rpms/ntp/F-9 ntp-4.2.4p5-bcast.patch, NONE, 1.1 ntp-4.2.4p5-htmldoc.patch, NONE, 1.1 ntp-4.2.4p5-mlock.patch, NONE, 1.1 ntp-4.2.4p5-rtnetlink.patch, NONE, 1.1 ntp-4.2.4p5-sleep.patch, NONE, 1.1 .cvsignore, 1.26, 1.27 ntp.conf, 1.14, 1.15 ntp.spec, 1.81, 1.82 sources, 1.27, 1.28 ntp-4.1.1c-rc3-authkey.patch, 1.1, NONE ntp-4.2.4-htmldoc.patch, 1.5, NONE ntp-4.2.4p0-sleep.patch, 1.2, NONE ntp-4.2.4p4-bcast.patch, 1.2, NONE ntp-4.2.4p4-mlock.patch, 1.1, NONE
Miroslav Lichvar
mlichvar at fedoraproject.org
Fri Aug 29 08:37:08 UTC 2008
Author: mlichvar
Update of /cvs/pkgs/rpms/ntp/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16298
Modified Files:
.cvsignore ntp.conf ntp.spec sources
Added Files:
ntp-4.2.4p5-bcast.patch ntp-4.2.4p5-htmldoc.patch
ntp-4.2.4p5-mlock.patch ntp-4.2.4p5-rtnetlink.patch
ntp-4.2.4p5-sleep.patch
Removed Files:
ntp-4.1.1c-rc3-authkey.patch ntp-4.2.4-htmldoc.patch
ntp-4.2.4p0-sleep.patch ntp-4.2.4p4-bcast.patch
ntp-4.2.4p4-mlock.patch
Log Message:
- update to 4.2.4p5
- add support for fast interface updates
ntp-4.2.4p5-bcast.patch:
--- NEW FILE ntp-4.2.4p5-bcast.patch ---
https://ntp.isc.org/bugs/show_bug.cgi?id=779
https://ntp.isc.org/bugs/show_bug.cgi?id=823
diff -up ntp-4.2.4p5/ntpd/ntp_io.c.bcast ntp-4.2.4p5/ntpd/ntp_io.c
--- ntp-4.2.4p5/ntpd/ntp_io.c.bcast 2008-08-18 13:00:06.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntp_io.c 2008-08-18 13:00:06.000000000 +0200
@@ -145,6 +145,8 @@ int ninterfaces; /* Total number of in
volatile int disable_dynamic_updates; /* when set to != 0 dynamic updates won't happen */
+static int pktinfo_status = 0; /* is IP_PKTINFO on wildipv4 iface enabled? */
+
#ifdef REFCLOCK
/*
* Refclock stuff. We keep a chain of structures with data concerning
@@ -1558,6 +1560,18 @@ set_reuseaddr(int flag) {
}
}
+static void
+set_pktinfo(int flag)
+{
+ if (wildipv4 == NULL)
+ return;
+ if (setsockopt(wildipv4->fd, SOL_IP, IP_PKTINFO, &flag, sizeof (flag))) {
+ if (debug > 1)
+ printf("setsockopt(IP_PKTINFO) failed: %s\n", strerror(errno));
+ } else
+ pktinfo_status = flag;
+}
+
/*
* This is just a wrapper around an internal function so we can
* make other changes as necessary later on
@@ -1974,6 +1988,7 @@ io_setbclient(void)
#else
netsyslog(LOG_ERR, "io_setbclient: Broadcast Client disabled by build");
#endif
+ set_pktinfo(1);
}
/*
@@ -1996,6 +2011,7 @@ io_unsetbclient(void)
continue;
lstatus = socket_broadcast_disable(interf, &interf->sin);
}
+ set_pktinfo(0);
}
/*
@@ -2892,7 +2908,8 @@ read_network_packet(SOCKET fd, struct in
#ifdef HAVE_TIMESTAMP
struct msghdr msghdr;
struct iovec iovec;
- char control[TIMESTAMP_CTLMSGBUF_SIZE]; /* pick up control messages */
+ char control[sizeof (struct cmsghdr) * 2 + sizeof (struct timeval) +
+ sizeof (struct in_pktinfo) + 32]; /* pick up control messages */
#endif
/*
@@ -2904,7 +2921,7 @@ read_network_packet(SOCKET fd, struct in
rb = get_free_recv_buffer();
- if (rb == NULL || itf->ignore_packets == ISC_TRUE)
+ if (rb == NULL || (itf->ignore_packets == ISC_TRUE && !(pktinfo_status && itf == wildipv4)))
{
char buf[RX_BUFF_SIZE];
struct sockaddr_storage from;
@@ -2966,6 +2983,34 @@ read_network_packet(SOCKET fd, struct in
return (buflen);
}
+ if (pktinfo_status && itf->ignore_packets == ISC_TRUE && itf == wildipv4) {
+ /* check for broadcast on 255.255.255.255, exception allowed on wildipv4 */
+ struct cmsghdr *cmsg;
+ struct in_pktinfo *pktinfo = NULL;
+
+ if ((cmsg = CMSG_FIRSTHDR(&msghdr)))
+ do {
+ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO)
+ pktinfo = (struct in_pktinfo *) CMSG_DATA(cmsg);
+ } while ((cmsg = CMSG_NXTHDR(&msghdr, cmsg)));
+ if (pktinfo && pktinfo->ipi_addr.s_addr == INADDR_BROADCAST) {
+#ifdef DEBUG
+ if (debug > 3) {
+ printf("INADDR_BROADCAST\n");
+ }
+#endif
+ } else {
+#ifdef DEBUG
+ if (debug > 3)
+ printf("%s on (%lu) fd=%d from %s\n", "ignore",
+ free_recvbuffs(), fd, stoa(&rb->recv_srcadr));
+#endif
+ packets_ignored++;
+ freerecvbuf(rb);
+ return (buflen);
+ }
+ }
+
#ifdef DEBUG
if (debug > 2) {
if(rb->recv_srcadr.ss_family == AF_INET)
diff -up ntp-4.2.4p5/ntpd/ntp_peer.c.bcast ntp-4.2.4p5/ntpd/ntp_peer.c
--- ntp-4.2.4p5/ntpd/ntp_peer.c.bcast 2008-08-10 13:02:40.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntp_peer.c 2008-08-18 13:02:43.000000000 +0200
@@ -709,7 +709,8 @@ select_peerinterface(struct peer *peer,
* as our (network) source address would be undefined and
* crypto will not work without knowing the own transmit address
*/
- if (interface != NULL && interface->flags & INT_WILDCARD)
+ if (interface != NULL && interface->flags & INT_WILDCARD &&
+ !(cast_flags & MDF_BCAST))
#ifdef SYS_WINNT
if ( !accept_wildcard_if_for_winnt )
#endif
ntp-4.2.4p5-htmldoc.patch:
--- NEW FILE ntp-4.2.4p5-htmldoc.patch ---
diff -up ntp-4.2.4p5/html/authopt.html.htmldoc ntp-4.2.4p5/html/authopt.html
--- ntp-4.2.4p5/html/authopt.html.htmldoc 2006-12-28 13:02:54.000000000 +0100
+++ ntp-4.2.4p5/html/authopt.html 2008-08-18 12:31:59.000000000 +0200
@@ -74,7 +74,7 @@
<dt><tt>controlkey <i>key</i></tt>
<dd>Specifies the key identifier to use with the <a href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the standard protocol defined in RFC-1305. The <tt><i>key</i></tt> argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive.
<dt><tt>crypto [cert <i>file</i>] [leap <i>file</i>] [randfile <i>file</i>] [host <i>file</i>] [sign <i>file</i>] [ident <i>scheme</i>] [iffpar <i>file</i>] [gqpar <i>file</i>] [mvpar <i>file</i>] [pw <i>password</i>]</tt>
- <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/usr/local/etc</tt>. Following are the subcommands:
+ <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/etc/ntp/crypto</tt>. Following are the subcommands:
<dl>
<dt><tt>cert <i>file</i></tt>
<dd>Specifies the location of the required host public certificate file. This overrides the link <tt>ntpkey_cert_<i>hostname</i></tt> in the keys directory.
@@ -103,7 +103,7 @@
<dt><tt>keys <i>keyfile</i></tt>
<dd>Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option.
<dt><tt>keysdir <i>path</i></tt>
- <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>.
+ <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>.
<dt><tt>requestkey <i>key</i></tt>
<dd>Specifies the key identifier to use with the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>key</i></tt> argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive.
<dt><tt>revoke [<i>logsec</i>]</tt>
diff -up ntp-4.2.4p5/html/confopt.html.htmldoc ntp-4.2.4p5/html/confopt.html
--- ntp-4.2.4p5/html/confopt.html.htmldoc 2008-08-10 13:02:43.000000000 +0200
+++ ntp-4.2.4p5/html/confopt.html 2008-08-18 12:31:59.000000000 +0200
@@ -32,8 +32,8 @@
<p>There are three types of associations: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the <tt>prempt</tt> flag and are demobilized by timeout or error. Ephemeral associations are mobilized upon arrival of designated messages and demobilized by timeout or error.</p>
<dl>
<dt><tt>server <i>address</i> [options ...]</tt><br>
- <tt>peer <i>address</i> [</tt><tt>options ...]<br>
- broadcast <i>address</i> [options ...]</tt><br>
+ <tt>peer <i>address</i> [options ...]</tt><br>
+ <tt>broadcast <i>address</i> [options ...]</tt><br>
<tt>manycastclient <i>address</i> [options ...]</tt>
<dd>These four commands specify the time server name or address to be used and the mode in which to operate. The <i>address</i> can be either a DNS name or a IP address in dotted-quad notation. Additional information on association behavior can be found in the <a href="assoc.html">Association Management</a> page.
<dl>
diff -up ntp-4.2.4p5/html/keygen.html.htmldoc ntp-4.2.4p5/html/keygen.html
--- ntp-4.2.4p5/html/keygen.html.htmldoc 2008-08-18 12:31:59.000000000 +0200
+++ ntp-4.2.4p5/html/keygen.html 2008-08-18 12:31:59.000000000 +0200
@@ -32,17 +32,17 @@
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
- <p id="intro"><tt>ntp-keygen [ -deGgHIMnPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -p <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ]</tt></p>
+ <p id="intro"><tt>ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -m <i>modulus</i> ] [ -p <i>password</i> ] [ -q <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ] [ -V <i>params</i> ]</tt></p>
<h4 id="descrip">Description</h4>
<p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
<p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
<p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
<p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
- <p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
+ <p>All files are installed by default in the keys directory <tt>/etc/ntp/crypto</tt>. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
<p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
<p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
<h4 id="run">Running the program</h4>
- <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/ust/local/etc</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
+ <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/etc/ntp/crypto</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
<p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. When necessary, a different sign key can be specified and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 and RIPE160 message digest algorithms. However, the scheme specified in the certificate must be compatible with the sign key. Certificates using any digest algorithm are compatible with RSA sign keys; however, only SHA and SHA1 certificates are compatible with DSA sign keys.</p>
<p>Private/public key files and certificates are compatible with other OpenSSL applications and very likely other libraries as well. Certificates or certificate requests derived from them should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identification parameter files, although encoded as the other files, are probably not compatible with anything other than Autokey.</p>
<p>Running the program as other than root and using the Unix <tt>su</tt> command to assume root may not work properly, since by default the OpenSSL library looks for the random seed file <tt>.rnd</tt> in the user home directory. However, there should be only one <tt>.rnd</tt>, most conveniently in the root directory, so it is convenient to define the <tt>$RANDFILE</tt> environment variable used by the OpenSSL library as the path to <tt>/.rnd</tt>.</p>
@@ -81,11 +81,13 @@
<dd>Set the suject name to <i>name</i>. This is used as the subject field in certificates and in the file name for host and sign keys.
<dt><tt>-M</tt>
<dd>Generate MD5 keys, obsoleting any that may exist.
+ <dt><tt>-m <i>modulus</i></tt>
+ <dd>Set prime modulus size in bits (256 - 2048). Default size is 512.
<dt><tt>-P</tt>
<dd>Generate a private certificate. By default, the program generates public certificates.
<dt><tt>-p <i>password</i></tt>
<dd>Encrypt generated files containing private data with <tt><i>password</i></tt> and the DES-CBC algorithm.
- <dt><tt>-q</tt>
+ <dt><tt>-q <i>password</i></tt>
<dd>Set the password for reading files to <tt><i>password</i></tt>.
<dt><tt>-S [ RSA | DSA ]</tt>
<dd>Generate a new sign key of the designated type, obsoleting any that may exist. By default, the program uses the host key as the sign key.
diff -up ntp-4.2.4p5/html/monopt.html.htmldoc ntp-4.2.4p5/html/monopt.html
--- ntp-4.2.4p5/html/monopt.html.htmldoc 2006-12-28 13:02:56.000000000 +0100
+++ ntp-4.2.4p5/html/monopt.html 2008-08-18 12:31:59.000000000 +0200
@@ -82,9 +82,7 @@
<dl>
<dt><i><tt>name</tt></i>
<dd>This is the type of the statistics records, as shown in the <tt>statistics</tt> command.
- </dl>
- <dd><tt>file <i>filename</i></tt>
- <dl>
+ <dt><tt>file <i>filename</i></tt>
<dd>This is the file name for the statistics records. Filenames of set members are built from three concatenated elements <i><tt>prefix</tt></i>, <i><tt>filename</tt></i> and <i><tt>suffix</tt></i>:
<dl>
<dt><i><tt>prefix</tt></i>
@@ -94,9 +92,7 @@
<dt><i><tt>suffix</tt></i>
<dd>This part is reflects individual elements of a file set. It is generated according to the type of a file set.
</dl>
- </dl>
- <dd><tt>type <i>typename</i></tt>
- <dl>
+ <dt><tt>type <i>typename</i></tt>
<dd>A file generation set is characterized by its type. The following types are supported:
<dl>
<dt><tt>none</tt>
@@ -114,13 +110,9 @@
<dt><tt>age</tt>
<dd>This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter <tt>a</tt>, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying <tt>enable</tt>; output is prevented by specifying <tt>disable</tt>.
</dl>
- </dl>
- <dd><tt>link | nolink</tt>
- <dl>
+ <dt><tt>link | nolink</tt>
<dd>It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying <tt>link</tt> and disabled using <tt>nolink</tt>. If <tt>link</tt> is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter <tt>C</tt>, and the pid of the <tt>ntpd</tt> server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.
- </dl>
- <dd><tt>enable | disable</tt>
- <dl>
+ <dt><tt>enable | disable</tt>
<dd>Enables or disables the recording function.
</dl>
</dl>
diff -up ntp-4.2.4p5/html/ntpd.html.htmldoc ntp-4.2.4p5/html/ntpd.html
--- ntp-4.2.4p5/html/ntpd.html.htmldoc 2006-12-28 13:02:57.000000000 +0100
+++ ntp-4.2.4p5/html/ntpd.html 2008-08-18 12:31:59.000000000 +0200
@@ -34,7 +34,7 @@
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
- <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+ <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
<h4 id="descr">Description</h4>
<p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
<h4 id="op">How NTP Operates</h4>
@@ -63,8 +63,13 @@
<p>In contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
<p>Various internal <tt>ntpd</tt> variables can be displayed and configuration options altered while the <tt>ntpd</tt> is running using the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
<p>When <tt>ntpd</tt> starts it looks at the value of <tt>umask</tt>, and if zero <tt>ntpd</tt> will set the <tt>umask</tt> to <tt>022</tt>.</p>
+ <p>Unless the <tt>-n</tt>, <tt>-d</tt> or <tt>-D</tt> option is used, <tt>ntpd</tt> changes the current working directory to the root directory, so any options or commands specifying paths need to use an absolute path or a path relative to the root.</p>
<h4 id="cmd">Command Line Options</h4>
<dl>
+ <dt><tt>-4</tt>
+ <dd>Force DNS resolution of host names to the IPv4 namespace.
+ <dt><tt>-6</tt>
+ <dd>Force DNS resolution of host names to the IPv6 namespace.
<dt><tt>-a</tt>
<dd>Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default.
<dt><tt>-A</tt>
@@ -78,13 +83,15 @@
<dt><tt>-D <i>level</i></tt>
<dd>Specify debugging level directly.
<dt><tt>-f <i>driftfile</i></tt>
- <dd>Specify the name and path of the frequency file, default <tt>/etc/ntp.drift</tt>. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
+ <dd>Specify the name and path of the frequency file. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
<dt><tt>-g</tt>
<dd>Normally, <tt>ntpd</tt> exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, <tt>ntpd</tt> will exit with a message to the system log. This option can be used with the <tt>-q</tt> and <tt>-x</tt> options. See the <tt>tinker</tt> command for other options.
<dt><tt>-i <i>jaildir</i></tt>
<dd>Chroot the server to the directory <i>jaildir</i>. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges. You may need to also specify a <tt>-u</tt> option.
+ <dt><tt>-I <i>iface</i></tt>
+ <dd>Listen on interface. This option may appear an unlimited number of times.
<dt><tt>-k <i>keyfile</i></tt>
- <dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp.keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
+ <dd>Specify the name and path of the symmetric key file. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
<dt><tt>-l <i>logfile</i></tt>
<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
<dt><tt>-L</tt>
@@ -143,7 +150,7 @@
</tr>
<tr>
<td width="30%">frequency file</td>
- <td width="30%"><tt>/etc/ntp.drift</tt></td>
+ <td width="30%"><tt>none</tt></td>
<td width="20%"><tt>-f</tt></td>
<td width="20%"><tt>driftfile</tt></td>
</tr>
@@ -167,17 +174,20 @@
</tr>
<tr>
<td width="30%">statistics path</td>
- <td width="30%"><tt>/var/NTP</tt></td>
+ <td width="30%"><tt>/var/log/ntpstats/</tt></td>
<td width="20%"><tt>-s</tt></td>
<td width="20%"><tt>statsdir</tt></td>
</tr>
<tr>
<td width="30%">keys path</td>
- <td width="30%"><tt>/usr/local/etc</tt></td>
- <td width="20%"><tt>-k</tt></td>
+ <td width="30%"><tt>/etc/ntp/crypto</tt></td>
+ <td width="20%"><tt>none</tt></td>
<td width="20%"><tt>keysdir</tt></td>
</tr>
</table>
+ <h4 id="codes">Exit Codes</h4>
+ <p>A non-zero exit code indicates an error. Any error messages are logged to the system log by default.</p>
+ <p>The exit code is 0 only when <tt>ntpd</tt> is terminated by a signal, or when the <tt>-q</tt> option is used and <tt>ntpd</tt> successfully sets the system clock.</p>
<hr>
<script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
</body>
diff -up ntp-4.2.4p5/html/ntpdate.html.htmldoc ntp-4.2.4p5/html/ntpdate.html
--- ntp-4.2.4p5/html/ntpdate.html.htmldoc 2008-08-18 12:31:59.000000000 +0200
+++ ntp-4.2.4p5/html/ntpdate.html 2008-08-18 12:31:59.000000000 +0200
@@ -18,9 +18,9 @@
<hr>
<p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
<h4>Synopsis</h4>
- <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
+ <tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
<h4>Description</h4>
- <tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
+ <p><tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.</p>
<p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
<p>Time adjustments are made by <tt>ntpdate</tt> in one of two ways. If <tt>ntpdate</tt> determines the clock is in error more than 0.5 second it will simply step the time by calling the system <tt>settimeofday()</tt> routine. If the error is less than 0.5 seconds, it will slew the time by calling the system <tt>adjtime()</tt> routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when <tt>ntpdate</tt> is run by <tt>cron</tt> every hour or two.</p>
<p><tt>ntpdate</tt> will decline to set the date if an NTP server daemon (e.g., <tt>ntpd</tt>) is running on the same host. When running <tt>ntpdate</tt> on a regular basis from <tt>cron</tt> as an alternative to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.</p>
@@ -33,9 +33,9 @@
<dt><tt>-6</tt>
<dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
<dt><tt>-a <i>key</i></tt>
- <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i><tt>ntpdate</tt>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
+ <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
<dt><tt>-B</tt>
- <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-128 ms. The default is to step the time using settimeofday() if the offset is greater than +-128 ms. Note that, if the offset is much greater than +-128 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
+ <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-500 ms. The default is to step the time using settimeofday() if the offset is greater than +-500 ms. Note that, if the offset is much greater than +-500 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
<dt><tt>-b</tt>
<dd>Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
<dt><tt>-d</tt>
@@ -43,9 +43,9 @@
<dt><tt>-e <i>authdelay</i></tt>
<dd>Specify the processing delay to perform an authentication function as the value <i>authdelay</i>, in seconds and fraction (see <tt>ntpd</tt> for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's.
<dt><tt>-k <i>keyfile</i></tt>
- <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
+ <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp/keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
<dt><tt>-o <i>version</i></tt>
- <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 3. This allows <tt>ntpdate</tt> to be used with older NTP versions.
+ <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions.
<dt><tt>-p <i>samples</i></tt>
<dd>Specify the number of samples to be acquired from each server as the integer <i>samples</i>, with values from 1 to 8 inclusive. The default is 4.
<dt><i><tt>-q</tt></i>
@@ -55,7 +55,7 @@
<dt><tt>-t <i>timeout</i></tt>
<dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.
<dt><tt>-u</tt>
- <dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
+ <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
<dt><tt>-<i>v</i></tt>
<dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
@@ -67,7 +67,7 @@
<h4>Diagnostics</h4>
<tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
<h4>Files</h4>
- <tt>/etc/ntp.keys</tt> - encryption keys used by <tt>ntpdate</tt>.
+ <tt>/etc/ntp/keys</tt> - encryption keys used by <tt>ntpdate</tt>.
<h4>Bugs</h4>
The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables <tt>tick</tt> and <tt>tickadj</tt>.
<hr>
diff -up ntp-4.2.4p5/html/ntpdc.html.htmldoc ntp-4.2.4p5/html/ntpdc.html
--- ntp-4.2.4p5/html/ntpdc.html.htmldoc 2008-08-10 13:02:44.000000000 +0200
+++ ntp-4.2.4p5/html/ntpdc.html 2008-08-18 12:38:13.000000000 +0200
@@ -19,9 +19,9 @@
<script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
<hr>
<h4>Synopsis</h4>
- <tt>ntpdc [ -ilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
+ <tt>ntpdc [ -46dilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
<h4>Description</h4>
- <tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.
+ <p><tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.</p>
<p>If one or more request options are included on the command line when <tt>ntpdc</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpdc</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpdc</tt> will prompt for commands if the standard input is a terminal device.</p>
<p><tt>ntpdc</tt> uses NTP mode 7 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpdc</tt> makes no attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
<p>The operation of <tt>ntpdc</tt> are specific to the particular implementation of the <tt>ntpd</tt> daemon and can be expected to work only with this and maybe some previous versions of the daemon. Requests from a remote <tt>ntpdc</tt> program which affect the state of the local server must be authenticated, which requires both the remote program and local server share a common key and key identifier.</p>
@@ -35,6 +35,8 @@
<dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
<dt><tt>-c <i>command</i></tt>
<dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple -c options may be given.
+ <dt><tt>-d</tt>
+ <dd>Turn on debugging mode.
<dt><tt>-i</tt>
<dd>Force <tt>ntpdc</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
<dt><tt>-l</tt>
@@ -134,11 +136,11 @@
<dt><tt>addpeer <i>peer_address</i> [
<i>keyid</i> ] [ <i>version</i> ] [
<tt>minpoll# | prefer | iburst | burst | minpoll
- <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
+ <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
<dt><tt>addpeer <i>peer_address</i> [
<tt>prefer | iburst | burst | minpoll
<i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
- <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
+ <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
<dd>Add a configured peer association at the
given address and operating in symmetric
active mode. Note that an existing association
@@ -162,15 +164,15 @@
<tt>peer</tt> configuration file command of
ntpd. See the <a href="confopt.html">Server Options</a> page for further information.
Each flag (or its absence) replaces the
- previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal.
+ previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronization if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronization so is the PPS signal.
<dt><tt>addserver <i>peer_address</i> [
<i>keyid</i> ] [ <i>version</i> ] [
<tt>minpoll# | prefer | iburst | burst | minpoll
- <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
+ <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
<dt><tt>addserver <i>peer_address</i> [
<tt>prefer | iburst | burst | minpoll
<i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
- <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
+ <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
<dd>Identical to the addpeer command, except that the operating mode is client.
<dt><tt>broadcast <i>peer_address</i> [
<i>keyid</i> ] [ <i>version</i> ] [ <i>prefer</i> ]</tt>
@@ -199,9 +201,9 @@
<dd>Returns information concerning the authentication module, including known keys and counts of encryptions and decryptions which have been done.
<dt><tt>traps</tt>
<dd>Display the traps set in the server. See the source listing for further information.
- <dt><tt>addtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i> ]</tt>
+ <dt><tt>addtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i> ]</tt>
<dd>Set a trap for asynchronous messages. See the source listing for further information.
- <dt><tt>clrtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i>]</tt>
+ <dt><tt>clrtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i>]</tt>
<dd>Clear a trap for asynchronous messages. See the source listing for further information.
<dt><tt>reset</tt>
<dd>Clear the statistics counters in various modules of the server. See the source listing for further information.
diff -up ntp-4.2.4p5/html/ntpq.html.htmldoc ntp-4.2.4p5/html/ntpq.html
--- ntp-4.2.4p5/html/ntpq.html.htmldoc 2006-06-06 22:16:06.000000000 +0200
+++ ntp-4.2.4p5/html/ntpq.html 2008-08-18 12:31:59.000000000 +0200
@@ -19,11 +19,11 @@
<script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
<hr>
<h4>Synopsis</h4>
- <tt>ntpq [-inp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
+ <tt>ntpq [-46dinp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
<h4>Description</h4>
<p>The <tt>ntpq</tt> utility program is used to monitor NTP daemon <tt>ntpd</tt> operations and determine performance. It uses the standard NTP mode 6 control message formats defined in Appendix B of the NTPv3 specification RFC1305. The same formats are used in NTPv4, although some of the variables have changed and new ones added. The description on this page is for the NTPv4 variables.</p>
<p>The program can be run either in interactive mode or controlled using command line arguments. Requests to read and write arbitrary variables can be assembled, with raw and pretty-printed output options being available. The <tt>ntpq</tt> can also obtain and print a list of peers in a common format by sending multiple queries to the server.</p>
- <p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt>will prompt for commands if the standard input is a terminal device.</p>
+ <p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt> will prompt for commands if the standard input is a terminal device.</p>
<p><tt>ntpq</tt> uses NTP mode 6 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpq</tt> makes one attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
<p>Note that in contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
<p>For examples and usage, see the <a href="debug.html">NTP Debugging Techniques</a> page.</p>
@@ -73,7 +73,7 @@
<dt><tt>quit</tt>
<dd>Exit <tt>ntpq</tt>.
<dt><tt>raw</tt>
- <dd>Causes all output from query commands is printed as received from the remote server. The only formating/interpretation done on the data is to transform nonascii data into a printable (but barely understandable) form.
+ <dd>Causes all output from query commands is printed as received from the remote server. The only formatting/interpretation done on the data is to transform non-ASCII data into a printable (but barely understandable) form.
<dt><tt>timeout <i>millseconds</i></tt>
<dd>Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since <tt>ntpq</tt> retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set.
</dl>
@@ -135,7 +135,7 @@
<dt><tt>* sys.peer</tt>
<dd>The peer has been declared the system peer and lends its variables to the system variables.
<dt><tt>o pps.peer</tt>
- <dd>The peer has been declared the system peer and lends its variables to thesystem variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
+ <dd>The peer has been declared the system peer and lends its variables to the system variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
</dl>
<h4>System Variables</h4>
<p>The <tt>status, leap, stratum, precision, rootdelay, rootdispersion, refid, reftime, poll, offset, and frequency</tt> variables are described in RFC-1305 specification. Additional NTPv4 system variables include the following.</p>
@@ -240,14 +240,14 @@
<dd>Access is denied. See the <a href="accopt.html">Access Control Options</a> page.
<dt><tt>0x010 TEST5</tt>
<dd>Cryptographic authentication fails. See the <a href="authopt.html">Authentication Options</a> page.
- <dt><tt>0x020TEST6</tt>
+ <dt><tt>0x020 TEST6</tt>
<dd>The server is unsynchronized. Wind up its clock first.
<dt><tt>0x040 TEST7</tt>
<dd>The server stratum is at the maximum than 15. It is probably unsynchronized and its clock needs to be wound up.
<dt><tt>0x080 TEST8</tt>
<dd>Either the root delay or dispersion is greater than one second, which is highly unlikely unless the peer is unsynchronized to Mars.
<dt><tt>0x100 TEST9</tt>
- <dd>Either the peer delay or dispersion is greater than one second, which is higly unlikely unless the peer is on Mars.
+ <dd>Either the peer delay or dispersion is greater than one second, which is highly unlikely unless the peer is on Mars.
<dt><tt>0x200 TEST10</tt>
<dd>The autokey protocol has detected an authentication failure. See the <a href="authopt.html">Authentication Options</a> page.
<dt><tt>0x400 TEST11</tt>
diff -up ntp-4.2.4p5/html/ntptrace.html.htmldoc ntp-4.2.4p5/html/ntptrace.html
--- ntp-4.2.4p5/html/ntptrace.html.htmldoc 2006-06-06 22:16:06.000000000 +0200
+++ ntp-4.2.4p5/html/ntptrace.html 2008-08-18 12:31:59.000000000 +0200
@@ -17,7 +17,7 @@
<br clear="left">
<hr>
<h4>Synopsis</h4>
- <tt>ntptrace [ -vdn ] [ -r <i>retries</i> ] [ -t <i>timeout</i> ] [ <i>server</i> ]</tt>
+ <tt>ntptrace [ -n ] [ -m <i>maxhosts</i> ] [ <i>server</i> ]</tt>
<h4>Description</h4>
<p><tt>ntptrace</tt> determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source. If given no arguments, it starts with <tt>localhost</tt>. Here is an example of the output from <tt>ntptrace</tt>:</p>
<pre>
@@ -29,16 +29,8 @@ usndh.edu: stratum 1, offset 0.0019298,
<p>On each line, the fields are (left to right): the host name, the host stratum, the time offset between that host and the local host (as measured by <tt>ntptrace</tt>; this is why it is not always zero for "<tt>localhost</tt>"), the host synchronization distance, and (only for stratum-1 servers) the reference clock ID. All times are given in seconds. Note that the stratum is the server hop count to the primary source, while the synchronization distance is the estimated error relative to the primary source. These terms are precisely defined in RFC-1305.</p>
<h4>Options</h4>
<dl>
- <dt><tt>-d</tt>
- <dd>Turns on some debugging output.
<dt><tt>-n</tt>
<dd>Turns off the printing of host names; instead, host IP addresses are given. This may be useful if a nameserver is down.
- <dt><tt>-r <i>retries</i></tt>
- <dd>Sets the number of retransmission attempts for each host (default = 5).
- <dt><tt>-t <i>timeout</i></tt>
- <dd>Sets the retransmission timeout (in seconds) (default = 2).
- <dt><tt>-v</tt>
- <dd>Prints verbose information about the NTP servers.
</dl>
<h4>Bugs</h4>
<p>This program makes no attempt to improve accuracy by doing multiple samples.</p>
ntp-4.2.4p5-mlock.patch:
--- NEW FILE ntp-4.2.4p5-mlock.patch ---
diff -up ntp-4.2.4p5/html/ntpd.html.mlock ntp-4.2.4p5/html/ntpd.html
--- ntp-4.2.4p5/html/ntpd.html.mlock 2008-08-18 12:58:37.000000000 +0200
+++ ntp-4.2.4p5/html/ntpd.html 2008-08-18 12:58:37.000000000 +0200
@@ -34,7 +34,7 @@
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
- <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+ <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
<h4 id="descr">Description</h4>
<p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
<h4 id="op">How NTP Operates</h4>
@@ -96,6 +96,8 @@
<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
<dt><tt>-L</tt>
<dd>Do not listen to virtual IPs. The default is to listen.
+ <dt><tt>-m</tt>
+ <dd>Lock memory.
<dt><tt>-n</tt>
<dd>Don't fork.
<dt><tt>-N</tt>
diff -up ntp-4.2.4p5/ntpd/ntpd-opts.c.mlock ntp-4.2.4p5/ntpd/ntpd-opts.c
--- ntp-4.2.4p5/ntpd/ntpd-opts.c.mlock 2008-08-17 11:20:09.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntpd-opts.c 2008-08-18 12:58:37.000000000 +0200
@@ -264,6 +264,15 @@ tSCC zNice_Name[] = "ni
#define NICE_FLAGS (OPTST_DISABLED)
/*
+ * Mlock option description:
+ */
+tSCC zMlockText[] =
+ "Lock memory";
+tSCC zMlock_NAME[] = "MLOCK";
+tSCC zMlock_Name[] = "mlock";
+#define MLOCK_FLAGS (OPTST_DISABLED)
+
+/*
* Pidfile option description:
*/
tSCC zPidfileText[] =
@@ -789,6 +798,18 @@ static tOptDesc optDesc[ OPTION_CT ] = {
OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT
#endif
+ { /* entry idx, value */ 29, VALUE_OPT_MLOCK,
+ /* equiv idx, value */ 29, VALUE_OPT_MLOCK,
+ /* equivalenced to */ NO_EQUIVALENT,
+ /* min, max, act ct */ 0, 1, 0,
+ /* opt state flags */ MLOCK_FLAGS, 0,
+ /* last opt argumnt */ { NULL },
+ /* arg list/cookie */ NULL,
+ /* must/cannot opts */ NULL, NULL,
+ /* option proc */ NULL,
+ /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name,
+ /* disablement strs */ NULL, NULL },
+
{ /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
/* equiv idx value */ NO_EQUIVALENT, 0,
/* equivalenced to */ NO_EQUIVALENT,
@@ -881,7 +902,7 @@ tOptions ntpdOptions = {
NO_EQUIVALENT /* index of '-#' option */,
NO_EQUIVALENT /* index of default opt */
},
- 32 /* full option count */, 29 /* user option count */
+ 33 /* full option count */, 30 /* user option count */
};
/*
diff -up ntp-4.2.4p5/ntpd/ntpd-opts.h.mlock ntp-4.2.4p5/ntpd/ntpd-opts.h
--- ntp-4.2.4p5/ntpd/ntpd-opts.h.mlock 2008-08-17 11:20:09.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntpd-opts.h 2008-08-18 12:58:37.000000000 +0200
@@ -81,12 +81,13 @@ typedef enum {
INDEX_OPT_VAR = 26,
INDEX_OPT_DVAR = 27,
INDEX_OPT_SLEW = 28,
- INDEX_OPT_VERSION = 29,
- INDEX_OPT_HELP = 30,
- INDEX_OPT_MORE_HELP = 31
+ INDEX_OPT_MLOCK = 29,
+ INDEX_OPT_VERSION = 30,
+ INDEX_OPT_HELP = 31,
+ INDEX_OPT_MORE_HELP = 32
} teOptIndex;
-#define OPTION_CT 32
+#define OPTION_CT 33
#define NTPD_VERSION "4.2.4p5"
#define NTPD_FULL_VERSION "ntpd - NTP daemon program - Ver. 4.2.4p5"
@@ -179,6 +180,10 @@ typedef enum {
# warning undefining MODIFYMMTIMER due to option name conflict
# undef MODIFYMMTIMER
# endif
+# ifdef MLOCK
+# warning undefining MLOCK due to option name conflict
+# undef MLOCK
+# endif
# ifdef NOFORK
# warning undefining NOFORK due to option name conflict
# undef NOFORK
@@ -248,6 +253,7 @@ typedef enum {
# undef LOGFILE
# undef NOVIRTUALIPS
# undef MODIFYMMTIMER
+# undef MLOCK
# undef NOFORK
# undef NICE
# undef PIDFILE
@@ -290,6 +296,7 @@ typedef enum {
#ifdef SYS_WINNT
#define VALUE_OPT_MODIFYMMTIMER 'M'
#endif /* SYS_WINNT */
+#define VALUE_OPT_MLOCK 'm'
#define VALUE_OPT_NOFORK 'n'
#define VALUE_OPT_NICE 'N'
#define VALUE_OPT_PIDFILE 'p'
diff -up ntp-4.2.4p5/ntpd/ntpd.c.mlock ntp-4.2.4p5/ntpd/ntpd.c
--- ntp-4.2.4p5/ntpd/ntpd.c.mlock 2008-08-18 12:58:37.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntpd.c 2008-08-18 12:58:37.000000000 +0200
@@ -699,7 +699,8 @@ ntpdmain(
}
#endif
-#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
+#if defined(MCL_CURRENT) && defined(MCL_FUTURE)
+ if (HAVE_OPT( MLOCK )) {
# ifdef HAVE_SETRLIMIT
/*
* Set the stack limit to something smaller, so that we don't lock a lot
@@ -737,6 +738,7 @@ ntpdmain(
*/
if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
msyslog(LOG_ERR, "mlockall(): %m");
+ }
#else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
# ifdef HAVE_PLOCK
# ifdef PROCLOCK
ntp-4.2.4p5-rtnetlink.patch:
--- NEW FILE ntp-4.2.4p5-rtnetlink.patch ---
diff -up ntp-4.2.4p5/ntpd/ntp_io.c.rtnetlink ntp-4.2.4p5/ntpd/ntp_io.c
--- ntp-4.2.4p5/ntpd/ntp_io.c.rtnetlink 2008-08-28 16:02:21.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntp_io.c 2008-08-28 16:03:58.000000000 +0200
@@ -216,6 +216,9 @@ struct vsock {
ISC_LINK(vsock_t) link;
};
+#define HAS_ROUTING_SOCKET 1
+#define HAVE_RTNETLINK 1
+
#if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
/*
* async notification processing (e. g. routing sockets)
@@ -3858,6 +3861,10 @@ find_flagged_addr_in_list(struct sockadd
#ifdef HAS_ROUTING_SOCKET
#include <net/route.h>
+#ifdef HAVE_RTNETLINK
+#include <linux/rtnetlink.h>
+#endif
+
#ifndef UPDATE_GRACE
#define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */
#endif
@@ -3866,9 +3873,12 @@ static void
process_routing_msgs(struct asyncio_reader *reader)
{
char buffer[5120];
- char *p = buffer;
-
- int cnt;
+ int cnt, msg_type;
+#ifdef HAVE_RTNETLINK
+ struct nlmsghdr *nh;
+#else
+ char *p;
+#endif
if (disable_dynamic_updates) {
/*
@@ -3892,8 +3902,11 @@ process_routing_msgs(struct asyncio_read
/*
* process routing message
*/
- while ((p + sizeof(struct rt_msghdr)) <= (buffer + cnt))
- {
+#ifdef HAVE_RTNETLINK
+ for (nh = (struct nlmsghdr *)buffer; NLMSG_OK(nh, cnt); nh = NLMSG_NEXT(nh, cnt)) {
+ msg_type = nh->nlmsg_type;
+#else
+ for (p = buffer; (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); p += rtm->rtm_msglen) {
struct rt_msghdr *rtm;
rtm = (struct rt_msghdr *)p;
@@ -3903,8 +3916,9 @@ process_routing_msgs(struct asyncio_read
delete_asyncio_reader(reader);
return;
}
-
- switch (rtm->rtm_type) {
+ msg_type = rtm->rtm_type;
+#endif
+ switch (msg_type) {
#ifdef RTM_NEWADDR
case RTM_NEWADDR:
#endif
@@ -3935,17 +3949,21 @@ process_routing_msgs(struct asyncio_read
/*
* we are keen on new and deleted addresses and if an interface goes up and down or routing changes
*/
- DPRINTF(3, ("routing message op = %d: scheduling interface update\n", rtm->rtm_type));
+ DPRINTF(3, ("routing message op = %d: scheduling interface update\n", msg_type));
timer_interfacetimeout(current_time + UPDATE_GRACE);
break;
+#ifdef HAVE_RTNETLINK
+ case NLMSG_DONE:
+ /* end of multipart message */
+ return;
+#endif
default:
/*
* the rest doesn't bother us.
*/
- DPRINTF(4, ("routing message op = %d: ignored\n", rtm->rtm_type));
+ DPRINTF(4, ("routing message op = %d: ignored\n", msg_type));
break;
}
- p += rtm->rtm_msglen;
}
}
@@ -3956,10 +3974,24 @@ static void
init_async_notifications()
{
struct asyncio_reader *reader;
+#ifdef HAVE_RTNETLINK
+ int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ struct sockaddr_nl sa;
+#else
int fd = socket(PF_ROUTE, SOCK_RAW, 0);
+#endif
if (fd >= 0) {
fd = move_fd(fd);
+#ifdef HAVE_RTNETLINK
+ memset(&sa, 0, sizeof(sa));
+ sa.nl_family = PF_NETLINK;
+ sa.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR;
+ if (bind(fd, (struct sockaddr*)&sa, sizeof(sa)) < 0) {
+ msyslog(LOG_ERR, "bind failed on routing socket (%m) - using polled interface update");
+ return;
+ }
+#endif
init_nonblocking_io(fd);
#if defined(HAVE_SIGNALED_IO)
init_socket_sig(fd);
ntp-4.2.4p5-sleep.patch:
--- NEW FILE ntp-4.2.4p5-sleep.patch ---
diff -up ntp-4.2.4p5/include/ntp_stdlib.h.sleep ntp-4.2.4p5/include/ntp_stdlib.h
--- ntp-4.2.4p5/include/ntp_stdlib.h.sleep 2006-12-28 13:03:05.000000000 +0100
+++ ntp-4.2.4p5/include/ntp_stdlib.h 2008-08-27 18:08:08.000000000 +0200
@@ -101,6 +101,7 @@ extern const char * FindConfig P((const
extern void signal_no_reset P((int, RETSIGTYPE (*func)(int)));
extern void getauthkeys P((const char *));
+extern int auth_agekeys_is_needed P((void));
extern void auth_agekeys P((void));
extern void rereadkeys P((void));
diff -up ntp-4.2.4p5/include/ntpd.h.sleep ntp-4.2.4p5/include/ntpd.h
--- ntp-4.2.4p5/include/ntpd.h.sleep 2008-08-27 18:08:08.000000000 +0200
+++ ntp-4.2.4p5/include/ntpd.h 2008-08-27 18:08:08.000000000 +0200
@@ -120,8 +120,10 @@ extern int leap_actual P((int));
/* ntp_loopfilter.c */
extern void init_loopfilter P((void));
extern int local_clock P((struct peer *, double));
-extern void adj_host_clock P((void));
+extern int adj_host_clock_is_needed P((void));
+extern void adj_host_clock P((int));
extern void loop_config P((int, double));
+extern int huffpuff_enabled P((void));
extern void huffpuff P((void));
extern u_long sys_clocktime;
extern u_long sys_tai;
@@ -221,6 +223,7 @@ extern void hack_restrict P((int, struct
/* ntp_timer.c */
extern void init_timer P((void));
extern void reinit_timer P((void));
+extern int when_next_event P((void));
extern void timer P((void));
extern void timer_clr_stats P((void));
extern void timer_interfacetimeout P((u_long));
diff -up ntp-4.2.4p5/libntp/authkeys.c.sleep ntp-4.2.4p5/libntp/authkeys.c
--- ntp-4.2.4p5/libntp/authkeys.c.sleep 2004-02-25 06:58:03.000000000 +0100
+++ ntp-4.2.4p5/libntp/authkeys.c 2008-08-27 18:08:08.000000000 +0200
@@ -394,6 +394,24 @@ auth_delkeys(void)
}
}
+int auth_agekeys_is_needed() {
+ struct savekey *sk;
+ int i;
+
+ if (authnumkeys > 20)
+ return 1;
+
+ for (i = 0; i < HASHSIZE; i++) {
+ sk = key_hash[i];
+ while (sk != 0) {
+ if (sk->lifetime > 0)
+ return 1;
+ sk = sk->next;
+ }
+ }
+ return 0;
+}
+
/*
* auth_agekeys - delete keys whose lifetimes have expired
*/
diff -up ntp-4.2.4p5/ntpd/ntp_loopfilter.c.sleep ntp-4.2.4p5/ntpd/ntp_loopfilter.c
--- ntp-4.2.4p5/ntpd/ntp_loopfilter.c.sleep 2008-08-27 18:08:08.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntp_loopfilter.c 2008-08-27 18:08:08.000000000 +0200
@@ -753,6 +753,10 @@ local_clock(
#endif /* LOCKCLOCK */
}
+int adj_host_clock_is_needed() {
+ return !(!ntp_enable || mode_ntpdate || (pll_control &&
+ kern_enable));
+}
/*
* adj_host_clock - Called once every second to update the local clock.
@@ -762,7 +766,7 @@ local_clock(
*/
void
adj_host_clock(
- void
+ int time_elapsed
)
{
double adjustment;
@@ -777,7 +781,8 @@ adj_host_clock(
* maximum error and the local clock driver will pick it up and
* pass to the common refclock routines. Very elegant.
*/
- sys_rootdispersion += clock_phi;
+ sys_rootdispersion += clock_phi * time_elapsed;
+ DPRINTF(2, ("loopfilter: %d\n", time_elapsed));
#ifndef LOCKCLOCK
/*
@@ -837,6 +842,11 @@ rstclock(
}
+int huffpuff_enabled()
+{
+ return sys_huffpuff != NULL;
+}
+
/*
* huff-n'-puff filter
*/
diff -up ntp-4.2.4p5/ntpd/ntp_timer.c.sleep ntp-4.2.4p5/ntpd/ntp_timer.c
--- ntp-4.2.4p5/ntpd/ntp_timer.c.sleep 2006-12-28 13:03:34.000000000 +0100
+++ ntp-4.2.4p5/ntpd/ntp_timer.c 2008-08-27 18:08:08.000000000 +0200
@@ -63,6 +63,7 @@ volatile u_long alarm_overflow;
#define HOUR (60*60)
u_long current_time;
+l_fp timer_base;
/*
* Stats. Number of overflows and number of calls to transmit().
@@ -116,6 +117,8 @@ reinit_timer(void)
itimer.it_interval.tv_nsec = 0;
timer_settime(ntpd_timerid, 0 /*!TIMER_ABSTIME*/, &itimer, NULL);
# else
+ get_systime(&timer_base);
+ return;
getitimer(ITIMER_REAL, &itimer);
if (itimer.it_value.tv_sec < 0 || itimer.it_value.tv_sec > (1<<EVENT_TIMEOUT)) {
itimer.it_value.tv_sec = (1<<EVENT_TIMEOUT);
@@ -160,6 +163,8 @@ init_timer(void)
timer_timereset = 0;
#if !defined(SYS_WINNT)
+ get_systime(&timer_base);
+ return;
/*
* Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT
* seconds from now and they continue on every 2**EVENT_TIMEOUT
@@ -252,6 +257,46 @@ get_timer_handle(void)
}
#endif
+int when_next_event() {
+ register struct peer *peer, *next_peer;
+ u_int n;
+ int next = current_time + HOUR;
+
+ if (adj_host_clock_is_needed())
+ return 1;
+ for (n = 0; n < NTP_HASH_SIZE; n++) {
+ for (peer = peer_hash[n]; peer != 0; peer = next_peer) {
+ next_peer = peer->next;
+#ifdef REFCLOCK
+ if (peer->flags & FLAG_REFCLOCK)
+ return 1;
+#endif /* REFCLOCK */
+ if (peer->action && peer->nextaction < next)
+ next = peer->nextaction;
+ if (peer->nextdate < next)
+ next = peer->nextdate;
+ }
+ }
+
+ if (auth_agekeys_is_needed() && keys_timer < next)
+ next = keys_timer;
+ if (huffpuff_enabled() && huffpuff_timer < next)
+ next = huffpuff_timer;
+#ifdef OPENSSL
+ if (revoke_timer < next)
+ next = revoke_timer;
+#endif /* OPENSSL */
+ if (interface_interval && interface_timer < next)
+ next = interface_timer;
+ if (stats_timer < next)
+ next = stats_timer;
+
+ next -= current_time;
+ if (next <= 0)
+ next = 1;
+ return next;
+}
+
/*
* timer - dispatch anyone who needs to be
*/
@@ -264,14 +309,12 @@ timer(void)
#endif /* OPENSSL */
u_int n;
- current_time += (1<<EVENT_TIMEOUT);
-
/*
* Adjustment timeout first.
*/
if (adjust_timer <= current_time) {
- adjust_timer += 1;
- adj_host_clock();
+ adj_host_clock(current_time - adjust_timer + 1);
+ adjust_timer = current_time + 1;
kod_proto();
#ifdef REFCLOCK
for (n = 0; n < NTP_HASH_SIZE; n++) {
diff -up ntp-4.2.4p5/ntpd/ntpd.c.sleep ntp-4.2.4p5/ntpd/ntpd.c
--- ntp-4.2.4p5/ntpd/ntpd.c.sleep 2008-08-27 18:08:08.000000000 +0200
+++ ntp-4.2.4p5/ntpd/ntpd.c 2008-08-27 18:10:54.000000000 +0200
@@ -187,8 +187,6 @@ extern const char *Version;
char const *progname;
-int was_alarmed;
-
#ifdef DECL_SYSCALL
/*
* We put this here, since the argument profile is syscall-specific
@@ -442,6 +440,7 @@ set_process_priority(void)
msyslog(LOG_ERR, "set_process_priority: No way found to improve our priority");
}
+#define TS_LAST_SIZE 2
/*
* Main program. Initialize us, disconnect us from the tty if necessary,
@@ -454,6 +453,9 @@ ntpdmain(
)
{
l_fp now;
+ l_fp ts_last[TS_LAST_SIZE];
+ unsigned int ts_last_index;
+ int time_elapsed;
struct recvbuf *rbuf;
#ifdef _AIX /* HMS: ifdef SIGDANGER? */
struct sigaction sa;
@@ -1009,7 +1011,11 @@ getgroup:
#else /* normal I/O */
BLOCK_IO_AND_ALARM();
- was_alarmed = 0;
+
+ for (ts_last_index = 0; ts_last_index < TS_LAST_SIZE; ts_last_index++)
+ L_CLR(&ts_last[ts_last_index]);
+ time_elapsed = ts_last_index = 0;
+
for (;;)
{
# if !defined(HAVE_SIGNALED_IO)
@@ -1020,39 +1026,59 @@ getgroup:
int nfound;
# endif
- if (alarm_flag) /* alarmed? */
- {
- was_alarmed = 1;
- alarm_flag = 0;
- }
-
- if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE)
+ if (has_full_recv_buffer() == ISC_FALSE)
{
/*
* Nothing to do. Wait for something.
*/
# ifndef HAVE_SIGNALED_IO
+ extern l_fp timer_base;
+ l_fp ts, ts2, ts3;
+ double d;
+
rdfdes = activefds;
-# if defined(VMS) || defined(SYS_VXWORKS)
- /* make select() wake up after one second */
- {
+ ts2 = timer_base;
+ get_systime(&ts);
+ ts3 = ts;
+ L_SUB(&ts3, &ts_last[ts_last_index]);
+
+ /* don't call when_next_event() too often */
+ if (ts3.l_ui)
+ ts2.l_ui += when_next_event();
+ else
+ ts2.l_ui += 1;
+
+ L_SUB(&ts2, &ts);
+ LFPTOD(&ts2, d);
+ DPRINTF(2, ("next in %f\n", d));
+ if (d >= 0.0) {
struct timeval t1;
- t1.tv_sec = 1; t1.tv_usec = 0;
+ /* shoot 1ms over */
+ d += 0.001;
+ t1.tv_sec = floor(d);
+ t1.tv_usec = (d - t1.tv_sec) * 1000000;
nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
(fd_set *)0, &t1);
- }
-# else
- nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
- (fd_set *)0, (struct timeval *)0);
-# endif /* VMS */
- if (nfound > 0)
- {
- l_fp ts;
-
get_systime(&ts);
+ } else
+ nfound = 0;
+
+ ts2 = ts;
+ L_SUB(&ts2, &timer_base);
+ time_elapsed += ts2.l_ui;
+ current_time += ts2.l_ui;
+ timer_base.l_ui += ts2.l_ui;
+#ifdef DEBUG
+ LFPTOD(&ts2, d);
+ DPRINTF(2, ("elapsed %f\n", d));
+#endif
+ if (nfound > 0)
+ {
(void)input_handler(&ts);
+ ts_last[ts_last_index] = ts;
+ ts_last_index = (ts_last_index + 1) % TS_LAST_SIZE;
}
else if (nfound == -1 && errno != EINTR)
netsyslog(LOG_ERR, "select() error: %m");
@@ -1061,17 +1087,12 @@ getgroup:
netsyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
# endif /* DEBUG */
# else /* HAVE_SIGNALED_IO */
-
+# error not supported
wait_for_signal();
# endif /* HAVE_SIGNALED_IO */
- if (alarm_flag) /* alarmed? */
- {
- was_alarmed = 1;
- alarm_flag = 0;
- }
}
- if (was_alarmed)
+ if (time_elapsed)
{
UNBLOCK_IO_AND_ALARM();
/*
@@ -1079,7 +1100,7 @@ getgroup:
* to process expiry.
*/
timer();
- was_alarmed = 0;
+ time_elapsed = 0;
BLOCK_IO_AND_ALARM();
}
@@ -1097,19 +1118,8 @@ getgroup:
rbuf = get_full_recv_buffer();
while (rbuf != NULL)
{
- if (alarm_flag)
- {
- was_alarmed = 1;
- alarm_flag = 0;
- }
UNBLOCK_IO_AND_ALARM();
- if (was_alarmed)
- { /* avoid timer starvation during lengthy I/O handling */
- timer();
- was_alarmed = 0;
- }
-
/*
* Call the data procedure to handle each received
* packet.
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/.cvsignore,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- .cvsignore 26 Oct 2007 13:27:54 -0000 1.26
+++ .cvsignore 29 Aug 2008 08:36:37 -0000 1.27
@@ -1,2 +1,2 @@
ntpstat-0.2.tgz
-ntp-4.2.4p4.tar.gz
+ntp-4.2.4p5.tar.gz
Index: ntp.conf
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/ntp.conf,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ntp.conf 24 Jul 2007 12:08:12 -0000 1.14
+++ ntp.conf 29 Aug 2008 08:36:37 -0000 1.15
@@ -19,9 +19,9 @@
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-server 0.fedora.pool.ntp.org dynamic
-server 1.fedora.pool.ntp.org dynamic
-server 2.fedora.pool.ntp.org dynamic
+server 0.fedora.pool.ntp.org
+server 1.fedora.pool.ntp.org
+server 2.fedora.pool.ntp.org
#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/ntp.spec,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- ntp.spec 28 Jul 2008 11:06:59 -0000 1.81
+++ ntp.spec 29 Aug 2008 08:36:37 -0000 1.82
@@ -1,7 +1,7 @@
Summary: The NTP daemon and utilities
Name: ntp
-Version: 4.2.4p4
-Release: 7%{?dist}
+Version: 4.2.4p5
+Release: 1%{?dist}
# primary license (COPYRIGHT) : MIT
# ElectricFence/ (not used) : GPLv2
# kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -42,27 +42,27 @@
Patch1: ntp-4.2.4p4-kernel.patch
Patch2: ntp-4.2.4p0-droproot.patch
Patch3: ntp-4.2.4-groups.patch
-Patch4: ntp-4.1.1c-rc3-authkey.patch
Patch5: ntp-4.2.4-linkfastmath.patch
Patch6: ntp-4.2.4p2-tentative.patch
Patch7: ntp-4.2.4p2-noseed.patch
Patch8: ntp-4.2.4p4-multilisten.patch
Patch9: ntp-4.2.4-html2man.patch
-Patch10: ntp-4.2.4-htmldoc.patch
+Patch10: ntp-4.2.4p5-htmldoc.patch
Patch11: ntp-4.2.4p2-filegen.patch
Patch12: ntp-4.2.4-sprintf.patch
Patch13: ntp-4.2.4p4-bsdadv.patch
-Patch14: ntp-4.2.4p4-mlock.patch
+Patch14: ntp-4.2.4p5-mlock.patch
Patch15: ntp-4.2.4p2-clockselect.patch
Patch16: ntp-4.2.4p2-nosntp.patch
-Patch17: ntp-4.2.4p0-sleep.patch
-Patch18: ntp-4.2.4p4-bcast.patch
+Patch17: ntp-4.2.4p5-sleep.patch
+Patch18: ntp-4.2.4p5-bcast.patch
Patch19: ntp-4.2.4p0-retcode.patch
Patch20: ntp-4.2.4p2-noif.patch
Patch21: ntp-4.2.4p4-ipv6.patch
Patch22: ntp-4.2.4p4-cmsgalign.patch
Patch23: ntp-4.2.4p4-gettime.patch
Patch24: ntp-4.2.4p4-resinit.patch
+Patch25: ntp-4.2.4p5-rtnetlink.patch
URL: http://www.ntp.org
Requires(post): /sbin/chkconfig
@@ -109,7 +109,6 @@
%patch1 -p1 -b .kernel
%patch2 -p1 -b .droproot
%patch3 -p1 -b .groups
-%patch4 -p1 -b .authkey
%patch6 -p1 -b .tentative
%patch7 -p1 -b .noseed
%patch8 -p1 -b .multilisten
@@ -127,6 +126,7 @@
%patch21 -p1 -b .ipv6
%patch22 -p1 -b .cmsgalign
%patch24 -p1 -b .resinit
+%patch25 -p1 -b .rtnetlink
# clock_gettime needs -lrt
sed -i.gettime 's|^LIBS = @LIBS@|& -lrt|' ntp{d,q,dc,date}/Makefile.in
@@ -288,6 +288,10 @@
%{_mandir}/man8/ntpdate.8*
%changelog
+* Fri Aug 29 2008 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p5-1
+- update to 4.2.4p5
+- add support for fast interface updates
+
* Mon Jul 28 2008 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p4-7
- reload resolv.conf after temporary failure in name resolution (#456743)
- use clock_gettime
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/F-9/sources,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- sources 26 Oct 2007 13:27:54 -0000 1.27
+++ sources 29 Aug 2008 08:36:37 -0000 1.28
@@ -1,2 +1,2 @@
6b2bedefe2e7c63ea52609b222022121 ntpstat-0.2.tgz
-fcb32a01e1ae3f9ed5bac86b12c7a1cc ntp-4.2.4p4.tar.gz
+eb647e07ecbd6e9e07bf8d3dc555490e ntp-4.2.4p5.tar.gz
--- ntp-4.1.1c-rc3-authkey.patch DELETED ---
--- ntp-4.2.4-htmldoc.patch DELETED ---
--- ntp-4.2.4p0-sleep.patch DELETED ---
--- ntp-4.2.4p4-bcast.patch DELETED ---
--- ntp-4.2.4p4-mlock.patch DELETED ---
More information about the fedora-extras-commits
mailing list