faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
833 commits 8 branches 75 tags 4.3 MiB
Commit graph

833 commits

This branch
This branch
All branches
Author SHA1 Message Date
Miroslav Lichvar
0094128ca6 sources: split source selection from sample accumulation 
This will allow postponing source selection and reference update, which
could be useful in burst modes.
 2014-04-08 17:00:47 +02:00
Miroslav Lichvar
de5178575f git: update .gitignore 2014-04-08 17:00:47 +02:00
Miroslav Lichvar
9eac078c18 test: add missing run script 2014-04-08 17:00:47 +02:00
Miroslav Lichvar
05c5445fe2 conf: add bindacqaddress directive for client sockets 2014-04-03 15:47:32 +02:00
Miroslav Lichvar
f9d8b6f99e ntp: set only necessary socket options on client sockets 2014-04-03 13:36:25 +02:00
Miroslav Lichvar
597a37d66e test: add 112-port 2014-03-26 12:24:36 +01:00
Miroslav Lichvar
73e4986866 ntp: fix comment on NCR_ProcessUnknown 2014-03-26 11:24:25 +01:00
Miroslav Lichvar
91e74c704b ntp: accept packets from unknown sources only from server sockets 2014-03-26 11:18:18 +01:00
Miroslav Lichvar
727bf195d1 test: update for latest clknetsim 
Latest clknetsim now allows source and destination port numbers to
differ. This fixes the tests to work with the recent changes that added
client NTP sockets.
 2014-03-25 17:33:55 +01:00
Miroslav Lichvar
b13836e9cc ntp: don't create server sockets if port is configured to 0 2014-03-25 15:27:18 +01:00
Miroslav Lichvar
cf12d72f21 ntp: use separate connected sockets for each server 
If acquisitionport is set to 0 (default), create and connect a new
socket for each server instead of using one socket per address family
for all servers.
 2014-03-25 15:27:18 +01:00
Miroslav Lichvar
5c2bbaca3b ntp: use separate client sockets 
Use separate sockets for NTP server or peer and client packets. The port
number is configured by the acquisitionport directive. With the default
value of 0 the port is assigned randomly by the kernel. It can be equal
to the value configured by the port directive to use the server sockets
for all packets as before.
 2014-03-25 15:25:23 +01:00
Miroslav Lichvar
b717904f9e ntp: don't try to bind acquire socket if port is equal to ntp port 2014-03-25 15:24:38 +01:00
Miroslav Lichvar
f2c4ab09a8 ntp: check if packet was received by right socket 2014-03-25 15:24:38 +01:00
Miroslav Lichvar
9a657cd4a3 ntp: store socket in NTP instance 
This is preparation for separate client sockets.
 2014-03-25 15:22:59 +01:00
Miroslav Lichvar
308de81221 ntp: split local_ip_addr from NTP_Remote_Address struct 2014-03-25 11:34:35 +01:00
Miroslav Lichvar
6823109cfb ntp: set invalid socket fd by macro 2014-03-25 11:34:31 +01:00
Miroslav Lichvar
a02149cf65 doc: improve commandkey and keyfile descriptions 2014-03-21 15:49:00 +01:00
Miroslav Lichvar
7aa4bbf621 ntp: set minpoll from received KoD RATE at most to 10 
Limit changing minpoll to a reasonable maximum in case the server is
broken or temporarily misconfigured.
 2014-03-21 15:32:14 +01:00
Miroslav Lichvar
5afddad0d2 ntp: print warning when source is added with unknown key 2014-03-21 14:36:51 +01:00
Miroslav Lichvar
0380cf0c76 ntp: reset negative minpoll or maxpoll to default values 2014-03-21 13:25:14 +01:00
Miroslav Lichvar
6c2a1e62e0 cmdparse: don't allow NTP key ID of 0 
Key number 0 is used as inactive key, prevent the user from
inadvertently not using authentication.
 2014-03-21 13:20:37 +01:00
Miroslav Lichvar
6560628209 test: add 111-knownclient 2014-03-21 13:20:36 +01:00
Miroslav Lichvar
3cc81376a6 test: add port number check 2014-03-21 13:20:36 +01:00
Miroslav Lichvar
8d02e5f680 ntp: make use of NCR_ProcessUnknown in NCR_ProcessKnown 
After recent changes the code in NCR_ProcessKnown is now identical and
can be replaced with NCR_ProcessUnknown call.
 2014-03-21 13:20:34 +01:00
Miroslav Lichvar
f9e2213afd ntp: don't store tx time stamp when replying to known source 2014-03-21 13:20:31 +01:00
Miroslav Lichvar
8b362ba3e7 ntp: don't reply to known source if missing key or invalid auth 
This is now similar to replying to unknown sources.
 2014-03-21 13:20:29 +01:00
Miroslav Lichvar
eecec8fffa test: extend 105-ntpauth 2014-03-21 13:20:29 +01:00
Miroslav Lichvar
a26058d425 ntp: don't send requests with unknown key 
There is no point in sending a request if the configured key is missing.
A reply would be ignored anyway.
 2014-03-21 13:20:27 +01:00
Miroslav Lichvar
c14b81f3a9 ntp: remove unnecessary KEY_KeyKnown calls 2014-03-21 13:20:25 +01:00
Miroslav Lichvar
0059a43254 keys: don't cache position for unknown keys 2014-03-21 13:20:24 +01:00
Miroslav Lichvar
7dd3cc354d client: print positive signed freq and offset values with sign 2014-03-21 13:20:24 +01:00
Miroslav Lichvar
ce34aa0763 test: make 110-chronyc more tolerant 2014-03-21 13:20:24 +01:00
Miroslav Lichvar
7a512ad9c3 tempcomp: print warning message on error 2014-03-21 13:20:24 +01:00
Miroslav Lichvar
0a56c0e8c1 tempcomp: use macro to set maximum allowed compensation 2014-03-21 13:20:24 +01:00
Miroslav Lichvar
0b71504ee9 sourcestats: fix signedness in scanf format 2014-03-21 13:20:24 +01:00
Miroslav Lichvar
9479c6451e makefile: improve check rule 2014-03-21 13:20:20 +01:00
Miroslav Lichvar
115e83f3aa Add simulation tests 
Use clknetsim to run multiple chronyd instances with simulated clocks
and network. It allows fast and reproducible testing, without real
network.

Included are several tests of performance in different clock/network
conditions, chronyd options, NTP authentication, chronyc, and past bug
fixes.
 2014-02-27 18:34:52 +01:00
Miroslav Lichvar
ea526b96dd configure: suppress pkg-config errors 2014-02-05 08:53:15 +01:00
Miroslav Lichvar
726cf84e19 Check array index before reading 2014-02-04 16:02:21 +01:00
Miroslav Lichvar
dc8a46363f Merge branch '1.29-security' 2014-01-31 17:06:08 +01:00
Miroslav Lichvar
916ca7ab86 make_release: set owner and group in released tarball to root 2014-01-31 13:37:55 +01:00
Miroslav Lichvar
be036ed58a make_release: remove config.log and config.h 2014-01-31 13:37:52 +01:00
Miroslav Lichvar
2afdd4544d Update NEWS 2014-01-31 13:12:59 +01:00
Miroslav Lichvar
c4e61835d3 Update faq.txt 2014-01-30 15:59:45 +01:00
Miroslav Lichvar
e15ce69d08 Send cmdmon error replies only to allowed hosts 
The status codes STT_BADPKTVERSION, STT_BADPKTLENGTH, STT_NOHOSTACCESS
were sent even to hosts that were not allowed by cmdallow. Deprecate
STT_NOHOSTACCESS and ignore packets from hosts not allowed by cmdallow
completely.
 2014-01-30 15:59:45 +01:00
Miroslav Lichvar
d537ed11fd Support previous protocol version in chronyc 
This adds compatibility with chronyd using the previous protocol version
(chrony versions 1.27, 1.28, 1.29).
 2014-01-30 15:59:45 +01:00
Miroslav Lichvar
dba458d50c Add padding to cmdmon requests to prevent amplification attack 
To prevent an attacker using chronyd in an amplification attack, change
the protocol to include padding in request packets so that the largest
possible reply is not larger than the request. Request packets that
don't include this padding are ignored as invalid.

This is an incompatible change in the protocol. Clients from chrony
1.27, 1.28 and 1.29 will receive NULL reply with STT_BADPKTVERSION and
print "Protocol version mismatch". Clients from 1.26 and older will not
receive a reply as it would be larger than the request if it was padded
to be compatible with their protocol.
 2014-01-30 15:59:45 +01:00
Miroslav Lichvar
3e23430926 Set maximum number of samples in manual list reply to 16 
In chronyd the maximum number of manual samples is 16, so there is no
need to keep room for 32 samples in the command reply. This limits the
maximum assumed size of the reply packet.
 2014-01-30 15:59:45 +01:00
Miroslav Lichvar
3f507b782c Replace number and total fields in cmdmon reply packet with padding 
They were not used for anything and there is no plan to change that.
 2014-01-24 16:53:32 +01:00