nts: update NTS-KE port number

The port assigned by IANA for NTS-KE is 4460.

conf.c

@@ -33,6 +33,7 @@
 #include "conf.h"
 #include "ntp_sources.h"
 #include "ntp_core.h"
+#include "nts_ke.h"
 #include "refclock.h"
 #include "cmdmon.h"
 #include "srcparams.h"
@@ -243,7 +244,7 @@ static char *nts_dump_dir = NULL;
 static char *nts_ntp_server = NULL;
 static char *nts_server_cert_file = NULL;
 static char *nts_server_key_file = NULL;
-static int nts_server_port = 11443;
+static int nts_server_port = NKE_PORT;
 static int nts_server_processes = 1;
 static int nts_server_connections = 100;
 static int nts_refresh = 2419200; /* 4 weeks */

doc/chrony.conf.adoc

@@ -228,7 +228,7 @@ be specified. For normal servers this option should not be required (the
 default is 123, the standard NTP port).
 *ntsport* _port_:::
 This option specifies the TCP port on which the server is listening for NTS-KE
-connections when the *nts* option is enabled. The default is 11443.
+connections when the *nts* option is enabled. The default is 4460.
 *presend* _poll_:::
 If the timing measurements being made by *chronyd* are the only network data
 passing between two computers, you might find that some measurements are badly
@@ -1472,7 +1472,7 @@ ntpsigndsocket /var/lib/samba/ntp_signd
 
 [[ntsport]]*ntsport* _port_::
 This directive specifies the TCP port on which *chronyd* will provide the NTS
-Key Establishment (NTS-KE) service. The default port is 11443.
+Key Establishment (NTS-KE) service. The default port is 4460.
 +
 The port will be open only when a certificate and key is specified by the
 *ntsservercert* and *ntsserverkey* directives.

nts_ke.h

@@ -29,6 +29,8 @@
 
 #include "siv.h"
 
+#define NKE_PORT                        4460
+
 #define NKE_RECORD_CRITICAL_BIT         (1U << 15)
 #define NKE_RECORD_END_OF_MESSAGE       0
 #define NKE_RECORD_NEXT_PROTOCOL        1

srcparams.h

@@ -76,7 +76,7 @@ typedef struct {
 #define SRC_DEFAULT_MINSAMPLES (-1)
 #define SRC_DEFAULT_MAXSAMPLES (-1)
 #define SRC_DEFAULT_ASYMMETRY 1.0
-#define SRC_DEFAULT_NTSPORT 11443
+#define SRC_DEFAULT_NTSPORT 4460
 #define INACTIVE_AUTHKEY 0
 
 /* Flags for source selection */

test/simulation/139-nts

@@ -46,7 +46,7 @@ check_sync || test_fail
 
 check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail
 check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail
-check_file_messages "	2	1	.*	11443	" 260 300 log.packets || test_fail
+check_file_messages "	2	1	.*	4460	" 260 300 log.packets || test_fail
 check_file_messages "." 6 6 ntskeys || test_fail
 rm -f tmp/measurements.log
 
@@ -61,7 +61,7 @@ check_sync || test_fail
 
 check_file_messages "20.*123\.1.* 111 111 1111" 99 103 measurements.log || test_fail
 check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
-check_file_messages "	2	1	.*	11443	" 350 390 log.packets || test_fail
+check_file_messages "	2	1	.*	4460	" 350 390 log.packets || test_fail
 check_file_messages "." 6 6 ntskeys || test_fail
 check_file_messages "." 11 12 192.168.123.1.nts || test_fail
 rm -f tmp/measurements.log
@@ -80,8 +80,8 @@ check_sync || test_fail
 
 check_file_messages "20.*123\.1.* 111 111 1111" 150 160 measurements.log || test_fail
 check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
-check_file_messages "	2	1	.*	11443	" 6 10 log.packets || test_fail
+check_file_messages "	2	1	.*	4460	" 6 10 log.packets || test_fail
-check_file_messages "^9\.......e+03	2	1	.*	11443	" 6 10 log.packets || test_fail
+check_file_messages "^9\.......e+03	2	1	.*	4460	" 6 10 log.packets || test_fail
 check_file_messages "." 6 6 ntskeys || test_fail
 check_file_messages "." 11 12 192.168.123.1.nts || test_fail
 rm -f tmp/measurements.log
@@ -95,6 +95,6 @@ check_source_selection && test_fail
 check_sync && test_fail
 
 check_file_messages "	2	1	.*	123	" 0 0 log.packets || test_fail
-check_file_messages "	2	1	.*	11443	" 10 20 log.packets || test_fail
+check_file_messages "	2	1	.*	4460	" 10 20 log.packets || test_fail
 
 test_pass