diff options
author | Vincent Blut <vincent.debian@free.fr> | 2017-01-06 13:58:10 +0100 |
---|---|---|
committer | Vincent Blut <vincent.debian@free.fr> | 2017-01-06 13:58:10 +0100 |
commit | 25a9fb1b27d1abcd5bd158a932da44bedc4b7cc7 (patch) | |
tree | 0e7c10cdfdb68014d5f1b540f01703b2ed3f2592 | |
parent | 54852321ce09def86566637aaa945254b28e08a0 (diff) |
New upstream version 3.0-pre3
-rw-r--r-- | FAQ | 2 | ||||
-rw-r--r-- | INSTALL | 2 | ||||
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | client.c | 7 | ||||
-rw-r--r-- | clientlog.c | 34 | ||||
-rw-r--r-- | conf.c | 94 | ||||
-rw-r--r-- | conf.h | 7 | ||||
-rw-r--r-- | doc/chrony.conf.adoc | 101 | ||||
-rw-r--r-- | doc/chrony.conf.man.in | 113 | ||||
-rw-r--r-- | doc/chronyc.adoc | 2 | ||||
-rw-r--r-- | doc/chronyc.man.in | 6 | ||||
-rw-r--r-- | doc/chronyd.man.in | 4 | ||||
-rw-r--r-- | examples/chrony.spec | 2 | ||||
-rw-r--r-- | hwclock.c | 8 | ||||
-rw-r--r-- | ntp_core.c | 16 | ||||
-rw-r--r-- | ntp_io.c | 8 | ||||
-rw-r--r-- | ntp_io_linux.c | 71 | ||||
-rw-r--r-- | sources.c | 5 | ||||
-rw-r--r-- | version.txt | 2 |
19 files changed, 317 insertions, 170 deletions
@@ -423,4 +423,4 @@ needs to be made to work as a service. We have no plans to do this. Anyone is welcome to pick this work up and contribute it back to the project. -Last updated 2016-12-15 13:47:41 CET +Last updated 2017-01-06 13:12:19 CET @@ -147,4 +147,4 @@ tar cvf - . | gzip -9 > chrony.tar.gz to build a package. When untarred within the root directory, this will install the files to the intended final locations. -Last updated 2016-12-15 13:47:41 CET +Last updated 2017-01-06 13:12:19 CET @@ -16,8 +16,7 @@ Enhancements * Add -t option to chronyd to exit after specified time * Add partial protection against replay attacks on symmetric mode * Don't reset polling interval when switching sources to online state -* Enable NTP response rate limiting by default - (1024 packets per second per IP address and 25% leak) +* Allow rate limiting with very short intervals * Improve maximum server throughput on Linux and NetBSD * Remove dump files after start * Add tab-completion to chronyc with libedit/readline @@ -2301,7 +2301,7 @@ process_cmd_ntpdata(char *line) "Precision : %d (%.9f seconds)\n" "Root delay : %.6f seconds\n" "Root dispersion : %.6f seconds\n" - "Reference ID : %R\n" + "Reference ID : %R (%s)\n" "Reference time : %T\n" "Offset : %+.9f seconds\n" "Peer delay : %.9f seconds\n" @@ -2325,7 +2325,10 @@ process_cmd_ntpdata(char *line) reply.data.ntp_data.precision, UTI_Log2ToDouble(reply.data.ntp_data.precision), UTI_FloatNetworkToHost(reply.data.ntp_data.root_delay), UTI_FloatNetworkToHost(reply.data.ntp_data.root_dispersion), - (unsigned long)ntohl(reply.data.ntp_data.ref_id), &ref_time, + (unsigned long)ntohl(reply.data.ntp_data.ref_id), + reply.data.ntp_data.stratum <= 1 ? + UTI_RefidToString(ntohl(reply.data.ntp_data.ref_id)) : "", + &ref_time, UTI_FloatNetworkToHost(reply.data.ntp_data.offset), UTI_FloatNetworkToHost(reply.data.ntp_data.peer_delay), UTI_FloatNetworkToHost(reply.data.ntp_data.peer_dispersion), diff --git a/clientlog.c b/clientlog.c index 6f68532..0ace6d6 100644 --- a/clientlog.c +++ b/clientlog.c @@ -119,7 +119,7 @@ static int cmd_token_shift; prevent an attacker sending requests with spoofed source address from blocking responses to the address completely. */ -#define MIN_LEAK_RATE 0 +#define MIN_LEAK_RATE 1 #define MAX_LEAK_RATE 4 static int ntp_leak_rate; @@ -305,19 +305,29 @@ CLG_Initialise(void) { int interval, burst, leak_rate; - CNF_GetNTPRateLimit(&interval, &burst, &leak_rate); - set_bucket_params(interval, burst, &max_ntp_tokens, &ntp_tokens_per_packet, - &ntp_token_shift); - ntp_leak_rate = CLAMP(MIN_LEAK_RATE, leak_rate, MAX_LEAK_RATE); + max_ntp_tokens = max_cmd_tokens = 0; + ntp_tokens_per_packet = cmd_tokens_per_packet = 0; + ntp_token_shift = cmd_token_shift = 0; + ntp_leak_rate = cmd_leak_rate = 0; - CNF_GetCommandRateLimit(&interval, &burst, &leak_rate); - set_bucket_params(interval, burst, &max_cmd_tokens, &cmd_tokens_per_packet, - &cmd_token_shift); - cmd_leak_rate = CLAMP(MIN_LEAK_RATE, leak_rate, MAX_LEAK_RATE); + if (CNF_GetNTPRateLimit(&interval, &burst, &leak_rate)) { + set_bucket_params(interval, burst, &max_ntp_tokens, &ntp_tokens_per_packet, + &ntp_token_shift); + ntp_leak_rate = CLAMP(MIN_LEAK_RATE, leak_rate, MAX_LEAK_RATE); + } + + if (CNF_GetCommandRateLimit(&interval, &burst, &leak_rate)) { + set_bucket_params(interval, burst, &max_cmd_tokens, &cmd_tokens_per_packet, + &cmd_token_shift); + cmd_leak_rate = CLAMP(MIN_LEAK_RATE, leak_rate, MAX_LEAK_RATE); + } active = !CNF_GetNoClientLog(); - if (!active) + if (!active) { + if (ntp_leak_rate || cmd_leak_rate) + LOG_FATAL(LOGF_ClientLog, "ratelimit cannot be used with noclientlog"); return; + } /* Calculate the maximum number of slots that can be allocated in the configured memory limit. Take into account expanding of the hash @@ -520,7 +530,7 @@ CLG_LimitNTPResponseRate(int index) Record *record; int drop; - if (!ntp_leak_rate) + if (!ntp_tokens_per_packet) return 0; record = ARR_GetElement(records, index); @@ -561,7 +571,7 @@ CLG_LimitCommandResponseRate(int index) { Record *record; - if (!cmd_leak_rate) + if (!cmd_tokens_per_packet) return 0; record = ARR_GetElement(records, index); @@ -66,7 +66,8 @@ static void parse_log(char *); static void parse_mailonchange(char *); static void parse_makestep(char *); static void parse_maxchange(char *); -static void parse_ratelimit(char *line, int *interval, int *burst, int *leak); +static void parse_ratelimit(char *line, int *enabled, int *interval, + int *burst, int *leak); static void parse_refclock(char *); static void parse_smoothtime(char *); static void parse_source(char *line, NTP_Source_Type type, int pool); @@ -190,12 +191,14 @@ static char *ntp_signd_socket = NULL; static char *pidfile; /* Rate limiting parameters */ -static int ntp_ratelimit_interval = -10; -static int ntp_ratelimit_burst = 16; +static int ntp_ratelimit_enabled = 0; +static int ntp_ratelimit_interval = 3; +static int ntp_ratelimit_burst = 8; static int ntp_ratelimit_leak = 2; -static int cmd_ratelimit_interval = -10; -static int cmd_ratelimit_burst = 16; -static int cmd_ratelimit_leak = 0; +static int cmd_ratelimit_enabled = 0; +static int cmd_ratelimit_interval = -4; +static int cmd_ratelimit_burst = 8; +static int cmd_ratelimit_leak = 2; /* Smoothing constants */ static double smooth_max_freq = 0.0; /* in ppm */ @@ -220,7 +223,13 @@ static char *leapsec_tz = NULL; /* Name of the user to which will be dropped root privileges. */ static char *user; -/* Array of strings for interfaces with HW timestamping */ +typedef struct { + char *name; + double tx_comp; + double rx_comp; +} HwTs_Interface; + +/* Array of HwTs_Interface */ static ARR_Instance hwts_interfaces; typedef struct { @@ -324,7 +333,7 @@ CNF_Initialise(int r) { restarted = r; - hwts_interfaces = ARR_CreateInstance(sizeof (char *)); + hwts_interfaces = ARR_CreateInstance(sizeof (HwTs_Interface)); init_sources = ARR_CreateInstance(sizeof (IPAddr)); ntp_sources = ARR_CreateInstance(sizeof (NTP_Source)); @@ -351,7 +360,7 @@ CNF_Finalise(void) unsigned int i; for (i = 0; i < ARR_GetSize(hwts_interfaces); i++) - Free(*(char **)ARR_GetElement(hwts_interfaces, i)); + Free(((HwTs_Interface *)ARR_GetElement(hwts_interfaces, i))->name); ARR_DestroyInstance(hwts_interfaces); for (i = 0; i < ARR_GetSize(ntp_sources); i++) @@ -452,7 +461,8 @@ CNF_ParseLine(const char *filename, int number, char *line) } else if (!strcasecmp(command, "cmdport")) { parse_int(p, &cmd_port); } else if (!strcasecmp(command, "cmdratelimit")) { - parse_ratelimit(p, &cmd_ratelimit_interval, &cmd_ratelimit_burst, &cmd_ratelimit_leak); + parse_ratelimit(p, &cmd_ratelimit_enabled, &cmd_ratelimit_interval, + &cmd_ratelimit_burst, &cmd_ratelimit_leak); } else if (!strcasecmp(command, "combinelimit")) { parse_double(p, &combine_limit); } else if (!strcasecmp(command, "corrtimeratio")) { @@ -532,7 +542,8 @@ CNF_ParseLine(const char *filename, int number, char *line) } else if (!strcasecmp(command, "port")) { parse_int(p, &ntp_port); } else if (!strcasecmp(command, "ratelimit")) { - parse_ratelimit(p, &ntp_ratelimit_interval, &ntp_ratelimit_burst, &ntp_ratelimit_leak); + parse_ratelimit(p, &ntp_ratelimit_enabled, &ntp_ratelimit_interval, + &ntp_ratelimit_burst, &ntp_ratelimit_leak); } else if (!strcasecmp(command, "refclock")) { parse_refclock(p); } else if (!strcasecmp(command, "reselectdist")) { @@ -637,11 +648,13 @@ parse_source(char *line, NTP_Source_Type type, int pool) /* ================================================== */ static void -parse_ratelimit(char *line, int *interval, int *burst, int *leak) +parse_ratelimit(char *line, int *enabled, int *interval, int *burst, int *leak) { int n, val; char *opt; + *enabled = 1; + while (*line) { opt = line; line = CPS_SplitWord(line); @@ -1238,8 +1251,39 @@ parse_tempcomp(char *line) static void parse_hwtimestamp(char *line) { - check_number_of_args(line, 1); - *(char **)ARR_GetNewElement(hwts_interfaces) = Strdup(line); + HwTs_Interface *iface; + char *p; + int n; + + if (!*line) { + command_parse_error(); + return; + } + + p = line; + line = CPS_SplitWord(line); + + iface = ARR_GetNewElement(hwts_interfaces); + iface->name = Strdup(p); + iface->tx_comp = 0.0; + iface->rx_comp = 0.0; + + for (p = line; *p; line += n, p = line) { + line = CPS_SplitWord(line); + + if (!strcasecmp(p, "rxcomp")) { + if (sscanf(line, "%lf%n", &iface->rx_comp, &n) != 1) + break; + } else if (!strcasecmp(p, "txcomp")) { + if (sscanf(line, "%lf%n", &iface->tx_comp, &n) != 1) + break; + } else { + break; + } + } + + if (*p) + command_parse_error(); } /* ================================================== */ @@ -1823,20 +1867,22 @@ CNF_GetLockMemory(void) /* ================================================== */ -void CNF_GetNTPRateLimit(int *interval, int *burst, int *leak) +int CNF_GetNTPRateLimit(int *interval, int *burst, int *leak) { *interval = ntp_ratelimit_interval; *burst = ntp_ratelimit_burst; *leak = ntp_ratelimit_leak; + return ntp_ratelimit_enabled; } /* ================================================== */ -void CNF_GetCommandRateLimit(int *interval, int *burst, int *leak) +int CNF_GetCommandRateLimit(int *interval, int *burst, int *leak) { *interval = cmd_ratelimit_interval; *burst = cmd_ratelimit_burst; *leak = cmd_ratelimit_leak; + return cmd_ratelimit_enabled; } /* ================================================== */ @@ -1921,8 +1967,18 @@ CNF_GetInitStepThreshold(void) /* ================================================== */ -ARR_Instance -CNF_GetHwTsInterfaces(void) +int +CNF_GetHwTsInterface(unsigned int index, char **name, double *tx_comp, double *rx_comp) { - return hwts_interfaces; + HwTs_Interface *iface; + + if (index >= ARR_GetSize(hwts_interfaces)) + return 0; + + iface = ARR_GetElement(hwts_interfaces, index); + *name = iface->name; + *tx_comp = iface->tx_comp; + *rx_comp = iface->rx_comp; + + return 1; } @@ -29,7 +29,6 @@ #define GOT_CONF_H #include "addressing.h" -#include "array.h" #include "reference.h" extern void CNF_Initialise(int restarted); @@ -102,8 +101,8 @@ extern void CNF_SetupAccessRestrictions(void); extern int CNF_GetSchedPriority(void); extern int CNF_GetLockMemory(void); -extern void CNF_GetNTPRateLimit(int *interval, int *burst, int *leak); -extern void CNF_GetCommandRateLimit(int *interval, int *burst, int *leak); +extern int CNF_GetNTPRateLimit(int *interval, int *burst, int *leak); +extern int CNF_GetCommandRateLimit(int *interval, int *burst, int *leak); extern void CNF_GetSmooth(double *max_freq, double *max_wander, int *leap_only); extern void CNF_GetTempComp(char **file, double *interval, char **point_file, double *T0, double *k0, double *k1, double *k2); @@ -120,6 +119,6 @@ extern char *CNF_GetHwclockFile(void); extern int CNF_GetInitSources(void); extern double CNF_GetInitStepThreshold(void); -extern ARR_Instance CNF_GetHwTsInterfaces(void); +extern int CNF_GetHwTsInterface(unsigned int index, char **name, double *tx_comp, double *rx_comp); #endif /* GOT_CONF_H */ diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc index 15f9ad6..7db44ed 100644 --- a/doc/chrony.conf.adoc +++ b/doc/chrony.conf.adoc @@ -160,9 +160,8 @@ synchronisation only if they agree with the trusted and required source. *xleave*::: This option enables an interleaved mode which allows the server or the peer to send transmit timestamps captured after the actual transmission (e.g. when the -server or the peer is running *chronyd* with HW timestamping enabled by the -<<hwtimestamp,*hwtimestamp*>> directive). This can significantly improve the -accuracy of the measurements. +server or the peer is running *chronyd* with software (kernel) or hardware +timestamping). This can significantly improve the accuracy of the measurements. + The interleaved mode is compatible with servers that support only the basic mode, but peers must both support and have enabled the interleaved mode, @@ -994,7 +993,7 @@ both a client of its servers, and a server to other clients. Examples of the use of the directive are as follows: + ---- -allow foo.example.net +allow 1.2.3.4 allow 1.2 allow 3.4.5 allow 6.7.8/22 @@ -1005,7 +1004,8 @@ allow ::/0 allow ---- + -The first directive allows the named node to be an NTP client of this computer. +The first directive allows a node with IPv4 address _1.2.3.4_ to be an NTP +client of this computer. The second directive allows any node with an IPv4 address of the form _1.2.x.y_ (with _x_ and _y_ arbitrary) to be an NTP client of this computer. Likewise, the third directive allows any node with an IPv4 address of the form _3.4.5.x_ @@ -1046,6 +1046,10 @@ Within a configuration file this capability is probably rather moot; however, it is of greater use for reconfiguration at run-time via *chronyc* with the <<chronyc.adoc#allow,*allow all*>> command. + +The directive allows a hostname to be specified instead of an IP address, but +the name must be resolvable when *chronyd* is started (i.e. *chronyd* needs +to be started when the network is already up and DNS is working). ++ Note, if the <<initstepslew,*initstepslew*>> directive is used in the configuration file, each of the computers listed in that directive must allow client access by this computer for it to work. @@ -1221,8 +1225,8 @@ source port used in NTP client requests can be set by the <<acquisitionport,*acquisitionport*>> directive. [[ratelimit]]*ratelimit* [_option_]...:: -This directive configures response rate limiting for NTP packets. Its purpose -is to reduce network traffic with misconfigured or broken NTP clients that are +This directive enables response rate limiting for NTP packets. Its purpose is +to reduce network traffic with misconfigured or broken NTP clients that are polling the server too frequently. The limits are applied to individual IP addresses. If multiple clients share one IP address (e.g. multiple hosts behind NAT), the sum of their traffic will be limited. If a client that increases its @@ -1237,16 +1241,16 @@ in any order): + *interval*::: This option sets the minimum interval between responses. It is defined as a -power of 2 in seconds. The default value is -10 (1/1024 of a second, or 1024 -packets per second). The minimum value is -19 (524288 packets per second) and -the maximum value is 12 (one packet per 4096 seconds). Note that with values -below -4 the rate limiting is coarse (responses are allowed in bursts, even if -the interval between them is shorter than the specified interval). +power of 2 in seconds. The default value is 3 (8 seconds). The minimum value +is -19 (524288 packets per second) and the maximum value is 12 (one packet per +4096 seconds). Note that with values below -4 the rate limiting is coarse +(responses are allowed in bursts, even if the interval between them is shorter +than the specified interval). *burst*::: This option sets the maximum number of responses that can be sent in a burst, temporarily exceeding the limit specified by the *interval* option. This is useful for clients that make rapid measurements on start (e.g. *chronyd* with -the *iburst* option). The default value is 16. The minimum value is 1 and the +the *iburst* option). The default value is 8. The minimum value is 1 and the maximum value is 255. *leak*::: This option sets the rate at which responses are randomly allowed even if the @@ -1254,23 +1258,19 @@ limits specified by the *interval* and *burst* options are exceeded. This is necessary to prevent an attacker who is sending requests with a spoofed source address from completely blocking responses to that address. The leak rate is defined as a power of 1/2 and it is 2 by default, i.e. on average at -least every fourth request has a response. The minimum value is 0, which -disables the rate limiting, and the maximum value is 4 (one response per 16 -requests). +least every fourth request has a response. The minimum value is 1 and the +maximum value is 4. :: + An example use of the directive is: + ---- -ratelimit interval 1 burst 8 +ratelimit interval 1 burst 16 ---- + This would reduce the response rate for IP addresses sending packets on average -more than once per 2 seconds, or sending packets in bursts of more than 8 +more than once per 2 seconds, or sending packets in bursts of more than 16 packets, by up to 75% (with default *leak* of 2). -+ -Rate limiting can be disabled by setting the *leak* option to 0, or by the -<<noclientlog,*noclientlog*>> directive. [[smoothtime]]*smoothtime* _max-freq_ _max-wander_ [*leaponly*]:: The *smoothtime* directive can be used to enable smoothing of the time that @@ -1397,18 +1397,16 @@ This would make *chronyd* use UDP 257 as its command port. (*chronyc* would need to be run with the *-p 257* switch to inter-operate correctly.) [[cmdratelimit]]*cmdratelimit* [_option_]...:: -This directive is identical to the <<ratelimit,*ratelimit*>> directive, except -it configures rate limiting for command packets and responses to localhost are -never limited. It is disabled by default (the default *leak* is 0). +This directive enables response rate limiting for command packets. It is +similar to the <<ratelimit,*ratelimit*>> directive, except responses to +localhost are never limited and the default interval is -4 (16 packets per +second). + An example of the use of the directive is: + ---- -cmdratelimit interval -2 burst 128 leak 2 +cmdratelimit interval 2 ---- -+ -This would reduce response rate for addresses that send more than 4 requests -per second, or bursts of more than 128 packets, by up to 75%. === Real-time clock (RTC) @@ -1782,7 +1780,7 @@ sendmail binary. === Miscellaneous -[[hwtimestamp]]*hwtimestamp* _interface_:: +[[hwtimestamp]]*hwtimestamp* _interface_ [_option_]...:: This directive enables hardware timestamping of NTP packets sent to and received from the specified network interface. The network interface controller (NIC) uses its own clock to accurately timestamp the actual transmissions and @@ -1813,10 +1811,25 @@ and the <<chronyc.adoc#ntpdata,*ntpdata*>> report in *chronyc*. If the specified interface is _*_, *chronyd* will try to enable HW timestamping on all available interfaces. + -An example of the directive is: +The *hwtimestamp* directive has the following options: ++ +*txcomp* _compensation_::: +This option specifies the difference in seconds between the actual transmission +time at the physical layer and the reported transmit timestamp. This value will +be added to transmit timestamps obtained from the NIC. The default value is 0. +*rxcomp* _compensation_::: +This option specifies the difference in seconds between the reported receive +timestamp and the actual reception time at the physical layer. This value will +be subtracted from receive timestamps obtained from the NIC. The default value +is 0. +:: ++ +Examples of the directive are: + ---- hwtimestamp eth0 +hwtimestamp eth1 txcomp 300e-9 rxcomp 645e-9 +hwtimestamp * ---- [[include]]*include* _pattern_:: @@ -2225,24 +2238,34 @@ information to be saved. *chronyd* can be configured to operate as a public NTP server, e.g. to join the http://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration is similar to the NTP client with permanent connection, except it needs to -allow client access from all addresses. It is recommended to handpick at least -few good servers, and possibly combine them with a random selection of other -servers in the pool. The rate limiting interval can be increased to save more -bandwidth on misconfigured and broken NTP clients. The *-r* option with the -*dumpdir* directive shortens the time for which *chronyd* will not serve time -to its clients when it needs to be restarted for any reason. +allow client access from all addresses. It is recommended to find at least four +good servers (e.g. from the pool, or on the NTP homepage). If the server has a +hardware reference clock (e.g. a GPS receiver), it can be specified by the +<<refclock,*refclock*>> directive. + +The amount of memory used for logging client accesses can be increased in order +to enable clients to use the interleaved mode even when the server has a large +number of clients, and better support rate limiting if it is enabled by the +<<ratelimit,*ratelimit*>> directive. The system timezone database, if it is +kept up to date and includes the *right/UTC* timezone, can be used as a +reliable source to determine when a leap second will be applied to UTC. The +*-r* option with the <<dumpdir,*dumpdir*>> directive shortens the time in which +*chronyd* will not be able to serve time to its clients when it needs to be +restarted (e.g. after upgrading to a newer version, or a change in the +configuration). -The configuration file might be: +The configuration file could look like: ---- server foo.example.net iburst server bar.example.net iburst server baz.example.net iburst -pool pool.ntp.org iburst +server qux.example.net iburst makestep 1.0 3 rtcsync allow -ratelimit interval 1 +clientloglimit 100000000 +leapsectz right/UTC driftfile @CHRONYVARDIR@/drift dumpdir @CHRONYRUNDIR@ dumponexit diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in index 8cf975f..e3e25f5 100644 --- a/doc/chrony.conf.man.in +++ b/doc/chrony.conf.man.in @@ -2,12 +2,12 @@ .\" Title: chrony.conf .\" Author: [see the "AUTHORS" section] .\" Generator: Asciidoctor 1.5.4 -.\" Date: 2016-12-15 +.\" Date: 2017-01-06 .\" Manual: Configuration Files .\" Source: chrony @CHRONY_VERSION@ .\" Language: English .\" -.TH "CHRONY.CONF" "5" "2016-12-15" "chrony @CHRONY_VERSION@" "Configuration Files" +.TH "CHRONY.CONF" "5" "2017-01-06" "chrony @CHRONY_VERSION@" "Configuration Files" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 @@ -204,9 +204,8 @@ synchronisation only if they agree with the trusted and required source. .RS 4 This option enables an interleaved mode which allows the server or the peer to send transmit timestamps captured after the actual transmission (e.g. when the -server or the peer is running \fBchronyd\fP with HW timestamping enabled by the -\fBhwtimestamp\fP directive). This can significantly improve the -accuracy of the measurements. +server or the peer is running \fBchronyd\fP with software (kernel) or hardware +timestamping). This can significantly improve the accuracy of the measurements. .sp The interleaved mode is compatible with servers that support only the basic mode, but peers must both support and have enabled the interleaved mode, @@ -1308,7 +1307,7 @@ Examples of the use of the directive are as follows: .RS 4 .\} .nf -allow foo.example.net +allow 1.2.3.4 allow 1.2 allow 3.4.5 allow 6.7.8/22 @@ -1322,7 +1321,8 @@ allow .RE .\} .sp -The first directive allows the named node to be an NTP client of this computer. +The first directive allows a node with IPv4 address \fI1.2.3.4\fP to be an NTP +client of this computer. The second directive allows any node with an IPv4 address of the form \fI1.2.x.y\fP (with \fIx\fP and \fIy\fP arbitrary) to be an NTP client of this computer. Likewise, the third directive allows any node with an IPv4 address of the form \fI3.4.5.x\fP @@ -1375,6 +1375,10 @@ Within a configuration file this capability is probably rather moot; however, it is of greater use for reconfiguration at run\-time via \fBchronyc\fP with the \fBallow all\fP command. .sp +The directive allows a hostname to be specified instead of an IP address, but +the name must be resolvable when \fBchronyd\fP is started (i.e. \fBchronyd\fP needs +to be started when the network is already up and DNS is working). +.sp Note, if the \fBinitstepslew\fP directive is used in the configuration file, each of the computers listed in that directive must allow client access by this computer for it to work. @@ -1615,8 +1619,8 @@ source port used in NTP client requests can be set by the .sp \fBratelimit\fP [\fIoption\fP]... .RS 4 -This directive configures response rate limiting for NTP packets. Its purpose -is to reduce network traffic with misconfigured or broken NTP clients that are +This directive enables response rate limiting for NTP packets. Its purpose is +to reduce network traffic with misconfigured or broken NTP clients that are polling the server too frequently. The limits are applied to individual IP addresses. If multiple clients share one IP address (e.g. multiple hosts behind NAT), the sum of their traffic will be limited. If a client that increases its @@ -1632,11 +1636,11 @@ in any order): \fBinterval\fP .RS 4 This option sets the minimum interval between responses. It is defined as a -power of 2 in seconds. The default value is \-10 (1/1024 of a second, or 1024 -packets per second). The minimum value is \-19 (524288 packets per second) and -the maximum value is 12 (one packet per 4096 seconds). Note that with values -below \-4 the rate limiting is coarse (responses are allowed in bursts, even if -the interval between them is shorter than the specified interval). +power of 2 in seconds. The default value is 3 (8 seconds). The minimum value +is \-19 (524288 packets per second) and the maximum value is 12 (one packet per +4096 seconds). Note that with values below \-4 the rate limiting is coarse +(responses are allowed in bursts, even if the interval between them is shorter +than the specified interval). .RE .sp \fBburst\fP @@ -1644,7 +1648,7 @@ the interval between them is shorter than the specified interval). This option sets the maximum number of responses that can be sent in a burst, temporarily exceeding the limit specified by the \fBinterval\fP option. This is useful for clients that make rapid measurements on start (e.g. \fBchronyd\fP with -the \fBiburst\fP option). The default value is 16. The minimum value is 1 and the +the \fBiburst\fP option). The default value is 8. The minimum value is 1 and the maximum value is 255. .RE .sp @@ -1655,9 +1659,8 @@ limits specified by the \fBinterval\fP and \fBburst\fP options are exceeded. Thi necessary to prevent an attacker who is sending requests with a spoofed source address from completely blocking responses to that address. The leak rate is defined as a power of 1/2 and it is 2 by default, i.e. on average at -least every fourth request has a response. The minimum value is 0, which -disables the rate limiting, and the maximum value is 4 (one response per 16 -requests). +least every fourth request has a response. The minimum value is 1 and the +maximum value is 4. .RE .RE .sp @@ -1670,18 +1673,15 @@ An example use of the directive is: .RS 4 .\} .nf -ratelimit interval 1 burst 8 +ratelimit interval 1 burst 16 .fi .if n \{\ .RE .\} .sp This would reduce the response rate for IP addresses sending packets on average -more than once per 2 seconds, or sending packets in bursts of more than 8 +more than once per 2 seconds, or sending packets in bursts of more than 16 packets, by up to 75% (with default \fBleak\fP of 2). -.sp -Rate limiting can be disabled by setting the \fBleak\fP option to 0, or by the -\fBnoclientlog\fP directive. .RE .sp \fBsmoothtime\fP \fImax\-freq\fP \fImax\-wander\fP [\fBleaponly\fP] @@ -1849,9 +1849,10 @@ need to be run with the \fB\-p 257\fP switch to inter\-operate correctly.) .sp \fBcmdratelimit\fP [\fIoption\fP]... .RS 4 -This directive is identical to the \fBratelimit\fP directive, except -it configures rate limiting for command packets and responses to localhost are -never limited. It is disabled by default (the default \fBleak\fP is 0). +This directive enables response rate limiting for command packets. It is +similar to the \fBratelimit\fP directive, except responses to +localhost are never limited and the default interval is \-4 (16 packets per +second). .sp An example of the use of the directive is: .sp @@ -1859,14 +1860,11 @@ An example of the use of the directive is: .RS 4 .\} .nf -cmdratelimit interval \-2 burst 128 leak 2 +cmdratelimit interval 2 .fi .if n \{\ .RE .\} -.sp -This would reduce response rate for addresses that send more than 4 requests -per second, or bursts of more than 128 packets, by up to 75%. .RE .SS "Real\-time clock (RTC)" .sp @@ -3035,7 +3033,7 @@ sendmail binary. .RE .SS "Miscellaneous" .sp -\fBhwtimestamp\fP \fIinterface\fP +\fBhwtimestamp\fP \fIinterface\fP [\fIoption\fP]... .RS 4 This directive enables hardware timestamping of NTP packets sent to and received from the specified network interface. The network interface controller @@ -3067,13 +3065,36 @@ and the \fBntpdata\fP report in \fBchronyc\fP. If the specified interface is \fI*\fP, \fBchronyd\fP will try to enable HW timestamping on all available interfaces. .sp -An example of the directive is: +The \fBhwtimestamp\fP directive has the following options: +.sp +\fBtxcomp\fP \fIcompensation\fP +.RS 4 +This option specifies the difference in seconds between the actual transmission +time at the physical layer and the reported transmit timestamp. This value will +be added to transmit timestamps obtained from the NIC. The default value is 0. +.RE +.sp +\fBrxcomp\fP \fIcompensation\fP +.RS 4 +This option specifies the difference in seconds between the reported receive +timestamp and the actual reception time at the physical layer. This value will +be subtracted from receive timestamps obtained from the NIC. The default value +is 0. +.RE +.RE +.sp + +.RS 4 +.sp +Examples of the directive are: .sp .if n \{\ .RS 4 .\} .nf hwtimestamp eth0 +hwtimestamp eth1 txcomp 300e\-9 rxcomp 645e\-9 +hwtimestamp * .fi .if n \{\ .RE @@ -3629,14 +3650,23 @@ information to be saved. .URL "http://www.pool.ntp.org/en/join.html" "pool.ntp.org" " " project. The configuration is similar to the NTP client with permanent connection, except it needs to -allow client access from all addresses. It is recommended to handpick at least -few good servers, and possibly combine them with a random selection of other -servers in the pool. The rate limiting interval can be increased to save more -bandwidth on misconfigured and broken NTP clients. The \fB\-r\fP option with the -\fBdumpdir\fP directive shortens the time for which \fBchronyd\fP will not serve time -to its clients when it needs to be restarted for any reason. +allow client access from all addresses. It is recommended to find at least four +good servers (e.g. from the pool, or on the NTP homepage). If the server has a +hardware reference clock (e.g. a GPS receiver), it can be specified by the +\fBrefclock\fP directive. +.sp +The amount of memory used for logging client accesses can be increased in order +to enable clients to use the interleaved mode even when the server has a large +number of clients, and better support rate limiting if it is enabled by the +\fBratelimit\fP directive. The system timezone database, if it is +kept up to date and includes the \fBright/UTC\fP timezone, can be used as a +reliable source to determine when a leap second will be applied to UTC. The +\fB\-r\fP option with the \fBdumpdir\fP directive shortens the time in which +\fBchronyd\fP will not be able to serve time to its clients when it needs to be +restarted (e.g. after upgrading to a newer version, or a change in the +configuration). .sp -The configuration file might be: +The configuration file could look like: .sp .if n \{\ .RS 4 @@ -3645,11 +3675,12 @@ The configuration file might be: server foo.example.net iburst server bar.example.net iburst server baz.example.net iburst -pool pool.ntp.org iburst +server qux.example.net iburst makestep 1.0 3 rtcsync allow -ratelimit interval 1 +clientloglimit 100000000 +leapsectz right/UTC driftfile @CHRONYVARDIR@/drift dumpdir @CHRONYRUNDIR@ dumponexit diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc index fe79e44..2bdc9be 100644 --- a/doc/chronyc.adoc +++ b/doc/chronyc.adoc @@ -458,7 +458,7 @@ Poll interval : 10 (1024 seconds) Precision : -24 (0.000000060 seconds) Root delay : 0.000015 seconds Root dispersion : 0.000015 seconds -Reference ID : 50505331 +Reference ID : 47505300 (GPS) Reference time : Fri Nov 25 15:22:12 2016 Offset : -0.000060878 seconds Peer delay : 0.000175634 seconds diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in index cd0f0e8..a478ee6 100644 --- a/doc/chronyc.man.in +++ b/doc/chronyc.man.in @@ -2,12 +2,12 @@ .\" Title: chronyc .\" Author: [see the "AUTHORS" section] .\" Generator: Asciidoctor 1.5.4 -.\" Date: 2016-12-15 +.\" Date: 2017-01-06 .\" Manual: User manual .\" Source: chrony @CHRONY_VERSION@ .\" Language: English .\" -.TH "CHRONYC" "1" "2016-12-15" "chrony @CHRONY_VERSION@" "User manual" +.TH "CHRONYC" "1" "2017-01-06" "chrony @CHRONY_VERSION@" "User manual" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 @@ -684,7 +684,7 @@ Poll interval : 10 (1024 seconds) Precision : \-24 (0.000000060 seconds) Root delay : 0.000015 seconds Root dispersion : 0.000015 seconds -Reference ID : 50505331 +Reference ID : 47505300 (GPS) Reference time : Fri Nov 25 15:22:12 2016 Offset : \-0.000060878 seconds Peer delay : 0.000175634 seconds diff --git a/doc/chronyd.man.in b/doc/chronyd.man.in index 4f286fc..e97489b 100644 --- a/doc/chronyd.man.in +++ b/doc/chronyd.man.in @@ -2,12 +2,12 @@ .\" Title: chronyd .\" Author: [see the "AUTHORS" section] .\" Generator: Asciidoctor 1.5.4 -.\" Date: 2016-12-15 +.\" Date: 2017-01-06 .\" Manual: System Administration .\" Source: chrony @CHRONY_VERSION@ .\" Language: English .\" -.TH "CHRONYD" "8" "2016-12-15" "chrony @CHRONY_VERSION@" "System Administration" +.TH "CHRONYD" "8" "2017-01-06" "chrony @CHRONY_VERSION@" "System Administration" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 diff --git a/examples/chrony.spec b/examples/chrony.spec index 42d674b..f53c3cf 100644 --- a/examples/chrony.spec +++ b/examples/chrony.spec @@ -1,4 +1,4 @@ -%global chrony_version 3.0-pre2 +%global chrony_version 3.0-pre3 %if 0%(echo %{chrony_version} | grep -q pre && echo 1) %global prerelease %(echo %{chrony_version} | sed 's/.*-//') %endif @@ -55,6 +55,9 @@ struct HCL_Instance_Record { /* Number of samples */ int n_samples; + /* Maximum error of the last sample */ + double last_err; + /* Flag indicating the offset and frequency values are valid */ int valid_coefs; @@ -151,6 +154,7 @@ HCL_AccumulateSample(HCL_Instance clock, struct timespec *hw_ts, clock->n_samples++; clock->hw_ref = *hw_ts; clock->local_ref = *local_ts; + clock->last_err = err; /* Get new coefficients */ clock->valid_coefs = @@ -196,9 +200,9 @@ HCL_CookTime(HCL_Instance clock, struct timespec *raw, struct timespec *cooked, offset = clock->offset + elapsed / clock->frequency; UTI_AddDoubleToTimespec(&clock->local_ref, offset, cooked); - /* Estimation of the error is not implemented yet */ + /* Fow now, just return the error of the last sample */ if (err) - *err = 0.0; + *err = clock->last_err; return 1; } @@ -1412,12 +1412,8 @@ receive_packet(NCR_Instance inst, NTP_Local_Address *local_addr, sample_rx_tss = rx_ts->source; } - /* Work out 'delay' relative to the source's time */ - delay = (1.0 - (source_freq_lo + source_freq_hi) / 2.0) * - local_interval - remote_interval; - - /* Clamp delay to avoid misleading results later */ - delay = fabs(delay); + /* Calculate delay */ + delay = fabs(local_interval - remote_interval); if (delay < precision) delay = precision; @@ -1439,7 +1435,8 @@ receive_packet(NCR_Instance inst, NTP_Local_Address *local_addr, skew = (source_freq_hi - source_freq_lo) / 2.0; /* and then calculate peer dispersion */ - dispersion = precision + inst->local_tx.err + rx_ts_err + skew * fabs(local_interval); + dispersion = MAX(precision, MAX(inst->local_tx.err, rx_ts_err)) + + skew * fabs(local_interval); /* Additional tests required to pass before accumulating the sample */ @@ -1609,13 +1606,14 @@ receive_packet(NCR_Instance inst, NTP_Local_Address *local_addr, UTI_DiffTimespecsToDouble(&inst->local_rx.ts, &inst->local_tx.ts)); if (kod_rate) { + LOG(LOGS_WARN, LOGF_NtpCore, "Received KoD RATE from %s", + UTI_IPToString(&inst->remote_addr.ip_addr)); + /* Back off for a while and stop ongoing burst */ delay_time += 4 * (1UL << inst->minpoll); if (inst->opmode == MD_BURST_WAS_OFFLINE || inst->opmode == MD_BURST_WAS_ONLINE) { inst->burst_good_samples_to_go = 0; - LOG(LOGS_WARN, LOGF_NtpCore, "Received KoD RATE from %s, burst sampling stopped", - UTI_IPToString(&inst->remote_addr.ip_addr)); } } @@ -364,8 +364,12 @@ NIO_Initialise(int family) #ifdef HAVE_LINUX_TIMESTAMPING NIO_Linux_Initialise(); #else - if (ARR_GetSize(CNF_GetHwTsInterfaces())) - LOG_FATAL(LOGF_NtpIO, "HW timestamping not supported"); + if (1) { + double tx_comp, rx_comp; + char *name; + if (CNF_GetHwTsInterface(0, &name, &tx_comp, &rx_comp)) + LOG_FATAL(LOGF_NtpIO, "HW timestamping not supported"); + } #endif recv_messages = ARR_CreateInstance(sizeof (struct Message)); diff --git a/ntp_io_linux.c b/ntp_io_linux.c index 8d0eea9..cbfe6ab 100644 --- a/ntp_io_linux.c +++ b/ntp_io_linux.c @@ -66,12 +66,18 @@ struct Interface { /* Start of UDP data at layer 2 for IPv4 and IPv6 */ int l2_udp4_ntp_start; int l2_udp6_ntp_start; + /* Compensation of errors in TX and RX timestamping */ + double tx_comp; + double rx_comp; HCL_Instance clock; }; /* Number of PHC readings per HW clock sample */ #define PHC_READINGS 10 +/* Maximum acceptable offset between HW and daemon/kernel timestamp */ +#define MAX_TS_DELAY 1.0 + /* Array of Interfaces */ static ARR_Instance interfaces; @@ -85,7 +91,7 @@ static int permanent_ts_options; /* ================================================== */ static int -add_interface(const char *name) +add_interface(const char *name, double tx_comp, double rx_comp) { struct ethtool_ts_info ts_info; struct hwtstamp_config ts_config; @@ -166,6 +172,9 @@ add_interface(const char *name) iface->l2_udp4_ntp_start = 42; iface->l2_udp6_ntp_start = 62; + iface->tx_comp = tx_comp; + iface->rx_comp = rx_comp; + iface->clock = HCL_CreateInstance(); DEBUG_LOG(LOGF_NtpIOLinux, "Enabled HW timestamping on %s", name); @@ -176,7 +185,7 @@ add_interface(const char *name) /* ================================================== */ static int -add_all_interfaces(void) +add_all_interfaces(double tx_comp, double rx_comp) { struct ifaddrs *ifaddr, *ifa; int r; @@ -187,7 +196,7 @@ add_all_interfaces(void) } for (r = 0, ifa = ifaddr; ifa; ifa = ifa->ifa_next) { - if (add_interface(ifa->ifa_name)) + if (add_interface(ifa->ifa_name, tx_comp, rx_comp)) r = 1; } @@ -233,34 +242,30 @@ update_interface_speed(struct Interface *iface) void NIO_Linux_Initialise(void) { - ARR_Instance config_hwts_ifaces; - char *if_name; + double tx_comp, rx_comp; + char *name; unsigned int i; - int wildcard, hwts; + int hwts; interfaces = ARR_CreateInstance(sizeof (struct Interface)); - config_hwts_ifaces = CNF_GetHwTsInterfaces(); - /* Enable HW timestamping on specified interfaces. If "*" was specified, try all interfaces. If no interface was specified, enable SW timestamping. */ - for (i = wildcard = 0; i < ARR_GetSize(config_hwts_ifaces); i++) { - if (!strcmp("*", *(char **)ARR_GetElement(config_hwts_ifaces, i))) - wildcard = 1; + for (i = hwts = 0; CNF_GetHwTsInterface(i, &name, &tx_comp, &rx_comp); i++) { + if (!strcmp("*", name)) + continue; + if (!add_interface(name, tx_comp, rx_comp)) + LOG_FATAL(LOGF_NtpIO, "Could not enable HW timestamping on %s", name); + hwts = 1; } - if (!wildcard && ARR_GetSize(config_hwts_ifaces)) { - for (i = 0; i < ARR_GetSize(config_hwts_ifaces); i++) { - if_name = *(char **)ARR_GetElement(config_hwts_ifaces, i); - if (!add_interface(if_name)) - LOG_FATAL(LOGF_NtpIO, "Could not enable HW timestamping on %s", if_name); - } - hwts = 1; - } else if (wildcard && add_all_interfaces()) { - hwts = 1; - } else { - hwts = 0; + for (i = 0; CNF_GetHwTsInterface(i, &name, &tx_comp, &rx_comp); i++) { + if (strcmp("*", name)) + continue; + if (add_all_interfaces(tx_comp, rx_comp)) + hwts = 1; + break; } if (hwts) { @@ -417,8 +422,8 @@ static void process_hw_timestamp(struct Interface *iface, struct timespec *hw_ts, NTP_Local_Timestamp *local_ts, int rx_ntp_length, int family) { - struct timespec sample_phc_ts, sample_local_ts; - double sample_delay, rx_correction; + struct timespec sample_phc_ts, sample_local_ts, ts; + double sample_delay, rx_correction, ts_delay, err; int l2_length; if (HCL_NeedsNewSample(iface->clock, &local_ts->ts)) { @@ -444,9 +449,23 @@ process_hw_timestamp(struct Interface *iface, struct timespec *hw_ts, UTI_AddDoubleToTimespec(hw_ts, rx_correction, hw_ts); } - if (!HCL_CookTime(iface->clock, hw_ts, &local_ts->ts, &local_ts->err)) + if (!rx_ntp_length && iface->tx_comp) + UTI_AddDoubleToTimespec(hw_ts, iface->tx_comp, hw_ts); + else if (rx_ntp_length && iface->rx_comp) + UTI_AddDoubleToTimespec(hw_ts, -iface->rx_comp, hw_ts); + + if (!HCL_CookTime(iface->clock, hw_ts, &ts, &err)) return; + ts_delay = UTI_DiffTimespecsToDouble(&local_ts->ts, &ts); + + if (fabs(ts_delay) > MAX_TS_DELAY) { + DEBUG_LOG(LOGF_NtpIOLinux, "Unacceptable timestamp delay %.9f", ts_delay); + return; + } + + local_ts->ts = ts; + local_ts->err = err; local_ts->source = NTP_TS_HARDWARE; } @@ -536,7 +555,7 @@ NIO_Linux_ProcessMessage(NTP_Remote_Address *remote_addr, NTP_Local_Address *loc if (!UTI_IsZeroTimespec(&ts3.ts[0])) { LCL_CookTime(&ts3.ts[0], &local_ts->ts, &local_ts->err); local_ts->source = NTP_TS_KERNEL; - } else { + } else if (!UTI_IsZeroTimespec(&ts3.ts[2])) { iface = get_interface(if_index); if (iface) { process_hw_timestamp(iface, &ts3.ts[2], local_ts, !is_tx ? length : 0, @@ -425,10 +425,11 @@ SRC_UpdateReachability(SRC_Instance inst, int reachable) } /* Try to replace NTP sources that are unreachable, falsetickers, or - have root distance larger than the allowed maximum */ + have root distance or jitter larger than the allowed maximums */ if (inst->type == SRC_NTP && ((!inst->reachability && inst->reachability_size == SOURCE_REACH_BITS) || - inst->status == SRC_FALSETICKER || inst->status == SRC_BAD_DISTANCE)) { + inst->status == SRC_BAD_DISTANCE || inst->status == SRC_JITTERY || + inst->status == SRC_FALSETICKER)) { NSR_HandleBadSource(inst->ip_addr); } } diff --git a/version.txt b/version.txt index 9ec7a8f..361ec05 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -3.0-pre2 +3.0-pre3 |