Upgrading to GitLab 12.1.0.

Commit cf394574 authored by Bernhard Schmidt's avatar Bernhard Schmidt

New upstream version 4.2.8p11+dfsg

parent aadd3fc7
---
(4.2.8p10-win-beta1) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
(4.2.8p10)
* [Sec 3454] Unauthenticated packet can reset authenticated interleave
associations. HStenn.
* [Sec 3453] Interleaved symmetric mode cannot recover from bad state. HStenn.
* [Sec 3415] Permit blocking authenticated symmetric/passive associations.
Implement ippeerlimit. HStenn, JPerlinger.
* [Sec 3414] ntpq: decodearr() can write beyond its 'buf' limits
- initial patch by <stenn@ntp.org>, extended by <perlinger@ntp.org>
* [Sec 3412] ctl_getitem(): Don't compare names past NUL. <perlinger@ntp.org>
* [Sec 3012] Sybil vulnerability: noepeer support. HStenn, JPerlinger.
* [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org>
* [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org>
- applied patch by Sean Haugh
* [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org>
* [Bug 3450] Dubious error messages from plausibility checks in get_systime()
- removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org>
* [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org>
- refactoring the MAC code, too
* [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org
* [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org>
- applied patch by ggarvey
* [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org>
- applied patch by ggarvey (with minor mods)
* [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain
- applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org>
* [Bug 3435] anchor NTP era alignment <perlinger@ntp.org>
* [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org>
* [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2"
- fixed several issues with hash algos in ntpd, sntp, ntpq,
ntpdc and the test suites <perlinger@ntp.org>
* [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org>
- initial patch by Daniel Pouzzner
* [Bug 3423] QNX adjtime() implementation error checking is
wrong <perlinger@ntp.org>
* [Bug 3417] ntpq ifstats packet counters can be negative
made IFSTATS counter quantities unsigned <perlinger@ntp.org>
* [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10
- raised receive buffer size to 1200 <perlinger@ntp.org>
* [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static
analysis tool. <abe@ntp.org>
* [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath.
* [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org>
- fix/drop assumptions on OpenSSL libs directory layout
* [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation
- initial patch by timeflies@mail2tor.com <perlinger@ntp.org>
* [Bug 3398] tests fail with core dump <perlinger@ntp.org>
- patch contributed by Alexander Bluhm
* [Bug 3397] ctl_putstr() asserts that data fits in its buffer
rework of formatting & data transfer stuff in 'ntp_control.c'
avoids unecessary buffers and size limitations. <perlinger@ntp.org>
* [Bug 3394] Leap second deletion does not work on ntpd clients
- fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org>
* [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size
- increased mimimum stack size to 32kB <perlinger@ntp.org>
* [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org>
- reverted handling of PPS kernel consumer to 4.2.6 behavior
* [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org>
* [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn.
* [Bug 3016] wrong error position reported for bad ":config pool"
- fixed location counter & ntpq output <perlinger@ntp.org>
* [Bug 2900] libntp build order problem. HStenn.
* [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org>
* [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net,
perlinger@ntp.org
* [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp.
* [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org>
* Use strlcpy() to copy strings, not memcpy(). HStenn.
* Typos. HStenn.
* test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn.
* refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn.
* Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org
* Fix trivial warnings from 'make check'. perlinger@ntp.org
* Fix bug in the override portion of the compiler hardening macro. HStenn.
* record_raw_stats(): Log entire packet. Log writes. HStenn.
* AES-128-CMAC support. BInglis, HStenn, JPerlinger.
* sntp: tweak key file logging. HStenn.
* sntp: pkt_output(): Improve debug output. HStenn.
* update-leap: updates from Paul McMath.
* When using pkg-config, report --modversion. HStenn.
* Clean up libevent configure checks. HStenn.
* sntp: show the IP of who sent us a crypto-NAK. HStenn.
* Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger.
* authistrustedip() - use it in more places. HStenn, JPerlinger.
* New sysstats: sys_lamport, sys_tsrounding. HStenn.
* Update ntp.keys .../N documentation. HStenn.
* Distribute testconf.yml. HStenn.
* Add DPRINTF(2,...) lines to receive() for packet drops. HStenn.
* Rename the configuration flag fifo variables. HStenn.
* Improve saveconfig output. HStenn.
* Decode restrict flags on receive() debug output. HStenn.
* Decode interface flags on receive() debug output. HStenn.
* Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn.
* Update the documentation in ntp.conf.def . HStenn.
* restrictions() must return restrict flags and ippeerlimit. HStenn.
* Update ntpq peer documentation to describe the 'p' type. HStenn.
* Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn.
* Provide dump_restricts() for debugging. HStenn.
* Use consistent 4th arg type for [gs]etsockopt. JPerlinger.
* Some tests might need LIBM. HStenn.
* update-leap: Allow -h/--help early. HStenn.
---
(4.2.8p10) 2017/03/21 Released by Harlan Stenn <stenn@ntp.org>
* [Sec 3389] NTP-01-016: Denial of Service via Malformed Config
(Pentest report 01.2017) <perlinger@ntp.org>
......
......@@ -5,10 +5,10 @@ NULL =
# moved sntp first to get libtool and libevent built.
SUBDIRS = \
sntp \
scripts \
include \
libntp \
sntp \
libparse \
ntpd \
ntpdate \
......
......@@ -99,6 +99,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
......@@ -523,10 +524,10 @@ NULL =
# moved sntp first to get libtool and libevent built.
SUBDIRS = \
sntp \
scripts \
include \
libntp \
sntp \
libparse \
ntpd \
ntpdate \
......
This diff is collapsed.
......@@ -1339,6 +1339,7 @@ m4_include([sntp/m4/ltoptions.m4])
m4_include([sntp/m4/ltsugar.m4])
m4_include([sntp/m4/ltversion.m4])
m4_include([sntp/m4/lt~obsolete.m4])
m4_include([sntp/m4/ntp_af_unspec.m4])
m4_include([sntp/m4/ntp_cacheversion.m4])
m4_include([sntp/m4/ntp_compiler.m4])
m4_include([sntp/m4/ntp_crosscompile.m4])
......
......@@ -108,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
......@@ -952,7 +953,6 @@ install-exec-hook:
#
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a
......
......@@ -101,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \
$(top_srcdir)/sntp/m4/ltsugar.m4 \
$(top_srcdir)/sntp/m4/ltversion.m4 \
$(top_srcdir)/sntp/m4/lt~obsolete.m4 \
$(top_srcdir)/sntp/m4/ntp_af_unspec.m4 \
$(top_srcdir)/sntp/m4/ntp_cacheversion.m4 \
$(top_srcdir)/sntp/m4/ntp_compiler.m4 \
$(top_srcdir)/sntp/m4/ntp_crosscompile.m4 \
......@@ -793,7 +794,6 @@ uninstall-am:
check-libntp: ../libntp/libntp.a
@echo stamp > $@
../libntp/libntp.a:
cd ../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a
......
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p10.
# Generated by GNU Autoconf 2.69 for ntp 4.2.8p11.
#
# Report bugs to <http://bugs.ntp.org./>.
#
......@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ntp'
PACKAGE_TARNAME='ntp'
PACKAGE_VERSION='4.2.8p10'
PACKAGE_STRING='ntp 4.2.8p10'
PACKAGE_VERSION='4.2.8p11'
PACKAGE_STRING='ntp 4.2.8p11'
PACKAGE_BUGREPORT='http://bugs.ntp.org./'
PACKAGE_URL='http://www.ntp.org./'
......@@ -944,6 +944,7 @@ ac_user_opts='
enable_option_checking
enable_silent_rules
enable_dependency_tracking
with_hardenfile
with_locfile
enable_shared
enable_static
......@@ -1613,7 +1614,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ntp 4.2.8p10 to adapt to many kinds of systems.
\`configure' configures ntp 4.2.8p11 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
......@@ -1683,7 +1684,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ntp 4.2.8p10:";;
short | recursive ) echo "Configuration of ntp 4.2.8p11:";;
esac
cat <<\_ACEOF
......@@ -1699,6 +1700,7 @@ Optional Features and Packages:
do not reject slow dependency extractors
--disable-dependency-tracking
speeds up one-time build
--with-hardenfile=XXX os-specific or "/dev/null"
--with-locfile=XXX os-specific or "legacy"
--enable-shared[=PKGS] build shared libraries [default=no]
--enable-static[=PKGS] build static libraries [default=yes]
......@@ -1921,7 +1923,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ntp configure 4.2.8p10
ntp configure 4.2.8p11
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
......@@ -2630,7 +2632,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ntp $as_me 4.2.8p10, which was
It was created by ntp $as_me 4.2.8p11, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
......@@ -3631,7 +3633,7 @@ fi
# Define the identity of the package.
PACKAGE='ntp'
VERSION='4.2.8p10'
VERSION='4.2.8p11'
cat >>confdefs.h <<_ACEOF
......@@ -6581,11 +6583,11 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
$as_echo_n "checking for compile/link hardening flags... " >&6; }
# Check whether --with-locfile was given.
if test "${with_locfile+set}" = set; then :
withval=$with_locfile;
# Check whether --with-hardenfile was given.
if test "${with_hardenfile+set}" = set; then :
withval=$with_hardenfile;
else
with_locfile=no
with_hardenfile=no
fi
......@@ -6593,12 +6595,12 @@ fi
( \
SENTINEL_DIR="$PWD" && \
cd $srcdir/sntp && \
case "$with_locfile" in \
case "$with_hardenfile" in \
yes|no|'') \
scripts/genHardFlags -d "$SENTINEL_DIR" \
;; \
*) \
scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_locfile" \
scripts/genHardFlags -d "$SENTINEL_DIR" -f "$with_hardenfile" \
;; \
esac \
) > genHardFlags.i 2> genHardFlags.err
......@@ -15937,8 +15939,13 @@ $as_echo_n "checking if libevent $ntp_libevent_min_version or later is installed
if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent
then
ntp_use_local_libevent=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using the installed libevent" >&5
$as_echo "$as_me: Using the installed libevent" >&6;}
ntp_libevent_version="`$PKG_CONFIG --modversion libevent`"
case "$ntp_libevent_version" in
*.*) ;;
*) ntp_libevent_version='(unknown)' ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5
$as_echo "yes, version $ntp_libevent_version" >&6; }
CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads`
CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent`
# HMS: I hope the following is accurate.
......@@ -15966,8 +15973,6 @@ $as_echo "$as_me: Using the installed libevent" >&6;}
LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_pthreads"
esac
LDADD_LIBEVENT="$LDADD_LIBEVENT -levent_core"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
ntp_use_local_libevent=yes
# HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS
......@@ -26468,6 +26473,36 @@ fi
done
# We could do a cv check here, but is it worth it?
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <sys/socket.h>
#ifndef AF_UNSPEC
#include "Bletch: AF_UNSPEC is undefined!"
#endif
#if AF_UNSPEC != 0
#include "Bletch: AF_UNSPEC != 0"
#endif
int
main ()
{
{ $as_echo "$as_me:${as_lineno-$LINENO}: AF_UNSPEC is zero, as expected." >&5
$as_echo "$as_me: AF_UNSPEC is zero, as expected." >&6;}
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
$as_echo_n "checking return type of signal handlers... " >&6; }
if ${ac_cv_type_signal+:} false; then :
......@@ -30114,8 +30149,13 @@ $as_echo_n "checking pkg-config for $pkg... " >&6; }
VER_SUFFIX=o
ntp_openssl=yes
ntp_openssl_from_pkg_config=yes
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`"
case "$ntp_openssl_version" in
*.*) ;;
*) ntp_openssl_version='(unknown)' ;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5
$as_echo "yes, version $ntp_openssl_version" >&6; }
break
fi
......@@ -33924,7 +33964,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ntp $as_me 4.2.8p10, which was
This file was extended by ntp $as_me 4.2.8p11, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
......@@ -33991,7 +34031,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ntp config.status 4.2.8p10
ntp config.status 4.2.8p11
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
......
......@@ -528,6 +528,8 @@ AC_CHECK_HEADERS([sys/timex.h], [], [], [
#endif
])
NTP_AF_UNSPEC
AC_TYPE_SIGNAL
AC_TYPE_OFF_T
AC_STRUCT_TM dnl defines TM_IN_SYS_TIME used by refclock_parse.c
......
......@@ -19,7 +19,7 @@ color: #FF0000;
<p><img src="pic/pogo6.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a></p>
<p>The skunk watches for intruders and sprays.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->11-Sep-2010 05:53<!-- #EndDate -->
<!-- #BeginDate format:En2m -->26-Jul-2017 20:10<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
......@@ -32,7 +32,7 @@ color: #FF0000;
<p>The ACL is specified as a list of <tt>restrict</tt> commands in the following format:</p>
<p><tt>restrict <i>address</i> [mask <i>mask</i>] [<i>flag</i>][...]</tt></p>
<p>The <tt><i>address</i></tt> argument expressed in dotted-quad form is the address of a host or network. Alternatively, the <tt><i>address</i></tt> argument can be a valid host DNS name. The <tt><i>mask</i></tt> argument expressed in IPv4 or IPv6 numeric address form defaults to all mask bits on, meaning that the <tt><i>address</i></tt> is treated as the address of an individual host. A default entry (address 0.0.0.0, mask 0.0.0.0 for IPv4 and address :: mask :: for IPv6) is always the first entry in the list. <tt>restrict default</tt>, with no mask option, modifies both IPv4 and IPv6 default entries. <tt>restrict source</tt> configures a template restriction automatically added at runtime for each association, whether configured, ephemeral, or preemptable, and removed when the association is demobilized.</p>
<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags. are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p>
<p>Some flags have the effect to deny service, some have the effect to enable service and some are conditioned by other flags. The flags are not orthogonal, in that more restrictive flags will often make less restrictive ones redundant. The flags that deny service are classed in two categories, those that restrict time service and those that restrict informational queries and attempts to do run-time reconfiguration of the server.</p>
<p>An example may clarify how it works. Our campus has two class-B networks, 128.4 for the ECE and CIS departments and 128.175 for the rest of campus. Let's assume (not true!) that subnet 128.4.1 homes critical services like class rosters and spread sheets. A suitable ACL might look like this:</p>
<pre>
restrict default nopeer # deny new associations
......
This diff is collapsed.
......@@ -46,14 +46,40 @@ required.</p>
<p>By default, the client sends non-authenticated packets and the server responds with non-authenticated packets. If the client sends authenticated packets, the server responds with authenticated packets if correct, or a crypto-NAK packet if not. In the case of unsolicited packets which might consume significant resources, such as broadcast or symmetric mode packets, authentication is required, unless overridden by a <tt>disable auth</tt> command. In the current climate of targeted broadcast or &quot;letterbomb&quot; attacks, defeating this requirement would be decidedly dangerous. In any case, the <tt>notrust </tt>flag, described on the <a href="authopt.html">Access Control Options</a> page, can be used to disable access to all but correctly authenticated clients.</p>
<h4 id="symm">Symmetric Key Cryptography</h4>
<p>The original NTPv3 specification (RFC-1305), as well as the current NTPv4 specification (RFC-5905), allows any one of possibly 65,534 message digest keys (excluding zero), each distinguished by a 32-bit key ID, to authenticate an association. The servers and clients involved must agree on the key ID, key type and key to authenticate NTP packets.</p>
<p>The message digest is a cryptographic hash computed by an algorithm such as MD5 or SHA. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p>
<p>The message digest is a cryptographic hash computed by an algorithm such as MD5, SHA, or AES-128 CMAC. When authentication is specified, a message authentication code (MAC) is appended to the NTP packet header. The MAC consists of a 32-bit key identifier (key ID) followed by a 128- or 160-bit message digest. The algorithm computes the digest as the hash of a 128- or 160- bit message digest key concatenated with the NTP packet header fields with the exception of the MAC. On transmit, the message digest is computed and inserted in the MAC. On receive, the message digest is computed and compared with the MAC. The packet is accepted only if the two MACs are identical. If a discrepancy is found by the client, the client ignores the packet, but raises an alarm. If this happens at the server, the server returns a special message called a <em>crypto-NAK</em>. Since the crypto-NAK is protected by the loopback test, an intruder cannot disrupt the protocol by sending a bogus crypto-NAK.</p>
<p>Keys and related information are specified in a keys file, which must be distributed and stored using secure means beyond the scope of the NTP protocol itself. Besides the keys used for ordinary NTP associations, additional keys can be used as passwords for the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs. Ordinarily, the <tt>ntp.keys</tt> file is generated by the <tt><a href="keygen.html">ntp-keygen</a></tt> program, but it can be constructed and edited using an ordinary text editor.</p>
<p> Each line of the keys file consists of three or four fields: a key ID in the range 1 to 65,534, inclusive, a key type, a message digest key consisting of a printable ASCII string less than 40 characters or a 40-character hex digit string, and an optional comma-separated list of IPs that are allowed to serve time. If the OpenSSL library is installed, the key type can be any message digest algorithm supported by the library. If the OpenSSL library is not installed, the only permitted key type is MD5.</p>
<div align="center">
<p><img src="pic/sx5.gif" alt="gif"></p>
<p>Figure 1. Typical Symmetric Key File</p>
</div>
<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be change to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
<table>
<caption style="caption-side: bottom;">
Figure 1. Typical Symmetric Key File
</caption>
<tr><td style="border: 1px solid black; border-spacing: 0;">
<pre style="color:grey;">
# ntpkey_MD5key_bk.ntp.org.3595864945
# Thu Dec 12 19:22:25 2013
1 MD5 L";Nw&lt;`.I&lt;f4U0)247"i # MD5 key
2 MD5 &amp;&gt;l0%XXK9O'51VwV&lt;xq~ # MD5 key
3 MD5 lb4zLW~d^!K:]RsD'qb6 # MD5 key
4 MD5 Yue:tL[+vR)M`n~bY,'? # MD5 key
5 MD5 B;fxlKgr/&amp;4ZTbL6=RxA # MD5 key
6 MD5 4eYwa`o}3i@@V@..R9!l # MD5 key
7 MD5 `A.([h+;wTQ|xfi%Sn_! # MD5 key
8 MD5 45:V,r4]l6y^JH6"Sh?F # MD5 key
9 MD5 3-5vcn*6l29DS?Xdsg)* # MD5 key
10 MD5 2late4Me # MD5 key
11 SHA1 a27872d3030a9025b8446c751b4551a7629af65c # SHA1 key
12 SHA1 21bc3b4865dbb9e920902abdccb3e04ff97a5e74 # SHA1 key
13 SHA1 2b7736fe24fef5ba85ae11594132ab5d6f6daba9 # SHA1 key
14 SHA a5332809c8878dd3a5b918819108a111509aeceb # SHA key
15 MD2 2fe16c88c760ff2f16d4267e36c1aa6c926e6964 # MD2 key
16 MD4 b2691811dc19cfc0e2f9bcacd74213f29812183d # MD4 key
17 MD5 e4d6735b8bdad58ec5ffcb087300a17f7fef1f7c # MD5 key
18 MDC2 a8d5e2315c025bf3a79174c87fbd10477de2eabc # MDC2 key
19 RIPEMD160 77ca332cafb30e3cafb174dcd5b80ded7ba9b3d2 # RIPEMD160 key
20 AES128CMAC f92ff73eee86c1e7dc638d6489a04e4e555af878 # AES128CMAC key
</pre></td></tr></table>
<p>Figure 1 shows a typical keys file used by the reference implementation when the OpenSSL library is installed. In this figure, for key IDs in he range 1-10, the key is interpreted as a printable ASCII string. For key IDs in the range 11-20, the key is a 40-character hex digit string. The key is truncated or zero-filled internally to either 128 or 160 bits, depending on the key type. The line can be edited later or new lines can be added to change any field. The key can be changed to a password, such as <tt>2late4Me</tt> for key ID 10. Note that two or more keys files can be combined in any order as long as the key IDs are distinct.</p>
<p>When <tt>ntpd</tt> is started, it reads the keys file specified by the <tt>keys</tt> command and installs the keys in the key cache. However, individual keys must be activated with the <tt>trustedkey</tt> configuration command before use. This allows, for instance, the installation of possibly several batches of keys and then activating a key remotely using <tt>ntpq</tt> or <tt>ntpdc</tt>. The <tt>requestkey</tt> command selects the key ID used as the password for the <tt>ntpdc</tt> utility, while the <tt>controlkey</tt> command selects the key ID used as the password for the <tt>ntpq</tt> utility.</p>
<h4 id="windows">Microsoft Windows Authentication</h4>
<p>In addition to the above means, <tt>ntpd</tt> now supports Microsoft Windows MS-SNTP authentication using Active Directory services. This support was contributed by the Samba Team and is still in development. It is enabled using the <tt>mssntp</tt> flag of the <tt>restrict</tt> command described on the <a href="accopt.html#restrict">Access Control Options</a> page. <span class="style1">Note: Potential users should be aware that these services involve a TCP connection to another process that could potentially block, denying services to other users. Therefore, this flag should be used only for a dedicated server with no clients other than MS-SNTP.</span></p>
......
......@@ -10,7 +10,7 @@
<h3>NIST/USNO/PTB Modem Time Services</h3>
<p>Author: David L. Mills (mills@udel.edu)<br>
Last update:
<!-- #BeginDate format:En2m -->1-Dec-2012 10:44<!-- #EndDate -->
<!-- #BeginDate format:En2m -->12-Oct-2017 08:13<!-- #EndDate -->
UTC</p>
<hr>
<h4>Synopsis</h4>
......@@ -43,7 +43,7 @@
...</tt></p>
<p><tt>MJD</tt>, <tt>YR</tt>, <tt>ST</tt>, <tt>UT1</tt> and <tt>UTC(NIST)</tt> are not used by this driver. The <tt>&lt;OTM&gt;</tt> on-time character &quot;<tt>*</tt>&quot; changes to &quot;<tt>#</tt>&quot;&nbsp;when the delay correction is valid.</p>
<p><a href="http://tycho.usno.navy.mil">US Naval Observatory (USNO)</a></p>
<p>Phone: (202) 762-1594 (Washington, DC); (719) 567-6742 (Boulder, CO)</p>
<p>Phone: (202) 762-1594 (Washington, DC); (719) 567-6743 (Colorado Springs, CO)</p>
<p><a href="http://tycho.usno.navy.mil/modem_time.html">Data Format</a> (two lines, repeating at one-second intervals)</p>
<p><tt>jjjjj nnn hhmmss UTC</tt></p>
<p>* on-time character for previous timecode message<br>
......
......@@ -16,7 +16,7 @@
<body>
<h3>JJY Receivers</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->08-May-2016 00:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->12-Oct-2017 09:05<!-- #EndDate -->
UTC &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="driver40.html">ENGLISH(英語)</a> &nbsp; <a href="driver40-ja.html">JAPANESE(日本語)</a></p>
<hr>
<h4>Synopsis</h4>
......@@ -146,7 +146,8 @@
</li>
<li>
<p><a name="mode-3">エコー計測器 &nbsp; LT-2000</a> &nbsp; <a href="http://www.clock.co.jp/">http://www.clock.co.jp/</a> (日本語)</p><br>
<p><a name="mode-3">エコー計測器 &nbsp; LT-2000</a> &nbsp; <!-- a href="http://www.clock.co.jp/" --></p><br>
<p>エコー計測器株式会社は解散しました。2015年7月に、一部の事業は、フレックタイム株式会社に継承されました。</p><br>
<dl>
<dt>NTPの設定 ( ntp.conf )</dt>
<dd><br>
......
......@@ -16,7 +16,7 @@
<body>
<h3>JJY Receivers</h3>
<p>Last update:
<!-- #BeginDate format:En2m -->08-May-2016 00:00<!-- #EndDate -->
<!-- #BeginDate format:En2m -->12-Oct-2017 09:05<!-- #EndDate -->
UTC &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="driver40.html">ENGLISH</a> &nbsp; <a href="driver40-ja.html">JAPANESE</a></p>
<hr>
<h4>Synopsis</h4>
......@@ -145,7 +145,8 @@
</li>
<li>
<p><a name="mode-3">Echo Keisokuki Co.,Ltd. &nbsp; LT-2000</a> &nbsp; <a href="http://www.clock.co.jp/">http://www.clock.co.jp/</a> (Japanese only)</p><br>
<p><a name="mode-3">Echo Keisokuki Co.,Ltd. &nbsp; LT-2000</a> &nbsp; <!-- a href="http://www.clock.co.jp/" --></p><br>
<p>Echo Keisokuki was dissolved. Some business of the company was taken over by FreqTime Co., Ltd. in July, 2015.</p><br>
<dl>
<dt>NTP configuration ( ntp.conf )</dt>
<dd><br>
......
This diff is collapsed.
......@@ -3,7 +3,6 @@
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<title>Miscellaneous Commands and Options</title>
<!-- Changed by: Harlan Stenn, 17-Nov-2015 -->
<link href="scripts/style.css" type="text/css" rel="stylesheet">
</head>
<body>
......@@ -11,7 +10,7 @@
<img src="pic/boom3.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html">from <i>Pogo</i>, Walt Kelly</a>
<p>We have three, now looking for more.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->9-Nov-2016 12:26<!-- #EndDate -->
<!-- #BeginDate format:En2m -->14-Oct-2017 08:34<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
......@@ -105,7 +104,10 @@
<dt id="nonvolatile"><tt>nonvolatile <i>threshold</i></tt></dt>
<dd>Specify the <i><tt>threshold</tt></i> in seconds to write the frequency file, with default of 1e-7 (0.1 PPM). The frequency file is inspected each hour. If the difference between the current frequency and the last value written exceeds the threshold, the file is written and the <tt><em>threshold</em></tt> becomes the new threshold value. If the threshold is not exceeded, it is reduced by half. This is intended to reduce the frequency of unnecessary file writes for embedded systems with nonvolatile memory.</dd>
<dt id="phone"><tt>phone <i>dial</i> ...</tt></dt>
<dd>This command is used in conjunction with the ACTS modem driver (type 18). The arguments consist of a maximum of 10 telephone numbers used to dial USNO, NIST or European time services. The Hayes command ATDT&nbsp;is normally prepended to the number, which can contain other modem control codes as well.</dd>
<dd>This command is used in conjunction with the ACTS modem driver (type 18) or the JJY driver (type 40 mode 100 - 180).
For the ACTS modem driver (type 18), the arguments consist of a maximum of 10 telephone numbers used to dial USNO, NIST or European time services.
For the JJY driver (type 40 mode 100 - 180), the argument is one telephone number used to dial the telephone JJY service.
The Hayes command ATDT&nbsp;is normally prepended to the number, which can contain other modem control codes as well.</dd>
<dt id="reset"><tt>reset [allpeers] [auth] [ctl] [io] [mem] [sys] [timer]</tt></dt>
<dd>Reset one or more groups of counters maintained by ntpd and exposed by <tt>ntpq</tt> and <tt>ntpdc</tt>.</dd>
<dt id="rlimit"><tt>rlimit [memlock <i>Nmegabytes</i> | stacksize <i>N4kPages</i> | filenum <i>Nfiledescriptors</i>]</tt></dt>
......@@ -145,10 +147,12 @@
<dd>Specifies the stepout threshold in seconds. The default without this command is 300 s. Since this option also affects the training and startup intervals, it should not be set less than the default. Further details are on the <a href="clock.html">Clock State Machine</a> page.</dd>
</dl>
</dd>
<dt id="tos"><tt>tos [bcpollbstep <i>poll-gate</i> | beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> | orphanwait <em>delay</em>]</tt></dt>
<dt id="tos"><tt>tos [basedate <i>date<i> | bcpollbstep <i>poll-gate</i> | beacon <i>beacon</i> | ceiling <i>ceiling</i> | cohort {0 | 1} | floor <i>floor</i> | maxclock <i>maxclock </i>| maxdist <i>maxdist</i> | minclock <i>minclock</i> | mindist <i>mindist </i>| minsane <i>minsane</i> | orphan <i>stratum</i> | orphanwait <em>delay</em>]</tt></dt>
<dd>This command alters certain system variables used by the the clock selection and clustering algorithms. The default values of these variables have been carefully optimized for a wide range of network speeds and reliability expectations. Very rarely is it necessary to change the default values; but, some folks can't resist twisting the knobs. It can be used to select the quality and quantity of peers used to synchronize the system clock and is most useful in dynamic server discovery schemes. The options are as follows:</dd>
<dd>
<dl>
<dt><tt>basedate <i>date</i></tt></dt>
<dd>Set NTP era anchor. <tt><i>date</i></tt> is either a date in ISO8601 format (<i>YYYY-MM-DD<i>) or an integer giving the days since 1900-01-01, the start of the NTP epoch. <tt>ntpd</tt> will clamp the system time to an era starting with the begin of this this day (00:00:00Z), covering a range of 2<sup>32</sup> seconds or roughly 136 years. The default is the begin of the UNIX epoch, 1970-01-01.</dd>
<dt><tt>bcpollbstep <i>poll-gate</i></tt></dt>
<dd>This option will cause the client to delay believing backward time steps from a broadcast server for <tt>bcpollbstep</tt> poll intervals. NTP Broadcast networks are expected to be trusted, and if the server's time gets stepped backwards then it's desireable that the clients follow this change as soon as possible. However, in spite of various protections built-in to the broadcast protocol, it is possible that an attacker could perform a carefully-constructed replay attack and cause clients to erroneously step their clocks backward. If the risk of a successful broadcast replay attack is greater than the risk of the clients being out of sync in the event that there is a backward step on the broadcast time servers, this option may be used to cause the clients to delay beliveving backward time steps until <i>poll-gate</i> consecutive polls have been received. The default is 0, which means the client will accept these steps upon receipt. Any value from 0 to 4 can be specified.</dd>
<dt><tt>beacon <i>beacon</i></tt></dt>
......
......@@ -11,7 +11,7 @@
<img src="pic/pogo8.gif" alt="gif" align="left"><a href="http://www.eecis.udel.edu/~mills/pictures.html"></a> from <i>Pogo</i>, Walt Kelly</a>
<p>Pig was hired to watch the logs.</p>
<p>Last update:
<!-- #BeginDate format:En2m -->14-Feb-2016 09:38<!-- #EndDate -->
<!-- #BeginDate format:En2m -->7-Dec-2017 10:17<!-- #EndDate -->
UTC</p>
<br clear="left">
<h4>Related Links</h4>
......@@ -341,8 +341,10 @@
the <a href="decode.html">Event Messages and Status Words</a> page.</dd>
<dt><tt>rawstats</tt></dt>
<dd>Record timestamp statistics. Each NTP packet received appends one line to
the <tt>rawstats</tt> file set:</dd>
the <tt>rawstats</tt> file set. As of ntp-4.2.8p11, each NTP packet written appends one line to the <tt>rawstats</tt> file set, as well. The format of this line is:</dd>
<dd><tt>56285 54575.160 128.4.1.1 192.168.1.5 3565350574.400229473 3565350574.442385200 3565350574.442436000 3565350575.154505763 0 4 4 1 8 -21 0.000000 0.000320 .PPS.</tt></dd>
<dd><tt>56285 54575.160 128.4.1.1 192.168.1.5 3565350574.400229473 3565350574.442385200 3565350574.442436000 3565350575.154505763 0 4 4 1 8 -21 0.000000 0.000320 .PPS. 4: 0000</tt></dd>
</tt></dd>
<dd>
<table width="100%" border="1" cellspacing="2" cellpadding="2">
<tr>
......@@ -431,9 +433,23 @@
<td>total dispersion to the primary reference clock</td>
</tr>
<tr>
<td><tt>PPS.</tt></td>
<td>IP or text</td>
<td>refid, association ID</td>
<td><tt>.PPS.</tt></td>
<td>REFID</td>
<td>system peer, association ID</td>
</tr>
<tr>
<td></td>
<td></td>
<td>If there is data beyond the base packet:</td>
</tr>
<tr>
<td><tt>4:</tt></td>
<td>Integer</td>
<td>Length, in bytes</td>
</tr>
<tr>
<td><tt>0000</tt></td>