[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntp-bugs
Subject:    [ntp:bugs] ntp and linux (redhat)
From:       Harald Hoyer <harald () redhat ! de>
Date:       2003-02-10 14:29:23
[Download RAW message or body]

I added "restrict default ignore" to the default configuration file due 
to security issues.

ntp-4.1.1

ntp.conf:
restrict clock.corp.redhat.com mask 255.255.255.255 nomodify notrap noquery

Feb 10 15:21:15 faro ntpd[21999]: getnetnum: "clock.corp.redhat.com" 
invalid host number, line ignored

ntp_config.c:

static int
getnetnum(
         const char *num,
         struct sockaddr_in *addr,
         int complain
         )
{
        /* XXX ELIMINATE replace with decodenetnum */
         cp = num;
         netnum = 0;
         for (i = 0; i < 4; i++) {
                 bp = buf;
                 while (isdigit((int)*cp))
                         *bp++ = *cp++;
                 if (bp == buf)
--> here we go-->        break;

         if (i < 4) {
                 if (complain)
                         msyslog(LOG_ERR,
                                 "getnetnum: \"%s\" invalid host number, 
line ignored",
                                 num);

...




Btw, do you know that using "-x" with 4.1.1 and the linux kernel really sux?
See http://people.redhat.com/harald/ntpd.html for some figures..
If you start ntpd -x with a big offset, mostly the ntp daemon gets 
EINVAL for adjtimex... this can be prevented by clamping the parameters 
before calling adjtimex:

static void limit_ntp_adjtime(struct timex *tmx)
{
#include <linux/timex.h>
#define NEW_MAXTC 10

   if (tmx->freq >= MAXFREQ)
     tmx->freq = MAXFREQ-1;
   else if (tmx->freq <= -MAXFREQ)
     tmx->freq = -MAXFREQ+1;

   if (tmx->maxerror < 0)
     tmx->maxerror = 0;
   else if (tmx->maxerror >= NTP_PHASE_LIMIT)
     tmx->maxerror = NTP_PHASE_LIMIT-1;
   if (tmx->constant >= NEW_MAXTC)
     tmx->constant = NEW_MAXTC-1;

   if (tmx->offset <= - MAXPHASE)
     tmx->offset = -MAXPHASE+1;
   else if (tmx->offset >= MAXPHASE )
     tmx->offset = MAXPHASE-1;
}

If we eliminate this error, the next thing we run into frequently is:
linux/kernel/time.c:

                     mtemp = xtime.tv_sec - time_reftime;
                     time_reftime = xtime.tv_sec;
...
                         if (mtemp < MAXSEC) {
... here we want to go ...
                        } else /* calibration interval too long (p. 12) */
                                 result = TIME_ERROR;

and get TIME_ERROR...

Could one of you ntp gurus please take a look at the ntp/linux interaction?

Thx
Harald

-- 
Harald Hoyer, Software Developer   Tel. : +49-711-96437-0
Red Hat GmbH                       Fax. : +49-711-96437-111
Hauptstaetterstr. 58               Email: Harald.Hoyer@redhat.de
D-70178 Stuttgart                  Web  : http://www.redhat.de/


[prev in list] [next in list] [prev in thread] [next in thread]