Miroslav Lichvar [Tue, 24 Mar 2020 14:22:31 +0000 (15:22 +0100)]
socket: simplify receiving messages
Don't require the caller to provide a SCK_Message (on stack). Modify the
SCK_ReceiveMessage*() functions to return a pointer to static buffers,
as the message buffer which SCK_Message points to already is.
Miroslav Lichvar [Mon, 23 Mar 2020 10:34:02 +0000 (11:34 +0100)]
socket: enable port sharing on Linux
On Linux, enable the SO_REUSEPORT option on sockets bound to a port in
order to support load balancing with multiple chronyd instances
(configured to not adjust the system clock).
The IP_FREEBIND option already allowed different instances to bind to
the same address and port, but only one was actually receiving packets.
As the instances don't share their state, sharing the NTP port doesn't
work well with the interleaved mode, symmetric mode, and rate limiting.
Sharing the NTS-KE port will not work until the server keys can be
derived from a shared key.
Earlier versions of macOS do not provide clock_gettime(). This patch
checks for clock_gettime() at run-time and falls back to gettimeofday()
if the symbol is not present.
Miroslav Lichvar [Thu, 12 Mar 2020 09:49:38 +0000 (10:49 +0100)]
reference: update synchronization status more frequently
Update the local clock errors with each update of the leap status to
avoid the kernel marking the clock as unsynchronized when a large
number of NTP samples is dropped.
Miroslav Lichvar [Wed, 11 Mar 2020 16:03:00 +0000 (17:03 +0100)]
sources: update reference leap status early
When a leap second status is updated by a source, don't wait for the
next source selection and full update of the reference. Count votes from
sources that passed the previous selection and update the reference leap
status directly.
This should allow leap seconds to spread quickly even when the
samples are dropped or delayed by the filters.
Miroslav Lichvar [Wed, 11 Mar 2020 14:48:00 +0000 (15:48 +0100)]
sources: separate update of leap status
Remove leap status from the NTP sample and set it independently from
the sample accumulation in order to accept a leap second sooner when
samples are filtered.
Miroslav Lichvar [Wed, 11 Mar 2020 11:20:51 +0000 (12:20 +0100)]
cmdmon: add reset command
The reset command drops all measurements and switches the reference to
the unsynchronised state. This command can help chronyd with recovery
when the measurements are known to be no longer valid or accurate, e.g.
due to moving the computer to a different network, or resuming the
computer from a low-power state (which resets the system clock).
Miroslav Lichvar [Wed, 11 Mar 2020 10:38:24 +0000 (11:38 +0100)]
reference: don't report synchronized status after unknown step
The source handler resets SST instances on an unknown step, which
makes the sources unselectable, but SRC_SelectSource() doesn't call
REF_SetUnsynchronised() when no source is selectable.
Handle the step in the reference handler.
Fixes: 049eae661ae3 ("sources: keep synchronized status with unreachable/unselectable sources")
Miroslav Lichvar [Wed, 11 Mar 2020 07:56:17 +0000 (08:56 +0100)]
sched: provide low-precision monotonic time
Measure the interval since the start in order to provide a monotonic
time for periodical tasks not using timers like driftfile updates, key
refresh, etc. Return the interval in the double format, but keep an
integer remainder limiting the precision to 0.01 second to avoid issues
with very small increments in a long-running process.
Miroslav Lichvar [Tue, 10 Mar 2020 13:02:08 +0000 (14:02 +0100)]
configure: improve nettle and gnutls check
Before enabling NTS, check for more gnutls functions (some added in
3.6.3) to avoid build failures with older gnutls versions. Also, make
sure that nettle supports the new AES interface (added in 3.0).
ntp: ignore onoffline command for unresolved sources
The onoffline command switches an unresolved source to the offline
status, even when the network is already up.
Ignore the onoffline command for unresolved sources to prevent sources
unexpectedly staying in the offline status, e.g. when the command is
issued from a network dispatcher script (and no other call is expected
later when the name is resolved).
Allow the nts and ntsport options to be specified for sources added from
chronyc. This is an incompatible change in the request, but there was no
release using the new REQ_ADD_SOURCE command yet.
Add an option to enable NTS for an NTP source. Check for NTS-specific
extension fields and pass the packets to the NTS-NTP code in order to
enable the NTS client and server.
Miroslav Lichvar [Wed, 21 Aug 2019 12:09:37 +0000 (14:09 +0200)]
siv: add internal implementation based on Nettle
This adds an internal implementation of the AES-SIV-CMAC-256 cipher
based on GNU Nettle and the following patch (which was later reworked
and included in Nettle):
Miroslav Lichvar [Mon, 11 Nov 2019 18:02:30 +0000 (19:02 +0100)]
nameserv: allow concurrent asynchronous requests
Allow multiple resolving threads to be running at the same time in order
to support multiple callers, but use a mutex to avoid sending multiple
requests to the privops helper. This will be needed for the NTS-KE
server negotiation.
Miroslav Lichvar [Sat, 23 Mar 2019 14:49:06 +0000 (15:49 +0100)]
ntp: add function to update source NTP address
This will allow a source to have its address changed due to NTS-KE
server negotiation, which allows the NTS-KE server to have a different
address than the NTP server.
Miroslav Lichvar [Thu, 13 Feb 2020 12:27:23 +0000 (13:27 +0100)]
ntp: allow changing port of source
Modify the replace_source() function to not require a different IP
address when replacing a source with the same address but different
port. This will enable the NTS-KE port negotiation.
ntp: don't accept packets with unexpected authentication
If authentication is not enabled in configuration, responses are not
expected to be authenticated. Handle such responses as having failed
authentication.
A case where this could happen is a misconfigured symmetric association
where only one peer has specified the other with a key. Before this
change synchronization would work in one direction and used packets
with an asymmetric length.
ntp: don't allow long MACs in NTPv4 packets with extension fields
MAC longer than 24 octets in NTPv4 packet is supported only for
compatibility with some pre-RFC7822 chrony versions. They didn't use
any extension fields.
Miroslav Lichvar [Wed, 14 Aug 2019 16:23:45 +0000 (18:23 +0200)]
ntp: refactor authentication
Move most of the authentication-specific code to a new file and
introduce authenticator instances in order to support other
authentication mechanisms (e.g. NTS).
Miroslav Lichvar [Wed, 14 Aug 2019 13:53:17 +0000 (15:53 +0200)]
ntp: rework packet parsing
Rework the code to detect the authentication mode and count extension
fields in the first parsing of the packet and store this information in
the new packet info structure.
Miroslav Lichvar [Mon, 15 Apr 2019 10:48:41 +0000 (12:48 +0200)]
ntp: don't send response longer than request
When sending a response in the server or passive mode, make sure the
response is not longer than the request to prevent amplification
attacks when resposes may contain extension fields (e.g. NTS).
Miroslav Lichvar [Wed, 14 Aug 2019 12:10:28 +0000 (14:10 +0200)]
ntp: add structure with packet info
Add a structure for length and other information about received and
transmitted NTP packets to minimize the number of parameters and avoid
repeated parsing of the packet.
Miroslav Lichvar [Mon, 24 Feb 2020 09:42:29 +0000 (10:42 +0100)]
ntp: don't replace sources with unroutable addresses
When changing an address of a source (both known and unknown), make sure
the new address is connectable. This should avoid useless replacements,
e.g. polling an IPv6 address on IPv4-only systems.
Miroslav Lichvar [Tue, 18 Feb 2020 09:51:41 +0000 (10:51 +0100)]
client: add option to print all sources
Add -a option to the sources and sourcestats commands to print all
sources, including those that don't have a resolved address yet. By
default, only sources that have a real address are printed for
compatibility. Remove the "210 Number of sources" messages to avoid
confusion. Also, modify the ntpdata command to always print only sources
with a resolved address.
Miroslav Lichvar [Tue, 18 Feb 2020 12:45:13 +0000 (13:45 +0100)]
ntp: repeat resolving until all pool sources are resolved
When resolving of a pool name succeeds, don't remove the remaining
unresolved sources, i.e. try to get all maxsources (default 4) sources,
even if it takes multiple DNS requests.
Miroslav Lichvar [Tue, 18 Feb 2020 10:32:22 +0000 (11:32 +0100)]
ntp: stop resolving if unresolved source is removed
If an individual unresolved source or all unresolved sources from a pool
are removed, stop resolving their addresses on the next attempt (don't
remove them immediately as the resolver may be running).
Miroslav Lichvar [Tue, 18 Feb 2020 09:35:41 +0000 (10:35 +0100)]
addressing: introduce identifiers for unresolved addresses
Add a new type of address for NTP sources that don't have a resolved
address yet. This will allow the sources to be displayed, modified and
deleted by chronyc.
Update utility functions to support the new addresses.
Miroslav Lichvar [Tue, 11 Feb 2020 11:37:57 +0000 (12:37 +0100)]
logging: restrict file log permissions
With the new file utility functions permissions can be restricted for
newly created files. For the log file specified by the -l option it
is better to remove the "other" permissions (0640) to make it similar
to the system log.
Miroslav Lichvar [Wed, 29 Jan 2020 11:28:43 +0000 (12:28 +0100)]
util: don't log unlink() error if file is not accessible
Try stat() before calling unlink() to make sure the file is accessible.
This fixes chronyc running under a non-root/chrony user printing an
error message due to missing permissions on /var/run/chrony before
trying to bind its socket.
The current default NTP era split passed the Unix epoch (~50 years ago),
which means the epoch converted to an NTP timestamp and back ends up in
the next NTP era (year 2106).
Add a new command to print the original name of a source specified by
address. This could be useful in scripts to avoid having to run the
sources command with and without -N.
Add -N option to chronyc to print the original names by which the
sources were specified instead of using reverse DNS lookup. The option
works in the sources, sourcestats and tracking commands.
Specify a new request to get the name of the NTP source corresponding to
an address, which was originally specified in the configuration file or
chronyc add command.
cmdmon: specify name instead of address in add request
Modify the request for adding a source to provide the name of the source
instead of its address (resolved in chronyc) in order to enable chronyd
to replace the source, support an "add pool" command, and enable an NTS
client to verify the server's certificate.
The name resolving does not block the response. Success is indicated
even if the name cannot be resolved, or a source with the same address
is already present.
To prevent unresolvable names from getting to chronyd, chronyc does not
send the request if it could not resolve the name itself (assuming they
are both running on the same host using the same resolver).
Miroslav Lichvar [Thu, 12 Dec 2019 10:58:18 +0000 (11:58 +0100)]
ntp: check name and return status from NSR_AddSourceByName()
Return an error status when the name is not printable or contains a
space (don't bother with full hostname validation). If the name is an
address, return the same status as NSR_AddSource(). Otherwise, return a
"not resolved yet" status.
projects / thirdparty / chrony.git / log
