Advanced NTP client and server
dba458d50c
To prevent an attacker using chronyd in an amplification attack, change the protocol to include padding in request packets so that the largest possible reply is not larger than the request. Request packets that don't include this padding are ignored as invalid. This is an incompatible change in the protocol. Clients from chrony 1.27, 1.28 and 1.29 will receive NULL reply with STT_BADPKTVERSION and print "Protocol version mismatch". Clients from 1.26 and older will not receive a reply as it would be larger than the request if it was padded to be compatible with their protocol. |
||
|---|---|---|
| contrib | ||
| examples | ||
| .gitignore | ||
| acquire.c | ||
| acquire.h | ||
| addressing.h | ||
| addrfilt.c | ||
| addrfilt.h | ||
| broadcast.c | ||
| broadcast.h | ||
| candm.h | ||
| chrony.1 | ||
| chrony.conf.5.in | ||
| chrony.spec.sample | ||
| chrony.texi.in | ||
| chrony_timex.h | ||
| chronyc.1.in | ||
| chronyd.8.in | ||
| client.c | ||
| clientlog.c | ||
| clientlog.h | ||
| cmdmon.c | ||
| cmdmon.h | ||
| cmdparse.c | ||
| cmdparse.h | ||
| conf.c | ||
| conf.h | ||
| configure | ||
| COPYING | ||
| faq.txt | ||
| faqgen.pl | ||
| getdate.c | ||
| getdate.h | ||
| getdate.y | ||
| hash.h | ||
| hash_intmd5.c | ||
| hash_nss.c | ||
| hash_tomcrypt.c | ||
| INSTALL | ||
| keys.c | ||
| keys.h | ||
| local.c | ||
| local.h | ||
| localp.h | ||
| logging.c | ||
| logging.h | ||
| main.c | ||
| main.h | ||
| make_release | ||
| Makefile.in | ||
| manual.c | ||
| manual.h | ||
| md5.c | ||
| md5.h | ||
| memory.h | ||
| mkdirpp.c | ||
| mkdirpp.h | ||
| nameserv.c | ||
| nameserv.h | ||
| NEWS | ||
| ntp.h | ||
| ntp_core.c | ||
| ntp_core.h | ||
| ntp_io.c | ||
| ntp_io.h | ||
| ntp_sources.c | ||
| ntp_sources.h | ||
| pktlength.c | ||
| pktlength.h | ||
| README | ||
| refclock.c | ||
| refclock.h | ||
| refclock_pps.c | ||
| refclock_shm.c | ||
| refclock_sock.c | ||
| reference.c | ||
| reference.h | ||
| regress.c | ||
| regress.h | ||
| reports.h | ||
| rtc.c | ||
| rtc.h | ||
| rtc_linux.c | ||
| rtc_linux.h | ||
| sched.c | ||
| sched.h | ||
| sources.c | ||
| sources.h | ||
| sourcestats.c | ||
| sourcestats.h | ||
| srcparams.h | ||
| strerror.c | ||
| sys.c | ||
| sys.h | ||
| sys_linux.c | ||
| sys_linux.h | ||
| sys_netbsd.c | ||
| sys_netbsd.h | ||
| sys_solaris.c | ||
| sys_solaris.h | ||
| sys_sunos.c | ||
| sys_sunos.h | ||
| sysincl.h | ||
| tempcomp.c | ||
| tempcomp.h | ||
| util.c | ||
| util.h | ||
| wrap_adjtimex.c | ||
| wrap_adjtimex.h | ||
This is the README for chrony.
What is chrony?
===============
Chrony is a pair of programs for maintaining the accuracy of computer
clocks.
chronyd is a (background) daemon program that can be started at boot
time. This does most of the work.
chronyc is a command-line interface program which can be used to
monitor chronyd's performance and to change various operating
parameters whilst it is running.
chronyd's main function is to obtain measurements of the true (UTC)
time from one of several sources, and correct the system clock
accordingly. It also works out the rate at which the system clock
gains or loses time and uses this information to keep it accurate
between measurements from the reference.
The reference time can be derived from Network Time Protocol (NTP)
servers, reference clocks, or wristwatch-and-keyboard (via chronyc).
The main source of information about the Network Time Protocol is
http://www.ntp.org.
It is designed so that it can work on computers which only have
intermittent access to reference sources, for example computers which
use a dial-up account to access the Internet or laptops. Of course, it
will work well on computers with permanent connections too.
In addition, on Linux it can monitor the system's real time clock
performance, so the system can maintain accurate time even across
reboots.
Typical accuracies available between 2 machines are
On an ethernet LAN : 100-200 microseconds, often much better
On a V32bis dial-up modem connection : 10's of milliseconds (from one
session to the next)
With a good reference clock the accuracy can reach one microsecond.
chronyd can also operate as an RFC1305-compatible NTP server and peer.
What will chrony run on?
========================
Chrony can be successfully built and run on
1. Linux 2.2.x, 2.3.x, 2.4.x, 2.6.x, 3.x
2. Solaris 2.5/2.5.1/2.6/2.7/2.8 (various platforms)
3. SunOS 4.1.4 (Sparc 2 and Sparc 20)
4. BSD/386 v1.1 has been reported to work using the SunOS 4.1 driver.
5. NetBSD.
Any other system will require a porting exercise. You would need to
start from one of the existing system-specific drivers and look into
the quirks of certain system calls and the kernel on your target
system. (This is described in the manual).
How do I set it up?
===================
The file INSTALL gives instructions. On supported systems the
compilation process should be automatic.
You will need an ANSI C compiler -- gcc is recommended.
The manual (in texinfo and text formats) describes how to set the
software up for the less straightforward cases.
What documentation is there?
============================
A manual is supplied in Texinfo format (chrony.texi) and
ready-formatted plain text (chrony.txt) in the distribution.
There is also information available on the chrony web pages, accessible
through the URL
http://chrony.tuxfamily.org/
Where are new versions announced?
=================================
There is a low volume mailing list where new versions and other
important news relating to chrony is announced. You can join this list
by sending mail with the subject "subscribe" to
chrony-announce-request@chrony.tuxfamily.org
These messages will be copied to chrony-users (see below). New versions
are announced also on Freshmeat (http://freshmeat.net/).
How can I get support for chrony?
and where can I discuss new features, possible bugs etc?
========================================================
There are 3 mailing lists relating to chrony. chrony-announce was
mentioned above. chrony-users is a users' discussion list, e.g. for
general questions and answers about using chrony. chrony-dev is a more
technical list, e.g. for discussing how new features should be
implemented, exchange of information between developers etc. To
subscribe to either of these lists, send a message with the subject
"subscribe" to
chrony-users-request@chrony.tuxfamily.org
or
chrony-dev-request@chrony.tuxfamily.org
as applicable.
Author
======
Richard P. Curnow <rc@rc0.org.uk>
Maintainers
===========
John Hasler <john@dhh.gt.org>
Miroslav Lichvar <mlichvar@redhat.com>
Acknowledgements
================
The following people have provided patches and other major contributions
to the program :
Benny Lyne Amorsen <benny@amorsen.dk>
Patch to add minstratum option
Andrew Bishop <amb@gedanken.demon.co.uk>
Fixes for bugs in logging when in daemon mode
Fixes for compiler warnings
Robustness improvements for drift file
Improve installation (directory checking etc)
Entries in contrib directory
Improvements to 'sources' and 'sourcestats' output from chronyc
Improvements to documentation
Investigation of required dosynctodr behaviour for various Solaris
versions.
Stephan I. Boettcher <stephan@nevis1.columbia.edu>
Entries in contrib directory
Erik Bryer <ebryer@spots.ab.ca>
Entries in contrib directory
Juliusz Chroboczek <jch@pps.jussieu.fr>
Fix install rule in Makefile if chronyd file is in use.
Paul Elliott <pelliott@io.com>
DNSchrony (in contrib directory), a tool for handling NTP servers
with variable IP addresses.
Mike Fleetwood <mike@rockover.demon.co.uk>
Fixes for compiler warnings
Alexander Gretencord <arutha@gmx.de>
Changes to installation directory system to make it easier for
package builders.
Walter Haidinger <walter.haidinger@gmx.at>
Providing me with login access to a Linux installation where v1.12
wouldn't compile, so I could develop the fixes for v1.13. Also, for
providing the disc space so I can keep an independent backup of the
sources.
Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
Port to NetBSD
John Hasler <john@dhh.gt.org>
Changes to support 64 bit machines (i.e. those where
sizeof(unsigned long) > 4)
Bug fix to initstepslew directive
Fix to remove potential buffer overrun errors.
Memory locking and real-time scheduler support
Fix fault where chronyd enters an endless loop
Liam Hatton <me@liamhatton.com>
Advice on configuring for Linux on PPC
Jachym Holecek <jakym@volny.cz>
Patch to make Linux real time clock work with devfs
Håkan Johansson <f96hajo@chalmers.se>
Patch to avoid large values in sources and sourcestats output
Jim Knoble <jmknoble@pobox.com>
Fixes for compiler warnings
Antti Jrvinen <costello@iki.fi>
Advice on configuring for BSD/386
Miroslav Lichvar <mlichvar@redhat.com>
Reference clock support
IPv6 support
Linux capabilities support
Leap second support
Improved source selection
Improved sample history trimming
Improved polling interval adjustment
Improved stability with temporary asymmetric delays
Temperature compensation
Many other bug fixes and improvements
Victor Moroz <vim@prv.adlum.ru>
Patch to support Linux with HZ!=100
Kalle Olavi Niemitalo <tosi@stekt.oulu.fi>
acquisitionport support
Frank Otto <sandwichmacher@web.de>
Handling arbitrary HZ values
Andreas Piesk <apiesk@virbus.de>
Patch to make chronyc use the readline library if available
Timo Teras <timo.teras@iki.fi>
Patch to reply correctly on multihomed hosts
Wolfgang Weisselberg <weissel@netcologne.de>
Entries in contrib directory
Ralf Wildenhues <Ralf.Wildenhues@gmx.de>
Many robustness and security improvements
Ulrich Windl <ulrich.windl@rz.uni-regensburg.de> for the
Providing me with information about the Linux 2.2 kernel
functionality compared to 2.0.
Doug Woodward <dougw@whistler.com>
Advice on configuring for Solaris 2.8 on x86
Many other people have contributed bug reports and suggestions. I'm
sorry I can't identify all of you individually.