Age | Commit message (Collapse) | Author |
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Add support for MD5 message authentication as described in RFC 5905.
This patch also supports SHA1 authentication.
The key file format is the same file format as used by ntpd.
The configuration file format follows standard Unix conventions
(# comments) with lines consist of the following fields separated by whitespace:
<key identifier, [1,65535]> <SHA1|MD5> <an ASCII string of up to 20 characters|an octet string [a-zA-F0-9] of up to 40 characters>.
https://www.ietf.org/rfc/rfc5905.txt
function old new delta
ntp_init 473 987 +514
hash - 125 +125
recv_and_process_peer_pkt 889 961 +72
packed_usage 33066 33130 +64
ntpd_main 1226 1277 +51
find_key_entry - 29 +29
add_peers 195 207 +12
recv_and_process_client_pkt 509 514 +5
------------------------------------------------------------------------------
(add/remove: 2/0 grow/shrink: 6/0 up/down: 872/0) Total: 872 bytes
Signed-off-by: Brandon P. Enochs <enochs.brandon@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Managed to make ntpd on one of my machines to be stuck getting
"root distance too high" all the time, but log is not giving me
more informatin what exactly is happening...
function old new delta
select_and_cluster 1045 1095 +50
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
On fast network, I've seen "delay:0.002000" shown for all packets,
thus completely losing information on what real delays are.
The new code is careful to not reject packets with tiny delays
if the delay "grows a lot" but is still tiny:
0.000009 is "much larger" than 0.000001 (nine times larger),
but is still very good small delay.
function old new delta
recv_and_process_peer_pkt 863 889 +26
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This means we'll start correcting frequency ~5 minutes after start,
not ~3.5 ones.
With previos settings I still often see largish ~0.7s initial offsets
only about 1/2 corrected before frequency correction kicks in,
resulting in ~200ppm "correction" which is then slowly undone.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
With ~0.9 initiall offsets, using 8 results in a bit too eager
frequency correction.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Update QoS markers.
Use DSCP AF21 for interactive traffic. DSCP is defined in RFC2474.
Many modern equipment no longer support IPTOS.
Signed-off-by: Codarren Velvindron <codarren@hackers.mu>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
update_local_clock 834 858 +24
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
In other words: try to correct initially existing clock offset first,
before assuming that our clock drifts.
function old new delta
update_local_clock 826 834 +8
ntp_init 550 557 +7
filter_datapoints 179 173 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 15/-6) Total: 9 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
ntpd_main 1197 1226 +29
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
ntpd_main 1177 1197 +20
resolve_peer_hostname 127 129 +2
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
ntpd_main 1106 1177 +71
resolve_peer_hostname 122 127 +5
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 76/0) Total: 76 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Bad case: send request to server1good.com; then try to resolve server2bad.com -
this fails, and failure takes ~5 secs; then receive server1's
response 5 seconds later. We'll never sync up in this case...
function old new delta
ntpd_main 1079 1106 +27
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
vgetopt32 1318 1392 +74
runsvdir_main 703 713 +10
bb_make_directory 423 425 +2
collect_cpu 546 545 -1
opt_chars 3 - -3
opt_complementary 4 - -4
tftpd_main 567 562 -5
ntp_init 476 471 -5
zcip_main 1266 1256 -10
xxd_main 428 418 -10
whois_main 140 130 -10
who_main 463 453 -10
which_main 212 202 -10
wget_main 2535 2525 -10
watchdog_main 291 281 -10
watch_main 222 212 -10
vlock_main 399 389 -10
uuencode_main 332 322 -10
uudecode_main 316 306 -10
unlink_main 45 35 -10
udhcpd_main 1482 1472 -10
udhcpc_main 2762 2752 -10
tune2fs_main 290 280 -10
tunctl_main 366 356 -10
truncate_main 218 208 -10
tr_main 518 508 -10
time_main 1134 1124 -10
tftp_main 286 276 -10
telnetd_main 1873 1863 -10
tcpudpsvd_main 1785 1775 -10
taskset_main 521 511 -10
tar_main 1009 999 -10
tail_main 1644 1634 -10
syslogd_main 1967 1957 -10
switch_root_main 368 358 -10
svlogd_main 1454 1444 -10
sv 1296 1286 -10
stat_main 104 94 -10
start_stop_daemon_main 1028 1018 -10
split_main 542 532 -10
sort_main 796 786 -10
slattach_main 624 614 -10
shuf_main 504 494 -10
setsid_main 96 86 -10
setserial_main 1132 1122 -10
setfont_main 388 378 -10
setconsole_main 78 68 -10
sendmail_main 1209 1199 -10
sed_main 677 667 -10
script_main 1077 1067 -10
run_parts_main 325 315 -10
rtcwake_main 454 444 -10
rm_main 175 165 -10
reformime_main 119 109 -10
readlink_main 123 113 -10
rdate_main 246 236 -10
pwdx_main 189 179 -10
pstree_main 317 307 -10
pscan_main 663 653 -10
popmaildir_main 818 808 -10
pmap_main 80 70 -10
nc_main 1042 1032 -10
mv_main 558 548 -10
mountpoint_main 477 467 -10
mount_main 1264 1254 -10
modprobe_main 768 758 -10
modinfo_main 333 323 -10
mktemp_main 200 190 -10
mkswap_main 324 314 -10
mkfs_vfat_main 1489 1479 -10
microcom_main 715 705 -10
md5_sha1_sum_main 521 511 -10
man_main 867 857 -10
makedevs_main 1052 1042 -10
ls_main 563 553 -10
losetup_main 432 422 -10
loadfont_main 89 79 -10
ln_main 524 514 -10
link_main 75 65 -10
ipcalc_main 544 534 -10
iostat_main 2397 2387 -10
install_main 768 758 -10
id_main 480 470 -10
i2cset_main 1239 1229 -10
i2cget_main 380 370 -10
i2cdump_main 1482 1472 -10
i2cdetect_main 682 672 -10
hwclock_main 406 396 -10
httpd_main 741 731 -10
grep_main 837 827 -10
getty_main 1559 1549 -10
fuser_main 297 287 -10
ftpgetput_main 345 335 -10
ftpd_main 2232 2222 -10
fstrim_main 251 241 -10
fsfreeze_main 77 67 -10
fsck_minix_main 2921 2911 -10
flock_main 314 304 -10
flashcp_main 740 730 -10
flash_eraseall_main 833 823 -10
fdformat_main 532 522 -10
expand_main 680 670 -10
eject_main 335 325 -10
dumpleases_main 630 620 -10
du_main 314 304 -10
dos2unix_main 441 431 -10
diff_main 1350 1340 -10
df_main 1064 1054 -10
date_main 1095 1085 -10
cut_main 961 951 -10
cryptpw_main 228 218 -10
crontab_main 575 565 -10
crond_main 1149 1139 -10
cp_main 370 360 -10
common_traceroute_main 3834 3824 -10
common_ping_main 1767 1757 -10
comm_main 239 229 -10
cmp_main 655 645 -10
chrt_main 379 369 -10
chpst_main 704 694 -10
chpasswd_main 308 298 -10
chown_main 171 161 -10
chmod_main 158 148 -10
cat_main 428 418 -10
bzip2_main 120 110 -10
blkdiscard_main 264 254 -10
base64_main 221 211 -10
arping_main 1665 1655 -10
ar_main 556 546 -10
adjtimex_main 406 396 -10
adduser_main 882 872 -10
addgroup_main 411 401 -10
acpid_main 1198 1188 -10
optstring 11 - -11
opt_string 18 - -18
OPT_STR 25 - -25
ubi_tools_main 1288 1258 -30
ls_options 31 - -31
------------------------------------------------------------------------------
(add/remove: 0/6 grow/shrink: 3/129 up/down: 86/-1383) Total: -1297 bytes
text data bss dec hex filename
915428 485 6876 922789 e14a5 busybox_old
914629 485 6872 921986 e1182 busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Those two spaces after tab have no effect, and always a nuisance when editing.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
By klemens <ka7@github.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This is particularly useful if hostname resolution is triggered by
host non-reachability: I saw this in real-life, without the message
it is not at all obvious that IP that we use for a specific host
has changed.
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Run the namelookup from the main loop so a misspelled first ntp server
name does not block everything forever.
This fixes the following situation which would block forever:
$ sudo ./busybox ntpd -dn -p foobar -p pool.ntp.org
ntpd: bad address 'foobar'
ntpd: bad address 'foobar'
ntpd: bad address 'foobar'
...
New behavior:
ntpd: bad address 'foobar'
ntpd: sending query to 137.190.2.4
ntpd: reply from 137.190.2.4: offset:-1.009775 delay:0.175550 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x01
ntpd: sending query to 137.190.2.4
ntpd: reply from 137.190.2.4: offset:-1.009605 delay:0.175461 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x03
ntpd: sending query to 137.190.2.4
ntpd: reply from 137.190.2.4: offset:-1.005327 delay:0.167027 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x07
ntpd: sending query to 137.190.2.4
ntpd: bad address 'foobar'
ntpd: reply from 137.190.2.4: offset:-1.046349 delay:0.248705 status:0x24 strat:1 refid:0x00535047 rootdelay:0.000000 reach:0x0f
This patch is based on Kaarle Ritvanens work.
http://lists.busybox.net/pipermail/busybox/2016-May/084197.html
function old new delta
ntpd_main 1061 1079 +18
ntp_init 556 560 +4
resolve_peer_hostname 81 75 -6
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 22/-6) Total: 16 bytes
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The busybox NTP implementation doesn't check the NTP mode of packets
received on the server port and responds to any packet with the right
size. This includes responses from another NTP server. An attacker can
send a packet with a spoofed source address in order to create an
infinite loop of responses between two busybox NTP servers. Adding
more packets to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
In many cases, this aqllows to drop use of opt_complementary.
Approximately -400 bytes:
function old new delta
getopt32 1423 1502 +79
opt_string 17 18 +1
OPT_STR 24 25 +1
uniq_main 416 406 -10
timeout_main 279 269 -10
sulogin_main 270 260 -10
readprofile_main 1825 1815 -10
ps_main 543 533 -10
pidof_main 245 235 -10
pgrep_main 611 601 -10
od_main 2600 2590 -10
mkfs_minix_main 2684 2674 -10
mkfs_ext2_main 2603 2593 -10
microcom_main 712 702 -10
makemime_main 315 305 -10
ionice_main 282 272 -10
inetd_main 2074 2064 -10
ifplugd_main 1144 1134 -10
halt_main 353 343 -10
getopt_main 636 626 -10
fdisk_main 2854 2844 -10
env_main 206 196 -10
dmesg_main 319 309 -10
conspy_main 1214 1204 -10
awk_main 981 971 -10
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 3/22 up/down: 81/-220) Total: -139 bytes
text data bss dec hex filename
919373 906 14060 934339 e41c3 busybox_old
918969 906 14060 933935 e402f busybox_unstripped
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This resolves the following use case problem:
"I start ntpd by default from /etc/init.d
There might be no working network connection (not configured properly for
whatever reason, hardware problems, whatelse).
With busybox 1.25 ntpd seems to loop forever if now NTP servers are found,
blocking the boot process and I never get a login to solve a possible pb or
to do a first time configuration."
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Some users start ntpd on boot, and don't babysit it. If it dies because
DNS is not yet up and therefore NTP servers can't be found, users are
not happy.
Example behavior with a peer name which can't be resolved:
ntpd: bad address 'qwe.rty.ghj.kl'
...5 sec...
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
ntpd: bad address 'qwe.rty.ghj.kl'
...
Based on the patch by Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
function old new delta
resolve_peer_hostname - 81 +81
ntpd_main 1130 1061 -69
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 0/1 up/down: 81/-69) Total: 12 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
ntpd_main 1053 1130 +77
add_peers 166 195 +29
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
same IP)
function old new delta
add_peers 98 166 +68
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
update_local_clock 820 826 +6
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
update_local_clock 769 820 +51
recv_and_process_peer_pkt 838 862 +24
reset_peer_stats 137 133 -4
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/1 up/down: 75/-4) Total: 71 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
setsockopt_int - 23 +23
do_load 918 934 +16
setsockopt_SOL_SOCKET_int - 14 +14
setsockopt_keepalive - 10 +10
setsockopt_SOL_SOCKET_1 - 10 +10
buffer_fill_and_print 169 178 +9
setsockopt_1 - 8 +8
nfsmount 3560 3566 +6
redirect 1277 1282 +5
tcpudpsvd_main 1782 1786 +4
d6_send_kernel_packet 272 275 +3
i2cget_main 380 382 +2
ed_main 2544 2545 +1
scan_recursive 380 378 -2
nbdclient_main 492 490 -2
hash_find 235 233 -2
cmdputs 334 332 -2
parse_command 1443 1440 -3
static.two 4 - -4
ntpd_main 1039 1035 -4
const_int_1 4 - -4
const_IPTOS_LOWDELAY 4 - -4
RCVBUF 4 - -4
ntp_init 474 469 -5
change_listen_mode 316 310 -6
uevent_main 416 409 -7
arping_main 1697 1690 -7
telnet_main 1612 1603 -9
socket_want_pktinfo 42 33 -9
setsockopt_reuseaddr 21 10 -11
setsockopt_broadcast 21 10 -11
httpd_main 772 757 -15
get_remote_transfer_fd 109 94 -15
make_new_session 503 487 -16
ftpd_main 2177 2160 -17
read_bunzip 1896 1866 -30
common_traceroute_main 4099 4058 -41
common_ping_main 1836 1783 -53
------------------------------------------------------------------------------
(add/remove: 5/4 grow/shrink: 8/21 up/down: 111/-283) Total: -172 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This patch removes stray empty line from busybox code
reported by script find_stray_empty_lines
Signed-off-by: Maninder Singh <maninder1.s@samsung.com>
Signed-off-by: Akhilesh Kumar <akhilesh.k@samsung.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
This speeds up syncing - now happens only just
two replies from a peer. Especially useful for "ntpd -q".
Shouldn't have ill effects: if we chose a bad peer,
we will discover it later and switch to another one.
The code is even smaller this way.
Suggested by Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
OpenNTPd is licensed under ISC-style license so it's good idea to keep
ntpd applet under same license to avoid mess, instead of having
our changes to be under GPL.
Names of original code's authors are added.
Signed-off-by: Adam Tkac <vonsch@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The offset to jitter ratio is now calculated before updating
jitter to make the test more sensitive.
function old new delta
ntp_init 460 474 +14
update_local_clock 752 764 +12
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 26/0) Total: 26 bytes
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
To avoid polling servers frequently slowly increase the interval up
to BIGPOLL when
- no replies are received from a peer
- no source can be selected
- peer claims to be unsynchronized (e.g. we are polling it too
frequently)
When recv() returns with an error, drop code to try to continue
on network errors: I'm not convinced those cases happen in real life.
function old new delta
recv_and_process_peer_pkt 919 838 -81
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
* on step, poll interval drops to 8.5 mins instead of 32 seconds
* on total loss of all replies (no replies from any peer
for last 8 requests), also drop poll interval to 8.5 mins
instead of 32 seconds
* on send abd recv errors, RETRY_INTERVAL is now 32 seconds,
not 5 seconds
* on timing out listening to reply, instead of unconditional
shortening poll interval by x4, clamp it to NOREPLY_INTERVAL
(512 seconds)
* if a largish offset is seen, clamp nexp poll interval
to 128 seconds, not 64 seconds
function old new delta
clamp_pollexp_and_set_MAXSTRAT - 37 +37
recv_and_process_peer_pkt 861 869 +8
poll_interval 52 48 -4
update_local_clock 762 752 -10
ntpd_main 1063 1050 -13
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 1/3 up/down: 45/-27) Total: 18 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
The burst mode needs to be stopped even when no replies are received.
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
packed_usage 29908 29947 +39
ntp_init 428 460 +32
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 2/0 up/down: 71/0) Total: 71 bytes
Signed-off-by: Nikolaus Froehlich <nikolaus@mathematik.uni-marburg.de>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
Before this cahnge, sometimes they were used after the next packet
from another peer was received, because we did updare some peer stats
from high delay packet before dropping it.
function old new delta
recv_and_process_peer_pkt 922 966 +44
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
add_peers - 98 +98
packed_usage 29470 29511 +41
ntp_init 407 428 +21
pw_encrypt 14 27 +13
------------------------------------------------------------------------------
(add/remove: 1/0 grow/shrink: 3/0 up/down: 173/0) Total: 173 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
rand() is the most standard C library function,
and on uclibc they are the same. I guess
they are the same in most todays' libc...
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|
|
function old new delta
poll_interval 57 52 -5
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
|