[Bug 199423] NTP stopped peering after FreeBSD-SA-15:07.ntp
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Apr 13 17:04:56 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199423
Bug ID: 199423
Summary: NTP stopped peering after FreeBSD-SA-15:07.ntp
Product: Base System
Version: 10.1-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: freebsd at pki2.com
After I applied FreeBSD-SA-15:07.ntp the NTP daemon stopped peering. It still
successfully works as a client and server.
My peers are authenticated and I found under the following conditions I can
return peers to a working state:
1) I restore the unpatched ntp_proto.c file.
2) I applied the patch below, which undoes part of FreeBSD-SA-15:07.ntp.
Although I DID NOT step through the code (I looked through some of the code),
it isn't clear to me why this works. For a while I suspected an optimizer bug.
3) net/ntp (4.2.8p2) and net/ntp-devel (4.3.14) both work. (FreeBSD is
4.2.4p8.)
My systems are:
Marvin# uname -a
FreeBSD Marvin 10.1-STABLE FreeBSD 10.1-STABLE #0 r281238: Tue Apr 7 19:05:26
CDT 2015 root at Marvin:/usr/obj/usr/src/sys/PENFORD-FreeBSD10-amd64 amd64
My ntp.conf on the host Marvin is the following. My other systems are similar.
My keys are MD5, such as:
250 MD5 xxxxxxxx
Marvin# more /etc/ntp.conf
enable auth ntp monitor stats
keys /etc/ntp/keys
keysdir /etc/ntp
crypto randfile /dev/random
crypto leap /etc/ntp/leap-seconds.3629404800
trustedkey 67 68 69 70 71 72 73 74 101 102 104 250 251 252 253 254 255 260
261
requestkey 23
controlkey 27
server tock.usno.navy.mil prefer
server time-a.nist.gov prefer
server time-b.nist.gov prefer
server time.xmission.com prefer
server clock.fmt.he.net prefer
peer granny.bwa.penx.com key 250
peer tweety-ext.cria.penx.com key 251
peer daffy.penx.com key 252
peer elmer.dco.penx.com key 254
peer bugs.obil.penx.com key 255
#
# Back up clock source
server 127.127.1.0
fudge 127.127.1.0 stratum 5
Marvin# diff -c ntp_proto.c.orig ntp_proto.c
*** ntp_proto.c.orig Sat Apr 11 23:51:43 2015
--- ntp_proto.c Sat Apr 11 23:54:54 2015
***************
*** 948,957 ****
peer->flash |= TEST2; /* bogus packet */
}
! /*
! * If unsynchronized or bogus abandon ship. If the crypto machine
! * breaks, light the crypto bit and plaint the log.
! */
if (peer->flash & PKT_TEST_MASK) {
#ifdef OPENSSL
if (crypto_flags && (peer->flags & FLAG_SKEY)) {
--- 948,960 ----
peer->flash |= TEST2; /* bogus packet */
}
! /*
! * Update the origin and destination timestamps. If
! * unsynchronized or bogus abandon ship. If the crypto machine
! * breaks, light the crypto bit and plaint the log.
! */
! peer->org = p_xmt;
! peer->rec = rbufp->recv_time;
if (peer->flash & PKT_TEST_MASK) {
#ifdef OPENSSL
if (crypto_flags && (peer->flags & FLAG_SKEY)) {
***************
*** 994,1005 ****
/*
* That was hard and I am sweaty, but the packet is squeaky
* clean. Get on with real work.
- *
- * Update the origin and destination timestamps.
*/
- peer->org = p_xmt;
- peer->rec = rbufp->recv_time;
-
peer->received++;
peer->timereceived = current_time;
if (is_authentic == AUTH_OK)
--- 997,1003 ----
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list