(stdout, "Filter frequency adjustment after maximum frequency correction: %s\n", *boolean);
  1369. + fprintf(stdout, "\n");
  1370. + fprintf(stdout, "NTP replies for auto mode: %d seconds\n", conf->auto_replies);
  1371. + fprintf(stdout, "Threshold count for auto mode: %d\n", conf->auto_threshold);
  1372. + fprintf(stdout, "DNS failure interval for auto mode: %d\n", conf->interval_auto_dnsfail);
  1373. + fprintf(stdout, "DNS retries on failure in auto mode: %d\n", conf->tries_auto_dnsfail);
  1374. + fprintf(stdout, "\n");
  1375. + fprintf(stdout, "Sensor query interval: %d seconds\n", conf->sensor_query_interval);
  1376. + fprintf(stdout, "Sensor data maximum age: %d seconds\n", conf->sensor_data_maxage);
  1377. + fprintf(stdout, "Sensor scan interval: %d seconds\n", conf->sensor_scan_interval);
  1378. + fprintf(stdout, "\n");
  1379. + fprintf(stdout, "Sensor default reference ID string: %s\n", conf->sensor_default_refid);
  1380. + fprintf(stdout, "\n");
  1381. + fprintf(stdout, "Constraint error margin: %.2f seconds\n", conf->constraint_error_margin);
  1382. + fprintf(stdout, "Constraint default margin: %.2f seconds\n", conf->constraint_margin);
  1383. + fprintf(stdout, "\n");
  1384. + fprintf(stdout, "Constraint retry interval: %d seconds\n", conf->constraint_retry_interval);
  1385. + fprintf(stdout, "Constraint scan interval: %d seconds\n", conf->constraint_scan_interval);
  1386. + fprintf(stdout, "Constraint scan timeout: %d seconds\n", conf->constraint_scan_timeout);
  1387. + fprintf(stdout, "Constraint maximum HTTP header length: %d bytes\n", conf->constraint_maxheaderlength);
  1388. + fprintf(stdout, "\n");
  1389. +
  1390. + TAILQ_FOREACH(sens, &conf->ntp_conf_sensors, entry) {
  1391. + fprintf(stdout, "Configuration: sensor %s, refid %s stratum %d weight %d\n",
  1392. + sens->device,
  1393. + sens->refstr,
  1394. + sens->stratum,
  1395. + sens->weight
  1396. + );
  1397. + }
  1398. +
  1399. + TAILQ_FOREACH(peer, &conf->ntp_peers, entry) {
  1400. + fprintf(stdout, "Configuration: NTP server %s on remote UDP port %d\n",
  1401. + peer->addr_head.name,
  1402. + peer->addr_head.port
  1403. + );
  1404. + }
  1405. +
  1406. + TAILQ_FOREACH(cstr, &conf->constraints, entry) {
  1407. + fprintf(stdout, "Configuration: HTTPS constraint server %s on remote TCP port %d\n",
  1408. + cstr->addr_head.name,
  1409. + cstr->addr_head.port
  1410. + );
  1411. + }
  1412. + fprintf(stdout, "\n");
  1413. +}
  1414. +
  1415. int
  1416. parse_config(const char *filename, struct ntpd_conf *xconf)
  1417. {
  1418. int errors = 0;
  1419. conf = xconf;
  1420. + init_conf(conf);
  1421. +
  1422. TAILQ_INIT(&conf->listen_addrs);
  1423. TAILQ_INIT(&conf->ntp_peers);
  1424. TAILQ_INIT(&conf->ntp_conf_sensors);
  1425. @@ -922,5 +1444,18 @@ parse_config(const char *filename, struc
  1426. errors = file->errors;
  1427. popfile();
  1428. + // Rough checks for conflicting values
  1429. + checkvalues(conf->qscale_off_max, "qscale_off_max",
  1430. + conf->qscale_off_min, "qscale_off_min");
  1431. +
  1432. + checkvalues(conf->trustlevel_max, "trustlevel_max",
  1433. + conf->trustlevel_aggressive, "trustlevel_aggressive");
  1434. +
  1435. + checkvalues(conf->trustlevel_aggressive, "trustlevel_aggressive",
  1436. + conf->trustlevel_badpeer, "trustlevel_badpeer");
  1437. +
  1438. + checkvalues(conf->trustlevel_badpeer, "trustlevel_badpeer",
  1439. + conf->trustlevel_pathetic, "trustlevel_pathetic");
  1440. +
  1441. return (errors ? -1 : 0);
  1442. }
  1443. --- a/src/ntpd.conf.5 2020-08-01 01:22:25.000000000 +0300
  1444. +++ b/src/ntpd.conf.5 2020-08-02 02:31:01.526954911 +0300
  1445. @@ -14,7 +14,7 @@
  1446. .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  1447. .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  1448. .\"
  1449. -.Dd $Mdocdate: August 01 2020 $
  1450. +.Dd $Mdocdate: August 02 2020 $
  1451. .Dt NTPD.CONF 5
  1452. .Os
  1453. .Sh NAME
  1454. @@ -31,8 +31,10 @@ has the following format:
  1455. Empty lines and lines beginning with the
  1456. .Sq #
  1457. character are ignored.
  1458. -.Pp
  1459. -Keywords may be specified multiple times within the configuration file.
  1460. +.Ed
  1461. +.El
  1462. +.Sh BASIC KEYWORDS
  1463. +Basic keywords may be specified multiple times within the configuration file.
  1464. The basic configuration options are as follows:
  1465. .Bl -tag -width Ds
  1466. .It Xo Ic listen on Ar address
  1467. @@ -282,12 +284,523 @@ constraints from "https://www.google.com
  1468. constraints from "https://duckduckgo.com/" port 443
  1469. .Ed
  1470. .El
  1471. +.Sh ADVANCED KEYWORDS
  1472. +Some
  1473. +.Xr ntpd 8
  1474. +default configuration values can be overridden, thus offering better
  1475. +adaption to system policy and flexibility for system administrators. Advanced
  1476. +keywords may be specified only once within the configuration file. The
  1477. +following values can be changed from the highlighted defaults:
  1478. +.Bl -tag -width Ds
  1479. +
  1480. +.It Ic auto_replies Ar number
  1481. +During OpenNTPD initialization, all NTP peers get automatic time offset value,
  1482. +if pre-conditions for automatic interval adjustment are being met. The
  1483. +conditions are as follows: OpenNTPD configuration has constraints,
  1484. +.Ic trusted
  1485. +NTP peers or
  1486. +.Ic trusted
  1487. +sensors and current internally defined
  1488. +process security level is 0. In this case, initial time offset value
  1489. +is set to 1 which, in return, triggers automatic offset calculation.
  1490. +.Pp
  1491. +In the automatic offset calculation, a
  1492. +.Ic trusted
  1493. +NTP peer offset values are being counted for each peer. For each peer an independent
  1494. +pool size is determined by
  1495. +.Ic auto_replies
  1496. +value, ignoring the last value. For instance, with
  1497. +.Ic auto_replies
  1498. +value 4, first 3 NTP peer offset values are considered for a single NTP peer,
  1499. +and a median offset value of these collected 3 offset values is calculated
  1500. +and used for time adjustment.
  1501. +.Bd -literal -offset indent
  1502. +.Bl -tag -width "Default:" -compact
  1503. +.It Default:
  1504. +4
  1505. +.El
  1506. +.Ed
  1507. +.It Ic auto_threshold Ar number
  1508. +In OpenNTPD initial automatic time offset calculation, three conditions
  1509. +are being considered for NTP peers: is a NTP peer
  1510. +.Ic trusted
  1511. +and current overall constraint-based median offset not 0, and whether an initial NTP
  1512. +peer time offset exceeds value of
  1513. +.Ic auto_threshold
  1514. +\&. If these conditions are met, then
  1515. +.Ic auto_threshold
  1516. +value may be considered. If NTP peer current time offset value is less than
  1517. +.Ic auto_threshold
  1518. +, then the system time offset value is considered to be already OK, and
  1519. +OpenNTPD stops calculating automatic offset value from further NTP
  1520. +peer queries. In this case, median offset value is not calculated.
  1521. +.Bd -literal -offset indent
  1522. +.Bl -tag -width "Default:" -compact
  1523. +.It Default:
  1524. +60
  1525. +.El
  1526. +.Ed
  1527. +.It Ic interval_auto_dnsfail Ar seconds
  1528. +In automatic NTP peer offset calculation mode (during OpenNTPD initialization),
  1529. +if NTP peer IP address is still unresolved (unknown), the next query is
  1530. +attempted in
  1531. +.Ic interval_auto_dnsfail
  1532. +seconds. Applies to unresolved constraint IP addresses, as well.
  1533. +.Bd -literal -offset indent
  1534. +.Bl -tag -width "Default:" -compact
  1535. +.It Default:
  1536. +1
  1537. +.El
  1538. +.Ed
  1539. +.It Ic tries_auto_dnsfail Ar number
  1540. +Maximum number of attempts to resolve a constraint IP address(es) with a
  1541. +DNS query before falling back from
  1542. +.Ic constraint_retry_interval
  1543. +to
  1544. +.Ic interval_auto_dnsfail
  1545. +\& in constraint initialization.
  1546. +.Bd -literal -offset indent
  1547. +.Bl -tag -width "Default:" -compact
  1548. +.It Default:
  1549. +4
  1550. +.El
  1551. +.Ed
  1552. +.It Ic constraint_error_margin Ar number
  1553. +Accepted number of errors during constraint process. If error count exceeds
  1554. +this value multiplied by calculated peer count, constraint connection will
  1555. +be reseted and a new constraint is retrieved.
  1556. +.Bd -literal -offset indent
  1557. +.Bl -tag -width "Default:" -compact
  1558. +.It Default:
  1559. +4
  1560. +.El
  1561. +.Ed
  1562. +.It Ic constraint_margin Ar seconds
  1563. +Acceptable time difference between retrieved HTTP header time value and
  1564. +calculated time value in seconds. HTTP header time values exceeding this
  1565. +margin value will be ignored.
  1566. +.Bd -literal -offset indent
  1567. +.Bl -tag -width "Default:" -compact
  1568. +.It Default:
  1569. +120
  1570. +.El
  1571. +.Ed
  1572. +.It Ic constraint_maxheaderlength Ar length
  1573. +Maximum allowed HTTP header length of constraint HTTPS server reply to
  1574. +be fetched in bytes. If the value is exceeded during processing,
  1575. +nothing is returned and constraint check fails.
  1576. +.Bd -literal -offset indent
  1577. +.Bl -tag -width "Default:" -compact
  1578. +.It Default:
  1579. +8192
  1580. +.El
  1581. +.Ed
  1582. +.It Ic constraint_scan_interval Ar seconds
  1583. +Constraint HTTPS servers scan interval in seconds.
  1584. +.Bd -literal -offset indent
  1585. +.Bl -tag -width "Default:" -compact
  1586. +.It Default:
  1587. +900
  1588. +.El
  1589. +.Ed
  1590. +.It Ic constraint_scan_timeout Ar seconds
  1591. +Maximum connection establishment time to a constraint HTTPS server in seconds.
  1592. +.Bd -literal -offset indent
  1593. +.Bl -tag -width "Default:" -compact
  1594. +.It Default:
  1595. +10
  1596. +.El
  1597. +.Ed
  1598. +.It Ic ctlsocket Ar path-to-file
  1599. +.Xr ntpd 8
  1600. +socket file path.
  1601. +.Bd -literal -offset indent
  1602. +.Bl -tag -width "Default:" -compact
  1603. +.It Default:
  1604. +/var/run/ntpd.sock
  1605. +.El
  1606. +.Ed
  1607. +.It Ic driftfile Ar path-to-file
  1608. +.Xr ntpd 8
  1609. +drift file path.
  1610. +.Bd -literal -offset indent
  1611. +.Bl -tag -width "Default:" -compact
  1612. +.It Default:
  1613. +/var/db/ntpd.drift
  1614. +.El
  1615. +.Ed
  1616. +.It Ic filter_adjfreq Ar true | false
  1617. +Whether to reset frequency filters after frequency adjustment.
  1618. +.Bd -literal -offset indent
  1619. +.Bl -tag -width "Default:" -compact
  1620. +.It Default:
  1621. +true
  1622. +.El
  1623. +.Ed
  1624. +.It Ic frequency_samples Ar number
  1625. +Number of frequency samples for estimating permanent drift value.
  1626. +.Bd -literal -offset indent
  1627. +.Bl -tag -width "Default:" -compact
  1628. +.It Default:
  1629. +8
  1630. +.El
  1631. +.Ed
  1632. +.It Ic trustlevel_pathetic Ar number
  1633. +Initial trust level for a new, timed out or erroneous remote NTP
  1634. +server. Every received and non-discarded reply increases trust
  1635. +for the server. The trust level is used for setting used
  1636. +.Ic interval_query_*
  1637. +value for the server and keeping track of valid remote NTP servers.
  1638. +.Pp
  1639. +A server having this trust level uses remote NTP query interval
  1640. +value
  1641. +.Ic interval_query_aggressive
  1642. +\&.
  1643. +.Bd -literal -offset indent
  1644. +.Bl -tag -width "Default:" -compact
  1645. +.It Default:
  1646. +2
  1647. +.El
  1648. +.Ed
  1649. +.It Ic trustlevel_badpeer Ar number
  1650. +If a replying remote NTP server has trust level one number
  1651. +less than this value, the server gets trusted. In this case,
  1652. +the server can achieve maximum trust level
  1653. +.Ic trustlevel_max
  1654. +\&. This trust level is preceded by trust level
  1655. +.Ic trustlevel_pathetic
  1656. +and followed by trust level
  1657. +.Ic trustlevel_aggressive
  1658. +\&.
  1659. +.Pp
  1660. +A NTP server having trust level value
  1661. +.Ic trustlevel_badpeer
  1662. +, or value greater than
  1663. +.Ic trustlevel_pathetic
  1664. +but less than
  1665. +.Ic trustlevel_aggressive
  1666. +uses remote NTP query interval value
  1667. +.Ic interval_query_aggressive
  1668. +\&.
  1669. +.Pp
  1670. +In a case of NTP server reply time out, if the server has at
  1671. +least trust level value
  1672. +.Ic trustlevel_badpeer
  1673. +and the trust level value divided by 2 is less than the
  1674. +.Ic trustlevel_badpeer
  1675. +value, the server will be invalidated and falls back to
  1676. +initial trust level
  1677. +.Ic trustlevel_pathetic
  1678. +\&.
  1679. +.Bd -literal -offset indent
  1680. +.Bl -tag -width "Default:" -compact
  1681. +.It Default:
  1682. +6
  1683. +.El
  1684. +.Ed
  1685. +.It Ic trustlevel_aggressive Ar number
  1686. +Aggressive trust level is preceded by trust level
  1687. +.Ic trustlevel_badpeer
  1688. +and followed by trust level
  1689. +.Ic trustlevel_max
  1690. +\&. If a remote NTP server current trust level is at least value
  1691. +.Ic trustlevel_pathetic
  1692. +but less than this value, used remote NTP query interval is
  1693. +determined by value
  1694. +.Ic interval_query_aggressive
  1695. +\&. A server with exact trust level
  1696. +.Ic trustlevel_aggressive
  1697. +uses query interval
  1698. +.Ic interval_query_normal
  1699. +(see
  1700. +.Ic trustlevel_max
  1701. +below).
  1702. +.Bd -literal -offset indent
  1703. +.Bl -tag -width "Default:" -compact
  1704. +.It Default:
  1705. +8
  1706. +.El
  1707. +.Ed
  1708. +.It Ic trustlevel_max Ar number
  1709. +Maximum trust level follows trust level
  1710. +.Ic trustlevel_aggressive
  1711. +\&. This is the maximum trust level which a remote
  1712. +NTP server can achieve. A server having at least trust level of
  1713. +.Ic trustlevel_aggressive
  1714. +uses remote NTP query interval value
  1715. +.Ic interval_query_normal
  1716. +\&.
  1717. +.Bd -literal -offset indent
  1718. +.Bl -tag -width "Default:" -compact
  1719. +.It Default:
  1720. +10
  1721. +.El
  1722. +.Ed
  1723. +.It Ic interval_query_pathetic Ar seconds
  1724. +Remote NTP server query interval in seconds for servers with
  1725. +a trust level value less than
  1726. +.Ic trustlevel_pathetic
  1727. +\&. Practically never used.
  1728. +This value is not the final query interval value but used
  1729. +in a combination with a dynamic offset scale value, determined by
  1730. +.Ic qscale_off_min
  1731. +and
  1732. +.Ic qscale_off_max
  1733. +\&.
  1734. +.Bd -literal -offset indent
  1735. +.Bl -tag -width "Default:" -compact
  1736. +.It Default:
  1737. +60
  1738. +.El
  1739. +.Ed
  1740. +.It Ic interval_query_ultra_violence Ar seconds
  1741. +Remote NTP server query interval in seconds for servers
  1742. +with a trust level value greater than
  1743. +.Ic trustlevel_pathetic
  1744. +but less than
  1745. +.Ic trustlevel_aggressive
  1746. +in a case where a NTP peer does not still have large enough
  1747. +pool of already queried offset time values for its offset
  1748. +time median calculation (checked against value
  1749. +.Ic auto replies
  1750. +) or is not
  1751. +.Ic trusted
  1752. +, interval value
  1753. +.Ic interval_query_ultra_violence
  1754. +may be triggered. Applies only to NTP offset calculation
  1755. +automatic mode.
  1756. +.Pp
  1757. +In most cases,
  1758. +.Ic interval_query_aggressive
  1759. +is used instead. Dynamic offset scale value factors
  1760. +.Ic qscale_off_min
  1761. +and
  1762. +.Ic qscale_off_max
  1763. +are ignored.
  1764. +.Bd -literal -offset indent
  1765. +.Bl -tag -width "Default:" -compact
  1766. +.It Default:
  1767. +1
  1768. +.El
  1769. +.Ed
  1770. +.It Ic interval_query_aggressive Ar seconds
  1771. +Remote NTP server query interval in seconds for servers
  1772. +with a trust level value greater than
  1773. +.Ic trustlevel_pathetic
  1774. +but less than
  1775. +.Ic trustlevel_aggressive
  1776. +\&. Applies only, if automatic NTP peer query state is finished.
  1777. +This value is not the final query interval value but used
  1778. +in a combination with a dynamic offset scale value, determined by
  1779. +.Ic qscale_off_min
  1780. +and
  1781. +.Ic qscale_off_max
  1782. +\&.
  1783. +.Bd -literal -offset indent
  1784. +.Bl -tag -width "Default:" -compact
  1785. +.It Default:
  1786. +5
  1787. +.El
  1788. +.Ed
  1789. +.It Ic interval_query_normal Ar seconds
  1790. +Remote NTP server query interval in seconds for servers with
  1791. +a trust level value between
  1792. +.Ic trustlevel_aggressive
  1793. +and
  1794. +.Ic trustlevel_max
  1795. +\&. This value is not the final query interval value but used
  1796. +in a combination with a dynamic offset scale value, determined by
  1797. +.Ic qscale_off_min
  1798. +and
  1799. +.Ic qscale_off_max
  1800. +\&.
  1801. +.Bd -literal -offset indent
  1802. +.Bl -tag -width "Default:" -compact
  1803. +.It Default:
  1804. +30
  1805. +.El
  1806. +.Ed
  1807. +.It Ic interval_query_timeout Ar seconds
  1808. +Retry time in seconds after failed connection attempt to a remote NTP server.
  1809. +.Bd -li