[prev in list] [next in list] [prev in thread] [next in thread]
List: ntp-bugs
Subject: [ntp:bugs] ntp and linux (redhat)
From: Harald Hoyer <harald () redhat ! de>
Date: 2003-02-10 14:29:23
[Download RAW message or body]
I added "restrict default ignore" to the default configuration file due
to security issues.
ntp-4.1.1
ntp.conf:
restrict clock.corp.redhat.com mask 255.255.255.255 nomodify notrap noquery
Feb 10 15:21:15 faro ntpd[21999]: getnetnum: "clock.corp.redhat.com"
invalid host number, line ignored
ntp_config.c:
static int
getnetnum(
const char *num,
struct sockaddr_in *addr,
int complain
)
{
/* XXX ELIMINATE replace with decodenetnum */
cp = num;
netnum = 0;
for (i = 0; i < 4; i++) {
bp = buf;
while (isdigit((int)*cp))
*bp++ = *cp++;
if (bp == buf)
--> here we go--> break;
if (i < 4) {
if (complain)
msyslog(LOG_ERR,
"getnetnum: \"%s\" invalid host number,
line ignored",
num);
...
Btw, do you know that using "-x" with 4.1.1 and the linux kernel really sux?
See http://people.redhat.com/harald/ntpd.html for some figures..
If you start ntpd -x with a big offset, mostly the ntp daemon gets
EINVAL for adjtimex... this can be prevented by clamping the parameters
before calling adjtimex:
static void limit_ntp_adjtime(struct timex *tmx)
{
#include <linux/timex.h>
#define NEW_MAXTC 10
if (tmx->freq >= MAXFREQ)
tmx->freq = MAXFREQ-1;
else if (tmx->freq <= -MAXFREQ)
tmx->freq = -MAXFREQ+1;
if (tmx->maxerror < 0)
tmx->maxerror = 0;
else if (tmx->maxerror >= NTP_PHASE_LIMIT)
tmx->maxerror = NTP_PHASE_LIMIT-1;
if (tmx->constant >= NEW_MAXTC)
tmx->constant = NEW_MAXTC-1;
if (tmx->offset <= - MAXPHASE)
tmx->offset = -MAXPHASE+1;
else if (tmx->offset >= MAXPHASE )
tmx->offset = MAXPHASE-1;
}
If we eliminate this error, the next thing we run into frequently is:
linux/kernel/time.c:
mtemp = xtime.tv_sec - time_reftime;
time_reftime = xtime.tv_sec;
...
if (mtemp < MAXSEC) {
... here we want to go ...
} else /* calibration interval too long (p. 12) */
result = TIME_ERROR;
and get TIME_ERROR...
Could one of you ntp gurus please take a look at the ntp/linux interaction?
Thx
Harald
--
Harald Hoyer, Software Developer Tel. : +49-711-96437-0
Red Hat GmbH Fax. : +49-711-96437-111
Hauptstaetterstr. 58 Email: Harald.Hoyer@redhat.de
D-70178 Stuttgart Web : http://www.redhat.de/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic