From e3cd248f0dfd23ba292ab210cb976dbcff460874 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 17 Jun 2020 12:29:20 +0200 Subject: [PATCH] nts: update NTS-KE port number The port assigned by IANA for NTS-KE is 4460. --- conf.c | 3 ++- doc/chrony.conf.adoc | 4 ++-- nts_ke.h | 2 ++ srcparams.h | 2 +- test/simulation/139-nts | 10 +++++----- 5 files changed, 12 insertions(+), 9 deletions(-) diff --git a/conf.c b/conf.c index f140a68..d0f002c 100644 --- a/conf.c +++ b/conf.c @@ -33,6 +33,7 @@ #include "conf.h" #include "ntp_sources.h" #include "ntp_core.h" +#include "nts_ke.h" #include "refclock.h" #include "cmdmon.h" #include "srcparams.h" @@ -243,7 +244,7 @@ static char *nts_dump_dir = NULL; static char *nts_ntp_server = NULL; static char *nts_server_cert_file = NULL; static char *nts_server_key_file = NULL; -static int nts_server_port = 11443; +static int nts_server_port = NKE_PORT; static int nts_server_processes = 1; static int nts_server_connections = 100; static int nts_refresh = 2419200; /* 4 weeks */ diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc index b038629..0f4d74c 100644 --- a/doc/chrony.conf.adoc +++ b/doc/chrony.conf.adoc @@ -228,7 +228,7 @@ be specified. For normal servers this option should not be required (the default is 123, the standard NTP port). *ntsport* _port_::: This option specifies the TCP port on which the server is listening for NTS-KE -connections when the *nts* option is enabled. The default is 11443. +connections when the *nts* option is enabled. The default is 4460. *presend* _poll_::: If the timing measurements being made by *chronyd* are the only network data passing between two computers, you might find that some measurements are badly @@ -1472,7 +1472,7 @@ ntpsigndsocket /var/lib/samba/ntp_signd [[ntsport]]*ntsport* _port_:: This directive specifies the TCP port on which *chronyd* will provide the NTS -Key Establishment (NTS-KE) service. The default port is 11443. +Key Establishment (NTS-KE) service. The default port is 4460. + The port will be open only when a certificate and key is specified by the *ntsservercert* and *ntsserverkey* directives. diff --git a/nts_ke.h b/nts_ke.h index ed6fdc7..e7497af 100644 --- a/nts_ke.h +++ b/nts_ke.h @@ -29,6 +29,8 @@ #include "siv.h" +#define NKE_PORT 4460 + #define NKE_RECORD_CRITICAL_BIT (1U << 15) #define NKE_RECORD_END_OF_MESSAGE 0 #define NKE_RECORD_NEXT_PROTOCOL 1 diff --git a/srcparams.h b/srcparams.h index 59d8a23..5290138 100644 --- a/srcparams.h +++ b/srcparams.h @@ -76,7 +76,7 @@ typedef struct { #define SRC_DEFAULT_MINSAMPLES (-1) #define SRC_DEFAULT_MAXSAMPLES (-1) #define SRC_DEFAULT_ASYMMETRY 1.0 -#define SRC_DEFAULT_NTSPORT 11443 +#define SRC_DEFAULT_NTSPORT 4460 #define INACTIVE_AUTHKEY 0 /* Flags for source selection */ diff --git a/test/simulation/139-nts b/test/simulation/139-nts index ddfb9b2..b0d9917 100755 --- a/test/simulation/139-nts +++ b/test/simulation/139-nts @@ -46,7 +46,7 @@ check_sync || test_fail check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail -check_file_messages " 2 1 .* 11443 " 260 300 log.packets || test_fail +check_file_messages " 2 1 .* 4460 " 260 300 log.packets || test_fail check_file_messages "." 6 6 ntskeys || test_fail rm -f tmp/measurements.log @@ -61,7 +61,7 @@ check_sync || test_fail check_file_messages "20.*123\.1.* 111 111 1111" 99 103 measurements.log || test_fail check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail -check_file_messages " 2 1 .* 11443 " 350 390 log.packets || test_fail +check_file_messages " 2 1 .* 4460 " 350 390 log.packets || test_fail check_file_messages "." 6 6 ntskeys || test_fail check_file_messages "." 11 12 192.168.123.1.nts || test_fail rm -f tmp/measurements.log @@ -80,8 +80,8 @@ check_sync || test_fail check_file_messages "20.*123\.1.* 111 111 1111" 150 160 measurements.log || test_fail check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail -check_file_messages " 2 1 .* 11443 " 6 10 log.packets || test_fail -check_file_messages "^9\.......e+03 2 1 .* 11443 " 6 10 log.packets || test_fail +check_file_messages " 2 1 .* 4460 " 6 10 log.packets || test_fail +check_file_messages "^9\.......e+03 2 1 .* 4460 " 6 10 log.packets || test_fail check_file_messages "." 6 6 ntskeys || test_fail check_file_messages "." 11 12 192.168.123.1.nts || test_fail rm -f tmp/measurements.log @@ -95,6 +95,6 @@ check_source_selection && test_fail check_sync && test_fail check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail -check_file_messages " 2 1 .* 11443 " 10 20 log.packets || test_fail +check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail test_pass