diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2024-05-10 15:15:56 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2024-05-26 22:55:52 +0000 |
| commit | 1f833b3fc9968c3dd7ed79ccf0525ebf16c891ad (patch) | |
| tree | 85801af20e3b694584668aeb39ecec75ee71f72c | |
| parent | ab1f1aa8333369a83ff284848fc3fc2e52d5f29f (diff) | |
| download | src-vendor/ntp.tar.gz src-vendor/ntp.zip | |
ntp: Vendor import of ntp-4.2.8p18vendor/ntp/4.2.8p18vendor/ntp
399 files changed, 19547 insertions, 10321 deletions
diff --git a/COPYRIGHT b/COPYRIGHT index 013202c0fb09..0cb57168ebfc 100644 --- a/COPYRIGHT +++ b/COPYRIGHT @@ -3,7 +3,7 @@ This file is automatically generated from html/copyright.html jpg "Clone me," says Dolly sheepishly. - Last update: 2-Mar-2023 05:21 UTC + Last update: 7-Jan-2024 00:29 UTC __________________________________________________________________ The following copyright notice applies to all files collectively called @@ -32,7 +32,7 @@ This file is automatically generated from html/copyright.html Hart, Danny Mayer, Martin Burnicki, and possibly others is: *********************************************************************** * * -* Copyright (c) Network Time Foundation 2011-2023 * +* Copyright (c) Network Time Foundation 2011-2024 * * * * All Rights Reserved * * * diff --git a/ChangeLog b/ChangeLog index 93cdab8b94eb..f4a196aa57cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,122 @@ --- +(4.2.8p18) 2024/05/25 Released by Harlan Stenn <stenn@ntp.org> + +* [Bug 3918] Tweak openssl header/library handling. <stenn@ntp.org> +* [Bug 3914] Spurious "Unexpected origin timestamp" logged after time + stepped. <hart@ntp.org> +* [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + <hart@ntp.org> +* [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com> +* [Bug 3910] Memory leak using openssl-3 <hart@ntp.org> +* [Bug 3909] Do not select multicast local address for unicast peer. + <hart@ntp.org> +* [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe. + <hart@ntp.org> +* [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org> +* [Bug 3900] fast_xmit() selects wrong local addr responding to mcast on + Windows. <hart@ntp.org> +* [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates + duplicate associations. <hart@ntp.org> +* [Bug 3872] Ignore restrict mask for hostname. <hart@ntp.org> +* [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails. + Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT + declaration from ntp_types.h to config.h. <hart@ntp.org> +* [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org> +* [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs. + Reported by PoolMUC@web.de. <hart@ntp.org> +* [Bug 3868] Cannot restrict a pool peer. <hart@ntp.org> Thanks to + Edward McGuire for tracking down the deficiency. +* [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian. + <hart@ntp.org> +* [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. <hart@ntp.org> +* [Bug 3856] Enable Edit & Continue debugging with Visual Studio. + <hart@ntp.org> +* [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. <hart@ntp.org> +* [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid. + <hart@ntp.org> +* [Bug 3853] Clean up warnings with modern compilers. <hart@ntp.org> +* [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as + intended. <hart@ntp.org> +* [Bug 3851] Drop pool server when no local address can reach it. + <hart@ntp.org> +* [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid. + <hart@ntp.org> +* [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org> +* [Bug 3847] SSL detection in configure should run-test if runpath is needed. + <hart@ntp.org> +* [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org> +* [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. + <hart@ntp.org> +* [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. <hart@ntp.org> +* [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat + Need to remove --Wformat-security when removing -Wformat to + silence numerous libopts warnings. <hart@ntp.org> +* [Bug 3837] NULL pointer deref crash when ntpd deletes last interface. + Reported by renmingshuai. Correct UNLINK_EXPR_SLIST() when the + list is empty. <hart@ntp.org> +* [Bug 3835] NTP_HARD_*FLAGS not used by libevent tearoff. <hart@ntp.org> +* [Bug 3831] pollskewlist zeroed on runtime configuration. <hart@ntp.org> +* [Bug 3830] configure libevent check intersperses output with answer. <stenn@> +* [Bug 3828] BK should ignore a git repo in the same directory. + <burnicki@ntp.org> +* [Bug 3827] Fix build in case CLOCK_HOPF6021 or CLOCK_WHARTON_400A + is disabled. <burnicki@ntp.org> +* [Bug 3825] Don't touch HTML files unless building inside a BK repo. + Fix the script checkHtmlFileDates. <burnicki@ntp.org> +* [Bug 3756] Improve OpenSSL library/header detection. +* [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org> +* [Bug 2734] TEST3 prevents initial interleave sync. Fix from <PoolMUC@web.de> +* Log failures to allocate receive buffers. <hart@ntp.org> +* Remove extraneous */ from libparse/ieee754io.c +* Fix .datecheck target line in Makefile.am. <stenn@ntp.org> +* Update the copyright year. <stenn@ntp.org> +* Update ntp.conf documentation to add "delrestrict" and correct information + about KoD rate limiting. <hart@ntp.org> +* html/clockopt.html cleanup. <stenn@ntp.org> +* util/lsf-times - added. <stenn@ntp.org> +* Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org> +* Provide ntpd thread names to debugger on Windows. <hart@ntp.org> +* Remove dead code libntp/numtohost.c and its unit tests. <hart@ntp.org> +* Remove class A, B, C IPv4 distinctions in netof(). <hart@ntp.org> +* Use @configure_input@ in various *.in files to include a comment that + the file is generated from another pointing to the *.in. <hart@ntp.org> +* Correct underquoting, indents in ntp_facilitynames.m4. <hart@ntp.org> +* Clean up a few warnings seen building with older gcc. <hart@ntp.org> +* Fix build on older FreeBSD lacking sys/procctl.h. <hart@ntp.org> +* Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix + that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org> +* Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files. +* Remove useless pointer to Windows Help from system error messages. +* Avoid newlines within Windows error messages. <hart@ntp.org> +* Ensure unique association IDs if wrapped. <hart@ntp.org> +* Simplify calc_addr_distance(). <hart@ntp.org> +* Clamp min/maxpoll in edge cases in newpeer(). <hart@ntp.org> +* Quiet local addr change logging when unpeering. <hart@ntp.org> +* Correct missing arg for %s printf specifier in + send_blocking_resp_internal(). <hart@ntp.org> +* Suppress OpenSSL 3 deprecation warning clutter. <hart@ntp.org> +* Correct OpenSSL usage in Autokey code to avoid warnings about + discarding const qualifiers with OpenSSL 3. <hart@ntp.org> +* Display KoD refid as text in recently added message. <hart@ntp.org> +* Avoid running checkHtmlFileDates script repeatedly when no html/*.html + files have changed. <hart@ntp.org> +* Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org> +* Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org> +* Add build test coverage for --disable-saveconfig to flock-build script. + <hart@ntp.org> +* Remove deprecated configure --with-arlib option. <hart@ntp.org> +* Remove configure support for ISC UNIX ca. 1998. <hart@ntp.org> +* Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. <hart@ntp.org> +* Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. <hart@ntp.org> +* Eliminate [v]snprintf redefinition warnings on macOS. <hart@ntp.org> +* Fix clang 14 cast increases alignment warning on Linux. <hart@ntp.org> +* Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests. + <hart@ntp.org> +* Use NTP_HARD_CPPFLAGS in libopts tearoff. <hart@ntp.org> +* wire in --enable-build-framework-help + +--- (4.2.8p17) 2023/06/06 Released by Harlan Stenn <stenn@ntp.org> * [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at @@ -10,7 +128,7 @@ Miroslav Lichvar and Matt for rapid testing and identifying the problem. <hart@ntp.org> * Add tests/libntp/digests.c to catch regressions reading keys file or with - symmetric authentication digest output. + symmetric authentication digest output. <hart@ntp.org> --- (4.2.8p16) 2023/05/31 Released by Harlan Stenn <stenn@ntp.org> diff --git a/CommitLog b/CommitLog index adeda2c60402..49952cfaef0d 100644 --- a/CommitLog +++ b/CommitLog @@ -1,3 +1,3224 @@ +ChangeSet@1.4062, 2024-05-25 00:06:49-07:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P18 + TAG: NTP_4_2_8P18 + + ChangeLog@1.2103 +1 -0 + NTP_4_2_8P18 + + ntpd/invoke-ntp.conf.texi@1.231 +1 -1 + NTP_4_2_8P18 + + ntpd/invoke-ntp.keys.texi@1.214 +1 -1 + NTP_4_2_8P18 + + ntpd/invoke-ntpd.texi@1.528 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.conf.5man@1.265 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.conf.5mdoc@1.265 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.conf.html@1.213 +1 -1 + NTP_4_2_8P18 + + ntpd/ntp.conf.man.in@1.265 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.conf.mdoc.in@1.265 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.keys.5man@1.248 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.keys.5mdoc@1.248 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.keys.html@1.208 +1 -1 + NTP_4_2_8P18 + + ntpd/ntp.keys.man.in@1.248 +2 -2 + NTP_4_2_8P18 + + ntpd/ntp.keys.mdoc.in@1.248 +2 -2 + NTP_4_2_8P18 + + ntpd/ntpd-opts.c@1.553 +245 -245 + NTP_4_2_8P18 + + ntpd/ntpd-opts.h@1.552 +3 -3 + NTP_4_2_8P18 + + ntpd/ntpd.1ntpdman@1.357 +2 -2 + NTP_4_2_8P18 + + ntpd/ntpd.1ntpdmdoc@1.357 +2 -2 + NTP_4_2_8P18 + + ntpd/ntpd.html@1.202 +2 -2 + NTP_4_2_8P18 + + ntpd/ntpd.man.in@1.357 +2 -2 + NTP_4_2_8P18 + + ntpd/ntpd.mdoc.in@1.357 +2 -2 + NTP_4_2_8P18 + + ntpdc/invoke-ntpdc.texi@1.527 +2 -2 + NTP_4_2_8P18 + + ntpdc/ntpdc-opts.c@1.548 +113 -113 + NTP_4_2_8P18 + + ntpdc/ntpdc-opts.h@1.547 +3 -3 + NTP_4_2_8P18 + + ntpdc/ntpdc.1ntpdcman@1.358 +2 -2 + NTP_4_2_8P18 + + ntpdc/ntpdc.1ntpdcmdoc@1.358 +2 -2 + NTP_4_2_8P18 + + ntpdc/ntpdc.html@1.372 +2 -2 + NTP_4_2_8P18 + + ntpdc/ntpdc.man.in@1.358 +2 -2 + NTP_4_2_8P18 + + ntpdc/ntpdc.mdoc.in@1.358 +2 -2 + NTP_4_2_8P18 + + ntpq/invoke-ntpq.texi@1.537 +2 -2 + NTP_4_2_8P18 + + ntpq/ntpq-opts.c@1.557 +120 -120 + NTP_4_2_8P18 + + ntpq/ntpq-opts.h@1.555 +3 -3 + NTP_4_2_8P18 + + ntpq/ntpq.1ntpqman@1.365 +2 -2 + NTP_4_2_8P18 + + ntpq/ntpq.1ntpqmdoc@1.365 +2 -2 + NTP_4_2_8P18 + + ntpq/ntpq.html@1.202 +2 -2 + NTP_4_2_8P18 + + ntpq/ntpq.man.in@1.365 +2 -2 + NTP_4_2_8P18 + + ntpq/ntpq.mdoc.in@1.365 +2 -2 + NTP_4_2_8P18 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.527 +2 -2 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd-opts.c@1.548 +68 -68 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd-opts.h@1.547 +3 -3 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.356 +2 -2 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.356 +2 -2 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd.html@1.194 +1 -1 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd.man.in@1.356 +2 -2 + NTP_4_2_8P18 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.356 +2 -2 + NTP_4_2_8P18 + + packageinfo.sh@1.553 +2 -2 + NTP_4_2_8P18 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.117 +2 -2 + NTP_4_2_8P18 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.119 +2 -2 + NTP_4_2_8P18 + + scripts/calc_tickadj/calc_tickadj.html@1.118 +1 -1 + NTP_4_2_8P18 + + scripts/calc_tickadj/calc_tickadj.man.in@1.116 +2 -2 + NTP_4_2_8P18 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.119 +2 -2 + NTP_4_2_8P18 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.121 +1 -1 + NTP_4_2_8P18 + + scripts/invoke-plot_summary.texi@1.139 +2 -2 + NTP_4_2_8P18 + + scripts/invoke-summary.texi@1.138 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.350 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/ntp-wait-opts@1.86 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.345 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.347 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/ntp-wait.html@1.366 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/ntp-wait.man.in@1.345 +2 -2 + NTP_4_2_8P18 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.347 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.136 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/ntpsweep-opts@1.89 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.124 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.124 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/ntpsweep.html@1.138 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/ntpsweep.man.in@1.124 +2 -2 + NTP_4_2_8P18 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.125 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/invoke-ntptrace.texi@1.139 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/ntptrace-opts@1.89 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/ntptrace.1ntptraceman@1.124 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.126 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/ntptrace.html@1.139 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/ntptrace.man.in@1.124 +2 -2 + NTP_4_2_8P18 + + scripts/ntptrace/ntptrace.mdoc.in@1.127 +2 -2 + NTP_4_2_8P18 + + scripts/plot_summary-opts@1.90 +2 -2 + NTP_4_2_8P18 + + scripts/plot_summary.1plot_summaryman@1.137 +2 -2 + NTP_4_2_8P18 + + scripts/plot_summary.1plot_summarymdoc@1.137 +2 -2 + NTP_4_2_8P18 + + scripts/plot_summary.html@1.141 +2 -2 + NTP_4_2_8P18 + + scripts/plot_summary.man.in@1.137 +2 -2 + NTP_4_2_8P18 + + scripts/plot_summary.mdoc.in@1.137 +2 -2 + NTP_4_2_8P18 + + scripts/summary-opts@1.89 +2 -2 + NTP_4_2_8P18 + + scripts/summary.1summaryman@1.136 +2 -2 + NTP_4_2_8P18 + + scripts/summary.1summarymdoc@1.136 +2 -2 + NTP_4_2_8P18 + + scripts/summary.html@1.140 +2 -2 + NTP_4_2_8P18 + + scripts/summary.man.in@1.136 +2 -2 + NTP_4_2_8P18 + + scripts/summary.mdoc.in@1.136 +2 -2 + NTP_4_2_8P18 + + scripts/update-leap/invoke-update-leap.texi@1.37 +1 -1 + NTP_4_2_8P18 + + scripts/update-leap/update-leap-opts@1.39 +2 -2 + NTP_4_2_8P18 + + scripts/update-leap/update-leap.1update-leapman@1.37 +2 -2 + NTP_4_2_8P18 + + scripts/update-leap/update-leap.1update-leapmdoc@1.38 +2 -2 + NTP_4_2_8P18 + + scripts/update-leap/update-leap.html@1.37 +1 -1 + NTP_4_2_8P18 + + scripts/update-leap/update-leap.man.in@1.37 +2 -2 + NTP_4_2_8P18 + + scripts/update-leap/update-leap.mdoc.in@1.38 +2 -2 + NTP_4_2_8P18 + + sntp/invoke-sntp.texi@1.527 +2 -2 + NTP_4_2_8P18 + + sntp/sntp-opts.c@1.549 +161 -161 + NTP_4_2_8P18 + + sntp/sntp-opts.h@1.547 +3 -3 + NTP_4_2_8P18 + + sntp/sntp.1sntpman@1.362 +2 -2 + NTP_4_2_8P18 + + sntp/sntp.1sntpmdoc@1.362 +2 -2 + NTP_4_2_8P18 + + sntp/sntp.html@1.543 +2 -2 + NTP_4_2_8P18 + + sntp/sntp.man.in@1.362 +2 -2 + NTP_4_2_8P18 + + sntp/sntp.mdoc.in@1.362 +2 -2 + NTP_4_2_8P18 + + util/invoke-ntp-keygen.texi@1.530 +2 -2 + NTP_4_2_8P18 + + util/ntp-keygen-opts.c@1.551 +174 -174 + NTP_4_2_8P18 + + util/ntp-keygen-opts.h@1.549 +3 -3 + NTP_4_2_8P18 + + util/ntp-keygen.1ntp-keygenman@1.358 +2 -2 + NTP_4_2_8P18 + + util/ntp-keygen.1ntp-keygenmdoc@1.358 +2 -2 + NTP_4_2_8P18 + + util/ntp-keygen.html@1.203 +2 -2 + NTP_4_2_8P18 + + util/ntp-keygen.man.in@1.358 +2 -2 + NTP_4_2_8P18 + + util/ntp-keygen.mdoc.in@1.358 +2 -2 + NTP_4_2_8P18 + +ChangeSet@1.4061, 2024-05-24 23:46:58-07:00, ntpreleng@ntp-build.tal1.ntfo.org + ntp-4.2.8p18 + + ChangeLog@1.2102 +0 -2 + ntp-4.2.8p18 + +ChangeSet@1.4060, 2024-05-24 22:53:53-07:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P18_RCGO + TAG: NTP_4_2_8P18_RCGO + + ChangeLog@1.2101 +1 -0 + NTP_4_2_8P18_RCGO + + ntpd/invoke-ntp.conf.texi@1.230 +1 -1 + NTP_4_2_8P18_RCGO + + ntpd/invoke-ntp.keys.texi@1.213 +1 -1 + NTP_4_2_8P18_RCGO + + ntpd/invoke-ntpd.texi@1.527 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.conf.5man@1.264 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.conf.5mdoc@1.264 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.conf.html@1.212 +1 -1 + NTP_4_2_8P18_RCGO + + ntpd/ntp.conf.man.in@1.264 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.conf.mdoc.in@1.264 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.keys.5man@1.247 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.keys.5mdoc@1.247 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.keys.html@1.207 +1 -1 + NTP_4_2_8P18_RCGO + + ntpd/ntp.keys.man.in@1.247 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntp.keys.mdoc.in@1.247 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntpd-opts.c@1.552 +7 -7 + NTP_4_2_8P18_RCGO + + ntpd/ntpd-opts.h@1.551 +3 -3 + NTP_4_2_8P18_RCGO + + ntpd/ntpd.1ntpdman@1.356 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntpd.1ntpdmdoc@1.356 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntpd.html@1.201 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntpd.man.in@1.356 +2 -2 + NTP_4_2_8P18_RCGO + + ntpd/ntpd.mdoc.in@1.356 +2 -2 + NTP_4_2_8P18_RCGO + + ntpdc/invoke-ntpdc.texi@1.526 +2 -2 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc-opts.c@1.547 +7 -7 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc-opts.h@1.546 +3 -3 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc.1ntpdcman@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc.1ntpdcmdoc@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc.html@1.371 +2 -2 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc.man.in@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + ntpdc/ntpdc.mdoc.in@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + ntpq/invoke-ntpq.texi@1.536 +2 -2 + NTP_4_2_8P18_RCGO + + ntpq/ntpq-opts.c@1.556 +7 -7 + NTP_4_2_8P18_RCGO + + ntpq/ntpq-opts.h@1.554 +3 -3 + NTP_4_2_8P18_RCGO + + ntpq/ntpq.1ntpqman@1.364 +2 -2 + NTP_4_2_8P18_RCGO + + ntpq/ntpq.1ntpqmdoc@1.364 +2 -2 + NTP_4_2_8P18_RCGO + + ntpq/ntpq.html@1.201 +2 -2 + NTP_4_2_8P18_RCGO + + ntpq/ntpq.man.in@1.364 +2 -2 + NTP_4_2_8P18_RCGO + + ntpq/ntpq.mdoc.in@1.364 +2 -2 + NTP_4_2_8P18_RCGO + + ntpsnmpd/invoke-ntpsnmpd.texi@1.526 +2 -2 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd-opts.c@1.547 +7 -7 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd-opts.h@1.546 +3 -3 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.355 +2 -2 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.355 +2 -2 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd.html@1.193 +1 -1 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd.man.in@1.355 +2 -2 + NTP_4_2_8P18_RCGO + + ntpsnmpd/ntpsnmpd.mdoc.in@1.355 +2 -2 + NTP_4_2_8P18_RCGO + + packageinfo.sh@1.552 +3 -1 + NTP_4_2_8P18_RCGO + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.116 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.118 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/calc_tickadj/calc_tickadj.html@1.117 +1 -1 + NTP_4_2_8P18_RCGO + + scripts/calc_tickadj/calc_tickadj.man.in@1.115 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.118 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.120 +1 -1 + NTP_4_2_8P18_RCGO + + scripts/invoke-plot_summary.texi@1.138 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/invoke-summary.texi@1.137 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/invoke-ntp-wait.texi@1.349 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/ntp-wait-opts@1.85 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.344 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.346 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/ntp-wait.html@1.365 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/ntp-wait.man.in@1.344 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntp-wait/ntp-wait.mdoc.in@1.346 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/invoke-ntpsweep.texi@1.135 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/ntpsweep-opts@1.88 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.123 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.123 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/ntpsweep.html@1.137 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/ntpsweep.man.in@1.123 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntpsweep/ntpsweep.mdoc.in@1.124 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/invoke-ntptrace.texi@1.138 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/ntptrace-opts@1.88 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/ntptrace.1ntptraceman@1.123 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.125 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/ntptrace.html@1.138 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/ntptrace.man.in@1.123 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/ntptrace/ntptrace.mdoc.in@1.126 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/plot_summary-opts@1.89 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/plot_summary.1plot_summaryman@1.136 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/plot_summary.1plot_summarymdoc@1.136 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/plot_summary.html@1.140 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/plot_summary.man.in@1.136 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/plot_summary.mdoc.in@1.136 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/summary-opts@1.88 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/summary.1summaryman@1.135 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/summary.1summarymdoc@1.135 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/summary.html@1.139 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/summary.man.in@1.135 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/summary.mdoc.in@1.135 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/update-leap/invoke-update-leap.texi@1.36 +1 -1 + NTP_4_2_8P18_RCGO + + scripts/update-leap/update-leap-opts@1.38 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/update-leap/update-leap.1update-leapman@1.36 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/update-leap/update-leap.1update-leapmdoc@1.37 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/update-leap/update-leap.html@1.36 +1 -1 + NTP_4_2_8P18_RCGO + + scripts/update-leap/update-leap.man.in@1.36 +2 -2 + NTP_4_2_8P18_RCGO + + scripts/update-leap/update-leap.mdoc.in@1.37 +2 -2 + NTP_4_2_8P18_RCGO + + sntp/invoke-sntp.texi@1.526 +2 -2 + NTP_4_2_8P18_RCGO + + sntp/sntp-opts.c@1.548 +7 -7 + NTP_4_2_8P18_RCGO + + sntp/sntp-opts.h@1.546 +3 -3 + NTP_4_2_8P18_RCGO + + sntp/sntp.1sntpman@1.361 +2 -2 + NTP_4_2_8P18_RCGO + + sntp/sntp.1sntpmdoc@1.361 +2 -2 + NTP_4_2_8P18_RCGO + + sntp/sntp.html@1.542 +2 -2 + NTP_4_2_8P18_RCGO + + sntp/sntp.man.in@1.361 +2 -2 + NTP_4_2_8P18_RCGO + + sntp/sntp.mdoc.in@1.361 +2 -2 + NTP_4_2_8P18_RCGO + + util/invoke-ntp-keygen.texi@1.529 +2 -2 + NTP_4_2_8P18_RCGO + + util/ntp-keygen-opts.c@1.550 +7 -7 + NTP_4_2_8P18_RCGO + + util/ntp-keygen-opts.h@1.548 +3 -3 + NTP_4_2_8P18_RCGO + + util/ntp-keygen.1ntp-keygenman@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + util/ntp-keygen.1ntp-keygenmdoc@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + util/ntp-keygen.html@1.202 +2 -2 + NTP_4_2_8P18_RCGO + + util/ntp-keygen.man.in@1.357 +2 -2 + NTP_4_2_8P18_RCGO + + util/ntp-keygen.mdoc.in@1.357 +2 -2 + NTP_4_2_8P18_RCGO + +ChangeSet@1.4059, 2024-05-24 00:40:40-07:00, ntpreleng@ntp-build.tal1.ntfo.org + Remove duplicate ChangeLog entries + + ChangeLog@1.2100 +1 -1 + Remove duplicate ChangeLog entries + + NEWS@1.221 +3898 -7 + Remove duplicate ChangeLog entries + +ChangeSet@1.4058, 2024-05-24 00:30:46-07:00, ntpreleng@ntp-build.tal1.ntfo.org + Remove duplicate ChangeLog entries + + ChangeLog@1.2099 +0 -4 + Remove duplicate ChangeLog entries + +ChangeSet@1.4057, 2024-05-07 16:50:59-07:00, ntpreleng@ntp-build.tal1.ntfo.org + NTP_4_2_8P18_RC1 + TAG: NTP_4_2_8P18_RC1 + + ChangeLog@1.2098 +1 -0 + NTP_4_2_8P18_RC1 + + ntpd/invoke-ntp.conf.texi@1.229 +1 -1 + NTP_4_2_8P18_RC1 + + ntpd/invoke-ntp.keys.texi@1.212 +1 -1 + NTP_4_2_8P18_RC1 + + ntpd/invoke-ntpd.texi@1.526 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.conf.5man@1.263 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.conf.5mdoc@1.263 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.conf.html@1.211 +765 -817 + NTP_4_2_8P18_RC1 + + ntpd/ntp.conf.man.in@1.263 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.conf.mdoc.in@1.263 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.keys.5man@1.246 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.keys.5mdoc@1.246 +3 -3 + NTP_4_2_8P18_RC1 + + ntpd/ntp.keys.html@1.206 +105 -97 + NTP_4_2_8P18_RC1 + + ntpd/ntp.keys.man.in@1.246 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntp.keys.mdoc.in@1.246 +3 -3 + NTP_4_2_8P18_RC1 + + ntpd/ntpd-opts.c@1.551 +245 -245 + NTP_4_2_8P18_RC1 + + ntpd/ntpd-opts.h@1.550 +3 -3 + NTP_4_2_8P18_RC1 + + ntpd/ntpd.1ntpdman@1.355 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntpd.1ntpdmdoc@1.355 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntpd.html@1.200 +398 -427 + NTP_4_2_8P18_RC1 + + ntpd/ntpd.man.in@1.355 +2 -2 + NTP_4_2_8P18_RC1 + + ntpd/ntpd.mdoc.in@1.355 +2 -2 + NTP_4_2_8P18_RC1 + + ntpdc/invoke-ntpdc.texi@1.525 +2 -2 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc-opts.c@1.546 +113 -113 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc-opts.h@1.545 +3 -3 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc.1ntpdcman@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc.1ntpdcmdoc@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc.html@1.370 +209 -215 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc.man.in@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + ntpdc/ntpdc.mdoc.in@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + ntpq/invoke-ntpq.texi@1.535 +2 -2 + NTP_4_2_8P18_RC1 + + ntpq/ntpq-opts.c@1.555 +120 -120 + NTP_4_2_8P18_RC1 + + ntpq/ntpq-opts.h@1.553 +3 -3 + NTP_4_2_8P18_RC1 + + ntpq/ntpq.1ntpqman@1.363 +2 -2 + NTP_4_2_8P18_RC1 + + ntpq/ntpq.1ntpqmdoc@1.363 +2 -2 + NTP_4_2_8P18_RC1 + + ntpq/ntpq.html@1.200 +815 -813 + NTP_4_2_8P18_RC1 + + ntpq/ntpq.man.in@1.363 +2 -2 + NTP_4_2_8P18_RC1 + + ntpq/ntpq.mdoc.in@1.363 +2 -2 + NTP_4_2_8P18_RC1 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.525 +2 -2 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd-opts.c@1.546 +68 -68 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd-opts.h@1.545 +3 -3 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.354 +2 -2 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.354 +2 -2 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd.html@1.192 +52 -39 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd.man.in@1.354 +2 -2 + NTP_4_2_8P18_RC1 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.354 +2 -2 + NTP_4_2_8P18_RC1 + + packageinfo.sh@1.551 +3 -3 + NTP_4_2_8P18_RC1 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.115 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.117 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/calc_tickadj/calc_tickadj.html@1.116 +30 -51 + NTP_4_2_8P18_RC1 + + scripts/calc_tickadj/calc_tickadj.man.in@1.114 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.117 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.119 +1 -1 + NTP_4_2_8P18_RC1 + + scripts/invoke-plot_summary.texi@1.137 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/invoke-summary.texi@1.136 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.348 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/ntp-wait-opts@1.84 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.343 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.345 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/ntp-wait.html@1.364 +109 -93 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/ntp-wait.man.in@1.343 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.345 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.134 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/ntpsweep-opts@1.87 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.122 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.122 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/ntpsweep.html@1.136 +39 -65 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/ntpsweep.man.in@1.122 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.123 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/invoke-ntptrace.texi@1.137 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/ntptrace-opts@1.87 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/ntptrace.1ntptraceman@1.122 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.124 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/ntptrace.html@1.137 +96 -81 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/ntptrace.man.in@1.122 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/ntptrace/ntptrace.mdoc.in@1.125 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/plot_summary-opts@1.88 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/plot_summary.1plot_summaryman@1.135 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/plot_summary.1plot_summarymdoc@1.135 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/plot_summary.html@1.139 +46 -73 + NTP_4_2_8P18_RC1 + + scripts/plot_summary.man.in@1.135 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/plot_summary.mdoc.in@1.135 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/summary-opts@1.87 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/summary.1summaryman@1.134 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/summary.1summarymdoc@1.134 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/summary.html@1.138 +41 -66 + NTP_4_2_8P18_RC1 + + scripts/summary.man.in@1.134 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/summary.mdoc.in@1.134 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/update-leap/invoke-update-leap.texi@1.35 +1 -1 + NTP_4_2_8P18_RC1 + + scripts/update-leap/update-leap-opts@1.37 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/update-leap/update-leap.1update-leapman@1.35 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/update-leap/update-leap.1update-leapmdoc@1.36 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/update-leap/update-leap.html@1.35 +48 -80 + NTP_4_2_8P18_RC1 + + scripts/update-leap/update-leap.man.in@1.35 +2 -2 + NTP_4_2_8P18_RC1 + + scripts/update-leap/update-leap.mdoc.in@1.36 +2 -2 + NTP_4_2_8P18_RC1 + + sntp/invoke-sntp.texi@1.525 +2 -2 + NTP_4_2_8P18_RC1 + + sntp/sntp-opts.c@1.547 +161 -161 + NTP_4_2_8P18_RC1 + + sntp/sntp-opts.h@1.545 +3 -3 + NTP_4_2_8P18_RC1 + + sntp/sntp.1sntpman@1.360 +2 -2 + NTP_4_2_8P18_RC1 + + sntp/sntp.1sntpmdoc@1.360 +2 -2 + NTP_4_2_8P18_RC1 + + sntp/sntp.html@1.541 +258 -267 + NTP_4_2_8P18_RC1 + + sntp/sntp.man.in@1.360 +2 -2 + NTP_4_2_8P18_RC1 + + sntp/sntp.mdoc.in@1.360 +2 -2 + NTP_4_2_8P18_RC1 + + util/invoke-ntp-keygen.texi@1.528 +2 -2 + NTP_4_2_8P18_RC1 + + util/ntp-keygen-opts.c@1.549 +174 -174 + NTP_4_2_8P18_RC1 + + util/ntp-keygen-opts.h@1.547 +3 -3 + NTP_4_2_8P18_RC1 + + util/ntp-keygen.1ntp-keygenman@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + util/ntp-keygen.1ntp-keygenmdoc@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + util/ntp-keygen.html@1.201 +676 -652 + NTP_4_2_8P18_RC1 + + util/ntp-keygen.man.in@1.356 +2 -2 + NTP_4_2_8P18_RC1 + + util/ntp-keygen.mdoc.in@1.356 +2 -2 + NTP_4_2_8P18_RC1 + +ChangeSet@1.4056, 2024-04-28 22:49:42-05:00, stenn@stenn.chi1.ntfo.org + [Bug 2734] TEST3 prevents initial interleave sync + + ChangeLog@1.2097 +1 -0 + [Bug 2734] TEST3 prevents initial interleave sync + + ntpd/ntp_proto.c@1.459 +3 -1 + [Bug 2734] TEST3 prevents initial interleave sync + +ChangeSet@1.4055, 2024-04-21 03:19:48-05:00, harlan@stenn.chi1.ntfo.org + [Bug 3910] Memory leak using openssl-3 <hart@ntp.org> + + ChangeLog@1.2096 +1 -0 + [Bug 3910] Memory leak using openssl-3 <hart@ntp.org> + +ChangeSet@1.4054, 2024-04-21 03:11:17-05:00, harlan@stenn.chi1.ntfo.org + [Bug 3918] Tweak openssl header/library handling. <stenn@ntp.org> + + ChangeLog@1.2095 +3 -3 + [Bug 3918] Tweak openssl header/library handling. <stenn@ntp.org> + +ChangeSet@1.4053, 2024-04-17 04:23:11-05:00, harlan@stenn.chi1.ntfo.org + [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org> + + ChangeLog@1.2094 +1 -0 + [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org> + + ntpd/ntp_proto.c@1.458 +5 -0 + [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org> + +ChangeSet@1.4052, 2024-04-17 01:06:36-05:00, harlan@stenn.chi1.ntfo.org + [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com> + + ChangeLog@1.2093 +1 -0 + [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com> + + scripts/ntptrace/ntptrace.in@1.14 +10 -0 + [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com> + +ChangeSet@1.4051, 2024-04-16 21:21:02-05:00, harlan@stenn.chi1.ntfo.org + [Bug 3756] Improve OpenSSL-3 detection and usage. + + ChangeLog@1.2092 +1 -0 + [Bug 3756] Improve OpenSSL-3 detection and usage. + +ChangeSet@1.4050, 2024-04-16 18:54:42-05:00, harlan@stenn.chi1.ntfo.org + [Bug 3874] ntp_openssl.m4: openssl detection cleanup. <stenn@ntp.org> + + ChangeLog@1.2091 +1 -1 + [Bug 3874] ntp_openssl.m4: openssl detection cleanup. <stenn@ntp.org> + +ChangeSet@1.4040.3.2, 2024-04-15 18:23:02-07:00, harlan@ntp-testbuild.tal1.ntfo.org + openssl detection cleanup + + ChangeLog@1.2085.3.2 +1 -0 + openssl detection cleanup + + sntp/m4/ntp_openssl.m4@1.36.1.1 +115 -0 + openssl detection cleanup + +ChangeSet@1.4040.2.3, 2024-04-15 23:27:13+00:00, davehart@tl.ntp.md + revert unintended change to "case BLAH:" label indent level in ntp_proto.c + + ntpd/ntp_proto.c@1.454.2.2 +10 -11 + revert unintended change to "case BLAH:" label indent level. + +ChangeSet@1.4040.2.2, 2024-04-15 22:28:07+00:00, davehart@tl.ntp.md + Log failures to allocate receive buffers. + + ChangeLog@1.2085.2.2 +1 -0 + Log failures to allocate receive buffers. + + libntp/recvbuff.c@1.46 +26 -13 + Log failures to allocate receive buffers. + +ChangeSet@1.4040.3.1, 2024-04-14 23:49:56-07:00, harlan@ntp-testbuild.tal1.ntfo.org + Wire in --enable-build-framework + + ChangeLog@1.2085.3.1 +1 -0 + Wire in --enable-build-framework + + configure.ac@1.634.2.1 +17 -0 + Wire in --enable-build-framework + +ChangeSet@1.4040.2.1, 2024-04-13 18:47:27+00:00, davehart@tl.ntp.md + [Bug 3914] Spurious "Unexpected origin timestamp" logged after time stepped. + + ChangeLog@1.2085.2.1 +2 -0 + [Bug 3914] Spurious "Unexpected origin timestamp" logged after time stepped. + + ntpd/ntp_proto.c@1.454.2.1 +34 -20 + [Bug 3914] Spurious "Unexpected origin timestamp" logged after time stepped. + Log suggested poll value with KoD. + +ChangeSet@1.4040.1.5, 2024-04-12 12:23:49+00:00, davehart@tl.ntp.md + Update libtool initialization macros to recommended. + Quiet some more Autoconf deprecation warnings. + + configure.ac@1.634.1.1 +2 -3 + Update libtool initialization macros to recommended. + + ntpsnmpd/netsnmp_daemonize.c@1.8 +4 -12 + https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.72/autoconf.html#AC_005fHEADER_005fTIME + + sntp/configure.ac@1.92.1.1 +2 -3 + Update libtool initialization macros to recommended. + + sntp/libevent/configure.ac@1.21 +1 -1 + Quiet Autoconf warning by using equivalent non-obsolete macro. + + sntp/libevent/m4/acx_pthread.m4@1.2 +1 -1 + Quiet Autoconf warning by using equivalent non-obsolete macro. + + sntp/m4/ntp_compiler.m4@1.11 +1 -6 + Quiet Autoconf warning by using equivalent non-obsolete macro. + + sntp/m4/ntp_libntp.m4@1.41.1.1 +1 -1 + https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.72/autoconf.html#AC_005fHEADER_005fTIME + +ChangeSet@1.4040.1.4, 2024-04-11 02:51:34+00:00, davehart@tl.ntp.md + [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + Complete the switch from struct interface to endpt. + + ChangeLog@1.2085.1.2 +2 -0 + [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + + include/ntp.h@1.239.1.1 +6 -5 + Complete the switch from struct interface to endpt. + + include/ntp_control.h@1.61 +1 -1 + Complete the switch from struct interface to endpt. + + include/ntp_net.h@1.15 +1 -1 + Complete the switch from struct interface to endpt. + + include/ntpd.h@1.214 +3 -3 + Complete the switch from struct interface to endpt. + + libntp/socket.c@1.11 +8 -8 + Complete the switch from struct interface to endpt. + + ntpd/ntp_config.c@1.389 +2 -2 + Complete the switch from struct interface to endpt. + + ntpd/ntp_control.c@1.242.1.1 +8 -8 + Complete the switch from struct interface to endpt. + + ntpd/ntp_crypto.c@1.193.1.3 +1 -1 + Complete the switch from struct interface to endpt. + + ntpd/ntp_io.c@1.443.1.2 +200 -262 + [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + + ntpd/ntp_proto.c@1.454.1.1 +33 -10 + [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + + ports/winnt/include/ntp_iocpltypes.h@1.7 +0 -1 + omplete the switch from struct interface to endpt. + +ChangeSet@1.4040.1.3, 2024-04-11 01:49:09+00:00, davehart@tl.ntp.md + [Bug 3909] Do not select multicast local address for unicast peer. + + ChangeLog@1.2085.1.1 +2 -0 + [Bug 3909] Do not select multicast local address for unicast peer. + + ntpd/ntp_io.c@1.443.1.1 +26 -20 + [Bug 3909] Do not select multicast local address for unicast peer. + +ChangeSet@1.4047, 2024-04-08 04:35:34+00:00, davehart@tl.ntp.md + Fix mismatched braces breaking --enable-leap-smear builds (my mistake). + Test --enable-leap-smear in one of the flock-build variants. + + flock-build@1.54 +3 -15 + Build with leap smearing code active in the -noopenssl variant. + Remove references to Dr. Mills' backroom hosts, update udel hosts. + + ntpd/ntp_timer.c@1.102 +3 -2 + Fix mismatched braces breaking --enable-leap-smear builds (my mistake). + +ChangeSet@1.4045, 2024-04-04 21:49:45+00:00, davehart@fips-22-04.davehart.net + [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. + + ChangeLog@1.2088 +1 -0 + [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. + + include/Makefile.am@1.59 +1 -0 + add c99_snprintf.h to quiet [v]snprintf.h redefinition warnings. + + include/ntp.h@1.240 +8 -2 + Provide more digest size macros for unit tests. + + libntp/a_md5encrypt.c@1.59 +12 -15 + Do not terminate program on EVP_DigestInit() failure. + + libntp/authkeys.c@1.48 +3 -0 + Comment only + + libntp/ssl_init.c@1.34 +0 -3 + Move MD5_LENGTH macro to ntp.h + + ntpd/ntp_io.c@1.446 +1 -1 + Don't assume AF_UNSPEC is 0. + + sntp/crypto.c@1.43 +33 -39 + Use size_t rath4er than int/u_int. + Add digest buffer size arg to sntp's compute_mac(). + + sntp/crypto.h@1.16 +8 -7 + Use size_t and keyid_t rather than int/u_int. + + sntp/main.c@1.109 +10 -10 + Close broadcast sockets in sntp's kill_asyncio(). + + sntp/tests/crypto.c@1.20 +124 -63 + Switch unit test digest algorithm from MD5 to SHAKE128 so it works on FIPS OpenSSL. + + sntp/tests/packetHandling.c@1.8 +35 -15 + Switch unit test digest algorithm from MD5 to SHAKE128 so it works on FIPS OpenSSL. + + sntp/tests/packetProcessing.c@1.21 +112 -54 + Add SHAKE128 test, make MD5 test XFAIL to handle FIPS OpenSSL. + + sntp/tests/run-crypto.c@1.10 +10 -10 + generated + + sntp/tests/run-packetProcessing.c@1.16 +19 -17 + generated + + sntp/unity/unity_internals.h@1.8 +6 -4 + Make TEST_EXPECT_FAIL_MESSAGE() work. (Not in upstream) + + tests/libntp/a_md5encrypt.c@1.20 +76 -32 + Convert MAC unit tests to use SHA1 instead of MD5 for FIPS. + + tests/libntp/digests.c@1.3 +1 -1 + FIPS OpenSSL is expected to fail to initialize some digests. + + tests/libntp/run-a_md5encrypt.c@1.19 +5 -5 + generated + + tests/libntp/run-digests.c@1.4 +2 -2 + generated + + tests/libntp/run-ssl_init.c@1.12 +7 -7 + generated + + tests/libntp/ssl_init.c@1.12 +3 -7 + Remove redundant digest length identifiers + + util/lsf-times.c@1.1 +1 -0 + Stub needed by prior cset util/Makefile.am + + util/lsf-times.c@1.0 +0 -0 + +ChangeSet@1.4004.7.1, 2024-03-27 02:27:21-07:00, ntpreleng@ntp-bk2git.tal1.ntfo.org + authors.txt: + Add another email for Pearly + + BitKeeper/etc/authors.txt@1.4 +1 -0 + Add another email for Pearly + +ChangeSet@1.4044, 2024-03-04 13:16:37+00:00, davehart@tl.ntp.md + Build MD5 support even with OpenSSL to accomodate FIPS OpenSSL which lacks it. + Cache EVP_MD_CTX to avoid many alloc/frees around digest ops. + + include/ntp_md5.h@1.17 +13 -11 + Build MD5 support even with OpenSSL to accomodate FIPS OpenSSL which lacks it. + + include/ntp_stdlib.h@1.95 +4 -3 + Cache EVP_MD_CTX to avoid many alloc/frees around digest ops. + + libntp/a_md5encrypt.c@1.58 +33 -64 + Cache EVP_MD_CTX to avoid many alloc/frees around digest ops. + + libntp/ssl_init.c@1.33 +13 -9 + Cache EVP_MD_CTX to avoid many alloc/frees around digest ops. + + ntpd/ntp_control.c@1.243 +20 -31 + Use non-OpenSSL MD5 for mode 6 nonce generation. + + ntpd/ntp_crypto.c@1.196 +16 -41 + Cache EVP_MD_CTX to avoid many alloc/frees around digest ops. + + ntpd/ntp_proto.c@1.455 +3 -3 + Clean up debug output of timestamps. + + ports/winnt/include/msvc_ssl_autolib.h@1.4 +1 -1 + spelling + +ChangeSet@1.4043, 2024-02-23 09:09:57+00:00, hart@hart.chi1.ntfo.org + ntp_io.c: + clean up warnings about math with void * + + ntpd/ntp_io.c@1.445 +3 -2 + clean up warnings about math with void * + +ChangeSet@1.4042, 2024-02-23 08:49:49+00:00, davehart@fips-22-04.davehart.net + Remove deprecated configure --with-arlib option. + Remove configure support for ISC UNIX ca. 1998. + Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. + Move ENABLE_CMAC to ntp_openssl.m4, enabling sntp/tests CMAC unit tests. + Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. + Eliminate [v]snprintf redefinition warnings on macOS. + Fix clang 14 cast increases alignment warning on Linux. + Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests. + Use NTP_HARD_CPPFLAGS in libopts tearoff. + + BitKeeper/etc/ignore@1.99 +2 -0 + added sntp/libevent/build-aux/test-driver + + BitKeeper/etc/ignore@1.98 +1 -0 + added html/.datecheck + + ChangeLog@1.2087 +12 -1 + Remove deprecated configure --with-arlib option. + Remove configure support for ISC UNIX ca. 1998. + Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. + Move ENABLE_CMAC to ntp_openssl.m4, enabling sntp/tests CMAC unit tests. + Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. + Eliminate [v]snprintf redefinition warnings on macOS. + Fix clang 14 cast increases alignment warning on Linux. + Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests. + Use NTP_HARD_CPPFLAGS in libopts tearoff. + + configure.ac@1.635 +2 -30 + Remove deprecated configure --with-arlib option. + Remove support for ISC UNIX ca. 1998. + Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. + Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests. + + include/c99_snprintf.h@1.1 +28 -0 + Eliminate [v]snprintf redefinition warnings on macOS. + + include/c99_snprintf.h@1.0 +0 -0 + + libntp/ntp_intres.c@1.103 +0 -6 + Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. + + ntpd/ntp_io.c@1.444 +3 -5 + Eliminate clang 14 cast increases alignment warning re: nlmsghdr. + + sntp/configure.ac@1.93 +1 -2 + Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. + + sntp/libopts/Makefile.am@1.32 +1 -3 + Remove unneeded libopts_la_CPPFLAGS which prevented NTP_HARD_CPPFLAGS from being used. + Eliminate [v]snprintf redefinition warnings on macOS. + + sntp/m4/ntp_libntp.m4@1.42 +6 -66 + Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. + Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. + Eliminate [v]snprintf redefinition warnings on macOS. + + sntp/m4/ntp_openssl.m4@1.37 +12 -1 + Move ENABLE_CMAC to ntp_openssl.m4, enabling sntp/tests CMAC unit tests. + Fix ntp_openssl.m4 manual libcrypto search by clearing _cv_ var. + + sntp/tests/crypto.c@1.19 +20 -20 + Improve test ignore messages. + + sntp/tests/packetProcessing.c@1.20 +1 -1 + Improve test ignore messages. + + sntp/tests/run-packetProcessing.c@1.15 +19 -19 + Should have been regenerated last March, oops. + +ChangeSet@1.4040.1.1, 2024-02-18 01:31:23-08:00, harlan@ntp-testbuild.tal1.ntfo.org + Makefile.am: + distribute lsf-times.c in util/Makefile.am + lsf-times.c: + new file + run-refnumtoa.c, run-bug-2803.c: + Check in regenerated files + + tests/bug-2803/run-bug-2803.c@1.12 +1 -1 + Check in regenerated files + + tests/libntp/run-refnumtoa.c@1.12 +2 -2 + Check in regenerated files + + util/Makefile.am@1.85 +1 -0 + distribute lsf-times.c in util/Makefile.am + + util/lsf-times.c@1.1 +220 -0 + BitKeeper file util/lsf-times.c + + util/lsf-times.c@1.0 +0 -0 + +ChangeSet@1.4040, 2024-02-01 02:22:21-06:00, stenn@stenn.chi1.ntfo.org + Fix another extra */ + + libparse/ieee754io.c@1.15 +1 -1 + Fix another extra */ + +ChangeSet@1.4039, 2024-01-31 21:43:41-08:00, harlan@ntp-testbuild.tal1.ntfo.org + Remove an extra */ from libparse/ieee754io.c + + ChangeLog@1.2085 +1 -0 + Remove an extra */ from libparse/ieee754io.c + + libparse/ieee754io.c@1.14 +1 -1 + Remove an extra */ from libparse/ieee754io.c + +ChangeSet@1.4038, 2024-01-31 21:00:01-08:00, harlan@ntp-testbuild.tal1.ntfo.org + Fix .datecheck location in Makefile.am + + ChangeLog@1.2084 +1 -0 + Fix .datecheck location in Makefile.am + + Makefile.am@1.140 +1 -1 + Fix .datecheck location in Makefile.am + +ChangeSet@1.4036, 2024-01-31 20:47:13+00:00, davehart@tl.ntp.md + #ifdef out unused put_ieee754() which triggers a warning and appears buggy. + Insert newlines in long error messages in ntp_openssl.m4, ntp_crypto_rand.m4. + + libparse/ieee754io.c@1.13 +21 -2 + #ifdef out unused put_ieee754() which triggers a warning and appears buggy. + + sntp/m4/ntp_crypto_rand.m4@1.5 +10 -9 + Insert newlines in long error message. + + sntp/m4/ntp_openssl.m4@1.36 +20 -13 + Insert newlines in long error messages. + +ChangeSet@1.4035, 2024-01-30 09:00:44+00:00, davehart@tl.ntp.md + Avoid running checkHtmlFileDates script repeatedly when no html/*.html + files have changed. + Correct comment, clarify configure --help text re: --with-autokey. + Display KoD refid as text in recently added message. + Correct OpenSSL usage in Autokey code to avoid warnings about + discarding const qualifiers with OpenSSL 3. + Avoid clang warning "a function declaration without a prototype is + deprecated in all versions of C". + Abort configure if --enable-crypto-rand given & unavailable. + improve --help output for --enable-c99-snprintf. + Add configure --enable-verbose-ssl to trace SSL detection. + Silence warnings about dropping const qualifier by making a copy + of OpenSSL key data before modifying it in ntp-keygen. + Display KoD refid as text in recently added message. + Add build test coverage for --disable-saveconfig to flock-build script. + + ChangeLog@1.2082 +11 -2 + Display KoD refid as text in recently added message. + Correct OpenSSL usage in Autokey code to avoid warnings about + discarding const qualifiers with OpenSSL 3. + Avoid running checkHtmlFileDates script repeatedly when no html/*.html + + files have changed. + Add configure --enable-verbose-ssl to trace SSL detection. + Add build test coverage for --disable-saveconfig to flock-build script. + + Makefile.am@1.139 +1 -1 + Avoid running checkHtmlFileDates script repeatedly when no html/*.html + files have changed. + + configure.ac@1.634 +2 -2 + Correct comment, clarify configure --help text re: --with-autokey. + + flock-build@1.53 +2 -2 + Add build test coverage for --disable-saveconfig to flock-build script. + + libntp/numtoa.c@1.11 +37 -30 + Display KoD refid as text in recently added message. + + ntpd/ntp_crypto.c@1.193.1.2 +44 -28 + Correct OpenSSL usage in Autokey code to avoid warnings about + discarding const qualifiers with OpenSSL 3. + + ntpd/ntp_io.c@1.443 +1 -1 + Avoid clang warning "a function declaration without a prototype is + deprecated in all versions of C" + + ntpd/ntp_proto.c@1.454 +1 -1 + Display KoD refid as text in recently added message. + + ntpd/ntp_scanner.c@1.54 +3 -3 + Avoid clang warning "a function declaration without a prototype is + deprecated in all versions of C" + + ntpd/refclock_arc.c@1.35 +8 -5 + Quiet unused-but-set warning when building non-debug. + + scripts/build/checkHtmlFileDates@1.3 +18 -2 + Avoid running checkHtmlFileDates script repeatedly when no html/*.html + files have changed. + + sntp/m4/ntp_crypto_rand.m4@1.4 +29 -7 + Abort configure if --enable-crypto-rand given & unavailable. + + sntp/m4/ntp_libntp.m4@1.41 +4 -1 + improve --help output for --enable-c99-snprintf. + + sntp/m4/ntp_openssl.m4@1.35 +24 -11 + Add configure --enable-verbose-ssl to trace SSL detection. + + tests/libntp/calendar.c@1.19 +3 -3 + Avoid clang warning "a function declaration without a prototype is + deprecated in all versions of C" + + tests/libntp/clocktime.c@1.10 +2 -2 + Avoid clang warning "a function declaration without a prototype is + deprecated in all versions of C" + + tests/libntp/refnumtoa.c@1.8 +24 -26 + Display KoD refid as text in recently added message. + + util/ntp-keygen.c@1.113 +35 -20 + Silence warnings about dropping const qualifier by making a copy + of OpenSSL key data before modifying it. + +ChangeSet@1.4034, 2024-01-27 00:22:53+00:00, davehart@tl.ntp.md + [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe. + Suppress OpenSSL 3 deprecation warning clutter. + Fix problem with statisics files not being generated (broken after 4.2.8p17) + Remove unneeded 200ms wait during NT service shutdown. + Do not compile unneded bsd_strerror.c on Windows. + Reduce HAVE_IO_COMPLETION_PORT #ifdef clutter by moving calls + to io_completion_port_remove_socket into + close_and_delete_fd_from_list(). + Silence warnings building on macOS about incompatible types + for timeval.tv_usec. + Move massive config parser debug output from debug level 5 to 9. + Move yylex() debug output from level 4 to level 10. + Change overallocated 1k static lexeme buffer to 128 bytes. + + ChangeLog@1.2081 +3 -0 + [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe. + Suppress OpenSSL 3 deprecation warning clutter. + + include/ntpd.h@1.213 +2 -1 + Add eptoa() (endpoint to ascii) alternative name for latoa() + (local address to ascii). + + libntp/lib/isc/win32/strerror.c@1.18 +21 -14 + [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe. + + libntp/work_thread.c@1.29 +1 -1 + correct the correction + + ntpd/ntp_config.c@1.388 +9 -10 + Fix problem with statisics files not being generated (broken since 4.2.8p17) + Move massive config parser debug output from debug level 5 to 9. + Avoid "may be used uninitialized" warning re: match_type & action. + + ntpd/ntp_io.c@1.442 +30 -33 + Reduce HAVE_IO_COMPLETION_PORT #ifdef clutter by moving calls + to io_completion_port_remove_socket into + close_and_delete_fd_from_list(). + + ntpd/ntp_peer.c@1.170 +36 -14 + Use eptoa() iinstead of equivalent latoa() with endpt * + + ntpd/ntp_scanner.c@1.53 +10 -6 + Move yylex() debug output from level 4 to level 10. + Change overallocated 1k static lexeme buffer to 128 bytes. + + ports/winnt/include/ntp_iocpltypes.h@1.6 +1 -1 + comment only + + ports/winnt/ntpd/ntservice.c@1.35 +1 -3 + Do not shut down IO thread until after peers are removed to prevent + assertion unpeering a serial refclock. + Remove unneeded 200ms wait during service shutdown. + + ports/winnt/vs2015/libntp/libntp.vcxproj@1.12 +0 -1 + Do not compile unneded bsd_strerror.c on Windows + + ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.12 +0 -3 + Do not compile unneded bsd_strerror.c on Windows + + sntp/m4/ntp_openssl.m4@1.34 +9 -1 + Suppress OpenSSL 3 deprecation warning clutter. + Add missing -I in search for evp.h. + + tests/bug-2803/bug-2803.c@1.11 +4 -5 + Silence warnings building on macOS about incompatible types + for timeval.tv_usec. + + tests/libntp/timevalops.c@1.16 +3 -3 + Suppress OpenSSL 3 deprecation warning clutter. + +ChangeSet@1.4028.2.1, 2024-01-22 06:54:06+00:00, davehart@tl.ntp.md + [Bug 3901] LIB_GETBUF isn't thread-safe. + [Bug 3900] fast_xmit() selects wrong local addr responding to mcast on + Windows. + [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates + duplicate associations. + Remove useless pointer to Windows Help from system error messages. + Avoid newlines within Windows error messages. + Ensure unique association IDs if wrapped. + Write frequency file to 6 digits after decimal. + Unpeer on shutdown as long done on POSIX systems. + + Simplify calc_addr_distance(). + Clamp min/maxpoll in edge cases in newpeer(). + Quiet local addr change logginig when unpeering. + Correct missing arg for %s printf specifier in + send_blocking_resp_internal(). + + ChangeLog@1.2077.2.1 +13 -0 + [Bug 3901] LIB_GETBUF isn't thread-safe. + [Bug 3900] fast_xmit() selects wrong local addr responding to mcast on + Windows. + [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates + duplicate associations. + Remove useless pointer to Windows Help from system error messages. + Avoid newlines within Windows error messages. + Ensure unique association IDs if wrapped. + Simplify calc_addr_distance(). + Clamp min/maxpoll in edge cases in newpeer(). + Quiet local addr change logginig when unpeering. + Correct missing arg for %s printf specifier in + send_blocking_resp_internal(). + + include/lib_strbuf.h@1.13 +10 -15 + Minimize chances of LIB_STRBUF threading problems (more to come). + --- + [Bug 3901] LIB_GETBUF isn't thread-safe. + + include/ntp.h@1.236.1.3 +5 -0 + Quiet local addr change logginig when unpeering. + + libntp/lib/isc/win32/strerror.c@1.17 +30 -3 + Remove useless pointer to Windows Help from system error messages. + Avoid newlines within Windows error messages. + + libntp/lib_strbuf.c@1.13 +39 -15 + [Bug 3901] LIB_GETBUF isn't thread-safe. + + libntp/work_thread.c@1.28 +6 -2 + Correct missing arg for %s printf specifier in send_blocking_resp_internal. + + ntpd/ntp_io.c@1.438.1.3 +47 -50 + Simplify calc_addr_distance(). + + ntpd/ntp_peer.c@1.169 +97 -71 + [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient + creates duplicate associations. + Ensure unique association IDs even if we wrap 16 bits. + Never change interface for a link-local remote addreess. + Clamp min/maxpoll in edge cases in newpeer(). + Quiet local addr change logginig when unpeering. + + ntpd/ntp_proto.c@1.450.1.3 +20 -7 + [Bug 3900] fast_xmit() selects wrong local addr responding + to mcast on Windows. + --- + whoops + + ntpd/ntp_util.c@1.125.1.1 +5 -7 + Write frequency file to 6 digits after decimal. + + ntpq/ntpq-subs.c@1.135.1.1 +1 -1 + Remove no-op cast. + + ports/winnt/ntpd/ntservice.c@1.34 +1 -0 + Unpeer on shutdown as long done on POSIX systems. + +ChangeSet@1.4028.1.1, 2024-01-07 00:46:19-08:00, harlan@ntp-testbuild.tal1.ntfo.org + Makefile.am: + Added util/lsf-times + Many files: + Update copyright year to 2024 + + ChangeLog@1.2077.1.1 +2 -0 + Update copyright year to 2024 + + html/copyright.html@1.74 +2 -2 + Update copyright year to 2024 + + ntpd/invoke-ntp.conf.texi@1.228 +1 -1 + Update copyright year to 2024 + + ntpd/invoke-ntp.keys.texi@1.211 +1 -1 + Update copyright year to 2024 + + ntpd/invoke-ntpd.texi@1.525 +1 -1 + Update copyright year to 2024 + + ntpd/ntp.conf.5man@1.262 +3 -3 + Update copyright year to 2024 + + ntpd/ntp.conf.5mdoc@1.262 +3 -3 + Update copyright year to 2024 + + ntpd/ntp.conf.html@1.210 +817 -765 + Update copyright year to 2024 + + ntpd/ntp.conf.man.in@1.262 +3 -3 + Update copyright year to 2024 + + ntpd/ntp.conf.mdoc.in@1.262 +3 -3 + Update copyright year to 2024 + + ntpd/ntp.keys.5man@1.245 +3 -3 + Update copyright year to 2024 + + ntpd/ntp.keys.5mdoc@1.245 +4 -4 + Update copyright year to 2024 + + ntpd/ntp.keys.html@1.205 +97 -105 + Update copyright year to 2024 + + ntpd/ntp.keys.man.in@1.245 +3 -3 + Update copyright year to 2024 + + ntpd/ntp.keys.mdoc.in@1.245 +4 -4 + Update copyright year to 2024 + + ntpd/ntpd-opts.c@1.550 +4 -4 + Update copyright year to 2024 + + ntpd/ntpd-opts.h@1.549 +2 -2 + Update copyright year to 2024 + + ntpd/ntpd.1ntpdman@1.354 +3 -3 + Update copyright year to 2024 + + ntpd/ntpd.1ntpdmdoc@1.354 +3 -3 + Update copyright year to 2024 + + ntpd/ntpd.html@1.199 +427 -398 + Update copyright year to 2024 + + ntpd/ntpd.man.in@1.354 +3 -3 + Update copyright year to 2024 + + ntpd/ntpd.mdoc.in@1.354 +3 -3 + Update copyright year to 2024 + + ntpdc/invoke-ntpdc.texi@1.524 +1 -1 + Update copyright year to 2024 + + ntpdc/ntpdc-opts.c@1.545 +4 -4 + Update copyright year to 2024 + + ntpdc/ntpdc-opts.h@1.544 +2 -2 + Update copyright year to 2024 + + ntpdc/ntpdc.1ntpdcman@1.355 +3 -3 + Update copyright year to 2024 + + ntpdc/ntpdc.1ntpdcmdoc@1.355 +3 -3 + Update copyright year to 2024 + + ntpdc/ntpdc.html@1.369 +215 -209 + Update copyright year to 2024 + + ntpdc/ntpdc.man.in@1.355 +3 -3 + Update copyright year to 2024 + + ntpdc/ntpdc.mdoc.in@1.355 +3 -3 + Update copyright year to 2024 + + ntpq/invoke-ntpq.texi@1.534 +1 -1 + Update copyright year to 2024 + + ntpq/ntpq-opts.c@1.554 +4 -4 + Update copyright year to 2024 + + ntpq/ntpq-opts.h@1.552 +2 -2 + Update copyright year to 2024 + + ntpq/ntpq.1ntpqman@1.362 +3 -3 + Update copyright year to 2024 + + ntpq/ntpq.1ntpqmdoc@1.362 +3 -3 + Update copyright year to 2024 + + ntpq/ntpq.html@1.199 +813 -815 + Update copyright year to 2024 + + ntpq/ntpq.man.in@1.362 +3 -3 + Update copyright year to 2024 + + ntpq/ntpq.mdoc.in@1.362 +3 -3 + Update copyright year to 2024 + + ntpsnmpd/invoke-ntpsnmpd.texi@1.524 +2 -2 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd-opts.c@1.545 +4 -4 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd-opts.h@1.544 +2 -2 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdman@1.353 +3 -3 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc@1.353 +3 -3 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd.html@1.191 +39 -52 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd.man.in@1.353 +3 -3 + Update copyright year to 2024 + + ntpsnmpd/ntpsnmpd.mdoc.in@1.353 +3 -3 + Update copyright year to 2024 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjman@1.114 +2 -2 + Update copyright year to 2024 + + scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc@1.116 +2 -2 + Update copyright year to 2024 + + scripts/calc_tickadj/calc_tickadj.html@1.115 +50 -29 + Update copyright year to 2024 + + scripts/calc_tickadj/calc_tickadj.man.in@1.113 +2 -2 + Update copyright year to 2024 + + scripts/calc_tickadj/calc_tickadj.mdoc.in@1.116 +2 -2 + Update copyright year to 2024 + + scripts/calc_tickadj/invoke-calc_tickadj.texi@1.118 +1 -1 + Update copyright year to 2024 + + scripts/invoke-plot_summary.texi@1.136 +1 -1 + Update copyright year to 2024 + + scripts/invoke-summary.texi@1.135 +1 -1 + Update copyright year to 2024 + + scripts/ntp-wait/invoke-ntp-wait.texi@1.347 +1 -1 + Update copyright year to 2024 + + scripts/ntp-wait/ntp-wait-opts@1.83 +1 -1 + Update copyright year to 2024 + + scripts/ntp-wait/ntp-wait.1ntp-waitman@1.342 +2 -2 + Update copyright year to 2024 + + scripts/ntp-wait/ntp-wait.1ntp-waitmdoc@1.344 +2 -2 + Update copyright year to 2024 + + scripts/ntp-wait/ntp-wait.html@1.363 +93 -109 + Update copyright year to 2024 + + scripts/ntp-wait/ntp-wait.man.in@1.342 +2 -2 + Update copyright year to 2024 + + scripts/ntp-wait/ntp-wait.mdoc.in@1.344 +2 -2 + Update copyright year to 2024 + + scripts/ntpsweep/invoke-ntpsweep.texi@1.133 +1 -1 + Update copyright year to 2024 + + scripts/ntpsweep/ntpsweep-opts@1.86 +1 -1 + Update copyright year to 2024 + + scripts/ntpsweep/ntpsweep.1ntpsweepman@1.121 +2 -2 + Update copyright year to 2024 + + scripts/ntpsweep/ntpsweep.1ntpsweepmdoc@1.121 +2 -2 + Update copyright year to 2024 + + scripts/ntpsweep/ntpsweep.html@1.135 +63 -37 + Update copyright year to 2024 + + scripts/ntpsweep/ntpsweep.man.in@1.121 +2 -2 + Update copyright year to 2024 + + scripts/ntpsweep/ntpsweep.mdoc.in@1.122 +2 -2 + Update copyright year to 2024 + + scripts/ntptrace/invoke-ntptrace.texi@1.136 +1 -1 + Update copyright year to 2024 + + scripts/ntptrace/ntptrace-opts@1.86 +1 -1 + Update copyright year to 2024 + + scripts/ntptrace/ntptrace.1ntptraceman@1.121 +2 -2 + Update copyright year to 2024 + + scripts/ntptrace/ntptrace.1ntptracemdoc@1.123 +2 -2 + Update copyright year to 2024 + + scripts/ntptrace/ntptrace.html@1.136 +81 -96 + Update copyright year to 2024 + + scripts/ntptrace/ntptrace.man.in@1.121 +2 -2 + Update copyright year to 2024 + + scripts/ntptrace/ntptrace.mdoc.in@1.124 +2 -2 + Update copyright year to 2024 + + scripts/plot_summary-opts@1.87 +1 -1 + Update copyright year to 2024 + + scripts/plot_summary.1plot_summaryman@1.134 +2 -2 + Update copyright year to 2024 + + scripts/plot_summary.1plot_summarymdoc@1.134 +2 -2 + Update copyright year to 2024 + + scripts/plot_summary.html@1.138 +71 -44 + Update copyright year to 2024 + + scripts/plot_summary.man.in@1.134 +2 -2 + Update copyright year to 2024 + + scripts/plot_summary.mdoc.in@1.134 +2 -2 + Update copyright year to 2024 + + scripts/summary-opts@1.86 +1 -1 + Update copyright year to 2024 + + scripts/summary.1summaryman@1.133 +2 -2 + Update copyright year to 2024 + + scripts/summary.1summarymdoc@1.133 +2 -2 + Update copyright year to 2024 + + scripts/summary.html@1.137 +64 -39 + Update copyright year to 2024 + + scripts/summary.man.in@1.133 +2 -2 + Update copyright year to 2024 + + scripts/summary.mdoc.in@1.133 +2 -2 + Update copyright year to 2024 + + scripts/update-leap/invoke-update-leap.texi@1.34 +1 -1 + Update copyright year to 2024 + + scripts/update-leap/update-leap-opts@1.36 +1 -1 + Update copyright year to 2024 + + scripts/update-leap/update-leap.1update-leapman@1.34 +2 -2 + Update copyright year to 2024 + + scripts/update-leap/update-leap.1update-leapmdoc@1.35 +2 -2 + Update copyright year to 2024 + + scripts/update-leap/update-leap.html@1.34 +79 -47 + Update copyright year to 2024 + + scripts/update-leap/update-leap.man.in@1.34 +2 -2 + Update copyright year to 2024 + + scripts/update-leap/update-leap.mdoc.in@1.35 +2 -2 + Update copyright year to 2024 + + sntp/include/copyright.def@1.32 +1 -1 + Update copyright year to 2024 + + sntp/invoke-sntp.texi@1.524 +1 -1 + Update copyright year to 2024 + + sntp/sntp-opts.c@1.546 +4 -4 + Update copyright year to 2024 + + sntp/sntp-opts.h@1.544 +2 -2 + Update copyright year to 2024 + + sntp/sntp.1sntpman@1.359 +3 -3 + Update copyright year to 2024 + + sntp/sntp.1sntpmdoc@1.359 +3 -3 + Update copyright year to 2024 + + sntp/sntp.html@1.540 +267 -258 + Update copyright year to 2024 + + sntp/sntp.man.in@1.359 +3 -3 + Update copyright year to 2024 + + sntp/sntp.mdoc.in@1.359 +3 -3 + Update copyright year to 2024 + + util/Makefile.am@1.84 +2 -1 + Added util/lsf-times + + util/invoke-ntp-keygen.texi@1.527 +1 -1 + Update copyright year to 2024 + + util/ntp-keygen-opts.c@1.548 +4 -4 + Update copyright year to 2024 + + util/ntp-keygen-opts.h@1.546 +2 -2 + Update copyright year to 2024 + + util/ntp-keygen.1ntp-keygenman@1.355 +3 -3 + Update copyright year to 2024 + + util/ntp-keygen.1ntp-keygenmdoc@1.355 +3 -3 + Update copyright year to 2024 + + util/ntp-keygen.html@1.200 +652 -676 + Update copyright year to 2024 + + util/ntp-keygen.man.in@1.355 +3 -3 + Update copyright year to 2024 + + util/ntp-keygen.mdoc.in@1.355 +3 -3 + Update copyright year to 2024 + +ChangeSet@1.4032, 2024-01-05 08:09:43+00:00, davehart@tl.ntp.md + Fix build failure with forking worker. + + ntpd/ntpd.c@1.190.1.4 +1 -1 + Fix simulator build. + +ChangeSet@1.4029.1.1, 2024-01-04 10:33:34+00:00, davehart@tl.ntp.md + Further changes to ensure ntp_openssl.m4 does the right thing on systems + where no extra flags are needed to use OpenSSL. + Do not disable periodic network interface scans if we are abot + to get notifications from Windows, as some systems are observed + to get those notifications very late. + Update NEWS to note change to require --without-crypto or error out of configure. + + NEWS@1.220 +11 -0 + Note change to require --without-crypto or error out of configure. + + configure.ac@1.633 +1 -1 + Force config.cache flush + + ports/winnt/ntpd/ntp_iocompletionport.c@1.87 +2 -1 + Do not disable periodic network interface scans if we are able + to get notifications from Windows, as some systems are observed + to get those notifications very late. + + sntp/configure.ac@1.92 +1 -1 + Force config.cache flush + + sntp/m4/ntp_openssl.m4@1.33 +215 -137 + Further changes to ensure ntp_openssl.m4 does the right thing on systems + where no extra flags are needed to use OpenSSL. + Avoid silent downgrade to crypto-free build, error unless --without-crypto. + +ChangeSet@1.4026.2.1, 2023-10-30 04:31:05+00:00, davehart@tl.ntp.md + [Bug 3847] SSL detection in configure should run-test if runpath is needed. + Use @configure_input@ in various *.in files to include a comment that + the file is generated from another pointing to the *.in. + Correct underquoting, indents in ntp_facilitynames.m4. + Clean up a few warnings seen building with older gcc. + Fix build on older FreeBSD lacking sys/procctl.h. + Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix + that makes it unnecessary, re-enabling ASLR stack gap. + + ChangeLog@1.2075.2.1 +9 -0 + [Bug 3847] SSL detection in configure should run-test if runpath is needed. + Use @configure_input@ in various *.in files to include a comment that + the file is generated from another pointing to the *.in. + Correct underquoting, indents in ntp_facilitynames.m4. + Clean up a few warnings seen building with older gcc. + Fix build on older FreeBSD lacking sys/procctl.h. + Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix + that makes it unnecessary, re-enabling ASLR stack gap. + + check-libntp.mf@1.4 +4 -1 + Skip libntp submakes with --disable-dependency-tracking to save time + for one-off builds. + + configure.ac@1.630.1.1 +7 -10 + Use AC_MSG_FAILURE for internal error, which refers user to config.log. + Bump configure cache version with ntp_openssl.m4 changes, s/b unneeded. + Remove unneded AC_SUBST of CFLAGS & LDFLAGS. + Fix build on older FreeBSD lacking sys/procctl.h. + + libntp/ntp_realpath.c@1.3 +22 -21 + Remove warning for shadowing 'symlink'. + Enforce NTP_MAXSYMLINKS correctly. + + libntp/timexsup.c@1.4 +18 -4 + Fix build on FreeBSD 7 and other ancient systems by following the + pattern used elsewhere in our source for including time.h and timex.h. + + libparse/Makefile.am@1.36 +5 -10 + Use silent rules, $(SED) from Autoconf. + + ntpd/complete.conf.in@1.38.1.1 +11 -11 + Use RFC 5737 IPv4 documentation prefixes, more exemplary pool hostnames, + remove reference to long-gone freenet6.net. + + ntpd/ntp_config.c@1.385.1.1 +20 -16 + Clean up warning for shadowing 'poll' by renaming attrtopsl() arg + from poll to log2_poll. + + ntpd/ntp_util.c@1.124.1.1 +2 -2 + Uninit FILE *fp, missing %s arg. + Add missing arg to statsdir too long msyslog(). + + ntpd/ntpd.c@1.190.2.1 +28 -26 + Remove warning about shadowing "pipe" in detach_from_terminal(). + Fix build on older FreeBSD lacking sys/procctl.h. + Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix + that makes it unnecessary, re-enabling ASLR stack gap. + + ntpdc/nl.pl.in@1.10 +1 -0 + Add @configure_input@ comment + + ntpq/ntpq-subs.c@1.136 +2 -2 + Correct comment, indent. + + ntpsnmpd/Makefile.am@1.46 +1 -1 + Be sure the OpenSSL includes we're using come before any we get + from SNMP configuration. + + scripts/build/genAuthors.in@1.3 +1 -0 + Add @configure_input@ comment + + scripts/build/mkver.in@1.17 +2 -0 + Add @configure_input@ comment + + scripts/calc_tickadj/calc_tickadj.in@1.5 +1 -0 + Add @configure_input@ comment + + scripts/ntp-wait/ntp-wait.in@1.13 +1 -0 + Add @configure_input@ comment + + scripts/ntpsweep/ntpsweep.in@1.10 +1 -0 + Add @configure_input@ comment + + scripts/ntptrace/ntptrace.in@1.13 +1 -0 + Add @configure_input@ comment + + scripts/ntpver.in@1.4 +2 -1 + Add @configure_input@ comment. + Use equivalent "version" system variable instead of "daemon_version" + + scripts/plot_summary.in@1.4 +1 -0 + Add @configure_input@ comment + + scripts/summary.in@1.4 +1 -0 + Add @configure_input@ comment + + scripts/update-leap/update-leap.in@1.7 +1 -0 + Add @configure_input@ comment + + sntp/Makefile.am@1.95 +1 -2 + Fix syntax error "; unexpected" when --enable-local-libevent + is needed for "make dist" + + sntp/check-libntp.mf@1.7 +5 -1 + Skip libntp submakes with --disable-dependency-tracking to save time + for one-off builds. + + sntp/configure.ac@1.91 +1 -1 + Bump configure cache version, s/b unneeded + + sntp/libevent/kqueue.c@1.9 +1 -1 + Fix libevent build on older FreeBSD lacking ENOTCAPABLE. + + sntp/m4/ntp_facilitynames.m4@1.2 +20 -13 + Correct underquoting, indents. + No need to check for cross-compiling when we're not running the result. + + sntp/m4/ntp_libntp.m4@1.40 +9 -3 + Skip libntp submakes with --disable-dependency-tracking to save time + for one-off builds. + Require AC_PROG_SED, we get it already but document use for $SED/$(SED) + + sntp/m4/ntp_openssl.m4@1.32 +323 -228 + [Bug 3847] SSL detection in configure should run-test if runpath is needed. + + sntp/tests/fileHandlingTest.h.in@1.16 +7 -1 + Add @configure_input@ comment + +ChangeSet@1.4026.1.1, 2023-09-30 05:35:01+00:00, davehart@tl.ntp.md + [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails. + Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT + declaration from ntp_types.h to config.h. + Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files. + + ChangeLog@1.2075.1.1 +4 -0 + [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails. + Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT + declaration from ntp_types.h to config.h. + + configure.ac@1.631 +12 -0 + Move NONEMPTY_TRANSLATION_UNIT declaration from ntp_types.h to config.h. + + include/ntp_types.h@1.40 +0 -10 + Move NONEMPTY_TRANSLATION_UNIT declaration from ntp_types.h to config.h. + + libntp/adjtime.c@1.9 +1 -1 + Lose unused global + + libntp/audio.c@1.39 +1 -1 + Lose unused global + + libntp/bsd_strerror.c@1.7 +1 -1 + Lose unused global + + libntp/snprintf.c@1.14 +1 -1 + Lose unused global + + libparse/clk_computime.c@1.14 +1 -1 + Lose unused global + + libparse/clk_dcf7000.c@1.14 +1 -1 + Lose unused global + + libparse/clk_meinberg.c@1.17 +1 -1 + Lose unused global + + libparse/clk_rawdcf.c@1.25 +1 -1 + Lose unused global + + libparse/clk_rcc8000.c@1.13 +1 -1 + Lose unused global + + libparse/clk_schmid.c@1.16 +1 -1 + Lose unused global + + libparse/clk_sel240x.c@1.5 +1 -1 + Lose unused global + + libparse/clk_trimtaip.c@1.14 +1 -1 + Lose unused global + + libparse/clk_trimtsip.c@1.16 +1 -1 + Lose unused global + + libparse/clk_varitext.c@1.13 +1 -1 + Lose unused global + + libparse/parse.c@1.22 +1 -1 + Lose unused global + + libparse/parse_conf.c@1.12 +1 -1 + Lose unused global + + ntpd/ntp_crypto.c@1.193.1.1 +1 -1 + Lose unused global + + ntpd/refclock_acts.c@1.57 +1 -1 + Lose unused global + + ntpd/refclock_arbiter.c@1.23 +1 -1 + Lose unused global + + ntpd/refclock_as2201.c@1.19 +1 -1 + Lose unused global + + ntpd/refclock_atom.c@1.63 +1 -1 + Lose unused global + + ntpd/refclock_bancomm.c@1.18 +1 -1 + Lose unused global + + ntpd/refclock_chronolog.c@1.14 +1 -1 + Lose unused global + + ntpd/refclock_conf.c@1.36 +1 -1 + Lose unused global + + ntpd/refclock_dumbclock.c@1.21 +1 -1 + Lose unused global + + ntpd/refclock_fg.c@1.18 +1 -1 + Lose unused global + + ntpd/refclock_gpsvme.c@1.11 +1 -1 + Lose unused global + + ntpd/refclock_heath.c@1.22 +1 -1 + Lose unused global + + ntpd/refclock_hopfpci.c@1.15 +1 -1 + Lose unused global + + ntpd/refclock_hopfser.c@1.20 +1 -1 + Lose unused global + + ntpd/refclock_hpgps.c@1.19 +1 -1 + Lose unused global + + ntpd/refclock_irig.c@1.38 +1 -1 + Lose unused global + + ntpd/refclock_jjy.c@1.39 +1 -1 + Lose unused global + + ntpd/refclock_jupiter.c@1.36 +1 -1 + Lose unused global + + ntpd/refclock_local.c@1.23 +1 -1 + Lose unused global + + ntpd/refclock_mx4200.c@1.33 +1 -1 + Lose unused global + + ntpd/refclock_neoclock4x.c@1.25 +1 -1 + Lose unused global + + ntpd/refclock_oncore.c@1.109 +1 -1 + Lose unused global + + ntpd/refclock_palisade.c@1.52 +1 -1 + Lose unused global + + ntpd/refclock_pcf.c@1.14 +1 -1 + Lose unused global + + ntpd/refclock_pst.c@1.15 +1 -1 + Lose unused global + + ntpd/refclock_ripencc.c@1.20 +1 -1 + Lose unused global + + ntpd/refclock_tpro.c@1.15 +1 -1 + Lose unused global + + ntpd/refclock_true.c@1.29 +1 -1 + Lose unused global + + ntpd/refclock_tsyncpci.c@1.11 +1 -1 + Lose unused global + + ntpd/refclock_tt560.c@1.5 +1 -1 + Lose unused global + + ntpd/refclock_ulink.c@1.21 +1 -1 + Lose unused global + + ntpd/refclock_wwv.c@1.81 +1 -1 + Lose unused global + + ntpd/refclock_wwvb.c@1.37 +1 -1 + Lose unused global + + ntpd/refclock_zyfer.c@1.13 +1 -1 + Lose unused global + + ntpsnmpd/netsnmp_daemonize.c@1.7 +1 -1 + Lose unused global + + ports/winnt/include/config.h@1.121 +10 -0 + Move NONEMPTY_TRANSLATION_UNIT declaration from ntp_types.h to config.h. + + ports/winnt/vs2015/libntp/libntp.vcxproj@1.11 +1 -0 + Add bsd_strerror.c ref + + ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.11 +3 -0 + Add bsd_strerror.c ref + + ports/winnt/vs2015/ntpd/ntpd.vcxproj@1.12 +2 -1 + Add clk_sel240x.c under Parse Lib + + ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters@1.9 +5 -7 + Add clk_sel240x.c under Parse Lib + +ChangeSet@1.4027, 2023-09-30 03:53:06+00:00, davehart@tl.ntp.md + [Bug 3872] Ignore restrict mask for hostname. + [Bug 3868] Cannot restrict a pool peer. + [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. + Correct handling of not-found or unreadable or corrupt driftfile + to match comments by starting protocol engine in FREQ mode. + Add missing printf-style arg in ntp_util.c. + Update ntp.conf documentation to add "delrestrict" and correct + information about KoD rate limiting. + + ChangeLog@1.2076 +6 -0 + [Bug 3872] Ignore restrict mask for hostname. + [Bug 3868] Cannot restrict a pool peer. + [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. + Update ntp.conf documentation to add "delrestrict" and correct + information about KoD rate limiting. + + include/ntp.h@1.236.1.2 +6 -7 + Rearrange restrict_u members for better packing. + Change restrict_u.expire from u_long to u_int32. 136 years is plenty of range. + Lose RES_FLAGS as the single place it was used has gone away. + + include/ntp_config.h@1.92 +9 -4 + [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. + Expand restrict_node in syntax tree to allow delrestrict in ntp.conf + and preserve column along with line for error reporting. + + include/ntpd.h@1.212 +6 -5 + Indicate success with hack_restrict() return value. + + include/vint64ops.h@1.4 +1 -1 + Eliminate strtouv64() const warning mess by following strtol() model. + + libntp/vint64ops.c@1.4 +11 -10 + Eliminate strtouv64() const warning mess by following strtol() model. + + ntpd/complete.conf.in@1.39 +16 -11 + Add delrestrict lines interspersed with restrict lines. + Remove "ippeerlimit -1" entries as that is the default and saveconfig now omits it. + Remove all-ones masks as saveconfig now omits them. + Live up to the complete.conf name by referencing all the restrict bits. + Use doc-reserved IP prefixes. + + ntpd/invoke-ntp.conf.texi@1.227 +40 -25 + Autogen + + ntpd/keyword-gen-utd@1.37 +1 -1 + keyword-gen.c output + + ntpd/keyword-gen.c@1.45 +1 -0 + Add "delrestrict" + + ntpd/ntp.conf.5man@1.261 +42 -26 + Autogen + + ntpd/ntp.conf.5mdoc@1.261 +45 -26 + Autogen + + ntpd/ntp.conf.def@1.38 +43 -24 + Update ntp.conf doocumentation to reflect the addition of "delrestrict", + change references to "dotted-quad" addresses to "numeric" to generalize + for IPv6 as well, and correct the information about KoD rate limiting. + + ntpd/ntp.conf.html@1.209 +40 -24 + Autogen + + ntpd/ntp.conf.man.in@1.261 +42 -26 + Autogen + + ntpd/ntp.conf.mdoc.in@1.261 +45 -26 + Autogen + + ntpd/ntp_config.c@1.386 +151 -77 + omit "ipperlimit -1" which is default from restrict saveconfig. + Provide column in restrict error messages. + Report hack_restrict() failures. + Ignore restriction mask when address comes from hostname. + normal_dtoa(): don't use strlcpy() for overlapping buffers, undefined behavior. + + ntpd/ntp_io.c@1.438.1.2 +20 -5 + Make local address deletion message match addition message. + Report hack_restrict() failures. + + ntpd/ntp_keyword.h@1.41 +1044 -1034 + keyword-gen.c output + + ntpd/ntp_leapsec.c@1.27 +1 -1 + Correct misleading indent + + ntpd/ntp_monitor.c@1.47 +11 -10 + Use braces consistently, correct KoD rate-limiting comment. + + ntpd/ntp_parser.c@1.121 +1593 -1546 + bison ntp_parser.y + + ntpd/ntp_parser.h@1.82 +371 -369 + bison ntp_parser.y + + ntpd/ntp_parser.y@1.109 +50 -21 + Add "delrestrict" support. + Reduce code duplication by factoring out restrict mask parsing. + Correct out of bounds ippeerlimit line/col reporting. + + ntpd/ntp_peer.c@1.168 +2 -2 + Use TRUE/FALSE for restrict_source() remove argument. + + ntpd/ntp_proto.c@1.450.1.2 +6 -12 + Always add restrict source entry before soliciting pool server. + + ntpd/ntp_request.c@1.134 +12 -3 + report hack_restrict() failures. + + ntpd/ntp_restrict.c@1.50 +185 -143 + Sort RESM_SOURCE entries after others so static entries have precedence, + allowing runtime-added pool IP restrictions to be effective (Bug 3868]. + Check for failure of hack_restrict() operations. + #ifdef DEBUG dump_restricts() code which was dead code in release builds. + Do not assume the first member of struct in_addr is s_addr. + + ntpd/ntp_util.c@1.125 +9 -8 + Correct handling of not-found or unreadable or corrupt driftfile + to match comments by starting protocol engine in FREQ mode. + Add missing printf-style arg. + + ntpd/ntpd.c@1.190.1.2 +2 -2 + Typo broke Linux build. + + tests/libntp/vi64ops.c@1.8 +6 -6 + Eliminate strtouv64() const warning mess by following strtol() model. + +ChangeSet@1.4026, 2023-09-05 20:40:34+00:00, davehart@tl.ntp.md + [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs. + Correct ntp.conf docs burst packet count from 8 to 6. + + ChangeLog@1.2075 +2 -0 + [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs. + + html/release.html@1.44 +1 -1 + typo + + ntpd/invoke-ntp.conf.texi@1.226 +6 -30 + Autogen + + ntpd/ntp.conf.5man@1.260 +7 -33 + Autogen + + ntpd/ntp.conf.5mdoc@1.260 +6 -31 + Autogen + + ntpd/ntp.conf.def@1.37 +4 -29 + Remove long-gone "calldelay" & "crypto sign" from docs. + Correct burst packet count from 8 to 6. + + ntpd/ntp.conf.html@1.208 +5 -31 + Autogen + + ntpd/ntp.conf.man.in@1.260 +7 -33 + Autogen + + ntpd/ntp.conf.mdoc.in@1.260 +6 -31 + Autogen + +ChangeSet@1.4020.3.1, 2023-08-28 19:23:24+00:00, davehart@tl.davehart.net + [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. + Update CommitLog build rule for bk 7.x repo format. + Provide ntpd thread names to debugger on Windows. + Remove dead code libntp/numtohost.c and its unit tests. + Remove class A, B, C IPv4 distinctions in netof(). + + BitKeeper/deleted/88/run-test-numtohost.c~5477248c1ca0a276@1.14 +0 -0 + Rename: tests/libntp/run-numtohost.c -> BitKeeper/deleted/88/run-test-numtohost.c~5477248c1ca0a276 + + BitKeeper/deleted/9d/numtohost.c~3e480692@1.7 +0 -0 + Rename: libntp/numtohost.c -> BitKeeper/deleted/9d/numtohost.c~3e480692 + + BitKeeper/deleted/d4/numtohost.c~11c5a6cbd0341da7@1.8 +0 -0 + Rename: tests/libntp/numtohost.c -> BitKeeper/deleted/d4/numtohost.c~11c5a6cbd0341da7 + + ChangeLog@1.2069.3.1 +4 -0 + [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. + Provide ntpd thread names to debugger on Windows. + Remove dead code libntp/numtohost.c and its unit tests. + Remove class A, B, C IPv4 distinctions in netof(). + + Makefile.am@1.138 +1 -1 + Update CommitLog build rule for bk 7.x repo format. + + include/ntp.h@1.236.1.1 +12 -9 + Remove unused restrict_u member. + Move/rename bitflag dumpers for interface and restriction flags, + build_iflags() -> iflags_str() + build_mflags() -> mflags_str() + build_rflags() -> rflags_str() + + include/ntp_net.h@1.12.1.1 +5 -0 + Add IS_LOOPBACK_ADDR() macro. + + include/ntp_psl.h@1.2 +7 -4 + Use u_int32 for psl entries to save a few bytes on 64-bit systems. + + include/ntp_stdlib.h@1.91.1.1 +2 -2 + Include lib_strbuf.h from ntp_stdlib.h, remove many #includes. + + include/ntpd.h@1.211 +51 -12 + Rename globals for network addr rescans while changing use a bit. + interface_interval -> endpt_scan_period + interface_timer -> endpt_scan_timer + disable_dynamic_updates -> scan_addrs_once & no_periodic_scan + Move/rename bitflag dumpers for interface and restriction flags, + build_iflags() -> iflags_str() + build_mflags() -> mflags_str() + build_rflags() -> rflags_str() + Make the bigflag dumpers #ifdef DEBUG + + libntp/Makefile.am@1.87 +0 -1 + Remove dead code libntp/numtohost.c + + libntp/clocktypes.c@1.22 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/dofptoa.c@1.11 +0 -2 + Remove #include now in ntp_stdlib.h + + libntp/dolfptoa.c@1.14 +0 -2 + Remove #include now in ntp_stdlib.h + + libntp/humandate.c@1.13 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/lib_strbuf.c@1.10.1.1 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/machines.c@1.26.1.1 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/modetoa.c@1.7 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/netof.c@1.10 +11 -13 + IPv4 class A, B, C distinctions are now meaningless. + + libntp/ntp_calendar.c@1.27 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/numtoa.c@1.8.1.1 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/prettydate.c@1.22 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/refnumtoa.c@1.13 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/socktoa.c@1.20 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/socktohost.c@1.17 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/statestr.c@1.32 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/systime.c@1.79 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/uglydate.c@1.6 +0 -1 + Remove #include now in ntp_stdlib.h + + libntp/work_thread.c@1.27 +6 -3 + Provide thread name to debugger. + Correct comment. + + libparse/ieee754io.c@1.12 +0 -2 + Remove #include now in ntp_stdlib.h + + ntpd/cmd_args.c@1.65 +7 -9 + interface_interval -> endpt_scan_period + + ntpd/keyword-gen.c@1.44 +0 -1 + Remove #include now in ntp_stdlib.h + + ntpd/ntp_config.c@1.385 +69 -339 + Don't trigger addr rescan from config_nic_rules() during + initialization or if we've dropped privileges. + Make some internal error checks DEBUG-only. + Rename bitflag to string functions: + build_iflags() -> iflags_str() + build_mflags() -> mflags_str() + build_rflags() -> rflags_str() + Move iflags_str() to ntp_io.c, the other two to ntp_restrict.c + Rename appendstr() -> append_flagstr() and move to ntp_util.c + Check for not enough space in append_flagstr(). + Remove 3k of static string buffers in favor of LIB_GETBUF(). + + ntpd/ntp_control.c@1.242 +0 -1 + Remove #include now in ntp_stdlib.h + + ntpd/ntp_io.c@1.438.1.1 +117 -82 + Rescan net addrs when notified by Windows of a change. + Remove redundant comment + Remove #ifdef around init_io_completion_port() call + Change default net addr scan interval 300->301 to shift the scans from minute synchrony. + Reduce code duplication re: link/site local address classification. + Move/rename bitflag dumpers for interface flags: + build_iflags() -> iflags_str() + + ntpd/ntp_leapsec.c@1.26 +31 -49 + Remove #includes in ntp_stdlib.h + + ntpd/ntp_parser.c@1.120 +396 -420 + generated from ntp_parser.y + + ntpd/ntp_parser.h@1.81 +8 -6 + generated from ntp_parser.y + + ntpd/ntp_parser.y@1.108 +6 -1 + Use NTP_MINPOLL/NTP_MAXPOLL instead of hard-coding. + + ntpd/ntp_peer.c@1.167 +6 -4 + Do not log endpt changes for multicast addresses, they're + meaningless as we send from a list of endpoints (addresses). + + ntpd/ntp_proto.c@1.449.1.1 +57 -61 + Debug output improvements. + Display offset, delay, jitter to 9 decimal places in debug output. + Use mprintf_event() in a few places rather than snprintf + report_event. + Move/rename bitflag dumpers for interface and restriction flags, + build_iflags() -> iflags_str() + build_mflags() -> mflags_str() + build_rflags() -> rflags_str() + Use "0x%x" instead of "%#010x" displaying l_fp seconds as the + latter doesnn't work with Microsoft C. + + ntpd/ntp_restrict.c@1.49 +264 -157 + inline inc_/dec_res_limited() + Make some unlikely assertions DEBUG-only. + Remove voluminous debug output from match_restrict4_addr(). + Rename roptoa() -> resoop_str(). + Display flag bit names in hack_restrict() debug output. + Move/rename bitflag dumpers for restriction rflags, mflags. + build_mflags() -> mflags_str() + build_rflags() -> rflags_str() + The two above were moved from ntp_config.c and modified to use LIB_STRBUF(). + + ntpd/ntp_timer.c@1.99.1.1 +35 -36 + Rescan interfaces when notified by Windows of a change. + Remove interface_timer and interface_interval variables implementing + network interface periodic scans. + Replace those variables with endpt_scan_timer and endpt_scan_period + which are implemented slightly differently to enable on-change scans + on Windows with periodic re-scans suppressed. + Split disable_dynamic_updates into two variables: + no_periodic_scans + scan_addrs_once + + ntpd/ntp_util.c@1.124 +127 -107 + Remove #include now in ntp_stdlib.h + + ntpd/ntpd.c@1.190.1.1 +10 -18 + Split disable_dynamic_updates into two variables: + no_periodic_scans + scan_addrs_once + Remove interface_timer and interface_interval variables implementing + network interface periodic scans. + Replace those variables with endpt_scan_timer and endpt_scan_period + which are implemented slightly differently to enable on-change scans + on Windows with periodic re-scans suppressed. + + ntpd/refclock_nmea.c@1.85 +2 -0 + Eliminate unused func field_length() warning. + + ntpq/ntpq.c@1.199 +0 -4 + Remove #includes in ntpq.h + + ntpq/ntpq.h@1.34 +0 -1 + Remove #include now in ntp_stdlib.h + + ports/winnt/include/clockstuff.h@1.14 +6 -0 + Provide thread names to debugger. + + ports/winnt/include/config.h@1.120 +17 -13 + Update list of known _MSC_VER values + + ports/winnt/include/ntp_iocompletionport.h@1.24 +30 -5 + Use NotifyIpInterfaceChange on Windows Vista and newer. + + ports/winnt/include/ntservice.h@1.7 +0 -1 + Remove dead function declaration. + + ports/winnt/include/win32_io.h@1.3 +2 -2 + whitespace + + ports/winnt/instsrv/instsrv.c@1.13 +1 -1 + Correct app name + + ports/winnt/libntp/getclock.c@1.6 +7 -0 + Provide thread names to debugger. + + ports/winnt/libntp/syslog.c@1.12 +0 -56 + Remove long-dead code. + + ports/winnt/libntp/win32_io.c@1.4 +13 -9 + Bail out of InitSockets() when called more than once. + + ports/winnt/ntpd/hopf_PCI_io.c@1.10 +11 -28 + ntpd has never been able to run on Win32s (Win 3.1), remove check. + + ports/winnt/ntpd/nt_clockstuff.c@1.68 +18 -44 + Provide thread names to debugger. + Update my email address. + Remove code for unsupported pre-VS 2008 compiler. + Use Windows version number already discovered by libisc. + + ports/winnt/ntpd/nt_ppsimpl.c@1.7 +0 -1 + Remove #include now in ntp_stdlib.h + + ports/winnt/ntpd/ntp_iocompletionport.c@1.86 +125 -68 + Rescan net addrs when notified by Windows of a change. + Provide thread names to debugger. + Use Windows version number already discovered by libisc. + + ports/winnt/ntpd/ntservice.c@1.33 +10 -13 + Return immediately from service control handler when asked + to stop rather than sleeping for 100ms after signaling + the main thread to exit(). + + ports/winnt/vs2005/libntp.vcproj@1.31 +0 -4 + Remove dead code libntp/numtohost.c + + ports/winnt/vs2008/libntp/libntp.vcproj@1.62 +0 -4 + Remove dead code libntp/numtohost.c + + ports/winnt/vs2013/libntp/libntp.vcxproj@1.18 +0 -1 + Remove dead code libntp/numtohost.c + + ports/winnt/vs2013/libntp/libntp.vcxproj.filters@1.16 +0 -3 + Remove dead code libntp/numtohost.c + + ports/winnt/vs2015/libntp/libntp.vcxproj@1.10 +0 -1 + Remove dead code libntp/numtohost.c + + ports/winnt/vs2015/libntp/libntp.vcxproj.filters@1.10 +0 -3 + Remove dead code libntp/numtohost.c + + sntp/tests/crypto.c@1.16.1.1 +0 -6 + Remove unused locals in test_VerifyCMAC() + + sntp/utilities.h@1.12 +0 -1 + Remove #include now in ntp_stdlib.h + + tests/libntp/Makefile.am@1.105 +0 -12 + Remove tests for dead code libntp/numtohost.c + + tests/libntp/caljulian.c@1.16 +0 -1 + Remove #include now in ntp_stdlib.h + + tests/libntp/netof.c@1.11 +0 -33 + IPv4 class A, B, C distinctions are now meaningless. + + tests/libntp/run-caljulian.c@1.17 +4 -5 + generated + + tests/libntp/run-netof.c@1.11 +2 -6 + generated + + tests/ntpd/leapsec.c@1.6 +0 -1 + Remove #include now in ntp_stdlib.h + + tests/ntpd/run-leapsec.c@1.10 +33 -34 + generated + +ChangeSet@1.4023.2.1, 2023-08-24 14:06:05+00:00, davehart@tl.davehart.net + [Bug 3753] ntpd won't start with FIPS-enabled OpenSSL 3.x. + + ChangeLog@1.2072.2.1 +1 -0 + [Bug 3753] ntpd won't start with FIPS-enabled OpenSSL 3.x. + + include/ntp_md5.h@1.16 +3 -2 + Reduce use of magic numbers + + include/ntp_stdlib.h@1.93 +5 -3 + add arg names to func declarations + + libntp/a_md5encrypt.c@1.55.1.1 +79 -60 + [Bug 3753] ntpd won't start with FIPS-enabled OpenSSL 3.x. + + libntp/ssl_init.c@1.32 +21 -29 + Reduce code duplication. + + ntpd/ntp_crypto.c@1.194 +0 -1 + move ssl_check_version from autokey-specific code to ntpdmain() + + ntpd/ntpd.c@1.191 +5 -2 + Move ssl_check_version from autokey-specific code to ntpdmain(). + Put debug behavior msyslog on a single log line. + +ChangeSet@1.4023.1.1, 2023-08-23 10:58:43+00:00, davehart@tl.davehart.net + [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian. + + ChangeLog@1.2072.1.1 +2 -0 + [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian. + + include/ntp.h@1.237 +9 -0 + Track old-style IPv6 refid on big-endian systems + + libntp/a_md5encrypt.c@1.56 +14 -2 + [Bug 3864] Ensure refid calculation is endian-independent. + + ntpd/ntp_io.c@1.439 +5 -0 + Track old-style IPv6 refid on big-endian systems + + ntpd/ntp_proto.c@1.451 +26 -4 + Check both old- and new-style IPv6 refids on big-endian systems. + + tests/libntp/a_md5encrypt.c@1.19 +9 -18 + Enable IPv6 refid unit test that failed due to bug 3864. + +ChangeSet@1.4020.2.1, 2023-08-23 03:34:00+00:00, davehart@tl.davehart.net + [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid. + + ChangeLog@1.2069.2.1 +2 -0 + [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid. + + include/ntp_net.h@1.13 +6 -0 + LOOPBACKADR_N in network order + + libntp/numtoa.c@1.9 +15 -7 + Replace unprintable characters with ? instead of space. + Do not treat orphan refid 127.0.0.1 as text. + + ntpd/ntp_timer.c@1.100 +133 -127 + Change orphan mode s1 refid from LOOP to ORPH. + Clean up indents in leap second handling code. + +ChangeSet@1.4020.1.1, 2023-08-02 19:07:28+00:00, davehart@tl.davehart.net + [Bug 3856] Enable Edit & Continue debugging with Visual Studio. + + ChangeLog@1.2069.1.1 +2 -0 + [Bug 3856] Enable Edit & Continue debugging with Visual Studio. + + ports/winnt/vs2015/debug-x64.props@1.6 +10 -0 + Enable Edit & Continue debugging + + ports/winnt/vs2015/debug.props@1.6 +11 -0 + Enable Edit & Continue debugging + +ChangeSet@1.4022, 2023-07-31 12:41:01+00:00, davehart@tl.davehart.net + [Bug 3853] Clean up warnings with modern compilers. + partial, more to come. + + ChangeLog@1.2071 +1 -0 + [Bug 3853] Clean up warnings with modern compilers. + partial, more to come. + + include/lib_strbuf.h@1.12 +16 -11 + Keep a pointer to each LIB_GETBUF buffer to avoid -Wrestrict warnings. + + include/ntp_stdlib.h@1.92 +1 -0 + Keep a pointer to each LIB_GETBUF buffer to avoid -Wrestrict warnings. + + include/ntp_tty.h@1.7 +5 -0 + Silence unused function warning. + Prepare for reuse of symBaud2numBaud() in Win32 code which has similar. + + libntp/lib_strbuf.c@1.11 +13 -7 + Keep a pointer to each LIB_GETBUF buffer to avoid -Wrestrict warnings. + + libntp/machines.c@1.27 +57 -3 + Prepare for reuse of symBaud2numBaud() in Win32 code which has similar. + + ntpd/ntp_proto.c@1.450 +1 -1 + Whitespace + + ntpd/ntp_refclock.c@1.131 +7 -51 + Silence unused function warning. + Prepare for reuse of symBaud2numBaud() in Win32 code which has similar. + + sntp/tests/crypto.c@1.17 +0 -6 + Unused locals. + + tests/libntp/a_md5encrypt.c@1.18 +3 -2 + Initialized but unused warning. + +ChangeSet@1.4021, 2023-07-31 09:31:00+00:00, davehart@tl.davehart.net + [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as + intended. + + ChangeLog@1.2070 +2 -0 + [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as + intended. + + check-libntp.mf@1.3 +2 -5 + Check libntp for updated sources every make invocation. + + check-libntpd.mf@1.3 +2 -11 + Check libntpd.a for updated sources every make invocation. + + check-libunity.mf@1.3 +2 -2 + Ensure libunity is built before dependents, but don't check for updated sources. + + check-scm-rev.mf@1.2 +2 -4 + Use .PHONY so things work even if someone makes a FRC.scm-rev file. + + sntp/check-libntp.mf@1.6 +2 -6 + Check libntp for updated sources every make invocation. + + sntp/check-libsntp.mf@1.3 +2 -6 + Check libsntp for updated sources every make invocation. + + sntp/check-libunity.mf@1.3 +1 -2 + Ensure libunity is built before dependents, but don't check for updated sources. + +ChangeSet@1.4016.2.2, 2023-07-30 22:14:18+00:00, davehart@tl.davehart.net + [Bug 3842] Windows ntpd ppsapi DLL load failure crashes. + + ChangeLog@1.2065.2.2 +1 -0 + [Bug 3842] Windows ntpd ppsapi DLL load failure crashes. + + ports/winnt/ntpd/nt_ppsimpl.c@1.6 +1 -1 + Avoid freeing garbage pointer during PPSAPI load failure cleanup. + +ChangeSet@1.4016.2.1, 2023-07-30 19:49:30+00:00, davehart@tl.davehart.net + [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid. + + ChangeLog@1.2065.2.1 +2 -0 + [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid. + + ntpq/ntpq-subs.c@1.135 +22 -13 + Limit apeers refid column to 8 characters, fix small leak. + +ChangeSet@1.4016.1.2, 2023-07-29 21:54:29+00:00, davehart@tl.davehart.net + [Bug 3851] Drop pool server when no local address can reach it. + + ChangeLog@1.2065.1.2 +3 -1 + [Bug 3851] Drop pool server when no local address can reach it. + + include/ntp.h@1.236 +3 -3 + Get rid of unused MDF_UCLNT, introduce MDF_PCLNT + + include/ntpd.h@1.210 +2 -1 + nit + + ntpd/ntp_io.c@1.438 +34 -22 + move linklocal test to is_linklocal() helper + + ntpd/ntp_proto.c@1.446.1.2 +18 -4 + [Bug 3851] Drop pool server when no local address can reach it. + +ChangeSet@1.4016.1.1, 2023-07-20 16:52:18+00:00, davehart@tl.davehart.net + [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. + + ChangeLog@1.2065.1.1 +2 -0 + [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. + + include/ntpd.h@1.209 +3 -1 + Track if any non-linklocal addreses are available. + + ntpd/ntp_io.c@1.437 +35 -4 + Track if any non-linklocal addreses are available for v4 and v6. + + ntpd/ntp_proto.c@1.446.1.1 +17 -1 + [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. + +ChangeSet@1.4017, 2023-07-18 19:17:19+00:00, davehart@tl.davehart.net + [Bug 3849] ntpd --wait-sync times out. + + ChangeLog@1.2066 +3 -2 + [Bug 3849] ntpd --wait-sync times out. + + libntp/msyslog.c@1.58 +3 -3 + Reduce code duplication + + ntpd/ntp_loopfilter.c@1.198 +16 -0 + Signal first sync from rstclock() + + ntpd/ntp_proto.c@1.447 +2 -16 + Signal first sync from rstclock(). + Remove redundant fabs() call. + + ntpd/ntpd.c@1.190 +12 -15 + [Bug 3849] ntpd --wait-sync times out. + Remove some useless DPRINTF() calls as -d/-D disables forking and + these calls are in the forking codepath. + + ntpsnmpd/Makefile.am@1.45 +3 -3 + Rearrange library order to put $(SNMP_LIBS) last, avoiding problems + when they reference older OpenSSL libraries. + Use ntpsnmpd_LDADD rather than LDADD to leave the latter to the + choices of the end-user. + +ChangeSet@1.4016, 2023-07-15 00:45:44-07:00, harlan@ntp-testbuild.tal1.ntfo.org + configure libevent check intersperses output with answer. + + ChangeLog@1.2065 +1 -0 + configure libevent check intersperses output with answer. + + sntp/m4/ntp_libevent.m4@1.22 +2 -1 + configure libevent check intersperses output with answer. + +ChangeSet@1.4014, 2023-07-14 22:43:54-07:00, harlan@ntp-testbuild.tal1.ntfo.org + clean up ChangeLog listing order + + ChangeLog@1.2063 +12 -11 + clean up ChangeLog listing order + +ChangeSet@1.4013, 2023-07-14 22:23:53-07:00, harlan@ntp-testbuild.tal1.ntfo.org + html/clockopt.html cleanup + + ChangeLog@1.2062 +1 -0 + html/clockopt.html cleanup + + html/clockopt.html@1.30 +6 -3 + html/clockopt.html cleanup + +ChangeSet@1.4004.6.1, 2023-07-14 21:33:19+00:00, davehart@tl.davehart.net + [Bug 3846] Use -Wno-format-truncation by default. + + ChangeLog@1.2053.6.1 +3 -0 + [Bug 3846] Use -Wno-format-truncation by default. + + sntp/m4/ntp_compiler.m4@1.8.1.1 +38 -22 + [Bug 3846] Use -Wno-format-truncation by default. + +ChangeSet@1.4004.1.2, 2023-06-28 00:04:04+00:00, davehart@tl.davehart.net + fix release build + + libntp/authreadkeys.c@1.38 +1 -1 + fix non-DEBUG build + +ChangeSet@1.4004.5.1, 2023-06-25 23:18:48+00:00, davehart@tl.davehart.net + Remove -Wformat-security when removing -Wformat to avoid gcc 12 error. + + ChangeLog@1.2053.5.1 +5 -0 + [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat + + configure.ac@1.630 +1 -1 + bump cache version for ntp_compiler.m4 change + + sntp/configure.ac@1.90 +1 -1 + bump cache version for ntp_compiler.m4 change + + sntp/m4/ntp_compiler.m4@1.9 +3 -8 + Remove -Wformat-security when removing -Wformat to avoid gcc 12 error. + +ChangeSet@1.4004.4.1, 2023-06-20 18:41:45+00:00, davehart@tl.davehart.net + [Bug 3837] NULL pointer deref crash when ntpd deletes last interface. + Correct UNLINK_EXPR_SLIST() when the list is empty. + + ChangeLog@1.2053.4.1 +5 -0 + [Bug 3837] NULL pointer deref crash when ntpd deletes last interface. + + include/ntp_lists.h@1.17 +3 -1 + Correct UNLINK_EXPR_SLIST() when the list is empty. + +ChangeSet@1.4004.3.1, 2023-06-16 05:13:03+00:00, davehart@tl.davehart.net + Bug 3835 - NTP_HARD_*FLAGS not used by libevent tearoff. + + cvo.sh: + Fix on newer Linux with /etc/os-release + ntp_libevent.m4: + Newer libevent supports LIBEVENT_*FLAGS. + Disable building samples for the bundled libevent. + configure.ac: + One piece missing in LIBEVENT_*FLAGS support + + ChangeLog@1.2053.3.1 +3 -0 + Bug 3835 - NTP_HARD_*FLAGS not used by libevent tearoff. + + sntp/libevent/configure.ac@1.20 +5 -0 + One piece missing in LIBEVENT_*FLAGS support + + sntp/m4/ntp_libevent.m4@1.21 +4 -3 + Newer libevent supports LIBEVENT_*FLAGS. + Disable building samples for the bundled libevent. + + sntp/scripts/cvo.sh@1.9 +7 -1 + Fix on newer Linux with /etc/os-release + +ChangeSet@1.4004.2.1, 2023-06-11 14:09:22+00:00, davehart@tl.davehart.net + [Bug 3831] pollskewlist zeroed on runtime configuration. + + ChangeLog@1.2053.2.1 +3 -0 + [Bug 3831] pollskewlist zeroed on runtime configuration. + + ntpd/ntp_config.c@1.384 +22 -29 + [Bug 3831] pollskewlist zeroed on runtime configuration. + Replace magic numbers 3 & 17 with NTP_MINPOLL and NTP_MAXPOLL. + +ChangeSet@1.4004.1.1, 2023-06-09 19:11:34+00:00, davehart@tl.davehart.net + Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c regression test. + + ChangeLog@1.2053.1.1 +3 -0 + Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c + + libntp/authkeys.c@1.47 +1 -0 + Whitespace + + libntp/authreadkeys.c@1.37 +7 -5 + Provide the keytype when unable to use one loading ntp.keys + #ifdef DEBUG a "never happen" bit of code checking an internal errno. + + libntp/ssl_init.c@1.31 +1 -6 + Use MAX_MDG_LEN, remove leftover debugging code. + + ntpq/ntpq.c@1.198 +8 -13 + Remove unneeded code. keytype_from_text upcases its input. + + tests/libntp/data/ntp.keys@1.3 +12 -11 + Add DSA, DSA-SHA, and SHA keys. + + tests/libntp/digests.c@1.2 +120 -3 + Add DSA, DSA-SHA, and SHA digest algorithms. + + tests/libntp/run-digests.c@1.3 +6 -0 + Add DSA, DSA-SHA, and SHA digest algorithms. + +ChangeSet@1.4007, 2023-06-07 18:36:14+02:00, burnicki@burnicki.chi1.ntfo.org + [Bug 3828] BK should ignore a git repo in the same directory. + + BitKeeper/etc/ignore@1.97 +1 -0 + [Bug 3828] BK should ignore a git repo in the same directory. + + ChangeLog@1.2056 +2 -0 + [Bug 3828] BK should ignore a git repo in the same directory. + +ChangeSet@1.4006, 2023-06-07 18:25:37+02:00, burnicki@burnicki.chi1.ntfo.org + [Bug 3827] Fix build in case CLOCK_HOPF6021 or CLOCK_WHARTON_400A is disabled. + + ChangeLog@1.2055 +2 -0 + [Bug 3827] Fix build in case CLOCK_HOPF6021 or CLOCK_WHARTON_400A is disabled. + + libparse/clk_hopf6021.c@1.15 +2 -0 + [Bug 3827] Fix build in case CLOCK_HOPF6021 is disabled. + + libparse/clk_wharton.c@1.14 +2 -0 + [Bug 3827] Fix build in case CLOCK_WHARTON_400A is disabled. + +ChangeSet@1.4005, 2023-06-07 18:21:52+02:00, burnicki@burnicki.chi1.ntfo.org + [Bug 3825] Don't touch HTML files unless building inside a BK repo. + + ChangeLog@1.2054 +3 -0 + [Bug 3825] Don't touch HTML files unless building inside a BK repo. + + scripts/build/checkHtmlFileDates@1.2 +3 -1 + [Bug 3825] Don't touch HTML files unless building inside a BK repo. + ChangeSet@1.4004, 2023-06-06 04:40:27-07:00, ntpreleng@ntp-build.tal1.ntfo.org NTP_4_2_8P17 TAG: NTP_4_2_8P17 diff --git a/Makefile.am b/Makefile.am index 72c35cb0e45d..2d5e6183261f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -66,7 +66,7 @@ DISTCLEANFILES = .gcc-warning BUILT_SOURCES = \ .gcc-warning \ libtool \ - html/.datecheck \ + $(srcdir)/html/.datecheck \ $(srcdir)/COPYRIGHT \ $(srcdir)/.checkChangeLog \ $(NULL) @@ -83,7 +83,7 @@ BUILT_SOURCES = \ @sleep 1 @touch $@ -html/.datecheck: FRC.html +$(srcdir)/html/.datecheck: $(srcdir)/html/*.html cd $(srcdir)/html && \ ../scripts/build/checkHtmlFileDates @@ -128,7 +128,7 @@ uninstall-local: CommitLog: FRC.CommitLog cd $(srcdir) \ && $(PATH_TEST) -e CommitLog \ - -a SCCS/s.ChangeSet -ot CommitLog \ + -a .bk/SCCS/ChangeSet,s -ot CommitLog \ || scripts/build/genCommitLog # HMS: The following seems to be a work-in-progress... diff --git a/Makefile.in b/Makefile.in index 4307d8bebee9..fe562884111e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -420,6 +420,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -583,7 +584,7 @@ DISTCLEANFILES = .gcc-warning BUILT_SOURCES = \ .gcc-warning \ libtool \ - html/.datecheck \ + $(srcdir)/html/.datecheck \ $(srcdir)/COPYRIGHT \ $(srcdir)/.checkChangeLog \ $(NULL) @@ -1105,7 +1106,7 @@ uninstall-am: uninstall-local @sleep 1 @touch $@ -html/.datecheck: FRC.html +$(srcdir)/html/.datecheck: $(srcdir)/html/*.html cd $(srcdir)/html && \ ../scripts/build/checkHtmlFileDates @@ -1150,7 +1151,7 @@ uninstall-local: CommitLog: FRC.CommitLog cd $(srcdir) \ && $(PATH_TEST) -e CommitLog \ - -a SCCS/s.ChangeSet -ot CommitLog \ + -a .bk/SCCS/ChangeSet,s -ot CommitLog \ || scripts/build/genCommitLog .buildcvo: @@ -1,4 +1,3906 @@ --- +NTP 4.2.8p18 (Harlan Stenn <stenn@ntp.org>, 2024 May 24) + +Focus: Bug fixes + +Severity: Recommended + +This release: + +- changes crypto (OpenSSL or compatible) detection and default build behavior. + Previously, crypto was supported if available unless the --without-crypto + option was given to configure. With this release, the prior behavior of + falling back to a crypto-free build if usable libcrypto was not found has + changed to instead cause configure to fail with an error. + The --without-crypto option must be explicitly provided if you want a build + that does not use libcrypto functionality. +- Fixes 40 bugs +- Includes 40 other improvements + +Details below: + +* [Bug 3918] Tweak openssl header/library handling. <stenn@ntp.org> +* [Bug 3914] Spurious "Unexpected origin timestamp" logged after time + stepped. <hart@ntp.org> +* [Bug 3913] Avoid duplicate IPv6 link-local manycast associations. + <hart@ntp.org> +* [Bug 3912] Avoid rare math errors in ntptrace. <brian.utterback@oracle.com> +* [Bug 3910] Memory leak using openssl-3 <hart@ntp.org> +* [Bug 3909] Do not select multicast local address for unicast peer. + <hart@ntp.org> +* [Bug 3903] lib/isc/win32/strerror.c NTstrerror() is not thread-safe. + <hart@ntp.org> +* [Bug 3901] LIB_GETBUF isn't thread-safe. <hart@ntp.org> +* [Bug 3900] fast_xmit() selects wrong local addr responding to mcast on + Windows. <hart@ntp.org> +* [Bug 3888] ntpd with multiple same-subnet IPs using manycastclient creates + duplicate associations. <hart@ntp.org> +* [Bug 3872] Ignore restrict mask for hostname. <hart@ntp.org> +* [Bug 3871] 4.2.8p17 build without hopf6021 refclock enabled fails. + Reported by Hans Mayer. Moved NONEMPTY_TRANSLATION_UNIT + declaration from ntp_types.h to config.h. <hart@ntp.org> +* [Bug 3870] Server drops client packets with ppoll < 4. <stenn@ntp.org> +* [Bug 3869] Remove long-gone "calldelay" & "crypto sign" from docs. + Reported by PoolMUC@web.de. <hart@ntp.org> +* [Bug 3868] Cannot restrict a pool peer. <hart@ntp.org> Thanks to + Edward McGuire for tracking down the deficiency. +* [Bug 3864] ntpd IPv6 refid different for big-endian and little-endian. + <hart@ntp.org> +* [Bug 3859] Use NotifyIpInterfaceChange on Windows ntpd. <hart@ntp.org> +* [Bug 3856] Enable Edit & Continue debugging with Visual Studio. + <hart@ntp.org> +* [Bug 3855] ntpq lacks an equivalent to ntpdc's delrestrict. <hart@ntp.org> +* [Bug 3854] ntpd 4.2.8p17 corrupts rawstats file with space in refid. + <hart@ntp.org> +* [Bug 3853] Clean up warnings with modern compilers. <hart@ntp.org> +* [Bug 3852] check-libntp.mf and friends are not triggering rebuilds as + intended. <hart@ntp.org> +* [Bug 3851] Drop pool server when no local address can reach it. + <hart@ntp.org> +* [Bug 3850] ntpq -c apeers breaks column formatting s2 w/refclock refid. + <hart@ntp.org> +* [Bug 3849] ntpd --wait-sync times out. <hart@ntp.org> +* [Bug 3847] SSL detection in configure should run-test if runpath is needed. + <hart@ntp.org> +* [Bug 3846] Use -Wno-format-truncation by default. <hart@ntp.org> +* [Bug 3845] accelerate pool clock_sync when IPv6 has only link-local access. + <hart@ntp.org> +* [Bug 3842] Windows ntpd PPSAPI DLL load failure crashes. <hart@ntp.org> +* [Bug 3841] 4.2.8p17 build break w/ gcc 12 -Wformat-security without -Wformat + Need to remove --Wformat-security when removing -Wformat to + silence numerous libopts warnings. <hart@ntp.org> +* [Bug 3837] NULL pointer deref crash when ntpd deletes last interface. + Reported by renmingshuai. Correct UNLINK_EXPR_SLIST() when the + list is empty. <hart@ntp.org> +* [Bug 3835] NTP_HARD_*FLAGS not used by libevent tearoff. <hart@ntp.org> +* [Bug 3831] pollskewlist zeroed on runtime configuration. <hart@ntp.org> +* [Bug 3830] configure libevent check intersperses output with answer. <stenn@> +* [Bug 3828] BK should ignore a git repo in the same directory. + <burnicki@ntp.org> +* [Bug 3827] Fix build in case CLOCK_HOPF6021 or CLOCK_WHARTON_400A + is disabled. <burnicki@ntp.org> +* [Bug 3825] Don't touch HTML files unless building inside a BK repo. + Fix the script checkHtmlFileDates. <burnicki@ntp.org> +* [Bug 3756] Improve OpenSSL library/header detection. +* [Bug 3753] ntpd fails to start with FIPS-enabled OpenSSL 3. <hart@ntp.org> +* [Bug 2734] TEST3 prevents initial interleave sync. Fix from <PoolMUC@web.de> +* Log failures to allocate receive buffers. <hart@ntp.org> +* Remove extraneous */ from libparse/ieee754io.c +* Fix .datecheck target line in Makefile.am. <stenn@ntp.org> +* Update the copyright year. <stenn@ntp.org> +* Update ntp.conf documentation to add "delrestrict" and correct information + about KoD rate limiting. <hart@ntp.org> +* html/clockopt.html cleanup. <stenn@ntp.org> +* util/lsf-times - added. <stenn@ntp.org> +* Add DSA, DSA-SHA, and SHA to tests/libntp/digests.c. <hart@ntp.org> +* Provide ntpd thread names to debugger on Windows. <hart@ntp.org> +* Remove dead code libntp/numtohost.c and its unit tests. <hart@ntp.org> +* Remove class A, B, C IPv4 distinctions in netof(). <hart@ntp.org> +* Use @configure_input@ in various *.in files to include a comment that + the file is generated from another pointing to the *.in. <hart@ntp.org> +* Correct underquoting, indents in ntp_facilitynames.m4. <hart@ntp.org> +* Clean up a few warnings seen building with older gcc. <hart@ntp.org> +* Fix build on older FreeBSD lacking sys/procctl.h. <hart@ntp.org> +* Disable [Bug 3627] workaround on newer FreeBSD which has the kernel fix + that makes it unnecessary, re-enabling ASLR stack gap. <hart@ntp.org> +* Use NONEMPTY_COMPILATION_UNIT in more conditionally-compiled files. +* Remove useless pointer to Windows Help from system error messages. +* Avoid newlines within Windows error messages. <hart@ntp.org> +* Ensure unique association IDs if wrapped. <hart@ntp.org> +* Simplify calc_addr_distance(). <hart@ntp.org> +* Clamp min/maxpoll in edge cases in newpeer(). <hart@ntp.org> +* Quiet local addr change logging when unpeering. <hart@ntp.org> +* Correct missing arg for %s printf specifier in + send_blocking_resp_internal(). <hart@ntp.org> +* Suppress OpenSSL 3 deprecation warning clutter. <hart@ntp.org> +* Correct OpenSSL usage in Autokey code to avoid warnings about + discarding const qualifiers with OpenSSL 3. <hart@ntp.org> +* Display KoD refid as text in recently added message. <hart@ntp.org> +* Avoid running checkHtmlFileDates script repeatedly when no html/*.html + files have changed. <hart@ntp.org> +* Abort configure if --enable-crypto-rand given & unavailable. <hart@ntp.org> +* Add configure --enable-verbose-ssl to trace SSL detection. <hart@ntp.org> +* Add build test coverage for --disable-saveconfig to flock-build script. + <hart@ntp.org> +* Remove deprecated configure --with-arlib option. <hart@ntp.org> +* Remove configure support for ISC UNIX ca. 1998. <hart@ntp.org> +* Move NTP_OPENSSL and NTP_CRYPTO_RAND invocations from configure.ac files + to NTP_LIBNTP. <hart@ntp.org> +* Remove dead code: HAVE_U_INT32_ONLY_WITH_DNS. <hart@ntp.org> +* Eliminate [v]snprintf redefinition warnings on macOS. <hart@ntp.org> +* Fix clang 14 cast increases alignment warning on Linux. <hart@ntp.org> +* Move ENABLE_CMAC to ntp_openssl.m4, reviving sntp/tests CMAC unit tests. + <hart@ntp.org> +* Use NTP_HARD_CPPFLAGS in libopts tearoff. <hart@ntp.org> +* wire in --enable-build-framework-help + +--- +NTP 4.2.8p17 (Harlan Stenn <stenn@ntp.org>, 2023 Jun 06) + +Focus: Bug fixes + +Severity: HIGH (for people running 4.2.8p16) + +This release: + +- fixes 3 bugs, including a regression +- adds new unit tests + +Details below: + +* [Bug 3824] Spurious "ntpd: daemon failed to notify parent!" logged at + event_sync. Reported by Edward McGuire. <hart@ntp.org> +* [Bug 3822] ntpd significantly delays first poll of servers specified by name. + <hart@ntp.org> Miroslav Lichvar identified regression in 4.2.8p16. +* [Bug 3821] 4.2.8p16 misreads hex authentication keys, won't interop with + 4.2.8p15 or earlier. Reported by Matt Nordhoff, thanks to + Miroslav Lichvar and Matt for rapid testing and identifying the + problem. <hart@ntp.org> +* Add tests/libntp/digests.c to catch regressions reading keys file or with + symmetric authentication digest output. + +--- +NTP 4.2.8p16 (Harlan Stenn <stenn@ntp.org>, 2023 May 30) + +Focus: Security, Bug fixes + +Severity: LOW + +This release: + +- fixes 4 vulnerabilities (3 LOW and 1 None severity), +- fixes 46 bugs +- includes 15 general improvements +- adds support for OpenSSL-3.0 + +Details below: + +* [Sec 3808] Assertion failure in ntpq on malformed RT-11 date <perlinger@ntp.org> +* [Sec 3807] praecis_parse() in the Palisade refclock driver has a + hypothetical input buffer overflow. Reported by ... stenn@ +* [Sec 3806] libntp/mstolfp.c needs bounds checking <perlinger@ntp.org> + - solved numerically instead of using string manipulation +* [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled. + <stenn@ntp.org> +* [Bug 3819] Updated libopts/Makefile.am was missing NTP_HARD_* values. <stenn@> +* [Bug 3817] Bounds-check "tos floor" configuration. <hart@ntp.org> +* [Bug 3814] First poll delay of new or cleared associations miscalculated. + <hart@ntp.org> +* [Bug 3802] ntp-keygen -I default identity modulus bits too small for + OpenSSL 3. Reported by rmsh1216@163.com <hart@ntp.org> +* [Bug 3801] gpsdjson refclock gps_open() device name mishandled. <hart@ntp.org> +* [Bug 3800] libopts-42.1.17 does not compile with Microsoft C. <hart@ntp.org> +* [Bug 3799] Enable libopts noreturn compiler advice for MSC. <hart@ntp.org> +* [Bug 3797] Windows getaddrinfo w/AI_ADDRCONFIG fails for localhost when + disconnected, breaking ntpq and ntpdc. <hart@ntp.org> +* [Bug 3795] pollskewlist documentation uses | when it shouldn't. + - ntp.conf manual page and miscopt.html corrections. <hart@ntp.org> +* [Bug 3793] Wrong variable type passed to record_raw_stats(). <hart@ntp.org> + - Report and patch by Yuezhen LUAN <wei6410@sina.com>. +* [Bug 3786] Timer starvation on high-load Windows ntpd. <hart@ntp.org> +* [Bug 3784] high-load ntpd on Windows deaf after enough ICMP TTL exceeded. + <hart@ntp.org> +* [Bug 3781] log "Unable to listen for broadcasts" for IPv4 <hart@ntp.org> +* [Bug 3774] mode 6 packets corrupted in rawstats file <hart@ntp.org> + - Reported by Edward McGuire, fix identified by <wei6410@sina.com>. +* [Bug 3758] Provide a 'device' config statement for refclocks <perlinger@ntp.org> +* [Bug 3757] Improve handling of Linux-PPS in NTPD <perlinger@ntp.org> +* [Bug 3741] 4.2.8p15 can't build with glibc 2.34 <perlinger@ntp.org> +* [Bug 3725] Make copyright of clk_wharton.c compatible with Debian. + Philippe De Muyter <phdm@macqel.be> +* [Bug 3724] ntp-keygen with openSSL 1.1.1 fails on Windows <perlinger@ntp.org> + - openssl applink needed again for openSSL-1.1.1 +* [Bug 3719] configure.ac checks for closefrom() and getdtablesize() missing. + Reported by Brian Utterback, broken in 2010 by <hart@ntp.org> +* [Bug 3699] Problems handling drift file and restoring previous drifts <perlinger@ntp.org> + - command line options override config statements where applicable + - make initial frequency settings idempotent and reversible + - make sure kernel PLL gets a recovered drift componsation +* [Bug 3695] Fix memory leak with ntpq on Windows Server 2019 <perlinger@ntp.org> +* [Bug 3694] NMEA refclock seems to unnecessarily require location in messages + - misleading title; essentially a request to ignore the receiver status. + Added a mode bit for this. <perlinger@ntp.org> +* [Bug 3693] Improvement of error handling key lengths <perlinger@ntp.org> + - original patch by Richard Schmidt, with mods & unit test fixes +* [Bug 3692] /dev/gpsN requirement prevents KPPS <perlinger@ntp.org> + - implement/wrap 'realpath()' to resolve symlinks in device names +* [Bug 3691] Buffer Overflow reading GPSD output + - original patch by matt<ntpbr@mattcorallo.com> + - increased max PDU size to 4k to avoid truncation +* [Bug 3690] newline in ntp clock variable (parse) <perlinger@ntp.org> + - patch by Frank Kardel +* [Bug 3689] Extension for MD5, SHA-1 and other keys <perlinger@ntp.org> + - ntp{q,dc} now use the same password processing as ntpd does in the key + file, so having a binary secret >= 11 bytes is possible for all keys. + (This is a different approach to the problem than suggested) +* [Bug 3688] GCC 10 build errors in testsuite <perlinger@ntp.org> +* [Bug 3687] ntp_crypto_rand RNG status not known <perlinger@ntp.org> + - patch by Gerry Garvey +* [Bug 3682] Fixes for warnings when compiled without OpenSSL <perlinger@ntp.org> + - original patch by Gerry Garvey +* [Bug 3677] additional peer events not decoded in associations listing <perlinger@ntp.org> + - original patch by Gerry Garvey +* [Bug 3676] compiler warnings (CMAC, interrupt_buf, typo, fallthrough) + - applied patches by Gerry Garvey +* [Bug 3675] ntpq ccmds[] stores pointer to non-persistent storage +* [Bug 3674] ntpq command 'execute only' using '~' prefix <perlinger@ntp.org> + - idea+patch by Gerry Garvey +* [Bug 3672] fix biased selection in median cut <perlinger@ntp.org> +* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org> + - follow-up: fix inverted sense in check, reset shortfall counter +* [Bug 3660] Revert 4.2.8p15 change to manycast. <hart@ntp.org> +* [Bug 3640] document "discard monitor" and fix the code. <hart@ntp.org> + - fixed bug identified by Edward McGuire <perlinger@ntp.org> +* [Bug 3626] (SNTP) UTC offset calculation needs dst flag <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3432] refclocks that 'write()' should check the result <perlinger@ntp.org> + - backport from -dev, plus some more work on warnings for unchecked results +* [Bug 3428] ntpd spinning consuming CPU on Linux router with full table. + Reported by Israel G. Lugo. <hart@ntp.org> +* [Bug 3103] libopts zsave_warn format string too few arguments <bkorb@gnu.org> +* [Bug 2990] multicastclient incorrectly causes bind to broadcast address. + Integrated patch from Brian Utterback. <hart@ntp.org> +* [Bug 2525] Turn on automake subdir-objects across the project. <hart@ntp.org> +* [Bug 2410] syslog an error message on panic exceeded. <brian.utterback@oracle.com> +* Use correct rounding in mstolfp(). perlinger/hart +* M_ADDF should use u_int32. <hart@ntp.org> +* Only define tv_fmt_libbuf() if we will use it. <stenn@ntp.org> +* Use recv_buffer instead of the longer recv_space.X_recv_buffer. hart/stenn +* Make sure the value returned by refid_str() prints cleanly. <stenn@ntp.org> +* If DEBUG is enabled, the startup banner now says that debug assertions + are in force and that ntpd will abort if any are violated. <stenn@ntp.org> +* syslog valid incoming KoDs. <stenn@ntp.org> +* Rename a poorly-named variable. <stenn@ntp.org> +* Disable "embedded NUL in string" messages in libopts, when we can. <stenn@> +* Use https in the AC_INIT URLs in configure.ac. <stenn@ntp.org> +* Implement NTP_FUNC_REALPATH. <stenn@ntp.org> +* Lose a gmake construct in ntpd/Makefile.am. <stenn@ntp.org> +* upgrade to: autogen-5.18.16 +* upgrade to: libopts-42.1.17 +* upgrade to: autoconf-2.71 +* upgrade to: automake-1.16.15 +* Upgrade to libevent-2.1.12-stable <stenn@ntp.org> +* Support OpenSSL-3.0 + +--- +NTP 4.2.8p15 (Harlan Stenn <stenn@ntp.org>, 2020 Jun 23) + +Focus: Security, Bug fixes + +Severity: MEDIUM + +This release fixes one vulnerability: Associations that use CMAC +authentication between ntpd from versions 4.2.8p11/4.3.97 and +4.2.8p14/4.3.100 will leak a small amount of memory for each packet. +Eventually, ntpd will run out of memory and abort. + +It also fixes 13 other bugs. + +* [Sec 3661] memory leak with AES128CMAC keys <perlinger@ntp.org> +* [Bug 3670] Regression from bad merger between 3592 and 3596 <perlinger@> + - Thanks to Sylar Tao +* [Bug 3667] decodenetnum fails with numeric port <perlinger@ntp.org> + - rewrite 'decodenetnum()' in terms of inet_pton +* [Bug 3666] avoid unlimited receive buffer allocation <perlinger@ntp.org> + - limit number of receive buffers, with an iron reserve for refclocks +* [Bug 3664] Enable openSSL CMAC support on Windows <burnicki@ntp.org> +* [Bug 3662] Fix build errors on Windows with VS2008 <burnicki@ntp.org> +* [Bug 3660] Manycast orphan mode startup discovery problem. <stenn@ntp.org> + - integrated patch from Charles Claggett +* [Bug 3659] Move definition of psl[] from ntp_config.h to + ntp_config.h <perlinger@ntp.org> +* [Bug 3657] Wrong "Autokey group mismatch" debug message <perlinger@ntp.org> +* [Bug 3655] ntpdc memstats hash counts <perlinger@ntp.org> + - fix by Gerry garvey +* [Bug 3653] Refclock jitter RMS calculation <perlinger@ntp.org> + - thanks to Gerry Garvey +* [Bug 3646] Avoid sync with unsync orphan <perlinger@ntp.org> + - patch by Gerry Garvey +* [Bug 3644] Unsynchronized server [...] selected as candidate <perlinger@ntp.org> +* [Bug 3639] refclock_jjy: TS-JJY0x can skip time sync depending on the STUS reply. <abe@ntp.org> + - applied patch by Takao Abe + +--- +NTP 4.2.8p14 (Harlan Stenn <stenn@ntp.org>, 2020 Mar 03) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes three vulnerabilities: a bug that causes causes an ntpd +instance that is explicitly configured to override the default and allow +ntpdc (mode 7) connections to be made to a server to read some uninitialized +memory; fixes the case where an unmonitored ntpd using an unauthenticated +association to its servers may be susceptible to a forged packet DoS attack; +and fixes an attack against a client instance that uses a single +unauthenticated time source. It also fixes 46 other bugs and addresses +4 other issues. + +* [Sec 3610] process_control() should bail earlier on short packets. stenn@ + - Reported by Philippe Antoine +* [Sec 3596] Highly predictable timestamp attack. <stenn@ntp.org> + - Reported by Miroslav Lichvar +* [Sec 3592] DoS attack on client ntpd <perlinger@ntp.org> + - Reported by Miroslav Lichvar +* [Bug 3637] Emit the version of ntpd in saveconfig. stenn@ +* [Bug 3636] NMEA: combine time/date from multiple sentences <perlinger@ntp.org> +* [Bug 3635] Make leapsecond file hash check optional <perlinger@ntp.org> +* [Bug 3634] Typo in discipline.html, reported by Jason Harrison. stenn@ +* [Bug 3628] raw DCF decoding - improve robustness with Zeller's congruence + - implement Zeller's congruence in libparse and libntp <perlinger@ntp.org> +* [Bug 3627] SIGSEGV on FreeBSD-12 with stack limit and stack gap <perlinger@ntp.org> + - integrated patch by Cy Schubert +* [Bug 3620] memory leak in ntpq sysinfo <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3619] Honour drefid setting in cooked mode and sysinfo <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3617] Add support for ACE III and Copernicus II receivers <perlinger@ntp.org> + - integrated patch by Richard Steedman +* [Bug 3615] accelerate refclock startup <perlinger@ntp.org> +* [Bug 3613] Propagate noselect to mobilized pool servers <stenn@ntp.org> + - Reported by Martin Burnicki +* [Bug 3612] Use-of-uninitialized-value in receive function <perlinger@ntp.org> + - Reported by Philippe Antoine +* [Bug 3611] NMEA time interpreted incorrectly <perlinger@ntp.org> + - officially document new "trust date" mode bit for NMEA driver + - restore the (previously undocumented) "trust date" feature lost with [bug 3577] +* [Bug 3609] Fixing wrong falseticker in case of non-statistic jitter <perlinger@ntp.org> + - mostly based on a patch by Michael Haardt, implementing 'fudge minjitter' +* [Bug 3608] libparse fails to compile on S11.4SRU13 and later <perlinger@ntp.org> + - removed ffs() and fls() prototypes as per Brian Utterback +* [Bug 3604] Wrong param byte order passing into record_raw_stats() in + ntp_io.c <perlinger@ntp.org> + - fixed byte and paramter order as suggested by wei6410@sina.com +* [Bug 3601] Tests fail to link on platforms with ntp_cv_gc_sections_runs=no <perlinger@ntp.org> +* [Bug 3599] Build fails on linux-m68k due to alignment issues <perlinger@ntp.org> + - added padding as suggested by John Paul Adrian Glaubitz +* [Bug 3594] ntpd discards messages coming through nmead <perlinger@ntp.org> +* [Bug 3593] ntpd discards silently nmea messages after the 5th string <perlinger@ntp.org> +* [Bug 3590] Update refclock_oncore.c to the new GPS date API <perlinger@ntp.org> +* [Bug 3585] Unity tests mix buffered and unbuffered output <perlinger@ntp.org> + - stdout+stderr are set to line buffered during test setup now +* [Bug 3583] synchronization error <perlinger@ntp.org> + - set clock to base date if system time is before that limit +* [Bug 3582] gpsdjson refclock fudgetime1 adjustment is doubled <perlinger@ntp.org> +* [Bug 3580] Possible bug ntpq-subs (NULL dereference in dogetassoc) <perlinger@ntp.org> + - Reported by Paulo Neves +* [Bug 3577] Update refclock_zyfer.c to the new GPS date API <perlinger@ntp.org> + - also updates for refclock_nmea.c and refclock_jupiter.c +* [Bug 3576] New GPS date function API <perlinger@ntp.org> +* [Bug 3573] nptdate: missleading error message <perlinger@ntp.org> +* [Bug 3570] NMEA driver docs: talker ID not mentioned, typo <perlinger@ntp.org> +* [Bug 3569] cleanup MOD_NANO/STA_NANO handling for 'ntpadjtimex()' <perlinger@ntp.org> + - sidekick: service port resolution in 'ntpdate' +* [Bug 3550] Reproducible build: Respect SOURCE_DATE_EPOCH <perlinger@ntp.org> + - applied patch by Douglas Royds +* [Bug 3542] ntpdc monlist parameters cannot be set <perlinger@ntp.org> +* [Bug 3533] ntpdc peer_info ipv6 issues <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3531] make check: test-decodenetnum fails <perlinger@ntp.org> + - try to harden 'decodenetnum()' against 'getaddrinfo()' errors + - fix wrong cond-compile tests in unit tests +* [Bug 3517] Reducing build noise <perlinger@ntp.org> +* [Bug 3516] Require tooling from this decade <perlinger@ntp.org> + - patch by Philipp Prindeville +* [Bug 3515] Refactor ntpdmain() dispatcher loop and group common code <perlinger@ntp.org> + - patch by Philipp Prindeville +* [Bug 3511] Get rid of AC_LANG_SOURCE() warnings <perlinger@ntp.org> + - patch by Philipp Prindeville +* [Bug 3510] Flatten out the #ifdef nesting in ntpdmain() <perlinger@ntp.org> + - partial application of patch by Philipp Prindeville +* [Bug 3491] Signed values of LFP datatypes should always display a sign + - applied patch by Gerry Garvey & fixed unit tests <perlinger@ntp.org> +* [Bug 3490] Patch to support Trimble Resolution Receivers <perlinger@ntp.org> + - applied (modified) patch by Richard Steedman +* [Bug 3473] RefID of refclocks should always be text format <perlinger@ntp.org> + - applied patch by Gerry Garvey (with minor formatting changes) +* [Bug 3132] Building 4.2.8p8 with disabled local libopts fails <perlinger@ntp.org> + - applied patch by Miroslav Lichvar +* [Bug 3094] ntpd trying to listen for broadcasts on a completely ipv6 network + <perlinger@ntp.org> +* [Bug 2420] ntpd doesn't run and exits with retval 0 when invalid user + is specified with -u <perlinger@ntp.org> + - monitor daemon child startup & propagate exit codes +* [Bug 1433] runtime check whether the kernel really supports capabilities + - (modified) patch by Kurt Roeckx <perlinger@ntp.org> +* Clean up sntp/networking.c:sendpkt() error message. <stenn@ntp.org> +* Provide more detail on unrecognized config file parser tokens. <stenn@ntp.org> +* Startup log improvements. <stenn@ntp.org> +* Update the copyright year. + +--- +NTP 4.2.8p13 (Harlan Stenn <stenn@ntp.org>, 2019 Mar 07) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes a bug that allows an attacker with access to an +explicitly trusted source to send a crafted malicious mode 6 (ntpq) +packet that can trigger a NULL pointer dereference, crashing ntpd. +It also provides 17 other bugfixes and 1 other improvement: + +* [Sec 3565] Crafted null dereference attack in authenticated + mode 6 packet <perlinger@ntp.org> + - reported by Magnus Stubman +* [Bug 3560] Fix build when HAVE_DROPROOT is not defined <perlinger@ntp.org> + - applied patch by Ian Lepore +* [Bug 3558] Crash and integer size bug <perlinger@ntp.org> + - isolate and fix linux/windows specific code issue +* [Bug 3556] ntp_loopfilter.c snprintf compilation warnings <perlinger@ntp.org> + - provide better function for incremental string formatting +* [Bug 3555] Tidy up print alignment of debug output from ntpdate <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3554] config revoke stores incorrect value <perlinger@ntp.org> + - original finding by Gerry Garvey, additional cleanup needed +* [Bug 3549] Spurious initgroups() error message <perlinger@ntp.org> + - patch by Christous Zoulas +* [Bug 3548] Signature not verified on windows system <perlinger@ntp.org> + - finding by Chen Jiabin, plus another one by me +* [Bug 3541] patch to fix STA_NANO struct timex units <perlinger@ntp.org> + - applied patch by Maciej Szmigiero +* [Bug 3540] Cannot set minsane to 0 anymore <perlinger@ntp.org> + - applied patch by Andre Charbonneau +* [Bug 3539] work_fork build fails when droproot is not supported <perlinger@ntp.org> + - applied patch by Baruch Siach +* [Bug 3538] Build fails for no-MMU targets <perlinger@ntp.org> + - applied patch by Baruch Siach +* [Bug 3535] libparse won't handle GPS week rollover <perlinger@ntp.org> + - refactored handling of GPS era based on 'tos basedate' for + parse (TSIP) and JUPITER clocks +* [Bug 3529] Build failures on Mac OS X 10.13 (High Sierra) <perlinger@ntp.org> + - patch by Daniel J. Luke; this does not fix a potential linker + regression issue on MacOS. +* [Bug 3527 - Backward Incompatible] mode7 clockinfo fudgeval2 packet + anomaly <perlinger@ntp.org>, reported by GGarvey. + - --enable-bug3527-fix support by HStenn +* [Bug 3526] Incorrect poll interval in packet <perlinger@ntp.org> + - applied patch by Gerry Garvey +* [Bug 3471] Check for openssl/[ch]mac.h. <perlinger@ntp.org> + - added missing check, reported by Reinhard Max <perlinger@ntp.org> +* [Bug 1674] runtime crashes and sync problems affecting both x86 and x86_64 + - this is a variant of [bug 3558] and should be fixed with it +* Implement 'configure --disable-signalled-io' + +-- +NTP 4.2.8p12 (Harlan Stenn <stenn@ntp.org>, 2018/14/09) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes a "hole" in the noepeer capability introduced to ntpd +in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by +ntpq and ntpdc. It also provides 26 other bugfixes, and 4 other improvements: + +* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc. + +* [Sec 3012] Fix a hole in the new "noepeer" processing. + +* Bug Fixes: + [Bug 3521] Fix a logic bug in the INVALIDNAK checks. <stenn@ntp.org> + [Bug 3509] Add support for running as non-root on FreeBSD, Darwin, + other TrustedBSD platforms + - applied patch by Ian Lepore <perlinger@ntp.org> + [Bug 3506] Service Control Manager interacts poorly with NTPD <perlinger@ntp.org> + - changed interaction with SCM to signal pending startup + [Bug 3486] Buffer overflow in ntpq/ntpq.c:tstflags() <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3485] Undefined sockaddr used in error messages in ntp_config.c <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3484] ntpq response from ntpd is incorrect when REFID is null <perlinger@ntp.org> + - rework of ntpq 'nextvar()' key/value parsing + [Bug 3482] Fixes for compilation warnings (ntp_io.c & ntpq-subs.c) <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods) + [Bug 3480] Refclock sample filter not cleared on clock STEP <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3479] ctl_putrefid() allows unsafe characters through to ntpq <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods) + [Bug 3476]ctl_putstr() sends empty unquoted string [...] <perlinger@ntp.org> + - applied patch by Gerry Garvey (with mods); not sure if that's bug or feature, though + [Bug 3475] modify prettydate() to suppress output of zero time <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3474] Missing pmode in mode7 peer info response <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3471] Check for openssl/[ch]mac.h. HStenn. + - add #define ENABLE_CMAC support in configure. HStenn. + [Bug 3470] ntpd4.2.8p11 fails to compile without OpenSSL <perlinger@ntp.org> + [Bug 3469] Incomplete string compare [...] in is_refclk_addr <perlinger@ntp.org> + - patch by Stephen Friedl + [Bug 3467] Potential memory fault in ntpq [...] <perlinger@ntp.org> + - fixed IO redirection and CTRL-C handling in ntq and ntpdc + [Bug 3465] Default TTL values cannot be used <perlinger@ntp.org> + [Bug 3461] refclock_shm.c: clear error status on clock recovery <perlinger@ntp.org> + - initial patch by Hal Murray; also fixed refclock_report() trouble + [Bug 3460] Fix typo in ntpq.texi, reported by Kenyon Ralph. <stenn@ntp.org> + [Bug 3456] Use uintptr_t rather than size_t to store an integer in a pointer + - According to Brooks Davis, there was only one location <perlinger@ntp.org> + [Bug 3449] ntpq - display "loop" instead of refid [...] <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3445] Symmetric peer won't sync on startup <perlinger@ntp.org> + - applied patch by Gerry Garvey + [Bug 3442] Fixes for ntpdate as suggested by Gerry Garvey, + with modifications + New macro REFID_ISTEXT() which is also used in ntpd/ntp_control.c. + [Bug 3434] ntpd clears STA_UNSYNC on start <perlinger@ntp.org> + - applied patch by Miroslav Lichvar + [Bug 3426] ntpdate.html -t default is 2 seconds. Leonid Evdokimov. + [Bug 3121] Drop root privileges for the forked DNS worker <perlinger@ntp.org> + - integrated patch by Reinhard Max + [Bug 2821] minor build issues <perlinger@ntp.org> + - applied patches by Christos Zoulas, including real bug fixes + html/authopt.html: cleanup, from <stenn@ntp.org> + ntpd/ntpd.c: DROPROOT cleanup. <stenn@ntp.org> + Symmetric key range is 1-65535. Update docs. <stenn@ntp.org> + +-- +NTP 4.2.8p11 (Harlan Stenn <stenn@ntp.org>, 2018/02/27) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes 2 low-/medium-, 1 informational/medum-, and 2 low-severity +vulnerabilities in ntpd, one medium-severity vulernability in ntpq, and +provides 65 other non-security fixes and improvements: + +* NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved + association (LOW/MED) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3454 / CVE-2018-7185 / VU#961909 + Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11. + CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between + 2.9 and 6.8. + CVSS3: LOW 3.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L This could + score between 2.6 and 3.1 + Summary: + The NTP Protocol allows for both non-authenticated and + authenticated associations, in client/server, symmetric (peer), + and several broadcast modes. In addition to the basic NTP + operational modes, symmetric mode and broadcast servers can + support an interleaved mode of operation. In ntp-4.2.8p4 a bug + was inadvertently introduced into the protocol engine that + allows a non-authenticated zero-origin (reset) packet to reset + an authenticated interleaved peer association. If an attacker + can send a packet with a zero-origin timestamp and the source + IP address of the "other side" of an interleaved association, + the 'victim' ntpd will reset its association. The attacker must + continue sending these packets in order to maintain the + disruption of the association. In ntp-4.0.0 thru ntp-4.2.8p6, + interleave mode could be entered dynamically. As of ntp-4.2.8p7, + interleaved mode must be explicitly configured/enabled. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p11, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade to 4.2.8p11 or later and have + 'peer HOST xleave' lines in your ntp.conf file, remove the + 'xleave' option. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Miroslav Lichvar of Red Hat. + +* NTP Bug 3453: Interleaved symmetric mode cannot recover from bad + state (LOW/MED) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3453 / CVE-2018-7184 / VU#961909 + Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11. + CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) + Could score between 2.9 and 6.8. + CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L + Could score between 2.6 and 6.0. + Summary: + The fix for NtpBug2952 was incomplete, and while it fixed one + problem it created another. Specifically, it drops bad packets + before updating the "received" timestamp. This means a + third-party can inject a packet with a zero-origin timestamp, + meaning the sender wants to reset the association, and the + transmit timestamp in this bogus packet will be saved as the + most recent "received" timestamp. The real remote peer does + not know this value and this will disrupt the association until + the association resets. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Use authentication with 'peer' mode. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Miroslav Lichvar of Red Hat. + +* NTP Bug 3415: Provide a way to prevent authenticated symmetric passive + peering (LOW) + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3415 / CVE-2018-7170 / VU#961909 + Sec 3012 / CVE-2016-1549 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. + CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3: LOW 3.1 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N + Summary: + ntpd can be vulnerable to Sybil attacks. If a system is set up to + use a trustedkey and if one is not using the feature introduced in + ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to + specify which IPs can serve time, a malicious authenticated peer + -- i.e. one where the attacker knows the private symmetric key -- + can create arbitrarily-many ephemeral associations in order to win + the clock selection of ntpd and modify a victim's clock. Three + additional protections are offered in ntp-4.2.8p11. One is the + new 'noepeer' directive, which disables symmetric passive + ephemeral peering. Another is the new 'ippeerlimit' directive, + which limits the number of peers that can be created from an IP. + The third extends the functionality of the 4th field in the + ntp.keys file to include specifying a subnet range. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Use the 'noepeer' directive to prohibit symmetric passive + ephemeral associations. + Use the 'ippeerlimit' directive to limit the number of peers + that can be created from an IP. + Use the 4th argument in the ntp.keys file to limit the IPs and + subnets that can be time servers. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was reported as Bug 3012 by Matthew Van Gundy of + Cisco ASIG, and separately by Stefan Moser as Bug 3415. + +* ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium) + Date Resolved: 27 Feb 2018 + References: Sec 3414 / CVE-2018-7183 / VU#961909 + Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11. + CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) + CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L + Summary: + ntpq is a monitoring and control program for ntpd. decodearr() + is an internal function of ntpq that is used to -- wait for it -- + decode an array in a response string when formatted data is being + displayed. This is a problem in affected versions of ntpq if a + maliciously-altered ntpd returns an array result that will trip this + bug, or if a bad actor is able to read an ntpq request on its way to + a remote ntpd server and forge and send a response before the remote + ntpd sends its response. It's potentially possible that the + malicious data could become injectable/executable code. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Credit: + This weakness was discovered by Michael Macnair of Thales e-Security. + +* NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined + behavior and information leak (Info/Medium) + Date Resolved: 27 Feb 2018 + References: Sec 3412 / CVE-2018-7182 / VU#961909 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11. + CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N + CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + 0.0 if C:N + Summary: + ctl_getitem() is used by ntpd to process incoming mode 6 packets. + A malicious mode 6 packet can be sent to an ntpd instance, and + if the ntpd instance is from 4.2.8p6 thru 4.2.8p10, that will + cause ctl_getitem() to read past the end of its buffer. + Mitigation: + Implement BCP-38. + Upgrade to ntp-4.2.8p11 or later from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Have enough sources of time. + Properly monitor your ntpd instances. + If ntpd stops running, auto-restart it without -g . + Credit: + This weakness was discovered by Yihan Lian of Qihoo 360. + +* NTP Bug 3012: Sybil vulnerability: ephemeral association attack + Also see Bug 3415, above. + Date Mitigated: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + Date Resolved: Stable (4.2.8p11) 27 Feb 2018 + References: Sec 3012 / CVE-2016-1549 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92. Resolved in 4.2.8p11. + CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N + Summary: + ntpd can be vulnerable to Sybil attacks. If a system is set up + to use a trustedkey and if one is not using the feature + introduced in ntp-4.2.8p6 allowing an optional 4th field in the + ntp.keys file to specify which IPs can serve time, a malicious + authenticated peer -- i.e. one where the attacker knows the + private symmetric key -- can create arbitrarily-many ephemeral + associations in order to win the clock selection of ntpd and + modify a victim's clock. Two additional protections are + offered in ntp-4.2.8p11. One is the 'noepeer' directive, which + disables symmetric passive ephemeral peering. The other extends + the functionality of the 4th field in the ntp.keys file to + include specifying a subnet range. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p11, or later, from the NTP Project Download Page or + the NTP Public Services Project Download Page. + Use the 'noepeer' directive to prohibit symmetric passive + ephemeral associations. + Use the 'ippeerlimit' directive to limit the number of peer + associations from an IP. + Use the 4th argument in the ntp.keys file to limit the IPs + and subnets that can be time servers. + Properly monitor your ntpd instances. + Credit: + This weakness was discovered by Matthew Van Gundy of Cisco ASIG. + +* Bug fixes: + [Bug 3457] OpenSSL FIPS mode regression <perlinger@ntp.org> + [Bug 3455] ntpd doesn't use scope id when binding multicast <perlinger@ntp.org> + - applied patch by Sean Haugh + [Bug 3452] PARSE driver prints uninitialized memory. <perlinger@ntp.org> + [Bug 3450] Dubious error messages from plausibility checks in get_systime() + - removed error log caused by rounding/slew, ensured postcondition <perlinger@ntp.org> + [Bug 3447] AES-128-CMAC (fixes) <perlinger@ntp.org> + - refactoring the MAC code, too + [Bug 3441] Validate the assumption that AF_UNSPEC is 0. stenn@ntp.org + [Bug 3439] When running multiple commands / hosts in ntpq... <perlinger@ntp.org> + - applied patch by ggarvey + [Bug 3438] Negative values and values > 999 days in... <perlinger@ntp.org> + - applied patch by ggarvey (with minor mods) + [Bug 3437] ntpd tries to open socket with AF_UNSPEC domain + - applied patch (with mods) by Miroslav Lichvar <perlinger@ntp.org> + [Bug 3435] anchor NTP era alignment <perlinger@ntp.org> + [Bug 3433] sntp crashes when run with -a. <stenn@ntp.org> + [Bug 3430] ntpq dumps core (SIGSEGV) for "keytype md2" + - fixed several issues with hash algos in ntpd, sntp, ntpq, + ntpdc and the test suites <perlinger@ntp.org> + [Bug 3424] Trimble Thunderbolt 1024 week millenium bug <perlinger@ntp.org> + - initial patch by Daniel Pouzzner + [Bug 3423] QNX adjtime() implementation error checking is + wrong <perlinger@ntp.org> + [Bug 3417] ntpq ifstats packet counters can be negative + made IFSTATS counter quantities unsigned <perlinger@ntp.org> + [Bug 3411] problem about SIGN(6) packet handling for ntp-4.2.8p10 + - raised receive buffer size to 1200 <perlinger@ntp.org> + [Bug 3408] refclock_jjy.c: Avoid a wrong report of the coverity static + analysis tool. <abe@ntp.org> + [Bug 3405] update-leap.in: general cleanup, HTTPS support. Paul McMath. + [Bug 3404] Fix openSSL DLL usage under Windows <perlinger@ntp.org> + - fix/drop assumptions on OpenSSL libs directory layout + [Bug 3399] NTP: linker error in 4.2.8p10 during Linux cross-compilation + - initial patch by timeflies@mail2tor.com <perlinger@ntp.org> + [Bug 3398] tests fail with core dump <perlinger@ntp.org> + - patch contributed by Alexander Bluhm + [Bug 3397] ctl_putstr() asserts that data fits in its buffer + rework of formatting & data transfer stuff in 'ntp_control.c' + avoids unecessary buffers and size limitations. <perlinger@ntp.org> + [Bug 3394] Leap second deletion does not work on ntpd clients + - fixed handling of dynamic deletion w/o leap file <perlinger@ntp.org> + [Bug 3391] ntpd segfaults on startup due to small warmup thread stack size + - increased mimimum stack size to 32kB <perlinger@ntp.org> + [Bug 3367] Faulty LinuxPPS NMEA clock support in 4.2.8 <perlinger@ntp.org> + - reverted handling of PPS kernel consumer to 4.2.6 behavior + [Bug 3365] Updates driver40(-ja).html and miscopt.html <abe@ntp.org> + [Bug 3358] Spurious KoD log messages in .INIT. phase. HStenn. + [Bug 3016] wrong error position reported for bad ":config pool" + - fixed location counter & ntpq output <perlinger@ntp.org> + [Bug 2900] libntp build order problem. HStenn. + [Bug 2878] Tests are cluttering up syslog <perlinger@ntp.org> + [Bug 2737] Wrong phone number listed for USNO. ntp-bugs@bodosom.net, + perlinger@ntp.org + [Bug 2557] Fix Thunderbolt init. ntp-bugs@bodosom.net, perlinger@ntp. + [Bug 948] Trustedkey config directive leaks memory. <perlinger@ntp.org> + Use strlcpy() to copy strings, not memcpy(). HStenn. + Typos. HStenn. + test_ntp_scanner_LDADD needs ntpd/ntp_io.o. HStenn. + refclock_jjy.c: Add missing "%s" to an msyslog() call. HStenn. + Build ntpq and libntpq.a with NTP_HARD_*FLAGS. perlinger@ntp.org + Fix trivial warnings from 'make check'. perlinger@ntp.org + Fix bug in the override portion of the compiler hardening macro. HStenn. + record_raw_stats(): Log entire packet. Log writes. HStenn. + AES-128-CMAC support. BInglis, HStenn, JPerlinger. + sntp: tweak key file logging. HStenn. + sntp: pkt_output(): Improve debug output. HStenn. + update-leap: updates from Paul McMath. + When using pkg-config, report --modversion. HStenn. + Clean up libevent configure checks. HStenn. + sntp: show the IP of who sent us a crypto-NAK. HStenn. + Allow .../N to specify subnet bits for IPs in ntp.keys. HStenn, JPerlinger. + authistrustedip() - use it in more places. HStenn, JPerlinger. + New sysstats: sys_lamport, sys_tsrounding. HStenn. + Update ntp.keys .../N documentation. HStenn. + Distribute testconf.yml. HStenn. + Add DPRINTF(2,...) lines to receive() for packet drops. HStenn. + Rename the configuration flag fifo variables. HStenn. + Improve saveconfig output. HStenn. + Decode restrict flags on receive() debug output. HStenn. + Decode interface flags on receive() debug output. HStenn. + Warn the user if deprecated "driftfile name WanderThreshold" is used. HStenn. + Update the documentation in ntp.conf.def . HStenn. + restrictions() must return restrict flags and ippeerlimit. HStenn. + Update ntpq peer documentation to describe the 'p' type. HStenn. + Rename restrict 'flags' to 'rflags. Use an enum for the values. HStenn. + Provide dump_restricts() for debugging. HStenn. + Use consistent 4th arg type for [gs]etsockopt. JPerlinger. + +* Other items: + +* update-leap needs the following perl modules: + Net::SSLeay + IO::Socket::SSL + +* New sysstats variables: sys_lamport, sys_tsrounding +See them with: ntpq -c "rv 0 ss_lamport,ss_tsrounding" +sys_lamport counts the number of observed Lamport violations, while +sys_tsrounding counts observed timestamp rounding events. + +* New ntp.conf items: + +- restrict ... noepeer +- restrict ... ippeerlimit N + +The 'noepeer' directive will disallow all ephemeral/passive peer +requests. + +The 'ippeerlimit' directive limits the number of time associations +for each IP in the designated set of addresses. This limit does not +apply to explicitly-configured associations. A value of -1, the current +default, means an unlimited number of associations may connect from a +single IP. 0 means "none", etc. Ordinarily the only way multiple +associations would come from the same IP would be if the remote side +was using a proxy. But a trusted machine might become compromised, +in which case an attacker might spin up multiple authenticated sessions +from different ports. This directive should be helpful in this case. + +* New ntp.keys feature: Each IP in the optional list of IPs in the 4th +field may contain a /subnetbits specification, which identifies the +scope of IPs that may use this key. This IP/subnet restriction can be +used to limit the IPs that may use the key in most all situations where +a key is used. +-- +NTP 4.2.8p10 (Harlan Stenn <stenn@ntp.org>, 2017/03/21) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +This release fixes 5 medium-, 6 low-, and 4 informational-severity +vulnerabilities, and provides 15 other non-security fixes and improvements: + +* NTP-01-016 NTP: Denial of Service via Malformed Config (Medium) + Date Resolved: 21 Mar 2017 + References: Sec 3389 / CVE-2017-6464 / VU#325339 + Affects: All versions of NTP-4, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: MED 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) + CVSS3: MED 4.2 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + A vulnerability found in the NTP server makes it possible for an + authenticated remote user to crash ntpd via a malformed mode + configuration directive. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page or + the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-014 NTP: Buffer Overflow in DPTS Clock (Low) + Date Resolved: 21 Mar 2017 + References: Sec 3388 / CVE-2017-6462 / VU#325339 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: Low 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: Low 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + There is a potential for a buffer overflow in the legacy Datum + Programmable Time Server refclock driver. Here the packets are + processed from the /dev/datum device and handled in + datum_pts_receive(). Since an attacker would be required to + somehow control a malicious /dev/datum device, this does not + appear to be a practical attack and renders this issue "Low" in + terms of severity. + Mitigation: + If you have a Datum reference clock installed and think somebody + may maliciously change the device, upgrade to 4.2.8p10, or + later, from the NTP Project Download Page or the NTP Public + Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-012 NTP: Authenticated DoS via Malicious Config Option (Medium) + Date Resolved: 21 Mar 2017 + References: Sec 3387 / CVE-2017-6463 / VU#325339 + Affects: All versions of ntp, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: MED 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) + CVSS3: MED 4.2 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + A vulnerability found in the NTP server allows an authenticated + remote attacker to crash the daemon by sending an invalid setting + via the :config directive. The unpeer option expects a number or + an address as an argument. In case the value is "0", a + segmentation fault occurs. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-011 NTP: ntpq_stripquotes() returns incorrect value (Informational) + Date Resolved: 21 Mar 2017 + References: Sec 3386 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: None 0.0 (AV:N/AC:H/Au:N/C:N/I:N/A:N) + CVSS3: None 0.0 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N + Summary: + The NTP Mode 6 monitoring and control client, ntpq, uses the + function ntpq_stripquotes() to remove quotes and escape characters + from a given string. According to the documentation, the function + is supposed to return the number of copied bytes but due to + incorrect pointer usage this value is always zero. Although the + return value of this function is never used in the code, this + flaw could lead to a vulnerability in the future. Since relying + on wrong return values when performing memory operations is a + dangerous practice, it is recommended to return the correct value + in accordance with the documentation pertinent to the code. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-010 NTP: ereallocarray()/eallocarray() underused (Info) + Date Resolved: 21 Mar 2017 + References: Sec 3385 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + Summary: + NTP makes use of several wrappers around the standard heap memory + allocation functions that are provided by libc. This is mainly + done to introduce additional safety checks concentrated on + several goals. First, they seek to ensure that memory is not + accidentally freed, secondly they verify that a correct amount + is always allocated and, thirdly, that allocation failures are + correctly handled. There is an additional implementation for + scenarios where memory for a specific amount of items of the + same size needs to be allocated. The handling can be found in + the oreallocarray() function for which a further number-of-elements + parameter needs to be provided. Although no considerable threat + was identified as tied to a lack of use of this function, it is + recommended to correctly apply oreallocarray() as a preferred + option across all of the locations where it is possible. + Mitigation: + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Credit: + This weakness was discovered by Cure53. + +* NTP-01-009 NTP: Privileged execution of User Library code (WINDOWS + PPSAPI ONLY) (Low) + Date Resolved: 21 Mar 2017 + References: Sec 3384 / CVE-2017-6455 / VU#325339 + Affects: All Windows versions of ntp-4 that use the PPSAPI, up to but + not including ntp-4.2.8p10, and ntp-4.3.0 up to, but not + including ntp-4.3.94. + CVSS2: MED 3.8 (AV:L/AC:H/Au:S/C:N/I:N/A:C) + CVSS3: MED 4.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + The Windows NT port has the added capability to preload DLLs + defined in the inherited global local environment variable + PPSAPI_DLLS. The code contained within those libraries is then + called from the NTPD service, usually running with elevated + privileges. Depending on how securely the machine is setup and + configured, if ntpd is configured to use the PPSAPI under Windows + this can easily lead to a code injection. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Credit: + This weakness was discovered by Cure53. + +* NTP-01-008 NTP: Stack Buffer Overflow from Command Line (WINDOWS + installer ONLY) (Low) + Date Resolved: 21 Mar 2017 + References: Sec 3383 / CVE-2017-6452 / VU#325339 + Affects: WINDOWS installer ONLY: All versions of the ntp-4 Windows + installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 up + to, but not including ntp-4.3.94. + CVSS2: Low 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: Low 1.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + The Windows installer for NTP calls strcat(), blindly appending + the string passed to the stack buffer in the addSourceToRegistry() + function. The stack buffer is 70 bytes smaller than the buffer + in the calling main() function. Together with the initially + copied Registry path, the combination causes a stack buffer + overflow and effectively overwrites the stack frame. The + passed application path is actually limited to 256 bytes by the + operating system, but this is not sufficient to assure that the + affected stack buffer is consistently protected against + overflowing at all times. + Mitigation: + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Credit: + This weakness was discovered by Cure53. + +* NTP-01-007 NTP: Data Structure terminated insufficiently (WINDOWS + installer ONLY) (Low) + Date Resolved: 21 Mar 2017 + References: Sec 3382 / CVE-2017-6459 / VU#325339 + Affects: WINDOWS installer ONLY: All ntp-4 versions of the Windows + installer, up to but not including ntp-4.2.8p10, and ntp-4.3.0 + up to, but not including ntp-4.3.94. + CVSS2: Low 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: Low 1.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + The Windows installer for NTP calls strcpy() with an argument + that specifically contains multiple null bytes. strcpy() only + copies a single terminating null character into the target + buffer instead of copying the required double null bytes in the + addKeysToRegistry() function. As a consequence, a garbage + registry entry can be created. The additional arsize parameter + is erroneously set to contain two null bytes and the following + call to RegSetValueEx() claims to be passing in a multi-string + value, though this may not be true. + Mitigation: + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Credit: + This weakness was discovered by Cure53. + +* NTP-01-006 NTP: Copious amounts of Unused Code (Informational) + References: Sec 3381 + Summary: + The report says: Statically included external projects + potentially introduce several problems and the issue of having + extensive amounts of code that is "dead" in the resulting binary + must clearly be pointed out. The unnecessary unused code may or + may not contain bugs and, quite possibly, might be leveraged for + code-gadget-based branch-flow redirection exploits. Analogically, + having source trees statically included as well means a failure + in taking advantage of the free feature for periodical updates. + This solution is offered by the system's Package Manager. The + three libraries identified are libisc, libevent, and libopts. + Resolution: + For libisc, we already only use a portion of the original library. + We've found and fixed bugs in the original implementation (and + offered the patches to ISC), and plan to see what has changed + since we last upgraded the code. libisc is generally not + installed, and when it it we usually only see the static libisc.a + file installed. Until we know for sure that the bugs we've found + and fixed are fixed upstream, we're better off with the copy we + are using. + + Version 1 of libevent was the only production version available + until recently, and we've been requiring version 2 for a long time. + But if the build system has at least version 2 of libevent + installed, we'll use the version that is installed on the system. + Otherwise, we provide a copy of libevent that we know works. + + libopts is provided by GNU AutoGen, and that library and package + undergoes frequent API version updates. The version of autogen + used to generate the tables for the code must match the API + version in libopts. AutoGen can be ... difficult to build and + install, and very few developers really need it. So we have it + on our build and development machines, and we provide the + specific version of the libopts code in the distribution to make + sure that the proper API version of libopts is available. + + As for the point about there being code in these libraries that + NTP doesn't use, OK. But other packages used these libraries as + well, and it is reasonable to assume that other people are paying + attention to security and code quality issues for the overall + libraries. It takes significant resources to analyze and + customize these libraries to only include what we need, and to + date we believe the cost of this effort does not justify the benefit. + Credit: + This issue was discovered by Cure53. + +* NTP-01-005 NTP: Off-by-one in Oncore GPS Receiver (Low) + Date Resolved: 21 Mar 2017 + References: Sec 3380 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: None 0.0 (AV:L/AC:H/Au:N/C:N/I:N/A:N) + CVSS3: None 0.0 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N + Summary: + There is a fencepost error in a "recovery branch" of the code for + the Oncore GPS receiver if the communication link to the ONCORE + is weak / distorted and the decoding doesn't work. + Mitigation: + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page or + the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-004 NTP: Potential Overflows in ctl_put() functions (Medium) + Date Resolved: 21 Mar 2017 + References: Sec 3379 / CVE-2017-6458 / VU#325339 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: MED 4.6 (AV:N/AC:H/Au:M/C:N/I:N/A:C) + CVSS3: MED 4.2 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + ntpd makes use of different wrappers around ctl_putdata() to + create name/value ntpq (mode 6) response strings. For example, + ctl_putstr() is usually used to send string data (variable names + or string data). The formatting code was missing a length check + for variable names. If somebody explicitly created any unusually + long variable names in ntpd (longer than 200-512 bytes, depending + on the type of variable), then if any of these variables are + added to the response list it would overflow a buffer. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you don't want to upgrade, then don't setvar variable names + longer than 200-512 bytes in your ntp.conf file. + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-003 NTP: Improper use of snprintf() in mx4200_send() (Low) + Date Resolved: 21 Mar 2017 + References: Sec 3378 / CVE-2017-6451 / VU#325339 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: LOW 0.8 (AV:L/AC:H/Au:M/C:N/I:N/A:P) + CVSS3: LOW 1.8 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N + Summary: + The legacy MX4200 refclock is only built if is specifically + enabled, and furthermore additional code changes are required to + compile and use it. But it uses the libc functions snprintf() + and vsnprintf() incorrectly, which can lead to an out-of-bounds + memory write due to an improper handling of the return value of + snprintf()/vsnprintf(). Since the return value is used as an + iterator and it can be larger than the buffer's size, it is + possible for the iterator to point somewhere outside of the + allocated buffer space. This results in an out-of-bound memory + write. This behavior can be leveraged to overwrite a saved + instruction pointer on the stack and gain control over the + execution flow. During testing it was not possible to identify + any malicious usage for this vulnerability. Specifically, no + way for an attacker to exploit this vulnerability was ultimately + unveiled. However, it has the potential to be exploited, so the + code should be fixed. + Mitigation, if you have a Magnavox MX4200 refclock: + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-002 NTP: Buffer Overflow in ntpq when fetching reslist from a + malicious ntpd (Medium) + Date Resolved: 21 Mar 2017 + References: Sec 3377 / CVE-2017-6460 / VU#325339 + Affects: All versions of ntpq, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: MED 4.9 (AV:N/AC:H/Au:S/C:N/I:N/A:C) + CVSS3: MED 4.2 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + A stack buffer overflow in ntpq can be triggered by a malicious + ntpd server when ntpq requests the restriction list from the server. + This is due to a missing length check in the reslist() function. + It occurs whenever the function parses the server's response and + encounters a flagstr variable of an excessive length. The string + will be copied into a fixed-size buffer, leading to an overflow on + the function's stack-frame. Note well that this problem requires + a malicious server, and affects ntpq, not ntpd. + Mitigation: + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you can't upgrade your version of ntpq then if you want to know + the reslist of an instance of ntpd that you do not control, + know that if the target ntpd is malicious that it can send back + a response that intends to crash your ntpq process. + Credit: + This weakness was discovered by Cure53. + +* NTP-01-001 NTP: Makefile does not enforce Security Flags (Informational) + Date Resolved: 21 Mar 2017 + References: Sec 3376 + Affects: All versions of NTP, up to but not including ntp-4.2.8p10, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: N/A + CVSS3: N/A + Summary: + The build process for NTP has not, by default, provided compile + or link flags to offer "hardened" security options. Package + maintainers have always been able to provide hardening security + flags for their builds. As of ntp-4.2.8p10, the NTP build + system has a way to provide OS-specific hardening flags. Please + note that this is still not a really great solution because it + is specific to NTP builds. It's inefficient to have every + package supply, track and maintain this information for every + target build. It would be much better if there was a common way + for OSes to provide this information in a way that arbitrary + packages could benefit from it. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was reported by Cure53. + +* 0rigin DoS (Medium) + Date Resolved: 21 Mar 2017 + References: Sec 3361 / CVE-2016-9042 / VU#325339 + Affects: ntp-4.2.8p9 (21 Nov 2016), up to but not including ntp-4.2.8p10 + CVSS2: MED 4.9 (AV:N/AC:H/Au:N/C:N/I:N/A:C) (worst case) + CVSS3: MED 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H (worst case) + Summary: + An exploitable denial of service vulnerability exists in the + origin timestamp check functionality of ntpd 4.2.8p9. A specially + crafted unauthenticated network packet can be used to reset the + expected origin timestamp for target peers. Legitimate replies + from targeted peers will fail the origin timestamp check (TEST2) + causing the reply to be dropped and creating a denial of service + condition. This vulnerability can only be exploited if the + attacker can spoof all of the servers. + Mitigation: + Implement BCP-38. + Configure enough servers/peers that an attacker cannot target + all of your time sources. + Upgrade to 4.2.8p10, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart + ntpd (without -g) if it stops running. + Credit: + This weakness was discovered by Matthew Van Gundy of Cisco. + +Other fixes: + +* [Bug 3393] clang scan-build findings <perlinger@ntp.org> +* [Bug 3363] Support for openssl-1.1.0 without compatibility modes + - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org> +* [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org> +* [Bug 3216] libntp audio ioctl() args incorrectly cast to int + on 4.4BSD-Lite derived platforms <perlinger@ntp.org> + - original patch by Majdi S. Abbas +* [Bug 3215] 'make distcheck' fails with new BK repo format <perlinger@ntp.org> +* [Bug 3173] forking async worker: interrupted pipe I/O <perlinger@ntp.org> + - initial patch by Christos Zoulas +* [Bug 3139] (...) time_pps_create: Exec format error <perlinger@ntp.org> + - move loader API from 'inline' to proper source + - augment pathless dlls with absolute path to NTPD + - use 'msyslog()' instead of 'printf() 'for reporting trouble +* [Bug 3107] Incorrect Logic for Peer Event Limiting <perlinger@ntp.org> + - applied patch by Matthew Van Gundy +* [Bug 3065] Quiet warnings on NetBSD <perlinger@ntp.org> + - applied some of the patches provided by Havard. Not all of them + still match the current code base, and I did not touch libopt. +* [Bug 3062] Change the process name of forked DNS worker <perlinger@ntp.org> + - applied patch by Reinhard Max. See bugzilla for limitations. +* [Bug 2923] Trap Configuration Fail <perlinger@ntp.org> + - fixed dependency inversion from [Bug 2837] +* [Bug 2896] Nothing happens if minsane < maxclock < minclock + - produce ERROR log message about dysfunctional daemon. <perlinger@ntp.org> +* [Bug 2851] allow -4/-6 on restrict line with mask <perlinger@ntp.org> + - applied patch by Miroslav Lichvar for ntp4.2.6 compat +* [Bug 2645] out-of-bound pointers in ctl_putsys and decode_bitflags + - Fixed these and some more locations of this pattern. + Probably din't get them all, though. <perlinger@ntp.org> +* Update copyright year. + +-- +(4.2.8p9-win) 2017/02/01 Released by Harlan Stenn <stenn@ntp.org> + +* [Bug 3144] NTP does not build without openSSL. <perlinger@ntp.org> + - added missed changeset for automatic openssl lib detection + - fixed some minor warning issues +* [Bug 3095] More compatibility with openssl 1.1. <perlinger@ntp.org> +* configure.ac cleanup. stenn@ntp.org +* openssl configure cleanup. stenn@ntp.org + +-- +NTP 4.2.8p9 (Harlan Stenn <stenn@ntp.org>, 2016/11/21) + +Focus: Security, Bug fixes, enhancements. + +Severity: HIGH + +In addition to bug fixes and enhancements, this release fixes the +following 1 high- (Windows only), 2 medium-, 2 medium-/low, and +5 low-severity vulnerabilities, and provides 28 other non-security +fixes and improvements: + +* Trap crash + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3119 / CVE-2016-9311 / VU#633847 + Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not + including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94. + CVSS2: MED 4.9 (AV:N/AC:H/Au:N/C:N/I:N/A:C) + CVSS3: MED 4.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H + Summary: + ntpd does not enable trap service by default. If trap service + has been explicitly enabled, an attacker can send a specially + crafted packet to cause a null pointer dereference that will + crash ntpd, resulting in a denial of service. + Mitigation: + Implement BCP-38. + Use "restrict default noquery ..." in your ntp.conf file. Only + allow mode 6 queries from trusted networks and hosts. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Mode 6 information disclosure and DDoS vector + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3118 / CVE-2016-9310 / VU#633847 + Affects: ntp-4.0.90 (21 July 1999), possibly earlier, up to but not + including 4.2.8p9, and ntp-4.3.0 up to but not including ntp-4.3.94. + CVSS2: MED 6.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P) + CVSS3: MED 6.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: + An exploitable configuration modification vulnerability exists + in the control mode (mode 6) functionality of ntpd. If, against + long-standing BCP recommendations, "restrict default noquery ..." + is not specified, a specially crafted control mode packet can set + ntpd traps, providing information disclosure and DDoS + amplification, and unset ntpd traps, disabling legitimate + monitoring. A remote, unauthenticated, network attacker can + trigger this vulnerability. + Mitigation: + Implement BCP-38. + Use "restrict default noquery ..." in your ntp.conf file. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Broadcast Mode Replay Prevention DoS + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3114 / CVE-2016-7427 / VU#633847 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and + ntp-4.3.90 up to, but not including ntp-4.3.94. + CVSS2: LOW 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) + CVSS3: MED 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: + The broadcast mode of NTP is expected to only be used in a + trusted network. If the broadcast network is accessible to an + attacker, a potentially exploitable denial of service + vulnerability in ntpd's broadcast mode replay prevention + functionality can be abused. An attacker with access to the NTP + broadcast domain can periodically inject specially crafted + broadcast mode NTP packets into the broadcast domain which, + while being logged by ntpd, can cause ntpd to reject broadcast + mode packets from legitimate NTP broadcast servers. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Broadcast Mode Poll Interval Enforcement DoS + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3113 / CVE-2016-7428 / VU#633847 + Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p9, and + ntp-4.3.90 up to, but not including ntp-4.3.94 + CVSS2: LOW 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) + CVSS3: MED 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: + The broadcast mode of NTP is expected to only be used in a + trusted network. If the broadcast network is accessible to an + attacker, a potentially exploitable denial of service + vulnerability in ntpd's broadcast mode poll interval enforcement + functionality can be abused. To limit abuse, ntpd restricts the + rate at which each broadcast association will process incoming + packets. ntpd will reject broadcast mode packets that arrive + before the poll interval specified in the preceding broadcast + packet expires. An attacker with access to the NTP broadcast + domain can send specially crafted broadcast mode NTP packets to + the broadcast domain which, while being logged by ntpd, will + cause ntpd to reject broadcast mode packets from legitimate NTP + broadcast servers. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco. + +* Windows: ntpd DoS by oversized UDP packet + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3110 / CVE-2016-9312 / VU#633847 + Affects Windows only: ntp-4.?.?, up to but not including ntp-4.2.8p9, + and ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: HIGH 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) + CVSS3: HIGH 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + Summary: + If a vulnerable instance of ntpd on Windows receives a crafted + malicious packet that is "too big", ntpd will stop working. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Robert Pajak of ABB. + +* 0rigin (zero origin) issues + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3102 / CVE-2016-7431 / VU#633847 + Affects: ntp-4.2.8p8, and ntp-4.3.93. + CVSS2: MED 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) + CVSS3: MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N + Summary: + Zero Origin timestamp problems were fixed by Bug 2945 in + ntp-4.2.8p6. However, subsequent timestamp validation checks + introduced a regression in the handling of some Zero origin + timestamp checks. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Sharon Goldberg and Aanchal + Malhotra of Boston University. + +* read_mru_list() does inadequate incoming packet checks + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3082 / CVE-2016-7434 / VU#633847 + Affects: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94. + CVSS2: LOW 3.8 (AV:L/AC:H/Au:S/C:N/I:N/A:C) + CVSS3: LOW 3.8 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: + If ntpd is configured to allow mrulist query requests from a + server that sends a crafted malicious packet, ntpd will crash + on receipt of that crafted malicious mrulist query packet. + Mitigation: + Only allow mrulist query packets from trusted hosts. + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Magnus Stubman. + +* Attack on interface selection + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3072 / CVE-2016-7429 / VU#633847 + Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94 + CVSS2: LOW 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + When ntpd receives a server response on a socket that corresponds + to a different interface than was used for the request, the peer + structure is updated to use the interface for new requests. If + ntpd is running on a host with multiple interfaces in separate + networks and the operating system doesn't check source address in + received packets (e.g. rp_filter on Linux is set to 0), an + attacker that knows the address of the source can send a packet + with spoofed source address which will cause ntpd to select wrong + interface for the source and prevent it from sending new requests + until the list of interfaces is refreshed, which happens on + routing changes or every 5 minutes by default. If the attack is + repeated often enough (once per second), ntpd will not be able to + synchronize with the source. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you are going to configure your OS to disable source address + checks, also configure your firewall configuration to control + what interfaces can receive packets from what networks. + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Client rate limiting and server responses + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3071 / CVE-2016-7426 / VU#633847 + Affects: ntp-4.2.5p203, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94 + CVSS2: LOW 1.0 (AV:L/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: + When ntpd is configured with rate limiting for all associations + (restrict default limited in ntp.conf), the limits are applied + also to responses received from its configured sources. An + attacker who knows the sources (e.g., from an IPv4 refid in + server response) and knows the system is (mis)configured in this + way can periodically send packets with spoofed source address to + keep the rate limiting activated and prevent ntpd from accepting + valid responses from its sources. + + While this blanket rate limiting can be useful to prevent + brute-force attacks on the origin timestamp, it allows this DoS + attack. Similarly, it allows the attacker to prevent mobilization + of ephemeral associations. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Fix for bug 2085 broke initial sync calculations + Date Resolved: 21 November 2016; Dev (4.3.94) 21 November 2016 + References: Sec 3067 / CVE-2016-7433 / VU#633847 + Affects: ntp-4.2.7p385, up to but not including ntp-4.2.8p9, and + ntp-4.3.0 up to, but not including ntp-4.3.94. But the + root-distance calculation in general is incorrect in all versions + of ntp-4 until this release. + CVSS2: LOW 1.2 (AV:L/AC:H/Au:N/C:N/I:N/A:P) + CVSS3: LOW 1.6 CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L + Summary: + Bug 2085 described a condition where the root delay was included + twice, causing the jitter value to be higher than expected. Due + to a misinterpretation of a small-print variable in The Book, the + fix for this problem was incorrect, resulting in a root distance + that did not include the peer dispersion. The calculations and + formulae have been reviewed and reconciled, and the code has been + updated accordingly. + Mitigation: + Upgrade to 4.2.8p9, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered independently by Brian Utterback of + Oracle, and Sharon Goldberg and Aanchal Malhotra of Boston University. + +Other fixes: + +* [Bug 3142] bug in netmask prefix length detection <perlinger@ntp.org> +* [Bug 3138] gpsdjson refclock should honor fudgetime1. stenn@ntp.org +* [Bug 3129] Unknown hosts can put resolver thread into a hard loop + - moved retry decision where it belongs. <perlinger@ntp.org> +* [Bug 3125] NTPD doesn't fully start when ntp.conf entries are out of order + using the loopback-ppsapi-provider.dll <perlinger@ntp.org> +* [Bug 3116] unit tests for NTP time stamp expansion. <perlinger@ntp.org> +* [Bug 3100] ntpq can't retrieve daemon_version <perlinger@ntp.org> + - fixed extended sysvar lookup (bug introduced with bug 3008 fix) +* [Bug 3095] Compatibility with openssl 1.1 <perlinger@ntp.org> + - applied patches by Kurt Roeckx <kurt@roeckx.be> to source + - added shim layer for SSL API calls with issues (both directions) +* [Bug 3089] Serial Parser does not work anymore for hopfser like device + - simplified / refactored hex-decoding in driver. <perlinger@ntp.org> +* [Bug 3084] update-leap mis-parses the leapfile name. HStenn. +* [Bug 3068] Linker warnings when building on Solaris. perlinger@ntp.org + - applied patch thanks to Andrew Stormont <andyjstormont@gmail.com> +* [Bug 3067] Root distance calculation needs improvement. HStenn +* [Bug 3066] NMEA clock ignores pps. perlinger@ntp.org + - PPS-HACK works again. +* [Bug 3059] Potential buffer overrun from oversized hash <perlinger@ntp.org> + - applied patch by Brian Utterback <brian.utterback@oracle.com> +* [Bug 3053] ntp_loopfilter.c frequency calc precedence error. Sarah White. +* [Bug 3050] Fix for bug #2960 causes [...] spurious error message. + <perlinger@ntp.org> + - patches by Reinhard Max <max@suse.com> and Havard Eidnes <he@uninett.no> +* [Bug 3047] Fix refclock_jjy C-DEX JST2000. abe@ntp.org + - Patch provided by Kuramatsu. +* [Bug 3021] unity_fixture.c needs pragma weak <perlinger@ntp.org> + - removed unnecessary & harmful decls of 'setUp()' & 'tearDown()' +* [Bug 3019] Windows: ERROR_HOST_UNREACHABLE block packet processing. DMayer +* [Bug 2998] sntp/tests/packetProcessing.c broken without openssl. JPerlinger +* [Bug 2961] sntp/tests/packetProcessing.c assumes AUTOKEY. HStenn. +* [Bug 2959] refclock_jupiter: gps week correction <perlinger@ntp.org> + - fixed GPS week expansion to work based on build date. Special thanks + to Craig Leres for initial patch and testing. +* [Bug 2951] ntpd tests fail: multiple definition of `send_via_ntp_signd' + - fixed Makefile.am <perlinger@ntp.org> +* [Bug 2689] ATOM driver processes last PPS pulse at startup, + even if it is very old <perlinger@ntp.org> + - make sure PPS source is alive before processing samples + - improve stability close to the 500ms phase jump (phase gate) +* Fix typos in include/ntp.h. +* Shim X509_get_signature_nid() if needed +* git author attribution cleanup +* bk ignore file cleanup +* remove locks in Windows IO, use rpc-like thread synchronisation instead + +--- +NTP 4.2.8p8 (Harlan Stenn <stenn@ntp.org>, 2016/06/02) + +Focus: Security, Bug fixes, enhancements. + +Severity: HIGH + +In addition to bug fixes and enhancements, this release fixes the +following 1 high- and 4 low-severity vulnerabilities: + +* CRYPTO_NAK crash + Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 + References: Sec 3046 / CVE-2016-4957 / VU#321640 + Affects: ntp-4.2.8p7, and ntp-4.3.92. + CVSS2: HIGH 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) + CVSS3: HIGH 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H + Summary: The fix for Sec 3007 in ntp-4.2.8p7 contained a bug that + could cause ntpd to crash. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p8, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you cannot upgrade from 4.2.8p7, the only other alternatives + are to patch your code or filter CRYPTO_NAK packets. + Properly monitor your ntpd instances, and auto-restart ntpd + (without -g) if it stops running. + Credit: This weakness was discovered by Nicolas Edet of Cisco. + +* Bad authentication demobilizes ephemeral associations + Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 + References: Sec 3045 / CVE-2016-4953 / VU#321640 + Affects: ntp-4, up to but not including ntp-4.2.8p8, and + ntp-4.3.0 up to, but not including ntp-4.3.93. + CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) + CVSS3: LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: An attacker who knows the origin timestamp and can send a + spoofed packet containing a CRYPTO-NAK to an ephemeral peer + target before any other response is sent can demobilize that + association. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p8, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Processing spoofed server packets + Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 + References: Sec 3044 / CVE-2016-4954 / VU#321640 + Affects: ntp-4, up to but not including ntp-4.2.8p8, and + ntp-4.3.0 up to, but not including ntp-4.3.93. + CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) + CVSS3: LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: An attacker who is able to spoof packets with correct origin + timestamps from enough servers before the expected response + packets arrive at the target machine can affect some peer + variables and, for example, cause a false leap indication to be set. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p8, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Jakub Prokes of Red Hat. + +* Autokey association reset + Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 + References: Sec 3043 / CVE-2016-4955 / VU#321640 + Affects: ntp-4, up to but not including ntp-4.2.8p8, and + ntp-4.3.0 up to, but not including ntp-4.3.93. + CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) + CVSS3: LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: An attacker who is able to spoof a packet with a correct + origin timestamp before the expected response packet arrives at + the target machine can send a CRYPTO_NAK or a bad MAC and cause + the association's peer variables to be cleared. If this can be + done often enough, it will prevent that association from working. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p8, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Broadcast interleave + Date Resolved: 02 June 2016; Dev (4.3.93) 02 June 2016 + References: Sec 3042 / CVE-2016-4956 / VU#321640 + Affects: ntp-4, up to but not including ntp-4.2.8p8, and + ntp-4.3.0 up to, but not including ntp-4.3.93. + CVSS2: LOW 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) + CVSS3: LOW 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: The fix for NtpBug2978 does not cover broadcast associations, + so broadcast clients can be triggered to flip into interleave mode. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p8, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +Other fixes: +* [Bug 3038] NTP fails to build in VS2015. perlinger@ntp.org + - provide build environment + - 'wint_t' and 'struct timespec' defined by VS2015 + - fixed print()/scanf() format issues +* [Bug 3052] Add a .gitignore file. Edmund Wong. +* [Bug 3054] miscopt.html documents the allan intercept in seconds. SWhite. +* [Bug 3058] fetch_timestamp() mishandles 64-bit alignment. Brian Utterback, + JPerlinger, HStenn. +* Fix typo in ntp-wait and plot_summary. HStenn. +* Make sure we have an "author" file for git imports. HStenn. +* Update the sntp problem tests for MacOS. HStenn. + +--- +NTP 4.2.8p7 (Harlan Stenn <stenn@ntp.org>, 2016/04/26) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +When building NTP from source, there is a new configure option +available, --enable-dynamic-interleave. More information on this below. + +Also note that ntp-4.2.8p7 logs more "unexpected events" than previous +versions of ntp. These events have almost certainly happened in the +past, it's just that they were silently counted and not logged. With +the increasing awareness around security, we feel it's better to clearly +log these events to help detect abusive behavior. This increased +logging can also help detect other problems, too. + +In addition to bug fixes and enhancements, this release fixes the +following 9 low- and medium-severity vulnerabilities: + +* Improve NTP security against buffer comparison timing attacks, + AKA: authdecrypt-timing + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 2879 / CVE-2016-1550 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSSv2: LOW 2.6 - (AV:L/AC:H/Au:N/C:P/I:P/A:N) + CVSSv3: MED 4.0 - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N + Summary: Packet authentication tests have been performed using + memcmp() or possibly bcmp(), and it is potentially possible + for a local or perhaps LAN-based attacker to send a packet with + an authentication payload and indirectly observe how much of + the digest has matched. + Mitigation: + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Properly monitor your ntpd instances. + Credit: This weakness was discovered independently by Loganaden + Velvindron, and Matthew Van Gundy and Stephen Gray of Cisco ASIG. + +* Zero origin timestamp bypass: Additional KoD checks. + References: Sec 2945 / Sec 2901 / CVE-2015-8138 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, + Summary: Improvements to the fixes incorporated in t 4.2.8p6 and 4.3.92. + +* peer associations were broken by the fix for NtpBug2899 + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 2952 / CVE-2015-7704 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSSv2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) + Summary: The fix for NtpBug2952 in ntp-4.2.8p5 to address broken peer + associations did not address all of the issues. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you can't upgrade, use "server" associations instead of + "peer" associations. + Monitor your ntpd instances. + Credit: This problem was discovered by Michael Tatarinov. + +* Validate crypto-NAKs, AKA: CRYPTO-NAK DoS + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3007 / CVE-2016-1547 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSS2: MED 4.3 - (AV:N/AC:M/Au:N/C:N/I:N/A:P) + CVSS3: MED 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L + Summary: For ntp-4 versions up to but not including ntp-4.2.8p7, an + off-path attacker can cause a preemptable client association to + be demobilized by sending a crypto NAK packet to a victim client + with a spoofed source address of an existing associated peer. + This is true even if authentication is enabled. + + Furthermore, if the attacker keeps sending crypto NAK packets, + for example one every second, the victim never has a chance to + reestablish the association and synchronize time with that + legitimate server. + + For ntp-4.2.8 thru ntp-4.2.8p6 there is less risk because more + stringent checks are performed on incoming packets, but there + are still ways to exploit this vulnerability in versions before + ntp-4.2.8p7. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances + Credit: This weakness was discovered by Stephen Gray and + Matthew Van Gundy of Cisco ASIG. + +* ctl_getitem() return value not always checked + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3008 / CVE-2016-2519 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSSv2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C) + CVSSv3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: ntpq and ntpdc can be used to store and retrieve information + in ntpd. It is possible to store a data value that is larger + than the size of the buffer that the ctl_getitem() function of + ntpd uses to report the return value. If the length of the + requested data value returned by ctl_getitem() is too large, + the value NULL is returned instead. There are 2 cases where the + return value from ctl_getitem() was not directly checked to make + sure it's not NULL, but there are subsequent INSIST() checks + that make sure the return value is not NULL. There are no data + values ordinarily stored in ntpd that would exceed this buffer + length. But if one has permission to store values and one stores + a value that is "too large", then ntpd will abort if an attempt + is made to read that oversized value. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Yihan Lian of the Cloud + Security Team, Qihoo 360. + +* Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3009 / CVE-2016-2518 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSS2: LOW 2.1 - (AV:N/AC:H/Au:S/C:N/I:N/A:P) + CVSS3: LOW 2.0 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L + Summary: Using a crafted packet to create a peer association with + hmode > 7 causes the MATCH_ASSOC() lookup to make an + out-of-bounds reference. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances + Credit: This weakness was discovered by Yihan Lian of the Cloud + Security Team, Qihoo 360. + +* remote configuration trustedkey/requestkey/controlkey values are not + properly validated + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3010 / CVE-2016-2517 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSS2: MED 4.9 - (AV:N/AC:H/Au:S/C:N/I:N/A:C) + CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: If ntpd was expressly configured to allow for remote + configuration, a malicious user who knows the controlkey for + ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) + can create a session with ntpd and then send a crafted packet to + ntpd that will change the value of the trustedkey, controlkey, + or requestkey to a value that will prevent any subsequent + authentication with ntpd until ntpd is restarted. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances + Credit: This weakness was discovered by Yihan Lian of the Cloud + Security Team, Qihoo 360. + +* Duplicate IPs on unconfig directives will cause an assertion botch in ntpd + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3011 / CVE-2016-2516 / VU#718152 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSS2: MED 6.3 - (AV:N/AC:M/Au:S/C:N/I:N/A:C) + CVSS3: MED 4.2 - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H + Summary: If ntpd was expressly configured to allow for remote + configuration, a malicious user who knows the controlkey for + ntpq or the requestkey for ntpdc (if mode7 is expressly enabled) + can create a session with ntpd and if an existing association is + unconfigured using the same IP twice on the unconfig directive + line, ntpd will abort. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Properly monitor your ntpd instances + Credit: This weakness was discovered by Yihan Lian of the Cloud + Security Team, Qihoo 360. + +* Refclock impersonation vulnerability + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3020 / CVE-2016-1551 + Affects: On a very limited number of OSes, all NTP releases up to but + not including 4.2.8p7, and 4.3.0 up to but not including 4.3.92. + By "very limited number of OSes" we mean no general-purpose OSes + have yet been identified that have this vulnerability. + CVSSv2: LOW 2.6 - (AV:N/AC:H/Au:N/C:N/I:P/A:N) + CVSSv3: LOW 3.7 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N + Summary: While most OSes implement martian packet filtering in their + network stack, at least regarding 127.0.0.0/8, some will allow + packets claiming to be from 127.0.0.0/8 that arrive over a + physical network. On these OSes, if ntpd is configured to use a + reference clock an attacker can inject packets over the network + that look like they are coming from that reference clock. + Mitigation: + Implement martian packet filtering and BCP-38. + Configure ntpd to use an adequate number of time sources. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you are unable to upgrade and if you are running an OS that + has this vulnerability, implement martian packet filters and + lobby your OS vendor to fix this problem, or run your + refclocks on computers that use OSes that are not vulnerable + to these attacks and have your vulnerable machines get their + time from protected resources. + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Matt Street and others of + Cisco ASIG. + +The following issues were fixed in earlier releases and contain +improvements in 4.2.8p7: + +* Clients that receive a KoD should validate the origin timestamp field. + References: Sec 2901 / CVE-2015-7704, CVE-2015-7705 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, + Summary: Improvements to the fixes incorporated into 4.2.8p4 and 4.3.77. + +* Skeleton key: passive server with trusted key can serve time. + References: Sec 2936 / CVE-2015-7974 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, + Summary: Improvements to the fixes incorporated in t 4.2.8p6 and 4.3.90. + +Two other vulnerabilities have been reported, and the mitigations +for these are as follows: + +* Interleave-pivot + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 2978 / CVE-2016-1548 + Affects: All ntp-4 releases. + CVSSv2: MED 6.4 - (AV:N/AC:L/Au:N/C:N/I:P/A:P) + CVSSv3: MED 7.2 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L + Summary: It is possible to change the time of an ntpd client or deny + service to an ntpd client by forcing it to change from basic + client/server mode to interleaved symmetric mode. An attacker + can spoof a packet from a legitimate ntpd server with an origin + timestamp that matches the peer->dst timestamp recorded for that + server. After making this switch, the client will reject all + future legitimate server responses. It is possible to force the + victim client to move time after the mode has been changed. + ntpq gives no indication that the mode has been switched. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p7, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. These + versions will not dynamically "flip" into interleave mode + unless configured to do so. + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Miroslav Lichvar of RedHat + and separately by Jonathan Gardner of Cisco ASIG. + +* Sybil vulnerability: ephemeral association attack + Date Resolved: Stable (4.2.8p7) 26 Apr 2016; Dev (4.3.92) 26 Apr 2016 + References: Sec 3012 / CVE-2016-1549 + Affects: All ntp-4 releases up to, but not including 4.2.8p7, and + 4.3.0 up to, but not including 4.3.92 + CVSSv2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N) + CVSS3v: MED 5.3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N + Summary: ntpd can be vulnerable to Sybil attacks. If one is not using + the feature introduced in ntp-4.2.8p6 allowing an optional 4th + field in the ntp.keys file to specify which IPs can serve time, + a malicious authenticated peer can create arbitrarily-many + ephemeral associations in order to win the clock selection of + ntpd and modify a victim's clock. + Mitigation: + Implement BCP-38. + Use the 4th field in the ntp.keys file to specify which IPs + can be time servers. + Properly monitor your ntpd instances. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG. + +Other fixes: + +* [Bug 2831] Segmentation Fault in DNS lookup during startup. perlinger@ntp.org + - fixed yet another race condition in the threaded resolver code. +* [Bug 2858] bool support. Use stdbool.h when available. HStenn. +* [Bug 2879] Improve NTP security against timing attacks. perlinger@ntp.org + - integrated patches by Loganaden Velvidron <logan@ntp.org> + with some modifications & unit tests +* [Bug 2960] async name resolution fixes for chroot() environments. + Reinhard Max. +* [Bug 2994] Systems with HAVE_SIGNALED_IO fail to compile. perlinger@ntp.org +* [Bug 2995] Fixes to compile on Windows +* [Bug 2999] out-of-bounds access in 'is_safe_filename()'. perlinger@ntp.org +* [Bug 3013] Fix for ssl_init.c SHA1 test. perlinger@ntp.org + - Patch provided by Ch. Weisgerber +* [Bug 3015] ntpq: config-from-file: "request contains an unprintable character" + - A change related to [Bug 2853] forbids trailing white space in + remote config commands. perlinger@ntp.org +* [Bug 3019] NTPD stops processing packets after ERROR_HOST_UNREACHABLE + - report and patch from Aleksandr Kostikov. + - Overhaul of Windows IO completion port handling. perlinger@ntp.org +* [Bug 3022] authkeys.c should be refactored. perlinger@ntp.org + - fixed memory leak in access list (auth[read]keys.c) + - refactored handling of key access lists (auth[read]keys.c) + - reduced number of error branches (authreadkeys.c) +* [Bug 3023] ntpdate cannot correct dates in the future. perlinger@ntp.org +* [Bug 3030] ntpq needs a general way to specify refid output format. HStenn. +* [Bug 3031] ntp broadcastclient unable to synchronize to an server + when the time of server changed. perlinger@ntp.org + - Check the initial delay calculation and reject/unpeer the broadcast + server if the delay exceeds 50ms. Retry again after the next + broadcast packet. +* [Bug 3036] autokey trips an INSIST in authistrustedip(). Harlan Stenn. +* Document ntp.key's optional IP list in authenetic.html. Harlan Stenn. +* Update html/xleave.html documentation. Harlan Stenn. +* Update ntp.conf documentation. Harlan Stenn. +* Fix some Credit: attributions in the NEWS file. Harlan Stenn. +* Fix typo in html/monopt.html. Harlan Stenn. +* Add README.pullrequests. Harlan Stenn. +* Cleanup to include/ntp.h. Harlan Stenn. + +New option to 'configure': + +While looking in to the issues around Bug 2978, the "interleave pivot" +issue, it became clear that there are some intricate and unresolved +issues with interleave operations. We also realized that the interleave +protocol was never added to the NTPv4 Standard, and it should have been. + +Interleave mode was first released in July of 2008, and can be engaged +in two ways. Any 'peer' and 'broadcast' lines in the ntp.conf file may +contain the 'xleave' option, which will expressly enable interlave mode +for that association. Additionally, if a time packet arrives and is +found inconsistent with normal protocol behavior but has certain +characteristics that are compatible with interleave mode, NTP will +dynamically switch to interleave mode. With sufficient knowledge, an +attacker can send a crafted forged packet to an NTP instance that +triggers only one side to enter interleaved mode. + +To prevent this attack until we can thoroughly document, describe, +fix, and test the dynamic interleave mode, we've added a new +'configure' option to the build process: + + --enable-dynamic-interleave + +This option controls whether or not NTP will, if conditions are right, +engage dynamic interleave mode. Dynamic interleave mode is disabled by +default in ntp-4.2.8p7. + +--- +NTP 4.2.8p6 (Harlan Stenn <stenn@ntp.org>, 2016/01/20) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +In addition to bug fixes and enhancements, this release fixes the +following 1 low- and 8 medium-severity vulnerabilities: + +* Potential Infinite Loop in 'ntpq' + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2548 / CVE-2015-8158 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS2: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM + Summary: 'ntpq' processes incoming packets in a loop in 'getresponse()'. + The loop's only stopping conditions are receiving a complete and + correct response or hitting a small number of error conditions. + If the packet contains incorrect values that don't trigger one of + the error conditions, the loop continues to receive new packets. + Note well, this is an attack against an instance of 'ntpq', not + 'ntpd', and this attack requires the attacker to do one of the + following: + * Own a malicious NTP server that the client trusts + * Prevent a legitimate NTP server from sending packets to + the 'ntpq' client + * MITM the 'ntpq' communications between the 'ntpq' client + and the NTP server + Mitigation: + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. + +* 0rigin: Zero Origin Timestamp Bypass + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2945 / CVE-2015-8138 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS2: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Base Score: 5.0 - MEDIUM + CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3 - MEDIUM + (3.7 - LOW if you score AC:L) + Summary: To distinguish legitimate peer responses from forgeries, a + client attempts to verify a response packet by ensuring that the + origin timestamp in the packet matches the origin timestamp it + transmitted in its last request. A logic error exists that + allows packets with an origin timestamp of zero to bypass this + check whenever there is not an outstanding request to the server. + Mitigation: + Configure 'ntpd' to get time from multiple sources. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Monitor your 'ntpd' instances. + Credit: This weakness was discovered by Matthey Van Gundy and + Jonathan Gardner of Cisco ASIG. + +* Stack exhaustion in recursive traversal of restriction list + Date Resolved: Stable (4.2.8p6) 19 Jan 2016 + References: Sec 2940 / CVE-2015-7978 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM + Summary: An unauthenticated 'ntpdc reslist' command can cause a + segmentation fault in ntpd by exhausting the call stack. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade: + In ntp-4.2.8, mode 7 is disabled by default. Don't enable it. + If you must enable mode 7: + configure the use of a 'requestkey' to control who can + issue mode 7 requests. + configure 'restrict noquery' to further limit mode 7 + requests to trusted sources. + Monitor your ntpd instances. + Credit: This weakness was discovered by Stephen Gray at Cisco ASIG. + +* Off-path Denial of Service (!DoS) attack on authenticated broadcast mode + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2942 / CVE-2015-7979 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:N/AC:M/Au:N/C:N/I:P/A:P) Base Score: 5.8 + Summary: An off-path attacker can send broadcast packets with bad + authentication (wrong key, mismatched key, incorrect MAC, etc) + to broadcast clients. It is observed that the broadcast client + tears down the association with the broadcast server upon + receiving just one bad packet. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Monitor your 'ntpd' instances. + If this sort of attack is an active problem for you, you have + deeper problems to investigate. In this case also consider + having smaller NTP broadcast domains. + Credit: This weakness was discovered by Aanchal Malhotra of Boston + University. + +* reslist NULL pointer dereference + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2939 / CVE-2015-7977 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3 - MEDIUM + Summary: An unauthenticated 'ntpdc reslist' command can cause a + segmentation fault in ntpd by causing a NULL pointer dereference. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from NTP Project Download Page or + the NTP Public Services Project Download Page. + If you are unable to upgrade: + mode 7 is disabled by default. Don't enable it. + If you must enable mode 7: + configure the use of a 'requestkey' to control who can + issue mode 7 requests. + configure 'restrict noquery' to further limit mode 7 + requests to trusted sources. + Monitor your ntpd instances. + Credit: This weakness was discovered by Stephen Gray of Cisco ASIG. + +* 'ntpq saveconfig' command allows dangerous characters in filenames. + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2938 / CVE-2015-7976 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:N/AC:L/Au:S/C:N/I:P/A:N) Base Score: 4.0 - MEDIUM + Summary: The ntpq saveconfig command does not do adequate filtering + of special characters from the supplied filename. + Note well: The ability to use the saveconfig command is controlled + by the 'restrict nomodify' directive, and the recommended default + configuration is to disable this capability. If the ability to + execute a 'saveconfig' is required, it can easily (and should) be + limited and restricted to a known small number of IP addresses. + Mitigation: + Implement BCP-38. + use 'restrict default nomodify' in your 'ntp.conf' file. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page. + If you are unable to upgrade: + build NTP with 'configure --disable-saveconfig' if you will + never need this capability, or + use 'restrict default nomodify' in your 'ntp.conf' file. Be + careful about what IPs have the ability to send 'modify' + requests to 'ntpd'. + Monitor your ntpd instances. + 'saveconfig' requests are logged to syslog - monitor your syslog files. + Credit: This weakness was discovered by Jonathan Gardner of Cisco ASIG. + +* nextvar() missing length check in ntpq + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2937 / CVE-2015-7975 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:L/AC:H/Au:N/C:N/I:N/A:P) Base Score: 1.2 - LOW + If you score A:C, this becomes 4.0. + CVSSv3: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) Base Score 2.9, LOW + Summary: ntpq may call nextvar() which executes a memcpy() into the + name buffer without a proper length check against its maximum + length of 256 bytes. Note well that we're taking about ntpq here. + The usual worst-case effect of this vulnerability is that the + specific instance of ntpq will crash and the person or process + that did this will have stopped themselves. + Mitigation: + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade: + If you have scripts that feed input to ntpq make sure there are + some sanity checks on the input received from the "outside". + This is potentially more dangerous if ntpq is run as root. + Credit: This weakness was discovered by Jonathan Gardner at Cisco ASIG. + +* Skeleton Key: Any trusted key system can serve time + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2936 / CVE-2015-7974 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:N/AC:H/Au:S/C:N/I:C/A:N) Base Score: 4.9 + Summary: Symmetric key encryption uses a shared trusted key. The + reported title for this issue was "Missing key check allows + impersonation between authenticated peers" and the report claimed + "A key specified only for one server should only work to + authenticate that server, other trusted keys should be refused." + Except there has never been any correlation between this trusted + key and server v. clients machines and there has never been any + way to specify a key only for one server. We have treated this as + an enhancement request, and ntp-4.2.8p6 includes other checks and + tests to strengthen clients against attacks coming from broadcast + servers. + Mitigation: + Implement BCP-38. + If this scenario represents a real or a potential issue for you, + upgrade to 4.2.8p6, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page, and + use the new field in the ntp.keys file that specifies the list + of IPs that are allowed to serve time. Note that this alone + will not protect against time packets with forged source IP + addresses, however other changes in ntp-4.2.8p6 provide + significant mitigation against broadcast attacks. MITM attacks + are a different story. + If you are unable to upgrade: + Don't use broadcast mode if you cannot monitor your client + servers. + If you choose to use symmetric keys to authenticate time + packets in a hostile environment where ephemeral time + servers can be created, or if it is expected that malicious + time servers will participate in an NTP broadcast domain, + limit the number of participating systems that participate + in the shared-key group. + Monitor your ntpd instances. + Credit: This weakness was discovered by Matt Street of Cisco ASIG. + +* Deja Vu: Replay attack on authenticated broadcast mode + Date Resolved: Stable (4.2.8p6) 19 Jan 2016; Dev (4.3.90) 19 Jan 2016 + References: Sec 2935 / CVE-2015-7973 + Affects: All ntp-4 releases up to, but not including 4.2.8p6, and + 4.3.0 up to, but not including 4.3.90 + CVSS: (AV:A/AC:M/Au:N/C:N/I:P/A:P) Base Score: 4.3 - MEDIUM + Summary: If an NTP network is configured for broadcast operations then + either a man-in-the-middle attacker or a malicious participant + that has the same trusted keys as the victim can replay time packets. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p6, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + If you are unable to upgrade: + Don't use broadcast mode if you cannot monitor your client servers. + Monitor your ntpd instances. + Credit: This weakness was discovered by Aanchal Malhotra of Boston + University. + +Other fixes: + +* [Bug 2772] adj_systime overflows tv_usec. perlinger@ntp.org +* [Bug 2814] msyslog deadlock when signaled. perlinger@ntp.org + - applied patch by shenpeng11@huawei.com with minor adjustments +* [Bug 2882] Look at ntp_request.c:list_peers_sum(). perlinger@ntp.org +* [Bug 2891] Deadlock in deferred DNS lookup framework. perlinger@ntp.org +* [Bug 2892] Several test cases assume IPv6 capabilities even when + IPv6 is disabled in the build. perlinger@ntp.org + - Found this already fixed, but validation led to cleanup actions. +* [Bug 2905] DNS lookups broken. perlinger@ntp.org + - added limits to stack consumption, fixed some return code handling +* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call + - changed stacked/nested handling of CTRL-C. perlinger@ntp.org + - make CTRL-C work for retrieval and printing od MRU list. perlinger@ntp.org +* [Bug 2980] reduce number of warnings. perlinger@ntp.org + - integrated several patches from Havard Eidnes (he@uninett.no) +* [Bug 2985] bogus calculation in authkeys.c perlinger@ntp.org + - implement 'auth_log2()' using integer bithack instead of float calculation +* Make leapsec_query debug messages less verbose. Harlan Stenn. + +--- +NTP 4.2.8p5 (Harlan Stenn <stenn@ntp.org>, 2016/01/07) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +In addition to bug fixes and enhancements, this release fixes the +following medium-severity vulnerability: + +* Small-step/big-step. Close the panic gate earlier. + References: Sec 2956, CVE-2015-5300 + Affects: All ntp-4 releases up to, but not including 4.2.8p5, and + 4.3.0 up to, but not including 4.3.78 + CVSS3: (AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:L) Base Score: 4.0, MEDIUM + Summary: If ntpd is always started with the -g option, which is + common and against long-standing recommendation, and if at the + moment ntpd is restarted an attacker can immediately respond to + enough requests from enough sources trusted by the target, which + is difficult and not common, there is a window of opportunity + where the attacker can cause ntpd to set the time to an + arbitrary value. Similarly, if an attacker is able to respond + to enough requests from enough sources trusted by the target, + the attacker can cause ntpd to abort and restart, at which + point it can tell the target to set the time to an arbitrary + value if and only if ntpd was re-started against long-standing + recommendation with the -g flag, or if ntpd was not given the + -g flag, the attacker can move the target system's time by at + most 900 seconds' time per attack. + Mitigation: + Configure ntpd to get time from multiple sources. + Upgrade to 4.2.8p5, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page + As we've long documented, only use the -g option to ntpd in + cold-start situations. + Monitor your ntpd instances. + Credit: This weakness was discovered by Aanchal Malhotra, + Isaac E. Cohen, and Sharon Goldberg at Boston University. + + NOTE WELL: The -g flag disables the limit check on the panic_gate + in ntpd, which is 900 seconds by default. The bug identified by + the researchers at Boston University is that the panic_gate + check was only re-enabled after the first change to the system + clock that was greater than 128 milliseconds, by default. The + correct behavior is that the panic_gate check should be + re-enabled after any initial time correction. + + If an attacker is able to inject consistent but erroneous time + responses to your systems via the network or "over the air", + perhaps by spoofing radio, cellphone, or navigation satellite + transmissions, they are in a great position to affect your + system's clock. There comes a point where your very best + defenses include: + + Configure ntpd to get time from multiple sources. + Monitor your ntpd instances. + +Other fixes: + +* Coverity submission process updated from Coverity 5 to Coverity 7. + The NTP codebase has been undergoing regular Coverity scans on an + ongoing basis since 2006. As part of our recent upgrade from + Coverity 5 to Coverity 7, Coverity identified 16 nits in some of + the newly-written Unity test programs. These were fixed. +* [Bug 2829] Clean up pipe_fds in ntpd.c perlinger@ntp.org +* [Bug 2887] stratum -1 config results as showing value 99 + - fudge stratum should only accept values [0..16]. perlinger@ntp.org +* [Bug 2932] Update leapsecond file info in miscopt.html. CWoodbury, HStenn. +* [Bug 2934] tests/ntpd/t-ntp_scanner.c has a magic constant wired in. HMurray +* [Bug 2944] errno is not preserved properly in ntpdate after sendto call. + - applied patch by Christos Zoulas. perlinger@ntp.org +* [Bug 2952] Peer associations broken by fix for Bug 2901/CVE-2015-7704. +* [Bug 2954] Version 4.2.8p4 crashes on startup on some OSes. + - fixed data race conditions in threaded DNS worker. perlinger@ntp.org + - limit threading warm-up to linux; FreeBSD bombs on it. perlinger@ntp.org +* [Bug 2957] 'unsigned int' vs 'size_t' format clash. perlinger@ntp.org + - accept key file only if there are no parsing errors + - fixed size_t/u_int format clash + - fixed wrong use of 'strlcpy' +* [Bug 2958] ntpq: fatal error messages need a final newline. Craig Leres. +* [Bug 2962] truncation of size_t/ptrdiff_t on 64bit targets. perlinger@ntp.org + - fixed several other warnings (cast-alignment, missing const, missing prototypes) + - promote use of 'size_t' for values that express a size + - use ptr-to-const for read-only arguments + - make sure SOCKET values are not truncated (win32-specific) + - format string fixes +* [Bug 2965] Local clock didn't work since 4.2.8p4. Martin Burnicki. +* [Bug 2967] ntpdate command suffers an assertion failure + - fixed ntp_rfc2553.c to return proper address length. perlinger@ntp.org +* [Bug 2969] Seg fault from ntpq/mrulist when looking at server with + lots of clients. perlinger@ntp.org +* [Bug 2971] ntpq bails on ^C: select fails: Interrupted system call + - changed stacked/nested handling of CTRL-C. perlinger@ntp.org +* Unity cleanup for FreeBSD-6.4. Harlan Stenn. +* Unity test cleanup. Harlan Stenn. +* Libevent autoconf pthread fixes for FreeBSD-10. Harlan Stenn. +* Header cleanup in tests/sandbox/uglydate.c. Harlan Stenn. +* Header cleanup in tests/libntp/sfptostr.c. Harlan Stenn. +* Quiet a warning from clang. Harlan Stenn. + +--- +NTP 4.2.8p4 (Harlan Stenn <stenn@ntp.org>, 2015/10/21) + +Focus: Security, Bug fixes, enhancements. + +Severity: MEDIUM + +In addition to bug fixes and enhancements, this release fixes the +following 13 low- and medium-severity vulnerabilities: + +* Incomplete vallen (value length) checks in ntp_crypto.c, leading + to potential crashes or potential code injection/information leakage. + + References: Sec 2899, Sec 2671, CVE-2015-7691, CVE-2015-7692, CVE-2015-7702 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, + and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6 + Summary: The fix for CVE-2014-9750 was incomplete in that there were + certain code paths where a packet with particular autokey operations + that contained malicious data was not always being completely + validated. Receipt of these packets can cause ntpd to crash. + Mitigation: + Don't use autokey. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page + Monitor your ntpd instances. + Credit: This weakness was discovered by Tenable Network Security. + +* Clients that receive a KoD should validate the origin timestamp field. + + References: Sec 2901 / CVE-2015-7704, CVE-2015-7705 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, + and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:M/Au:N/C:N/I:N/A:P) Base Score: 4.3-5.0 at worst + Summary: An ntpd client that honors Kiss-of-Death responses will honor + KoD messages that have been forged by an attacker, causing it to + delay or stop querying its servers for time updates. Also, an + attacker can forge packets that claim to be from the target and + send them to servers often enough that a server that implements + KoD rate limiting will send the target machine a KoD response to + attempt to reduce the rate of incoming packets, or it may also + trigger a firewall block at the server for packets from the target + machine. For either of these attacks to succeed, the attacker must + know what servers the target is communicating with. An attacker + can be anywhere on the Internet and can frequently learn the + identity of the target's time source by sending the target a + time query. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + If you can't upgrade, restrict who can query ntpd to learn who + its servers are, and what IPs are allowed to ask your system + for the time. This mitigation is heavy-handed. + Monitor your ntpd instances. + Note: + 4.2.8p4 protects against the first attack. For the second attack, + all we can do is warn when it is happening, which we do in 4.2.8p4. + Credit: This weakness was discovered by Aanchal Malhotra, + Issac E. Cohen, and Sharon Goldberg of Boston University. + +* configuration directives to change "pidfile" and "driftfile" should + only be allowed locally. + + References: Sec 2902 / CVE-2015-5196 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, + and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:C/A:C) Base Score: 6.2 worst case + Summary: If ntpd is configured to allow for remote configuration, + and if the (possibly spoofed) source IP address is allowed to + send remote configuration requests, and if the attacker knows + the remote configuration password, it's possible for an attacker + to use the "pidfile" or "driftfile" directives to potentially + overwrite other files. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page + If you cannot upgrade, don't enable remote configuration. + If you must enable remote configuration and cannot upgrade, + remote configuration of NTF's ntpd requires: + - an explicitly configured trustedkey, and you should also + configure a controlkey. + - access from a permitted IP. You choose the IPs. + - authentication. Don't disable it. Practice secure key safety. + Monitor your ntpd instances. + Credit: This weakness was discovered by Miroslav Lichvar of Red Hat. + +* Slow memory leak in CRYPTO_ASSOC + + References: Sec 2909 / CVE-2015-7701 + Affects: All ntp-4 releases that use autokey up to, but not + including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 0.0 best/usual case, + 4.6 otherwise + Summary: If ntpd is configured to use autokey, then an attacker can + send packets to ntpd that will, after several days of ongoing + attack, cause it to run out of memory. + Mitigation: + Don't use autokey. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page + Monitor your ntpd instances. + Credit: This weakness was discovered by Tenable Network Security. + +* mode 7 loop counter underrun + + References: Sec 2913 / CVE-2015-7848 / TALOS-CAN-0052 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, + and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6 + Summary: If ntpd is configured to enable mode 7 packets, and if the + use of mode 7 packets is not properly protected thru the use of + the available mode 7 authentication and restriction mechanisms, + and if the (possibly spoofed) source IP address is allowed to + send mode 7 queries, then an attacker can send a crafted packet + to ntpd that will cause it to crash. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade: + In ntp-4.2.8, mode 7 is disabled by default. Don't enable it. + If you must enable mode 7: + configure the use of a requestkey to control who can issue + mode 7 requests. + configure restrict noquery to further limit mode 7 requests + to trusted sources. + Monitor your ntpd instances. +Credit: This weakness was discovered by Aleksandar Nikolic of Cisco Talos. + +* memory corruption in password store + + References: Sec 2916 / CVE-2015-7849 / TALOS-CAN-0054 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:C/A:C) Base Score: 6.8, worst case + Summary: If ntpd is configured to allow remote configuration, and if + the (possibly spoofed) source IP address is allowed to send + remote configuration requests, and if the attacker knows the + remote configuration password or if ntpd was configured to + disable authentication, then an attacker can send a set of + packets to ntpd that may cause a crash or theoretically + perform a code injection attack. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade, remote configuration of NTF's + ntpd requires: + an explicitly configured "trusted" key. Only configure + this if you need it. + access from a permitted IP address. You choose the IPs. + authentication. Don't disable it. Practice secure key safety. + Monitor your ntpd instances. + Credit: This weakness was discovered by Yves Younan of Cisco Talos. + +* Infinite loop if extended logging enabled and the logfile and + keyfile are the same. + + References: Sec 2917 / CVE-2015-7850 / TALOS-CAN-0055 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, + and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6, worst case + Summary: If ntpd is configured to allow remote configuration, and if + the (possibly spoofed) source IP address is allowed to send + remote configuration requests, and if the attacker knows the + remote configuration password or if ntpd was configured to + disable authentication, then an attacker can send a set of + packets to ntpd that will cause it to crash and/or create a + potentially huge log file. Specifically, the attacker could + enable extended logging, point the key file at the log file, + and cause what amounts to an infinite loop. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade, remote configuration of NTF's ntpd + requires: + an explicitly configured "trusted" key. Only configure this + if you need it. + access from a permitted IP address. You choose the IPs. + authentication. Don't disable it. Practice secure key safety. + Monitor your ntpd instances. + Credit: This weakness was discovered by Yves Younan of Cisco Talos. + +* Potential path traversal vulnerability in the config file saving of + ntpd on VMS. + + References: Sec 2918 / CVE-2015-7851 / TALOS-CAN-0062 + Affects: All ntp-4 releases running under VMS up to, but not + including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:P/A:C) Base Score: 5.2, worst case + Summary: If ntpd is configured to allow remote configuration, and if + the (possibly spoofed) IP address is allowed to send remote + configuration requests, and if the attacker knows the remote + configuration password or if ntpd was configured to disable + authentication, then an attacker can send a set of packets to + ntpd that may cause ntpd to overwrite files. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade, remote configuration of NTF's ntpd + requires: + an explicitly configured "trusted" key. Only configure + this if you need it. + access from permitted IP addresses. You choose the IPs. + authentication. Don't disable it. Practice key security safety. + Monitor your ntpd instances. + Credit: This weakness was discovered by Yves Younan of Cisco Talos. + +* ntpq atoascii() potential memory corruption + + References: Sec 2919 / CVE-2015-7852 / TALOS-CAN-0063 + Affects: All ntp-4 releases running up to, but not including 4.2.8p4, + and 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:N/C:N/I:P/A:P) Base Score: 4.0, worst case + Summary: If an attacker can figure out the precise moment that ntpq + is listening for data and the port number it is listening on or + if the attacker can provide a malicious instance ntpd that + victims will connect to then an attacker can send a set of + crafted mode 6 response packets that, if received by ntpq, + can cause ntpq to crash. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade and you run ntpq against a server + and ntpq crashes, try again using raw mode. Build or get a + patched ntpq and see if that fixes the problem. Report new + bugs in ntpq or abusive servers appropriately. + If you use ntpq in scripts, make sure ntpq does what you expect + in your scripts. + Credit: This weakness was discovered by Yves Younan and + Aleksander Nikolich of Cisco Talos. + +* Invalid length data provided by a custom refclock driver could cause + a buffer overflow. + + References: Sec 2920 / CVE-2015-7853 / TALOS-CAN-0064 + Affects: Potentially all ntp-4 releases running up to, but not + including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77 + that have custom refclocks + CVSS: (AV:L/AC:H/Au:M/C:C/I:C/A:C) Base Score: 0.0 usual case, + 5.9 unusual worst case + Summary: A negative value for the datalen parameter will overflow a + data buffer. NTF's ntpd driver implementations always set this + value to 0 and are therefore not vulnerable to this weakness. + If you are running a custom refclock driver in ntpd and that + driver supplies a negative value for datalen (no custom driver + of even minimal competence would do this) then ntpd would + overflow a data buffer. It is even hypothetically possible + in this case that instead of simply crashing ntpd the attacker + could effect a code injection attack. + Mitigation: + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade: + If you are running custom refclock drivers, make sure + the signed datalen value is either zero or positive. + Monitor your ntpd instances. + Credit: This weakness was discovered by Yves Younan of Cisco Talos. + +* Password Length Memory Corruption Vulnerability + + References: Sec 2921 / CVE-2015-7854 / TALOS-CAN-0065 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, and + 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:C/I:C/A:C) Base Score: 0.0 best case, + 1.7 usual case, 6.8, worst case + Summary: If ntpd is configured to allow remote configuration, and if + the (possibly spoofed) source IP address is allowed to send + remote configuration requests, and if the attacker knows the + remote configuration password or if ntpd was (foolishly) + configured to disable authentication, then an attacker can + send a set of packets to ntpd that may cause it to crash, + with the hypothetical possibility of a small code injection. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade, remote configuration of NTF's + ntpd requires: + an explicitly configured "trusted" key. Only configure + this if you need it. + access from a permitted IP address. You choose the IPs. + authentication. Don't disable it. Practice secure key safety. + Monitor your ntpd instances. + Credit: This weakness was discovered by Yves Younan and + Aleksander Nikolich of Cisco Talos. + +* decodenetnum() will ASSERT botch instead of returning FAIL on some + bogus values. + + References: Sec 2922 / CVE-2015-7855 + Affects: All ntp-4 releases up to, but not including 4.2.8p4, and + 4.3.0 up to, but not including 4.3.77 + CVSS: (AV:N/AC:H/Au:M/C:N/I:N/A:C) Base Score: 4.6, worst case + Summary: If ntpd is fed a crafted mode 6 or mode 7 packet containing + an unusually long data value where a network address is expected, + the decodenetnum() function will abort with an assertion failure + instead of simply returning a failure condition. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade: + mode 7 is disabled by default. Don't enable it. + Use restrict noquery to limit who can send mode 6 + and mode 7 requests. + Configure and use the controlkey and requestkey + authentication directives to limit who can + send mode 6 and mode 7 requests. + Monitor your ntpd instances. + Credit: This weakness was discovered by John D "Doug" Birdwell of IDA.org. + +* NAK to the Future: Symmetric association authentication bypass via + crypto-NAK. + + References: Sec 2941 / CVE-2015-7871 + Affects: All ntp-4 releases between 4.2.5p186 up to but not including + 4.2.8p4, and 4.3.0 up to but not including 4.3.77 + CVSS: (AV:N/AC:L/Au:N/C:N/I:P/A:P) Base Score: 6.4 + Summary: Crypto-NAK packets can be used to cause ntpd to accept time + from unauthenticated ephemeral symmetric peers by bypassing the + authentication required to mobilize peer associations. This + vulnerability appears to have been introduced in ntp-4.2.5p186 + when the code handling mobilization of new passive symmetric + associations (lines 1103-1165) was refactored. + Mitigation: + Implement BCP-38. + Upgrade to 4.2.8p4, or later, from the NTP Project Download + Page or the NTP Public Services Project Download Page. + If you are unable to upgrade: + Apply the patch to the bottom of the "authentic" check + block around line 1136 of ntp_proto.c. + Monitor your ntpd instances. + Credit: This weakness was discovered by Matthew Van Gundy of Cisco ASIG. + +Backward-Incompatible changes: +* [Bug 2817] Default on Linux is now "rlimit memlock -1". + While the general default of 32M is still the case, under Linux + the default value has been changed to -1 (do not lock ntpd into + memory). A value of 0 means "lock ntpd into memory with whatever + memory it needs." If your ntp.conf file has an explicit "rlimit memlock" + value in it, that value will continue to be used. + +* [Bug 2886] Misspelling: "outlyer" should be "outlier". + If you've written a script that looks for this case in, say, the + output of ntpq, you probably want to change your regex matches + from 'outlyer' to 'outl[iy]er'. + +New features in this release: +* 'rlimit memlock' now has finer-grained control. A value of -1 means + "don't lock ntpd into memore". This is the default for Linux boxes. + A value of 0 means "lock ntpd into memory" with no limits. Otherwise + the value is the number of megabytes of memory to lock. The default + is 32 megabytes. + +* The old Google Test framework has been replaced with a new framework, + based on http://www.throwtheswitch.org/unity/ . + +Bug Fixes and Improvements: +* [Bug 2332] (reopened) Exercise thread cancellation once before dropping + privileges and limiting resources in NTPD removes the need to link + forcefully against 'libgcc_s' which does not always work. J.Perlinger +* [Bug 2595] ntpdate man page quirks. Hal Murray, Harlan Stenn. +* [Bug 2625] Deprecate flag1 in local refclock. Hal Murray, Harlan Stenn. +* [Bug 2817] Stop locking ntpd into memory by default under Linux. H.Stenn. +* [Bug 2821] minor build issues: fixed refclock_gpsdjson.c. perlinger@ntp.org +* [Bug 2823] ntpsweep with recursive peers option doesn't work. H.Stenn. +* [Bug 2849] Systems with more than one default route may never + synchronize. Brian Utterback. Note that this patch might need to + be reverted once Bug 2043 has been fixed. +* [Bug 2864] 4.2.8p3 fails to compile on Windows. Juergen Perlinger +* [Bug 2866] segmentation fault at initgroups(). Harlan Stenn. +* [Bug 2867] ntpd with autokey active crashed by 'ntpq -crv'. J.Perlinger +* [Bug 2873] libevent should not include .deps/ in the tarball. H.Stenn +* [Bug 2874] Don't distribute generated sntp/tests/fileHandlingTest.h. H.Stenn +* [Bug 2875] sntp/Makefile.am: Get rid of DIST_SUBDIRS. libevent must + be configured for the distribution targets. Harlan Stenn. +* [Bug 2883] ntpd crashes on exit with empty driftfile. Miroslav Lichvar. +* [Bug 2886] Mis-spelling: "outlyer" should be "outlier". dave@horsfall.org +* [Bug 2888] streamline calendar functions. perlinger@ntp.org +* [Bug 2889] ntp-dev-4.3.67 does not build on Windows. perlinger@ntp.org +* [Bug 2890] Ignore ENOBUFS on routing netlink socket. Konstantin Khlebnikov. +* [Bug 2906] make check needs better support for pthreads. Harlan Stenn. +* [Bug 2907] dist* build targets require our libevent/ to be enabled. HStenn. +* [Bug 2912] no munlockall() under Windows. David Taylor, Harlan Stenn. +* libntp/emalloc.c: Remove explicit include of stdint.h. Harlan Stenn. +* Put Unity CPPFLAGS items in unity_config.h. Harlan Stenn. +* tests/ntpd/g_leapsec.cpp typo fix. Harlan Stenn. +* Phase 1 deprecation of google test in sntp/tests/. Harlan Stenn. +* On some versions of HP-UX, inttypes.h does not include stdint.h. H.Stenn. +* top_srcdir can change based on ntp v. sntp. Harlan Stenn. +* sntp/tests/ function parameter list cleanup. Damir Tomić. +* tests/libntp/ function parameter list cleanup. Damir Tomić. +* tests/ntpd/ function parameter list cleanup. Damir Tomić. +* sntp/unity/unity_config.h: handle stdint.h. Harlan Stenn. +* sntp/unity/unity_internals.h: handle *INTPTR_MAX on old Solaris. H.Stenn. +* tests/libntp/timevalops.c and timespecops.c fixed error printing. D.Tomić. +* tests/libntp/ improvements in code and fixed error printing. Damir Tomić. +* tests/libntp: a_md5encrypt.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c, + caltontp.c, clocktime.c, humandate.c, hextolfp.c, decodenetnum.c - fixed + formatting; first declaration, then code (C90); deleted unnecessary comments; + changed from sprintf to snprintf; fixed order of includes. Tomasz Flendrich +* tests/libntp/lfpfunc.c remove unnecessary include, remove old comments, + fix formatting, cleanup. Tomasz Flendrich +* tests/libntp/lfptostr.c remove unnecessary include, add consts, fix formatting. + Tomasz Flendrich +* tests/libntp/statestr.c remove empty functions, remove unnecessary include, + fix formatting. Tomasz Flendrich +* tests/libntp/modetoa.c fixed formatting. Tomasz Flendrich +* tests/libntp/msyslog.c fixed formatting. Tomasz Flendrich +* tests/libntp/numtoa.c deleted unnecessary empty functions, fixed formatting. + Tomasz Flendrich +* tests/libntp/numtohost.c added const, fixed formatting. Tomasz Flendrich +* tests/libntp/refnumtoa.c fixed formatting. Tomasz Flendrich +* tests/libntp/ssl_init.c fixed formatting. Tomasz Flendrich +* tests/libntp/tvtots.c fixed a bug, fixed formatting. Tomasz Flendrich +* tests/libntp/uglydate.c removed an unnecessary include. Tomasz Flendrich +* tests/libntp/vi64ops.c removed an unnecessary comment, fixed formatting. +* tests/libntp/ymd3yd.c removed an empty function and an unnecessary include, +fixed formatting. Tomasz Flendrich +* tests/libntp/timespecops.c fixed formatting, fixed the order of includes, + removed unnecessary comments, cleanup. Tomasz Flendrich +* tests/libntp/timevalops.c fixed the order of includes, deleted unnecessary + comments, cleanup. Tomasz Flendrich +* tests/libntp/sockaddrtest.h making it agree to NTP's conventions of formatting. + Tomasz Flendrich +* tests/libntp/lfptest.h cleanup. Tomasz Flendrich +* tests/libntp/test-libntp.c fix formatting. Tomasz Flendrich +* sntp/tests/crypto.c is now using proper Unity's assertions, fixed formatting. + Tomasz Flendrich +* sntp/tests/kodDatabase.c added consts, deleted empty function, + fixed formatting. Tomasz Flendrich +* sntp/tests/kodFile.c cleanup, fixed formatting. Tomasz Flendrich +* sntp/tests/packetHandling.c is now using proper Unity's assertions, + fixed formatting, deleted unused variable. Tomasz Flendrich +* sntp/tests/keyFile.c is now using proper Unity's assertions, fixed formatting. + Tomasz Flendrich +* sntp/tests/packetProcessing.c changed from sprintf to snprintf, + fixed formatting. Tomasz Flendrich +* sntp/tests/utilities.c is now using proper Unity's assertions, changed + the order of includes, fixed formatting, removed unnecessary comments. + Tomasz Flendrich +* sntp/tests/sntptest.h fixed formatting. Tomasz Flendrich +* sntp/tests/fileHandlingTest.h.in fixed a possible buffer overflow problem, + made one function do its job, deleted unnecessary prints, fixed formatting. + Tomasz Flendrich +* sntp/unity/Makefile.am added a missing header. Tomasz Flendrich +* sntp/unity/unity_config.h: Distribute it. Harlan Stenn. +* sntp/libevent/evconfig-private.h: remove generated filefrom SCM. H.Stenn. +* sntp/unity/Makefile.am: fix some broken paths. Harlan Stenn. +* sntp/unity/unity.c: Clean up a printf(). Harlan Stenn. +* Phase 1 deprecation of google test in tests/libntp/. Harlan Stenn. +* Don't build sntp/libevent/sample/. Harlan Stenn. +* tests/libntp/test_caltontp needs -lpthread. Harlan Stenn. +* br-flock: --enable-local-libevent. Harlan Stenn. +* Wrote tests for ntpd/ntp_prio_q.c. Tomasz Flendrich +* scripts/lib/NTP/Util.pm: stratum output is version-dependent. Harlan Stenn. +* Get rid of the NTP_ prefix on our assertion macros. Harlan Stenn. +* Code cleanup. Harlan Stenn. +* libntp/icom.c: Typo fix. Harlan Stenn. +* util/ntptime.c: initialization nit. Harlan Stenn. +* ntpd/ntp_peer.c:newpeer(): added a DEBUG_REQUIRE(srcadr). Harlan Stenn. +* Add std_unity_tests to various Makefile.am files. Harlan Stenn. +* ntpd/ntp_restrict.c: added a few assertions, created tests for this file. + Tomasz Flendrich +* Changed progname to be const in many files - now it's consistent. Tomasz + Flendrich +* Typo fix for GCC warning suppression. Harlan Stenn. +* Added tests/ntpd/ntp_scanner.c test. Damir Tomić. +* Added declarations to all Unity tests, and did minor fixes to them. + Reduced the number of warnings by half. Damir Tomić. +* Updated generate_test_runner.rb and updated the sntp/unity/auto directory + with the latest Unity updates from Mark. Damir Tomić. +* Retire google test - phase I. Harlan Stenn. +* Unity test cleanup: move declaration of 'initializing'. Harlan Stenn. +* Update the NEWS file. Harlan Stenn. +* Autoconf cleanup. Harlan Stenn. +* Unit test dist cleanup. Harlan Stenn. +* Cleanup various test Makefile.am files. Harlan Stenn. +* Pthread autoconf macro cleanup. Harlan Stenn. +* Fix progname definition in unity runner scripts. Harlan Stenn. +* Clean trailing whitespace in tests/ntpd/Makefile.am. Harlan Stenn. +* Update the patch for bug 2817. Harlan Stenn. +* More updates for bug 2817. Harlan Stenn. +* Fix bugs in tests/ntpd/ntp_prio_q.c. Harlan Stenn. +* gcc on older HPUX may need +allowdups. Harlan Stenn. +* Adding missing MCAST protection. Harlan Stenn. +* Disable certain test programs on certain platforms. Harlan Stenn. +* Implement --enable-problem-tests (on by default). Harlan Stenn. +* build system tweaks. Harlan Stenn. + +--- +NTP 4.2.8p3 (Harlan Stenn <stenn@ntp.org>, 2015/06/29) + +Focus: 1 Security fix. Bug fixes and enhancements. Leap-second improvements. + +Severity: MEDIUM + +Security Fix: + +* [Sec 2853] Crafted remote config packet can crash some versions of + ntpd. Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn. + +Under specific circumstances an attacker can send a crafted packet to +cause a vulnerable ntpd instance to crash. This requires each of the +following to be true: + +1) ntpd set up to allow remote configuration (not allowed by default), and +2) knowledge of the configuration password, and +3) access to a computer entrusted to perform remote configuration. + +This vulnerability is considered low-risk. + +New features in this release: + +Optional (disabled by default) support to have ntpd provide smeared +leap second time. A specially built and configured ntpd will only +offer smeared time in response to client packets. These response +packets will also contain a "refid" of 254.a.b.c, where the 24 bits +of a, b, and c encode the amount of smear in a 2:22 integer:fraction +format. See README.leapsmear and http://bugs.ntp.org/2855 for more +information. + + *IF YOU CHOOSE TO CONFIGURE NTPD TO PROVIDE LEAP SMEAR TIME* + *BE SURE YOU DO NOT OFFER THAT TIME ON PUBLIC TIMESERVERS.* + +We've imported the Unity test framework, and have begun converting +the existing google-test items to this new framework. If you want +to write new tests or change old ones, you'll need to have ruby +installed. You don't need ruby to run the test suite. + +Bug Fixes and Improvements: + +* CID 739725: Fix a rare resource leak in libevent/listener.c. +* CID 1295478: Quiet a pedantic potential error from the fix for Bug 2776. +* CID 1296235: Fix refclock_jjy.c and correcting type of the driver40-ja.html +* CID 1269537: Clean up a line of dead code in getShmTime(). +* [Bug 1060] Buffer overruns in libparse/clk_rawdcf.c. Helge Oldach. +* [Bug 2590] autogen-5.18.5. +* [Bug 2612] restrict: Warn when 'monitor' can't be disabled because + of 'limited'. +* [Bug 2650] fix includefile processing. +* [Bug 2745] ntpd -x steps clock on leap second + Fixed an initial-value problem that caused misbehaviour in absence of + any leapsecond information. + Do leap second stepping only of the step adjustment is beyond the + proper jump distance limit and step correction is allowed at all. +* [Bug 2750] build for Win64 + Building for 32bit of loopback ppsapi needs def file +* [Bug 2776] Improve ntpq's 'help keytype'. +* [Bug 2778] Implement "apeers" ntpq command to include associd. +* [Bug 2782] Refactor refclock_shm.c, add memory barrier protection. +* [Bug 2792] If the IFF_RUNNING interface flag is supported then an + interface is ignored as long as this flag is not set since the + interface is not usable (e.g., no link). +* [Bug 2794] Clean up kernel clock status reports. +* [Bug 2800] refclock_true.c true_debug() can't open debug log because + of incompatible open/fdopen parameters. +* [Bug 2804] install-local-data assumes GNU 'find' semantics. +* [Bug 2805] ntpd fails to join multicast group. +* [Bug 2806] refclock_jjy.c supports the Telephone JJY. +* [Bug 2808] GPSD_JSON driver enhancements, step 1. + Fix crash during cleanup if GPS device not present and char device. + Increase internal token buffer to parse all JSON data, even SKY. + Defer logging of errors during driver init until the first unit is + started, so the syslog is not cluttered when the driver is not used. + Various improvements, see http://bugs.ntp.org/2808 for details. + Changed libjsmn to a more recent version. +* [Bug 2810] refclock_shm.c memory barrier code needs tweaks for QNX. +* [Bug 2813] HP-UX needs -D__STDC_VERSION__=199901L and limits.h. +* [Bug 2815] net-snmp before v5.4 has circular library dependencies. +* [Bug 2821] Add a missing NTP_PRINTF and a missing const. +* [Bug 2822] New leap column in sntp broke NTP::Util.pm. +* [Bug 2824] Convert update-leap to perl. (also see 2769) +* [Bug 2825] Quiet file installation in html/ . +* [Bug 2830] ntpd doesn't always transfer the correct TAI offset via autokey + NTPD transfers the current TAI (instead of an announcement) now. + This might still needed improvement. + Update autokey data ASAP when 'sys_tai' changes. + Fix unit test that was broken by changes for autokey update. + Avoid potential signature length issue and use DPRINTF where possible + in ntp_crypto.c. +* [Bug 2832] refclock_jjy.c supports the TDC-300. +* [Bug 2834] Correct a broken html tag in html/refclock.html +* [Bug 2836] DFC77 patches from Frank Kardel to make decoding more + robust, and require 2 consecutive timestamps to be consistent. +* [Bug 2837] Allow a configurable DSCP value. +* [Bug 2837] add test for DSCP to ntpd/complete.conf.in +* [Bug 2842] Glitch in ntp.conf.def documentation stanza. +* [Bug 2842] Bug in mdoc2man. +* [Bug 2843] make check fails on 4.3.36 + Fixed compiler warnings about numeric range overflow + (The original topic was fixed in a byplay to bug#2830) +* [Bug 2845] Harden memory allocation in ntpd. +* [Bug 2852] 'make check' can't find unity.h. Hal Murray. +* [Bug 2854] Missing brace in libntp/strdup.c. Masanari Iida. +* [Bug 2855] Parser fix for conditional leap smear code. Harlan Stenn. +* [Bug 2855] Report leap smear in the REFID. Harlan Stenn. +* [Bug 2855] Implement conditional leap smear code. Martin Burnicki. +* [Bug 2856] ntpd should wait() on terminated child processes. Paul Green. +* [Bug 2857] Stratus VOS does not support SIGIO. Paul Green. +* [Bug 2859] Improve raw DCF77 robustness deconding. Frank Kardel. +* [Bug 2860] ntpq ifstats sanity check is too stringent. Frank Kardel. +* html/drivers/driver22.html: typo fix. Harlan Stenn. +* refidsmear test cleanup. Tomasz Flendrich. +* refidsmear function support and tests. Harlan Stenn. +* sntp/tests/Makefile.am: remove g_nameresolution.cpp as it tested + something that was only in the 4.2.6 sntp. Harlan Stenn. +* Modified tests/bug-2803/Makefile.am so it builds Unity framework tests. + Damir Tomić +* Modified tests/libtnp/Makefile.am so it builds Unity framework tests. + Damir Tomić +* Modified sntp/tests/Makefile.am so it builds Unity framework tests. + Damir Tomić +* tests/sandbox/smeartest.c: Harlan Stenn, Damir Tomic, Juergen Perlinger. +* Converted from gtest to Unity: tests/bug-2803/. Damir Tomić +* Converted from gtest to Unity: tests/libntp/ a_md5encrypt, atoint.c, + atouint.c, authkeys.c, buftvtots.c, calendar.c, caljulian.c, + calyearstart.c, clocktime.c, hextoint.c, lfpfunc.c, modetoa.c, + numtoa.c, numtohost.c, refnumtoa.c, ssl_init.c, statestr.c, + timespecops.c, timevalops.c, uglydate.c, vi64ops.c, ymd2yd.c. + Damir Tomić +* Converted from gtest to Unity: sntp/tests/ kodDatabase.c, kodFile.c, + networking.c, keyFile.c, utilities.cpp, sntptest.h, + fileHandlingTest.h. Damir Tomić +* Initial support for experimental leap smear code. Harlan Stenn. +* Fixes to sntp/tests/fileHandlingTest.h.in. Harlan Stenn. +* Report select() debug messages at debug level 3 now. +* sntp/scripts/genLocInfo: treat raspbian as debian. +* Unity test framework fixes. + ** Requires ruby for changes to tests. +* Initial support for PACKAGE_VERSION tests. +* sntp/libpkgver belongs in EXTRA_DIST, not DIST_SUBDIRS. +* tests/bug-2803/Makefile.am must distribute bug-2803.h. +* Add an assert to the ntpq ifstats code. +* Clean up the RLIMIT_STACK code. +* Improve the ntpq documentation around the controlkey keyid. +* ntpq.c cleanup. +* Windows port build cleanup. + +--- +NTP 4.2.8p2 (Harlan Stenn <stenn@ntp.org>, 2015/04/07) + +Focus: Security and Bug fixes, enhancements. + +Severity: MEDIUM + +In addition to bug fixes and enhancements, this release fixes the +following medium-severity vulnerabilities involving private key +authentication: + +* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. + + References: Sec 2779 / CVE-2015-1798 / VU#374268 + Affects: All NTP4 releases starting with ntp-4.2.5p99 up to but not + including ntp-4.2.8p2 where the installation uses symmetric keys + to authenticate remote associations. + CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4 + Date Resolved: Stable (4.2.8p2) 07 Apr 2015 + Summary: When ntpd is configured to use a symmetric key to authenticate + a remote NTP server/peer, it checks if the NTP message + authentication code (MAC) in received packets is valid, but not if + there actually is any MAC included. Packets without a MAC are + accepted as if they had a valid MAC. This allows a MITM attacker to + send false packets that are accepted by the client/peer without + having to know the symmetric key. The attacker needs to know the + transmit timestamp of the client to match it in the forged reply + and the false reply needs to reach the client before the genuine + reply from the server. The attacker doesn't necessarily need to be + relaying the packets between the client and the server. + + Authentication using autokey doesn't have this problem as there is + a check that requires the key ID to be larger than NTP_MAXKEY, + which fails for packets without a MAC. + Mitigation: + Upgrade to 4.2.8p2, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Configure ntpd with enough time sources and monitor it properly. + Credit: This issue was discovered by Miroslav Lichvar, of Red Hat. + +* [Sec 2781] Authentication doesn't protect symmetric associations against + DoS attacks. + + References: Sec 2781 / CVE-2015-1799 / VU#374268 + Affects: All NTP releases starting with at least xntp3.3wy up to but + not including ntp-4.2.8p2 where the installation uses symmetric + key authentication. + CVSS: (AV:A/AC:M/Au:N/C:P/I:P/A:P) Base Score: 5.4 + Note: the CVSS base Score for this issue could be 4.3 or lower, and + it could be higher than 5.4. + Date Resolved: Stable (4.2.8p2) 07 Apr 2015 + Summary: An attacker knowing that NTP hosts A and B are peering with + each other (symmetric association) can send a packet to host A + with source address of B which will set the NTP state variables + on A to the values sent by the attacker. Host A will then send + on its next poll to B a packet with originate timestamp that + doesn't match the transmit timestamp of B and the packet will + be dropped. If the attacker does this periodically for both + hosts, they won't be able to synchronize to each other. This is + a known denial-of-service attack, described at + https://www.eecis.udel.edu/~mills/onwire.html . + + According to the document the NTP authentication is supposed to + protect symmetric associations against this attack, but that + doesn't seem to be the case. The state variables are updated even + when authentication fails and the peers are sending packets with + originate timestamps that don't match the transmit timestamps on + the receiving side. + + This seems to be a very old problem, dating back to at least + xntp3.3wy. It's also in the NTPv3 (RFC 1305) and NTPv4 (RFC 5905) + specifications, so other NTP implementations with support for + symmetric associations and authentication may be vulnerable too. + An update to the NTP RFC to correct this error is in-process. + Mitigation: + Upgrade to 4.2.8p2, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Note that for users of autokey, this specific style of MITM attack + is simply a long-known potential problem. + Configure ntpd with appropriate time sources and monitor ntpd. + Alert your staff if problems are detected. + Credit: This issue was discovered by Miroslav Lichvar, of Red Hat. + +* New script: update-leap +The update-leap script will verify and if necessary, update the +leap-second definition file. +It requires the following commands in order to work: + + wget logger tr sed shasum + +Some may choose to run this from cron. It needs more portability testing. + +Bug Fixes and Improvements: + +* [Bug 1787] DCF77's formerly "antenna" bit is "call bit" since 2003. +* [Bug 1960] setsockopt IPV6_MULTICAST_IF: Invalid argument. +* [Bug 2346] "graceful termination" signals do not do peer cleanup. +* [Bug 2728] See if C99-style structure initialization works. +* [Bug 2747] Upgrade libevent to 2.1.5-beta. +* [Bug 2749] ntp/lib/NTP/Util.pm needs update for ntpq -w, IPv6, .POOL. . +* [Bug 2751] jitter.h has stale copies of l_fp macros. +* [Bug 2756] ntpd hangs in startup with gcc 3.3.5 on ARM. +* [Bug 2757] Quiet compiler warnings. +* [Bug 2759] Expose nonvolatile/clk_wander_threshold to ntpq. +* [Bug 2763] Allow different thresholds for forward and backward steps. +* [Bug 2766] ntp-keygen output files should not be world-readable. +* [Bug 2767] ntp-keygen -M should symlink to ntp.keys. +* [Bug 2771] nonvolatile value is documented in wrong units. +* [Bug 2773] Early leap announcement from Palisade/Thunderbolt +* [Bug 2774] Unreasonably verbose printout - leap pending/warning +* [Bug 2775] ntp-keygen.c fails to compile under Windows. +* [Bug 2777] Fixed loops and decoding of Meinberg GPS satellite info. + Removed non-ASCII characters from some copyright comments. + Removed trailing whitespace. + Updated definitions for Meinberg clocks from current Meinberg header files. + Now use C99 fixed-width types and avoid non-ASCII characters in comments. + Account for updated definitions pulled from Meinberg header files. + Updated comments on Meinberg GPS receivers which are not only called GPS16x. + Replaced some constant numbers by defines from ntp_calendar.h + Modified creation of parse-specific variables for Meinberg devices + in gps16x_message(). + Reworked mk_utcinfo() to avoid printing of ambiguous leap second dates. + Modified mbg_tm_str() which now expexts an additional parameter controlling + if the time status shall be printed. +* [Sec 2779] ntpd accepts unauthenticated packets with symmetric key crypto. +* [Sec 2781] Authentication doesn't protect symmetric associations against + DoS attacks. +* [Bug 2783] Quiet autoconf warnings about missing AC_LANG_SOURCE. +* [Bug 2789] Quiet compiler warnings from libevent. +* [Bug 2790] If ntpd sets the Windows MM timer highest resolution + pause briefly before measuring system clock precision to yield + correct results. +* Comment from Juergen Perlinger in ntp_calendar.c to make the code clearer. +* Use predefined function types for parse driver functions + used to set up function pointers. + Account for changed prototype of parse_inp_fnc_t functions. + Cast parse conversion results to appropriate types to avoid + compiler warnings. + Let ioctl() for Windows accept a (void *) to avoid compiler warnings + when called with pointers to different types. + +--- +NTP 4.2.8p1 (Harlan Stenn <stenn@ntp.org>, 2015/02/04) + +Focus: Security and Bug fixes, enhancements. + +Severity: HIGH + +In addition to bug fixes and enhancements, this release fixes the +following high-severity vulnerabilities: + +* vallen is not validated in several places in ntp_crypto.c, leading + to a potential information leak or possibly a crash + + References: Sec 2671 / CVE-2014-9297 / VU#852879 + Affects: All NTP4 releases before 4.2.8p1 that are running autokey. + CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 + Date Resolved: Stable (4.2.8p1) 04 Feb 2015 + Summary: The vallen packet value is not validated in several code + paths in ntp_crypto.c which can lead to information leakage + or perhaps a crash of the ntpd process. + Mitigation - any of: + Upgrade to 4.2.8p1, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page. + Disable Autokey Authentication by removing, or commenting out, + all configuration directives beginning with the "crypto" + keyword in your ntp.conf file. + Credit: This vulnerability was discovered by Stephen Roettger of the + Google Security Team, with additional cases found by Sebastian + Krahmer of the SUSE Security Team and Harlan Stenn of Network + Time Foundation. + +* ::1 can be spoofed on some OSes, so ACLs based on IPv6 ::1 addresses + can be bypassed. + + References: Sec 2672 / CVE-2014-9298 / VU#852879 + Affects: All NTP4 releases before 4.2.8p1, under at least some + versions of MacOS and Linux. *BSD has not been seen to be vulnerable. + CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:C) Base Score: 9 + Date Resolved: Stable (4.2.8p1) 04 Feb 2014 + Summary: While available kernels will prevent 127.0.0.1 addresses + from "appearing" on non-localhost IPv4 interfaces, some kernels + do not offer the same protection for ::1 source addresses on + IPv6 interfaces. Since NTP's access control is based on source + address and localhost addresses generally have no restrictions, + an attacker can send malicious control and configuration packets + by spoofing ::1 addresses from the outside. Note Well: This is + not really a bug in NTP, it's a problem with some OSes. If you + have one of these OSes where ::1 can be spoofed, ALL ::1 -based + ACL restrictions on any application can be bypassed! + Mitigation: + Upgrade to 4.2.8p1, or later, from the NTP Project Download Page + or the NTP Public Services Project Download Page + Install firewall rules to block packets claiming to come from + ::1 from inappropriate network interfaces. + Credit: This vulnerability was discovered by Stephen Roettger of + the Google Security Team. + +Additionally, over 30 bugfixes and improvements were made to the codebase. +See the ChangeLog for more information. + +--- +NTP 4.2.8 (Harlan Stenn <stenn@ntp.org>, 2014/12/18) + +Focus: Security and Bug fixes, enhancements. + +Severity: HIGH + +In addition to bug fixes and enhancements, this release fixes the +following high-severity vulnerabilities: + +************************** vv NOTE WELL vv ***************************** + +The vulnerabilities listed below can be significantly mitigated by +following the BCP of putting + + restrict default ... noquery + +in the ntp.conf file. With the exception of: + + receive(): missing return on error + References: Sec 2670 / CVE-2014-9296 / VU#852879 + +below (which is a limited-risk vulnerability), none of the recent +vulnerabilities listed below can be exploited if the source IP is +restricted from sending a 'query'-class packet by your ntp.conf file. + +************************** ^^ NOTE WELL ^^ ***************************** + +* Weak default key in config_auth(). + + References: [Sec 2665] / CVE-2014-9293 / VU#852879 + CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3 + Vulnerable Versions: all releases prior to 4.2.7p11 + Date Resolved: 28 Jan 2010 + + Summary: If no 'auth' key is set in the configuration file, ntpd + would generate a random key on the fly. There were two + problems with this: 1) the generated key was 31 bits in size, + and 2) it used the (now weak) ntp_random() function, which was + seeded with a 32-bit value and could only provide 32 bits of + entropy. This was sufficient back in the late 1990s when the + code was written. Not today. + + Mitigation - any of: + - Upgrade to 4.2.7p11 or later. + - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. + + Credit: This vulnerability was noticed in ntp-4.2.6 by Neel Mehta + of the Google Security Team. + +* Non-cryptographic random number generator with weak seed used by + ntp-keygen to generate symmetric keys. + + References: [Sec 2666] / CVE-2014-9294 / VU#852879 + CVSS: (AV:N/AC:L/Au:M/C:P/I:P/A:C) Base Score: 7.3 + Vulnerable Versions: All NTP4 releases before 4.2.7p230 + Date Resolved: Dev (4.2.7p230) 01 Nov 2011 + + Summary: Prior to ntp-4.2.7p230 ntp-keygen used a weak seed to + prepare a random number generator that was of good quality back + in the late 1990s. The random numbers produced was then used to + generate symmetric keys. In ntp-4.2.8 we use a current-technology + cryptographic random number generator, either RAND_bytes from + OpenSSL, or arc4random(). + + Mitigation - any of: + - Upgrade to 4.2.7p230 or later. + - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. + + Credit: This vulnerability was discovered in ntp-4.2.6 by + Stephen Roettger of the Google Security Team. + +* Buffer overflow in crypto_recv() + + References: Sec 2667 / CVE-2014-9295 / VU#852879 + CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 + Versions: All releases before 4.2.8 + Date Resolved: Stable (4.2.8) 18 Dec 2014 + + Summary: When Autokey Authentication is enabled (i.e. the ntp.conf + file contains a 'crypto pw ...' directive) a remote attacker + can send a carefully crafted packet that can overflow a stack + buffer and potentially allow malicious code to be executed + with the privilege level of the ntpd process. + + Mitigation - any of: + - Upgrade to 4.2.8, or later, or + - Disable Autokey Authentication by removing, or commenting out, + all configuration directives beginning with the crypto keyword + in your ntp.conf file. + + Credit: This vulnerability was discovered by Stephen Roettger of the + Google Security Team. + +* Buffer overflow in ctl_putdata() + + References: Sec 2668 / CVE-2014-9295 / VU#852879 + CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 + Versions: All NTP4 releases before 4.2.8 + Date Resolved: Stable (4.2.8) 18 Dec 2014 + + Summary: A remote attacker can send a carefully crafted packet that + can overflow a stack buffer and potentially allow malicious + code to be executed with the privilege level of the ntpd process. + + Mitigation - any of: + - Upgrade to 4.2.8, or later. + - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. + + Credit: This vulnerability was discovered by Stephen Roettger of the + Google Security Team. + +* Buffer overflow in configure() + + References: Sec 2669 / CVE-2014-9295 / VU#852879 + CVSS: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Base Score: 7.5 + Versions: All NTP4 releases before 4.2.8 + Date Resolved: Stable (4.2.8) 18 Dec 2014 + + Summary: A remote attacker can send a carefully crafted packet that + can overflow a stack buffer and potentially allow malicious + code to be executed with the privilege level of the ntpd process. + + Mitigation - any of: + - Upgrade to 4.2.8, or later. + - Follow BCP and put 'restrict ... noquery' in your ntp.conf file. + + Credit: This vulnerability was discovered by Stephen Roettger of the + Google Security Team. + +* receive(): missing return on error + + References: Sec 2670 / CVE-2014-9296 / VU#852879 + CVSS: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Base Score: 5.0 + Versions: All NTP4 releases before 4.2.8 + Date Resolved: Stable (4.2.8) 18 Dec 2014 + + Summary: Code in ntp_proto.c:receive() was missing a 'return;' in + the code path where an error was detected, which meant + processing did not stop when a specific rare error occurred. + We haven't found a way for this bug to affect system integrity. + If there is no way to affect system integrity the base CVSS + score for this bug is 0. If there is one avenue through which + system integrity can be partially affected, the base score + becomes a 5. If system integrity can be partially affected + via all three integrity metrics, the CVSS base score become 7.5. + + Mitigation - any of: + - Upgrade to 4.2.8, or later, + - Remove or comment out all configuration directives + beginning with the crypto keyword in your ntp.conf file. + + Credit: This vulnerability was discovered by Stephen Roettger of the + Google Security Team. + +See http://support.ntp.org/security for more information. + +New features / changes in this release: + +Important Changes + +* Internal NTP Era counters + +The internal counters that track the "era" (range of years) we are in +rolls over every 136 years'. The current "era" started at the stroke of +midnight on 1 Jan 1900, and ends just before the stroke of midnight on +1 Jan 2036. +In the past, we have used the "midpoint" of the range to decide which +era we were in. Given the longevity of some products, it became clear +that it would be more functional to "look back" less, and "look forward" +more. We now compile a timestamp into the ntpd executable and when we +get a timestamp we us the "built-on" to tell us what era we are in. +This check "looks back" 10 years, and "looks forward" 126 years. + +* ntpdc responses disabled by default + +Dave Hart writes: + +For a long time, ntpq and its mostly text-based mode 6 (control) +protocol have been preferred over ntpdc and its mode 7 (private +request) protocol for runtime queries and configuration. There has +been a goal of deprecating ntpdc, previously held back by numerous +capabilities exposed by ntpdc with no ntpq equivalent. I have been +adding commands to ntpq to cover these cases, and I believe I've +covered them all, though I've not compared command-by-command +recently. + +As I've said previously, the binary mode 7 protocol involves a lot of +hand-rolled structure layout and byte-swapping code in both ntpd and +ntpdc which is hard to get right. As ntpd grows and changes, the +changes are difficult to expose via ntpdc while maintaining forward +and backward compatibility between ntpdc and ntpd. In contrast, +ntpq's text-based, label=value approach involves more code reuse and +allows compatible changes without extra work in most cases. + +Mode 7 has always been defined as vendor/implementation-specific while +mode 6 is described in RFC 1305 and intended to be open to interoperate +with other implementations. There is an early draft of an updated +mode 6 description that likely will join the other NTPv4 RFCs +eventually. (http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01) + +For these reasons, ntpd 4.2.7p230 by default disables processing of +ntpdc queries, reducing ntpd's attack surface and functionally +deprecating ntpdc. If you are in the habit of using ntpdc for certain +operations, please try the ntpq equivalent. If there's no equivalent, +please open a bug report at http://bugs.ntp.org./ + +In addition to the above, over 1100 issues have been resolved between +the 4.2.6 branch and 4.2.8. The ChangeLog file in the distribution +lists these. + +--- +NTP 4.2.6p5 (Harlan Stenn <stenn@ntp.org>, 2011/12/24) + +Focus: Bug fixes + +Severity: Medium + +This is a recommended upgrade. + +This release updates sys_rootdisp and sys_jitter calculations to match the +RFC specification, fixes a potential IPv6 address matching error for the +"nic" and "interface" configuration directives, suppresses the creation of +extraneous ephemeral associations for certain broadcastclient and +multicastclient configurations, cleans up some ntpq display issues, and +includes improvements to orphan mode, minor bugs fixes and code clean-ups. + +New features / changes in this release: + +ntpd + + * Updated "nic" and "interface" IPv6 address handling to prevent + mismatches with localhost [::1] and wildcard [::] which resulted from + using the address/prefix format (e.g. fe80::/64) + * Fix orphan mode stratum incorrectly counting to infinity + * Orphan parent selection metric updated to includes missing ntohl() + * Non-printable stratum 16 refid no longer sent to ntp + * Duplicate ephemeral associations suppressed for broadcastclient and + multicastclient without broadcastdelay + * Exclude undetermined sys_refid from use in loopback TEST12 + * Exclude MODE_SERVER responses from KoD rate limiting + * Include root delay in clock_update() sys_rootdisp calculations + * get_systime() updated to exclude sys_residual offset (which only + affected bits "below" sys_tick, the precision threshold) + * sys.peer jitter weighting corrected in sys_jitter calculation + +ntpq + + * -n option extended to include the billboard "server" column + * IPv6 addresses in the local column truncated to prevent overruns + +--- +NTP 4.2.6p4 (Harlan Stenn <stenn@ntp.org>, 2011/09/22) + +Focus: Bug fixes and portability improvements + +Severity: Medium + +This is a recommended upgrade. + +This release includes build infrastructure updates, code +clean-ups, minor bug fixes, fixes for a number of minor +ref-clock issues, and documentation revisions. + +Portability improvements affect AIX, HP-UX, Linux, OS X and 64-bit time_t. + +New features / changes in this release: + +Build system + +* Fix checking for struct rtattr +* Update config.guess and config.sub for AIX +* Upgrade required version of autogen and libopts for building + from our source code repository + +ntpd + +* Back-ported several fixes for Coverity warnings from ntp-dev +* Fix a rare boundary condition in UNLINK_EXPR_SLIST() +* Allow "logconfig =allall" configuration directive +* Bind tentative IPv6 addresses on Linux +* Correct WWVB/Spectracom driver to timestamp CR instead of LF +* Improved tally bit handling to prevent incorrect ntpq peer status reports +* Exclude the Undisciplined Local Clock and ACTS drivers from the initial + candidate list unless they are designated a "prefer peer" +* Prevent the consideration of Undisciplined Local Clock or ACTS drivers for + selection during the 'tos orphanwait' period +* Prefer an Orphan Mode Parent over the Undisciplined Local Clock or ACTS + drivers +* Improved support of the Parse Refclock trusttime flag in Meinberg mode +* Back-port utility routines from ntp-dev: mprintf(), emalloc_zero() +* Added the NTPD_TICKADJ_PPM environment variable for specifying baseline + clock slew on Microsoft Windows +* Code cleanup in libntpq + +ntpdc + +* Fix timerstats reporting + +ntpdate + +* Reduce time required to set clock +* Allow a timeout greater than 2 seconds + +sntp + +* Backward incompatible command-line option change: + -l/--filelog changed -l/--logfile (to be consistent with ntpd) + +Documentation + +* Update html2man. Fix some tags in the .html files +* Distribute ntp-wait.html + +--- +NTP 4.2.6p3 (Harlan Stenn <stenn@ntp.org>, 2011/01/03) + +Focus: Bug fixes and portability improvements + +Severity: Medium + +This is a recommended upgrade. + +This release includes build infrastructure updates, code +clean-ups, minor bug fixes, fixes for a number of minor +ref-clock issues, and documentation revisions. + +Portability improvements in this release affect AIX, Atari FreeMiNT, +FreeBSD4, Linux and Microsoft Windows. + +New features / changes in this release: + +Build system +* Use lsb_release to get information about Linux distributions. +* 'test' is in /usr/bin (instead of /bin) on some systems. +* Basic sanity checks for the ChangeLog file. +* Source certain build files with ./filename for systems without . in PATH. +* IRIX portability fix. +* Use a single copy of the "libopts" code. +* autogen/libopts upgrade. +* configure.ac m4 quoting cleanup. + +ntpd +* Do not bind to IN6_IFF_ANYCAST addresses. +* Log the reason for exiting under Windows. +* Multicast fixes for Windows. +* Interpolation fixes for Windows. +* IPv4 and IPv6 Multicast fixes. +* Manycast solicitation fixes and general repairs. +* JJY refclock cleanup. +* NMEA refclock improvements. +* Oncore debug message cleanup. +* Palisade refclock now builds under Linux. +* Give RAWDCF more baud rates. +* Support Truetime Satellite clocks under Windows. +* Support Arbiter 1093C Satellite clocks under Windows. +* Make sure that the "filegen" configuration command defaults to "enable". +* Range-check the status codes (plus other cleanup) in the RIPE-NCC driver. +* Prohibit 'includefile' directive in remote configuration command. +* Fix 'nic' interface bindings. +* Fix the way we link with openssl if openssl is installed in the base + system. + +ntp-keygen +* Fix -V coredump. +* OpenSSL version display cleanup. + +ntpdc +* Many counters should be treated as unsigned. + +ntpdate +* Do not ignore replies with equal receive and transmit timestamps. + +ntpq +* libntpq warning cleanup. + +ntpsnmpd +* Correct SNMP type for "precision" and "resolution". +* Update the MIB from the draft version to RFC-5907. + +sntp +* Display timezone offset when showing time for sntp in the local + timezone. +* Pay proper attention to RATE KoD packets. +* Fix a miscalculation of the offset. +* Properly parse empty lines in the key file. +* Logging cleanup. +* Use tv_usec correctly in set_time(). +* Documentation cleanup. + +--- +NTP 4.2.6p2 (Harlan Stenn <stenn@ntp.org>, 2010/07/08) + +Focus: Bug fixes and portability improvements + +Severity: Medium + +This is a recommended upgrade. + +This release includes build infrastructure updates, code +clean-ups, minor bug fixes, fixes for a number of minor +ref-clock issues, improved KOD handling, OpenSSL related +updates and documentation revisions. + +Portability improvements in this release affect Irix, Linux, +Mac OS, Microsoft Windows, OpenBSD and QNX6 + +New features / changes in this release: + +ntpd +* Range syntax for the trustedkey configuration directive +* Unified IPv4 and IPv6 restrict lists + +ntpdate +* Rate limiting and KOD handling + +ntpsnmpd +* default connection to net-snmpd via a unix-domain socket +* command-line 'socket name' option + +ntpq / ntpdc +* support for the "passwd ..." syntax +* key-type specific password prompts + +sntp +* MD5 authentication of an ntpd +* Broadcast and crypto +* OpenSSL support + +--- +NTP 4.2.6p1 (Harlan Stenn <stenn@ntp.org>, 2010/04/09) + +Focus: Bug fixes, portability fixes, and documentation improvements + +Severity: Medium + +This is a recommended upgrade. + +--- +NTP 4.2.6 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) + +Focus: enhancements and bug fixes. + +--- +NTP 4.2.4p8 (Harlan Stenn <stenn@ntp.org>, 2009/12/08) + +Focus: Security Fixes + +Severity: HIGH + +This release fixes the following high-severity vulnerability: + +* [Sec 1331] DoS with mode 7 packets - CVE-2009-3563. + + See http://support.ntp.org/security for more information. + + NTP mode 7 (MODE_PRIVATE) is used by the ntpdc query and control utility. + In contrast, ntpq uses NTP mode 6 (MODE_CONTROL), while routine NTP time + transfers use modes 1 through 5. Upon receipt of an incorrect mode 7 + request or a mode 7 error response from an address which is not listed + in a "restrict ... noquery" or "restrict ... ignore" statement, ntpd will + reply with a mode 7 error response (and log a message). In this case: + + * If an attacker spoofs the source address of ntpd host A in a + mode 7 response packet sent to ntpd host B, both A and B will + continuously send each other error responses, for as long as + those packets get through. + + * If an attacker spoofs an address of ntpd host A in a mode 7 + response packet sent to ntpd host A, A will respond to itself + endlessly, consuming CPU and logging excessively. + + Credit for finding this vulnerability goes to Robin Park and Dmitri + Vinokurov of Alcatel-Lucent. + +THIS IS A STRONGLY RECOMMENDED UPGRADE. + +--- +ntpd now syncs to refclocks right away. + +Backward-Incompatible changes: + +ntpd no longer accepts '-v name' or '-V name' to define internal variables. +Use '--var name' or '--dvar name' instead. (Bug 817) + +--- +NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04) + +Focus: Security and Bug Fixes + +Severity: HIGH + +This release fixes the following high-severity vulnerability: + +* [Sec 1151] Remote exploit if autokey is enabled. CVE-2009-1252 + + See http://support.ntp.org/security for more information. + + If autokey is enabled (if ntp.conf contains a "crypto pw whatever" + line) then a carefully crafted packet sent to the machine will cause + a buffer overflow and possible execution of injected code, running + with the privileges of the ntpd process (often root). + + Credit for finding this vulnerability goes to Chris Ries of CMU. + +This release fixes the following low-severity vulnerabilities: + +* [Sec 1144] limited (two byte) buffer overflow in ntpq. CVE-2009-0159 + Credit for finding this vulnerability goes to Geoff Keating of Apple. + +* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows + Credit for finding this issue goes to Dave Hart. + +This release fixes a number of bugs and adds some improvements: + +* Improved logging +* Fix many compiler warnings +* Many fixes and improvements for Windows +* Adds support for AIX 6.1 +* Resolves some issues under MacOS X and Solaris + +THIS IS A STRONGLY RECOMMENDED UPGRADE. + +--- +NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07) + +Focus: Security Fix + +Severity: Low + +This release fixes oCERT.org's CVE-2009-0021, a vulnerability affecting +the OpenSSL library relating to the incorrect checking of the return +value of EVP_VerifyFinal function. + +Credit for finding this issue goes to the Google Security Team for +finding the original issue with OpenSSL, and to ocert.org for finding +the problem in NTP and telling us about it. + +This is a recommended upgrade. +--- +NTP 4.2.4p5 (Harlan Stenn <stenn@ntp.org>, 2008/08/17) + +Focus: Minor Bugfixes + +This release fixes a number of Windows-specific ntpd bugs and +platform-independent ntpdate bugs. A logging bugfix has been applied +to the ONCORE driver. + +The "dynamic" keyword and is now obsolete and deferred binding to local +interfaces is the new default. The minimum time restriction for the +interface update interval has been dropped. + +A number of minor build system and documentation fixes are included. + +This is a recommended upgrade for Windows. + +--- +NTP 4.2.4p4 (Harlan Stenn <stenn@ntp.org>, 2007/09/10) + +Focus: Minor Bugfixes + +This release updates certain copyright information, fixes several display +bugs in ntpdc, avoids SIGIO interrupting malloc(), cleans up file descriptor +shutdown in the parse refclock driver, removes some lint from the code, +stops accessing certain buffers immediately after they were freed, fixes +a problem with non-command-line specification of -6, and allows the loopback +interface to share addresses with other interfaces. + +--- +NTP 4.2.4p3 (Harlan Stenn <stenn@ntp.org>, 2007/06/29) + +Focus: Minor Bugfixes + +This release fixes a bug in Windows that made it difficult to +terminate ntpd under windows. +This is a recommended upgrade for Windows. + +--- +NTP 4.2.4p2 (Harlan Stenn <stenn@ntp.org>, 2007/06/19) + +Focus: Minor Bugfixes + +This release fixes a multicast mode authentication problem, +an error in NTP packet handling on Windows that could lead to +ntpd crashing, and several other minor bugs. Handling of +multicast interfaces and logging configuration were improved. +The required versions of autogen and libopts were incremented. +This is a recommended upgrade for Windows and multicast users. + +--- +NTP 4.2.4 (Harlan Stenn <stenn@ntp.org>, 2006/12/31) + +Focus: enhancements and bug fixes. + +Dynamic interface rescanning was added to simplify the use of ntpd in +conjunction with DHCP. GNU AutoGen is used for its command-line options +processing. Separate PPS devices are supported for PARSE refclocks, MD5 +signatures are now provided for the release files. Drivers have been +added for some new ref-clocks and have been removed for some older +ref-clocks. This release also includes other improvements, documentation +and bug fixes. + +K&R C is no longer supported as of NTP-4.2.4. We are now aiming for ANSI +C support. + +--- +NTP 4.2.0 (Harlan Stenn <stenn@ntp.org>, 2003/10/15) + +Focus: enhancements and bug fixes. +--- NTP 4.2.8p17 (Harlan Stenn <stenn@ntp.org>, 2023 Jun 06) Focus: Bug fixes diff --git a/adjtimed/Makefile.in b/adjtimed/Makefile.in index 7e7469c4f1b6..b97ef133137b 100644 --- a/adjtimed/Makefile.in +++ b/adjtimed/Makefile.in @@ -96,6 +96,7 @@ bin_PROGRAMS = libexec_PROGRAMS = sbin_PROGRAMS = EXTRA_PROGRAMS = adjtimed$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = adjtimed ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -389,6 +390,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -487,8 +489,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -BUILT_SOURCES = check-libntp .deps-ver -CLEANFILES = check-libntp .deps-ver +BUILT_SOURCES = $(am__append_1) .deps-ver +CLEANFILES = .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver AM_CFLAGS = $(CFLAGS_NTP) $(NTP_HARD_CFLAGS) AM_CPPFLAGS = $(NTP_INCS) $(CPPFLAGS_NTP) $(NTP_HARD_CPPFLAGS) @@ -967,11 +969,10 @@ install-exec-hook: # -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/check-libntp.mf b/check-libntp.mf index 07c855b4be78..86fcca45b0e3 100644 --- a/check-libntp.mf +++ b/check-libntp.mf @@ -3,12 +3,12 @@ ## sntp/check-libntp.mf ## The above file has a version of this for the sntp tree. -BUILT_SOURCES += check-libntp -CLEANFILES += check-libntp +.PHONY: check-libntp -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +if LIBNTP_SUBMAKES +BUILT_SOURCES += check-libntp -$(top_builddir)/libntp/libntp.a: +check-libntp: cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +endif diff --git a/check-libntpd.mf b/check-libntpd.mf index 46304dd5f236..45133ad52c1c 100644 --- a/check-libntpd.mf +++ b/check-libntpd.mf @@ -4,16 +4,7 @@ BUILT_SOURCES += check-libntpd -# CLEANFILES addition below won't be needed after a while. -# Leave it in for now for folks tracking the source repo -# who have the file from a former version of the rule. -# DLH Jan 2023 - -CLEANFILES += check-libntpd - -check-libntpd: $(top_builddir)/ntpd/libntpd.a - @: avoid default SCCS get by some make implementations - -$(top_builddir)/ntpd/libntpd.a: +.PHONY: check-libntpd +check-libntpd: cd $(top_builddir)/ntpd && $(MAKE) $(AM_MAKEFLAGS) libntpd.a diff --git a/check-libunity.mf b/check-libunity.mf index 4e052058c0c3..830c72c1a421 100644 --- a/check-libunity.mf +++ b/check-libunity.mf @@ -4,10 +4,10 @@ ## The above file has a version of this for the sntp tree. BUILT_SOURCES += check-libunity +CLEANFILES += check-libunity check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a - diff --git a/check-scm-rev.mf b/check-scm-rev.mf index e2abbf0e452c..7c0d1be2892f 100644 --- a/check-scm-rev.mf +++ b/check-scm-rev.mf @@ -1,8 +1,6 @@ $(top_srcdir)/sntp/scm-rev: FRC.scm-rev $(AM_V_GEN)cd $(top_builddir)/sntp && $(MAKE) $(AM_MAKEFLAGS) check-scm-rev +.PHONY: FRC.scm-rev FRC.scm-rev: - @: FRC.scm-rev "force" depends on nothing and is not a file, so is \ - always out-of-date causing targets which depend on it to also \ - be outdated so their rules to fire each time they are built. - + @: FRC.scm-rev is always out of date, triggering the check every make invocation. diff --git a/clockstuff/Makefile.in b/clockstuff/Makefile.in index f33483eb59c8..b24cb48d113b 100644 --- a/clockstuff/Makefile.in +++ b/clockstuff/Makefile.in @@ -89,6 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = propdelay$(EXEEXT) chutest$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = clockstuff ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -384,6 +385,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -488,8 +490,8 @@ AM_CPPFLAGS = $(NTP_INCS) $(CPPFLAGS_NTP) $(NTP_HARD_CPPFLAGS) LDADD = ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) AM_LDFLAGS = $(NTP_HARD_LDFLAGS) propdelay_LDADD = $(LDADD) -BUILT_SOURCES = check-libntp .deps-ver -CLEANFILES = check-libntp .deps-ver +BUILT_SOURCES = $(am__append_1) .deps-ver +CLEANFILES = .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver NTP_INCS = -I$(top_srcdir)/include \ -I$(top_srcdir)/libntp/lib/isc/include \ @@ -809,11 +811,10 @@ uninstall-am: .PRECIOUS: Makefile -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/config.h.in b/config.h.in index c00eba442298..bfaabf02e183 100644 --- a/config.h.in +++ b/config.h.in @@ -496,9 +496,6 @@ /* Define to 1 if the system has the type `int32'. */ #undef HAVE_INT32 -/* int32 type in DNS headers, not others. */ -#undef HAVE_INT32_ONLY_WITH_DNS - /* Define to 1 if the system has the type `int32_t'. */ #undef HAVE_INT32_T @@ -691,9 +688,6 @@ /* Define to 1 if you have the <openssl/cmac.h> header file. */ #undef HAVE_OPENSSL_CMAC_H -/* Define to 1 if you have the <openssl/hmac.h> header file. */ -#undef HAVE_OPENSSL_HMAC_H - /* Define to 1 if the system has the type `pid_t'. */ #undef HAVE_PID_T @@ -970,7 +964,7 @@ /* Define to 1 if you have the <sysexits.h> header file. */ #undef HAVE_SYSEXITS_H -/* */ +/* syslog.h provides facilitynames */ #undef HAVE_SYSLOG_FACILITYNAMES /* Define to 1 if you have the <sys/audioio.h> header file. */ @@ -1035,6 +1029,9 @@ /* Define to 1 if you have the <sys/prctl.h> header file. */ #undef HAVE_SYS_PRCTL_H +/* Define to 1 if you have the <sys/procctl.h> header file. */ +#undef HAVE_SYS_PROCCTL_H + /* Define to 1 if you have the <sys/procset.h> header file. */ #undef HAVE_SYS_PROCSET_H @@ -1221,9 +1218,6 @@ /* Define to 1 if the system has the type `u_int32'. */ #undef HAVE_U_INT32 -/* u_int32 type in DNS headers, not others. */ -#undef HAVE_U_INT32_ONLY_WITH_DNS - /* Define to 1 if you have the <values.h> header file. */ #undef HAVE_VALUES_H @@ -1477,6 +1471,9 @@ /* Use OpenSSL? */ #undef OPENSSL +/* Suppress OpenSSL 3 deprecation warnings */ +#undef OPENSSL_SUPPRESS_DEPRECATED + /* Should we open the broadcast socket? */ #undef OPEN_BCAST_SOCKET @@ -1619,10 +1616,6 @@ /* Is K_TICK_NAME in nanoseconds? */ #undef TICK_NANO -/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. This - macro is obsolete. */ -#undef TIME_WITH_SYS_TIME - /* Define to 1 if your <sys/time.h> declares `struct tm'. */ #undef TM_IN_SYS_TIME @@ -1820,15 +1813,8 @@ typedef unsigned int uintptr_t; /* Define to `unsigned int' if <sys/types.h> does not define. */ #undef size_t - - #if !defined(_KERNEL) && !defined(PARSESTREAM) - /* - * stdio.h must be included after _GNU_SOURCE is defined - * but before #define snprintf rpl_snprintf - */ - # include <stdio.h> - #endif - + #include "c99_snprintf.h" + /* Define to rpl_snprintf if the replacement function should be used. */ #undef snprintf @@ -1887,3 +1873,15 @@ typedef union mpinfou { # endif #endif /* !defined(_KERNEL) && !defined(PARSESTREAM) */ + + + /* + * Macro to use in otherwise-empty source files to comply with ANSI C + * requirement that each translation unit (source file) contain some + * declaration. This has commonly been done by declaring an unused + * global variable of type int or char. An extern reference to abs() + * serves the same purpose without bloat. We once used exit() but + * that can produce warnings on systems that declare exit() noreturn. + */ + #define NONEMPTY_TRANSLATION_UNIT extern int abs(int); + diff --git a/configure b/configure index 5d09904bea03..5172c2d5521f 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for ntp 4.2.8p17. +# Generated by GNU Autoconf 2.71 for ntp 4.2.8p18. # # Report bugs to <https://bugs.ntp.org/>. # @@ -183,7 +183,6 @@ test -x / || exit 1" as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 -test \$(( 1 + 1 )) = 2 || exit 1 test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' @@ -191,7 +190,8 @@ test \$(( 1 + 1 )) = 2 || exit 1 ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ - || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null then : as_have_required=yes @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ntp' PACKAGE_TARNAME='ntp' -PACKAGE_VERSION='4.2.8p17' -PACKAGE_STRING='ntp 4.2.8p17' +PACKAGE_VERSION='4.2.8p18' +PACKAGE_STRING='ntp 4.2.8p18' PACKAGE_BUGREPORT='https://bugs.ntp.org/' PACKAGE_URL='https://www.ntp.org/' @@ -698,7 +698,6 @@ MAKE_PARSEKMODULE DCFD TESTDCF MAKE_CHECK_LAYOUT -VER_SUFFIX MAKE_CHECK_Y2K MAKE_LIBPARSE_KERNEL MAKE_LIBPARSE @@ -710,6 +709,10 @@ PATH_NET_SNMP_CONFIG CONFIG_SHELL PATH_TEST PATH_PERL +PATH_OPENSSL +VER_SUFFIX +LIBNTP_SUBMAKES_FALSE +LIBNTP_SUBMAKES_TRUE LIBOBJS PTHREADS_FALSE PTHREADS_TRUE @@ -759,6 +762,8 @@ ac_ct_DUMPBIN DUMPBIN LD FGREP +EGREP +GREP SED LIBTOOL ac_ct_AR @@ -857,14 +862,12 @@ NTP_HARD_CPPFLAGS NTP_HARD_CFLAGS YFLAGS YACC +CPP LDFLAGS_NTP LDADD_NTP CPPFLAGS_NTP CFLAGS_NTP CC_NOFORMAT -EGREP -GREP -CPP am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE @@ -968,6 +971,7 @@ plot_summary_opts' ac_user_opts=' enable_option_checking enable_silent_rules +enable_build_framework_help enable_dependency_tracking with_hardenfile with_locfile @@ -995,7 +999,11 @@ enable_linuxcaps enable_solarisprivs enable_trustedbsd_mac enable_signalled_io -with_arlib +with_crypto +with_openssl_libdir +with_openssl_incdir +enable_verbose_ssl +enable_openssl_random with_net_snmp_config enable_libseccomp with_stack_limit @@ -1057,11 +1065,6 @@ enable_TRIMTSIP enable_WHARTON enable_VARITEXT enable_SEL240X -with_crypto -with_openssl_libdir -with_openssl_incdir -with_rpath -enable_openssl_random enable_autokey enable_kmem enable_accurate_adjtime @@ -1651,7 +1654,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ntp 4.2.8p17 to adapt to many kinds of systems. +\`configure' configures ntp 4.2.8p18 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1722,7 +1725,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ntp 4.2.8p17:";; + short | recursive ) echo "Configuration of ntp 4.2.8p18:";; esac cat <<\_ACEOF @@ -1734,6 +1737,8 @@ Optional Features and Packages: --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --enable-silent-rules less verbose build output (undo: "make V=1") --disable-silent-rules verbose build output (undo: "make V=0") + --enable-build-framework-help + + enable build framework help --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking @@ -1765,14 +1770,20 @@ Optional Features and Packages: --enable-thread-support s use threads (+ if available) --with-threads with threads [auto] --with-yielding-select with yielding select [auto] - --enable-c99-snprintf s force replacement + --enable-c99-snprintf s use replacement printf family --enable-clockctl s Use /dev/clockctl for non-root clock control --enable-linuxcaps + Use Linux capabilities for non-root clock control --enable-solarisprivs + Use Solaris privileges for non-root clock control --enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock control --enable-signalled-io s Use signalled IO if we can - --with-arlib - deprecated, arlib not distributed + --with-crypto + =openssl,libcrypto + --with-openssl-libdir + =/something/reasonable + + --with-openssl-incdir + =search likely dirs + + --enable-verbose-ssl - show crypto lib detection details + --enable-openssl-random + Use SSL lib's secure random numbers --with-net-snmp-config + =net-snmp-config --enable-libseccomp EXPERIMENTAL: enable support for libseccomp sandboxing (default is no) @@ -1837,16 +1848,6 @@ Optional Features and Packages: --enable-WHARTON s WHARTON 400A Series clock --enable-VARITEXT s VARITEXT clock --enable-SEL240X s SEL240X clock - --with-crypto + =openssl,libcrypto - - --with-openssl-libdir + =/something/reasonable - - --with-openssl-incdir + =/something/reasonable - - --without-rpath s Disable auto-added -R linker paths - - --enable-openssl-random Use OpenSSL's crypto random number functions, if - available (default is yes) --enable-autokey + support NTP Autokey protocol --enable-kmem s read /dev/kmem for tick and/or tickadj --enable-accurate-adjtime @@ -1967,7 +1968,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ntp configure 4.2.8p17 +ntp configure 4.2.8p18 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2053,44 +2054,6 @@ printf "%s\n" "$ac_res" >&6; } } # ac_fn_c_check_header_compile -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - } -then : - ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. @@ -2181,6 +2144,44 @@ fi } # ac_fn_c_try_run +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly @@ -2624,7 +2625,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ntp $as_me 4.2.8p17, which was +It was created by ntp $as_me 4.2.8p18, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3218,7 +3219,6 @@ as_fn_append ac_func_c_list " vprintf HAVE_VPRINTF" as_fn_append ac_header_c_list " vfork.h vfork_h HAVE_VFORK_H" as_fn_append ac_func_c_list " fork HAVE_FORK" as_fn_append ac_func_c_list " vfork HAVE_VFORK" -as_fn_append ac_header_c_list " sys/time.h sys_time_h HAVE_SYS_TIME_H" as_fn_append ac_header_c_list " stdarg.h stdarg_h HAVE_STDARG_H" # Auxiliary files required by this configure script. @@ -3420,7 +3420,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # the date YYYYMMDD optionally with -HHMM if there is more than one # bump in a day. -ntp_configure_cache_version=20230326 +ntp_configure_cache_version=20240218 # When the cache version of config.cache and configure do not # match, NTP_CACHEVERSION will flush the cache. @@ -4039,7 +4039,7 @@ fi # Define the identity of the package. PACKAGE='ntp' - VERSION='4.2.8p17' + VERSION='4.2.8p18' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -4266,6 +4266,25 @@ printf "%s\n" "#define STR_SYSTEM \"$host\"" >>confdefs.h ac_config_headers="$ac_config_headers config.h" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we should enable build framework help" >&5 +printf %s "checking if we should enable build framework help... " >&6; } +# Check whether --enable-build-framework-help was given. +if test ${enable_build_framework_help+y} +then : + enableval=$enable_build_framework_help; ntp_ok=$enableval +else $as_nop + ntp_ok=yes + +fi + +case "$ntp_ok" in + yes) + ntp_cv_build_framework_help=yes ;; + *) ntp_cv_build_framework_help=no ;; +esac +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_ok" >&5 +printf "%s\n" "$ntp_ok" >&6; } + ntp_atom_ok=${ntp_atom_ok=no} ntp_oncore_ok=${ntp_oncore_ok=no} ntp_parse_ok=${ntp_parse_ok=no} @@ -5221,6 +5240,7 @@ fi + ac_header= ac_cache= for ac_item in $ac_header_c_list do @@ -5392,333 +5412,7 @@ then : fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -printf %s "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if test ${ac_cv_prog_CPP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <limits.h> - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - -else $as_nop - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - # Broken: success on invalid input. -continue -else $as_nop - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok -then : - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -printf "%s\n" "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <limits.h> - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - -else $as_nop - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - # Broken: success on invalid input. -continue -else $as_nop - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok -then : - -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -printf %s "checking for grep that handles long lines and -e... " >&6; } -if test ${ac_cv_path_GREP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_prog in grep ggrep - do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - printf %s 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - printf "%s\n" 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -printf "%s\n" "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -printf %s "checking for egrep... " >&6; } -if test ${ac_cv_path_EGREP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_prog in egrep - do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - printf %s 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - printf "%s\n" 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -printf "%s\n" "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - - - - - - -# Ralf Wildenhues: With per-target flags we need CC_C_O -# AM_PROG_CC_C_O supersets AC_PROG_CC_C_O - -if test $ac_cv_c_compiler_gnu = yes; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 -printf %s "checking whether $CC needs -traditional... " >&6; } -if test ${ac_cv_prog_gcc_traditional+y} -then : - printf %s "(cached) " >&6 -else $as_nop - ac_pattern="Autoconf.*'x'" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sgtty.h> -Autoconf TIOCGETP -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1 -then : - ac_cv_prog_gcc_traditional=yes -else $as_nop - ac_cv_prog_gcc_traditional=no -fi -rm -rf conftest* - - - if test $ac_cv_prog_gcc_traditional = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <termio.h> -Autoconf TCGETA -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1 -then : - ac_cv_prog_gcc_traditional=yes -fi -rm -rf conftest* - - fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 -printf "%s\n" "$ac_cv_prog_gcc_traditional" >&6; } - if test $ac_cv_prog_gcc_traditional = yes; then - CC="$CC -traditional" - fi -fi @@ -5886,13 +5580,15 @@ fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_Winit_self" >&5 printf "%s\n" "$ntp_cv_gcc_Winit_self" >&6; } # + # $ntp_cv_gcc_Winit_self is tested later to add the + # flag to CFLAGS_NTP. + # # libopts specifically builds a string with embedded NULs. # This causes a bunch of distracting warnings due to -Wformat. - # Let's see if we can figure out how to disable these. # - CFLAGS="$SAVED_CFLAGS -Wno-format" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC can handle -Wno-format" >&5 -printf %s "checking if $CC can handle -Wno-format... " >&6; } + CFLAGS="$SAVED_CFLAGS -Wno-format -Wno-format-security" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC can handle -Wno-format -Wno-format-security" >&5 +printf %s "checking if $CC can handle -Wno-format -Wno-format-security... " >&6; } if test ${ntp_cv_gcc_Wno_format+y} then : printf %s "(cached) " >&6 @@ -5922,21 +5618,50 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_Wno_format" >&5 printf "%s\n" "$ntp_cv_gcc_Wno_format" >&6; } - case "$ntp_cv_gcc_Wno_format" in + no) ntp_cv_gcc_Wno_format_truncation=no + ;; yes) - CC_NOFORMAT="$CC_NOFORMAT -Wno-format" - ;; - no) - ;; + CC_NOFORMAT="-Wno-format -Wno-format-security" + CFLAGS="$SAVED_CFLAGS -Wformat -Wno-format-truncation -Werror" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC can handle -Wformat -Wno-format-truncation" >&5 +printf %s "checking if $CC can handle -Wformat -Wno-format-truncation... " >&6; } +if test ${ntp_cv_gcc_Wno_format_truncation+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ntp_cv_gcc_Wno_format_truncation=yes +else $as_nop + ntp_cv_gcc_Wno_format_truncation=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_Wno_format_truncation" >&5 +printf "%s\n" "$ntp_cv_gcc_Wno_format_truncation" >&6; } + # + # $ntp_cv_gcc_Wno_format_truncation is tested later to add the + # flag to CFLAGS. + # esac CFLAGS="$SAVED_CFLAGS" { SAVED_CFLAGS=; unset SAVED_CFLAGS;} - # - # $ntp_cv_gcc_Winit_self is tested later to add the - # flag to CFLAGS_NTP. - # + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linker supports omitting unused code and data" >&5 printf %s "checking if linker supports omitting unused code and data... " >&6; } if test ${ntp_cv_gc_sections_runs+y} @@ -5944,7 +5669,17 @@ then : printf %s "(cached) " >&6 else $as_nop - origCFLAGS="$CFLAGS" + # NetBSD will link but likely not run with --gc-sections + # http://bugs.ntp.org/1844 + # http://gnats.netbsd.org/40401 + # --gc-sections causes attempt to load as linux elf, with + # wrong syscalls in place. Test a little gauntlet of + # simple stdio read code checking for errors, expecting + # enough syscall differences that the NetBSD code will + # fail even with Linux emulation working as designed. + # A shorter test could be refined by someone with access + # to a NetBSD host with Linux emulation working. + origCFLAGS="$CFLAGS" CFLAGS="$CFLAGS -Wl,--gc-sections" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6034,6 +5769,10 @@ printf "%s\n" "$ntp_cv_gc_sections_runs" >&6; } yes) CFLAGS_NTP="$CFLAGS_NTP -Wstrict-overflow" esac + case "$ntp_cv_gcc_Wno_format_truncation" in + yes) + CFLAGS_NTP="$CFLAGS_NTP -Wno-format-truncation" + esac # -W[no-]strict-prototypes might be added by NTP_OPENSSL esac @@ -7080,38 +6819,6 @@ esac # So far, the only shared library we might use is libopts. # It's a small library - we might as well use a static version of it. -# Check whether --enable-shared was given. -if test ${enable_shared+y} -then : - enableval=$enable_shared; p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_shared=yes - fi - done - IFS=$lt_save_ifs - ;; - esac -else $as_nop - enable_shared=no -fi - - - - - - - - - case `pwd` in *\ * | *\ *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 @@ -7295,6 +7002,148 @@ Xsed="$SED -e 1s/^X//" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +printf %s "checking for grep that handles long lines and -e... " >&6; } +if test ${ac_cv_path_GREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +printf "%s\n" "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +printf %s "checking for egrep... " >&6; } +if test ${ac_cv_path_EGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +printf "%s\n" "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 printf %s "checking for fgrep... " >&6; } if test ${ac_cv_path_FGREP+y} @@ -10575,6 +10424,36 @@ fi # Set options +# Check whether --enable-shared was given. +if test ${enable_shared+y} +then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else $as_nop + enable_shared=no +fi + + + + + + + @@ -14874,7 +14753,7 @@ CC=$lt_save_CC # Therefore, by default: # - use the version of libopts we ship with # - do not install it -# - build a static copy (AC_DISABLE_SHARED - done earlier) +# - build a static copy (disable-shared - done earlier) case "${enable_local_libopts+set}" in set) ;; *) enable_local_libopts=yes ;; @@ -16526,8 +16405,6 @@ case "$ntp_use_local_libevent" in *) # If we have (a good enough) pkg-config, see if it can find libevent case "$PKG_CONFIG" in /*) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5 -printf %s "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; } if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent then ntp_use_local_libevent=no @@ -16536,6 +16413,8 @@ printf %s "checking if libevent $ntp_libevent_min_version or later is installed. *.*) ;; *) ntp_libevent_version='(unknown)' ;; esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5 +printf %s "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5 printf "%s\n" "yes, version $ntp_libevent_version" >&6; } CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` @@ -16570,6 +16449,8 @@ printf "%s\n" "yes, version $ntp_libevent_version" >&6; } # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS # is "pthreads"? CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5 +printf %s "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi @@ -17483,11 +17364,23 @@ fi +VER_SUFFIX= + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: " >&5 +printf "%s\n" "$as_me: " >&6;} + esac + + + + + + # HMS: Save $LIBS and empty it. # any LIBS we add here should go in to LDADD_LIBNTP -__LIBS=$LIBS +SAVED_LIBS=$LIBS LIBS= @@ -19228,14 +19121,6 @@ printf "%s\n" "#define HAVE_INLINE 1" >>confdefs.h esac -# Obsolete code to be removed. -if test $ac_cv_header_sys_time_h = yes; then - -printf "%s\n" "#define TIME_WITH_SYS_TIME 1" >>confdefs.h - -fi -# End of obsolete code. - # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. @@ -25091,100 +24976,6 @@ fi -case "$ac_cv_type_int32::$ac_cv_header_resolv_h" in - no::yes) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for int32 with DNS headers included" >&5 -printf %s "checking for int32 with DNS headers included... " >&6; } -if test ${ntp_cv_type_int32_with_dns+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #ifdef HAVE_ARPA_NAMESER_H - # include <arpa/nameser.h> - #endif - #include <resolv.h> - -int -main (void) -{ - - size_t cb = sizeof(int32); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ntp_cv_type_int32_with_dns=yes -else $as_nop - ntp_cv_type_int32_with_dns=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_type_int32_with_dns" >&5 -printf "%s\n" "$ntp_cv_type_int32_with_dns" >&6; } - case "$ntp_cv_type_int32_with_dns" in - yes) - -printf "%s\n" "#define HAVE_INT32_ONLY_WITH_DNS 1" >>confdefs.h - - esac -esac - -case "$ac_cv_type_u_int32::$ac_cv_header_resolv_h" in - no::yes) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_int32 with DNS headers included" >&5 -printf %s "checking for u_int32 with DNS headers included... " >&6; } -if test ${ntp_cv_type_u_int32_with_dns+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #ifdef HAVE_ARPA_NAMESER_H - # include <arpa/nameser.h> - #endif - #include <resolv.h> - -int -main (void) -{ - - size_t cb = sizeof(u_int32); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ntp_cv_type_u_int32_with_dns=yes -else $as_nop - ntp_cv_type_u_int32_with_dns=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_type_u_int32_with_dns" >&5 -printf "%s\n" "$ntp_cv_type_u_int32_with_dns" >&6; } - case "$ntp_cv_type_u_int32_with_dns" in - yes) - -printf "%s\n" "#define HAVE_U_INT32_ONLY_WITH_DNS 1" >>confdefs.h - - esac -esac - ac_fn_c_check_header_compile "$LINENO" "sys/timepps.h" "ac_cv_header_sys_timepps_h" " #ifdef HAVE_SYS_TIME_H # include <sys/time.h> @@ -25766,34 +25557,1192 @@ printf "%s\n" "$as_me: WARNING: *** $ntp_warning ***" >&2;} ;; esac + if test x"$enable_dependency_tracking" = x"yes"; then + LIBNTP_SUBMAKES_TRUE= + LIBNTP_SUBMAKES_FALSE='#' +else + LIBNTP_SUBMAKES_TRUE='#' + LIBNTP_SUBMAKES_FALSE= +fi + -LDADD_LIBNTP="$LDADD_LIBNTP $LIBS" -LIBS=$__LIBS -{ __LIBS=; unset __LIBS;} -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for deprecated --with-arlib" >&5 -printf %s "checking for deprecated --with-arlib... " >&6; } +# Check whether --with-crypto was given. +if test ${with_crypto+y} +then : + withval=$with_crypto; case "$with_crypto" in + yes) + with_crypto=openssl,libcrypto + esac + +else $as_nop + with_crypto=openssl,libcrypto +fi + + +# Check whether --with-openssl-libdir was given. +if test ${with_openssl_libdir+y} +then : + withval=$with_openssl_libdir; +fi + -# Check whether --with-arlib was given. -if test ${with_arlib+y} +# Check whether --with-openssl-incdir was given. +if test ${with_openssl_incdir+y} then : - withval=$with_arlib; ans=$withval + withval=$with_openssl_incdir; +fi + +# Check whether --enable-verbose-ssl was given. +if test ${enable_verbose_ssl+y} +then : + enableval=$enable_verbose_ssl; else $as_nop - ans=no + enable_verbose_ssl=no fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ans" >&5 -printf "%s\n" "$ans" >&6; } -case "$ans" in +ntp_openssl=no +ntp_openssl_from_pkg_config=no +ntp_ssl_incdir= +ntp_ssl_cflags= +ntp_ssl_cppflags= +ntp_ssl_libdir= +ntp_ssl_libs_L= +ntp_ssl_libs_l= +ntp_ssl_libs= +ntp_ssl_ldflags= + +NTPSSL_SAVED_CFLAGS="$CFLAGS" +NTPSSL_SAVED_CPPFLAGS="$CPPFLAGS" +NTPSSL_SAVED_LIBS="$LIBS" +NTPSSL_SAVED_LDFLAGS="$LDFLAGS" + +# Extract the first word of "openssl", so it can be a program name with args. +set dummy openssl; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PATH_OPENSSL+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PATH_OPENSSL in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_OPENSSL="$PATH_OPENSSL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_OPENSSL="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PATH_OPENSSL=$ac_cv_path_PATH_OPENSSL +if test -n "$PATH_OPENSSL"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PATH_OPENSSL" >&5 +printf "%s\n" "$PATH_OPENSSL" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + +str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $str" >&5 +printf "%s\n" "$as_me: $str" >&6;} + esac + + +{ str=; unset str;} + +# Make sure neither/both --with_openssl-{inc,lib}dir are given +case "${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in + notgiven:notgiven) ;; + *notgiven*) + as_fn_error $? "only one of --with-openssl-{inc,lib}dir=... given - provide both or neither" "$LINENO" 5 + ;; +esac + +# HMS: Today there are only 2 case options. We probably want a third +# *:*:notgiven:notgiven +# and in that case we would validate the path in PKG_CONFIG_PATH. +# Unless we can do it with 2 cases, where the 2nd case is *:*:... +# and we do a reality check on execpath and the headers/libraries. +# +## +# if $with_crypto is not "no": +# if --with-openssl-{inc,lib}dir are not given: +# we should use pkg-config to find openssl +# if we don't have pkg-config, if openssl is in the base OS, use that. +## +case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in + no:*) ;; + *:notempty:notgiven:notgiven) + # If PKG_CONFIG is notempty and we haven't been given openssl paths, + # then let's make sure that the openssl executable's path corresponds + # to the path in openssl.pc, and 'openssl version' matches the Version + # in openssl.pc. If $PKG_CONFIG tells us an INCPATH and/or a LIBPATH, + # then should we reality check them? + ## INCPATH + # harlan@ntp-testbuild.tal1> openssl version + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> grep 1.1.1t /ntpbuild/include/openssl/* + # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # harlan@ntp-testbuild.tal1> + ## LIBPATH + # harlan@ntp-testbuild.tal1> strings -a /ntpbuild/lib/libcrypto.* | fgrep 1.1.1t + # OpenSSL 1.1.1t 7 Feb 2023 + # OpenSSL 1.1.1t 7 Feb 2023 + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> ls /ntpbuild/lib/libcrypto.* + # /ntpbuild/lib/libcrypto.a /ntpbuild/lib/libcrypto.so.1.1* + # /ntpbuild/lib/libcrypto.so@ + # harlan@ntp-testbuild.tal1> + ## + # Having said this, do we really care if the openssl executable that + # we have found is matched with the INCPATH and LIBPATH? + # One answer: Probably not, but we should complain on a mismatch as + # otherwise runtime differences could easily cause problems/drama. + + ##BO + # ntp_cv_build_framework_help=yes + save_PKG_CONFIG_PATH=${PKG_CONFIG_PATH} + for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do + case "$pkg" in + openssl) + if $PKG_CONFIG --exists $pkg ; then + # Found it - yay + # Do we want to check we found the right one? + # --modver + # --variable={libdir,includedir} (varname) + overf=`openssl version` + overs=`echo $overf | awk '{print }'` + case "$overs" in + 0.*) ;; # Should we squawk? + 1.0.*) ;; # Should we squawk? + 1.1.*) ;; # Should we squawk? + 3.*) + oinc=`openssl --variable=includedir` + olib=`openssl --variable=libdir` + # How should we use these? + ;; + *) ;; # Should we squawk? + esac + # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # grep 1.1.1t /ntpbuild/lib/libcrypto.a + # strings -a /ntpbuild/lib/libcrypto.a | grep 1.1.1t + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> + # which should match $overf + ## + # harlan@ntp-testbuild.tal1> echo '"OpenSSL 1.1.1t 7 Feb 2023"' | cut -f 2 -d\" + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> grep OPENSSL_VERSION_TEXT /ntpbuild/include/openssl/opensslv.h + # # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # harlan@ntp-testbuild.tal1> + ## + + else + # This is a hack, but it's reasonable. + pkgpath="`echo $PATH_OPENSSL | sed -e 's:/bin/openssl$::'`/lib/pkgconfig" + test -d "$pkgpath" || pkgpath= + # echo "pkgpath is <$pkgpath>" + # echo "PKG_CONFIG_PATH is <$PKG_CONFIG_PATH>" + case "$pkgpath" in + '') ;; # Nothing to see here... + *) case ":$PKG_CONFIG_PATH:" in + ::) + PKG_CONFIG_PATH=$pkgpath + export PKG_CONFIG_PATH + ;; + *:$pkgpath:*) + # Already there... + ;; + *) + PKG_CONFIG_PATH="$pkgpath:$PKG_CONFIG_PATH" + export PKG_CONFIG_PATH + ;; + esac + ;; + esac + fi + ;; + esac + done + ##EO + + for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config for $pkg" >&5 +printf %s "checking pkg-config for $pkg... " >&6; } + if $PKG_CONFIG --exists $pkg ; then + ntp_ssl_cppflags="`$PKG_CONFIG --cflags-only-I $pkg`" + case "$ntp_ssl_cppflags" in + '') + ntp_ssl_incdir='not needed' + ;; + *) + ntp_ssl_incdir="`echo $ntp_ssl_cppflags | $SED -e 's/-I//'`" + esac + ntp_ssl_cflags="`$PKG_CONFIG --cflags-only-other $pkg`" + ntp_ssl_libs_L="`$PKG_CONFIG --libs-only-L $pkg`" + case "$ntp_ssl_libs_L" in + '') + ntp_ssl_libdir='not needed' + ;; + *) + ntp_ssl_libdir="`echo $ntp_ssl_libs_L | $SED -e 's/-L//'`" + esac + ntp_ssl_libs_l="`$PKG_CONFIG --libs-only-l $pkg`" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + ntp_ssl_ldflags="`$PKG_CONFIG --libs-only-other $pkg`" + ntp_openssl=yes + ntp_openssl_from_pkg_config=yes + ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" + case "$ntp_openssl_version" in + *.*) ;; + *) ntp_openssl_version='(unknown)' ;; + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 +printf "%s\n" "yes, version $ntp_openssl_version" >&6; } + + break + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + done + { pkg=; unset pkg;} +esac +case "$with_crypto" in + no) ;; + *) + case "$with_openssl_libdir" in + '') ;; + *) + ntp_ssl_libdir="$with_openssl_libdir" + ntp_ssl_libs_L="-L$with_openssl_libdir" + ntp_ssl_libs_l="-lcrypto" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + esac + case "$with_openssl_incdir" in + '') ;; + *) + ntp_ssl_incdir="$with_openssl_incdir" + ntp_ssl_cppflags="-I$with_openssl_incdir" + esac +esac + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL Phase I checks:" >&5 +printf "%s\n" "$as_me: OpenSSL Phase I checks:" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CFLAGS_NTP: ($CFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CFLAGS_NTP: ($CFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDADD_NTP: ($LDADD_NTP)" >&5 +printf "%s\n" "$as_me: LDADD_NTP: ($LDADD_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_openssl_from_pkg_config: $ntp_openssl_from_pkg_config" >&5 +printf "%s\n" "$as_me: ntp_openssl_from_pkg_config: $ntp_openssl_from_pkg_config" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs: ($ntp_ssl_libs)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs: ($ntp_ssl_libs)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&6;} + esac + + + +case "$with_crypto" in + no) + ntp_openssl=no + ;; + *) + ntp_ssl_libs_l="${ntp_ssl_libs_l:--lcrypto}" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + case "$ntp_ssl_libdir" in + '') + + { ac_cv_lib_crypto_EVP_MD_CTX_new=; unset ac_cv_lib_crypto_EVP_MD_CTX_new;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for libcrypto without -L" >&5 +printf "%s\n" "$as_me: Searching for libcrypto without -L" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 +printf %s "checking for EVP_MD_CTX_new in -lcrypto... " >&6; } +if test ${ac_cv_lib_crypto_EVP_MD_CTX_new+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char EVP_MD_CTX_new (); +int +main (void) +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_crypto_EVP_MD_CTX_new=yes +else $as_nop + ac_cv_lib_crypto_EVP_MD_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_MD_CTX_new" >&5 +printf "%s\n" "$ac_cv_lib_crypto_EVP_MD_CTX_new" >&6; } +if test "x$ac_cv_lib_crypto_EVP_MD_CTX_new" = xyes +then : + ntp_ssl_libdir='not needed' + +fi + + { ac_cv_lib_crypto_EVP_MD_CTX_new=; unset ac_cv_lib_crypto_EVP_MD_CTX_new;} + esac + case "$ntp_ssl_libdir" in + '') + ntp_ssl_libdir_search="/usr/lib /usr/lib/openssl /usr/sfw/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/ssl/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /opt/local/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /lib /lib64" + ;; + *) + ntp_ssl_libdir_search="$ntp_ssl_libdir" + esac + case $ntp_ssl_libdir_search in + 'not needed') ;; + *) + for i in $ntp_ssl_libdir_search not_found + do + case "$i" in + not_found) ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for libcrypto in $i" >&5 +printf "%s\n" "$as_me: Searching for libcrypto in $i" >&6;} + LIBS="-L$i $NTPSSL_SAVED_LIBS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 +printf %s "checking for EVP_MD_CTX_new in -lcrypto... " >&6; } +if test ${ac_cv_lib_crypto_EVP_MD_CTX_new+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char EVP_MD_CTX_new (); +int +main (void) +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_crypto_EVP_MD_CTX_new=yes +else $as_nop + ac_cv_lib_crypto_EVP_MD_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_MD_CTX_new" >&5 +printf "%s\n" "$ac_cv_lib_crypto_EVP_MD_CTX_new" >&6; } +if test "x$ac_cv_lib_crypto_EVP_MD_CTX_new" = xyes +then : + break + +fi + + { ac_cv_lib_crypto_EVP_MD_CTX_new=; unset ac_cv_lib_crypto_EVP_MD_CTX_new;} + esac + done + ntp_ssl_libdir="$i" + ntp_ssl_libs_L="-L$i" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + LIBS="$NTPSSL_SAVED_LIBS" + case "$ntp_ssl_libdir" in + not_found) + as_fn_error $? "You may want to use --without-crypto, or add +openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the +--with-openssl-libdir=/some/path option to configure. +libcrypto not found in any of the following directories: +$ntp_ssl_libdir_search + " "$LINENO" 5 + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: libcrypto found in $ntp_ssl_libdir" >&5 +printf "%s\n" "$as_me: libcrypto found in $ntp_ssl_libdir" >&6;} + esac + + case "$ntp_openssl_from_pkg_config:$ntp_ssl_incdir" in + 'yes:not needed' | no:) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for openssl/evp.h without -I" >&5 +printf "%s\n" "$as_me: Searching for openssl/evp.h without -I" >&6;} + { ac_cv_header_openssl_evp_h=; unset ac_cv_header_openssl_evp_h;} + ac_fn_c_check_header_compile "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_evp_h" = xyes +then : + ntp_ssl_incdir='not needed' + +fi + + esac + case "$ntp_ssl_incdir" in + 'not needed') + ntp_ssl_incdir_search="$ntp_ssl_incdir" + ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for openssl include directory" >&5 +printf "%s\n" "$as_me: Searching for openssl include directory" >&6;} + case "$with_openssl_incdir" in + '') + case "$ntp_ssl_incdir" in + '') + ntp_ssl_incdir_search="/usr/include /usr/sfw/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /opt/local/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/ssl/include" + ;; + *) + esac + ;; + *) + ntp_ssl_incdir_search="$with_openssl_incdir" + esac + case $ntp_ssl_incdir_search in + 'not needed') ;; + *) + for i in $ntp_ssl_incdir_search + do + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for openssl/evp.h in $i" >&5 +printf "%s\n" "$as_me: Searching for openssl/evp.h in $i" >&6;} + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS -I$i" + { ac_cv_header_openssl_evp_h=; unset ac_cv_header_openssl_evp_h;} + ac_fn_c_check_header_compile "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_evp_h" = xyes +then : + ntp_ssl_incdir="$i" ; break + +fi + + done + { ac_cv_header_openssl_evp_h=; unset ac_cv_header_openssl_evp_h;} + { i=; unset i;} + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS" + case "$ntp_ssl_incdir" in + '') + as_fn_error $? "You may want to use --without-crypto, or add +openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the +-with-openssl-incdir=/some/path option to configure. +No usable openssl/evp.h found in any of the following direcotries: +$ntp_ssl_incdir_search + " "$LINENO" 5 + esac + ntp_ssl_cppflags="-I$ntp_ssl_incdir" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Found evp.h in $ntp_ssl_incdir/openssl" >&5 +printf "%s\n" "$as_me: Found evp.h in $ntp_ssl_incdir/openssl" >&6;} + esac + esac + ntp_openssl=yes +esac +case "$ntp_openssl:$ntp_ssl_libdir" in + 'yes:not needed') + ;; + yes:*) + CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if crypto works without runpath" >&5 +printf %s "checking if crypto works without runpath... " >&6; } +if test ${ntp_cv_ssl_without_runpath+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : + ntp_cv_ssl_without_runpath=yes +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + if (!EVP_MD_CTX_new()) { + return 1; + } + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ntp_cv_ssl_without_runpath=yes +else $as_nop + ntp_cv_ssl_without_runpath=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_without_runpath" >&5 +printf "%s\n" "$ntp_cv_ssl_without_runpath" >&6; } + case "$ntp_cv_ssl_without_runpath" in + no) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if crypto needs -Wl,-rpath,$ntp_ssl_libdir" >&5 +printf %s "checking if crypto needs -Wl,-rpath,$ntp_ssl_libdir... " >&6; } +if test ${ntp_cv_ssl_needs_dashWl_rpath+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + LDFLAGS="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir $NTPSSL_SAVED_LDFLAGS" + if test "$cross_compiling" = yes +then : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + if (!EVP_MD_CTX_new()) { + return 1; + } + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ntp_cv_ssl_needs_dashWl_rpath=yes +else $as_nop + ntp_cv_ssl_needs_dashWl_rpath=no + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_needs_dashWl_rpath" >&5 +printf "%s\n" "$ntp_cv_ssl_needs_dashWl_rpath" >&6; } + case "$ntp_cv_ssl_needs_dashWl_rpath" in + yes) + ntp_ssl_ldflags="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir" + ;; + no) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if crypto needs -R$ntp_ssl_libdir" >&5 +printf %s "checking if crypto needs -R$ntp_ssl_libdir... " >&6; } +if test ${ntp_cv_ssl_needs_dashR+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + LDFLAGS="$NTPSSL_SAVED_LDFLAGS $ntp_ssl_ldflags -R$ntp_ssl_libdir" + if test "$cross_compiling" = yes +then : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + if (!EVP_MD_CTX_new()) { + return 1; + } + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ntp_cv_ssl_needs_dashR=yes +else $as_nop + ntp_cv_ssl_needs_dashR=no + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_needs_dashR" >&5 +printf "%s\n" "$ntp_cv_ssl_needs_dashR" >&6; } + case "$ntp_cv_ssl_needs_dashR" in + yes) + ntp_ssl_ldflags="$ntp_ssl_ldflags -R$ntp_ssl_libdir" + esac + case "$build:$ntp_cv_ssl_needs_dashR" in + $host:no) + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Unable to run program using crypto, check openssl.pc +or libcrypto.pc are in PKG_CONFIG_PATH, or provide the + --with-openssl-libdir=/some/path option to configure. + +See \`config.log' for more details" "$LINENO" 5; } + esac + esac + esac +esac + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL Phase II checks:" >&5 +printf "%s\n" "$as_me: OpenSSL Phase II checks:" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs: ($ntp_ssl_libs)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs: ($ntp_ssl_libs)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&6;} + esac + + + +case "$ntp_openssl:$ntp_openssl_from_pkg_config" in + yes:no) + CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with $ntp_ssl_libs_l alone works" >&5 +printf %s "checking if linking with $ntp_ssl_libs_l alone works... " >&6; } +if test ${ntp_cv_bare_lcrypto+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + EVP_MD_CTX_new(); + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ntp_cv_bare_lcrypto=yes +else $as_nop + ntp_cv_bare_lcrypto=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_bare_lcrypto" >&5 +printf "%s\n" "$ntp_cv_bare_lcrypto" >&6; } + case "$ntp_cv_bare_lcrypto" in + no) + LIBS="-$ntp_ssl_libs -lz $NTPSSL_SAVED_LIBS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with $ntp_ssl_libs_l -lz works" >&5 +printf %s "checking if linking with $ntp_ssl_libs_l -lz works... " >&6; } +if test ${ntp_cv_lcrypto_lz+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + EVP_MD_CTX_new(); + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ntp_cv_lcrypto_lz=yes +else $as_nop + ntp_cv_lcrypto_lz=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_lcrypto_lz" >&5 +printf "%s\n" "$ntp_cv_lcrypto_lz" >&6; } + case "$ntp_cv_lcrypto_lz" in + yes) + ntp_ssl_libs_l="$ntp_ssl_libs_l -lz" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + esac + esac esac +case "$ntp_openssl:$GCC" in + yes:yes) + CFLAGS="$NTP_SAVED_CFLAGS $ntp_ssl_cflags -Werror" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking If $CC supports -Werror" >&5 +printf %s "checking If $CC supports -Werror... " >&6; } +if test ${ntp_cv_gcc_supports_Werror+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ntp_cv_gcc_supports_Werror=yes +else $as_nop + ntp_cv_gcc_supports_Werror=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_supports_Werror" >&5 +printf "%s\n" "$ntp_cv_gcc_supports_Werror" >&6; } + case "ntp_cv_gcc_supports_Werror" in + no) + ntp_use_Wstrict_prototypes=yes + ;; + yes) + CFLAGS="$CFLAGS -Wstrict-prototypes" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if OpenSSL triggers warnings" >&5 +printf %s "checking if OpenSSL triggers warnings... " >&6; } +if test ${ntp_cv_ssl_triggers_warnings+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/asn1_mac.h" + #include "openssl/bn.h" + #include "openssl/err.h" + #include "openssl/evp.h" + #include "openssl/pem.h" + #include "openssl/rand.h" + #include "openssl/x509v3.h" + +int +main (void) +{ + + /* empty body */ + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ntp_cv_ssl_triggers_warnings=no +else $as_nop + ntp_cv_ssl_triggers_warnings=yes + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_triggers_warnings" >&5 +printf "%s\n" "$ntp_cv_ssl_triggers_warnings" >&6; } + case "$ntp_cv_ssl_triggers_warnings" in + yes) + ntp_use_Wstrict_prototypes=no + ;; + *) + ntp_use_Wstrict_prototypes=yes + esac + esac + case "$ntp_use_Wstrict_prototypes" in + no) + ntp_ssl_cflags="$ntp_ssl_cflags -Wno-strict-prototypes" + ;; + *) + ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" + esac + ;; + no:yes) + ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" +esac +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we will link to ssl library" >&5 +printf %s "checking if we will link to ssl library... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_openssl" >&5 +printf "%s\n" "$ntp_openssl" >&6; } + +case "$ntp_openssl" in yes) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Please do not use --with-arlib, arlib is no longer included. In the future, --with-arlib will not be recognized." >&5 -printf "%s\n" "$as_me: WARNING: Please do not use --with-arlib, arlib is no longer included. In the future, --with-arlib will not be recognized." >&2;} + VER_SUFFIX=o + for ac_header in openssl/cmac.h +do : + ac_fn_c_check_header_compile "$LINENO" "openssl/cmac.h" "ac_cv_header_openssl_cmac_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_cmac_h" = xyes +then : + printf "%s\n" "#define HAVE_OPENSSL_CMAC_H 1" >>confdefs.h + ntp_enable_cmac=yes +else $as_nop + ntp_enable_cmac=no + +fi + +done + case "$ntp_enable_cmac" in + yes) + +printf "%s\n" "#define ENABLE_CMAC 1" >>confdefs.h + + esac + +printf "%s\n" "#define OPENSSL /**/" >>confdefs.h + + +printf "%s\n" "#define OPENSSL_SUPPRESS_DEPRECATED 1" >>confdefs.h + + CFLAGS="$NTPSSL_SAVED_CFLAGS" + ac_fn_c_check_func "$LINENO" "EVP_MD_do_all_sorted" "ac_cv_func_EVP_MD_do_all_sorted" +if test "x$ac_cv_func_EVP_MD_do_all_sorted" = xyes +then : + printf "%s\n" "#define HAVE_EVP_MD_DO_ALL_SORTED 1" >>confdefs.h + +fi + + CPPFLAGS_NTP="$CPPFLAGS_NTP $ntp_ssl_cppflags" + CFLAGS_NTP="$CFLAGS_NTP $ntp_ssl_cflags" + LDADD_NTP="$ntp_ssl_libs $LDADD_NTP" + LDFLAGS_NTP="$ntp_ssl_ldflags $LDFLAGS_NTP" +esac + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL final checks:" >&5 +printf "%s\n" "$as_me: OpenSSL final checks:" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_openssl: $ntp_openssl" >&5 +printf "%s\n" "$as_me: ntp_openssl: $ntp_openssl" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CFLAGS_NTP: ($CFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CFLAGS_NTP: ($CFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDADD_NTP: ($LDADD_NTP)" >&5 +printf "%s\n" "$as_me: LDADD_NTP: ($LDADD_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&6;} + esac + + + +CFLAGS="$NTPSSL_SAVED_CFLAGS" +CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS" +LIBS="$NTPSSL_SAVED_LIBS" +LDFLAGS="$NTPSSL_SAVED_LDFLAGS" + +{ NTPSSL_SAVED_CFLAGS=; unset NTPSSL_SAVED_CFLAGS;} +{ NTPSSL_SAVED_CPPFLAGS=; unset NTPSSL_SAVED_CPPFLAGS;} +{ NTPSSL_SAVED_LIBS=; unset NTPSSL_SAVED_LIBS;} +{ NTPSSL_SAVED_LDFLAGS=; unset NTPSSL_SAVED_LDFLAGS;} +{ ntp_enable_cmac=; unset ntp_enable_cmac;} +{ ntp_use_Wstrict_prototypes=; unset ntp_use_Wstrict_prototypes;} +{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;} +{ ntp_openssl_version=; unset ntp_openssl_version;} +{ ntp_ssl_cflags=; unset ntp_ssl_cflags;} +{ ntp_ssl_cppflags=; unset ntp_ssl_cppflags;} +{ ntp_ssl_libdir_search=; unset ntp_ssl_libdir_search;} +{ ntp_ssl_incdir_search=; unset ntp_ssl_incdir_search;} +{ ntp_ssl_libdir=; unset ntp_ssl_libdir;} +{ ntp_ssl_incdir=; unset ntp_ssl_incdir;} +{ ntp_ssl_libs_l=; unset ntp_ssl_libs_l;} +{ ntp_ssl_libs_L=; unset ntp_ssl_libs_L;} +{ ntp_ssl_ldflags=; unset ntp_ssl_ldflags;} + + + + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we want to use SSL library's secure random numbers" >&5 +printf %s "checking if we want to use SSL library's secure random numbers... " >&6; } +# Check whether --enable-openssl-random was given. +if test ${enable_openssl_random+y} +then : + enableval=$enable_openssl_random; ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval +else $as_nop + ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_use_openssl_random" >&5 +printf "%s\n" "$ntp_use_openssl_random" >&6; } + +# The following might need extra libraries +NTPO_SAVED_LIBS="$LIBS" +LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" +ac_fn_c_check_func "$LINENO" "RAND_bytes" "ac_cv_func_RAND_bytes" +if test "x$ac_cv_func_RAND_bytes" = xyes +then : + printf "%s\n" "#define HAVE_RAND_BYTES 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "RAND_poll" "ac_cv_func_RAND_poll" +if test "x$ac_cv_func_RAND_poll" = xyes +then : + printf "%s\n" "#define HAVE_RAND_POLL 1" >>confdefs.h + +fi + +LIBS="$NTPO_SAVED_LIBS" +case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in + yesyesyesyes) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using SSL library's secure random number generator" >&5 +printf "%s\n" "$as_me: Using SSL library's secure random number generator" >&6;} + +printf "%s\n" "#define USE_OPENSSL_CRYPTO_RAND 1" >>confdefs.h + ;; + *) + ntp_use_openssl_random=no + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: SSL library's secure random number generator unavailable." >&5 +printf "%s\n" "$as_me: SSL library's secure random number generator unavailable." >&6;} + case "$ntp_ssl_random_mandatory" in + yes) + as_fn_error $? "No suitable SSL library was found and +--enable-openssl-random was given.. Remove --enable-openssl-random +if you wish to build without a cryptographically secure random number +generator. + +WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable. + " "$LINENO" 5 + ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable. + " >&5 +printf "%s\n" "$as_me: WARNING: WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable. + " >&2;} + esac esac +{ ntp_ssl_random_mandatory=; unset ntp_ssl_random_mandatory;} + + + +LDADD_LIBNTP="$LDADD_LIBNTP $LIBS" +LIBS=$SAVED_LIBS +{ SAVED_LIBS=; unset SAVED_LIBS;} + + + for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. @@ -25875,9 +26824,6 @@ printf "%s\n" "no" >&6; } fi - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 printf %s "checking whether ln -s works... " >&6; } LN_S=$as_ln_s @@ -25889,65 +26835,6 @@ else printf "%s\n" "no, using $LN_S" >&6; } fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing strerror" >&5 -printf %s "checking for library containing strerror... " >&6; } -if test ${ac_cv_search_strerror+y} -then : - printf %s "(cached) " >&6 -else $as_nop - ac_func_search_save_LIBS=$LIBS -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -char strerror (); -int -main (void) -{ -return strerror (); - ; - return 0; -} -_ACEOF -for ac_lib in '' cposix -do - if test -z "$ac_lib"; then - ac_res="none required" - else - ac_res=-l$ac_lib - LIBS="-l$ac_lib $ac_func_search_save_LIBS" - fi - if ac_fn_c_try_link "$LINENO" -then : - ac_cv_search_strerror=$ac_res -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext - if test ${ac_cv_search_strerror+y} -then : - break -fi -done -if test ${ac_cv_search_strerror+y} -then : - -else $as_nop - ac_cv_search_strerror=no -fi -rm conftest.$ac_ext -LIBS=$ac_func_search_save_LIBS -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_strerror" >&5 -printf "%s\n" "$ac_cv_search_strerror" >&6; } -ac_res=$ac_cv_search_strerror -if test "$ac_res" != no -then : - test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - -fi - # Extract the first word of "perl", so it can be a program name with args. @@ -26352,35 +27239,39 @@ fi esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for facilitynames in syslog.h" >&5 printf %s "checking for facilitynames in syslog.h... " >&6; } if test ${ac_cv_HAVE_SYSLOG_FACILITYNAMES+y} then : printf %s "(cached) " >&6 else $as_nop - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define SYSLOG_NAMES -#include <stdlib.h> -#include <syslog.h> + #define SYSLOG_NAMES + #include <stdlib.h> + #include <syslog.h> int main (void) { - void *fnames; fnames = facilitynames; + + void *fnames = facilitynames; + + ; return 0; } + ac_cv_HAVE_SYSLOG_FACILITYNAMES=yes _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ac_cv_HAVE_SYSLOG_FACILITYNAMES=yes -else $as_nop ac_cv_HAVE_SYSLOG_FACILITYNAMES=no + fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_HAVE_SYSLOG_FACILITYNAMES" >&5 printf "%s\n" "$ac_cv_HAVE_SYSLOG_FACILITYNAMES" >&6; } @@ -26393,11 +27284,6 @@ printf "%s\n" "#define HAVE_SYSLOG_FACILITYNAMES 1" >>confdefs.h no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: No facilitynames in <syslog.h>" >&5 printf "%s\n" "$as_me: WARNING: No facilitynames in <syslog.h>" >&2;} - ;; - cross) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: facilitynames in <syslog.h> - cross-compiling" >&5 -printf "%s\n" "$as_me: WARNING: facilitynames in <syslog.h> - cross-compiling" >&2;} - ;; esac @@ -26409,7 +27295,10 @@ case "$host" in *) # HMS: Make sure we check for -lrt for clock_* before this... case "$ac_cv_search_clock_gettime" in - '') as_fn_error $? "Internal Error: Haven't looked for clock_gettime() yet!" "$LINENO" 5 ;; + '') { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Internal Error: Haven't looked for clock_gettime() yet! +See \`config.log' for more details" "$LINENO" 5; } ;; esac { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing sched_setscheduler" >&5 printf %s "checking for library containing sched_setscheduler... " >&6; } @@ -26479,6 +27368,12 @@ then : printf "%s\n" "#define HAVE_BSTRING_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "sys/procctl.h" "ac_cv_header_sys_procctl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_procctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PROCCTL_H 1" >>confdefs.h + +fi ac_fn_c_check_header_compile "$LINENO" "dns_sd.h" "ac_cv_header_dns_sd_h" "$ac_includes_default" if test "x$ac_cv_header_dns_sd_h" = xyes @@ -31425,530 +32320,7 @@ esac { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ans" >&5 printf "%s\n" "$ans" >&6; } - - - -VER_SUFFIX= - - - - -# Check whether --with-crypto was given. -if test ${with_crypto+y} -then : - withval=$with_crypto; -fi - - -# Check whether --with-openssl-libdir was given. -if test ${with_openssl_libdir+y} -then : - withval=$with_openssl_libdir; -fi - - -# Check whether --with-openssl-incdir was given. -if test ${with_openssl_incdir+y} -then : - withval=$with_openssl_incdir; -fi - - -# Check whether --with-rpath was given. -if test ${with_rpath+y} -then : - withval=$with_rpath; -fi - - -ntp_openssl=no -ntp_openssl_from_pkg_config=no - -with_crypto=${with_crypto:-openssl,libcrypto} -case "$with_crypto" in - yes) - with_crypto=openssl,libcrypto -esac - - -case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in - no:*) ;; - *:notempty:notgiven:notgiven) - for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config for $pkg" >&5 -printf %s "checking pkg-config for $pkg... " >&6; } - if $PKG_CONFIG --exists $pkg ; then - CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`" - CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`" - LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`" - LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`" - LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`" - VER_SUFFIX=o - ntp_openssl=yes - ntp_openssl_from_pkg_config=yes - ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" - case "$ntp_openssl_version" in - *.*) ;; - *) ntp_openssl_version='(unknown)' ;; - esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 -printf "%s\n" "yes, version $ntp_openssl_version" >&6; } - - break - fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } - done -esac -case "$with_crypto:$ntp_openssl" in - no:*) ;; - *:no) - need_dash_r= - need_dash_Wlrpath= - case "${with_rpath-notgiven}" in - yes) - # Lame - what to do if we need -Wl... but not -R? - need_dash_r=1 - ;; - notgiven) - case "$host" in - *-*-linux*) - # This may really only be true for gcc - need_dash_Wlrpath=1 - ;; - *-*-netbsd*) - need_dash_r=1 - ;; - *-*-solaris*) - need_dash_r=1 - ;; - esac - ;; - esac - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openssl library directory" >&5 -printf %s "checking for openssl library directory... " >&6; } - with_openssl_libdir=${with_openssl_libdir-notgiven} - case "$with_openssl_libdir" in - notgiven) - case "$build" in - $host) - with_openssl_libdir=default - ;; - *) - with_openssl_libdir=no - ;; - esac - esac - case "$with_openssl_libdir" in - default) - # Look in: - with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib" - with_openssl_libdir="$with_openssl_libdir /usr/local/lib" - with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib" - esac - case "$with_openssl_libdir" in - no) - ;; - *) # Look for libcrypto.a and libssl.a: - for i in $with_openssl_libdir no - do - case "$host" in - *-*-darwin*) - test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break - ;; - *) - test -f $i/libcrypto.so -a -f $i/libssl.so && break - test -f $i/libcrypto.a -a -f $i/libssl.a && break - ;; - esac - done - openssl_libdir=$i - ;; - esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssl_libdir" >&5 -printf "%s\n" "$openssl_libdir" >&6; } - case "$openssl_libdir" in - no) - openssl_libdir= - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libcrypto and libssl not found in any of $with_openssl_libdir" >&5 -printf "%s\n" "$as_me: WARNING: libcrypto and libssl not found in any of $with_openssl_libdir" >&2;} - esac - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openssl include directory" >&5 -printf %s "checking for openssl include directory... " >&6; } - with_openssl_incdir=${with_openssl_incdir-notgiven} - case "$with_openssl_incdir" in - notgiven) - # Look in: - with_openssl_incdir="/usr/include /usr/sfw/include" - with_openssl_incdir="$with_openssl_incdir /usr/local/include" - with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include" - esac - case "$with_openssl_incdir" in - no) - ;; - *) # look for openssl/evp.h: - for i in $with_openssl_incdir no - do - test -f $i/openssl/evp.h && break - done - openssl_incdir=$i - ;; - esac - { i=; unset i;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssl_incdir" >&5 -printf "%s\n" "$openssl_incdir" >&6; } - case "$openssl_incdir" in - no) - openssl_incdir= - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: did not find openssl/evp.h in any of $with_openssl_incdir" >&5 -printf "%s\n" "$as_me: WARNING: did not find openssl/evp.h in any of $with_openssl_incdir" >&2;} - esac - if test -z "$openssl_libdir" -o -z "$openssl_incdir" - then - ntp_openssl=no - else - ntp_openssl=yes - VER_SUFFIX=o - fi - case "$ntp_openssl" in - yes) - # We have OpenSSL inc/lib dirs - use them. - case "$openssl_incdir" in - /usr/include) - ;; - *) - CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir" - ;; - esac - case "$openssl_libdir" in - /usr/lib) - ;; - *) - LDADD_NTP="$LDADD_NTP -L$openssl_libdir" - case "$need_dash_r" in - 1) - LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir" - esac - case "$need_dash_Wlrpath" in - 1) - LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir" - esac - ;; - esac - LDADD_NTP="$LDADD_NTP -lcrypto" - esac -esac - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we will use crypto" >&5 -printf %s "checking if we will use crypto... " >&6; } -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_openssl" >&5 -printf "%s\n" "$ntp_openssl" >&6; } - -case "$ntp_openssl" in - yes) - ac_fn_c_check_header_compile "$LINENO" "openssl/cmac.h" "ac_cv_header_openssl_cmac_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_cmac_h" = xyes -then : - printf "%s\n" "#define HAVE_OPENSSL_CMAC_H 1" >>confdefs.h - -fi -ac_fn_c_check_header_compile "$LINENO" "openssl/hmac.h" "ac_cv_header_openssl_hmac_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_hmac_h" = xyes -then : - printf "%s\n" "#define HAVE_OPENSSL_HMAC_H 1" >>confdefs.h - -fi - - -printf "%s\n" "#define OPENSSL /**/" >>confdefs.h - - case "$VER_SUFFIX" in - *o*) ;; - *) as_fn_error $? "OPENSSL set but no 'o' in VER_SUFFIX!" "$LINENO" 5 ;; - esac - ;; -esac - -NTPO_SAVED_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP" -NTPO_SAVED_LIBS="$LIBS" - -# -# check for linking with -lcrypto failure, and try -lcrypto -lz. -# Helps m68k-atari-mint -# -case "$ntp_openssl:$ntp_openssl_from_pkg_config" in - yes:no) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with -lcrypto alone works" >&5 -printf %s "checking if linking with -lcrypto alone works... " >&6; } -if test ${ntp_cv_bare_lcrypto+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include "openssl/err.h" - #include "openssl/evp.h" - -int -main (void) -{ - - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - ntp_cv_bare_lcrypto=yes -else $as_nop - ntp_cv_bare_lcrypto=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_bare_lcrypto" >&5 -printf "%s\n" "$ntp_cv_bare_lcrypto" >&6; } - case "$ntp_cv_bare_lcrypto" in - no) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with -lcrypto -lz works" >&5 -printf %s "checking if linking with -lcrypto -lz works... " >&6; } -if test ${ntp_cv_lcrypto_lz+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include "openssl/err.h" - #include "openssl/evp.h" - -int -main (void) -{ - - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - ntp_cv_lcrypto_lz=yes -else $as_nop - ntp_cv_lcrypto_lz=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_lcrypto_lz" >&5 -printf "%s\n" "$ntp_cv_lcrypto_lz" >&6; } - case "$ntp_cv_lcrypto_lz" in - yes) - LDADD_NTP="$LDADD_NTP -lz" - esac - esac -esac - -# -# Older OpenSSL headers have a number of callback prototypes inside -# other function prototypes which trigger copious warnings with gcc's -# -Wstrict-prototypes, which is included in -Wall. -# -# An example: -# -# int i2d_RSA_NET(const RSA *a, unsigned char **pp, -# int (*cb)(), int sgckey); -# ^^^^^^^^^^^ -# -# -# -openssl_triggers_warnings=unknown -NTPO_SAVED_CFLAGS="$CFLAGS" - -case "$ntp_openssl:$GCC" in - yes:yes) - CFLAGS="$CFLAGS -Werror" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -int -main (void) -{ - - /* see if -Werror breaks gcc */ - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - gcc_handles_Werror=yes -else $as_nop - gcc_handles_Werror=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - case "$gcc_handles_Werror" in - no) - # if this gcc doesn't do -Werror go ahead and use - # -Wstrict-prototypes. - openssl_triggers_warnings=yes - ;; - yes) - CFLAGS="$CFLAGS -Wstrict-prototypes" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include "openssl/asn1_mac.h" - #include "openssl/bn.h" - #include "openssl/err.h" - #include "openssl/evp.h" - #include "openssl/pem.h" - #include "openssl/rand.h" - #include "openssl/x509v3.h" - -int -main (void) -{ - - /* empty body */ - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - openssl_triggers_warnings=no -else $as_nop - openssl_triggers_warnings=yes - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - esac - case "$openssl_triggers_warnings" in - yes) - CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes" - ;; - *) - CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" - esac - ;; - no:yes) - # gcc without OpenSSL - CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" -esac - -# Because we don't want -Werror for the EVP_MD_do_all_sorted check -CFLAGS="$NTPO_SAVED_CFLAGS" - -case "$ntp_openssl" in - yes) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" - ac_fn_c_check_func "$LINENO" "EVP_MD_do_all_sorted" "ac_cv_func_EVP_MD_do_all_sorted" -if test "x$ac_cv_func_EVP_MD_do_all_sorted" = xyes -then : - printf "%s\n" "#define HAVE_EVP_MD_DO_ALL_SORTED 1" >>confdefs.h - -fi - - ;; -esac - - -CPPFLAGS="$NTPO_SAVED_CPPFLAGS" -LIBS="$NTPO_SAVED_LIBS" -{ NTPO_SAVED_CFLAGS=; unset NTPO_SAVED_CFLAGS;} -{ NTPO_SAVED_CPPFLAGS=; unset NTPO_SAVED_CPPFLAGS;} -{ NTPO_SAVED_LIBS=; unset NTPO_SAVED_LIBS;} -{ openssl_triggers_warnings=; unset openssl_triggers_warnings;} -{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;} - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we want to enable CMAC support" >&5 -printf %s "checking if we want to enable CMAC support... " >&6; } -case "$ac_cv_header_openssl_cmac_h" in - yes) - -printf "%s\n" "#define ENABLE_CMAC 1" >>confdefs.h - - ans="yes" - ;; - *) ans="no" - ;; -esac -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ans" >&5 -printf "%s\n" "$ans" >&6; } - - - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we want to use OpenSSL's crypto random (if available)" >&5 -printf %s "checking if we want to use OpenSSL's crypto random (if available)... " >&6; } -# Check whether --enable-openssl-random was given. -if test ${enable_openssl_random+y} -then : - enableval=$enable_openssl_random; ntp_use_openssl_random=$enableval -else $as_nop - ntp_use_openssl_random=yes - -fi - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_use_openssl_random" >&5 -printf "%s\n" "$ntp_use_openssl_random" >&6; } - -# The following might need extra libraries -NTPO_SAVED_LIBS="$LIBS" -LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" -ac_fn_c_check_func "$LINENO" "RAND_bytes" "ac_cv_func_RAND_bytes" -if test "x$ac_cv_func_RAND_bytes" = xyes -then : - printf "%s\n" "#define HAVE_RAND_BYTES 1" >>confdefs.h - -fi -ac_fn_c_check_func "$LINENO" "RAND_poll" "ac_cv_func_RAND_poll" -if test "x$ac_cv_func_RAND_poll" = xyes -then : - printf "%s\n" "#define HAVE_RAND_POLL 1" >>confdefs.h - -fi - -LIBS="$NTPO_SAVED_LIBS" -case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in - yesyesyesyes) - -printf "%s\n" "#define USE_OPENSSL_CRYPTO_RAND 1" >>confdefs.h - - ;; - *) ntp_use_openssl_random=no ;; -esac - - - -# if we are using OpenSSL (--with-crypto), by default Autokey is enabled -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we want to include NTP Autokey protocol support" >&5 -printf %s "checking if we want to include NTP Autokey protocol support... " >&6; } +# if we have crypto, by default Autokey is enabled # Check whether --enable-autokey was given. if test ${enable_autokey+y} then : @@ -31964,8 +32336,8 @@ case "$ntp_autokey" in *) case "$ntp_openssl" in no) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Disabling Autokey, --enable-autokey requires --with-crypto." >&5 -printf "%s\n" "$as_me: WARNING: Disabling Autokey, --enable-autokey requires --with-crypto." >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Disabling Autokey, crypto unavailable." >&5 +printf "%s\n" "$as_me: WARNING: Disabling Autokey, crypto unavailable." >&2;} ntp_autokey=no ;; *) @@ -31977,6 +32349,8 @@ printf "%s\n" "#define AUTOKEY 1" >>confdefs.h esac ;; esac +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if NTP Autokey protocol will be supported" >&5 +printf %s "checking if NTP Autokey protocol will be supported... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_autokey" >&5 printf "%s\n" "$ntp_autokey" >&6; } @@ -34457,6 +34831,8 @@ printf "%s\n" "#define DYNAMIC_INTERLEAVE $ntp_dynamic_interleave" >>confdefs.h printf "%s\n" "$ntp_ok" >&6; } + + # We may not need have_unity have_unity=false # Extract the first word of "ruby", so it can be a program name with args. @@ -34951,6 +35327,10 @@ if test -z "${PTHREADS_TRUE}" && test -z "${PTHREADS_FALSE}"; then as_fn_error $? "conditional \"PTHREADS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${LIBNTP_SUBMAKES_TRUE}" && test -z "${LIBNTP_SUBMAKES_FALSE}"; then + as_fn_error $? "conditional \"LIBNTP_SUBMAKES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${BUILD_SNTP_TRUE}" && test -z "${BUILD_SNTP_FALSE}"; then as_fn_error $? "conditional \"BUILD_SNTP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -35365,7 +35745,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ntp $as_me 4.2.8p17, which was +This file was extended by ntp $as_me 4.2.8p18, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -35434,7 +35814,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -ntp config.status 4.2.8p17 +ntp config.status 4.2.8p18 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -35563,9 +35943,9 @@ AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' -enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' @@ -36674,13 +37054,13 @@ available_tags='' # ### BEGIN LIBTOOL CONFIG -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + # Whether or not to build static libraries. build_old_libs=$enable_static @@ -37166,7 +37546,7 @@ ltmain=$ac_aux_dir/ltmain.sh chmod +x "$ofile" ;; - "ntpd/complete.conf":F) sed -e '/^rlimit$/d' -e '/^$/d' < ntpd/complete.conf > ntpd/complete.conf.new && mv ntpd/complete.conf.new ntpd/complete.conf ;; + "ntpd/complete.conf":F) $SED -e '/^rlimit$/d' -e '/^$/d' < ntpd/complete.conf > ntpd/complete.conf.new && mv ntpd/complete.conf.new ntpd/complete.conf ;; "ntpdc/nl.pl":F) chmod +x ntpdc/nl.pl ;; "scripts/build/genAuthors":F) chmod +x scripts/build/genAuthors ;; "scripts/build/mkver":F) chmod +x scripts/build/mkver ;; diff --git a/configure.ac b/configure.ac index c2dce35e800d..aef705394309 100644 --- a/configure.ac +++ b/configure.ac @@ -35,7 +35,7 @@ AC_PRESERVE_HELP_ORDER # the date YYYYMMDD optionally with -HHMM if there is more than one # bump in a day. -ntp_configure_cache_version=20230326 +ntp_configure_cache_version=20240218 # When the cache version of config.cache and configure do not # match, NTP_CACHEVERSION will flush the cache. @@ -55,6 +55,23 @@ AC_DEFINE_UNQUOTED([STR_SYSTEM], ["$host"], AC_CONFIG_HEADERS([config.h]) dnl AC_ARG_PROGRAM +AC_MSG_CHECKING([if we should enable build framework help]) +AC_ARG_ENABLE( + [build-framework-help], + [AS_HELP_STRING( + [--enable-build-framework-help], + [+ enable build framework help] + )], + [ntp_ok=$enableval], + [ntp_ok=yes] +) +case "$ntp_ok" in + yes) + ntp_cv_build_framework_help=yes ;; + *) ntp_cv_build_framework_help=no ;; +esac +AC_MSG_RESULT([$ntp_ok]) + ntp_atom_ok=${ntp_atom_ok=no} ntp_oncore_ok=${ntp_oncore_ok=no} ntp_parse_ok=${ntp_parse_ok=no} @@ -70,7 +87,7 @@ AX_C99_STRUCT_INIT NTP_HARDEN([sntp]) -NTP_VPATH_HACK dnl used only by ntpd/Makefile.am +NTP_VPATH_HACK dnl used by ntpd/Makefile.am libparse/Makefile.am NTP_LOCINFO([sntp]) dnl takes over from NTP_BINDIR, in NTP_LIBNTP @@ -78,8 +95,7 @@ AM_PROG_AR # So far, the only shared library we might use is libopts. # It's a small library - we might as well use a static version of it. -AC_DISABLE_SHARED -AC_PROG_LIBTOOL +LT_INIT([disable-shared]) AC_SUBST([LIBTOOL_DEPS]) # NTP has (so far) been relying on leading-edge autogen, which @@ -87,7 +103,7 @@ AC_SUBST([LIBTOOL_DEPS]) # Therefore, by default: # - use the version of libopts we ship with # - do not install it -# - build a static copy (AC_DISABLE_SHARED - done earlier) +# - build a static copy (disable-shared - done earlier) case "${enable_local_libopts+set}" in set) ;; *) enable_local_libopts=yes ;; @@ -103,29 +119,13 @@ NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent]) NTP_LIBNTP -AC_MSG_CHECKING([for deprecated --with-arlib]) -AC_ARG_WITH([arlib], - AS_HELP_STRING([--with-arlib], [- deprecated, arlib not distributed]), - [ans=$withval], [ans=no]) -AC_MSG_RESULT([$ans]) - -case "$ans" in - yes) - AC_MSG_WARN([Please do not use --with-arlib, arlib is no longer included. In the future, --with-arlib will not be recognized.]) - ;; -esac - dnl we need to check for cross compile tools for vxWorks here AC_PROG_AWK AS_UNSET([ac_cv_prog_AWK]) AC_SUBST([AWK]) dnl scripts/ntpver.in AC_PROG_MAKE_SET -AC_SUBST([CFLAGS]) -AC_SUBST([LDFLAGS]) - AC_PROG_LN_S -AC_ISC_POSIX AC_PATH_PROG([PATH_PERL], [perl]) @@ -277,13 +277,13 @@ case "$host" in *) # HMS: Make sure we check for -lrt for clock_* before this... case "$ac_cv_search_clock_gettime" in - '') AC_MSG_ERROR([Internal Error: Haven't looked for clock_gettime() yet!]) ;; + '') AC_MSG_FAILURE([Internal Error: Haven't looked for clock_gettime() yet!]) ;; esac AC_SEARCH_LIBS([sched_setscheduler], [rt posix4]) ;; esac -AC_CHECK_HEADERS([bstring.h]) +AC_CHECK_HEADERS([bstring.h sys/procctl.h]) AC_CHECK_HEADER( [dns_sd.h], [AC_SEARCH_LIBS( @@ -3008,23 +3008,7 @@ case "$ntp_libparse" in esac AC_MSG_RESULT([$ans]) -NTP_OPENSSL - -AC_MSG_CHECKING([if we want to enable CMAC support]) -case "$ac_cv_header_openssl_cmac_h" in - yes) - AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?]) - ans="yes" - ;; - *) ans="no" - ;; -esac -AC_MSG_RESULT([$ans]) - -NTP_CRYPTO_RAND - -# if we are using OpenSSL (--with-crypto), by default Autokey is enabled -AC_MSG_CHECKING([if we want to include NTP Autokey protocol support]) +# if we have crypto, by default Autokey is enabled AC_ARG_ENABLE( [autokey], AS_HELP_STRING( @@ -3040,7 +3024,7 @@ case "$ntp_autokey" in *) case "$ntp_openssl" in no) - AC_MSG_WARN([Disabling Autokey, --enable-autokey requires --with-crypto.]) + AC_MSG_WARN([Disabling Autokey, crypto unavailable.]) ntp_autokey=no ;; *) @@ -3050,6 +3034,7 @@ case "$ntp_autokey" in esac ;; esac +AC_MSG_CHECKING([if NTP Autokey protocol will be supported]) AC_MSG_RESULT([$ntp_autokey]) AC_SUBST([MAKE_CHECK_LAYOUT]) @@ -4432,6 +4417,18 @@ AC_DEFINE_UNQUOTED([DYNAMIC_INTERLEAVE], [$ntp_dynamic_interleave], [support dynamic interleave?]) AC_MSG_RESULT([$ntp_ok]) +AH_BOTTOM([ + /* + * Macro to use in otherwise-empty source files to comply with ANSI C + * requirement that each translation unit (source file) contain some + * declaration. This has commonly been done by declaring an unused + * global variable of type int or char. An extern reference to abs() + * serves the same purpose without bloat. We once used exit() but + * that can produce warnings on systems that declare exit() noreturn. + */ + #define NONEMPTY_TRANSLATION_UNIT extern int abs(int); +]) + NTP_UNITYBUILD NTP_PROBLEM_TESTS @@ -4455,7 +4452,7 @@ AC_CONFIG_FILES([kernel/sys/Makefile]) AC_CONFIG_FILES([libntp/Makefile]) AC_CONFIG_FILES([libparse/Makefile]) AC_CONFIG_FILES([ntpd/Makefile]) -AC_CONFIG_FILES([ntpd/complete.conf], [sed -e '/^rlimit$/d' -e '/^$/d' < ntpd/complete.conf > ntpd/complete.conf.new && mv ntpd/complete.conf.new ntpd/complete.conf]) +AC_CONFIG_FILES([ntpd/complete.conf], [$SED -e '/^rlimit$/d' -e '/^$/d' < ntpd/complete.conf > ntpd/complete.conf.new && mv ntpd/complete.conf.new ntpd/complete.conf]) AC_CONFIG_FILES([ntpdate/Makefile]) AC_CONFIG_FILES([ntpdc/Makefile]) AC_CONFIG_FILES([ntpdc/nl.pl], [chmod +x ntpdc/nl.pl]) diff --git a/flock-build b/flock-build index b537ac349175..14767b934e17 100755 --- a/flock-build +++ b/flock-build @@ -34,23 +34,11 @@ case "$PARALLEL_BUILDS" in *) echo Launching $PARALLEL_BUILDS parallel builds on each machine esac -# Backroom: -# barnstable freebsd-6.1 -# beauregard freebsd-6.0 -# X churchy alpha-dec-osf5.1 -# deacon sparc-sun-solaris2.10 -# grundoon freebsd-6.2 -# howland freebsd-6.1 -# o macabre freebsd-6.1-STABLE -# o mort freebsd-6.1 -# whimsy sparc-sun-solaris2.10 - # Campus: # * baldwin sparc-sun-solaris2.10 # * bridgeport sparc-sun-solaris2.10 -# * malarky sparc-sun-solaris2.10 # * pogo sparc-sun-solaris2.10 -# * rackety freebsd-6.1 +# * rackety sparc-sun-solaris2.10 if [ ! -r sntp/libevent/build-aux/config.guess ] ; then echo "Error: bootstrap required." 1>&2 && exit 1 @@ -80,8 +68,8 @@ do case "1" in 0) ssh $i "cd $c_d ; ./build $SIG $PARSE $STD $BUILD_ARGS" & - ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS" & - ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --without-crypto --enable-c99-snprintf $BUILD_ARGS" & + ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --disable-debugging --disable-saveconfig $BUILD_ARGS" & + ssh $i "cd $c_d ; ./build $SIG $PARSE $STD --without-crypto --enable-c99-snprintf --enable-leap-smear $BUILD_ARGS" & ssh $i "cd $c_d ; ./build $SIG $STD --disable-all-clocks --disable-autokey --without-sntp --disable-thread-support $BUILD_ARGS" & ;; 1) @@ -103,13 +91,13 @@ do case $FB_FIRSTONLY in '0') - ./build $SIG $PARSE $STD --disable-debugging $BUILD_ARGS & + ./build $SIG $PARSE $STD --disable-debugging --disable-saveconfig $BUILD_ARGS & COUNT=\`expr \$COUNT + 1\` echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4 [ 0 -lt \`expr \$COUNT % $PARALLEL_BUILDS\` ] || wait - ./build $SIG $PARSE $STD --without-crypto --enable-c99-snprintf $BUILD_ARGS & + ./build $SIG $PARSE $STD --without-crypto --enable-c99-snprintf --enable-leap-smear $BUILD_ARGS & COUNT=\`expr \$COUNT + 1\` echo \`date -u '+%H:%M:%S'\` $i started build \$COUNT of 4 diff --git a/html/.datecheck b/html/.datecheck new file mode 100644 index 000000000000..e69de29bb2d1 --- /dev/null +++ b/html/.datecheck diff --git a/html/clockopt.html b/html/clockopt.html index 5b2de7e58d6e..5a721a8a745e 100644 --- a/html/clockopt.html +++ b/html/clockopt.html @@ -29,8 +29,8 @@ <dd>Marks the reference clock as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for further information.</dd> <dt><tt>mode <i>int</i></tt></dt> <dd>Specifies a mode number which is interpreted in a device-specific fashion. For instance, it selects a dialing protocol in the ACTS driver and a device subtype in the <tt>parse</tt> drivers.</dd> - <dt><tt>minpoll <i>int</i></tt><br> - <tt>maxpoll <i>int</i></tt></dt> + <dt><tt>minpoll <i>int</i></tt></dt> + <dt><tt>maxpoll <i>int</i></tt></dt> <dd>These options specify the minimum and maximum polling interval for reference clock messages in log<sub>2</sub> seconds. For most directly connected reference clocks, both <tt>minpoll</tt> and <tt>maxpoll</tt> default to 6 (64 s). For modem reference clocks, <tt>minpoll</tt> is ordinarily set to 10 (about 17 m) and <tt>maxpoll</tt> to 15 (about 9 h). The allowable range is 4 (16 s) to 17 (36 h) inclusive.</dd> </dl> </dd> @@ -48,7 +48,10 @@ <dd>Specifies the stratum number assigned to the driver in the range 0 to 15, inclusive. This number overrides the default stratum number ordinarily assigned by the driver itself, usually zero.</dd> <dt><tt>refid <i>string</i></tt></dt> <dd>Specifies an ASCII string of from one to four characters which defines the reference identifier used by the driver. This string overrides the default identifier ordinarily assigned by the driver itself.</dd> - <dt><tt>flag1 flag2 flag3 flag4</tt></dt> + <dt><tt>flag1 0|1</tt></dt> + <dt><tt>flag2 0|1</tt></dt> + <dt><tt>flag3 0|1</tt></dt> + <dt><tt>flag4 0|1</tt></dt> <dd>These four flags are used for customizing the clock driver. The interpretation of these values, and whether they are used at all, is a function of the particular driver. However, by convention <tt>flag4</tt> is used to enable recording monitoring data to the <tt>clockstats</tt> file configured with the <tt>filegen</tt> command. Additional information on the <tt>filegen</tt> command is on the <a href="monopt.html">Monitoring Options</a> page.</dd> <dt><tt>minjitter <i>secs</i></tt></dt> <dd>If the source has a jitter that cannot be sensibly estimated, because diff --git a/html/copyright.html b/html/copyright.html index d00cf9712178..7584aefc3230 100644 --- a/html/copyright.html +++ b/html/copyright.html @@ -9,7 +9,7 @@ <h3>Copyright Notice</h3> <img src="pic/sheepb.jpg" alt="jpg" align="left"> "Clone me," says Dolly sheepishly. <p>Last update: - <!-- #BeginDate format:En2m -->2-Mar-2023 05:21<!-- #EndDate --> + <!-- #BeginDate format:En2m -->7-Jan-2024 00:29<!-- #EndDate --> UTC</p> <br clear="left"> </p> @@ -38,7 +38,7 @@ <pre> *********************************************************************** * * -* Copyright (c) Network Time Foundation 2011-2023 * +* Copyright (c) Network Time Foundation 2011-2024 * * * * All Rights Reserved * * * diff --git a/html/release.html b/html/release.html index f940603a0947..d354ba653953 100644 --- a/html/release.html +++ b/html/release.html @@ -37,7 +37,7 @@ <li>There are two new burst mode features available where special conditions apply. One of these is enabled by the <tt>iburst</tt> keyword in the <tt>server</tt> configuration command. It is intended for cases where it is important to set the clock quickly when an association is first mobilized. The other is enabled by the <tt>burst</tt> keyword in the <tt>server</tt> configuration command. It is intended for cases where the network attachment requires an initial calling or training procedure. See the <a href="assoc.html">Association Management</a> page for further information.</li> <li>The OpenSSL cryptographic library has replaced the library formerly available from RSA Laboratories. All cryptographic routines except a version of the MD5 message digest algorithm have been removed from the base distribution. All 128-bit and 160-bit message digests algorithms are now supported for both symmetric key and public key cryptosystems. See the <a href="authentic.html">Authentication Support</a> page for further information and the <a href="authopt.html">Authentication Options</a> page for a list of supported digest algorithms.</li> <li>This release includes support for Autokey public-key cryptography for authenticating public servers to clients, as described in RFC 5906. This support requires the --enable-autokey option when building the distribution, which is the default is OpenSSL is available. The deployment of Autokey subnets is now considerably simpler than in earlier versions. A subnet naming scheme is now available to filter manycast and pool configurations. Additional information about Autokey is on the <a href="autokey.html">Autokey Public Key Authentication</a> page and links from there.</li> - <li>The NTP descrete even simulator has been substantially upgraded, now including scenarios with multiple servers and time-sensitive scripts. This allows the NTP algorithms to be tested in an embedded environment with systematic and pseudo-random network delay and oscillator wander distributions. This has been used to verify correct operation under conditions of extreme error and misconfiguration. See the <a href="ntpdsim.html"><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a> page. A technical description and performance analysis is given in the white papers at the <a href="http://www.eecis.udel.edu/~mills/ntp.html">NTP Project Page</a>.</li> + <li>The NTP descrete event simulator has been substantially upgraded, now including scenarios with multiple servers and time-sensitive scripts. This allows the NTP algorithms to be tested in an embedded environment with systematic and pseudo-random network delay and oscillator wander distributions. This has been used to verify correct operation under conditions of extreme error and misconfiguration. See the <a href="ntpdsim.html"><tt>ntpdsim</tt> - Network Time Protocol (NTP) simulator</a> page. A technical description and performance analysis is given in the white papers at the <a href="http://www.eecis.udel.edu/~mills/ntp.html">NTP Project Page</a>.</li> <li>NTPv4 includes three new server discovery schemes, which in most applications can avoid per-host configuration altogether. Two of these are based on IP multicast technology, while the remaining one is based on crafted DNS lookups. See the <a href="discover.html">Automatic NTP Configuration Schemes</a> page for further information.</li> <li>The status display and event report monitoring functions have been considerably expanded, including new statistics files and event reporting to files and the system log. See the <a href="decode.html">Event Messages and Status Words</a> page for further information.</li> <li>Several new options have been added for the <tt>ntpd</tt> command line. For the inveterate knob twiddlers several of the more important performance variables can be changed to fit actual or perceived special conditions. In particular, the <tt>tinker</tt> and <tt>tos</tt> commands can be used to adjust thresholds, throw switches and change limits.</li> diff --git a/include/Makefile.am b/include/Makefile.am index dd739ebbcdbd..b661ca639f29 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -8,6 +8,7 @@ noinst_HEADERS = \ ascii.h \ audio.h \ binio.h \ + c99_snprintf.h \ declcond.h \ gps.h \ hopf6039.h \ diff --git a/include/Makefile.in b/include/Makefile.in index 5bf244e81bd8..317111a094b1 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -386,6 +386,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -492,6 +493,7 @@ noinst_HEADERS = \ ascii.h \ audio.h \ binio.h \ + c99_snprintf.h \ declcond.h \ gps.h \ hopf6039.h \ diff --git a/include/c99_snprintf.h b/include/c99_snprintf.h new file mode 100644 index 000000000000..f5c1bf0e117c --- /dev/null +++ b/include/c99_snprintf.h @@ -0,0 +1,28 @@ +/* + * ntp_c99_snprintf.h + * + * Included from config.h to deal with replacing [v]snprintf() on older + * systems. The #undef lines below cannot be directly in config.h as + * config.status modifies each #undef in config.h.in to either be a + * commented-out #undef or a functional #define. Here they are used + * to avoid redefinition warnings on systems such as macos ca. 2024 + * where system headers define [v]snprintf as preprocessor macros. + * + * Do not include this file directly, leave it to config.h. + */ + +#if !defined(_KERNEL) && !defined(PARSESTREAM) +/* + * stdio.h must be included in config.h after _GNU_SOURCE is defined + * but before #define snprintf rpl_snprintf + */ +# include <stdio.h> +#endif + +#ifdef HW_WANT_RPL_SNPRINTF +# undef snprintf +#endif +#ifdef HW_WANT_RPL_VSNPRINTF +# undef vsnprintf +#endif + diff --git a/include/isc/Makefile.in b/include/isc/Makefile.in index 037cfbe354bf..fadd48e1c8ee 100644 --- a/include/isc/Makefile.in +++ b/include/isc/Makefile.in @@ -344,6 +344,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/include/lib_strbuf.h b/include/lib_strbuf.h index 5ee92d6f8341..89da450a5547 100644 --- a/include/lib_strbuf.h +++ b/include/lib_strbuf.h @@ -5,28 +5,28 @@ #define LIB_STRBUF_H #include <ntp_types.h> -#include <ntp_malloc.h> /* for ZERO() */ +#include <ntp_malloc.h> /* for zero_mem() */ -/* - * Sizes of things - */ -#define LIB_NUMBUF 16 #define LIB_BUFLENGTH 128 -typedef char libbufstr[LIB_BUFLENGTH]; -extern libbufstr lib_stringbuf[LIB_NUMBUF]; -extern int lib_nextbuf; -extern int lib_inited; +extern int lib_inited; +extern int ipv4_works; +extern int ipv6_works; +extern void init_lib(void); /* - * Macro to get a pointer to the next buffer + * Get a pointer to the next string buffer of LIB_BUFLENGTH octets. + * New and modified code should use buf = lib_getbuf() directly to + * provide clarity for folks familiar with common C style, but there's + * no need to churn the history with a mechanical switch away from + * LIB_GETBUF(buf). */ -#define LIB_GETBUF(bufp) \ - do { \ - ZERO(lib_stringbuf[lib_nextbuf]); \ - (bufp) = &lib_stringbuf[lib_nextbuf++][0]; \ - lib_nextbuf %= COUNTOF(lib_stringbuf); \ +extern char* lib_getbuf(void); + +#define LIB_GETBUF(bufp) \ + do { \ + (bufp) = lib_getbuf(); \ } while (FALSE) #endif /* LIB_STRBUF_H */ diff --git a/include/ntp.h b/include/ntp.h index 258ddd6138f7..7406a79ea8a4 100644 --- a/include/ntp.h +++ b/include/ntp.h @@ -171,8 +171,8 @@ typedef char s_char; * Eventually the struct tag will change from interface to endpt_tag. * endpt is unrelated to the select algorithm's struct endpoint. */ -typedef struct interface endpt; -struct interface { +typedef struct endpt_tag endpt; +struct endpt_tag { endpt * elink; /* endpt list link */ endpt * mclink; /* per-AF_* multicast list */ void * ioreg_ctx; /* IO registration context */ @@ -185,9 +185,12 @@ struct interface { char name[32]; /* name of interface */ u_short family; /* AF_INET/AF_INET6 */ u_short phase; /* phase in update cycle */ - u_int32 flags; /* interface flags */ + u_int32 flags; /* INT_ flags */ int last_ttl; /* last TTL specified */ u_int32 addr_refid; /* IPv4 addr or IPv6 hash */ +# ifdef WORDS_BIGENDIAN + u_int32 old_refid; /* byte-swapped IPv6 refid */ +# endif int num_mcast; /* mcast addrs enabled */ u_long starttime; /* current_time at creation */ volatile long received; /* number of incoming packets */ @@ -200,11 +203,11 @@ struct interface { }; /* - * Flags for interfaces + * Flags for network endpoints (interfaces or really addresses) */ #define INT_UP 0x001 /* Interface is up */ #define INT_PPP 0x002 /* Point-to-point interface */ -#define INT_LOOPBACK 0x004 /* the loopback interface */ +#define INT_LOOPBACK 0x004 /* ::1 or 127.0.0.1 */ #define INT_BROADCAST 0x008 /* can broadcast out this interface */ #define INT_MULTICAST 0x010 /* can multicast out this interface */ #define INT_BCASTOPEN 0x020 /* broadcast receive socket is open */ @@ -212,7 +215,8 @@ struct interface { #define INT_WILDCARD 0x080 /* wildcard interface - usually skipped */ #define INT_MCASTIF 0x100 /* bound directly to MCAST address */ #define INT_PRIVACY 0x200 /* RFC 4941 IPv6 privacy address */ -#define INT_BCASTXMIT 0x400 /* socket setup to allow broadcasts */ +#define INT_BCASTXMIT 0x400 /* socket setup to allow broadcasts */ +#define INT_LL_OF_GLOB 0x800 /* IPv6 link-local duplicate of global */ /* * Define flasher bits (tests 1 through 11 in packet procedure) @@ -342,12 +346,12 @@ struct peer { u_char status; /* peer status */ u_char new_status; /* under-construction status */ u_char reach; /* reachability register */ + u_char filter_nextpt; /* index into filter shift register */ int flash; /* protocol error test tally bits */ u_long epoch; /* reference epoch */ int burst; /* packets remaining in burst */ int retry; /* retry counter */ int flip; /* interleave mode control */ - int filter_nextpt; /* index into filter shift register */ double filter_delay[NTP_SHIFT]; /* delay shift register */ double filter_offset[NTP_SHIFT]; /* offset shift register */ double filter_disp[NTP_SHIFT]; /* dispersion shift register */ @@ -463,11 +467,12 @@ struct peer { #define FLAG_XLEAVE 0x1000 /* interleaved protocol */ #define FLAG_XB 0x2000 /* interleaved broadcast */ #define FLAG_XBOGUS 0x4000 /* interleaved bogus packet */ -#ifdef OPENSSL +#ifdef AUTOKEY # define FLAG_ASSOC 0x8000 /* autokey request */ -#endif /* OPENSSL */ +#endif #define FLAG_TSTAMP_PPS 0x10000 /* PPS source provides absolute timestamp */ #define FLAG_LOOPNONCE 0x20000 /* Use a nonce for the loopback test */ +#define FLAG_DISABLED 0x40000 /* peer is being torn down */ /* * Definitions for the clear() routine. We use memset() to clear @@ -558,9 +563,15 @@ struct pkt { #define MIN_V4_PKT_LEN (12 * sizeof(u_int32)) /* min header length */ #define LEN_PKT_NOMAC (12 * sizeof(u_int32)) /* min header length */ #define MIN_MAC_LEN (1 * sizeof(u_int32)) /* crypto_NAK */ -#define MAX_MD5_LEN (5 * sizeof(u_int32)) /* MD5 */ -#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* SHA */ +#define MD5_LENGTH 16 +#define SHAKE128_LENGTH 16 +#define CMAC_LENGTH 16 +#define SHA1_LENGTH 20 #define KEY_MAC_LEN sizeof(u_int32) /* key ID in MAC */ +#define MAX_MD5_LEN (KEY_MAC_LEN + MD5_LENGTH) +#define MAX_SHAKE128_LEN (KEY_MAC_LEN + SHAKE128_LENGTH) +#define MAX_SHA1_LEN (KEY_MAC_LEN + SHA1_LENGTH) +#define MAX_MAC_LEN (6 * sizeof(u_int32)) /* any MAC */ #define MAX_MDG_LEN (MAX_MAC_LEN-KEY_MAC_LEN) /* max. digest len */ /* @@ -703,6 +714,10 @@ struct pkt { #define max(a,b) (((a) > (b)) ? (a) : (b)) #define min3(a,b,c) min(min((a),(b)), (c)) +/* clamp a value within a range */ +#define CLAMP(val, minval, maxval) \ + max((minval), min((val), (maxval))) + /* * Configuration items. These are for the protocol module (proto_config()) @@ -783,7 +798,7 @@ typedef struct mon_data mon_entry; struct mon_data { mon_entry * hash_next; /* next structure in hash list */ DECL_DLIST_LINK(mon_entry, mru);/* MRU list link pointers */ - struct interface * lcladr; /* address on which this arrived */ + endpt * lcladr; /* address on which this arrived */ l_fp first; /* first time seen */ l_fp last; /* last time seen */ int leak; /* leaky bucket accumulator */ @@ -804,7 +819,7 @@ struct mon_data { #define MDF_POOL 0x08 /* pool client solicitor */ #define MDF_ACAST 0x10 /* manycast client solicitor */ #define MDF_BCLNT 0x20 /* eph. broadcast/multicast client */ -#define MDF_UCLNT 0x40 /* preemptible manycast or pool client */ +#define MDF_PCLNT 0x40 /* preemptible pool client */ /* * In the context of struct peer in ntpd, three of the cast_flags bits * represent configured associations which never receive packets, and @@ -841,11 +856,10 @@ typedef struct restrict_u_tag restrict_u; struct restrict_u_tag { restrict_u * link; /* link to next entry */ u_int32 count; /* number of packets matched */ + u_int32 expire; /* valid until current_time */ u_short rflags; /* restrict (accesslist) flags */ - u_short mflags; /* match flags */ - short ippeerlimit; /* IP peer limit */ - int srvfuzrftpoll; /* server response: fuzz reftime */ - u_long expire; /* valid until time */ + u_int32 mflags; /* match flags */ + short ippeerlimit; /* limit of associations matching */ union { /* variant starting here */ res_addr4 v4; res_addr6 v6; @@ -856,16 +870,13 @@ struct restrict_u_tag { #define V6_SIZEOF_RESTRICT_U (offsetof(restrict_u, u) \ + sizeof(res_addr6)) +/* restrictions for (4) a given address */ typedef struct r4addr_tag r4addr; struct r4addr_tag { u_short rflags; /* match flags */ short ippeerlimit; /* IP peer limit */ }; -char *build_iflags(u_int32 flags); -char *build_mflags(u_short mflags); -char *build_rflags(u_short rflags); - /* * Restrict (Access) flags (rflags) */ @@ -876,10 +887,6 @@ char *build_rflags(u_short rflags); #define RES_NOPEER 0x0010 /* new association denied */ #define RES_NOEPEER 0x0020 /* new ephemeral association denied */ #define RES_LIMITED 0x0040 /* packet rate exceeded */ -#define RES_FLAGS (RES_IGNORE | RES_DONTSERVE |\ - RES_DONTTRUST | RES_VERSION |\ - RES_NOPEER | RES_NOEPEER | RES_LIMITED) - #define RES_NOQUERY 0x0080 /* mode 6/7 packet denied */ #define RES_NOMODIFY 0x0100 /* mode 6/7 modify denied */ #define RES_NOTRAP 0x0200 /* mode 6/7 set trap denied */ @@ -894,7 +901,10 @@ char *build_rflags(u_short rflags); #define RES_UNUSED 0x0000 /* Unused flag bits (none left) */ -#define RES_ALLFLAGS (RES_FLAGS | RES_NOQUERY | \ +#define RES_ALLFLAGS (RES_IGNORE | RES_DONTSERVE | \ + RES_DONTTRUST | RES_VERSION | \ + RES_NOPEER | RES_NOEPEER | \ + RES_LIMITED | RES_NOQUERY | \ RES_NOMODIFY | RES_NOTRAP | \ RES_LPTRAP | RES_KOD | \ RES_MSSNTP | RES_FLAKE | \ @@ -948,4 +958,15 @@ struct endpoint { #define MRU_ROW_LIMIT 256 /* similar datagrams per response limit for ntpd */ #define MRU_FRAGS_LIMIT 128 + +/* found on POSIX systems in sysexit.h */ +#ifndef EX_SOFTWARE +# define EX_SOFTWARE 70 /* internal software error */ +#endif + +#define BYTESWAP32(u32) \ + (((u_int32)(u32) & 0xff000000) >> 24 | \ + ((u_int32)(u32) & 0xff0000) >> 8 | \ + ((u_int32)(u32) & 0xff00) << 8 | \ + ((u_int32)(u32) & 0xff) << 24) #endif /* NTP_H */ diff --git a/include/ntp_config.h b/include/ntp_config.h index dbb64e3a2eee..2fce70945035 100644 --- a/include/ntp_config.h +++ b/include/ntp_config.h @@ -113,7 +113,9 @@ struct restrict_node_tag { address_node * addr; address_node * mask; attr_val_fifo * flag_tok_fifo; + int/*BOOL*/ remove; int line_no; + int column; short ippeerlimit; short srvfuzrft; }; @@ -317,10 +319,13 @@ void destroy_attr_val(attr_val *node); filegen_node *create_filegen_node(int filegen_token, attr_val_fifo *options); string_node *create_string_node(char *str); -restrict_node *create_restrict_node(address_node *addr, - address_node *mask, - short ippeerlimit, - attr_val_fifo *flags, int line_no); +restrict_node *create_restrict_node(address_node * addr, + address_node * mask, + short ippeerlimit, + attr_val_fifo * flag_tok_fifo, + int/*BOOL*/ remove, + int nline, + int ncol); int_node *create_int_node(int val); addr_opts_node *create_addr_opts_node(address_node *addr, attr_val_fifo *options); diff --git a/include/ntp_control.h b/include/ntp_control.h index 2fe0f30bbd78..91b85aa52df4 100644 --- a/include/ntp_control.h +++ b/include/ntp_control.h @@ -159,7 +159,7 @@ struct ntp_control { */ struct ctl_trap { sockaddr_u tr_addr; /* address of trap recipient */ - struct interface *tr_localaddr; /* interface to send this through */ + endpt *tr_localaddr; /* interface to send this through */ u_long tr_settime; /* time trap was set */ u_long tr_count; /* async messages sent to this guy */ u_long tr_origtime; /* time trap was originally set */ diff --git a/include/ntp_lists.h b/include/ntp_lists.h index d741974943ef..bed692ff294e 100644 --- a/include/ntp_lists.h +++ b/include/ntp_lists.h @@ -181,7 +181,7 @@ do { \ #define UNLINK_EXPR_SLIST(punlinked, listhead, expr, nextlink, \ entrytype) \ -do { \ +if (NULL != (listhead)) { \ entrytype **ppentry; \ \ ppentry = &(listhead); \ @@ -202,6 +202,8 @@ do { \ } else { \ (punlinked) = NULL; \ } \ +} else do { \ + (punlinked) = NULL; \ } while (FALSE) #define UNLINK_SLIST(punlinked, listhead, ptounlink, nextlink, \ diff --git a/include/ntp_md5.h b/include/ntp_md5.h index 8b5a7d0cbb49..22caff350cd9 100644 --- a/include/ntp_md5.h +++ b/include/ntp_md5.h @@ -6,6 +6,18 @@ #ifndef NTP_MD5_H #define NTP_MD5_H +/* Use the system MD5 or fall back on libisc's */ +# if defined HAVE_MD5_H && defined HAVE_MD5INIT +# include <md5.h> +# else +# include "isc/md5.h" + typedef isc_md5_t MD5_CTX; +# define MD5_DIGEST_LENGTH ISC_MD5_DIGESTLENGTH +# define MD5Init(c) isc_md5_init(c) +# define MD5Update(c, p, s) isc_md5_update(c, (const void *)p, s) +# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */ +# endif + # define KEY_TYPE_MD5 NID_md5 #ifdef OPENSSL @@ -20,20 +32,11 @@ /* * Provide OpenSSL-alike MD5 API if we're not using OpenSSL */ -# if defined HAVE_MD5_H && defined HAVE_MD5INIT -# include <md5.h> -# else -# include "isc/md5.h" - typedef isc_md5_t MD5_CTX; -# define MD5Init(c) isc_md5_init(c) -# define MD5Update(c, p, s) isc_md5_update(c, p, s) -# define MD5Final(d, c) isc_md5_final((c), (d)) /* swapped */ -# endif typedef MD5_CTX EVP_MD_CTX; # define NID_md5 4 /* from openssl/objects.h */ -# define EVP_MAX_MD_SIZE 64 /* from openssl/evp.h */ +# define EVP_MAX_MD_SIZE MD5_DIGEST_LENGTH # define EVP_MD_CTX_free(c) free(c) # define EVP_MD_CTX_new() calloc(1, sizeof(MD5_CTX)) # define EVP_get_digestbynid(t) NULL @@ -47,7 +50,7 @@ # define EVP_DigestFinal(c, d, pdl) \ do { \ MD5Final((d), (c)); \ - *(pdl) = 16; \ + *(pdl) = MD5_LENGTH; \ } while (0) # endif /* !OPENSSL */ #endif /* NTP_MD5_H */ diff --git a/include/ntp_net.h b/include/ntp_net.h index 0577402bfb2c..09cc7f65f97b 100644 --- a/include/ntp_net.h +++ b/include/ntp_net.h @@ -195,7 +195,7 @@ typedef union { #define SOCK_UNSPEC_S(psau) \ (SOCK_UNSPEC(psau) && !SCOPE(psau)) -/* choose a default net interface (struct interface) for v4 or v6 */ +/* choose a default net interface (endpt) for v4 or v6 */ #define ANY_INTERFACE_BYFAM(family) \ ((AF_INET == family) \ ? any_interface \ @@ -227,6 +227,12 @@ typedef union { */ #define LOOPBACKADR 0x7f000001 #define LOOPNETMASK 0xff000000 +#ifdef WORDS_BIGENDIAN +# define LOOPBACKADR_N LOOPBACKADR +#else +# define LOOPBACKADR_N 0x0100007f +#endif + #define ISBADADR(srcadr) \ (IS_IPV4(srcadr) \ @@ -234,5 +240,10 @@ typedef union { == (LOOPBACKADR & LOOPNETMASK)) \ && SRCADR(srcadr) != LOOPBACKADR) +#define IS_LOOPBACK_ADDR(psau) \ + (IS_IPV4(psau) \ + ? LOOPBACKADR == SRCADR(psau) \ + : IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(psau)) \ + ) #endif /* NTP_NET_H */ diff --git a/include/ntp_psl.h b/include/ntp_psl.h index a0c2662d44c7..c3a6846f90d0 100644 --- a/include/ntp_psl.h +++ b/include/ntp_psl.h @@ -4,12 +4,15 @@ /* * Poll Skew List Item + * u_in32 is large enough for sub and qty so long as NTP_MAXPOLL < 31 */ - +#if NTP_MAXPOLL >= 31 +#include "psl_item structure needs larger type" +#endif typedef struct psl_item_tag { - int sub; /* int or short? unsigned is OK, but why? */ - int qty; /* int or short? unsigned is OK, but why? */ - int msk; /* int or short? unsigned is OK */ + u_int32 sub; + u_int32 qty; + u_int32 msk; } psl_item; int get_pollskew(int, psl_item *); diff --git a/include/ntp_stdlib.h b/include/ntp_stdlib.h index 446837e3adcb..6f667fbabed7 100644 --- a/include/ntp_stdlib.h +++ b/include/ntp_stdlib.h @@ -11,10 +11,12 @@ #include "declcond.h" /* ntpd uses ntpd/declcond.h, others include/ */ #include "l_stdlib.h" +#include "lib_strbuf.h" #include "ntp_md5.h" #include "ntp_net.h" #include "ntp_debug.h" #include "ntp_malloc.h" +#include "lib_strbuf.h" #include "ntp_string.h" #include "ntp_syslog.h" #include "ntp_keyacc.h" @@ -113,7 +115,7 @@ extern size_t MD5authencrypt (int type, const u_char *key, size_t klen, extern int MD5authdecrypt (int type, const u_char *key, size_t klen, u_int32 *pkt, size_t length, size_t size, keyid_t keyno); -extern u_int32 addr2refid(sockaddr_u *); +extern u_int32 addr2refid (sockaddr_u *); /* authkeys.c */ extern void MD5auth_setkey (keyid_t, int, const u_char *, size_t, @@ -180,7 +182,6 @@ extern const char * k_st_flags (u_int32); extern char * statustoa (int, int); extern sockaddr_u * netof (sockaddr_u *); extern char * numtoa (u_int32); -extern char * numtohost (u_int32); extern const char * socktoa (const sockaddr_u *); extern const char * sockporttoa(const sockaddr_u *); extern u_short sock_hash (const sockaddr_u *); @@ -242,18 +243,21 @@ extern pset_tod_using set_tod_using; #ifdef OPENSSL extern void ssl_init (void); extern void ssl_check_version (void); -extern int ssl_init_done; +extern EVP_MD_CTX* digest_ctx; /* also ssl_init_done */ #define INIT_SSL() \ do { \ - if (!ssl_init_done) \ + if (NULL == digest_ctx) { \ ssl_init(); \ - } while (0) + } \ + } while (FALSE) #else /* !OPENSSL follows */ +#define ssl_check_version() do {} while (0) #define INIT_SSL() do {} while (0) #endif -extern int keytype_from_text (const char *, size_t *); -extern const char *keytype_name (int); -extern char * getpass_keytype (int); +extern int keytype_from_text (const char *text, + size_t *pdigest_len); +extern const char *keytype_name (int type); +extern char * getpass_keytype (int type); /* strl-obsd.c */ #ifndef HAVE_STRLCPY /* + */ diff --git a/include/ntp_tty.h b/include/ntp_tty.h index 6dc48b6c71f1..56f75c115907 100644 --- a/include/ntp_tty.h +++ b/include/ntp_tty.h @@ -100,4 +100,9 @@ extern int ntp_tty_ioctl(int, u_int); # endif #endif +extern int symBaud2numBaud(int symBaud); +# if 0 +extern int numBaud2symBaud(int numBaud); +#endif + #endif /* NTP_TTY_H */ diff --git a/include/ntp_types.h b/include/ntp_types.h index c3cf2c196521..6553f01b8a97 100644 --- a/include/ntp_types.h +++ b/include/ntp_types.h @@ -255,16 +255,6 @@ aligned_ptr( } /* - * Macro to use in otherwise-empty source files to comply with ANSI C - * requirement that each translation unit (source file) contain some - * declaration. This has commonly been done by declaring an unused - * global variable of type int or char. An extern reference to abs() - * serves the same purpose without bloat. We once used exit() but - * that can produce warnings on systems that declare exit() noreturn. - */ -#define NONEMPTY_TRANSLATION_UNIT extern int abs(int); - -/* * On Unix struct sock_timeval is equivalent to struct timeval. * On Windows built with 64-bit time_t, sock_timeval.tv_sec is a long * as required by Windows' socket() interface timeout argument, while diff --git a/include/ntpd.h b/include/ntpd.h index ad3e30fbb889..7de19d72de5a 100644 --- a/include/ntpd.h +++ b/include/ntpd.h @@ -47,6 +47,17 @@ # define DPRINTF(lvl, arg) do {} while (0) #endif +/* clear bitflag only on DEBUG builds */ +#ifdef DEBUG +# define CLEAR_BIT_IF_DEBUG(bit, flags) \ + do { \ + (flags) &= ~(bit); \ + } while (FALSE) +#else +# define CLEAR_BIT_IF_DEBUG(bit, flags) \ + do {} while (FALSE) +#endif + /* nt_clockstuff.c */ #ifdef SYS_WINNT @@ -60,15 +71,15 @@ extern char * saveconfigdir; /* ntpq saveconfig output directory */ extern void getconfig (int, char **); extern void ctl_clr_stats (void); -extern int ctlclrtrap (sockaddr_u *, struct interface *, int); +extern int ctlclrtrap (sockaddr_u *, endpt *, int); extern u_short ctlpeerstatus (struct peer *); -extern int ctlsettrap (sockaddr_u *, struct interface *, int, int); +extern int ctlsettrap (sockaddr_u *, endpt *, int, int); extern u_short ctlsysstatus (void); extern void init_control (void); extern void process_control (struct recvbuf *, int); extern void report_event (int, struct peer *, const char *); -extern int mprintf_event (int, struct peer *, const char *, ...) - NTP_PRINTF(3, 4); +extern int mprintf_event (int evcode, struct peer *p, + const char *fmt, ...) NTP_PRINTF(3, 4); /* ntp_control.c */ /* @@ -118,7 +129,9 @@ extern void enable_broadcast (endpt *, sockaddr_u *); extern void enable_multicast_if (endpt *, sockaddr_u *); extern void interface_update (interface_receiver_t, void *); #ifndef HAVE_IO_COMPLETION_PORT -extern void io_handler (void); +extern void io_handler (void); +#else +extern void WINAPI ip_interface_changed(ULONG_PTR ctx); #endif extern void init_io (void); extern void io_open_sockets (void); @@ -127,8 +140,10 @@ extern void io_setbclient (void); extern void io_unsetbclient (void); extern void io_multicast_add(sockaddr_u *); extern void io_multicast_del(sockaddr_u *); -extern void sendpkt (sockaddr_u *, struct interface *, int, struct pkt *, int); -#ifdef DEBUG +extern void sendpkt (sockaddr_u *dest, endpt * ep, int ttl, + struct pkt *pkt, int len); +extern isc_boolean_t is_linklocal(sockaddr_u *psau); +#ifdef DEBUG_TIMING extern void collect_timing (struct recvbuf *, const char *, int, l_fp *); #endif #ifdef HAVE_SIGNALED_IO @@ -141,8 +156,13 @@ extern void block_io_and_alarm (void); # define UNBLOCK_IO_AND_ALARM() do {} while (0) # define BLOCK_IO_AND_ALARM() do {} while (0) #endif -#define latoa(pif) localaddrtoa(pif) +#define eptoa(pif) localaddrtoa(pif) +#define latoa(pif) eptoa(pif) extern const char * localaddrtoa(endpt *); +#ifdef DEBUG +extern const char * iflags_str(u_int32 iflags); +#endif + /* ntp_loopfilter.c */ extern void init_loopfilter(void); @@ -198,7 +218,7 @@ extern int crypto_xmit (struct peer *, struct pkt *, struct exten *, keyid_t); extern keyid_t session_key (sockaddr_u *, sockaddr_u *, keyid_t, keyid_t, u_long); -extern int make_keylist (struct peer *, struct interface *); +extern int make_keylist (struct peer *, endpt *); extern void key_expire (struct peer *); extern void crypto_update (void); extern void crypto_update_taichange(void); @@ -226,7 +246,7 @@ extern void clock_select (void); extern void set_sys_leap (u_char); extern u_long leapsec; /* seconds to next leap (proximity class) */ -extern int leapdif; /* TAI difference step at next leap second*/ +extern int leapdif; /* TAI difference step at next leap second */ extern int sys_orphan; extern double sys_mindisp; extern double sys_maxdist; @@ -258,18 +278,27 @@ extern void reset_auth_stats(void); /* ntp_restrict.c */ extern void init_restrict (void); extern void restrictions (sockaddr_u *, r4addr *); -extern void hack_restrict (restrict_op, sockaddr_u *, sockaddr_u *, - short, u_short, u_short, u_long); -extern void restrict_source (sockaddr_u *, int, u_long); +extern int/*BOOL*/hack_restrict(restrict_op op, sockaddr_u *resaddr, + sockaddr_u *resmask, short ippeerlimit, + u_short mflags, u_short rflags, + u_int32 expire); +extern void restrict_source (sockaddr_u *addr, int/*BOOL*/ remove, + u_int32 lifetime); +#ifdef DEBUG extern void dump_restricts (void); +extern const char *resop_str (restrict_op op); +extern const char *rflags_str (u_short rflags); +extern const char *mflags_str (u_short mflags); +#endif + /* ntp_timer.c */ extern void init_timer (void); extern void reinit_timer (void); extern void timer (void); extern void timer_clr_stats (void); -extern void timer_interfacetimeout (u_long); -extern volatile int interface_interval; +extern int endpt_scan_period; /* -U option default 301s */ +extern u_long endpt_scan_timer; /* next scan current_time */ extern u_long orphwait; /* orphan wait time */ #ifdef AUTOKEY extern char *sys_hostname; /* host name */ @@ -288,17 +317,29 @@ extern void record_proto_stats (char *); extern void record_loop_stats (double, double, double, double, int); extern void record_clock_stats (sockaddr_u *, const char *); extern int mprintf_clock_stats(sockaddr_u *, const char *, ...) - NTP_PRINTF(2, 3); -extern void record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, int leap, int version, int mode, int stratum, int ppoll, int precision, double root_delay, double root_dispersion, u_int32 refid, int len, u_char *extra); + NTP_PRINTF(2, 3); +extern void record_raw_stats (sockaddr_u *srcadr, sockaddr_u *dstadr, + l_fp *t1, l_fp *t2, l_fp *t3, l_fp *t4, + int leap, int version, int mode, + int stratum, int ppoll, int precision, + double root_delay, double root_dispersion, + u_int32 refid, int len, u_char *extra); extern void check_leap_file (int is_daily_check, u_int32 ntptime, const time_t * systime); extern void record_crypto_stats (sockaddr_u *, const char *); #ifdef DEBUG extern void record_timing_stats (const char *); +extern void append_flagstr(char *flagstr, size_t sz, const char *text); #endif extern char * fstostr(time_t); /* NTP timescale seconds */ /* ntpd.c */ extern void parse_cmdline_opts(int *, char ***); + +/* ntservice.c */ +#ifndef SYS_WINNT +# define ntservice_isup() do {} while (FALSE) +#endif + /* * Signals we catch for debugging. */ @@ -381,7 +422,10 @@ extern volatile u_long handler_pkts; /* number of pkts received by handler */ extern u_long io_timereset; /* time counters were reset */ /* ntp_io.c */ -extern int disable_dynamic_updates; +extern int no_periodic_scan; /* no periodic net addr scans */ +extern int scan_addrs_once; /* no net addr rescans */ +extern int nonlocal_v4_addr_up; /* should we try IPv4 pool? */ +extern int nonlocal_v6_addr_up; /* should we try IPv6 pool? */ extern u_int sys_ifnum; /* next .ifnum to assign */ extern endpt * any_interface; /* IPv4 wildcard */ extern endpt * any6_interface; /* IPv6 wildcard */ diff --git a/include/vint64ops.h b/include/vint64ops.h index 888d342781fb..50a8c4016264 100644 --- a/include/vint64ops.h +++ b/include/vint64ops.h @@ -23,6 +23,6 @@ extern vint64 subv64i32(const vint64 * lhs, int32_t rhs); extern vint64 subv64u32(const vint64 * lhs, uint32_t rhs); /* parsing. works like strtoul() or strtoull() */ -extern vint64 strtouv64(char const * begp, char const ** const endp, int base); +extern vint64 strtouv64(char * begp, char ** endp, int base); #endif /*!defined(VINT64OPS_H)*/ diff --git a/kernel/Makefile.in b/kernel/Makefile.in index f0cf22e84381..40374fd18544 100644 --- a/kernel/Makefile.in +++ b/kernel/Makefile.in @@ -383,6 +383,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/kernel/sys/Makefile.in b/kernel/sys/Makefile.in index 447e32e2cc8e..a09b0a1f39d4 100644 --- a/kernel/sys/Makefile.in +++ b/kernel/sys/Makefile.in @@ -344,6 +344,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/libntp/Makefile.am b/libntp/Makefile.am index 99ce273d4cd1..85ac6e3f9b92 100644 --- a/libntp/Makefile.am +++ b/libntp/Makefile.am @@ -192,7 +192,6 @@ libntp_a_SRCS = \ ntp_rfc2553.c \ ntp_worker.c \ numtoa.c \ - numtohost.c \ octtoint.c \ prettydate.c \ refidsmear.c \ diff --git a/libntp/Makefile.in b/libntp/Makefile.in index 439c5a9fe07a..08032399cbeb 100644 --- a/libntp/Makefile.in +++ b/libntp/Makefile.in @@ -175,12 +175,12 @@ am__libntp_a_SOURCES_DIST = systime.c a_md5encrypt.c adjtime.c \ mktime.c modetoa.c mstolfp.c msyslog.c netof.c ntp_calendar.c \ ntp_calgps.c ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c \ ntp_lineedit.c ntp_random.c ntp_realpath.c ntp_rfc2553.c \ - ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \ - refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \ - socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ - strl_obsd.c syssignal.c timespecops.c timetoa.c timevalops.c \ - timexsup.c uglydate.c vint64ops.c work_fork.c work_thread.c \ - xsbprintf.c ymd2yd.c lib/isc/assertions.c lib/isc/buffer.c \ + ntp_worker.c numtoa.c octtoint.c prettydate.c refidsmear.c \ + recvbuff.c refnumtoa.c snprintf.c socket.c socktoa.c \ + socktohost.c ssl_init.c statestr.c strdup.c strl_obsd.c \ + syssignal.c timespecops.c timetoa.c timevalops.c timexsup.c \ + uglydate.c vint64ops.c work_fork.c work_thread.c xsbprintf.c \ + ymd2yd.c lib/isc/assertions.c lib/isc/buffer.c \ lib/isc/backtrace-emptytbl.c lib/isc/backtrace.c \ lib/isc/unix/dir.c lib/isc/error.c lib/isc/unix/errno2result.c \ lib/isc/event.c lib/isc/unix/file.c lib/isc/inet_ntop.c \ @@ -238,15 +238,15 @@ am__objects_5 = a_md5encrypt.$(OBJEXT) adjtime.$(OBJEXT) \ ntp_libopts.$(OBJEXT) ntp_lineedit.$(OBJEXT) \ ntp_random.$(OBJEXT) ntp_realpath.$(OBJEXT) \ ntp_rfc2553.$(OBJEXT) ntp_worker.$(OBJEXT) numtoa.$(OBJEXT) \ - numtohost.$(OBJEXT) octtoint.$(OBJEXT) prettydate.$(OBJEXT) \ - refidsmear.$(OBJEXT) recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) \ - snprintf.$(OBJEXT) socket.$(OBJEXT) socktoa.$(OBJEXT) \ - socktohost.$(OBJEXT) ssl_init.$(OBJEXT) statestr.$(OBJEXT) \ - strdup.$(OBJEXT) strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) \ - timespecops.$(OBJEXT) timetoa.$(OBJEXT) timevalops.$(OBJEXT) \ - timexsup.$(OBJEXT) uglydate.$(OBJEXT) vint64ops.$(OBJEXT) \ - work_fork.$(OBJEXT) work_thread.$(OBJEXT) xsbprintf.$(OBJEXT) \ - ymd2yd.$(OBJEXT) $(am__objects_4) $(am__objects_1) + octtoint.$(OBJEXT) prettydate.$(OBJEXT) refidsmear.$(OBJEXT) \ + recvbuff.$(OBJEXT) refnumtoa.$(OBJEXT) snprintf.$(OBJEXT) \ + socket.$(OBJEXT) socktoa.$(OBJEXT) socktohost.$(OBJEXT) \ + ssl_init.$(OBJEXT) statestr.$(OBJEXT) strdup.$(OBJEXT) \ + strl_obsd.$(OBJEXT) syssignal.$(OBJEXT) timespecops.$(OBJEXT) \ + timetoa.$(OBJEXT) timevalops.$(OBJEXT) timexsup.$(OBJEXT) \ + uglydate.$(OBJEXT) vint64ops.$(OBJEXT) work_fork.$(OBJEXT) \ + work_thread.$(OBJEXT) xsbprintf.$(OBJEXT) ymd2yd.$(OBJEXT) \ + $(am__objects_4) $(am__objects_1) am_libntp_a_OBJECTS = systime.$(OBJEXT) $(am__objects_5) libntp_a_OBJECTS = $(am_libntp_a_OBJECTS) libntpsim_a_AR = $(AR) $(ARFLAGS) @@ -261,12 +261,12 @@ am__libntpsim_a_SOURCES_DIST = systime_s.c a_md5encrypt.c adjtime.c \ mktime.c modetoa.c mstolfp.c msyslog.c netof.c ntp_calendar.c \ ntp_calgps.c ntp_crypto_rnd.c ntp_intres.c ntp_libopts.c \ ntp_lineedit.c ntp_random.c ntp_realpath.c ntp_rfc2553.c \ - ntp_worker.c numtoa.c numtohost.c octtoint.c prettydate.c \ - refidsmear.c recvbuff.c refnumtoa.c snprintf.c socket.c \ - socktoa.c socktohost.c ssl_init.c statestr.c strdup.c \ - strl_obsd.c syssignal.c timespecops.c timetoa.c timevalops.c \ - timexsup.c uglydate.c vint64ops.c work_fork.c work_thread.c \ - xsbprintf.c ymd2yd.c lib/isc/assertions.c lib/isc/buffer.c \ + ntp_worker.c numtoa.c octtoint.c prettydate.c refidsmear.c \ + recvbuff.c refnumtoa.c snprintf.c socket.c socktoa.c \ + socktohost.c ssl_init.c statestr.c strdup.c strl_obsd.c \ + syssignal.c timespecops.c timetoa.c timevalops.c timexsup.c \ + uglydate.c vint64ops.c work_fork.c work_thread.c xsbprintf.c \ + ymd2yd.c lib/isc/assertions.c lib/isc/buffer.c \ lib/isc/backtrace-emptytbl.c lib/isc/backtrace.c \ lib/isc/unix/dir.c lib/isc/error.c lib/isc/unix/errno2result.c \ lib/isc/event.c lib/isc/unix/file.c lib/isc/inet_ntop.c \ @@ -321,21 +321,20 @@ am__depfiles_remade = ./$(DEPDIR)/a_md5encrypt.Po \ ./$(DEPDIR)/ntp_libopts.Po ./$(DEPDIR)/ntp_lineedit.Po \ ./$(DEPDIR)/ntp_random.Po ./$(DEPDIR)/ntp_realpath.Po \ ./$(DEPDIR)/ntp_rfc2553.Po ./$(DEPDIR)/ntp_worker.Po \ - ./$(DEPDIR)/numtoa.Po ./$(DEPDIR)/numtohost.Po \ - ./$(DEPDIR)/octtoint.Po ./$(DEPDIR)/prettydate.Po \ - ./$(DEPDIR)/recvbuff.Po ./$(DEPDIR)/refidsmear.Po \ - ./$(DEPDIR)/refnumtoa.Po ./$(DEPDIR)/snprintf.Po \ - ./$(DEPDIR)/socket.Po ./$(DEPDIR)/socktoa.Po \ - ./$(DEPDIR)/socktohost.Po ./$(DEPDIR)/ssl_init.Po \ - ./$(DEPDIR)/statestr.Po ./$(DEPDIR)/strdup.Po \ - ./$(DEPDIR)/strl_obsd.Po ./$(DEPDIR)/syssignal.Po \ - ./$(DEPDIR)/systime.Po ./$(DEPDIR)/systime_s.Po \ - ./$(DEPDIR)/timespecops.Po ./$(DEPDIR)/timetoa.Po \ - ./$(DEPDIR)/timevalops.Po ./$(DEPDIR)/timexsup.Po \ - ./$(DEPDIR)/uglydate.Po ./$(DEPDIR)/vint64ops.Po \ - ./$(DEPDIR)/work_fork.Po ./$(DEPDIR)/work_thread.Po \ - ./$(DEPDIR)/xsbprintf.Po ./$(DEPDIR)/ymd2yd.Po \ - lib/isc/$(DEPDIR)/assertions.Po \ + ./$(DEPDIR)/numtoa.Po ./$(DEPDIR)/octtoint.Po \ + ./$(DEPDIR)/prettydate.Po ./$(DEPDIR)/recvbuff.Po \ + ./$(DEPDIR)/refidsmear.Po ./$(DEPDIR)/refnumtoa.Po \ + ./$(DEPDIR)/snprintf.Po ./$(DEPDIR)/socket.Po \ + ./$(DEPDIR)/socktoa.Po ./$(DEPDIR)/socktohost.Po \ + ./$(DEPDIR)/ssl_init.Po ./$(DEPDIR)/statestr.Po \ + ./$(DEPDIR)/strdup.Po ./$(DEPDIR)/strl_obsd.Po \ + ./$(DEPDIR)/syssignal.Po ./$(DEPDIR)/systime.Po \ + ./$(DEPDIR)/systime_s.Po ./$(DEPDIR)/timespecops.Po \ + ./$(DEPDIR)/timetoa.Po ./$(DEPDIR)/timevalops.Po \ + ./$(DEPDIR)/timexsup.Po ./$(DEPDIR)/uglydate.Po \ + ./$(DEPDIR)/vint64ops.Po ./$(DEPDIR)/work_fork.Po \ + ./$(DEPDIR)/work_thread.Po ./$(DEPDIR)/xsbprintf.Po \ + ./$(DEPDIR)/ymd2yd.Po lib/isc/$(DEPDIR)/assertions.Po \ lib/isc/$(DEPDIR)/backtrace-emptytbl.Po \ lib/isc/$(DEPDIR)/backtrace.Po lib/isc/$(DEPDIR)/buffer.Po \ lib/isc/$(DEPDIR)/error.Po lib/isc/$(DEPDIR)/event.Po \ @@ -581,6 +580,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -822,7 +822,6 @@ libntp_a_SRCS = \ ntp_rfc2553.c \ ntp_worker.c \ numtoa.c \ - numtohost.c \ octtoint.c \ prettydate.c \ refidsmear.c \ @@ -1093,7 +1092,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp_rfc2553.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp_worker.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numtoa.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numtohost.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/octtoint.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prettydate.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/recvbuff.Po@am__quote@ # am--include-marker @@ -1380,7 +1378,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/ntp_rfc2553.Po -rm -f ./$(DEPDIR)/ntp_worker.Po -rm -f ./$(DEPDIR)/numtoa.Po - -rm -f ./$(DEPDIR)/numtohost.Po -rm -f ./$(DEPDIR)/octtoint.Po -rm -f ./$(DEPDIR)/prettydate.Po -rm -f ./$(DEPDIR)/recvbuff.Po @@ -1535,7 +1532,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/ntp_rfc2553.Po -rm -f ./$(DEPDIR)/ntp_worker.Po -rm -f ./$(DEPDIR)/numtoa.Po - -rm -f ./$(DEPDIR)/numtohost.Po -rm -f ./$(DEPDIR)/octtoint.Po -rm -f ./$(DEPDIR)/prettydate.Po -rm -f ./$(DEPDIR)/recvbuff.Po diff --git a/libntp/a_md5encrypt.c b/libntp/a_md5encrypt.c index 7a372969123f..a571405a5d87 100644 --- a/libntp/a_md5encrypt.c +++ b/libntp/a_md5encrypt.c @@ -21,7 +21,6 @@ typedef struct { size_t len; } rwbuffT; - #if defined(OPENSSL) && defined(ENABLE_CMAC) static size_t cmac_ctx_size( @@ -40,6 +39,37 @@ cmac_ctx_size( #endif /* OPENSSL && ENABLE_CMAC */ +/* + * Allocate and initialize a digest context. As a speed optimization, + * take an idea from ntpsec and cache the context to avoid malloc/free + * overhead in time-critical paths. ntpsec also caches the algorithms + * with each key. + * This is not thread-safe, but that is + * not a problem at present. + */ +static EVP_MD_CTX * +get_md_ctx( + int nid + ) +{ +#ifndef OPENSSL + static MD5_CTX md5_ctx; + + DEBUG_INSIST(NID_md5 == nid); + MD5Init(&md5_ctx); + + return &md5_ctx; +#else + if (!EVP_DigestInit(digest_ctx, EVP_get_digestbynid(nid))) { + msyslog(LOG_ERR, "%s init failed", OBJ_nid2sn(nid)); + return NULL; + } + + return digest_ctx; +#endif /* OPENSSL */ +} + + static size_t make_mac( const rwbuffT * digest, @@ -99,26 +129,13 @@ make_mac( CMAC_CTX_free(ctx); } else -# endif /*ENABLE_CMAC*/ +# endif /* ENABLE_CMAC */ { /* generic MAC handling */ - EVP_MD_CTX * ctx = EVP_MD_CTX_new(); + EVP_MD_CTX * ctx; u_int uilen = 0; - if ( ! ctx) { - msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest CTX new failed.", - OBJ_nid2sn(ktype)); - goto mac_fail; - } - - #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - /* make sure MD5 is allowd */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - #endif - /* [Bug 3457] DON'T use plain EVP_DigestInit! It would - * kill the flags! */ - if (!EVP_DigestInit_ex(ctx, EVP_get_digestbynid(ktype), NULL)) { - msyslog(LOG_ERR, "MAC encrypt: MAC %s Digest Init failed.", - OBJ_nid2sn(ktype)); + ctx = get_md_ctx(ktype); + if (NULL == ctx) { goto mac_fail; } if ((size_t)EVP_MD_CTX_size(ctx) > digest->len) { @@ -143,39 +160,25 @@ make_mac( } mac_fail: retlen = (size_t)uilen; - - if (ctx) - EVP_MD_CTX_free(ctx); } #else /* !OPENSSL follows */ - if (ktype == NID_md5) - { - EVP_MD_CTX * ctx = EVP_MD_CTX_new(); - u_int uilen = 0; + if (NID_md5 == ktype) { + EVP_MD_CTX * ctx; - if (digest->len < 16) { + ctx = get_md_ctx(ktype); + if (digest->len < MD5_LENGTH) { msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 buf too small."); + } else { + MD5Init(ctx); + MD5Update(ctx, (const void *)key->buf, key->len); + MD5Update(ctx, (const void *)msg->buf, msg->len); + MD5Final(digest->buf, ctx); + retlen = MD5_LENGTH; } - else if ( ! ctx) { - msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest CTX new failed."); - } - else if (!EVP_DigestInit(ctx, EVP_get_digestbynid(ktype))) { - msyslog(LOG_ERR, "%s", "MAC encrypt: MAC md5 Digest INIT failed."); - } - else { - EVP_DigestUpdate(ctx, key->buf, key->len); - EVP_DigestUpdate(ctx, msg->buf, msg->len); - EVP_DigestFinal(ctx, digest->buf, &uilen); - } - if (ctx) - EVP_MD_CTX_free(ctx); - retlen = (size_t)uilen; - } - else - { - msyslog(LOG_ERR, "MAC encrypt: invalid key type %d" , ktype); + } else { + msyslog(LOG_ERR, "MAC encrypt: invalid key type %d", ktype); } #endif /* !OPENSSL */ @@ -187,7 +190,7 @@ make_mac( /* * MD5authencrypt - generate message digest * - * Returns length of MAC including key ID and digest. + * Returns 0 on failure or length of MAC including key ID. */ size_t MD5authencrypt( @@ -202,13 +205,14 @@ MD5authencrypt( rwbuffT digb = { digest, sizeof(digest) }; robuffT keyb = { key, klen }; robuffT msgb = { pkt, length }; - size_t dlen = 0; + size_t dlen; dlen = make_mac(&digb, type, &keyb, &msgb); - /* If the MAC is longer than the MAX then truncate it. */ - if (dlen > MAX_MDG_LEN) - dlen = MAX_MDG_LEN; - memcpy((u_char *)pkt + length + KEY_MAC_LEN, digest, dlen); + if (0 == dlen) { + return 0; + } + memcpy((u_char *)pkt + length + KEY_MAC_LEN, digest, + min(dlen, MAX_MDG_LEN)); return (dlen + KEY_MAC_LEN); } @@ -236,15 +240,11 @@ MD5authdecrypt( size_t dlen = 0; dlen = make_mac(&digb, type, &keyb, &msgb); - - /* If the MAC is longer than the MAX then truncate it. */ - if (dlen > MAX_MDG_LEN) - dlen = MAX_MDG_LEN; - if (size != (size_t)dlen + KEY_MAC_LEN) { + if (0 == dlen || size != dlen + KEY_MAC_LEN) { msyslog(LOG_ERR, - "MAC decrypt: MAC length error: len=%u key=%d", - (u_int)size, keyno); - return (0); + "MAC decrypt: MAC length error: %u not %u for key %u", + (u_int)size, (u_int)(dlen + KEY_MAC_LEN), keyno); + return FALSE; } return !isc_tsmemcmp(digest, (u_char *)pkt + length + KEY_MAC_LEN, dlen); @@ -254,39 +254,36 @@ MD5authdecrypt( * Calculate the reference id from the address. If it is an IPv4 * address, use it as is. If it is an IPv6 address, do a md5 on * it and use the bottom 4 bytes. - * The result is in network byte order. + * The result is in network byte order for IPv4 addreseses. For + * IPv6, ntpd long differed in the hash calculated on big-endian + * vs. little-endian because the first four bytes of the MD5 hash + * were used as a u_int32 without any byte swapping. This broke + * the refid-based loop detection between mixed-endian systems. + * In order to preserve behavior on the more-common little-endian + * systems, the hash is now byte-swapped on big-endian systems to + * match the little-endian hash. This is ugly but it seems better + * than changing the IPv6 refid calculation on the more-common + * systems. + * This is not thread safe, not a problem so far. */ u_int32 addr2refid(sockaddr_u *addr) { - u_char digest[EVP_MAX_MD_SIZE]; - u_int32 addr_refid; - EVP_MD_CTX *ctx; - u_int len; + static MD5_CTX md5_ctx; + union u_tag { + u_char digest[MD5_DIGEST_LENGTH]; + u_int32 addr_refid; + } u; - if (IS_IPV4(addr)) + if (IS_IPV4(addr)) { return (NSRCADR(addr)); - - INIT_SSL(); - - ctx = EVP_MD_CTX_new(); -# ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW - /* MD5 is not used as a crypto hash here. */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); -# endif - /* [Bug 3457] DON'T use plain EVP_DigestInit! It would kill the - * flags! */ - if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) { - msyslog(LOG_ERR, - "MD5 init failed"); - EVP_MD_CTX_free(ctx); /* pedantic... but safe */ - exit(1); } - - EVP_DigestUpdate(ctx, (u_char *)PSOCK_ADDR6(addr), - sizeof(struct in6_addr)); - EVP_DigestFinal(ctx, digest, &len); - EVP_MD_CTX_free(ctx); - memcpy(&addr_refid, digest, sizeof(addr_refid)); - return (addr_refid); + /* MD5 is not used for authentication here. */ + MD5Init(&md5_ctx); + MD5Update(&md5_ctx, (void *)&SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr))); + MD5Final(u.digest, &md5_ctx); +#ifdef WORDS_BIGENDIAN + u.addr_refid = BYTESWAP32(u.addr_refid); +#endif + return u.addr_refid; } diff --git a/libntp/adjtime.c b/libntp/adjtime.c index b536cc555d9a..57accd68642d 100644 --- a/libntp/adjtime.c +++ b/libntp/adjtime.c @@ -381,6 +381,6 @@ adjtime (struct timeval *delta, struct timeval *olddelta) return 0; } # else /* no special adjtime() needed */ -int adjtime_bs; +NONEMPTY_TRANSLATION_UNIT # endif #endif diff --git a/libntp/audio.c b/libntp/audio.c index f404cc078bdc..2cbae7a30a11 100644 --- a/libntp/audio.c +++ b/libntp/audio.c @@ -517,5 +517,5 @@ audio_show(void) #endif /* not PCM_STYLE_SOUND */ } #else -int audio_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* HAVE_{SYS_AUDIOIO,SUN_AUDIOIO,MACHINE_SOUNDCARD,SYS_SOUNDCARD}_H */ diff --git a/libntp/authkeys.c b/libntp/authkeys.c index d28b4b932b84..29671ac922bb 100644 --- a/libntp/authkeys.c +++ b/libntp/authkeys.c @@ -611,6 +611,9 @@ authhavekey( /* * The key is found and trusted. Initialize the key cache. + * The cache really should be a struct savekey to streamline + * this code. Using a sk pointer would be even faster but more + * fragile around pointing to freed memory. */ cache_keyid = sk->keyid; cache_type = sk->type; @@ -927,6 +930,7 @@ authdecrypt( pkt, length, size, keyno); } + /* password decoding helpers */ static size_t pwdecode_plain( diff --git a/libntp/authreadkeys.c b/libntp/authreadkeys.c index fa2f5b540de4..e4aee723d33a 100644 --- a/libntp/authreadkeys.c +++ b/libntp/authreadkeys.c @@ -218,14 +218,14 @@ authreadkeys( keytype = keytype_from_text(token, NULL); if (keytype == 0) { log_maybe(NULL, - "authreadkeys: invalid type for key %d", - keyno); + "authreadkeys: unsupported type %s for key %d", + token, keyno); # ifdef ENABLE_CMAC } else if (NID_cmac != keytype && EVP_get_digestbynid(keytype) == NULL) { log_maybe(NULL, - "authreadkeys: no algorithm for key %d", - keyno); + "authreadkeys: no algorithm for %s key %d", + token, keyno); keytype = 0; # endif /* ENABLE_CMAC */ } @@ -270,11 +270,13 @@ authreadkeys( "authreadkeys: passwd has bad char for key %d", keyno); break; +#ifdef DEBUG default: log_maybe(&nerr, - "authreadkeys: unknown errno %d for key %d", + "authreadkeys: unexpected errno %d for key %d: %m", errno, keyno); break; +#endif } continue; } diff --git a/libntp/bsd_strerror.c b/libntp/bsd_strerror.c index 5ace9aa48542..23888a2d1437 100644 --- a/libntp/bsd_strerror.c +++ b/libntp/bsd_strerror.c @@ -45,5 +45,5 @@ strerror( return ebuf; } #else -int strerror_bs; +NONEMPTY_TRANSLATION_UNIT #endif diff --git a/libntp/clocktypes.c b/libntp/clocktypes.c index de7f6b4f3854..1b44546ee172 100644 --- a/libntp/clocktypes.c +++ b/libntp/clocktypes.c @@ -6,7 +6,6 @@ #include "ntp_fp.h" #include "ntp.h" -#include "lib_strbuf.h" #include "ntp_refclock.h" #include "ntp_stdlib.h" diff --git a/libntp/dofptoa.c b/libntp/dofptoa.c index c21d1455e7f0..a3f7c9e710dd 100644 --- a/libntp/dofptoa.c +++ b/libntp/dofptoa.c @@ -5,8 +5,6 @@ #include <stdio.h> #include "ntp_fp.h" -#include "lib_strbuf.h" -#include "ntp_string.h" #include "ntp_stdlib.h" char * diff --git a/libntp/dolfptoa.c b/libntp/dolfptoa.c index 00e1faf793bc..2fa3cc5502d6 100644 --- a/libntp/dolfptoa.c +++ b/libntp/dolfptoa.c @@ -5,8 +5,6 @@ #include <stdio.h> #include "ntp_fp.h" -#include "lib_strbuf.h" -#include "ntp_string.h" #include "ntp_stdlib.h" char * diff --git a/libntp/humandate.c b/libntp/humandate.c index d9d5e89df017..94b3e6023e17 100644 --- a/libntp/humandate.c +++ b/libntp/humandate.c @@ -6,7 +6,6 @@ #include "ntp_fp.h" #include "ntp_unixtime.h" /* includes <sys/time.h> and <time.h> */ -#include "lib_strbuf.h" #include "ntp_stdlib.h" diff --git a/libntp/lib/isc/win32/strerror.c b/libntp/lib/isc/win32/strerror.c index 40c5da002f8c..21bdad97778e 100644 --- a/libntp/lib/isc/win32/strerror.c +++ b/libntp/lib/isc/win32/strerror.c @@ -29,6 +29,8 @@ #include <isc/strerror.h> #include <isc/util.h> +#include "lib_strbuf.h" + /* * Forward declarations */ @@ -88,19 +90,47 @@ isc__strerror(int num, char *buf, size_t size) { */ char * FormatError(int error) { - LPVOID lpMsgBuf = NULL; + char *lpMsgBuf = NULL; + char *pch; + const char boiler[] = + " For information about network troubleshooting, see Windows Help."; + size_t last; + FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, + (FORMAT_MESSAGE_MAX_WIDTH_MASK - 1), NULL, error, /* Default language */ MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), - (LPTSTR) &lpMsgBuf, + (LPTSTR)(PVOID)&lpMsgBuf, 0, NULL); + /* remove useless boilerplate */ + pch = strstr(lpMsgBuf, boiler); + if (pch != NULL) { + *pch = '\0'; + } + + /* strip any trailing CR/LF and spaces */ + if (lpMsgBuf != NULL) { + last = strlen(lpMsgBuf); + if (last > 0) { + --last; + } + while ('\n' == lpMsgBuf[last] || + '\r' == lpMsgBuf[last] || + ' ' == lpMsgBuf[last]) { + + lpMsgBuf[last] = '\0'; + if (last > 0) { + --last; + } + } + } + return (lpMsgBuf); } @@ -113,27 +143,31 @@ char * NTstrerror(int err, BOOL *bfreebuf) { char *retmsg = NULL; - /* Copy the error value first in case of other errors */ - DWORD errval = err; - *bfreebuf = FALSE; /* Get the Winsock2 error messages */ - if (errval >= WSABASEERR && errval <= (WSABASEERR + 1999)) { - retmsg = GetWSAErrorMessage(errval); - if (retmsg != NULL) - return (retmsg); + /* DLH this may not be needed, FormatError/FormatMessage may handle Winsock error codes */ + if (err >= WSABASEERR && err <= (WSABASEERR + 1999)) { + retmsg = GetWSAErrorMessage(err); } /* * If it's not one of the standard Unix error codes, * try a system error message */ - if (errval > (DWORD) _sys_nerr) { - *bfreebuf = TRUE; - return (FormatError(errval)); - } else { - return (strerror(errval)); + if (NULL == retmsg) { + if (err > _sys_nerr) { + *bfreebuf = TRUE; + retmsg = FormatError(err); + } else { + retmsg = lib_getbuf(); + if (0 != strerror_s(retmsg, LIB_BUFLENGTH, err)) { + snprintf(retmsg, LIB_BUFLENGTH, + "Unknown error number %d/0x%x", + err, err); + } + } } + return retmsg; } /* diff --git a/libntp/lib_strbuf.c b/libntp/lib_strbuf.c index 76f70163de98..225c430f7e02 100644 --- a/libntp/lib_strbuf.c +++ b/libntp/lib_strbuf.c @@ -1,10 +1,11 @@ /* - * lib_strbuf - library string storage + * lib_strbuf.c - init_lib() and library string storage */ #ifdef HAVE_CONFIG_H #include <config.h> #endif +#include <isc/mutex.h> #include <isc/net.h> #include <isc/result.h> @@ -12,17 +13,18 @@ #include "ntp_stdlib.h" #include "lib_strbuf.h" +#define LIB_NUMBUF 10 /* * Storage declarations */ -int debug; -libbufstr lib_stringbuf[LIB_NUMBUF]; -int lib_nextbuf; -int ipv4_works; -int ipv6_works; -int lib_inited; - +static char lib_stringbuf_storage[LIB_NUMBUF][LIB_BUFLENGTH]; +static char * lib_stringbuf[LIB_NUMBUF]; +int lib_inited; +static isc_mutex_t lib_mutex; +int ipv4_works; +int ipv6_works; +int debug; /* * initialization routine. Might be needed if the code is ROMized. @@ -30,10 +32,41 @@ int lib_inited; void init_lib(void) { - if (lib_inited) + u_int u; + + if (lib_inited) { return; + } ipv4_works = (ISC_R_SUCCESS == isc_net_probeipv4()); ipv6_works = (ISC_R_SUCCESS == isc_net_probeipv6()); init_systime(); + /* + * Avoid -Wrestrict warnings by keeping a pointer to each buffer + * so the compiler can see copying from one buffer to another is + * not violating restrict qualifiers on, e.g. memcpy() args. + */ + for (u = 0; u < COUNTOF(lib_stringbuf); u++) { + lib_stringbuf[u] = lib_stringbuf_storage[u]; + } + isc_mutex_init(&lib_mutex); lib_inited = TRUE; } + + +char * +lib_getbuf(void) +{ + static int lib_nextbuf; + int mybuf; + + if (!lib_inited) { + init_lib(); + } + isc_mutex_lock(&lib_mutex); + mybuf = lib_nextbuf; + lib_nextbuf = (1 + mybuf) % COUNTOF(lib_stringbuf); + isc_mutex_unlock(&lib_mutex); + zero_mem(lib_stringbuf[mybuf], LIB_BUFLENGTH); + + return lib_stringbuf[mybuf]; +}
\ No newline at end of file diff --git a/libntp/machines.c b/libntp/machines.c index 7a29ac07ea5f..163abf15c6db 100644 --- a/libntp/machines.c +++ b/libntp/machines.c @@ -13,17 +13,16 @@ #include "ntp_syslog.h" #include "ntp_stdlib.h" #include "ntp_unixtime.h" -#include "lib_strbuf.h" #include "ntp_debug.h" +#include "ntp_tty.h" #ifdef HAVE_UNISTD_H #include <unistd.h> #endif #ifdef SYS_WINNT -int _getch(void); /* Declare the one function rather than include conio.h */ +#include <conio.h> #else - #ifdef SYS_VXWORKS #include "taskLib.h" #include "sysLib.h" @@ -531,3 +530,58 @@ getpass(const char * prompt) return password; } #endif /* SYS_WINNT */ + + +static const int baudTable[][2] = { + {B0, 0}, + {B50, 50}, + {B75, 75}, + {B110, 110}, + {B134, 134}, + {B150, 150}, + {B200, 200}, + {B300, 300}, + {B600, 600}, + {B1200, 1200}, + {B1800, 1800}, + {B2400, 2400}, + {B4800, 4800}, + {B9600, 9600}, + {B19200, 19200}, + {B38400, 38400}, +# ifdef B57600 + {B57600, 57600 }, +# endif +# ifdef B115200 + {B115200, 115200}, +# endif + {-1, -1} +}; + + +int symBaud2numBaud(int symBaud) +{ + int i; + + for (i = 0; baudTable[i][1] >= 0; ++i) { + if (baudTable[i][0] == symBaud) { + break; + } + } + return baudTable[i][1]; +} + + +#if 0 /* unused */ +int numBaud2symBaud(int numBaud) +{ + int i; + + for (i = 0; baudTable[i][1] >= 0; ++i) { + if (baudTable[i][1] == numBaud) { + break; + } + } + return baudTable[i][0]; +} +#endif /* unused fn */ diff --git a/libntp/modetoa.c b/libntp/modetoa.c index 6f13d20580bf..de14c9edd34c 100644 --- a/libntp/modetoa.c +++ b/libntp/modetoa.c @@ -4,7 +4,6 @@ #include <config.h> #include <stdio.h> -#include "lib_strbuf.h" #include "ntp_stdlib.h" const char * diff --git a/libntp/msyslog.c b/libntp/msyslog.c index a1ba72792595..b72d5c8dc379 100644 --- a/libntp/msyslog.c +++ b/libntp/msyslog.c @@ -348,15 +348,14 @@ msyslog( ... ) { - char buf[1024]; va_list ap; va_start(ap, fmt); - mvsnprintf(buf, sizeof(buf), fmt, ap); + mvsyslog(level, fmt, ap); va_end(ap); - addto_syslog(level, buf); } + void mvsyslog( int level, @@ -365,6 +364,7 @@ mvsyslog( ) { char buf[1024]; + mvsnprintf(buf, sizeof(buf), fmt, ap); addto_syslog(level, buf); } diff --git a/libntp/netof.c b/libntp/netof.c index c8831c3dd9cd..5f1e3662de78 100644 --- a/libntp/netof.c +++ b/libntp/netof.c @@ -1,5 +1,5 @@ /* - * netof - return the net address part of an ip address in a sockaddr_storage structure + * netof - return the net address part of an ip address in a sockaddr_u structure * (zero out host part) */ #include <config.h> @@ -11,12 +11,19 @@ #include "ntp_stdlib.h" #include "ntp.h" +/* + * Return the network portion of a host address. Used by ntp_io.c + * findbcastinter() to find a multicast/broadcast interface for + * a given remote address. Note static storage is used, with room + * for only two addresses, which is all that is needed at present. + * + */ sockaddr_u * netof( sockaddr_u *hostaddr ) { - static sockaddr_u netofbuf[8]; + static sockaddr_u netofbuf[2]; static int next_netofbuf; u_int32 netnum; sockaddr_u * netaddr; @@ -27,20 +34,11 @@ netof( memcpy(netaddr, hostaddr, sizeof(*netaddr)); if (IS_IPV4(netaddr)) { - netnum = SRCADR(netaddr); - /* - * We live in a modern CIDR world where the basement nets, which - * used to be class A, are now probably associated with each - * host address. So, for class-A nets, all bits are significant. + * We live in a modern classless IPv4 world. Assume /24. */ - if (IN_CLASSC(netnum)) - netnum &= IN_CLASSC_NET; - else if (IN_CLASSB(netnum)) - netnum &= IN_CLASSB_NET; - + netnum = SRCADR(netaddr) & IN_CLASSC_NET; SET_ADDR4(netaddr, netnum); - } else if (IS_IPV6(netaddr)) /* assume the typical /64 subnet size */ zero_mem(&NSRCADR6(netaddr)[8], 8); diff --git a/libntp/ntp_calendar.c b/libntp/ntp_calendar.c index 9fc0b48229f2..b850a9db59b8 100644 --- a/libntp/ntp_calendar.c +++ b/libntp/ntp_calendar.c @@ -56,7 +56,6 @@ #include "ntp_unixtime.h" #include "ntpd.h" -#include "lib_strbuf.h" /* For now, let's take the conservative approach: if the target property * macros are not defined, check a few well-known compiler/architecture diff --git a/libntp/ntp_intres.c b/libntp/ntp_intres.c index 9fc3815ef007..29546147db8a 100644 --- a/libntp/ntp_intres.c +++ b/libntp/ntp_intres.c @@ -84,12 +84,6 @@ # include <netdb.h> # endif # include <resolv.h> -# ifdef HAVE_INT32_ONLY_WITH_DNS -# define HAVE_INT32 -# endif -# ifdef HAVE_U_INT32_ONLY_WITH_DNS -# define HAVE_U_INT32 -# endif #endif #include "ntp.h" diff --git a/libntp/ntp_realpath.c b/libntp/ntp_realpath.c index 116542945153..90e5a0d59e75 100644 --- a/libntp/ntp_realpath.c +++ b/libntp/ntp_realpath.c @@ -103,7 +103,7 @@ realpath1(const char *path, char *resolved) size_t left_len, resolved_len, next_token_len; unsigned symlinks; ssize_t slen; - char left[NTP_PATH_MAX], next_token[NTP_PATH_MAX], symlink[NTP_PATH_MAX]; + char left[NTP_PATH_MAX], next_token[NTP_PATH_MAX], link_tgt[NTP_PATH_MAX]; symlinks = 0; if (path[0] == '/') { @@ -157,7 +157,7 @@ realpath1(const char *path, char *resolved) resolved[resolved_len++] = '/'; resolved[resolved_len] = '\0'; } - if (next_token[0] == '\0') { + if ('\0' == next_token[0]) { /* Handle consequential slashes. */ continue; } else if (strcmp(next_token, ".") == 0) { @@ -187,23 +187,24 @@ realpath1(const char *path, char *resolved) if (lstat(resolved, &sb) != 0) return (NULL); if (S_ISLNK(sb.st_mode)) { - if (symlinks++ > NTP_MAXSYMLINKS) { + if (++symlinks > NTP_MAXSYMLINKS) { errno = ELOOP; return (NULL); } - slen = readlink(resolved, symlink, sizeof(symlink)); - if (slen <= 0 || slen >= (ssize_t)sizeof(symlink)) { - if (slen < 0) - ; /* keep errno from readlink(2) call */ - else if (slen == 0) + slen = readlink(resolved, link_tgt, sizeof(link_tgt)); + if (slen <= 0 || slen >= (ssize_t)sizeof(link_tgt)) { + if (slen < 0) { + /* keep errno from readlink(2) call */ + } else if (slen == 0) { errno = ENOENT; - else + } else { errno = ENAMETOOLONG; + } return (NULL); } - symlink[slen] = '\0'; - if (symlink[0] == '/') { - resolved[1] = 0; + link_tgt[slen] = '\0'; + if (link_tgt[0] == '/') { + resolved[1] = '\0'; resolved_len = 1; } else { /* Strip the last path component. */ @@ -214,26 +215,26 @@ realpath1(const char *path, char *resolved) /* * If there are any path components left, then - * append them to symlink. The result is placed + * append them to link_tgt. The result is placed * in `left'. */ if (p != NULL) { - if (symlink[slen - 1] != '/') { - if (slen + 1 >= (ssize_t)sizeof(symlink)) { + if (link_tgt[slen - 1] != '/') { + if (slen + 1 >= (ssize_t)sizeof(link_tgt)) { errno = ENAMETOOLONG; return (NULL); } - symlink[slen] = '/'; - symlink[slen + 1] = 0; + link_tgt[slen] = '/'; + link_tgt[slen + 1] = 0; } - left_len = strlcat(symlink, left, - sizeof(symlink)); - if (left_len >= sizeof(symlink)) { + left_len = strlcat(link_tgt, left, + sizeof(link_tgt)); + if (left_len >= sizeof(link_tgt)) { errno = ENAMETOOLONG; return (NULL); } } - left_len = strlcpy(left, symlink, sizeof(left)); + left_len = strlcpy(left, link_tgt, sizeof(left)); } else if (!S_ISDIR(sb.st_mode) && p != NULL) { errno = ENOTDIR; return (NULL); diff --git a/libntp/numtoa.c b/libntp/numtoa.c index 51645de01c30..ac8978ee5e58 100644 --- a/libntp/numtoa.c +++ b/libntp/numtoa.c @@ -12,7 +12,6 @@ #include <ctype.h> #include "ntp_fp.h" -#include "lib_strbuf.h" #include "ntp_stdlib.h" char * @@ -34,7 +33,11 @@ numtoa( } -/* Convert a refid & stratum to a string */ +/* + * Convert a refid & stratum to a string. If stratum is negative and the + * refid consists entirely of graphic chars, up to an optional + * terminating zero, display as text similar to stratum 0 & 1. + */ const char * refid_str( u_int32 refid, @@ -43,33 +46,44 @@ refid_str( { char * text; size_t tlen; - char * cp; - - if (stratum > 1) - return numtoa(refid); - - LIB_GETBUF(text); - text[0] = '.'; - /* What if any non-NUL char is not printable? */ - memcpy(&text[1], &refid, sizeof(refid)); - text[1 + sizeof(refid)] = '\0'; - tlen = strlen(text); - text[tlen] = '.'; - text[tlen + 1] = '\0'; + char * cp; + int printable; /* - * Now make sure the contents are 'graphic'. - * - * This refid is expected to be up to 4 ascii graphics. - * If any character is not a graphic, replace it with a space. - * This will at least alert the viewer of a problem. + * ntpd can have stratum = 0 and refid 127.0.0.1 in orphan mode. + * https://bugs.ntp.org/3854. Mirror the refid logic in timer(). */ - for (cp = text + 1; *cp; ++cp) { - if (!isgraph((int)*cp)) { - *cp = ' '; + if (0 == stratum && LOOPBACKADR_N == refid) { + return ".ORPH."; + } + printable = FALSE; + if (stratum < 2) { + text = lib_getbuf(); + text[0] = '.'; + memcpy(&text[1], &refid, sizeof(refid)); + text[1 + sizeof(refid)] = '\0'; + tlen = strlen(text); + text[tlen] = '.'; + text[tlen + 1] = '\0'; + /* + * Now make sure the contents are 'graphic'. + * + * This refid is expected to be up to 4 printable ASCII. + * isgraph() is similar to isprint() but excludes space. + * If any character is not graphic, replace it with a '?'. + * This will at least alert the viewer of a problem. + */ + for (cp = text + 1; '\0' != *cp; ++cp) { + if (!isgraph((int)*cp)) { + printable = FALSE; + *cp = '?'; + } + } + if ( (stratum < 0 && printable) + || stratum < 2) { + return text; } } - - return text; + return numtoa(refid); } diff --git a/libntp/numtohost.c b/libntp/numtohost.c deleted file mode 100644 index 6b250d602de0..000000000000 --- a/libntp/numtohost.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * numtohost - convert network number to host name. - */ -#include <config.h> - -#include <sys/types.h> -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> /* ntohl */ -#endif - -#include "ntp_fp.h" -#include "ntp_stdlib.h" -#include "lib_strbuf.h" - -#define LOOPBACKNET 0x7f000000 -#define LOOPBACKHOST 0x7f000001 -#define LOOPBACKNETMASK 0xff000000 - -char * -numtohost( - u_int32 netnum - ) -{ - char *bp; - struct hostent *hp; - - /* - * This is really gross, but saves lots of hanging looking for - * hostnames for the radio clocks. Don't bother looking up - * addresses on the loopback network except for the loopback - * host itself. - */ - if ((((ntohl(netnum) & LOOPBACKNETMASK) == LOOPBACKNET) - && (ntohl(netnum) != LOOPBACKHOST)) - || ((hp = gethostbyaddr((char *)&netnum, sizeof netnum, AF_INET)) - == 0)) - return numtoa(netnum); - - LIB_GETBUF(bp); - strlcpy(bp, hp->h_name, LIB_BUFLENGTH); - - return bp; -} diff --git a/libntp/prettydate.c b/libntp/prettydate.c index deacc26bbe2b..060f79e5e327 100644 --- a/libntp/prettydate.c +++ b/libntp/prettydate.c @@ -6,7 +6,6 @@ #include "ntp_fp.h" #include "ntp_unixtime.h" /* includes <sys/time.h> */ -#include "lib_strbuf.h" #include "ntp_stdlib.h" #include "ntp_assert.h" #include "ntp_calendar.h" diff --git a/libntp/recvbuff.c b/libntp/recvbuff.c index d84a87d68501..6e7cda5d373d 100644 --- a/libntp/recvbuff.c +++ b/libntp/recvbuff.c @@ -93,41 +93,54 @@ initialise_buffer(recvbuf_t *buff) static void create_buffers( - size_t nbufs) + size_t nbufs +) { + static const u_int chunk = # ifndef DEBUG - static const u_int chunk = RECV_INC; + RECV_INC; # else /* Allocate each buffer individually so they can be free()d * during ntpd shutdown on DEBUG builds to keep them out of heap * leak reports. */ - static const u_int chunk = 1; + 1; # endif - - register recvbuf_t *bufp; - u_int i; - size_t abuf; + static int/*BOOL*/ doneonce; + recvbuf_t * bufp; + u_int i; + size_t abuf; /*[bug 3666]: followup -- reset shortfalls in all cases */ abuf = nbufs + buffer_shortfall; buffer_shortfall = 0; - if (limit_recvbufs <= total_recvbufs) + if (limit_recvbufs <= total_recvbufs) { + if (!doneonce) { + msyslog(LOG_CRIT, "Unable to allocate receive" + " buffer, %lu/%lu", + total_recvbufs, limit_recvbufs); + doneonce = TRUE; + } return; - - if (abuf < nbufs || abuf > RECV_BATCH) + } + + if (abuf < nbufs || abuf > RECV_BATCH) { abuf = RECV_BATCH; /* clamp on overflow */ - else + } else { abuf += (~abuf + 1) & (RECV_INC - 1); /* round up */ - - if (abuf > (limit_recvbufs - total_recvbufs)) + } + if (abuf > (limit_recvbufs - total_recvbufs)) { abuf = limit_recvbufs - total_recvbufs; + } abuf += (~abuf + 1) & (chunk - 1); /* round up */ while (abuf) { bufp = calloc(chunk, sizeof(*bufp)); if (!bufp) { + msyslog(LOG_CRIT, "Out of memory, allocating " + "%u recvbufs, %lu bytes", + chunk, (u_long)sizeof(*bufp) * chunk); limit_recvbufs = total_recvbufs; break; } diff --git a/libntp/refnumtoa.c b/libntp/refnumtoa.c index cfebefe1ed18..1e1aa4e06b4c 100644 --- a/libntp/refnumtoa.c +++ b/libntp/refnumtoa.c @@ -5,7 +5,6 @@ #include <stdio.h> #include "ntp_net.h" -#include "lib_strbuf.h" #include "ntp_stdlib.h" const char * diff --git a/libntp/snprintf.c b/libntp/snprintf.c index f4685e1ad4b6..52ec17a04eb2 100644 --- a/libntp/snprintf.c +++ b/libntp/snprintf.c @@ -1587,7 +1587,7 @@ rpl_asprintf(va_alist) va_dcl } #endif /* HW_WANT_RPL_ASPRINTF */ #else /* Dummy declaration to avoid empty translation unit warnings. */ -int main(void); +NONEMPTY_TRANSLATION_UNIT #endif /* HW_WANT_RPL_SNPRINTF || HW_WANT_RPL_VSNPRINTF || HW_WANT_RPL_ASPRINTF || [...] */ #if TEST_SNPRINTF diff --git a/libntp/socket.c b/libntp/socket.c index 11fb004690c4..08e6ffbebb6a 100644 --- a/libntp/socket.c +++ b/libntp/socket.c @@ -195,11 +195,11 @@ open_socket( ) void sendpkt( - sockaddr_u * dest, - struct interface * ep, - int ttl, - struct pkt * pkt, - int len + sockaddr_u * dest, + endpt * ep, + int ttl, + struct pkt * pkt, + int len ) static inline int @@ -207,9 +207,9 @@ read_refclock_packet(SOCKET fd, struct refclockio *rp, l_fp ts) static inline int read_network_packet( - SOCKET fd, - struct interface * itf, - l_fp ts + SOCKET fd, + endpt * itf, + l_fp ts ) void diff --git a/libntp/socktoa.c b/libntp/socktoa.c index 4071b0a45be0..f83f78b87981 100644 --- a/libntp/socktoa.c +++ b/libntp/socktoa.c @@ -21,7 +21,6 @@ #include <isc/sockaddr.h> #include "ntp_fp.h" -#include "lib_strbuf.h" #include "ntp_stdlib.h" #include "ntp.h" diff --git a/libntp/socktohost.c b/libntp/socktohost.c index fdf9adb9e2e6..3ea5b56004d8 100644 --- a/libntp/socktohost.c +++ b/libntp/socktohost.c @@ -15,7 +15,6 @@ #include <stdio.h> #include "ntp_fp.h" -#include "lib_strbuf.h" #include "ntp_stdlib.h" #include "ntp.h" #include "ntp_debug.h" diff --git a/libntp/ssl_init.c b/libntp/ssl_init.c index 925893257b7f..6de8a0b5fccc 100644 --- a/libntp/ssl_init.c +++ b/libntp/ssl_init.c @@ -23,67 +23,60 @@ # define CMAC_LENGTH 16 # define CMAC "AES128CMAC" # endif /*HAVE_OPENSSL_CMAC_H*/ -int ssl_init_done; -#if OPENSSL_VERSION_NUMBER < 0x10100000L +EVP_MD_CTX *digest_ctx; + static void atexit_ssl_cleanup(void) { - if (!ssl_init_done) { + if (NULL == digest_ctx) { return; } - - ssl_init_done = FALSE; + EVP_MD_CTX_free(digest_ctx); + digest_ctx = NULL; +#if OPENSSL_VERSION_NUMBER < 0x10100000L EVP_cleanup(); ERR_free_strings(); +#endif /* OpenSSL < 1.1 */ } + void ssl_init(void) { init_lib(); - if ( ! ssl_init_done) { - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - atexit(&atexit_ssl_cleanup); - ssl_init_done = TRUE; + if (NULL == digest_ctx) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); +#endif /* OpenSSL < 1.1 */ + digest_ctx = EVP_MD_CTX_new(); + INSIST(digest_ctx != NULL); + atexit(&atexit_ssl_cleanup); } } -#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ - -void -ssl_init(void) -{ - init_lib(); - ssl_init_done = TRUE; -} - -#endif /* OPENSSL_VERSION_NUMBER */ - void ssl_check_version(void) { u_long v; + char * buf; v = OpenSSL_version_num(); if ((v ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) { - msyslog(LOG_WARNING, - "OpenSSL version mismatch. Built against %lx, you have %lx", - (u_long)OPENSSL_VERSION_NUMBER, v); - fprintf(stderr, - "OpenSSL version mismatch. Built against %lx, you have %lx\n", - (u_long)OPENSSL_VERSION_NUMBER, v); + LIB_GETBUF(buf); + snprintf(buf, LIB_BUFLENGTH, + "OpenSSL version mismatch." + "Built against %lx, you have %lx\n", + (u_long)OPENSSL_VERSION_NUMBER, v); + msyslog(LOG_WARNING, "%s", buf); + fputs(buf, stderr); } - INIT_SSL(); } - -#else /* !OPENSSL */ -# define MD5_LENGTH 16 #endif /* OPENSSL */ @@ -102,7 +95,7 @@ keytype_from_text( int key_type; u_int digest_len; #ifdef OPENSSL /* --*-- OpenSSL code --*-- */ - const u_long max_digest_len = MAX_MAC_LEN - sizeof(keyid_t); + const u_long max_digest_len = MAX_MDG_LEN; char * upcased; char * pch; EVP_MD const * md; @@ -204,7 +197,7 @@ keytype_from_text( */ const char * keytype_name( - int nid + int type ) { static const char unknown_type[] = "(unknown key type)"; @@ -212,23 +205,18 @@ keytype_name( #ifdef OPENSSL INIT_SSL(); - name = OBJ_nid2sn(nid); + name = OBJ_nid2sn(type); # ifdef ENABLE_CMAC - if (NID_cmac == nid) { + if (NID_cmac == type) { name = CMAC; - - if (debug) { - fprintf(stderr, "%s:%d:%s():%s:nid\n", - __FILE__, __LINE__, __func__, CMAC); - } } else # endif /*ENABLE_CMAC*/ if (NULL == name) { name = unknown_type; } #else /* !OPENSSL follows */ - if (NID_md5 == nid) + if (NID_md5 == type) name = "MD5"; else name = unknown_type; @@ -251,13 +239,13 @@ keytype_name( */ char * getpass_keytype( - int keytype + int type ) { char pass_prompt[64 + 11 + 1]; /* 11 for " Password: " */ snprintf(pass_prompt, sizeof(pass_prompt), - "%.64s Password: ", keytype_name(keytype)); + "%.64s Password: ", keytype_name(type)); return getpass(pass_prompt); } diff --git a/libntp/statestr.c b/libntp/statestr.c index e712dc87e32d..bde1f50e7e74 100644 --- a/libntp/statestr.c +++ b/libntp/statestr.c @@ -8,7 +8,6 @@ #include "ntp_stdlib.h" #include "ntp_fp.h" #include "ntp.h" -#include "lib_strbuf.h" #include "ntp_refclock.h" #include "ntp_control.h" #include "ntp_string.h" diff --git a/libntp/systime.c b/libntp/systime.c index 76fba7fe1608..8d10b2e43f82 100644 --- a/libntp/systime.c +++ b/libntp/systime.c @@ -16,7 +16,6 @@ #include "timevalops.h" #include "timespecops.h" #include "ntp_calendar.h" -#include "lib_strbuf.h" #ifdef HAVE_SYS_PARAM_H # include <sys/param.h> diff --git a/libntp/timexsup.c b/libntp/timexsup.c index 979a7c4aea8e..21f7738d3e5f 100644 --- a/libntp/timexsup.c +++ b/libntp/timexsup.c @@ -6,14 +6,27 @@ */ #include "config.h" -#include "timexsup.h" #include <limits.h> #include <math.h> +#ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +#else +# ifdef HAVE_TIME_H +# include <time.h> +# endif +#endif #ifdef HAVE_SYS_TIMEX_H # include <sys/timex.h> +#else +# ifdef HAVE_TIMEX_H +# include <timex.h> +# endif #endif +#include "ntp_types.h" +#include "timexsup.h" + #if defined(MOD_NANO) != defined(STA_NANO) # warning inconsistent definitions of MOD_NANO vs STA_NANO #endif @@ -41,10 +54,11 @@ dbl_from_var_long( ) { #ifdef STA_NANO - if (status & STA_NANO) + if (STA_NANO & status) { return (double)lval * 1e-9; + } #else - (void)status; + UNUSED_ARG(status); #endif return (double)lval * 1e-6; } @@ -67,7 +81,7 @@ var_long_from_dbl( *modes |= MOD_NANO; dval *= 1e+9; #else - (void)modes; + UNUSED_ARG(modes); dval *= 1e+6; #endif return clamp_rounded(dval); diff --git a/libntp/uglydate.c b/libntp/uglydate.c index 66b5139096b4..165578674185 100644 --- a/libntp/uglydate.c +++ b/libntp/uglydate.c @@ -7,7 +7,6 @@ #include "ntp_fp.h" #include "ntp_unixtime.h" -#include "lib_strbuf.h" #include "ntp_stdlib.h" diff --git a/libntp/vint64ops.c b/libntp/vint64ops.c index 1d5087d95438..23c9f26dcfac 100644 --- a/libntp/vint64ops.c +++ b/libntp/vint64ops.c @@ -15,24 +15,25 @@ #include "ntp_types.h" #include "ntp_fp.h" +#include "ntp_malloc.h" #include "vint64ops.h" /* -------------------------------------------------------------------------*/ vint64 strtouv64( - char const * begp, - char const ** const endp, - int base + char * begp, + char ** endp, + int base ) { - vint64 res; - u_char digit; - int sig, num; - const u_char *src; + vint64 res; + u_char digit; + int sig, num; + u_char *src; num = sig = 0; - src = (const u_char*)begp; + src = (u_char *)begp; while (isspace(*src)) src++; @@ -61,7 +62,7 @@ strtouv64( return res; } - memset(&res, 0, sizeof(res)); + ZERO(res); while (*src) { if (isdigit(*src)) digit = *src - '0'; @@ -97,7 +98,7 @@ strtouv64( if (!num) errno = EINVAL; if (endp) - *endp = (const char *)src; + *endp = (char *)src; if (sig) M_NEG(res.D_s.hi, res.D_s.lo); return res; diff --git a/libntp/work_thread.c b/libntp/work_thread.c index c1fe5c20c995..0d15c6e36e6f 100644 --- a/libntp/work_thread.c +++ b/libntp/work_thread.c @@ -376,8 +376,12 @@ send_blocking_resp_internal( { # ifdef WORK_PIPE if (1 != write(c->resp_write_pipe, "", 1)) - msyslog(LOG_WARNING, "async resolver: %s", - "failed to notify main thread!"); + msyslog(LOG_WARNING, "async resolver: blocking_get%sinfo" + " failed to notify main thread!", + (BLOCKING_GETNAMEINFO == resp->rtype) + ? "name" + : "addr" + ); # else tickle_sem(c->responses_pending); # endif @@ -489,7 +493,7 @@ start_blocking_thread( /* -------------------------------------------------------------------- * Create a worker thread. There are several differences between POSIX - * and Windows, of course -- most notably the Windows thread is no + * and Windows, of course -- most notably the Windows thread is a * detached thread, and we keep the handle around until we want to get * rid of the thread. The notification scheme also differs: Windows * makes use of semaphores in both directions, POSIX uses a pipe for @@ -520,9 +524,12 @@ start_blocking_thread_internal( } /* remember the thread priority is only within the process class */ if (!SetThreadPriority(c->thr_table[0].thnd, - THREAD_PRIORITY_BELOW_NORMAL)) + THREAD_PRIORITY_BELOW_NORMAL)) { msyslog(LOG_ERR, "Error lowering blocking thread priority: %m"); - + } + if (NULL != pSetThreadDescription) { + (*pSetThreadDescription)(c->thr_table[0].thnd, L"ntp_worker"); + } resumed = ResumeThread(c->thr_table[0].thnd); DEBUG_INSIST(resumed); c->thread_ref = &c->thr_table[0]; diff --git a/libparse/Makefile.am b/libparse/Makefile.am index a4a3ed264f2f..f88e3b2af36d 100644 --- a/libparse/Makefile.am +++ b/libparse/Makefile.am @@ -94,14 +94,9 @@ AM_LDFLAGS = $(NTP_HARD_LDFLAGS) EXTRA_DIST = parsesolaris.c parsestreams.c mkinfo_scmd.sed mkinfo_rcmd.sed info_trimble.c info_trimble.c: $(top_srcdir)/include/trimble.h $(srcdir)/Makefile.am $(srcdir)/mkinfo_scmd.sed $(srcdir)/mkinfo_rcmd.sed - sed -n -f $(srcdir)/mkinfo_scmd.sed $(top_srcdir)/include/trimble.h > info_trimble.new - sed -n -f $(srcdir)/mkinfo_rcmd.sed $(top_srcdir)/include/trimble.h >> info_trimble.new - mv -f info_trimble.new $@ - -#$(srcdir)/info_trimble.c: $(top_srcdir)/include/trimble.h $(srcdir)/Makefile.am $(srcdir)/mkinfo_scmd.sed $(srcdir)/mkinfo_rcmd.sed -# sed -n -f $(srcdir)/mkinfo_scmd.sed $(top_srcdir)/include/trimble.h > info_trimble.new -# sed -n -f $(srcdir)/mkinfo_rcmd.sed $(top_srcdir)/include/trimble.h >> info_trimble.new -# mv -f info_trimble.new $@ + $(AM_V_at)$(SED) -n -f $(srcdir)/mkinfo_scmd.sed $(top_srcdir)/include/trimble.h > info_trimble.new + $(AM_V_at)$(SED) -n -f $(srcdir)/mkinfo_rcmd.sed $(top_srcdir)/include/trimble.h >> info_trimble.new + $(AM_V_at)mv -f info_trimble.new $@ kieee754io.o: $(srcdir)/ieee754io.c $(COMPILE) $(K_CFLAGS) -c $(srcdir)/ieee754io.c -o $@ @@ -165,11 +160,11 @@ parse: $(parsesolaris_OBJECTS) libparse_kernel.a ../libntp/libntp.a parsesolaris.o: sys/systm.h -# [Bug3608] Solaris has inconsistent definitions of ffs() and fls(). Drop the +# [Bug 3608] Solaris has inconsistent definitions of ffs() and fls(). Drop the # ones from 'systm.h'. sys/systm.h: -mkdir sys - sed -e '/f[fl]s(.*)/d' < /usr/include/sys/systm.h > sys/systm.h + $(SED) -e '/f[fl]s(.*)/d' < /usr/include/sys/systm.h > sys/systm.h ## check-libparse is invoked by ntpd/Makefile.am check-libparse: $(noinst_LIBRARIES) diff --git a/libparse/Makefile.in b/libparse/Makefile.in index 07a0204c477b..75d5ad2a98c5 100644 --- a/libparse/Makefile.in +++ b/libparse/Makefile.in @@ -90,6 +90,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = parsestreams$(EXEEXT) parsesolaris$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = libparse ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -423,6 +424,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -522,9 +524,9 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = -BUILT_SOURCES = $(VPHACK) info_trimble.c $(VPHACK_AFTER) check-libntp \ - .deps-ver -CLEANFILES = check-libntp .deps-ver +BUILT_SOURCES = $(VPHACK) info_trimble.c $(VPHACK_AFTER) \ + $(am__append_1) .deps-ver +CLEANFILES = .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver noinst_LIBRARIES = @MAKE_LIBPARSE@ @MAKE_LIBPARSE_KERNEL@ EXTRA_LIBRARIES = libparse.a libparse_kernel.a @@ -998,14 +1000,9 @@ vphack_after: ) info_trimble.c: $(top_srcdir)/include/trimble.h $(srcdir)/Makefile.am $(srcdir)/mkinfo_scmd.sed $(srcdir)/mkinfo_rcmd.sed - sed -n -f $(srcdir)/mkinfo_scmd.sed $(top_srcdir)/include/trimble.h > info_trimble.new - sed -n -f $(srcdir)/mkinfo_rcmd.sed $(top_srcdir)/include/trimble.h >> info_trimble.new - mv -f info_trimble.new $@ - -#$(srcdir)/info_trimble.c: $(top_srcdir)/include/trimble.h $(srcdir)/Makefile.am $(srcdir)/mkinfo_scmd.sed $(srcdir)/mkinfo_rcmd.sed -# sed -n -f $(srcdir)/mkinfo_scmd.sed $(top_srcdir)/include/trimble.h > info_trimble.new -# sed -n -f $(srcdir)/mkinfo_rcmd.sed $(top_srcdir)/include/trimble.h >> info_trimble.new -# mv -f info_trimble.new $@ + $(AM_V_at)$(SED) -n -f $(srcdir)/mkinfo_scmd.sed $(top_srcdir)/include/trimble.h > info_trimble.new + $(AM_V_at)$(SED) -n -f $(srcdir)/mkinfo_rcmd.sed $(top_srcdir)/include/trimble.h >> info_trimble.new + $(AM_V_at)mv -f info_trimble.new $@ kieee754io.o: $(srcdir)/ieee754io.c $(COMPILE) $(K_CFLAGS) -c $(srcdir)/ieee754io.c -o $@ @@ -1069,20 +1066,19 @@ parse: $(parsesolaris_OBJECTS) libparse_kernel.a ../libntp/libntp.a parsesolaris.o: sys/systm.h -# [Bug3608] Solaris has inconsistent definitions of ffs() and fls(). Drop the +# [Bug 3608] Solaris has inconsistent definitions of ffs() and fls(). Drop the # ones from 'systm.h'. sys/systm.h: -mkdir sys - sed -e '/f[fl]s(.*)/d' < /usr/include/sys/systm.h > sys/systm.h + $(SED) -e '/f[fl]s(.*)/d' < /usr/include/sys/systm.h > sys/systm.h check-libparse: $(noinst_LIBRARIES) @: do-nothing action to avoid default SCCS get -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/libparse/clk_computime.c b/libparse/clk_computime.c index 7273ac762e37..10ec9a7c1c97 100644 --- a/libparse/clk_computime.c +++ b/libparse/clk_computime.c @@ -182,7 +182,7 @@ inp_computime( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_COMPUTIME) */ -int clk_computime_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_COMPUTIME) */ /* diff --git a/libparse/clk_dcf7000.c b/libparse/clk_dcf7000.c index 0621cd5649e4..4aeb4c39ba9f 100644 --- a/libparse/clk_dcf7000.c +++ b/libparse/clk_dcf7000.c @@ -176,7 +176,7 @@ inp_dcf7000( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_DCF7000) */ -int clk_dcf7000_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_DCF7000) */ /* diff --git a/libparse/clk_hopf6021.c b/libparse/clk_hopf6021.c index b0b0c1ff2a73..436c92cb3b88 100644 --- a/libparse/clk_hopf6021.c +++ b/libparse/clk_hopf6021.c @@ -20,6 +20,8 @@ # include <config.h> #endif +#include "ntp_types.h" + #if defined(REFCLOCK) && defined(CLOCK_PARSE) && defined(CLOCK_HOPF6021) #include "ntp_fp.h" diff --git a/libparse/clk_meinberg.c b/libparse/clk_meinberg.c index e4ebf0acc605..1aa839bfd15a 100644 --- a/libparse/clk_meinberg.c +++ b/libparse/clk_meinberg.c @@ -733,7 +733,7 @@ gps_input( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_MEINBERG) */ -int clk_meinberg_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_MEINBERG) */ /* diff --git a/libparse/clk_rawdcf.c b/libparse/clk_rawdcf.c index 3fa74997c9bf..9b6eeafb163f 100644 --- a/libparse/clk_rawdcf.c +++ b/libparse/clk_rawdcf.c @@ -742,7 +742,7 @@ inp_rawdcf( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_RAWDCF) */ -int clk_rawdcf_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_RAWDCF) */ /* diff --git a/libparse/clk_rcc8000.c b/libparse/clk_rcc8000.c index 11d52acc5a24..e9bb115da4f5 100644 --- a/libparse/clk_rcc8000.c +++ b/libparse/clk_rcc8000.c @@ -163,7 +163,7 @@ inp_rcc8000( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_RCC8000) */ -int clk_rcc8000_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_RCC8000) */ /* diff --git a/libparse/clk_schmid.c b/libparse/clk_schmid.c index d85b1a5da512..5dd52047aa0f 100644 --- a/libparse/clk_schmid.c +++ b/libparse/clk_schmid.c @@ -222,7 +222,7 @@ inp_schmid( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_SCHMID) */ -int clk_schmid_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_SCHMID) */ /* diff --git a/libparse/clk_sel240x.c b/libparse/clk_sel240x.c index b1390b4cefb1..f27b662491f1 100644 --- a/libparse/clk_sel240x.c +++ b/libparse/clk_sel240x.c @@ -168,5 +168,5 @@ cvt_sel240x( unsigned char *buffer, } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_SEL240X) */ -int clk_sel240x_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_SEL240X) */ diff --git a/libparse/clk_trimtaip.c b/libparse/clk_trimtaip.c index a60d01ec1870..ce930952ffa2 100644 --- a/libparse/clk_trimtaip.c +++ b/libparse/clk_trimtaip.c @@ -181,7 +181,7 @@ inp_trimtaip( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_TRIMTAIP) */ -int clk_trimtaip_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_TRIMTAIP) */ /* diff --git a/libparse/clk_trimtsip.c b/libparse/clk_trimtsip.c index 8cf5660657cc..5af69d349eea 100644 --- a/libparse/clk_trimtsip.c +++ b/libparse/clk_trimtsip.c @@ -388,7 +388,7 @@ cvt_trimtsip( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_TRIMTSIP && !PARSESTREAM) */ -int clk_trimtsip_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_TRIMTSIP && !PARSESTREAM) */ /* diff --git a/libparse/clk_varitext.c b/libparse/clk_varitext.c index 0d830354d799..a4c6d31b797a 100644 --- a/libparse/clk_varitext.c +++ b/libparse/clk_varitext.c @@ -252,7 +252,7 @@ inp_varitext( } #else /* not (REFCLOCK && CLOCK_PARSE && CLOCK_VARITEXT) */ -int clk_varitext_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE && CLOCK_VARITEXT) */ /* diff --git a/libparse/clk_wharton.c b/libparse/clk_wharton.c index fbe9cc95f5f7..2df425bc67b7 100644 --- a/libparse/clk_wharton.c +++ b/libparse/clk_wharton.c @@ -9,6 +9,8 @@ #include <config.h> #endif +#include "ntp_types.h" + #if defined(REFCLOCK) && defined(CLOCK_PARSE) && defined(CLOCK_WHARTON_400A) /* * Support for WHARTON 400A Series clock + 404.2 serial interface. diff --git a/libparse/ieee754io.c b/libparse/ieee754io.c index 61bc8533b0d7..b41a96c2170e 100644 --- a/libparse/ieee754io.c +++ b/libparse/ieee754io.c @@ -50,8 +50,6 @@ static void put_byte (unsigned char *, offsets_t, int *, unsigned char); #ifdef LIBDEBUG -#include "lib_strbuf.h" - static char * fmt_blong( unsigned long val, @@ -396,7 +394,22 @@ fetch_ieee754( } } } - + +/* + * DLH: This function is currently unused in ntpd. If you think about + * using it, be sure it does what you intend. I notice the bufpp arg + * is never referenced, and the calculated mantissa_high & mantissa_low + * are only referenced in debug output. It seems they're supposed to + * be composed into an ieee754-format float and stored at *bufpp or + * possibly **bufpp. Brought to my attention by this: + * + * ieee754io.c:414:10: warning: variable 'mantissa_low' set but not used + * [-Wunused-but-set-variable] + * + * To quiet it I'm #ifdef'ing the function away for now, here and below + * the call to it in main(). + */ +#ifdef PUT_IEEE754_UNUSED_FUNC int put_ieee754( unsigned char **bufpp, @@ -536,6 +549,7 @@ put_ieee754( } return IEEE_OK; } +#endif /* PUT_IEEE754_UNUSED_FUNC */ #if defined(DEBUG) && defined(LIBDEBUG) @@ -562,8 +576,11 @@ int main( printf("fetch from %f = %d\n", f, fetch_ieee754((void *)&f_p, IEEE_DOUBLE, &fp, native_off)); printf("fp [%s %s] = %s\n", fmt_blong(fp.l_ui, 32), fmt_blong(fp.l_uf, 32), mfptoa(fp.l_ui, fp.l_uf, 15)); f_p = &f; +#ifdef PUT_IEEE754_UNUSED_FUNC put_ieee754((void *)&f_p, IEEE_DOUBLE, &fp, native_off); - +/* there should be a check on *f_p (f) having the expected result here */ +#endif /* PUT_IEEE754_UNUSED_FUNC */ + return 0; } diff --git a/libparse/parse.c b/libparse/parse.c index 69395ac4a560..56f2c3702bd8 100644 --- a/libparse/parse.c +++ b/libparse/parse.c @@ -875,7 +875,7 @@ parse_setcs( } #else /* not (REFCLOCK && CLOCK_PARSE) */ -int parse_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE) */ /* diff --git a/libparse/parse_conf.c b/libparse/parse_conf.c index 37871c9de887..ad7a47aa937f 100644 --- a/libparse/parse_conf.c +++ b/libparse/parse_conf.c @@ -148,7 +148,7 @@ clockformat_t *clockformats[] = unsigned short nformats = sizeof(clockformats) / sizeof(clockformats[0]) - 1; #else /* not (REFCLOCK && CLOCK_PARSE) */ -int parse_conf_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_PARSE) */ /* diff --git a/ntpd/Makefile.in b/ntpd/Makefile.in index a9a338e11f16..8f6d2833180b 100644 --- a/ntpd/Makefile.in +++ b/ntpd/Makefile.in @@ -97,6 +97,7 @@ build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = check_y2k$(EXEEXT) keyword-gen$(EXEEXT) ntpd$(EXEEXT) \ ntpdsim$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = ntpd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -551,6 +552,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -688,8 +690,8 @@ B_S_DIST = \ $(NULL) BUILT_SOURCES = $(VPHACK) $(LIBPARSE) ntp_parser.c ntp_parser.h \ - $(VPHACK_AFTER) $(B_S_DIST) $(NULL) check-libopts check-libntp \ - .deps-ver + $(VPHACK_AFTER) $(B_S_DIST) $(NULL) check-libopts \ + $(am__append_1) .deps-ver man1_MANS = man5_MANS = ntp.conf.5 ntp.keys.5 man8_MANS = @@ -708,7 +710,7 @@ CLEANFILES = check-psl0 check-psl1 check-psl2 check-pslsaveconfig \ psl0save.conf psl0save.conf+ psl1save.conf psl1save.conf+ \ psl2save.conf psl2save.conf+ .version version.c ntpd-version.c \ sim-version.c $(EXTRA_PROGRAMS) $(NULL) check-libopts \ - check-libntp .deps-ver + .deps-ver EXTRA_DIST = \ complete.conf.in \ invoke-ntp.conf.menu \ @@ -2124,18 +2126,16 @@ check-libopts: ../sntp/libopts/libopts.la ../sntp/libopts/libopts.la: -cd ../sntp/libopts && $(MAKE) $(AM_MAKEFLAGS) libopts.la -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(top_srcdir)/sntp/scm-rev: FRC.scm-rev $(AM_V_GEN)cd $(top_builddir)/sntp && $(MAKE) $(AM_MAKEFLAGS) check-scm-rev +.PHONY: FRC.scm-rev FRC.scm-rev: - @: FRC.scm-rev "force" depends on nothing and is not a file, so is \ - always out-of-date causing targets which depend on it to also \ - be outdated so their rules to fire each time they are built. + @: FRC.scm-rev is always out of date, triggering the check every make invocation. $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/ntpd/cmd_args.c b/ntpd/cmd_args.c index aa461cb4dbe6..a604feb00b54 100644 --- a/ntpd/cmd_args.c +++ b/ntpd/cmd_args.c @@ -178,16 +178,14 @@ getCmdOpts( if (HAVE_OPT( UPDATEINTERVAL )) { long val = OPT_VALUE_UPDATEINTERVAL; - - if (val >= 0) - interface_interval = val; - else { - fprintf(stderr, - "command line interface update interval %ld must not be negative\n", - val); - msyslog(LOG_ERR, - "command line interface update interval %ld must not be negative", - val); + const char errfmt[] = + "-U/--updateinterval %ld must be >= 0\n"; + + if (val >= 0) { + endpt_scan_period = val; + } else { + fprintf(stderr, errfmt, val); + msyslog(LOG_ERR, errfmt, val); errflg++; } } diff --git a/ntpd/complete.conf.in b/ntpd/complete.conf.in index 77b619773fbf..adda4e4fa921 100644 --- a/ntpd/complete.conf.in +++ b/ntpd/complete.conf.in @@ -33,40 +33,45 @@ tinker allan 1500 dispersion 15 freq 0 huffpuff 7200 panic 1000 step 0.128 stepo broadcastclient server 127.127.1.0 mode 4294967295 prefer true fudge 127.127.1.0 time1 0 time2 1.1 stratum 7 refid Abcd minjitter 0.2 -pool 0.north-america.pool.ntp.org. iburst preempt -server 1.north-america.pool.ntp.org. iburst -server -4 2.north-america.pool.ntp.org. minpoll 6 maxpoll 10 iburst -server -6 ntp.davehart.net. minpoll 6 maxpoll 10 version 5 burst iburst -peer -6 davehart.broker.freenet6.net. ident "autokey-group" xleave autokey -peer -4 192.168.192.168 key 1 noselect +pool 2.ubuntu.pool.ntp.org. iburst preempt +pool 2.freebsd.pool.ntp.org. iburst +server -6 2.debian.pool.ntp.org. minpoll 6 maxpoll 10 iburst +server -4 ntp.davehart.net. minpoll 6 maxpoll 10 version 5 burst iburst +peer -6 ntp.md. ident "autokey-group" xleave autokey +peer -4 198.51.100.123 key 1 noselect server [fe80::123%1] xmtnonce -broadcast 192.168.192.255 -manycastclient 224.0.1.1 -manycastclient ff05::101 +broadcast 192.0.2.255 +manycastclient 224.0.1.1 key 14 iburst +manycastclient ff05::101 maxpoll 6 key 1 manycastserver 224.0.1.1 ff05::101 multicastclient 224.0.1.1 ff05::101 mru maxage 64 mindepth 600 initalloc 600 initmem 16 incalloc 99 incmem 4 maxdepth 1024 maxmem 4096 discard minimum 1 average 3 monitor 3000 pollskewlist 3 1|2 4 3|4 default 6|7 -restrict default ippeerlimit -1 -restrict default ippeerlimit 0 nomodify limited kod noserve nomrulist +restrict default +restrict default ippeerlimit 0 nomodify limited kod nopeer noserve nomrulist restrict source ippeerlimit 1 restrict source ippeerlimit 2 nomodify limited kod -restrict trusted.host.name.example.com. ippeerlimit -1 nomodify -restrict [fe80::1] mask [ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ippeerlimit -1 -restrict 127.0.0.1 mask 255.255.255.255 ippeerlimit -1 -restrict 127.0.0.2 ippeerlimit -1 serverresponse fuzz -restrict ::1 ippeerlimit -1 +restrict trusted.host.name.example.com. nomodify +delrestrict trusted.host.name.example.com. +restrict 192.0.2.66 epeer flake lowpriotrap mssntp noepeer noquery notrap notrust ntpport version +delrestrict source 192.0.2.123 +delrestrict source [2001:db8::123] +restrict fe80::1 +restrict 127.0.0.1 +restrict ::1 +restrict 198.51.100.123 serverresponse fuzz +restrict fec0:: mask [ffff::] ignore interface drop ipv6 interface ignore ipv4 interface drop wildcard interface listen eth0 interface listen ipv6 -interface listen 192.168.192.0/24 -interface listen 192.168.193.1 +interface listen 203.0.113.0/24 +interface listen 192.0.2.123 phone "ATDT13034944774" "ATDT12027621594" setvar varnondef = "this variable does not have default after the value" setvar vanity = "name plate" default trap 127.0.0.1 interface 127.0.0.1 port 1234 -trap 127.0.0.2 +trap 192.0.2.2 reset allpeers auth ctl io mem sys timer diff --git a/ntpd/invoke-ntp.conf.texi b/ntpd/invoke-ntp.conf.texi index 86a039ea6f49..1f232a313f57 100644 --- a/ntpd/invoke-ntp.conf.texi +++ b/ntpd/invoke-ntp.conf.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.conf.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:37:38 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:03:56 AM by AutoGen 5.18.16 # From the definitions ntp.conf.def # and the template file agtexi-file.tpl @end ignore @@ -251,27 +251,15 @@ include authentication fields encrypted using the autokey scheme described in @ref{Authentication Options}. @item @code{burst} -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -@code{calldelay} -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the @code{server} command and s addresses. @item @code{iburst} When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -@code{calldelay} -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the @code{server} @@ -833,7 +821,7 @@ The argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,535, inclusive. -@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{sign} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]} +@item @code{crypto} @code{[@code{cert} @kbd{file}]} @code{[@code{leap} @kbd{file}]} @code{[@code{randfile} @kbd{file}]} @code{[@code{host} @kbd{file}]} @code{[@code{gq} @kbd{file}]} @code{[@code{gqpar} @kbd{file}]} @code{[@code{iffpar} @kbd{file}]} @code{[@code{mvpar} @kbd{file}]} @code{[@code{pw} @kbd{password}]} This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature @@ -890,14 +878,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -@item @code{sign} @kbd{file} -Specifies the location of the optional sign key file. -This overrides -the link -@file{ntpkey_sign_}@kbd{hostname} -in the keys directory. -If this file is -not found, the host key is also the sign key. @end table @item @code{keys} @kbd{keyfile} Specifies the complete path and location of the MD5 key file @@ -1477,25 +1457,26 @@ by default the probability of replacing it with an entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. -@item @code{restrict} @code{address} @code{[@code{mask} @kbd{mask}]} @code{[@code{ippeerlimit} @kbd{int}]} @code{[@kbd{flag} @kbd{...}]} +@item @code{restrict} @kbd{address} @code{[@code{mask} @kbd{mask}]} @code{[@code{ippeerlimit} @kbd{int}]} @code{[@kbd{flag} @kbd{...}]} The @kbd{address} argument expressed in -dotted-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the @kbd{address} -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +@kbd{mask} +is ignored and an individual host mask is +used for each entry. The @kbd{mask} -argument expressed in dotted-quad form defaults to -@code{255.255.255.255}, -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the @kbd{address} is treated as the address of an individual host. -A default entry (address -@code{0.0.0.0}, -mask -@code{0.0.0.0}) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string @code{default}, @@ -1532,12 +1513,12 @@ and @code{ntpdc(1ntpdcmdoc)} queries. @item @code{kod} -If this flag is set when an access violation occurs, a kiss-o'-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss-o'-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +@code{discard} @code{average} +defaulting to 8s. Otherwise, no response is sent. @item @code{limited} Deny service if the packet spacing violates the lower limits specified in the @@ -1627,15 +1608,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies @code{ntpport} -and -@code{non-ntpport} -may -be specified. +and the other does not. The @code{ntpport} -is considered more specific and +entry is considered more specific and is sorted later in the list. @item @code{serverresponse fuzz} When reponding to server requests, @@ -1647,12 +1626,28 @@ Deny packets that do not match the current NTP version. Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +@code{manycastclient} +when +@code{manycast} +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +@item @code{delrestrict} @code{[source]} @kbd{address} +Remove a previously-set restriction. This is useful for +runtime configuration via +@code{ntpq(1ntpqmdoc)} +. If +@code{source} +is specified, a dynamic restriction created from the +@code{restrict} @code{source} +template at the time +an association was added is removed. Without +@code{source} +a static restriction is removed. @end table @node Automatic NTP Configuration Options @subsection Automatic NTP Configuration Options @@ -2357,10 +2352,6 @@ Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. -@item @code{calldelay} @kbd{delay} -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. @item @code{driftfile} @kbd{driftfile} This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. diff --git a/ntpd/invoke-ntp.keys.texi b/ntpd/invoke-ntp.keys.texi index 3926518de3a2..189829f8516d 100644 --- a/ntpd/invoke-ntp.keys.texi +++ b/ntpd/invoke-ntp.keys.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp.keys.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:37:41 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:03:59 AM by AutoGen 5.18.16 # From the definitions ntp.keys.def # and the template file agtexi-file.tpl @end ignore diff --git a/ntpd/invoke-ntpd.texi b/ntpd/invoke-ntpd.texi index 471bca5b86c8..ae05d92be524 100644 --- a/ntpd/invoke-ntpd.texi +++ b/ntpd/invoke-ntpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpd.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:37:42 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:04:00 AM by AutoGen 5.18.16 # From the definitions ntpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -142,7 +142,7 @@ with a status code of 0. @exampleindent 0 @example -ntpd - NTP daemon program - Ver. 4.2.8p17 +ntpd - NTP daemon program - Ver. 4.2.8p18 Usage: ntpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \ [ <server1> ... <serverN> ] Flg Arg Option-Name Description diff --git a/ntpd/keyword-gen-utd b/ntpd/keyword-gen-utd index 0eb94005b839..60bc132ce064 100644 --- a/ntpd/keyword-gen-utd +++ b/ntpd/keyword-gen-utd @@ -1 +1 @@ - * Generated 2022-03-27 14:17:11 UTC diff_ignore_line + * Generated 2023-09-25 05:34:02 UTC diff_ignore_line diff --git a/ntpd/keyword-gen.c b/ntpd/keyword-gen.c index 104d95e8b3e1..014227a2ba08 100644 --- a/ntpd/keyword-gen.c +++ b/ntpd/keyword-gen.c @@ -23,7 +23,6 @@ #include <ntp_stdlib.h> #include <ntp_config.h> -#include <lib_strbuf.h> #include "ntp_scanner.h" #include "ntp_parser.h" @@ -45,6 +44,7 @@ struct key_tok ntp_keywords[] = { { "broadcastdelay", T_Broadcastdelay, FOLLBY_TOKEN }, { "checkhash", T_Checkhash, FOLLBY_TOKEN }, { "ctl", T_Ctl, FOLLBY_TOKEN }, +{ "delrestrict", T_Delrestrict, FOLLBY_TOKEN }, { "device", T_Device, FOLLBY_STRING }, { "disable", T_Disable, FOLLBY_TOKEN }, { "driftfile", T_Driftfile, FOLLBY_STRING }, diff --git a/ntpd/ntp.conf.5man b/ntpd/ntp.conf.5man index 4e7a47ab83ef..d5a82190c0b0 100644 --- a/ntpd/ntp.conf.5man +++ b/ntpd/ntp.conf.5man @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5man "06 Jun 2023" "4.2.8p17" "File Formats" +.TH ntp.conf 5man "25 May 2024" "4.2.8p18" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:45 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:03 AM by AutoGen 5.18.16 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -291,28 +291,16 @@ described in \fIAuthentication\f[] \fIOptions\f[]. .TP 7 .NOP \f\*[B-Font]burst\f[] -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -\f\*[B-Font]calldelay\f[] -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the \f\*[B-Font]server\f[] command and s addresses. .TP 7 .NOP \f\*[B-Font]iburst\f[] When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -\f\*[B-Font]calldelay\f[] -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the \f\*[B-Font]server\f[] @@ -938,7 +926,7 @@ argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,535, inclusive. .TP 7 -.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] +.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature @@ -1003,15 +991,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -.TP 7 -.NOP \f\*[B-Font]sign\f[] \f\*[I-Font]file\f[] -Specifies the location of the optional sign key file. -This overrides -the link -\fIntpkey_sign_\f[]\f\*[I-Font]hostname\f[] -in the keys directory. -If this file is -not found, the host key is also the sign key. .RE .TP 7 .NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[] @@ -1679,25 +1658,26 @@ entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. .TP 7 -.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]] +.NOP \f\*[B-Font]restrict\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]] The \f\*[I-Font]address\f[] argument expressed in -dotted-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the \f\*[I-Font]address\f[] -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +\f\*[I-Font]mask\f[] +is ignored and an individual host mask is +used for each entry. The \f\*[I-Font]mask\f[] -argument expressed in dotted-quad form defaults to -\f\*[B-Font]255.255.255.255\f[], -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the \f\*[I-Font]address\f[] is treated as the address of an individual host. -A default entry (address -\f\*[B-Font]0.0.0.0\f[], -mask -\f\*[B-Font]0.0.0.0\f[]) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string \f\*[B-Font]default\f[], @@ -1736,12 +1716,12 @@ and queries. .TP 7 .NOP \f\*[B-Font]kod\f[] -If this flag is set when an access violation occurs, a kiss-o'-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss-o'-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +\f\*[B-Font]discard\f[] \f\*[B-Font]average\f[] +defaulting to 8s. Otherwise, no response is sent. .TP 7 .NOP \f\*[B-Font]limited\f[] Deny service if the packet spacing violates the lower limits specified @@ -1841,15 +1821,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies \f\*[B-Font]ntpport\f[] -and -\f\*[B-Font]non-ntpport\f[] -may -be specified. +and the other does not. The \f\*[B-Font]ntpport\f[] -is considered more specific and +entry is considered more specific and is sorted later in the list. .TP 7 .NOP \f\*[B-Font]serverresponse fuzz\f[] @@ -1865,12 +1843,29 @@ Deny packets that do not match the current NTP version. Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +\f\*[B-Font]manycastclient\f[] +when +\f\*[B-Font]manycast\f[] +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +.TP 7 +.NOP \f\*[B-Font]delrestrict\f[] [source] \f\*[I-Font]address\f[] +Remove a previously-set restriction. This is useful for +runtime configuration via +\fCntpq\f[]\fR(1ntpqmdoc)\f[] +. If +\f\*[B-Font]source\f[] +is specified, a dynamic restriction created from the +\f\*[B-Font]restrict\f[] \f\*[B-Font]source\f[] +template at the time +an association was added is removed. Without +\f\*[B-Font]source\f[] +a static restriction is removed. .PP .SH Automatic NTP Configuration Options .SS Manycasting @@ -2635,11 +2630,6 @@ number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. .TP 7 -.NOP \f\*[B-Font]calldelay\f[] \f\*[I-Font]delay\f[] -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. -.TP 7 .NOP \f\*[B-Font]driftfile\f[] \f\*[I-Font]driftfile\f[] This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. @@ -3461,7 +3451,7 @@ RFC5905 .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS The syntax checking is not picky; some combinations of diff --git a/ntpd/ntp.conf.5mdoc b/ntpd/ntp.conf.5mdoc index 951f33da4faa..b950e92cdeb9 100644 --- a/ntpd/ntp.conf.5mdoc +++ b/ntpd/ntp.conf.5mdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_CONF 5mdoc File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:32 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:03:50 AM by AutoGen 5.18.16 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -294,27 +294,15 @@ include authentication fields encrypted using the autokey scheme described in .Sx Authentication Options . .It Cm burst -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the .Ic server command and s addresses. .It Cm iburst When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the .Ic server @@ -889,7 +877,6 @@ range 1 to 65,535, inclusive. .Op Cm leap Ar file .Op Cm randfile Ar file .Op Cm host Ar file -.Op Cm sign Ar file .Op Cm gq Ar file .Op Cm gqpar Ar file .Op Cm iffpar Ar file @@ -952,14 +939,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -.It Cm sign Ar file -Specifies the location of the optional sign key file. -This overrides -the link -.Pa ntpkey_sign_ Ns Ar hostname -in the keys directory. -If this file is -not found, the host key is also the sign key. .El .It Ic keys Ar keyfile Specifies the complete path and location of the MD5 key file @@ -1546,7 +1525,8 @@ by default the probability of replacing it with an entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. -.It Xo Ic restrict address +.It Xo Ic restrict +.Ar address .Op Cm mask Ar mask .Op Cm ippeerlimit Ar int .Op Ar flag ... @@ -1554,21 +1534,22 @@ than 3000 seconds old, the probability is 100%. The .Ar address argument expressed in -dotted\-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the .Ar address -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +.Ar mask +is ignored and an individual host mask is +used for each entry. The .Ar mask -argument expressed in dotted\-quad form defaults to -.Cm 255.255.255.255 , -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the .Ar address is treated as the address of an individual host. -A default entry (address -.Cm 0.0.0.0 , -mask -.Cm 0.0.0.0 ) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string .Cm default , @@ -1605,12 +1586,12 @@ and .Xr ntpdc 1ntpdcmdoc queries. .It Cm kod -If this flag is set when an access violation occurs, a kiss\-o'\-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss\-o'\-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +.Cm discard average +defaulting to 8s. Otherwise, no response is sent. .It Cm limited Deny service if the packet spacing violates the lower limits specified in the @@ -1700,15 +1681,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies .Cm ntpport -and -.Cm non\-ntpport -may -be specified. +and the other does not. The .Cm ntpport -is considered more specific and +entry is considered more specific and is sorted later in the list. .It Ic "serverresponse fuzz" When reponding to server requests, @@ -1720,12 +1699,31 @@ Deny packets that do not match the current NTP version. .Pp Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +.Cm manycastclient +when +.Cm manycast +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +.It Xo Ic delrestrict +.Op source +.Ar address +.Xc +Remove a previously\-set restriction. This is useful for +runtime configuration via +.Xr ntpq 1ntpqmdoc +. If +.Cm source +is specified, a dynamic restriction created from the +.Cm restrict source +template at the time +an association was added is removed. Without +.Cm source +a static restriction is removed. .El .Sh Automatic NTP Configuration Options .Ss Manycasting @@ -2462,10 +2460,6 @@ Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. -.It Ic calldelay Ar delay -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. .It Ic driftfile Ar driftfile This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. @@ -3302,7 +3296,7 @@ A snapshot of this documentation is available in HTML format in .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS The syntax checking is not picky; some combinations of diff --git a/ntpd/ntp.conf.def b/ntpd/ntp.conf.def index 03dd8b808099..444e3b35e351 100644 --- a/ntpd/ntp.conf.def +++ b/ntpd/ntp.conf.def @@ -296,27 +296,15 @@ include authentication fields encrypted using the autokey scheme described in .Sx Authentication Options . .It Cm burst -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the .Ic server command and s addresses. .It Cm iburst When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the .Ic server @@ -892,7 +880,6 @@ range 1 to 65,535, inclusive. .Op Cm leap Ar file .Op Cm randfile Ar file .Op Cm host Ar file -.Op Cm sign Ar file .Op Cm gq Ar file .Op Cm gqpar Ar file .Op Cm iffpar Ar file @@ -955,14 +942,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -.It Cm sign Ar file -Specifies the location of the optional sign key file. -This overrides -the link -.Pa ntpkey_sign_ Ns Ar hostname -in the keys directory. -If this file is -not found, the host key is also the sign key. .El .It Ic keys Ar keyfile Specifies the complete path and location of the MD5 key file @@ -1549,7 +1528,8 @@ by default the probability of replacing it with an entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. -.It Xo Ic restrict address +.It Xo Ic restrict +.Ar address .Op Cm mask Ar mask .Op Cm ippeerlimit Ar int .Op Ar flag ... @@ -1557,21 +1537,22 @@ than 3000 seconds old, the probability is 100%. The .Ar address argument expressed in -dotted-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the .Ar address -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +.Ar mask +is ignored and an individual host mask is +used for each entry. The .Ar mask -argument expressed in dotted-quad form defaults to -.Cm 255.255.255.255 , -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the .Ar address is treated as the address of an individual host. -A default entry (address -.Cm 0.0.0.0 , -mask -.Cm 0.0.0.0 ) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string .Cm default , @@ -1608,12 +1589,12 @@ and .Xr ntpdc 1ntpdcmdoc queries. .It Cm kod -If this flag is set when an access violation occurs, a kiss-o'-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss-o'-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +.Cm discard average +defaulting to 8s. Otherwise, no response is sent. .It Cm limited Deny service if the packet spacing violates the lower limits specified in the @@ -1703,15 +1684,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies .Cm ntpport -and -.Cm non-ntpport -may -be specified. +and the other does not. The .Cm ntpport -is considered more specific and +entry is considered more specific and is sorted later in the list. .It Ic "serverresponse fuzz" When reponding to server requests, @@ -1723,12 +1702,31 @@ Deny packets that do not match the current NTP version. .Pp Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +.Cm manycastclient +when +.Cm manycast +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +.It Xo Ic delrestrict +.Op source +.Ar address +.Xc +Remove a previously-set restriction. This is useful for +runtime configuration via +.Xr ntpq 1ntpqmdoc +. If +.Cm source +is specified, a dynamic restriction created from the +.Cm restrict source +template at the time +an association was added is removed. Without +.Cm source +a static restriction is removed. .El .Sh Automatic NTP Configuration Options .Ss Manycasting @@ -2465,10 +2463,6 @@ Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. -.It Ic calldelay Ar delay -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. .It Ic driftfile Ar driftfile This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. diff --git a/ntpd/ntp.conf.html b/ntpd/ntp.conf.html index f7f0b4bef931..ea82c6783a4b 100644 --- a/ntpd/ntp.conf.html +++ b/ntpd/ntp.conf.html @@ -50,7 +50,7 @@ Next: <a href="#ntp_002econf-Description" accesskey="n" rel="next">ntp.conf Desc <p>This document describes the configuration file for the NTP Project’s <code>ntpd</code> program. </p> -<p>This document applies to version 4.2.8p17 of <code>ntp.conf</code>. +<p>This document applies to version 4.2.8p18 of <code>ntp.conf</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -362,28 +362,16 @@ described in ‘Authentication Options’. </p></dd> <dt><code>burst</code></dt> -<dd><p>when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -<code>calldelay</code> -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +<dd><p>when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the <code>server</code> command and s addresses. </p></dd> <dt><code>iburst</code></dt> <dd><p>When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -<code>calldelay</code> -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the <code>server</code> @@ -966,7 +954,7 @@ argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,535, inclusive. </p></dd> -<dt><code>crypto</code> <code>[<code>cert</code> <kbd>file</kbd>]</code> <code>[<code>leap</code> <kbd>file</kbd>]</code> <code>[<code>randfile</code> <kbd>file</kbd>]</code> <code>[<code>host</code> <kbd>file</kbd>]</code> <code>[<code>sign</code> <kbd>file</kbd>]</code> <code>[<code>gq</code> <kbd>file</kbd>]</code> <code>[<code>gqpar</code> <kbd>file</kbd>]</code> <code>[<code>iffpar</code> <kbd>file</kbd>]</code> <code>[<code>mvpar</code> <kbd>file</kbd>]</code> <code>[<code>pw</code> <kbd>password</kbd>]</code></dt> +<dt><code>crypto</code> <code>[<code>cert</code> <kbd>file</kbd>]</code> <code>[<code>leap</code> <kbd>file</kbd>]</code> <code>[<code>randfile</code> <kbd>file</kbd>]</code> <code>[<code>host</code> <kbd>file</kbd>]</code> <code>[<code>gq</code> <kbd>file</kbd>]</code> <code>[<code>gqpar</code> <kbd>file</kbd>]</code> <code>[<code>iffpar</code> <kbd>file</kbd>]</code> <code>[<code>mvpar</code> <kbd>file</kbd>]</code> <code>[<code>pw</code> <kbd>password</kbd>]</code></dt> <dd><p>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature @@ -1031,15 +1019,6 @@ encrypted. library. The defaults are described in the main text above. </p></dd> -<dt><code>sign</code> <kbd>file</kbd></dt> -<dd><p>Specifies the location of the optional sign key file. -This overrides -the link -<samp>ntpkey_sign_</samp><kbd>hostname</kbd> -in the keys directory. -If this file is -not found, the host key is also the sign key. -</p></dd> </dl> </dd> <dt><code>keys</code> <kbd>keyfile</kbd></dt> @@ -1670,25 +1649,26 @@ entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. </p></dd> -<dt><code>restrict</code> <code>address</code> <code>[<code>mask</code> <kbd>mask</kbd>]</code> <code>[<code>ippeerlimit</code> <kbd>int</kbd>]</code> <code>[<kbd>flag</kbd> <kbd>...</kbd>]</code></dt> +<dt><code>restrict</code> <kbd>address</kbd> <code>[<code>mask</code> <kbd>mask</kbd>]</code> <code>[<code>ippeerlimit</code> <kbd>int</kbd>]</code> <code>[<kbd>flag</kbd> <kbd>...</kbd>]</code></dt> <dd><p>The <kbd>address</kbd> argument expressed in -dotted-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the <kbd>address</kbd> -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +<kbd>mask</kbd> +is ignored and an individual host mask is +used for each entry. The <kbd>mask</kbd> -argument expressed in dotted-quad form defaults to -<code>255.255.255.255</code>, -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the <kbd>address</kbd> is treated as the address of an individual host. -A default entry (address -<code>0.0.0.0</code>, -mask -<code>0.0.0.0</code>) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string <code>default</code>, @@ -1726,12 +1706,12 @@ and queries. </p></dd> <dt><code>kod</code></dt> -<dd><p>If this flag is set when an access violation occurs, a kiss-o’-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +<dd><p>If this flag is set when a rate violation occurs, a kiss-o’-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +<code>discard</code> <code>average</code> +defaulting to 8s. Otherwise, no response is sent. </p></dd> <dt><code>limited</code></dt> <dd><p>Deny service if the packet spacing violates the lower limits specified @@ -1831,15 +1811,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies <code>ntpport</code> -and -<code>non-ntpport</code> -may -be specified. +and the other does not. The <code>ntpport</code> -is considered more specific and +entry is considered more specific and is sorted later in the list. </p></dd> <dt><code>serverresponse fuzz</code></dt> @@ -1854,13 +1832,30 @@ fuzz the low order bits of the <p>Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host’s interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +<code>manycastclient</code> +when +<code>manycast</code> +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). </p></dd> +<dt><code>delrestrict</code> <code>[source]</code> <kbd>address</kbd></dt> +<dd><p>Remove a previously-set restriction. This is useful for +runtime configuration via +<code>ntpq(1ntpqmdoc)</code> +. If +<code>source</code> +is specified, a dynamic restriction created from the +<code>restrict</code> <code>source</code> +template at the time +an association was added is removed. Without +<code>source</code> +a static restriction is removed. +</p></dd> </dl> <hr> <span id="Automatic-NTP-Configuration-Options"></span><div class="header"> @@ -2597,11 +2592,6 @@ number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. </p></dd> -<dt><code>calldelay</code> <kbd>delay</kbd></dt> -<dd><p>This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. -</p></dd> <dt><code>driftfile</code> <kbd>driftfile</kbd></dt> <dd><p>This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. diff --git a/ntpd/ntp.conf.man.in b/ntpd/ntp.conf.man.in index 0c56ee503df6..175fcb8ab314 100644 --- a/ntpd/ntp.conf.man.in +++ b/ntpd/ntp.conf.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp.conf 5 "06 Jun 2023" "4.2.8p17" "File Formats" +.TH ntp.conf 5 "25 May 2024" "4.2.8p18" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:45 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:03 AM by AutoGen 5.18.16 .\" From the definitions ntp.conf.def .\" and the template file agman-cmd.tpl .SH NAME @@ -291,28 +291,16 @@ described in \fIAuthentication\f[] \fIOptions\f[]. .TP 7 .NOP \f\*[B-Font]burst\f[] -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -\f\*[B-Font]calldelay\f[] -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the \f\*[B-Font]server\f[] command and s addresses. .TP 7 .NOP \f\*[B-Font]iburst\f[] When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -\f\*[B-Font]calldelay\f[] -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the \f\*[B-Font]server\f[] @@ -938,7 +926,7 @@ argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,535, inclusive. .TP 7 -.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] +.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature @@ -1003,15 +991,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -.TP 7 -.NOP \f\*[B-Font]sign\f[] \f\*[I-Font]file\f[] -Specifies the location of the optional sign key file. -This overrides -the link -\fIntpkey_sign_\f[]\f\*[I-Font]hostname\f[] -in the keys directory. -If this file is -not found, the host key is also the sign key. .RE .TP 7 .NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[] @@ -1679,25 +1658,26 @@ entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. .TP 7 -.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]] +.NOP \f\*[B-Font]restrict\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[B-Font]ippeerlimit\f[] \f\*[I-Font]int\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]] The \f\*[I-Font]address\f[] argument expressed in -dotted-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the \f\*[I-Font]address\f[] -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +\f\*[I-Font]mask\f[] +is ignored and an individual host mask is +used for each entry. The \f\*[I-Font]mask\f[] -argument expressed in dotted-quad form defaults to -\f\*[B-Font]255.255.255.255\f[], -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the \f\*[I-Font]address\f[] is treated as the address of an individual host. -A default entry (address -\f\*[B-Font]0.0.0.0\f[], -mask -\f\*[B-Font]0.0.0.0\f[]) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string \f\*[B-Font]default\f[], @@ -1736,12 +1716,12 @@ and queries. .TP 7 .NOP \f\*[B-Font]kod\f[] -If this flag is set when an access violation occurs, a kiss-o'-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss-o'-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +\f\*[B-Font]discard\f[] \f\*[B-Font]average\f[] +defaulting to 8s. Otherwise, no response is sent. .TP 7 .NOP \f\*[B-Font]limited\f[] Deny service if the packet spacing violates the lower limits specified @@ -1841,15 +1821,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies \f\*[B-Font]ntpport\f[] -and -\f\*[B-Font]non-ntpport\f[] -may -be specified. +and the other does not. The \f\*[B-Font]ntpport\f[] -is considered more specific and +entry is considered more specific and is sorted later in the list. .TP 7 .NOP \f\*[B-Font]serverresponse fuzz\f[] @@ -1865,12 +1843,29 @@ Deny packets that do not match the current NTP version. Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +\f\*[B-Font]manycastclient\f[] +when +\f\*[B-Font]manycast\f[] +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +.TP 7 +.NOP \f\*[B-Font]delrestrict\f[] [source] \f\*[I-Font]address\f[] +Remove a previously-set restriction. This is useful for +runtime configuration via +\fCntpq\f[]\fR(@NTPQ_MS@)\f[] +. If +\f\*[B-Font]source\f[] +is specified, a dynamic restriction created from the +\f\*[B-Font]restrict\f[] \f\*[B-Font]source\f[] +template at the time +an association was added is removed. Without +\f\*[B-Font]source\f[] +a static restriction is removed. .PP .SH Automatic NTP Configuration Options .SS Manycasting @@ -2635,11 +2630,6 @@ number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. .TP 7 -.NOP \f\*[B-Font]calldelay\f[] \f\*[I-Font]delay\f[] -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. -.TP 7 .NOP \f\*[B-Font]driftfile\f[] \f\*[I-Font]driftfile\f[] This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. @@ -3461,7 +3451,7 @@ RFC5905 .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS The syntax checking is not picky; some combinations of diff --git a/ntpd/ntp.conf.mdoc.in b/ntpd/ntp.conf.mdoc.in index 22348ee727d0..70f9080257a2 100644 --- a/ntpd/ntp.conf.mdoc.in +++ b/ntpd/ntp.conf.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_CONF 5 File Formats .Os .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:32 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:03:50 AM by AutoGen 5.18.16 .\" From the definitions ntp.conf.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -294,27 +294,15 @@ include authentication fields encrypted using the autokey scheme described in .Sx Authentication Options . .It Cm burst -when the server is reachable, send a burst of eight packets -instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first and second packets -can be changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. -This is designed to improve timekeeping quality -with the +when the server is reachable, send a burst of six packets +instead of the usual one. The packet spacing is 2 s. +This is designed to improve timekeeping quality with the .Ic server command and s addresses. .It Cm iburst When the server is unreachable, send a burst of eight packets instead of the usual one. -The packet spacing is normally 2 s; -however, the spacing between the first two packets can be -changed with the -.Ic calldelay -command to allow -additional time for a modem or ISDN call to complete. +The packet spacing is 2 s. This is designed to speed the initial synchronization acquisition with the .Ic server @@ -889,7 +877,6 @@ range 1 to 65,535, inclusive. .Op Cm leap Ar file .Op Cm randfile Ar file .Op Cm host Ar file -.Op Cm sign Ar file .Op Cm gq Ar file .Op Cm gqpar Ar file .Op Cm iffpar Ar file @@ -952,14 +939,6 @@ encrypted. Specifies the location of the random seed file used by the OpenSSL library. The defaults are described in the main text above. -.It Cm sign Ar file -Specifies the location of the optional sign key file. -This overrides -the link -.Pa ntpkey_sign_ Ns Ar hostname -in the keys directory. -If this file is -not found, the host key is also the sign key. .El .It Ic keys Ar keyfile Specifies the complete path and location of the MD5 key file @@ -1546,7 +1525,8 @@ by default the probability of replacing it with an entry representing the client request being processed now is 10%. Conversely, if the oldest entry is more than 3000 seconds old, the probability is 100%. -.It Xo Ic restrict address +.It Xo Ic restrict +.Ar address .Op Cm mask Ar mask .Op Cm ippeerlimit Ar int .Op Ar flag ... @@ -1554,21 +1534,22 @@ than 3000 seconds old, the probability is 100%. The .Ar address argument expressed in -dotted\-quad form is the address of a host or network. +numeric form is the address of a host or network. Alternatively, the .Ar address -argument can be a valid host DNS name. +argument can be a valid hostname. When a hostname +is provided, a restriction entry is created for each +address the hostname resolves to, and any provided +.Ar mask +is ignored and an individual host mask is +used for each entry. The .Ar mask -argument expressed in dotted\-quad form defaults to -.Cm 255.255.255.255 , -meaning that the +argument expressed in numeric form defaults to +all bits lit, meaning that the .Ar address is treated as the address of an individual host. -A default entry (address -.Cm 0.0.0.0 , -mask -.Cm 0.0.0.0 ) +A default entry with address and mask all zeroes is always included and is always the first entry in the list. Note that text string .Cm default , @@ -1605,12 +1586,12 @@ and .Xr ntpdc @NTPDC_MS@ queries. .It Cm kod -If this flag is set when an access violation occurs, a kiss\-o'\-death -(KoD) packet is sent. -KoD packets are rate limited to no more than one -per second. -If another KoD packet occurs within one second after the -last one, the packet is dropped. +If this flag is set when a rate violation occurs, a kiss\-o'\-death +(KoD) packet is sometimes sent. +KoD packets are rate limited to no more than one per minimum +average interpacket spacing, set by +.Cm discard average +defaulting to 8s. Otherwise, no response is sent. .It Cm limited Deny service if the packet spacing violates the lower limits specified in the @@ -1700,15 +1681,13 @@ restriction flag. Its presence causes the restriction entry to be matched only if the source port in the packet is the standard NTP UDP port (123). -Both +There can be two restriction entries with the same IP address if +one specifies .Cm ntpport -and -.Cm non\-ntpport -may -be specified. +and the other does not. The .Cm ntpport -is considered more specific and +entry is considered more specific and is sorted later in the list. .It Ic "serverresponse fuzz" When reponding to server requests, @@ -1720,12 +1699,31 @@ Deny packets that do not match the current NTP version. .Pp Default restriction list entries with the flags ignore, interface, ntpport, for each of the local host's interface addresses are -inserted into the table at startup to prevent the server -from attempting to synchronize to its own time. +inserted into the table at startup to prevent ntpd +from attempting to synchronize to itself, such as with +.Cm manycastclient +when +.Cm manycast +is also specified with the same multicast address. A default entry is also always present, though if it is otherwise unconfigured; no flags are associated with the default entry (i.e., everything besides your own NTP server is unrestricted). +.It Xo Ic delrestrict +.Op source +.Ar address +.Xc +Remove a previously\-set restriction. This is useful for +runtime configuration via +.Xr ntpq @NTPQ_MS@ +. If +.Cm source +is specified, a dynamic restriction created from the +.Cm restrict source +template at the time +an association was added is removed. Without +.Cm source +a static restriction is removed. .El .Sh Automatic NTP Configuration Options .Ss Manycasting @@ -2462,10 +2460,6 @@ Typically (for Ethernet), a number between 0.003 and 0.007 seconds is appropriate. The default when this command is not used is 0.004 seconds. -.It Ic calldelay Ar delay -This option controls the delay in seconds between the first and second -packets sent in burst or iburst mode to allow additional time for a modem -or ISDN call to complete. .It Ic driftfile Ar driftfile This command specifies the complete path and name of the file used to record the frequency of the local clock oscillator. @@ -3302,7 +3296,7 @@ A snapshot of this documentation is available in HTML format in .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS The syntax checking is not picky; some combinations of diff --git a/ntpd/ntp.keys.5man b/ntpd/ntp.keys.5man index 24dbfcf034a9..0b83cc6187e5 100644 --- a/ntpd/ntp.keys.5man +++ b/ntpd/ntp.keys.5man @@ -1,8 +1,8 @@ -.TH ntp.keys 5man "06 Jun 2023" "4.2.8p17" "File Formats" +.TH ntp.keys 5man "25 May 2024" "4.2.8p18" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:47 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:05 AM by AutoGen 5.18.16 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .Sh NAME @@ -176,7 +176,7 @@ the default name of the configuration file .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpd/ntp.keys.5mdoc b/ntpd/ntp.keys.5mdoc index 100320fd2330..e51bd72d47b2 100644 --- a/ntpd/ntp.keys.5mdoc +++ b/ntpd/ntp.keys.5mdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_KEYS 5mdoc File Formats .Os FreeBSD 12.1-RELEASE_SI .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:34 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:03:52 AM by AutoGen 5.18.16 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME @@ -163,7 +163,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpd/ntp.keys.html b/ntpd/ntp.keys.html index 2d53d91f4d40..9aaef4afc73c 100644 --- a/ntpd/ntp.keys.html +++ b/ntpd/ntp.keys.html @@ -50,7 +50,7 @@ Next: <a href="#ntp_002ekeys-Description" accesskey="n" rel="next">ntp.keys Desc <p>This document describes the symmetric key file for the NTP Project’s <code>ntpd</code> program. </p> -<p>This document applies to version 4.2.8p17 of <code>ntp.keys</code>. +<p>This document applies to version 4.2.8p18 of <code>ntp.keys</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> diff --git a/ntpd/ntp.keys.man.in b/ntpd/ntp.keys.man.in index c646bb11e776..8d4a6a598fe8 100644 --- a/ntpd/ntp.keys.man.in +++ b/ntpd/ntp.keys.man.in @@ -1,8 +1,8 @@ -.TH ntp.keys 5 "06 Jun 2023" "4.2.8p17" "File Formats" +.TH ntp.keys 5 "25 May 2024" "4.2.8p18" "File Formats" .\" .\" EDIT THIS FILE WITH CAUTION (ntp.man) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:47 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:05 AM by AutoGen 5.18.16 .\" From the definitions ntp.keys.def .\" and the template file agman-file.tpl .Sh NAME @@ -176,7 +176,7 @@ the default name of the configuration file .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpd/ntp.keys.mdoc.in b/ntpd/ntp.keys.mdoc.in index fdeaeba4c938..2506b51e422c 100644 --- a/ntpd/ntp.keys.mdoc.in +++ b/ntpd/ntp.keys.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_KEYS 5 File Formats .Os FreeBSD 12.1-RELEASE_SI .\" EDIT THIS FILE WITH CAUTION (ntp.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:34 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:03:52 AM by AutoGen 5.18.16 .\" From the definitions ntp.keys.def .\" and the template file agmdoc-file.tpl .Sh NAME @@ -163,7 +163,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index d9a753ee3a1e..701f5b52249e 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -42,7 +42,6 @@ #include "ntp_clockdev.h" #include "ntp_filegen.h" #include "ntp_stdlib.h" -#include "lib_strbuf.h" #include "ntp_assert.h" #include "ntp_random.h" /* @@ -139,14 +138,11 @@ typedef struct peer_resolved_ctx_tag { #define MAXPPS 20 /* maximum length of PPS device string */ /* - * Poll Skew List + * Poll Skew List array has an entry for each supported poll + * interval. */ - -static psl_item psl[17-3+1]; /* values for polls 3-17 */ - /* To simplify the runtime code we */ - /* don't want to have to special-case */ - /* dealing with a default */ - +#define PSL_ENTRIES (NTP_MAXPOLL - NTP_MINPOLL + 1) +static psl_item psl[PSL_ENTRIES]; /* * Miscellaneous macros @@ -338,7 +334,7 @@ static void config_ntpdsim(config_tree *); static void config_ntpd(config_tree *, int/*BOOL*/ input_from_file); static void config_other_modes(config_tree *); static void config_auth(config_tree *); -static void attrtopsl(int poll, attr_val *avp); +static void attrtopsl(u_char log2_poll, attr_val *avp); static void config_access(config_tree *); static void config_mdnstries(config_tree *); static void config_phone(config_tree *); @@ -381,15 +377,9 @@ static u_int32 get_match(const char *, struct masks *); static u_int32 get_logmask(const char *); static int/*BOOL*/ is_refclk_addr(const address_node * addr); -static void appendstr(char *, size_t, const char *); - - -#ifndef SIM static int getnetnum(const char *num, sockaddr_u *addr, int complain, enum gnn_type a_type); -#endif - #if defined(__GNUC__) /* this covers CLANG, too */ static void __attribute__((__noreturn__,format(printf,1,2))) fatal_error(const char *fmt, ...) #elif defined(_MSC_VER) @@ -1009,18 +999,24 @@ dump_config_tree( for (rest_node = HEAD_PFIFO(ptree->restrict_opts); rest_node != NULL; rest_node = rest_node->link) { - int is_default = 0; + int/*BOOL*/ is_default = FALSE; + int/*BOOL*/ omit_mask; + sockaddr_u mask; + sockaddr_u onesmask; + s = NULL; + atrv = HEAD_PFIFO(rest_node->flag_tok_fifo); + for (; atrv != NULL; atrv = atrv->link) { + if ( T_Integer == atrv->type + && T_Source == atrv->attr) { + s = keyword(T_Source); + break; + } + } if (NULL == rest_node->addr) { - s = "default"; - /* Don't need to set is_default=1 here */ - atrv = HEAD_PFIFO(rest_node->flag_tok_fifo); - for ( ; atrv != NULL; atrv = atrv->link) { - if ( T_Integer == atrv->type - && T_Source == atrv->attr) { - s = "source"; - break; - } + if (NULL == s) { + s = keyword(T_Default); + /* Don't need to set is_default here */ } } else { const char *ap = rest_node->addr->address; @@ -1030,25 +1026,51 @@ dump_config_tree( mp = rest_node->mask->address; if ( rest_node->addr->type == AF_INET - && !strcmp(ap, "0.0.0.0") - && !strcmp(mp, "0.0.0.0")) { - is_default = 1; + && !strcmp(mp, "0.0.0.0") + && !strcmp(ap, mp)) { + is_default = TRUE; s = "-4 default"; } else if ( rest_node->mask && rest_node->mask->type == AF_INET6 - && !strcmp(ap, "::") - && !strcmp(mp, "::")) { - is_default = 1; + && !strcmp(mp, "::") + && !strcmp(ap, mp)) { + is_default = TRUE; s = "-6 default"; } else { - s = ap; + if (NULL == s) { + s = ap; + } else { + LIB_GETBUF(s1); + snprintf(s1, LIB_BUFLENGTH, + "%s %s", + keyword(T_Source), ap); + s = s1; + } + } + } + fprintf(df, "%s %s", + keyword(rest_node->remove + ? T_Delrestrict + : T_Restrict), + s); + if (rest_node->mask != NULL && !is_default) { + ZERO(mask); + AF(&mask) = AF_UNSPEC; + omit_mask = (0 != getnetnum(rest_node->mask->address, + &mask, 0, t_UNK)); + if (omit_mask) { + SET_HOSTMASK(&onesmask, AF(&mask)); + omit_mask = SOCK_EQ(&mask, &onesmask); + } + if (!omit_mask) { + fprintf(df, " mask %s", + rest_node->mask->address); } } - fprintf(df, "restrict %s", s); - if (rest_node->mask != NULL && !is_default) - fprintf(df, " mask %s", - rest_node->mask->address); - fprintf(df, " ippeerlimit %d", rest_node->ippeerlimit); + if (-1 != rest_node->ippeerlimit) { + fprintf(df, " ippeerlimit %d", + rest_node->ippeerlimit); + } atrv = HEAD_PFIFO(rest_node->flag_tok_fifo); for ( ; atrv != NULL; atrv = atrv->link) { if ( T_Integer == atrv->type @@ -1056,7 +1078,7 @@ dump_config_tree( fprintf(df, " %s", keyword(atrv->attr)); } } - fprintf(df, "\n"); + fprintf(df, "\n"); /**/ #if 0 msyslog(LOG_INFO, "Dumping flag_tok_fifo:"); @@ -1585,8 +1607,10 @@ create_restrict_node( address_node * mask, short ippeerlimit, attr_val_fifo * flag_tok_fifo, - int nline - ) + int/*BOOL*/ remove, + int nline, + int ncol +) { restrict_node *my_node; @@ -1595,7 +1619,9 @@ create_restrict_node( my_node->mask = mask; my_node->ippeerlimit = ippeerlimit; my_node->flag_tok_fifo = flag_tok_fifo; + my_node->remove = remove; my_node->line_no = nline; + my_node->column = ncol; return my_node; } @@ -2193,6 +2219,7 @@ free_config_auth( } #endif /* FREE_CFG_T */ + #ifndef SIM /* Configure low-level clock-related parameters. Return TRUE if the * clock might need adjustment like era-checking after the call, FALSE @@ -2200,16 +2227,16 @@ free_config_auth( */ static int/*BOOL*/ config_tos_clock( - config_tree *ptree - ) + config_tree* ptree +) { int ret; - attr_val * tos; + attr_val* tos; ret = FALSE; tos = HEAD_PFIFO(ptree->orphan_cmds); for (; tos != NULL; tos = tos->link) { - switch(tos->attr) { + switch (tos->attr) { default: break; @@ -2221,12 +2248,13 @@ config_tos_clock( } } - if (basedate_get_day() <= NTP_TO_UNIX_DAYS) + if (basedate_get_day() <= NTP_TO_UNIX_DAYS) { basedate_set_day(basedate_eval_buildstamp() - 11); - + } return ret; } -#endif /* SIM */ +#endif /* !SIM */ + static void config_tos( @@ -2427,21 +2455,22 @@ free_config_tos( static void config_monitor( - config_tree *ptree - ) + config_tree* ptree +) { - int_node *pfilegen_token; - const char *filegen_string; - const char *filegen_file; - FILEGEN *filegen; - filegen_node *my_node; - attr_val *my_opts; - int filegen_type; - int filegen_flag; + int_node * pfilegen_token; + const char * filegen_string; + const char * filegen_file; + FILEGEN * filegen; + filegen_node * my_node; + attr_val* my_opts; + int filegen_type; + int filegen_flag; /* Set the statistics directory */ - if (ptree->stats_dir) - stats_config(STATS_STATSDIR, ptree->stats_dir, 0); + if (ptree->stats_dir) { + stats_config(STATS_STATSDIR, ptree->stats_dir, TRUE); + } /* NOTE: * Calling filegen_get is brain dead. Doing a string @@ -2612,19 +2641,19 @@ config_access( struct addrinfo * ai_list; struct addrinfo * pai; int rc; - int restrict_default; + int/*BOOL*/ success; + int/*BOOL*/ restrict_default; u_short rflags; u_short mflags; short ippeerlimit; int range_err; - psl_item my_psl_item; attr_val * atrv; attr_val * dflt_psl_atr; const char * signd_warning = #ifdef HAVE_NTP_SIGND - "MS-SNTP signd operations currently block ntpd degrading service to all clients."; + "MS-SNTP signd operations currently block ntpd degrading service to all clients.\n"; #else - "mssntp restrict bit ignored, this ntpd was configured without --enable-ntp-signd."; + "mssntp restrict bit ignored, this ntpd was configured without --enable-ntp-signd.\n"; #endif /* Configure the mru options */ @@ -2829,28 +2858,31 @@ config_access( } if ((RES_MSSNTP & rflags) && !warned_signd) { - warned_signd = 1; - fprintf(stderr, "%s\n", signd_warning); + warned_signd = TRUE; + fprintf(stderr, "%s", signd_warning); msyslog(LOG_WARNING, "%s", signd_warning); } - /* It would be swell if we could identify the line number */ if ((RES_KOD & rflags) && !(RES_LIMITED & rflags)) { const char *kod_where = (my_node->addr) ? my_node->addr->address : (mflags & RESM_SOURCE) ? "source" : "default"; - const char *kod_warn = "KOD does nothing without LIMITED."; - - fprintf(stderr, "restrict %s: %s\n", kod_where, kod_warn); - msyslog(LOG_WARNING, "restrict %s: %s", kod_where, kod_warn); + const char *kod_warn = "'kod' does nothing without 'limited'.\n"; + + fprintf(stderr, "line %d col %d restrict %s: %s", + my_node->line_no, my_node->column, + kod_where, kod_warn); + msyslog(LOG_WARNING, "line %d col %d restrict %s: %s", + my_node->line_no, my_node->column, + kod_where, kod_warn); } ZERO_SOCK(&addr); ai_list = NULL; pai = NULL; - restrict_default = 0; + restrict_default = FALSE; if (NULL == my_node->addr) { ZERO_SOCK(&mask); @@ -2860,13 +2892,18 @@ config_access( * without a -4 / -6 qualifier, add to * both lists */ - restrict_default = 1; + restrict_default = TRUE; } else { /* apply "restrict source ..." */ - DPRINTF(1, ("restrict source template ippeerlimit %d mflags %x rflags %x\n", - ippeerlimit, mflags, rflags)); - hack_restrict(RESTRICT_FLAGS, NULL, NULL, - ippeerlimit, mflags, rflags, 0); + success = hack_restrict(RESTRICT_FLAGS, + NULL, NULL, + ippeerlimit, + mflags, rflags, + 0); + if (!success) { + msyslog(LOG_ERR, + "unable to save restrict source"); + } continue; } } else { @@ -2898,33 +2935,37 @@ config_access( &ai_list); if (rc) { msyslog(LOG_ERR, - "restrict: ignoring line %d, address/host '%s' unusable.", + "restrict: line %d col %d" + " address/host '%s' unusable.", my_node->line_no, + my_node->column, my_node->addr->address); continue; } INSIST(ai_list != NULL); pai = ai_list; INSIST(pai->ai_addr != NULL); - INSIST(sizeof(addr) >= - pai->ai_addrlen); + INSIST(sizeof(addr) >= pai->ai_addrlen); memcpy(&addr, pai->ai_addr, pai->ai_addrlen); INSIST(AF_INET == AF(&addr) || AF_INET6 == AF(&addr)); } + /* default to all-ones mask for single address */ SET_HOSTMASK(&mask, AF(&addr)); - /* Resolve the mask */ - if (my_node->mask) { + /* Ignore mask if addr from hostname [Bug 3872] */ + if (NULL == ai_list && my_node->mask) { ZERO_SOCK(&mask); AF(&mask) = my_node->mask->type; if (getnetnum(my_node->mask->address, &mask, 1, t_MSK) != 1) { msyslog(LOG_ERR, - "restrict: ignoring line %d, mask '%s' unusable.", + "restrict: line %d col %d" + " mask '%s' unusable.", my_node->line_no, + my_node->column, my_node->mask->address); continue; } @@ -2935,15 +2976,43 @@ config_access( if (restrict_default) { AF(&addr) = AF_INET; AF(&mask) = AF_INET; - hack_restrict(RESTRICT_FLAGS, &addr, &mask, - ippeerlimit, mflags, rflags, 0); + success = hack_restrict( + RESTRICT_FLAGS, + &addr, + &mask, + ippeerlimit, + mflags, + rflags, + 0 + ); + if (!success) { + msyslog(LOG_ERR, + "unable to save %s %s restriction", + stoa(&addr), stoa(&mask)); + } AF(&addr) = AF_INET6; AF(&mask) = AF_INET6; } do { - hack_restrict(RESTRICT_FLAGS, &addr, &mask, - ippeerlimit, mflags, rflags, 0); + success = hack_restrict( + my_node->remove + ? RESTRICT_REMOVE + : RESTRICT_FLAGS, + &addr, + &mask, + ippeerlimit, + mflags, + rflags, + 0); + if (!success) { + msyslog(LOG_ERR, + "unable to %s %s %s restriction", + my_node->remove + ? "delete" + : "save", + stoa(&addr), stoa(&mask)); + } if (pai != NULL && NULL != (pai = pai->ai_next)) { INSIST(pai->ai_addr != NULL); @@ -2958,61 +3027,42 @@ config_access( } } while (pai != NULL); - if (ai_list != NULL) + if (ai_list != NULL) { freeaddrinfo(ai_list); + } } - /* Deal with the Poll Skew List */ - + /* + * pollskewlist + */ + atrv = HEAD_PFIFO(ptree->pollskewlist); + if (NULL == atrv) { + /* don't touch the poll skew list */ + return; + } ZERO(psl); - ZERO(my_psl_item); - /* * First, find the last default pollskewlist item. - * There should only be one of these with the current grammar, - * but better safe than sorry. */ dflt_psl_atr = NULL; - atrv = HEAD_PFIFO(ptree->pollskewlist); for ( ; atrv != NULL; atrv = atrv->link) { - switch (atrv->attr) { - case -1: /* default */ + if (-1 == atrv->attr) { /* default */ dflt_psl_atr = atrv; - break; - - case 3: /* Fall through */ - case 4: /* Fall through */ - case 5: /* Fall through */ - case 6: /* Fall through */ - case 7: /* Fall through */ - case 8: /* Fall through */ - case 9: /* Fall through */ - case 10: /* Fall through */ - case 11: /* Fall through */ - case 12: /* Fall through */ - case 13: /* Fall through */ - case 14: /* Fall through */ - case 15: /* Fall through */ - case 16: /* Fall through */ - case 17: - /* ignore */ - break; - - default: + } else if ( atrv->attr < NTP_MINPOLL + || atrv->attr > NTP_MAXPOLL) { msyslog(LOG_ERR, - "config_access: default PSL scan: ignoring unexpected poll value %d", - atrv->attr); - break; + "Poll %d out of bounds [%d-%d] for pollskewlist", + atrv->attr, NTP_MINPOLL, NTP_MAXPOLL); } } - /* If we have a nonzero default, initialize the PSL */ + /* If we have a nonzero default, put it in all entries */ if ( dflt_psl_atr && ( 0 != dflt_psl_atr->value.r.first || 0 != dflt_psl_atr->value.r.last)) { int i; - for (i = 3; i <= 17; ++i) { + for (i = NTP_MINPOLL; i <= NTP_MAXPOLL; ++i) { attrtopsl(i, dflt_psl_atr); } } @@ -3020,38 +3070,15 @@ config_access( /* Finally, update the PSL with any explicit entries */ atrv = HEAD_PFIFO(ptree->pollskewlist); for ( ; atrv != NULL; atrv = atrv->link) { - switch (atrv->attr) { - case -1: /* default */ - /* Ignore */ - break; - - case 3: /* Fall through */ - case 4: /* Fall through */ - case 5: /* Fall through */ - case 6: /* Fall through */ - case 7: /* Fall through */ - case 8: /* Fall through */ - case 9: /* Fall through */ - case 10: /* Fall through */ - case 11: /* Fall through */ - case 12: /* Fall through */ - case 13: /* Fall through */ - case 14: /* Fall through */ - case 15: /* Fall through */ - case 16: /* Fall through */ - case 17: + if (atrv->attr >= NTP_MINPOLL && atrv->attr <= NTP_MAXPOLL) { attrtopsl(atrv->attr, atrv); - break; - - default: - break; /* Ignore - we reported this above */ } } #if 0 int p; msyslog(LOG_INFO, "Dumping PSL:"); - for (p = 3; p <= 17; ++p) { + for (p = NTP_MINPOLL; p <= NTP_MAXPOLL; ++p) { psl_item psi; if (0 == get_pollskew(p, &psi)) { @@ -3065,43 +3092,40 @@ config_access( } -void -attrtopsl(int poll, attr_val *avp) +static void +attrtopsl( + u_char log2_poll, + attr_val * avp + ) { + int pao = log2_poll - NTP_MINPOLL; /* poll array offset */ + u_int32 lower = (u_short)avp->value.r.first; /* ntp_parser.y ensures */ + u_int32 upper = (u_short)avp->value.r.last; /* non-neg. first/last */ + u_int psmax = 1 << (log2_poll - 1); + u_int32 qmsk; - DEBUG_INSIST((poll - 3) < sizeof psl); - if (poll < 3 || poll > 17) { - msyslog(LOG_ERR, "attrtopsl(%d, ...): Poll value is out of range - ignoring", poll); - } else { - int pao = poll - 3; /* poll array offset */ - int lower = avp->value.r.first; /* a positive number */ - int upper = avp->value.r.last; - int psmax = 1 << (poll - 1); - int qmsk; - - if (lower > psmax) { - msyslog(LOG_WARNING, "attrtopsl: default: poll %d lower bound reduced from %d to %d", - poll, lower, psmax); - lower = psmax; - } - if (upper > psmax) { - msyslog(LOG_WARNING, "attrtopsl: default: poll %d upper bound reduced from %d to %d", - poll, upper, psmax); - upper = psmax; - } - psl[pao].sub = lower; - psl[pao].qty = lower + upper; + DEBUG_INSIST(pao >= 0 && pao < COUNTOF(psl)); - qmsk = 1; - while (qmsk < (lower + upper)) { - qmsk <<= 1; - qmsk |= 1; - }; - psl[pao].msk = qmsk; + if (lower > psmax) { + msyslog(LOG_WARNING, "pollskewlist %d lower bound reduced from %d to %d", + log2_poll, lower, psmax); + lower = psmax; + } + if (upper > psmax) { + msyslog(LOG_WARNING, "pollskewlist %d upper bound reduced from %d to %d", + log2_poll, upper, psmax); + upper = psmax; } + psl[pao].sub = lower; + psl[pao].qty = lower + upper; - return; -} + qmsk = 1; + while (qmsk < (lower + upper)) { + qmsk <<= 1; + qmsk |= 1; + } + psl[pao].msk = qmsk; +} #endif /* !SIM */ @@ -3111,16 +3135,14 @@ get_pollskew( psl_item *rv ) { - #ifdef DISABLE_BUG3767_FIX - DEBUG_INSIST(3 <= p && 17 >= p); + DEBUG_INSIST(NTP_MINPOLL <= p && NTP_MAXPOLL >= p); #endif - if (3 <= p && 17 >= p) { - *rv = psl[p - 3]; - + if (NTP_MINPOLL <= p && p <= NTP_MAXPOLL) { + *rv = psl[p - NTP_MINPOLL]; return 0; } else { - msyslog(LOG_ERR, "get_pollskew(%d): poll is not between 3 and 17!", p); + msyslog(LOG_DEBUG, "get_pollskew(%d): out of range", p); return -1; } @@ -3339,9 +3361,13 @@ config_nic_rules( if_name = estrdup(if_name); switch (curr_node->match_class) { - default: +#ifdef DEBUG fatal_error("config_nic_rules: match-class-token=%d", curr_node->match_class); +#endif + case T_All: + match_type = MATCH_ALL; + break; case 0: /* @@ -3372,10 +3398,6 @@ config_nic_rules( } break; - case T_All: - match_type = MATCH_ALL; - break; - case T_Ipv4: match_type = MATCH_IPV4; break; @@ -3390,10 +3412,10 @@ config_nic_rules( } switch (curr_node->action) { - default: +#ifdef DEBUG fatal_error("config_nic_rules: action-token=%d", curr_node->action); - +#endif case T_Listen: action = ACTION_LISTEN; break; @@ -3409,7 +3431,9 @@ config_nic_rules( add_nic_rule(match_type, if_name, prefixlen, action); - timer_interfacetimeout(current_time + 2); + if (!initializing && !scan_addrs_once) { + endpt_scan_timer = 1 + current_time; + } if (if_name != NULL) free(if_name); } @@ -3733,7 +3757,7 @@ config_trap( attr_val *curr_opt; sockaddr_u addr_sock; sockaddr_u peeraddr; - struct interface *localaddr; + endpt *localaddr; struct addrinfo hints; char port_text[8]; settrap_parms *pstp; @@ -3867,7 +3891,7 @@ trap_name_resolved( ) { settrap_parms *pstp; - struct interface *localaddr; + endpt *localaddr; sockaddr_u peeraddr; (void)gai_errno; @@ -3920,7 +3944,7 @@ config_fudge( sockaddr_u addr_sock; address_node *addr_node; struct refclockstat clock_stat; - char refid_str[5]; + char refidstr[5]; int err_flag; curr_fudge = HEAD_PFIFO(ptree->fudge); @@ -3951,9 +3975,6 @@ config_fudge( clock_stat.fudgeminjitter = 0.0; clock_stat.fudgetime1 = 0.0; clock_stat.fudgetime2 = 0.0; - clock_stat.p_lastcode = NULL; - clock_stat.clockdesc = NULL; - clock_stat.kv_list = NULL; curr_opt = HEAD_PFIFO(curr_fudge->options); for (; curr_opt != NULL; curr_opt = curr_opt->link) { switch (curr_opt->attr) { @@ -3975,10 +3996,17 @@ config_fudge( case T_Refid: clock_stat.haveflags |= CLK_HAVEVAL2; - /* strncpy() does exactly what we want here: */ - strncpy(refid_str, curr_opt->value.s, - sizeof refid_str - 1); - memcpy(&clock_stat.fudgeval2, refid_str, + /* + * strncpy() does exactly what we want + * here, do not be tempted to replace + * it with strlcpy(), we want it to + * zero-fill refid's less than 4 chars + * because we're going to stuff it + * into a u_int32. + */ + strncpy(refidstr, curr_opt->value.s, + sizeof refidstr - 1); + memcpy(&clock_stat.fudgeval2, refidstr, sizeof clock_stat.fudgeval2); break; @@ -4140,7 +4168,7 @@ config_vars( case T_Driftfile: if ('\0' == curr_var->value.s[0]) msyslog(LOG_INFO, "config: driftfile disabled"); - stats_config(STATS_FREQ_FILE, curr_var->value.s, 0); + stats_config(STATS_FREQ_FILE, curr_var->value.s, TRUE); break; case T_Dscp: @@ -4158,7 +4186,7 @@ config_vars( break; case T_Leapfile: - stats_config(STATS_LEAP_FILE, curr_var->value.s, curr_var->flag); + stats_config(STATS_LEAP_FILE, curr_var->value.s, curr_var->flag); break; #ifdef LEAP_SMEAR @@ -5165,13 +5193,13 @@ getconfig( } cfgt.source.value.s = estrdup(alt_config_file); #endif /* SYS_WINNT */ - } else + } else { cfgt.source.value.s = estrdup(config_file); - + } /*** BULK OF THE PARSER ***/ #ifdef DEBUG - yydebug = !!(debug >= 5); + yydebug = (debug >= 9); #endif yyparse(); lex_drop_stack(); @@ -5311,10 +5339,9 @@ normal_dtoa( pch_nz = pch_e; while ('0' == *pch_nz) pch_nz++; - if (pch_nz == pch_e) - return buf; - strlcpy(pch_e, pch_nz, LIB_BUFLENGTH - (pch_e - buf)); - + if (pch_nz > pch_e) { + memmove(pch_e, pch_nz, 1 + strlen(pch_nz)); + } return buf; } @@ -5576,12 +5603,11 @@ gettokens_netinfo ( * returns 1 for success, and mysteriously, 0 for most failures, and * -1 if the address found is IPv6 and we believe IPv6 isn't working. */ -#ifndef SIM static int getnetnum( const char *num, sockaddr_u *addr, - int complain, + int complain, /* ignored */ enum gnn_type a_type /* ignored */ ) { @@ -5589,22 +5615,21 @@ getnetnum( AF_INET == AF(addr) || AF_INET6 == AF(addr)); - if (!is_ip_address(num, AF(addr), addr)) + if (!is_ip_address(num, AF(addr), addr)) { return 0; - - if (IS_IPV6(addr) && !ipv6_works) - return -1; - + } # ifdef ISC_PLATFORM_HAVESALEN addr->sa.sa_len = SIZEOF_SOCKADDR(AF(addr)); # endif SET_PORT(addr, NTP_PORT); - DPRINTF(2, ("getnetnum given %s, got %s\n", num, stoa(addr))); - - return 1; + if (IS_IPV6(addr) && !ipv6_works) { + return -1; + } else { + return 1; + } } -#endif /* !SIM */ + #if defined(HAVE_SETRLIMIT) void @@ -5684,228 +5709,3 @@ ntp_rlimit( } } #endif /* HAVE_SETRLIMIT */ - - -char * -build_iflags( - u_int32 iflags - ) -{ - static char ifs[1024]; - - ifs[0] = '\0'; - - if (iflags & INT_UP) { - iflags &= ~INT_UP; - appendstr(ifs, sizeof ifs, "up"); - } - - if (iflags & INT_PPP) { - iflags &= ~INT_PPP; - appendstr(ifs, sizeof ifs, "ppp"); - } - - if (iflags & INT_LOOPBACK) { - iflags &= ~INT_LOOPBACK; - appendstr(ifs, sizeof ifs, "loopback"); - } - - if (iflags & INT_BROADCAST) { - iflags &= ~INT_BROADCAST; - appendstr(ifs, sizeof ifs, "broadcast"); - } - - if (iflags & INT_MULTICAST) { - iflags &= ~INT_MULTICAST; - appendstr(ifs, sizeof ifs, "multicast"); - } - - if (iflags & INT_BCASTOPEN) { - iflags &= ~INT_BCASTOPEN; - appendstr(ifs, sizeof ifs, "bcastopen"); - } - - if (iflags & INT_MCASTOPEN) { - iflags &= ~INT_MCASTOPEN; - appendstr(ifs, sizeof ifs, "mcastopen"); - } - - if (iflags & INT_WILDCARD) { - iflags &= ~INT_WILDCARD; - appendstr(ifs, sizeof ifs, "wildcard"); - } - - if (iflags & INT_MCASTIF) { - iflags &= ~INT_MCASTIF; - appendstr(ifs, sizeof ifs, "MCASTif"); - } - - if (iflags & INT_PRIVACY) { - iflags &= ~INT_PRIVACY; - appendstr(ifs, sizeof ifs, "IPv6privacy"); - } - - if (iflags & INT_BCASTXMIT) { - iflags &= ~INT_BCASTXMIT; - appendstr(ifs, sizeof ifs, "bcastxmit"); - } - - if (iflags) { - char string[10]; - - snprintf(string, sizeof string, "%0x", iflags); - appendstr(ifs, sizeof ifs, string); - } - - return ifs; -} - - -char * -build_mflags( - u_short mflags - ) -{ - static char mfs[1024]; - - mfs[0] = '\0'; - - if (mflags & RESM_NTPONLY) { - mflags &= ~RESM_NTPONLY; - appendstr(mfs, sizeof mfs, "ntponly"); - } - - if (mflags & RESM_SOURCE) { - mflags &= ~RESM_SOURCE; - appendstr(mfs, sizeof mfs, "source"); - } - - if (mflags) { - char string[10]; - - snprintf(string, sizeof string, "%0x", mflags); - appendstr(mfs, sizeof mfs, string); - } - - return mfs; -} - - -char * -build_rflags( - u_short rflags - ) -{ - static char rfs[1024]; - - rfs[0] = '\0'; - - if (rflags & RES_FLAKE) { - rflags &= ~RES_FLAKE; - appendstr(rfs, sizeof rfs, "flake"); - } - - if (rflags & RES_IGNORE) { - rflags &= ~RES_IGNORE; - appendstr(rfs, sizeof rfs, "ignore"); - } - - if (rflags & RES_KOD) { - rflags &= ~RES_KOD; - appendstr(rfs, sizeof rfs, "kod"); - } - - if (rflags & RES_MSSNTP) { - rflags &= ~RES_MSSNTP; - appendstr(rfs, sizeof rfs, "mssntp"); - } - - if (rflags & RES_LIMITED) { - rflags &= ~RES_LIMITED; - appendstr(rfs, sizeof rfs, "limited"); - } - - if (rflags & RES_LPTRAP) { - rflags &= ~RES_LPTRAP; - appendstr(rfs, sizeof rfs, "lptrap"); - } - - if (rflags & RES_NOMODIFY) { - rflags &= ~RES_NOMODIFY; - appendstr(rfs, sizeof rfs, "nomodify"); - } - - if (rflags & RES_NOMRULIST) { - rflags &= ~RES_NOMRULIST; - appendstr(rfs, sizeof rfs, "nomrulist"); - } - - if (rflags & RES_NOEPEER) { - rflags &= ~RES_NOEPEER; - appendstr(rfs, sizeof rfs, "noepeer"); - } - - if (rflags & RES_NOPEER) { - rflags &= ~RES_NOPEER; - appendstr(rfs, sizeof rfs, "nopeer"); - } - - if (rflags & RES_NOQUERY) { - rflags &= ~RES_NOQUERY; - appendstr(rfs, sizeof rfs, "noquery"); - } - - if (rflags & RES_DONTSERVE) { - rflags &= ~RES_DONTSERVE; - appendstr(rfs, sizeof rfs, "dontserve"); - } - - if (rflags & RES_NOTRAP) { - rflags &= ~RES_NOTRAP; - appendstr(rfs, sizeof rfs, "notrap"); - } - - if (rflags & RES_DONTTRUST) { - rflags &= ~RES_DONTTRUST; - appendstr(rfs, sizeof rfs, "notrust"); - } - - if (rflags & RES_SRVRSPFUZ) { - rflags &= ~RES_SRVRSPFUZ; - appendstr(rfs, sizeof rfs, "srvrspfuz"); - } - - if (rflags & RES_VERSION) { - rflags &= ~RES_VERSION; - appendstr(rfs, sizeof rfs, "version"); - } - - if (rflags) { - char string[10]; - - snprintf(string, sizeof string, "%0x", rflags); - appendstr(rfs, sizeof rfs, string); - } - - if ('\0' == rfs[0]) { - appendstr(rfs, sizeof rfs, "(none)"); - } - - return rfs; -} - - -static void -appendstr( - char *string, - size_t s, - const char *new - ) -{ - if (*string != '\0') { - (void)strlcat(string, ",", s); - } - (void)strlcat(string, new, s); - - return; -} diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 0cc7fcb47ecd..6756fa0300c1 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -26,7 +26,6 @@ #include "ntp_crypto.h" #include "ntp_assert.h" #include "ntp_leapsec.h" -#include "lib_strbuf.h" #include "timexsup.h" #include <rc_cmdlength.h> @@ -110,7 +109,7 @@ static int validate_nonce (const char *, struct recvbuf *); static void req_nonce (struct recvbuf *, int); static void unset_trap (struct recvbuf *, int); static struct ctl_trap *ctlfindtrap(sockaddr_u *, - struct interface *); + endpt *); int/*BOOL*/ is_safe_filename(const char * name); @@ -804,7 +803,7 @@ static int datalinelen; static int datasent; /* flag to avoid initial ", " */ static int datanotbinflag; static sockaddr_u *rmt_addr; -static struct interface *lcl_inter; +static endpt *lcl_inter; static u_char res_authenticate; static u_char res_authokay; @@ -3179,8 +3178,8 @@ ctl_getitem( if (quiet_until <= current_time) { quiet_until = current_time + 300; msyslog(LOG_WARNING, - "Possible 'ntpdx' exploit from %s#%u (possibly spoofed)", - stoa(rmt_addr), SRCPORT(rmt_addr)); + "Possible 'ntpdx' exploit from %s (possibly spoofed)", + sptoa(rmt_addr)); } reqpt = reqend; /* never again for this packet! */ return NULL; @@ -3634,8 +3633,13 @@ static void configure( /* - * derive_nonce - generate client-address-specific nonce value - * associated with a given timestamp. + * derive_nonce - generate 32-bit nonce value derived from the client + * address and a request-specific timestamp. + * + * This uses MD5 for a non-authentication purpose -- the nonce is used + * analogous to the TCP 3-way handshake to confirm the UDP client can + * receive traffic from which it claims to originate, that is, to + * prevent spoofed requests leading to reflected amplification. */ static u_int32 derive_nonce( sockaddr_u * addr, @@ -3645,13 +3649,11 @@ static u_int32 derive_nonce( { static u_int32 salt[4]; static u_long last_salt_update; + MD5_CTX ctx; union d_tag { - u_char digest[EVP_MAX_MD_SIZE]; + u_char digest[MD5_DIGEST_LENGTH]; u_int32 extract; } d; - EVP_MD_CTX *ctx; - u_int len; - int rc; while (!salt[0] || current_time - last_salt_update >= 3600) { salt[0] = ntp_random(); @@ -3661,32 +3663,18 @@ static u_int32 derive_nonce( last_salt_update = current_time; } - ctx = EVP_MD_CTX_new(); -# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) - /* [Bug 3457] set flags and don't kill them again */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - rc = EVP_DigestInit_ex(ctx, EVP_get_digestbynid(NID_md5), NULL); -# else - rc = EVP_DigestInit(ctx, EVP_get_digestbynid(NID_md5)); -# endif - if (!rc) { - msyslog(LOG_ERR, "EVP_DigestInit failed in '%s'", __func__); - return (0); + MD5Init(&ctx); + MD5Update(&ctx, salt, sizeof(salt)); + MD5Update(&ctx, &ts_i, sizeof(ts_i)); + MD5Update(&ctx, &ts_f, sizeof(ts_f)); + if (IS_IPV4(addr)) { + MD5Update(&ctx, &SOCK_ADDR4(addr), sizeof(SOCK_ADDR4(addr))); + } else { + MD5Update(&ctx, &SOCK_ADDR6(addr), sizeof(SOCK_ADDR6(addr))); } - - EVP_DigestUpdate(ctx, salt, sizeof(salt)); - EVP_DigestUpdate(ctx, &ts_i, sizeof(ts_i)); - EVP_DigestUpdate(ctx, &ts_f, sizeof(ts_f)); - if (IS_IPV4(addr)) - EVP_DigestUpdate(ctx, &SOCK_ADDR4(addr), - sizeof(SOCK_ADDR4(addr))); - else - EVP_DigestUpdate(ctx, &SOCK_ADDR6(addr), - sizeof(SOCK_ADDR6(addr))); - EVP_DigestUpdate(ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr))); - EVP_DigestUpdate(ctx, salt, sizeof(salt)); - EVP_DigestFinal(ctx, d.digest, &len); - EVP_MD_CTX_free(ctx); + MD5Update(&ctx, &NSRCPORT(addr), sizeof(NSRCPORT(addr))); + MD5Update(&ctx, salt, sizeof(salt)); + MD5Final(d.digest, &ctx); return d.extract; } @@ -3986,7 +3974,7 @@ static void read_mru_list( int mincount; u_int maxlstint; sockaddr_u laddr; - struct interface * lcladr; + endpt * lcladr; u_int count; u_int ui; u_int uf; @@ -4787,7 +4775,7 @@ unset_trap( int ctlsettrap( sockaddr_u *raddr, - struct interface *linter, + endpt *linter, int traptype, int version ) @@ -4910,7 +4898,7 @@ ctlsettrap( int ctlclrtrap( sockaddr_u *raddr, - struct interface *linter, + endpt *linter, int traptype ) { @@ -4935,7 +4923,7 @@ ctlclrtrap( static struct ctl_trap * ctlfindtrap( sockaddr_u *raddr, - struct interface *linter + endpt *linter ) { size_t n; diff --git a/ntpd/ntp_crypto.c b/ntpd/ntp_crypto.c index 4a4207683331..38a62fdb4398 100644 --- a/ntpd/ntp_crypto.c +++ b/ntpd/ntp_crypto.c @@ -267,17 +267,10 @@ session_key( hdlen = 10 * sizeof(u_int32); break; } - ctx = EVP_MD_CTX_new(); -# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) - /* [Bug 3457] set flags and don't kill them again */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(ctx, EVP_get_digestbynid(crypto_nid), NULL); -# else + ctx = digest_ctx; EVP_DigestInit(ctx, EVP_get_digestbynid(crypto_nid)); -# endif EVP_DigestUpdate(ctx, (u_char *)header, hdlen); EVP_DigestFinal(ctx, dgst, &len); - EVP_MD_CTX_free(ctx); memcpy(&keyid, dgst, 4); keyid = ntohl(keyid); if (lifetime != 0) { @@ -308,7 +301,7 @@ session_key( int make_keylist( struct peer *peer, /* peer structure pointer */ - struct interface *dstadr /* interface */ + endpt *dstadr /* interface */ ) { EVP_MD_CTX *ctx; /* signature context */ @@ -389,7 +382,7 @@ make_keylist( if (tstamp != 0) { if (vp->sig == NULL) vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)vp, 12); EVP_SignUpdate(ctx, vp->ptr, sizeof(struct autokey)); @@ -398,7 +391,6 @@ make_keylist( vp->siglen = htonl(len); peer->flags |= FLAG_ASSOC; } - EVP_MD_CTX_free(ctx); } DPRINTF(1, ("make_keys: %d %08x %08x ts %u fs %u poll %d\n", peer->keynumber, keyid, cookie, ntohl(vp->tstamp), @@ -834,7 +826,7 @@ crypto_recv( * errors. */ if (vallen == (u_int)EVP_PKEY_size(host_pkey)) { - RSA *rsa = EVP_PKEY_get0_RSA(host_pkey); + RSA *rsa = EVP_PKEY_get1_RSA(host_pkey); u_int32 *cookiebuf = malloc(RSA_size(rsa)); if (!cookiebuf) { rval = XEVNT_CKY; @@ -853,6 +845,7 @@ crypto_recv( cookie = ntohl(*cookiebuf); free(cookiebuf); } + RSA_free(rsa); } else { rval = XEVNT_CKY; break; @@ -1548,16 +1541,15 @@ crypto_verify( * signature. If the identity exchange is verified, light the * proventic bit. What a relief. */ - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_VerifyInit(ctx, peer->digest); - /* XXX: the "+ 12" needs to be at least documented... */ - EVP_VerifyUpdate(ctx, (u_char *)&ep->tstamp, vallen + 12); + EVP_VerifyUpdate(ctx, (u_char *)&ep->tstamp, vallen + + sizeof(ep->tstamp) + sizeof(ep->fstamp) + + sizeof(ep->vallen)); if (EVP_VerifyFinal(ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0) { - EVP_MD_CTX_free(ctx); return (XEVNT_SIG); } - EVP_MD_CTX_free(ctx); if (peer->crypto & CRYPTO_FLAG_VRFY) peer->crypto |= CRYPTO_FLAG_PROV; @@ -1583,6 +1575,7 @@ crypto_encrypt( ) { EVP_PKEY *pkey; /* public key */ + RSA* rsa; /* public key */ EVP_MD_CTX *ctx; /* signature context */ tstamp_t tstamp; /* NTP timestamp */ u_int32 temp32; @@ -1610,8 +1603,9 @@ crypto_encrypt( vp->ptr = emalloc(vallen); puch = vp->ptr; temp32 = htonl(*cookie); - if (RSA_public_encrypt(4, (u_char *)&temp32, puch, - EVP_PKEY_get0_RSA(pkey), RSA_PKCS1_OAEP_PADDING) <= 0) { + rsa = EVP_PKEY_get1_RSA(pkey); + if (RSA_public_encrypt(4, (u_char *)&temp32, puch, rsa, + RSA_PKCS1_OAEP_PADDING) <= 0) { msyslog(LOG_ERR, "crypto_encrypt: %s", ERR_error_string(ERR_get_error(), NULL)); free(vp->ptr); @@ -1619,11 +1613,14 @@ crypto_encrypt( return (XEVNT_CKY); } EVP_PKEY_free(pkey); + pkey = NULL; + RSA_free(rsa); + rsa = NULL; if (tstamp == 0) return (XEVNT_OK); vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, vallen); @@ -1631,7 +1628,6 @@ crypto_encrypt( INSIST(vallen <= sign_siglen); vp->siglen = htonl(vallen); } - EVP_MD_CTX_free(ctx); return (XEVNT_OK); } @@ -1849,7 +1845,7 @@ crypto_update(void) if (hostval.tstamp == 0) return; - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; /* * Sign public key and timestamps. The filestamp is derived from @@ -1945,7 +1941,6 @@ crypto_update(void) ntohl(hostval.tstamp)); record_crypto_stats(NULL, statstr); DPRINTF(1, ("crypto_update: %s\n", statstr)); - EVP_MD_CTX_free(ctx); } /* @@ -2003,7 +1998,7 @@ value_free( * Returns NTP seconds if in synch, 0 otherwise */ tstamp_t -crypto_time() +crypto_time(void) { l_fp tstamp; /* NTP time */ @@ -2075,7 +2070,7 @@ asn_to_calendar ( /* - * bigdig() - compute a BIGNUM MD5 hash of a BIGNUM number. + * bighash() - compute a BIGNUM MD5 hash of a BIGNUM number. * * Returns void (no errors) */ @@ -2093,17 +2088,10 @@ bighash( len = BN_num_bytes(bn); ptr = emalloc(len); BN_bn2bin(bn, ptr); - ctx = EVP_MD_CTX_new(); -# if defined(OPENSSL) && defined(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW) - /* [Bug 3457] set flags and don't kill them again */ - EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - EVP_DigestInit_ex(ctx, EVP_md5(), NULL); -# else + ctx = digest_ctx; EVP_DigestInit(ctx, EVP_md5()); -# endif EVP_DigestUpdate(ctx, ptr, len); EVP_DigestFinal(ctx, dgst, &len); - EVP_MD_CTX_free(ctx); BN_bin2bn(dgst, len, bk); free(ptr); } @@ -2169,12 +2157,12 @@ crypto_alice( struct value *vp /* value pointer */ ) { - DSA *dsa; /* IFF parameters */ - BN_CTX *bctx; /* BIGNUM context */ - EVP_MD_CTX *ctx; /* signature context */ - tstamp_t tstamp; - u_int len; - const BIGNUM *q; + const DSA *dsa; /* IFF parameters */ + BN_CTX *bctx; /* BIGNUM context */ + EVP_MD_CTX *ctx; /* signature context */ + tstamp_t tstamp; + u_int len; + const BIGNUM *q; /* * The identity parameters must have correct format and content. @@ -2216,7 +2204,7 @@ crypto_alice( return (XEVNT_OK); vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -2224,7 +2212,6 @@ crypto_alice( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); return (XEVNT_OK); } @@ -2243,7 +2230,8 @@ crypto_bob( struct value *vp /* value pointer */ ) { - DSA *dsa; /* IFF parameters */ + int retv; /* return value */ + const DSA *dsa; /* IFF parameters */ DSA_SIG *sdsa; /* DSA signature context fake */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ @@ -2262,6 +2250,10 @@ crypto_bob( msyslog(LOG_NOTICE, "crypto_bob: scheme unavailable"); return (XEVNT_ID); } + + /* Initialize pointers that may need freeing in cleanup. */ + sdsa = NULL; + dsa = EVP_PKEY_get0_DSA(iffkey_info->pkey); DSA_get0_pqg(dsa, &p, &q, &g); DSA_get0_key(dsa, NULL, &priv_key); @@ -2306,16 +2298,16 @@ crypto_bob( if (len == 0) { msyslog(LOG_ERR, "crypto_bob: %s", ERR_error_string(ERR_get_error(), NULL)); - DSA_SIG_free(sdsa); - return (XEVNT_ERR); + retv = XEVNT_ERR; + goto cleanup; } if (len > MAX_VALLEN) { msyslog(LOG_ERR, "crypto_bob: signature is too big: %u", len); - DSA_SIG_free(sdsa); - return (XEVNT_LEN); + retv = XEVNT_ERR; + goto cleanup; } - memset(vp, 0, sizeof(struct value)); + ZERO(*vp); tstamp = crypto_time(); vp->tstamp = htonl(tstamp); vp->fstamp = htonl(iffkey_info->fstamp); @@ -2323,13 +2315,14 @@ crypto_bob( ptr = emalloc(len); vp->ptr = ptr; i2d_DSA_SIG(sdsa, &ptr); - DSA_SIG_free(sdsa); - if (tstamp == 0) - return (XEVNT_OK); + if (0 == tstamp) { + retv = XEVNT_OK; + goto cleanup; + } /* XXX: more validation to make sure the sign fits... */ vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -2337,8 +2330,11 @@ crypto_bob( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); - return (XEVNT_OK); + retv = XEVNT_OK; + + cleanup: + DSA_SIG_free(sdsa); + return retv; } @@ -2357,7 +2353,7 @@ crypto_iff( struct peer *peer /* peer structure pointer */ ) { - DSA *dsa; /* IFF parameters */ + const DSA *dsa; /* IFF parameters */ BN_CTX *bctx; /* BIGNUM context */ DSA_SIG *sdsa; /* DSA parameters */ BIGNUM *bn, *bk; @@ -2501,7 +2497,7 @@ crypto_alice2( struct value *vp /* value pointer */ ) { - RSA *rsa; /* GQ parameters */ + const RSA *rsa; /* GQ parameters */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ tstamp_t tstamp; @@ -2546,7 +2542,7 @@ crypto_alice2( return (XEVNT_OK); vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -2554,7 +2550,6 @@ crypto_alice2( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); return (XEVNT_OK); } @@ -2573,7 +2568,7 @@ crypto_bob2( struct value *vp /* value pointer */ ) { - RSA *rsa; /* GQ parameters */ + const RSA *rsa; /* GQ parameters */ DSA_SIG *sdsa; /* DSA parameters */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ @@ -2651,7 +2646,7 @@ crypto_bob2( return (XEVNT_OK); vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -2659,7 +2654,6 @@ crypto_bob2( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); return (XEVNT_OK); } @@ -2680,7 +2674,7 @@ crypto_gq( struct peer *peer /* peer structure pointer */ ) { - RSA *rsa; /* GQ parameters */ + const RSA *rsa; /* GQ parameters */ BN_CTX *bctx; /* BIGNUM context */ DSA_SIG *sdsa; /* RSA signature context fake */ BIGNUM *y, *v; @@ -2845,7 +2839,7 @@ crypto_alice3( struct value *vp /* value pointer */ ) { - DSA *dsa; /* MV parameters */ + const DSA *dsa; /* MV parameters */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ tstamp_t tstamp; @@ -2890,7 +2884,7 @@ crypto_alice3( return (XEVNT_OK); vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -2898,7 +2892,6 @@ crypto_alice3( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); return (XEVNT_OK); } @@ -2916,7 +2909,7 @@ crypto_bob3( struct value *vp /* value pointer */ ) { - DSA *dsa; /* MV parameters */ + const DSA *dsa; /* MV parameters */ DSA *sdsa; /* DSA signature context fake */ BN_CTX *bctx; /* BIGNUM context */ EVP_MD_CTX *ctx; /* signature context */ @@ -3003,7 +2996,7 @@ crypto_bob3( return (XEVNT_OK); vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)&vp->tstamp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -3011,7 +3004,6 @@ crypto_bob3( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); return (XEVNT_OK); } @@ -3032,7 +3024,7 @@ crypto_mv( struct peer *peer /* peer structure pointer */ ) { - DSA *dsa; /* MV parameters */ + const DSA *dsa; /* MV parameters */ DSA *sdsa; /* DSA parameters */ BN_CTX *bctx; /* BIGNUM context */ BIGNUM *k, *u, *v; @@ -3253,7 +3245,7 @@ cert_sign( vp->siglen = 0; if (tstamp != 0) { vp->sig = emalloc(sign_siglen); - ctx = EVP_MD_CTX_new(); + ctx = digest_ctx; EVP_SignInit(ctx, sign_digest); EVP_SignUpdate(ctx, (u_char *)vp, 12); EVP_SignUpdate(ctx, vp->ptr, len); @@ -3261,7 +3253,6 @@ cert_sign( INSIST(len <= sign_siglen); vp->siglen = htonl(len); } - EVP_MD_CTX_free(ctx); } #ifdef DEBUG if (debug > 1) @@ -3909,7 +3900,6 @@ crypto_setup(void) "crypto_setup: spurious crypto command"); return; } - ssl_check_version(); /* * Load required random seed file and seed the random number @@ -4168,5 +4158,5 @@ exten_payload_size( return (u_int)data_size; } # else /* !AUTOKEY follows */ -int ntp_crypto_bs_pubkey; +NONEMPTY_TRANSLATION_UNIT # endif /* !AUTOKEY */ diff --git a/ntpd/ntp_io.c b/ntpd/ntp_io.c index bb35ffd68511..9d79fe493d9b 100644 --- a/ntpd/ntp_io.c +++ b/ntpd/ntp_io.c @@ -177,11 +177,14 @@ endpt * any_interface; /* wildcard ipv4 interface */ endpt * any6_interface; /* wildcard ipv6 interface */ endpt * loopback_interface; /* loopback ipv4 interface */ -static isc_boolean_t broadcast_client_enabled; /* is broadcast client enabled */ +static isc_boolean_t broadcast_client_enabled; u_int sys_ifnum; /* next .ifnum to assign */ int ninterfaces; /* Total number of interfaces */ -int disable_dynamic_updates; /* scan interfaces once only */ +int no_periodic_scan; /* network endpoint scans */ +int scan_addrs_once; /* because dropped privs */ +int nonlocal_v4_addr_up; /* should we try IPv4 pool? */ +int nonlocal_v6_addr_up; /* should we try IPv6 pool? */ #ifdef REFCLOCK /* @@ -210,7 +213,7 @@ static int update_interfaces(u_short, interface_receiver_t, static void remove_interface(endpt *); static endpt * create_interface(u_short, endpt *); -static int is_wildcard_addr (const sockaddr_u *); +static inline int is_wildcard_addr(const sockaddr_u *psau); /* * Multicast functions @@ -229,7 +232,6 @@ static isc_boolean_t socket_multicast_disable(endpt *, sockaddr_u *); #ifdef DEBUG static void interface_dump (const endpt *); -static void sockaddr_dump (const sockaddr_u *); static void print_interface (const endpt *, const char *, const char *); #define DPRINT_INTERFACE(level, args) do { if (debug >= (level)) { print_interface args; } } while (0) #else @@ -280,13 +282,13 @@ static int addr_samesubnet (const sockaddr_u *, const sockaddr_u *, static int create_sockets (u_short); static SOCKET open_socket (sockaddr_u *, int, int, endpt *); static void set_reuseaddr (int); -static isc_boolean_t socket_broadcast_enable (struct interface *, SOCKET, sockaddr_u *); +static isc_boolean_t socket_broadcast_enable (endpt *, SOCKET, sockaddr_u *); #if !defined(HAVE_IO_COMPLETION_PORT) && !defined(HAVE_SIGNALED_IO) static char * fdbits (int, const fd_set *); #endif #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES -static isc_boolean_t socket_broadcast_disable (struct interface *, sockaddr_u *); +static isc_boolean_t socket_broadcast_disable (endpt *, sockaddr_u *); #endif typedef struct remaddr remaddr_t; @@ -305,10 +307,16 @@ endpt * mc6_list; /* IPv6 mcast-capable unicast endpts */ static endpt * wildipv4; static endpt * wildipv6; +#define RFC3927_ADDR 0xa9fe0000 /* 169.254. */ +#define RFC3927_MASK 0xffff0000 +#define IS_AUTOCONF(addr4) \ + ((SRCADR(addr4) & RFC3927_MASK) == RFC3927_ADDR) + #ifdef SYS_WINNT int accept_wildcard_if_for_winnt; #else const int accept_wildcard_if_for_winnt = FALSE; +#define init_io_completion_port() do {} while (FALSE) #endif static void add_fd_to_list (SOCKET, enum desc_type); @@ -316,7 +324,7 @@ static endpt * find_addr_in_list (sockaddr_u *); static endpt * find_flagged_addr_in_list(sockaddr_u *, u_int32); static void delete_addr_from_list (sockaddr_u *); static void delete_interface_from_list(endpt *); -static void close_and_delete_fd_from_list(SOCKET); +static void close_and_delete_fd_from_list(SOCKET, endpt *); static void add_addr_to_list (sockaddr_u *, endpt *); static void create_wildcards (u_short); static endpt * findlocalinterface (sockaddr_u *, int, int); @@ -337,7 +345,7 @@ static int cmp_addr_distance(const sockaddr_u *, * Routines to read the ntp packets */ #if !defined(HAVE_IO_COMPLETION_PORT) -static inline int read_network_packet (SOCKET, struct interface *, l_fp); +static inline int read_network_packet (SOCKET, endpt *, l_fp); static void ntpd_addremove_io_fd (int, int, int); static void input_handler_scan (const l_fp*, const fd_set*); static int/*BOOL*/ sanitize_fdset (int errc); @@ -454,15 +462,14 @@ init_io(void) /* Init buffer free list and stat counters */ init_recvbuff(RECV_INIT); /* update interface every 5 minutes as default */ - interface_interval = 300; + endpt_scan_period = 301; #ifdef WORK_PIPE addremove_io_fd = &ntpd_addremove_io_fd; #endif -#if defined(SYS_WINNT) init_io_completion_port(); -#elif defined(HAVE_SIGNALED_IO) +#if defined(HAVE_SIGNALED_IO) (void) set_signal(input_handler); #endif } @@ -528,11 +535,8 @@ interface_dump(const endpt *itf) printf("fd = %lld\n", (long long)itf->fd); printf("bfd = %lld\n", (long long)itf->bfd); printf("sin = %s,\n", stoa(&itf->sin)); - sockaddr_dump(&itf->sin); printf("bcast = %s,\n", stoa(&itf->bcast)); - sockaddr_dump(&itf->bcast); printf("mask = %s,\n", stoa(&itf->mask)); - sockaddr_dump(&itf->mask); printf("name = %s\n", itf->name); printf("flags = 0x%08x\n", itf->flags); printf("last_ttl = %d\n", itf->last_ttl); @@ -546,27 +550,6 @@ interface_dump(const endpt *itf) printf("phase = %u\n", itf->phase); } -/* - * sockaddr_dump - hex dump the start of a sockaddr_u - */ -static void -sockaddr_dump(const sockaddr_u *psau) -{ - /* Limit the size of the sockaddr_in6 hex dump */ - const int maxsize = min(32, sizeof(psau->sa6)); - const u_char * cp; - int i; - - /* XXX: Should we limit maxsize based on psau->saX.sin_family? */ - cp = (const void *)&psau->sa6; - - for(i = 0; i < maxsize; i++) { - printf("%02x", *cp++); - if (!((i + 1) % 4)) - printf(" "); - } - printf("\n"); -} /* * print_interface - helper to output debug information @@ -637,7 +620,7 @@ add_asyncio_reader( } /* - * remove asynchio_reader + * remove asyncio_reader */ static void remove_asyncio_reader( @@ -649,9 +632,9 @@ remove_asyncio_reader( UNLINK_SLIST(unlinked, asyncio_reader_list, reader, link, struct asyncio_reader); - if (reader->fd != INVALID_SOCKET) - close_and_delete_fd_from_list(reader->fd); - + if (reader->fd != INVALID_SOCKET) { + close_and_delete_fd_from_list(reader->fd, NULL); + } reader->fd = INVALID_SOCKET; } #endif /* !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET) */ @@ -743,7 +726,7 @@ interface_enumerate( /* * do standard initialization of interface structure */ -static void +static inline void init_interface( endpt *ep ) @@ -760,20 +743,19 @@ init_interface( * template structure or via standard initialization * function */ -static struct interface * +static endpt * new_interface( - struct interface *interface + endpt *protot ) { - struct interface * iface; + endpt * iface; iface = emalloc(sizeof(*iface)); - - if (NULL == interface) - init_interface(iface); - else /* use the template */ - memcpy(iface, interface, sizeof(*iface)); - + if (NULL == protot) { + ZERO(*iface); + } else { + memcpy(iface, protot, sizeof(*iface)); + } /* count every new instance of an interface in the system */ iface->ifnum = sys_ifnum++; iface->starttime = current_time; @@ -814,19 +796,16 @@ add_interface( endpt ** pmclisthead; endpt * scan; endpt * scan_next; - endpt * unlinked; - sockaddr_u * addr; - int ep_local; - int scan_local; int same_subnet; - int ep_univ_iid; /* iface ID from MAC address */ - int scan_univ_iid; /* see RFC 4291 */ - int ep_privacy; /* random local iface ID */ - int scan_privacy; /* see RFC 4941 */ int rc; /* Calculate the refid */ ep->addr_refid = addr2refid(&ep->sin); +# ifdef WORDS_BIGENDIAN + if (IS_IPV6(&ep->sin)) { + ep->old_refid = BYTESWAP32(ep->addr_refid); + } +# endif /* link at tail so ntpdc -c ifstats index increases each row */ LINK_TAIL_SLIST(ep_list, ep, elink, endpt); ninterfaces++; @@ -843,101 +822,26 @@ add_interface( ? &mc4_list : &mc6_list; - if (AF_INET6 == ep->family) { - ep_local = - IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(&ep->sin)) || - IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(&ep->sin)); - ep_univ_iid = IS_IID_UNIV(&ep->sin); - ep_privacy = !!(INT_PRIVACY & ep->flags); - } else { - ep_local = FALSE; - ep_univ_iid = FALSE; - ep_privacy = FALSE; - } - DPRINTF(4, ("add_interface mcast-capable %s%s%s%s\n", - stoa(&ep->sin), - (ep_local) ? " link/scope-local" : "", - (ep_univ_iid) ? " univ-IID" : "", - (ep_privacy) ? " privacy" : "")); /* - * If we have multiple local addresses on the same network - * interface, and some are link- or site-local, do not multicast - * out from the link-/site-local addresses by default, to avoid - * duplicate manycastclient associations between v6 peers using - * link-local and global addresses. link-local can still be - * chosen using "nic ignore myv6globalprefix::/64". - * Similarly, if we have multiple global addresses from the same - * prefix on the same network interface, multicast from one, - * preferring EUI-64, then static, then least RFC 4941 privacy - * addresses. + * If we have multiple global addresses from the same prefix + * on the same network interface, multicast from one. */ for (scan = *pmclisthead; scan != NULL; scan = scan_next) { scan_next = scan->mclink; - if (ep->family != scan->family) - continue; - if (strcmp(ep->name, scan->name)) + if ( ep->family != scan->family + || ep->ifindex != scan->ifindex) { continue; + } same_subnet = addr_samesubnet(&ep->sin, &ep->mask, &scan->sin, &scan->mask); - if (AF_INET6 == ep->family) { - addr = &scan->sin; - scan_local = - IN6_IS_ADDR_LINKLOCAL(PSOCK_ADDR6(addr)) || - IN6_IS_ADDR_SITELOCAL(PSOCK_ADDR6(addr)); - scan_univ_iid = IS_IID_UNIV(addr); - scan_privacy = !!(INT_PRIVACY & scan->flags); - } else { - scan_local = FALSE; - scan_univ_iid = FALSE; - scan_privacy = FALSE; - } - DPRINTF(4, ("add_interface mcast-capable scan %s%s%s%s\n", - stoa(&scan->sin), - (scan_local) ? " link/scope-local" : "", - (scan_univ_iid) ? " univ-IID" : "", - (scan_privacy) ? " privacy" : "")); - if ((ep_local && !scan_local) || (same_subnet && - ((ep_privacy && !scan_privacy) || - (!ep_univ_iid && scan_univ_iid)))) { - DPRINTF(4, ("did not add %s to %s of IPv6 multicast-capable list which already has %s\n", - stoa(&ep->sin), - (ep_local) - ? "tail" - : "head", - stoa(&scan->sin))); + if (same_subnet) { + DPRINTF(4, ("did not add %s to multicast-capable list" + "which already has %s\n", + stoa(&ep->sin), stoa(&scan->sin))); return; } - if ((scan_local && !ep_local) || (same_subnet && - ((scan_privacy && !ep_privacy) || - (!scan_univ_iid && ep_univ_iid)))) { - UNLINK_SLIST(unlinked, *pmclisthead, - scan, mclink, endpt); - DPRINTF(4, ("%s %s from IPv6 multicast-capable list to add %s\n", - (unlinked != scan) - ? "Failed to remove" - : "removed", - stoa(&scan->sin), stoa(&ep->sin))); - } } - /* - * Add link/site local at the tail of the multicast- - * capable unicast interfaces list, so that ntpd will - * send from global addresses before link-/site-local - * ones. - */ - if (ep_local) - LINK_TAIL_SLIST(*pmclisthead, ep, mclink, endpt); - else - LINK_SLIST(*pmclisthead, ep, mclink); - DPRINTF(4, ("added %s to %s of IPv%s multicast-capable unicast local address list\n", - stoa(&ep->sin), - (ep_local) - ? "tail" - : "head", - (AF_INET == ep->family) - ? "4" - : "6")); - + LINK_SLIST(*pmclisthead, ep, mclink); if (INVALID_SOCKET == ep->fd) return; @@ -987,6 +891,7 @@ remove_interface( endpt * unlinked; endpt ** pmclisthead; sockaddr_u resmask; + int/*BOOL*/ success; UNLINK_SLIST(unlinked, ep_list, ep, elink, endpt); if (!ep->ignore_packets && INT_MULTICAST & ep->flags) { @@ -1007,7 +912,9 @@ remove_interface( if (ep->fd != INVALID_SOCKET) { msyslog(LOG_INFO, - "Deleting interface #%d %s, %s#%d, interface stats: received=%ld, sent=%ld, dropped=%ld, active_time=%ld secs", + "Deleting %d %s, [%s]:%hd, stats:" + " received=%ld, sent=%ld, dropped=%ld," + " active_time=%ld secs", ep->ifnum, ep->name, stoa(&ep->sin), @@ -1016,10 +923,7 @@ remove_interface( ep->sent, ep->notsent, current_time - ep->starttime); -# ifdef HAVE_IO_COMPLETION_PORT - io_completion_port_remove_socket(ep->fd, ep); -# endif - close_and_delete_fd_from_list(ep->fd); + close_and_delete_fd_from_list(ep->fd, ep); ep->fd = INVALID_SOCKET; } @@ -1027,10 +931,7 @@ remove_interface( msyslog(LOG_INFO, "stop listening for broadcasts to %s on interface #%d %s", stoa(&ep->bcast), ep->ifnum, ep->name); -# ifdef HAVE_IO_COMPLETION_PORT - io_completion_port_remove_socket(ep->bfd, ep); -# endif - close_and_delete_fd_from_list(ep->bfd); + close_and_delete_fd_from_list(ep->bfd, ep); ep->bfd = INVALID_SOCKET; } # ifdef HAVE_IO_COMPLETION_PORT @@ -1042,8 +943,14 @@ remove_interface( /* remove restrict interface entry */ SET_HOSTMASK(&resmask, AF(&ep->sin)); - hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, - -3, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); + success = hack_restrict(RESTRICT_REMOVEIF, &ep->sin, &resmask, 0, + RESM_NTPONLY | RESM_INTERFACE, 0, 0); + if (!success) { + msyslog(LOG_ERR, + "unable to remove self-restriction for %s", + stoa(&ep->sin)); + } + } @@ -1073,7 +980,7 @@ create_wildcards( #endif sockaddr_u wildaddr; nic_rule_action action; - struct interface * wildif; + endpt * wildif; /* * silence "potentially uninitialized" warnings from VC9 @@ -1404,9 +1311,6 @@ convert_isc_if( u_short port ) { - const u_char v6loop[16] = {0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1}; - strlcpy(itf->name, isc_if->name, sizeof(itf->name)); itf->ifindex = isc_if->ifindex; itf->family = (u_short)isc_if->af; @@ -1456,15 +1360,8 @@ convert_isc_if( * Clear the loopback flag if the address is not localhost. * http://bugs.ntp.org/1683 */ - if (INT_LOOPBACK & itf->flags) { - if (AF_INET == itf->family) { - if (127 != (SRCADR(&itf->sin) >> 24)) - itf->flags &= ~INT_LOOPBACK; - } else { - if (memcmp(v6loop, NSRCADR6(&itf->sin), - sizeof(NSRCADR6(&itf->sin)))) - itf->flags &= ~INT_LOOPBACK; - } + if ((INT_LOOPBACK & itf->flags) && !IS_LOOPBACK_ADDR(&itf->sin)) { + itf->flags &= ~INT_LOOPBACK; } } @@ -1480,33 +1377,33 @@ convert_isc_if( */ static int refresh_interface( - struct interface * interface + endpt * iface ) { #ifdef OS_MISSES_SPECIFIC_ROUTE_UPDATES - if (interface->fd != INVALID_SOCKET) { - int bcast = (interface->flags & INT_BCASTXMIT) != 0; + if (iface->fd != INVALID_SOCKET) { + int bcast = (iface->flags & INT_BCASTXMIT) != 0; /* as we forcibly close() the socket remove the broadcast permission indication */ if (bcast) - socket_broadcast_disable(interface, &interface->sin); + socket_broadcast_disable(iface, &iface->sin); - close_and_delete_fd_from_list(interface->fd); + close_and_delete_fd_from_list(iface->fd); /* create new socket picking up a new first hop binding at connect() time */ - interface->fd = open_socket(&interface->sin, - bcast, 0, interface); + iface->fd = open_socket(&iface->sin, + bcast, 0, iface); /* * reset TTL indication so TTL is is set again * next time around */ - interface->last_ttl = 0; - return (interface->fd != INVALID_SOCKET); + iface->last_ttl = 0; + return (iface->fd != INVALID_SOCKET); } else return 0; /* invalid sockets are not refreshable */ #else /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ - return (interface->fd != INVALID_SOCKET); + return (iface->fd != INVALID_SOCKET); #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */ } @@ -1516,20 +1413,21 @@ refresh_interface( void interface_update( interface_receiver_t receiver, - void * data) + void * data + ) { int new_interface_found; - if (disable_dynamic_updates) + if (scan_addrs_once) { return; - + } BLOCKIO(); new_interface_found = update_interfaces(NTP_PORT, receiver, data); UNBLOCKIO(); - if (!new_interface_found) + if (!new_interface_found) { return; - + } #ifdef DEBUG msyslog(LOG_DEBUG, "new interface(s) found: waking up resolver"); #endif @@ -1552,13 +1450,11 @@ sau_from_netaddr( switch (pna->family) { case AF_INET: - memcpy(&psau->sa4.sin_addr, &pna->type.in, - sizeof(psau->sa4.sin_addr)); + psau->sa4.sin_addr = pna->type.in; break; case AF_INET6: - memcpy(&psau->sa6.sin6_addr, &pna->type.in6, - sizeof(psau->sa6.sin6_addr)); + psau->sa6.sin6_addr = pna->type.in6; break; } } @@ -1581,6 +1477,30 @@ is_wildcard_addr( } +isc_boolean_t +is_linklocal( + sockaddr_u * psau +) +{ + struct in6_addr * p6addr; + + if (IS_IPV6(psau)) { + p6addr = &psau->sa6.sin6_addr; + if ( IN6_IS_ADDR_LINKLOCAL(p6addr) + || IN6_IS_ADDR_SITELOCAL(p6addr)) { + + return TRUE; + } + } else if (IS_IPV4(psau)) { + /* autoconf are link-local 169.254.0.0/16 */ + if (IS_AUTOCONF(psau)) { + return TRUE; + } + } + return FALSE; +} + + #ifdef OS_NEEDS_REUSEADDR_FOR_IFADDRBIND /* * enable/disable re-use of wildcard address socket @@ -1591,7 +1511,7 @@ set_wildcard_reuse( int on ) { - struct interface *any; + endpt *any; SOCKET fd = INVALID_SOCKET; any = ANY_INTERFACE_BYFAM(family); @@ -1722,13 +1642,18 @@ is_valid( * * toggle configuration phase * - * Phase 1: + * Phase 1a: * forall currently existing interfaces * if address is known: * drop socket - rebind again * * if address is NOT known: - * attempt to create a new interface entry + * Add address to list of new addresses + * + * Phase 1b: + * Scan the list of new addresses marking IPv6 link-local addresses + * which also have a global v6 address using the same OS ifindex. + * Attempt to create a new interface entry * * Phase 2: * forall currently known non MCAST and WILDCARD interfaces @@ -1759,17 +1684,22 @@ update_interfaces( endpt enumep; endpt * ep; endpt * next_ep; + endpt * newaddrs; + endpt * newaddrs_tail; + endpt * ep2; DPRINTF(3, ("update_interfaces(%d)\n", port)); /* - * phase one - scan interfaces - * - create those that are not found - * - update those that are found + * phase 1a - scan OS local addresses + * - update those that ntpd already knows + * - build a list of newly-discovered addresses. */ new_interface_found = FALSE; + nonlocal_v4_addr_up = nonlocal_v6_addr_up = FALSE; iter = NULL; + newaddrs = newaddrs_tail = NULL; result = isc_interfaceiter_create(mctx, &iter); if (result != ISC_R_SUCCESS) @@ -1787,9 +1717,9 @@ update_interfaces( result = isc_interfaceiter_current(iter, &isc_if); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { break; - + } /* See if we have a valid family to use */ family = isc_if.address.family; if (AF_INET != family && AF_INET6 != family) @@ -1855,6 +1785,19 @@ update_interfaces( continue; /* + * Keep track of having non-linklocal connectivity + * for IPv4 and IPv6 so we don't solicit pool hosts + * when it can't work. + */ + if ( !(INT_LOOPBACK & enumep.flags) + && !is_linklocal(&enumep.sin)) { + if (IS_IPV6(&enumep.sin)) { + nonlocal_v6_addr_up = TRUE; + } else { + nonlocal_v4_addr_up = TRUE; + } + } + /* * map to local *address* in order to map all duplicate * interfaces to an endpt structure with the appropriate * socket. Our name space is (ip-address), NOT @@ -1862,107 +1805,132 @@ update_interfaces( */ ep = getinterface(&enumep.sin, INT_WILDCARD); - if (ep != NULL && refresh_interface(ep)) { - /* - * found existing and up to date interface - - * mark present. - */ - if (ep->phase != sys_interphase) { - /* - * On a new round we reset the name so - * the interface name shows up again if - * this address is no longer shared. - * We reset ignore_packets from the - * new prototype to respect any runtime - * changes to the nic rules. - */ - strlcpy(ep->name, enumep.name, - sizeof(ep->name)); - ep->ignore_packets = - enumep.ignore_packets; + if (NULL == ep) { + ep = emalloc(sizeof(*ep)); + memcpy(ep, &enumep, sizeof(*ep)); + if (NULL != newaddrs_tail) { + newaddrs_tail->elink = ep; + newaddrs_tail = ep; } else { - /* name collision - rename interface */ - strlcpy(ep->name, "*multiple*", - sizeof(ep->name)); + newaddrs_tail = newaddrs = ep; } + continue; + } - DPRINT_INTERFACE(4, (ep, "updating ", - " present\n")); - - if (ep->ignore_packets != - enumep.ignore_packets) { - /* - * We have conflicting configurations - * for the interface address. This is - * caused by using -I <interfacename> - * for an interface that shares its - * address with other interfaces. We - * can not disambiguate incoming - * packets delivered to this socket - * without extra syscalls/features. - * These are not (commonly) available. - * Note this is a more unusual - * configuration where several - * interfaces share an address but - * filtering via interface name is - * attempted. We resolve the - * configuration conflict by disabling - * the processing of received packets. - * This leads to no service on the - * interface address where the conflict - * occurs. - */ - msyslog(LOG_ERR, - "WARNING: conflicting enable configuration for interfaces %s and %s for address %s - unsupported configuration - address DISABLED", - enumep.name, ep->name, - stoa(&enumep.sin)); - - ep->ignore_packets = ISC_TRUE; - } + if (!refresh_interface(ep)) { + /* + * Refreshing failed, we will delete the endpt + * in phase 2 because it was not marked current. + * We can bind to the address as the refresh + * code already closed the endpt's socket. + */ + continue; + } + /* + * found existing and up to date interface - + * mark present. + */ + if (ep->phase != sys_interphase) { + /* + * On a new round we reset the name so + * the interface name shows up again if + * this address is no longer shared. + * We reset ignore_packets from the + * new prototype to respect any runtime + * changes to the nic rules. + */ + strlcpy(ep->name, enumep.name, sizeof(ep->name)); + ep->ignore_packets = enumep.ignore_packets; + } else { + /* + * DLH: else branch might be dead code from + * when both address and name were compared. + */ + msyslog(LOG_INFO, "%s on %u %s -> *multiple*", + stoa(&ep->sin), ep->ifnum, ep->name); + /* name collision - rename interface */ + strlcpy(ep->name, "*multiple*", sizeof(ep->name)); + } - ep->phase = sys_interphase; + DPRINT_INTERFACE(4, (ep, "updating ", " present\n")); - ifi.action = IFS_EXISTS; - ifi.ep = ep; - if (receiver != NULL) - (*receiver)(data, &ifi); - } else { + if (ep->ignore_packets != enumep.ignore_packets) { /* - * This is new or refreshing failed - add to - * our interface list. If refreshing failed we - * will delete the interface structure in phase - * 2 as the interface was not marked current. - * We can bind to the address as the refresh - * code already closed the offending socket + * We have conflicting configurations for the + * address. This can happen with + * -I <interfacename> on the command line for an + * interface that shares its address with other + * interfaces. We cannot disambiguate incoming + * packets delivered to this socket without extra + * syscalls/features. Note this is an unusual + * configuration where several interfaces share + * an address but filtering via interface name is + * attempted. We resolve the config conflict by + * disabling the processing of received packets. + * This leads to no service on the address where + * the conflict occurs. */ - ep = create_interface(port, &enumep); - - if (ep != NULL) { - ifi.action = IFS_CREATED; - ifi.ep = ep; - if (receiver != NULL) - (*receiver)(data, &ifi); - - new_interface_found = TRUE; - DPRINT_INTERFACE(3, - (ep, "updating ", - " new - created\n")); - } else { - DPRINT_INTERFACE(3, - (&enumep, "updating ", - " new - creation FAILED")); + msyslog(LOG_WARNING, + "conflicting listen configuration between" + " %s and %s for %s, disabled", + enumep.name, ep->name, stoa(&enumep.sin)); - msyslog(LOG_INFO, - "failed to init interface for address %s", - stoa(&enumep.sin)); - continue; - } + ep->ignore_packets = TRUE; + } + + ep->phase = sys_interphase; + + ifi.action = IFS_EXISTS; + ifi.ep = ep; + if (receiver != NULL) { + (*receiver)(data, &ifi); } } isc_interfaceiter_destroy(&iter); /* + * Phase 1b + */ + for (ep = newaddrs; ep != NULL; ep = ep->elink) { + if (IS_IPV6(&ep->sin) && is_linklocal(&ep->sin)) { + for (ep2 = newaddrs; ep2 != NULL; ep2 = ep2->elink) { + if ( IS_IPV6(&ep2->sin) + && ep != ep2 + && !is_linklocal(&ep2->sin)) { + + ep->flags |= INT_LL_OF_GLOB; + break; + } + } + } + } + for (ep2 = newaddrs; ep2 != NULL; ep2 = next_ep) { + next_ep = ep2->elink; + ep2->elink = NULL; + ep = create_interface(port, ep2); + if (ep != NULL) { + ifi.action = IFS_CREATED; + ifi.ep = ep; + if (receiver != NULL) { + (*receiver)(data, &ifi); + } + new_interface_found = TRUE; + DPRINT_INTERFACE(3, + (ep, "updating ", " new - created\n")); + } + else { + DPRINT_INTERFACE(3, + (ep, "updating ", " new - FAILED")); + + msyslog(LOG_ERR, + "cannot bind address %s", + stoa(&ep->sin)); + } + free(ep2); + } + + /* * phase 2 - delete gone interfaces - reassigning peers to * other interfaces */ @@ -1986,20 +1954,20 @@ update_interfaces( ifi.action = IFS_DELETED; ifi.ep = ep; - if (receiver != NULL) + if (receiver != NULL) { (*receiver)(data, &ifi); - + } /* disconnect peers from deleted endpt. */ - while (ep->peers != NULL) + while (ep->peers != NULL) { set_peerdstadr(ep->peers, NULL); - + } /* * update globals in case we lose * a loopback interface */ - if (ep == loopback_interface) + if (ep == loopback_interface) { loopback_interface = NULL; - + } delete_interface(ep); } @@ -2011,20 +1979,20 @@ update_interfaces( */ refresh_all_peerinterfaces(); - if (sys_bclient) + if (sys_bclient) { io_setbclient(); - + } #ifdef MCAST /* * Check multicast interfaces and try to join multicast groups if - * not joined yet. - */ + * not joined yet. + */ for (ep = ep_list; ep != NULL; ep = ep->elink) { remaddr_t *entry; - if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) + if (!(INT_MCASTIF & ep->flags) || (INT_MCASTOPEN & ep->flags)) { continue; - + } /* Find remote address that was linked to this interface */ for (entry = remoteaddr_list; entry != NULL; @@ -2084,20 +2052,20 @@ create_sockets( * create_interface - create a new interface for a given prototype * binding the socket. */ -static struct interface * +static endpt * create_interface( - u_short port, - struct interface * protot + u_short port, + endpt * protot ) { sockaddr_u resmask; endpt * iface; + int/*BOOL*/ success; #if defined(MCAST) && defined(MULTICAST_NONEWSOCKET) remaddr_t * entry; remaddr_t * next_entry; #endif - DPRINTF(2, ("create_interface(%s#%d)\n", stoa(&protot->sin), - port)); + DPRINTF(2, ("create_interface(%s)\n", sptoa(&protot->sin))); /* build an interface */ iface = new_interface(protot); @@ -2112,16 +2080,15 @@ create_interface( if ((INT_BROADCAST & iface->flags) && iface->bfd != INVALID_SOCKET) - msyslog(LOG_INFO, "Listening on broadcast address %s#%d", - stoa((&iface->bcast)), port); + msyslog(LOG_INFO, "Listening on broadcast address %s", + sptoa(&iface->bcast)); if (INVALID_SOCKET == iface->fd && INVALID_SOCKET == iface->bfd) { - msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s#%d", + msyslog(LOG_ERR, "unable to create socket on %s (%d) for %s", iface->name, iface->ifnum, - stoa((&iface->sin)), - port); + sptoa(&iface->sin)); delete_interface(iface); return NULL; } @@ -2130,8 +2097,13 @@ create_interface( * Blacklist our own addresses, no use talking to ourself */ SET_HOSTMASK(&resmask, AF(&iface->sin)); - hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, - -4, RESM_NTPONLY | RESM_INTERFACE, RES_IGNORE, 0); + success = hack_restrict(RESTRICT_FLAGS, &iface->sin, &resmask, + -4, RESM_NTPONLY | RESM_INTERFACE, + RES_IGNORE, 0); + if (!success) { + msyslog(LOG_ERR, + "unable to self-restrict %s", stoa(&iface->sin)); + } /* * set globals with the first found @@ -2181,6 +2153,85 @@ create_interface( } +#ifdef DEBUG +const char * +iflags_str( + u_int32 iflags +) +{ + const size_t sz = LIB_BUFLENGTH; + char * ifs; + + LIB_GETBUF(ifs); + ifs[0] = '\0'; + + if (iflags & INT_UP) { + CLEAR_BIT_IF_DEBUG(INT_UP, iflags); + append_flagstr(ifs, sz, "up"); + } + + if (iflags & INT_PPP) { + CLEAR_BIT_IF_DEBUG(INT_PPP, iflags); + append_flagstr(ifs, sz, "ppp"); + } + + if (iflags & INT_LOOPBACK) { + CLEAR_BIT_IF_DEBUG(INT_LOOPBACK, iflags); + append_flagstr(ifs, sz, "loopback"); + } + + if (iflags & INT_BROADCAST) { + CLEAR_BIT_IF_DEBUG(INT_BROADCAST, iflags); + append_flagstr(ifs, sz, "broadcast"); + } + + if (iflags & INT_MULTICAST) { + CLEAR_BIT_IF_DEBUG(INT_MULTICAST, iflags); + append_flagstr(ifs, sz, "multicast"); + } + + if (iflags & INT_BCASTOPEN) { + CLEAR_BIT_IF_DEBUG(INT_BCASTOPEN, iflags); + append_flagstr(ifs, sz, "bcastopen"); + } + + if (iflags & INT_MCASTOPEN) { + CLEAR_BIT_IF_DEBUG(INT_MCASTOPEN, iflags); + append_flagstr(ifs, sz, "mcastopen"); + } + + if (iflags & INT_WILDCARD) { + CLEAR_BIT_IF_DEBUG(INT_WILDCARD, iflags); + append_flagstr(ifs, sz, "wildcard"); + } + + if (iflags & INT_MCASTIF) { + CLEAR_BIT_IF_DEBUG(INT_MCASTIF, iflags); + append_flagstr(ifs, sz, "mcastif"); + } + + if (iflags & INT_PRIVACY) { + CLEAR_BIT_IF_DEBUG(INT_PRIVACY, iflags); + append_flagstr(ifs, sz, "IPv6privacy"); + } + + if (iflags & INT_BCASTXMIT) { + CLEAR_BIT_IF_DEBUG(INT_BCASTXMIT, iflags); + append_flagstr(ifs, sz, "bcastxmit"); + } + + if (iflags & INT_LL_OF_GLOB) { + CLEAR_BIT_IF_DEBUG(INT_LL_OF_GLOB, iflags); + append_flagstr(ifs, sz, "linklocal-w-global"); + } + + DEBUG_INVARIANT(!iflags); + + return ifs; +} +#endif /* DEBUG */ + + #ifdef SO_EXCLUSIVEADDRUSE static void set_excladdruse( @@ -2263,8 +2314,8 @@ set_reuseaddr( */ void enable_broadcast( - struct interface * iface, - sockaddr_u * baddr + endpt * iface, + sockaddr_u * baddr ) { #ifdef OPEN_BCAST_SOCKET @@ -2280,9 +2331,9 @@ enable_broadcast( */ static isc_boolean_t socket_broadcast_enable( - struct interface * iface, - SOCKET fd, - sockaddr_u * baddr + endpt * iface, + SOCKET fd, + sockaddr_u * baddr ) { #ifdef SO_BROADCAST @@ -2314,7 +2365,7 @@ socket_broadcast_enable( */ static isc_boolean_t socket_broadcast_disable( - struct interface * iface, + endpt * iface, sockaddr_u * baddr ) { @@ -2337,15 +2388,6 @@ socket_broadcast_disable( #endif /* OPEN_BCAST_SOCKET */ -/* - * return the broadcast client flag value - */ -/*isc_boolean_t -get_broadcastclient_flag(void) -{ - return (broadcast_client_enabled); -} -*/ /* * Check to see if the address is a multicast address @@ -2381,8 +2423,8 @@ addr_ismulticast( */ void enable_multicast_if( - struct interface * iface, - sockaddr_u * maddr + endpt * iface, + sockaddr_u * maddr ) { #ifdef MCAST @@ -2526,7 +2568,7 @@ socket_multicast_enable( #ifdef MCAST static isc_boolean_t socket_multicast_disable( - struct interface * iface, + endpt * iface, sockaddr_u * maddr ) { @@ -2535,8 +2577,6 @@ socket_multicast_disable( # endif struct ip_mreq mreq; - ZERO(mreq); - if (find_addr_in_list(maddr) == NULL) { DPRINTF(4, ("socket_multicast_disable(%s): not found\n", stoa(maddr))); @@ -2546,6 +2586,7 @@ socket_multicast_disable( switch (AF(maddr)) { case AF_INET: + ZERO(mreq); mreq.imr_multiaddr = SOCK_ADDR4(maddr); mreq.imr_interface = SOCK_ADDR4(&iface->sin); if (setsockopt(iface->fd, IPPROTO_IP, @@ -2569,6 +2610,7 @@ socket_multicast_disable( * for other types of multicast addresses. For now let * the kernel figure it out. */ + ZERO(mreq6); mreq6.ipv6mr_multiaddr = SOCK_ADDR6(maddr); mreq6.ipv6mr_interface = iface->ifindex; @@ -2589,13 +2631,14 @@ socket_multicast_disable( } iface->num_mcast--; - if (!iface->num_mcast) + if (iface->num_mcast <= 0) { iface->flags &= ~INT_MCASTOPEN; - + } return ISC_TRUE; } #endif /* MCAST */ + /* * io_setbclient - open the broadcast client sockets */ @@ -2705,6 +2748,7 @@ io_setbclient(void) #endif /* OPEN_BCAST_SOCKET */ } + /* * io_unsetbclient - close the broadcast client sockets */ @@ -2724,10 +2768,7 @@ io_unsetbclient(void) msyslog(LOG_INFO, "stop listening for broadcasts to %s on interface #%d %s", stoa(&ep->bcast), ep->ifnum, ep->name); -# ifdef HAVE_IO_COMPLETION_PORT - io_completion_port_remove_socket(ep->bfd, ep); -# endif - close_and_delete_fd_from_list(ep->bfd); + close_and_delete_fd_from_list(ep->bfd, ep); ep->bfd = INVALID_SOCKET; } ep->flags &= ~INT_BCASTOPEN; @@ -2735,6 +2776,7 @@ io_unsetbclient(void) broadcast_client_enabled = ISC_FALSE; } + /* * io_multicast_add() - add multicast group address */ @@ -2755,9 +2797,6 @@ io_multicast_add( /* If we already have it we can just return */ if (NULL != find_flagged_addr_in_list(addr, INT_MCASTOPEN)) { - msyslog(LOG_INFO, - "Duplicate request found for multicast address %s", - stoa(addr)); return; } @@ -3041,9 +3080,9 @@ open_socket( #endif ) { msyslog(LOG_ERR, - "bind(%d) AF_INET%s %s#%d%s flags 0x%x failed: %m", + "bind(%d) AF_INET%s %s%s flags 0x%x failed: %m", fd, IS_IPV6(addr) ? "6" : "", - stoa(addr), SRCPORT(addr), + sptoa(addr), IS_MCAST(addr) ? " (multicast)" : "", interf->flags); } @@ -3090,9 +3129,8 @@ open_socket( } #endif - DPRINTF(4, ("bind(%d) AF_INET%s, addr %s%%%d#%d, flags 0x%x\n", - fd, IS_IPV6(addr) ? "6" : "", stoa(addr), - SCOPE(addr), SRCPORT(addr), interf->flags)); + DPRINTF(4, ("bind(%d) addr %s, flags 0x%x\n", + fd, sptoa(addr), interf->flags)); make_socket_nonblocking(fd); @@ -3123,17 +3161,16 @@ open_socket( /* XXX ELIMINATE sendpkt similar in ntpq.c, ntpdc.c, ntp_io.c, ntptrace.c */ /* - * sendpkt - send a packet to the specified destination. Maintain a - * send error cache so that only the first consecutive error for a - * destination is logged. + * sendpkt - send a packet to the specified destination from the given endpt + * except for multicast, which may be sent from several addresses. */ void sendpkt( - sockaddr_u * dest, - struct interface * ep, - int ttl, - struct pkt * pkt, - int len + sockaddr_u * dest, + endpt * ep, + int ttl, + struct pkt * pkt, + int len ) { endpt * src; @@ -3145,12 +3182,16 @@ sendpkt( l_fp org, rec, xmt; ismcast = IS_MCAST(dest); - if (!ismcast) + if (!ismcast) { src = ep; - else + } else { +#ifndef MCAST + return; +#endif src = (IS_IPV4(dest)) - ? mc4_list - : mc6_list; + ? mc4_list + : mc6_list; + } if (NULL == src) { /* @@ -3164,13 +3205,14 @@ sendpkt( } do { + if (INT_LL_OF_GLOB & src->flags) { + /* avoid duplicate multicasts on same IPv6 net */ + goto loop; + } DPRINTF(2, ("%ssendpkt(%d, dst=%s, src=%s, ttl=%d, len=%d)\n", ismcast ? "\tMCAST\t***** " : "", src->fd, stoa(dest), stoa(&src->sin), ttl, len)); #ifdef MCAST - /* - * for the moment we use the bcast option to set multicast ttl - */ if (ismcast && ttl > 0 && ttl != src->last_ttl) { /* * set the multicast ttl for outgoing packets @@ -3211,7 +3253,7 @@ sendpkt( cc = simulate_server(dest, src, pkt); #elif defined(HAVE_IO_COMPLETION_PORT) cc = io_completion_port_sendto(src, src->fd, pkt, - (size_t)len, (sockaddr_u *)&dest->sa); + (size_t)len, dest); #else cc = sendto(src->fd, (char *)pkt, (u_int)len, 0, &dest->sa, SOCKLEN(dest)); @@ -3223,6 +3265,7 @@ sendpkt( src->sent++; packets_sent++; } + loop: if (ismcast) src = src->mclink; } while (ismcast && src != NULL); @@ -3241,8 +3284,6 @@ sendpkt( FPTOD(NTOHS_FP(pkt->rootdelay)), FPTOD(NTOHS_FP(pkt->rootdisp)), pkt->refid, len - MIN_V4_PKT_LEN, (u_char *)&pkt->exten); - - return; } @@ -3261,7 +3302,7 @@ fdbits( static char buffer[256]; char * buf = buffer; - count = min(count, 255); + count = min(count, sizeof(buffer) - 1); while (count >= 0) { *buf++ = FD_ISSET(count, set) ? '#' : '-'; @@ -3334,7 +3375,7 @@ read_refclock_packet( */ rb->recv_length = buflen; rb->recv_peer = rp->srcclock; - rb->dstadr = 0; + rb->dstadr = NULL; rb->fd = fd; rb->recv_time = ts; rb->receiver = rp->clock_recv; @@ -3476,9 +3517,9 @@ fetch_timestamp( */ static inline int read_network_packet( - SOCKET fd, - struct interface * itf, - l_fp ts + SOCKET fd, + endpt * itf, + l_fp ts ) { GETSOCKNAME_SOCKLEN_TYPE fromlen; @@ -3580,23 +3621,14 @@ read_network_packet( ** Bug 2672: Some OSes (MacOSX and Linux) don't block spoofed ::1 */ - if (AF_INET6 == itf->family) { - DPRINTF(2, ("Got an IPv6 packet, from <%s> (%d) to <%s> (%d)\n", - stoa(&rb->recv_srcadr), - IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)), - stoa(&itf->sin), - !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) - )); - - if ( IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) - && !IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&itf->sin)) - ) { - packets_dropped++; - DPRINTF(2, ("DROPPING that packet\n")); - freerecvbuf(rb); - return buflen; - } - DPRINTF(2, ("processing that packet\n")); + if ( IS_IPV6(&rb->recv_srcadr) + && IN6_IS_ADDR_LOOPBACK(PSOCK_ADDR6(&rb->recv_srcadr)) + && !(INT_LOOPBACK & itf->flags)) { + + packets_dropped++; + DPRINTF(2, ("DROPPING pkt with spoofed ::1 source on %s\n", latoa(itf))); + freerecvbuf(rb); + return -1; } /* @@ -3954,8 +3986,9 @@ select_peerinterface( stoa(srcadr))); } else { ep = dstadr; - if (NULL == ep) + if (NULL == ep) { ep = wild; + } } /* * If it is a multicast address, findbcastinter() may not find @@ -3963,16 +3996,19 @@ select_peerinterface( * given to us as the wildcard (ANY_INTERFACE_CHOOSE). Either * way, try a little harder. */ - if (wild == ep) + if (wild == ep) { ep = findinterface(srcadr); + } /* * we do not bind to the wildcard interfaces for output * as our (network) source address would be undefined and * crypto will not work without knowing the own transmit address */ - if (ep != NULL && INT_WILDCARD & ep->flags) - if (!accept_wildcard_if_for_winnt) + if (ep != NULL && (INT_WILDCARD & ep->flags)) { + if (!accept_wildcard_if_for_winnt) { ep = NULL; + } + } #else /* SIM follows */ ep = loopback_interface; #endif @@ -4007,7 +4043,7 @@ findinterface( /* * findlocalinterface - find local interface corresponding to addr, - * which does not have any of flags set. If bast is nonzero, addr is + * which does not have any of flags set. If bcast is nonzero, addr is * a broadcast address. * * This code attempts to find the local sending address for an outgoing @@ -4037,21 +4073,21 @@ findlocalinterface( DPRINTF(4, ("Finding interface for addr %s in list of addresses\n", stoa(addr))); - /* [Bug 3437] The dummy POOL peer comes in with an AF of - * zero. This is bound to fail, but on the way to nowhere it + /* [Bug 3437] The prototype POOL peer can be AF_UNSPEC. + * This is bound to fail, but on the way to nowhere it * triggers a security incident on SELinux. * - * Checking the condition and failing early is probably a good + * Checking the condition and failing early is probably good * advice, and even saves us some syscalls in that case. * Thanks to Miroslav Lichvar for finding this. */ - if (AF_UNSPEC == AF(addr)) + if (AF_UNSPEC == AF(addr)) { return NULL; - + } s = socket(AF(addr), SOCK_DGRAM, 0); - if (INVALID_SOCKET == s) + if (INVALID_SOCKET == s) { return NULL; - + } /* * If we are looking for broadcast interface we need to set this * socket to allow broadcast @@ -4092,14 +4128,18 @@ findlocalinterface( * See http://bugs.ntp.org/1184 and http://bugs.ntp.org/1683 * for more background. */ - if (NULL == iface || iface->ignore_packets) + if (NULL == iface || iface->ignore_packets) { iface = findclosestinterface(&saddr, flags | INT_LOOPBACK); - - /* Don't use an interface which will ignore replies */ - if (iface != NULL && iface->ignore_packets) + } + /* + * Don't select an interface which will ignore replies, or one + * dedicated to multicast receive. + */ + if ( iface != NULL + && (iface->ignore_packets || (INT_MCASTIF & iface->flags))) { iface = NULL; - + } return iface; } @@ -4169,47 +4209,40 @@ calc_addr_distance( const sockaddr_u * a2 ) { - u_int32 a1val; - u_int32 a2val; - u_int32 v4dist; - int found_greater; - int a1_greater; - int i; + u_char * pdist; + const u_char * p1; + const u_char * p2; + size_t cb; + int different; + int a1_greater; + u_int u; REQUIRE(AF(a1) == AF(a2)); ZERO_SOCK(dist); AF(dist) = AF(a1); - /* v4 can be done a bit simpler */ if (IS_IPV4(a1)) { - a1val = SRCADR(a1); - a2val = SRCADR(a2); - v4dist = (a1val > a2val) - ? a1val - a2val - : a2val - a1val; - SET_ADDR4(dist, v4dist); - - return; + pdist = ( u_char *)&NSRCADR(dist); + p1 = (const u_char *)&NSRCADR(a1); + p2 = (const u_char *)&NSRCADR(a2); + } else { + pdist = ( u_char *)&NSRCADR(dist); + p1 = (const u_char *)&NSRCADR(a1); + p2 = (const u_char *)&NSRCADR(a2); } - - found_greater = FALSE; - a1_greater = FALSE; /* suppress pot. uninit. warning */ - for (i = 0; i < (int)sizeof(NSRCADR6(a1)); i++) { - if (!found_greater && - NSRCADR6(a1)[i] != NSRCADR6(a2)[i]) { - found_greater = TRUE; - a1_greater = (NSRCADR6(a1)[i] > NSRCADR6(a2)[i]); + cb = SIZEOF_INADDR(AF(dist)); + different = FALSE; + a1_greater = FALSE; + for (u = 0; u < cb; u++) { + if (!different && p1[u] != p2[u]) { + a1_greater = (p1[u] > p2[u]); + different = TRUE; } - if (!found_greater) { - NSRCADR6(dist)[i] = 0; + if (a1_greater) { + pdist[u] = p1[u] - p2[u]; } else { - if (a1_greater) - NSRCADR6(dist)[i] = NSRCADR6(a1)[i] - - NSRCADR6(a2)[i]; - else - NSRCADR6(dist)[i] = NSRCADR6(a2)[i] - - NSRCADR6(a1)[i]; + pdist[u] = p2[u] - p1[u]; } } } @@ -4468,7 +4501,7 @@ io_closeclock( # ifdef HAVE_IO_COMPLETION_PORT io_completion_port_remove_clock_io(rio); # endif - close_and_delete_fd_from_list(rio->fd); + close_and_delete_fd_from_list(rio->fd, NULL); purge_recv_buffers_for_fd(rio->fd); rio->fd = -1; } @@ -4503,7 +4536,7 @@ kill_asyncio( maxactivefd = 0; while (fd_list != NULL) - close_and_delete_fd_from_list(fd_list->fd); + close_and_delete_fd_from_list(fd_list->fd, NULL); UNBLOCKIO(); } @@ -4531,7 +4564,8 @@ add_fd_to_list( static void close_and_delete_fd_from_list( - SOCKET fd + SOCKET fd, + endpt *ep /* req. if fd is in struct endpt */ ) { vsock_t *lsock; @@ -4545,6 +4579,11 @@ close_and_delete_fd_from_list( switch (lsock->type) { case FD_TYPE_SOCKET: + #ifdef HAVE_IO_COMPLETION_PORT + if (ep != NULL) { + io_completion_port_remove_socket(fd, ep); + } + #endif closesocket(lsock->fd); break; @@ -4635,7 +4674,7 @@ delete_interface_from_list( } -static struct interface * +static endpt * find_addr_in_list( sockaddr_u *addr ) @@ -4707,7 +4746,7 @@ localaddrtoa( static void process_routing_msgs(struct asyncio_reader *reader) { - static char * buffer; + static void * buffer; static size_t buffsz = 8192; int cnt, new, msg_type; socklen_t len; @@ -4716,16 +4755,15 @@ process_routing_msgs(struct asyncio_reader *reader) #else struct rt_msghdr rtm; char *p; + char *endp; #endif - if (disable_dynamic_updates) { + if (scan_addrs_once) { /* * discard ourselves if we are not needed any more * usually happens when running unprivileged */ - remove_asyncio_reader(reader); - delete_asyncio_reader(reader); - return; + goto disable; } if (NULL == buffer) { @@ -4758,22 +4796,20 @@ process_routing_msgs(struct asyncio_reader *reader) disable: remove_asyncio_reader(reader); delete_asyncio_reader(reader); + return; } - return; } /* * process routing message */ #ifdef HAVE_RTNETLINK - for (nh = UA_PTR(struct nlmsghdr, buffer); - NLMSG_OK(nh, cnt); - nh = NLMSG_NEXT(nh, cnt)) + for (nh = buffer; NLMSG_OK(nh, cnt); nh = NLMSG_NEXT(nh, cnt)) { msg_type = nh->nlmsg_type; #else - for (p = buffer; - (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); + for (p = buffer, endp = p + cnt; + (p + sizeof(struct rt_msghdr)) <= endp; p += rtm.rtm_msglen) { memcpy(&rtm, p, sizeof(rtm)); @@ -4787,7 +4823,7 @@ process_routing_msgs(struct asyncio_reader *reader) return; } msg_type = rtm.rtm_type; -#endif +#endif /* !HAVE_RTNETLINK */ switch (msg_type) { #ifdef RTM_NEWADDR case RTM_NEWADDR: @@ -4835,7 +4871,7 @@ process_routing_msgs(struct asyncio_reader *reader) */ DPRINTF(3, ("routing message op = %d: scheduling interface update\n", msg_type)); - timer_interfacetimeout(current_time + UPDATE_GRACE); + endpt_scan_timer = UPDATE_GRACE + current_time; break; #ifdef HAVE_RTNETLINK case NLMSG_DONE: @@ -4857,14 +4893,14 @@ process_routing_msgs(struct asyncio_reader *reader) * set up routing notifications */ static void -init_async_notifications() +init_async_notifications(void) { struct asyncio_reader *reader; #ifdef HAVE_RTNETLINK int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); struct sockaddr_nl sa; #else - int fd = socket(PF_ROUTE, SOCK_RAW, 0); + int fd = socket(PF_ROUTE, SOCK_RAW, AF_UNSPEC); #endif if (fd < 0) { msyslog(LOG_ERR, @@ -4908,4 +4944,3 @@ init_async_notifications(void) { } #endif - diff --git a/ntpd/ntp_keyword.h b/ntpd/ntp_keyword.h index 7b3efc2cda30..7fa610bb39b9 100644 --- a/ntpd/ntp_keyword.h +++ b/ntpd/ntp_keyword.h @@ -2,7 +2,7 @@ * ntp_keyword.h * * NOTE: edit this file with caution, it is generated by keyword-gen.c - * Generated 2022-03-27 14:17:11 UTC diff_ignore_line + * Generated 2023-09-25 05:34:02 UTC diff_ignore_line * */ #include "ntp_scanner.h" @@ -10,7 +10,7 @@ #define LOWEST_KEYWORD_ID 258 -const char * const keyword_text[212] = { +const char * const keyword_text[213] = { /* 0 258 T_Abbrev */ "abbrev", /* 1 259 T_Age */ "age", /* 2 260 T_All */ "all", @@ -39,200 +39,201 @@ const char * const keyword_text[212] = { /* 25 283 T_Ctl */ "ctl", /* 26 284 T_Day */ "day", /* 27 285 T_Default */ "default", - /* 28 286 T_Device */ "device", - /* 29 287 T_Digest */ "digest", - /* 30 288 T_Disable */ "disable", - /* 31 289 T_Discard */ "discard", - /* 32 290 T_Dispersion */ "dispersion", - /* 33 291 T_Double */ NULL, - /* 34 292 T_Driftfile */ "driftfile", - /* 35 293 T_Drop */ "drop", - /* 36 294 T_Dscp */ "dscp", - /* 37 295 T_Ellipsis */ "...", - /* 38 296 T_Enable */ "enable", - /* 39 297 T_End */ "end", - /* 40 298 T_Epeer */ "epeer", - /* 41 299 T_False */ NULL, - /* 42 300 T_File */ "file", - /* 43 301 T_Filegen */ "filegen", - /* 44 302 T_Filenum */ "filenum", - /* 45 303 T_Flag1 */ "flag1", - /* 46 304 T_Flag2 */ "flag2", - /* 47 305 T_Flag3 */ "flag3", - /* 48 306 T_Flag4 */ "flag4", - /* 49 307 T_Flake */ "flake", - /* 50 308 T_Floor */ "floor", - /* 51 309 T_Freq */ "freq", - /* 52 310 T_Fudge */ "fudge", - /* 53 311 T_Fuzz */ "fuzz", - /* 54 312 T_Host */ "host", - /* 55 313 T_Huffpuff */ "huffpuff", - /* 56 314 T_Iburst */ "iburst", - /* 57 315 T_Ident */ "ident", - /* 58 316 T_Ignore */ "ignore", - /* 59 317 T_Ignorehash */ "ignorehash", - /* 60 318 T_Incalloc */ "incalloc", - /* 61 319 T_Incmem */ "incmem", - /* 62 320 T_Initalloc */ "initalloc", - /* 63 321 T_Initmem */ "initmem", - /* 64 322 T_Includefile */ "includefile", - /* 65 323 T_Integer */ NULL, - /* 66 324 T_Interface */ "interface", - /* 67 325 T_Intrange */ NULL, - /* 68 326 T_Io */ "io", - /* 69 327 T_Ippeerlimit */ "ippeerlimit", - /* 70 328 T_Ipv4 */ "ipv4", - /* 71 329 T_Ipv4_flag */ "-4", - /* 72 330 T_Ipv6 */ "ipv6", - /* 73 331 T_Ipv6_flag */ "-6", - /* 74 332 T_Kernel */ "kernel", - /* 75 333 T_Key */ "key", - /* 76 334 T_Keys */ "keys", - /* 77 335 T_Keysdir */ "keysdir", - /* 78 336 T_Kod */ "kod", - /* 79 337 T_Leapfile */ "leapfile", - /* 80 338 T_Leapsmearinterval */ "leapsmearinterval", - /* 81 339 T_Limited */ "limited", - /* 82 340 T_Link */ "link", - /* 83 341 T_Listen */ "listen", - /* 84 342 T_Logconfig */ "logconfig", - /* 85 343 T_Logfile */ "logfile", - /* 86 344 T_Loopstats */ "loopstats", - /* 87 345 T_Lowpriotrap */ "lowpriotrap", - /* 88 346 T_Manycastclient */ "manycastclient", - /* 89 347 T_Manycastserver */ "manycastserver", - /* 90 348 T_Mask */ "mask", - /* 91 349 T_Maxage */ "maxage", - /* 92 350 T_Maxclock */ "maxclock", - /* 93 351 T_Maxdepth */ "maxdepth", - /* 94 352 T_Maxdist */ "maxdist", - /* 95 353 T_Maxmem */ "maxmem", - /* 96 354 T_Maxpoll */ "maxpoll", - /* 97 355 T_Mdnstries */ "mdnstries", - /* 98 356 T_Mem */ "mem", - /* 99 357 T_Memlock */ "memlock", - /* 100 358 T_Minclock */ "minclock", - /* 101 359 T_Mindepth */ "mindepth", - /* 102 360 T_Mindist */ "mindist", - /* 103 361 T_Minimum */ "minimum", - /* 104 362 T_Minjitter */ "minjitter", - /* 105 363 T_Minpoll */ "minpoll", - /* 106 364 T_Minsane */ "minsane", - /* 107 365 T_Mode */ "mode", - /* 108 366 T_Mode7 */ "mode7", - /* 109 367 T_Monitor */ "monitor", - /* 110 368 T_Month */ "month", - /* 111 369 T_Mru */ "mru", - /* 112 370 T_Mssntp */ "mssntp", - /* 113 371 T_Multicastclient */ "multicastclient", - /* 114 372 T_Nic */ "nic", - /* 115 373 T_Nolink */ "nolink", - /* 116 374 T_Nomodify */ "nomodify", - /* 117 375 T_Nomrulist */ "nomrulist", - /* 118 376 T_None */ "none", - /* 119 377 T_Nonvolatile */ "nonvolatile", - /* 120 378 T_Noepeer */ "noepeer", - /* 121 379 T_Nopeer */ "nopeer", - /* 122 380 T_Noquery */ "noquery", - /* 123 381 T_Noselect */ "noselect", - /* 124 382 T_Noserve */ "noserve", - /* 125 383 T_Notrap */ "notrap", - /* 126 384 T_Notrust */ "notrust", - /* 127 385 T_Ntp */ "ntp", - /* 128 386 T_Ntpport */ "ntpport", - /* 129 387 T_NtpSignDsocket */ "ntpsigndsocket", - /* 130 388 T_Orphan */ "orphan", - /* 131 389 T_Orphanwait */ "orphanwait", - /* 132 390 T_PCEdigest */ "peer_clear_digest_early", - /* 133 391 T_Panic */ "panic", - /* 134 392 T_Peer */ "peer", - /* 135 393 T_Peerstats */ "peerstats", - /* 136 394 T_Phone */ "phone", - /* 137 395 T_Pid */ "pid", - /* 138 396 T_Pidfile */ "pidfile", - /* 139 397 T_Poll */ "poll", - /* 140 398 T_PollSkewList */ "pollskewlist", - /* 141 399 T_Pool */ "pool", - /* 142 400 T_Port */ "port", - /* 143 401 T_PpsData */ "ppsdata", - /* 144 402 T_Preempt */ "preempt", - /* 145 403 T_Prefer */ "prefer", - /* 146 404 T_Protostats */ "protostats", - /* 147 405 T_Pw */ "pw", - /* 148 406 T_Randfile */ "randfile", - /* 149 407 T_Rawstats */ "rawstats", - /* 150 408 T_Refid */ "refid", - /* 151 409 T_Requestkey */ "requestkey", - /* 152 410 T_Reset */ "reset", - /* 153 411 T_Restrict */ "restrict", - /* 154 412 T_Revoke */ "revoke", - /* 155 413 T_Rlimit */ "rlimit", - /* 156 414 T_Saveconfigdir */ "saveconfigdir", - /* 157 415 T_Server */ "server", - /* 158 416 T_Serverresponse */ "serverresponse", - /* 159 417 T_ServerresponseFuzz */ NULL, - /* 160 418 T_Setvar */ "setvar", - /* 161 419 T_Source */ "source", - /* 162 420 T_Stacksize */ "stacksize", - /* 163 421 T_Statistics */ "statistics", - /* 164 422 T_Stats */ "stats", - /* 165 423 T_Statsdir */ "statsdir", - /* 166 424 T_Step */ "step", - /* 167 425 T_Stepback */ "stepback", - /* 168 426 T_Stepfwd */ "stepfwd", - /* 169 427 T_Stepout */ "stepout", - /* 170 428 T_Stratum */ "stratum", - /* 171 429 T_String */ NULL, - /* 172 430 T_Sys */ "sys", - /* 173 431 T_Sysstats */ "sysstats", - /* 174 432 T_Tick */ "tick", - /* 175 433 T_Time1 */ "time1", - /* 176 434 T_Time2 */ "time2", - /* 177 435 T_TimeData */ "timedata", - /* 178 436 T_Timer */ "timer", - /* 179 437 T_Timingstats */ "timingstats", - /* 180 438 T_Tinker */ "tinker", - /* 181 439 T_Tos */ "tos", - /* 182 440 T_Trap */ "trap", - /* 183 441 T_True */ "true", - /* 184 442 T_Trustedkey */ "trustedkey", - /* 185 443 T_Ttl */ "ttl", - /* 186 444 T_Type */ "type", - /* 187 445 T_U_int */ NULL, - /* 188 446 T_UEcrypto */ "unpeer_crypto_early", - /* 189 447 T_UEcryptonak */ "unpeer_crypto_nak_early", - /* 190 448 T_UEdigest */ "unpeer_digest_early", - /* 191 449 T_Unconfig */ "unconfig", - /* 192 450 T_Unpeer */ "unpeer", - /* 193 451 T_Version */ "version", - /* 194 452 T_WanderThreshold */ NULL, - /* 195 453 T_Week */ "week", - /* 196 454 T_Wildcard */ "wildcard", - /* 197 455 T_Xleave */ "xleave", - /* 198 456 T_Xmtnonce */ "xmtnonce", - /* 199 457 T_Year */ "year", - /* 200 458 T_Flag */ NULL, - /* 201 459 T_EOC */ NULL, - /* 202 460 T_Simulate */ "simulate", - /* 203 461 T_Beep_Delay */ "beep_delay", - /* 204 462 T_Sim_Duration */ "simulation_duration", - /* 205 463 T_Server_Offset */ "server_offset", - /* 206 464 T_Duration */ "duration", - /* 207 465 T_Freq_Offset */ "freq_offset", - /* 208 466 T_Wander */ "wander", - /* 209 467 T_Jitter */ "jitter", - /* 210 468 T_Prop_Delay */ "prop_delay", - /* 211 469 T_Proc_Delay */ "proc_delay" + /* 28 286 T_Delrestrict */ "delrestrict", + /* 29 287 T_Device */ "device", + /* 30 288 T_Digest */ "digest", + /* 31 289 T_Disable */ "disable", + /* 32 290 T_Discard */ "discard", + /* 33 291 T_Dispersion */ "dispersion", + /* 34 292 T_Double */ NULL, + /* 35 293 T_Driftfile */ "driftfile", + /* 36 294 T_Drop */ "drop", + /* 37 295 T_Dscp */ "dscp", + /* 38 296 T_Ellipsis */ "...", + /* 39 297 T_Enable */ "enable", + /* 40 298 T_End */ "end", + /* 41 299 T_Epeer */ "epeer", + /* 42 300 T_False */ NULL, + /* 43 301 T_File */ "file", + /* 44 302 T_Filegen */ "filegen", + /* 45 303 T_Filenum */ "filenum", + /* 46 304 T_Flag1 */ "flag1", + /* 47 305 T_Flag2 */ "flag2", + /* 48 306 T_Flag3 */ "flag3", + /* 49 307 T_Flag4 */ "flag4", + /* 50 308 T_Flake */ "flake", + /* 51 309 T_Floor */ "floor", + /* 52 310 T_Freq */ "freq", + /* 53 311 T_Fudge */ "fudge", + /* 54 312 T_Fuzz */ "fuzz", + /* 55 313 T_Host */ "host", + /* 56 314 T_Huffpuff */ "huffpuff", + /* 57 315 T_Iburst */ "iburst", + /* 58 316 T_Ident */ "ident", + /* 59 317 T_Ignore */ "ignore", + /* 60 318 T_Ignorehash */ "ignorehash", + /* 61 319 T_Incalloc */ "incalloc", + /* 62 320 T_Incmem */ "incmem", + /* 63 321 T_Initalloc */ "initalloc", + /* 64 322 T_Initmem */ "initmem", + /* 65 323 T_Includefile */ "includefile", + /* 66 324 T_Integer */ NULL, + /* 67 325 T_Interface */ "interface", + /* 68 326 T_Intrange */ NULL, + /* 69 327 T_Io */ "io", + /* 70 328 T_Ippeerlimit */ "ippeerlimit", + /* 71 329 T_Ipv4 */ "ipv4", + /* 72 330 T_Ipv4_flag */ "-4", + /* 73 331 T_Ipv6 */ "ipv6", + /* 74 332 T_Ipv6_flag */ "-6", + /* 75 333 T_Kernel */ "kernel", + /* 76 334 T_Key */ "key", + /* 77 335 T_Keys */ "keys", + /* 78 336 T_Keysdir */ "keysdir", + /* 79 337 T_Kod */ "kod", + /* 80 338 T_Leapfile */ "leapfile", + /* 81 339 T_Leapsmearinterval */ "leapsmearinterval", + /* 82 340 T_Limited */ "limited", + /* 83 341 T_Link */ "link", + /* 84 342 T_Listen */ "listen", + /* 85 343 T_Logconfig */ "logconfig", + /* 86 344 T_Logfile */ "logfile", + /* 87 345 T_Loopstats */ "loopstats", + /* 88 346 T_Lowpriotrap */ "lowpriotrap", + /* 89 347 T_Manycastclient */ "manycastclient", + /* 90 348 T_Manycastserver */ "manycastserver", + /* 91 349 T_Mask */ "mask", + /* 92 350 T_Maxage */ "maxage", + /* 93 351 T_Maxclock */ "maxclock", + /* 94 352 T_Maxdepth */ "maxdepth", + /* 95 353 T_Maxdist */ "maxdist", + /* 96 354 T_Maxmem */ "maxmem", + /* 97 355 T_Maxpoll */ "maxpoll", + /* 98 356 T_Mdnstries */ "mdnstries", + /* 99 357 T_Mem */ "mem", + /* 100 358 T_Memlock */ "memlock", + /* 101 359 T_Minclock */ "minclock", + /* 102 360 T_Mindepth */ "mindepth", + /* 103 361 T_Mindist */ "mindist", + /* 104 362 T_Minimum */ "minimum", + /* 105 363 T_Minjitter */ "minjitter", + /* 106 364 T_Minpoll */ "minpoll", + /* 107 365 T_Minsane */ "minsane", + /* 108 366 T_Mode */ "mode", + /* 109 367 T_Mode7 */ "mode7", + /* 110 368 T_Monitor */ "monitor", + /* 111 369 T_Month */ "month", + /* 112 370 T_Mru */ "mru", + /* 113 371 T_Mssntp */ "mssntp", + /* 114 372 T_Multicastclient */ "multicastclient", + /* 115 373 T_Nic */ "nic", + /* 116 374 T_Nolink */ "nolink", + /* 117 375 T_Nomodify */ "nomodify", + /* 118 376 T_Nomrulist */ "nomrulist", + /* 119 377 T_None */ "none", + /* 120 378 T_Nonvolatile */ "nonvolatile", + /* 121 379 T_Noepeer */ "noepeer", + /* 122 380 T_Nopeer */ "nopeer", + /* 123 381 T_Noquery */ "noquery", + /* 124 382 T_Noselect */ "noselect", + /* 125 383 T_Noserve */ "noserve", + /* 126 384 T_Notrap */ "notrap", + /* 127 385 T_Notrust */ "notrust", + /* 128 386 T_Ntp */ "ntp", + /* 129 387 T_Ntpport */ "ntpport", + /* 130 388 T_NtpSignDsocket */ "ntpsigndsocket", + /* 131 389 T_Orphan */ "orphan", + /* 132 390 T_Orphanwait */ "orphanwait", + /* 133 391 T_PCEdigest */ "peer_clear_digest_early", + /* 134 392 T_Panic */ "panic", + /* 135 393 T_Peer */ "peer", + /* 136 394 T_Peerstats */ "peerstats", + /* 137 395 T_Phone */ "phone", + /* 138 396 T_Pid */ "pid", + /* 139 397 T_Pidfile */ "pidfile", + /* 140 398 T_Poll */ "poll", + /* 141 399 T_PollSkewList */ "pollskewlist", + /* 142 400 T_Pool */ "pool", + /* 143 401 T_Port */ "port", + /* 144 402 T_PpsData */ "ppsdata", + /* 145 403 T_Preempt */ "preempt", + /* 146 404 T_Prefer */ "prefer", + /* 147 405 T_Protostats */ "protostats", + /* 148 406 T_Pw */ "pw", + /* 149 407 T_Randfile */ "randfile", + /* 150 408 T_Rawstats */ "rawstats", + /* 151 409 T_Refid */ "refid", + /* 152 410 T_Requestkey */ "requestkey", + /* 153 411 T_Reset */ "reset", + /* 154 412 T_Restrict */ "restrict", + /* 155 413 T_Revoke */ "revoke", + /* 156 414 T_Rlimit */ "rlimit", + /* 157 415 T_Saveconfigdir */ "saveconfigdir", + /* 158 416 T_Server */ "server", + /* 159 417 T_Serverresponse */ "serverresponse", + /* 160 418 T_ServerresponseFuzz */ NULL, + /* 161 419 T_Setvar */ "setvar", + /* 162 420 T_Source */ "source", + /* 163 421 T_Stacksize */ "stacksize", + /* 164 422 T_Statistics */ "statistics", + /* 165 423 T_Stats */ "stats", + /* 166 424 T_Statsdir */ "statsdir", + /* 167 425 T_Step */ "step", + /* 168 426 T_Stepback */ "stepback", + /* 169 427 T_Stepfwd */ "stepfwd", + /* 170 428 T_Stepout */ "stepout", + /* 171 429 T_Stratum */ "stratum", + /* 172 430 T_String */ NULL, + /* 173 431 T_Sys */ "sys", + /* 174 432 T_Sysstats */ "sysstats", + /* 175 433 T_Tick */ "tick", + /* 176 434 T_Time1 */ "time1", + /* 177 435 T_Time2 */ "time2", + /* 178 436 T_TimeData */ "timedata", + /* 179 437 T_Timer */ "timer", + /* 180 438 T_Timingstats */ "timingstats", + /* 181 439 T_Tinker */ "tinker", + /* 182 440 T_Tos */ "tos", + /* 183 441 T_Trap */ "trap", + /* 184 442 T_True */ "true", + /* 185 443 T_Trustedkey */ "trustedkey", + /* 186 444 T_Ttl */ "ttl", + /* 187 445 T_Type */ "type", + /* 188 446 T_U_int */ NULL, + /* 189 447 T_UEcrypto */ "unpeer_crypto_early", + /* 190 448 T_UEcryptonak */ "unpeer_crypto_nak_early", + /* 191 449 T_UEdigest */ "unpeer_digest_early", + /* 192 450 T_Unconfig */ "unconfig", + /* 193 451 T_Unpeer */ "unpeer", + /* 194 452 T_Version */ "version", + /* 195 453 T_WanderThreshold */ NULL, + /* 196 454 T_Week */ "week", + /* 197 455 T_Wildcard */ "wildcard", + /* 198 456 T_Xleave */ "xleave", + /* 199 457 T_Xmtnonce */ "xmtnonce", + /* 200 458 T_Year */ "year", + /* 201 459 T_Flag */ NULL, + /* 202 460 T_EOC */ NULL, + /* 203 461 T_Simulate */ "simulate", + /* 204 462 T_Beep_Delay */ "beep_delay", + /* 205 463 T_Sim_Duration */ "simulation_duration", + /* 206 464 T_Server_Offset */ "server_offset", + /* 207 465 T_Duration */ "duration", + /* 208 466 T_Freq_Offset */ "freq_offset", + /* 209 467 T_Wander */ "wander", + /* 210 468 T_Jitter */ "jitter", + /* 211 469 T_Prop_Delay */ "prop_delay", + /* 212 470 T_Proc_Delay */ "proc_delay" }; -#define SCANNER_INIT_S 999 +#define SCANNER_INIT_S 1008 -const scan_state sst[1002] = { +const scan_state sst[1011] = { /*SS_T( ch, f-by, match, other ), */ 0, /* 0 */ - S_ST( '-', 3, 331, 0 ), /* 1 */ + S_ST( '-', 3, 332, 0 ), /* 1 */ S_ST( '.', 3, 3, 1 ), /* 2 */ - S_ST( '.', 3, 295, 0 ), /* 3 . */ + S_ST( '.', 3, 296, 0 ), /* 3 . */ S_ST( 'a', 3, 23, 2 ), /* 4 */ S_ST( 'b', 3, 6, 0 ), /* 5 a */ S_ST( 'b', 3, 7, 0 ), /* 6 ab */ @@ -287,7 +288,7 @@ const scan_state sst[1002] = { S_ST( 'd', 3, 56, 0 ), /* 55 beep_ */ S_ST( 'e', 3, 57, 0 ), /* 56 beep_d */ S_ST( 'l', 3, 58, 0 ), /* 57 beep_de */ - S_ST( 'a', 3, 461, 0 ), /* 58 beep_del */ + S_ST( 'a', 3, 462, 0 ), /* 58 beep_del */ S_ST( 'r', 3, 60, 48 ), /* 59 b */ S_ST( 'o', 3, 61, 0 ), /* 60 br */ S_ST( 'a', 3, 62, 0 ), /* 61 bro */ @@ -355,138 +356,138 @@ const scan_state sst[1002] = { S_ST( 'a', 3, 124, 0 ), /* 123 cryptost */ S_ST( 't', 3, 282, 0 ), /* 124 cryptosta */ S_ST( 't', 3, 283, 117 ), /* 125 c */ - S_ST( 'd', 3, 163, 78 ), /* 126 */ + S_ST( 'd', 3, 171, 78 ), /* 126 */ S_ST( 'a', 3, 284, 0 ), /* 127 d */ - S_ST( 'e', 3, 133, 127 ), /* 128 d */ + S_ST( 'e', 3, 141, 127 ), /* 128 d */ S_ST( 'f', 3, 130, 0 ), /* 129 de */ S_ST( 'a', 3, 131, 0 ), /* 130 def */ S_ST( 'u', 3, 132, 0 ), /* 131 defa */ S_ST( 'l', 3, 285, 0 ), /* 132 defau */ - S_ST( 'v', 3, 134, 129 ), /* 133 de */ - S_ST( 'i', 3, 135, 0 ), /* 134 dev */ - S_ST( 'c', 3, 286, 0 ), /* 135 devi */ - S_ST( 'i', 3, 140, 128 ), /* 136 d */ - S_ST( 'g', 3, 138, 0 ), /* 137 di */ - S_ST( 'e', 3, 139, 0 ), /* 138 dig */ - S_ST( 's', 3, 287, 0 ), /* 139 dige */ - S_ST( 's', 3, 147, 137 ), /* 140 di */ - S_ST( 'a', 3, 142, 0 ), /* 141 dis */ - S_ST( 'b', 3, 143, 0 ), /* 142 disa */ - S_ST( 'l', 3, 288, 0 ), /* 143 disab */ - S_ST( 'c', 3, 145, 141 ), /* 144 dis */ - S_ST( 'a', 3, 146, 0 ), /* 145 disc */ - S_ST( 'r', 3, 289, 0 ), /* 146 disca */ - S_ST( 'p', 3, 148, 144 ), /* 147 dis */ - S_ST( 'e', 3, 149, 0 ), /* 148 disp */ - S_ST( 'r', 3, 150, 0 ), /* 149 dispe */ - S_ST( 's', 3, 151, 0 ), /* 150 disper */ - S_ST( 'i', 3, 152, 0 ), /* 151 dispers */ - S_ST( 'o', 3, 290, 0 ), /* 152 dispersi */ - S_ST( 'r', 3, 160, 136 ), /* 153 d */ - S_ST( 'i', 3, 155, 0 ), /* 154 dr */ - S_ST( 'f', 3, 156, 0 ), /* 155 dri */ - S_ST( 't', 3, 157, 0 ), /* 156 drif */ - S_ST( 'f', 3, 158, 0 ), /* 157 drift */ - S_ST( 'i', 3, 159, 0 ), /* 158 driftf */ - S_ST( 'l', 3, 292, 0 ), /* 159 driftfi */ - S_ST( 'o', 3, 293, 154 ), /* 160 dr */ - S_ST( 's', 3, 162, 153 ), /* 161 d */ - S_ST( 'c', 3, 294, 0 ), /* 162 ds */ - S_ST( 'u', 3, 164, 161 ), /* 163 d */ - S_ST( 'r', 3, 165, 0 ), /* 164 du */ - S_ST( 'a', 3, 166, 0 ), /* 165 dur */ - S_ST( 't', 3, 167, 0 ), /* 166 dura */ - S_ST( 'i', 3, 168, 0 ), /* 167 durat */ - S_ST( 'o', 3, 464, 0 ), /* 168 durati */ - S_ST( 'e', 3, 174, 126 ), /* 169 */ - S_ST( 'n', 3, 297, 0 ), /* 170 e */ - S_ST( 'a', 3, 172, 0 ), /* 171 en */ - S_ST( 'b', 3, 173, 0 ), /* 172 ena */ - S_ST( 'l', 3, 296, 0 ), /* 173 enab */ - S_ST( 'p', 3, 175, 170 ), /* 174 e */ - S_ST( 'e', 3, 176, 0 ), /* 175 ep */ - S_ST( 'e', 3, 298, 0 ), /* 176 epe */ - S_ST( 'f', 3, 198, 169 ), /* 177 */ - S_ST( 'i', 3, 179, 0 ), /* 178 f */ - S_ST( 'l', 3, 300, 0 ), /* 179 fi */ - S_ST( 'g', 3, 181, 0 ), /* 180 file */ - S_ST( 'e', 3, 301, 0 ), /* 181 fileg */ - S_ST( 'n', 3, 183, 180 ), /* 182 file */ - S_ST( 'u', 3, 302, 0 ), /* 183 filen */ - S_ST( 'l', 3, 188, 178 ), /* 184 f */ - S_ST( 'a', 3, 187, 0 ), /* 185 fl */ - S_ST( 'g', 3, 306, 0 ), /* 186 fla */ - S_ST( 'k', 3, 307, 186 ), /* 187 fla */ - S_ST( 'o', 3, 189, 185 ), /* 188 fl */ - S_ST( 'o', 3, 308, 0 ), /* 189 flo */ - S_ST( 'r', 3, 191, 184 ), /* 190 f */ - S_ST( 'e', 3, 309, 0 ), /* 191 fr */ - S_ST( '_', 3, 193, 0 ), /* 192 freq */ - S_ST( 'o', 3, 194, 0 ), /* 193 freq_ */ - S_ST( 'f', 3, 195, 0 ), /* 194 freq_o */ - S_ST( 'f', 3, 196, 0 ), /* 195 freq_of */ - S_ST( 's', 3, 197, 0 ), /* 196 freq_off */ - S_ST( 'e', 3, 465, 0 ), /* 197 freq_offs */ - S_ST( 'u', 3, 201, 190 ), /* 198 f */ - S_ST( 'd', 3, 200, 0 ), /* 199 fu */ - S_ST( 'g', 3, 310, 0 ), /* 200 fud */ - S_ST( 'z', 3, 311, 199 ), /* 201 fu */ - S_ST( 'h', 3, 205, 177 ), /* 202 */ - S_ST( 'o', 3, 204, 0 ), /* 203 h */ - S_ST( 's', 3, 312, 0 ), /* 204 ho */ - S_ST( 'u', 3, 206, 203 ), /* 205 h */ - S_ST( 'f', 3, 207, 0 ), /* 206 hu */ - S_ST( 'f', 3, 208, 0 ), /* 207 huf */ - S_ST( 'p', 3, 209, 0 ), /* 208 huff */ - S_ST( 'u', 3, 210, 0 ), /* 209 huffp */ - S_ST( 'f', 3, 313, 0 ), /* 210 huffpu */ - S_ST( 'i', 3, 255, 202 ), /* 211 */ - S_ST( 'b', 3, 213, 0 ), /* 212 i */ - S_ST( 'u', 3, 214, 0 ), /* 213 ib */ - S_ST( 'r', 3, 215, 0 ), /* 214 ibu */ - S_ST( 's', 3, 314, 0 ), /* 215 ibur */ - S_ST( 'd', 3, 217, 212 ), /* 216 i */ - S_ST( 'e', 3, 218, 0 ), /* 217 id */ - S_ST( 'n', 3, 315, 0 ), /* 218 ide */ - S_ST( 'g', 3, 220, 216 ), /* 219 i */ - S_ST( 'n', 3, 221, 0 ), /* 220 ig */ - S_ST( 'o', 3, 222, 0 ), /* 221 ign */ - S_ST( 'r', 3, 316, 0 ), /* 222 igno */ - S_ST( 'h', 3, 224, 0 ), /* 223 ignore */ - S_ST( 'a', 3, 225, 0 ), /* 224 ignoreh */ - S_ST( 's', 3, 317, 0 ), /* 225 ignoreha */ - S_ST( 'n', 3, 249, 219 ), /* 226 i */ - S_ST( 'c', 3, 239, 0 ), /* 227 in */ - S_ST( 'a', 3, 229, 0 ), /* 228 inc */ - S_ST( 'l', 3, 230, 0 ), /* 229 inca */ - S_ST( 'l', 3, 231, 0 ), /* 230 incal */ - S_ST( 'o', 3, 318, 0 ), /* 231 incall */ - S_ST( 'l', 3, 233, 228 ), /* 232 inc */ - S_ST( 'u', 3, 234, 0 ), /* 233 incl */ - S_ST( 'd', 3, 235, 0 ), /* 234 inclu */ - S_ST( 'e', 3, 236, 0 ), /* 235 includ */ - S_ST( 'f', 3, 237, 0 ), /* 236 include */ - S_ST( 'i', 3, 238, 0 ), /* 237 includef */ - S_ST( 'l', 3, 322, 0 ), /* 238 includefi */ - S_ST( 'm', 3, 240, 232 ), /* 239 inc */ - S_ST( 'e', 3, 319, 0 ), /* 240 incm */ - S_ST( 'i', 3, 242, 227 ), /* 241 in */ - S_ST( 't', 3, 247, 0 ), /* 242 ini */ - S_ST( 'a', 3, 244, 0 ), /* 243 init */ - S_ST( 'l', 3, 245, 0 ), /* 244 inita */ - S_ST( 'l', 3, 246, 0 ), /* 245 inital */ - S_ST( 'o', 3, 320, 0 ), /* 246 initall */ - S_ST( 'm', 3, 248, 243 ), /* 247 init */ - S_ST( 'e', 3, 321, 0 ), /* 248 initm */ - S_ST( 't', 3, 250, 241 ), /* 249 in */ - S_ST( 'e', 3, 251, 0 ), /* 250 int */ - S_ST( 'r', 3, 252, 0 ), /* 251 inte */ - S_ST( 'f', 3, 253, 0 ), /* 252 inter */ - S_ST( 'a', 3, 254, 0 ), /* 253 interf */ - S_ST( 'c', 3, 324, 0 ), /* 254 interfa */ - S_ST( 'p', 3, 445, 326 ), /* 255 i */ - S_ST( 'p', 3, 257, 0 ), /* 256 ip */ - S_ST( 'e', 3, 291, 0 ), /* 257 ipp */ + S_ST( 'l', 3, 134, 129 ), /* 133 de */ + S_ST( 'r', 3, 135, 0 ), /* 134 del */ + S_ST( 'e', 3, 136, 0 ), /* 135 delr */ + S_ST( 's', 3, 137, 0 ), /* 136 delre */ + S_ST( 't', 3, 138, 0 ), /* 137 delres */ + S_ST( 'r', 3, 139, 0 ), /* 138 delrest */ + S_ST( 'i', 3, 140, 0 ), /* 139 delrestr */ + S_ST( 'c', 3, 286, 0 ), /* 140 delrestri */ + S_ST( 'v', 3, 142, 133 ), /* 141 de */ + S_ST( 'i', 3, 143, 0 ), /* 142 dev */ + S_ST( 'c', 3, 287, 0 ), /* 143 devi */ + S_ST( 'i', 3, 148, 128 ), /* 144 d */ + S_ST( 'g', 3, 146, 0 ), /* 145 di */ + S_ST( 'e', 3, 147, 0 ), /* 146 dig */ + S_ST( 's', 3, 288, 0 ), /* 147 dige */ + S_ST( 's', 3, 155, 145 ), /* 148 di */ + S_ST( 'a', 3, 150, 0 ), /* 149 dis */ + S_ST( 'b', 3, 151, 0 ), /* 150 disa */ + S_ST( 'l', 3, 289, 0 ), /* 151 disab */ + S_ST( 'c', 3, 153, 149 ), /* 152 dis */ + S_ST( 'a', 3, 154, 0 ), /* 153 disc */ + S_ST( 'r', 3, 290, 0 ), /* 154 disca */ + S_ST( 'p', 3, 156, 152 ), /* 155 dis */ + S_ST( 'e', 3, 157, 0 ), /* 156 disp */ + S_ST( 'r', 3, 158, 0 ), /* 157 dispe */ + S_ST( 's', 3, 159, 0 ), /* 158 disper */ + S_ST( 'i', 3, 160, 0 ), /* 159 dispers */ + S_ST( 'o', 3, 291, 0 ), /* 160 dispersi */ + S_ST( 'r', 3, 168, 144 ), /* 161 d */ + S_ST( 'i', 3, 163, 0 ), /* 162 dr */ + S_ST( 'f', 3, 164, 0 ), /* 163 dri */ + S_ST( 't', 3, 165, 0 ), /* 164 drif */ + S_ST( 'f', 3, 166, 0 ), /* 165 drift */ + S_ST( 'i', 3, 167, 0 ), /* 166 driftf */ + S_ST( 'l', 3, 293, 0 ), /* 167 driftfi */ + S_ST( 'o', 3, 294, 162 ), /* 168 dr */ + S_ST( 's', 3, 170, 161 ), /* 169 d */ + S_ST( 'c', 3, 295, 0 ), /* 170 ds */ + S_ST( 'u', 3, 172, 169 ), /* 171 d */ + S_ST( 'r', 3, 173, 0 ), /* 172 du */ + S_ST( 'a', 3, 174, 0 ), /* 173 dur */ + S_ST( 't', 3, 175, 0 ), /* 174 dura */ + S_ST( 'i', 3, 176, 0 ), /* 175 durat */ + S_ST( 'o', 3, 465, 0 ), /* 176 durati */ + S_ST( 'e', 3, 182, 126 ), /* 177 */ + S_ST( 'n', 3, 298, 0 ), /* 178 e */ + S_ST( 'a', 3, 180, 0 ), /* 179 en */ + S_ST( 'b', 3, 181, 0 ), /* 180 ena */ + S_ST( 'l', 3, 297, 0 ), /* 181 enab */ + S_ST( 'p', 3, 183, 178 ), /* 182 e */ + S_ST( 'e', 3, 184, 0 ), /* 183 ep */ + S_ST( 'e', 3, 299, 0 ), /* 184 epe */ + S_ST( 'f', 3, 206, 177 ), /* 185 */ + S_ST( 'i', 3, 187, 0 ), /* 186 f */ + S_ST( 'l', 3, 301, 0 ), /* 187 fi */ + S_ST( 'g', 3, 189, 0 ), /* 188 file */ + S_ST( 'e', 3, 302, 0 ), /* 189 fileg */ + S_ST( 'n', 3, 191, 188 ), /* 190 file */ + S_ST( 'u', 3, 303, 0 ), /* 191 filen */ + S_ST( 'l', 3, 196, 186 ), /* 192 f */ + S_ST( 'a', 3, 195, 0 ), /* 193 fl */ + S_ST( 'g', 3, 307, 0 ), /* 194 fla */ + S_ST( 'k', 3, 308, 194 ), /* 195 fla */ + S_ST( 'o', 3, 197, 193 ), /* 196 fl */ + S_ST( 'o', 3, 309, 0 ), /* 197 flo */ + S_ST( 'r', 3, 199, 192 ), /* 198 f */ + S_ST( 'e', 3, 310, 0 ), /* 199 fr */ + S_ST( '_', 3, 201, 0 ), /* 200 freq */ + S_ST( 'o', 3, 202, 0 ), /* 201 freq_ */ + S_ST( 'f', 3, 203, 0 ), /* 202 freq_o */ + S_ST( 'f', 3, 204, 0 ), /* 203 freq_of */ + S_ST( 's', 3, 205, 0 ), /* 204 freq_off */ + S_ST( 'e', 3, 466, 0 ), /* 205 freq_offs */ + S_ST( 'u', 3, 209, 198 ), /* 206 f */ + S_ST( 'd', 3, 208, 0 ), /* 207 fu */ + S_ST( 'g', 3, 311, 0 ), /* 208 fud */ + S_ST( 'z', 3, 312, 207 ), /* 209 fu */ + S_ST( 'h', 3, 213, 185 ), /* 210 */ + S_ST( 'o', 3, 212, 0 ), /* 211 h */ + S_ST( 's', 3, 313, 0 ), /* 212 ho */ + S_ST( 'u', 3, 214, 211 ), /* 213 h */ + S_ST( 'f', 3, 215, 0 ), /* 214 hu */ + S_ST( 'f', 3, 216, 0 ), /* 215 huf */ + S_ST( 'p', 3, 217, 0 ), /* 216 huff */ + S_ST( 'u', 3, 218, 0 ), /* 217 huffp */ + S_ST( 'f', 3, 314, 0 ), /* 218 huffpu */ + S_ST( 'i', 3, 430, 210 ), /* 219 */ + S_ST( 'b', 3, 221, 0 ), /* 220 i */ + S_ST( 'u', 3, 222, 0 ), /* 221 ib */ + S_ST( 'r', 3, 223, 0 ), /* 222 ibu */ + S_ST( 's', 3, 315, 0 ), /* 223 ibur */ + S_ST( 'd', 3, 225, 220 ), /* 224 i */ + S_ST( 'e', 3, 226, 0 ), /* 225 id */ + S_ST( 'n', 3, 316, 0 ), /* 226 ide */ + S_ST( 'g', 3, 228, 224 ), /* 227 i */ + S_ST( 'n', 3, 229, 0 ), /* 228 ig */ + S_ST( 'o', 3, 230, 0 ), /* 229 ign */ + S_ST( 'r', 3, 317, 0 ), /* 230 igno */ + S_ST( 'h', 3, 232, 0 ), /* 231 ignore */ + S_ST( 'a', 3, 233, 0 ), /* 232 ignoreh */ + S_ST( 's', 3, 318, 0 ), /* 233 ignoreha */ + S_ST( 'n', 3, 257, 227 ), /* 234 i */ + S_ST( 'c', 3, 247, 0 ), /* 235 in */ + S_ST( 'a', 3, 237, 0 ), /* 236 inc */ + S_ST( 'l', 3, 238, 0 ), /* 237 inca */ + S_ST( 'l', 3, 239, 0 ), /* 238 incal */ + S_ST( 'o', 3, 319, 0 ), /* 239 incall */ + S_ST( 'l', 3, 241, 236 ), /* 240 inc */ + S_ST( 'u', 3, 242, 0 ), /* 241 incl */ + S_ST( 'd', 3, 243, 0 ), /* 242 inclu */ + S_ST( 'e', 3, 244, 0 ), /* 243 includ */ + S_ST( 'f', 3, 245, 0 ), /* 244 include */ + S_ST( 'i', 3, 246, 0 ), /* 245 includef */ + S_ST( 'l', 3, 323, 0 ), /* 246 includefi */ + S_ST( 'm', 3, 248, 240 ), /* 247 inc */ + S_ST( 'e', 3, 320, 0 ), /* 248 incm */ + S_ST( 'i', 3, 250, 235 ), /* 249 in */ + S_ST( 't', 3, 255, 0 ), /* 250 ini */ + S_ST( 'a', 3, 252, 0 ), /* 251 init */ + S_ST( 'l', 3, 253, 0 ), /* 252 inita */ + S_ST( 'l', 3, 254, 0 ), /* 253 inital */ + S_ST( 'o', 3, 321, 0 ), /* 254 initall */ + S_ST( 'm', 3, 256, 251 ), /* 255 init */ + S_ST( 'e', 3, 322, 0 ), /* 256 initm */ + S_ST( 't', 3, 292, 249 ), /* 257 in */ S_ST( 'v', 1, 0, 0 ), /* 258 T_Abbrev */ S_ST( 'e', 0, 0, 0 ), /* 259 T_Age */ S_ST( 'l', 0, 12, 0 ), /* 260 T_All */ @@ -515,721 +516,730 @@ const scan_state sst[1002] = { S_ST( 'l', 0, 0, 0 ), /* 283 T_Ctl */ S_ST( 'y', 0, 0, 0 ), /* 284 T_Day */ S_ST( 't', 0, 0, 0 ), /* 285 T_Default */ - S_ST( 'e', 1, 0, 0 ), /* 286 T_Device */ - S_ST( 't', 1, 0, 0 ), /* 287 T_Digest */ - S_ST( 'e', 0, 0, 0 ), /* 288 T_Disable */ - S_ST( 'd', 0, 0, 0 ), /* 289 T_Discard */ - S_ST( 'n', 0, 0, 0 ), /* 290 T_Dispersion */ - S_ST( 'e', 3, 299, 0 ), /* 291 ippe */ - S_ST( 'e', 1, 0, 0 ), /* 292 T_Driftfile */ - S_ST( 'p', 0, 0, 0 ), /* 293 T_Drop */ - S_ST( 'p', 0, 0, 0 ), /* 294 T_Dscp */ - S_ST( '.', 0, 0, 0 ), /* 295 T_Ellipsis */ - S_ST( 'e', 0, 0, 0 ), /* 296 T_Enable */ - S_ST( 'd', 0, 0, 171 ), /* 297 T_End */ - S_ST( 'r', 0, 0, 0 ), /* 298 T_Epeer */ - S_ST( 'r', 3, 323, 0 ), /* 299 ippee */ - S_ST( 'e', 1, 182, 0 ), /* 300 T_File */ - S_ST( 'n', 0, 0, 0 ), /* 301 T_Filegen */ - S_ST( 'm', 0, 0, 0 ), /* 302 T_Filenum */ - S_ST( '1', 0, 0, 0 ), /* 303 T_Flag1 */ - S_ST( '2', 0, 0, 303 ), /* 304 T_Flag2 */ - S_ST( '3', 0, 0, 304 ), /* 305 T_Flag3 */ - S_ST( '4', 0, 0, 305 ), /* 306 T_Flag4 */ - S_ST( 'e', 0, 0, 0 ), /* 307 T_Flake */ - S_ST( 'r', 0, 0, 0 ), /* 308 T_Floor */ - S_ST( 'q', 0, 192, 0 ), /* 309 T_Freq */ - S_ST( 'e', 1, 0, 0 ), /* 310 T_Fudge */ - S_ST( 'z', 0, 0, 0 ), /* 311 T_Fuzz */ - S_ST( 't', 1, 0, 0 ), /* 312 T_Host */ - S_ST( 'f', 0, 0, 0 ), /* 313 T_Huffpuff */ - S_ST( 't', 0, 0, 0 ), /* 314 T_Iburst */ - S_ST( 't', 1, 0, 0 ), /* 315 T_Ident */ - S_ST( 'e', 0, 223, 0 ), /* 316 T_Ignore */ - S_ST( 'h', 0, 0, 0 ), /* 317 T_Ignorehash */ - S_ST( 'c', 0, 0, 0 ), /* 318 T_Incalloc */ - S_ST( 'm', 0, 0, 0 ), /* 319 T_Incmem */ - S_ST( 'c', 0, 0, 0 ), /* 320 T_Initalloc */ - S_ST( 'm', 0, 0, 0 ), /* 321 T_Initmem */ - S_ST( 'e', 1, 0, 0 ), /* 322 T_Includefile */ - S_ST( 'l', 3, 325, 0 ), /* 323 ippeer */ - S_ST( 'e', 0, 0, 0 ), /* 324 T_Interface */ - S_ST( 'i', 3, 417, 0 ), /* 325 ippeerl */ - S_ST( 'o', 0, 0, 226 ), /* 326 T_Io */ - S_ST( 't', 0, 0, 0 ), /* 327 T_Ippeerlimit */ - S_ST( '4', 0, 0, 0 ), /* 328 T_Ipv4 */ - S_ST( '4', 0, 0, 0 ), /* 329 T_Ipv4_flag */ - S_ST( '6', 0, 0, 328 ), /* 330 T_Ipv6 */ - S_ST( '6', 0, 0, 329 ), /* 331 T_Ipv6_flag */ - S_ST( 'l', 0, 0, 0 ), /* 332 T_Kernel */ - S_ST( 'y', 0, 334, 474 ), /* 333 T_Key */ - S_ST( 's', 1, 477, 0 ), /* 334 T_Keys */ - S_ST( 'r', 1, 0, 0 ), /* 335 T_Keysdir */ - S_ST( 'd', 0, 0, 0 ), /* 336 T_Kod */ - S_ST( 'e', 1, 0, 0 ), /* 337 T_Leapfile */ - S_ST( 'l', 0, 0, 0 ), /* 338 T_Leapsmearinterval */ - S_ST( 'd', 0, 0, 0 ), /* 339 T_Limited */ - S_ST( 'k', 0, 0, 0 ), /* 340 T_Link */ - S_ST( 'n', 0, 0, 0 ), /* 341 T_Listen */ - S_ST( 'g', 2, 0, 0 ), /* 342 T_Logconfig */ - S_ST( 'e', 1, 0, 0 ), /* 343 T_Logfile */ - S_ST( 's', 0, 0, 0 ), /* 344 T_Loopstats */ - S_ST( 'p', 0, 0, 0 ), /* 345 T_Lowpriotrap */ - S_ST( 't', 1, 0, 0 ), /* 346 T_Manycastclient */ - S_ST( 'r', 2, 0, 0 ), /* 347 T_Manycastserver */ - S_ST( 'k', 0, 0, 0 ), /* 348 T_Mask */ - S_ST( 'e', 0, 0, 0 ), /* 349 T_Maxage */ - S_ST( 'k', 0, 0, 0 ), /* 350 T_Maxclock */ - S_ST( 'h', 0, 0, 0 ), /* 351 T_Maxdepth */ - S_ST( 't', 0, 0, 0 ), /* 352 T_Maxdist */ - S_ST( 'm', 0, 0, 0 ), /* 353 T_Maxmem */ - S_ST( 'l', 0, 0, 0 ), /* 354 T_Maxpoll */ - S_ST( 's', 0, 0, 0 ), /* 355 T_Mdnstries */ - S_ST( 'm', 0, 577, 0 ), /* 356 T_Mem */ - S_ST( 'k', 0, 0, 0 ), /* 357 T_Memlock */ - S_ST( 'k', 0, 0, 0 ), /* 358 T_Minclock */ - S_ST( 'h', 0, 0, 0 ), /* 359 T_Mindepth */ - S_ST( 't', 0, 0, 0 ), /* 360 T_Mindist */ - S_ST( 'm', 0, 0, 0 ), /* 361 T_Minimum */ - S_ST( 'r', 0, 0, 0 ), /* 362 T_Minjitter */ - S_ST( 'l', 0, 0, 0 ), /* 363 T_Minpoll */ - S_ST( 'e', 0, 0, 0 ), /* 364 T_Minsane */ - S_ST( 'e', 0, 366, 0 ), /* 365 T_Mode */ - S_ST( '7', 0, 0, 0 ), /* 366 T_Mode7 */ - S_ST( 'r', 0, 0, 0 ), /* 367 T_Monitor */ - S_ST( 'h', 0, 0, 0 ), /* 368 T_Month */ - S_ST( 'u', 0, 0, 0 ), /* 369 T_Mru */ - S_ST( 'p', 0, 0, 0 ), /* 370 T_Mssntp */ - S_ST( 't', 2, 0, 0 ), /* 371 T_Multicastclient */ - S_ST( 'c', 0, 0, 0 ), /* 372 T_Nic */ - S_ST( 'k', 0, 0, 0 ), /* 373 T_Nolink */ - S_ST( 'y', 0, 0, 0 ), /* 374 T_Nomodify */ - S_ST( 't', 0, 0, 0 ), /* 375 T_Nomrulist */ - S_ST( 'e', 0, 0, 0 ), /* 376 T_None */ - S_ST( 'e', 0, 0, 0 ), /* 377 T_Nonvolatile */ - S_ST( 'r', 0, 0, 0 ), /* 378 T_Noepeer */ - S_ST( 'r', 0, 0, 0 ), /* 379 T_Nopeer */ - S_ST( 'y', 0, 0, 0 ), /* 380 T_Noquery */ - S_ST( 't', 0, 0, 0 ), /* 381 T_Noselect */ - S_ST( 'e', 0, 0, 0 ), /* 382 T_Noserve */ - S_ST( 'p', 0, 0, 0 ), /* 383 T_Notrap */ - S_ST( 't', 0, 0, 0 ), /* 384 T_Notrust */ - S_ST( 'p', 0, 682, 0 ), /* 385 T_Ntp */ - S_ST( 't', 0, 0, 0 ), /* 386 T_Ntpport */ - S_ST( 't', 1, 0, 0 ), /* 387 T_NtpSignDsocket */ - S_ST( 'n', 0, 697, 0 ), /* 388 T_Orphan */ - S_ST( 't', 0, 0, 0 ), /* 389 T_Orphanwait */ - S_ST( 'y', 0, 0, 0 ), /* 390 T_PCEdigest */ - S_ST( 'c', 0, 0, 0 ), /* 391 T_Panic */ - S_ST( 'r', 1, 724, 0 ), /* 392 T_Peer */ - S_ST( 's', 0, 0, 0 ), /* 393 T_Peerstats */ - S_ST( 'e', 2, 0, 0 ), /* 394 T_Phone */ - S_ST( 'd', 0, 732, 0 ), /* 395 T_Pid */ - S_ST( 'e', 1, 0, 0 ), /* 396 T_Pidfile */ - S_ST( 'l', 0, 737, 0 ), /* 397 T_Poll */ - S_ST( 't', 0, 0, 0 ), /* 398 T_PollSkewList */ - S_ST( 'l', 1, 0, 0 ), /* 399 T_Pool */ - S_ST( 't', 0, 0, 0 ), /* 400 T_Port */ - S_ST( 'a', 1, 0, 0 ), /* 401 T_PpsData */ - S_ST( 't', 0, 0, 0 ), /* 402 T_Preempt */ - S_ST( 'r', 0, 0, 0 ), /* 403 T_Prefer */ - S_ST( 's', 0, 0, 0 ), /* 404 T_Protostats */ - S_ST( 'w', 1, 0, 751 ), /* 405 T_Pw */ - S_ST( 'e', 1, 0, 0 ), /* 406 T_Randfile */ - S_ST( 's', 0, 0, 0 ), /* 407 T_Rawstats */ - S_ST( 'd', 1, 0, 0 ), /* 408 T_Refid */ - S_ST( 'y', 0, 0, 0 ), /* 409 T_Requestkey */ - S_ST( 't', 0, 0, 0 ), /* 410 T_Reset */ - S_ST( 't', 0, 0, 0 ), /* 411 T_Restrict */ - S_ST( 'e', 0, 0, 0 ), /* 412 T_Revoke */ - S_ST( 't', 0, 0, 0 ), /* 413 T_Rlimit */ - S_ST( 'r', 1, 0, 0 ), /* 414 T_Saveconfigdir */ - S_ST( 'r', 1, 834, 0 ), /* 415 T_Server */ - S_ST( 'e', 0, 0, 0 ), /* 416 T_Serverresponse */ - S_ST( 'm', 3, 429, 0 ), /* 417 ippeerli */ - S_ST( 'r', 1, 0, 0 ), /* 418 T_Setvar */ - S_ST( 'e', 0, 0, 0 ), /* 419 T_Source */ - S_ST( 'e', 0, 0, 0 ), /* 420 T_Stacksize */ - S_ST( 's', 0, 0, 0 ), /* 421 T_Statistics */ - S_ST( 's', 0, 878, 873 ), /* 422 T_Stats */ - S_ST( 'r', 1, 0, 0 ), /* 423 T_Statsdir */ - S_ST( 'p', 0, 886, 0 ), /* 424 T_Step */ - S_ST( 'k', 0, 0, 0 ), /* 425 T_Stepback */ - S_ST( 'd', 0, 0, 0 ), /* 426 T_Stepfwd */ - S_ST( 't', 0, 0, 0 ), /* 427 T_Stepout */ - S_ST( 'm', 0, 0, 0 ), /* 428 T_Stratum */ - S_ST( 'i', 3, 327, 0 ), /* 429 ippeerlim */ - S_ST( 's', 0, 893, 0 ), /* 430 T_Sys */ - S_ST( 's', 0, 0, 0 ), /* 431 T_Sysstats */ - S_ST( 'k', 0, 0, 0 ), /* 432 T_Tick */ - S_ST( '1', 0, 0, 0 ), /* 433 T_Time1 */ - S_ST( '2', 0, 0, 433 ), /* 434 T_Time2 */ - S_ST( 'a', 1, 0, 0 ), /* 435 T_TimeData */ - S_ST( 'r', 0, 0, 902 ), /* 436 T_Timer */ - S_ST( 's', 0, 0, 0 ), /* 437 T_Timingstats */ - S_ST( 'r', 0, 0, 0 ), /* 438 T_Tinker */ - S_ST( 's', 0, 0, 0 ), /* 439 T_Tos */ - S_ST( 'p', 1, 0, 0 ), /* 440 T_Trap */ - S_ST( 'e', 0, 0, 0 ), /* 441 T_True */ - S_ST( 'y', 0, 0, 0 ), /* 442 T_Trustedkey */ - S_ST( 'l', 0, 0, 0 ), /* 443 T_Ttl */ - S_ST( 'e', 0, 0, 0 ), /* 444 T_Type */ - S_ST( 'v', 3, 330, 256 ), /* 445 ip */ - S_ST( 'y', 0, 0, 0 ), /* 446 T_UEcrypto */ - S_ST( 'y', 0, 0, 0 ), /* 447 T_UEcryptonak */ - S_ST( 'y', 0, 0, 0 ), /* 448 T_UEdigest */ - S_ST( 'g', 1, 0, 0 ), /* 449 T_Unconfig */ - S_ST( 'r', 1, 938, 0 ), /* 450 T_Unpeer */ - S_ST( 'n', 0, 0, 0 ), /* 451 T_Version */ - S_ST( 'j', 3, 458, 211 ), /* 452 */ - S_ST( 'k', 0, 0, 0 ), /* 453 T_Week */ - S_ST( 'd', 0, 0, 0 ), /* 454 T_Wildcard */ - S_ST( 'e', 0, 0, 0 ), /* 455 T_Xleave */ - S_ST( 'e', 0, 0, 0 ), /* 456 T_Xmtnonce */ - S_ST( 'r', 0, 0, 0 ), /* 457 T_Year */ - S_ST( 'i', 3, 459, 0 ), /* 458 j */ - S_ST( 't', 3, 470, 0 ), /* 459 ji */ - S_ST( 'e', 0, 0, 0 ), /* 460 T_Simulate */ - S_ST( 'y', 0, 0, 0 ), /* 461 T_Beep_Delay */ - S_ST( 'n', 0, 0, 0 ), /* 462 T_Sim_Duration */ - S_ST( 't', 0, 0, 0 ), /* 463 T_Server_Offset */ - S_ST( 'n', 0, 0, 0 ), /* 464 T_Duration */ - S_ST( 't', 0, 0, 0 ), /* 465 T_Freq_Offset */ - S_ST( 'r', 0, 0, 0 ), /* 466 T_Wander */ - S_ST( 'r', 0, 0, 0 ), /* 467 T_Jitter */ - S_ST( 'y', 0, 0, 0 ), /* 468 T_Prop_Delay */ - S_ST( 'y', 0, 0, 0 ), /* 469 T_Proc_Delay */ - S_ST( 't', 3, 471, 0 ), /* 470 jit */ - S_ST( 'e', 3, 467, 0 ), /* 471 jitt */ - S_ST( 'k', 3, 479, 452 ), /* 472 */ - S_ST( 'e', 3, 333, 0 ), /* 473 k */ - S_ST( 'r', 3, 475, 0 ), /* 474 ke */ - S_ST( 'n', 3, 476, 0 ), /* 475 ker */ - S_ST( 'e', 3, 332, 0 ), /* 476 kern */ - S_ST( 'd', 3, 478, 0 ), /* 477 keys */ - S_ST( 'i', 3, 335, 0 ), /* 478 keysd */ - S_ST( 'o', 3, 336, 473 ), /* 479 k */ - S_ST( 'l', 3, 508, 472 ), /* 480 */ - S_ST( 'e', 3, 482, 0 ), /* 481 l */ - S_ST( 'a', 3, 483, 0 ), /* 482 le */ - S_ST( 'p', 3, 487, 0 ), /* 483 lea */ - S_ST( 'f', 3, 485, 0 ), /* 484 leap */ - S_ST( 'i', 3, 486, 0 ), /* 485 leapf */ - S_ST( 'l', 3, 337, 0 ), /* 486 leapfi */ - S_ST( 's', 3, 488, 484 ), /* 487 leap */ - S_ST( 'm', 3, 489, 0 ), /* 488 leaps */ - S_ST( 'e', 3, 490, 0 ), /* 489 leapsm */ - S_ST( 'a', 3, 491, 0 ), /* 490 leapsme */ - S_ST( 'r', 3, 492, 0 ), /* 491 leapsmea */ - S_ST( 'i', 3, 493, 0 ), /* 492 leapsmear */ - S_ST( 'n', 3, 494, 0 ), /* 493 leapsmeari */ - S_ST( 't', 3, 495, 0 ), /* 494 leapsmearin */ - S_ST( 'e', 3, 496, 0 ), /* 495 leapsmearint */ - S_ST( 'r', 3, 497, 0 ), /* 496 leapsmearinte */ - S_ST( 'v', 3, 498, 0 ), /* 497 leapsmearinter */ - S_ST( 'a', 3, 338, 0 ), /* 498 leapsmearinterv */ - S_ST( 'i', 3, 505, 481 ), /* 499 l */ - S_ST( 'm', 3, 501, 0 ), /* 500 li */ - S_ST( 'i', 3, 502, 0 ), /* 501 lim */ - S_ST( 't', 3, 503, 0 ), /* 502 limi */ - S_ST( 'e', 3, 339, 0 ), /* 503 limit */ - S_ST( 'n', 3, 340, 500 ), /* 504 li */ - S_ST( 's', 3, 506, 504 ), /* 505 li */ - S_ST( 't', 3, 507, 0 ), /* 506 lis */ - S_ST( 'e', 3, 341, 0 ), /* 507 list */ - S_ST( 'o', 3, 524, 499 ), /* 508 l */ - S_ST( 'g', 3, 515, 0 ), /* 509 lo */ - S_ST( 'c', 3, 511, 0 ), /* 510 log */ - S_ST( 'o', 3, 512, 0 ), /* 511 logc */ - S_ST( 'n', 3, 513, 0 ), /* 512 logco */ - S_ST( 'f', 3, 514, 0 ), /* 513 logcon */ - S_ST( 'i', 3, 342, 0 ), /* 514 logconf */ - S_ST( 'f', 3, 516, 510 ), /* 515 log */ - S_ST( 'i', 3, 517, 0 ), /* 516 logf */ - S_ST( 'l', 3, 343, 0 ), /* 517 logfi */ - S_ST( 'o', 3, 519, 509 ), /* 518 lo */ - S_ST( 'p', 3, 520, 0 ), /* 519 loo */ - S_ST( 's', 3, 521, 0 ), /* 520 loop */ - S_ST( 't', 3, 522, 0 ), /* 521 loops */ - S_ST( 'a', 3, 523, 0 ), /* 522 loopst */ - S_ST( 't', 3, 344, 0 ), /* 523 loopsta */ - S_ST( 'w', 3, 525, 518 ), /* 524 lo */ - S_ST( 'p', 3, 526, 0 ), /* 525 low */ - S_ST( 'r', 3, 527, 0 ), /* 526 lowp */ - S_ST( 'i', 3, 528, 0 ), /* 527 lowpr */ - S_ST( 'o', 3, 529, 0 ), /* 528 lowpri */ - S_ST( 't', 3, 530, 0 ), /* 529 lowprio */ - S_ST( 'r', 3, 531, 0 ), /* 530 lowpriot */ - S_ST( 'a', 3, 345, 0 ), /* 531 lowpriotr */ - S_ST( 'm', 3, 618, 480 ), /* 532 */ - S_ST( 'a', 3, 551, 0 ), /* 533 m */ - S_ST( 'n', 3, 535, 0 ), /* 534 ma */ - S_ST( 'y', 3, 536, 0 ), /* 535 man */ - S_ST( 'c', 3, 537, 0 ), /* 536 many */ - S_ST( 'a', 3, 538, 0 ), /* 537 manyc */ - S_ST( 's', 3, 539, 0 ), /* 538 manyca */ - S_ST( 't', 3, 545, 0 ), /* 539 manycas */ - S_ST( 'c', 3, 541, 0 ), /* 540 manycast */ - S_ST( 'l', 3, 542, 0 ), /* 541 manycastc */ - S_ST( 'i', 3, 543, 0 ), /* 542 manycastcl */ - S_ST( 'e', 3, 544, 0 ), /* 543 manycastcli */ - S_ST( 'n', 3, 346, 0 ), /* 544 manycastclie */ - S_ST( 's', 3, 546, 540 ), /* 545 manycast */ - S_ST( 'e', 3, 547, 0 ), /* 546 manycasts */ - S_ST( 'r', 3, 548, 0 ), /* 547 manycastse */ - S_ST( 'v', 3, 549, 0 ), /* 548 manycastser */ - S_ST( 'e', 3, 347, 0 ), /* 549 manycastserv */ - S_ST( 's', 3, 348, 534 ), /* 550 ma */ - S_ST( 'x', 3, 566, 550 ), /* 551 ma */ - S_ST( 'a', 3, 553, 0 ), /* 552 max */ - S_ST( 'g', 3, 349, 0 ), /* 553 maxa */ - S_ST( 'c', 3, 555, 552 ), /* 554 max */ - S_ST( 'l', 3, 556, 0 ), /* 555 maxc */ - S_ST( 'o', 3, 557, 0 ), /* 556 maxcl */ - S_ST( 'c', 3, 350, 0 ), /* 557 maxclo */ - S_ST( 'd', 3, 562, 554 ), /* 558 max */ - S_ST( 'e', 3, 560, 0 ), /* 559 maxd */ - S_ST( 'p', 3, 561, 0 ), /* 560 maxde */ - S_ST( 't', 3, 351, 0 ), /* 561 maxdep */ - S_ST( 'i', 3, 563, 559 ), /* 562 maxd */ - S_ST( 's', 3, 352, 0 ), /* 563 maxdi */ - S_ST( 'm', 3, 565, 558 ), /* 564 max */ - S_ST( 'e', 3, 353, 0 ), /* 565 maxm */ - S_ST( 'p', 3, 567, 564 ), /* 566 max */ - S_ST( 'o', 3, 568, 0 ), /* 567 maxp */ - S_ST( 'l', 3, 354, 0 ), /* 568 maxpo */ - S_ST( 'd', 3, 570, 533 ), /* 569 m */ - S_ST( 'n', 3, 571, 0 ), /* 570 md */ - S_ST( 's', 3, 572, 0 ), /* 571 mdn */ - S_ST( 't', 3, 573, 0 ), /* 572 mdns */ - S_ST( 'r', 3, 574, 0 ), /* 573 mdnst */ - S_ST( 'i', 3, 575, 0 ), /* 574 mdnstr */ - S_ST( 'e', 3, 355, 0 ), /* 575 mdnstri */ - S_ST( 'e', 3, 356, 569 ), /* 576 m */ - S_ST( 'l', 3, 578, 0 ), /* 577 mem */ - S_ST( 'o', 3, 579, 0 ), /* 578 meml */ - S_ST( 'c', 3, 357, 0 ), /* 579 memlo */ - S_ST( 'i', 3, 581, 576 ), /* 580 m */ - S_ST( 'n', 3, 603, 0 ), /* 581 mi */ - S_ST( 'c', 3, 583, 0 ), /* 582 min */ - S_ST( 'l', 3, 584, 0 ), /* 583 minc */ - S_ST( 'o', 3, 585, 0 ), /* 584 mincl */ - S_ST( 'c', 3, 358, 0 ), /* 585 minclo */ - S_ST( 'd', 3, 590, 582 ), /* 586 min */ - S_ST( 'e', 3, 588, 0 ), /* 587 mind */ - S_ST( 'p', 3, 589, 0 ), /* 588 minde */ - S_ST( 't', 3, 359, 0 ), /* 589 mindep */ - S_ST( 'i', 3, 591, 587 ), /* 590 mind */ - S_ST( 's', 3, 360, 0 ), /* 591 mindi */ - S_ST( 'i', 3, 593, 586 ), /* 592 min */ - S_ST( 'm', 3, 594, 0 ), /* 593 mini */ - S_ST( 'u', 3, 361, 0 ), /* 594 minim */ - S_ST( 'j', 3, 596, 592 ), /* 595 min */ - S_ST( 'i', 3, 597, 0 ), /* 596 minj */ - S_ST( 't', 3, 598, 0 ), /* 597 minji */ - S_ST( 't', 3, 599, 0 ), /* 598 minjit */ - S_ST( 'e', 3, 362, 0 ), /* 599 minjitt */ - S_ST( 'p', 3, 601, 595 ), /* 600 min */ - S_ST( 'o', 3, 602, 0 ), /* 601 minp */ - S_ST( 'l', 3, 363, 0 ), /* 602 minpo */ - S_ST( 's', 3, 604, 600 ), /* 603 min */ - S_ST( 'a', 3, 605, 0 ), /* 604 mins */ - S_ST( 'n', 3, 364, 0 ), /* 605 minsa */ - S_ST( 'o', 3, 608, 580 ), /* 606 m */ - S_ST( 'd', 3, 365, 0 ), /* 607 mo */ - S_ST( 'n', 3, 612, 607 ), /* 608 mo */ - S_ST( 'i', 3, 610, 0 ), /* 609 mon */ - S_ST( 't', 3, 611, 0 ), /* 610 moni */ - S_ST( 'o', 3, 367, 0 ), /* 611 monit */ - S_ST( 't', 3, 368, 609 ), /* 612 mon */ - S_ST( 'r', 3, 369, 606 ), /* 613 m */ - S_ST( 's', 3, 615, 613 ), /* 614 m */ - S_ST( 's', 3, 616, 0 ), /* 615 ms */ - S_ST( 'n', 3, 617, 0 ), /* 616 mss */ - S_ST( 't', 3, 370, 0 ), /* 617 mssn */ - S_ST( 'u', 3, 619, 614 ), /* 618 m */ - S_ST( 'l', 3, 620, 0 ), /* 619 mu */ - S_ST( 't', 3, 621, 0 ), /* 620 mul */ - S_ST( 'i', 3, 622, 0 ), /* 621 mult */ - S_ST( 'c', 3, 623, 0 ), /* 622 multi */ - S_ST( 'a', 3, 624, 0 ), /* 623 multic */ - S_ST( 's', 3, 625, 0 ), /* 624 multica */ - S_ST( 't', 3, 626, 0 ), /* 625 multicas */ - S_ST( 'c', 3, 627, 0 ), /* 626 multicast */ - S_ST( 'l', 3, 628, 0 ), /* 627 multicastc */ - S_ST( 'i', 3, 629, 0 ), /* 628 multicastcl */ - S_ST( 'e', 3, 630, 0 ), /* 629 multicastcli */ - S_ST( 'n', 3, 371, 0 ), /* 630 multicastclie */ - S_ST( 'n', 3, 678, 532 ), /* 631 */ - S_ST( 'i', 3, 372, 0 ), /* 632 n */ - S_ST( 'o', 3, 673, 632 ), /* 633 n */ - S_ST( 'e', 3, 635, 0 ), /* 634 no */ - S_ST( 'p', 3, 636, 0 ), /* 635 noe */ - S_ST( 'e', 3, 637, 0 ), /* 636 noep */ - S_ST( 'e', 3, 378, 0 ), /* 637 noepe */ - S_ST( 'l', 3, 639, 634 ), /* 638 no */ - S_ST( 'i', 3, 640, 0 ), /* 639 nol */ - S_ST( 'n', 3, 373, 0 ), /* 640 noli */ - S_ST( 'm', 3, 646, 638 ), /* 641 no */ - S_ST( 'o', 3, 643, 0 ), /* 642 nom */ - S_ST( 'd', 3, 644, 0 ), /* 643 nomo */ - S_ST( 'i', 3, 645, 0 ), /* 644 nomod */ - S_ST( 'f', 3, 374, 0 ), /* 645 nomodi */ - S_ST( 'r', 3, 647, 642 ), /* 646 nom */ - S_ST( 'u', 3, 648, 0 ), /* 647 nomr */ - S_ST( 'l', 3, 649, 0 ), /* 648 nomru */ - S_ST( 'i', 3, 650, 0 ), /* 649 nomrul */ - S_ST( 's', 3, 375, 0 ), /* 650 nomruli */ - S_ST( 'n', 3, 652, 641 ), /* 651 no */ - S_ST( 'v', 3, 653, 376 ), /* 652 non */ - S_ST( 'o', 3, 654, 0 ), /* 653 nonv */ - S_ST( 'l', 3, 655, 0 ), /* 654 nonvo */ - S_ST( 'a', 3, 656, 0 ), /* 655 nonvol */ - S_ST( 't', 3, 657, 0 ), /* 656 nonvola */ - S_ST( 'i', 3, 658, 0 ), /* 657 nonvolat */ - S_ST( 'l', 3, 377, 0 ), /* 658 nonvolati */ - S_ST( 'p', 3, 660, 651 ), /* 659 no */ - S_ST( 'e', 3, 661, 0 ), /* 660 nop */ - S_ST( 'e', 3, 379, 0 ), /* 661 nope */ - S_ST( 'q', 3, 663, 659 ), /* 662 no */ - S_ST( 'u', 3, 664, 0 ), /* 663 noq */ - S_ST( 'e', 3, 665, 0 ), /* 664 noqu */ - S_ST( 'r', 3, 380, 0 ), /* 665 noque */ - S_ST( 's', 3, 667, 662 ), /* 666 no */ - S_ST( 'e', 3, 671, 0 ), /* 667 nos */ - S_ST( 'l', 3, 669, 0 ), /* 668 nose */ - S_ST( 'e', 3, 670, 0 ), /* 669 nosel */ - S_ST( 'c', 3, 381, 0 ), /* 670 nosele */ - S_ST( 'r', 3, 672, 668 ), /* 671 nose */ - S_ST( 'v', 3, 382, 0 ), /* 672 noser */ - S_ST( 't', 3, 674, 666 ), /* 673 no */ - S_ST( 'r', 3, 676, 0 ), /* 674 not */ - S_ST( 'a', 3, 383, 0 ), /* 675 notr */ - S_ST( 'u', 3, 677, 675 ), /* 676 notr */ - S_ST( 's', 3, 384, 0 ), /* 677 notru */ - S_ST( 't', 3, 385, 633 ), /* 678 n */ - S_ST( 'p', 3, 680, 0 ), /* 679 ntp */ - S_ST( 'o', 3, 681, 0 ), /* 680 ntpp */ - S_ST( 'r', 3, 386, 0 ), /* 681 ntppo */ - S_ST( 's', 3, 683, 679 ), /* 682 ntp */ - S_ST( 'i', 3, 684, 0 ), /* 683 ntps */ - S_ST( 'g', 3, 685, 0 ), /* 684 ntpsi */ - S_ST( 'n', 3, 686, 0 ), /* 685 ntpsig */ - S_ST( 'd', 3, 687, 0 ), /* 686 ntpsign */ - S_ST( 's', 3, 688, 0 ), /* 687 ntpsignd */ - S_ST( 'o', 3, 689, 0 ), /* 688 ntpsignds */ - S_ST( 'c', 3, 690, 0 ), /* 689 ntpsigndso */ - S_ST( 'k', 3, 691, 0 ), /* 690 ntpsigndsoc */ - S_ST( 'e', 3, 387, 0 ), /* 691 ntpsigndsock */ - S_ST( 'o', 3, 693, 631 ), /* 692 */ - S_ST( 'r', 3, 694, 0 ), /* 693 o */ - S_ST( 'p', 3, 695, 0 ), /* 694 or */ - S_ST( 'h', 3, 696, 0 ), /* 695 orp */ - S_ST( 'a', 3, 388, 0 ), /* 696 orph */ - S_ST( 'w', 3, 698, 0 ), /* 697 orphan */ - S_ST( 'a', 3, 699, 0 ), /* 698 orphanw */ - S_ST( 'i', 3, 389, 0 ), /* 699 orphanwa */ - S_ST( 'p', 3, 405, 692 ), /* 700 */ - S_ST( 'a', 3, 702, 0 ), /* 701 p */ - S_ST( 'n', 3, 703, 0 ), /* 702 pa */ - S_ST( 'i', 3, 391, 0 ), /* 703 pan */ - S_ST( 'e', 3, 705, 701 ), /* 704 p */ - S_ST( 'e', 3, 392, 0 ), /* 705 pe */ - S_ST( '_', 3, 707, 0 ), /* 706 peer */ - S_ST( 'c', 3, 708, 0 ), /* 707 peer_ */ - S_ST( 'l', 3, 709, 0 ), /* 708 peer_c */ - S_ST( 'e', 3, 710, 0 ), /* 709 peer_cl */ - S_ST( 'a', 3, 711, 0 ), /* 710 peer_cle */ - S_ST( 'r', 3, 712, 0 ), /* 711 peer_clea */ - S_ST( '_', 3, 713, 0 ), /* 712 peer_clear */ - S_ST( 'd', 3, 714, 0 ), /* 713 peer_clear_ */ - S_ST( 'i', 3, 715, 0 ), /* 714 peer_clear_d */ - S_ST( 'g', 3, 716, 0 ), /* 715 peer_clear_di */ - S_ST( 'e', 3, 717, 0 ), /* 716 peer_clear_dig */ - S_ST( 's', 3, 718, 0 ), /* 717 peer_clear_dige */ - S_ST( 't', 3, 719, 0 ), /* 718 peer_clear_diges */ - S_ST( '_', 3, 720, 0 ), /* 719 peer_clear_digest */ - S_ST( 'e', 3, 721, 0 ), /* 720 peer_clear_digest_ */ - S_ST( 'a', 3, 722, 0 ), /* 721 peer_clear_digest_e */ - S_ST( 'r', 3, 723, 0 ), /* 722 peer_clear_digest_ea */ - S_ST( 'l', 3, 390, 0 ), /* 723 peer_clear_digest_ear */ - S_ST( 's', 3, 725, 706 ), /* 724 peer */ - S_ST( 't', 3, 726, 0 ), /* 725 peers */ - S_ST( 'a', 3, 727, 0 ), /* 726 peerst */ - S_ST( 't', 3, 393, 0 ), /* 727 peersta */ - S_ST( 'h', 3, 729, 704 ), /* 728 p */ - S_ST( 'o', 3, 730, 0 ), /* 729 ph */ - S_ST( 'n', 3, 394, 0 ), /* 730 pho */ - S_ST( 'i', 3, 395, 728 ), /* 731 p */ - S_ST( 'f', 3, 733, 0 ), /* 732 pid */ - S_ST( 'i', 3, 734, 0 ), /* 733 pidf */ - S_ST( 'l', 3, 396, 0 ), /* 734 pidfi */ - S_ST( 'o', 3, 745, 731 ), /* 735 p */ - S_ST( 'l', 3, 397, 0 ), /* 736 po */ - S_ST( 's', 3, 738, 0 ), /* 737 poll */ - S_ST( 'k', 3, 739, 0 ), /* 738 polls */ - S_ST( 'e', 3, 740, 0 ), /* 739 pollsk */ - S_ST( 'w', 3, 741, 0 ), /* 740 pollske */ - S_ST( 'l', 3, 742, 0 ), /* 741 pollskew */ - S_ST( 'i', 3, 743, 0 ), /* 742 pollskewl */ - S_ST( 's', 3, 398, 0 ), /* 743 pollskewli */ - S_ST( 'o', 3, 399, 736 ), /* 744 po */ - S_ST( 'r', 3, 400, 744 ), /* 745 po */ - S_ST( 'p', 3, 747, 735 ), /* 746 p */ - S_ST( 's', 3, 748, 0 ), /* 747 pp */ - S_ST( 'd', 3, 749, 0 ), /* 748 pps */ - S_ST( 'a', 3, 750, 0 ), /* 749 ppsd */ - S_ST( 't', 3, 401, 0 ), /* 750 ppsda */ - S_ST( 'r', 3, 758, 746 ), /* 751 p */ - S_ST( 'e', 3, 756, 0 ), /* 752 pr */ - S_ST( 'e', 3, 754, 0 ), /* 753 pre */ - S_ST( 'm', 3, 755, 0 ), /* 754 pree */ - S_ST( 'p', 3, 402, 0 ), /* 755 preem */ - S_ST( 'f', 3, 757, 753 ), /* 756 pre */ - S_ST( 'e', 3, 403, 0 ), /* 757 pref */ - S_ST( 'o', 3, 771, 752 ), /* 758 pr */ - S_ST( 'c', 3, 760, 0 ), /* 759 pro */ - S_ST( '_', 3, 761, 0 ), /* 760 proc */ - S_ST( 'd', 3, 762, 0 ), /* 761 proc_ */ - S_ST( 'e', 3, 763, 0 ), /* 762 proc_d */ - S_ST( 'l', 3, 764, 0 ), /* 763 proc_de */ - S_ST( 'a', 3, 469, 0 ), /* 764 proc_del */ - S_ST( 'p', 3, 766, 759 ), /* 765 pro */ - S_ST( '_', 3, 767, 0 ), /* 766 prop */ - S_ST( 'd', 3, 768, 0 ), /* 767 prop_ */ - S_ST( 'e', 3, 769, 0 ), /* 768 prop_d */ - S_ST( 'l', 3, 770, 0 ), /* 769 prop_de */ - S_ST( 'a', 3, 468, 0 ), /* 770 prop_del */ - S_ST( 't', 3, 772, 765 ), /* 771 pro */ - S_ST( 'o', 3, 773, 0 ), /* 772 prot */ - S_ST( 's', 3, 774, 0 ), /* 773 proto */ - S_ST( 't', 3, 775, 0 ), /* 774 protos */ - S_ST( 'a', 3, 776, 0 ), /* 775 protost */ - S_ST( 't', 3, 404, 0 ), /* 776 protosta */ - S_ST( 'r', 3, 808, 700 ), /* 777 */ - S_ST( 'a', 3, 784, 0 ), /* 778 r */ - S_ST( 'n', 3, 780, 0 ), /* 779 ra */ - S_ST( 'd', 3, 781, 0 ), /* 780 ran */ - S_ST( 'f', 3, 782, 0 ), /* 781 rand */ - S_ST( 'i', 3, 783, 0 ), /* 782 randf */ - S_ST( 'l', 3, 406, 0 ), /* 783 randfi */ - S_ST( 'w', 3, 785, 779 ), /* 784 ra */ - S_ST( 's', 3, 786, 0 ), /* 785 raw */ - S_ST( 't', 3, 787, 0 ), /* 786 raws */ - S_ST( 'a', 3, 788, 0 ), /* 787 rawst */ - S_ST( 't', 3, 407, 0 ), /* 788 rawsta */ - S_ST( 'e', 3, 805, 778 ), /* 789 r */ - S_ST( 'f', 3, 791, 0 ), /* 790 re */ - S_ST( 'i', 3, 408, 0 ), /* 791 ref */ - S_ST( 'q', 3, 793, 790 ), /* 792 re */ - S_ST( 'u', 3, 794, 0 ), /* 793 req */ - S_ST( 'e', 3, 795, 0 ), /* 794 requ */ - S_ST( 's', 3, 796, 0 ), /* 795 reque */ - S_ST( 't', 3, 797, 0 ), /* 796 reques */ - S_ST( 'k', 3, 798, 0 ), /* 797 request */ - S_ST( 'e', 3, 409, 0 ), /* 798 requestk */ - S_ST( 's', 3, 801, 792 ), /* 799 re */ - S_ST( 'e', 3, 410, 0 ), /* 800 res */ - S_ST( 't', 3, 802, 800 ), /* 801 res */ - S_ST( 'r', 3, 803, 0 ), /* 802 rest */ - S_ST( 'i', 3, 804, 0 ), /* 803 restr */ - S_ST( 'c', 3, 411, 0 ), /* 804 restri */ - S_ST( 'v', 3, 806, 799 ), /* 805 re */ - S_ST( 'o', 3, 807, 0 ), /* 806 rev */ - S_ST( 'k', 3, 412, 0 ), /* 807 revo */ - S_ST( 'l', 3, 809, 789 ), /* 808 r */ - S_ST( 'i', 3, 810, 0 ), /* 809 rl */ - S_ST( 'm', 3, 811, 0 ), /* 810 rli */ - S_ST( 'i', 3, 413, 0 ), /* 811 rlim */ - S_ST( 's', 3, 892, 777 ), /* 812 */ - S_ST( 'a', 3, 814, 0 ), /* 813 s */ - S_ST( 'v', 3, 815, 0 ), /* 814 sa */ - S_ST( 'e', 3, 816, 0 ), /* 815 sav */ - S_ST( 'c', 3, 817, 0 ), /* 816 save */ - S_ST( 'o', 3, 818, 0 ), /* 817 savec */ - S_ST( 'n', 3, 819, 0 ), /* 818 saveco */ - S_ST( 'f', 3, 820, 0 ), /* 819 savecon */ - S_ST( 'i', 3, 821, 0 ), /* 820 saveconf */ - S_ST( 'g', 3, 822, 0 ), /* 821 saveconfi */ - S_ST( 'd', 3, 823, 0 ), /* 822 saveconfig */ - S_ST( 'i', 3, 414, 0 ), /* 823 saveconfigd */ - S_ST( 'e', 3, 841, 813 ), /* 824 s */ - S_ST( 'r', 3, 826, 0 ), /* 825 se */ - S_ST( 'v', 3, 827, 0 ), /* 826 ser */ - S_ST( 'e', 3, 415, 0 ), /* 827 serv */ - S_ST( '_', 3, 829, 0 ), /* 828 server */ - S_ST( 'o', 3, 830, 0 ), /* 829 server_ */ - S_ST( 'f', 3, 831, 0 ), /* 830 server_o */ - S_ST( 'f', 3, 832, 0 ), /* 831 server_of */ - S_ST( 's', 3, 833, 0 ), /* 832 server_off */ - S_ST( 'e', 3, 463, 0 ), /* 833 server_offs */ - S_ST( 'r', 3, 835, 828 ), /* 834 server */ - S_ST( 'e', 3, 836, 0 ), /* 835 serverr */ - S_ST( 's', 3, 837, 0 ), /* 836 serverre */ - S_ST( 'p', 3, 838, 0 ), /* 837 serverres */ - S_ST( 'o', 3, 839, 0 ), /* 838 serverresp */ - S_ST( 'n', 3, 840, 0 ), /* 839 serverrespo */ - S_ST( 's', 3, 416, 0 ), /* 840 serverrespon */ - S_ST( 't', 3, 842, 825 ), /* 841 se */ - S_ST( 'v', 3, 843, 0 ), /* 842 set */ - S_ST( 'a', 3, 418, 0 ), /* 843 setv */ - S_ST( 'i', 3, 845, 824 ), /* 844 s */ - S_ST( 'm', 3, 846, 0 ), /* 845 si */ - S_ST( 'u', 3, 847, 0 ), /* 846 sim */ - S_ST( 'l', 3, 848, 0 ), /* 847 simu */ - S_ST( 'a', 3, 849, 0 ), /* 848 simul */ - S_ST( 't', 3, 850, 0 ), /* 849 simula */ - S_ST( 'i', 3, 851, 460 ), /* 850 simulat */ - S_ST( 'o', 3, 852, 0 ), /* 851 simulati */ - S_ST( 'n', 3, 853, 0 ), /* 852 simulatio */ - S_ST( '_', 3, 854, 0 ), /* 853 simulation */ - S_ST( 'd', 3, 855, 0 ), /* 854 simulation_ */ - S_ST( 'u', 3, 856, 0 ), /* 855 simulation_d */ - S_ST( 'r', 3, 857, 0 ), /* 856 simulation_du */ - S_ST( 'a', 3, 858, 0 ), /* 857 simulation_dur */ - S_ST( 't', 3, 859, 0 ), /* 858 simulation_dura */ - S_ST( 'i', 3, 860, 0 ), /* 859 simulation_durat */ - S_ST( 'o', 3, 462, 0 ), /* 860 simulation_durati */ - S_ST( 'o', 3, 862, 844 ), /* 861 s */ - S_ST( 'u', 3, 863, 0 ), /* 862 so */ - S_ST( 'r', 3, 864, 0 ), /* 863 sou */ - S_ST( 'c', 3, 419, 0 ), /* 864 sour */ - S_ST( 't', 3, 888, 861 ), /* 865 s */ - S_ST( 'a', 3, 872, 0 ), /* 866 st */ - S_ST( 'c', 3, 868, 0 ), /* 867 sta */ - S_ST( 'k', 3, 869, 0 ), /* 868 stac */ - S_ST( 's', 3, 870, 0 ), /* 869 stack */ - S_ST( 'i', 3, 871, 0 ), /* 870 stacks */ - S_ST( 'z', 3, 420, 0 ), /* 871 stacksi */ - S_ST( 't', 3, 422, 867 ), /* 872 sta */ - S_ST( 'i', 3, 874, 0 ), /* 873 stat */ - S_ST( 's', 3, 875, 0 ), /* 874 stati */ - S_ST( 't', 3, 876, 0 ), /* 875 statis */ - S_ST( 'i', 3, 877, 0 ), /* 876 statist */ - S_ST( 'c', 3, 421, 0 ), /* 877 statisti */ - S_ST( 'd', 3, 879, 0 ), /* 878 stats */ - S_ST( 'i', 3, 423, 0 ), /* 879 statsd */ - S_ST( 'e', 3, 424, 866 ), /* 880 st */ - S_ST( 'b', 3, 882, 0 ), /* 881 step */ - S_ST( 'a', 3, 883, 0 ), /* 882 stepb */ - S_ST( 'c', 3, 425, 0 ), /* 883 stepba */ - S_ST( 'f', 3, 885, 881 ), /* 884 step */ - S_ST( 'w', 3, 426, 0 ), /* 885 stepf */ - S_ST( 'o', 3, 887, 884 ), /* 886 step */ - S_ST( 'u', 3, 427, 0 ), /* 887 stepo */ - S_ST( 'r', 3, 889, 880 ), /* 888 st */ - S_ST( 'a', 3, 890, 0 ), /* 889 str */ - S_ST( 't', 3, 891, 0 ), /* 890 stra */ - S_ST( 'u', 3, 428, 0 ), /* 891 strat */ - S_ST( 'y', 3, 430, 865 ), /* 892 s */ - S_ST( 's', 3, 894, 0 ), /* 893 sys */ - S_ST( 't', 3, 895, 0 ), /* 894 syss */ - S_ST( 'a', 3, 896, 0 ), /* 895 sysst */ - S_ST( 't', 3, 431, 0 ), /* 896 syssta */ - S_ST( 't', 3, 926, 812 ), /* 897 */ - S_ST( 'i', 3, 912, 0 ), /* 898 t */ - S_ST( 'c', 3, 432, 0 ), /* 899 ti */ - S_ST( 'm', 3, 905, 899 ), /* 900 ti */ - S_ST( 'e', 3, 436, 0 ), /* 901 tim */ - S_ST( 'd', 3, 903, 434 ), /* 902 time */ - S_ST( 'a', 3, 904, 0 ), /* 903 timed */ - S_ST( 't', 3, 435, 0 ), /* 904 timeda */ - S_ST( 'i', 3, 906, 901 ), /* 905 tim */ - S_ST( 'n', 3, 907, 0 ), /* 906 timi */ - S_ST( 'g', 3, 908, 0 ), /* 907 timin */ - S_ST( 's', 3, 909, 0 ), /* 908 timing */ - S_ST( 't', 3, 910, 0 ), /* 909 timings */ - S_ST( 'a', 3, 911, 0 ), /* 910 timingst */ - S_ST( 't', 3, 437, 0 ), /* 911 timingsta */ - S_ST( 'n', 3, 913, 900 ), /* 912 ti */ - S_ST( 'k', 3, 914, 0 ), /* 913 tin */ - S_ST( 'e', 3, 438, 0 ), /* 914 tink */ - S_ST( 'o', 3, 439, 898 ), /* 915 t */ - S_ST( 'r', 3, 918, 915 ), /* 916 t */ - S_ST( 'a', 3, 440, 0 ), /* 917 tr */ - S_ST( 'u', 3, 919, 917 ), /* 918 tr */ - S_ST( 's', 3, 920, 441 ), /* 919 tru */ - S_ST( 't', 3, 921, 0 ), /* 920 trus */ - S_ST( 'e', 3, 922, 0 ), /* 921 trust */ - S_ST( 'd', 3, 923, 0 ), /* 922 truste */ - S_ST( 'k', 3, 924, 0 ), /* 923 trusted */ - S_ST( 'e', 3, 442, 0 ), /* 924 trustedk */ - S_ST( 't', 3, 443, 916 ), /* 925 t */ - S_ST( 'y', 3, 927, 925 ), /* 926 t */ - S_ST( 'p', 3, 444, 0 ), /* 927 ty */ - S_ST( 'u', 3, 929, 897 ), /* 928 */ - S_ST( 'n', 3, 935, 0 ), /* 929 u */ - S_ST( 'c', 3, 931, 0 ), /* 930 un */ - S_ST( 'o', 3, 932, 0 ), /* 931 unc */ - S_ST( 'n', 3, 933, 0 ), /* 932 unco */ - S_ST( 'f', 3, 934, 0 ), /* 933 uncon */ - S_ST( 'i', 3, 449, 0 ), /* 934 unconf */ - S_ST( 'p', 3, 936, 930 ), /* 935 un */ - S_ST( 'e', 3, 937, 0 ), /* 936 unp */ - S_ST( 'e', 3, 450, 0 ), /* 937 unpe */ - S_ST( '_', 3, 958, 0 ), /* 938 unpeer */ - S_ST( 'c', 3, 940, 0 ), /* 939 unpeer_ */ - S_ST( 'r', 3, 941, 0 ), /* 940 unpeer_c */ - S_ST( 'y', 3, 942, 0 ), /* 941 unpeer_cr */ - S_ST( 'p', 3, 943, 0 ), /* 942 unpeer_cry */ - S_ST( 't', 3, 944, 0 ), /* 943 unpeer_cryp */ - S_ST( 'o', 3, 945, 0 ), /* 944 unpeer_crypt */ - S_ST( '_', 3, 950, 0 ), /* 945 unpeer_crypto */ - S_ST( 'e', 3, 947, 0 ), /* 946 unpeer_crypto_ */ - S_ST( 'a', 3, 948, 0 ), /* 947 unpeer_crypto_e */ - S_ST( 'r', 3, 949, 0 ), /* 948 unpeer_crypto_ea */ - S_ST( 'l', 3, 446, 0 ), /* 949 unpeer_crypto_ear */ - S_ST( 'n', 3, 951, 946 ), /* 950 unpeer_crypto_ */ - S_ST( 'a', 3, 952, 0 ), /* 951 unpeer_crypto_n */ - S_ST( 'k', 3, 953, 0 ), /* 952 unpeer_crypto_na */ - S_ST( '_', 3, 954, 0 ), /* 953 unpeer_crypto_nak */ - S_ST( 'e', 3, 955, 0 ), /* 954 unpeer_crypto_nak_ */ - S_ST( 'a', 3, 956, 0 ), /* 955 unpeer_crypto_nak_e */ - S_ST( 'r', 3, 957, 0 ), /* 956 unpeer_crypto_nak_ea */ - S_ST( 'l', 3, 447, 0 ), /* 957 unpeer_crypto_nak_ear */ - S_ST( 'd', 3, 959, 939 ), /* 958 unpeer_ */ - S_ST( 'i', 3, 960, 0 ), /* 959 unpeer_d */ - S_ST( 'g', 3, 961, 0 ), /* 960 unpeer_di */ - S_ST( 'e', 3, 962, 0 ), /* 961 unpeer_dig */ - S_ST( 's', 3, 963, 0 ), /* 962 unpeer_dige */ - S_ST( 't', 3, 964, 0 ), /* 963 unpeer_diges */ - S_ST( '_', 3, 965, 0 ), /* 964 unpeer_digest */ - S_ST( 'e', 3, 966, 0 ), /* 965 unpeer_digest_ */ - S_ST( 'a', 3, 967, 0 ), /* 966 unpeer_digest_e */ - S_ST( 'r', 3, 968, 0 ), /* 967 unpeer_digest_ea */ - S_ST( 'l', 3, 448, 0 ), /* 968 unpeer_digest_ear */ - S_ST( 'v', 3, 970, 928 ), /* 969 */ - S_ST( 'e', 3, 971, 0 ), /* 970 v */ - S_ST( 'r', 3, 972, 0 ), /* 971 ve */ - S_ST( 's', 3, 973, 0 ), /* 972 ver */ - S_ST( 'i', 3, 974, 0 ), /* 973 vers */ - S_ST( 'o', 3, 451, 0 ), /* 974 versi */ - S_ST( 'w', 3, 982, 969 ), /* 975 */ - S_ST( 'a', 3, 977, 0 ), /* 976 w */ - S_ST( 'n', 3, 978, 0 ), /* 977 wa */ - S_ST( 'd', 3, 979, 0 ), /* 978 wan */ - S_ST( 'e', 3, 466, 0 ), /* 979 wand */ - S_ST( 'e', 3, 981, 976 ), /* 980 w */ - S_ST( 'e', 3, 453, 0 ), /* 981 we */ - S_ST( 'i', 3, 983, 980 ), /* 982 w */ - S_ST( 'l', 3, 984, 0 ), /* 983 wi */ - S_ST( 'd', 3, 985, 0 ), /* 984 wil */ - S_ST( 'c', 3, 986, 0 ), /* 985 wild */ - S_ST( 'a', 3, 987, 0 ), /* 986 wildc */ - S_ST( 'r', 3, 454, 0 ), /* 987 wildca */ - S_ST( 'x', 3, 993, 975 ), /* 988 */ - S_ST( 'l', 3, 990, 0 ), /* 989 x */ - S_ST( 'e', 3, 991, 0 ), /* 990 xl */ - S_ST( 'a', 3, 992, 0 ), /* 991 xle */ - S_ST( 'v', 3, 455, 0 ), /* 992 xlea */ - S_ST( 'm', 3, 994, 989 ), /* 993 x */ - S_ST( 't', 3, 995, 0 ), /* 994 xm */ - S_ST( 'n', 3, 996, 0 ), /* 995 xmt */ - S_ST( 'o', 3, 997, 0 ), /* 996 xmtn */ - S_ST( 'n', 3, 998, 0 ), /* 997 xmtno */ - S_ST( 'c', 3, 456, 0 ), /* 998 xmtnon */ - S_ST( 'y', 3, 1000, 988 ), /* 999 [initial state] */ - S_ST( 'e', 3, 1001, 0 ), /* 1000 y */ - S_ST( 'a', 3, 457, 0 ) /* 1001 ye */ + S_ST( 't', 0, 0, 0 ), /* 286 T_Delrestrict */ + S_ST( 'e', 1, 0, 0 ), /* 287 T_Device */ + S_ST( 't', 1, 0, 0 ), /* 288 T_Digest */ + S_ST( 'e', 0, 0, 0 ), /* 289 T_Disable */ + S_ST( 'd', 0, 0, 0 ), /* 290 T_Discard */ + S_ST( 'n', 0, 0, 0 ), /* 291 T_Dispersion */ + S_ST( 'e', 3, 300, 0 ), /* 292 int */ + S_ST( 'e', 1, 0, 0 ), /* 293 T_Driftfile */ + S_ST( 'p', 0, 0, 0 ), /* 294 T_Drop */ + S_ST( 'p', 0, 0, 0 ), /* 295 T_Dscp */ + S_ST( '.', 0, 0, 0 ), /* 296 T_Ellipsis */ + S_ST( 'e', 0, 0, 0 ), /* 297 T_Enable */ + S_ST( 'd', 0, 0, 179 ), /* 298 T_End */ + S_ST( 'r', 0, 0, 0 ), /* 299 T_Epeer */ + S_ST( 'r', 3, 324, 0 ), /* 300 inte */ + S_ST( 'e', 1, 190, 0 ), /* 301 T_File */ + S_ST( 'n', 0, 0, 0 ), /* 302 T_Filegen */ + S_ST( 'm', 0, 0, 0 ), /* 303 T_Filenum */ + S_ST( '1', 0, 0, 0 ), /* 304 T_Flag1 */ + S_ST( '2', 0, 0, 304 ), /* 305 T_Flag2 */ + S_ST( '3', 0, 0, 305 ), /* 306 T_Flag3 */ + S_ST( '4', 0, 0, 306 ), /* 307 T_Flag4 */ + S_ST( 'e', 0, 0, 0 ), /* 308 T_Flake */ + S_ST( 'r', 0, 0, 0 ), /* 309 T_Floor */ + S_ST( 'q', 0, 200, 0 ), /* 310 T_Freq */ + S_ST( 'e', 1, 0, 0 ), /* 311 T_Fudge */ + S_ST( 'z', 0, 0, 0 ), /* 312 T_Fuzz */ + S_ST( 't', 1, 0, 0 ), /* 313 T_Host */ + S_ST( 'f', 0, 0, 0 ), /* 314 T_Huffpuff */ + S_ST( 't', 0, 0, 0 ), /* 315 T_Iburst */ + S_ST( 't', 1, 0, 0 ), /* 316 T_Ident */ + S_ST( 'e', 0, 231, 0 ), /* 317 T_Ignore */ + S_ST( 'h', 0, 0, 0 ), /* 318 T_Ignorehash */ + S_ST( 'c', 0, 0, 0 ), /* 319 T_Incalloc */ + S_ST( 'm', 0, 0, 0 ), /* 320 T_Incmem */ + S_ST( 'c', 0, 0, 0 ), /* 321 T_Initalloc */ + S_ST( 'm', 0, 0, 0 ), /* 322 T_Initmem */ + S_ST( 'e', 1, 0, 0 ), /* 323 T_Includefile */ + S_ST( 'f', 3, 326, 0 ), /* 324 inter */ + S_ST( 'e', 0, 0, 0 ), /* 325 T_Interface */ + S_ST( 'a', 3, 418, 0 ), /* 326 interf */ + S_ST( 'o', 0, 0, 234 ), /* 327 T_Io */ + S_ST( 't', 0, 0, 0 ), /* 328 T_Ippeerlimit */ + S_ST( '4', 0, 0, 0 ), /* 329 T_Ipv4 */ + S_ST( '4', 0, 0, 0 ), /* 330 T_Ipv4_flag */ + S_ST( '6', 0, 0, 329 ), /* 331 T_Ipv6 */ + S_ST( '6', 0, 0, 330 ), /* 332 T_Ipv6_flag */ + S_ST( 'l', 0, 0, 0 ), /* 333 T_Kernel */ + S_ST( 'y', 0, 335, 483 ), /* 334 T_Key */ + S_ST( 's', 1, 486, 0 ), /* 335 T_Keys */ + S_ST( 'r', 1, 0, 0 ), /* 336 T_Keysdir */ + S_ST( 'd', 0, 0, 0 ), /* 337 T_Kod */ + S_ST( 'e', 1, 0, 0 ), /* 338 T_Leapfile */ + S_ST( 'l', 0, 0, 0 ), /* 339 T_Leapsmearinterval */ + S_ST( 'd', 0, 0, 0 ), /* 340 T_Limited */ + S_ST( 'k', 0, 0, 0 ), /* 341 T_Link */ + S_ST( 'n', 0, 0, 0 ), /* 342 T_Listen */ + S_ST( 'g', 2, 0, 0 ), /* 343 T_Logconfig */ + S_ST( 'e', 1, 0, 0 ), /* 344 T_Logfile */ + S_ST( 's', 0, 0, 0 ), /* 345 T_Loopstats */ + S_ST( 'p', 0, 0, 0 ), /* 346 T_Lowpriotrap */ + S_ST( 't', 1, 0, 0 ), /* 347 T_Manycastclient */ + S_ST( 'r', 2, 0, 0 ), /* 348 T_Manycastserver */ + S_ST( 'k', 0, 0, 0 ), /* 349 T_Mask */ + S_ST( 'e', 0, 0, 0 ), /* 350 T_Maxage */ + S_ST( 'k', 0, 0, 0 ), /* 351 T_Maxclock */ + S_ST( 'h', 0, 0, 0 ), /* 352 T_Maxdepth */ + S_ST( 't', 0, 0, 0 ), /* 353 T_Maxdist */ + S_ST( 'm', 0, 0, 0 ), /* 354 T_Maxmem */ + S_ST( 'l', 0, 0, 0 ), /* 355 T_Maxpoll */ + S_ST( 's', 0, 0, 0 ), /* 356 T_Mdnstries */ + S_ST( 'm', 0, 586, 0 ), /* 357 T_Mem */ + S_ST( 'k', 0, 0, 0 ), /* 358 T_Memlock */ + S_ST( 'k', 0, 0, 0 ), /* 359 T_Minclock */ + S_ST( 'h', 0, 0, 0 ), /* 360 T_Mindepth */ + S_ST( 't', 0, 0, 0 ), /* 361 T_Mindist */ + S_ST( 'm', 0, 0, 0 ), /* 362 T_Minimum */ + S_ST( 'r', 0, 0, 0 ), /* 363 T_Minjitter */ + S_ST( 'l', 0, 0, 0 ), /* 364 T_Minpoll */ + S_ST( 'e', 0, 0, 0 ), /* 365 T_Minsane */ + S_ST( 'e', 0, 367, 0 ), /* 366 T_Mode */ + S_ST( '7', 0, 0, 0 ), /* 367 T_Mode7 */ + S_ST( 'r', 0, 0, 0 ), /* 368 T_Monitor */ + S_ST( 'h', 0, 0, 0 ), /* 369 T_Month */ + S_ST( 'u', 0, 0, 0 ), /* 370 T_Mru */ + S_ST( 'p', 0, 0, 0 ), /* 371 T_Mssntp */ + S_ST( 't', 2, 0, 0 ), /* 372 T_Multicastclient */ + S_ST( 'c', 0, 0, 0 ), /* 373 T_Nic */ + S_ST( 'k', 0, 0, 0 ), /* 374 T_Nolink */ + S_ST( 'y', 0, 0, 0 ), /* 375 T_Nomodify */ + S_ST( 't', 0, 0, 0 ), /* 376 T_Nomrulist */ + S_ST( 'e', 0, 0, 0 ), /* 377 T_None */ + S_ST( 'e', 0, 0, 0 ), /* 378 T_Nonvolatile */ + S_ST( 'r', 0, 0, 0 ), /* 379 T_Noepeer */ + S_ST( 'r', 0, 0, 0 ), /* 380 T_Nopeer */ + S_ST( 'y', 0, 0, 0 ), /* 381 T_Noquery */ + S_ST( 't', 0, 0, 0 ), /* 382 T_Noselect */ + S_ST( 'e', 0, 0, 0 ), /* 383 T_Noserve */ + S_ST( 'p', 0, 0, 0 ), /* 384 T_Notrap */ + S_ST( 't', 0, 0, 0 ), /* 385 T_Notrust */ + S_ST( 'p', 0, 691, 0 ), /* 386 T_Ntp */ + S_ST( 't', 0, 0, 0 ), /* 387 T_Ntpport */ + S_ST( 't', 1, 0, 0 ), /* 388 T_NtpSignDsocket */ + S_ST( 'n', 0, 706, 0 ), /* 389 T_Orphan */ + S_ST( 't', 0, 0, 0 ), /* 390 T_Orphanwait */ + S_ST( 'y', 0, 0, 0 ), /* 391 T_PCEdigest */ + S_ST( 'c', 0, 0, 0 ), /* 392 T_Panic */ + S_ST( 'r', 1, 733, 0 ), /* 393 T_Peer */ + S_ST( 's', 0, 0, 0 ), /* 394 T_Peerstats */ + S_ST( 'e', 2, 0, 0 ), /* 395 T_Phone */ + S_ST( 'd', 0, 741, 0 ), /* 396 T_Pid */ + S_ST( 'e', 1, 0, 0 ), /* 397 T_Pidfile */ + S_ST( 'l', 0, 746, 0 ), /* 398 T_Poll */ + S_ST( 't', 0, 0, 0 ), /* 399 T_PollSkewList */ + S_ST( 'l', 1, 0, 0 ), /* 400 T_Pool */ + S_ST( 't', 0, 0, 0 ), /* 401 T_Port */ + S_ST( 'a', 1, 0, 0 ), /* 402 T_PpsData */ + S_ST( 't', 0, 0, 0 ), /* 403 T_Preempt */ + S_ST( 'r', 0, 0, 0 ), /* 404 T_Prefer */ + S_ST( 's', 0, 0, 0 ), /* 405 T_Protostats */ + S_ST( 'w', 1, 0, 760 ), /* 406 T_Pw */ + S_ST( 'e', 1, 0, 0 ), /* 407 T_Randfile */ + S_ST( 's', 0, 0, 0 ), /* 408 T_Rawstats */ + S_ST( 'd', 1, 0, 0 ), /* 409 T_Refid */ + S_ST( 'y', 0, 0, 0 ), /* 410 T_Requestkey */ + S_ST( 't', 0, 0, 0 ), /* 411 T_Reset */ + S_ST( 't', 0, 0, 0 ), /* 412 T_Restrict */ + S_ST( 'e', 0, 0, 0 ), /* 413 T_Revoke */ + S_ST( 't', 0, 0, 0 ), /* 414 T_Rlimit */ + S_ST( 'r', 1, 0, 0 ), /* 415 T_Saveconfigdir */ + S_ST( 'r', 1, 843, 0 ), /* 416 T_Server */ + S_ST( 'e', 0, 0, 0 ), /* 417 T_Serverresponse */ + S_ST( 'c', 3, 325, 0 ), /* 418 interfa */ + S_ST( 'r', 1, 0, 0 ), /* 419 T_Setvar */ + S_ST( 'e', 0, 0, 0 ), /* 420 T_Source */ + S_ST( 'e', 0, 0, 0 ), /* 421 T_Stacksize */ + S_ST( 's', 0, 0, 0 ), /* 422 T_Statistics */ + S_ST( 's', 0, 887, 882 ), /* 423 T_Stats */ + S_ST( 'r', 1, 0, 0 ), /* 424 T_Statsdir */ + S_ST( 'p', 0, 895, 0 ), /* 425 T_Step */ + S_ST( 'k', 0, 0, 0 ), /* 426 T_Stepback */ + S_ST( 'd', 0, 0, 0 ), /* 427 T_Stepfwd */ + S_ST( 't', 0, 0, 0 ), /* 428 T_Stepout */ + S_ST( 'm', 0, 0, 0 ), /* 429 T_Stratum */ + S_ST( 'p', 3, 475, 327 ), /* 430 i */ + S_ST( 's', 0, 902, 0 ), /* 431 T_Sys */ + S_ST( 's', 0, 0, 0 ), /* 432 T_Sysstats */ + S_ST( 'k', 0, 0, 0 ), /* 433 T_Tick */ + S_ST( '1', 0, 0, 0 ), /* 434 T_Time1 */ + S_ST( '2', 0, 0, 434 ), /* 435 T_Time2 */ + S_ST( 'a', 1, 0, 0 ), /* 436 T_TimeData */ + S_ST( 'r', 0, 0, 911 ), /* 437 T_Timer */ + S_ST( 's', 0, 0, 0 ), /* 438 T_Timingstats */ + S_ST( 'r', 0, 0, 0 ), /* 439 T_Tinker */ + S_ST( 's', 0, 0, 0 ), /* 440 T_Tos */ + S_ST( 'p', 1, 0, 0 ), /* 441 T_Trap */ + S_ST( 'e', 0, 0, 0 ), /* 442 T_True */ + S_ST( 'y', 0, 0, 0 ), /* 443 T_Trustedkey */ + S_ST( 'l', 0, 0, 0 ), /* 444 T_Ttl */ + S_ST( 'e', 0, 0, 0 ), /* 445 T_Type */ + S_ST( 'p', 3, 453, 0 ), /* 446 ip */ + S_ST( 'y', 0, 0, 0 ), /* 447 T_UEcrypto */ + S_ST( 'y', 0, 0, 0 ), /* 448 T_UEcryptonak */ + S_ST( 'y', 0, 0, 0 ), /* 449 T_UEdigest */ + S_ST( 'g', 1, 0, 0 ), /* 450 T_Unconfig */ + S_ST( 'r', 1, 947, 0 ), /* 451 T_Unpeer */ + S_ST( 'n', 0, 0, 0 ), /* 452 T_Version */ + S_ST( 'e', 3, 459, 0 ), /* 453 ipp */ + S_ST( 'k', 0, 0, 0 ), /* 454 T_Week */ + S_ST( 'd', 0, 0, 0 ), /* 455 T_Wildcard */ + S_ST( 'e', 0, 0, 0 ), /* 456 T_Xleave */ + S_ST( 'e', 0, 0, 0 ), /* 457 T_Xmtnonce */ + S_ST( 'r', 0, 0, 0 ), /* 458 T_Year */ + S_ST( 'e', 3, 460, 0 ), /* 459 ippe */ + S_ST( 'r', 3, 471, 0 ), /* 460 ippee */ + S_ST( 'e', 0, 0, 0 ), /* 461 T_Simulate */ + S_ST( 'y', 0, 0, 0 ), /* 462 T_Beep_Delay */ + S_ST( 'n', 0, 0, 0 ), /* 463 T_Sim_Duration */ + S_ST( 't', 0, 0, 0 ), /* 464 T_Server_Offset */ + S_ST( 'n', 0, 0, 0 ), /* 465 T_Duration */ + S_ST( 't', 0, 0, 0 ), /* 466 T_Freq_Offset */ + S_ST( 'r', 0, 0, 0 ), /* 467 T_Wander */ + S_ST( 'r', 0, 0, 0 ), /* 468 T_Jitter */ + S_ST( 'y', 0, 0, 0 ), /* 469 T_Prop_Delay */ + S_ST( 'y', 0, 0, 0 ), /* 470 T_Proc_Delay */ + S_ST( 'l', 3, 472, 0 ), /* 471 ippeer */ + S_ST( 'i', 3, 473, 0 ), /* 472 ippeerl */ + S_ST( 'm', 3, 474, 0 ), /* 473 ippeerli */ + S_ST( 'i', 3, 328, 0 ), /* 474 ippeerlim */ + S_ST( 'v', 3, 331, 446 ), /* 475 ip */ + S_ST( 'j', 3, 477, 219 ), /* 476 */ + S_ST( 'i', 3, 478, 0 ), /* 477 j */ + S_ST( 't', 3, 479, 0 ), /* 478 ji */ + S_ST( 't', 3, 480, 0 ), /* 479 jit */ + S_ST( 'e', 3, 468, 0 ), /* 480 jitt */ + S_ST( 'k', 3, 488, 476 ), /* 481 */ + S_ST( 'e', 3, 334, 0 ), /* 482 k */ + S_ST( 'r', 3, 484, 0 ), /* 483 ke */ + S_ST( 'n', 3, 485, 0 ), /* 484 ker */ + S_ST( 'e', 3, 333, 0 ), /* 485 kern */ + S_ST( 'd', 3, 487, 0 ), /* 486 keys */ + S_ST( 'i', 3, 336, 0 ), /* 487 keysd */ + S_ST( 'o', 3, 337, 482 ), /* 488 k */ + S_ST( 'l', 3, 517, 481 ), /* 489 */ + S_ST( 'e', 3, 491, 0 ), /* 490 l */ + S_ST( 'a', 3, 492, 0 ), /* 491 le */ + S_ST( 'p', 3, 496, 0 ), /* 492 lea */ + S_ST( 'f', 3, 494, 0 ), /* 493 leap */ + S_ST( 'i', 3, 495, 0 ), /* 494 leapf */ + S_ST( 'l', 3, 338, 0 ), /* 495 leapfi */ + S_ST( 's', 3, 497, 493 ), /* 496 leap */ + S_ST( 'm', 3, 498, 0 ), /* 497 leaps */ + S_ST( 'e', 3, 499, 0 ), /* 498 leapsm */ + S_ST( 'a', 3, 500, 0 ), /* 499 leapsme */ + S_ST( 'r', 3, 501, 0 ), /* 500 leapsmea */ + S_ST( 'i', 3, 502, 0 ), /* 501 leapsmear */ + S_ST( 'n', 3, 503, 0 ), /* 502 leapsmeari */ + S_ST( 't', 3, 504, 0 ), /* 503 leapsmearin */ + S_ST( 'e', 3, 505, 0 ), /* 504 leapsmearint */ + S_ST( 'r', 3, 506, 0 ), /* 505 leapsmearinte */ + S_ST( 'v', 3, 507, 0 ), /* 506 leapsmearinter */ + S_ST( 'a', 3, 339, 0 ), /* 507 leapsmearinterv */ + S_ST( 'i', 3, 514, 490 ), /* 508 l */ + S_ST( 'm', 3, 510, 0 ), /* 509 li */ + S_ST( 'i', 3, 511, 0 ), /* 510 lim */ + S_ST( 't', 3, 512, 0 ), /* 511 limi */ + S_ST( 'e', 3, 340, 0 ), /* 512 limit */ + S_ST( 'n', 3, 341, 509 ), /* 513 li */ + S_ST( 's', 3, 515, 513 ), /* 514 li */ + S_ST( 't', 3, 516, 0 ), /* 515 lis */ + S_ST( 'e', 3, 342, 0 ), /* 516 list */ + S_ST( 'o', 3, 533, 508 ), /* 517 l */ + S_ST( 'g', 3, 524, 0 ), /* 518 lo */ + S_ST( 'c', 3, 520, 0 ), /* 519 log */ + S_ST( 'o', 3, 521, 0 ), /* 520 logc */ + S_ST( 'n', 3, 522, 0 ), /* 521 logco */ + S_ST( 'f', 3, 523, 0 ), /* 522 logcon */ + S_ST( 'i', 3, 343, 0 ), /* 523 logconf */ + S_ST( 'f', 3, 525, 519 ), /* 524 log */ + S_ST( 'i', 3, 526, 0 ), /* 525 logf */ + S_ST( 'l', 3, 344, 0 ), /* 526 logfi */ + S_ST( 'o', 3, 528, 518 ), /* 527 lo */ + S_ST( 'p', 3, 529, 0 ), /* 528 loo */ + S_ST( 's', 3, 530, 0 ), /* 529 loop */ + S_ST( 't', 3, 531, 0 ), /* 530 loops */ + S_ST( 'a', 3, 532, 0 ), /* 531 loopst */ + S_ST( 't', 3, 345, 0 ), /* 532 loopsta */ + S_ST( 'w', 3, 534, 527 ), /* 533 lo */ + S_ST( 'p', 3, 535, 0 ), /* 534 low */ + S_ST( 'r', 3, 536, 0 ), /* 535 lowp */ + S_ST( 'i', 3, 537, 0 ), /* 536 lowpr */ + S_ST( 'o', 3, 538, 0 ), /* 537 lowpri */ + S_ST( 't', 3, 539, 0 ), /* 538 lowprio */ + S_ST( 'r', 3, 540, 0 ), /* 539 lowpriot */ + S_ST( 'a', 3, 346, 0 ), /* 540 lowpriotr */ + S_ST( 'm', 3, 627, 489 ), /* 541 */ + S_ST( 'a', 3, 560, 0 ), /* 542 m */ + S_ST( 'n', 3, 544, 0 ), /* 543 ma */ + S_ST( 'y', 3, 545, 0 ), /* 544 man */ + S_ST( 'c', 3, 546, 0 ), /* 545 many */ + S_ST( 'a', 3, 547, 0 ), /* 546 manyc */ + S_ST( 's', 3, 548, 0 ), /* 547 manyca */ + S_ST( 't', 3, 554, 0 ), /* 548 manycas */ + S_ST( 'c', 3, 550, 0 ), /* 549 manycast */ + S_ST( 'l', 3, 551, 0 ), /* 550 manycastc */ + S_ST( 'i', 3, 552, 0 ), /* 551 manycastcl */ + S_ST( 'e', 3, 553, 0 ), /* 552 manycastcli */ + S_ST( 'n', 3, 347, 0 ), /* 553 manycastclie */ + S_ST( 's', 3, 555, 549 ), /* 554 manycast */ + S_ST( 'e', 3, 556, 0 ), /* 555 manycasts */ + S_ST( 'r', 3, 557, 0 ), /* 556 manycastse */ + S_ST( 'v', 3, 558, 0 ), /* 557 manycastser */ + S_ST( 'e', 3, 348, 0 ), /* 558 manycastserv */ + S_ST( 's', 3, 349, 543 ), /* 559 ma */ + S_ST( 'x', 3, 575, 559 ), /* 560 ma */ + S_ST( 'a', 3, 562, 0 ), /* 561 max */ + S_ST( 'g', 3, 350, 0 ), /* 562 maxa */ + S_ST( 'c', 3, 564, 561 ), /* 563 max */ + S_ST( 'l', 3, 565, 0 ), /* 564 maxc */ + S_ST( 'o', 3, 566, 0 ), /* 565 maxcl */ + S_ST( 'c', 3, 351, 0 ), /* 566 maxclo */ + S_ST( 'd', 3, 571, 563 ), /* 567 max */ + S_ST( 'e', 3, 569, 0 ), /* 568 maxd */ + S_ST( 'p', 3, 570, 0 ), /* 569 maxde */ + S_ST( 't', 3, 352, 0 ), /* 570 maxdep */ + S_ST( 'i', 3, 572, 568 ), /* 571 maxd */ + S_ST( 's', 3, 353, 0 ), /* 572 maxdi */ + S_ST( 'm', 3, 574, 567 ), /* 573 max */ + S_ST( 'e', 3, 354, 0 ), /* 574 maxm */ + S_ST( 'p', 3, 576, 573 ), /* 575 max */ + S_ST( 'o', 3, 577, 0 ), /* 576 maxp */ + S_ST( 'l', 3, 355, 0 ), /* 577 maxpo */ + S_ST( 'd', 3, 579, 542 ), /* 578 m */ + S_ST( 'n', 3, 580, 0 ), /* 579 md */ + S_ST( 's', 3, 581, 0 ), /* 580 mdn */ + S_ST( 't', 3, 582, 0 ), /* 581 mdns */ + S_ST( 'r', 3, 583, 0 ), /* 582 mdnst */ + S_ST( 'i', 3, 584, 0 ), /* 583 mdnstr */ + S_ST( 'e', 3, 356, 0 ), /* 584 mdnstri */ + S_ST( 'e', 3, 357, 578 ), /* 585 m */ + S_ST( 'l', 3, 587, 0 ), /* 586 mem */ + S_ST( 'o', 3, 588, 0 ), /* 587 meml */ + S_ST( 'c', 3, 358, 0 ), /* 588 memlo */ + S_ST( 'i', 3, 590, 585 ), /* 589 m */ + S_ST( 'n', 3, 612, 0 ), /* 590 mi */ + S_ST( 'c', 3, 592, 0 ), /* 591 min */ + S_ST( 'l', 3, 593, 0 ), /* 592 minc */ + S_ST( 'o', 3, 594, 0 ), /* 593 mincl */ + S_ST( 'c', 3, 359, 0 ), /* 594 minclo */ + S_ST( 'd', 3, 599, 591 ), /* 595 min */ + S_ST( 'e', 3, 597, 0 ), /* 596 mind */ + S_ST( 'p', 3, 598, 0 ), /* 597 minde */ + S_ST( 't', 3, 360, 0 ), /* 598 mindep */ + S_ST( 'i', 3, 600, 596 ), /* 599 mind */ + S_ST( 's', 3, 361, 0 ), /* 600 mindi */ + S_ST( 'i', 3, 602, 595 ), /* 601 min */ + S_ST( 'm', 3, 603, 0 ), /* 602 mini */ + S_ST( 'u', 3, 362, 0 ), /* 603 minim */ + S_ST( 'j', 3, 605, 601 ), /* 604 min */ + S_ST( 'i', 3, 606, 0 ), /* 605 minj */ + S_ST( 't', 3, 607, 0 ), /* 606 minji */ + S_ST( 't', 3, 608, 0 ), /* 607 minjit */ + S_ST( 'e', 3, 363, 0 ), /* 608 minjitt */ + S_ST( 'p', 3, 610, 604 ), /* 609 min */ + S_ST( 'o', 3, 611, 0 ), /* 610 minp */ + S_ST( 'l', 3, 364, 0 ), /* 611 minpo */ + S_ST( 's', 3, 613, 609 ), /* 612 min */ + S_ST( 'a', 3, 614, 0 ), /* 613 mins */ + S_ST( 'n', 3, 365, 0 ), /* 614 minsa */ + S_ST( 'o', 3, 617, 589 ), /* 615 m */ + S_ST( 'd', 3, 366, 0 ), /* 616 mo */ + S_ST( 'n', 3, 621, 616 ), /* 617 mo */ + S_ST( 'i', 3, 619, 0 ), /* 618 mon */ + S_ST( 't', 3, 620, 0 ), /* 619 moni */ + S_ST( 'o', 3, 368, 0 ), /* 620 monit */ + S_ST( 't', 3, 369, 618 ), /* 621 mon */ + S_ST( 'r', 3, 370, 615 ), /* 622 m */ + S_ST( 's', 3, 624, 622 ), /* 623 m */ + S_ST( 's', 3, 625, 0 ), /* 624 ms */ + S_ST( 'n', 3, 626, 0 ), /* 625 mss */ + S_ST( 't', 3, 371, 0 ), /* 626 mssn */ + S_ST( 'u', 3, 628, 623 ), /* 627 m */ + S_ST( 'l', 3, 629, 0 ), /* 628 mu */ + S_ST( 't', 3, 630, 0 ), /* 629 mul */ + S_ST( 'i', 3, 631, 0 ), /* 630 mult */ + S_ST( 'c', 3, 632, 0 ), /* 631 multi */ + S_ST( 'a', 3, 633, 0 ), /* 632 multic */ + S_ST( 's', 3, 634, 0 ), /* 633 multica */ + S_ST( 't', 3, 635, 0 ), /* 634 multicas */ + S_ST( 'c', 3, 636, 0 ), /* 635 multicast */ + S_ST( 'l', 3, 637, 0 ), /* 636 multicastc */ + S_ST( 'i', 3, 638, 0 ), /* 637 multicastcl */ + S_ST( 'e', 3, 639, 0 ), /* 638 multicastcli */ + S_ST( 'n', 3, 372, 0 ), /* 639 multicastclie */ + S_ST( 'n', 3, 687, 541 ), /* 640 */ + S_ST( 'i', 3, 373, 0 ), /* 641 n */ + S_ST( 'o', 3, 682, 641 ), /* 642 n */ + S_ST( 'e', 3, 644, 0 ), /* 643 no */ + S_ST( 'p', 3, 645, 0 ), /* 644 noe */ + S_ST( 'e', 3, 646, 0 ), /* 645 noep */ + S_ST( 'e', 3, 379, 0 ), /* 646 noepe */ + S_ST( 'l', 3, 648, 643 ), /* 647 no */ + S_ST( 'i', 3, 649, 0 ), /* 648 nol */ + S_ST( 'n', 3, 374, 0 ), /* 649 noli */ + S_ST( 'm', 3, 655, 647 ), /* 650 no */ + S_ST( 'o', 3, 652, 0 ), /* 651 nom */ + S_ST( 'd', 3, 653, 0 ), /* 652 nomo */ + S_ST( 'i', 3, 654, 0 ), /* 653 nomod */ + S_ST( 'f', 3, 375, 0 ), /* 654 nomodi */ + S_ST( 'r', 3, 656, 651 ), /* 655 nom */ + S_ST( 'u', 3, 657, 0 ), /* 656 nomr */ + S_ST( 'l', 3, 658, 0 ), /* 657 nomru */ + S_ST( 'i', 3, 659, 0 ), /* 658 nomrul */ + S_ST( 's', 3, 376, 0 ), /* 659 nomruli */ + S_ST( 'n', 3, 661, 650 ), /* 660 no */ + S_ST( 'v', 3, 662, 377 ), /* 661 non */ + S_ST( 'o', 3, 663, 0 ), /* 662 nonv */ + S_ST( 'l', 3, 664, 0 ), /* 663 nonvo */ + S_ST( 'a', 3, 665, 0 ), /* 664 nonvol */ + S_ST( 't', 3, 666, 0 ), /* 665 nonvola */ + S_ST( 'i', 3, 667, 0 ), /* 666 nonvolat */ + S_ST( 'l', 3, 378, 0 ), /* 667 nonvolati */ + S_ST( 'p', 3, 669, 660 ), /* 668 no */ + S_ST( 'e', 3, 670, 0 ), /* 669 nop */ + S_ST( 'e', 3, 380, 0 ), /* 670 nope */ + S_ST( 'q', 3, 672, 668 ), /* 671 no */ + S_ST( 'u', 3, 673, 0 ), /* 672 noq */ + S_ST( 'e', 3, 674, 0 ), /* 673 noqu */ + S_ST( 'r', 3, 381, 0 ), /* 674 noque */ + S_ST( 's', 3, 676, 671 ), /* 675 no */ + S_ST( 'e', 3, 680, 0 ), /* 676 nos */ + S_ST( 'l', 3, 678, 0 ), /* 677 nose */ + S_ST( 'e', 3, 679, 0 ), /* 678 nosel */ + S_ST( 'c', 3, 382, 0 ), /* 679 nosele */ + S_ST( 'r', 3, 681, 677 ), /* 680 nose */ + S_ST( 'v', 3, 383, 0 ), /* 681 noser */ + S_ST( 't', 3, 683, 675 ), /* 682 no */ + S_ST( 'r', 3, 685, 0 ), /* 683 not */ + S_ST( 'a', 3, 384, 0 ), /* 684 notr */ + S_ST( 'u', 3, 686, 684 ), /* 685 notr */ + S_ST( 's', 3, 385, 0 ), /* 686 notru */ + S_ST( 't', 3, 386, 642 ), /* 687 n */ + S_ST( 'p', 3, 689, 0 ), /* 688 ntp */ + S_ST( 'o', 3, 690, 0 ), /* 689 ntpp */ + S_ST( 'r', 3, 387, 0 ), /* 690 ntppo */ + S_ST( 's', 3, 692, 688 ), /* 691 ntp */ + S_ST( 'i', 3, 693, 0 ), /* 692 ntps */ + S_ST( 'g', 3, 694, 0 ), /* 693 ntpsi */ + S_ST( 'n', 3, 695, 0 ), /* 694 ntpsig */ + S_ST( 'd', 3, 696, 0 ), /* 695 ntpsign */ + S_ST( 's', 3, 697, 0 ), /* 696 ntpsignd */ + S_ST( 'o', 3, 698, 0 ), /* 697 ntpsignds */ + S_ST( 'c', 3, 699, 0 ), /* 698 ntpsigndso */ + S_ST( 'k', 3, 700, 0 ), /* 699 ntpsigndsoc */ + S_ST( 'e', 3, 388, 0 ), /* 700 ntpsigndsock */ + S_ST( 'o', 3, 702, 640 ), /* 701 */ + S_ST( 'r', 3, 703, 0 ), /* 702 o */ + S_ST( 'p', 3, 704, 0 ), /* 703 or */ + S_ST( 'h', 3, 705, 0 ), /* 704 orp */ + S_ST( 'a', 3, 389, 0 ), /* 705 orph */ + S_ST( 'w', 3, 707, 0 ), /* 706 orphan */ + S_ST( 'a', 3, 708, 0 ), /* 707 orphanw */ + S_ST( 'i', 3, 390, 0 ), /* 708 orphanwa */ + S_ST( 'p', 3, 406, 701 ), /* 709 */ + S_ST( 'a', 3, 711, 0 ), /* 710 p */ + S_ST( 'n', 3, 712, 0 ), /* 711 pa */ + S_ST( 'i', 3, 392, 0 ), /* 712 pan */ + S_ST( 'e', 3, 714, 710 ), /* 713 p */ + S_ST( 'e', 3, 393, 0 ), /* 714 pe */ + S_ST( '_', 3, 716, 0 ), /* 715 peer */ + S_ST( 'c', 3, 717, 0 ), /* 716 peer_ */ + S_ST( 'l', 3, 718, 0 ), /* 717 peer_c */ + S_ST( 'e', 3, 719, 0 ), /* 718 peer_cl */ + S_ST( 'a', 3, 720, 0 ), /* 719 peer_cle */ + S_ST( 'r', 3, 721, 0 ), /* 720 peer_clea */ + S_ST( '_', 3, 722, 0 ), /* 721 peer_clear */ + S_ST( 'd', 3, 723, 0 ), /* 722 peer_clear_ */ + S_ST( 'i', 3, 724, 0 ), /* 723 peer_clear_d */ + S_ST( 'g', 3, 725, 0 ), /* 724 peer_clear_di */ + S_ST( 'e', 3, 726, 0 ), /* 725 peer_clear_dig */ + S_ST( 's', 3, 727, 0 ), /* 726 peer_clear_dige */ + S_ST( 't', 3, 728, 0 ), /* 727 peer_clear_diges */ + S_ST( '_', 3, 729, 0 ), /* 728 peer_clear_digest */ + S_ST( 'e', 3, 730, 0 ), /* 729 peer_clear_digest_ */ + S_ST( 'a', 3, 731, 0 ), /* 730 peer_clear_digest_e */ + S_ST( 'r', 3, 732, 0 ), /* 731 peer_clear_digest_ea */ + S_ST( 'l', 3, 391, 0 ), /* 732 peer_clear_digest_ear */ + S_ST( 's', 3, 734, 715 ), /* 733 peer */ + S_ST( 't', 3, 735, 0 ), /* 734 peers */ + S_ST( 'a', 3, 736, 0 ), /* 735 peerst */ + S_ST( 't', 3, 394, 0 ), /* 736 peersta */ + S_ST( 'h', 3, 738, 713 ), /* 737 p */ + S_ST( 'o', 3, 739, 0 ), /* 738 ph */ + S_ST( 'n', 3, 395, 0 ), /* 739 pho */ + S_ST( 'i', 3, 396, 737 ), /* 740 p */ + S_ST( 'f', 3, 742, 0 ), /* 741 pid */ + S_ST( 'i', 3, 743, 0 ), /* 742 pidf */ + S_ST( 'l', 3, 397, 0 ), /* 743 pidfi */ + S_ST( 'o', 3, 754, 740 ), /* 744 p */ + S_ST( 'l', 3, 398, 0 ), /* 745 po */ + S_ST( 's', 3, 747, 0 ), /* 746 poll */ + S_ST( 'k', 3, 748, 0 ), /* 747 polls */ + S_ST( 'e', 3, 749, 0 ), /* 748 pollsk */ + S_ST( 'w', 3, 750, 0 ), /* 749 pollske */ + S_ST( 'l', 3, 751, 0 ), /* 750 pollskew */ + S_ST( 'i', 3, 752, 0 ), /* 751 pollskewl */ + S_ST( 's', 3, 399, 0 ), /* 752 pollskewli */ + S_ST( 'o', 3, 400, 745 ), /* 753 po */ + S_ST( 'r', 3, 401, 753 ), /* 754 po */ + S_ST( 'p', 3, 756, 744 ), /* 755 p */ + S_ST( 's', 3, 757, 0 ), /* 756 pp */ + S_ST( 'd', 3, 758, 0 ), /* 757 pps */ + S_ST( 'a', 3, 759, 0 ), /* 758 ppsd */ + S_ST( 't', 3, 402, 0 ), /* 759 ppsda */ + S_ST( 'r', 3, 767, 755 ), /* 760 p */ + S_ST( 'e', 3, 765, 0 ), /* 761 pr */ + S_ST( 'e', 3, 763, 0 ), /* 762 pre */ + S_ST( 'm', 3, 764, 0 ), /* 763 pree */ + S_ST( 'p', 3, 403, 0 ), /* 764 preem */ + S_ST( 'f', 3, 766, 762 ), /* 765 pre */ + S_ST( 'e', 3, 404, 0 ), /* 766 pref */ + S_ST( 'o', 3, 780, 761 ), /* 767 pr */ + S_ST( 'c', 3, 769, 0 ), /* 768 pro */ + S_ST( '_', 3, 770, 0 ), /* 769 proc */ + S_ST( 'd', 3, 771, 0 ), /* 770 proc_ */ + S_ST( 'e', 3, 772, 0 ), /* 771 proc_d */ + S_ST( 'l', 3, 773, 0 ), /* 772 proc_de */ + S_ST( 'a', 3, 470, 0 ), /* 773 proc_del */ + S_ST( 'p', 3, 775, 768 ), /* 774 pro */ + S_ST( '_', 3, 776, 0 ), /* 775 prop */ + S_ST( 'd', 3, 777, 0 ), /* 776 prop_ */ + S_ST( 'e', 3, 778, 0 ), /* 777 prop_d */ + S_ST( 'l', 3, 779, 0 ), /* 778 prop_de */ + S_ST( 'a', 3, 469, 0 ), /* 779 prop_del */ + S_ST( 't', 3, 781, 774 ), /* 780 pro */ + S_ST( 'o', 3, 782, 0 ), /* 781 prot */ + S_ST( 's', 3, 783, 0 ), /* 782 proto */ + S_ST( 't', 3, 784, 0 ), /* 783 protos */ + S_ST( 'a', 3, 785, 0 ), /* 784 protost */ + S_ST( 't', 3, 405, 0 ), /* 785 protosta */ + S_ST( 'r', 3, 817, 709 ), /* 786 */ + S_ST( 'a', 3, 793, 0 ), /* 787 r */ + S_ST( 'n', 3, 789, 0 ), /* 788 ra */ + S_ST( 'd', 3, 790, 0 ), /* 789 ran */ + S_ST( 'f', 3, 791, 0 ), /* 790 rand */ + S_ST( 'i', 3, 792, 0 ), /* 791 randf */ + S_ST( 'l', 3, 407, 0 ), /* 792 randfi */ + S_ST( 'w', 3, 794, 788 ), /* 793 ra */ + S_ST( 's', 3, 795, 0 ), /* 794 raw */ + S_ST( 't', 3, 796, 0 ), /* 795 raws */ + S_ST( 'a', 3, 797, 0 ), /* 796 rawst */ + S_ST( 't', 3, 408, 0 ), /* 797 rawsta */ + S_ST( 'e', 3, 814, 787 ), /* 798 r */ + S_ST( 'f', 3, 800, 0 ), /* 799 re */ + S_ST( 'i', 3, 409, 0 ), /* 800 ref */ + S_ST( 'q', 3, 802, 799 ), /* 801 re */ + S_ST( 'u', 3, 803, 0 ), /* 802 req */ + S_ST( 'e', 3, 804, 0 ), /* 803 requ */ + S_ST( 's', 3, 805, 0 ), /* 804 reque */ + S_ST( 't', 3, 806, 0 ), /* 805 reques */ + S_ST( 'k', 3, 807, 0 ), /* 806 request */ + S_ST( 'e', 3, 410, 0 ), /* 807 requestk */ + S_ST( 's', 3, 810, 801 ), /* 808 re */ + S_ST( 'e', 3, 411, 0 ), /* 809 res */ + S_ST( 't', 3, 811, 809 ), /* 810 res */ + S_ST( 'r', 3, 812, 0 ), /* 811 rest */ + S_ST( 'i', 3, 813, 0 ), /* 812 restr */ + S_ST( 'c', 3, 412, 0 ), /* 813 restri */ + S_ST( 'v', 3, 815, 808 ), /* 814 re */ + S_ST( 'o', 3, 816, 0 ), /* 815 rev */ + S_ST( 'k', 3, 413, 0 ), /* 816 revo */ + S_ST( 'l', 3, 818, 798 ), /* 817 r */ + S_ST( 'i', 3, 819, 0 ), /* 818 rl */ + S_ST( 'm', 3, 820, 0 ), /* 819 rli */ + S_ST( 'i', 3, 414, 0 ), /* 820 rlim */ + S_ST( 's', 3, 901, 786 ), /* 821 */ + S_ST( 'a', 3, 823, 0 ), /* 822 s */ + S_ST( 'v', 3, 824, 0 ), /* 823 sa */ + S_ST( 'e', 3, 825, 0 ), /* 824 sav */ + S_ST( 'c', 3, 826, 0 ), /* 825 save */ + S_ST( 'o', 3, 827, 0 ), /* 826 savec */ + S_ST( 'n', 3, 828, 0 ), /* 827 saveco */ + S_ST( 'f', 3, 829, 0 ), /* 828 savecon */ + S_ST( 'i', 3, 830, 0 ), /* 829 saveconf */ + S_ST( 'g', 3, 831, 0 ), /* 830 saveconfi */ + S_ST( 'd', 3, 832, 0 ), /* 831 saveconfig */ + S_ST( 'i', 3, 415, 0 ), /* 832 saveconfigd */ + S_ST( 'e', 3, 850, 822 ), /* 833 s */ + S_ST( 'r', 3, 835, 0 ), /* 834 se */ + S_ST( 'v', 3, 836, 0 ), /* 835 ser */ + S_ST( 'e', 3, 416, 0 ), /* 836 serv */ + S_ST( '_', 3, 838, 0 ), /* 837 server */ + S_ST( 'o', 3, 839, 0 ), /* 838 server_ */ + S_ST( 'f', 3, 840, 0 ), /* 839 server_o */ + S_ST( 'f', 3, 841, 0 ), /* 840 server_of */ + S_ST( 's', 3, 842, 0 ), /* 841 server_off */ + S_ST( 'e', 3, 464, 0 ), /* 842 server_offs */ + S_ST( 'r', 3, 844, 837 ), /* 843 server */ + S_ST( 'e', 3, 845, 0 ), /* 844 serverr */ + S_ST( 's', 3, 846, 0 ), /* 845 serverre */ + S_ST( 'p', 3, 847, 0 ), /* 846 serverres */ + S_ST( 'o', 3, 848, 0 ), /* 847 serverresp */ + S_ST( 'n', 3, 849, 0 ), /* 848 serverrespo */ + S_ST( 's', 3, 417, 0 ), /* 849 serverrespon */ + S_ST( 't', 3, 851, 834 ), /* 850 se */ + S_ST( 'v', 3, 852, 0 ), /* 851 set */ + S_ST( 'a', 3, 419, 0 ), /* 852 setv */ + S_ST( 'i', 3, 854, 833 ), /* 853 s */ + S_ST( 'm', 3, 855, 0 ), /* 854 si */ + S_ST( 'u', 3, 856, 0 ), /* 855 sim */ + S_ST( 'l', 3, 857, 0 ), /* 856 simu */ + S_ST( 'a', 3, 858, 0 ), /* 857 simul */ + S_ST( 't', 3, 859, 0 ), /* 858 simula */ + S_ST( 'i', 3, 860, 461 ), /* 859 simulat */ + S_ST( 'o', 3, 861, 0 ), /* 860 simulati */ + S_ST( 'n', 3, 862, 0 ), /* 861 simulatio */ + S_ST( '_', 3, 863, 0 ), /* 862 simulation */ + S_ST( 'd', 3, 864, 0 ), /* 863 simulation_ */ + S_ST( 'u', 3, 865, 0 ), /* 864 simulation_d */ + S_ST( 'r', 3, 866, 0 ), /* 865 simulation_du */ + S_ST( 'a', 3, 867, 0 ), /* 866 simulation_dur */ + S_ST( 't', 3, 868, 0 ), /* 867 simulation_dura */ + S_ST( 'i', 3, 869, 0 ), /* 868 simulation_durat */ + S_ST( 'o', 3, 463, 0 ), /* 869 simulation_durati */ + S_ST( 'o', 3, 871, 853 ), /* 870 s */ + S_ST( 'u', 3, 872, 0 ), /* 871 so */ + S_ST( 'r', 3, 873, 0 ), /* 872 sou */ + S_ST( 'c', 3, 420, 0 ), /* 873 sour */ + S_ST( 't', 3, 897, 870 ), /* 874 s */ + S_ST( 'a', 3, 881, 0 ), /* 875 st */ + S_ST( 'c', 3, 877, 0 ), /* 876 sta */ + S_ST( 'k', 3, 878, 0 ), /* 877 stac */ + S_ST( 's', 3, 879, 0 ), /* 878 stack */ + S_ST( 'i', 3, 880, 0 ), /* 879 stacks */ + S_ST( 'z', 3, 421, 0 ), /* 880 stacksi */ + S_ST( 't', 3, 423, 876 ), /* 881 sta */ + S_ST( 'i', 3, 883, 0 ), /* 882 stat */ + S_ST( 's', 3, 884, 0 ), /* 883 stati */ + S_ST( 't', 3, 885, 0 ), /* 884 statis */ + S_ST( 'i', 3, 886, 0 ), /* 885 statist */ + S_ST( 'c', 3, 422, 0 ), /* 886 statisti */ + S_ST( 'd', 3, 888, 0 ), /* 887 stats */ + S_ST( 'i', 3, 424, 0 ), /* 888 statsd */ + S_ST( 'e', 3, 425, 875 ), /* 889 st */ + S_ST( 'b', 3, 891, 0 ), /* 890 step */ + S_ST( 'a', 3, 892, 0 ), /* 891 stepb */ + S_ST( 'c', 3, 426, 0 ), /* 892 stepba */ + S_ST( 'f', 3, 894, 890 ), /* 893 step */ + S_ST( 'w', 3, 427, 0 ), /* 894 stepf */ + S_ST( 'o', 3, 896, 893 ), /* 895 step */ + S_ST( 'u', 3, 428, 0 ), /* 896 stepo */ + S_ST( 'r', 3, 898, 889 ), /* 897 st */ + S_ST( 'a', 3, 899, 0 ), /* 898 str */ + S_ST( 't', 3, 900, 0 ), /* 899 stra */ + S_ST( 'u', 3, 429, 0 ), /* 900 strat */ + S_ST( 'y', 3, 431, 874 ), /* 901 s */ + S_ST( 's', 3, 903, 0 ), /* 902 sys */ + S_ST( 't', 3, 904, 0 ), /* 903 syss */ + S_ST( 'a', 3, 905, 0 ), /* 904 sysst */ + S_ST( 't', 3, 432, 0 ), /* 905 syssta */ + S_ST( 't', 3, 935, 821 ), /* 906 */ + S_ST( 'i', 3, 921, 0 ), /* 907 t */ + S_ST( 'c', 3, 433, 0 ), /* 908 ti */ + S_ST( 'm', 3, 914, 908 ), /* 909 ti */ + S_ST( 'e', 3, 437, 0 ), /* 910 tim */ + S_ST( 'd', 3, 912, 435 ), /* 911 time */ + S_ST( 'a', 3, 913, 0 ), /* 912 timed */ + S_ST( 't', 3, 436, 0 ), /* 913 timeda */ + S_ST( 'i', 3, 915, 910 ), /* 914 tim */ + S_ST( 'n', 3, 916, 0 ), /* 915 timi */ + S_ST( 'g', 3, 917, 0 ), /* 916 timin */ + S_ST( 's', 3, 918, 0 ), /* 917 timing */ + S_ST( 't', 3, 919, 0 ), /* 918 timings */ + S_ST( 'a', 3, 920, 0 ), /* 919 timingst */ + S_ST( 't', 3, 438, 0 ), /* 920 timingsta */ + S_ST( 'n', 3, 922, 909 ), /* 921 ti */ + S_ST( 'k', 3, 923, 0 ), /* 922 tin */ + S_ST( 'e', 3, 439, 0 ), /* 923 tink */ + S_ST( 'o', 3, 440, 907 ), /* 924 t */ + S_ST( 'r', 3, 927, 924 ), /* 925 t */ + S_ST( 'a', 3, 441, 0 ), /* 926 tr */ + S_ST( 'u', 3, 928, 926 ), /* 927 tr */ + S_ST( 's', 3, 929, 442 ), /* 928 tru */ + S_ST( 't', 3, 930, 0 ), /* 929 trus */ + S_ST( 'e', 3, 931, 0 ), /* 930 trust */ + S_ST( 'd', 3, 932, 0 ), /* 931 truste */ + S_ST( 'k', 3, 933, 0 ), /* 932 trusted */ + S_ST( 'e', 3, 443, 0 ), /* 933 trustedk */ + S_ST( 't', 3, 444, 925 ), /* 934 t */ + S_ST( 'y', 3, 936, 934 ), /* 935 t */ + S_ST( 'p', 3, 445, 0 ), /* 936 ty */ + S_ST( 'u', 3, 938, 906 ), /* 937 */ + S_ST( 'n', 3, 944, 0 ), /* 938 u */ + S_ST( 'c', 3, 940, 0 ), /* 939 un */ + S_ST( 'o', 3, 941, 0 ), /* 940 unc */ + S_ST( 'n', 3, 942, 0 ), /* 941 unco */ + S_ST( 'f', 3, 943, 0 ), /* 942 uncon */ + S_ST( 'i', 3, 450, 0 ), /* 943 unconf */ + S_ST( 'p', 3, 945, 939 ), /* 944 un */ + S_ST( 'e', 3, 946, 0 ), /* 945 unp */ + S_ST( 'e', 3, 451, 0 ), /* 946 unpe */ + S_ST( '_', 3, 967, 0 ), /* 947 unpeer */ + S_ST( 'c', 3, 949, 0 ), /* 948 unpeer_ */ + S_ST( 'r', 3, 950, 0 ), /* 949 unpeer_c */ + S_ST( 'y', 3, 951, 0 ), /* 950 unpeer_cr */ + S_ST( 'p', 3, 952, 0 ), /* 951 unpeer_cry */ + S_ST( 't', 3, 953, 0 ), /* 952 unpeer_cryp */ + S_ST( 'o', 3, 954, 0 ), /* 953 unpeer_crypt */ + S_ST( '_', 3, 959, 0 ), /* 954 unpeer_crypto */ + S_ST( 'e', 3, 956, 0 ), /* 955 unpeer_crypto_ */ + S_ST( 'a', 3, 957, 0 ), /* 956 unpeer_crypto_e */ + S_ST( 'r', 3, 958, 0 ), /* 957 unpeer_crypto_ea */ + S_ST( 'l', 3, 447, 0 ), /* 958 unpeer_crypto_ear */ + S_ST( 'n', 3, 960, 955 ), /* 959 unpeer_crypto_ */ + S_ST( 'a', 3, 961, 0 ), /* 960 unpeer_crypto_n */ + S_ST( 'k', 3, 962, 0 ), /* 961 unpeer_crypto_na */ + S_ST( '_', 3, 963, 0 ), /* 962 unpeer_crypto_nak */ + S_ST( 'e', 3, 964, 0 ), /* 963 unpeer_crypto_nak_ */ + S_ST( 'a', 3, 965, 0 ), /* 964 unpeer_crypto_nak_e */ + S_ST( 'r', 3, 966, 0 ), /* 965 unpeer_crypto_nak_ea */ + S_ST( 'l', 3, 448, 0 ), /* 966 unpeer_crypto_nak_ear */ + S_ST( 'd', 3, 968, 948 ), /* 967 unpeer_ */ + S_ST( 'i', 3, 969, 0 ), /* 968 unpeer_d */ + S_ST( 'g', 3, 970, 0 ), /* 969 unpeer_di */ + S_ST( 'e', 3, 971, 0 ), /* 970 unpeer_dig */ + S_ST( 's', 3, 972, 0 ), /* 971 unpeer_dige */ + S_ST( 't', 3, 973, 0 ), /* 972 unpeer_diges */ + S_ST( '_', 3, 974, 0 ), /* 973 unpeer_digest */ + S_ST( 'e', 3, 975, 0 ), /* 974 unpeer_digest_ */ + S_ST( 'a', 3, 976, 0 ), /* 975 unpeer_digest_e */ + S_ST( 'r', 3, 977, 0 ), /* 976 unpeer_digest_ea */ + S_ST( 'l', 3, 449, 0 ), /* 977 unpeer_digest_ear */ + S_ST( 'v', 3, 979, 937 ), /* 978 */ + S_ST( 'e', 3, 980, 0 ), /* 979 v */ + S_ST( 'r', 3, 981, 0 ), /* 980 ve */ + S_ST( 's', 3, 982, 0 ), /* 981 ver */ + S_ST( 'i', 3, 983, 0 ), /* 982 vers */ + S_ST( 'o', 3, 452, 0 ), /* 983 versi */ + S_ST( 'w', 3, 991, 978 ), /* 984 */ + S_ST( 'a', 3, 986, 0 ), /* 985 w */ + S_ST( 'n', 3, 987, 0 ), /* 986 wa */ + S_ST( 'd', 3, 988, 0 ), /* 987 wan */ + S_ST( 'e', 3, 467, 0 ), /* 988 wand */ + S_ST( 'e', 3, 990, 985 ), /* 989 w */ + S_ST( 'e', 3, 454, 0 ), /* 990 we */ + S_ST( 'i', 3, 992, 989 ), /* 991 w */ + S_ST( 'l', 3, 993, 0 ), /* 992 wi */ + S_ST( 'd', 3, 994, 0 ), /* 993 wil */ + S_ST( 'c', 3, 995, 0 ), /* 994 wild */ + S_ST( 'a', 3, 996, 0 ), /* 995 wildc */ + S_ST( 'r', 3, 455, 0 ), /* 996 wildca */ + S_ST( 'x', 3, 1002, 984 ), /* 997 */ + S_ST( 'l', 3, 999, 0 ), /* 998 x */ + S_ST( 'e', 3, 1000, 0 ), /* 999 xl */ + S_ST( 'a', 3, 1001, 0 ), /* 1000 xle */ + S_ST( 'v', 3, 456, 0 ), /* 1001 xlea */ + S_ST( 'm', 3, 1003, 998 ), /* 1002 x */ + S_ST( 't', 3, 1004, 0 ), /* 1003 xm */ + S_ST( 'n', 3, 1005, 0 ), /* 1004 xmt */ + S_ST( 'o', 3, 1006, 0 ), /* 1005 xmtn */ + S_ST( 'n', 3, 1007, 0 ), /* 1006 xmtno */ + S_ST( 'c', 3, 457, 0 ), /* 1007 xmtnon */ + S_ST( 'y', 3, 1009, 997 ), /* 1008 [initial state] */ + S_ST( 'e', 3, 1010, 0 ), /* 1009 y */ + S_ST( 'a', 3, 458, 0 ) /* 1010 ye */ }; diff --git a/ntpd/ntp_leapsec.c b/ntpd/ntp_leapsec.c index 88f9d4e1cc23..2618862c57ba 100644 --- a/ntpd/ntp_leapsec.c +++ b/ntpd/ntp_leapsec.c @@ -13,39 +13,17 @@ #include <sys/stat.h> #include <ctype.h> -#include "ntp_types.h" -#include "ntp_fp.h" +#include "ntp.h" #include "ntp_stdlib.h" #include "ntp_calendar.h" #include "ntp_leapsec.h" -#include "ntp.h" #include "vint64ops.h" -#include "lib_strbuf.h" #include "isc/sha1.h" static const char * const logPrefix = "leapsecond file"; /* --------------------------------------------------------------------- - * GCC is rather sticky with its 'const' attribute. We have to do it more - * explicit than with a cast if we want to get rid of a CONST qualifier. - * Greetings from the PASCAL world, where casting was only possible via - * untagged unions... - */ -static inline void* -noconst( - const void* ptr - ) -{ - union { - const void * cp; - void * vp; - } tmp; - tmp.cp = ptr; - return tmp.vp; -} - -/* --------------------------------------------------------------------- * Our internal data structure */ #define MAX_HIST 10 /* history of leap seconds */ @@ -84,18 +62,20 @@ static leap_table_t _ltab[2], *_lptr; static int/*BOOL*/ _electric; /* Forward decls of local helpers */ -static int add_range(leap_table_t*, const leap_info_t*); -static char * get_line(leapsec_reader, void*, char*, size_t); -static char * skipws(const char*); -static int parsefail(const char * cp, const char * ep); -static void reload_limits(leap_table_t*, const vint64*); -static void fetch_leap_era(leap_era_t*, const leap_table_t*, - const vint64*); -static int betweenu32(uint32_t, uint32_t, uint32_t); -static void reset_times(leap_table_t*); -static int leapsec_add(leap_table_t*, const vint64*, int); -static int leapsec_raw(leap_table_t*, const vint64 *, int, int); -static const char * lstostr(const vint64 * ts); +static int add_range (leap_table_t *, const leap_info_t *); +static char * get_line (leapsec_reader, void *, char *, + size_t); +static inline char * skipws (char *ptr); +static int parsefail (const char *cp, const char *ep); +static void reload_limits (leap_table_t *, const vint64 *); +static void fetch_leap_era (leap_era_t *, const leap_table_t *, + const vint64 *); +static int betweenu32 (u_int32, u_int32, u_int32); +static void reset_times (leap_table_t *); +static int leapsec_add (leap_table_t *, const vint64 *, int); +static int leapsec_raw (leap_table_t *, const vint64 *, int, + int); +static const char * lstostr (const vint64 *ts); /* ===================================================================== * Get & Set the current leap table @@ -178,13 +158,13 @@ leapsec_clear( */ int/*BOOL*/ leapsec_load( - leap_table_t * pt , - leapsec_reader func, - void * farg, - int use_build_limit) + leap_table_t * pt, + leapsec_reader func, + void * farg, + int use_build_limit + ) { - char const *ep; - char *cp, *endp, linebuf[50]; + char *cp, *ep, *endp, linebuf[50]; vint64 ttime, limit; long taiof; struct calendar build; @@ -415,7 +395,7 @@ leapsec_reset_frame(void) } /* ------------------------------------------------------------------ */ -/* load a file from a FILE pointer. Note: If hcheck is true, load +/* load a file from a FILE pointer. Note: If vhash is true, load * only after successful signature check. The stream must be seekable * or this will fail. */ @@ -433,7 +413,7 @@ leapsec_load_stream( fname = "<unknown>"; if (vhash) { - rcheck = leapsec_validate((leapsec_reader)getc, ifp); + rcheck = leapsec_validate((leapsec_reader)&getc, ifp); if (logall) switch (rcheck) { @@ -822,13 +802,15 @@ get_line( } /* [internal] skips whitespace characters from a character buffer. */ -static char * +static inline char * skipws( - const char *ptr) + char * ptr + ) { - while (isspace((u_char)*ptr)) + while (isspace((u_char)*ptr)) { ptr++; - return (char*)noconst(ptr); + } + return ptr; } /* [internal] check if a strtoXYZ ended at EOL or whitespace and @@ -887,7 +869,7 @@ reload_limits( if (_electric) pt->head.dtime = pt->head.ttime; - else + else pt->head.dtime = addv64i32( &pt->head.ttime, pt->head.next_tai - pt->head.this_tai); diff --git a/ntpd/ntp_loopfilter.c b/ntpd/ntp_loopfilter.c index e76e4dce0711..6378e0d7e669 100644 --- a/ntpd/ntp_loopfilter.c +++ b/ntpd/ntp_loopfilter.c @@ -1027,6 +1027,22 @@ rstclock( tc_counter)); if (trans != state && trans != EVNT_FSET) report_event(trans, NULL, NULL); +#ifdef HAVE_WORKING_FORK + if (trans != state && EVNT_SYNC == trans) { + /* + * If our parent process is waiting for the + * first clock sync, send them home satisfied. + */ + if (daemon_pipe[1] != -1) { + if (2 != write(daemon_pipe[1], "S\n", 2)) { + msyslog(LOG_ERR, "daemon failed to notify parent ntpd (--wait-sync)"); + } + close(daemon_pipe[1]); + daemon_pipe[1] = -1; + } + } +#endif /* HAVE_WORKING_FORK */ + state = trans; last_offset = clock_offset = offset; clock_epoch = current_time; diff --git a/ntpd/ntp_monitor.c b/ntpd/ntp_monitor.c index b3db452a243e..8af8dff301c4 100644 --- a/ntpd/ntp_monitor.c +++ b/ntpd/ntp_monitor.c @@ -329,9 +329,9 @@ ntp_monitor( REQUIRE(rbufp != NULL); - if (mon_enabled == MON_OFF) + if (mon_enabled == MON_OFF) { return ~(RES_LIMITED | RES_KOD) & flags; - + } pkt = &rbufp->recv_pkt; hash = MON_HASH(&rbufp->recv_srcadr); mode = PKT_MODE(pkt->li_vn_mode); @@ -343,10 +343,11 @@ ntp_monitor( * otherwise cron'ed ntpdate or similar evades RES_LIMITED. */ - for (; mon != NULL; mon = mon->hash_next) - if (SOCK_EQ(&mon->rmtadr, &rbufp->recv_srcadr)) + for (; mon != NULL; mon = mon->hash_next) { + if (SOCK_EQ(&mon->rmtadr, &rbufp->recv_srcadr)) { break; - + } + } if (mon != NULL) { interval_fp = rbufp->recv_time; L_SUB(&interval_fp, &mon->last); @@ -388,17 +389,17 @@ ntp_monitor( * the average threshold plus the increment and leave * the RES_LIMITED and RES_KOD bits lit. Otherwise, * leave the counter alone and douse the RES_KOD bit. - * This rate-limits the KoDs to no less than the average - * headway. + * This rate-limits the KoDs to no more often than the + * average headway. */ if (interval + 1 >= ntp_minpkt && leak < limit) { mon->leak = leak - 2; restrict_mask &= ~(RES_LIMITED | RES_KOD); - } else if (mon->leak < limit) + } else if (mon->leak < limit) { mon->leak = limit + head; - else + } else { restrict_mask &= ~RES_KOD; - + } mon->flags = restrict_mask; return mon->flags; diff --git a/ntpd/ntp_parser.c b/ntpd/ntp_parser.c index 834b1fbd1acc..e5ee5e10a459 100644 --- a/ntpd/ntp_parser.c +++ b/ntpd/ntp_parser.c @@ -1,4 +1,4 @@ -/* A Bison parser, made by GNU Bison 3.7.6. */ +/* A Bison parser, made by GNU Bison 3.8.2. */ /* Bison implementation for Yacc-like parsers in C @@ -46,10 +46,10 @@ USER NAME SPACE" below. */ /* Identify Bison output, and Bison version. */ -#define YYBISON 30706 +#define YYBISON 30802 /* Bison version string. */ -#define YYBISON_VERSION "3.7.6" +#define YYBISON_VERSION "3.8.2" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -67,7 +67,7 @@ /* First part of user prologue. */ -#line 11 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 11 "../../ntpd/ntp_parser.y" #ifdef HAVE_CONFIG_H # include <config.h> @@ -102,7 +102,7 @@ # define ONLY_SIM(a) NULL #endif -#line 106 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 106 "ntp_parser.c" # ifndef YY_CAST # ifdef __cplusplus @@ -127,8 +127,8 @@ /* Use api.header.include to #include this header instead of duplicating it here. */ -#ifndef YY_YY__SRC_NTP_STABLE_NTPD_NTP_PARSER_H_INCLUDED -# define YY_YY__SRC_NTP_STABLE_NTPD_NTP_PARSER_H_INCLUDED +#ifndef YY_YY_NTP_PARSER_H_INCLUDED +# define YY_YY_NTP_PARSER_H_INCLUDED /* Debug traces. */ #ifndef YYDEBUG # define YYDEBUG 1 @@ -174,190 +174,191 @@ extern int yydebug; T_Ctl = 283, /* T_Ctl */ T_Day = 284, /* T_Day */ T_Default = 285, /* T_Default */ - T_Device = 286, /* T_Device */ - T_Digest = 287, /* T_Digest */ - T_Disable = 288, /* T_Disable */ - T_Discard = 289, /* T_Discard */ - T_Dispersion = 290, /* T_Dispersion */ - T_Double = 291, /* T_Double */ - T_Driftfile = 292, /* T_Driftfile */ - T_Drop = 293, /* T_Drop */ - T_Dscp = 294, /* T_Dscp */ - T_Ellipsis = 295, /* T_Ellipsis */ - T_Enable = 296, /* T_Enable */ - T_End = 297, /* T_End */ - T_Epeer = 298, /* T_Epeer */ - T_False = 299, /* T_False */ - T_File = 300, /* T_File */ - T_Filegen = 301, /* T_Filegen */ - T_Filenum = 302, /* T_Filenum */ - T_Flag1 = 303, /* T_Flag1 */ - T_Flag2 = 304, /* T_Flag2 */ - T_Flag3 = 305, /* T_Flag3 */ - T_Flag4 = 306, /* T_Flag4 */ - T_Flake = 307, /* T_Flake */ - T_Floor = 308, /* T_Floor */ - T_Freq = 309, /* T_Freq */ - T_Fudge = 310, /* T_Fudge */ - T_Fuzz = 311, /* T_Fuzz */ - T_Host = 312, /* T_Host */ - T_Huffpuff = 313, /* T_Huffpuff */ - T_Iburst = 314, /* T_Iburst */ - T_Ident = 315, /* T_Ident */ - T_Ignore = 316, /* T_Ignore */ - T_Ignorehash = 317, /* T_Ignorehash */ - T_Incalloc = 318, /* T_Incalloc */ - T_Incmem = 319, /* T_Incmem */ - T_Initalloc = 320, /* T_Initalloc */ - T_Initmem = 321, /* T_Initmem */ - T_Includefile = 322, /* T_Includefile */ - T_Integer = 323, /* T_Integer */ - T_Interface = 324, /* T_Interface */ - T_Intrange = 325, /* T_Intrange */ - T_Io = 326, /* T_Io */ - T_Ippeerlimit = 327, /* T_Ippeerlimit */ - T_Ipv4 = 328, /* T_Ipv4 */ - T_Ipv4_flag = 329, /* T_Ipv4_flag */ - T_Ipv6 = 330, /* T_Ipv6 */ - T_Ipv6_flag = 331, /* T_Ipv6_flag */ - T_Kernel = 332, /* T_Kernel */ - T_Key = 333, /* T_Key */ - T_Keys = 334, /* T_Keys */ - T_Keysdir = 335, /* T_Keysdir */ - T_Kod = 336, /* T_Kod */ - T_Leapfile = 337, /* T_Leapfile */ - T_Leapsmearinterval = 338, /* T_Leapsmearinterval */ - T_Limited = 339, /* T_Limited */ - T_Link = 340, /* T_Link */ - T_Listen = 341, /* T_Listen */ - T_Logconfig = 342, /* T_Logconfig */ - T_Logfile = 343, /* T_Logfile */ - T_Loopstats = 344, /* T_Loopstats */ - T_Lowpriotrap = 345, /* T_Lowpriotrap */ - T_Manycastclient = 346, /* T_Manycastclient */ - T_Manycastserver = 347, /* T_Manycastserver */ - T_Mask = 348, /* T_Mask */ - T_Maxage = 349, /* T_Maxage */ - T_Maxclock = 350, /* T_Maxclock */ - T_Maxdepth = 351, /* T_Maxdepth */ - T_Maxdist = 352, /* T_Maxdist */ - T_Maxmem = 353, /* T_Maxmem */ - T_Maxpoll = 354, /* T_Maxpoll */ - T_Mdnstries = 355, /* T_Mdnstries */ - T_Mem = 356, /* T_Mem */ - T_Memlock = 357, /* T_Memlock */ - T_Minclock = 358, /* T_Minclock */ - T_Mindepth = 359, /* T_Mindepth */ - T_Mindist = 360, /* T_Mindist */ - T_Minimum = 361, /* T_Minimum */ - T_Minjitter = 362, /* T_Minjitter */ - T_Minpoll = 363, /* T_Minpoll */ - T_Minsane = 364, /* T_Minsane */ - T_Mode = 365, /* T_Mode */ - T_Mode7 = 366, /* T_Mode7 */ - T_Monitor = 367, /* T_Monitor */ - T_Month = 368, /* T_Month */ - T_Mru = 369, /* T_Mru */ - T_Mssntp = 370, /* T_Mssntp */ - T_Multicastclient = 371, /* T_Multicastclient */ - T_Nic = 372, /* T_Nic */ - T_Nolink = 373, /* T_Nolink */ - T_Nomodify = 374, /* T_Nomodify */ - T_Nomrulist = 375, /* T_Nomrulist */ - T_None = 376, /* T_None */ - T_Nonvolatile = 377, /* T_Nonvolatile */ - T_Noepeer = 378, /* T_Noepeer */ - T_Nopeer = 379, /* T_Nopeer */ - T_Noquery = 380, /* T_Noquery */ - T_Noselect = 381, /* T_Noselect */ - T_Noserve = 382, /* T_Noserve */ - T_Notrap = 383, /* T_Notrap */ - T_Notrust = 384, /* T_Notrust */ - T_Ntp = 385, /* T_Ntp */ - T_Ntpport = 386, /* T_Ntpport */ - T_NtpSignDsocket = 387, /* T_NtpSignDsocket */ - T_Orphan = 388, /* T_Orphan */ - T_Orphanwait = 389, /* T_Orphanwait */ - T_PCEdigest = 390, /* T_PCEdigest */ - T_Panic = 391, /* T_Panic */ - T_Peer = 392, /* T_Peer */ - T_Peerstats = 393, /* T_Peerstats */ - T_Phone = 394, /* T_Phone */ - T_Pid = 395, /* T_Pid */ - T_Pidfile = 396, /* T_Pidfile */ - T_Poll = 397, /* T_Poll */ - T_PollSkewList = 398, /* T_PollSkewList */ - T_Pool = 399, /* T_Pool */ - T_Port = 400, /* T_Port */ - T_PpsData = 401, /* T_PpsData */ - T_Preempt = 402, /* T_Preempt */ - T_Prefer = 403, /* T_Prefer */ - T_Protostats = 404, /* T_Protostats */ - T_Pw = 405, /* T_Pw */ - T_Randfile = 406, /* T_Randfile */ - T_Rawstats = 407, /* T_Rawstats */ - T_Refid = 408, /* T_Refid */ - T_Requestkey = 409, /* T_Requestkey */ - T_Reset = 410, /* T_Reset */ - T_Restrict = 411, /* T_Restrict */ - T_Revoke = 412, /* T_Revoke */ - T_Rlimit = 413, /* T_Rlimit */ - T_Saveconfigdir = 414, /* T_Saveconfigdir */ - T_Server = 415, /* T_Server */ - T_Serverresponse = 416, /* T_Serverresponse */ - T_ServerresponseFuzz = 417, /* T_ServerresponseFuzz */ - T_Setvar = 418, /* T_Setvar */ - T_Source = 419, /* T_Source */ - T_Stacksize = 420, /* T_Stacksize */ - T_Statistics = 421, /* T_Statistics */ - T_Stats = 422, /* T_Stats */ - T_Statsdir = 423, /* T_Statsdir */ - T_Step = 424, /* T_Step */ - T_Stepback = 425, /* T_Stepback */ - T_Stepfwd = 426, /* T_Stepfwd */ - T_Stepout = 427, /* T_Stepout */ - T_Stratum = 428, /* T_Stratum */ - T_String = 429, /* T_String */ - T_Sys = 430, /* T_Sys */ - T_Sysstats = 431, /* T_Sysstats */ - T_Tick = 432, /* T_Tick */ - T_Time1 = 433, /* T_Time1 */ - T_Time2 = 434, /* T_Time2 */ - T_TimeData = 435, /* T_TimeData */ - T_Timer = 436, /* T_Timer */ - T_Timingstats = 437, /* T_Timingstats */ - T_Tinker = 438, /* T_Tinker */ - T_Tos = 439, /* T_Tos */ - T_Trap = 440, /* T_Trap */ - T_True = 441, /* T_True */ - T_Trustedkey = 442, /* T_Trustedkey */ - T_Ttl = 443, /* T_Ttl */ - T_Type = 444, /* T_Type */ - T_U_int = 445, /* T_U_int */ - T_UEcrypto = 446, /* T_UEcrypto */ - T_UEcryptonak = 447, /* T_UEcryptonak */ - T_UEdigest = 448, /* T_UEdigest */ - T_Unconfig = 449, /* T_Unconfig */ - T_Unpeer = 450, /* T_Unpeer */ - T_Version = 451, /* T_Version */ - T_WanderThreshold = 452, /* T_WanderThreshold */ - T_Week = 453, /* T_Week */ - T_Wildcard = 454, /* T_Wildcard */ - T_Xleave = 455, /* T_Xleave */ - T_Xmtnonce = 456, /* T_Xmtnonce */ - T_Year = 457, /* T_Year */ - T_Flag = 458, /* T_Flag */ - T_EOC = 459, /* T_EOC */ - T_Simulate = 460, /* T_Simulate */ - T_Beep_Delay = 461, /* T_Beep_Delay */ - T_Sim_Duration = 462, /* T_Sim_Duration */ - T_Server_Offset = 463, /* T_Server_Offset */ - T_Duration = 464, /* T_Duration */ - T_Freq_Offset = 465, /* T_Freq_Offset */ - T_Wander = 466, /* T_Wander */ - T_Jitter = 467, /* T_Jitter */ - T_Prop_Delay = 468, /* T_Prop_Delay */ - T_Proc_Delay = 469 /* T_Proc_Delay */ + T_Delrestrict = 286, /* T_Delrestrict */ + T_Device = 287, /* T_Device */ + T_Digest = 288, /* T_Digest */ + T_Disable = 289, /* T_Disable */ + T_Discard = 290, /* T_Discard */ + T_Dispersion = 291, /* T_Dispersion */ + T_Double = 292, /* T_Double */ + T_Driftfile = 293, /* T_Driftfile */ + T_Drop = 294, /* T_Drop */ + T_Dscp = 295, /* T_Dscp */ + T_Ellipsis = 296, /* T_Ellipsis */ + T_Enable = 297, /* T_Enable */ + T_End = 298, /* T_End */ + T_Epeer = 299, /* T_Epeer */ + T_False = 300, /* T_False */ + T_File = 301, /* T_File */ + T_Filegen = 302, /* T_Filegen */ + T_Filenum = 303, /* T_Filenum */ + T_Flag1 = 304, /* T_Flag1 */ + T_Flag2 = 305, /* T_Flag2 */ + T_Flag3 = 306, /* T_Flag3 */ + T_Flag4 = 307, /* T_Flag4 */ + T_Flake = 308, /* T_Flake */ + T_Floor = 309, /* T_Floor */ + T_Freq = 310, /* T_Freq */ + T_Fudge = 311, /* T_Fudge */ + T_Fuzz = 312, /* T_Fuzz */ + T_Host = 313, /* T_Host */ + T_Huffpuff = 314, /* T_Huffpuff */ + T_Iburst = 315, /* T_Iburst */ + T_Ident = 316, /* T_Ident */ + T_Ignore = 317, /* T_Ignore */ + T_Ignorehash = 318, /* T_Ignorehash */ + T_Incalloc = 319, /* T_Incalloc */ + T_Incmem = 320, /* T_Incmem */ + T_Initalloc = 321, /* T_Initalloc */ + T_Initmem = 322, /* T_Initmem */ + T_Includefile = 323, /* T_Includefile */ + T_Integer = 324, /* T_Integer */ + T_Interface = 325, /* T_Interface */ + T_Intrange = 326, /* T_Intrange */ + T_Io = 327, /* T_Io */ + T_Ippeerlimit = 328, /* T_Ippeerlimit */ + T_Ipv4 = 329, /* T_Ipv4 */ + T_Ipv4_flag = 330, /* T_Ipv4_flag */ + T_Ipv6 = 331, /* T_Ipv6 */ + T_Ipv6_flag = 332, /* T_Ipv6_flag */ + T_Kernel = 333, /* T_Kernel */ + T_Key = 334, /* T_Key */ + T_Keys = 335, /* T_Keys */ + T_Keysdir = 336, /* T_Keysdir */ + T_Kod = 337, /* T_Kod */ + T_Leapfile = 338, /* T_Leapfile */ + T_Leapsmearinterval = 339, /* T_Leapsmearinterval */ + T_Limited = 340, /* T_Limited */ + T_Link = 341, /* T_Link */ + T_Listen = 342, /* T_Listen */ + T_Logconfig = 343, /* T_Logconfig */ + T_Logfile = 344, /* T_Logfile */ + T_Loopstats = 345, /* T_Loopstats */ + T_Lowpriotrap = 346, /* T_Lowpriotrap */ + T_Manycastclient = 347, /* T_Manycastclient */ + T_Manycastserver = 348, /* T_Manycastserver */ + T_Mask = 349, /* T_Mask */ + T_Maxage = 350, /* T_Maxage */ + T_Maxclock = 351, /* T_Maxclock */ + T_Maxdepth = 352, /* T_Maxdepth */ + T_Maxdist = 353, /* T_Maxdist */ + T_Maxmem = 354, /* T_Maxmem */ + T_Maxpoll = 355, /* T_Maxpoll */ + T_Mdnstries = 356, /* T_Mdnstries */ + T_Mem = 357, /* T_Mem */ + T_Memlock = 358, /* T_Memlock */ + T_Minclock = 359, /* T_Minclock */ + T_Mindepth = 360, /* T_Mindepth */ + T_Mindist = 361, /* T_Mindist */ + T_Minimum = 362, /* T_Minimum */ + T_Minjitter = 363, /* T_Minjitter */ + T_Minpoll = 364, /* T_Minpoll */ + T_Minsane = 365, /* T_Minsane */ + T_Mode = 366, /* T_Mode */ + T_Mode7 = 367, /* T_Mode7 */ + T_Monitor = 368, /* T_Monitor */ + T_Month = 369, /* T_Month */ + T_Mru = 370, /* T_Mru */ + T_Mssntp = 371, /* T_Mssntp */ + T_Multicastclient = 372, /* T_Multicastclient */ + T_Nic = 373, /* T_Nic */ + T_Nolink = 374, /* T_Nolink */ + T_Nomodify = 375, /* T_Nomodify */ + T_Nomrulist = 376, /* T_Nomrulist */ + T_None = 377, /* T_None */ + T_Nonvolatile = 378, /* T_Nonvolatile */ + T_Noepeer = 379, /* T_Noepeer */ + T_Nopeer = 380, /* T_Nopeer */ + T_Noquery = 381, /* T_Noquery */ + T_Noselect = 382, /* T_Noselect */ + T_Noserve = 383, /* T_Noserve */ + T_Notrap = 384, /* T_Notrap */ + T_Notrust = 385, /* T_Notrust */ + T_Ntp = 386, /* T_Ntp */ + T_Ntpport = 387, /* T_Ntpport */ + T_NtpSignDsocket = 388, /* T_NtpSignDsocket */ + T_Orphan = 389, /* T_Orphan */ + T_Orphanwait = 390, /* T_Orphanwait */ + T_PCEdigest = 391, /* T_PCEdigest */ + T_Panic = 392, /* T_Panic */ + T_Peer = 393, /* T_Peer */ + T_Peerstats = 394, /* T_Peerstats */ + T_Phone = 395, /* T_Phone */ + T_Pid = 396, /* T_Pid */ + T_Pidfile = 397, /* T_Pidfile */ + T_Poll = 398, /* T_Poll */ + T_PollSkewList = 399, /* T_PollSkewList */ + T_Pool = 400, /* T_Pool */ + T_Port = 401, /* T_Port */ + T_PpsData = 402, /* T_PpsData */ + T_Preempt = 403, /* T_Preempt */ + T_Prefer = 404, /* T_Prefer */ + T_Protostats = 405, /* T_Protostats */ + T_Pw = 406, /* T_Pw */ + T_Randfile = 407, /* T_Randfile */ + T_Rawstats = 408, /* T_Rawstats */ + T_Refid = 409, /* T_Refid */ + T_Requestkey = 410, /* T_Requestkey */ + T_Reset = 411, /* T_Reset */ + T_Restrict = 412, /* T_Restrict */ + T_Revoke = 413, /* T_Revoke */ + T_Rlimit = 414, /* T_Rlimit */ + T_Saveconfigdir = 415, /* T_Saveconfigdir */ + T_Server = 416, /* T_Server */ + T_Serverresponse = 417, /* T_Serverresponse */ + T_ServerresponseFuzz = 418, /* T_ServerresponseFuzz */ + T_Setvar = 419, /* T_Setvar */ + T_Source = 420, /* T_Source */ + T_Stacksize = 421, /* T_Stacksize */ + T_Statistics = 422, /* T_Statistics */ + T_Stats = 423, /* T_Stats */ + T_Statsdir = 424, /* T_Statsdir */ + T_Step = 425, /* T_Step */ + T_Stepback = 426, /* T_Stepback */ + T_Stepfwd = 427, /* T_Stepfwd */ + T_Stepout = 428, /* T_Stepout */ + T_Stratum = 429, /* T_Stratum */ + T_String = 430, /* T_String */ + T_Sys = 431, /* T_Sys */ + T_Sysstats = 432, /* T_Sysstats */ + T_Tick = 433, /* T_Tick */ + T_Time1 = 434, /* T_Time1 */ + T_Time2 = 435, /* T_Time2 */ + T_TimeData = 436, /* T_TimeData */ + T_Timer = 437, /* T_Timer */ + T_Timingstats = 438, /* T_Timingstats */ + T_Tinker = 439, /* T_Tinker */ + T_Tos = 440, /* T_Tos */ + T_Trap = 441, /* T_Trap */ + T_True = 442, /* T_True */ + T_Trustedkey = 443, /* T_Trustedkey */ + T_Ttl = 444, /* T_Ttl */ + T_Type = 445, /* T_Type */ + T_U_int = 446, /* T_U_int */ + T_UEcrypto = 447, /* T_UEcrypto */ + T_UEcryptonak = 448, /* T_UEcryptonak */ + T_UEdigest = 449, /* T_UEdigest */ + T_Unconfig = 450, /* T_Unconfig */ + T_Unpeer = 451, /* T_Unpeer */ + T_Version = 452, /* T_Version */ + T_WanderThreshold = 453, /* T_WanderThreshold */ + T_Week = 454, /* T_Week */ + T_Wildcard = 455, /* T_Wildcard */ + T_Xleave = 456, /* T_Xleave */ + T_Xmtnonce = 457, /* T_Xmtnonce */ + T_Year = 458, /* T_Year */ + T_Flag = 459, /* T_Flag */ + T_EOC = 460, /* T_EOC */ + T_Simulate = 461, /* T_Simulate */ + T_Beep_Delay = 462, /* T_Beep_Delay */ + T_Sim_Duration = 463, /* T_Sim_Duration */ + T_Server_Offset = 464, /* T_Server_Offset */ + T_Duration = 465, /* T_Duration */ + T_Freq_Offset = 466, /* T_Freq_Offset */ + T_Wander = 467, /* T_Wander */ + T_Jitter = 468, /* T_Jitter */ + T_Prop_Delay = 469, /* T_Prop_Delay */ + T_Proc_Delay = 470 /* T_Proc_Delay */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -394,196 +395,197 @@ extern int yydebug; #define T_Ctl 283 #define T_Day 284 #define T_Default 285 -#define T_Device 286 -#define T_Digest 287 -#define T_Disable 288 -#define T_Discard 289 -#define T_Dispersion 290 -#define T_Double 291 -#define T_Driftfile 292 -#define T_Drop 293 -#define T_Dscp 294 -#define T_Ellipsis 295 -#define T_Enable 296 -#define T_End 297 -#define T_Epeer 298 -#define T_False 299 -#define T_File 300 -#define T_Filegen 301 -#define T_Filenum 302 -#define T_Flag1 303 -#define T_Flag2 304 -#define T_Flag3 305 -#define T_Flag4 306 -#define T_Flake 307 -#define T_Floor 308 -#define T_Freq 309 -#define T_Fudge 310 -#define T_Fuzz 311 -#define T_Host 312 -#define T_Huffpuff 313 -#define T_Iburst 314 -#define T_Ident 315 -#define T_Ignore 316 -#define T_Ignorehash 317 -#define T_Incalloc 318 -#define T_Incmem 319 -#define T_Initalloc 320 -#define T_Initmem 321 -#define T_Includefile 322 -#define T_Integer 323 -#define T_Interface 324 -#define T_Intrange 325 -#define T_Io 326 -#define T_Ippeerlimit 327 -#define T_Ipv4 328 -#define T_Ipv4_flag 329 -#define T_Ipv6 330 -#define T_Ipv6_flag 331 -#define T_Kernel 332 -#define T_Key 333 -#define T_Keys 334 -#define T_Keysdir 335 -#define T_Kod 336 -#define T_Leapfile 337 -#define T_Leapsmearinterval 338 -#define T_Limited 339 -#define T_Link 340 -#define T_Listen 341 -#define T_Logconfig 342 -#define T_Logfile 343 -#define T_Loopstats 344 -#define T_Lowpriotrap 345 -#define T_Manycastclient 346 -#define T_Manycastserver 347 -#define T_Mask 348 -#define T_Maxage 349 -#define T_Maxclock 350 -#define T_Maxdepth 351 -#define T_Maxdist 352 -#define T_Maxmem 353 -#define T_Maxpoll 354 -#define T_Mdnstries 355 -#define T_Mem 356 -#define T_Memlock 357 -#define T_Minclock 358 -#define T_Mindepth 359 -#define T_Mindist 360 -#define T_Minimum 361 -#define T_Minjitter 362 -#define T_Minpoll 363 -#define T_Minsane 364 -#define T_Mode 365 -#define T_Mode7 366 -#define T_Monitor 367 -#define T_Month 368 -#define T_Mru 369 -#define T_Mssntp 370 -#define T_Multicastclient 371 -#define T_Nic 372 -#define T_Nolink 373 -#define T_Nomodify 374 -#define T_Nomrulist 375 -#define T_None 376 -#define T_Nonvolatile 377 -#define T_Noepeer 378 -#define T_Nopeer 379 -#define T_Noquery 380 -#define T_Noselect 381 -#define T_Noserve 382 -#define T_Notrap 383 -#define T_Notrust 384 -#define T_Ntp 385 -#define T_Ntpport 386 -#define T_NtpSignDsocket 387 -#define T_Orphan 388 -#define T_Orphanwait 389 -#define T_PCEdigest 390 -#define T_Panic 391 -#define T_Peer 392 -#define T_Peerstats 393 -#define T_Phone 394 -#define T_Pid 395 -#define T_Pidfile 396 -#define T_Poll 397 -#define T_PollSkewList 398 -#define T_Pool 399 -#define T_Port 400 -#define T_PpsData 401 -#define T_Preempt 402 -#define T_Prefer 403 -#define T_Protostats 404 -#define T_Pw 405 -#define T_Randfile 406 -#define T_Rawstats 407 -#define T_Refid 408 -#define T_Requestkey 409 -#define T_Reset 410 -#define T_Restrict 411 -#define T_Revoke 412 -#define T_Rlimit 413 -#define T_Saveconfigdir 414 -#define T_Server 415 -#define T_Serverresponse 416 -#define T_ServerresponseFuzz 417 -#define T_Setvar 418 -#define T_Source 419 -#define T_Stacksize 420 -#define T_Statistics 421 -#define T_Stats 422 -#define T_Statsdir 423 -#define T_Step 424 -#define T_Stepback 425 -#define T_Stepfwd 426 -#define T_Stepout 427 -#define T_Stratum 428 -#define T_String 429 -#define T_Sys 430 -#define T_Sysstats 431 -#define T_Tick 432 -#define T_Time1 433 -#define T_Time2 434 -#define T_TimeData 435 -#define T_Timer 436 -#define T_Timingstats 437 -#define T_Tinker 438 -#define T_Tos 439 -#define T_Trap 440 -#define T_True 441 -#define T_Trustedkey 442 -#define T_Ttl 443 -#define T_Type 444 -#define T_U_int 445 -#define T_UEcrypto 446 -#define T_UEcryptonak 447 -#define T_UEdigest 448 -#define T_Unconfig 449 -#define T_Unpeer 450 -#define T_Version 451 -#define T_WanderThreshold 452 -#define T_Week 453 -#define T_Wildcard 454 -#define T_Xleave 455 -#define T_Xmtnonce 456 -#define T_Year 457 -#define T_Flag 458 -#define T_EOC 459 -#define T_Simulate 460 -#define T_Beep_Delay 461 -#define T_Sim_Duration 462 -#define T_Server_Offset 463 -#define T_Duration 464 -#define T_Freq_Offset 465 -#define T_Wander 466 -#define T_Jitter 467 -#define T_Prop_Delay 468 -#define T_Proc_Delay 469 +#define T_Delrestrict 286 +#define T_Device 287 +#define T_Digest 288 +#define T_Disable 289 +#define T_Discard 290 +#define T_Dispersion 291 +#define T_Double 292 +#define T_Driftfile 293 +#define T_Drop 294 +#define T_Dscp 295 +#define T_Ellipsis 296 +#define T_Enable 297 +#define T_End 298 +#define T_Epeer 299 +#define T_False 300 +#define T_File 301 +#define T_Filegen 302 +#define T_Filenum 303 +#define T_Flag1 304 +#define T_Flag2 305 +#define T_Flag3 306 +#define T_Flag4 307 +#define T_Flake 308 +#define T_Floor 309 +#define T_Freq 310 +#define T_Fudge 311 +#define T_Fuzz 312 +#define T_Host 313 +#define T_Huffpuff 314 +#define T_Iburst 315 +#define T_Ident 316 +#define T_Ignore 317 +#define T_Ignorehash 318 +#define T_Incalloc 319 +#define T_Incmem 320 +#define T_Initalloc 321 +#define T_Initmem 322 +#define T_Includefile 323 +#define T_Integer 324 +#define T_Interface 325 +#define T_Intrange 326 +#define T_Io 327 +#define T_Ippeerlimit 328 +#define T_Ipv4 329 +#define T_Ipv4_flag 330 +#define T_Ipv6 331 +#define T_Ipv6_flag 332 +#define T_Kernel 333 +#define T_Key 334 +#define T_Keys 335 +#define T_Keysdir 336 +#define T_Kod 337 +#define T_Leapfile 338 +#define T_Leapsmearinterval 339 +#define T_Limited 340 +#define T_Link 341 +#define T_Listen 342 +#define T_Logconfig 343 +#define T_Logfile 344 +#define T_Loopstats 345 +#define T_Lowpriotrap 346 +#define T_Manycastclient 347 +#define T_Manycastserver 348 +#define T_Mask 349 +#define T_Maxage 350 +#define T_Maxclock 351 +#define T_Maxdepth 352 +#define T_Maxdist 353 +#define T_Maxmem 354 +#define T_Maxpoll 355 +#define T_Mdnstries 356 +#define T_Mem 357 +#define T_Memlock 358 +#define T_Minclock 359 +#define T_Mindepth 360 +#define T_Mindist 361 +#define T_Minimum 362 +#define T_Minjitter 363 +#define T_Minpoll 364 +#define T_Minsane 365 +#define T_Mode 366 +#define T_Mode7 367 +#define T_Monitor 368 +#define T_Month 369 +#define T_Mru 370 +#define T_Mssntp 371 +#define T_Multicastclient 372 +#define T_Nic 373 +#define T_Nolink 374 +#define T_Nomodify 375 +#define T_Nomrulist 376 +#define T_None 377 +#define T_Nonvolatile 378 +#define T_Noepeer 379 +#define T_Nopeer 380 +#define T_Noquery 381 +#define T_Noselect 382 +#define T_Noserve 383 +#define T_Notrap 384 +#define T_Notrust 385 +#define T_Ntp 386 +#define T_Ntpport 387 +#define T_NtpSignDsocket 388 +#define T_Orphan 389 +#define T_Orphanwait 390 +#define T_PCEdigest 391 +#define T_Panic 392 +#define T_Peer 393 +#define T_Peerstats 394 +#define T_Phone 395 +#define T_Pid 396 +#define T_Pidfile 397 +#define T_Poll 398 +#define T_PollSkewList 399 +#define T_Pool 400 +#define T_Port 401 +#define T_PpsData 402 +#define T_Preempt 403 +#define T_Prefer 404 +#define T_Protostats 405 +#define T_Pw 406 +#define T_Randfile 407 +#define T_Rawstats 408 +#define T_Refid 409 +#define T_Requestkey 410 +#define T_Reset 411 +#define T_Restrict 412 +#define T_Revoke 413 +#define T_Rlimit 414 +#define T_Saveconfigdir 415 +#define T_Server 416 +#define T_Serverresponse 417 +#define T_ServerresponseFuzz 418 +#define T_Setvar 419 +#define T_Source 420 +#define T_Stacksize 421 +#define T_Statistics 422 +#define T_Stats 423 +#define T_Statsdir 424 +#define T_Step 425 +#define T_Stepback 426 +#define T_Stepfwd 427 +#define T_Stepout 428 +#define T_Stratum 429 +#define T_String 430 +#define T_Sys 431 +#define T_Sysstats 432 +#define T_Tick 433 +#define T_Time1 434 +#define T_Time2 435 +#define T_TimeData 436 +#define T_Timer 437 +#define T_Timingstats 438 +#define T_Tinker 439 +#define T_Tos 440 +#define T_Trap 441 +#define T_True 442 +#define T_Trustedkey 443 +#define T_Ttl 444 +#define T_Type 445 +#define T_U_int 446 +#define T_UEcrypto 447 +#define T_UEcryptonak 448 +#define T_UEdigest 449 +#define T_Unconfig 450 +#define T_Unpeer 451 +#define T_Version 452 +#define T_WanderThreshold 453 +#define T_Week 454 +#define T_Wildcard 455 +#define T_Xleave 456 +#define T_Xmtnonce 457 +#define T_Year 458 +#define T_Flag 459 +#define T_EOC 460 +#define T_Simulate 461 +#define T_Beep_Delay 462 +#define T_Sim_Duration 463 +#define T_Server_Offset 464 +#define T_Duration 465 +#define T_Freq_Offset 466 +#define T_Wander 467 +#define T_Jitter 468 +#define T_Prop_Delay 469 +#define T_Proc_Delay 470 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 52 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 52 "../../ntpd/ntp_parser.y" char * String; double Double; @@ -602,7 +604,7 @@ union YYSTYPE script_info * Sim_script; script_info_fifo * Sim_script_fifo; -#line 606 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 608 "ntp_parser.c" }; typedef union YYSTYPE YYSTYPE; @@ -613,9 +615,11 @@ typedef union YYSTYPE YYSTYPE; extern YYSTYPE yylval; + int yyparse (void); -#endif /* !YY_YY__SRC_NTP_STABLE_NTPD_NTP_PARSER_H_INCLUDED */ + +#endif /* !YY_YY_NTP_PARSER_H_INCLUDED */ /* Symbol kind. */ enum yysymbol_kind_t { @@ -651,311 +655,313 @@ enum yysymbol_kind_t YYSYMBOL_T_Ctl = 28, /* T_Ctl */ YYSYMBOL_T_Day = 29, /* T_Day */ YYSYMBOL_T_Default = 30, /* T_Default */ - YYSYMBOL_T_Device = 31, /* T_Device */ - YYSYMBOL_T_Digest = 32, /* T_Digest */ - YYSYMBOL_T_Disable = 33, /* T_Disable */ - YYSYMBOL_T_Discard = 34, /* T_Discard */ - YYSYMBOL_T_Dispersion = 35, /* T_Dispersion */ - YYSYMBOL_T_Double = 36, /* T_Double */ - YYSYMBOL_T_Driftfile = 37, /* T_Driftfile */ - YYSYMBOL_T_Drop = 38, /* T_Drop */ - YYSYMBOL_T_Dscp = 39, /* T_Dscp */ - YYSYMBOL_T_Ellipsis = 40, /* T_Ellipsis */ - YYSYMBOL_T_Enable = 41, /* T_Enable */ - YYSYMBOL_T_End = 42, /* T_End */ - YYSYMBOL_T_Epeer = 43, /* T_Epeer */ - YYSYMBOL_T_False = 44, /* T_False */ - YYSYMBOL_T_File = 45, /* T_File */ - YYSYMBOL_T_Filegen = 46, /* T_Filegen */ - YYSYMBOL_T_Filenum = 47, /* T_Filenum */ - YYSYMBOL_T_Flag1 = 48, /* T_Flag1 */ - YYSYMBOL_T_Flag2 = 49, /* T_Flag2 */ - YYSYMBOL_T_Flag3 = 50, /* T_Flag3 */ - YYSYMBOL_T_Flag4 = 51, /* T_Flag4 */ - YYSYMBOL_T_Flake = 52, /* T_Flake */ - YYSYMBOL_T_Floor = 53, /* T_Floor */ - YYSYMBOL_T_Freq = 54, /* T_Freq */ - YYSYMBOL_T_Fudge = 55, /* T_Fudge */ - YYSYMBOL_T_Fuzz = 56, /* T_Fuzz */ - YYSYMBOL_T_Host = 57, /* T_Host */ - YYSYMBOL_T_Huffpuff = 58, /* T_Huffpuff */ - YYSYMBOL_T_Iburst = 59, /* T_Iburst */ - YYSYMBOL_T_Ident = 60, /* T_Ident */ - YYSYMBOL_T_Ignore = 61, /* T_Ignore */ - YYSYMBOL_T_Ignorehash = 62, /* T_Ignorehash */ - YYSYMBOL_T_Incalloc = 63, /* T_Incalloc */ - YYSYMBOL_T_Incmem = 64, /* T_Incmem */ - YYSYMBOL_T_Initalloc = 65, /* T_Initalloc */ - YYSYMBOL_T_Initmem = 66, /* T_Initmem */ - YYSYMBOL_T_Includefile = 67, /* T_Includefile */ - YYSYMBOL_T_Integer = 68, /* T_Integer */ - YYSYMBOL_T_Interface = 69, /* T_Interface */ - YYSYMBOL_T_Intrange = 70, /* T_Intrange */ - YYSYMBOL_T_Io = 71, /* T_Io */ - YYSYMBOL_T_Ippeerlimit = 72, /* T_Ippeerlimit */ - YYSYMBOL_T_Ipv4 = 73, /* T_Ipv4 */ - YYSYMBOL_T_Ipv4_flag = 74, /* T_Ipv4_flag */ - YYSYMBOL_T_Ipv6 = 75, /* T_Ipv6 */ - YYSYMBOL_T_Ipv6_flag = 76, /* T_Ipv6_flag */ - YYSYMBOL_T_Kernel = 77, /* T_Kernel */ - YYSYMBOL_T_Key = 78, /* T_Key */ - YYSYMBOL_T_Keys = 79, /* T_Keys */ - YYSYMBOL_T_Keysdir = 80, /* T_Keysdir */ - YYSYMBOL_T_Kod = 81, /* T_Kod */ - YYSYMBOL_T_Leapfile = 82, /* T_Leapfile */ - YYSYMBOL_T_Leapsmearinterval = 83, /* T_Leapsmearinterval */ - YYSYMBOL_T_Limited = 84, /* T_Limited */ - YYSYMBOL_T_Link = 85, /* T_Link */ - YYSYMBOL_T_Listen = 86, /* T_Listen */ - YYSYMBOL_T_Logconfig = 87, /* T_Logconfig */ - YYSYMBOL_T_Logfile = 88, /* T_Logfile */ - YYSYMBOL_T_Loopstats = 89, /* T_Loopstats */ - YYSYMBOL_T_Lowpriotrap = 90, /* T_Lowpriotrap */ - YYSYMBOL_T_Manycastclient = 91, /* T_Manycastclient */ - YYSYMBOL_T_Manycastserver = 92, /* T_Manycastserver */ - YYSYMBOL_T_Mask = 93, /* T_Mask */ - YYSYMBOL_T_Maxage = 94, /* T_Maxage */ - YYSYMBOL_T_Maxclock = 95, /* T_Maxclock */ - YYSYMBOL_T_Maxdepth = 96, /* T_Maxdepth */ - YYSYMBOL_T_Maxdist = 97, /* T_Maxdist */ - YYSYMBOL_T_Maxmem = 98, /* T_Maxmem */ - YYSYMBOL_T_Maxpoll = 99, /* T_Maxpoll */ - YYSYMBOL_T_Mdnstries = 100, /* T_Mdnstries */ - YYSYMBOL_T_Mem = 101, /* T_Mem */ - YYSYMBOL_T_Memlock = 102, /* T_Memlock */ - YYSYMBOL_T_Minclock = 103, /* T_Minclock */ - YYSYMBOL_T_Mindepth = 104, /* T_Mindepth */ - YYSYMBOL_T_Mindist = 105, /* T_Mindist */ - YYSYMBOL_T_Minimum = 106, /* T_Minimum */ - YYSYMBOL_T_Minjitter = 107, /* T_Minjitter */ - YYSYMBOL_T_Minpoll = 108, /* T_Minpoll */ - YYSYMBOL_T_Minsane = 109, /* T_Minsane */ - YYSYMBOL_T_Mode = 110, /* T_Mode */ - YYSYMBOL_T_Mode7 = 111, /* T_Mode7 */ - YYSYMBOL_T_Monitor = 112, /* T_Monitor */ - YYSYMBOL_T_Month = 113, /* T_Month */ - YYSYMBOL_T_Mru = 114, /* T_Mru */ - YYSYMBOL_T_Mssntp = 115, /* T_Mssntp */ - YYSYMBOL_T_Multicastclient = 116, /* T_Multicastclient */ - YYSYMBOL_T_Nic = 117, /* T_Nic */ - YYSYMBOL_T_Nolink = 118, /* T_Nolink */ - YYSYMBOL_T_Nomodify = 119, /* T_Nomodify */ - YYSYMBOL_T_Nomrulist = 120, /* T_Nomrulist */ - YYSYMBOL_T_None = 121, /* T_None */ - YYSYMBOL_T_Nonvolatile = 122, /* T_Nonvolatile */ - YYSYMBOL_T_Noepeer = 123, /* T_Noepeer */ - YYSYMBOL_T_Nopeer = 124, /* T_Nopeer */ - YYSYMBOL_T_Noquery = 125, /* T_Noquery */ - YYSYMBOL_T_Noselect = 126, /* T_Noselect */ - YYSYMBOL_T_Noserve = 127, /* T_Noserve */ - YYSYMBOL_T_Notrap = 128, /* T_Notrap */ - YYSYMBOL_T_Notrust = 129, /* T_Notrust */ - YYSYMBOL_T_Ntp = 130, /* T_Ntp */ - YYSYMBOL_T_Ntpport = 131, /* T_Ntpport */ - YYSYMBOL_T_NtpSignDsocket = 132, /* T_NtpSignDsocket */ - YYSYMBOL_T_Orphan = 133, /* T_Orphan */ - YYSYMBOL_T_Orphanwait = 134, /* T_Orphanwait */ - YYSYMBOL_T_PCEdigest = 135, /* T_PCEdigest */ - YYSYMBOL_T_Panic = 136, /* T_Panic */ - YYSYMBOL_T_Peer = 137, /* T_Peer */ - YYSYMBOL_T_Peerstats = 138, /* T_Peerstats */ - YYSYMBOL_T_Phone = 139, /* T_Phone */ - YYSYMBOL_T_Pid = 140, /* T_Pid */ - YYSYMBOL_T_Pidfile = 141, /* T_Pidfile */ - YYSYMBOL_T_Poll = 142, /* T_Poll */ - YYSYMBOL_T_PollSkewList = 143, /* T_PollSkewList */ - YYSYMBOL_T_Pool = 144, /* T_Pool */ - YYSYMBOL_T_Port = 145, /* T_Port */ - YYSYMBOL_T_PpsData = 146, /* T_PpsData */ - YYSYMBOL_T_Preempt = 147, /* T_Preempt */ - YYSYMBOL_T_Prefer = 148, /* T_Prefer */ - YYSYMBOL_T_Protostats = 149, /* T_Protostats */ - YYSYMBOL_T_Pw = 150, /* T_Pw */ - YYSYMBOL_T_Randfile = 151, /* T_Randfile */ - YYSYMBOL_T_Rawstats = 152, /* T_Rawstats */ - YYSYMBOL_T_Refid = 153, /* T_Refid */ - YYSYMBOL_T_Requestkey = 154, /* T_Requestkey */ - YYSYMBOL_T_Reset = 155, /* T_Reset */ - YYSYMBOL_T_Restrict = 156, /* T_Restrict */ - YYSYMBOL_T_Revoke = 157, /* T_Revoke */ - YYSYMBOL_T_Rlimit = 158, /* T_Rlimit */ - YYSYMBOL_T_Saveconfigdir = 159, /* T_Saveconfigdir */ - YYSYMBOL_T_Server = 160, /* T_Server */ - YYSYMBOL_T_Serverresponse = 161, /* T_Serverresponse */ - YYSYMBOL_T_ServerresponseFuzz = 162, /* T_ServerresponseFuzz */ - YYSYMBOL_T_Setvar = 163, /* T_Setvar */ - YYSYMBOL_T_Source = 164, /* T_Source */ - YYSYMBOL_T_Stacksize = 165, /* T_Stacksize */ - YYSYMBOL_T_Statistics = 166, /* T_Statistics */ - YYSYMBOL_T_Stats = 167, /* T_Stats */ - YYSYMBOL_T_Statsdir = 168, /* T_Statsdir */ - YYSYMBOL_T_Step = 169, /* T_Step */ - YYSYMBOL_T_Stepback = 170, /* T_Stepback */ - YYSYMBOL_T_Stepfwd = 171, /* T_Stepfwd */ - YYSYMBOL_T_Stepout = 172, /* T_Stepout */ - YYSYMBOL_T_Stratum = 173, /* T_Stratum */ - YYSYMBOL_T_String = 174, /* T_String */ - YYSYMBOL_T_Sys = 175, /* T_Sys */ - YYSYMBOL_T_Sysstats = 176, /* T_Sysstats */ - YYSYMBOL_T_Tick = 177, /* T_Tick */ - YYSYMBOL_T_Time1 = 178, /* T_Time1 */ - YYSYMBOL_T_Time2 = 179, /* T_Time2 */ - YYSYMBOL_T_TimeData = 180, /* T_TimeData */ - YYSYMBOL_T_Timer = 181, /* T_Timer */ - YYSYMBOL_T_Timingstats = 182, /* T_Timingstats */ - YYSYMBOL_T_Tinker = 183, /* T_Tinker */ - YYSYMBOL_T_Tos = 184, /* T_Tos */ - YYSYMBOL_T_Trap = 185, /* T_Trap */ - YYSYMBOL_T_True = 186, /* T_True */ - YYSYMBOL_T_Trustedkey = 187, /* T_Trustedkey */ - YYSYMBOL_T_Ttl = 188, /* T_Ttl */ - YYSYMBOL_T_Type = 189, /* T_Type */ - YYSYMBOL_T_U_int = 190, /* T_U_int */ - YYSYMBOL_T_UEcrypto = 191, /* T_UEcrypto */ - YYSYMBOL_T_UEcryptonak = 192, /* T_UEcryptonak */ - YYSYMBOL_T_UEdigest = 193, /* T_UEdigest */ - YYSYMBOL_T_Unconfig = 194, /* T_Unconfig */ - YYSYMBOL_T_Unpeer = 195, /* T_Unpeer */ - YYSYMBOL_T_Version = 196, /* T_Version */ - YYSYMBOL_T_WanderThreshold = 197, /* T_WanderThreshold */ - YYSYMBOL_T_Week = 198, /* T_Week */ - YYSYMBOL_T_Wildcard = 199, /* T_Wildcard */ - YYSYMBOL_T_Xleave = 200, /* T_Xleave */ - YYSYMBOL_T_Xmtnonce = 201, /* T_Xmtnonce */ - YYSYMBOL_T_Year = 202, /* T_Year */ - YYSYMBOL_T_Flag = 203, /* T_Flag */ - YYSYMBOL_T_EOC = 204, /* T_EOC */ - YYSYMBOL_T_Simulate = 205, /* T_Simulate */ - YYSYMBOL_T_Beep_Delay = 206, /* T_Beep_Delay */ - YYSYMBOL_T_Sim_Duration = 207, /* T_Sim_Duration */ - YYSYMBOL_T_Server_Offset = 208, /* T_Server_Offset */ - YYSYMBOL_T_Duration = 209, /* T_Duration */ - YYSYMBOL_T_Freq_Offset = 210, /* T_Freq_Offset */ - YYSYMBOL_T_Wander = 211, /* T_Wander */ - YYSYMBOL_T_Jitter = 212, /* T_Jitter */ - YYSYMBOL_T_Prop_Delay = 213, /* T_Prop_Delay */ - YYSYMBOL_T_Proc_Delay = 214, /* T_Proc_Delay */ - YYSYMBOL_215_ = 215, /* '|' */ - YYSYMBOL_216_ = 216, /* '=' */ - YYSYMBOL_217_ = 217, /* '(' */ - YYSYMBOL_218_ = 218, /* ')' */ - YYSYMBOL_219_ = 219, /* '{' */ - YYSYMBOL_220_ = 220, /* '}' */ - YYSYMBOL_YYACCEPT = 221, /* $accept */ - YYSYMBOL_configuration = 222, /* configuration */ - YYSYMBOL_command_list = 223, /* command_list */ - YYSYMBOL_command = 224, /* command */ - YYSYMBOL_server_command = 225, /* server_command */ - YYSYMBOL_client_type = 226, /* client_type */ - YYSYMBOL_address = 227, /* address */ - YYSYMBOL_ip_address = 228, /* ip_address */ - YYSYMBOL_address_fam = 229, /* address_fam */ - YYSYMBOL_option_list = 230, /* option_list */ - YYSYMBOL_option = 231, /* option */ - YYSYMBOL_option_flag = 232, /* option_flag */ - YYSYMBOL_option_flag_keyword = 233, /* option_flag_keyword */ - YYSYMBOL_option_int = 234, /* option_int */ - YYSYMBOL_option_int_keyword = 235, /* option_int_keyword */ - YYSYMBOL_option_str = 236, /* option_str */ - YYSYMBOL_option_str_keyword = 237, /* option_str_keyword */ - YYSYMBOL_unpeer_command = 238, /* unpeer_command */ - YYSYMBOL_unpeer_keyword = 239, /* unpeer_keyword */ - YYSYMBOL_other_mode_command = 240, /* other_mode_command */ - YYSYMBOL_authentication_command = 241, /* authentication_command */ - YYSYMBOL_crypto_command_list = 242, /* crypto_command_list */ - YYSYMBOL_crypto_command = 243, /* crypto_command */ - YYSYMBOL_crypto_str_keyword = 244, /* crypto_str_keyword */ - YYSYMBOL_orphan_mode_command = 245, /* orphan_mode_command */ - YYSYMBOL_tos_option_list = 246, /* tos_option_list */ - YYSYMBOL_tos_option = 247, /* tos_option */ - YYSYMBOL_tos_option_int_keyword = 248, /* tos_option_int_keyword */ - YYSYMBOL_tos_option_dbl_keyword = 249, /* tos_option_dbl_keyword */ - YYSYMBOL_monitoring_command = 250, /* monitoring_command */ - YYSYMBOL_stats_list = 251, /* stats_list */ - YYSYMBOL_stat = 252, /* stat */ - YYSYMBOL_filegen_option_list = 253, /* filegen_option_list */ - YYSYMBOL_filegen_option = 254, /* filegen_option */ - YYSYMBOL_link_nolink = 255, /* link_nolink */ - YYSYMBOL_enable_disable = 256, /* enable_disable */ - YYSYMBOL_filegen_type = 257, /* filegen_type */ - YYSYMBOL_access_control_command = 258, /* access_control_command */ - YYSYMBOL_res_ippeerlimit = 259, /* res_ippeerlimit */ - YYSYMBOL_ac_flag_list = 260, /* ac_flag_list */ - YYSYMBOL_access_control_flag = 261, /* access_control_flag */ - YYSYMBOL_discard_option_list = 262, /* discard_option_list */ - YYSYMBOL_discard_option = 263, /* discard_option */ - YYSYMBOL_discard_option_keyword = 264, /* discard_option_keyword */ - YYSYMBOL_mru_option_list = 265, /* mru_option_list */ - YYSYMBOL_mru_option = 266, /* mru_option */ - YYSYMBOL_mru_option_keyword = 267, /* mru_option_keyword */ - YYSYMBOL_fudge_command = 268, /* fudge_command */ - YYSYMBOL_fudge_factor_list = 269, /* fudge_factor_list */ - YYSYMBOL_fudge_factor = 270, /* fudge_factor */ - YYSYMBOL_fudge_factor_dbl_keyword = 271, /* fudge_factor_dbl_keyword */ - YYSYMBOL_fudge_factor_bool_keyword = 272, /* fudge_factor_bool_keyword */ - YYSYMBOL_device_command = 273, /* device_command */ - YYSYMBOL_device_item_list = 274, /* device_item_list */ - YYSYMBOL_device_item = 275, /* device_item */ - YYSYMBOL_device_item_path_keyword = 276, /* device_item_path_keyword */ - YYSYMBOL_rlimit_command = 277, /* rlimit_command */ - YYSYMBOL_rlimit_option_list = 278, /* rlimit_option_list */ - YYSYMBOL_rlimit_option = 279, /* rlimit_option */ - YYSYMBOL_rlimit_option_keyword = 280, /* rlimit_option_keyword */ - YYSYMBOL_system_option_command = 281, /* system_option_command */ - YYSYMBOL_system_option_list = 282, /* system_option_list */ - YYSYMBOL_system_option = 283, /* system_option */ - YYSYMBOL_system_option_flag_keyword = 284, /* system_option_flag_keyword */ - YYSYMBOL_system_option_local_flag_keyword = 285, /* system_option_local_flag_keyword */ - YYSYMBOL_tinker_command = 286, /* tinker_command */ - YYSYMBOL_tinker_option_list = 287, /* tinker_option_list */ - YYSYMBOL_tinker_option = 288, /* tinker_option */ - YYSYMBOL_tinker_option_keyword = 289, /* tinker_option_keyword */ - YYSYMBOL_miscellaneous_command = 290, /* miscellaneous_command */ - YYSYMBOL_misc_cmd_dbl_keyword = 291, /* misc_cmd_dbl_keyword */ - YYSYMBOL_misc_cmd_int_keyword = 292, /* misc_cmd_int_keyword */ - YYSYMBOL_opt_hash_check = 293, /* opt_hash_check */ - YYSYMBOL_misc_cmd_str_keyword = 294, /* misc_cmd_str_keyword */ - YYSYMBOL_misc_cmd_str_lcl_keyword = 295, /* misc_cmd_str_lcl_keyword */ - YYSYMBOL_drift_parm = 296, /* drift_parm */ - YYSYMBOL_pollskew_list = 297, /* pollskew_list */ - YYSYMBOL_pollskew_spec = 298, /* pollskew_spec */ - YYSYMBOL_pollskew_cycle = 299, /* pollskew_cycle */ - YYSYMBOL_variable_assign = 300, /* variable_assign */ - YYSYMBOL_t_default_or_zero = 301, /* t_default_or_zero */ - YYSYMBOL_trap_option_list = 302, /* trap_option_list */ - YYSYMBOL_trap_option = 303, /* trap_option */ - YYSYMBOL_log_config_list = 304, /* log_config_list */ - YYSYMBOL_log_config_command = 305, /* log_config_command */ - YYSYMBOL_interface_command = 306, /* interface_command */ - YYSYMBOL_interface_nic = 307, /* interface_nic */ - YYSYMBOL_nic_rule_class = 308, /* nic_rule_class */ - YYSYMBOL_nic_rule_action = 309, /* nic_rule_action */ - YYSYMBOL_reset_command = 310, /* reset_command */ - YYSYMBOL_counter_set_list = 311, /* counter_set_list */ - YYSYMBOL_counter_set_keyword = 312, /* counter_set_keyword */ - YYSYMBOL_integer_list = 313, /* integer_list */ - YYSYMBOL_integer_list_range = 314, /* integer_list_range */ - YYSYMBOL_integer_list_range_elt = 315, /* integer_list_range_elt */ - YYSYMBOL_integer_range = 316, /* integer_range */ - YYSYMBOL_string_list = 317, /* string_list */ - YYSYMBOL_address_list = 318, /* address_list */ - YYSYMBOL_boolean = 319, /* boolean */ - YYSYMBOL_number = 320, /* number */ - YYSYMBOL_basedate = 321, /* basedate */ - YYSYMBOL_simulate_command = 322, /* simulate_command */ - YYSYMBOL_sim_conf_start = 323, /* sim_conf_start */ - YYSYMBOL_sim_init_statement_list = 324, /* sim_init_statement_list */ - YYSYMBOL_sim_init_statement = 325, /* sim_init_statement */ - YYSYMBOL_sim_init_keyword = 326, /* sim_init_keyword */ - YYSYMBOL_sim_server_list = 327, /* sim_server_list */ - YYSYMBOL_sim_server = 328, /* sim_server */ - YYSYMBOL_sim_server_offset = 329, /* sim_server_offset */ - YYSYMBOL_sim_server_name = 330, /* sim_server_name */ - YYSYMBOL_sim_act_list = 331, /* sim_act_list */ - YYSYMBOL_sim_act = 332, /* sim_act */ - YYSYMBOL_sim_act_stmt_list = 333, /* sim_act_stmt_list */ - YYSYMBOL_sim_act_stmt = 334, /* sim_act_stmt */ - YYSYMBOL_sim_act_keyword = 335 /* sim_act_keyword */ + YYSYMBOL_T_Delrestrict = 31, /* T_Delrestrict */ + YYSYMBOL_T_Device = 32, /* T_Device */ + YYSYMBOL_T_Digest = 33, /* T_Digest */ + YYSYMBOL_T_Disable = 34, /* T_Disable */ + YYSYMBOL_T_Discard = 35, /* T_Discard */ + YYSYMBOL_T_Dispersion = 36, /* T_Dispersion */ + YYSYMBOL_T_Double = 37, /* T_Double */ + YYSYMBOL_T_Driftfile = 38, /* T_Driftfile */ + YYSYMBOL_T_Drop = 39, /* T_Drop */ + YYSYMBOL_T_Dscp = 40, /* T_Dscp */ + YYSYMBOL_T_Ellipsis = 41, /* T_Ellipsis */ + YYSYMBOL_T_Enable = 42, /* T_Enable */ + YYSYMBOL_T_End = 43, /* T_End */ + YYSYMBOL_T_Epeer = 44, /* T_Epeer */ + YYSYMBOL_T_False = 45, /* T_False */ + YYSYMBOL_T_File = 46, /* T_File */ + YYSYMBOL_T_Filegen = 47, /* T_Filegen */ + YYSYMBOL_T_Filenum = 48, /* T_Filenum */ + YYSYMBOL_T_Flag1 = 49, /* T_Flag1 */ + YYSYMBOL_T_Flag2 = 50, /* T_Flag2 */ + YYSYMBOL_T_Flag3 = 51, /* T_Flag3 */ + YYSYMBOL_T_Flag4 = 52, /* T_Flag4 */ + YYSYMBOL_T_Flake = 53, /* T_Flake */ + YYSYMBOL_T_Floor = 54, /* T_Floor */ + YYSYMBOL_T_Freq = 55, /* T_Freq */ + YYSYMBOL_T_Fudge = 56, /* T_Fudge */ + YYSYMBOL_T_Fuzz = 57, /* T_Fuzz */ + YYSYMBOL_T_Host = 58, /* T_Host */ + YYSYMBOL_T_Huffpuff = 59, /* T_Huffpuff */ + YYSYMBOL_T_Iburst = 60, /* T_Iburst */ + YYSYMBOL_T_Ident = 61, /* T_Ident */ + YYSYMBOL_T_Ignore = 62, /* T_Ignore */ + YYSYMBOL_T_Ignorehash = 63, /* T_Ignorehash */ + YYSYMBOL_T_Incalloc = 64, /* T_Incalloc */ + YYSYMBOL_T_Incmem = 65, /* T_Incmem */ + YYSYMBOL_T_Initalloc = 66, /* T_Initalloc */ + YYSYMBOL_T_Initmem = 67, /* T_Initmem */ + YYSYMBOL_T_Includefile = 68, /* T_Includefile */ + YYSYMBOL_T_Integer = 69, /* T_Integer */ + YYSYMBOL_T_Interface = 70, /* T_Interface */ + YYSYMBOL_T_Intrange = 71, /* T_Intrange */ + YYSYMBOL_T_Io = 72, /* T_Io */ + YYSYMBOL_T_Ippeerlimit = 73, /* T_Ippeerlimit */ + YYSYMBOL_T_Ipv4 = 74, /* T_Ipv4 */ + YYSYMBOL_T_Ipv4_flag = 75, /* T_Ipv4_flag */ + YYSYMBOL_T_Ipv6 = 76, /* T_Ipv6 */ + YYSYMBOL_T_Ipv6_flag = 77, /* T_Ipv6_flag */ + YYSYMBOL_T_Kernel = 78, /* T_Kernel */ + YYSYMBOL_T_Key = 79, /* T_Key */ + YYSYMBOL_T_Keys = 80, /* T_Keys */ + YYSYMBOL_T_Keysdir = 81, /* T_Keysdir */ + YYSYMBOL_T_Kod = 82, /* T_Kod */ + YYSYMBOL_T_Leapfile = 83, /* T_Leapfile */ + YYSYMBOL_T_Leapsmearinterval = 84, /* T_Leapsmearinterval */ + YYSYMBOL_T_Limited = 85, /* T_Limited */ + YYSYMBOL_T_Link = 86, /* T_Link */ + YYSYMBOL_T_Listen = 87, /* T_Listen */ + YYSYMBOL_T_Logconfig = 88, /* T_Logconfig */ + YYSYMBOL_T_Logfile = 89, /* T_Logfile */ + YYSYMBOL_T_Loopstats = 90, /* T_Loopstats */ + YYSYMBOL_T_Lowpriotrap = 91, /* T_Lowpriotrap */ + YYSYMBOL_T_Manycastclient = 92, /* T_Manycastclient */ + YYSYMBOL_T_Manycastserver = 93, /* T_Manycastserver */ + YYSYMBOL_T_Mask = 94, /* T_Mask */ + YYSYMBOL_T_Maxage = 95, /* T_Maxage */ + YYSYMBOL_T_Maxclock = 96, /* T_Maxclock */ + YYSYMBOL_T_Maxdepth = 97, /* T_Maxdepth */ + YYSYMBOL_T_Maxdist = 98, /* T_Maxdist */ + YYSYMBOL_T_Maxmem = 99, /* T_Maxmem */ + YYSYMBOL_T_Maxpoll = 100, /* T_Maxpoll */ + YYSYMBOL_T_Mdnstries = 101, /* T_Mdnstries */ + YYSYMBOL_T_Mem = 102, /* T_Mem */ + YYSYMBOL_T_Memlock = 103, /* T_Memlock */ + YYSYMBOL_T_Minclock = 104, /* T_Minclock */ + YYSYMBOL_T_Mindepth = 105, /* T_Mindepth */ + YYSYMBOL_T_Mindist = 106, /* T_Mindist */ + YYSYMBOL_T_Minimum = 107, /* T_Minimum */ + YYSYMBOL_T_Minjitter = 108, /* T_Minjitter */ + YYSYMBOL_T_Minpoll = 109, /* T_Minpoll */ + YYSYMBOL_T_Minsane = 110, /* T_Minsane */ + YYSYMBOL_T_Mode = 111, /* T_Mode */ + YYSYMBOL_T_Mode7 = 112, /* T_Mode7 */ + YYSYMBOL_T_Monitor = 113, /* T_Monitor */ + YYSYMBOL_T_Month = 114, /* T_Month */ + YYSYMBOL_T_Mru = 115, /* T_Mru */ + YYSYMBOL_T_Mssntp = 116, /* T_Mssntp */ + YYSYMBOL_T_Multicastclient = 117, /* T_Multicastclient */ + YYSYMBOL_T_Nic = 118, /* T_Nic */ + YYSYMBOL_T_Nolink = 119, /* T_Nolink */ + YYSYMBOL_T_Nomodify = 120, /* T_Nomodify */ + YYSYMBOL_T_Nomrulist = 121, /* T_Nomrulist */ + YYSYMBOL_T_None = 122, /* T_None */ + YYSYMBOL_T_Nonvolatile = 123, /* T_Nonvolatile */ + YYSYMBOL_T_Noepeer = 124, /* T_Noepeer */ + YYSYMBOL_T_Nopeer = 125, /* T_Nopeer */ + YYSYMBOL_T_Noquery = 126, /* T_Noquery */ + YYSYMBOL_T_Noselect = 127, /* T_Noselect */ + YYSYMBOL_T_Noserve = 128, /* T_Noserve */ + YYSYMBOL_T_Notrap = 129, /* T_Notrap */ + YYSYMBOL_T_Notrust = 130, /* T_Notrust */ + YYSYMBOL_T_Ntp = 131, /* T_Ntp */ + YYSYMBOL_T_Ntpport = 132, /* T_Ntpport */ + YYSYMBOL_T_NtpSignDsocket = 133, /* T_NtpSignDsocket */ + YYSYMBOL_T_Orphan = 134, /* T_Orphan */ + YYSYMBOL_T_Orphanwait = 135, /* T_Orphanwait */ + YYSYMBOL_T_PCEdigest = 136, /* T_PCEdigest */ + YYSYMBOL_T_Panic = 137, /* T_Panic */ + YYSYMBOL_T_Peer = 138, /* T_Peer */ + YYSYMBOL_T_Peerstats = 139, /* T_Peerstats */ + YYSYMBOL_T_Phone = 140, /* T_Phone */ + YYSYMBOL_T_Pid = 141, /* T_Pid */ + YYSYMBOL_T_Pidfile = 142, /* T_Pidfile */ + YYSYMBOL_T_Poll = 143, /* T_Poll */ + YYSYMBOL_T_PollSkewList = 144, /* T_PollSkewList */ + YYSYMBOL_T_Pool = 145, /* T_Pool */ + YYSYMBOL_T_Port = 146, /* T_Port */ + YYSYMBOL_T_PpsData = 147, /* T_PpsData */ + YYSYMBOL_T_Preempt = 148, /* T_Preempt */ + YYSYMBOL_T_Prefer = 149, /* T_Prefer */ + YYSYMBOL_T_Protostats = 150, /* T_Protostats */ + YYSYMBOL_T_Pw = 151, /* T_Pw */ + YYSYMBOL_T_Randfile = 152, /* T_Randfile */ + YYSYMBOL_T_Rawstats = 153, /* T_Rawstats */ + YYSYMBOL_T_Refid = 154, /* T_Refid */ + YYSYMBOL_T_Requestkey = 155, /* T_Requestkey */ + YYSYMBOL_T_Reset = 156, /* T_Reset */ + YYSYMBOL_T_Restrict = 157, /* T_Restrict */ + YYSYMBOL_T_Revoke = 158, /* T_Revoke */ + YYSYMBOL_T_Rlimit = 159, /* T_Rlimit */ + YYSYMBOL_T_Saveconfigdir = 160, /* T_Saveconfigdir */ + YYSYMBOL_T_Server = 161, /* T_Server */ + YYSYMBOL_T_Serverresponse = 162, /* T_Serverresponse */ + YYSYMBOL_T_ServerresponseFuzz = 163, /* T_ServerresponseFuzz */ + YYSYMBOL_T_Setvar = 164, /* T_Setvar */ + YYSYMBOL_T_Source = 165, /* T_Source */ + YYSYMBOL_T_Stacksize = 166, /* T_Stacksize */ + YYSYMBOL_T_Statistics = 167, /* T_Statistics */ + YYSYMBOL_T_Stats = 168, /* T_Stats */ + YYSYMBOL_T_Statsdir = 169, /* T_Statsdir */ + YYSYMBOL_T_Step = 170, /* T_Step */ + YYSYMBOL_T_Stepback = 171, /* T_Stepback */ + YYSYMBOL_T_Stepfwd = 172, /* T_Stepfwd */ + YYSYMBOL_T_Stepout = 173, /* T_Stepout */ + YYSYMBOL_T_Stratum = 174, /* T_Stratum */ + YYSYMBOL_T_String = 175, /* T_String */ + YYSYMBOL_T_Sys = 176, /* T_Sys */ + YYSYMBOL_T_Sysstats = 177, /* T_Sysstats */ + YYSYMBOL_T_Tick = 178, /* T_Tick */ + YYSYMBOL_T_Time1 = 179, /* T_Time1 */ + YYSYMBOL_T_Time2 = 180, /* T_Time2 */ + YYSYMBOL_T_TimeData = 181, /* T_TimeData */ + YYSYMBOL_T_Timer = 182, /* T_Timer */ + YYSYMBOL_T_Timingstats = 183, /* T_Timingstats */ + YYSYMBOL_T_Tinker = 184, /* T_Tinker */ + YYSYMBOL_T_Tos = 185, /* T_Tos */ + YYSYMBOL_T_Trap = 186, /* T_Trap */ + YYSYMBOL_T_True = 187, /* T_True */ + YYSYMBOL_T_Trustedkey = 188, /* T_Trustedkey */ + YYSYMBOL_T_Ttl = 189, /* T_Ttl */ + YYSYMBOL_T_Type = 190, /* T_Type */ + YYSYMBOL_T_U_int = 191, /* T_U_int */ + YYSYMBOL_T_UEcrypto = 192, /* T_UEcrypto */ + YYSYMBOL_T_UEcryptonak = 193, /* T_UEcryptonak */ + YYSYMBOL_T_UEdigest = 194, /* T_UEdigest */ + YYSYMBOL_T_Unconfig = 195, /* T_Unconfig */ + YYSYMBOL_T_Unpeer = 196, /* T_Unpeer */ + YYSYMBOL_T_Version = 197, /* T_Version */ + YYSYMBOL_T_WanderThreshold = 198, /* T_WanderThreshold */ + YYSYMBOL_T_Week = 199, /* T_Week */ + YYSYMBOL_T_Wildcard = 200, /* T_Wildcard */ + YYSYMBOL_T_Xleave = 201, /* T_Xleave */ + YYSYMBOL_T_Xmtnonce = 202, /* T_Xmtnonce */ + YYSYMBOL_T_Year = 203, /* T_Year */ + YYSYMBOL_T_Flag = 204, /* T_Flag */ + YYSYMBOL_T_EOC = 205, /* T_EOC */ + YYSYMBOL_T_Simulate = 206, /* T_Simulate */ + YYSYMBOL_T_Beep_Delay = 207, /* T_Beep_Delay */ + YYSYMBOL_T_Sim_Duration = 208, /* T_Sim_Duration */ + YYSYMBOL_T_Server_Offset = 209, /* T_Server_Offset */ + YYSYMBOL_T_Duration = 210, /* T_Duration */ + YYSYMBOL_T_Freq_Offset = 211, /* T_Freq_Offset */ + YYSYMBOL_T_Wander = 212, /* T_Wander */ + YYSYMBOL_T_Jitter = 213, /* T_Jitter */ + YYSYMBOL_T_Prop_Delay = 214, /* T_Prop_Delay */ + YYSYMBOL_T_Proc_Delay = 215, /* T_Proc_Delay */ + YYSYMBOL_216_ = 216, /* '|' */ + YYSYMBOL_217_ = 217, /* '=' */ + YYSYMBOL_218_ = 218, /* '(' */ + YYSYMBOL_219_ = 219, /* ')' */ + YYSYMBOL_220_ = 220, /* '{' */ + YYSYMBOL_221_ = 221, /* '}' */ + YYSYMBOL_YYACCEPT = 222, /* $accept */ + YYSYMBOL_configuration = 223, /* configuration */ + YYSYMBOL_command_list = 224, /* command_list */ + YYSYMBOL_command = 225, /* command */ + YYSYMBOL_server_command = 226, /* server_command */ + YYSYMBOL_client_type = 227, /* client_type */ + YYSYMBOL_address = 228, /* address */ + YYSYMBOL_ip_address = 229, /* ip_address */ + YYSYMBOL_address_fam = 230, /* address_fam */ + YYSYMBOL_option_list = 231, /* option_list */ + YYSYMBOL_option = 232, /* option */ + YYSYMBOL_option_flag = 233, /* option_flag */ + YYSYMBOL_option_flag_keyword = 234, /* option_flag_keyword */ + YYSYMBOL_option_int = 235, /* option_int */ + YYSYMBOL_option_int_keyword = 236, /* option_int_keyword */ + YYSYMBOL_option_str = 237, /* option_str */ + YYSYMBOL_option_str_keyword = 238, /* option_str_keyword */ + YYSYMBOL_unpeer_command = 239, /* unpeer_command */ + YYSYMBOL_unpeer_keyword = 240, /* unpeer_keyword */ + YYSYMBOL_other_mode_command = 241, /* other_mode_command */ + YYSYMBOL_authentication_command = 242, /* authentication_command */ + YYSYMBOL_crypto_command_list = 243, /* crypto_command_list */ + YYSYMBOL_crypto_command = 244, /* crypto_command */ + YYSYMBOL_crypto_str_keyword = 245, /* crypto_str_keyword */ + YYSYMBOL_orphan_mode_command = 246, /* orphan_mode_command */ + YYSYMBOL_tos_option_list = 247, /* tos_option_list */ + YYSYMBOL_tos_option = 248, /* tos_option */ + YYSYMBOL_tos_option_int_keyword = 249, /* tos_option_int_keyword */ + YYSYMBOL_tos_option_dbl_keyword = 250, /* tos_option_dbl_keyword */ + YYSYMBOL_monitoring_command = 251, /* monitoring_command */ + YYSYMBOL_stats_list = 252, /* stats_list */ + YYSYMBOL_stat = 253, /* stat */ + YYSYMBOL_filegen_option_list = 254, /* filegen_option_list */ + YYSYMBOL_filegen_option = 255, /* filegen_option */ + YYSYMBOL_link_nolink = 256, /* link_nolink */ + YYSYMBOL_enable_disable = 257, /* enable_disable */ + YYSYMBOL_filegen_type = 258, /* filegen_type */ + YYSYMBOL_access_control_command = 259, /* access_control_command */ + YYSYMBOL_restrict_mask = 260, /* restrict_mask */ + YYSYMBOL_res_ippeerlimit = 261, /* res_ippeerlimit */ + YYSYMBOL_ac_flag_list = 262, /* ac_flag_list */ + YYSYMBOL_access_control_flag = 263, /* access_control_flag */ + YYSYMBOL_discard_option_list = 264, /* discard_option_list */ + YYSYMBOL_discard_option = 265, /* discard_option */ + YYSYMBOL_discard_option_keyword = 266, /* discard_option_keyword */ + YYSYMBOL_mru_option_list = 267, /* mru_option_list */ + YYSYMBOL_mru_option = 268, /* mru_option */ + YYSYMBOL_mru_option_keyword = 269, /* mru_option_keyword */ + YYSYMBOL_fudge_command = 270, /* fudge_command */ + YYSYMBOL_fudge_factor_list = 271, /* fudge_factor_list */ + YYSYMBOL_fudge_factor = 272, /* fudge_factor */ + YYSYMBOL_fudge_factor_dbl_keyword = 273, /* fudge_factor_dbl_keyword */ + YYSYMBOL_fudge_factor_bool_keyword = 274, /* fudge_factor_bool_keyword */ + YYSYMBOL_device_command = 275, /* device_command */ + YYSYMBOL_device_item_list = 276, /* device_item_list */ + YYSYMBOL_device_item = 277, /* device_item */ + YYSYMBOL_device_item_path_keyword = 278, /* device_item_path_keyword */ + YYSYMBOL_rlimit_command = 279, /* rlimit_command */ + YYSYMBOL_rlimit_option_list = 280, /* rlimit_option_list */ + YYSYMBOL_rlimit_option = 281, /* rlimit_option */ + YYSYMBOL_rlimit_option_keyword = 282, /* rlimit_option_keyword */ + YYSYMBOL_system_option_command = 283, /* system_option_command */ + YYSYMBOL_system_option_list = 284, /* system_option_list */ + YYSYMBOL_system_option = 285, /* system_option */ + YYSYMBOL_system_option_flag_keyword = 286, /* system_option_flag_keyword */ + YYSYMBOL_system_option_local_flag_keyword = 287, /* system_option_local_flag_keyword */ + YYSYMBOL_tinker_command = 288, /* tinker_command */ + YYSYMBOL_tinker_option_list = 289, /* tinker_option_list */ + YYSYMBOL_tinker_option = 290, /* tinker_option */ + YYSYMBOL_tinker_option_keyword = 291, /* tinker_option_keyword */ + YYSYMBOL_miscellaneous_command = 292, /* miscellaneous_command */ + YYSYMBOL_misc_cmd_dbl_keyword = 293, /* misc_cmd_dbl_keyword */ + YYSYMBOL_misc_cmd_int_keyword = 294, /* misc_cmd_int_keyword */ + YYSYMBOL_opt_hash_check = 295, /* opt_hash_check */ + YYSYMBOL_misc_cmd_str_keyword = 296, /* misc_cmd_str_keyword */ + YYSYMBOL_misc_cmd_str_lcl_keyword = 297, /* misc_cmd_str_lcl_keyword */ + YYSYMBOL_drift_parm = 298, /* drift_parm */ + YYSYMBOL_pollskew_list = 299, /* pollskew_list */ + YYSYMBOL_pollskew_spec = 300, /* pollskew_spec */ + YYSYMBOL_pollskew_cycle = 301, /* pollskew_cycle */ + YYSYMBOL_variable_assign = 302, /* variable_assign */ + YYSYMBOL_t_default_or_zero = 303, /* t_default_or_zero */ + YYSYMBOL_trap_option_list = 304, /* trap_option_list */ + YYSYMBOL_trap_option = 305, /* trap_option */ + YYSYMBOL_log_config_list = 306, /* log_config_list */ + YYSYMBOL_log_config_command = 307, /* log_config_command */ + YYSYMBOL_interface_command = 308, /* interface_command */ + YYSYMBOL_interface_nic = 309, /* interface_nic */ + YYSYMBOL_nic_rule_class = 310, /* nic_rule_class */ + YYSYMBOL_nic_rule_action = 311, /* nic_rule_action */ + YYSYMBOL_reset_command = 312, /* reset_command */ + YYSYMBOL_counter_set_list = 313, /* counter_set_list */ + YYSYMBOL_counter_set_keyword = 314, /* counter_set_keyword */ + YYSYMBOL_integer_list = 315, /* integer_list */ + YYSYMBOL_integer_list_range = 316, /* integer_list_range */ + YYSYMBOL_integer_list_range_elt = 317, /* integer_list_range_elt */ + YYSYMBOL_integer_range = 318, /* integer_range */ + YYSYMBOL_string_list = 319, /* string_list */ + YYSYMBOL_address_list = 320, /* address_list */ + YYSYMBOL_boolean = 321, /* boolean */ + YYSYMBOL_number = 322, /* number */ + YYSYMBOL_basedate = 323, /* basedate */ + YYSYMBOL_simulate_command = 324, /* simulate_command */ + YYSYMBOL_sim_conf_start = 325, /* sim_conf_start */ + YYSYMBOL_sim_init_statement_list = 326, /* sim_init_statement_list */ + YYSYMBOL_sim_init_statement = 327, /* sim_init_statement */ + YYSYMBOL_sim_init_keyword = 328, /* sim_init_keyword */ + YYSYMBOL_sim_server_list = 329, /* sim_server_list */ + YYSYMBOL_sim_server = 330, /* sim_server */ + YYSYMBOL_sim_server_offset = 331, /* sim_server_offset */ + YYSYMBOL_sim_server_name = 332, /* sim_server_name */ + YYSYMBOL_sim_act_list = 333, /* sim_act_list */ + YYSYMBOL_sim_act = 334, /* sim_act */ + YYSYMBOL_sim_act_stmt_list = 335, /* sim_act_stmt_list */ + YYSYMBOL_sim_act_stmt = 336, /* sim_act_stmt */ + YYSYMBOL_sim_act_keyword = 337 /* sim_act_keyword */ }; typedef enum yysymbol_kind_t yysymbol_kind_t; @@ -1113,12 +1119,18 @@ typedef int yy_state_fast_t; # define YY_USE(E) /* empty */ #endif -#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ /* Suppress an incorrect diagnostic about yylval being uninitialized. */ -# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ +#if defined __GNUC__ && ! defined __ICC && 406 <= __GNUC__ * 100 + __GNUC_MINOR__ +# if __GNUC__ * 100 + __GNUC_MINOR__ < 407 +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") +# else +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ _Pragma ("GCC diagnostic push") \ _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") +# endif # define YY_IGNORE_MAYBE_UNINITIALIZED_END \ _Pragma ("GCC diagnostic pop") #else @@ -1275,21 +1287,21 @@ union yyalloc #endif /* !YYCOPY_NEEDED */ /* YYFINAL -- State number of the termination state. */ -#define YYFINAL 222 +#define YYFINAL 225 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 688 +#define YYLAST 717 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 221 +#define YYNTOKENS 222 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 115 +#define YYNNTS 116 /* YYNRULES -- Number of rules. */ -#define YYNRULES 343 +#define YYNRULES 346 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 463 +#define YYNSTATES 467 /* YYMAXUTOK -- Last valid token kind. */ -#define YYMAXUTOK 469 +#define YYMAXUTOK 470 /* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM @@ -1307,15 +1319,15 @@ static const yytype_uint8 yytranslate[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 217, 218, 2, 2, 2, 2, 2, 2, 2, 2, + 218, 219, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 216, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 217, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 219, 215, 220, 2, 2, 2, 2, + 2, 2, 2, 220, 216, 221, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -1349,48 +1361,49 @@ static const yytype_uint8 yytranslate[] = 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, - 205, 206, 207, 208, 209, 210, 211, 212, 213, 214 + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215 }; #if YYDEBUG - /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ +/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_int16 yyrline[] = { - 0, 397, 397, 401, 402, 403, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 440, 450, 451, 452, 453, 454, 458, 459, 464, - 469, 471, 477, 478, 486, 487, 488, 492, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 509, 511, 516, - 517, 518, 519, 520, 521, 525, 530, 539, 549, 550, - 560, 562, 564, 566, 577, 584, 586, 591, 593, 595, - 597, 599, 609, 615, 616, 624, 626, 638, 639, 640, - 641, 642, 651, 656, 661, 669, 671, 673, 675, 680, - 681, 682, 683, 684, 685, 686, 687, 688, 692, 693, - 702, 704, 713, 723, 728, 736, 737, 738, 739, 740, - 741, 742, 743, 748, 749, 757, 767, 776, 791, 796, - 797, 801, 802, 806, 807, 808, 809, 810, 811, 812, - 821, 825, 829, 837, 845, 853, 868, 883, 896, 897, - 917, 918, 926, 937, 938, 939, 940, 941, 942, 943, - 944, 945, 946, 947, 948, 949, 950, 951, 952, 953, - 957, 962, 970, 975, 976, 977, 981, 986, 994, 999, - 1000, 1001, 1002, 1003, 1004, 1005, 1006, 1014, 1024, 1029, - 1037, 1039, 1041, 1050, 1052, 1057, 1058, 1059, 1063, 1064, - 1065, 1066, 1074, 1084, 1089, 1097, 1102, 1103, 1111, 1116, - 1121, 1129, 1134, 1135, 1136, 1145, 1147, 1152, 1157, 1165, - 1167, 1184, 1185, 1186, 1187, 1188, 1189, 1193, 1194, 1195, - 1196, 1197, 1198, 1206, 1211, 1216, 1224, 1229, 1230, 1231, - 1232, 1233, 1234, 1235, 1236, 1237, 1238, 1247, 1248, 1249, - 1256, 1263, 1270, 1286, 1305, 1313, 1315, 1317, 1319, 1321, - 1323, 1325, 1332, 1337, 1338, 1339, 1343, 1347, 1356, 1358, - 1361, 1365, 1369, 1370, 1371, 1375, 1386, 1404, 1417, 1418, - 1423, 1449, 1450, 1455, 1460, 1462, 1467, 1468, 1476, 1478, - 1486, 1491, 1499, 1524, 1531, 1541, 1542, 1546, 1547, 1548, - 1549, 1553, 1554, 1555, 1559, 1564, 1569, 1577, 1578, 1579, - 1580, 1581, 1582, 1583, 1593, 1598, 1606, 1611, 1619, 1621, - 1625, 1630, 1635, 1643, 1648, 1656, 1665, 1666, 1670, 1671, - 1675, 1683, 1701, 1705, 1710, 1718, 1723, 1724, 1728, 1733, - 1741, 1746, 1751, 1756, 1761, 1769, 1774, 1779, 1787, 1792, - 1793, 1794, 1795, 1796 + 0, 399, 399, 403, 404, 405, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 442, 452, 453, 454, 455, 456, 460, 461, 466, + 471, 473, 479, 480, 488, 489, 490, 494, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 511, 513, 518, + 519, 520, 521, 522, 523, 527, 532, 541, 551, 552, + 562, 564, 566, 568, 579, 586, 588, 593, 595, 597, + 599, 601, 611, 617, 618, 626, 628, 640, 641, 642, + 643, 644, 653, 658, 663, 671, 673, 675, 677, 682, + 683, 684, 685, 686, 687, 688, 689, 690, 694, 695, + 704, 706, 715, 725, 730, 738, 739, 740, 741, 742, + 743, 744, 745, 750, 751, 759, 769, 778, 793, 798, + 799, 803, 804, 808, 809, 810, 811, 812, 813, 814, + 823, 827, 831, 840, 849, 865, 881, 891, 900, 916, + 917, 925, 926, 946, 947, 955, 966, 967, 968, 969, + 970, 971, 972, 973, 974, 975, 976, 977, 978, 979, + 980, 981, 982, 986, 991, 999, 1004, 1005, 1006, 1010, + 1015, 1023, 1028, 1029, 1030, 1031, 1032, 1033, 1034, 1035, + 1043, 1053, 1058, 1066, 1068, 1070, 1079, 1081, 1086, 1087, + 1088, 1092, 1093, 1094, 1095, 1103, 1113, 1118, 1126, 1131, + 1132, 1140, 1145, 1150, 1158, 1163, 1164, 1165, 1174, 1176, + 1181, 1186, 1194, 1196, 1213, 1214, 1215, 1216, 1217, 1218, + 1222, 1223, 1224, 1225, 1226, 1227, 1235, 1240, 1245, 1253, + 1258, 1259, 1260, 1261, 1262, 1263, 1264, 1265, 1266, 1267, + 1276, 1277, 1278, 1285, 1292, 1299, 1315, 1334, 1342, 1344, + 1346, 1348, 1350, 1352, 1354, 1361, 1366, 1367, 1368, 1372, + 1376, 1385, 1387, 1390, 1394, 1398, 1399, 1400, 1404, 1415, + 1433, 1446, 1447, 1452, 1478, 1484, 1489, 1494, 1496, 1501, + 1502, 1510, 1512, 1520, 1525, 1533, 1558, 1565, 1575, 1576, + 1580, 1581, 1582, 1583, 1587, 1588, 1589, 1593, 1598, 1603, + 1611, 1612, 1613, 1614, 1615, 1616, 1617, 1627, 1632, 1640, + 1645, 1653, 1655, 1659, 1664, 1669, 1677, 1682, 1690, 1699, + 1700, 1704, 1705, 1709, 1717, 1735, 1739, 1744, 1752, 1757, + 1758, 1762, 1767, 1775, 1780, 1785, 1790, 1795, 1803, 1808, + 1813, 1821, 1826, 1827, 1828, 1829, 1830 }; #endif @@ -1412,11 +1425,11 @@ static const char *const yytname[] = "T_Broadcast", "T_Broadcastclient", "T_Broadcastdelay", "T_Burst", "T_Calibrate", "T_Ceiling", "T_Checkhash", "T_Clockstats", "T_Cohort", "T_ControlKey", "T_Crypto", "T_Cryptostats", "T_Ctl", "T_Day", - "T_Default", "T_Device", "T_Digest", "T_Disable", "T_Discard", - "T_Dispersion", "T_Double", "T_Driftfile", "T_Drop", "T_Dscp", - "T_Ellipsis", "T_Enable", "T_End", "T_Epeer", "T_False", "T_File", - "T_Filegen", "T_Filenum", "T_Flag1", "T_Flag2", "T_Flag3", "T_Flag4", - "T_Flake", "T_Floor", "T_Freq", "T_Fudge", "T_Fuzz", "T_Host", + "T_Default", "T_Delrestrict", "T_Device", "T_Digest", "T_Disable", + "T_Discard", "T_Dispersion", "T_Double", "T_Driftfile", "T_Drop", + "T_Dscp", "T_Ellipsis", "T_Enable", "T_End", "T_Epeer", "T_False", + "T_File", "T_Filegen", "T_Filenum", "T_Flag1", "T_Flag2", "T_Flag3", + "T_Flag4", "T_Flake", "T_Floor", "T_Freq", "T_Fudge", "T_Fuzz", "T_Host", "T_Huffpuff", "T_Iburst", "T_Ident", "T_Ignore", "T_Ignorehash", "T_Incalloc", "T_Incmem", "T_Initalloc", "T_Initmem", "T_Includefile", "T_Integer", "T_Interface", "T_Intrange", "T_Io", "T_Ippeerlimit", @@ -1458,10 +1471,10 @@ static const char *const yytname[] = "tos_option", "tos_option_int_keyword", "tos_option_dbl_keyword", "monitoring_command", "stats_list", "stat", "filegen_option_list", "filegen_option", "link_nolink", "enable_disable", "filegen_type", - "access_control_command", "res_ippeerlimit", "ac_flag_list", - "access_control_flag", "discard_option_list", "discard_option", - "discard_option_keyword", "mru_option_list", "mru_option", - "mru_option_keyword", "fudge_command", "fudge_factor_list", + "access_control_command", "restrict_mask", "res_ippeerlimit", + "ac_flag_list", "access_control_flag", "discard_option_list", + "discard_option", "discard_option_keyword", "mru_option_list", + "mru_option", "mru_option_keyword", "fudge_command", "fudge_factor_list", "fudge_factor", "fudge_factor_dbl_keyword", "fudge_factor_bool_keyword", "device_command", "device_item_list", "device_item", "device_item_path_keyword", "rlimit_command", "rlimit_option_list", @@ -1492,38 +1505,7 @@ yysymbol_name (yysymbol_kind_t yysymbol) } #endif -#ifdef YYPRINT -/* YYTOKNUM[NUM] -- (External) token number corresponding to the - (internal) symbol number NUM (which must be that of a token). */ -static const yytype_int16 yytoknum[] = -{ - 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 124, 61, 40, 41, 123, - 125 -}; -#endif - -#define YYPACT_NINF (-247) +#define YYPACT_NINF (-280) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) @@ -1533,390 +1515,396 @@ static const yytype_int16 yytoknum[] = #define yytable_value_is_error(Yyn) \ 0 - /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ static const yytype_int16 yypact[] = { - 5, -178, -19, -247, -247, -247, -2, -247, -58, 294, - 29, -94, -247, 294, -247, 109, -58, -247, -79, -247, - -70, -68, -65, -247, -63, -247, -247, -58, 42, 205, - -58, -247, -247, -56, -247, -50, -247, -247, -247, 45, - 27, 41, 55, -34, -247, -247, -49, 109, -41, -247, - 271, 554, -40, -64, 72, -247, -247, -247, 145, 196, - -54, -247, -58, -247, -58, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, 33, 83, -22, -17, - -247, -11, -247, -247, -52, -247, -247, -247, 26, -247, - -247, -247, -121, -247, -5, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, -247, 294, -247, -247, - -247, -247, -247, -247, 29, -247, 86, 119, -247, 294, - -247, -247, -247, -247, -247, -247, -247, -247, -247, 319, - 377, -247, -247, -10, -247, -63, -247, -247, -58, -247, - -247, -247, -247, -247, -247, -247, -247, -247, 205, -247, - 104, -58, -247, -247, 7, 23, -247, -247, -247, -247, - -247, -247, -247, -247, 27, -247, 103, 154, 156, 103, - 1, -247, -247, -247, -247, -34, -247, 126, -29, -247, - 109, -247, -247, -247, -247, -247, -247, -247, -247, -247, - -247, -247, -247, 271, -247, 33, 30, -247, -247, -247, - -20, -247, -247, -247, -247, -247, -247, -247, -247, 554, - -247, 139, 33, -247, -247, -247, 143, -64, -247, -247, - -247, 155, -247, 20, -247, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, 4, -104, -247, -247, - -247, -247, -247, 157, -247, 54, -247, -247, -121, -247, - 57, -247, -247, -247, -247, -247, -4, 58, -247, -247, - -247, -247, -247, 67, 175, -247, -247, 319, -247, 33, - -20, -247, -247, -247, -247, -247, -247, -247, -247, -247, - -247, -247, -247, 178, -247, 184, -247, 103, 103, -247, - -40, -247, -247, -247, 79, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, -55, 214, -247, -247, - -247, 48, -247, -247, -247, -247, -247, -247, -247, -247, - -143, 51, 43, -247, -247, -247, -247, -247, -247, 88, - -247, -247, -1, -247, -247, -247, -247, -247, -247, -247, - -247, -247, 49, -247, 465, -247, -247, 465, 103, 465, - 227, -40, 192, -247, 198, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -61, -247, 98, 64, 69, - -150, -247, 62, -247, 33, -247, -247, -247, -247, -247, - -247, -247, -247, -247, 206, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, -247, -247, -247, -247, - -247, 226, -247, -247, 465, 465, -247, -247, -247, -247, - -247, 68, -247, -247, -247, -58, -247, -247, -247, 81, - -247, -247, -247, 465, -247, -247, 74, 84, 33, 76, - -131, -247, 90, 33, -247, -247, -247, 78, 131, -247, - -247, -247, -247, -247, 6, 91, 82, -247, 100, -247, - 33, -247, -247 + 10, -173, -31, -280, -280, -280, -11, -280, -89, -28, + 301, 3, -115, -280, 301, -280, 82, -28, -280, -98, + -280, -94, -83, -75, -280, -74, -280, -280, -28, 19, + 213, -28, -280, -280, -69, -280, -62, -280, -280, -280, + 35, 15, 101, 45, -42, -280, -280, -56, 82, -53, + -280, 53, 582, -49, -65, 49, -280, -280, -280, 129, + 202, -64, -280, -28, -280, -28, -280, -280, -280, -280, + -280, -280, -280, -280, -280, -280, -280, 0, 61, -29, + -24, -280, -22, -280, -280, -76, -280, -280, -280, 102, + -49, -280, 62, -280, -280, -113, -280, -18, -280, -280, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + 301, -280, -280, -280, -280, -280, -280, 3, -280, 89, + 122, -280, 301, -280, -280, -280, -280, -280, -280, -280, + -280, -280, 281, 384, -280, -280, -1, -280, -74, -280, + -280, -28, -280, -280, -280, -280, -280, -280, -280, -280, + -280, 213, -280, 92, -28, -280, -280, -13, -5, -280, + -280, -280, -280, -280, -280, -280, -280, 15, -280, 91, + 143, 145, 91, 62, -280, -280, -280, -280, -42, -280, + 111, -35, -280, 82, -280, -280, -280, -280, -280, -280, + -280, -280, -280, -280, -280, -280, 53, -280, 0, 6, + -280, -280, -280, -38, -280, -280, -280, -280, -280, -280, + -280, -280, 582, -280, 115, 0, -280, -280, -280, 116, + -65, -280, -280, -280, 117, -280, -16, -280, -280, -280, + -280, -280, -280, -280, -280, -280, -280, -280, -280, 8, + -112, -280, -280, -280, -280, -280, 118, -280, 17, -280, + -49, -280, -280, -280, -113, -280, 26, -280, -280, -280, + -280, -280, 21, 27, -280, -280, -280, -280, -280, 28, + 138, -280, -280, 281, -280, 0, -38, -280, -280, -280, + -280, -280, -280, -280, -280, -280, -280, -280, -280, 140, + -280, 141, -280, 91, 91, -280, 91, -280, -280, 38, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + -280, -61, 173, -280, -280, -280, 387, -280, -280, -280, + -280, -280, -280, -280, -280, -87, 12, 5, -280, -280, + -280, -280, -280, -280, -280, 54, -280, -280, 1, -280, + -280, -280, -280, -280, -280, -280, -280, -280, 14, -280, + 513, -280, -280, 513, -280, 208, -49, 170, -280, 172, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + -57, -280, 72, 31, 47, -151, -280, 30, -280, 0, + -280, -280, -280, -280, -280, -280, -280, -280, -280, 186, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + -280, -280, -280, -280, -280, -280, 199, -280, -280, 513, + 513, 513, -280, -280, -280, -280, 42, -280, -280, -280, + -28, -280, -280, -280, 48, -280, -280, -280, -280, -280, + 50, 52, 0, 56, -192, -280, 59, 0, -280, -280, + -280, 51, 139, -280, -280, -280, -280, -280, 85, 64, + 57, -280, 70, -280, 0, -280, -280 }; - /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. - Performed when YYTABLE does not specify something else to do. Zero - means the default is an error. */ +/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ static const yytype_int16 yydefact[] = { - 0, 0, 0, 25, 60, 253, 0, 73, 0, 0, - 0, 267, 256, 0, 245, 0, 0, 261, 0, 285, - 0, 0, 0, 257, 0, 262, 26, 0, 0, 0, - 0, 286, 254, 0, 24, 0, 263, 268, 23, 0, - 0, 0, 0, 0, 264, 22, 0, 0, 0, 255, - 0, 0, 0, 0, 0, 58, 59, 322, 0, 2, - 0, 7, 0, 8, 0, 9, 10, 13, 11, 12, - 14, 20, 15, 16, 17, 18, 0, 0, 0, 0, - 237, 0, 238, 19, 0, 5, 64, 65, 66, 30, - 31, 29, 0, 27, 0, 211, 212, 213, 214, 217, - 215, 216, 218, 219, 220, 221, 222, 206, 208, 209, - 210, 163, 164, 165, 130, 161, 0, 265, 246, 205, - 105, 106, 107, 108, 112, 109, 110, 111, 113, 0, - 6, 67, 68, 260, 282, 247, 281, 314, 61, 63, - 169, 170, 171, 172, 173, 174, 175, 176, 131, 167, - 0, 62, 72, 312, 248, 249, 69, 297, 298, 299, - 300, 301, 302, 303, 294, 296, 138, 30, 31, 138, - 138, 70, 204, 202, 203, 198, 200, 0, 0, 250, - 100, 104, 101, 227, 228, 229, 230, 231, 232, 233, - 234, 235, 236, 223, 225, 0, 0, 89, 90, 91, - 0, 92, 93, 99, 94, 98, 95, 96, 97, 82, - 84, 0, 0, 88, 276, 308, 0, 71, 307, 309, - 305, 252, 1, 0, 4, 32, 57, 319, 318, 239, - 240, 241, 242, 293, 292, 291, 0, 0, 81, 77, - 78, 79, 80, 0, 74, 0, 197, 196, 192, 194, - 0, 28, 207, 160, 162, 266, 102, 0, 188, 189, - 190, 191, 187, 0, 0, 185, 186, 177, 179, 0, - 0, 243, 259, 258, 244, 280, 313, 166, 168, 311, - 272, 271, 269, 0, 295, 0, 140, 138, 138, 140, - 0, 140, 199, 201, 0, 103, 224, 226, 320, 317, - 315, 316, 87, 83, 85, 86, 251, 0, 306, 304, - 3, 21, 287, 288, 289, 284, 290, 283, 326, 327, - 0, 0, 0, 76, 75, 193, 195, 122, 121, 0, - 119, 120, 0, 114, 117, 118, 183, 184, 182, 178, - 180, 181, 0, 139, 134, 140, 140, 137, 138, 132, - 275, 0, 0, 277, 0, 38, 39, 40, 56, 49, - 51, 50, 53, 41, 42, 43, 44, 52, 54, 45, - 46, 33, 34, 37, 35, 0, 36, 0, 0, 0, - 0, 329, 0, 324, 0, 115, 129, 125, 127, 123, - 124, 126, 128, 116, 0, 143, 144, 145, 146, 147, - 148, 149, 151, 152, 150, 153, 154, 155, 156, 157, - 158, 0, 159, 141, 135, 136, 140, 274, 273, 279, - 278, 0, 47, 48, 55, 0, 323, 321, 328, 0, - 325, 270, 142, 133, 310, 332, 0, 0, 0, 0, - 0, 334, 0, 0, 330, 333, 331, 0, 0, 339, - 340, 341, 342, 343, 0, 0, 0, 335, 0, 337, - 0, 336, 338 + 0, 0, 0, 25, 60, 256, 0, 73, 0, 0, + 0, 0, 270, 259, 0, 248, 0, 0, 264, 0, + 288, 0, 0, 0, 260, 0, 265, 26, 0, 0, + 0, 0, 289, 257, 0, 24, 0, 266, 271, 23, + 0, 0, 0, 0, 0, 267, 22, 0, 0, 0, + 258, 0, 0, 0, 0, 0, 58, 59, 325, 0, + 2, 0, 7, 0, 8, 0, 9, 10, 13, 11, + 12, 14, 20, 15, 16, 17, 18, 0, 0, 0, + 0, 240, 0, 241, 19, 0, 5, 64, 65, 66, + 0, 29, 139, 30, 31, 0, 27, 0, 214, 215, + 216, 217, 220, 218, 219, 221, 222, 223, 224, 225, + 209, 211, 212, 213, 166, 167, 168, 130, 164, 0, + 268, 249, 208, 105, 106, 107, 108, 112, 109, 110, + 111, 113, 0, 6, 67, 68, 263, 285, 250, 284, + 317, 61, 63, 172, 173, 174, 175, 176, 177, 178, + 179, 131, 170, 0, 62, 72, 315, 251, 252, 69, + 300, 301, 302, 303, 304, 305, 306, 297, 299, 141, + 30, 31, 141, 139, 70, 207, 205, 206, 201, 203, + 0, 0, 253, 100, 104, 101, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 226, 228, 0, 0, + 89, 90, 91, 0, 92, 93, 99, 94, 98, 95, + 96, 97, 82, 84, 0, 0, 88, 279, 311, 0, + 71, 310, 312, 308, 255, 1, 0, 4, 32, 57, + 322, 321, 242, 243, 244, 245, 296, 295, 294, 0, + 0, 81, 77, 78, 79, 80, 0, 74, 0, 138, + 0, 137, 200, 199, 195, 197, 0, 28, 210, 163, + 165, 269, 102, 0, 191, 192, 193, 194, 190, 0, + 0, 188, 189, 180, 182, 0, 0, 246, 262, 261, + 247, 283, 316, 169, 171, 314, 275, 274, 272, 0, + 298, 0, 143, 141, 141, 143, 141, 202, 204, 0, + 103, 227, 229, 323, 320, 318, 319, 87, 83, 85, + 86, 254, 0, 309, 307, 3, 21, 290, 291, 292, + 287, 293, 286, 329, 330, 0, 0, 0, 76, 75, + 140, 196, 198, 122, 121, 0, 119, 120, 0, 114, + 117, 118, 186, 187, 185, 181, 183, 184, 0, 142, + 133, 143, 143, 136, 143, 278, 0, 0, 280, 0, + 38, 39, 40, 56, 49, 51, 50, 53, 41, 42, + 43, 44, 52, 54, 45, 46, 33, 34, 37, 35, + 0, 36, 0, 0, 0, 0, 332, 0, 327, 0, + 115, 129, 125, 127, 123, 124, 126, 128, 116, 0, + 146, 147, 148, 149, 150, 151, 152, 154, 155, 153, + 156, 157, 158, 159, 160, 161, 0, 162, 144, 134, + 135, 132, 277, 276, 282, 281, 0, 47, 48, 55, + 0, 326, 324, 331, 0, 328, 273, 145, 313, 335, + 0, 0, 0, 0, 0, 337, 0, 0, 333, 336, + 334, 0, 0, 342, 343, 344, 345, 346, 0, 0, + 0, 338, 0, 340, 0, 339, 341 }; - /* YYPGOTO[NTERM-NUM]. */ +/* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -247, -247, -247, -48, -247, -247, -8, -51, -247, -247, - -247, -247, -247, -247, -247, -247, -247, -247, -247, -247, - -247, -247, -247, -247, -247, -247, 96, -247, -247, -247, - -247, -42, -247, -247, -247, -247, -247, -247, -108, -246, - -247, -247, 194, -247, -247, 163, -247, -247, -247, 50, - -247, -247, -247, -247, 71, -247, -247, -247, 140, -247, - -247, 303, -87, -247, -247, -247, -247, 127, -247, -247, - -247, -247, -247, -247, -247, -247, -247, -247, -247, -247, - -247, -247, -247, -247, 186, -247, -247, -247, -247, -247, - -247, 159, -247, -247, 107, -247, -247, 296, 60, -193, - -247, -247, -247, -247, 11, -247, -247, -53, -247, -247, - -247, -106, -247, -122, -247 + -280, -280, -280, -36, -280, -280, -9, -7, -280, -280, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + -280, -280, -280, -280, -280, -280, 69, -280, -280, -280, + -280, -45, -280, -280, -280, -280, -280, -280, 114, -157, + -279, -280, -280, 171, -280, -280, 142, -280, -280, -280, + 16, -280, -280, -280, -280, 68, -280, -280, -280, 123, + -280, -280, 278, -71, -280, -280, -280, -280, 106, -280, + -280, -280, -280, -280, -280, -280, -280, -280, -280, -280, + -280, -280, -280, -280, -280, 166, -280, -280, -280, -280, + -280, -280, 144, -280, -280, 87, -280, -280, 274, 37, + -196, -280, -280, -280, -280, -10, -280, -280, -59, -280, + -280, -280, -128, -280, -135, -280 }; - /* YYDEFGOTO[NTERM-NUM]. */ +/* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int16 yydefgoto[] = { - 0, 58, 59, 60, 61, 62, 137, 93, 94, 311, - 371, 372, 373, 374, 375, 376, 377, 63, 64, 65, - 66, 88, 244, 245, 67, 209, 210, 211, 212, 68, - 180, 128, 256, 333, 334, 335, 393, 69, 286, 344, - 413, 114, 115, 116, 148, 149, 150, 70, 267, 268, - 269, 270, 71, 248, 249, 250, 72, 175, 176, 177, - 73, 107, 108, 109, 110, 74, 193, 194, 195, 75, - 76, 77, 274, 78, 79, 118, 155, 282, 283, 179, - 418, 306, 353, 135, 136, 80, 81, 317, 236, 82, - 164, 165, 221, 217, 218, 219, 154, 138, 302, 229, - 213, 83, 84, 320, 321, 322, 380, 381, 437, 382, - 440, 441, 454, 455, 456 + 0, 59, 60, 61, 62, 63, 140, 96, 97, 316, + 376, 377, 378, 379, 380, 381, 382, 64, 65, 66, + 67, 89, 247, 248, 68, 212, 213, 214, 215, 69, + 183, 131, 262, 339, 340, 341, 398, 70, 251, 292, + 350, 418, 117, 118, 119, 151, 152, 153, 71, 273, + 274, 275, 276, 72, 254, 255, 256, 73, 178, 179, + 180, 74, 110, 111, 112, 113, 75, 196, 197, 198, + 76, 77, 78, 280, 79, 80, 121, 158, 288, 289, + 182, 423, 311, 358, 138, 139, 81, 82, 322, 239, + 83, 167, 168, 224, 220, 221, 222, 157, 141, 307, + 232, 216, 84, 85, 325, 326, 327, 385, 386, 441, + 387, 444, 445, 458, 459, 460 }; - /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule whose - number is the opposite. If YYTABLE_NINF, syntax error. */ +/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule whose + number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int16 yytable[] = { - 92, 214, 297, 386, 215, 181, 1, 422, 129, 312, - 378, 223, 272, 172, 351, 2, 89, 378, 90, 305, - 252, 3, 4, 5, 299, 246, 85, 233, 387, 327, - 6, 7, 252, 170, 157, 158, 8, 328, 9, 10, - 111, 329, 11, 347, 12, 349, 13, 14, 300, 86, - 234, 15, 273, 280, 225, 159, 226, 355, 238, 247, - 16, 289, 291, 318, 319, 17, 87, 356, 173, 227, - 427, 166, 18, 285, 19, 235, 340, 313, 439, 314, - 117, 330, 271, 239, 20, 21, 240, 22, 23, 444, - 352, 281, 24, 25, 290, 130, 26, 27, 160, 414, - 415, 228, 318, 319, 131, 28, 132, 357, 358, 133, - 139, 134, 388, 156, 331, 167, 91, 168, 152, 29, - 389, 30, 31, 171, 153, 178, 359, 32, 161, 423, - 276, 174, 120, 182, 91, 112, 121, 33, 295, 390, - 220, 113, 34, 276, 35, 222, 36, 360, 37, 38, - 224, 230, 231, 216, 254, 255, 361, 232, 362, 39, - 40, 41, 42, 43, 44, 45, 301, 237, 46, 251, - 433, 47, 278, 48, 363, 285, 241, 242, 315, 345, - 346, 279, 49, 243, 287, 332, 288, 294, 50, 51, - 52, 430, 53, 54, 293, 364, 365, 391, 122, 55, - 56, 392, 162, 316, 298, 169, 2, 304, 163, -6, - 57, 307, 3, 4, 5, 91, 449, 450, 451, 452, - 453, 6, 7, 309, 310, 323, 457, 8, 324, 9, - 10, 326, 336, 11, 366, 12, 367, 13, 14, 348, - 416, 337, 15, 338, 368, 442, 342, 123, 369, 370, - 447, 16, 343, 350, 354, 383, 17, 417, 124, 384, - 420, 125, 385, 18, 394, 19, 421, 462, 140, 141, - 142, 143, 424, 426, 431, 20, 21, 183, 22, 23, - 425, 429, 432, 24, 25, 126, 434, 26, 27, 436, - 438, 127, 443, 439, 446, 459, 28, 448, 460, 144, - 419, 145, 95, 146, 461, 303, 184, 96, 253, 147, - 29, 277, 30, 31, 97, 292, 119, 339, 32, 325, - 296, 275, 257, 284, 308, 185, 151, 428, 33, 186, - 341, 379, 458, 34, 445, 35, 0, 36, 0, 37, - 38, 449, 450, 451, 452, 453, 0, 0, 0, 0, - 39, 40, 41, 42, 43, 44, 45, 0, 0, 46, - 0, 0, 47, 0, 48, 0, 0, 258, 259, 260, - 261, 98, 0, 49, 0, 0, 0, 0, 0, 50, - 51, 52, 0, 53, 54, 0, 0, 2, 0, 0, - 55, 56, 0, 3, 4, 5, 0, 0, 0, 0, - -6, 57, 6, 7, 0, 99, 100, 187, 8, 0, - 9, 10, 0, 0, 11, 0, 12, 435, 13, 14, - 0, 0, 0, 15, 101, 0, 262, 0, 0, 102, - 0, 0, 16, 0, 0, 0, 0, 17, 0, 0, - 188, 189, 190, 191, 18, 0, 19, 0, 192, 0, - 0, 0, 0, 0, 0, 0, 20, 21, 0, 22, - 23, 103, 0, 0, 24, 25, 0, 0, 26, 27, - 0, 0, 263, 0, 0, 0, 0, 28, 0, 0, - 0, 0, 0, 0, 0, 104, 105, 106, 0, 0, - 0, 29, 264, 30, 31, 0, 0, 265, 266, 32, - 0, 0, 0, 0, 0, 0, 0, 0, 395, 33, - 0, 0, 0, 0, 34, 0, 35, 396, 36, 0, - 37, 38, 0, 0, 0, 0, 397, 0, 0, 0, - 0, 39, 40, 41, 42, 43, 44, 45, 0, 0, - 46, 0, 0, 47, 0, 48, 398, 0, 0, 399, - 0, 0, 0, 0, 49, 400, 0, 0, 0, 0, - 50, 51, 52, 0, 53, 54, 196, 0, 197, 198, - 0, 55, 56, 0, 0, 199, 0, 0, 200, 0, - 401, 0, 57, 0, 402, 403, 0, 0, 404, 405, - 406, 0, 407, 408, 409, 0, 410, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 201, 0, 0, + 95, 92, 302, 184, 218, 391, 175, 304, 132, 356, + 383, 1, 427, 317, 114, 295, 353, 236, 443, 310, + 2, 278, 160, 161, 226, 286, 3, 4, 5, 448, + 392, 305, 86, 173, 252, 6, 7, 230, 87, 258, + 237, 8, 9, 162, 10, 11, 217, 93, 12, 94, + 13, 258, 14, 15, 228, 333, 229, 16, 88, 186, + 120, 176, 279, 334, 287, 238, 17, 335, 253, 231, + 432, 18, 419, 420, 383, 421, 90, 133, 19, 346, + 20, 134, 318, 249, 319, 357, 91, 163, 142, 187, + 21, 22, 135, 23, 24, 323, 324, 277, 25, 26, + 136, 137, 27, 28, 159, 123, 155, 336, 188, 124, + 115, 29, 189, 156, 174, 393, 116, 164, 223, 181, + 323, 324, 185, 394, 177, 30, 91, 31, 32, 225, + 233, 169, 282, 33, 428, 241, 351, 352, 300, 354, + 337, 227, 395, 34, 240, 282, 234, 91, 35, 306, + 36, 235, 37, 219, 38, 39, 250, 257, 260, 261, + 242, 284, 285, 243, 291, 40, 41, 42, 43, 44, + 45, 46, 125, 293, 47, 294, 170, 48, 171, 49, + 298, 303, 299, 320, 309, 312, 314, 328, 50, 315, + 190, 165, 329, 435, 51, 52, 53, 166, 54, 55, + 396, 332, 342, 343, 397, 56, 57, 344, 321, 348, + 349, 338, 2, 355, 359, -6, 58, 388, 3, 4, + 5, 126, 389, 191, 192, 193, 194, 6, 7, 390, + 399, 195, 127, 8, 9, 128, 10, 11, 422, 425, + 12, 426, 13, 330, 14, 15, 446, 429, 430, 16, + 434, 451, 431, 244, 245, 436, 437, 440, 17, 129, + 246, 438, 443, 18, 450, 130, 172, 442, 466, 463, + 19, 452, 20, 447, 464, 465, 91, 143, 144, 145, + 146, 308, 21, 22, 263, 23, 24, 296, 259, 345, + 25, 26, 122, 283, 27, 28, 453, 454, 455, 456, + 457, 297, 301, 29, 281, 154, 461, 313, 147, 98, + 148, 290, 149, 347, 99, 384, 449, 30, 150, 31, + 32, 100, 331, 462, 0, 33, 433, 0, 0, 0, + 264, 265, 266, 267, 0, 34, 0, 0, 0, 0, + 35, 0, 36, 0, 37, 0, 38, 39, 0, 424, + 453, 454, 455, 456, 457, 0, 0, 40, 41, 42, + 43, 44, 45, 46, 0, 0, 47, 0, 0, 48, + 0, 49, 0, 0, 0, 0, 0, 0, 0, 101, + 50, 0, 0, 0, 0, 0, 51, 52, 53, 268, + 54, 55, 0, 0, 2, 0, 360, 56, 57, 0, + 3, 4, 5, 0, 0, 0, 361, -6, 58, 6, + 7, 0, 0, 102, 103, 8, 9, 0, 10, 11, + 0, 439, 12, 0, 13, 0, 14, 15, 0, 0, + 0, 16, 104, 0, 0, 269, 0, 105, 0, 0, + 17, 0, 0, 0, 0, 18, 0, 362, 363, 0, + 0, 0, 19, 0, 20, 270, 0, 0, 0, 0, + 271, 272, 0, 0, 21, 22, 364, 23, 24, 106, + 0, 0, 25, 26, 0, 0, 27, 28, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 365, 0, 0, + 0, 0, 0, 107, 108, 109, 366, 0, 367, 30, + 0, 31, 32, 0, 0, 0, 0, 33, 0, 0, + 0, 0, 0, 0, 368, 0, 0, 34, 0, 0, + 0, 0, 35, 0, 36, 0, 37, 0, 38, 39, + 0, 0, 0, 0, 0, 369, 370, 0, 0, 40, + 41, 42, 43, 44, 45, 46, 0, 0, 47, 0, + 0, 48, 0, 49, 0, 0, 0, 400, 0, 0, + 0, 0, 50, 0, 0, 0, 401, 0, 51, 52, + 53, 0, 54, 55, 371, 402, 372, 0, 0, 56, + 57, 0, 0, 0, 373, 0, 0, 0, 374, 375, + 58, 0, 0, 0, 199, 403, 200, 201, 404, 0, + 0, 0, 0, 202, 405, 0, 203, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 406, + 0, 0, 0, 407, 408, 0, 204, 409, 410, 411, + 0, 412, 413, 414, 0, 415, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 411, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 202, - 0, 203, 0, 0, 0, 0, 0, 204, 0, 205, - 0, 412, 0, 206, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 416, 0, 0, 205, 0, + 206, 0, 0, 0, 0, 0, 207, 0, 208, 0, + 0, 0, 209, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 207, 208 + 417, 0, 0, 0, 0, 0, 210, 211 }; static const yytype_int16 yycheck[] = { - 8, 52, 195, 4, 68, 47, 1, 68, 16, 5, - 160, 59, 22, 47, 69, 10, 74, 160, 76, 212, - 107, 16, 17, 18, 44, 146, 204, 38, 29, 33, - 25, 26, 119, 41, 7, 8, 31, 41, 33, 34, - 11, 45, 37, 289, 39, 291, 41, 42, 68, 68, - 61, 46, 62, 30, 62, 28, 64, 9, 32, 180, - 55, 169, 170, 206, 207, 60, 68, 19, 102, 36, - 220, 30, 67, 72, 69, 86, 269, 73, 209, 75, - 174, 85, 130, 57, 79, 80, 60, 82, 83, 220, - 145, 68, 87, 88, 93, 174, 91, 92, 71, 345, - 346, 68, 206, 207, 174, 100, 174, 59, 60, 174, - 68, 174, 113, 68, 118, 74, 174, 76, 174, 114, - 121, 116, 117, 68, 174, 174, 78, 122, 101, 190, - 138, 165, 23, 174, 174, 106, 27, 132, 180, 140, - 68, 112, 137, 151, 139, 0, 141, 99, 143, 144, - 204, 68, 174, 217, 68, 36, 108, 174, 110, 154, - 155, 156, 157, 158, 159, 160, 186, 219, 163, 174, - 416, 166, 68, 168, 126, 72, 150, 151, 174, 287, - 288, 174, 177, 157, 30, 189, 30, 216, 183, 184, - 185, 384, 187, 188, 68, 147, 148, 198, 89, 194, - 195, 202, 175, 199, 174, 164, 10, 68, 181, 204, - 205, 68, 16, 17, 18, 174, 210, 211, 212, 213, - 214, 25, 26, 68, 204, 68, 220, 31, 174, 33, - 34, 174, 174, 37, 186, 39, 188, 41, 42, 290, - 348, 174, 46, 68, 196, 438, 68, 138, 200, 201, - 443, 55, 68, 174, 40, 204, 60, 30, 149, 216, - 68, 152, 174, 67, 215, 69, 68, 460, 63, 64, - 65, 66, 174, 204, 68, 79, 80, 6, 82, 83, - 216, 219, 56, 87, 88, 176, 218, 91, 92, 208, - 216, 182, 216, 209, 204, 204, 100, 219, 216, 94, - 351, 96, 8, 98, 204, 209, 35, 13, 114, 104, - 114, 148, 116, 117, 20, 175, 13, 267, 122, 248, - 193, 135, 3, 164, 217, 54, 30, 380, 132, 58, - 270, 320, 454, 137, 440, 139, -1, 141, -1, 143, - 144, 210, 211, 212, 213, 214, -1, -1, -1, -1, - 154, 155, 156, 157, 158, 159, 160, -1, -1, 163, - -1, -1, 166, -1, 168, -1, -1, 48, 49, 50, - 51, 77, -1, 177, -1, -1, -1, -1, -1, 183, - 184, 185, -1, 187, 188, -1, -1, 10, -1, -1, - 194, 195, -1, 16, 17, 18, -1, -1, -1, -1, - 204, 205, 25, 26, -1, 111, 112, 136, 31, -1, - 33, 34, -1, -1, 37, -1, 39, 425, 41, 42, - -1, -1, -1, 46, 130, -1, 107, -1, -1, 135, - -1, -1, 55, -1, -1, -1, -1, 60, -1, -1, - 169, 170, 171, 172, 67, -1, 69, -1, 177, -1, - -1, -1, -1, -1, -1, -1, 79, 80, -1, 82, - 83, 167, -1, -1, 87, 88, -1, -1, 91, 92, - -1, -1, 153, -1, -1, -1, -1, 100, -1, -1, - -1, -1, -1, -1, -1, 191, 192, 193, -1, -1, - -1, 114, 173, 116, 117, -1, -1, 178, 179, 122, - -1, -1, -1, -1, -1, -1, -1, -1, 43, 132, - -1, -1, -1, -1, 137, -1, 139, 52, 141, -1, - 143, 144, -1, -1, -1, -1, 61, -1, -1, -1, - -1, 154, 155, 156, 157, 158, 159, 160, -1, -1, - 163, -1, -1, 166, -1, 168, 81, -1, -1, 84, - -1, -1, -1, -1, 177, 90, -1, -1, -1, -1, - 183, 184, 185, -1, 187, 188, 12, -1, 14, 15, - -1, 194, 195, -1, -1, 21, -1, -1, 24, -1, - 115, -1, 205, -1, 119, 120, -1, -1, 123, 124, - 125, -1, 127, 128, 129, -1, 131, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 53, -1, -1, + 9, 8, 198, 48, 69, 4, 48, 45, 17, 70, + 161, 1, 69, 5, 11, 172, 295, 39, 210, 215, + 10, 22, 7, 8, 60, 30, 16, 17, 18, 221, + 29, 69, 205, 42, 147, 25, 26, 37, 69, 110, + 62, 31, 32, 28, 34, 35, 53, 75, 38, 77, + 40, 122, 42, 43, 63, 34, 65, 47, 69, 6, + 175, 103, 63, 42, 69, 87, 56, 46, 181, 69, + 221, 61, 351, 352, 161, 354, 165, 175, 68, 275, + 70, 175, 74, 90, 76, 146, 175, 72, 69, 36, + 80, 81, 175, 83, 84, 207, 208, 133, 88, 89, + 175, 175, 92, 93, 69, 23, 175, 86, 55, 27, + 107, 101, 59, 175, 69, 114, 113, 102, 69, 175, + 207, 208, 175, 122, 166, 115, 175, 117, 118, 0, + 69, 30, 141, 123, 191, 33, 293, 294, 183, 296, + 119, 205, 141, 133, 220, 154, 175, 175, 138, 187, + 140, 175, 142, 218, 144, 145, 94, 175, 69, 37, + 58, 69, 175, 61, 73, 155, 156, 157, 158, 159, + 160, 161, 90, 30, 164, 30, 75, 167, 77, 169, + 69, 175, 217, 175, 69, 69, 69, 69, 178, 205, + 137, 176, 175, 389, 184, 185, 186, 182, 188, 189, + 199, 175, 175, 175, 203, 195, 196, 69, 200, 69, + 69, 190, 10, 175, 41, 205, 206, 205, 16, 17, + 18, 139, 217, 170, 171, 172, 173, 25, 26, 175, + 216, 178, 150, 31, 32, 153, 34, 35, 30, 69, + 38, 69, 40, 250, 42, 43, 442, 175, 217, 47, + 220, 447, 205, 151, 152, 69, 57, 209, 56, 177, + 158, 219, 210, 61, 205, 183, 165, 217, 464, 205, + 68, 220, 70, 217, 217, 205, 175, 64, 65, 66, + 67, 212, 80, 81, 3, 83, 84, 173, 117, 273, + 88, 89, 14, 151, 92, 93, 211, 212, 213, 214, + 215, 178, 196, 101, 138, 31, 221, 220, 95, 8, + 97, 167, 99, 276, 13, 325, 444, 115, 105, 117, + 118, 20, 254, 458, -1, 123, 385, -1, -1, -1, + 49, 50, 51, 52, -1, 133, -1, -1, -1, -1, + 138, -1, 140, -1, 142, -1, 144, 145, -1, 356, + 211, 212, 213, 214, 215, -1, -1, 155, 156, 157, + 158, 159, 160, 161, -1, -1, 164, -1, -1, 167, + -1, 169, -1, -1, -1, -1, -1, -1, -1, 78, + 178, -1, -1, -1, -1, -1, 184, 185, 186, 108, + 188, 189, -1, -1, 10, -1, 9, 195, 196, -1, + 16, 17, 18, -1, -1, -1, 19, 205, 206, 25, + 26, -1, -1, 112, 113, 31, 32, -1, 34, 35, + -1, 430, 38, -1, 40, -1, 42, 43, -1, -1, + -1, 47, 131, -1, -1, 154, -1, 136, -1, -1, + 56, -1, -1, -1, -1, 61, -1, 60, 61, -1, + -1, -1, 68, -1, 70, 174, -1, -1, -1, -1, + 179, 180, -1, -1, 80, 81, 79, 83, 84, 168, + -1, -1, 88, 89, -1, -1, 92, 93, -1, -1, + -1, -1, -1, -1, -1, 101, -1, 100, -1, -1, + -1, -1, -1, 192, 193, 194, 109, -1, 111, 115, + -1, 117, 118, -1, -1, -1, -1, 123, -1, -1, + -1, -1, -1, -1, 127, -1, -1, 133, -1, -1, + -1, -1, 138, -1, 140, -1, 142, -1, 144, 145, + -1, -1, -1, -1, -1, 148, 149, -1, -1, 155, + 156, 157, 158, 159, 160, 161, -1, -1, 164, -1, + -1, 167, -1, 169, -1, -1, -1, 44, -1, -1, + -1, -1, 178, -1, -1, -1, 53, -1, 184, 185, + 186, -1, 188, 189, 187, 62, 189, -1, -1, 195, + 196, -1, -1, -1, 197, -1, -1, -1, 201, 202, + 206, -1, -1, -1, 12, 82, 14, 15, 85, -1, + -1, -1, -1, 21, 91, -1, 24, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 161, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, + -1, -1, -1, 120, 121, -1, 54, 124, 125, 126, + -1, 128, 129, 130, -1, 132, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 95, - -1, 97, -1, -1, -1, -1, -1, 103, -1, 105, - -1, 196, -1, 109, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 133, 134 + -1, -1, -1, -1, -1, 162, -1, -1, 96, -1, + 98, -1, -1, -1, -1, -1, 104, -1, 106, -1, + -1, -1, 110, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 197, -1, -1, -1, -1, -1, 134, 135 }; - /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ +/* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of + state STATE-NUM. */ static const yytype_int16 yystos[] = { - 0, 1, 10, 16, 17, 18, 25, 26, 31, 33, - 34, 37, 39, 41, 42, 46, 55, 60, 67, 69, - 79, 80, 82, 83, 87, 88, 91, 92, 100, 114, - 116, 117, 122, 132, 137, 139, 141, 143, 144, 154, - 155, 156, 157, 158, 159, 160, 163, 166, 168, 177, - 183, 184, 185, 187, 188, 194, 195, 205, 222, 223, - 224, 225, 226, 238, 239, 240, 241, 245, 250, 258, - 268, 273, 277, 281, 286, 290, 291, 292, 294, 295, - 306, 307, 310, 322, 323, 204, 68, 68, 242, 74, - 76, 174, 227, 228, 229, 8, 13, 20, 77, 111, - 112, 130, 135, 167, 191, 192, 193, 282, 283, 284, - 285, 11, 106, 112, 262, 263, 264, 174, 296, 282, - 23, 27, 89, 138, 149, 152, 176, 182, 252, 227, - 174, 174, 174, 174, 174, 304, 305, 227, 318, 68, - 63, 64, 65, 66, 94, 96, 98, 104, 265, 266, - 267, 318, 174, 174, 317, 297, 68, 7, 8, 28, - 71, 101, 175, 181, 311, 312, 30, 74, 76, 164, - 227, 68, 47, 102, 165, 278, 279, 280, 174, 300, - 251, 252, 174, 6, 35, 54, 58, 136, 169, 170, - 171, 172, 177, 287, 288, 289, 12, 14, 15, 21, - 24, 53, 95, 97, 103, 105, 109, 133, 134, 246, - 247, 248, 249, 321, 228, 68, 217, 314, 315, 316, - 68, 313, 0, 224, 204, 227, 227, 36, 68, 320, - 68, 174, 174, 38, 61, 86, 309, 219, 32, 57, - 60, 150, 151, 157, 243, 244, 146, 180, 274, 275, - 276, 174, 283, 263, 68, 36, 253, 3, 48, 49, - 50, 51, 107, 153, 173, 178, 179, 269, 270, 271, - 272, 224, 22, 62, 293, 305, 227, 266, 68, 174, - 30, 68, 298, 299, 312, 72, 259, 30, 30, 259, - 93, 259, 279, 68, 216, 252, 288, 320, 174, 44, - 68, 186, 319, 247, 68, 320, 302, 68, 315, 68, - 204, 230, 5, 73, 75, 174, 199, 308, 206, 207, - 324, 325, 326, 68, 174, 275, 174, 33, 41, 45, - 85, 118, 189, 254, 255, 256, 174, 174, 68, 270, - 320, 319, 68, 68, 260, 259, 259, 260, 228, 260, - 174, 69, 145, 303, 40, 9, 19, 59, 60, 78, - 99, 108, 110, 126, 147, 148, 186, 188, 196, 200, - 201, 231, 232, 233, 234, 235, 236, 237, 160, 325, - 327, 328, 330, 204, 216, 174, 4, 29, 113, 121, - 140, 198, 202, 257, 215, 43, 52, 61, 81, 84, - 90, 115, 119, 120, 123, 124, 125, 127, 128, 129, - 131, 161, 196, 261, 260, 260, 259, 30, 301, 228, - 68, 68, 68, 190, 174, 216, 204, 220, 328, 219, - 320, 68, 56, 260, 218, 227, 208, 329, 216, 209, - 331, 332, 320, 216, 220, 332, 204, 320, 219, 210, - 211, 212, 213, 214, 333, 334, 335, 220, 334, 204, - 216, 204, 320 + 0, 1, 10, 16, 17, 18, 25, 26, 31, 32, + 34, 35, 38, 40, 42, 43, 47, 56, 61, 68, + 70, 80, 81, 83, 84, 88, 89, 92, 93, 101, + 115, 117, 118, 123, 133, 138, 140, 142, 144, 145, + 155, 156, 157, 158, 159, 160, 161, 164, 167, 169, + 178, 184, 185, 186, 188, 189, 195, 196, 206, 223, + 224, 225, 226, 227, 239, 240, 241, 242, 246, 251, + 259, 270, 275, 279, 283, 288, 292, 293, 294, 296, + 297, 308, 309, 312, 324, 325, 205, 69, 69, 243, + 165, 175, 229, 75, 77, 228, 229, 230, 8, 13, + 20, 78, 112, 113, 131, 136, 168, 192, 193, 194, + 284, 285, 286, 287, 11, 107, 113, 264, 265, 266, + 175, 298, 284, 23, 27, 90, 139, 150, 153, 177, + 183, 253, 228, 175, 175, 175, 175, 175, 306, 307, + 228, 320, 69, 64, 65, 66, 67, 95, 97, 99, + 105, 267, 268, 269, 320, 175, 175, 319, 299, 69, + 7, 8, 28, 72, 102, 176, 182, 313, 314, 30, + 75, 77, 165, 228, 69, 48, 103, 166, 280, 281, + 282, 175, 302, 252, 253, 175, 6, 36, 55, 59, + 137, 170, 171, 172, 173, 178, 289, 290, 291, 12, + 14, 15, 21, 24, 54, 96, 98, 104, 106, 110, + 134, 135, 247, 248, 249, 250, 323, 229, 69, 218, + 316, 317, 318, 69, 315, 0, 225, 205, 228, 228, + 37, 69, 322, 69, 175, 175, 39, 62, 87, 311, + 220, 33, 58, 61, 151, 152, 158, 244, 245, 229, + 94, 260, 147, 181, 276, 277, 278, 175, 285, 265, + 69, 37, 254, 3, 49, 50, 51, 52, 108, 154, + 174, 179, 180, 271, 272, 273, 274, 225, 22, 63, + 295, 307, 228, 268, 69, 175, 30, 69, 300, 301, + 314, 73, 261, 30, 30, 261, 260, 281, 69, 217, + 253, 290, 322, 175, 45, 69, 187, 321, 248, 69, + 322, 304, 69, 317, 69, 205, 231, 5, 74, 76, + 175, 200, 310, 207, 208, 326, 327, 328, 69, 175, + 229, 277, 175, 34, 42, 46, 86, 119, 190, 255, + 256, 257, 175, 175, 69, 272, 322, 321, 69, 69, + 262, 261, 261, 262, 261, 175, 70, 146, 305, 41, + 9, 19, 60, 61, 79, 100, 109, 111, 127, 148, + 149, 187, 189, 197, 201, 202, 232, 233, 234, 235, + 236, 237, 238, 161, 327, 329, 330, 332, 205, 217, + 175, 4, 29, 114, 122, 141, 199, 203, 258, 216, + 44, 53, 62, 82, 85, 91, 116, 120, 121, 124, + 125, 126, 128, 129, 130, 132, 162, 197, 263, 262, + 262, 262, 30, 303, 229, 69, 69, 69, 191, 175, + 217, 205, 221, 330, 220, 322, 69, 57, 219, 228, + 209, 331, 217, 210, 333, 334, 322, 217, 221, 334, + 205, 322, 220, 211, 212, 213, 214, 215, 335, 336, + 337, 221, 336, 205, 217, 205, 322 }; - /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +/* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ static const yytype_int16 yyr1[] = { - 0, 221, 222, 223, 223, 223, 224, 224, 224, 224, - 224, 224, 224, 224, 224, 224, 224, 224, 224, 224, - 224, 225, 226, 226, 226, 226, 226, 227, 227, 228, - 229, 229, 230, 230, 231, 231, 231, 232, 233, 233, - 233, 233, 233, 233, 233, 233, 233, 234, 234, 235, - 235, 235, 235, 235, 235, 236, 237, 238, 239, 239, - 240, 240, 240, 240, 241, 241, 241, 241, 241, 241, - 241, 241, 241, 242, 242, 243, 243, 244, 244, 244, - 244, 244, 245, 246, 246, 247, 247, 247, 247, 248, - 248, 248, 248, 248, 248, 248, 248, 248, 249, 249, - 250, 250, 250, 251, 251, 252, 252, 252, 252, 252, - 252, 252, 252, 253, 253, 254, 254, 254, 254, 255, - 255, 256, 256, 257, 257, 257, 257, 257, 257, 257, - 258, 258, 258, 258, 258, 258, 258, 258, 259, 259, - 260, 260, 260, 261, 261, 261, 261, 261, 261, 261, - 261, 261, 261, 261, 261, 261, 261, 261, 261, 261, - 262, 262, 263, 264, 264, 264, 265, 265, 266, 267, - 267, 267, 267, 267, 267, 267, 267, 268, 269, 269, - 270, 270, 270, 270, 270, 271, 271, 271, 272, 272, - 272, 272, 273, 274, 274, 275, 276, 276, 277, 278, - 278, 279, 280, 280, 280, 281, 281, 282, 282, 283, - 283, 284, 284, 284, 284, 284, 284, 285, 285, 285, - 285, 285, 285, 286, 287, 287, 288, 289, 289, 289, - 289, 289, 289, 289, 289, 289, 289, 290, 290, 290, - 290, 290, 290, 290, 290, 290, 290, 290, 290, 290, - 290, 290, 290, 291, 291, 291, 292, 292, 293, 293, - 293, 294, 295, 295, 295, 296, 296, 296, 297, 297, - 298, 299, 299, 300, 301, 301, 302, 302, 303, 303, - 304, 304, 305, 306, 306, 307, 307, 308, 308, 308, - 308, 309, 309, 309, 310, 311, 311, 312, 312, 312, - 312, 312, 312, 312, 313, 313, 314, 314, 315, 315, - 316, 317, 317, 318, 318, 319, 319, 319, 320, 320, - 321, 322, 323, 324, 324, 325, 326, 326, 327, 327, - 328, 329, 330, 331, 331, 332, 333, 333, 334, 335, - 335, 335, 335, 335 + 0, 222, 223, 224, 224, 224, 225, 225, 225, 225, + 225, 225, 225, 225, 225, 225, 225, 225, 225, 225, + 225, 226, 227, 227, 227, 227, 227, 228, 228, 229, + 230, 230, 231, 231, 232, 232, 232, 233, 234, 234, + 234, 234, 234, 234, 234, 234, 234, 235, 235, 236, + 236, 236, 236, 236, 236, 237, 238, 239, 240, 240, + 241, 241, 241, 241, 242, 242, 242, 242, 242, 242, + 242, 242, 242, 243, 243, 244, 244, 245, 245, 245, + 245, 245, 246, 247, 247, 248, 248, 248, 248, 249, + 249, 249, 249, 249, 249, 249, 249, 249, 250, 250, + 251, 251, 251, 252, 252, 253, 253, 253, 253, 253, + 253, 253, 253, 254, 254, 255, 255, 255, 255, 256, + 256, 257, 257, 258, 258, 258, 258, 258, 258, 258, + 259, 259, 259, 259, 259, 259, 259, 259, 259, 260, + 260, 261, 261, 262, 262, 262, 263, 263, 263, 263, + 263, 263, 263, 263, 263, 263, 263, 263, 263, 263, + 263, 263, 263, 264, 264, 265, 266, 266, 266, 267, + 267, 268, 269, 269, 269, 269, 269, 269, 269, 269, + 270, 271, 271, 272, 272, 272, 272, 272, 273, 273, + 273, 274, 274, 274, 274, 275, 276, 276, 277, 278, + 278, 279, 280, 280, 281, 282, 282, 282, 283, 283, + 284, 284, 285, 285, 286, 286, 286, 286, 286, 286, + 287, 287, 287, 287, 287, 287, 288, 289, 289, 290, + 291, 291, 291, 291, 291, 291, 291, 291, 291, 291, + 292, 292, 292, 292, 292, 292, 292, 292, 292, 292, + 292, 292, 292, 292, 292, 292, 293, 293, 293, 294, + 294, 295, 295, 295, 296, 297, 297, 297, 298, 298, + 298, 299, 299, 300, 301, 301, 302, 303, 303, 304, + 304, 305, 305, 306, 306, 307, 308, 308, 309, 309, + 310, 310, 310, 310, 311, 311, 311, 312, 313, 313, + 314, 314, 314, 314, 314, 314, 314, 315, 315, 316, + 316, 317, 317, 318, 319, 319, 320, 320, 321, 321, + 321, 322, 322, 323, 324, 325, 326, 326, 327, 328, + 328, 329, 329, 330, 331, 332, 333, 333, 334, 335, + 335, 336, 337, 337, 337, 337, 337 }; - /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ +/* YYR2[RULE-NUM] -- Number of symbols on the right-hand side of rule RULE-NUM. */ static const yytype_int8 yyr2[] = { 0, 2, 1, 3, 2, 2, 0, 1, 1, 1, @@ -1932,28 +1920,28 @@ static const yytype_int8 yyr2[] = 2, 2, 3, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 2, 4, 6, 4, 5, 5, 4, 0, 2, - 0, 2, 3, 1, 1, 1, 1, 1, 1, 1, + 2, 2, 5, 4, 5, 5, 4, 3, 3, 0, + 2, 0, 2, 0, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 2, 1, 2, 1, 1, 1, 2, 1, 2, 1, - 1, 1, 1, 1, 1, 1, 1, 3, 2, 1, - 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, - 1, 1, 3, 2, 1, 2, 1, 1, 2, 2, - 1, 2, 1, 1, 1, 2, 2, 2, 1, 1, + 1, 1, 1, 2, 1, 2, 1, 1, 1, 2, + 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, + 3, 2, 1, 2, 2, 2, 2, 2, 1, 1, + 1, 1, 1, 1, 1, 3, 2, 1, 2, 1, + 1, 2, 2, 1, 2, 1, 1, 1, 2, 2, + 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 2, 2, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 2, 2, 1, 2, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, - 2, 2, 2, 3, 3, 1, 2, 2, 2, 2, - 2, 3, 2, 1, 1, 1, 1, 1, 1, 1, - 0, 1, 1, 1, 1, 1, 2, 0, 0, 2, - 4, 1, 1, 4, 1, 0, 0, 2, 2, 2, - 2, 1, 1, 3, 3, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 2, 1, 1, 1, 1, - 1, 1, 1, 1, 2, 1, 2, 1, 1, 1, - 5, 2, 1, 2, 1, 1, 1, 1, 1, 1, - 2, 5, 1, 3, 2, 3, 1, 1, 2, 1, - 5, 4, 3, 2, 1, 6, 3, 2, 3, 1, - 1, 1, 1, 1 + 1, 1, 2, 2, 2, 2, 3, 3, 1, 2, + 2, 2, 2, 2, 3, 2, 1, 1, 1, 1, + 1, 1, 1, 0, 1, 1, 1, 1, 1, 2, + 0, 0, 2, 4, 1, 1, 4, 1, 0, 0, + 2, 2, 2, 2, 1, 1, 3, 3, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 2, 2, 1, + 1, 1, 1, 1, 1, 1, 1, 2, 1, 2, + 1, 1, 1, 5, 2, 1, 2, 1, 1, 1, + 1, 1, 1, 2, 5, 1, 3, 2, 3, 1, + 1, 2, 1, 5, 4, 3, 2, 1, 6, 3, + 2, 3, 1, 1, 1, 1, 1 }; @@ -1965,6 +1953,7 @@ enum { YYENOMEM = -2 }; #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab +#define YYNOMEM goto yyexhaustedlab #define YYRECOVERING() (!!yyerrstatus) @@ -2005,10 +1994,7 @@ do { \ YYFPRINTF Args; \ } while (0) -/* This macro is provided for backward compatibility. */ -# ifndef YY_LOCATION_PRINT -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif + # define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ @@ -2035,10 +2021,6 @@ yy_symbol_value_print (FILE *yyo, YY_USE (yyoutput); if (!yyvaluep) return; -# ifdef YYPRINT - if (yykind < YYNTOKENS) - YYPRINT (yyo, yytoknum[yykind], *yyvaluep); -# endif YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN YY_USE (yykind); YY_IGNORE_MAYBE_UNINITIALIZED_END @@ -2223,6 +2205,7 @@ yyparse (void) YYDPRINTF ((stderr, "Starting parse\n")); yychar = YYEMPTY; /* Cause a token to be read. */ + goto yysetstate; @@ -2248,7 +2231,7 @@ yysetstate: if (yyss + yystacksize - 1 <= yyssp) #if !defined yyoverflow && !defined YYSTACK_RELOCATE - goto yyexhaustedlab; + YYNOMEM; #else { /* Get the current used size of the three stacks, in elements. */ @@ -2276,7 +2259,7 @@ yysetstate: # else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + YYNOMEM; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; @@ -2287,7 +2270,7 @@ yysetstate: YY_CAST (union yyalloc *, YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); if (! yyptr) - goto yyexhaustedlab; + YYNOMEM; YYSTACK_RELOCATE (yyss_alloc, yyss); YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE @@ -2309,6 +2292,7 @@ yysetstate: } #endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ + if (yystate == YYFINAL) YYACCEPT; @@ -2421,7 +2405,7 @@ yyreduce: switch (yyn) { case 5: /* command_list: error T_EOC */ -#line 404 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 406 "../../ntpd/ntp_parser.y" { /* I will need to incorporate much more fine grained * error messages. The following should suffice for @@ -2434,85 +2418,85 @@ yyreduce: ip_ctx->errpos.nline, ip_ctx->errpos.ncol); } -#line 2438 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2422 "ntp_parser.c" break; case 21: /* server_command: client_type address option_list */ -#line 441 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 443 "../../ntpd/ntp_parser.y" { peer_node *my_node; my_node = create_peer_node((yyvsp[-2].Integer), (yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.peers, my_node); } -#line 2449 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2433 "ntp_parser.c" break; case 28: /* address: address_fam T_String */ -#line 460 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 462 "../../ntpd/ntp_parser.y" { (yyval.Address_node) = create_address_node((yyvsp[0].String), (yyvsp[-1].Integer)); } -#line 2455 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2439 "ntp_parser.c" break; case 29: /* ip_address: T_String */ -#line 465 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 467 "../../ntpd/ntp_parser.y" { (yyval.Address_node) = create_address_node((yyvsp[0].String), AF_UNSPEC); } -#line 2461 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2445 "ntp_parser.c" break; case 30: /* address_fam: T_Ipv4_flag */ -#line 470 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 472 "../../ntpd/ntp_parser.y" { (yyval.Integer) = AF_INET; } -#line 2467 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2451 "ntp_parser.c" break; case 31: /* address_fam: T_Ipv6_flag */ -#line 472 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 474 "../../ntpd/ntp_parser.y" { (yyval.Integer) = AF_INET6; } -#line 2473 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2457 "ntp_parser.c" break; case 32: /* option_list: %empty */ -#line 477 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 479 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; } -#line 2479 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2463 "ntp_parser.c" break; case 33: /* option_list: option_list option */ -#line 479 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 481 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2488 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2472 "ntp_parser.c" break; case 37: /* option_flag: option_flag_keyword */ -#line 493 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 495 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } -#line 2494 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2478 "ntp_parser.c" break; case 47: /* option_int: option_int_keyword T_Integer */ -#line 510 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 512 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2500 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2484 "ntp_parser.c" break; case 48: /* option_int: option_int_keyword T_U_int */ -#line 512 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 514 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_uval((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2506 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2490 "ntp_parser.c" break; case 55: /* option_str: option_str_keyword T_String */ -#line 526 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 528 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 2512 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2496 "ntp_parser.c" break; case 57: /* unpeer_command: unpeer_keyword address */ -#line 540 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 542 "../../ntpd/ntp_parser.y" { unpeer_node *my_node; @@ -2520,85 +2504,85 @@ yyreduce: if (my_node) APPEND_G_FIFO(cfgt.unpeers, my_node); } -#line 2524 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2508 "ntp_parser.c" break; case 60: /* other_mode_command: T_Broadcastclient */ -#line 561 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 563 "../../ntpd/ntp_parser.y" { cfgt.broadcastclient = 1; } -#line 2530 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2514 "ntp_parser.c" break; case 61: /* other_mode_command: T_Manycastserver address_list */ -#line 563 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 565 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.manycastserver, (yyvsp[0].Address_fifo)); } -#line 2536 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2520 "ntp_parser.c" break; case 62: /* other_mode_command: T_Multicastclient address_list */ -#line 565 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 567 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.multicastclient, (yyvsp[0].Address_fifo)); } -#line 2542 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2526 "ntp_parser.c" break; case 63: /* other_mode_command: T_Mdnstries T_Integer */ -#line 567 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 569 "../../ntpd/ntp_parser.y" { cfgt.mdnstries = (yyvsp[0].Integer); } -#line 2548 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2532 "ntp_parser.c" break; case 64: /* authentication_command: T_Automax T_Integer */ -#line 578 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 580 "../../ntpd/ntp_parser.y" { attr_val *atrv; atrv = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); APPEND_G_FIFO(cfgt.vars, atrv); } -#line 2559 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2543 "ntp_parser.c" break; case 65: /* authentication_command: T_ControlKey T_Integer */ -#line 585 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 587 "../../ntpd/ntp_parser.y" { cfgt.auth.control_key = (yyvsp[0].Integer); } -#line 2565 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2549 "ntp_parser.c" break; case 66: /* authentication_command: T_Crypto crypto_command_list */ -#line 587 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 589 "../../ntpd/ntp_parser.y" { cfgt.auth.cryptosw++; CONCAT_G_FIFOS(cfgt.auth.crypto_cmd_list, (yyvsp[0].Attr_val_fifo)); } -#line 2574 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2558 "ntp_parser.c" break; case 67: /* authentication_command: T_Keys T_String */ -#line 592 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 594 "../../ntpd/ntp_parser.y" { cfgt.auth.keys = (yyvsp[0].String); } -#line 2580 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2564 "ntp_parser.c" break; case 68: /* authentication_command: T_Keysdir T_String */ -#line 594 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 596 "../../ntpd/ntp_parser.y" { cfgt.auth.keysdir = (yyvsp[0].String); } -#line 2586 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2570 "ntp_parser.c" break; case 69: /* authentication_command: T_Requestkey T_Integer */ -#line 596 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 598 "../../ntpd/ntp_parser.y" { cfgt.auth.request_key = (yyvsp[0].Integer); } -#line 2592 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2576 "ntp_parser.c" break; case 70: /* authentication_command: T_Revoke T_Integer */ -#line 598 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 600 "../../ntpd/ntp_parser.y" { cfgt.auth.revoke = (yyvsp[0].Integer); } -#line 2598 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2582 "ntp_parser.c" break; case 71: /* authentication_command: T_Trustedkey integer_list_range */ -#line 600 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 602 "../../ntpd/ntp_parser.y" { /* [Bug 948] leaves it open if appending or * replacing the trusted key list is the right @@ -2608,38 +2592,38 @@ yyreduce: DESTROY_G_FIFO(cfgt.auth.trusted_key_list, destroy_attr_val); /* remove for append */ CONCAT_G_FIFOS(cfgt.auth.trusted_key_list, (yyvsp[0].Attr_val_fifo)); } -#line 2612 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2596 "ntp_parser.c" break; case 72: /* authentication_command: T_NtpSignDsocket T_String */ -#line 610 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 612 "../../ntpd/ntp_parser.y" { cfgt.auth.ntp_signd_socket = (yyvsp[0].String); } -#line 2618 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2602 "ntp_parser.c" break; case 73: /* crypto_command_list: %empty */ -#line 615 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 617 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; } -#line 2624 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2608 "ntp_parser.c" break; case 74: /* crypto_command_list: crypto_command_list crypto_command */ -#line 617 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 619 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2633 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2617 "ntp_parser.c" break; case 75: /* crypto_command: crypto_str_keyword T_String */ -#line 625 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 627 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 2639 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2623 "ntp_parser.c" break; case 76: /* crypto_command: T_Revoke T_Integer */ -#line 627 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 629 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = NULL; cfgt.auth.revoke = (yyvsp[0].Integer); @@ -2648,65 +2632,65 @@ yyreduce: "please use 'revoke %d' instead.", cfgt.auth.revoke, cfgt.auth.revoke); } -#line 2652 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2636 "ntp_parser.c" break; case 82: /* orphan_mode_command: T_Tos tos_option_list */ -#line 652 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 654 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.orphan_cmds, (yyvsp[0].Attr_val_fifo)); } -#line 2658 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2642 "ntp_parser.c" break; case 83: /* tos_option_list: tos_option_list tos_option */ -#line 657 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 659 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2667 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2651 "ntp_parser.c" break; case 84: /* tos_option_list: tos_option */ -#line 662 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 664 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2676 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2660 "ntp_parser.c" break; case 85: /* tos_option: tos_option_int_keyword T_Integer */ -#line 670 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 672 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (double)(yyvsp[0].Integer)); } -#line 2682 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2666 "ntp_parser.c" break; case 86: /* tos_option: tos_option_dbl_keyword number */ -#line 672 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 674 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } -#line 2688 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2672 "ntp_parser.c" break; case 87: /* tos_option: T_Cohort boolean */ -#line 674 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 676 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (double)(yyvsp[0].Integer)); } -#line 2694 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2678 "ntp_parser.c" break; case 88: /* tos_option: basedate */ -#line 676 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 678 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival(T_Basedate, (yyvsp[0].Integer)); } -#line 2700 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2684 "ntp_parser.c" break; case 100: /* monitoring_command: T_Statistics stats_list */ -#line 703 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 705 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.stats_list, (yyvsp[0].Int_fifo)); } -#line 2706 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2690 "ntp_parser.c" break; case 101: /* monitoring_command: T_Statsdir T_String */ -#line 705 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 707 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { cfgt.stats_dir = (yyvsp[0].String); @@ -2715,55 +2699,55 @@ yyreduce: yyerror("statsdir remote configuration ignored"); } } -#line 2719 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2703 "ntp_parser.c" break; case 102: /* monitoring_command: T_Filegen stat filegen_option_list */ -#line 714 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 716 "../../ntpd/ntp_parser.y" { filegen_node *fgn; fgn = create_filegen_node((yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.filegen_opts, fgn); } -#line 2730 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2714 "ntp_parser.c" break; case 103: /* stats_list: stats_list stat */ -#line 724 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 726 "../../ntpd/ntp_parser.y" { (yyval.Int_fifo) = (yyvsp[-1].Int_fifo); APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 2739 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2723 "ntp_parser.c" break; case 104: /* stats_list: stat */ -#line 729 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 731 "../../ntpd/ntp_parser.y" { (yyval.Int_fifo) = NULL; APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 2748 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2732 "ntp_parser.c" break; case 113: /* filegen_option_list: %empty */ -#line 748 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 750 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; } -#line 2754 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2738 "ntp_parser.c" break; case 114: /* filegen_option_list: filegen_option_list filegen_option */ -#line 750 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 752 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2763 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2747 "ntp_parser.c" break; case 115: /* filegen_option: T_File T_String */ -#line 758 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 760 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); @@ -2773,11 +2757,11 @@ yyreduce: yyerror("filegen file remote config ignored"); } } -#line 2777 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2761 "ntp_parser.c" break; case 116: /* filegen_option: T_Type filegen_type */ -#line 768 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 770 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); @@ -2786,11 +2770,11 @@ yyreduce: yyerror("filegen type remote config ignored"); } } -#line 2790 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2774 "ntp_parser.c" break; case 117: /* filegen_option: link_nolink */ -#line 777 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 779 "../../ntpd/ntp_parser.y" { const char *err; @@ -2805,69 +2789,59 @@ yyreduce: yyerror(err); } } -#line 2809 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2793 "ntp_parser.c" break; case 118: /* filegen_option: enable_disable */ -#line 792 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 794 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } -#line 2815 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2799 "ntp_parser.c" break; case 130: /* access_control_command: T_Discard discard_option_list */ -#line 822 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 824 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.discard_opts, (yyvsp[0].Attr_val_fifo)); } -#line 2823 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2807 "ntp_parser.c" break; case 131: /* access_control_command: T_Mru mru_option_list */ -#line 826 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 828 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.mru_opts, (yyvsp[0].Attr_val_fifo)); } -#line 2831 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" - break; - - case 132: /* access_control_command: T_Restrict address res_ippeerlimit ac_flag_list */ -#line 830 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" - { - restrict_node *rn; - - rn = create_restrict_node((yyvsp[-2].Address_node), NULL, (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), - lex_current()->curpos.nline); - APPEND_G_FIFO(cfgt.restrict_opts, rn); - } -#line 2843 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2815 "ntp_parser.c" break; - case 133: /* access_control_command: T_Restrict address T_Mask ip_address res_ippeerlimit ac_flag_list */ -#line 838 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 132: /* access_control_command: T_Restrict address restrict_mask res_ippeerlimit ac_flag_list */ +#line 832 "../../ntpd/ntp_parser.y" { restrict_node *rn; - rn = create_restrict_node((yyvsp[-4].Address_node), (yyvsp[-2].Address_node), (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), - lex_current()->curpos.nline); + rn = create_restrict_node((yyvsp[-3].Address_node), (yyvsp[-2].Address_node), (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2855 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2828 "ntp_parser.c" break; - case 134: /* access_control_command: T_Restrict T_Default res_ippeerlimit ac_flag_list */ -#line 846 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 133: /* access_control_command: T_Restrict T_Default res_ippeerlimit ac_flag_list */ +#line 841 "../../ntpd/ntp_parser.y" { restrict_node *rn; - rn = create_restrict_node(NULL, NULL, (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), - lex_current()->curpos.nline); + rn = create_restrict_node(NULL, NULL, (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2867 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2841 "ntp_parser.c" break; - case 135: /* access_control_command: T_Restrict T_Ipv4_flag T_Default res_ippeerlimit ac_flag_list */ -#line 854 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 134: /* access_control_command: T_Restrict T_Ipv4_flag T_Default res_ippeerlimit ac_flag_list */ +#line 850 "../../ntpd/ntp_parser.y" { restrict_node *rn; @@ -2878,15 +2852,16 @@ yyreduce: create_address_node( estrdup("0.0.0.0"), AF_INET), - (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), - lex_current()->curpos.nline); + (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2886 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2861 "ntp_parser.c" break; - case 136: /* access_control_command: T_Restrict T_Ipv6_flag T_Default res_ippeerlimit ac_flag_list */ -#line 869 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 135: /* access_control_command: T_Restrict T_Ipv6_flag T_Default res_ippeerlimit ac_flag_list */ +#line 866 "../../ntpd/ntp_parser.y" { restrict_node *rn; @@ -2897,34 +2872,79 @@ yyreduce: create_address_node( estrdup("::"), AF_INET6), - (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), - lex_current()->curpos.nline); + (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2905 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2881 "ntp_parser.c" break; - case 137: /* access_control_command: T_Restrict T_Source res_ippeerlimit ac_flag_list */ -#line 884 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 136: /* access_control_command: T_Restrict T_Source res_ippeerlimit ac_flag_list */ +#line 882 "../../ntpd/ntp_parser.y" { restrict_node * rn; APPEND_G_FIFO((yyvsp[0].Attr_val_fifo), create_attr_ival((yyvsp[-2].Integer), 1)); - rn = create_restrict_node( - NULL, NULL, (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), lex_current()->curpos.nline); + rn = create_restrict_node(NULL, NULL, (yyvsp[-1].Integer), (yyvsp[0].Attr_val_fifo), FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } -#line 2918 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2895 "ntp_parser.c" break; - case 138: /* res_ippeerlimit: %empty */ -#line 896 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 137: /* access_control_command: T_Delrestrict ip_address restrict_mask */ +#line 892 "../../ntpd/ntp_parser.y" + { + restrict_node * rn; + + rn = create_restrict_node((yyvsp[-1].Address_node), (yyvsp[0].Address_node), -1, NULL, TRUE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); + APPEND_G_FIFO(cfgt.restrict_opts, rn); + } +#line 2908 "ntp_parser.c" + break; + + case 138: /* access_control_command: T_Delrestrict T_Source ip_address */ +#line 901 "../../ntpd/ntp_parser.y" + { + restrict_node * rn; + attr_val_fifo * avf; + + avf = NULL; + APPEND_G_FIFO(avf, create_attr_ival((yyvsp[-1].Integer), 1)); + rn = create_restrict_node((yyvsp[0].Address_node), NULL, -1, avf, TRUE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); + APPEND_G_FIFO(cfgt.restrict_opts, rn); + } +#line 2924 "ntp_parser.c" + break; + + case 139: /* restrict_mask: %empty */ +#line 916 "../../ntpd/ntp_parser.y" + { (yyval.Address_node) = NULL; } +#line 2930 "ntp_parser.c" + break; + + case 140: /* restrict_mask: T_Mask ip_address */ +#line 918 "../../ntpd/ntp_parser.y" + { + (yyval.Address_node) = (yyvsp[0].Address_node); + } +#line 2938 "ntp_parser.c" + break; + + case 141: /* res_ippeerlimit: %empty */ +#line 925 "../../ntpd/ntp_parser.y" { (yyval.Integer) = -1; } -#line 2924 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2944 "ntp_parser.c" break; - case 139: /* res_ippeerlimit: T_Ippeerlimit T_Integer */ -#line 898 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 142: /* res_ippeerlimit: T_Ippeerlimit T_Integer */ +#line 927 "../../ntpd/ntp_parser.y" { if (((yyvsp[0].Integer) < -1) || ((yyvsp[0].Integer) > 100)) { struct FILE_INFO * ip_ctx; @@ -2934,23 +2954,23 @@ yyreduce: "Unreasonable ippeerlimit value (%d) in %s line %d, column %d. Using 0.", (yyvsp[0].Integer), ip_ctx->fname, - ip_ctx->errpos.nline, - ip_ctx->errpos.ncol); + ip_ctx->curpos.nline, + ip_ctx->curpos.ncol); (yyvsp[0].Integer) = 0; } (yyval.Integer) = (yyvsp[0].Integer); } -#line 2944 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2964 "ntp_parser.c" break; - case 140: /* ac_flag_list: %empty */ -#line 917 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 143: /* ac_flag_list: %empty */ +#line 946 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; } -#line 2950 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2970 "ntp_parser.c" break; - case 141: /* ac_flag_list: ac_flag_list access_control_flag */ -#line 919 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 144: /* ac_flag_list: ac_flag_list access_control_flag */ +#line 948 "../../ntpd/ntp_parser.y" { attr_val *av; @@ -2958,11 +2978,11 @@ yyreduce: av = create_attr_ival((yyvsp[0].Integer), 1); APPEND_G_FIFO((yyval.Attr_val_fifo), av); } -#line 2962 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2982 "ntp_parser.c" break; - case 142: /* ac_flag_list: ac_flag_list T_Serverresponse T_Fuzz */ -#line 927 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 145: /* ac_flag_list: ac_flag_list T_Serverresponse T_Fuzz */ +#line 956 "../../ntpd/ntp_parser.y" { attr_val *av; @@ -2970,100 +2990,100 @@ yyreduce: av = create_attr_ival(T_ServerresponseFuzz, 1); APPEND_G_FIFO((yyval.Attr_val_fifo), av); } -#line 2974 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 2994 "ntp_parser.c" break; - case 160: /* discard_option_list: discard_option_list discard_option */ -#line 958 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 163: /* discard_option_list: discard_option_list discard_option */ +#line 987 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2983 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3003 "ntp_parser.c" break; - case 161: /* discard_option_list: discard_option */ -#line 963 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 164: /* discard_option_list: discard_option */ +#line 992 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 2992 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3012 "ntp_parser.c" break; - case 162: /* discard_option: discard_option_keyword T_Integer */ -#line 971 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 165: /* discard_option: discard_option_keyword T_Integer */ +#line 1000 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 2998 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3018 "ntp_parser.c" break; - case 166: /* mru_option_list: mru_option_list mru_option */ -#line 982 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 169: /* mru_option_list: mru_option_list mru_option */ +#line 1011 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3007 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3027 "ntp_parser.c" break; - case 167: /* mru_option_list: mru_option */ -#line 987 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 170: /* mru_option_list: mru_option */ +#line 1016 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3016 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3036 "ntp_parser.c" break; - case 168: /* mru_option: mru_option_keyword T_Integer */ -#line 995 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 171: /* mru_option: mru_option_keyword T_Integer */ +#line 1024 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 3022 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3042 "ntp_parser.c" break; - case 177: /* fudge_command: T_Fudge address fudge_factor_list */ -#line 1015 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 180: /* fudge_command: T_Fudge address fudge_factor_list */ +#line 1044 "../../ntpd/ntp_parser.y" { addr_opts_node *aon; aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.fudge, aon); } -#line 3033 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3053 "ntp_parser.c" break; - case 178: /* fudge_factor_list: fudge_factor_list fudge_factor */ -#line 1025 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 181: /* fudge_factor_list: fudge_factor_list fudge_factor */ +#line 1054 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3042 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3062 "ntp_parser.c" break; - case 179: /* fudge_factor_list: fudge_factor */ -#line 1030 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 182: /* fudge_factor_list: fudge_factor */ +#line 1059 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3051 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3071 "ntp_parser.c" break; - case 180: /* fudge_factor: fudge_factor_dbl_keyword number */ -#line 1038 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 183: /* fudge_factor: fudge_factor_dbl_keyword number */ +#line 1067 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } -#line 3057 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3077 "ntp_parser.c" break; - case 181: /* fudge_factor: fudge_factor_bool_keyword boolean */ -#line 1040 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 184: /* fudge_factor: fudge_factor_bool_keyword boolean */ +#line 1069 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 3063 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3083 "ntp_parser.c" break; - case 182: /* fudge_factor: T_Stratum T_Integer */ -#line 1042 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 185: /* fudge_factor: T_Stratum T_Integer */ +#line 1071 "../../ntpd/ntp_parser.y" { if ((yyvsp[0].Integer) >= 0 && (yyvsp[0].Integer) <= 16) { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); @@ -3072,124 +3092,124 @@ yyreduce: yyerror("fudge factor: stratum value not in [0..16], ignored"); } } -#line 3076 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3096 "ntp_parser.c" break; - case 183: /* fudge_factor: T_Abbrev T_String */ -#line 1051 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 186: /* fudge_factor: T_Abbrev T_String */ +#line 1080 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 3082 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3102 "ntp_parser.c" break; - case 184: /* fudge_factor: T_Refid T_String */ -#line 1053 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 187: /* fudge_factor: T_Refid T_String */ +#line 1082 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 3088 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3108 "ntp_parser.c" break; - case 192: /* device_command: T_Device address device_item_list */ -#line 1075 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 195: /* device_command: T_Device address device_item_list */ +#line 1104 "../../ntpd/ntp_parser.y" { addr_opts_node *aon; aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.device, aon); } -#line 3099 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3119 "ntp_parser.c" break; - case 193: /* device_item_list: device_item_list device_item */ -#line 1085 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 196: /* device_item_list: device_item_list device_item */ +#line 1114 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3108 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3128 "ntp_parser.c" break; - case 194: /* device_item_list: device_item */ -#line 1090 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 197: /* device_item_list: device_item */ +#line 1119 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3117 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3137 "ntp_parser.c" break; - case 195: /* device_item: device_item_path_keyword T_String */ -#line 1098 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 198: /* device_item: device_item_path_keyword T_String */ +#line 1127 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); } -#line 3123 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3143 "ntp_parser.c" break; - case 198: /* rlimit_command: T_Rlimit rlimit_option_list */ -#line 1112 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 201: /* rlimit_command: T_Rlimit rlimit_option_list */ +#line 1141 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.rlimit, (yyvsp[0].Attr_val_fifo)); } -#line 3129 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3149 "ntp_parser.c" break; - case 199: /* rlimit_option_list: rlimit_option_list rlimit_option */ -#line 1117 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 202: /* rlimit_option_list: rlimit_option_list rlimit_option */ +#line 1146 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3138 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3158 "ntp_parser.c" break; - case 200: /* rlimit_option_list: rlimit_option */ -#line 1122 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 203: /* rlimit_option_list: rlimit_option */ +#line 1151 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3147 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3167 "ntp_parser.c" break; - case 201: /* rlimit_option: rlimit_option_keyword T_Integer */ -#line 1130 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 204: /* rlimit_option: rlimit_option_keyword T_Integer */ +#line 1159 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 3153 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3173 "ntp_parser.c" break; - case 205: /* system_option_command: T_Enable system_option_list */ -#line 1146 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 208: /* system_option_command: T_Enable system_option_list */ +#line 1175 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.enable_opts, (yyvsp[0].Attr_val_fifo)); } -#line 3159 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3179 "ntp_parser.c" break; - case 206: /* system_option_command: T_Disable system_option_list */ -#line 1148 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 209: /* system_option_command: T_Disable system_option_list */ +#line 1177 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.disable_opts, (yyvsp[0].Attr_val_fifo)); } -#line 3165 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3185 "ntp_parser.c" break; - case 207: /* system_option_list: system_option_list system_option */ -#line 1153 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 210: /* system_option_list: system_option_list system_option */ +#line 1182 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3174 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3194 "ntp_parser.c" break; - case 208: /* system_option_list: system_option */ -#line 1158 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 211: /* system_option_list: system_option */ +#line 1187 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3183 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3203 "ntp_parser.c" break; - case 209: /* system_option: system_option_flag_keyword */ -#line 1166 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 212: /* system_option: system_option_flag_keyword */ +#line 1195 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); } -#line 3189 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3209 "ntp_parser.c" break; - case 210: /* system_option: system_option_local_flag_keyword */ -#line 1168 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 213: /* system_option: system_option_local_flag_keyword */ +#line 1197 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { (yyval.Attr_val) = create_attr_ival(T_Flag, (yyvsp[0].Integer)); @@ -3203,74 +3223,74 @@ yyreduce: yyerror(err_str); } } -#line 3207 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3227 "ntp_parser.c" break; - case 223: /* tinker_command: T_Tinker tinker_option_list */ -#line 1207 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 226: /* tinker_command: T_Tinker tinker_option_list */ +#line 1236 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.tinker, (yyvsp[0].Attr_val_fifo)); } -#line 3213 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3233 "ntp_parser.c" break; - case 224: /* tinker_option_list: tinker_option_list tinker_option */ -#line 1212 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 227: /* tinker_option_list: tinker_option_list tinker_option */ +#line 1241 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3222 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3242 "ntp_parser.c" break; - case 225: /* tinker_option_list: tinker_option */ -#line 1217 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 228: /* tinker_option_list: tinker_option */ +#line 1246 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3231 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3251 "ntp_parser.c" break; - case 226: /* tinker_option: tinker_option_keyword number */ -#line 1225 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 229: /* tinker_option: tinker_option_keyword number */ +#line 1254 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); } -#line 3237 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3257 "ntp_parser.c" break; - case 239: /* miscellaneous_command: misc_cmd_dbl_keyword number */ -#line 1250 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 242: /* miscellaneous_command: misc_cmd_dbl_keyword number */ +#line 1279 "../../ntpd/ntp_parser.y" { attr_val *av; av = create_attr_dval((yyvsp[-1].Integer), (yyvsp[0].Double)); APPEND_G_FIFO(cfgt.vars, av); } -#line 3248 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3268 "ntp_parser.c" break; - case 240: /* miscellaneous_command: misc_cmd_int_keyword T_Integer */ -#line 1257 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 243: /* miscellaneous_command: misc_cmd_int_keyword T_Integer */ +#line 1286 "../../ntpd/ntp_parser.y" { attr_val *av; av = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); APPEND_G_FIFO(cfgt.vars, av); } -#line 3259 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3279 "ntp_parser.c" break; - case 241: /* miscellaneous_command: misc_cmd_str_keyword T_String */ -#line 1264 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 244: /* miscellaneous_command: misc_cmd_str_keyword T_String */ +#line 1293 "../../ntpd/ntp_parser.y" { attr_val *av; av = create_attr_sval((yyvsp[-1].Integer), (yyvsp[0].String)); APPEND_G_FIFO(cfgt.vars, av); } -#line 3270 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3290 "ntp_parser.c" break; - case 242: /* miscellaneous_command: misc_cmd_str_lcl_keyword T_String */ -#line 1271 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 245: /* miscellaneous_command: misc_cmd_str_lcl_keyword T_String */ +#line 1300 "../../ntpd/ntp_parser.y" { char error_text[64]; attr_val *av; @@ -3286,11 +3306,11 @@ yyreduce: yyerror(error_text); } } -#line 3290 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3310 "ntp_parser.c" break; - case 243: /* miscellaneous_command: T_Includefile T_String command */ -#line 1287 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 246: /* miscellaneous_command: T_Includefile T_String command */ +#line 1316 "../../ntpd/ntp_parser.y" { if (!lex_from_file()) { YYFREE((yyvsp[-1].String)); /* avoid leak */ @@ -3309,11 +3329,11 @@ yyreduce: } YYFREE((yyvsp[-1].String)); /* avoid leak */ } -#line 3313 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3333 "ntp_parser.c" break; - case 244: /* miscellaneous_command: T_Leapfile T_String opt_hash_check */ -#line 1306 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 247: /* miscellaneous_command: T_Leapfile T_String opt_hash_check */ +#line 1335 "../../ntpd/ntp_parser.y" { attr_val *av; @@ -3321,92 +3341,92 @@ yyreduce: av->flag = (yyvsp[0].Integer); APPEND_G_FIFO(cfgt.vars, av); } -#line 3325 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3345 "ntp_parser.c" break; - case 245: /* miscellaneous_command: T_End */ -#line 1314 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 248: /* miscellaneous_command: T_End */ +#line 1343 "../../ntpd/ntp_parser.y" { lex_flush_stack(); } -#line 3331 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3351 "ntp_parser.c" break; - case 246: /* miscellaneous_command: T_Driftfile drift_parm */ -#line 1316 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 249: /* miscellaneous_command: T_Driftfile drift_parm */ +#line 1345 "../../ntpd/ntp_parser.y" { /* see drift_parm below for actions */ } -#line 3337 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3357 "ntp_parser.c" break; - case 247: /* miscellaneous_command: T_Logconfig log_config_list */ -#line 1318 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 250: /* miscellaneous_command: T_Logconfig log_config_list */ +#line 1347 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.logconfig, (yyvsp[0].Attr_val_fifo)); } -#line 3343 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3363 "ntp_parser.c" break; - case 248: /* miscellaneous_command: T_Phone string_list */ -#line 1320 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 251: /* miscellaneous_command: T_Phone string_list */ +#line 1349 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.phone, (yyvsp[0].String_fifo)); } -#line 3349 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3369 "ntp_parser.c" break; - case 249: /* miscellaneous_command: T_PollSkewList pollskew_list */ -#line 1322 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 252: /* miscellaneous_command: T_PollSkewList pollskew_list */ +#line 1351 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.pollskewlist, (yyvsp[0].Attr_val_fifo)); } -#line 3355 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3375 "ntp_parser.c" break; - case 250: /* miscellaneous_command: T_Setvar variable_assign */ -#line 1324 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 253: /* miscellaneous_command: T_Setvar variable_assign */ +#line 1353 "../../ntpd/ntp_parser.y" { APPEND_G_FIFO(cfgt.setvar, (yyvsp[0].Set_var)); } -#line 3361 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3381 "ntp_parser.c" break; - case 251: /* miscellaneous_command: T_Trap ip_address trap_option_list */ -#line 1326 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 254: /* miscellaneous_command: T_Trap ip_address trap_option_list */ +#line 1355 "../../ntpd/ntp_parser.y" { addr_opts_node *aon; aon = create_addr_opts_node((yyvsp[-1].Address_node), (yyvsp[0].Attr_val_fifo)); APPEND_G_FIFO(cfgt.trap, aon); } -#line 3372 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3392 "ntp_parser.c" break; - case 252: /* miscellaneous_command: T_Ttl integer_list */ -#line 1333 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 255: /* miscellaneous_command: T_Ttl integer_list */ +#line 1362 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.ttl, (yyvsp[0].Attr_val_fifo)); } -#line 3378 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3398 "ntp_parser.c" break; - case 257: /* misc_cmd_int_keyword: T_Leapsmearinterval */ -#line 1348 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 260: /* misc_cmd_int_keyword: T_Leapsmearinterval */ +#line 1377 "../../ntpd/ntp_parser.y" { #ifndef LEAP_SMEAR yyerror("Built without LEAP_SMEAR support."); #endif } -#line 3388 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3408 "ntp_parser.c" break; - case 258: /* opt_hash_check: T_Ignorehash */ -#line 1357 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 261: /* opt_hash_check: T_Ignorehash */ +#line 1386 "../../ntpd/ntp_parser.y" { (yyval.Integer) = FALSE; } -#line 3394 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3414 "ntp_parser.c" break; - case 259: /* opt_hash_check: T_Checkhash */ -#line 1359 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 262: /* opt_hash_check: T_Checkhash */ +#line 1388 "../../ntpd/ntp_parser.y" { (yyval.Integer) = TRUE; } -#line 3400 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3420 "ntp_parser.c" break; - case 260: /* opt_hash_check: %empty */ -#line 1361 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 263: /* opt_hash_check: %empty */ +#line 1390 "../../ntpd/ntp_parser.y" { (yyval.Integer) = TRUE; } -#line 3406 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3426 "ntp_parser.c" break; - case 265: /* drift_parm: T_String */ -#line 1376 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 268: /* drift_parm: T_String */ +#line 1405 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { attr_val *av; @@ -3417,11 +3437,11 @@ yyreduce: yyerror("driftfile remote configuration ignored"); } } -#line 3421 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3441 "ntp_parser.c" break; - case 266: /* drift_parm: T_String T_Double */ -#line 1387 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 269: /* drift_parm: T_String T_Double */ +#line 1416 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { attr_val *av; @@ -3438,11 +3458,11 @@ yyreduce: yyerror("driftfile remote configuration ignored"); } } -#line 3442 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3462 "ntp_parser.c" break; - case 267: /* drift_parm: %empty */ -#line 1404 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 270: /* drift_parm: %empty */ +#line 1433 "../../ntpd/ntp_parser.y" { if (lex_from_file()) { attr_val *av; @@ -3452,23 +3472,23 @@ yyreduce: yyerror("driftfile remote configuration ignored"); } } -#line 3456 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3476 "ntp_parser.c" break; - case 268: /* pollskew_list: %empty */ -#line 1417 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 271: /* pollskew_list: %empty */ +#line 1446 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; } -#line 3462 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3482 "ntp_parser.c" break; - case 269: /* pollskew_list: pollskew_list pollskew_spec */ -#line 1419 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 272: /* pollskew_list: pollskew_list pollskew_spec */ +#line 1448 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = append_gen_fifo((yyvsp[-1].Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3468 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3488 "ntp_parser.c" break; - case 270: /* pollskew_spec: pollskew_cycle T_Integer '|' T_Integer */ -#line 1424 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 273: /* pollskew_spec: pollskew_cycle T_Integer '|' T_Integer */ +#line 1453 "../../ntpd/ntp_parser.y" { if ((yyvsp[-2].Integer) < 0 || (yyvsp[0].Integer) < 0) { /* bad numbers */ @@ -3491,83 +3511,87 @@ yyreduce: } (yyval.Attr_val) = (yyvsp[-3].Attr_val); } -#line 3495 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3515 "ntp_parser.c" break; - case 271: /* pollskew_cycle: T_Integer */ -#line 1449 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" - { (yyval.Attr_val) = ((yyvsp[0].Integer) >= 3 && (yyvsp[0].Integer) <= 17) ? create_attr_rval((yyvsp[0].Integer), 0, 0) : NULL; } -#line 3501 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" + case 274: /* pollskew_cycle: T_Integer */ +#line 1479 "../../ntpd/ntp_parser.y" + { + (yyval.Attr_val) = ((yyvsp[0].Integer) >= NTP_MINPOLL && (yyvsp[0].Integer) <= NTP_MAXPOLL) + ? create_attr_rval((yyvsp[0].Integer), 0, 0) + : NULL; + } +#line 3525 "ntp_parser.c" break; - case 272: /* pollskew_cycle: T_Default */ -#line 1450 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 275: /* pollskew_cycle: T_Default */ +#line 1484 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_rval(-1, 0, 0); } -#line 3507 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3531 "ntp_parser.c" break; - case 273: /* variable_assign: T_String '=' T_String t_default_or_zero */ -#line 1456 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 276: /* variable_assign: T_String '=' T_String t_default_or_zero */ +#line 1490 "../../ntpd/ntp_parser.y" { (yyval.Set_var) = create_setvar_node((yyvsp[-3].String), (yyvsp[-1].String), (yyvsp[0].Integer)); } -#line 3513 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3537 "ntp_parser.c" break; - case 275: /* t_default_or_zero: %empty */ -#line 1462 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 278: /* t_default_or_zero: %empty */ +#line 1496 "../../ntpd/ntp_parser.y" { (yyval.Integer) = 0; } -#line 3519 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3543 "ntp_parser.c" break; - case 276: /* trap_option_list: %empty */ -#line 1467 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 279: /* trap_option_list: %empty */ +#line 1501 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; } -#line 3525 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3549 "ntp_parser.c" break; - case 277: /* trap_option_list: trap_option_list trap_option */ -#line 1469 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 280: /* trap_option_list: trap_option_list trap_option */ +#line 1503 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3534 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3558 "ntp_parser.c" break; - case 278: /* trap_option: T_Port T_Integer */ -#line 1477 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 281: /* trap_option: T_Port T_Integer */ +#line 1511 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival((yyvsp[-1].Integer), (yyvsp[0].Integer)); } -#line 3540 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3564 "ntp_parser.c" break; - case 279: /* trap_option: T_Interface ip_address */ -#line 1479 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 282: /* trap_option: T_Interface ip_address */ +#line 1513 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_sval((yyvsp[-1].Integer), estrdup((yyvsp[0].Address_node)->address)); destroy_address_node((yyvsp[0].Address_node)); } -#line 3549 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3573 "ntp_parser.c" break; - case 280: /* log_config_list: log_config_list log_config_command */ -#line 1487 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 283: /* log_config_list: log_config_list log_config_command */ +#line 1521 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3558 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3582 "ntp_parser.c" break; - case 281: /* log_config_list: log_config_command */ -#line 1492 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 284: /* log_config_list: log_config_command */ +#line 1526 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3567 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3591 "ntp_parser.c" break; - case 282: /* log_config_command: T_String */ -#line 1500 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 285: /* log_config_command: T_String */ +#line 1534 "../../ntpd/ntp_parser.y" { char prefix; char * type; @@ -3589,141 +3613,141 @@ yyreduce: (yyval.Attr_val) = create_attr_sval(prefix, estrdup(type)); YYFREE((yyvsp[0].String)); } -#line 3593 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3617 "ntp_parser.c" break; - case 283: /* interface_command: interface_nic nic_rule_action nic_rule_class */ -#line 1525 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 286: /* interface_command: interface_nic nic_rule_action nic_rule_class */ +#line 1559 "../../ntpd/ntp_parser.y" { nic_rule_node *nrn; nrn = create_nic_rule_node((yyvsp[0].Integer), NULL, (yyvsp[-1].Integer)); APPEND_G_FIFO(cfgt.nic_rules, nrn); } -#line 3604 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3628 "ntp_parser.c" break; - case 284: /* interface_command: interface_nic nic_rule_action T_String */ -#line 1532 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 287: /* interface_command: interface_nic nic_rule_action T_String */ +#line 1566 "../../ntpd/ntp_parser.y" { nic_rule_node *nrn; nrn = create_nic_rule_node(0, (yyvsp[0].String), (yyvsp[-1].Integer)); APPEND_G_FIFO(cfgt.nic_rules, nrn); } -#line 3615 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3639 "ntp_parser.c" break; - case 294: /* reset_command: T_Reset counter_set_list */ -#line 1560 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 297: /* reset_command: T_Reset counter_set_list */ +#line 1594 "../../ntpd/ntp_parser.y" { CONCAT_G_FIFOS(cfgt.reset_counters, (yyvsp[0].Int_fifo)); } -#line 3621 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3645 "ntp_parser.c" break; - case 295: /* counter_set_list: counter_set_list counter_set_keyword */ -#line 1565 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 298: /* counter_set_list: counter_set_list counter_set_keyword */ +#line 1599 "../../ntpd/ntp_parser.y" { (yyval.Int_fifo) = (yyvsp[-1].Int_fifo); APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3630 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3654 "ntp_parser.c" break; - case 296: /* counter_set_list: counter_set_keyword */ -#line 1570 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 299: /* counter_set_list: counter_set_keyword */ +#line 1604 "../../ntpd/ntp_parser.y" { (yyval.Int_fifo) = NULL; APPEND_G_FIFO((yyval.Int_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3639 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3663 "ntp_parser.c" break; - case 304: /* integer_list: integer_list T_Integer */ -#line 1594 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 307: /* integer_list: integer_list T_Integer */ +#line 1628 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3648 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3672 "ntp_parser.c" break; - case 305: /* integer_list: T_Integer */ -#line 1599 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 308: /* integer_list: T_Integer */ +#line 1633 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), create_int_node((yyvsp[0].Integer))); } -#line 3657 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3681 "ntp_parser.c" break; - case 306: /* integer_list_range: integer_list_range integer_list_range_elt */ -#line 1607 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 309: /* integer_list_range: integer_list_range integer_list_range_elt */ +#line 1641 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-1].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3666 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3690 "ntp_parser.c" break; - case 307: /* integer_list_range: integer_list_range_elt */ -#line 1612 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 310: /* integer_list_range: integer_list_range_elt */ +#line 1646 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[0].Attr_val)); } -#line 3675 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3699 "ntp_parser.c" break; - case 308: /* integer_list_range_elt: T_Integer */ -#line 1620 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 311: /* integer_list_range_elt: T_Integer */ +#line 1654 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_ival('i', (yyvsp[0].Integer)); } -#line 3681 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3705 "ntp_parser.c" break; - case 310: /* integer_range: '(' T_Integer T_Ellipsis T_Integer ')' */ -#line 1626 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 313: /* integer_range: '(' T_Integer T_Ellipsis T_Integer ')' */ +#line 1660 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_rval('-', (yyvsp[-3].Integer), (yyvsp[-1].Integer)); } -#line 3687 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3711 "ntp_parser.c" break; - case 311: /* string_list: string_list T_String */ -#line 1631 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 314: /* string_list: string_list T_String */ +#line 1665 "../../ntpd/ntp_parser.y" { (yyval.String_fifo) = (yyvsp[-1].String_fifo); APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String))); } -#line 3696 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3720 "ntp_parser.c" break; - case 312: /* string_list: T_String */ -#line 1636 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 315: /* string_list: T_String */ +#line 1670 "../../ntpd/ntp_parser.y" { (yyval.String_fifo) = NULL; APPEND_G_FIFO((yyval.String_fifo), create_string_node((yyvsp[0].String))); } -#line 3705 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3729 "ntp_parser.c" break; - case 313: /* address_list: address_list address */ -#line 1644 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 316: /* address_list: address_list address */ +#line 1678 "../../ntpd/ntp_parser.y" { (yyval.Address_fifo) = (yyvsp[-1].Address_fifo); APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node)); } -#line 3714 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3738 "ntp_parser.c" break; - case 314: /* address_list: address */ -#line 1649 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 317: /* address_list: address */ +#line 1683 "../../ntpd/ntp_parser.y" { (yyval.Address_fifo) = NULL; APPEND_G_FIFO((yyval.Address_fifo), (yyvsp[0].Address_node)); } -#line 3723 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3747 "ntp_parser.c" break; - case 315: /* boolean: T_Integer */ -#line 1657 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 318: /* boolean: T_Integer */ +#line 1691 "../../ntpd/ntp_parser.y" { if ((yyvsp[0].Integer) != 0 && (yyvsp[0].Integer) != 1) { yyerror("Integer value is not boolean (0 or 1). Assuming 1"); @@ -3732,35 +3756,35 @@ yyreduce: (yyval.Integer) = (yyvsp[0].Integer); } } -#line 3736 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3760 "ntp_parser.c" break; - case 316: /* boolean: T_True */ -#line 1665 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 319: /* boolean: T_True */ +#line 1699 "../../ntpd/ntp_parser.y" { (yyval.Integer) = 1; } -#line 3742 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3766 "ntp_parser.c" break; - case 317: /* boolean: T_False */ -#line 1666 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 320: /* boolean: T_False */ +#line 1700 "../../ntpd/ntp_parser.y" { (yyval.Integer) = 0; } -#line 3748 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3772 "ntp_parser.c" break; - case 318: /* number: T_Integer */ -#line 1670 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 321: /* number: T_Integer */ +#line 1704 "../../ntpd/ntp_parser.y" { (yyval.Double) = (double)(yyvsp[0].Integer); } -#line 3754 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3778 "ntp_parser.c" break; - case 320: /* basedate: T_Basedate T_String */ -#line 1676 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 323: /* basedate: T_Basedate T_String */ +#line 1710 "../../ntpd/ntp_parser.y" { (yyval.Integer) = basedate_eval_string((yyvsp[0].String)); YYFREE((yyvsp[0].String)); } -#line 3760 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3784 "ntp_parser.c" break; - case 321: /* simulate_command: sim_conf_start '{' sim_init_statement_list sim_server_list '}' */ -#line 1684 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 324: /* simulate_command: sim_conf_start '{' sim_init_statement_list sim_server_list '}' */ +#line 1718 "../../ntpd/ntp_parser.y" { sim_node *sn; @@ -3770,125 +3794,125 @@ yyreduce: /* Revert from ; to \n for end-of-command */ old_config_style = 1; } -#line 3774 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3798 "ntp_parser.c" break; - case 322: /* sim_conf_start: T_Simulate */ -#line 1701 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 325: /* sim_conf_start: T_Simulate */ +#line 1735 "../../ntpd/ntp_parser.y" { old_config_style = 0; } -#line 3780 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3804 "ntp_parser.c" break; - case 323: /* sim_init_statement_list: sim_init_statement_list sim_init_statement T_EOC */ -#line 1706 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 326: /* sim_init_statement_list: sim_init_statement_list sim_init_statement T_EOC */ +#line 1740 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3789 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3813 "ntp_parser.c" break; - case 324: /* sim_init_statement_list: sim_init_statement T_EOC */ -#line 1711 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 327: /* sim_init_statement_list: sim_init_statement T_EOC */ +#line 1745 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3798 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3822 "ntp_parser.c" break; - case 325: /* sim_init_statement: sim_init_keyword '=' number */ -#line 1719 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 328: /* sim_init_statement: sim_init_keyword '=' number */ +#line 1753 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); } -#line 3804 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3828 "ntp_parser.c" break; - case 328: /* sim_server_list: sim_server_list sim_server */ -#line 1729 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 331: /* sim_server_list: sim_server_list sim_server */ +#line 1763 "../../ntpd/ntp_parser.y" { (yyval.Sim_server_fifo) = (yyvsp[-1].Sim_server_fifo); APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server)); } -#line 3813 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3837 "ntp_parser.c" break; - case 329: /* sim_server_list: sim_server */ -#line 1734 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 332: /* sim_server_list: sim_server */ +#line 1768 "../../ntpd/ntp_parser.y" { (yyval.Sim_server_fifo) = NULL; APPEND_G_FIFO((yyval.Sim_server_fifo), (yyvsp[0].Sim_server)); } -#line 3822 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3846 "ntp_parser.c" break; - case 330: /* sim_server: sim_server_name '{' sim_server_offset sim_act_list '}' */ -#line 1742 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 333: /* sim_server: sim_server_name '{' sim_server_offset sim_act_list '}' */ +#line 1776 "../../ntpd/ntp_parser.y" { (yyval.Sim_server) = ONLY_SIM(create_sim_server((yyvsp[-4].Address_node), (yyvsp[-2].Double), (yyvsp[-1].Sim_script_fifo))); } -#line 3828 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3852 "ntp_parser.c" break; - case 331: /* sim_server_offset: T_Server_Offset '=' number T_EOC */ -#line 1747 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 334: /* sim_server_offset: T_Server_Offset '=' number T_EOC */ +#line 1781 "../../ntpd/ntp_parser.y" { (yyval.Double) = (yyvsp[-1].Double); } -#line 3834 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3858 "ntp_parser.c" break; - case 332: /* sim_server_name: T_Server '=' address */ -#line 1752 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 335: /* sim_server_name: T_Server '=' address */ +#line 1786 "../../ntpd/ntp_parser.y" { (yyval.Address_node) = (yyvsp[0].Address_node); } -#line 3840 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3864 "ntp_parser.c" break; - case 333: /* sim_act_list: sim_act_list sim_act */ -#line 1757 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 336: /* sim_act_list: sim_act_list sim_act */ +#line 1791 "../../ntpd/ntp_parser.y" { (yyval.Sim_script_fifo) = (yyvsp[-1].Sim_script_fifo); APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script)); } -#line 3849 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3873 "ntp_parser.c" break; - case 334: /* sim_act_list: sim_act */ -#line 1762 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 337: /* sim_act_list: sim_act */ +#line 1796 "../../ntpd/ntp_parser.y" { (yyval.Sim_script_fifo) = NULL; APPEND_G_FIFO((yyval.Sim_script_fifo), (yyvsp[0].Sim_script)); } -#line 3858 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3882 "ntp_parser.c" break; - case 335: /* sim_act: T_Duration '=' number '{' sim_act_stmt_list '}' */ -#line 1770 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 338: /* sim_act: T_Duration '=' number '{' sim_act_stmt_list '}' */ +#line 1804 "../../ntpd/ntp_parser.y" { (yyval.Sim_script) = ONLY_SIM(create_sim_script_info((yyvsp[-3].Double), (yyvsp[-1].Attr_val_fifo))); } -#line 3864 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3888 "ntp_parser.c" break; - case 336: /* sim_act_stmt_list: sim_act_stmt_list sim_act_stmt T_EOC */ -#line 1775 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 339: /* sim_act_stmt_list: sim_act_stmt_list sim_act_stmt T_EOC */ +#line 1809 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = (yyvsp[-2].Attr_val_fifo); APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3873 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3897 "ntp_parser.c" break; - case 337: /* sim_act_stmt_list: sim_act_stmt T_EOC */ -#line 1780 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 340: /* sim_act_stmt_list: sim_act_stmt T_EOC */ +#line 1814 "../../ntpd/ntp_parser.y" { (yyval.Attr_val_fifo) = NULL; APPEND_G_FIFO((yyval.Attr_val_fifo), (yyvsp[-1].Attr_val)); } -#line 3882 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3906 "ntp_parser.c" break; - case 338: /* sim_act_stmt: sim_act_keyword '=' number */ -#line 1788 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" + case 341: /* sim_act_stmt: sim_act_keyword '=' number */ +#line 1822 "../../ntpd/ntp_parser.y" { (yyval.Attr_val) = create_attr_dval((yyvsp[-2].Integer), (yyvsp[0].Double)); } -#line 3888 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3912 "ntp_parser.c" break; -#line 3892 "../../../src/ntp-stable-3758/ntpd/ntp_parser.c" +#line 3916 "ntp_parser.c" default: break; } @@ -3970,6 +3994,7 @@ yyerrorlab: label yyerrorlab therefore never appears in user code. */ if (0) YYERROR; + ++yynerrs; /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ @@ -4030,7 +4055,7 @@ yyerrlab1: `-------------------------------------*/ yyacceptlab: yyresult = 0; - goto yyreturn; + goto yyreturnlab; /*-----------------------------------. @@ -4038,24 +4063,22 @@ yyacceptlab: `-----------------------------------*/ yyabortlab: yyresult = 1; - goto yyreturn; + goto yyreturnlab; -#if !defined yyoverflow -/*-------------------------------------------------. -| yyexhaustedlab -- memory exhaustion comes here. | -`-------------------------------------------------*/ +/*-----------------------------------------------------------. +| yyexhaustedlab -- YYNOMEM (memory exhaustion) comes here. | +`-----------------------------------------------------------*/ yyexhaustedlab: yyerror (YY_("memory exhausted")); yyresult = 2; - goto yyreturn; -#endif + goto yyreturnlab; -/*-------------------------------------------------------. -| yyreturn -- parsing is finished, clean up and return. | -`-------------------------------------------------------*/ -yyreturn: +/*----------------------------------------------------------. +| yyreturnlab -- parsing is finished, clean up and return. | +`----------------------------------------------------------*/ +yyreturnlab: if (yychar != YYEMPTY) { /* Make sure we have latest lookahead translation. See comments at @@ -4082,7 +4105,7 @@ yyreturn: return yyresult; } -#line 1799 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 1833 "../../ntpd/ntp_parser.y" void diff --git a/ntpd/ntp_parser.h b/ntpd/ntp_parser.h index 426b4b9666ba..2f8501a4b1dc 100644 --- a/ntpd/ntp_parser.h +++ b/ntpd/ntp_parser.h @@ -1,4 +1,4 @@ -/* A Bison parser, made by GNU Bison 3.7.6. */ +/* A Bison parser, made by GNU Bison 3.8.2. */ /* Bison interface for Yacc-like parsers in C @@ -35,8 +35,8 @@ especially those whose name start with YY_ or yy_. They are private implementation details that can be changed or removed. */ -#ifndef YY_YY__SRC_NTP_STABLE_NTPD_NTP_PARSER_H_INCLUDED -# define YY_YY__SRC_NTP_STABLE_NTPD_NTP_PARSER_H_INCLUDED +#ifndef YY_YY_NTP_PARSER_H_INCLUDED +# define YY_YY_NTP_PARSER_H_INCLUDED /* Debug traces. */ #ifndef YYDEBUG # define YYDEBUG 1 @@ -82,190 +82,191 @@ extern int yydebug; T_Ctl = 283, /* T_Ctl */ T_Day = 284, /* T_Day */ T_Default = 285, /* T_Default */ - T_Device = 286, /* T_Device */ - T_Digest = 287, /* T_Digest */ - T_Disable = 288, /* T_Disable */ - T_Discard = 289, /* T_Discard */ - T_Dispersion = 290, /* T_Dispersion */ - T_Double = 291, /* T_Double */ - T_Driftfile = 292, /* T_Driftfile */ - T_Drop = 293, /* T_Drop */ - T_Dscp = 294, /* T_Dscp */ - T_Ellipsis = 295, /* T_Ellipsis */ - T_Enable = 296, /* T_Enable */ - T_End = 297, /* T_End */ - T_Epeer = 298, /* T_Epeer */ - T_False = 299, /* T_False */ - T_File = 300, /* T_File */ - T_Filegen = 301, /* T_Filegen */ - T_Filenum = 302, /* T_Filenum */ - T_Flag1 = 303, /* T_Flag1 */ - T_Flag2 = 304, /* T_Flag2 */ - T_Flag3 = 305, /* T_Flag3 */ - T_Flag4 = 306, /* T_Flag4 */ - T_Flake = 307, /* T_Flake */ - T_Floor = 308, /* T_Floor */ - T_Freq = 309, /* T_Freq */ - T_Fudge = 310, /* T_Fudge */ - T_Fuzz = 311, /* T_Fuzz */ - T_Host = 312, /* T_Host */ - T_Huffpuff = 313, /* T_Huffpuff */ - T_Iburst = 314, /* T_Iburst */ - T_Ident = 315, /* T_Ident */ - T_Ignore = 316, /* T_Ignore */ - T_Ignorehash = 317, /* T_Ignorehash */ - T_Incalloc = 318, /* T_Incalloc */ - T_Incmem = 319, /* T_Incmem */ - T_Initalloc = 320, /* T_Initalloc */ - T_Initmem = 321, /* T_Initmem */ - T_Includefile = 322, /* T_Includefile */ - T_Integer = 323, /* T_Integer */ - T_Interface = 324, /* T_Interface */ - T_Intrange = 325, /* T_Intrange */ - T_Io = 326, /* T_Io */ - T_Ippeerlimit = 327, /* T_Ippeerlimit */ - T_Ipv4 = 328, /* T_Ipv4 */ - T_Ipv4_flag = 329, /* T_Ipv4_flag */ - T_Ipv6 = 330, /* T_Ipv6 */ - T_Ipv6_flag = 331, /* T_Ipv6_flag */ - T_Kernel = 332, /* T_Kernel */ - T_Key = 333, /* T_Key */ - T_Keys = 334, /* T_Keys */ - T_Keysdir = 335, /* T_Keysdir */ - T_Kod = 336, /* T_Kod */ - T_Leapfile = 337, /* T_Leapfile */ - T_Leapsmearinterval = 338, /* T_Leapsmearinterval */ - T_Limited = 339, /* T_Limited */ - T_Link = 340, /* T_Link */ - T_Listen = 341, /* T_Listen */ - T_Logconfig = 342, /* T_Logconfig */ - T_Logfile = 343, /* T_Logfile */ - T_Loopstats = 344, /* T_Loopstats */ - T_Lowpriotrap = 345, /* T_Lowpriotrap */ - T_Manycastclient = 346, /* T_Manycastclient */ - T_Manycastserver = 347, /* T_Manycastserver */ - T_Mask = 348, /* T_Mask */ - T_Maxage = 349, /* T_Maxage */ - T_Maxclock = 350, /* T_Maxclock */ - T_Maxdepth = 351, /* T_Maxdepth */ - T_Maxdist = 352, /* T_Maxdist */ - T_Maxmem = 353, /* T_Maxmem */ - T_Maxpoll = 354, /* T_Maxpoll */ - T_Mdnstries = 355, /* T_Mdnstries */ - T_Mem = 356, /* T_Mem */ - T_Memlock = 357, /* T_Memlock */ - T_Minclock = 358, /* T_Minclock */ - T_Mindepth = 359, /* T_Mindepth */ - T_Mindist = 360, /* T_Mindist */ - T_Minimum = 361, /* T_Minimum */ - T_Minjitter = 362, /* T_Minjitter */ - T_Minpoll = 363, /* T_Minpoll */ - T_Minsane = 364, /* T_Minsane */ - T_Mode = 365, /* T_Mode */ - T_Mode7 = 366, /* T_Mode7 */ - T_Monitor = 367, /* T_Monitor */ - T_Month = 368, /* T_Month */ - T_Mru = 369, /* T_Mru */ - T_Mssntp = 370, /* T_Mssntp */ - T_Multicastclient = 371, /* T_Multicastclient */ - T_Nic = 372, /* T_Nic */ - T_Nolink = 373, /* T_Nolink */ - T_Nomodify = 374, /* T_Nomodify */ - T_Nomrulist = 375, /* T_Nomrulist */ - T_None = 376, /* T_None */ - T_Nonvolatile = 377, /* T_Nonvolatile */ - T_Noepeer = 378, /* T_Noepeer */ - T_Nopeer = 379, /* T_Nopeer */ - T_Noquery = 380, /* T_Noquery */ - T_Noselect = 381, /* T_Noselect */ - T_Noserve = 382, /* T_Noserve */ - T_Notrap = 383, /* T_Notrap */ - T_Notrust = 384, /* T_Notrust */ - T_Ntp = 385, /* T_Ntp */ - T_Ntpport = 386, /* T_Ntpport */ - T_NtpSignDsocket = 387, /* T_NtpSignDsocket */ - T_Orphan = 388, /* T_Orphan */ - T_Orphanwait = 389, /* T_Orphanwait */ - T_PCEdigest = 390, /* T_PCEdigest */ - T_Panic = 391, /* T_Panic */ - T_Peer = 392, /* T_Peer */ - T_Peerstats = 393, /* T_Peerstats */ - T_Phone = 394, /* T_Phone */ - T_Pid = 395, /* T_Pid */ - T_Pidfile = 396, /* T_Pidfile */ - T_Poll = 397, /* T_Poll */ - T_PollSkewList = 398, /* T_PollSkewList */ - T_Pool = 399, /* T_Pool */ - T_Port = 400, /* T_Port */ - T_PpsData = 401, /* T_PpsData */ - T_Preempt = 402, /* T_Preempt */ - T_Prefer = 403, /* T_Prefer */ - T_Protostats = 404, /* T_Protostats */ - T_Pw = 405, /* T_Pw */ - T_Randfile = 406, /* T_Randfile */ - T_Rawstats = 407, /* T_Rawstats */ - T_Refid = 408, /* T_Refid */ - T_Requestkey = 409, /* T_Requestkey */ - T_Reset = 410, /* T_Reset */ - T_Restrict = 411, /* T_Restrict */ - T_Revoke = 412, /* T_Revoke */ - T_Rlimit = 413, /* T_Rlimit */ - T_Saveconfigdir = 414, /* T_Saveconfigdir */ - T_Server = 415, /* T_Server */ - T_Serverresponse = 416, /* T_Serverresponse */ - T_ServerresponseFuzz = 417, /* T_ServerresponseFuzz */ - T_Setvar = 418, /* T_Setvar */ - T_Source = 419, /* T_Source */ - T_Stacksize = 420, /* T_Stacksize */ - T_Statistics = 421, /* T_Statistics */ - T_Stats = 422, /* T_Stats */ - T_Statsdir = 423, /* T_Statsdir */ - T_Step = 424, /* T_Step */ - T_Stepback = 425, /* T_Stepback */ - T_Stepfwd = 426, /* T_Stepfwd */ - T_Stepout = 427, /* T_Stepout */ - T_Stratum = 428, /* T_Stratum */ - T_String = 429, /* T_String */ - T_Sys = 430, /* T_Sys */ - T_Sysstats = 431, /* T_Sysstats */ - T_Tick = 432, /* T_Tick */ - T_Time1 = 433, /* T_Time1 */ - T_Time2 = 434, /* T_Time2 */ - T_TimeData = 435, /* T_TimeData */ - T_Timer = 436, /* T_Timer */ - T_Timingstats = 437, /* T_Timingstats */ - T_Tinker = 438, /* T_Tinker */ - T_Tos = 439, /* T_Tos */ - T_Trap = 440, /* T_Trap */ - T_True = 441, /* T_True */ - T_Trustedkey = 442, /* T_Trustedkey */ - T_Ttl = 443, /* T_Ttl */ - T_Type = 444, /* T_Type */ - T_U_int = 445, /* T_U_int */ - T_UEcrypto = 446, /* T_UEcrypto */ - T_UEcryptonak = 447, /* T_UEcryptonak */ - T_UEdigest = 448, /* T_UEdigest */ - T_Unconfig = 449, /* T_Unconfig */ - T_Unpeer = 450, /* T_Unpeer */ - T_Version = 451, /* T_Version */ - T_WanderThreshold = 452, /* T_WanderThreshold */ - T_Week = 453, /* T_Week */ - T_Wildcard = 454, /* T_Wildcard */ - T_Xleave = 455, /* T_Xleave */ - T_Xmtnonce = 456, /* T_Xmtnonce */ - T_Year = 457, /* T_Year */ - T_Flag = 458, /* T_Flag */ - T_EOC = 459, /* T_EOC */ - T_Simulate = 460, /* T_Simulate */ - T_Beep_Delay = 461, /* T_Beep_Delay */ - T_Sim_Duration = 462, /* T_Sim_Duration */ - T_Server_Offset = 463, /* T_Server_Offset */ - T_Duration = 464, /* T_Duration */ - T_Freq_Offset = 465, /* T_Freq_Offset */ - T_Wander = 466, /* T_Wander */ - T_Jitter = 467, /* T_Jitter */ - T_Prop_Delay = 468, /* T_Prop_Delay */ - T_Proc_Delay = 469 /* T_Proc_Delay */ + T_Delrestrict = 286, /* T_Delrestrict */ + T_Device = 287, /* T_Device */ + T_Digest = 288, /* T_Digest */ + T_Disable = 289, /* T_Disable */ + T_Discard = 290, /* T_Discard */ + T_Dispersion = 291, /* T_Dispersion */ + T_Double = 292, /* T_Double */ + T_Driftfile = 293, /* T_Driftfile */ + T_Drop = 294, /* T_Drop */ + T_Dscp = 295, /* T_Dscp */ + T_Ellipsis = 296, /* T_Ellipsis */ + T_Enable = 297, /* T_Enable */ + T_End = 298, /* T_End */ + T_Epeer = 299, /* T_Epeer */ + T_False = 300, /* T_False */ + T_File = 301, /* T_File */ + T_Filegen = 302, /* T_Filegen */ + T_Filenum = 303, /* T_Filenum */ + T_Flag1 = 304, /* T_Flag1 */ + T_Flag2 = 305, /* T_Flag2 */ + T_Flag3 = 306, /* T_Flag3 */ + T_Flag4 = 307, /* T_Flag4 */ + T_Flake = 308, /* T_Flake */ + T_Floor = 309, /* T_Floor */ + T_Freq = 310, /* T_Freq */ + T_Fudge = 311, /* T_Fudge */ + T_Fuzz = 312, /* T_Fuzz */ + T_Host = 313, /* T_Host */ + T_Huffpuff = 314, /* T_Huffpuff */ + T_Iburst = 315, /* T_Iburst */ + T_Ident = 316, /* T_Ident */ + T_Ignore = 317, /* T_Ignore */ + T_Ignorehash = 318, /* T_Ignorehash */ + T_Incalloc = 319, /* T_Incalloc */ + T_Incmem = 320, /* T_Incmem */ + T_Initalloc = 321, /* T_Initalloc */ + T_Initmem = 322, /* T_Initmem */ + T_Includefile = 323, /* T_Includefile */ + T_Integer = 324, /* T_Integer */ + T_Interface = 325, /* T_Interface */ + T_Intrange = 326, /* T_Intrange */ + T_Io = 327, /* T_Io */ + T_Ippeerlimit = 328, /* T_Ippeerlimit */ + T_Ipv4 = 329, /* T_Ipv4 */ + T_Ipv4_flag = 330, /* T_Ipv4_flag */ + T_Ipv6 = 331, /* T_Ipv6 */ + T_Ipv6_flag = 332, /* T_Ipv6_flag */ + T_Kernel = 333, /* T_Kernel */ + T_Key = 334, /* T_Key */ + T_Keys = 335, /* T_Keys */ + T_Keysdir = 336, /* T_Keysdir */ + T_Kod = 337, /* T_Kod */ + T_Leapfile = 338, /* T_Leapfile */ + T_Leapsmearinterval = 339, /* T_Leapsmearinterval */ + T_Limited = 340, /* T_Limited */ + T_Link = 341, /* T_Link */ + T_Listen = 342, /* T_Listen */ + T_Logconfig = 343, /* T_Logconfig */ + T_Logfile = 344, /* T_Logfile */ + T_Loopstats = 345, /* T_Loopstats */ + T_Lowpriotrap = 346, /* T_Lowpriotrap */ + T_Manycastclient = 347, /* T_Manycastclient */ + T_Manycastserver = 348, /* T_Manycastserver */ + T_Mask = 349, /* T_Mask */ + T_Maxage = 350, /* T_Maxage */ + T_Maxclock = 351, /* T_Maxclock */ + T_Maxdepth = 352, /* T_Maxdepth */ + T_Maxdist = 353, /* T_Maxdist */ + T_Maxmem = 354, /* T_Maxmem */ + T_Maxpoll = 355, /* T_Maxpoll */ + T_Mdnstries = 356, /* T_Mdnstries */ + T_Mem = 357, /* T_Mem */ + T_Memlock = 358, /* T_Memlock */ + T_Minclock = 359, /* T_Minclock */ + T_Mindepth = 360, /* T_Mindepth */ + T_Mindist = 361, /* T_Mindist */ + T_Minimum = 362, /* T_Minimum */ + T_Minjitter = 363, /* T_Minjitter */ + T_Minpoll = 364, /* T_Minpoll */ + T_Minsane = 365, /* T_Minsane */ + T_Mode = 366, /* T_Mode */ + T_Mode7 = 367, /* T_Mode7 */ + T_Monitor = 368, /* T_Monitor */ + T_Month = 369, /* T_Month */ + T_Mru = 370, /* T_Mru */ + T_Mssntp = 371, /* T_Mssntp */ + T_Multicastclient = 372, /* T_Multicastclient */ + T_Nic = 373, /* T_Nic */ + T_Nolink = 374, /* T_Nolink */ + T_Nomodify = 375, /* T_Nomodify */ + T_Nomrulist = 376, /* T_Nomrulist */ + T_None = 377, /* T_None */ + T_Nonvolatile = 378, /* T_Nonvolatile */ + T_Noepeer = 379, /* T_Noepeer */ + T_Nopeer = 380, /* T_Nopeer */ + T_Noquery = 381, /* T_Noquery */ + T_Noselect = 382, /* T_Noselect */ + T_Noserve = 383, /* T_Noserve */ + T_Notrap = 384, /* T_Notrap */ + T_Notrust = 385, /* T_Notrust */ + T_Ntp = 386, /* T_Ntp */ + T_Ntpport = 387, /* T_Ntpport */ + T_NtpSignDsocket = 388, /* T_NtpSignDsocket */ + T_Orphan = 389, /* T_Orphan */ + T_Orphanwait = 390, /* T_Orphanwait */ + T_PCEdigest = 391, /* T_PCEdigest */ + T_Panic = 392, /* T_Panic */ + T_Peer = 393, /* T_Peer */ + T_Peerstats = 394, /* T_Peerstats */ + T_Phone = 395, /* T_Phone */ + T_Pid = 396, /* T_Pid */ + T_Pidfile = 397, /* T_Pidfile */ + T_Poll = 398, /* T_Poll */ + T_PollSkewList = 399, /* T_PollSkewList */ + T_Pool = 400, /* T_Pool */ + T_Port = 401, /* T_Port */ + T_PpsData = 402, /* T_PpsData */ + T_Preempt = 403, /* T_Preempt */ + T_Prefer = 404, /* T_Prefer */ + T_Protostats = 405, /* T_Protostats */ + T_Pw = 406, /* T_Pw */ + T_Randfile = 407, /* T_Randfile */ + T_Rawstats = 408, /* T_Rawstats */ + T_Refid = 409, /* T_Refid */ + T_Requestkey = 410, /* T_Requestkey */ + T_Reset = 411, /* T_Reset */ + T_Restrict = 412, /* T_Restrict */ + T_Revoke = 413, /* T_Revoke */ + T_Rlimit = 414, /* T_Rlimit */ + T_Saveconfigdir = 415, /* T_Saveconfigdir */ + T_Server = 416, /* T_Server */ + T_Serverresponse = 417, /* T_Serverresponse */ + T_ServerresponseFuzz = 418, /* T_ServerresponseFuzz */ + T_Setvar = 419, /* T_Setvar */ + T_Source = 420, /* T_Source */ + T_Stacksize = 421, /* T_Stacksize */ + T_Statistics = 422, /* T_Statistics */ + T_Stats = 423, /* T_Stats */ + T_Statsdir = 424, /* T_Statsdir */ + T_Step = 425, /* T_Step */ + T_Stepback = 426, /* T_Stepback */ + T_Stepfwd = 427, /* T_Stepfwd */ + T_Stepout = 428, /* T_Stepout */ + T_Stratum = 429, /* T_Stratum */ + T_String = 430, /* T_String */ + T_Sys = 431, /* T_Sys */ + T_Sysstats = 432, /* T_Sysstats */ + T_Tick = 433, /* T_Tick */ + T_Time1 = 434, /* T_Time1 */ + T_Time2 = 435, /* T_Time2 */ + T_TimeData = 436, /* T_TimeData */ + T_Timer = 437, /* T_Timer */ + T_Timingstats = 438, /* T_Timingstats */ + T_Tinker = 439, /* T_Tinker */ + T_Tos = 440, /* T_Tos */ + T_Trap = 441, /* T_Trap */ + T_True = 442, /* T_True */ + T_Trustedkey = 443, /* T_Trustedkey */ + T_Ttl = 444, /* T_Ttl */ + T_Type = 445, /* T_Type */ + T_U_int = 446, /* T_U_int */ + T_UEcrypto = 447, /* T_UEcrypto */ + T_UEcryptonak = 448, /* T_UEcryptonak */ + T_UEdigest = 449, /* T_UEdigest */ + T_Unconfig = 450, /* T_Unconfig */ + T_Unpeer = 451, /* T_Unpeer */ + T_Version = 452, /* T_Version */ + T_WanderThreshold = 453, /* T_WanderThreshold */ + T_Week = 454, /* T_Week */ + T_Wildcard = 455, /* T_Wildcard */ + T_Xleave = 456, /* T_Xleave */ + T_Xmtnonce = 457, /* T_Xmtnonce */ + T_Year = 458, /* T_Year */ + T_Flag = 459, /* T_Flag */ + T_EOC = 460, /* T_EOC */ + T_Simulate = 461, /* T_Simulate */ + T_Beep_Delay = 462, /* T_Beep_Delay */ + T_Sim_Duration = 463, /* T_Sim_Duration */ + T_Server_Offset = 464, /* T_Server_Offset */ + T_Duration = 465, /* T_Duration */ + T_Freq_Offset = 466, /* T_Freq_Offset */ + T_Wander = 467, /* T_Wander */ + T_Jitter = 468, /* T_Jitter */ + T_Prop_Delay = 469, /* T_Prop_Delay */ + T_Proc_Delay = 470 /* T_Proc_Delay */ }; typedef enum yytokentype yytoken_kind_t; #endif @@ -302,196 +303,197 @@ extern int yydebug; #define T_Ctl 283 #define T_Day 284 #define T_Default 285 -#define T_Device 286 -#define T_Digest 287 -#define T_Disable 288 -#define T_Discard 289 -#define T_Dispersion 290 -#define T_Double 291 -#define T_Driftfile 292 -#define T_Drop 293 -#define T_Dscp 294 -#define T_Ellipsis 295 -#define T_Enable 296 -#define T_End 297 -#define T_Epeer 298 -#define T_False 299 -#define T_File 300 -#define T_Filegen 301 -#define T_Filenum 302 -#define T_Flag1 303 -#define T_Flag2 304 -#define T_Flag3 305 -#define T_Flag4 306 -#define T_Flake 307 -#define T_Floor 308 -#define T_Freq 309 -#define T_Fudge 310 -#define T_Fuzz 311 -#define T_Host 312 -#define T_Huffpuff 313 -#define T_Iburst 314 -#define T_Ident 315 -#define T_Ignore 316 -#define T_Ignorehash 317 -#define T_Incalloc 318 -#define T_Incmem 319 -#define T_Initalloc 320 -#define T_Initmem 321 -#define T_Includefile 322 -#define T_Integer 323 -#define T_Interface 324 -#define T_Intrange 325 -#define T_Io 326 -#define T_Ippeerlimit 327 -#define T_Ipv4 328 -#define T_Ipv4_flag 329 -#define T_Ipv6 330 -#define T_Ipv6_flag 331 -#define T_Kernel 332 -#define T_Key 333 -#define T_Keys 334 -#define T_Keysdir 335 -#define T_Kod 336 -#define T_Leapfile 337 -#define T_Leapsmearinterval 338 -#define T_Limited 339 -#define T_Link 340 -#define T_Listen 341 -#define T_Logconfig 342 -#define T_Logfile 343 -#define T_Loopstats 344 -#define T_Lowpriotrap 345 -#define T_Manycastclient 346 -#define T_Manycastserver 347 -#define T_Mask 348 -#define T_Maxage 349 -#define T_Maxclock 350 -#define T_Maxdepth 351 -#define T_Maxdist 352 -#define T_Maxmem 353 -#define T_Maxpoll 354 -#define T_Mdnstries 355 -#define T_Mem 356 -#define T_Memlock 357 -#define T_Minclock 358 -#define T_Mindepth 359 -#define T_Mindist 360 -#define T_Minimum 361 -#define T_Minjitter 362 -#define T_Minpoll 363 -#define T_Minsane 364 -#define T_Mode 365 -#define T_Mode7 366 -#define T_Monitor 367 -#define T_Month 368 -#define T_Mru 369 -#define T_Mssntp 370 -#define T_Multicastclient 371 -#define T_Nic 372 -#define T_Nolink 373 -#define T_Nomodify 374 -#define T_Nomrulist 375 -#define T_None 376 -#define T_Nonvolatile 377 -#define T_Noepeer 378 -#define T_Nopeer 379 -#define T_Noquery 380 -#define T_Noselect 381 -#define T_Noserve 382 -#define T_Notrap 383 -#define T_Notrust 384 -#define T_Ntp 385 -#define T_Ntpport 386 -#define T_NtpSignDsocket 387 -#define T_Orphan 388 -#define T_Orphanwait 389 -#define T_PCEdigest 390 -#define T_Panic 391 -#define T_Peer 392 -#define T_Peerstats 393 -#define T_Phone 394 -#define T_Pid 395 -#define T_Pidfile 396 -#define T_Poll 397 -#define T_PollSkewList 398 -#define T_Pool 399 -#define T_Port 400 -#define T_PpsData 401 -#define T_Preempt 402 -#define T_Prefer 403 -#define T_Protostats 404 -#define T_Pw 405 -#define T_Randfile 406 -#define T_Rawstats 407 -#define T_Refid 408 -#define T_Requestkey 409 -#define T_Reset 410 -#define T_Restrict 411 -#define T_Revoke 412 -#define T_Rlimit 413 -#define T_Saveconfigdir 414 -#define T_Server 415 -#define T_Serverresponse 416 -#define T_ServerresponseFuzz 417 -#define T_Setvar 418 -#define T_Source 419 -#define T_Stacksize 420 -#define T_Statistics 421 -#define T_Stats 422 -#define T_Statsdir 423 -#define T_Step 424 -#define T_Stepback 425 -#define T_Stepfwd 426 -#define T_Stepout 427 -#define T_Stratum 428 -#define T_String 429 -#define T_Sys 430 -#define T_Sysstats 431 -#define T_Tick 432 -#define T_Time1 433 -#define T_Time2 434 -#define T_TimeData 435 -#define T_Timer 436 -#define T_Timingstats 437 -#define T_Tinker 438 -#define T_Tos 439 -#define T_Trap 440 -#define T_True 441 -#define T_Trustedkey 442 -#define T_Ttl 443 -#define T_Type 444 -#define T_U_int 445 -#define T_UEcrypto 446 -#define T_UEcryptonak 447 -#define T_UEdigest 448 -#define T_Unconfig 449 -#define T_Unpeer 450 -#define T_Version 451 -#define T_WanderThreshold 452 -#define T_Week 453 -#define T_Wildcard 454 -#define T_Xleave 455 -#define T_Xmtnonce 456 -#define T_Year 457 -#define T_Flag 458 -#define T_EOC 459 -#define T_Simulate 460 -#define T_Beep_Delay 461 -#define T_Sim_Duration 462 -#define T_Server_Offset 463 -#define T_Duration 464 -#define T_Freq_Offset 465 -#define T_Wander 466 -#define T_Jitter 467 -#define T_Prop_Delay 468 -#define T_Proc_Delay 469 +#define T_Delrestrict 286 +#define T_Device 287 +#define T_Digest 288 +#define T_Disable 289 +#define T_Discard 290 +#define T_Dispersion 291 +#define T_Double 292 +#define T_Driftfile 293 +#define T_Drop 294 +#define T_Dscp 295 +#define T_Ellipsis 296 +#define T_Enable 297 +#define T_End 298 +#define T_Epeer 299 +#define T_False 300 +#define T_File 301 +#define T_Filegen 302 +#define T_Filenum 303 +#define T_Flag1 304 +#define T_Flag2 305 +#define T_Flag3 306 +#define T_Flag4 307 +#define T_Flake 308 +#define T_Floor 309 +#define T_Freq 310 +#define T_Fudge 311 +#define T_Fuzz 312 +#define T_Host 313 +#define T_Huffpuff 314 +#define T_Iburst 315 +#define T_Ident 316 +#define T_Ignore 317 +#define T_Ignorehash 318 +#define T_Incalloc 319 +#define T_Incmem 320 +#define T_Initalloc 321 +#define T_Initmem 322 +#define T_Includefile 323 +#define T_Integer 324 +#define T_Interface 325 +#define T_Intrange 326 +#define T_Io 327 +#define T_Ippeerlimit 328 +#define T_Ipv4 329 +#define T_Ipv4_flag 330 +#define T_Ipv6 331 +#define T_Ipv6_flag 332 +#define T_Kernel 333 +#define T_Key 334 +#define T_Keys 335 +#define T_Keysdir 336 +#define T_Kod 337 +#define T_Leapfile 338 +#define T_Leapsmearinterval 339 +#define T_Limited 340 +#define T_Link 341 +#define T_Listen 342 +#define T_Logconfig 343 +#define T_Logfile 344 +#define T_Loopstats 345 +#define T_Lowpriotrap 346 +#define T_Manycastclient 347 +#define T_Manycastserver 348 +#define T_Mask 349 +#define T_Maxage 350 +#define T_Maxclock 351 +#define T_Maxdepth 352 +#define T_Maxdist 353 +#define T_Maxmem 354 +#define T_Maxpoll 355 +#define T_Mdnstries 356 +#define T_Mem 357 +#define T_Memlock 358 +#define T_Minclock 359 +#define T_Mindepth 360 +#define T_Mindist 361 +#define T_Minimum 362 +#define T_Minjitter 363 +#define T_Minpoll 364 +#define T_Minsane 365 +#define T_Mode 366 +#define T_Mode7 367 +#define T_Monitor 368 +#define T_Month 369 +#define T_Mru 370 +#define T_Mssntp 371 +#define T_Multicastclient 372 +#define T_Nic 373 +#define T_Nolink 374 +#define T_Nomodify 375 +#define T_Nomrulist 376 +#define T_None 377 +#define T_Nonvolatile 378 +#define T_Noepeer 379 +#define T_Nopeer 380 +#define T_Noquery 381 +#define T_Noselect 382 +#define T_Noserve 383 +#define T_Notrap 384 +#define T_Notrust 385 +#define T_Ntp 386 +#define T_Ntpport 387 +#define T_NtpSignDsocket 388 +#define T_Orphan 389 +#define T_Orphanwait 390 +#define T_PCEdigest 391 +#define T_Panic 392 +#define T_Peer 393 +#define T_Peerstats 394 +#define T_Phone 395 +#define T_Pid 396 +#define T_Pidfile 397 +#define T_Poll 398 +#define T_PollSkewList 399 +#define T_Pool 400 +#define T_Port 401 +#define T_PpsData 402 +#define T_Preempt 403 +#define T_Prefer 404 +#define T_Protostats 405 +#define T_Pw 406 +#define T_Randfile 407 +#define T_Rawstats 408 +#define T_Refid 409 +#define T_Requestkey 410 +#define T_Reset 411 +#define T_Restrict 412 +#define T_Revoke 413 +#define T_Rlimit 414 +#define T_Saveconfigdir 415 +#define T_Server 416 +#define T_Serverresponse 417 +#define T_ServerresponseFuzz 418 +#define T_Setvar 419 +#define T_Source 420 +#define T_Stacksize 421 +#define T_Statistics 422 +#define T_Stats 423 +#define T_Statsdir 424 +#define T_Step 425 +#define T_Stepback 426 +#define T_Stepfwd 427 +#define T_Stepout 428 +#define T_Stratum 429 +#define T_String 430 +#define T_Sys 431 +#define T_Sysstats 432 +#define T_Tick 433 +#define T_Time1 434 +#define T_Time2 435 +#define T_TimeData 436 +#define T_Timer 437 +#define T_Timingstats 438 +#define T_Tinker 439 +#define T_Tos 440 +#define T_Trap 441 +#define T_True 442 +#define T_Trustedkey 443 +#define T_Ttl 444 +#define T_Type 445 +#define T_U_int 446 +#define T_UEcrypto 447 +#define T_UEcryptonak 448 +#define T_UEdigest 449 +#define T_Unconfig 450 +#define T_Unpeer 451 +#define T_Version 452 +#define T_WanderThreshold 453 +#define T_Week 454 +#define T_Wildcard 455 +#define T_Xleave 456 +#define T_Xmtnonce 457 +#define T_Year 458 +#define T_Flag 459 +#define T_EOC 460 +#define T_Simulate 461 +#define T_Beep_Delay 462 +#define T_Sim_Duration 463 +#define T_Server_Offset 464 +#define T_Duration 465 +#define T_Freq_Offset 466 +#define T_Wander 467 +#define T_Jitter 468 +#define T_Prop_Delay 469 +#define T_Proc_Delay 470 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 52 "../../../src/ntp-stable-3758/ntpd/ntp_parser.y" +#line 52 "../../ntpd/ntp_parser.y" char * String; double Double; @@ -510,7 +512,7 @@ union YYSTYPE script_info * Sim_script; script_info_fifo * Sim_script_fifo; -#line 514 "../../../src/ntp-stable-3758/ntpd/ntp_parser.h" +#line 516 "ntp_parser.h" }; typedef union YYSTYPE YYSTYPE; @@ -521,6 +523,8 @@ typedef union YYSTYPE YYSTYPE; extern YYSTYPE yylval; + int yyparse (void); -#endif /* !YY_YY__SRC_NTP_STABLE_NTPD_NTP_PARSER_H_INCLUDED */ + +#endif /* !YY_YY_NTP_PARSER_H_INCLUDED */ diff --git a/ntpd/ntp_parser.y b/ntpd/ntp_parser.y index 9516d674a5fb..49b55588d54d 100644 --- a/ntpd/ntp_parser.y +++ b/ntpd/ntp_parser.y @@ -97,6 +97,7 @@ %token <Integer> T_Ctl %token <Integer> T_Day %token <Integer> T_Default +%token <Integer> T_Delrestrict %token <Integer> T_Device %token <Integer> T_Digest %token <Integer> T_Disable @@ -349,6 +350,7 @@ %type <Attr_val> pollskew_cycle %type <Attr_val> pollskew_spec %type <Integer> reset_command +%type <Address_node> restrict_mask %type <Integer> rlimit_option_keyword %type <Attr_val> rlimit_option %type <Attr_val_fifo> rlimit_option_list @@ -826,28 +828,22 @@ access_control_command { CONCAT_G_FIFOS(cfgt.mru_opts, $2); } - | T_Restrict address res_ippeerlimit ac_flag_list + | T_Restrict address restrict_mask res_ippeerlimit ac_flag_list { restrict_node *rn; - rn = create_restrict_node($2, NULL, $3, $4, - lex_current()->curpos.nline); - APPEND_G_FIFO(cfgt.restrict_opts, rn); - } - | T_Restrict address T_Mask ip_address res_ippeerlimit ac_flag_list - { - restrict_node *rn; - - rn = create_restrict_node($2, $4, $5, $6, - lex_current()->curpos.nline); + rn = create_restrict_node($2, $3, $4, $5, FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } | T_Restrict T_Default res_ippeerlimit ac_flag_list { restrict_node *rn; - rn = create_restrict_node(NULL, NULL, $3, $4, - lex_current()->curpos.nline); + rn = create_restrict_node(NULL, NULL, $3, $4, FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } | T_Restrict T_Ipv4_flag T_Default res_ippeerlimit ac_flag_list @@ -861,8 +857,9 @@ access_control_command create_address_node( estrdup("0.0.0.0"), AF_INET), - $4, $5, - lex_current()->curpos.nline); + $4, $5, FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } | T_Restrict T_Ipv6_flag T_Default res_ippeerlimit ac_flag_list @@ -876,8 +873,9 @@ access_control_command create_address_node( estrdup("::"), AF_INET6), - $4, $5, - lex_current()->curpos.nline); + $4, $5, FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } | T_Restrict T_Source res_ippeerlimit ac_flag_list @@ -885,12 +883,43 @@ access_control_command restrict_node * rn; APPEND_G_FIFO($4, create_attr_ival($2, 1)); - rn = create_restrict_node( - NULL, NULL, $3, $4, lex_current()->curpos.nline); + rn = create_restrict_node(NULL, NULL, $3, $4, FALSE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); + APPEND_G_FIFO(cfgt.restrict_opts, rn); + } + | T_Delrestrict ip_address restrict_mask + { + restrict_node * rn; + + rn = create_restrict_node($2, $3, -1, NULL, TRUE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); + APPEND_G_FIFO(cfgt.restrict_opts, rn); + } + | T_Delrestrict T_Source ip_address + { + restrict_node * rn; + attr_val_fifo * avf; + + avf = NULL; + APPEND_G_FIFO(avf, create_attr_ival($2, 1)); + rn = create_restrict_node($3, NULL, -1, avf, TRUE, + lex_current()->curpos.nline, + lex_current()->curpos.ncol); APPEND_G_FIFO(cfgt.restrict_opts, rn); } ; +restrict_mask + : /* no mask is allowed */ + { $$ = NULL; } + | T_Mask ip_address + { + $$ = $2; + } + ; + res_ippeerlimit : /* empty ippeerlimit defaults to -1 (unlimited) */ { $$ = -1; } @@ -904,8 +933,8 @@ res_ippeerlimit "Unreasonable ippeerlimit value (%d) in %s line %d, column %d. Using 0.", $2, ip_ctx->fname, - ip_ctx->errpos.nline, - ip_ctx->errpos.ncol); + ip_ctx->curpos.nline, + ip_ctx->curpos.ncol); $2 = 0; } $$ = $2; @@ -1446,7 +1475,12 @@ pollskew_spec ; pollskew_cycle - : T_Integer { $$ = ($1 >= 3 && $1 <= 17) ? create_attr_rval($1, 0, 0) : NULL; } + : T_Integer + { + $$ = ($1 >= NTP_MINPOLL && $1 <= NTP_MAXPOLL) + ? create_attr_rval($1, 0, 0) + : NULL; + } | T_Default { $$ = create_attr_rval(-1, 0, 0); } ; diff --git a/ntpd/ntp_peer.c b/ntpd/ntp_peer.c index c1716ffe0d83..69c1eff45822 100644 --- a/ntpd/ntp_peer.c +++ b/ntpd/ntp_peer.c @@ -39,7 +39,7 @@ #define AM_MODES 7 /* number of rows and columns */ #define NO_PEER 0 /* action when no peer is found */ -int AM[AM_MODES][AM_MODES] = { +const s_char AM[AM_MODES][AM_MODES] = { /* packet->mode */ /* peer { UNSPEC, ACTIVE, PASSIVE, CLIENT, SERVER, BCAST } */ /* mode */ @@ -58,7 +58,7 @@ int AM[AM_MODES][AM_MODES] = { /*BCL*/ { AM_ERR, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_NOMATCH, AM_PROCPKT}, }; -#define MATCH_ASSOC(x, y) AM[(x)][(y)] +#define MATCH_ASSOC(x, y) (AM[CLAMP((x), 0, AM_MODES)][CLAMP((y), 0, AM_MODES)]) /* * These routines manage the allocation of memory to peer structures @@ -91,8 +91,8 @@ int peer_free_count; /* count of free structures */ * Association ID. We initialize this value randomly, then assign a new * value every time an association is mobilized. */ -static associd_t current_association_ID; /* association ID */ -static associd_t initial_association_ID; /* association ID */ +static associd_t current_association_ID; /* actually next poss. ID */ +static associd_t initial_association_ID; /* * Memory allocation watermarks. @@ -256,7 +256,7 @@ findexistingpeer_addr( /* - * findexistingpeer - search by address and return a pointer to a peer. + * findexistingpeer - search by name+family or address. */ struct peer * findexistingpeer( @@ -294,7 +294,7 @@ findexistingpeer( * enough. Authentication alone does not help here, since it does not * protect the UDP layer and leaves us open for a replay attack. * - * So we do not update the adresses and wait until the next interface + * So we do not update the addresses and wait until the next interface * list update does the right thing for us. */ struct peer * @@ -347,18 +347,20 @@ findpeer( } /* if an error was returned, exit back right here. */ - if (*action == AM_ERR) + if (*action == AM_ERR) { return NULL; + } /* if a match is found, we stop our search. */ - if (*action != AM_NOMATCH) + if (*action != AM_NOMATCH) { break; + } } /* If no matching association is found... */ - if (NULL == p) + if (NULL == p) { *action = MATCH_ASSOC(NO_PEER, pkt_mode); - + } return p; } @@ -542,7 +544,8 @@ unpeer( ) { mprintf_event(PEVNT_DEMOBIL, peer, "assoc %u", peer->associd); - restrict_source(&peer->srcadr, 1, 0); + restrict_source(&peer->srcadr, TRUE, 0); + peer->flags |= FLAG_DISABLED; set_peerdstadr(peer, NULL); peer_demobilizations++; peer_associations--; @@ -645,6 +648,24 @@ set_peerdstadr( return; /* + * Do not change the local address of a link-local + * peer address. + */ + if ( p->dstadr != NULL && is_linklocal(&p->dstadr->sin) + && dstadr != NULL) { + return; + } + + /* + * Do not set the local address for a link-local IPv6 peer + * to one with a different scope ID. + */ + if ( dstadr != NULL && IS_IPV6(&p->srcadr) + && SCOPE(&dstadr->sin) != SCOPE(&p->srcadr)) { + return; + } + + /* * Don't accept updates to a separate multicast receive-only * endpt while a BCLNT peer is running its unicast protocol. */ @@ -658,11 +679,14 @@ set_peerdstadr( p->dstadr->peercnt--; UNLINK_SLIST(unlinked, p->dstadr->peers, p, ilink, struct peer); + } + if ( !IS_MCAST(&p->srcadr) && !(FLAG_DISABLED & p->flags) + && !initializing) { msyslog(LOG_INFO, "%s local addr %s -> %s", - stoa(&p->srcadr), latoa(p->dstadr), - latoa(dstadr)); + stoa(&p->srcadr), eptoa(p->dstadr), + eptoa(dstadr)); } - + p->dstadr = dstadr; /* link to list if we have an address after assignment */ @@ -741,14 +765,20 @@ refresh_all_peerinterfaces(void) struct peer *p; /* - * this is called when the interface list has changed - * give all peers a chance to find a better interface - * but only if either they don't have an address already - * or if the one they have hasn't worked for a while. + * This is called when the interface list has changed. + * Give peers a chance to find a better interface. */ for (p = peer_list; p != NULL; p = p->p_link) { - if (!(p->dstadr && (p->reach & 0x3))) // Bug 2849 XOR 2043 - peer_refresh_interface(p); + /* + * Bug 2849 XOR 2043 + * Change local address only if the peer doesn't + * have a local address already or if the one + * they have hasn't worked for a while. + */ + if (p->dstadr != NULL && (p->reach & 0x3)) { + continue; + } + peer_refresh_interface(p); } } @@ -777,7 +807,6 @@ newpeer( u_int hash; int ip_count = 0; - DEBUG_REQUIRE(srcadr); #ifdef AUTOKEY @@ -789,7 +818,9 @@ newpeer( return (NULL); } else if (flags & FLAG_SKEY) { - msyslog(LOG_ERR, "Autokey not configured"); + msyslog(LOG_ERR, "Rejecting Autokey with %s," + " built without support.", + stoa(srcadr)); return (NULL); } } @@ -831,13 +862,34 @@ newpeer( } /* + * In any case, do not create an association with a duplicate + * remote address (srcadr) except for undefined (zero) address. + * Arguably this should be part of the logic above but + * [Bug 3888] exposed a situation with manycastclient where + * duplicate associations happened. + */ + if (NULL == peer) { + for (peer = peer_list; + peer != NULL; + peer = peer->p_link) { + if ( SOCK_EQ(srcadr, &peer->srcadr) + && !SOCK_UNSPEC(srcadr) + && !SOCK_UNSPEC(&peer->srcadr)) { + /* leave peer non-NULL */ + break; + } + } + } + + /* * If a peer is found, this would be a duplicate and we don't * allow that. This avoids duplicate ephemeral (broadcast/ * multicast) and preemptible (manycast and pool) client * associations. */ if (peer != NULL) { - DPRINTF(2, ("newpeer(%s) found existing association\n", + DPRINTF(2, ("%s(%s) found existing association\n", + __func__, (hostname) ? hostname : stoa(srcadr))); @@ -845,7 +897,7 @@ newpeer( } #if 0 -DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", + DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", (hostname) ? hostname : stoa(srcadr), @@ -884,15 +936,19 @@ DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", peer_preempt++; /* - * Assign an association ID and increment the system variable. + * Assign an available association ID. Zero is reserved. */ + do { + while (0 == ++current_association_ID) { + /* EMPTY */ + } + } while (NULL != findpeerbyassoc(current_association_ID)); peer->associd = current_association_ID; - if (++current_association_ID == 0) - ++current_association_ID; peer->srcadr = *srcadr; - if (hostname != NULL) + if (hostname != NULL) { peer->hostname = estrdup(hostname); + } peer->hmode = hmode; peer->version = version; peer->flags = flags; @@ -901,66 +957,67 @@ DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", select_peerinterface(peer, srcadr, dstadr)); /* - * It is an error to set minpoll less than NTP_MINPOLL or to - * set maxpoll greater than NTP_MAXPOLL. However, minpoll is - * clamped not greater than NTP_MAXPOLL and maxpoll is clamped - * not less than NTP_MINPOLL without complaint. Finally, - * minpoll is clamped not greater than maxpoll. + * Zero for minpoll or maxpoll means use defaults. */ - if (minpoll == 0) - peer->minpoll = NTP_MINDPOLL; - else - peer->minpoll = min(minpoll, NTP_MAXPOLL); - if (maxpoll == 0) - peer->maxpoll = NTP_MAXDPOLL; - else - peer->maxpoll = max(maxpoll, NTP_MINPOLL); - if (peer->minpoll > peer->maxpoll) - peer->minpoll = peer->maxpoll; + peer->maxpoll = (0 == maxpoll) + ? NTP_MAXDPOLL + : maxpoll; + peer->minpoll = (0 == minpoll) + ? NTP_MINDPOLL + : minpoll; + + /* + * Clamp maxpoll and minpoll within NTP_MINPOLL and NTP_MAXPOLL, + * and further clamp minpoll less than or equal maxpoll. + */ + peer->maxpoll = CLAMP(peer->maxpoll, NTP_MINPOLL, NTP_MAXPOLL); + peer->minpoll = CLAMP(peer->minpoll, NTP_MINPOLL, peer->maxpoll); - if (peer->dstadr != NULL) + if (peer->dstadr != NULL) { DPRINTF(3, ("newpeer(%s): using fd %d and our addr %s\n", stoa(srcadr), peer->dstadr->fd, stoa(&peer->dstadr->sin))); - else - DPRINTF(3, ("newpeer(%s): local interface currently not bound\n", + } else { + DPRINTF(3, ("newpeer(%s): local addr unavailable\n", stoa(srcadr))); - + } /* * Broadcast needs the socket enabled for broadcast */ - if ((MDF_BCAST & cast_flags) && peer->dstadr != NULL) + if ((MDF_BCAST & cast_flags) && peer->dstadr != NULL) { enable_broadcast(peer->dstadr, srcadr); - + } /* * Multicast needs the socket interface enabled for multicast */ - if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL) + if ((MDF_MCAST & cast_flags) && peer->dstadr != NULL) { enable_multicast_if(peer->dstadr, srcadr); - + } #ifdef AUTOKEY if (key > NTP_MAXKEY) peer->flags |= FLAG_SKEY; #endif /* AUTOKEY */ peer->ttl = ttl; peer->keyid = key; - if (ident != NULL) + if (ident != NULL) { peer->ident = estrdup(ident); + } peer->precision = sys_precision; peer->hpoll = peer->minpoll; - if (cast_flags & MDF_ACAST) + if (cast_flags & MDF_ACAST) { peer_clear(peer, "ACST"); - else if (cast_flags & MDF_POOL) + } else if (cast_flags & MDF_POOL) { peer_clear(peer, "POOL"); - else if (cast_flags & MDF_MCAST) + } else if (cast_flags & MDF_MCAST) { peer_clear(peer, "MCST"); - else if (cast_flags & MDF_BCAST) + } else if (cast_flags & MDF_BCAST) { peer_clear(peer, "BCST"); - else + } else { peer_clear(peer, "INIT"); - if (mode_ntpdate) + } + if (mode_ntpdate) { peer_ntpdate++; - + } /* * Note time on statistics timers. */ @@ -976,8 +1033,6 @@ DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", * the peer timer, since the clock may have requirements * for this. */ - if (maxpoll == 0) - peer->maxpoll = peer->minpoll; if (!refclock_newpeer(peer)) { /* * Dump it, something screwed up @@ -1006,7 +1061,7 @@ DPRINTF(1, ("newpeer(%s) found no existing and %d other associations\n", assoc_hash_count[hash]++; LINK_SLIST(peer_list, peer, p_link); - restrict_source(&peer->srcadr, 0, 0); + restrict_source(&peer->srcadr, FALSE, 0); mprintf_event(PEVNT_MOBIL, peer, "assoc %d", peer->associd); DPRINTF(1, ("newpeer: %s->%s mode %u vers %u poll %u %u flags 0x%x 0x%x ttl %u key %08x\n", latoa(peer->dstadr), stoa(&peer->srcadr), peer->hmode, @@ -1093,8 +1148,9 @@ findmanycastpeer( for (peer = peer_list; peer != NULL; peer = peer->p_link) if (MDF_SOLICIT_MASK & peer->cast_flags) { NTOHL_FP(&pkt->org, &p_org); - if (L_ISEQU(&p_org, &peer->aorg)) + if (L_ISEQU(&p_org, &peer->aorg)) { break; + } } return peer; @@ -1103,17 +1159,11 @@ findmanycastpeer( /* peer_cleanup - clean peer list prior to shutdown */ void peer_cleanup(void) { - struct peer *peer; - associd_t assoc; - - for (assoc = initial_association_ID; assoc != current_association_ID; assoc++) { - if (assoc != 0U) { - peer = findpeerbyassoc(assoc); - if (peer != NULL) - unpeer(peer); - } - } - peer = findpeerbyassoc(current_association_ID); - if (peer != NULL) - unpeer(peer); + struct peer *peer; + struct peer *nextpeer; + + for (peer = peer_list; peer != NULL; peer = nextpeer) { + nextpeer = peer->p_link; + unpeer(peer); + } } diff --git a/ntpd/ntp_proto.c b/ntpd/ntp_proto.c index f2c59238432a..170294c68bb6 100644 --- a/ntpd/ntp_proto.c +++ b/ntpd/ntp_proto.c @@ -17,7 +17,6 @@ #include "ntp_leapsec.h" #include "ntp_psl.h" #include "refidsmear.h" -#include "lib_strbuf.h" #include <stdio.h> #ifdef HAVE_LIBSCF_H @@ -35,9 +34,9 @@ #define SRVFUZ_SHIFT 6 /* 64 seconds */ #define SRVRSP_FUZZ(x) \ do { \ - x.l_uf &= 0; \ + x.l_uf = 0; \ x.l_ui &= ~((1 << SRVFUZ_SHIFT) - 1U); \ - } while(0) + } while (FALSE) /* * This macro defines the authentication state. If x is 1 authentication @@ -472,7 +471,16 @@ transmit( return; } - /* + /* [Bug 3851] drop pool servers which can no longer be reached. */ + if (MDF_PCLNT & peer->cast_flags) { + if ( (IS_IPV6(&peer->srcadr) && !nonlocal_v6_addr_up) + || !nonlocal_v4_addr_up) { + unpeer(peer); + return; + } + } + + /* * In unicast modes the dance is much more intricate. It is * designed to back off whenever possible to minimize network * traffic. @@ -584,6 +592,7 @@ transmit( } +#ifdef DEBUG const char * amtoa( int am @@ -607,6 +616,7 @@ amtoa( return bp; } } +#endif /* DEBUG */ /* @@ -626,7 +636,6 @@ receive( r4addr r4a; /* address restrictions */ u_short restrict_mask; /* restrict bits */ const char *hm_str; /* hismode string */ - const char *am_str; /* association match string */ int kissCode = NOKISS; /* Kiss Code */ int has_mac; /* length of MAC field */ int authlen; /* offset of MAC field */ @@ -636,11 +645,15 @@ receive( keyid_t skeyid = 0; /* key IDs */ u_int32 opcode = 0; /* extension field opcode */ sockaddr_u *dstadr_sin; /* active runway */ + u_char cast_flags; /* MDF_* flags for newpeer() */ struct peer *peer2; /* aux peer structure pointer */ endpt *match_ep; /* newpeer() local address */ l_fp p_org; /* origin timestamp */ l_fp p_rec; /* receive timestamp */ l_fp p_xmt; /* transmit timestamp */ +#ifdef DEBUG + const char *am_str; /* association match string */ +#endif #ifdef AUTOKEY char hostname[NTP_MAXSTRLEN + 1]; char *groupname = NULL; @@ -689,12 +702,11 @@ receive( } if (hismode == MODE_PRIVATE) { if (!ntp_mode7 || (restrict_mask & RES_NOQUERY)) { - DPRINTF(2, ("receive: drop: RES_NOQUERY\n")); + DPRINTF(2, ("receive: drop: !mode7 or RES_NOQUERY\n")); sys_restricted++; return; /* no query private */ } - process_private(rbufp, ((restrict_mask & - RES_NOMODIFY) == 0)); + process_private(rbufp, !(RES_NOMODIFY & restrict_mask)); return; } if (hismode == MODE_CONTROL) { @@ -725,14 +737,14 @@ receive( hisleap = PKT_LEAP(pkt->li_vn_mode); hisstratum = PKT_TO_STRATUM(pkt->stratum); - INSIST(0 != hisstratum); /* paranoia check PKT_TO_STRATUM result */ - + DEBUG_INSIST(0 != hisstratum); /* paranoia check PKT_TO_STRATUM result */ + /* TODO: this should be in a unit test */ DPRINTF(1, ("receive: at %ld %s<-%s ippeerlimit %d mode %d iflags %s " - "restrict %s org %#010x.%08x xmt %#010x.%08x\n", + "restrict %s org 0x%x.%08x xmt 0x%x.%08x\n", current_time, stoa(&rbufp->dstadr->sin), stoa(&rbufp->recv_srcadr), r4a.ippeerlimit, hismode, - build_iflags(rbufp->dstadr->flags), - build_rflags(restrict_mask), + iflags_str(rbufp->dstadr->flags), + rflags_str(restrict_mask), ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf))); @@ -807,10 +819,15 @@ receive( || (NTP_MAXPOLL < pkt->ppoll) ) ) { +#ifdef BUG3870 DPRINTF(2, ("receive: drop: Invalid ppoll (%d) from %s\n", pkt->ppoll, stoa(&rbufp->recv_srcadr))); sys_badlength++; return; /* invalid packet poll */ +#else + DPRINTF(2, ("receive: info: Invalid ppoll (%d) from %s\n", + pkt->ppoll, stoa(&rbufp->recv_srcadr))); +#endif } /* @@ -987,7 +1004,9 @@ receive( NTOHL_FP(&pkt->rec, &p_rec); NTOHL_FP(&pkt->xmt, &p_xmt); hm_str = modetoa(hismode); +#ifdef DEBUG am_str = amtoa(retcode); +#endif /* * Authentication is conditioned by three switches: @@ -1030,7 +1049,7 @@ receive( if (has_mac == 0) { restrict_mask &= ~RES_MSSNTP; is_authentic = AUTH_NONE; /* not required */ - DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x NOMAC\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org 0x%x.%08x xmt 0x%x.%08x NOMAC\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, authlen, @@ -1039,7 +1058,7 @@ receive( } else if (crypto_nak_test == VALIDNAK) { restrict_mask &= ~RES_MSSNTP; is_authentic = AUTH_CRYPTO; /* crypto-NAK */ - DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x CRYPTONAK\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org 0x%x.%08x xmt 0x%x.%08x CRYPTONAK\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, skeyid, authlen + has_mac, is_authentic, @@ -1062,7 +1081,7 @@ receive( && (memcmp(zero_key, (char *)pkt + authlen + 4, MAX_MD5_LEN - 4) == 0)) { is_authentic = AUTH_NONE; - DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %#010x.%08x xmt %#010x.%08x SIGND\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s len %d org %x.%08x xmt %x.%08x SIGND\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, authlen, @@ -1185,7 +1204,7 @@ receive( if (crypto_flags && skeyid > NTP_MAXKEY) authtrust(skeyid, 0); #endif /* AUTOKEY */ - DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org %#010x.%08x xmt %#010x.%08x MAC\n", + DPRINTF(1, ("receive: at %ld %s<-%s mode %d/%s:%s keyid %08x len %d auth %d org 0x%x.%08x xmt 0x%x.%08x MAC\n", current_time, stoa(dstadr_sin), stoa(&rbufp->recv_srcadr), hismode, hm_str, am_str, skeyid, authlen + has_mac, is_authentic, @@ -1358,7 +1377,12 @@ receive( if ( sys_leap == LEAP_NOTINSYNC || sys_stratum >= hisstratum || (!sys_cohort && sys_stratum == hisstratum + 1) - || rbufp->dstadr->addr_refid == pkt->refid) { + || rbufp->dstadr->addr_refid == pkt->refid +# ifdef WORDS_BIGENDIAN /* see local_refid() comment */ + || ( IS_IPV6(&rbufp->dstadr->sin) + &&rbufp->dstadr->old_refid == pkt->refid) +# endif + ) { DPRINTF(2, ("receive: sys leap: %0x, sys_stratum %d > hisstratum+1 %d, !sys_cohort %d && sys_stratum == hisstratum+1, loop refid %#x == pkt refid %#x\n", sys_leap, sys_stratum, hisstratum + 1, !sys_cohort, rbufp->dstadr->addr_refid, pkt->refid)); DPRINTF(2, ("receive: AM_FXMIT drop: LEAP_NOTINSYNC || stratum || loop\n")); sys_declined++; @@ -1366,6 +1390,17 @@ receive( } /* + * Do not respond if the packet came into an IPv6 link-local + * address on an interface where we also have a usable + * global address, to avoid duplicate associations. + */ + if (INT_LL_OF_GLOB & rbufp->dstadr->flags) { + DPRINTF(2, ("receive: declining manycast solicitation on link-local IPv6\n")); + sys_declined++; + return; + } + + /* * Respond only if authentication succeeds. Don't do a * crypto-NAK, as that would not be useful. */ @@ -1423,6 +1458,12 @@ receive( return; } #endif /* AUTOKEY */ + /* Do not spin up duplicate manycast associations */ + if (INT_LL_OF_GLOB & rbufp->dstadr->flags) { + DPRINTF(2, ("receive: AM_MANYCAST drop: link-local server\n")); + sys_declined++; + return; + } if ((peer2 = findmanycastpeer(rbufp)) == NULL) { DPRINTF(2, ("receive: AM_MANYCAST drop: No manycast peer\n")); sys_restricted++; @@ -1450,11 +1491,15 @@ receive( sys_declined++; return; /* no help */ } + cast_flags = MDF_UCAST; + if (MDF_POOL & peer2->cast_flags) { + cast_flags |= MDF_PCLNT; + } peer = newpeer(&rbufp->recv_srcadr, NULL, rbufp->dstadr, r4a.ippeerlimit, MODE_CLIENT, hisversion, peer2->minpoll, peer2->maxpoll, (FLAG_PREEMPT | (POOL_FLAG_PMASK & peer2->flags)), - (MDF_UCAST | MDF_UCLNT), 0, skeyid, sys_ident); + cast_flags, 0, skeyid, sys_ident); if (NULL == peer) { DPRINTF(2, ("receive: AM_MANYCAST drop: duplicate\n")); sys_declined++; @@ -1840,7 +1885,7 @@ receive( if ( tdiff.l_i < 0 && (current_time - peer->timereceived) < deadband) { - msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: %#010x.%08x -> %#010x.%08x", + msyslog(LOG_INFO, "receive: broadcast packet from %s contains non-monotonic timestamp: 0x%x.%08x -> 0x%x.%08x", stoa(&rbufp->recv_srcadr), peer->bxmt.l_ui, peer->bxmt.l_uf, p_xmt.l_ui, p_xmt.l_uf @@ -1991,7 +2036,7 @@ receive( if (peer->flip == 0 && !L_ISEQU(&p_org, &peer->aorg)) { peer->bogusorg++; msyslog(LOG_INFO, - "receive: flip 0 KoD origin timestamp %#010x.%08x from %s does not match %#010x.%08x - ignoring.", + "receive: flip 0 KoD origin timestamp 0x%x.%08x from %s does not match 0x%x.%08x - ignoring.", p_org.l_ui, p_org.l_uf, ntoa(&peer->srcadr), peer->aorg.l_ui, peer->aorg.l_uf); @@ -1999,7 +2044,7 @@ receive( } else if (peer->flip == 1 && !L_ISEQU(&p_org, &peer->borg)) { peer->bogusorg++; msyslog(LOG_INFO, - "receive: flip 1 KoD origin timestamp %#010x.%08x from %s does not match interleave %#010x.%08x - ignoring.", + "receive: flip 1 KoD origin timestamp 0x%x.%08x from %s does not match interleave 0x%x.%08x - ignoring.", p_org.l_ui, p_org.l_uf, ntoa(&peer->srcadr), peer->borg.l_ui, peer->borg.l_uf); @@ -2033,9 +2078,14 @@ receive( /* XXX: FLAG_LOOPNONCE */ DEBUG_INSIST(0 == (FLAG_LOOPNONCE & peer->flags)); - msyslog(LOG_INFO, - "receive: Got KoD %s from %s", - refid_str(pkt->refid, hisstratum), ntoa(&peer->srcadr)); + if (RATEKISS == kissCode) { + msyslog(LOG_INFO, "RATE KoD from %s poll %u", + ntoa(&peer->srcadr), 1u << pkt->ppoll); + } else { + msyslog(LOG_INFO, "KoD %s from %s", + refid_str(pkt->refid, -1), + ntoa(&peer->srcadr)); + } } else if (peer->flip == 0) { if (0) { } else if (L_ISZERO(&p_org)) { @@ -2049,11 +2099,11 @@ receive( #endif /**/ switch (hismode) { - /* We allow 0org for: */ + /* We allow 0org for: */ case UCHAR_MAX: action = "Allow"; break; - /* We disallow 0org for: */ + /* We disallow 0org for: */ case MODE_UNSPEC: case MODE_ACTIVE: case MODE_PASSIVE: @@ -2071,20 +2121,22 @@ receive( } /**/ msyslog(LOG_INFO, - "receive: %s 0 origin timestamp from %s@%s xmt %#010x.%08x", + "receive: %s 0 origin timestamp from %s@%s xmt 0x%x.%08x", action, hm_str, ntoa(&peer->srcadr), ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)); + } else if ( L_ISZERO(&peer->aorg) && MODE_CLIENT != hismode + && !memcmp("STEP", &peer->refid, 4)) { + /* response came in just after we stepped clock, normal */ } else if (!L_ISEQU(&p_org, &peer->aorg)) { /* are there cases here where we should bail? */ /* Should we set TEST2 if we decide to try xleave? */ peer->bogusorg++; peer->flash |= TEST2; /* bogus */ - msyslog(LOG_INFO, - "receive: Unexpected origin timestamp %#010x.%08x does not match aorg %#010x.%08x from %s@%s xmt %#010x.%08x", + msyslog(LOG_INFO, + "duplicate or replay: org 0x%x.%08x does not match 0x%x.%08x from %s@%s", ntohl(pkt->org.l_ui), ntohl(pkt->org.l_uf), peer->aorg.l_ui, peer->aorg.l_uf, - hm_str, ntoa(&peer->srcadr), - ntohl(pkt->xmt.l_ui), ntohl(pkt->xmt.l_uf)); + hm_str, ntoa(&peer->srcadr)); if ( !L_ISZERO(&peer->dst) && L_ISEQU(&p_org, &peer->dst)) { /* Might be the start of an interleave */ @@ -2474,8 +2526,10 @@ receive( * more flashers. Leave if the packet is not good. */ process_packet(peer, pkt, rbufp->recv_length); - if (peer->flash & PKT_TEST_MASK) + /* Bug 2734: TEST3 prevents initial interleave sync */ + if ((~TEST3 & peer->flash) & PKT_TEST_MASK) { return; + } /* [bug 3592] Update poll. Ideally this should not happen in a * receive branch, but too much is going on here... at least we @@ -2516,7 +2570,6 @@ process_packet( double p_offset, p_del, p_disp; l_fp p_rec, p_xmt, p_org, p_reftime, ci; u_char pmode, pleap, pversion, pstratum; - char statstr[NTP_MAXSTRLEN]; #ifdef ASSYM int itemp; double etemp, ftemp, td; @@ -2652,9 +2705,8 @@ process_packet( p_del = t21 - t34; p_offset = (t21 + t34) / 2.; if (p_del < 0 || p_del > 1.) { - snprintf(statstr, sizeof(statstr), - "t21 %.6f t34 %.6f", t21, t34); - report_event(PEVNT_XERR, peer, statstr); + mprintf_event(PEVNT_XERR, peer, + "t21 %.9f t34 %.9f", t21, t34); return; } @@ -2680,9 +2732,9 @@ process_packet( /* drop all if in the initial volley */ if (FLAG_BC_VOL & peer->flags) goto bcc_init_volley_fail; - snprintf(statstr, sizeof(statstr), - "offset %.6f delay %.6f", t21, t34); - report_event(PEVNT_XERR, peer, statstr); + mprintf_event(PEVNT_XERR, peer, + "offset %.9f delay %.9f", + t21, t34); return; } p_offset = t21; @@ -2981,20 +3033,6 @@ clock_update( if (crypto_flags) crypto_update(); #endif /* AUTOKEY */ - /* - * If our parent process is waiting for the - * first clock sync, send them home satisfied. - */ -#ifdef HAVE_WORKING_FORK - if (daemon_pipe[1] != -1) { - if (2 != write(daemon_pipe[1], "S\n", 2)) { - msyslog(LOG_ERR, "daemon failed to notify parent ntpd (--wait-sync)"); - } - close(daemon_pipe[1]); - daemon_pipe[1] = -1; - DPRINTF(1, ("notified parent --wait-sync is done\n")); - } -#endif /* HAVE_WORKING_FORK */ } @@ -3150,7 +3188,7 @@ poll_update( if ( 0 != sub || 0 != qty) { - do { + do { val = ntp_random() & msk; } while (val > qty); @@ -3193,8 +3231,9 @@ peer_clear( const char *ident /* tally lights */ ) { - u_char u; - l_fp bxmt = peer->bxmt; /* bcast clients retain this! */ + static u_long earliest; + u_char u; + l_fp bxmt = peer->bxmt; /* bcast clients retain this! */ #ifdef AUTOKEY /* @@ -3271,6 +3310,11 @@ peer_clear( peer->nextdate += peer_associations; } else if (!(FLAG_CONFIG & peer->flags)) { peer->nextdate += ntp_minpkt + 1; + /* space out manycastclient first polls */ + if (peer->nextdate < earliest) { + peer->nextdate = earliest; + } + earliest = peer->nextdate + 1; } else { peer->nextdate += ntp_random() % (1 << peer->minpoll); } @@ -3296,10 +3340,10 @@ clock_filter( ) { double dst[NTP_SHIFT]; /* distance vector */ - int ord[NTP_SHIFT]; /* index vector */ - int i, j, k, m; + u_char ord[NTP_SHIFT]; /* index vector */ + short i, j; + u_char k, m; double dtemp, etemp; - char tbuf[80]; /* * A sample consists of the offset, delay, dispersion and epoch @@ -3316,7 +3360,7 @@ clock_filter( peer->filter_disp[j] = sample_disp; peer->filter_epoch[j] = current_time; j = (j + 1) % NTP_SHIFT; - peer->filter_nextpt = j; + peer->filter_nextpt = (u_char)j; /* * Update dispersions since the last update and at the same @@ -3344,7 +3388,7 @@ clock_filter( } else { dst[i] = peer->filter_delay[j]; } - ord[i] = j; + ord[i] = (u_char)j; j = (j + 1) % NTP_SHIFT; } @@ -3377,7 +3421,7 @@ clock_filter( */ m = 0; for (i = 0; i < NTP_SHIFT; i++) { - peer->filter_order[i] = (u_char) ord[i]; + peer->filter_order[i] = ord[i]; if ( dst[i] >= MAXDISPERSE || (m >= 2 && dst[i] >= sys_maxdist)) continue; @@ -3394,11 +3438,12 @@ clock_filter( k = ord[0]; for (i = NTP_SHIFT - 1; i >= 0; i--) { j = ord[i]; - peer->disp = NTP_FWEIGHT * (peer->disp + - peer->filter_disp[j]); - if (i < m) + peer->disp = NTP_FWEIGHT * ( peer->disp + + peer->filter_disp[j]); + if (i < m) { peer->jitter += DIFF(peer->filter_offset[j], - peer->filter_offset[k]); + peer->filter_offset[k]); + } } /* @@ -3407,15 +3452,16 @@ clock_filter( * save the offset, delay and jitter. Note the jitter must not * be less than the precision. */ - if (m == 0) { + if (0 == m) { clock_select(); return; } etemp = fabs(peer->offset - peer->filter_offset[k]); peer->offset = peer->filter_offset[k]; peer->delay = peer->filter_delay[k]; - if (m > 1) + if (m > 1) { peer->jitter /= m - 1; + } peer->jitter = max(SQRT(peer->jitter), LOGTOD(sys_precision)); /* @@ -3428,23 +3474,22 @@ clock_filter( if ( peer->disp < sys_maxdist && peer->filter_disp[k] < sys_maxdist && etemp > CLOCK_SGATE * peer->jitter - && peer->filter_epoch[k] - peer->epoch + && peer->filter_epoch[k] - peer->epoch < 2. * ULOGTOD(peer->hpoll)) { - snprintf(tbuf, sizeof(tbuf), "%.6f s", etemp); - report_event(PEVNT_POPCORN, peer, tbuf); + mprintf_event(PEVNT_POPCORN, peer, "%.9f s", etemp); return; } /* * A new minimum sample is useful only if it is later than the * last one used. In this design the maximum lifetime of any - * sample is not greater than eight times the poll interval, so - * the maximum interval between minimum samples is eight - * packets. + * sample is not greater than NTP_SHIFT (8) times the poll + * interval, so the maximum interval between minimum samples is + * NTP_SHIFT packets. */ if (peer->filter_epoch[k] <= peer->epoch) { - DPRINTF(2, ("clock_filter: old sample %lu\n", current_time - - peer->filter_epoch[k])); + DPRINTF(2, ("clock_filter: old sample %lu s\n", + current_time - peer->filter_epoch[k])); return; } peer->epoch = peer->filter_epoch[k]; @@ -3454,13 +3499,14 @@ clock_filter( * processing. If not synchronized or not in a burst, tickle the * clock select algorithm. */ - record_peer_stats(&peer->srcadr, ctlpeerstatus(peer), - peer->offset, peer->delay, peer->disp, peer->jitter); - DPRINTF(1, ("clock_filter: n %d off %.6f del %.6f dsp %.6f jit %.6f\n", - m, peer->offset, peer->delay, peer->disp, + record_peer_stats(&peer->srcadr, ctlpeerstatus(peer), peer->offset, + peer->delay, peer->disp, peer->jitter); + DPRINTF(1, ("clock_filter: n %hu off %.9f del %.9f dsp %.9f jit %.9f\n", + (u_short)m, peer->offset, peer->delay, peer->disp, peer->jitter)); - if (peer->burst == 0 || sys_leap == LEAP_NOTINSYNC) + if (0 == peer->burst || LEAP_NOTINSYNC == sys_leap) { clock_select(); + } } @@ -3854,7 +3900,7 @@ clock_select(void) || ((FLAG_TRUE | FLAG_PREFER) & peers[k].peer->flags)) break; - DPRINTF(3, ("select: drop %s seljit %.6f jit %.6f\n", + DPRINTF(3, ("select: drop %s seljit %.9f jit %.9f\n", ntoa(&peers[k].peer->srcadr), g, d)); if (nlist > sys_maxclock) peers[k].peer->new_status = CTL_PST_SEL_EXCESS; @@ -3933,13 +3979,13 @@ clock_select(void) sys_clockhop = 0; } else if ((x = fabs(typesystem->offset - osys_peer->offset)) < sys_mindisp) { - if (sys_clockhop == 0) + if (0 == sys_clockhop) sys_clockhop = sys_mindisp; else sys_clockhop *= .5; - DPRINTF(1, ("select: clockhop %d %.6f %.6f\n", + DPRINTF(1, ("select: clockhop %d %.9f %.9f\n", j, x, sys_clockhop)); - if (fabs(x) < sys_clockhop) + if (x < sys_clockhop) typesystem = osys_peer; else sys_clockhop = 0; @@ -4108,9 +4154,9 @@ peer_xmit( keyid_t xkeyid = 0; /* transmit key ID */ l_fp xmt_tx, xmt_ty; - if (!peer->dstadr) /* drop peers without interface */ + if (!peer->dstadr) { /* can't send */ return; - + } xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, peer->version, peer->hmode); xpkt.stratum = STRATUM_TO_PKT(sys_stratum); @@ -4188,9 +4234,8 @@ peer_xmit( } L_SUB(&xmt_ty, &xmt_tx); LFPTOD(&xmt_ty, peer->xleave); - DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt %#010x.%08x\n", - current_time, - peer->dstadr ? stoa(&peer->dstadr->sin) : "-", + DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d len %zu xmt 0x%x.%08x\n", + current_time, latoa(peer->dstadr), stoa(&peer->srcadr), peer->hmode, sendlen, xmt_tx.l_ui, xmt_tx.l_uf)); return; @@ -4477,8 +4522,8 @@ peer_xmit( authtrust(xkeyid, 0); #endif /* AUTOKEY */ if (sendlen > sizeof(xpkt)) { - msyslog(LOG_ERR, "peer_xmit: buffer overflow %zu", sendlen); - exit (-1); + msyslog(LOG_ERR, "peer_xmit: buffer overflow %u", (u_int)sendlen); + exit(EX_SOFTWARE); } peer->t21_bytes = sendlen; sendpkt(&peer->srcadr, peer->dstadr, @@ -4502,9 +4547,8 @@ peer_xmit( LFPTOD(&xmt_ty, peer->xleave); #ifdef AUTOKEY DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu index %d\n", - current_time, latoa(peer->dstadr), - ntoa(&peer->srcadr), peer->hmode, xkeyid, sendlen, - peer->keynumber)); + current_time, latoa(peer->dstadr), stoa(&peer->srcadr), + peer->hmode, xkeyid, sendlen, peer->keynumber)); #else /* !AUTOKEY follows */ DPRINTF(1, ("peer_xmit: at %ld %s->%s mode %d keyid %08x len %zu\n", current_time, peer->dstadr ? @@ -4543,14 +4587,14 @@ leap_smear_add_offs( */ static void fast_xmit( - struct recvbuf *rbufp, /* receive packet pointer */ + struct recvbuf* rbufp, /* receive packet pointer */ int xmode, /* receive mode */ /* XXX: HMS: really? */ keyid_t xkeyid, /* transmit key ID */ int flags /* restrict mask */ - ) +) { struct pkt xpkt; /* transmit packet structure */ - struct pkt *rpkt; /* receive packet structure */ + struct pkt* rpkt; /* receive packet structure */ l_fp xmt_tx, xmt_ty; size_t sendlen; #ifdef AUTOKEY @@ -4564,13 +4608,26 @@ fast_xmit( * the system minimum poll (ntp_minpoll). This is for KoD rate * control and not strictly specification compliant, but doesn't * break anything. - * - * If the gazinta was from a multicast address, the gazoutta - * must go out another way. */ rpkt = &rbufp->recv_pkt; - if (rbufp->dstadr->flags & INT_MCASTOPEN) + /* + * If the packet was received on an endpoint open only on + * a multicast address, the response needs to go out from + * a unicast endpoint. + */ +#ifndef MULTICAST_NONEWSOCKET + if (rbufp->dstadr->flags & INT_MCASTOPEN) { rbufp->dstadr = findinterface(&rbufp->recv_srcadr); + if (NULL == rbufp->dstadr || + ANY_INTERFACE_CHOOSE(&rbufp->recv_srcadr) /* wildcard */ + == rbufp->dstadr) { + DPRINTF(2, ("No unicast local address found for" + " reply to %s mcast.", + stoa(&rbufp->recv_srcadr))); + return; + } + } +#endif /* * If this is a kiss-o'-death (KoD) packet, show leap @@ -4802,15 +4859,14 @@ pool_xmit( ) { #ifdef WORKER - struct pkt xpkt; /* transmit packet structure */ - struct addrinfo hints; - int rc; - struct interface * lcladr; - sockaddr_u * rmtadr; - r4addr r4a; - u_short restrict_mask; - struct peer * p; - l_fp xmt_tx; + struct pkt xpkt; /* transmit packet structure */ + struct addrinfo hints; + int rc; + endpt * lcladr; + sockaddr_u * rmtadr; + u_short af; + struct peer * p; + l_fp xmt_tx; DEBUG_REQUIRE(pool); if (NULL == pool->ai) { @@ -4819,6 +4875,16 @@ pool_xmit( free(pool->addrs); pool->addrs = NULL; } + af = AF(&pool->srcadr); + if ( (AF_INET == af && !nonlocal_v4_addr_up) + || (AF_INET6 == af && !nonlocal_v6_addr_up) + || ( AF_UNSPEC == af + && !nonlocal_v4_addr_up + && !nonlocal_v6_addr_up)) { + + /* POOL DNS query would be useless [Bug 3845] */ + return; + } ZERO(hints); hints.ai_family = AF(&pool->srcadr); hints.ai_socktype = SOCK_DGRAM; @@ -4845,15 +4911,17 @@ pool_xmit( /* copy_addrinfo_list ai_addr points to a sockaddr_u */ rmtadr = (sockaddr_u *)(void *)pool->ai->ai_addr; pool->ai = pool->ai->ai_next; + /* do not solicit when hopeless [Bug 3845] */ + if ( (IS_IPV4(rmtadr) && !nonlocal_v4_addr_up) + || (IS_IPV6(rmtadr) && !nonlocal_v6_addr_up)) { + continue; + } p = findexistingpeer(rmtadr, NULL, NULL, MODE_CLIENT, 0, NULL); } while (p != NULL && pool->ai != NULL); - if (p != NULL) + if (p != NULL) { return; /* out of addresses, re-query DNS next poll */ - restrictions(rmtadr, &r4a); - restrict_mask = r4a.rflags; - if (RES_FLAGS & restrict_mask) - restrict_source(rmtadr, 0, - current_time + POOL_SOLICIT_WINDOW + 1); + } + restrict_source(rmtadr, FALSE, 1 + POOL_SOLICIT_WINDOW); lcladr = findinterface(rmtadr); memset(&xpkt, 0, sizeof(xpkt)); xpkt.li_vn_mode = PKT_LI_VN_MODE(sys_leap, pool->version, @@ -4867,7 +4935,6 @@ pool_xmit( /* Bug 3596: What are the pros/cons of using sys_reftime here? */ HTONL_FP(&sys_reftime, &xpkt.reftime); - /* HMS: the following is better done after the ntp_random() calls */ get_systime(&xmt_tx); pool->aorg = xmt_tx; @@ -4886,14 +4953,14 @@ pool_xmit( L_CLR(&pool->nonce); HTONL_FP(&xmt_tx, &xpkt.xmt); } - sendpkt(rmtadr, lcladr, - sys_ttl[(pool->ttl >= sys_ttlmax) ? sys_ttlmax : pool->ttl], - &xpkt, LEN_PKT_NOMAC); pool->sent++; pool->throttle += (1 << pool->minpoll) - 2; DPRINTF(1, ("pool_xmit: at %ld %s->%s pool\n", current_time, latoa(lcladr), stoa(rmtadr))); msyslog(LOG_INFO, "Soliciting pool server %s", stoa(rmtadr)); + sendpkt(rmtadr, lcladr, + sys_ttl[(pool->ttl >= sys_ttlmax) ? sys_ttlmax : pool->ttl], + &xpkt, LEN_PKT_NOMAC); #endif /* WORKER */ } @@ -4999,8 +5066,18 @@ key_expire( /* - * local_refid(peer) - check peer refid to avoid selecting peers + * local_refid(peer) - Check peer refid to avoid selecting peers * currently synced to this ntpd. + * Note that until 4.2.8p18 and 4.3.1XX ntpd calculated the IPv6 + * refid differently on different-endian systems. It now calculates + * the refid the same on both, the same way it did on little-endian + * in the past. On big-endian systems, ntpd also calculates a + * byte-swapped version of each of its IPv6 local addresses' refids, + * as endpt.old_refid and also detects a loop when seeing it. This + * ensures new BE ntpd will detect loops interoperating with older + * BE ntpd, and keeps the more-common LE old ntpd code detecting + * loops with IPv6 refids correctly. Thanks to Hal Murray for + * the byte-swapping idea. */ static int local_refid( @@ -5014,10 +5091,17 @@ local_refid( else unicast_ep = findinterface(&p->srcadr); - if (unicast_ep != NULL && p->refid == unicast_ep->addr_refid) + if (unicast_ep != NULL + && ( p->refid == unicast_ep->addr_refid +#ifdef WORDS_BIGENDIAN + || ( IS_IPV6(&unicast_ep->sin) + && p->refid == unicast_ep->old_refid) +#endif + )) { return TRUE; - else + } else { return FALSE; + } } diff --git a/ntpd/ntp_refclock.c b/ntpd/ntp_refclock.c index a16c980e5b09..d96a524c8841 100644 --- a/ntpd/ntp_refclock.c +++ b/ntpd/ntp_refclock.c @@ -72,8 +72,6 @@ static int refclock_cmpl_fp (const void *, const void *); static int refclock_sample (struct refclockproc *); static int refclock_ioctl(int, u_int); static void refclock_checkburst(struct peer *, struct refclockproc *); -static int symBaud2numBaud(int symBaud); -static int numBaud2symBaud(int numBaud); /* circular buffer functions * @@ -841,9 +839,9 @@ refclock_fdwrite( } else if (nret != len) { nerr = errno; msyslog(LOG_NOTICE, - "%s: %s shortened, fd=%d, wrote %zu of %zu bytes", + "%s: %s shortened, fd=%d, wrote %u of %u bytes", refnumtoa(&peer->srcadr), what, - fd, nret, len); + fd, (u_int)nret, (u_int)len); errno = nerr; } } @@ -1651,7 +1649,7 @@ refclock_pps( * ------------------------------------------------------------------- */ -int/*BOOL*/ +int refclock_ppsaugment( const struct refclock_atom * ap , /* for PPS io */ l_fp * rcvtime , @@ -1826,10 +1824,11 @@ refclock_vformat_lcode( long len; len = vsnprintf(pp->a_lastcode, sizeof(pp->a_lastcode), fmt, va); - if (len <= 0) + if (len <= 0) { len = 0; - else if (len >= sizeof(pp->a_lastcode)) + } else if (len >= sizeof(pp->a_lastcode)) { len = sizeof(pp->a_lastcode) - 1; + } pp->lencode = (u_short)len; pp->a_lastcode[len] = '\0'; @@ -1850,47 +1849,4 @@ refclock_format_lcode( va_end(va); } -static const int baudTable[][2] = { - {B0, 0}, - {B50, 50}, - {B75, 75}, - {B110, 110}, - {B134, 134}, - {B150, 150}, - {B200, 200}, - {B300, 300}, - {B600, 600}, - {B1200, 1200}, - {B1800, 1800}, - {B2400, 2400}, - {B4800, 4800}, - {B9600, 9600}, - {B19200, 19200}, - {B38400, 38400}, -# ifdef B57600 - {B57600, 57600 }, -# endif -# ifdef B115200 - {B115200, 115200}, -# endif - {-1, -1} -}; - - -static int symBaud2numBaud(int symBaud) -{ - int i; - for (i = 0; baudTable[i][1] >= 0; ++i) - if (baudTable[i][0] == symBaud) - break; - return baudTable[i][1]; -} -static int numBaud2symBaud(int numBaud) -{ - int i; - for (i = 0; baudTable[i][1] >= 0; ++i) - if (baudTable[i][1] == numBaud) - break; - return baudTable[i][0]; -} -#endif /* REFCLOCK */ +#endif /* REFCLOCK */ diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index e61d014808de..89c051b64f0b 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -1790,6 +1790,7 @@ do_restrict( sockaddr_u matchaddr; sockaddr_u matchmask; int bad; + int/*BOOL*/ success; switch(op) { case RESTRICT_FLAGS: @@ -1838,7 +1839,7 @@ do_restrict( } if (bad) { - msyslog(LOG_ERR, "do_restrict: bad = %#x", bad); + msyslog(LOG_ERR, "%s: bad = 0x%x", __func__, bad); req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); return; } @@ -1868,8 +1869,16 @@ do_restrict( NSRCADR(&matchaddr) = cr.addr; NSRCADR(&matchmask) = cr.mask; } - hack_restrict(op, &matchaddr, &matchmask, cr.mflags, - cr.ippeerlimit, cr.flags, 0); + success = hack_restrict(op, &matchaddr, &matchmask, + cr.ippeerlimit, cr.mflags, + cr.flags, 0); + if (!success) { + DPRINTF(1, ("%s: %s %s mask %s ippeerlimit %hd %s %s failed", + __func__, resop_str(op), + stoa(&matchaddr), stoa(&matchmask), + cr.ippeerlimit, mflags_str(cr.mflags), + rflags_str(cr.flags))); + } datap += item_sz; } diff --git a/ntpd/ntp_restrict.c b/ntpd/ntp_restrict.c index fe2935d9e071..f1df8ccf3079 100644 --- a/ntpd/ntp_restrict.c +++ b/ntpd/ntp_restrict.c @@ -15,21 +15,11 @@ #include "ntp_assert.h" /* - * This code keeps a simple address-and-mask list of hosts we want - * to place restrictions on (or remove them from). The restrictions - * are implemented as a set of flags which tell you what the host - * can't do. There is a subroutine entry to return the flags. The - * list is kept sorted to reduce the average number of comparisons - * and make sure you get the set of restrictions most specific to - * the address. - * - * The algorithm is that, when looking up a host, it is first assumed - * that the default set of restrictions will apply. It then searches - * down through the list. Whenever it finds a match it adopts the - * match's flags instead. When you hit the point where the sorted - * address is greater than the target, you return with the last set of - * flags you found. Because of the ordering of the list, the most - * specific match will provide the final set of flags. + * This code keeps a simple address-and-mask list of addressses we want + * to place restrictions on (or remove them from). The restrictions are + * implemented as a set of flags which tell you what matching addresses + * can't do. The list is sorted retrieve the restrictions most specific +* to the address. * * This was originally intended to restrict you from sync'ing to your * own broadcasts when you are doing that, by restricting yourself from @@ -38,27 +28,23 @@ * has been expanded, however, to suit the needs of those with more * restrictive access policies. */ -/* - * We will use two lists, one for IPv4 addresses and one for IPv6 - * addresses. This is not protocol-independant but for now I can't - * find a way to respect this. We'll check this later... JFB 07/2001 - */ #define MASK_IPV6_ADDR(dst, src, msk) \ do { \ - int idx; \ - for (idx = 0; idx < (int)COUNTOF((dst)->s6_addr); idx++) { \ - (dst)->s6_addr[idx] = (src)->s6_addr[idx] \ - & (msk)->s6_addr[idx]; \ + int x; \ + \ + for (x = 0; x < (int)COUNTOF((dst)->s6_addr); x++) { \ + (dst)->s6_addr[x] = (src)->s6_addr[x] \ + & (msk)->s6_addr[x]; \ } \ - } while (0) + } while (FALSE) /* * We allocate INC_RESLIST{4|6} entries to the free list whenever empty. - * Auto-tune these to be just less than 1KB (leaving at least 16 bytes + * Auto-tune these to be just less than 1KB (leaving at least 32 bytes * for allocator overhead). */ -#define INC_RESLIST4 ((1024 - 16) / V4_SIZEOF_RESTRICT_U) -#define INC_RESLIST6 ((1024 - 16) / V6_SIZEOF_RESTRICT_U) +#define INC_RESLIST4 ((1024 - 32) / V4_SIZEOF_RESTRICT_U) +#define INC_RESLIST6 ((1024 - 32) / V6_SIZEOF_RESTRICT_U) /* * The restriction list @@ -103,30 +89,35 @@ static short restrict_source_ippeerlimit; /* * private functions */ -static restrict_u * alloc_res4(void); -static restrict_u * alloc_res6(void); -static void free_res(restrict_u *, int); -static void inc_res_limited(void); -static void dec_res_limited(void); -static restrict_u * match_restrict4_addr(u_int32, u_short); -static restrict_u * match_restrict6_addr(const struct in6_addr *, +static restrict_u * alloc_res4(void); +static restrict_u * alloc_res6(void); +static void free_res(restrict_u *, int); +static inline void inc_res_limited(void); +static inline void dec_res_limited(void); +static restrict_u * match_restrict4_addr(u_int32, u_short); +static restrict_u * match_restrict6_addr(const struct in6_addr *, u_short); -static restrict_u * match_restrict_entry(const restrict_u *, int); -static int res_sorts_before4(restrict_u *, restrict_u *); -static int res_sorts_before6(restrict_u *, restrict_u *); -static char * roptoa(restrict_op op); +static restrict_u * match_restrict_entry(const restrict_u *, int); +static inline int/*BOOL*/ mflags_sorts_before(u_short, u_short); +static int/*BOOL*/ res_sorts_before4(restrict_u *, restrict_u *); +static int/*BOOL*/ res_sorts_before6(restrict_u *, restrict_u *); +typedef int (*res_sort_fn)(restrict_u *, restrict_u *); + + +/* dump_restrict() & dump_restricts() are DEBUG-only */ +#ifdef DEBUG +static void dump_restrict(restrict_u *, int); -void dump_restricts(void); /* - * dump_restrict - spit out a restrict_u + * dump_restrict - spit out a single restriction entry */ static void dump_restrict( restrict_u * res, int is_ipv6 - ) +) { char as[INET6_ADDRSTRLEN]; char ms[INET6_ADDRSTRLEN]; @@ -135,57 +126,47 @@ dump_restrict( inet_ntop(AF_INET6, &res->u.v6.addr, as, sizeof as); inet_ntop(AF_INET6, &res->u.v6.mask, ms, sizeof ms); } else { - struct in_addr sia = { htonl(res->u.v4.addr) }; - struct in_addr sim = { htonl(res->u.v4.mask) }; + struct in_addr sia, sim; + sia.s_addr = htonl(res->u.v4.addr); + sim.s_addr = htonl(res->u.v4.addr); inet_ntop(AF_INET, &sia, as, sizeof as); inet_ntop(AF_INET, &sim, ms, sizeof ms); } - mprintf("restrict node at %p: %s/%s count %d, rflags %08x, mflags %04x, ippeerlimit %d, expire %lu, next %p\n", - res, as, ms, res->count, res->rflags, res->mflags, - res->ippeerlimit, res->expire, res->link); - return; + printf("%s/%s: hits %u ippeerlimit %hd mflags %s rflags %s", + as, ms, res->count, res->ippeerlimit, + mflags_str(res->mflags), + rflags_str(res->rflags)); + if (res->expire > 0) { + printf(" expire %u\n", res->expire); + } else { + printf("\n"); + } } /* - * dump_restricts - spit out the 'restrict' lines + * dump_restricts - spit out the 'restrict' entries */ void dump_restricts(void) { restrict_u * res; - restrict_u * next; - - mprintf("dump_restrict: restrict_def4: %p\n", &restrict_def4); - /* Spit out 'restrict {,-4,-6} default ...' lines, if needed */ - for (res = &restrict_def4; res != NULL; res = next) { - dump_restrict(res, 0); - next = res->link; - } - - mprintf("dump_restrict: restrict_def6: %p\n", &restrict_def6); - for (res = &restrict_def6; res != NULL; res = next) { - dump_restrict(res, 1); - next = res->link; - } /* Spit out the IPv4 list */ - mprintf("dump_restrict: restrictlist4: %p\n", &restrictlist4); - for (res = restrictlist4; res != NULL; res = next) { + printf("dump_restricts: restrictlist4: %p\n", restrictlist4); + for (res = restrictlist4; res != NULL; res = res->link) { dump_restrict(res, 0); - next = res->link; } /* Spit out the IPv6 list */ - mprintf("dump_restrict: restrictlist6: %p\n", &restrictlist6); - for (res = restrictlist6; res != NULL; res = next) { + printf("dump_restricts: restrictlist6: %p\n", restrictlist6); + for (res = restrictlist6; res != NULL; res = res->link) { dump_restrict(res, 1); - next = res->link; } - - return; } +#endif /* DEBUG - dump_restrict() / dump_restricts() */ + /* * init_restrict - initialize the restriction data structures @@ -194,7 +175,7 @@ void init_restrict(void) { /* - * The restriction lists begin with a default entry with address + * The restriction lists end with a default entry with address * and mask 0, which will match any entry. The lists are kept * sorted by descending address followed by descending mask: * @@ -215,11 +196,20 @@ init_restrict(void) * * An additional wrinkle is we may have multiple entries with * the same address and mask but differing match flags (mflags). - * At present there is only one, RESM_NTPONLY. Entries with - * RESM_NTPONLY are sorted earlier so they take precedence over - * any otherwise similar entry without. Again, this is the same - * behavior as but reversed implementation compared to the docs. - * + * We want to never talk to ourself, so RES_IGNORE entries for + * each local address are added by ntp_io.c with a host mask and + * both RESM_INTERFACE and RESM_NTPONLY set. We sort those + * entries before entries without those flags to achieve this. + * The remaining match flag is RESM_SOURCE, used to dynamically + * set restrictions for each peer based on the prototype set by + * "restrict source" in the configuration. We want those entries + * to be considered only when there is not a static host + * restriction for the address in the configuration, to allow + * operators to blacklist pool and manycast servers at runtime as + * desired using ntpq runtime configuration. Such static entries + * have no RESM_ bits set, so the sort order for mflags is first + * RESM_INTERFACE, then entries without RESM_SOURCE, finally the + * remaining. */ restrict_def4.ippeerlimit = -1; /* Cleaner if we have C99 */ @@ -236,14 +226,14 @@ alloc_res4(void) { const size_t cb = V4_SIZEOF_RESTRICT_U; const size_t count = INC_RESLIST4; - restrict_u * rl; - restrict_u * res; + restrict_u* rl; + restrict_u* res; size_t i; UNLINK_HEAD_SLIST(res, resfree4, link); - if (res != NULL) + if (res != NULL) { return res; - + } rl = eallocarray(count, cb); /* link all but the first onto free list */ res = (void *)((char *)rl + (count - 1) * cb); @@ -251,7 +241,7 @@ alloc_res4(void) LINK_SLIST(resfree4, res, link); res = (void *)((char *)res - cb); } - INSIST(rl == res); + DEBUG_INSIST(rl == res); /* allocate the first */ return res; } @@ -267,9 +257,9 @@ alloc_res6(void) size_t i; UNLINK_HEAD_SLIST(res, resfree6, link); - if (res != NULL) + if (res != NULL) { return res; - + } rl = eallocarray(count, cb); /* link all but the first onto free list */ res = (void *)((char *)rl + (count - 1) * cb); @@ -277,7 +267,7 @@ alloc_res6(void) LINK_SLIST(resfree6, res, link); res = (void *)((char *)res - cb); } - INSIST(rl == res); + DEBUG_INSIST(rl == res); /* allocate the first */ return res; } @@ -289,46 +279,48 @@ free_res( int v6 ) { - restrict_u ** plisthead; + restrict_u ** rlisthead_ptr; + restrict_u ** flisthead_ptr; restrict_u * unlinked; + size_t sz; restrictcount--; - if (RES_LIMITED & res->rflags) + if (RES_LIMITED & res->rflags) { dec_res_limited(); - - if (v6) - plisthead = &restrictlist6; - else - plisthead = &restrictlist4; - UNLINK_SLIST(unlinked, *plisthead, res, link, restrict_u); - INSIST(unlinked == res); - + } if (v6) { - zero_mem(res, V6_SIZEOF_RESTRICT_U); - plisthead = &resfree6; + rlisthead_ptr = &restrictlist6; + flisthead_ptr = &resfree6; + sz = V6_SIZEOF_RESTRICT_U; } else { - zero_mem(res, V4_SIZEOF_RESTRICT_U); - plisthead = &resfree4; + rlisthead_ptr = &restrictlist4; + flisthead_ptr = &resfree4; + sz = V4_SIZEOF_RESTRICT_U; } - LINK_SLIST(*plisthead, res, link); + UNLINK_SLIST(unlinked, *rlisthead_ptr, res, link, restrict_u); + INSIST(unlinked == res); + zero_mem(res, sz); + LINK_SLIST(*flisthead_ptr, res, link); } -static void +static inline void inc_res_limited(void) { - if (!res_limited_refcnt) + if (0 == res_limited_refcnt) { mon_start(MON_RES); + } res_limited_refcnt++; } -static void +static inline void dec_res_limited(void) { res_limited_refcnt--; - if (!res_limited_refcnt) + if (0 == res_limited_refcnt) { mon_stop(MON_RES); + } } @@ -338,26 +330,21 @@ match_restrict4_addr( u_short port ) { - const int v6 = 0; + const int v6 = FALSE; restrict_u * res; restrict_u * next; for (res = restrictlist4; res != NULL; res = next) { - struct in_addr sia = { htonl(res->u.v4.addr) }; - next = res->link; - DPRINTF(2, ("match_restrict4_addr: Checking %s, port %d ... ", - inet_ntoa(sia), port)); - if ( res->expire - && res->expire <= current_time) + if (res->expire && res->expire <= current_time) { free_res(res, v6); /* zeroes the contents */ + } if ( res->u.v4.addr == (addr & res->u.v4.mask) && ( !(RESM_NTPONLY & res->mflags) || NTP_PORT == port)) { - DPRINTF(2, ("MATCH: ippeerlimit %d\n", res->ippeerlimit)); + break; } - DPRINTF(2, ("doesn't match: ippeerlimit %d\n", res->ippeerlimit)); } return res; } @@ -369,22 +356,23 @@ match_restrict6_addr( u_short port ) { - const int v6 = 1; + const int v6 = TRUE; restrict_u * res; restrict_u * next; struct in6_addr masked; for (res = restrictlist6; res != NULL; res = next) { next = res->link; - INSIST(next != res); - if (res->expire && - res->expire <= current_time) + if (res->expire && res->expire <= current_time) { free_res(res, v6); + } MASK_IPV6_ADDR(&masked, addr, &res->u.v6.mask); if (ADDR6_EQ(&masked, &res->u.v6.addr) - && (!(RESM_NTPONLY & res->mflags) - || NTP_PORT == (int)port)) + && ( !(RESM_NTPONLY & res->mflags) + || NTP_PORT == (int)port)) { + break; + } } return res; } @@ -417,22 +405,47 @@ match_restrict_entry( cb = sizeof(pmatch->u.v4); } - for (res = rlist; res != NULL; res = res->link) + for (res = rlist; res != NULL; res = res->link) { if (res->mflags == pmatch->mflags && - !memcmp(&res->u, &pmatch->u, cb)) + !memcmp(&res->u, &pmatch->u, cb)) { break; + } + } return res; } /* - * res_sorts_before4 - compare two restrict4 entries + * mflags_sorts_before - common mflags sorting code + * + * See block comment in init_restrict() above for rationale. + */ +static inline int/*BOOL*/ +mflags_sorts_before( + u_short m1, + u_short m2 + ) +{ + if ( (RESM_INTERFACE & m1) + && !(RESM_INTERFACE & m2)) { + return TRUE; + } else if ( !(RESM_SOURCE & m1) + && (RESM_SOURCE & m2)) { + return TRUE; + } else { + return FALSE; + } +} + + +/* + * res_sorts_before4 - compare IPv4 restriction entries * * Returns nonzero if r1 sorts before r2. We sort by descending - * address, then descending mask, then descending mflags, so sorting - * before means having a higher value. + * address, then descending mask, then an intricate mflags sort + * order explained in a block comment near the top of this file. */ -static int +static int/*BOOL*/ res_sorts_before4( restrict_u *r1, restrict_u *r2 @@ -440,54 +453,53 @@ res_sorts_before4( { int r1_before_r2; - if (r1->u.v4.addr > r2->u.v4.addr) - r1_before_r2 = 1; - else if (r1->u.v4.addr < r2->u.v4.addr) - r1_before_r2 = 0; - else if (r1->u.v4.mask > r2->u.v4.mask) - r1_before_r2 = 1; - else if (r1->u.v4.mask < r2->u.v4.mask) - r1_before_r2 = 0; - else if (r1->mflags > r2->mflags) - r1_before_r2 = 1; - else - r1_before_r2 = 0; + if (r1->u.v4.addr > r2->u.v4.addr) { + r1_before_r2 = TRUE; + } else if (r1->u.v4.addr < r2->u.v4.addr) { + r1_before_r2 = FALSE; + } else if (r1->u.v4.mask > r2->u.v4.mask) { + r1_before_r2 = TRUE; + } else if (r1->u.v4.mask < r2->u.v4.mask) { + r1_before_r2 = FALSE; + } else { + r1_before_r2 = mflags_sorts_before(r1->mflags, r2->mflags); + } return r1_before_r2; } /* - * res_sorts_before6 - compare two restrict6 entries + * res_sorts_before6 - compare IPv6 restriction entries * * Returns nonzero if r1 sorts before r2. We sort by descending - * address, then descending mask, then descending mflags, so sorting - * before means having a higher value. + * address, then descending mask, then an intricate mflags sort + * order explained in a block comment near the top of this file. */ -static int +static int/*BOOL*/ res_sorts_before6( - restrict_u *r1, - restrict_u *r2 - ) + restrict_u* r1, + restrict_u* r2 +) { int r1_before_r2; int cmp; cmp = ADDR6_CMP(&r1->u.v6.addr, &r2->u.v6.addr); - if (cmp > 0) /* r1->addr > r2->addr */ - r1_before_r2 = 1; - else if (cmp < 0) /* r2->addr > r1->addr */ - r1_before_r2 = 0; - else { + if (cmp > 0) { /* r1->addr > r2->addr */ + r1_before_r2 = TRUE; + } else if (cmp < 0) { /* r2->addr > r1->addr */ + r1_before_r2 = FALSE; + } else { cmp = ADDR6_CMP(&r1->u.v6.mask, &r2->u.v6.mask); - if (cmp > 0) /* r1->mask > r2->mask*/ - r1_before_r2 = 1; - else if (cmp < 0) /* r2->mask > r1->mask */ - r1_before_r2 = 0; - else if (r1->mflags > r2->mflags) - r1_before_r2 = 1; - else - r1_before_r2 = 0; + if (cmp > 0) { /* r1->mask > r2->mask*/ + r1_before_r2 = TRUE; + } else if (cmp < 0) { /* r2->mask > r1->mask */ + r1_before_r2 = FALSE; + } else { + r1_before_r2 = mflags_sorts_before(r1->mflags, + r2->mflags); + } } return r1_before_r2; @@ -506,15 +518,10 @@ restrictions( restrict_u *match; struct in6_addr *pin6; - REQUIRE(NULL != r4a); + DEBUG_REQUIRE(NULL != r4a); res_calls++; - r4a->rflags = RES_IGNORE; - r4a->ippeerlimit = 0; - DPRINTF(1, ("restrictions: looking up %s\n", stoa(srcadr))); - - /* IPv4 source address */ if (IS_IPV4(srcadr)) { /* * Ignore any packets with a multicast source address @@ -522,16 +529,12 @@ restrictions( * not later!) */ if (IN_CLASSD(SRCADR(srcadr))) { - DPRINTF(1, ("restrictions: srcadr %s is multicast\n", stoa(srcadr))); - r4a->ippeerlimit = 2; /* XXX: we should use a better value */ - return; + goto multicast; } match = match_restrict4_addr(SRCADR(srcadr), SRCPORT(srcadr)); - - INSIST(match != NULL); - + DEBUG_INSIST(match != NULL); match->count++; /* * res_not_found counts only use of the final default @@ -544,10 +547,9 @@ restrictions( res_found++; r4a->rflags = match->rflags; r4a->ippeerlimit = match->ippeerlimit; - } + } else { + DEBUG_REQUIRE(IS_IPV6(srcadr)); - /* IPv6 source address */ - if (IS_IPV6(srcadr)) { pin6 = PSOCK_ADDR6(srcadr); /* @@ -555,11 +557,11 @@ restrictions( * (this should be done early in the receive process, * not later!) */ - if (IN6_IS_ADDR_MULTICAST(pin6)) - return; - + if (IN6_IS_ADDR_MULTICAST(pin6)) { + goto multicast; + } match = match_restrict6_addr(pin6, SRCPORT(srcadr)); - INSIST(match != NULL); + DEBUG_INSIST(match != NULL); match->count++; if (&restrict_def6 == match) res_not_found++; @@ -570,32 +572,34 @@ restrictions( } return; -} + multicast: + r4a->rflags = RES_IGNORE; + r4a->ippeerlimit = 0; +} -/* - * roptoa - convert a restrict_op to a string - */ -char * -roptoa(restrict_op op) { - static char sb[30]; - switch(op) { +#ifdef DEBUG +/* display string for restrict_op */ +const char * +resop_str(restrict_op op) +{ + switch (op) { case RESTRICT_FLAGS: return "RESTRICT_FLAGS"; - case RESTRICT_UNFLAG: return "RESTRICT_UNFLAGS"; + case RESTRICT_UNFLAG: return "RESTRICT_UNFLAG"; case RESTRICT_REMOVE: return "RESTRICT_REMOVE"; case RESTRICT_REMOVEIF: return "RESTRICT_REMOVEIF"; - default: - snprintf(sb, sizeof sb, "**RESTRICT_#%d**", op); - return sb; } + DEBUG_INVARIANT(!"bad restrict_op in resop_str"); + return ""; /* silence not all paths return value warning */ } +#endif /* DEBUG */ /* * hack_restrict - add/subtract/manipulate entries on the restrict list */ -void +int/*BOOL*/ hack_restrict( restrict_op op, sockaddr_u * resaddr, @@ -603,38 +607,51 @@ hack_restrict( short ippeerlimit, u_short mflags, u_short rflags, - u_long expire + u_int32 expire ) { int v6; + int bump_res_limited = FALSE; restrict_u match; restrict_u * res; restrict_u ** plisthead; - - DPRINTF(1, ("hack_restrict: op %s addr %s mask %s ippeerlimit %d mflags %08x rflags %08x\n", - roptoa(op), stoa(resaddr), stoa(resmask), ippeerlimit, mflags, rflags)); + res_sort_fn pfn_sort; + +#ifdef DEBUG + if (debug > 0) { + printf("hack_restrict: op %s addr %s mask %s", + resop_str(op), stoa(resaddr), stoa(resmask)); + if (ippeerlimit >= 0) { + printf(" ippeerlimit %d", ippeerlimit); + } + printf(" mflags %s rflags %s", mflags_str(mflags), + rflags_str(rflags)); + if (expire) { + printf("lifetime %u\n", + expire - (u_int32)current_time); + } else { + printf("\n"); + } + } +#endif if (NULL == resaddr) { - REQUIRE(NULL == resmask); - REQUIRE(RESTRICT_FLAGS == op); + DEBUG_REQUIRE(NULL == resmask); + DEBUG_REQUIRE(RESTRICT_FLAGS == op); + DEBUG_REQUIRE(RESM_SOURCE & mflags); restrict_source_rflags = rflags; restrict_source_mflags = mflags; restrict_source_ippeerlimit = ippeerlimit; - restrict_source_enabled = 1; - return; + restrict_source_enabled = TRUE; + DPRINTF(1, ("restrict source template saved\n")); + return TRUE; } ZERO(match); -#if 0 - /* silence VC9 potentially uninit warnings */ - // HMS: let's use a compiler-specific "enable" for this. - res = NULL; - v6 = 0; -#endif - if (IS_IPV4(resaddr)) { - v6 = 0; + DEBUG_INVARIANT(IS_IPV4(resmask)); + v6 = FALSE; /* * Get address and mask in host byte order for easy * comparison as u_int32 @@ -642,9 +659,10 @@ hack_restrict( match.u.v4.addr = SRCADR(resaddr); match.u.v4.mask = SRCADR(resmask); match.u.v4.addr &= match.u.v4.mask; - - } else if (IS_IPV6(resaddr)) { - v6 = 1; + } else { + DEBUG_INVARIANT(IS_IPV6(resaddr)); + DEBUG_INVARIANT(IS_IPV6(resmask)); + v6 = TRUE; /* * Get address and mask in network byte order for easy * comparison as byte sequences (e.g. memcmp()) @@ -652,88 +670,95 @@ hack_restrict( match.u.v6.mask = SOCK_ADDR6(resmask); MASK_IPV6_ADDR(&match.u.v6.addr, PSOCK_ADDR6(resaddr), &match.u.v6.mask); + } - } else /* not IPv4 nor IPv6 */ - REQUIRE(0); - - match.rflags = rflags; match.mflags = mflags; - match.ippeerlimit = ippeerlimit; - match.expire = expire; res = match_restrict_entry(&match, v6); switch (op) { case RESTRICT_FLAGS: /* - * Here we add bits to the rflags. If this is a - * new restriction add it. + * Here we add bits to the rflags. If we already have + * this restriction modify it. */ - if (NULL == res) { + if (NULL != res) { + if ( (RES_LIMITED & rflags) + && !(RES_LIMITED & res->rflags)) { + + bump_res_limited = TRUE; + } + res->rflags |= rflags; + res->expire = expire; + } else { + match.rflags = rflags; + match.expire = expire; + match.ippeerlimit = ippeerlimit; if (v6) { res = alloc_res6(); - memcpy(res, &match, - V6_SIZEOF_RESTRICT_U); + memcpy(res, &match, V6_SIZEOF_RESTRICT_U); plisthead = &restrictlist6; + pfn_sort = &res_sorts_before6; } else { res = alloc_res4(); - memcpy(res, &match, - V4_SIZEOF_RESTRICT_U); + memcpy(res, &match, V4_SIZEOF_RESTRICT_U); plisthead = &restrictlist4; + pfn_sort = &res_sorts_before4; } LINK_SORT_SLIST( *plisthead, res, - (v6) - ? res_sorts_before6(res, L_S_S_CUR()) - : res_sorts_before4(res, L_S_S_CUR()), + (*pfn_sort)(res, L_S_S_CUR()), link, restrict_u); restrictcount++; - if (RES_LIMITED & rflags) - inc_res_limited(); - } else { - if ( (RES_LIMITED & rflags) - && !(RES_LIMITED & res->rflags)) - inc_res_limited(); - res->rflags |= rflags; + if (RES_LIMITED & rflags) { + bump_res_limited = TRUE; + } } - - res->ippeerlimit = match.ippeerlimit; - - break; + if (bump_res_limited) { + inc_res_limited(); + } + return TRUE; case RESTRICT_UNFLAG: /* * Remove some bits from the rflags. If we didn't * find this one, just return. */ - if (res != NULL) { - if ( (RES_LIMITED & res->rflags) - && (RES_LIMITED & rflags)) - dec_res_limited(); - res->rflags &= ~rflags; + if (NULL == res) { + DPRINTF(1, ("No match for %s %s removing rflags %s\n", + stoa(resaddr), stoa(resmask), + rflags_str(rflags))); + return FALSE; } - break; + if ( (RES_LIMITED & res->rflags) + && (RES_LIMITED & rflags)) { + dec_res_limited(); + } + res->rflags &= ~rflags; + return TRUE; case RESTRICT_REMOVE: case RESTRICT_REMOVEIF: /* * Remove an entry from the table entirely if we * found one. Don't remove the default entry and - * don't remove an interface entry. + * don't remove an interface entry unless asked. */ - if (res != NULL - && (RESTRICT_REMOVEIF == op + if ( res != NULL + && ( RESTRICT_REMOVEIF == op || !(RESM_INTERFACE & res->mflags)) && res != &restrict_def4 - && res != &restrict_def6) - free_res(res, v6); - break; + && res != &restrict_def6) { - default: /* unknown op */ - INSIST(0); - break; + free_res(res, v6); + return TRUE; + } + DPRINTF(1, ("No match removing %s %s restriction\n", + stoa(resaddr), stoa(resmask))); + return FALSE; } - + /* notreached */ + return FALSE; } @@ -744,58 +769,182 @@ hack_restrict( void restrict_source( sockaddr_u * addr, - int farewell, /* 0 to add, 1 to remove */ - u_long expire /* 0 is infinite, valid until */ + int farewell, /* TRUE to remove */ + u_int32 lifetime /* seconds, 0 forever */ ) { sockaddr_u onesmask; - restrict_u * res; - int found_specific; + int/*BOOL*/ success; - if (!restrict_source_enabled || SOCK_UNSPEC(addr) || - IS_MCAST(addr) || ISREFCLOCKADR(addr)) + if ( !restrict_source_enabled || SOCK_UNSPEC(addr) + || IS_MCAST(addr) || ISREFCLOCKADR(addr)) { return; + } REQUIRE(AF_INET == AF(addr) || AF_INET6 == AF(addr)); SET_HOSTMASK(&onesmask, AF(addr)); if (farewell) { - hack_restrict(RESTRICT_REMOVE, addr, &onesmask, - -2, 0, 0, 0); - DPRINTF(1, ("restrict_source: %s removed", stoa(addr))); + success = hack_restrict(RESTRICT_REMOVE, addr, &onesmask, + 0, RESM_SOURCE, 0, 0); + if (success) { + DPRINTF(1, ("%s %s removed", __func__, + stoa(addr))); + } else { + msyslog(LOG_ERR, "%s remove %s failed", + __func__, stoa(addr)); + } return; } - /* - * If there is a specific entry for this address, hands - * off, as it is condidered more specific than "restrict - * server ...". - * However, if the specific entry found is a fleeting one - * added by pool_xmit() before soliciting, replace it - * immediately regardless of the expire value to make way - * for the more persistent entry. - */ - if (IS_IPV4(addr)) { - res = match_restrict4_addr(SRCADR(addr), SRCPORT(addr)); - INSIST(res != NULL); - found_specific = (SRCADR(&onesmask) == res->u.v4.mask); + success = hack_restrict(RESTRICT_FLAGS, addr, &onesmask, + restrict_source_ippeerlimit, + restrict_source_mflags, + restrict_source_rflags, + lifetime > 0 + ? lifetime + current_time + : 0); + if (success) { + DPRINTF(1, ("%s %s add/upd\n", __func__, + stoa(addr))); } else { - res = match_restrict6_addr(&SOCK_ADDR6(addr), - SRCPORT(addr)); - INSIST(res != NULL); - found_specific = ADDR6_EQ(&res->u.v6.mask, - &SOCK_ADDR6(&onesmask)); + msyslog(LOG_ERR, "%s %s failed", __func__, stoa(addr)); } - if (!expire && found_specific && res->expire) { - found_specific = 0; - free_res(res, IS_IPV6(addr)); +} + + +#ifdef DEBUG +/* Convert restriction RES_ flag bits into a display string */ +const char * +rflags_str( + u_short rflags + ) +{ + const size_t sz = LIB_BUFLENGTH; + char * rfs; + + LIB_GETBUF(rfs); + rfs[0] = '\0'; + + if (rflags & RES_FLAKE) { + CLEAR_BIT_IF_DEBUG(RES_FLAKE, rflags); + append_flagstr(rfs, sz, "flake"); } - if (found_specific) - return; - hack_restrict(RESTRICT_FLAGS, addr, &onesmask, - restrict_source_ippeerlimit, - restrict_source_mflags, restrict_source_rflags, expire); - DPRINTF(1, ("restrict_source: %s host restriction added\n", - stoa(addr))); + if (rflags & RES_IGNORE) { + CLEAR_BIT_IF_DEBUG(RES_IGNORE, rflags); + append_flagstr(rfs, sz, "ignore"); + } + + if (rflags & RES_KOD) { + CLEAR_BIT_IF_DEBUG(RES_KOD, rflags); + append_flagstr(rfs, sz, "kod"); + } + + if (rflags & RES_MSSNTP) { + CLEAR_BIT_IF_DEBUG(RES_MSSNTP, rflags); + append_flagstr(rfs, sz, "mssntp"); + } + + if (rflags & RES_LIMITED) { + CLEAR_BIT_IF_DEBUG(RES_LIMITED, rflags); + append_flagstr(rfs, sz, "limited"); + } + + if (rflags & RES_LPTRAP) { + CLEAR_BIT_IF_DEBUG(RES_LPTRAP, rflags); + append_flagstr(rfs, sz, "lptrap"); + } + + if (rflags & RES_NOMODIFY) { + CLEAR_BIT_IF_DEBUG(RES_NOMODIFY, rflags); + append_flagstr(rfs, sz, "nomodify"); + } + + if (rflags & RES_NOMRULIST) { + CLEAR_BIT_IF_DEBUG(RES_NOMRULIST, rflags); + append_flagstr(rfs, sz, "nomrulist"); + } + + if (rflags & RES_NOEPEER) { + CLEAR_BIT_IF_DEBUG(RES_NOEPEER, rflags); + append_flagstr(rfs, sz, "noepeer"); + } + + if (rflags & RES_NOPEER) { + CLEAR_BIT_IF_DEBUG(RES_NOPEER, rflags); + append_flagstr(rfs, sz, "nopeer"); + } + + if (rflags & RES_NOQUERY) { + CLEAR_BIT_IF_DEBUG(RES_NOQUERY, rflags); + append_flagstr(rfs, sz, "noquery"); + } + + if (rflags & RES_DONTSERVE) { + CLEAR_BIT_IF_DEBUG(RES_DONTSERVE, rflags); + append_flagstr(rfs, sz, "dontserve"); + } + + if (rflags & RES_NOTRAP) { + CLEAR_BIT_IF_DEBUG(RES_NOTRAP, rflags); + append_flagstr(rfs, sz, "notrap"); + } + + if (rflags & RES_DONTTRUST) { + CLEAR_BIT_IF_DEBUG(RES_DONTTRUST, rflags); + append_flagstr(rfs, sz, "notrust"); + } + + if (rflags & RES_SRVRSPFUZ) { + CLEAR_BIT_IF_DEBUG(RES_SRVRSPFUZ, rflags); + append_flagstr(rfs, sz, "srvrspfuz"); + } + + if (rflags & RES_VERSION) { + CLEAR_BIT_IF_DEBUG(RES_VERSION, rflags); + append_flagstr(rfs, sz, "version"); + } + + DEBUG_INVARIANT(!rflags); + + if ('\0' == rfs[0]) { + append_flagstr(rfs, sz, "(none)"); + } + + return rfs; +} + + +/* Convert restriction match RESM_ flag bits into a display string */ +const char * +mflags_str( + u_short mflags + ) +{ + const size_t sz = LIB_BUFLENGTH; + char * mfs; + + LIB_GETBUF(mfs); + mfs[0] = '\0'; + + if (mflags & RESM_NTPONLY) { + CLEAR_BIT_IF_DEBUG(RESM_NTPONLY, mflags); + append_flagstr(mfs, sz, "ntponly"); + } + + if (mflags & RESM_SOURCE) { + CLEAR_BIT_IF_DEBUG(RESM_SOURCE, mflags); + append_flagstr(mfs, sz, "source"); + } + + if (mflags & RESM_INTERFACE) { + CLEAR_BIT_IF_DEBUG(RESM_INTERFACE, mflags); + append_flagstr(mfs, sz, "interface"); + } + + DEBUG_INVARIANT(!mflags); + + return mfs; } +#endif /* DEBUG */ diff --git a/ntpd/ntp_scanner.c b/ntpd/ntp_scanner.c index 08c203c63e8a..531d66024982 100644 --- a/ntpd/ntp_scanner.c +++ b/ntpd/ntp_scanner.c @@ -34,7 +34,7 @@ * ------------------------ */ -#define MAX_LEXEME (1024 + 1) /* The maximum size of a lexeme */ +#define MAX_LEXEME 128 /* The maximum size of a lexeme */ char yytext[MAX_LEXEME]; /* Buffer for storing the input text/lexeme */ u_int32 conf_file_sum; /* Simple sum of characters read */ @@ -278,7 +278,7 @@ lex_close( */ static struct FILE_INFO * -_drop_stack_do( +drop_stack_do( struct FILE_INFO * head ) { @@ -320,9 +320,9 @@ lex_init_stack( * anything until the next 'lex_init_stack()' succeeded. */ void -lex_drop_stack() +lex_drop_stack(void) { - lex_stack = _drop_stack_do(lex_stack); + lex_stack = drop_stack_do(lex_stack); } /* Flush the lexer input stack: This will nip all input objects on the @@ -334,14 +334,14 @@ lex_drop_stack() * in the force-eof mode before this call. */ int/*BOOL*/ -lex_flush_stack() +lex_flush_stack(void) { int retv = FALSE; if (NULL != lex_stack) { retv = !lex_stack->force_eof; lex_stack->force_eof = TRUE; - lex_stack->st_next = _drop_stack_do( + lex_stack->st_next = drop_stack_do( lex_stack->st_next); } return retv; @@ -425,7 +425,7 @@ lex_from_file(void) } struct FILE_INFO * -lex_current() +lex_current(void) { /* this became so simple, it could be a macro. But then, * lex_stack needed to be global... @@ -910,9 +910,9 @@ yylex(void) normal_return: if (T_EOC == token) - DPRINTF(4,("\t<end of command>\n")); + DPRINTF(10, ("\t<end of command>\n")); else - DPRINTF(4, ("yylex: lexeme '%s' -> %s\n", yytext, + DPRINTF(10, ("yylex: lexeme '%s' -> %s\n", yytext, token_name(token))); if (!yylval_was_set) @@ -921,6 +921,10 @@ normal_return: return token; lex_too_long: + /* + * DLH: What is the purpose of the limit of 50? + * Is there any reason for yytext[] to be bigger? + */ yytext[min(sizeof(yytext) - 1, 50)] = 0; msyslog(LOG_ERR, "configuration item on line %d longer than limit of %lu, began with '%s'", diff --git a/ntpd/ntp_timer.c b/ntpd/ntp_timer.c index 4f669f0699fa..c8164d798b04 100644 --- a/ntpd/ntp_timer.c +++ b/ntpd/ntp_timer.c @@ -46,7 +46,7 @@ static void check_leapsec(u_int32, const time_t*, int/*BOOL*/); /* * These routines provide support for the event timer. The timer is - * implemented by an interrupt routine which sets a flag once every + * implemented by a signal routine which sets a flag once every * second, and a timer routine which is called when the mainline code * gets around to seeing the flag. The timer routine dispatches the * clock adjustment code if its time has come, then searches the timer @@ -54,7 +54,6 @@ static void check_leapsec(u_int32, const time_t*, int/*BOOL*/); * Finally, we call the hourly procedure to do cleanup and print a * message. */ -volatile int interface_interval; /* init_io() sets def. 300s */ /* * Initializing flag. All async routines watch this and only do their @@ -70,14 +69,15 @@ volatile int alarm_flag; /* * The counters and timeouts */ -static u_long interface_timer; /* interface update timer */ + u_long endpt_scan_timer; /* interface update timer */ static u_long adjust_timer; /* second timer */ static u_long stats_timer; /* stats timer */ static u_long leapf_timer; /* Report leapfile problems once/day */ static u_long huffpuff_timer; /* huff-n'-puff timer */ static u_long worker_idle_timer;/* next check for idle intres */ -u_long leapsec; /* seconds to next leap (proximity class) */ -int leapdif; /* TAI difference step at next leap second*/ +int endpt_scan_period; /* init_io() sets def. 301s */ +u_long leapsec; /* seconds to next leap (proximity class) */ +int leapdif; /* TAI difference step at next leap second*/ u_long orphwait; /* orphan wait time */ #ifdef AUTOKEY static u_long revoke_timer; /* keys revoke timer */ @@ -198,7 +198,7 @@ init_timer(void) stats_timer = SECSPERHR; leapf_timer = SECSPERDAY; huffpuff_timer = 0; - interface_timer = 0; + endpt_scan_timer = 0; current_time = 0; timer_overflows = 0; timer_xmtcalls = 0; @@ -249,7 +249,7 @@ init_timer(void) BOOL rc; Period = (1 << EVENT_TIMEOUT) * 1000; - DueTime.QuadPart = Period * 10000i64; + DueTime.QuadPart = Period * 10000ll; rc = SetWaitableTimer(WaitableTimerHandle, &DueTime, Period, NULL, NULL, FALSE); if (!rc) { @@ -296,10 +296,10 @@ intres_timeout_req( void timer(void) { - struct peer * p; - struct peer * next_peer; + struct peer* p; + struct peer* next_peer; l_fp now; - time_t tnow; + time_t tnow; /* * The basic timerevent is one second. This is used to adjust the @@ -333,15 +333,18 @@ timer(void) * usually tripped using iburst and minpoll of * 128 s or less. */ - if (p->throttle > 0) + if (p->throttle > 0) { p->throttle--; + } if (p->nextdate <= current_time) { #ifdef REFCLOCK - if (FLAG_REFCLOCK & p->flags) + if (FLAG_REFCLOCK & p->flags) { refclock_transmit(p); - else + } else #endif /* REFCLOCK */ + { transmit(p); + } } } @@ -370,7 +373,8 @@ timer(void) #endif /* AUTOKEY */ } sys_stratum = (u_char)sys_orphan; - } else { + } + else { if (sys_leap != LEAP_NOTINSYNC) { set_sys_leap(LEAP_NOTINSYNC); msyslog(LOG_WARNING, "%s", @@ -379,9 +383,9 @@ timer(void) sys_stratum = STRATUM_UNSPEC; } if (sys_stratum > 1) - sys_refid = htonl(LOOPBACKADR); + sys_refid = htonl(LOOPBACKADR); else - memcpy(&sys_refid, "LOOP", 4); + memcpy(&sys_refid, "ORPH", 4); sys_offset = 0; sys_rootdelay = 0; sys_rootdisp = 0; @@ -395,17 +399,19 @@ timer(void) * is imminent or every 8th second. */ if (leapsec > LSPROX_NOWARN || 0 == (current_time & 7)) - check_leapsec(now.l_ui, &tnow, - (sys_leap == LEAP_NOTINSYNC)); - if (sys_leap != LEAP_NOTINSYNC) { - if (leapsec >= LSPROX_ANNOUNCE && leapdif) { - if (leapdif > 0) - set_sys_leap(LEAP_ADDSECOND); - else - set_sys_leap(LEAP_DELSECOND); - } else { - set_sys_leap(LEAP_NOWARNING); - } + check_leapsec( now.l_ui + , &tnow + , (sys_leap == LEAP_NOTINSYNC)); + if (sys_leap != LEAP_NOTINSYNC) { + if (leapsec >= LSPROX_ANNOUNCE && leapdif) { + if (leapdif > 0) { + set_sys_leap(LEAP_ADDSECOND); + } else { + set_sys_leap(LEAP_DELSECOND); + } + } else { + set_sys_leap(LEAP_NOWARNING); + } } /* @@ -431,23 +437,28 @@ timer(void) */ if (revoke_timer && revoke_timer <= current_time) { revoke_timer += (1UL << sys_revoke); - RAND_bytes((u_char *)&sys_private, 4); + RAND_bytes((u_char *)&sys_private, sizeof(sys_private)); } #endif /* AUTOKEY */ /* - * Interface update timer + * Network interface rescan timer */ - if (interface_interval && interface_timer <= current_time) { - timer_interfacetimeout(current_time + - interface_interval); - DPRINTF(2, ("timer: interface update\n")); + if (endpt_scan_timer && endpt_scan_timer <= current_time) { + if (no_periodic_scan) { + endpt_scan_timer = 0; + DPRINTF(2, ("timer: network interface rescan disabled\n")); + } else { + endpt_scan_timer = current_time + + endpt_scan_period; + DPRINTF(2, ("timer: network interface rescan in %d seconds\n", endpt_scan_period)); + } interface_update(NULL, NULL); } - if (worker_idle_timer && worker_idle_timer <= current_time) + if (worker_idle_timer && worker_idle_timer <= current_time) { worker_idle_timer_fired(); - + } /* * Finally, write hourly stats and do the hourly * and daily leapfile checks. @@ -508,13 +519,6 @@ alarming( #endif /* SYS_WINNT */ -void -timer_interfacetimeout(u_long timeout) -{ - interface_timer = timeout; -} - - /* * timer_clr_stats - clear timer module stat counters */ @@ -528,21 +532,27 @@ timer_clr_stats(void) static void -check_leap_sec_in_progress( const leap_result_t *lsdata ) { +check_leap_sec_in_progress( + const leap_result_t *lsdata + ) +{ int prv_leap_sec_in_progress = leap_sec_in_progress; + leap_sec_in_progress = lsdata->tai_diff && (lsdata->ddist < 3); - /* if changed we may have to update the leap status sent to clients */ - if (leap_sec_in_progress != prv_leap_sec_in_progress) + /* if changed we have to update the leap bits sent to clients */ + if (leap_sec_in_progress != prv_leap_sec_in_progress) { set_sys_leap(sys_leap); + } } static void check_leapsec( - u_int32 now , - const time_t * tpiv , - int/*BOOL*/ reset) + u_int32 now, + const time_t * tpiv, + int/*BOOL*/ reset + ) { static const char leapmsg_p_step[] = "Positive leap second, stepped backward."; @@ -556,10 +566,10 @@ check_leapsec( "Negative leap second, no step correction. " "System clock will be inaccurate for a long time."; - leap_result_t lsdata; - u_int32 lsprox; + leap_result_t lsdata; + u_int32 lsprox; #ifdef AUTOKEY - int/*BOOL*/ update_autokey = FALSE; + int/*BOOL*/ update_autokey = FALSE; #endif #ifndef SYS_WINNT /* WinNT port has its own leap second handling */ @@ -568,122 +578,116 @@ check_leapsec( # else leapsec_electric(0); # endif -#endif +#endif /* !SYS_WINNT */ + #ifdef LEAP_SMEAR leap_smear.enabled = leap_smear_intv != 0; #endif if (reset) { lsprox = LSPROX_NOWARN; leapsec_reset_frame(); - memset(&lsdata, 0, sizeof(lsdata)); + ZERO(lsdata); } else { - int fired; + int fired; - fired = leapsec_query(&lsdata, now, tpiv); + fired = leapsec_query(&lsdata, now, tpiv); - DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X), tai_diff %i, ddist %u\n", - fired, now, now, lsdata.tai_diff, lsdata.ddist)); + DPRINTF(3, ("*** leapsec_query: fired %i, now %u (0x%08X)," + " tai_diff %i, ddist %u\n", + fired, now, now, lsdata.tai_diff, lsdata.ddist)); #ifdef LEAP_SMEAR - leap_smear.in_progress = 0; - leap_smear.doffset = 0.0; - - if (leap_smear.enabled) { - if (lsdata.tai_diff) { - if (leap_smear.interval == 0) { - leap_smear.interval = leap_smear_intv; - leap_smear.intv_end = lsdata.ttime.Q_s; - leap_smear.intv_start = leap_smear.intv_end - leap_smear.interval; - DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n", + leap_smear.in_progress = FALSE; + leap_smear.doffset = 0.0; + + if (leap_smear.enabled) { + if (lsdata.tai_diff) { + if (0 == leap_smear.interval) { + leap_smear.interval = leap_smear_intv; + leap_smear.intv_end = lsdata.ttime.Q_s; + leap_smear.intv_start = leap_smear.intv_end - leap_smear.interval; + DPRINTF(1, ("*** leapsec_query: setting leap_smear interval %li, begin %.0f, end %.0f\n", leap_smear.interval, leap_smear.intv_start, leap_smear.intv_end)); + } + } else { + if (leap_smear.interval) { + DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n")); + leap_smear.interval = 0; + } } - } else { - if (leap_smear.interval) - DPRINTF(1, ("*** leapsec_query: clearing leap_smear interval\n")); - leap_smear.interval = 0; - } - if (leap_smear.interval) { - double dtemp = now; - if (dtemp >= leap_smear.intv_start && dtemp <= leap_smear.intv_end) { - double leap_smear_time = dtemp - leap_smear.intv_start; - /* - * For now we just do a linear interpolation over the smear interval - */ + if (leap_smear.interval) { + double dtemp = now; + + if (dtemp >= leap_smear.intv_start && dtemp <= leap_smear.intv_end) { + double leap_smear_time = dtemp - leap_smear.intv_start; #if 0 - // linear interpolation - leap_smear.doffset = -(leap_smear_time * lsdata.tai_diff / leap_smear.interval); + /* linear interpolation */ + leap_smear.doffset = -(leap_smear_time * lsdata.tai_diff / leap_smear.interval); #else - // Google approach: lie(t) = (1.0 - cos(pi * t / w)) / 2.0 - leap_smear.doffset = -((double) lsdata.tai_diff - cos( M_PI * leap_smear_time / leap_smear.interval)) / 2.0; + /* Google approach : lie(t) = (1.0 - cos(pi * t / w)) / 2.0 */ + leap_smear.doffset = -((double) lsdata.tai_diff - cos( M_PI * leap_smear_time / leap_smear.interval)) / 2.0; #endif - /* - * TODO see if we're inside an inserted leap second, so we need to compute - * leap_smear.doffset = 1.0 - leap_smear.doffset - */ - leap_smear.in_progress = 1; -#if 0 && defined( DEBUG ) - msyslog(LOG_NOTICE, "*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n", - leap_smear.intv_start, leap_smear.intv_end, leap_smear.interval, - now, leap_smear_time, leap_smear.doffset); -#else - DPRINTF(1, ("*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n", + /* + * TODO see if we're inside an inserted leap second, so we need to compute + * leap_smear.doffset = 1.0 - leap_smear.doffset + */ + leap_smear.in_progress = TRUE; + DPRINTF(1, ("*** leapsec_query: [%.0f:%.0f] (%li), now %u (%.0f), smear offset %.6f ms\n", leap_smear.intv_start, leap_smear.intv_end, leap_smear.interval, now, leap_smear_time, leap_smear.doffset)); -#endif + } } + } else { + leap_smear.interval = 0; } - } - else - leap_smear.interval = 0; - - /* - * Update the current leap smear offset, eventually 0.0 if outside smear interval. - */ - DTOLFP(leap_smear.doffset, &leap_smear.offset); - + /* + * Update the current leap smear offset, eventually 0.0 if outside smear interval. + */ + DTOLFP(leap_smear.doffset, &leap_smear.offset); #endif /* LEAP_SMEAR */ - if (fired) { - /* Full hit. Eventually step the clock, but always - * announce the leap event has happened. - */ - const char *leapmsg = NULL; - double lswarp = lsdata.warped; - if (lswarp < 0.0) { - if (clock_max_back > 0.0 && - clock_max_back < -lswarp) { - step_systime(lswarp); - leapmsg = leapmsg_p_step; - } else { - leapmsg = leapmsg_p_slew; + if (fired) { + /* Full hit. Eventually step the clock, but always + * announce the leap event has happened. + */ + const char *leapmsg = NULL; + double lswarp = lsdata.warped; + if (lswarp < 0.0) { + if (clock_max_back > 0.0 && + clock_max_back < -lswarp) { + step_systime(lswarp); + leapmsg = leapmsg_p_step; + } else { + leapmsg = leapmsg_p_slew; + } + } else if (lswarp > 0.0) { + if (clock_max_fwd > 0.0 && + clock_max_fwd < lswarp) { + step_systime(lswarp); + leapmsg = leapmsg_n_step; + } else { + leapmsg = leapmsg_n_slew; + } } - } else if (lswarp > 0.0) { - if (clock_max_fwd > 0.0 && - clock_max_fwd < lswarp) { - step_systime(lswarp); - leapmsg = leapmsg_n_step; - } else { - leapmsg = leapmsg_n_slew; + if (leapmsg) { + msyslog(LOG_NOTICE, "%s", leapmsg); } - } - if (leapmsg) - msyslog(LOG_NOTICE, "%s", leapmsg); - report_event(EVNT_LEAP, NULL, NULL); + report_event(EVNT_LEAP, NULL, NULL); #ifdef AUTOKEY - update_autokey = TRUE; + update_autokey = TRUE; #endif - lsprox = LSPROX_NOWARN; - leapsec = LSPROX_NOWARN; - sys_tai = lsdata.tai_offs; - } else { + lsprox = LSPROX_NOWARN; + leapsec = LSPROX_NOWARN; + sys_tai = lsdata.tai_offs; + } else { #ifdef AUTOKEY - update_autokey = (sys_tai != (u_int)lsdata.tai_offs); + update_autokey = (sys_tai != (u_int)lsdata.tai_offs); #endif - lsprox = lsdata.proximity; - sys_tai = lsdata.tai_offs; - } + lsprox = lsdata.proximity; + sys_tai = lsdata.tai_offs; + } } /* We guard against panic alarming during the red alert phase. @@ -691,13 +695,13 @@ check_leapsec( * to piping hot in one step. If things are already that wobbly, * we let the normal clock correction take over, even if a jump * is involved. - * Also make sure the alarming events are edge-triggered, that is, - * ceated only when the threshold is crossed. - */ - if ( (leapsec > 0 || lsprox < LSPROX_ALERT) - && leapsec < lsprox ) { + * Also make sure the alarming events are edge-triggered, that is, + * created only when the threshold is crossed. + */ + if ( (leapsec > 0 || lsprox < LSPROX_ALERT) + && leapsec < lsprox) { if ( leapsec < LSPROX_SCHEDULE - && lsprox >= LSPROX_SCHEDULE) { + && lsprox >= LSPROX_SCHEDULE) { if (lsdata.dynamic) report_event(PEVNT_ARMED, sys_peer, NULL); else @@ -706,22 +710,23 @@ check_leapsec( leapsec = lsprox; } if (leapsec > lsprox) { - if ( leapsec >= LSPROX_SCHEDULE - && lsprox < LSPROX_SCHEDULE) { + if ( leapsec >= LSPROX_SCHEDULE + && lsprox < LSPROX_SCHEDULE) { report_event(EVNT_DISARMED, NULL, NULL); } leapsec = lsprox; } - if (leapsec >= LSPROX_SCHEDULE) + if (leapsec >= LSPROX_SCHEDULE) { leapdif = lsdata.tai_diff; - else + } else { leapdif = 0; - + } check_leap_sec_in_progress(&lsdata); #ifdef AUTOKEY - if (update_autokey) + if (update_autokey) { crypto_update_taichange(); + } #endif } diff --git a/ntpd/ntp_util.c b/ntpd/ntp_util.c index 62a997e43aad..e7b374fc346f 100644 --- a/ntpd/ntp_util.c +++ b/ntpd/ntp_util.c @@ -13,7 +13,6 @@ #include "ntp_assert.h" #include "ntp_calendar.h" #include "ntp_leapsec.h" -#include "lib_strbuf.h" #include <stdio.h> #include <ctype.h> @@ -63,7 +62,6 @@ char *stats_drift_file; /* frequency file name */ static char *stats_temp_file; /* temp frequency file name */ static double wander_resid; /* last frequency update */ double wander_threshold = 1e-7; /* initial frequency threshold */ -static unsigned int cmdargs_seen = 0; /* stat options seen from command line */ /* * Statistics file stuff @@ -183,7 +181,7 @@ init_util(void) void write_stats(void) { - FILE *fp; + FILE *fp = NULL; #ifdef DOSYNCTODR struct timeval tv; #if !defined(VMS) @@ -267,12 +265,10 @@ write_stats(void) * the frequncy file. This minimizes the file writes to * nonvolaile storage. */ -#ifdef DEBUG - if (debug) - printf("write_stats: frequency %.6lf thresh %.6lf, freq %.6lf\n", + DPRINTF(1, ("write_stats: frequency %.6f thresh %.6f, freq %.6f\n", (prev_drift_comp - drift_comp) * 1e6, wander_resid * - 1e6, drift_comp * 1e6); -#endif + 1e6, drift_comp * 1e6)); + if (fabs(prev_drift_comp - drift_comp) < wander_resid) { wander_resid *= 0.5; return; @@ -284,7 +280,7 @@ write_stats(void) stats_temp_file); return; } - fprintf(fp, "%.3f\n", drift_comp * 1e6); + fprintf(fp, "%.6f\n", drift_comp * 1e6); (void)fclose(fp); /* atomic */ #ifdef SYS_WINNT @@ -326,29 +322,38 @@ write_stats(void) /* - * stats_config - configure the stats operation + * If an option was given on the command line make sure it takes + * precedence over the configuration file, as command-line options + * are processed first. Similarly, if an option is given in the + * configuration file, do not allow it to be overridden with runtime + * configuration. Done by simply remembering an option was already + * seen. */ static int allow_config( - unsigned int option, - int/*BOOL*/ cmdopt) + u_int option, + int/*BOOL*/ cmdopt + ) { - /* If an option was given on the command line, make sure it - * persists and is not later changed by a corresponding option - * from the config file. Done by simply remembering an option was - * already seen from the command line. - * - * BTW, if we ever define stats options beyond 31, this needs a - * fix. Until then, simply assume the shift will not overflow. - */ - unsigned int mask = 1u << option; - int retv = cmdopt || !(cmdargs_seen & mask); - if (cmdopt) - cmdargs_seen |= mask; + static u_int seen = 0; /* stat options previously set */ + u_int mask; + int retv; + + if (cmdopt) { + DEBUG_REQUIRE(option < sizeof(mask) * 8); + mask = 1u << option; + retv = !(seen & mask); + seen |= mask; + } else { + retv = FALSE; + } return retv; } +/* + * stats_config - configure the stats operation + */ void stats_config( int item, @@ -356,12 +361,13 @@ stats_config( int optflag ) { - FILE *fp; + FILE *fp = NULL; const char *value; size_t len; double old_drift; l_fp now; time_t ttnow; + char dirsep_or_nul; #ifndef VMS static const char temp_ext[] = ".TEMP"; #else @@ -415,137 +421,131 @@ stats_config( switch (item) { - /* - * Open and read frequency file. - */ + /* + * Open and read frequency file. + */ case STATS_FREQ_FILE: - if (!allow_config(STATS_FREQ_FILE, optflag)) + if (!allow_config(STATS_FREQ_FILE, optflag)) { break; - - if (!value || (len = strlen(value)) == 0) - { + } + if (!value || 0 == (len = strlen(value))) { free(stats_drift_file); free(stats_temp_file); - stats_drift_file = stats_temp_file = NULL; - } - else - { - stats_drift_file = erealloc(stats_drift_file, len + 1); + stats_drift_file = stats_temp_file = NULL; + } else { + stats_drift_file = erealloc(stats_drift_file, + 1 + len); stats_temp_file = erealloc(stats_temp_file, - len + sizeof(".TEMP")); - memcpy(stats_drift_file, value, (size_t)(len+1)); - memcpy(stats_temp_file, value, (size_t)len); - memcpy(stats_temp_file + len, temp_ext, sizeof(temp_ext)); + len + sizeof(temp_ext)); + memcpy(stats_drift_file, value, 1 + len); + memcpy(stats_temp_file, value, len); + memcpy(stats_temp_file + len, temp_ext, + sizeof(temp_ext)); } - + /* * Open drift file and read frequency. If the file is * missing or contains errors, tell the loop to reset. */ if (NULL == stats_drift_file) { - loop_config(LOOP_NOFREQ, 0.0); - prev_drift_comp = 0.0; + goto nofreq; } else if ((fp = fopen(stats_drift_file, "r")) == NULL) { - if (errno != ENOENT) + if (errno != ENOENT) { msyslog(LOG_WARNING, - "cannot read frequency file %s: %s", - stats_drift_file, strerror(errno)); + "cannot read frequency file %s: %m", + stats_drift_file); + } + goto nofreq; } else if (fscanf(fp, "%lf", &old_drift) != 1) { msyslog(LOG_ERR, "format error frequency file %s", stats_drift_file); - fclose(fp); + nofreq: + prev_drift_comp = 0.0; + loop_config(LOOP_NOFREQ, prev_drift_comp); } else { loop_config(LOOP_FREQ, old_drift); prev_drift_comp = drift_comp; msyslog(LOG_INFO, - "initial drift restored to %f", + "initial drift restored to %.6f", old_drift); + } + if (NULL != fp) { fclose(fp); } break; - /* - * Specify statistics directory. - */ + /* + * Specify statistics directory. + */ case STATS_STATSDIR: - if (!allow_config(STATS_STATSDIR, optflag)) + if (!allow_config(STATS_STATSDIR, optflag)) { break; - - /* - 1 since value may be missing the DIR_SEP. */ - if (strlen(value) >= sizeof(statsdir) - 1) { + } + /* - 2 since value may be missing the DIR_SEP. */ + len = strlen(value); + if (len > sizeof(statsdir) - 2) { msyslog(LOG_ERR, - "statsdir too long (>%d, sigh)", - (int)sizeof(statsdir) - 2); + "statsdir %s too long (>%u)", value, + (u_int)sizeof(statsdir) - 2); + break; + } + /* Add a DIR_SEP unless we already have one. */ + if (0 == len || DIR_SEP == value[len - 1]) { + dirsep_or_nul = '\0'; } else { - int add_dir_sep; - size_t value_l; - - /* Add a DIR_SEP unless we already have one. */ - value_l = strlen(value); - if (0 == value_l) - add_dir_sep = FALSE; - else - add_dir_sep = (DIR_SEP != - value[value_l - 1]); - - if (add_dir_sep) - snprintf(statsdir, sizeof(statsdir), - "%s%c", value, DIR_SEP); - else - snprintf(statsdir, sizeof(statsdir), - "%s", value); - filegen_statsdir(); + dirsep_or_nul = DIR_SEP; } + snprintf(statsdir, sizeof(statsdir), "%s%c", + value, dirsep_or_nul); + filegen_statsdir(); break; - /* - * Open pid file. - */ + /* + * Write pid file. + */ case STATS_PID_FILE: - if (!allow_config(STATS_PID_FILE, optflag)) + if (!allow_config(STATS_PID_FILE, optflag)) { break; - + } if ((fp = fopen(value, "w")) == NULL) { - msyslog(LOG_ERR, "pid file %s: %m", - value); + msyslog(LOG_ERR, "pid file %s: %m", value); break; } - fprintf(fp, "%d", (int)getpid()); + fprintf(fp, "%ld", (long)getpid()); fclose(fp); break; /* * Read leapseconds file. * - * Note: Currently a leap file without SHA1 signature is - * accepted, but if there is a signature line, the signature - * must be valid or the file is rejected. + * By default a leap file without SHA1 signature is accepted, + * but if there is a signature line, the signature must be + * valid or the leapfile line in ntp.conf must have ignorehash. */ case STATS_LEAP_FILE: - if (!value || (len = strlen(value)) == 0) + if (NULL == value || 0 == (len = strlen(value))) { break; - + } leapfile_name = erealloc(leapfile_name, len + 1); memcpy(leapfile_name, value, len + 1); chck_leaphash = optflag; if (leapsec_load_file( leapfile_name, &leapfile_stat, - TRUE, TRUE, chck_leaphash)) - { + TRUE, TRUE, chck_leaphash)) { leap_signature_t lsig; get_systime(&now); time(&ttnow); leapsec_getsig(&lsig); mprintf_event(EVNT_TAI, NULL, - "%d leap %s %s %s", + "%d leap %s expire%s %s", lsig.taiof, fstostr(lsig.ttime), leapsec_expired(now.l_ui, NULL) - ? "expired" - : "expires", + ? "d" + : "s", fstostr(lsig.etime)); have_leapfile = TRUE; @@ -579,31 +579,32 @@ stats_config( */ void record_peer_stats( - sockaddr_u *addr, - int status, - double offset, /* offset */ - double delay, /* delay */ - double dispersion, /* dispersion */ - double jitter /* jitter */ + sockaddr_u * addr, + int status, + double offset, + double delay, + double dispersion, + double jitter ) { - l_fp now; - u_long day; + l_fp now; + u_long day; - if (!stats_control) + if (!stats_control) { return; - + } get_systime(&now); filegen_setup(&peerstats, now.l_ui); + if (NULL == peerstats.fp) { + return; + } day = now.l_ui / 86400 + MJD_1900; now.l_ui %= 86400; - if (peerstats.fp != NULL) { - fprintf(peerstats.fp, - "%lu %s %s %x %.9f %.9f %.9f %.9f\n", day, - ulfptoa(&now, 3), stoa(addr), status, offset, - delay, dispersion, jitter); - fflush(peerstats.fp); - } + fprintf(peerstats.fp, + "%lu %s %s %x %.9f %.9f %.9f %.9f\n", day, + ulfptoa(&now, 3), stoa(addr), status, offset, + delay, dispersion, jitter); + fflush(peerstats.fp); } @@ -934,13 +935,14 @@ record_timing_stats( * * Note: This loads a new leapfile on the fly. Currently a leap file * without SHA1 signature is accepted, but if there is a signature line, - * the signature must be valid or the file is rejected. + * the signature must be valid unless the ntp.conf leapfile line specified + * ignorehash. */ void check_leap_file( - int is_daily_check, - uint32_t ntptime , - const time_t *systime + int is_daily_check, + uint32_t ntptime, + const time_t * systime ) { /* just do nothing if there is no leap file */ @@ -1097,3 +1099,20 @@ ntpd_time_stepped(void) win_time_stepped(); #endif } + + +#ifdef DEBUG +void +append_flagstr( + char * flagstr, + size_t sz, + const char * text +) +{ + if ('\0' != flagstr[0]) { + strlcat(flagstr, ",", sz); + } + /* bail if we ran out of room */ + INSIST(strlcat(flagstr, text, sz) < sz); +} +#endif /* DEBUG */ diff --git a/ntpd/ntpd-opts.c b/ntpd/ntpd-opts.c index 14774d684f2d..5d8b0bb33659 100644 --- a/ntpd/ntpd-opts.c +++ b/ntpd/ntpd-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.c) * - * It has been AutoGen-ed June 6, 2023 at 04:36:50 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:03:09 AM by AutoGen 5.18.16 * From the definitions ntpd-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpd program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -80,8 +80,8 @@ extern FILE * option_usage_fp; * static const strings for ntpd options */ static char const ntpd_opt_strs[3133] = -/* 0 */ "ntpd 4.2.8p17\n" - "Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n" +/* 0 */ "ntpd 4.2.8p18\n" + "Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" "can be seen at:\n" @@ -210,12 +210,12 @@ static char const ntpd_opt_strs[3133] = /* 2901 */ "output version information and exit\0" /* 2937 */ "version\0" /* 2945 */ "NTPD\0" -/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p17\n" +/* 2950 */ "ntpd - NTP daemon program - Ver. 4.2.8p18\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n" "\t\t[ <server1> ... <serverN> ]\n\0" /* 3082 */ "https://bugs.ntp.org, bugs@ntp.org\0" /* 3117 */ "\n\0" -/* 3119 */ "ntpd 4.2.8p17"; +/* 3119 */ "ntpd 4.2.8p18"; /** * ipv4 option description with @@ -1534,8 +1534,8 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpdOptions.pzCopyright */ - puts(_("ntpd 4.2.8p17\n\ -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + puts(_("ntpd 4.2.8p18\n\ +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ can be seen at:\n")); @@ -1675,7 +1675,7 @@ implied warranty.\n")); puts(_("output version information and exit")); /* referenced via ntpdOptions.pzUsageTitle */ - puts(_("ntpd - NTP daemon program - Ver. 4.2.8p17\n\ + puts(_("ntpd - NTP daemon program - Ver. 4.2.8p18\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ \t\t[ <server1> ... <serverN> ]\n")); @@ -1683,7 +1683,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ puts(_("\n")); /* referenced via ntpdOptions.pzFullVersion */ - puts(_("ntpd 4.2.8p17")); + puts(_("ntpd 4.2.8p18")); /* referenced via ntpdOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpd/ntpd-opts.h b/ntpd/ntpd-opts.h index 3541255bb6fb..99fb3dcd230f 100644 --- a/ntpd/ntpd-opts.h +++ b/ntpd/ntpd-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpd-opts.h) * - * It has been AutoGen-ed June 6, 2023 at 04:36:50 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:03:08 AM by AutoGen 5.18.16 * From the definitions ntpd-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpd program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -114,9 +114,9 @@ typedef enum { /** count of all options for ntpd */ #define OPTION_CT 38 /** ntpd version */ -#define NTPD_VERSION "4.2.8p17" +#define NTPD_VERSION "4.2.8p18" /** Full ntpd version text */ -#define NTPD_FULL_VERSION "ntpd 4.2.8p17" +#define NTPD_FULL_VERSION "ntpd 4.2.8p18" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpd/ntpd.1ntpdman b/ntpd/ntpd.1ntpdman index 237a9179f62e..6d91d5725284 100644 --- a/ntpd/ntpd.1ntpdman +++ b/ntpd/ntpd.1ntpdman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpd 1ntpdman "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpd 1ntpdman "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:49 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:07 AM by AutoGen 5.18.16 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -979,7 +979,7 @@ RFC5908 .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS The diff --git a/ntpd/ntpd.1ntpdmdoc b/ntpd/ntpd.1ntpdmdoc index 536e7f672840..90e08b7aa825 100644 --- a/ntpd/ntpd.1ntpdmdoc +++ b/ntpd/ntpd.1ntpdmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPD 1ntpdmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:36 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:03:54 AM by AutoGen 5.18.16 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -886,7 +886,7 @@ A snapshot of this documentation is available in HTML format in .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS The diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c index 868f7a9c8068..f86b06cf16eb 100644 --- a/ntpd/ntpd.c +++ b/ntpd/ntpd.c @@ -101,16 +101,6 @@ #include "recvbuff.h" #include "ntp_cmdargs.h" -#if 0 /* HMS: I don't think we need this. 961223 */ -#ifdef LOCK_PROCESS -# ifdef SYS_SOLARIS -# include <sys/mman.h> -# else -# include <sys/lock.h> -# endif -#endif -#endif - #ifdef SYS_WINNT # include "ntservice.h" #endif @@ -145,15 +135,11 @@ # include <seccomp.h> #endif /* LIBSECCOMP and KERN_SECCOMP */ -#ifdef __FreeBSD__ -#include <sys/procctl.h> -#ifndef PROC_STACKGAP_CTL -/* - * Even if we compile on an older system we can still run on a newer one. - */ -#define PROC_STACKGAP_CTL 17 -#define PROC_STACKGAP_DISABLE 0x0002 -#endif +#if defined(__FreeBSD__) && __FreeBSD_version < 1400037 && defined(HAVE_SYS_PROCCTL_H) +# include <sys/procctl.h> +# ifdef PROC_STACKGAP_DISABLE +# define DISABLE_FREEBSD_STACKGAP +# endif #endif #ifdef HAVE_DNSREGISTRATION @@ -438,18 +424,24 @@ main( char *argv[] ) { -# ifdef __FreeBSD__ - { - /* - * We Must disable ASLR stack gap on FreeBSD to avoid a - * segfault. See PR/241421 and PR/241960. - */ - int aslr_var = PROC_STACKGAP_DISABLE; +# ifdef DISABLE_FREEBSD_STACKGAP + /* + * We must disable ASLR stack gap on FreeBSD that has + * PROC_STACKGAP_DISABLE up through early FreeBSD 14 + * versions to avoid a segfault. See: + * + * https://bugs.ntp.org/3627 + * https://cgit.freebsd.org/src/commit/?id=889b56c8cd84c9a9f2d9e3b019c154d6f14d9021 + * https://cgit.freebsd.org/src/commit/?id=fc393054398ea50fb0cee52704e9385afe888b48 + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253208 + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241421 + * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241960 + */ + int aslr_var = PROC_STACKGAP_DISABLE; + + procctl(P_PID, getpid(), PROC_STACKGAP_CTL, &aslr_var); +# endif /* DISABLE_FREEBSD_STACKGAP */ - pid_t my_pid = getpid(); - procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); - } -# endif return ntpdmain(argc, argv); } #endif /* !SYS_WINNT */ @@ -583,7 +575,7 @@ set_process_priority(void) # ifdef HAVE_WORKING_FORK static void detach_from_terminal( - int pipe[2], + int pipes[2], long wait_sync, const char *logfilename ) @@ -604,11 +596,10 @@ detach_from_terminal( msyslog(LOG_ERR, "fork: %m"); exit_code = EX_OSERR; } else { - close(pipe[1]); - pipe[1] = -1; + close(pipes[1]); + pipes[1] = -1; exit_code = wait_child_sync_if( - pipe[0], wait_sync); - DPRINTF(1, ("sync_if: rc=%d\n", exit_code)); + pipes[0], wait_sync); if (exit_code <= 0) { /* probe daemon exit code -- wait for * child process if we have an unexpected @@ -616,7 +607,6 @@ detach_from_terminal( */ exit_code = wait_child_exit_if( cpid, (exit_code < 0)); - DPRINTF(1, ("exit_if: rc=%d\n", exit_code)); } } exit(exit_code); @@ -633,8 +623,8 @@ detach_from_terminal( syslog_file = NULL; syslogit = TRUE; } - close_all_except(pipe[1]); - pipe[0] = -1; + close_all_except(pipes[1]); + pipes[0] = -1; INSIST(0 == open("/dev/null", 0) && 1 == dup2(0, 1) \ && 2 == dup2(0, 2)); @@ -678,6 +668,7 @@ detach_from_terminal( return; } # endif /* HAVE_WORKING_FORK */ +#endif /* !SIM && !SYS_WINNT */ #ifdef HAVE_DROPROOT /* @@ -816,7 +807,6 @@ set_user_group_ids(void) return 1; } #endif /* HAVE_DROPROOT */ -#endif /* !SIM */ /* * Main program. Initialize us, disconnect us from the tty if necessary, @@ -915,10 +905,13 @@ ntpdmain( msyslog(LOG_NOTICE, "available at https://www.nwtime.org/support"); msyslog(LOG_NOTICE, "----------------------------------------------------"); #ifdef DEBUG - msyslog(LOG_NOTICE, "DEBUG behavior is enabled - a violation of any"); - msyslog(LOG_NOTICE, "diagnostic assertion will cause %s to abort", progname); + msyslog(LOG_NOTICE, "DEBUG behavior is enabled - a violation of any" + " diagnostic assertion will cause %s to abort", + progname); #endif + ssl_check_version(); + /* * Install trap handlers to log errors and assertion failures. * Default handlers print to stderr which doesn't work if detached. @@ -1290,11 +1283,10 @@ ntpdmain( * is associated with running with uid 0 - should be refined on * ports that allow binding to NTP_PORT with uid != 0 */ - disable_dynamic_updates |= (sw_uid != 0); /* also notifies routing message listener */ + scan_addrs_once |= (sw_uid != 0); /* used by routing socket code */ # endif /* !HAVE_LINUX_CAPABILITIES && !HAVE_SOLARIS_PRIVS */ - if (disable_dynamic_updates && interface_interval) { - interface_interval = 0; + if (scan_addrs_once) { msyslog(LOG_INFO, "running as non-root disables dynamic interface tracking"); } @@ -1308,9 +1300,9 @@ ntpdmain( cap_t caps; char *captext; - captext = (0 != interface_interval) - ? "cap_sys_time,cap_net_bind_service=pe" - : "cap_sys_time=pe"; + captext = (scan_addrs_once) + ? "cap_sys_time=pe" + : "cap_sys_time,cap_net_bind_service=pe"; caps = cap_from_text(captext); if (!caps) { msyslog(LOG_ERR, @@ -1447,10 +1439,9 @@ int scmp_sc[] = { } #endif /* LIBSECCOMP and KERN_SECCOMP */ -#if defined(SYS_WINNT) ntservice_isup(); -#elif defined(HAVE_WORKING_FORK) - if (daemon_pipe[1] != -1) { +#if defined(HAVE_WORKING_FORK) + if (daemon_pipe[1] != -1 && 0 == wait_sync) { if (2 != write(daemon_pipe[1], "R\n", 2)) { msyslog(LOG_ERR, "daemon failed to notify parent ntpd after init"); } @@ -1459,6 +1450,10 @@ int scmp_sc[] = { } #endif /* HAVE_WORKING_FORK */ + if (scan_addrs_once || no_periodic_scan) { + endpt_scan_timer = 0; + } + # ifndef HAVE_IO_COMPLETION_PORT BLOCK_IO_AND_ALARM(); was_alarmed = FALSE; @@ -1697,29 +1692,31 @@ wait_child_sync_if( } rc = read(pipe_read_fd, &ch, 1); if (rc == 0) { - DPRINTF(2, ("daemon control: got EOF\n")); + /* DPRINTF is useless here as -d/-D disable forking */ + fprintf(stderr, "daemon control: got EOF\n"); return -1; /* unexpected EOF, check daemon */ } else if (rc == 1) { - DPRINTF(2, ("daemon control: got '%c'\n", - (ch >= ' ' ? ch : '.'))); - if (ch == 'R' && !wait_sync) - return 0; - if (ch == 'S' && wait_sync) + if ( ('S' == ch && wait_sync > 0) + || ('R' == ch && 0 == wait_sync)) { return 0; + } } else { - DPRINTF(2, ("daemon control: read 1 char failed: %s\n", - strerror(errno))); + mfprintf(stderr, "%s: daemon control: read 1 char failed: %m\n", + progname); + msyslog(LOG_ERR, "daemon control: read 1 char failed: %m"); return EX_IOERR; } } while (wait_rem > 0); - if (wait_sync) { + if (wait_sync > 0) { fprintf(stderr, "%s: -w/--wait-sync %ld timed out.\n", progname, wait_sync); + msyslog(LOG_ERR, "-w/--wait-sync %ld timed out.", wait_sync); return EX_PROTOCOL; } else { fprintf(stderr, "%s: daemon startup monitoring timed out.\n", progname); + msyslog(LOG_ERR, "daemon startup monitoring timed out."); return 0; } } @@ -1735,7 +1732,6 @@ wait_child_exit_if( int rc = 0; int wstatus; if (cpid == waitpid(cpid, &wstatus, (blocking ? 0 : WNOHANG))) { - DPRINTF(1, ("child (pid=%d) dead now\n", cpid)); if (WIFEXITED(wstatus)) { rc = WEXITSTATUS(wstatus); msyslog(LOG_ERR, "daemon child exited with code %d", @@ -1748,8 +1744,6 @@ wait_child_exit_if( rc = EX_SOFTWARE; msyslog(LOG_ERR, "daemon child died with unknown cause"); } - } else { - DPRINTF(1, ("child (pid=%d) still alive\n", cpid)); } return rc; # else diff --git a/ntpd/ntpd.html b/ntpd/ntpd.html index 3947f57f1a9b..a95695ef88b9 100644 --- a/ntpd/ntpd.html +++ b/ntpd/ntpd.html @@ -56,7 +56,7 @@ The program can operate in any of several modes, including client/server, symmetric and broadcast modes, and with both symmetric-key and public-key cryptography. </p> -<p>This document applies to version 4.2.8p17 of <code>ntpd</code>. +<p>This document applies to version 4.2.8p18 of <code>ntpd</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -292,7 +292,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p17 +<pre class="example">ntpd - NTP daemon program - Ver. 4.2.8p18 Usage: ntpd [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \ [ <server1> ... <serverN> ] Flg Arg Option-Name Description diff --git a/ntpd/ntpd.man.in b/ntpd/ntpd.man.in index addee5d56e77..2474c8d18d9b 100644 --- a/ntpd/ntpd.man.in +++ b/ntpd/ntpd.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpd @NTPD_MS@ "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpd @NTPD_MS@ "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:49 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:07 AM by AutoGen 5.18.16 .\" From the definitions ntpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -979,7 +979,7 @@ RFC5908 .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS The diff --git a/ntpd/ntpd.mdoc.in b/ntpd/ntpd.mdoc.in index 6d99fbcf5e7a..874a6c778ed7 100644 --- a/ntpd/ntpd.mdoc.in +++ b/ntpd/ntpd.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPD @NTPD_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpd-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:36 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:03:54 AM by AutoGen 5.18.16 .\" From the definitions ntpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -886,7 +886,7 @@ A snapshot of this documentation is available in HTML format in .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS The diff --git a/ntpd/refclock_acts.c b/ntpd/refclock_acts.c index 944ac764ccff..709427d34e9e 100644 --- a/ntpd/refclock_acts.c +++ b/ntpd/refclock_acts.c @@ -897,5 +897,5 @@ acts_timecode( pp->lastref = pp->lastrec; } #else -int refclock_acts_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_arbiter.c b/ntpd/refclock_arbiter.c index 7de613fa751e..b92e72361bb1 100644 --- a/ntpd/refclock_arbiter.c +++ b/ntpd/refclock_arbiter.c @@ -473,5 +473,5 @@ arb_poll( } #else -int refclock_arbiter_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_arc.c b/ntpd/refclock_arc.c index d2dba54cb462..73bb63bc408a 100644 --- a/ntpd/refclock_arc.c +++ b/ntpd/refclock_arc.c @@ -870,15 +870,18 @@ arc_receive( struct recvbuf *rbufp ) { + static int quality_average = 0; + static int quality_sum = 0; + static int quality_polls = 0; register struct arcunit *up; struct refclockproc *pp; struct peer *peer; char c; - int i, n, wday, month, flags, status; + int i, wday, month, flags, status; int arc_last_offset; - static int quality_average = 0; - static int quality_sum = 0; - static int quality_polls = 0; + #ifdef DEBUG + int n; + #endif /* * Initialize pointers and read the timecode and timestamp @@ -1182,8 +1185,8 @@ arc_receive( status = pp->a_lastcode[15]; #ifdef DEBUG if(debug) { printf("arc: status 0x%.2x flags 0x%.2x\n", flags, status); } -#endif n = 9; +#endif /* Validate received values at least enough to prevent internal diff --git a/ntpd/refclock_as2201.c b/ntpd/refclock_as2201.c index d71284173cbb..bb485551bb6c 100644 --- a/ntpd/refclock_as2201.c +++ b/ntpd/refclock_as2201.c @@ -385,5 +385,5 @@ as2201_poll( } #else -int refclock_as2201_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_atom.c b/ntpd/refclock_atom.c index b3c0d6b46ab0..6e01352db982 100644 --- a/ntpd/refclock_atom.c +++ b/ntpd/refclock_atom.c @@ -235,5 +235,5 @@ atom_poll( refclock_receive(peer); } #else -int refclock_atom_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_bancomm.c b/ntpd/refclock_bancomm.c index 577ad277213c..d0d855d57b22 100644 --- a/ntpd/refclock_bancomm.c +++ b/ntpd/refclock_bancomm.c @@ -617,5 +617,5 @@ stfp_time2tvme(struct vmedate *time_vme, struct stfp_time *stfp) return; } #else -int refclock_bancomm_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_chronolog.c b/ntpd/refclock_chronolog.c index 1499ee4c81ed..4a8a4aa86efb 100644 --- a/ntpd/refclock_chronolog.c +++ b/ntpd/refclock_chronolog.c @@ -339,5 +339,5 @@ chronolog_poll( } #else -int refclock_chronolog_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_conf.c b/ntpd/refclock_conf.c index 30cc632065c8..ddabf932ea98 100644 --- a/ntpd/refclock_conf.c +++ b/ntpd/refclock_conf.c @@ -322,5 +322,5 @@ struct refclock * const refclock_conf[] = { u_char num_refclock_conf = sizeof(refclock_conf)/sizeof(struct refclock *); #else -int refclock_conf_bs; +NONEMPTY_TRANSLATION_UNIT #endif diff --git a/ntpd/refclock_dumbclock.c b/ntpd/refclock_dumbclock.c index 3563847dac05..37aaf28fa02a 100644 --- a/ntpd/refclock_dumbclock.c +++ b/ntpd/refclock_dumbclock.c @@ -373,5 +373,5 @@ dumbclock_poll( #endif #else -int refclock_dumbclock_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* defined(REFCLOCK) && defined(CLOCK_DUMBCLOCK) */ diff --git a/ntpd/refclock_fg.c b/ntpd/refclock_fg.c index abcf43f9cb9e..9ded8c7e79e0 100644 --- a/ntpd/refclock_fg.c +++ b/ntpd/refclock_fg.c @@ -331,5 +331,5 @@ fg_receive( #else -int refclock_fg_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_gpsvme.c b/ntpd/refclock_gpsvme.c index 66ccc9a3ec90..3920b7a3cccc 100644 --- a/ntpd/refclock_gpsvme.c +++ b/ntpd/refclock_gpsvme.c @@ -249,5 +249,5 @@ check_leap_sec(struct refclockproc *pp, int unit) } #else -int refclock_gpsvme_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_heath.c b/ntpd/refclock_heath.c index e34fa6b93628..2d9aa45a5b6d 100644 --- a/ntpd/refclock_heath.c +++ b/ntpd/refclock_heath.c @@ -446,5 +446,5 @@ heath_poll( } #else -int refclock_heath_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_hopfpci.c b/ntpd/refclock_hopfpci.c index 95bcab983c4d..5b63e593fa2b 100644 --- a/ntpd/refclock_hopfpci.c +++ b/ntpd/refclock_hopfpci.c @@ -254,5 +254,5 @@ hopfpci_poll( } #else -int refclock_hopfpci_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_hopfser.c b/ntpd/refclock_hopfser.c index e8e5ecefdc40..6cc39c90b774 100644 --- a/ntpd/refclock_hopfser.c +++ b/ntpd/refclock_hopfser.c @@ -362,5 +362,5 @@ hopfserial_poll ( } #else -int refclock_hopfser_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_hpgps.c b/ntpd/refclock_hpgps.c index fb7085a799e5..e9a87172136d 100644 --- a/ntpd/refclock_hpgps.c +++ b/ntpd/refclock_hpgps.c @@ -622,5 +622,5 @@ hpgps_poll( } #else -int refclock_hpgps_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_irig.c b/ntpd/refclock_irig.c index abc94f62e8fb..29cf5d6a748e 100644 --- a/ntpd/refclock_irig.c +++ b/ntpd/refclock_irig.c @@ -1039,5 +1039,5 @@ irig_gain( #else -int refclock_irig_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_jjy.c b/ntpd/refclock_jjy.c index c4e1697bfdf7..84956eb1da2a 100644 --- a/ntpd/refclock_jjy.c +++ b/ntpd/refclock_jjy.c @@ -4525,5 +4525,5 @@ printableString ( char *sOutput, int iOutputLen, const char *sInput, int iInputL /**************************************************************************************************/ #else -int refclock_jjy_bs ; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_jupiter.c b/ntpd/refclock_jupiter.c index 7db0198ec692..4deac7401dc4 100644 --- a/ntpd/refclock_jupiter.c +++ b/ntpd/refclock_jupiter.c @@ -1028,5 +1028,5 @@ jupiter_recv( } #else /* not (REFCLOCK && CLOCK_JUPITER && HAVE_PPSAPI) */ -int refclock_jupiter_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* not (REFCLOCK && CLOCK_JUPITER && HAVE_PPSAPI) */ diff --git a/ntpd/refclock_local.c b/ntpd/refclock_local.c index 8c0f74f62c24..62de1a98e84e 100644 --- a/ntpd/refclock_local.c +++ b/ntpd/refclock_local.c @@ -213,5 +213,5 @@ local_poll( refclock_receive(peer); } #else -int refclock_local_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_mx4200.c b/ntpd/refclock_mx4200.c index 11c17d069dd4..0de856ee1edb 100644 --- a/ntpd/refclock_mx4200.c +++ b/ntpd/refclock_mx4200.c @@ -1635,5 +1635,5 @@ mx4200_send(peer, fmt, va_alist) } #else -int refclock_mx4200_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_neoclock4x.c b/ntpd/refclock_neoclock4x.c index a54381678310..a8c0a336307f 100644 --- a/ntpd/refclock_neoclock4x.c +++ b/ntpd/refclock_neoclock4x.c @@ -1057,7 +1057,7 @@ neol_check_firmware(int unit, #endif #else -int refclock_neoclock4x_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ /* diff --git a/ntpd/refclock_nmea.c b/ntpd/refclock_nmea.c index 131ccf641a56..a2d8d499156f 100644 --- a/ntpd/refclock_nmea.c +++ b/ntpd/refclock_nmea.c @@ -1408,6 +1408,7 @@ typedef unsigned char const UCC; static char const * const s_eof_chars = ",*\r\n"; +#ifdef DEBUG static int field_length(UCC *cp, unsigned int nfields) { char const * ep = (char const*)cp; @@ -1419,6 +1420,7 @@ static int field_length(UCC *cp, unsigned int nfields) ? (int)((UCC*)ep - cp) : (int)strlen((char const*)cp); } +#endif /* DEBUG */ /* /[,*\r\n]/ --> skip */ static int _parse_eof(UCC *cp, UCC ** ep) diff --git a/ntpd/refclock_oncore.c b/ntpd/refclock_oncore.c index d41d54023348..512e64b644da 100644 --- a/ntpd/refclock_oncore.c +++ b/ntpd/refclock_oncore.c @@ -4136,5 +4136,5 @@ oncore_log_f( } #else -int refclock_oncore_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK && CLOCK_ONCORE */ diff --git a/ntpd/refclock_palisade.c b/ntpd/refclock_palisade.c index a9fe2689575b..3a61d6012213 100644 --- a/ntpd/refclock_palisade.c +++ b/ntpd/refclock_palisade.c @@ -1567,5 +1567,5 @@ getsingle( } #else /* REFCLOCK && CLOCK_PALISADE*/ -int refclock_palisade_c_notempty; +NONEMPTY_TRANSLATION_UNIT #endif diff --git a/ntpd/refclock_pcf.c b/ntpd/refclock_pcf.c index 45b3475c0d68..4e92370ece10 100644 --- a/ntpd/refclock_pcf.c +++ b/ntpd/refclock_pcf.c @@ -223,5 +223,5 @@ pcf_poll( refclock_receive(peer); } #else -int refclock_pcf_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_pst.c b/ntpd/refclock_pst.c index 1d3e1ffcfd6a..bd0f15938101 100644 --- a/ntpd/refclock_pst.c +++ b/ntpd/refclock_pst.c @@ -314,5 +314,5 @@ pst_poll( } #else -int refclock_pst_int; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_ripencc.c b/ntpd/refclock_ripencc.c index 789029f8aad5..a7339e3d4936 100644 --- a/ntpd/refclock_ripencc.c +++ b/ntpd/refclock_ripencc.c @@ -5250,6 +5250,6 @@ TranslateTSIPReportToText( #endif /* TRIMBLE_OUTPUT_FUNC */ #else /* defined(REFCLOCK) && defined(CLOCK_RIPENCC) */ -int refclock_ripencc_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* defined(REFCLOCK) && defined(CLOCK_RIPENCC) */ diff --git a/ntpd/refclock_tpro.c b/ntpd/refclock_tpro.c index ac511bb4b392..9adcb5c6c7b3 100644 --- a/ntpd/refclock_tpro.c +++ b/ntpd/refclock_tpro.c @@ -204,5 +204,5 @@ tpro_poll( } #else -int refclock_tpro_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_true.c b/ntpd/refclock_true.c index 78e6adb9acaa..e41cd1351840 100644 --- a/ntpd/refclock_true.c +++ b/ntpd/refclock_true.c @@ -977,5 +977,5 @@ true_sample720(void) #endif #else -int refclock_true_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_tsyncpci.c b/ntpd/refclock_tsyncpci.c index e14a3fd122c5..49097ea72420 100644 --- a/ntpd/refclock_tsyncpci.c +++ b/ntpd/refclock_tsyncpci.c @@ -908,5 +908,5 @@ void DoyTimeFromSecTime(DoyTimeObj* pDt, SecTimeObj* pSt) } // End DoyTimeFromSecTime #else -int refclock_tsyncpci_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_tt560.c b/ntpd/refclock_tt560.c index 171ba5c8cc44..89bca13617f3 100644 --- a/ntpd/refclock_tt560.c +++ b/ntpd/refclock_tt560.c @@ -266,5 +266,5 @@ byte_swap(unsigned int input_num) } #else -int refclock_tt560_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_ulink.c b/ntpd/refclock_ulink.c index 60147adba219..c09638c21ca0 100644 --- a/ntpd/refclock_ulink.c +++ b/ntpd/refclock_ulink.c @@ -564,5 +564,5 @@ ulink_poll( } #else -int refclock_ulink_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_wwv.c b/ntpd/refclock_wwv.c index 2736cfa32fd7..f4098ae81cd7 100644 --- a/ntpd/refclock_wwv.c +++ b/ntpd/refclock_wwv.c @@ -2707,5 +2707,5 @@ wwv_gain( #else -int refclock_wwv_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_wwvb.c b/ntpd/refclock_wwvb.c index 6aafc26f1408..3720cdf80a1c 100644 --- a/ntpd/refclock_wwvb.c +++ b/ntpd/refclock_wwvb.c @@ -599,5 +599,5 @@ wwvb_control( #endif /* HAVE_PPSAPI */ #else -int refclock_wwvb_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpd/refclock_zyfer.c b/ntpd/refclock_zyfer.c index f77604868617..0ec566d5aec7 100644 --- a/ntpd/refclock_zyfer.c +++ b/ntpd/refclock_zyfer.c @@ -344,5 +344,5 @@ zyfer_poll( } #else -int refclock_zyfer_bs; +NONEMPTY_TRANSLATION_UNIT #endif /* REFCLOCK */ diff --git a/ntpdate/Makefile.in b/ntpdate/Makefile.in index b46352555475..66d3c93ceb63 100644 --- a/ntpdate/Makefile.in +++ b/ntpdate/Makefile.in @@ -94,6 +94,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = ntpdate$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = ntpdate ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -390,6 +391,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -489,7 +491,7 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = -BUILT_SOURCES = check-libntp .deps-ver +BUILT_SOURCES = $(am__append_1) .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver bin_PROGRAMS = $(NTPDATE_DB) libexec_PROGRAMS = $(NTPDATE_DL) @@ -502,7 +504,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP) $(NTP_HARD_LDFLAGS) LDADD = ../libntp/libntp.a ntpdate_LDADD = $(LDADD) $(LDADD_LIBNTP) $(PTHREAD_LIBS) \ $(LIBOPTS_LDADD) $(LIBM) $(LDADD_NTP) -CLEANFILES = .version version.c check-libntp .deps-ver +CLEANFILES = .version version.c .deps-ver noinst_HEADERS = ntpdate.h ntpdate_SOURCES = ntpdate.c nodist_ntpdate_SOURCES = version.c @@ -985,18 +987,16 @@ install-exec-hook: # -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(top_srcdir)/sntp/scm-rev: FRC.scm-rev $(AM_V_GEN)cd $(top_builddir)/sntp && $(MAKE) $(AM_MAKEFLAGS) check-scm-rev +.PHONY: FRC.scm-rev FRC.scm-rev: - @: FRC.scm-rev "force" depends on nothing and is not a file, so is \ - always out-of-date causing targets which depend on it to also \ - be outdated so their rules to fire each time they are built. + @: FRC.scm-rev is always out of date, triggering the check every make invocation. $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/ntpdc/Makefile.in b/ntpdc/Makefile.in index 3864e523a4ea..bb9c0986065e 100644 --- a/ntpdc/Makefile.in +++ b/ntpdc/Makefile.in @@ -95,6 +95,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = ntpdc$(EXEEXT) ntpdc-layout$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = ntpdc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -432,6 +433,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -536,7 +538,7 @@ libexec_PROGRAMS = $(NTPDC_DL) sbin_PROGRAMS = $(NTPDC_DS) EXTRA_DATA = check-layout BUILT_SOURCES = @MAKE_CHECK_LAYOUT@ ntpdc-opts.c ntpdc-opts.h \ - check-libopts check-libntp .deps-ver + check-libopts $(am__append_1) .deps-ver AM_CFLAGS = $(CFLAGS_NTP) $(NTP_HARD_CFLAGS) AM_CPPFLAGS = $(NTP_INCS) $(LIBOPTS_CFLAGS) $(CPPFLAGS_NTP) \ $(NTP_HARD_CPPFLAGS) @@ -549,7 +551,7 @@ ntpdc_LDADD = $(LIBOPTS_LDADD) ../libntp/libntp.a $(LDADD_LIBNTP) \ ntpdc_layout_LDADD = DISTCLEANFILES = $(man_MANS) config.log $(NULL) $(DEPDIR)/deps-ver CLEANFILES = check-layout layout.here nl.c ntpdc-layout .version \ - version.c $(NULL) check-libopts check-libntp .deps-ver + version.c $(NULL) check-libopts .deps-ver noinst_HEADERS = ntpdc.h ETAGS_ARGS = Makefile.am EXTRA_DIST = \ @@ -1264,18 +1266,16 @@ check-libopts: ../sntp/libopts/libopts.la ../sntp/libopts/libopts.la: -cd ../sntp/libopts && $(MAKE) $(AM_MAKEFLAGS) libopts.la -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(top_srcdir)/sntp/scm-rev: FRC.scm-rev $(AM_V_GEN)cd $(top_builddir)/sntp && $(MAKE) $(AM_MAKEFLAGS) check-scm-rev +.PHONY: FRC.scm-rev FRC.scm-rev: - @: FRC.scm-rev "force" depends on nothing and is not a file, so is \ - always out-of-date causing targets which depend on it to also \ - be outdated so their rules to fire each time they are built. + @: FRC.scm-rev is always out of date, triggering the check every make invocation. $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/ntpdc/invoke-ntpdc.texi b/ntpdc/invoke-ntpdc.texi index 30b4a66d6a87..07bcce67051f 100644 --- a/ntpdc/invoke-ntpdc.texi +++ b/ntpdc/invoke-ntpdc.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpdc.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:37:59 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:04:17 AM by AutoGen 5.18.16 # From the definitions ntpdc-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -77,7 +77,7 @@ with a status code of 0. @exampleindent 0 @example -ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p17 +ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p18 Usage: ntpdc [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution diff --git a/ntpdc/nl.pl b/ntpdc/nl.pl index 9e79bf06a741..e65862f2f181 100755 --- a/ntpdc/nl.pl +++ b/ntpdc/nl.pl @@ -1,4 +1,5 @@ #! /ntpbuild/bin/perl -w +# ntpdc/nl.pl. Generated from nl.pl.in by configure. $found = 0; $last = 0; diff --git a/ntpdc/nl.pl.in b/ntpdc/nl.pl.in index 8007538dc056..acf98d13a916 100644 --- a/ntpdc/nl.pl.in +++ b/ntpdc/nl.pl.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input@ $found = 0; $last = 0; diff --git a/ntpdc/ntpdc-opts.c b/ntpdc/ntpdc-opts.c index 536d1b970f98..f1c637659bf6 100644 --- a/ntpdc/ntpdc-opts.c +++ b/ntpdc/ntpdc-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpdc-opts.c) * - * It has been AutoGen-ed June 6, 2023 at 04:37:53 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:11 AM by AutoGen 5.18.16 * From the definitions ntpdc-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpdc program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -74,8 +74,8 @@ extern FILE * option_usage_fp; * static const strings for ntpdc options */ static char const ntpdc_opt_strs[2005] = -/* 0 */ "ntpdc 4.2.8p17\n" - "Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n" +/* 0 */ "ntpdc 4.2.8p18\n" + "Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" "can be seen at:\n" @@ -136,14 +136,14 @@ static char const ntpdc_opt_strs[2005] = /* 1785 */ "no-load-opts\0" /* 1798 */ "no\0" /* 1801 */ "NTPDC\0" -/* 1807 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p17\n" +/* 1807 */ "ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p18\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0" /* 1938 */ "$HOME\0" /* 1944 */ ".\0" /* 1946 */ ".ntprc\0" /* 1953 */ "https://bugs.ntp.org, bugs@ntp.org\0" /* 1988 */ "\n\0" -/* 1990 */ "ntpdc 4.2.8p17"; +/* 1990 */ "ntpdc 4.2.8p18"; /** * ipv4 option description with @@ -828,8 +828,8 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpdcOptions.pzCopyright */ - puts(_("ntpdc 4.2.8p17\n\ -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + puts(_("ntpdc 4.2.8p18\n\ +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ can be seen at:\n")); @@ -897,14 +897,14 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntpdcOptions.pzUsageTitle */ - puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p17\n\ + puts(_("ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p18\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n")); /* referenced via ntpdcOptions.pzExplain */ puts(_("\n")); /* referenced via ntpdcOptions.pzFullVersion */ - puts(_("ntpdc 4.2.8p17")); + puts(_("ntpdc 4.2.8p18")); /* referenced via ntpdcOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpdc/ntpdc-opts.h b/ntpdc/ntpdc-opts.h index 47d3f481a54e..8f2638e55556 100644 --- a/ntpdc/ntpdc-opts.h +++ b/ntpdc/ntpdc-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpdc-opts.h) * - * It has been AutoGen-ed June 6, 2023 at 04:37:52 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:11 AM by AutoGen 5.18.16 * From the definitions ntpdc-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpdc program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -92,9 +92,9 @@ typedef enum { /** count of all options for ntpdc */ #define OPTION_CT 16 /** ntpdc version */ -#define NTPDC_VERSION "4.2.8p17" +#define NTPDC_VERSION "4.2.8p18" /** Full ntpdc version text */ -#define NTPDC_FULL_VERSION "ntpdc 4.2.8p17" +#define NTPDC_FULL_VERSION "ntpdc 4.2.8p18" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpdc/ntpdc.1ntpdcman b/ntpdc/ntpdc.1ntpdcman index f101aadac589..3f95f941a058 100644 --- a/ntpdc/ntpdc.1ntpdcman +++ b/ntpdc/ntpdc.1ntpdcman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpdc 1ntpdcman "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpdc 1ntpdcman "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:01 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:19 AM by AutoGen 5.18.16 .\" From the definitions ntpdc-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -854,7 +854,7 @@ RFC1305 .SH AUTHORS The formatting directives in this document came from FreeBSD. .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS The diff --git a/ntpdc/ntpdc.1ntpdcmdoc b/ntpdc/ntpdc.1ntpdcmdoc index 376443dae434..68d6f1c1c1c0 100644 --- a/ntpdc/ntpdc.1ntpdcmdoc +++ b/ntpdc/ntpdc.1ntpdcmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPDC 1ntpdcmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:57 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:15 AM by AutoGen 5.18.16 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -792,7 +792,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh AUTHORS The formatting directives in this document came from FreeBSD. .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS The diff --git a/ntpdc/ntpdc.html b/ntpdc/ntpdc.html index 1a566baca91b..c9be00b30975 100644 --- a/ntpdc/ntpdc.html +++ b/ntpdc/ntpdc.html @@ -53,7 +53,7 @@ display the time offset of the system clock relative to the server clock. Run as root, it can correct the system clock to this offset as well. It can be run as an interactive command or from a cron job. </p> -<p>This document applies to version 4.2.8p17 of <code>ntpdc</code>. +<p>This document applies to version 4.2.8p18 of <code>ntpdc</code>. </p> <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4 IETF specification. @@ -199,7 +199,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p17 +<pre class="example">ntpdc - vendor-specific NTPD control program - Ver. 4.2.8p18 Usage: ntpdc [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 DNS name resolution diff --git a/ntpdc/ntpdc.man.in b/ntpdc/ntpdc.man.in index 151c23b0c5c1..4bf6a788dfdd 100644 --- a/ntpdc/ntpdc.man.in +++ b/ntpdc/ntpdc.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpdc @NTPDC_MS@ "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpdc @NTPDC_MS@ "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:01 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:19 AM by AutoGen 5.18.16 .\" From the definitions ntpdc-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -854,7 +854,7 @@ RFC1305 .SH AUTHORS The formatting directives in this document came from FreeBSD. .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS The diff --git a/ntpdc/ntpdc.mdoc.in b/ntpdc/ntpdc.mdoc.in index 1a7859c448e6..b1c0cf42e917 100644 --- a/ntpdc/ntpdc.mdoc.in +++ b/ntpdc/ntpdc.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPDC @NTPDC_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpdc-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:37:57 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:15 AM by AutoGen 5.18.16 .\" From the definitions ntpdc-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -792,7 +792,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh AUTHORS The formatting directives in this document came from FreeBSD. .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS The diff --git a/ntpq/Makefile.in b/ntpq/Makefile.in index dd77e591e3d8..ecfefb4ef5f1 100644 --- a/ntpq/Makefile.in +++ b/ntpq/Makefile.in @@ -96,6 +96,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = ntpq$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = ntpq ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -442,6 +443,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -557,7 +559,7 @@ noinst_HEADERS = ntpq.h noinst_LIBRARIES = libntpq.a libntpq_a_CFLAGS = $(AM_CFLAGS) -DNO_MAIN_ALLOWED -DBUILD_AS_LIB libntpq_a_CPPFLAGS = $(AM_CPPFLAGS) -CLEANFILES = .version version.c check-libopts check-libntp .deps-ver +CLEANFILES = .version version.c check-libopts .deps-ver DISTCLEANFILES = config.log $(man_MANS) $(DEPDIR)/deps-ver ETAGS_ARGS = Makefile.am EXTRA_DIST = \ @@ -572,7 +574,7 @@ EXTRA_DIST = \ ntpq.texi \ $(NULL) -BUILT_SOURCES = ntpq-opts.c ntpq-opts.h check-libopts check-libntp \ +BUILT_SOURCES = ntpq-opts.c ntpq-opts.h check-libopts $(am__append_1) \ .deps-ver html_DATA = \ $(srcdir)/ntpq.html \ @@ -1295,18 +1297,16 @@ check-libopts: ../sntp/libopts/libopts.la ../sntp/libopts/libopts.la: -cd ../sntp/libopts && $(MAKE) $(AM_MAKEFLAGS) libopts.la -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a $(top_srcdir)/sntp/scm-rev: FRC.scm-rev $(AM_V_GEN)cd $(top_builddir)/sntp && $(MAKE) $(AM_MAKEFLAGS) check-scm-rev +.PHONY: FRC.scm-rev FRC.scm-rev: - @: FRC.scm-rev "force" depends on nothing and is not a file, so is \ - always out-of-date causing targets which depend on it to also \ - be outdated so their rules to fire each time they are built. + @: FRC.scm-rev is always out of date, triggering the check every make invocation. $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/ntpq/invoke-ntpq.texi b/ntpq/invoke-ntpq.texi index 715dbcba764e..cdb1453d5a24 100644 --- a/ntpq/invoke-ntpq.texi +++ b/ntpq/invoke-ntpq.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpq.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:38:12 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:04:30 AM by AutoGen 5.18.16 # From the definitions ntpq-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -945,7 +945,7 @@ with a status code of 0. @exampleindent 0 @example -ntpq - standard NTP query program - Ver. 4.2.8p17 +ntpq - standard NTP query program - Ver. 4.2.8p18 Usage: ntpq [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 name resolution diff --git a/ntpq/ntpq-opts.c b/ntpq/ntpq-opts.c index 3e176c057652..12042e4a1431 100644 --- a/ntpq/ntpq-opts.c +++ b/ntpq/ntpq-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpq-opts.c) * - * It has been AutoGen-ed June 6, 2023 at 04:38:03 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:21 AM by AutoGen 5.18.16 * From the definitions ntpq-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpq program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -74,8 +74,8 @@ extern FILE * option_usage_fp; * static const strings for ntpq options */ static char const ntpq_opt_strs[2068] = -/* 0 */ "ntpq 4.2.8p17\n" - "Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n" +/* 0 */ "ntpq 4.2.8p18\n" + "Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" "can be seen at:\n" @@ -140,13 +140,13 @@ static char const ntpq_opt_strs[2068] = /* 1858 */ "no-load-opts\0" /* 1871 */ "no\0" /* 1874 */ "NTPQ\0" -/* 1879 */ "ntpq - standard NTP query program - Ver. 4.2.8p17\n" +/* 1879 */ "ntpq - standard NTP query program - Ver. 4.2.8p18\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n\0" /* 1999 */ "$HOME\0" /* 2005 */ ".\0" /* 2007 */ ".ntprc\0" /* 2014 */ "https://bugs.ntp.org, bugs@ntp.org\0" -/* 2049 */ "ntpq 4.2.8p17\0" +/* 2049 */ "ntpq 4.2.8p18\0" /* 2063 */ "hash"; /** @@ -873,8 +873,8 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpqOptions.pzCopyright */ - puts(_("ntpq 4.2.8p17\n\ -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + puts(_("ntpq 4.2.8p18\n\ +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ can be seen at:\n")); @@ -945,11 +945,11 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntpqOptions.pzUsageTitle */ - puts(_("ntpq - standard NTP query program - Ver. 4.2.8p17\n\ + puts(_("ntpq - standard NTP query program - Ver. 4.2.8p18\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...]\n")); /* referenced via ntpqOptions.pzFullVersion */ - puts(_("ntpq 4.2.8p17")); + puts(_("ntpq 4.2.8p18")); /* referenced via ntpqOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpq/ntpq-opts.h b/ntpq/ntpq-opts.h index 60d2ba1278c6..f1413deefcd1 100644 --- a/ntpq/ntpq-opts.h +++ b/ntpq/ntpq-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpq-opts.h) * - * It has been AutoGen-ed June 6, 2023 at 04:38:02 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:21 AM by AutoGen 5.18.16 * From the definitions ntpq-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpq program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -93,9 +93,9 @@ typedef enum { /** count of all options for ntpq */ #define OPTION_CT 17 /** ntpq version */ -#define NTPQ_VERSION "4.2.8p17" +#define NTPQ_VERSION "4.2.8p18" /** Full ntpq version text */ -#define NTPQ_FULL_VERSION "ntpq 4.2.8p17" +#define NTPQ_FULL_VERSION "ntpq 4.2.8p18" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpq/ntpq-subs.c b/ntpq/ntpq-subs.c index 527be098b561..6aded4050c15 100644 --- a/ntpq/ntpq-subs.c +++ b/ntpq/ntpq-subs.c @@ -1495,7 +1495,7 @@ radiostatus( #endif /* UNUSED */ /* - * when - print how long its been since his last packet arrived + * when - return how long its been since his last packet arrived */ static long when( @@ -1691,6 +1691,7 @@ doprintpeers( u_int32 u32; const char *dstadr_refid = "0.0.0.0"; const char *serverlocal; + char *drbuf = NULL; size_t drlen; u_long stratum = 0; long ppoll = 0; @@ -1772,12 +1773,13 @@ doprintpeers( } else if (decodenetnum(value, &refidadr)) { if (SOCK_UNSPEC(&refidadr)) dstadr_refid = "0.0.0.0"; - else if (ISREFCLOCKADR(&refidadr)) + else if (ISREFCLOCKADR(&refidadr)) { dstadr_refid = refnumtoa(&refidadr); - else + } else { dstadr_refid = stoa(&refidadr); + } } else { have_da_rid = FALSE; } @@ -1796,19 +1798,25 @@ doprintpeers( } else if (decodenetnum(value, &refidadr)) { if (SOCK_UNSPEC(&refidadr)) dstadr_refid = "0.0.0.0"; - else if (ISREFCLOCKADR(&refidadr)) + else if (ISREFCLOCKADR(&refidadr)) { dstadr_refid = - refnumtoa(&refidadr); - else { - char *buf = emalloc(10); - int i = ntohl(refidadr.sa4.sin_addr.s_addr); - - snprintf(buf, 10, - "%0x", i); - dstadr_refid = buf; - //xprintf(stderr, "apeervarlist refid: value=<%x>\n", i); + refnumtoa(&refidadr); + if (pvl == apeervarlist) { + /* + * restrict refid to + * 8 chars [Bug 3850] + */ + dstadr_refid = + trunc_right( + dstadr_refid, + 8); + } + } else { + drbuf = emalloc(10); + snprintf(drbuf, 10, "%0x", + SRCADR(&refidadr)); + dstadr_refid = drbuf; } - //xprintf(stderr, "apeervarlist refid: value=<%s>\n", value); } else { have_da_rid = FALSE; } @@ -1843,7 +1851,7 @@ doprintpeers( if (!decodets(value, &reftime)) L_CLR(&reftime); } else if (!strcmp("flash", name)) { - decodeuint(value, &flash); + decodeuint(value, &flash); } else { // xprintf(stderr, "UNRECOGNIZED name=%s ", name); } @@ -1931,6 +1939,7 @@ doprintpeers( drlen = strlen(dstadr_refid); makeascii(drlen, dstadr_refid, fp); } + free(drbuf); if (pvl == apeervarlist) { while (drlen++ < 9) xputc(' ', fp); @@ -2452,7 +2461,7 @@ fetch_nonce( return FALSE; } - if ((size_t)rsize <= sizeof(nonce_eq) - 1 || + if (rsize <= sizeof(nonce_eq) - 1 || strncmp(rdata, nonce_eq, sizeof(nonce_eq) - 1)) { xprintf(stderr, "unexpected nonce response format: %.*s\n", (int)rsize, rdata); /* cast is wobbly */ diff --git a/ntpq/ntpq.1ntpqman b/ntpq/ntpq.1ntpqman index e4f93b336110..5578f8ef3acb 100644 --- a/ntpq/ntpq.1ntpqman +++ b/ntpq/ntpq.1ntpqman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpq 1ntpqman "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpq 1ntpqman "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:15 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:33 AM by AutoGen 5.18.16 .\" From the definitions ntpq-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -1585,7 +1585,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpq/ntpq.1ntpqmdoc b/ntpq/ntpq.1ntpqmdoc index 9ce7db9484d3..bbb061bebf98 100644 --- a/ntpq/ntpq.1ntpqmdoc +++ b/ntpq/ntpq.1ntpqmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPQ 1ntpqmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:10 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:29 AM by AutoGen 5.18.16 .\" From the definitions ntpq-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1051,7 +1051,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpq/ntpq.c b/ntpq/ntpq.c index 1a0e9b1a6867..56ff4e50e9eb 100644 --- a/ntpq/ntpq.c +++ b/ntpq/ntpq.c @@ -25,13 +25,9 @@ #include <isc/result.h> #include "ntpq.h" -#include "ntp_assert.h" -#include "ntp_stdlib.h" #include "ntp_unixtime.h" #include "ntp_calendar.h" #include "ntp_select.h" -#include "ntp_assert.h" -#include "lib_strbuf.h" #include "ntp_lineedit.h" #include "ntp_debug.h" #ifdef OPENSSL @@ -3941,31 +3937,25 @@ list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) size_t len, n; const char *name, **seen; struct hstate *hstate = arg; - const char *cp; /* m is MD obj, from is name or alias, to is base name for alias */ - if (!m || !from || to) + if (!m || !from || to) { return; /* Ignore aliases */ + } /* Discard MACs that NTP won't accept. */ /* Keep this consistent with keytype_from_text() in ssl_init.c. */ - if (EVP_MD_size(m) > (MAX_MAC_LEN - sizeof(keyid_t))) + if (EVP_MD_size(m) > MAX_MDG_LEN) { return; + } name = EVP_MD_name(m); - - /* Lowercase names aren't accepted by keytype_from_text in ssl_init.c */ - - for (cp = name; *cp; cp++) - if (islower((unsigned char)*cp)) - return; - - len = (cp - name) + 1; + len = strlen(name) + 1; /* There are duplicates. Discard if name has been seen. */ for (seen = hstate->seen; *seen; seen++) - if (!strcmp(*seen, name)) + if (!strcasecmp(*seen, name)) return; n = (seen - hstate->seen) + 2; @@ -4057,11 +4047,12 @@ insert_cmac(char *list) /* No - end of list */ if (!delim && !last_nl) { delim = list + len; - } else + } else { /* New line and no delim or before delim? */ if (last_nl && (!delim || last_nl < delim)) { delim = last_nl; } + } /* Found insertion point where CMAC before entry? */ if (strncmp(CMAC, point, delim - point) < 0) { diff --git a/ntpq/ntpq.h b/ntpq/ntpq.h index 53f76387ace0..ed200951d303 100644 --- a/ntpq/ntpq.h +++ b/ntpq/ntpq.h @@ -11,7 +11,6 @@ #include "ntp_malloc.h" #include "ntp_assert.h" #include "ntp_control.h" -#include "lib_strbuf.h" #include "ntpq-opts.h" diff --git a/ntpq/ntpq.html b/ntpq/ntpq.html index 1ca91e4f3cd4..03b654a33486 100644 --- a/ntpq/ntpq.html +++ b/ntpq/ntpq.html @@ -62,7 +62,7 @@ monitor the operational status and determine the performance of <code>ntpd</code>, the NTP daemon. </p> -<p>This document applies to version 4.2.8p17 of <code>ntpq</code>. +<p>This document applies to version 4.2.8p18 of <code>ntpq</code>. </p> <table class="menu" border="0" cellspacing="0"> <tr><td align="left" valign="top">• <a href="#ntpq-Description" accesskey="1">ntpq Description</a></td><td> </td><td align="left" valign="top"> @@ -1274,7 +1274,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p17 +<pre class="example">ntpq - standard NTP query program - Ver. 4.2.8p18 Usage: ntpq [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [ host ...] Flg Arg Option-Name Description -4 no ipv4 Force IPv4 name resolution diff --git a/ntpq/ntpq.man.in b/ntpq/ntpq.man.in index 12c085baf761..66ef65cad235 100644 --- a/ntpq/ntpq.man.in +++ b/ntpq/ntpq.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpq @NTPQ_MS@ "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpq @NTPQ_MS@ "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:15 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:33 AM by AutoGen 5.18.16 .\" From the definitions ntpq-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -1585,7 +1585,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpq/ntpq.mdoc.in b/ntpq/ntpq.mdoc.in index d5ace4c4fd43..3bb46622c6d0 100644 --- a/ntpq/ntpq.mdoc.in +++ b/ntpq/ntpq.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPQ @NTPQ_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpq-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:10 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:29 AM by AutoGen 5.18.16 .\" From the definitions ntpq-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1051,7 +1051,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpsnmpd/Makefile.am b/ntpsnmpd/Makefile.am index 5729bb85cd46..d3cd0be85607 100644 --- a/ntpsnmpd/Makefile.am +++ b/ntpsnmpd/Makefile.am @@ -9,9 +9,9 @@ ntpsnmpd_SOURCES= netsnmp_daemonize.c ntpsnmpd.c ntpSnmpSubagentObject.c \ ntpsnmpd-opts.c ntpsnmpd-opts.h ntpSnmpSubagentObject.h \ ntp_snmp.h # HMS: we probably want a version.o file here, too. -LDADD = ../ntpq/libntpq.a ../libntp/libntp.a -LDADD += $(SNMP_LIBS) $(LDADD_LIBNTP) $(LIBM) -LDADD += $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBOPTS_LDADD) +ntpsnmpd_LDADD = ../ntpq/libntpq.a ../libntp/libntp.a +ntpsnmpd_LDADD += $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) +ntpsnmpd_LDADD += $(LDADD_NTP) $(LIBOPTS_LDADD) $(SNMP_LIBS) AM_CFLAGS = $(SNMP_CFLAGS) $(CFLAGS_NTP) AM_CFLAGS += $(NTP_HARD_CFLAGS) @@ -19,8 +19,8 @@ AM_CFLAGS += $(NTP_HARD_CFLAGS) AM_CPPFLAGS = -I$(top_srcdir)/ntpq AM_CPPFLAGS += $(NTP_INCS) AM_CPPFLAGS += $(LIBOPTS_CFLAGS) -AM_CPPFLAGS += $(SNMP_CPPFLAGS) AM_CPPFLAGS += $(CPPFLAGS_NTP) +AM_CPPFLAGS += $(SNMP_CPPFLAGS) AM_CPPFLAGS += $(NTP_HARD_CPPFLAGS) AM_LDFLAGS = $(LDFLAGS_NTP) diff --git a/ntpsnmpd/Makefile.in b/ntpsnmpd/Makefile.in index 329d255cd277..77df2343799d 100644 --- a/ntpsnmpd/Makefile.in +++ b/ntpsnmpd/Makefile.in @@ -94,6 +94,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = ntpsnmpd$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = ntpsnmpd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -150,7 +151,6 @@ PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) $(sbin_PROGRAMS) am_ntpsnmpd_OBJECTS = netsnmp_daemonize.$(OBJEXT) ntpsnmpd.$(OBJEXT) \ ntpSnmpSubagentObject.$(OBJEXT) ntpsnmpd-opts.$(OBJEXT) ntpsnmpd_OBJECTS = $(am_ntpsnmpd_OBJECTS) -ntpsnmpd_LDADD = $(LDADD) am__DEPENDENCIES_1 = ntpsnmpd_DEPENDENCIES = ../ntpq/libntpq.a ../libntp/libntp.a \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -425,6 +425,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -532,12 +533,12 @@ ntpsnmpd_SOURCES = netsnmp_daemonize.c ntpsnmpd.c ntpSnmpSubagentObject.c \ ntp_snmp.h # HMS: we probably want a version.o file here, too. -LDADD = ../ntpq/libntpq.a ../libntp/libntp.a $(SNMP_LIBS) \ - $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) $(LDADD_NTP) \ - $(LIBOPTS_LDADD) +ntpsnmpd_LDADD = ../ntpq/libntpq.a ../libntp/libntp.a $(LDADD_LIBNTP) \ + $(LIBM) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBOPTS_LDADD) \ + $(SNMP_LIBS) AM_CFLAGS = $(SNMP_CFLAGS) $(CFLAGS_NTP) $(NTP_HARD_CFLAGS) AM_CPPFLAGS = -I$(top_srcdir)/ntpq $(NTP_INCS) $(LIBOPTS_CFLAGS) \ - $(SNMP_CPPFLAGS) $(CPPFLAGS_NTP) $(NTP_HARD_CPPFLAGS) + $(CPPFLAGS_NTP) $(SNMP_CPPFLAGS) $(NTP_HARD_CPPFLAGS) AM_LDFLAGS = $(LDFLAGS_NTP) $(NTP_HARD_LDFLAGS) EXTRA_DIST = \ invoke-ntpsnmpd.menu \ @@ -552,9 +553,9 @@ EXTRA_DIST = \ ntpv4-mib.mib \ $(NULL) -BUILT_SOURCES = ntpsnmpd-opts.c ntpsnmpd-opts.h check-libntp \ +BUILT_SOURCES = ntpsnmpd-opts.c ntpsnmpd-opts.h $(am__append_1) \ check-libopts .deps-ver -CLEANFILES = check-libntp check-libopts .deps-ver +CLEANFILES = check-libopts .deps-ver DISTCLEANFILES = config.log $(man_MANS) $(DEPDIR)/deps-ver html_DATA = \ $(srcdir)/ntpsnmpd.html \ @@ -1219,11 +1220,10 @@ install-exec-hook: # -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libopts: ../sntp/libopts/libopts.la @echo stamp > $@ diff --git a/ntpsnmpd/invoke-ntpsnmpd.texi b/ntpsnmpd/invoke-ntpsnmpd.texi index 3f99a3f35f6f..326dace34e63 100644 --- a/ntpsnmpd/invoke-ntpsnmpd.texi +++ b/ntpsnmpd/invoke-ntpsnmpd.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpsnmpd.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:38:20 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:04:39 AM by AutoGen 5.18.16 # From the definitions ntpsnmpd-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -47,7 +47,7 @@ with a status code of 0. @exampleindent 0 @example -ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p16 +ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p18 Usage: ntpsnmpd [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... Flg Arg Option-Name Description -n no nofork Do not fork diff --git a/ntpsnmpd/netsnmp_daemonize.c b/ntpsnmpd/netsnmp_daemonize.c index 44fad1ad3965..55f8c3596492 100644 --- a/ntpsnmpd/netsnmp_daemonize.c +++ b/ntpsnmpd/netsnmp_daemonize.c @@ -57,20 +57,12 @@ SOFTWARE. #include <stdlib.h> #endif -#if TIME_WITH_SYS_TIME -# ifdef WIN32 -# include <sys/timeb.h> -# else -# include <sys/time.h> -# endif -# include <time.h> +#ifdef WIN32 +# include <sys/timeb.h> #else -# if HAVE_SYS_TIME_H -# include <sys/time.h> -# else -# include <time.h> -# endif +# include <sys/time.h> #endif +#include <time.h> #include <sys/types.h> @@ -267,5 +259,5 @@ netsnmp_daemonize(int quit_immediately, int stderr_log) } #else /* !NEED_NETSNMP_DAEMONIZE */ -int netsnp_daemonize_bs; +NONEMPTY_TRANSLATION_UNIT #endif diff --git a/ntpsnmpd/ntpsnmpd-opts.c b/ntpsnmpd/ntpsnmpd-opts.c index f13108da18d2..a05c8acdd05d 100644 --- a/ntpsnmpd/ntpsnmpd-opts.c +++ b/ntpsnmpd/ntpsnmpd-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.c) * - * It has been AutoGen-ed June 6, 2023 at 04:38:17 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:35 AM by AutoGen 5.18.16 * From the definitions ntpsnmpd-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpsnmpd program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -66,8 +66,8 @@ extern FILE * option_usage_fp; * static const strings for ntpsnmpd options */ static char const ntpsnmpd_opt_strs[1614] = -/* 0 */ "ntpsnmpd 4.2.8p17\n" - "Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n" +/* 0 */ "ntpsnmpd 4.2.8p18\n" + "Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" "can be seen at:\n" @@ -106,14 +106,14 @@ static char const ntpsnmpd_opt_strs[1614] = /* 1415 */ "no-load-opts\0" /* 1428 */ "no\0" /* 1431 */ "NTPSNMPD\0" -/* 1440 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p17\n" +/* 1440 */ "ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p18\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" /* 1544 */ "$HOME\0" /* 1550 */ ".\0" /* 1552 */ ".ntprc\0" /* 1559 */ "https://bugs.ntp.org, bugs@ntp.org\0" /* 1594 */ "\n\0" -/* 1596 */ "ntpsnmpd 4.2.8p17"; +/* 1596 */ "ntpsnmpd 4.2.8p18"; /** * nofork option description: @@ -559,8 +559,8 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntpsnmpdOptions.pzCopyright */ - puts(_("ntpsnmpd 4.2.8p17\n\ -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + puts(_("ntpsnmpd 4.2.8p18\n\ +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ can be seen at:\n")); @@ -604,14 +604,14 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntpsnmpdOptions.pzUsageTitle */ - puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p17\n\ + puts(_("ntpsnmpd - NTP SNMP MIB agent - Ver. 4.2.8p18\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n")); /* referenced via ntpsnmpdOptions.pzExplain */ puts(_("\n")); /* referenced via ntpsnmpdOptions.pzFullVersion */ - puts(_("ntpsnmpd 4.2.8p17")); + puts(_("ntpsnmpd 4.2.8p18")); /* referenced via ntpsnmpdOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/ntpsnmpd/ntpsnmpd-opts.h b/ntpsnmpd/ntpsnmpd-opts.h index d5239d2e3050..5eab9a6cbf19 100644 --- a/ntpsnmpd/ntpsnmpd-opts.h +++ b/ntpsnmpd/ntpsnmpd-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.h) * - * It has been AutoGen-ed June 6, 2023 at 04:38:16 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:34 AM by AutoGen 5.18.16 * From the definitions ntpsnmpd-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntpsnmpd program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -84,9 +84,9 @@ typedef enum { /** count of all options for ntpsnmpd */ #define OPTION_CT 8 /** ntpsnmpd version */ -#define NTPSNMPD_VERSION "4.2.8p17" +#define NTPSNMPD_VERSION "4.2.8p18" /** Full ntpsnmpd version text */ -#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p17" +#define NTPSNMPD_FULL_VERSION "ntpsnmpd 4.2.8p18" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman index 29f12c6c913d..469f652aef46 100644 --- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdman +++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsnmpd 1ntpsnmpdman "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpsnmpd 1ntpsnmpdman "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:21 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:40 AM by AutoGen 5.18.16 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -138,7 +138,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .NOP "Heiko Gerstung" .br .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc index be353c7468ce..273e7f7479f7 100644 --- a/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc +++ b/ntpsnmpd/ntpsnmpd.1ntpsnmpdmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPSNMPD 1ntpsnmpdmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:18 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:37 AM by AutoGen 5.18.16 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -110,7 +110,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh AUTHORS .An "Heiko Gerstung" .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpsnmpd/ntpsnmpd.html b/ntpsnmpd/ntpsnmpd.html index e31de98c7b90..1bb8f560f220 100644 --- a/ntpsnmpd/ntpsnmpd.html +++ b/ntpsnmpd/ntpsnmpd.html @@ -60,7 +60,7 @@ Next: <a href="#ntpsnmpd-Description" accesskey="n" rel="next">ntpsnmpd Descript <p>The <code>ntpsnmpd</code> utility program is used to monitor NTP daemon <code>ntpd</code> operations and determine performance. It uses the standard NTP mode 6 control </p> -<p>This document applies to version 4.2.8p17 of <code>ntpsnmpd</code>. +<p>This document applies to version 4.2.8p18 of <code>ntpsnmpd</code>. </p> <table class="menu" border="0" cellspacing="0"> <tr><td align="left" valign="top">• <a href="#ntpsnmpd-Description" accesskey="1">ntpsnmpd Description</a></td><td> </td><td align="left" valign="top">Description diff --git a/ntpsnmpd/ntpsnmpd.man.in b/ntpsnmpd/ntpsnmpd.man.in index 7080d07b3310..9990ae66a0ef 100644 --- a/ntpsnmpd/ntpsnmpd.man.in +++ b/ntpsnmpd/ntpsnmpd.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsnmpd @NTPSNMPD_MS@ "06 Jun 2023" "4.2.8p17" "User Commands" +.TH ntpsnmpd @NTPSNMPD_MS@ "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:21 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:40 AM by AutoGen 5.18.16 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -138,7 +138,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .NOP "Heiko Gerstung" .br .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/ntpsnmpd/ntpsnmpd.mdoc.in b/ntpsnmpd/ntpsnmpd.mdoc.in index b0f89d34b309..144a1d192f9d 100644 --- a/ntpsnmpd/ntpsnmpd.mdoc.in +++ b/ntpsnmpd/ntpsnmpd.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPSNMPD @NTPSNMPD_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsnmpd-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:18 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:37 AM by AutoGen 5.18.16 .\" From the definitions ntpsnmpd-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -110,7 +110,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh AUTHORS .An "Heiko Gerstung" .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/packageinfo.sh b/packageinfo.sh index 0ee08b67086d..bb31a6277a9d 100644 --- a/packageinfo.sh +++ b/packageinfo.sh @@ -33,6 +33,8 @@ # # To skip over -stable beta1 directly to -RC1, set prerelease=rc. # +# To proceed from a -stable RC to the release set rcpoint=GO +# # To skip all -stable prereleases and move from one primary or point # release directly to the next point release, set rcpoint=GO. # @@ -83,7 +85,7 @@ CLTAG=NTP_4_2_0 # - Numeric values increment # - empty 'increments' to 1 # - NEW 'increments' to empty -point=17 +point=18 ### betapoint is normally modified by script. # ntp-stable Beta number (betapoint) diff --git a/parseutil/Makefile.in b/parseutil/Makefile.in index 66d6f695d8dc..7deca0773120 100644 --- a/parseutil/Makefile.in +++ b/parseutil/Makefile.in @@ -384,6 +384,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/ports/winnt/include/clockstuff.h b/ports/winnt/include/clockstuff.h index df8569935094..5337c8c62feb 100644 --- a/ports/winnt/include/clockstuff.h +++ b/ports/winnt/include/clockstuff.h @@ -39,6 +39,12 @@ typedef void (WINAPI *PGSTAFT)(LPFILETIME pftResult); extern PGSTAFT get_sys_time_as_filetime; extern PGSTAFT pGetSystemTimePreciseAsFileTime; +/* This should really be in a ntpd_win.h or similar: + * Set thread description visible in debugger. + */ +typedef HRESULT (WINAPI *PSTD)(HANDLE hThread, PCWSTR pwstr); +extern PSTD pSetThreadDescription; + void lock_thread_to_processor(HANDLE); #endif diff --git a/ports/winnt/include/config.h b/ports/winnt/include/config.h index 6e119da80515..0b53c53d4d41 100644 --- a/ports/winnt/include/config.h +++ b/ports/winnt/include/config.h @@ -10,18 +10,22 @@ #ifndef CONFIG_H #define CONFIG_H -/* - * Known predifined MS compiler version codes: - * 1800: MSVC++ 12.0 (Visual Studio 2013) - * 1700: MSVC++ 11.0 (Visual Studio 2012) - * 1600: MSVC++ 10.0 (Visual Studio 2010) - * 1500: MSVC++ 9.0 (Visual Studio 2008) - * 1400: MSVC++ 8.0 (Visual Studio 2005) - * 1310: MSVC++ 7.1 (Visual Studio 2003) - * 1300: MSVC++ 7.0 - * 1200: MSVC++ 6.0 (Visual C++ 6) - * 1100: MSVC++ 5.0 - */ + /* + * Known predifined MS C compiler _MSC_VER values: + * + * 1930 MSVC++ 14.3 (Visual Studio 2022) + * 1920 MSVC++ 14.2 (Visual Studio 2019) + * 1910 MSVC++ 14.1 (Visual Studio 2017) + * 1900 MSVC++ 14.0 (Visual Studio 2015) + * 1800: MSVC++ 12.0 (Visual Studio 2013) + * 1700: MSVC++ 11.0 (Visual Studio 2012) + * 1600: MSVC++ 10.0 (Visual Studio 2010) + * 1500: MSVC++ 9.0 (Visual Studio 2008) + * 1400: MSVC++ 8.0 (Visual Studio 2005) (minimum supported) + * + * Note comparisons should be made using <, >, <=, or >= as there are + * other revisions released between major versions. + */ #if defined(_MSC_VER) && _MSC_VER < 1400 #error Minimum supported Microsoft compiler is Visual C++ 2005. @@ -553,12 +557,22 @@ typedef unsigned long uintptr_t; #define SIOCGIFFLAGS SIO_GET_INTERFACE_LIST /* used in ntp_io.c */ -/* Bug 2978 mitigation -- unless defined elsewhere, do it here*/ +/* Bug 2978 mitigation -- unless defined elsewhere, do it here */ #ifndef DYNAMIC_INTERLEAVE # define DYNAMIC_INTERLEAVE 0 #endif /* + * Macro to use in otherwise-empty source files to comply with ANSI C + * requirement that each translation unit (source file) contain some + * declaration. This has commonly been done by declaring an unused + * global variable of type int or char. An extern reference to abs() + * serves the same purpose without bloat. We once used exit() but + * that can produce warnings on systems that declare exit() noreturn. + */ +#define NONEMPTY_TRANSLATION_UNIT extern int abs(int); + +/* * Below this line are includes which must happen after the bulk of * config.h is processed. If you need to add another #include to this * file the preferred location is near the top, above the similar diff --git a/ports/winnt/include/msvc_ssl_autolib.h b/ports/winnt/include/msvc_ssl_autolib.h index 9a8ae6126c1a..34a870abfa4b 100644 --- a/ports/winnt/include/msvc_ssl_autolib.h +++ b/ports/winnt/include/msvc_ssl_autolib.h @@ -19,7 +19,7 @@ * https://slproweb.com/products/Win32OpenSSL.html * * If 'OPENSSL_AUTOLINK_STRICT' is defined, then target bit width, - * runtime model and debug/release info are incoded into the library + * runtime model and debug/release info are encoded into the library * file name, according to this scheme: * * basename<width><RT><DebRel>.lib diff --git a/ports/winnt/include/ntp_iocompletionport.h b/ports/winnt/include/ntp_iocompletionport.h index b75c421c18c5..9d39a3197844 100644 --- a/ports/winnt/include/ntp_iocompletionport.h +++ b/ports/winnt/include/ntp_iocompletionport.h @@ -8,18 +8,40 @@ #if defined(HAVE_IO_COMPLETION_PORT) +/* NotifyIpInterfaceChange() is available on Windows Vista and later. */ +typedef enum ENUM_DONTCARE_MIB_NOTIF_TYPE { + SomeType_DontCare +} MIB_NOTIF_TYPE; + +typedef void +(WINAPI* PMYIPINTERFACE_CHANGE_CALLBACK) ( + PVOID CallerContext, + PVOID Row, + MIB_NOTIF_TYPE NotificationType + ); + +typedef DWORD (WINAPI* NotifyIpInterfaceChange_ptr)( + ADDRESS_FAMILY Family, + PMYIPINTERFACE_CHANGE_CALLBACK Callback, + PVOID CallerContext, + BOOLEAN InitialNotification, + HANDLE* NotificationHandle + ); + +extern NotifyIpInterfaceChange_ptr pNotifyIpInterfaceChange; + + struct refclockio; /* in ntp_refclock.h but inclusion here triggers problems */ -struct interface; /* likewise */ extern void init_io_completion_port(void); extern void uninit_io_completion_port(void); -extern BOOL io_completion_port_add_interface(struct interface*); -extern void io_completion_port_remove_interface(struct interface*); +extern BOOL io_completion_port_add_interface(endpt *); +extern void io_completion_port_remove_interface(endpt *); -extern BOOL io_completion_port_add_socket(SOCKET fd, struct interface *, BOOL bcast); -extern void io_completion_port_remove_socket(SOCKET fd, struct interface*); +extern BOOL io_completion_port_add_socket(SOCKET fd, endpt *, BOOL bcast); +extern void io_completion_port_remove_socket(SOCKET fd, endpt *); extern int io_completion_port_sendto(endpt*, SOCKET, void *, size_t, sockaddr_u *); @@ -27,6 +49,9 @@ extern BOOL io_completion_port_add_clock_io(struct refclockio *rio); extern void io_completion_port_remove_clock_io(struct refclockio *rio); extern int GetReceivedBuffers(void); +extern void WINAPI IpInterfaceChangedCallback(PVOID ctx, PVOID row, + MIB_NOTIF_TYPE type); + extern HANDLE WaitableExitEventHandle; diff --git a/ports/winnt/include/ntp_iocpltypes.h b/ports/winnt/include/ntp_iocpltypes.h index 5022378929ca..edf94dd69c37 100644 --- a/ports/winnt/include/ntp_iocpltypes.h +++ b/ports/winnt/include/ntp_iocpltypes.h @@ -18,7 +18,6 @@ */ typedef struct IoCtx IoCtx_t; typedef struct refclockio RIO_t; -typedef struct interface endpt; typedef struct recvbuf recvbuf_t; /* --------------------------------------------------------------------- @@ -139,7 +138,7 @@ struct IoCtx { l_fp DCDSTime; /* PPS-hack: time of DCD ON */ l_fp FlagTime; /* time stamp of flag/event char*/ l_fp RecvTime; /* time stamp of callback */ - DWORD com_events; /* buffer for COM events */ + DWORD com_events; /* bitmask of serial events */ u_int flTsDCDS : 1; /* DCDSTime valid? */ u_int flTsFlag : 1; /* FlagTime valid? */ } aux; diff --git a/ports/winnt/include/ntservice.h b/ports/winnt/include/ntservice.h index 46c5bd657f08..745f6d3586af 100644 --- a/ports/winnt/include/ntservice.h +++ b/ports/winnt/include/ntservice.h @@ -25,7 +25,6 @@ void ntservice_init(void); void ntservice_isup(void); void UpdateSCM(DWORD); void WINAPI ServiceControl(DWORD dwCtrlCode); -void ntservice_shutdown(void); BOOL ntservice_systemisshuttingdown(void); BOOL WINAPI OnConsoleEvent(DWORD dwCtrlType); diff --git a/ports/winnt/include/win32_io.h b/ports/winnt/include/win32_io.h index 8f67ca1d1896..0674b0266c4a 100644 --- a/ports/winnt/include/win32_io.h +++ b/ports/winnt/include/win32_io.h @@ -1,7 +1,7 @@ #ifndef WIN32_IO_H #define WIN32_IO_H -extern void InitSockets(void); -extern void connection_reset_fix(SOCKET fd, sockaddr_u *addr); +extern void InitSockets(void); +extern void connection_reset_fix(SOCKET fd, sockaddr_u *addr); #endif /* WIN32_IO_H */ diff --git a/ports/winnt/instsrv/instsrv.c b/ports/winnt/instsrv/instsrv.c index 2a551aaed750..84f926bafd70 100644 --- a/ports/winnt/instsrv/instsrv.c +++ b/ports/winnt/instsrv/instsrv.c @@ -391,7 +391,7 @@ int main(int argc, char *argv[]) MessageBoxA(NULL, "This application cannot run on Windows 3.1.\n" "This application will now terminate.", - "NAMED", + "instsrv", MB_OK | MB_ICONSTOP | MB_SETFOREGROUND ); return 1; } diff --git a/ports/winnt/libntp/getclock.c b/ports/winnt/libntp/getclock.c index 0fdcb69ba7e8..fb37a95f83f5 100644 --- a/ports/winnt/libntp/getclock.c +++ b/ports/winnt/libntp/getclock.c @@ -14,6 +14,7 @@ */ PGSTAFT get_sys_time_as_filetime; PGSTAFT pGetSystemTimePreciseAsFileTime; +PSTD pSetThreadDescription; int @@ -62,4 +63,10 @@ init_win_precise_time(void) } else { get_sys_time_as_filetime = &GetSystemTimeAsFileTime; } + /* Identify threads by name in debugger */ + hDll = LoadLibrary("KernelBase"); + pfn = GetProcAddress(hDll, "SetThreadDescription"); + if (NULL != pfn) { + pSetThreadDescription = (PSTD)pfn; + } } diff --git a/ports/winnt/libntp/syslog.c b/ports/winnt/libntp/syslog.c index 71c90c237ec3..f1d5061d6383 100644 --- a/ports/winnt/libntp/syslog.c +++ b/ports/winnt/libntp/syslog.c @@ -26,8 +26,6 @@ #include <syslog.h> #include <isc/strerror.h> -#include <lib_strbuf.h> - #include "ntp_stdlib.h" #include "messages.h" @@ -38,60 +36,6 @@ static int debug_level = 0; static char progname[51] = "NTP"; static int logmask = 0; -static struct dsn_c_pvt_sfnt { - int val; - const char *strval; -} facilities[] = { - { LOG_KERN, "kern" }, - { LOG_USER, "user" }, - { LOG_MAIL, "mail" }, - { LOG_DAEMON, "daemon" }, - { LOG_AUTH, "auth" }, - { LOG_SYSLOG, "syslog" }, - { LOG_LPR, "lpr" }, -#ifdef LOG_NEWS - { LOG_NEWS, "news" }, -#endif -#ifdef LOG_UUCP - { LOG_UUCP, "uucp" }, -#endif -#ifdef LOG_CRON - { LOG_CRON, "cron" }, -#endif -#ifdef LOG_AUTHPRIV - { LOG_AUTHPRIV, "authpriv" }, -#endif -#ifdef LOG_FTP - { LOG_FTP, "ftp" }, -#endif - { LOG_LOCAL0, "local0"}, - { LOG_LOCAL1, "local1"}, - { LOG_LOCAL2, "local2"}, - { LOG_LOCAL3, "local3"}, - { LOG_LOCAL4, "local4"}, - { LOG_LOCAL5, "local5"}, - { LOG_LOCAL6, "local6"}, - { LOG_LOCAL7, "local7"}, - { 0, NULL } -}; - -#if 0 -BOOL -isc_syslog_facilityfromstring(const char *str, int *facilityp) { - int i; - - REQUIRE(str != NULL); - REQUIRE(facilityp != NULL); - - for (i = 0 ; facilities[i].strval != NULL ; i++) { - if (strcasecmp(facilities[i].strval, str) == 0) { - *facilityp = facilities[i].val; - return (TRUE); - } - } - return (FALSE); -} -#endif /* * Log to the NT Event Log */ diff --git a/ports/winnt/libntp/win32_io.c b/ports/winnt/libntp/win32_io.c index 9e7a86179853..953823da80f6 100644 --- a/ports/winnt/libntp/win32_io.c +++ b/ports/winnt/libntp/win32_io.c @@ -22,37 +22,41 @@ #define SIO_UDP_CONNRESET _WSAIOW(IOC_VENDOR,12) #endif + void InitSockets( void ) { + static int done; WORD wVersionRequested; WSADATA wsaData; int err; + if (done) { + return; + } + done = TRUE; + /* Need Winsock 2.0 or better */ wVersionRequested = MAKEWORD(2, 0); err = WSAStartup(wVersionRequested, &wsaData); if ( err != 0 ) { SetLastError(err); - mfprintf(stderr, "No usable winsock: %m\n"); - SetLastError(err); msyslog(LOG_ERR, "No usable winsock: %m"); exit(1); } } /* - * Windows 2000 systems incorrectly cause UDP sockets using WASRecvFrom - * to not work correctly, returning a WSACONNRESET error when a WSASendTo - * fails with an "ICMP port unreachable" response and preventing the - * socket from using the WSARecvFrom in subsequent operations. - * The function below fixes this, but requires that Windows 2000 - * Service Pack 2 or later be installed on the system. NT 4.0 - * systems are not affected by this and work correctly. + * Windows 2000 SP2 and later systems cause UDP sockets using WASRecvFrom + * to return a WSACONNRESET error when a prior WSASendTo on the socket + * fails with an "ICMP port unreachable" response. After the error the + * socket is unusable and must be closed. We disable this behavior. * See Microsoft Knowledge Base Article Q263823 for details of this. + * https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/263823 + * https://web.archive.org/web/20111205034113/support.microsoft.com/kb/263823 */ void connection_reset_fix( diff --git a/ports/winnt/ntpd/hopf_PCI_io.c b/ports/winnt/ntpd/hopf_PCI_io.c index a1ba200f1171..048bec37af02 100644 --- a/ports/winnt/ntpd/hopf_PCI_io.c +++ b/ports/winnt/ntpd/hopf_PCI_io.c @@ -55,36 +55,19 @@ struct { BOOL OpenHopfDevice(void) { - OSVERSIONINFO VersionInfo; - ULONG deviceNumber; + ULONG deviceNumber = 0; CHAR deviceName[255]; - VersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - GetVersionEx(&VersionInfo); - switch (VersionInfo.dwPlatformId) { - - case VER_PLATFORM_WIN32_WINDOWS: // Win95/98 - return FALSE; // "NTP does not support Win 95-98." - break; - - case VER_PLATFORM_WIN32_NT: // WinNT - deviceNumber = 0; - snprintf(deviceName, sizeof(deviceName), - "\\\\.\\hclk6039%d", deviceNumber + 1); - hDevice = CreateFile( - deviceName, - GENERIC_WRITE | GENERIC_READ, - FILE_SHARE_WRITE | FILE_SHARE_READ, - NULL, - OPEN_EXISTING, - FILE_FLAG_DELETE_ON_CLOSE | FILE_FLAG_OVERLAPPED, - NULL); - break; - - default: - hDevice = INVALID_HANDLE_VALUE; - break; - } // end switch + snprintf(deviceName, sizeof(deviceName), + "\\\\.\\hclk6039%d", deviceNumber + 1); + hDevice = CreateFile( + deviceName, + GENERIC_WRITE | GENERIC_READ, + FILE_SHARE_WRITE | FILE_SHARE_READ, + NULL, + OPEN_EXISTING, + FILE_FLAG_DELETE_ON_CLOSE | FILE_FLAG_OVERLAPPED, + NULL); if (INVALID_HANDLE_VALUE == hDevice) // the system didn't return a handle return FALSE; //"A handle to the driver could not be obtained properly" diff --git a/ports/winnt/ntpd/nt_clockstuff.c b/ports/winnt/ntpd/nt_clockstuff.c index b937c34030f8..3ec0a23795ef 100644 --- a/ports/winnt/ntpd/nt_clockstuff.c +++ b/ports/winnt/ntpd/nt_clockstuff.c @@ -2,7 +2,7 @@ * * Created by Sven Dietrich sven@inter-yacht.com * - * New interpolation scheme by Dave Hart <davehart@davehart.com> in + * New interpolation scheme by Dave Hart <davehart@gmail.com> in * February 2009 overcomes 500us-1ms inherent jitter with the older * scheme, first identified by Peter Rosin (nee Ekberg) * <peda@lysator.liu.se> in 2003 [Bug 216]. @@ -19,11 +19,10 @@ #include "config.h" #endif +#include "isc/win32os.h" #include <sys/resource.h> /* our private version */ -#if defined(_MSC_VER) && _MSC_VER >= 1400 /* VS 2005 */ #include <intrin.h> /* for __rdtsc() */ -#endif #ifdef HAVE_PPSAPI #include <timepps.h> @@ -240,23 +239,6 @@ do { \ #define PERF2HNS(ctr) ((ctr) * HECTONANOSECONDS / PerfCtrFreq) -#if defined(_MSC_VER) && _MSC_VER >= 1400 /* VS 2005 */ -#define get_pcc() __rdtsc() -#else -/* - * something like this can be used for a compiler without __rdtsc() - */ -ULONGLONG __forceinline -get_pcc(void) -{ - /* RDTSC returns in EDX:EAX, same as C compiler */ - __asm { - RDTSC - } -} -#endif - - /* * perf_ctr() returns the current performance counter value, * from QueryPerformanceCounter or RDTSC. @@ -266,9 +248,9 @@ perf_ctr(void) { FT_ULL ft; - if (use_pcc) - return get_pcc(); - else { + if (use_pcc) { + return __rdtsc(); + } else { QueryPerformanceCounter(&ft.li); return ft.ull; } @@ -283,29 +265,18 @@ perf_ctr(void) */ static void init_small_adjustment(void) { - OSVERSIONINFO vi; - memset(&vi, 0, sizeof(vi)); - vi.dwOSVersionInfoSize = sizeof(vi); - - if (!GetVersionEx(&vi)) { - msyslog(LOG_WARNING, "GetVersionEx failed with error code %d.", GetLastError()); - os_ignores_small_adjustment = FALSE; - return; - } - - if (vi.dwMajorVersion == 6 && vi.dwMinorVersion == 1) { - // Windows 7 and Windows Server 2008 R2 - // - // Windows 7 is documented as affected. - // Windows Server 2008 R2 is assumed affected. - os_ignores_small_adjustment = TRUE; - } else if (vi.dwMajorVersion == 6 && vi.dwMinorVersion == 0) { - // Windows Vista and Windows Server 2008 + if ( isc_win32os_versioncheck(6, 0, 0, 0) >= 0 + && isc_win32os_versioncheck(6, 2, 0, 0) < 0) { + // 6.0 Windows Vista and Windows Server 2008 + // 6.1 Windows 7 and Windows Server 2008 R2 // // Windows Vista is documented as affected. // Windows Server 2008 is assumed affected. + // Windows 7 is documented as affected. + // Windows Server 2008 R2 is assumed affected. os_ignores_small_adjustment = TRUE; - } else { + } + else { os_ignores_small_adjustment = FALSE; } } @@ -413,11 +384,11 @@ is_qpc_built_on_pcc(void) REQUIRE(NomPerfCtrFreq != 0); QueryPerformanceCounter(&ft1.li); - ft2.ull = get_pcc(); + ft2.ull = __rdtsc(); Sleep(1); QueryPerformanceCounter(&ft3.li); Sleep(1); - ft4.ull = get_pcc(); + ft4.ull = __rdtsc(); Sleep(1); QueryPerformanceCounter(&ft5.li); @@ -1101,6 +1072,9 @@ StartClockThread(void) if (!SetThreadPriority(clock_thread, THREAD_PRIORITY_TIME_CRITICAL)) { DPRINTF(1, ("Error setting thread priority\n")); } + if (NULL != pSetThreadDescription) { + (*pSetThreadDescription)(clock_thread, L"ntpd_interp_clock"); + } lock_thread_to_processor(clock_thread); ResumeThread(clock_thread); diff --git a/ports/winnt/ntpd/nt_ppsimpl.c b/ports/winnt/ntpd/nt_ppsimpl.c index 632349a4f3ed..cea69a34be30 100644 --- a/ports/winnt/ntpd/nt_ppsimpl.c +++ b/ports/winnt/ntpd/nt_ppsimpl.c @@ -20,7 +20,6 @@ #include "timepps.h" #include "ntp_stdlib.h" -#include "lib_strbuf.h" #include "ntp_iocpltypes.h" #include "ntp_iocplmem.h" @@ -456,7 +455,7 @@ load_pps_provider( HMODULE hmod; pppsapi_prov_init pprov_init; - prov = emalloc(sizeof(*prov)); + prov = emalloc_zero(sizeof(*prov)); hmod = LoadLibraryA(dllpath); if (NULL == hmod) { msyslog(LOG_WARNING, msgfmt, dllpath, diff --git a/ports/winnt/ntpd/ntp_iocompletionport.c b/ports/winnt/ntpd/ntp_iocompletionport.c index 5852b1117364..0fb3e1a0b27f 100644 --- a/ports/winnt/ntpd/ntp_iocompletionport.c +++ b/ports/winnt/ntpd/ntp_iocompletionport.c @@ -14,7 +14,9 @@ Some notes on the implementation: * Second, for the sake of the time stamp interpolation the threads must run on the same CPU as the time interpolation thread. This makes using more than one thread useless, as they would compete for - the same core and create contention. + the same core and create contention. This is only an issue on + Windows Vista and earlier. On Windows 8 and later ntpd does not use + its own clock interpolation. + Some IO operations need a possibly lengthy post-processing. Emulating the UN*X line discipline is currently the only but prominent example. @@ -62,6 +64,7 @@ Juergen Perlinger (perlinger@ntp.org) Feb 2012 #include "ntpd.h" #include "ntp_request.h" +#include <isc/win32os.h> #include "ntp_iocompletionport.h" #include "ntp_iocplmem.h" @@ -77,6 +80,8 @@ enum io_packet_handling { PKT_SOCKET_ERROR }; + + static const char * const st_packet_handling[3] = { "accepted", "dropped" @@ -123,6 +128,9 @@ static HANDLE hMainRpcDone; DWORD ActiveWaitHandles; HANDLE WaitHandles[4]; +NotifyIpInterfaceChange_ptr pNotifyIpInterfaceChange; + + /* * ------------------------------------------------------------------- @@ -177,7 +185,7 @@ iocompletionthread( /* Socket and refclock receive call gettimeofday() so the I/O * thread needs to be on the same processor as the main and * timing threads to ensure consistent QueryPerformanceCounter() - * results. + * results, if we are interpolating the clock (pre-Win8). * * This gets seriously into the way of efficient thread pooling * on multi-core systems. @@ -225,47 +233,39 @@ iocompletionthread( void init_io_completion_port(void) { - OSVERSIONINFO vi; + FARPROC pfn; + HANDLE hNotify; + HANDLE hDll; # ifdef DEBUG atexit(&free_io_completion_port_mem); # endif - memset(&vi, 0, sizeof(vi)); - vi.dwOSVersionInfoSize = sizeof(vi); - - /* For windows 7 and above, schedule more than one receive */ - if (GetVersionEx(&vi) && vi.dwMajorVersion >= 6) + /* For Windows Vista and above, schedule more than one receive */ + if (isc_win32os_versioncheck(6, 0, 0, 0) >= 0) { s_SockRecvSched = 4; + } /* Create the context pool first. */ IOCPLPoolInit(20); - /* Create the event used to signal an IO event */ + /* Signal I/O ready */ WaitableIoEventHandle = CreateEvent(NULL, FALSE, FALSE, NULL); - if (WaitableIoEventHandle == NULL) { - msyslog(LOG_ERR, "Can't create I/O event handle: %m"); - exit(1); - } - /* Create the event used to signal an exit event */ + + /* Signal an exit request */ WaitableExitEventHandle = CreateEvent(NULL, FALSE, FALSE, NULL); - if (WaitableExitEventHandle == NULL) { - msyslog(LOG_ERR, "Can't create exit event handle: %m"); - exit(1); - } + + /* Signal a pps wakeup for attaching */ hMainRpcDone = CreateEvent(NULL, FALSE, FALSE, NULL); - if (hMainRpcDone == NULL) { - msyslog(LOG_ERR, "Can't create RPC sync handle: %m"); - exit(1); - } /* Create the IO completion port */ hndIOCPLPort = CreateIoCompletionPort( INVALID_HANDLE_VALUE, NULL, 0, 0); - if (hndIOCPLPort == NULL) { - msyslog(LOG_ERR, "Can't create I/O completion port: %m"); - exit(1); - } + + INSIST( NULL != WaitableIoEventHandle + && NULL != WaitableExitEventHandle + && NULL != hMainRpcDone + && NULL != hndIOCPLPort); /* Initialize the Wait Handles table */ WaitHandles[0] = WaitableTimerHandle; @@ -280,6 +280,25 @@ init_io_completion_port(void) */ addremove_io_semaphore = &ntpd_addremove_semaphore; + /* Avoid periodic endpoint scans if we are getting change notifications */ + hDll = LoadLibrary("iphlpapi"); + pfn = GetProcAddress(hDll, "NotifyIpInterfaceChange"); + if (NULL != pfn) { + pNotifyIpInterfaceChange = (NotifyIpInterfaceChange_ptr)pfn; + hNotify = NULL; + (*pNotifyIpInterfaceChange)( + AF_UNSPEC, + &IpInterfaceChangedCallback, + NULL, + FALSE, + &hNotify + ); + if (NULL != hNotify) { + /* some systems get notifications minutes to hours late */ + /* no_periodic_scan = TRUE; */ + } + } + /* Create a true handle for the main thread (APC processing) */ DuplicateHandle(GetCurrentProcess(), GetCurrentThread(), GetCurrentProcess(), &hMainThread, @@ -291,8 +310,13 @@ init_io_completion_port(void) 0, iocompletionthread, NULL, - 0, + CREATE_SUSPENDED, &tidCompletionThread); + if (NULL != pSetThreadDescription) { + (*pSetThreadDescription)(hIoCompletionThread, L"ntp_iocp"); + (*pSetThreadDescription)(hMainThread, L"ntp_main"); + } + ResumeThread(hIoCompletionThread); } @@ -321,7 +345,7 @@ uninit_io_completion_port( /* Thread lost. Kill off with TerminateThread. */ msyslog(LOG_ERR, "IO completion thread refuses to terminate"); - TerminateThread(hIoCompletionThread, ~0UL); + TerminateThread(hIoCompletionThread, 0); } } @@ -345,6 +369,49 @@ uninit_io_completion_port( /* + * IpInterfaceChangedCallback() is invoked on a worker thread created + * by the system, not the main thread nor the IOCP thread. Hand off + * to the main thread via APC invoking ip_interface_changed(). + */ +void WINAPI +IpInterfaceChangedCallback( + PVOID ctx, + PVOID row, + MIB_NOTIF_TYPE type +) +{ + UNUSED_ARG(ctx); + UNUSED_ARG(row); + UNUSED_ARG(type); + + QueueUserAPC(&ip_interface_changed, hMainThread, 0); +} + + +/* + * ip_interface_changed() is a user APC called on the main thread once + * for each changed row of a table of IP addresses mapping them to + * interfaces. Trigger a rescan of interfaces but delay it to the next + * tick of the seconds to avoid pointless multiplication of scans. + */ +void WINAPI +ip_interface_changed(ULONG_PTR ctx) +{ + static u_long last_scan; + + UNUSED_ARG(ctx); + + /* delay by a few seconds if we just rescanned */ + if (current_time - last_scan > 1) { + endpt_scan_timer = current_time + 1; + } else { + endpt_scan_timer = current_time + 3; + } + last_scan = current_time; +} + + +/* * ------------------------------------------------------------------- * external worker thread support (wait handle stuff) * @@ -411,7 +478,7 @@ free_io_completion_port_mem(void) void iocpl_notify( IoHndPad_T * iopad, - void (*pfunc)(ULONG_PTR, IoCtx_t *), + IoCompleteFunc pfunc, UINT_PTR fdn ) { @@ -428,29 +495,29 @@ iocpl_notify( /* * ------------------------------------------------------------------- - * APC callback for scheduling interface scans. + * APC callback for socket send failure executed in the main thread. * * We get an error when trying to send if the network interface is * gone or has lost link. Rescan interfaces to catch on sooner, but no - * more often than once per minute. Once ntpd is able to detect - * changes without polling this should be unnecessary. + * more than around once per minute. */ static void WINAPI apcOnUnexpectedNetworkError( ULONG_PTR arg ) { - static u_long time_next_ifscan_after_error; + static u_long earliest_rescan_time; UNUSED_ARG(arg); - if (time_next_ifscan_after_error < current_time) { - time_next_ifscan_after_error = current_time + 60; - timer_interfacetimeout(current_time); + if (earliest_rescan_time < current_time) { + endpt_scan_timer = current_time; + earliest_rescan_time = current_time + SECSPERMIN - 1; } DPRINTF(4, ("UnexpectedNetworkError: interface may be down\n")); } + /* ------------------------------------------------------------------- * * Prelude to madness -- common error checking code @@ -859,11 +926,11 @@ QueueSerialReadCommon( /* 'buff->recv_length' must be set already! */ buff->fd = lpo->iopad->riofd; buff->dstadr = NULL; - buff->receiver = process_refclock_packet; + buff->receiver = &process_refclock_packet; buff->recv_peer = lpo->iopad->rsrc.rio->srcclock; rc = ReadFile(lpo->io.hnd, - (char*)buff->recv_buffer + buff->recv_length, + (char *)buff->recv_buffer + buff->recv_length, sizeof(buff->recv_buffer) - buff->recv_length, NULL, &lpo->ol); return rc || IoResultCheck(GetLastError(), lpo, msgh); @@ -967,22 +1034,22 @@ OnDeferredStartWait( IoCtx_t * lpo ) { - IoCtxStartChecked(lpo, QueueSerialWait, lpo->recv_buf); + IoCtxStartChecked(lpo, &QueueSerialWait, lpo->recv_buf); } /* ------------------------------------------------------------------- - * APC deferred bouncer -- put buffer to receive queueor eventually + * APC deferred bouncer -- put buffer to receive queue or eventually * discard it if source is already disabled. Runs in the context * of the main thread exclusively. */ static void WINAPI OnEnqueAPC( ULONG_PTR arg -) + ) { - recvbuf_t * buff = (recvbuf_t*)arg; - IoHndPad_T * iopad = (IoHndPad_T*)buff->recv_peer; - RIO_t * rio = iopad->rsrc.rio; + recvbuf_t * buff = (recvbuf_t *)arg; + IoHndPad_T * iopad = (IoHndPad_T *)buff->recv_peer; + RIO_t * rio = iopad->rsrc.rio; /* Down below we make a nasty hack to transport the iopad * pointer in the buffer so we can avoid another temporary @@ -991,7 +1058,7 @@ OnEnqueAPC( if (NULL != rio) { /* OK, refclock still attached */ buff->recv_peer = rio->srcclock; - if (iohpQueueLocked(iopad, iohpRefClockOK, buff)) + if (iohpQueueLocked(iopad, &iohpRefClockOK, buff)) ++rio->srcclock->received; } else { /* refclock detached while in flight... */ @@ -1018,7 +1085,7 @@ OnSerialReadWorker( /* We should never gat a zero-byte read here. If we do, nothing * really bad happens, just a useless rescan of data we have - * already processed. But somethings not quite right in logic + * already processed. But something's not quite right in logic * and we croak loudly in debug builds. */ DEBUG_INSIST(lpo->byteCount > 0); @@ -1041,10 +1108,10 @@ st_new_obuf: buff->recv_length = 0; goto st_read_fresh; } - obuf->fd = buff->fd; - obuf->receiver = buff->receiver; - obuf->dstadr = NULL; - obuf->recv_peer = buff->recv_peer; + obuf->fd = buff->fd; + obuf->receiver = buff->receiver; + obuf->dstadr = NULL; + obuf->recv_peer = buff->recv_peer; set_serial_recv_time(obuf, lpo); st_copy_start: @@ -1100,8 +1167,8 @@ st_pass_buffer: * the IOPAD matches the RIO in the buffer is dangerous: That * pointer is manipulated by the other threads! */ - obuf->recv_peer = (struct peer*)iohpAttach(lpo->iopad); - QueueUserAPC(OnEnqueAPC, hMainThread, (ULONG_PTR)obuf); + obuf->recv_peer = (struct peer *)iohpAttach(lpo->iopad); + QueueUserAPC(&OnEnqueAPC, hMainThread, (ULONG_PTR)obuf); if (sptr != send) goto st_new_obuf; buff->recv_length = 0; @@ -1121,8 +1188,10 @@ st_read_fresh: * just mop up the pieces. */ lpo->onIoDone = OnDeferredStartWait; - if (!(hndIOCPLPort && PostQueuedCompletionStatus(hndIOCPLPort, 1, 0, &lpo->ol))) + if ( NULL == hndIOCPLPort + || !PostQueuedCompletionStatus(hndIOCPLPort, 1, 0, &lpo->ol)) { IoCtxRelease(lpo); + } return 0; } @@ -1846,17 +1915,14 @@ fail: /* -------------------------------------------------------------------- * GetReceivedBuffers * Note that this is in effect the main loop for processing requests - * both send and receive. This should be reimplemented + * both send and receive. Executed on the main thread. */ int GetReceivedBuffers(void) { DWORD index; HANDLE ready; - int errcode; - BOOL dynbuf; BOOL have_packet; - char * msgbuf; have_packet = FALSE; while (!have_packet) { @@ -1883,20 +1949,12 @@ GetReceivedBuffers(void) break; case WAIT_TIMEOUT: - msyslog(LOG_ERR, - "WaitForMultipleObjectsEx INFINITE timed out."); + DEBUG_INVARIANT(!"INFINITE wait timed out"); break; case WAIT_FAILED: - dynbuf = FALSE; - errcode = GetLastError(); - msgbuf = NTstrerror(errcode, &dynbuf); - msyslog(LOG_ERR, - "WaitForMultipleObjectsEx Failed: Errcode = %n, msg = %s", errcode, msgbuf); - if (dynbuf) - LocalFree(msgbuf); - exit(1); - break; + DEBUG_INVARIANT(!"IOCP wait failed"); + break; default: DEBUG_INSIST((index - WAIT_OBJECT_0) < diff --git a/ports/winnt/ntpd/ntservice.c b/ports/winnt/ntpd/ntservice.c index 01aad478426a..31762608d96d 100644 --- a/ports/winnt/ntpd/ntservice.c +++ b/ports/winnt/ntpd/ntservice.c @@ -31,11 +31,10 @@ #include "isc/win32os.h" #include <ssl_applink.c> - /* * Globals */ -static SERVICE_STATUS_HANDLE hServiceStatus = 0; +static SERVICE_STATUS_HANDLE hServiceStatus; static BOOL foreground = FALSE; static BOOL computer_shutting_down = FALSE; static int glb_argc; @@ -153,8 +152,9 @@ ntservice_init(void) if (!foreground) { /* Register handler with the SCM */ - hServiceStatus = RegisterServiceCtrlHandler(NTP_DISPLAY_NAME, - ServiceControl); + hServiceStatus = RegisterServiceCtrlHandler( + NTP_DISPLAY_NAME, + &ServiceControl); if (!hServiceStatus) { NTReportError(NTP_SERVICE_NAME, "could not register with SCM"); @@ -164,7 +164,6 @@ ntservice_init(void) } else { snprintf(ConsoleTitle, sizeof(ConsoleTitle), "NTP Version %s", Version); - ConsoleTitle[sizeof(ConsoleTitle) - 1] = '\0'; SetConsoleTitle(ConsoleTitle); } @@ -220,9 +219,8 @@ ntservice_systemisshuttingdown(void) void ntservice_exit(void) { + peer_cleanup(); uninit_io_completion_port(); - Sleep( 200 ); //##++ - reset_winnt_time(); msyslog(LOG_INFO, "ntservice: The Network Time Protocol Service is stopping."); @@ -257,17 +255,15 @@ ServiceControl( /* fall through to stop case */ case SERVICE_CONTROL_STOP: + msyslog(LOG_INFO, "SCM requests stop (%s)", + msg_tab[!!computer_shutting_down]); + UpdateSCM(SERVICE_STOP_PENDING); if (WaitableExitEventHandle != NULL) { - msyslog(LOG_INFO, "SCM requests stop (%s)", - msg_tab[!!computer_shutting_down]); - UpdateSCM(SERVICE_STOP_PENDING); SetEvent(WaitableExitEventHandle); - Sleep(100); //##++ - break; + } else { + exit(EX_SOFTWARE); } - msyslog(LOG_ERR, "SCM requests stop (%s), but have no exit event!", - msg_tab[!!computer_shutting_down]); - /* FALLTHROUGH */ + break; case SERVICE_CONTROL_PAUSE: case SERVICE_CONTROL_CONTINUE: diff --git a/ports/winnt/vs2005/libntp.vcproj b/ports/winnt/vs2005/libntp.vcproj index 7372268628a8..5114727ed091 100644 --- a/ports/winnt/vs2005/libntp.vcproj +++ b/ports/winnt/vs2005/libntp.vcproj @@ -429,10 +429,6 @@ > </File> <File - RelativePath="..\..\..\libntp\numtohost.c" - > - </File> - <File RelativePath="..\..\..\libntp\octtoint.c" > </File> diff --git a/ports/winnt/vs2008/libntp/libntp.vcproj b/ports/winnt/vs2008/libntp/libntp.vcproj index 47e0f10b32b9..39fdad3543d1 100644 --- a/ports/winnt/vs2008/libntp/libntp.vcproj +++ b/ports/winnt/vs2008/libntp/libntp.vcproj @@ -536,10 +536,6 @@ > </File> <File - RelativePath="..\..\..\..\libntp\numtohost.c" - > - </File> - <File RelativePath="..\..\..\..\libntp\octtoint.c" > </File> diff --git a/ports/winnt/vs2013/libntp/libntp.vcxproj b/ports/winnt/vs2013/libntp/libntp.vcxproj index 01a56e77e315..0ada2d05cc88 100644 --- a/ports/winnt/vs2013/libntp/libntp.vcxproj +++ b/ports/winnt/vs2013/libntp/libntp.vcxproj @@ -258,7 +258,6 @@ <ClCompile Include="..\..\..\..\libntp\ntp_rfc2553.c" /> <ClCompile Include="..\..\..\..\libntp\ntp_worker.c" /> <ClCompile Include="..\..\..\..\libntp\numtoa.c" /> - <ClCompile Include="..\..\..\..\libntp\numtohost.c" /> <ClCompile Include="..\..\..\..\libntp\octtoint.c" /> <ClCompile Include="..\..\..\..\libntp\prettydate.c" /> <ClCompile Include="..\..\..\..\libntp\recvbuff.c" /> diff --git a/ports/winnt/vs2013/libntp/libntp.vcxproj.filters b/ports/winnt/vs2013/libntp/libntp.vcxproj.filters index 7fe2e102a611..7a1e2613206c 100644 --- a/ports/winnt/vs2013/libntp/libntp.vcxproj.filters +++ b/ports/winnt/vs2013/libntp/libntp.vcxproj.filters @@ -209,9 +209,6 @@ <ClCompile Include="..\..\..\..\libntp\numtoa.c"> <Filter>Source Files</Filter> </ClCompile> - <ClCompile Include="..\..\..\..\libntp\numtohost.c"> - <Filter>Source Files</Filter> - </ClCompile> <ClCompile Include="..\..\..\..\libntp\octtoint.c"> <Filter>Source Files</Filter> </ClCompile> diff --git a/ports/winnt/vs2015/debug-x64.props b/ports/winnt/vs2015/debug-x64.props index b242fdce7b46..750b7294c111 100644 --- a/ports/winnt/vs2015/debug-x64.props +++ b/ports/winnt/vs2015/debug-x64.props @@ -6,6 +6,7 @@ <PropertyGroup> <_ProjectFileVersion>12.0.30501.0</_ProjectFileVersion> <_PropertySheetDisplayName>debug-x64</_PropertySheetDisplayName> + <LinkIncremental>true</LinkIncremental> <!-- Edit & Continue --> </PropertyGroup> <ItemDefinitionGroup> <ClCompile> @@ -14,10 +15,19 @@ <AdditionalIncludeDirectories>$(OPENSSL64_INC);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>_DEBUG;OPENSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> + <!-- vvv Edit & Continue vvv --> + <DebugInformationFormat>EditAndContinue</DebugInformationFormat> + <MinimalRebuild>true</MinimalRebuild> + <MultiProcessorCompilation>false</MultiProcessorCompilation> + <!-- ^^^ Edit & Continue ^^^ --> </ClCompile> <Link> <TargetMachine>MachineX64</TargetMachine> <AdditionalLibraryDirectories>$(OPENSSL64_LIB)</AdditionalLibraryDirectories> + <!-- vvv Edit & Continue vvv --> + <EnableCOMDATFolding>false</EnableCOMDATFolding> + <OptimizeReferences>false</OptimizeReferences> + <!-- ^^^ Edit & Continue ^^^ --> </Link> </ItemDefinitionGroup> </Project>
\ No newline at end of file diff --git a/ports/winnt/vs2015/debug.props b/ports/winnt/vs2015/debug.props index a3ea8497ea73..fbda84b8f675 100644 --- a/ports/winnt/vs2015/debug.props +++ b/ports/winnt/vs2015/debug.props @@ -6,6 +6,7 @@ <PropertyGroup> <_ProjectFileVersion>12.0.30501.0</_ProjectFileVersion> <_PropertySheetDisplayName>debug-x86</_PropertySheetDisplayName> + <LinkIncremental>true</LinkIncremental> <!-- Edit & Continue --> </PropertyGroup> <ItemDefinitionGroup> <ClCompile> @@ -14,10 +15,20 @@ <AdditionalIncludeDirectories>$(OPENSSL_INC);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <PreprocessorDefinitions>_DEBUG;OPENSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> + <!-- vvv Edit & Continue vvv --> + <DebugInformationFormat>EditAndContinue</DebugInformationFormat> + <MinimalRebuild>true</MinimalRebuild> + <MultiProcessorCompilation>false</MultiProcessorCompilation> + <!-- ^^^ Edit & Continue ^^^ --> </ClCompile> <Link> <TargetMachine>MachineX86</TargetMachine> <AdditionalLibraryDirectories>$(OPENSSL_LIB)</AdditionalLibraryDirectories> + <!-- vvv Edit & Continue vvv --> + <EnableCOMDATFolding>false</EnableCOMDATFolding> + <OptimizeReferences>false</OptimizeReferences> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> + <!-- ^^^ Edit & Continue ^^^ --> </Link> </ItemDefinitionGroup> </Project>
\ No newline at end of file diff --git a/ports/winnt/vs2015/libntp/libntp.vcxproj b/ports/winnt/vs2015/libntp/libntp.vcxproj index 29a15275b0c0..1b87cea1d22a 100644 --- a/ports/winnt/vs2015/libntp/libntp.vcxproj +++ b/ports/winnt/vs2015/libntp/libntp.vcxproj @@ -163,7 +163,6 @@ <ClCompile Include="..\..\..\..\libntp\ntp_rfc2553.c" /> <ClCompile Include="..\..\..\..\libntp\ntp_worker.c" /> <ClCompile Include="..\..\..\..\libntp\numtoa.c" /> - <ClCompile Include="..\..\..\..\libntp\numtohost.c" /> <ClCompile Include="..\..\..\..\libntp\octtoint.c" /> <ClCompile Include="..\..\..\..\libntp\prettydate.c" /> <ClCompile Include="..\..\..\..\libntp\recvbuff.c" /> diff --git a/ports/winnt/vs2015/libntp/libntp.vcxproj.filters b/ports/winnt/vs2015/libntp/libntp.vcxproj.filters index 72f0a30570a3..23fff905d9bb 100644 --- a/ports/winnt/vs2015/libntp/libntp.vcxproj.filters +++ b/ports/winnt/vs2015/libntp/libntp.vcxproj.filters @@ -161,9 +161,6 @@ <ClCompile Include="..\..\..\..\libntp\numtoa.c"> <Filter>Source Files</Filter> </ClCompile> - <ClCompile Include="..\..\..\..\libntp\numtohost.c"> - <Filter>Source Files</Filter> - </ClCompile> <ClCompile Include="..\..\..\..\libntp\octtoint.c"> <Filter>Source Files</Filter> </ClCompile> diff --git a/ports/winnt/vs2015/ntpd/ntpd.vcxproj b/ports/winnt/vs2015/ntpd/ntpd.vcxproj index a177aa66152b..e1efd3d9de8b 100644 --- a/ports/winnt/vs2015/ntpd/ntpd.vcxproj +++ b/ports/winnt/vs2015/ntpd/ntpd.vcxproj @@ -121,6 +121,7 @@ <ClCompile Include="..\..\..\..\libparse\clk_rawdcf.c" /> <ClCompile Include="..\..\..\..\libparse\clk_rcc8000.c" /> <ClCompile Include="..\..\..\..\libparse\clk_schmid.c" /> + <ClCompile Include="..\..\..\..\libparse\clk_sel240x.c" /> <ClCompile Include="..\..\..\..\libparse\clk_trimtaip.c" /> <ClCompile Include="..\..\..\..\libparse\clk_trimtsip.c" /> <ClCompile Include="..\..\..\..\libparse\clk_varitext.c" /> @@ -317,4 +318,4 @@ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> </ImportGroup> -</Project> +</Project>
\ No newline at end of file diff --git a/ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters b/ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters index 3ff368308f86..b4c45ca07127 100644 --- a/ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters +++ b/ports/winnt/vs2015/ntpd/ntpd.vcxproj.filters @@ -309,6 +309,9 @@ <ClCompile Include="..\..\..\..\ntpd\refclock_gpsdjson.c"> <Filter>Reference Clock</Filter> </ClCompile> + <ClCompile Include="..\..\..\..\libparse\clk_sel240x.c"> + <Filter>Parse Lib</Filter> + </ClCompile> </ItemGroup> <ItemGroup> <ClInclude Include="..\..\..\..\include\ascii.h"> @@ -552,18 +555,13 @@ </ResourceCompile> </ItemGroup> <ItemGroup> - <None Include="..\..\libntp\MSG00001.bin"> - <Filter>Generated Files</Filter> - </None> - <None Include="..\libntp\messages.mc"> - <Filter>Resource Files</Filter> - </None> <None Include="..\..\..\..\ChangeLog" /> </ItemGroup> <ItemGroup> <CustomBuild Include="..\..\..\..\ntpd\ntp_parser.h"> <Filter>Header Files</Filter> </CustomBuild> - <CustomBuild Include="..\..\..\..\packageinfo.sh" /> + <CustomBuild Include="..\..\..\..\.bk\SCCS\ChangeSet,s" /> + <CustomBuild Include="scm-rev" /> </ItemGroup> </Project>
\ No newline at end of file diff --git a/scripts/Makefile.in b/scripts/Makefile.in index 026185093d03..a2156011a514 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -420,6 +420,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/build/Makefile.in b/scripts/build/Makefile.in index 51446d9bf3cc..cd023719137b 100644 --- a/scripts/build/Makefile.in +++ b/scripts/build/Makefile.in @@ -328,6 +328,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/build/checkHtmlFileDates b/scripts/build/checkHtmlFileDates index 9d9a2f2625d0..5eae87f7af41 100755 --- a/scripts/build/checkHtmlFileDates +++ b/scripts/build/checkHtmlFileDates @@ -1,11 +1,29 @@ #! /bin/sh -bk version > /dev/null 2>&1 || exit 0 +# +# checkHtmlFileDates +# +# This script is invoked in html directory when any html/*.html file +# is newer than html/.datecheck to update the last modified time +# within the HTML. Each file is compared against the checked-in +# version is compared to any uncommitted edits and if there are +# any, scripts/build/updateBEDate is used to update the embedded +# timestamp. html/.datecheck is not distributed in releases so +# this will be invoked once building a newly-extracted tarball. +# 'bk diff' is used to check for modifications so if bk is not +# on the path there's no need to invoke this repeatedly. +# Therefore touch .datecheck unconditionally right away. +# +touch .datecheck -for i in `find * -type f -name '*.html' -print | grep -v SCCS/` +# Do nothing if the directory is not a BK repo, +# or if BK is not even installed. +bk status > /dev/null 2>&1 || exit 0 + +for i in `echo *.html` do # echo $i - set `bk diffs $i | wc -l` + set `bk diff --normal $i | wc -l` lines=$1 case "$lines" in 0) ;; diff --git a/scripts/build/genAuthors.in b/scripts/build/genAuthors.in index a5a15e1270b0..a1b5a4023acd 100644 --- a/scripts/build/genAuthors.in +++ b/scripts/build/genAuthors.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ +# @configure_input@ # DESCRIPTION # diff --git a/scripts/build/mkver.in b/scripts/build/mkver.in index c58d8040f1d9..89ea50bc5e51 100644 --- a/scripts/build/mkver.in +++ b/scripts/build/mkver.in @@ -1,4 +1,6 @@ #!@CONFIG_SHELL@ +# @configure_input@ + PROG=${1-UNKNOWN} ConfStr="$PROG" diff --git a/scripts/calc_tickadj/Makefile.in b/scripts/calc_tickadj/Makefile.in index f4dc33b2209c..050ab5af6000 100644 --- a/scripts/calc_tickadj/Makefile.in +++ b/scripts/calc_tickadj/Makefile.in @@ -364,6 +364,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman index e1d2216c31d8..3d42eca9f834 100644 --- a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman +++ b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH calc_tickadj 1calc_tickadjman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH calc_tickadj 1calc_tickadjman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:10 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:32 AM by AutoGen 5.18.16 .\" From the definitions calc_tickadj-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc index 71507c329099..6098e246b70d 100644 --- a/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc +++ b/scripts/calc_tickadj/calc_tickadj.1calc_tickadjmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:12 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:33 AM by AutoGen 5.18.16 .\" From the definitions calc_tickadj-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/calc_tickadj/calc_tickadj.html b/scripts/calc_tickadj/calc_tickadj.html index fb583099b5d8..77c9f29bf9f6 100644 --- a/scripts/calc_tickadj/calc_tickadj.html +++ b/scripts/calc_tickadj/calc_tickadj.html @@ -47,7 +47,7 @@ Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href <span id="calc_005ftickadj-User_0027s-Manual"></span><h1 class="top">calc_tickadj User’s Manual</h1> <p>This document describes the use of the NTP Project’s <code>calc_tickadj</code> program. -This document applies to version 4.2.8p17 of <code>calc_tickadj</code>. +This document applies to version 4.2.8p18 of <code>calc_tickadj</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> diff --git a/scripts/calc_tickadj/calc_tickadj.in b/scripts/calc_tickadj/calc_tickadj.in index 38b826eb2fff..56c549adc82a 100644 --- a/scripts/calc_tickadj/calc_tickadj.in +++ b/scripts/calc_tickadj/calc_tickadj.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input@ # # drift of 104.8576 -> +1 tick. Base of 10000 ticks. # diff --git a/scripts/calc_tickadj/calc_tickadj.man.in b/scripts/calc_tickadj/calc_tickadj.man.in index e1d2216c31d8..3d42eca9f834 100644 --- a/scripts/calc_tickadj/calc_tickadj.man.in +++ b/scripts/calc_tickadj/calc_tickadj.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH calc_tickadj 1calc_tickadjman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH calc_tickadj 1calc_tickadjman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:10 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:32 AM by AutoGen 5.18.16 .\" From the definitions calc_tickadj-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/calc_tickadj/calc_tickadj.mdoc.in b/scripts/calc_tickadj/calc_tickadj.mdoc.in index 71507c329099..6098e246b70d 100644 --- a/scripts/calc_tickadj/calc_tickadj.mdoc.in +++ b/scripts/calc_tickadj/calc_tickadj.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt CALC_TICKADJ 1calc_tickadjmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (calc_tickadj-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:12 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:33 AM by AutoGen 5.18.16 .\" From the definitions calc_tickadj-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/calc_tickadj/invoke-calc_tickadj.texi b/scripts/calc_tickadj/invoke-calc_tickadj.texi index 6d0ce24f0096..c0ca429e83f2 100644 --- a/scripts/calc_tickadj/invoke-calc_tickadj.texi +++ b/scripts/calc_tickadj/invoke-calc_tickadj.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-calc_tickadj.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:13 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:34 AM by AutoGen 5.18.16 # From the definitions calc_tickadj-opts.def # and the template file agtexi-cmd.tpl @end ignore diff --git a/scripts/invoke-plot_summary.texi b/scripts/invoke-plot_summary.texi index 65faebaa7d97..39fe8082ef80 100644 --- a/scripts/invoke-plot_summary.texi +++ b/scripts/invoke-plot_summary.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-plot_summary.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:36 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:57 AM by AutoGen 5.18.16 # From the definitions plot_summary-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -41,7 +41,7 @@ with a status code of 0. @exampleindent 0 @example -plot_summary - plot statistics generated by summary script - Ver. 4.2.8p17 +plot_summary - plot statistics generated by summary script - Ver. 4.2.8p18 USAGE: plot_summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --directory=str Where the summary files are diff --git a/scripts/invoke-summary.texi b/scripts/invoke-summary.texi index 1b82c93397b7..4a4bf7c44f13 100644 --- a/scripts/invoke-summary.texi +++ b/scripts/invoke-summary.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-summary.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:40 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:06:02 AM by AutoGen 5.18.16 # From the definitions summary-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -42,7 +42,7 @@ with a status code of 0. @exampleindent 0 @example -summary - compute various stastics from NTP stat files - Ver. 4.2.8p17 +summary - compute various stastics from NTP stat files - Ver. 4.2.8p18 USAGE: summary [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... --directory=str Directory containing stat files diff --git a/scripts/lib/Makefile.in b/scripts/lib/Makefile.in index 90d82539d476..e370bf134e31 100644 --- a/scripts/lib/Makefile.in +++ b/scripts/lib/Makefile.in @@ -355,6 +355,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/ntp-wait/Makefile.in b/scripts/ntp-wait/Makefile.in index 9aa6ee7afb34..854c10ff9716 100644 --- a/scripts/ntp-wait/Makefile.in +++ b/scripts/ntp-wait/Makefile.in @@ -363,6 +363,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/ntp-wait/invoke-ntp-wait.texi b/scripts/ntp-wait/invoke-ntp-wait.texi index 138a43d9b2fc..aff658518c97 100644 --- a/scripts/ntp-wait/invoke-ntp-wait.texi +++ b/scripts/ntp-wait/invoke-ntp-wait.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp-wait.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:17 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:38 AM by AutoGen 5.18.16 # From the definitions ntp-wait-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -61,7 +61,7 @@ with a status code of 0. @exampleindent 0 @example -ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p17 +ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p18 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... -n, --tries=num Number of times to check ntpd diff --git a/scripts/ntp-wait/ntp-wait-opts b/scripts/ntp-wait/ntp-wait-opts index 944d4c1404ab..8358c3bbcada 100644 --- a/scripts/ntp-wait/ntp-wait-opts +++ b/scripts/ntp-wait/ntp-wait-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (ntp-wait-opts) # -# It has been AutoGen-ed June 6, 2023 at 04:39:15 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:36 AM by AutoGen 5.18.16 # From the definitions ntp-wait-opts.def # and the template file perlopt @@ -40,7 +40,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p17 +ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p18 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]... -n, --tries=num Number of times to check ntpd diff --git a/scripts/ntp-wait/ntp-wait.1ntp-waitman b/scripts/ntp-wait/ntp-wait.1ntp-waitman index 1a01d97b5729..d5a54e07880e 100644 --- a/scripts/ntp-wait/ntp-wait.1ntp-waitman +++ b/scripts/ntp-wait/ntp-wait.1ntp-waitman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-wait 1ntp-waitman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntp-wait 1ntp-waitman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:18 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:40 AM by AutoGen 5.18.16 .\" From the definitions ntp-wait-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc b/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc index cb5ad0252df6..3da960f0409c 100644 --- a/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc +++ b/scripts/ntp-wait/ntp-wait.1ntp-waitmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_WAIT 1ntp-waitmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:15 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:37 AM by AutoGen 5.18.16 .\" From the definitions ntp-wait-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntp-wait/ntp-wait.html b/scripts/ntp-wait/ntp-wait.html index 282f5db6e517..d21222c12fc5 100644 --- a/scripts/ntp-wait/ntp-wait.html +++ b/scripts/ntp-wait/ntp-wait.html @@ -58,7 +58,7 @@ until the system’s time has stabilized and synchronized, and only then start any applicaitons (like database servers) that require accurate and stable time. </p> -<p>This document applies to version 4.2.8p17 of <code>ntp-wait</code>. +<p>This document applies to version 4.2.8p18 of <code>ntp-wait</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -145,7 +145,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p17 +<pre class="example">ntp-wait - Wait for ntpd to stabilize the system clock - Ver. 4.2.8p18 USAGE: ntp-wait [ -<flag> [<val>] | --<name>[{=| }<val>] ]... -n, --tries=num Number of times to check ntpd diff --git a/scripts/ntp-wait/ntp-wait.in b/scripts/ntp-wait/ntp-wait.in index cfccbe0ac2ad..3b7a3ce4c647 100644 --- a/scripts/ntp-wait/ntp-wait.in +++ b/scripts/ntp-wait/ntp-wait.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ +# @configure_input@ package ntp_wait; use 5.006_000; diff --git a/scripts/ntp-wait/ntp-wait.man.in b/scripts/ntp-wait/ntp-wait.man.in index 4e9b184b847f..a2c54e4f2ed1 100644 --- a/scripts/ntp-wait/ntp-wait.man.in +++ b/scripts/ntp-wait/ntp-wait.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-wait @NTP_WAIT_MS@ "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntp-wait @NTP_WAIT_MS@ "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:18 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:40 AM by AutoGen 5.18.16 .\" From the definitions ntp-wait-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntp-wait/ntp-wait.mdoc.in b/scripts/ntp-wait/ntp-wait.mdoc.in index 35e7a2ab06fd..1b7d34ba3888 100644 --- a/scripts/ntp-wait/ntp-wait.mdoc.in +++ b/scripts/ntp-wait/ntp-wait.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_WAIT @NTP_WAIT_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-wait-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:15 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:37 AM by AutoGen 5.18.16 .\" From the definitions ntp-wait-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntpsweep/Makefile.in b/scripts/ntpsweep/Makefile.in index 027f0847ecdf..01b0143e4439 100644 --- a/scripts/ntpsweep/Makefile.in +++ b/scripts/ntpsweep/Makefile.in @@ -364,6 +364,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/ntpsweep/invoke-ntpsweep.texi b/scripts/ntpsweep/invoke-ntpsweep.texi index d81aa76d21d2..f0d8720ae66b 100644 --- a/scripts/ntpsweep/invoke-ntpsweep.texi +++ b/scripts/ntpsweep/invoke-ntpsweep.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntpsweep.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:20 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:42 AM by AutoGen 5.18.16 # From the definitions ntpsweep-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -45,7 +45,7 @@ with a status code of 0. @exampleindent 0 @example -ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p17 +ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p18 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [hostfile] -l, --host-list=str Host to execute actions on diff --git a/scripts/ntpsweep/ntpsweep-opts b/scripts/ntpsweep/ntpsweep-opts index 61bfb34159f0..9fad3f4be01c 100644 --- a/scripts/ntpsweep/ntpsweep-opts +++ b/scripts/ntpsweep/ntpsweep-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (ntpsweep-opts) # -# It has been AutoGen-ed June 6, 2023 at 04:39:20 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:41 AM by AutoGen 5.18.16 # From the definitions ntpsweep-opts.def # and the template file perlopt @@ -43,7 +43,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p17 +ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p18 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile] -l, --host-list=str Host to execute actions on diff --git a/scripts/ntpsweep/ntpsweep.1ntpsweepman b/scripts/ntpsweep/ntpsweep.1ntpsweepman index e609f54128ee..6fe4d206711f 100644 --- a/scripts/ntpsweep/ntpsweep.1ntpsweepman +++ b/scripts/ntpsweep/ntpsweep.1ntpsweepman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsweep 1ntpsweepman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntpsweep 1ntpsweepman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:23 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:45 AM by AutoGen 5.18.16 .\" From the definitions ntpsweep-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc b/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc index 37b9e81f20f7..07e1db269a2a 100644 --- a/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc +++ b/scripts/ntpsweep/ntpsweep.1ntpsweepmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPSWEEP 1ntpsweepmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsweep-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:22 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:44 AM by AutoGen 5.18.16 .\" From the definitions ntpsweep-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntpsweep/ntpsweep.html b/scripts/ntpsweep/ntpsweep.html index bca4b02986cf..a030c541a323 100644 --- a/scripts/ntpsweep/ntpsweep.html +++ b/scripts/ntpsweep/ntpsweep.html @@ -49,7 +49,7 @@ Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href <p>This document describes the use of the NTP Project’s <code>ntpsweep</code> program. </p> -<p>This document applies to version 4.2.8p17 of <code>ntpsweep</code>. +<p>This document applies to version 4.2.8p18 of <code>ntpsweep</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -120,7 +120,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p17 +<pre class="example">ntpsweep - Print various informations about given ntp servers - Ver. 4.2.8p18 USAGE: ntpsweep [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [hostfile] -l, --host-list=str Host to execute actions on diff --git a/scripts/ntpsweep/ntpsweep.in b/scripts/ntpsweep/ntpsweep.in index 75ac0c8b06d9..b9b329e5dbda 100644 --- a/scripts/ntpsweep/ntpsweep.in +++ b/scripts/ntpsweep/ntpsweep.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input@ # # $Id$ # diff --git a/scripts/ntpsweep/ntpsweep.man.in b/scripts/ntpsweep/ntpsweep.man.in index e609f54128ee..6fe4d206711f 100644 --- a/scripts/ntpsweep/ntpsweep.man.in +++ b/scripts/ntpsweep/ntpsweep.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntpsweep 1ntpsweepman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntpsweep 1ntpsweepman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:23 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:45 AM by AutoGen 5.18.16 .\" From the definitions ntpsweep-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntpsweep/ntpsweep.mdoc.in b/scripts/ntpsweep/ntpsweep.mdoc.in index 37b9e81f20f7..07e1db269a2a 100644 --- a/scripts/ntpsweep/ntpsweep.mdoc.in +++ b/scripts/ntpsweep/ntpsweep.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPSWEEP 1ntpsweepmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntpsweep-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:22 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:44 AM by AutoGen 5.18.16 .\" From the definitions ntpsweep-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntptrace/Makefile.in b/scripts/ntptrace/Makefile.in index df8e287aa48d..4a9bc393b3d0 100644 --- a/scripts/ntptrace/Makefile.in +++ b/scripts/ntptrace/Makefile.in @@ -363,6 +363,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/ntptrace/invoke-ntptrace.texi b/scripts/ntptrace/invoke-ntptrace.texi index 0169c0eb6a97..e813a78f7543 100644 --- a/scripts/ntptrace/invoke-ntptrace.texi +++ b/scripts/ntptrace/invoke-ntptrace.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntptrace.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:27 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:48 AM by AutoGen 5.18.16 # From the definitions ntptrace-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -62,7 +62,7 @@ with a status code of 0. @exampleindent 0 @example -ntptrace - Trace peers of an NTP server - Ver. 4.2.8p17 +ntptrace - Trace peers of an NTP server - Ver. 4.2.8p18 USAGE: ntptrace [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... [host] -n, --numeric Print IP addresses instead of hostnames diff --git a/scripts/ntptrace/ntptrace-opts b/scripts/ntptrace/ntptrace-opts index ea17cb0f66c9..8857e8939c17 100644 --- a/scripts/ntptrace/ntptrace-opts +++ b/scripts/ntptrace/ntptrace-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (ntptrace-opts) # -# It has been AutoGen-ed June 6, 2023 at 04:39:25 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:47 AM by AutoGen 5.18.16 # From the definitions ntptrace-opts.def # and the template file perlopt @@ -40,7 +40,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -ntptrace - Trace peers of an NTP server - Ver. 4.2.8p17 +ntptrace - Trace peers of an NTP server - Ver. 4.2.8p18 USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host] -n, --numeric Print IP addresses instead of hostnames diff --git a/scripts/ntptrace/ntptrace.1ntptraceman b/scripts/ntptrace/ntptrace.1ntptraceman index c1833697961a..4da059ad556a 100644 --- a/scripts/ntptrace/ntptrace.1ntptraceman +++ b/scripts/ntptrace/ntptrace.1ntptraceman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntptrace 1ntptraceman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntptrace 1ntptraceman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:28 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:50 AM by AutoGen 5.18.16 .\" From the definitions ntptrace-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntptrace/ntptrace.1ntptracemdoc b/scripts/ntptrace/ntptrace.1ntptracemdoc index d42f63a644fc..0f26eb3d090f 100644 --- a/scripts/ntptrace/ntptrace.1ntptracemdoc +++ b/scripts/ntptrace/ntptrace.1ntptracemdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPTRACE 1ntptracemdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntptrace-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:25 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:47 AM by AutoGen 5.18.16 .\" From the definitions ntptrace-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntptrace/ntptrace.html b/scripts/ntptrace/ntptrace.html index 594c9ef59cd7..f445a25c63b0 100644 --- a/scripts/ntptrace/ntptrace.html +++ b/scripts/ntptrace/ntptrace.html @@ -48,7 +48,7 @@ Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href <span id="Simple-Network-Time-Protocol-User-Manual"></span><h1 class="top">Simple Network Time Protocol User Manual</h1> <p>This document describes the use of the NTP Project’s <code>ntptrace</code> program. -This document applies to version 4.2.8p17 of <code>ntptrace</code>. +This document applies to version 4.2.8p18 of <code>ntptrace</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -135,7 +135,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntptrace - Trace peers of an NTP server - Ver. 4.2.8p17 +<pre class="example">ntptrace - Trace peers of an NTP server - Ver. 4.2.8p18 USAGE: ntptrace [ -<flag> [<val>] | --<name>[{=| }<val>] ]... [host] -n, --numeric Print IP addresses instead of hostnames diff --git a/scripts/ntptrace/ntptrace.in b/scripts/ntptrace/ntptrace.in index 7cc5ce7f7224..d92e0796391d 100755 --- a/scripts/ntptrace/ntptrace.in +++ b/scripts/ntptrace/ntptrace.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input@ # John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org package ntptrace; @@ -6,6 +7,7 @@ use 5.006_000; use strict; use lib "@PERLLIBDIR@"; use NTP::Util qw(ntp_read_vars do_dns); +use Scalar::Util qw(looks_like_number); exit run(@ARGV) unless caller; @@ -59,7 +61,16 @@ sub get_info { return if not defined $info; return if not exists $info->{stratum}; + if (not (exists $info->{offset} && looks_like_number($info->{offset}))) { + $info->{offset} = "NaN"; + } $info->{offset} /= 1000; + if (not (exists $info->{rootdisp} && looks_like_number($info->{rootdisp}))) { + $info->{rootdisp} = "NaN"; + } + if (not (exists $info->{rootdelay} && looks_like_number($info->{rootdelay}))) { + $info->{rootdelay} = "NaN"; + } $info->{syncdistance} = ($info->{rootdisp} + ($info->{rootdelay} / 2)) / 1000; return %$info; diff --git a/scripts/ntptrace/ntptrace.man.in b/scripts/ntptrace/ntptrace.man.in index db4e5ab6c3aa..fe9275e63607 100644 --- a/scripts/ntptrace/ntptrace.man.in +++ b/scripts/ntptrace/ntptrace.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntptrace @NTPTRACE_MS@ "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntptrace @NTPTRACE_MS@ "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:28 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:50 AM by AutoGen 5.18.16 .\" From the definitions ntptrace-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/ntptrace/ntptrace.mdoc.in b/scripts/ntptrace/ntptrace.mdoc.in index 1d64345f1689..53f2bb990dee 100644 --- a/scripts/ntptrace/ntptrace.mdoc.in +++ b/scripts/ntptrace/ntptrace.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTPTRACE @NTPTRACE_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntptrace-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:25 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:47 AM by AutoGen 5.18.16 .\" From the definitions ntptrace-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/ntpver.in b/scripts/ntpver.in index 9615e66d61c6..4037e4403065 100644 --- a/scripts/ntpver.in +++ b/scripts/ntpver.in @@ -1,7 +1,8 @@ #!@CONFIG_SHELL@ +# @configure_input@ # print version string of NTP daemon # Copyright (c) 1997 by Ulrich Windl # Modified 970318: Harlan Stenn: rewritten... # usage: ntpver hostname -ntpq -c "rv 0 daemon_version" $* | @AWK@ '/daemon_version/ { print $2 }' +ntpq -c "rv 0 version" $* | @AWK@ '/version/ { print $2 }' diff --git a/scripts/plot_summary-opts b/scripts/plot_summary-opts index 10e2fdfaec7f..acf9ba865d64 100644 --- a/scripts/plot_summary-opts +++ b/scripts/plot_summary-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (plot_summary-opts) # -# It has been AutoGen-ed June 6, 2023 at 04:39:35 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:57 AM by AutoGen 5.18.16 # From the definitions plot_summary-opts.def # and the template file perlopt @@ -46,7 +46,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -plot_summary - plot statistics generated by summary script - Ver. 4.2.8p17 +plot_summary - plot statistics generated by summary script - Ver. 4.2.8p18 USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Where the summary files are diff --git a/scripts/plot_summary.1plot_summaryman b/scripts/plot_summary.1plot_summaryman index 14bc3202139b..952316138950 100644 --- a/scripts/plot_summary.1plot_summaryman +++ b/scripts/plot_summary.1plot_summaryman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH plot_summary 1plot_summaryman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH plot_summary 1plot_summaryman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:37 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:59 AM by AutoGen 5.18.16 .\" From the definitions plot_summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/plot_summary.1plot_summarymdoc b/scripts/plot_summary.1plot_summarymdoc index 338e8e5debac..a948db4e8c67 100644 --- a/scripts/plot_summary.1plot_summarymdoc +++ b/scripts/plot_summary.1plot_summarymdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (plot_summary-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:38 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:06:00 AM by AutoGen 5.18.16 .\" From the definitions plot_summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/plot_summary.html b/scripts/plot_summary.html index fc944c708e11..fa0b4e10e24b 100644 --- a/scripts/plot_summary.html +++ b/scripts/plot_summary.html @@ -48,7 +48,7 @@ Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href <span id="Plot_005fsummary-User-Manual"></span><h1 class="top">Plot_summary User Manual</h1> <p>This document describes the use of the NTP Project’s <code>plot_summary</code> program. -This document applies to version 4.2.8p17 of <code>plot_summary</code>. +This document applies to version 4.2.8p18 of <code>plot_summary</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -116,7 +116,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">plot_summary - plot statistics generated by summary script - Ver. 4.2.8p17 +<pre class="example">plot_summary - plot statistics generated by summary script - Ver. 4.2.8p18 USAGE: plot_summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Where the summary files are diff --git a/scripts/plot_summary.in b/scripts/plot_summary.in index 3401b0d0b8b8..f081fd1aa06d 100644 --- a/scripts/plot_summary.in +++ b/scripts/plot_summary.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input@ # $Id$ # # Use Gnuplot to display data in summary files produced by summary.pl. diff --git a/scripts/plot_summary.man.in b/scripts/plot_summary.man.in index 14bc3202139b..952316138950 100644 --- a/scripts/plot_summary.man.in +++ b/scripts/plot_summary.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH plot_summary 1plot_summaryman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH plot_summary 1plot_summaryman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:37 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:59 AM by AutoGen 5.18.16 .\" From the definitions plot_summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/plot_summary.mdoc.in b/scripts/plot_summary.mdoc.in index 338e8e5debac..a948db4e8c67 100644 --- a/scripts/plot_summary.mdoc.in +++ b/scripts/plot_summary.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt PLOT_SUMMARY 1plot_summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (plot_summary-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:38 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:06:00 AM by AutoGen 5.18.16 .\" From the definitions plot_summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/summary-opts b/scripts/summary-opts index 4cb1515193d6..a7dfd969037a 100644 --- a/scripts/summary-opts +++ b/scripts/summary-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (summary-opts) # -# It has been AutoGen-ed June 6, 2023 at 04:39:35 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:57 AM by AutoGen 5.18.16 # From the definitions summary-opts.def # and the template file perlopt @@ -44,7 +44,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -summary - compute various stastics from NTP stat files - Ver. 4.2.8p17 +summary - compute various stastics from NTP stat files - Ver. 4.2.8p18 USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Directory containing stat files diff --git a/scripts/summary.1summaryman b/scripts/summary.1summaryman index 282e7640fa3b..9e68fa41ef73 100644 --- a/scripts/summary.1summaryman +++ b/scripts/summary.1summaryman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH summary 1summaryman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH summary 1summaryman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:41 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:06:03 AM by AutoGen 5.18.16 .\" From the definitions summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/summary.1summarymdoc b/scripts/summary.1summarymdoc index 0c83fddc9219..ea74e1728906 100644 --- a/scripts/summary.1summarymdoc +++ b/scripts/summary.1summarymdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt SUMMARY 1summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (summary-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:43 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:06:04 AM by AutoGen 5.18.16 .\" From the definitions summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/summary.html b/scripts/summary.html index 6ce82201c38e..7fb8b6fb1d85 100644 --- a/scripts/summary.html +++ b/scripts/summary.html @@ -48,7 +48,7 @@ Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href <span id="Summary-User-Manual"></span><h1 class="top">Summary User Manual</h1> <p>This document describes the use of the NTP Project’s <code>summary</code> program. -This document applies to version 4.2.8p17 of <code>summary</code>. +This document applies to version 4.2.8p18 of <code>summary</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> @@ -116,7 +116,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">summary - compute various stastics from NTP stat files - Ver. 4.2.8p17 +<pre class="example">summary - compute various stastics from NTP stat files - Ver. 4.2.8p18 USAGE: summary [ -<flag> [<val>] | --<name>[{=| }<val>] ]... --directory=str Directory containing stat files diff --git a/scripts/summary.in b/scripts/summary.in index a99f8df0e73e..7e346d80fbfa 100644 --- a/scripts/summary.in +++ b/scripts/summary.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input@ # $Id$ # Perl version of (summary.sh, loop.awk, peer.awk): # Create summaries from xntpd's loop and peer statistics. diff --git a/scripts/summary.man.in b/scripts/summary.man.in index 282e7640fa3b..9e68fa41ef73 100644 --- a/scripts/summary.man.in +++ b/scripts/summary.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH summary 1summaryman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH summary 1summaryman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:41 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:06:03 AM by AutoGen 5.18.16 .\" From the definitions summary-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/summary.mdoc.in b/scripts/summary.mdoc.in index 0c83fddc9219..ea74e1728906 100644 --- a/scripts/summary.mdoc.in +++ b/scripts/summary.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt SUMMARY 1summarymdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (summary-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:43 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:06:04 AM by AutoGen 5.18.16 .\" From the definitions summary-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/update-leap/Makefile.in b/scripts/update-leap/Makefile.in index 19f20fe16902..3d5400bcca32 100644 --- a/scripts/update-leap/Makefile.in +++ b/scripts/update-leap/Makefile.in @@ -364,6 +364,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/scripts/update-leap/invoke-update-leap.texi b/scripts/update-leap/invoke-update-leap.texi index bc80b5a40936..9e1bdcbd7abb 100644 --- a/scripts/update-leap/invoke-update-leap.texi +++ b/scripts/update-leap/invoke-update-leap.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-update-leap.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:39:31 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:53 AM by AutoGen 5.18.16 # From the definitions update-leap-opts.def # and the template file agtexi-cmd.tpl @end ignore diff --git a/scripts/update-leap/update-leap-opts b/scripts/update-leap/update-leap-opts index 2aab11deb6a1..1b99167b6e8f 100644 --- a/scripts/update-leap/update-leap-opts +++ b/scripts/update-leap/update-leap-opts @@ -1,6 +1,6 @@ # EDIT THIS FILE WITH CAUTION (update-leap-opts) # -# It has been AutoGen-ed June 6, 2023 at 04:39:35 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:05:57 AM by AutoGen 5.18.16 # From the definitions update-leap-opts.def # and the template file perlopt @@ -46,7 +46,7 @@ sub processOptions { 'help|?', 'more-help')); $usage = <<'USAGE'; -update-leap - leap-seconds file manager/updater - Ver. 4.2.8p17 +update-leap - leap-seconds file manager/updater - Ver. 4.2.8p18 USAGE: update-leap [ -<flag> [<val>] | --<name>[{=| }<val>] ]... -s, --source-url=str The URL of the master copy of the leapseconds file diff --git a/scripts/update-leap/update-leap.1update-leapman b/scripts/update-leap/update-leap.1update-leapman index 83871441e444..12e3c23d5208 100644 --- a/scripts/update-leap/update-leap.1update-leapman +++ b/scripts/update-leap/update-leap.1update-leapman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH update-leap 1update-leapman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH update-leap 1update-leapman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:33 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:55 AM by AutoGen 5.18.16 .\" From the definitions update-leap-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/update-leap/update-leap.1update-leapmdoc b/scripts/update-leap/update-leap.1update-leapmdoc index 449a0840a946..6acbe102bc51 100644 --- a/scripts/update-leap/update-leap.1update-leapmdoc +++ b/scripts/update-leap/update-leap.1update-leapmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt UPDATE_LEAP 1update-leapmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (update-leap-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:30 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:51 AM by AutoGen 5.18.16 .\" From the definitions update-leap-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/scripts/update-leap/update-leap.html b/scripts/update-leap/update-leap.html index afdc9977d604..6040b23001f9 100644 --- a/scripts/update-leap/update-leap.html +++ b/scripts/update-leap/update-leap.html @@ -49,7 +49,7 @@ Previous: <a href="dir.html#Top" accesskey="p" rel="prev">(dir)</a>, Up: <a href <p>This document describes the use of the NTP Project’s <code>update-leap</code> program. </p> -<p>This document applies to version 4.2.8p17 of <code>update-leap</code>. +<p>This document applies to version 4.2.8p18 of <code>update-leap</code>. </p> <span id="SEC_Overview"></span> <h2 class="shortcontents-heading">Short Table of Contents</h2> diff --git a/scripts/update-leap/update-leap.in b/scripts/update-leap/update-leap.in index abf1134c1ff5..defc6176b80a 100755 --- a/scripts/update-leap/update-leap.in +++ b/scripts/update-leap/update-leap.in @@ -1,4 +1,5 @@ #! @PATH_PERL@ -w +# @configure_input # Copyright (C) 2015, 2017 Network Time Foundation # Author: Harlan Stenn diff --git a/scripts/update-leap/update-leap.man.in b/scripts/update-leap/update-leap.man.in index 83871441e444..12e3c23d5208 100644 --- a/scripts/update-leap/update-leap.man.in +++ b/scripts/update-leap/update-leap.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH update-leap 1update-leapman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH update-leap 1update-leapman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:33 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:55 AM by AutoGen 5.18.16 .\" From the definitions update-leap-opts.def .\" and the template file agman-cmd.tpl .SH NAME diff --git a/scripts/update-leap/update-leap.mdoc.in b/scripts/update-leap/update-leap.mdoc.in index 449a0840a946..6acbe102bc51 100644 --- a/scripts/update-leap/update-leap.mdoc.in +++ b/scripts/update-leap/update-leap.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt UPDATE_LEAP 1update-leapmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (update-leap-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:39:30 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:05:51 AM by AutoGen 5.18.16 .\" From the definitions update-leap-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME diff --git a/sntp/COPYRIGHT b/sntp/COPYRIGHT index 013202c0fb09..0cb57168ebfc 100644 --- a/sntp/COPYRIGHT +++ b/sntp/COPYRIGHT @@ -3,7 +3,7 @@ This file is automatically generated from html/copyright.html jpg "Clone me," says Dolly sheepishly. - Last update: 2-Mar-2023 05:21 UTC + Last update: 7-Jan-2024 00:29 UTC __________________________________________________________________ The following copyright notice applies to all files collectively called @@ -32,7 +32,7 @@ This file is automatically generated from html/copyright.html Hart, Danny Mayer, Martin Burnicki, and possibly others is: *********************************************************************** * * -* Copyright (c) Network Time Foundation 2011-2023 * +* Copyright (c) Network Time Foundation 2011-2024 * * * * All Rights Reserved * * * diff --git a/sntp/Makefile.am b/sntp/Makefile.am index 8f9d1f612534..4c4e19ed81d8 100644 --- a/sntp/Makefile.am +++ b/sntp/Makefile.am @@ -274,8 +274,7 @@ libevent: distdir-pre-check distdir-pre-check: case "$(DIST_FAIL)" in \ '') ;; \ - *) $(error re-run configure adding $(DIST_FAIL) if you want to make a distribution.); \ - echo "re-run configure adding $(DIST_FAIL) if you want to make a distribution."; \ + *) echo "re-run configure adding $(DIST_FAIL) if you want to make a distribution."; \ exit 1 ;; \ esac diff --git a/sntp/Makefile.in b/sntp/Makefile.in index 02af2211d10a..b7e7858a27f4 100644 --- a/sntp/Makefile.in +++ b/sntp/Makefile.in @@ -100,6 +100,7 @@ EXTRA_PROGRAMS = sntp$(EXEEXT) @BUILD_LIBEVENT_FALSE@am__append_2 = "--enable-local-libevent" @NEED_LIBOPTS_TRUE@am__append_3 = libopts @BUILD_SNTP_TRUE@am__append_4 = tests +@LIBNTP_SUBMAKES_TRUE@am__append_5 = check-libntp subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ @@ -110,6 +111,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ $(top_srcdir)/m4/ntp_cacheversion.m4 \ $(top_srcdir)/m4/ntp_compiler.m4 \ $(top_srcdir)/m4/ntp_crosscompile.m4 \ + $(top_srcdir)/m4/ntp_crypto_rand.m4 \ $(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \ $(top_srcdir)/m4/ntp_facilitynames.m4 \ $(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \ @@ -489,6 +491,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ @@ -660,9 +663,9 @@ EXTRA_DIST = \ BUILT_SOURCES = $(srcdir)/COPYRIGHT libtool $(srcdir)/sntp-opts.c \ $(srcdir)/sntp-opts.h $(srcdir)/include/version.def \ $(srcdir)/m4/version.m4 $(srcdir)/include/version.texi $(NULL) \ - check-libntp check-libopts .deps-ver + $(am__append_5) check-libopts .deps-ver CLEANFILES = check-COPYRIGHT-submake .version version.c $(NULL) \ - check-libntp check-libopts .deps-ver + check-libopts .deps-ver man1_MANS = man8_MANS = man_MANS = sntp.$(SNTP_MS) @@ -1648,8 +1651,7 @@ libevent: distdir-pre-check distdir-pre-check: case "$(DIST_FAIL)" in \ '') ;; \ - *) $(error re-run configure adding $(DIST_FAIL) if you want to make a distribution.); \ - echo "re-run configure adding $(DIST_FAIL) if you want to make a distribution."; \ + *) echo "re-run configure adding $(DIST_FAIL) if you want to make a distribution."; \ exit 1 ;; \ esac @@ -1667,11 +1669,10 @@ install-exec-hook: # -check-libntp: $(top_builddir)/../libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/../libntp/libntp.a: - cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libopts: libopts/libopts.la @echo stamp > $@ diff --git a/sntp/aclocal.m4 b/sntp/aclocal.m4 index 3bc30c477a33..e1177cd472bb 100644 --- a/sntp/aclocal.m4 +++ b/sntp/aclocal.m4 @@ -1219,6 +1219,7 @@ m4_include([m4/lt~obsolete.m4]) m4_include([m4/ntp_cacheversion.m4]) m4_include([m4/ntp_compiler.m4]) m4_include([m4/ntp_crosscompile.m4]) +m4_include([m4/ntp_crypto_rand.m4]) m4_include([m4/ntp_debug.m4]) m4_include([m4/ntp_dir_sep.m4]) m4_include([m4/ntp_facilitynames.m4]) diff --git a/sntp/check-libntp.mf b/sntp/check-libntp.mf index 649f605a8d07..f27aeb66e4f7 100644 --- a/sntp/check-libntp.mf +++ b/sntp/check-libntp.mf @@ -4,12 +4,12 @@ ## The above file has a version of this for the non-sntp portion ## of the NTP package. -BUILT_SOURCES += check-libntp -CLEANFILES += check-libntp +.PHONY: check-libntp -check-libntp: $(top_builddir)/../libntp/libntp.a - @: avoid default SCCS get by some make implementations +if LIBNTP_SUBMAKES +BUILT_SOURCES += check-libntp -$(top_builddir)/../libntp/libntp.a: +check-libntp: cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +endif diff --git a/sntp/check-libsntp.mf b/sntp/check-libsntp.mf index d05a3d02fd07..297a8947a57e 100644 --- a/sntp/check-libsntp.mf +++ b/sntp/check-libsntp.mf @@ -3,11 +3,7 @@ ## BUILT_SOURCES += check-libsntp -CLEANFILES += check-libsntp -check-libsntp: $(top_builddir)/sntp/libsntp.a - @: avoid default SCCS get by some make implementations - -$(top_builddir)/sntp/libsntp.a: +.PHONY: check-libsntp +check-libsntp: cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) libsntp.a - diff --git a/sntp/check-libunity.mf b/sntp/check-libunity.mf index bf5ec3bde1ed..af394da6e504 100644 --- a/sntp/check-libunity.mf +++ b/sntp/check-libunity.mf @@ -8,8 +8,7 @@ BUILT_SOURCES += check-libunity CLEANFILES += check-libunity check-libunity: $(top_builddir)/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/unity/libunity.a: cd $(top_builddir)/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a - diff --git a/sntp/config.h.in b/sntp/config.h.in index a4a15b82fcf1..d1cd7070a106 100644 --- a/sntp/config.h.in +++ b/sntp/config.h.in @@ -18,6 +18,9 @@ /* number of args to el_init() */ #undef EL_INIT_ARGS +/* Enable CMAC support? */ +#undef ENABLE_CMAC + /* nls support in libopts */ #undef ENABLE_NLS @@ -131,9 +134,6 @@ /* Define to 1 if the system has the type `int32'. */ #undef HAVE_INT32 -/* int32 type in DNS headers, not others. */ -#undef HAVE_INT32_ONLY_WITH_DNS - /* Define to 1 if the system has the type `int32_t'. */ #undef HAVE_INT32_T @@ -260,9 +260,6 @@ /* Define to 1 if you have the <openssl/cmac.h> header file. */ #undef HAVE_OPENSSL_CMAC_H -/* Define to 1 if you have the <openssl/hmac.h> header file. */ -#undef HAVE_OPENSSL_HMAC_H - /* Define this if pathfind(3) works */ #undef HAVE_PATHFIND @@ -314,6 +311,12 @@ /* Define to 1 if the system has the type `ptrdiff_t'. */ #undef HAVE_PTRDIFF_T +/* Define to 1 if you have the `RAND_bytes' function. */ +#undef HAVE_RAND_BYTES + +/* Define to 1 if you have the `RAND_poll' function. */ +#undef HAVE_RAND_POLL + /* Define to 1 if you have the <readline.h> header file. */ #undef HAVE_READLINE_H @@ -464,7 +467,7 @@ /* Define to 1 if you have the <sysexits.h> header file. */ #undef HAVE_SYSEXITS_H -/* */ +/* syslog.h provides facilitynames */ #undef HAVE_SYSLOG_FACILITYNAMES /* Define to 1 if you have the <syslog.h> header file. */ @@ -601,9 +604,6 @@ /* Define to 1 if the system has the type `u_int32'. */ #undef HAVE_U_INT32 -/* u_int32 type in DNS headers, not others. */ -#undef HAVE_U_INT32_ONLY_WITH_DNS - /* Define to 1 if you have the <values.h> header file. */ #undef HAVE_VALUES_H @@ -754,6 +754,9 @@ /* Use OpenSSL? */ #undef OPENSSL +/* Suppress OpenSSL 3 deprecation warnings */ +#undef OPENSSL_SUPPRESS_DEPRECATED + /* Name of package */ #undef PACKAGE @@ -839,10 +842,6 @@ /* enable thread safety */ #undef THREAD_SAFE -/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. This - macro is obsolete. */ -#undef TIME_WITH_SYS_TIME - /* Provide a typedef for uintptr_t? */ #ifndef HAVE_UINTPTR_T typedef unsigned int uintptr_t; @@ -852,6 +851,9 @@ typedef unsigned int uintptr_t; /* What type to use for setsockopt */ #undef TYPEOF_IP_MULTICAST_LOOP +/* Use OpenSSL's crypto random functions */ +#undef USE_OPENSSL_CRYPTO_RAND + /* OK to use snprintb()? */ #undef USE_SNPRINTB @@ -1016,15 +1018,8 @@ typedef unsigned int uintptr_t; /* Define to `unsigned int' if <sys/types.h> does not define. */ #undef size_t - - #if !defined(_KERNEL) && !defined(PARSESTREAM) - /* - * stdio.h must be included after _GNU_SOURCE is defined - * but before #define snprintf rpl_snprintf - */ - # include <stdio.h> - #endif - + #include "c99_snprintf.h" + /* Define to rpl_snprintf if the replacement function should be used. */ #undef snprintf diff --git a/sntp/configure b/sntp/configure index b435871daf0e..c39a17dcad27 100755 --- a/sntp/configure +++ b/sntp/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for sntp 4.2.8p17. +# Generated by GNU Autoconf 2.71 for sntp 4.2.8p18. # # Report bugs to <https://bugs.ntp.org/>. # @@ -621,8 +621,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='sntp' PACKAGE_TARNAME='sntp' -PACKAGE_VERSION='4.2.8p17' -PACKAGE_STRING='sntp 4.2.8p17' +PACKAGE_VERSION='4.2.8p18' +PACKAGE_STRING='sntp 4.2.8p18' PACKAGE_BUGREPORT='https://bugs.ntp.org/' PACKAGE_URL='https://www.ntp.org/' @@ -670,7 +670,6 @@ BUILD_TEST_KODDATABASE_TRUE UNITYBUILD_AVAILABLE_FALSE UNITYBUILD_AVAILABLE_TRUE PATH_RUBY -VER_SUFFIX LIB_SYSLOG subdirs BUILD_LIBEVENT_FALSE @@ -678,7 +677,6 @@ BUILD_LIBEVENT_TRUE LDADD_LIBEVENT CPPFLAGS_LIBEVENT CFLAGS_LIBEVENT -PKG_CONFIG NTP_FORCE_LIBEVENT_DIST LIBOPTS_DIR LIBOPTS_CFLAGS @@ -710,6 +708,11 @@ NM ac_ct_DUMPBIN DUMPBIN LIBTOOL +PATH_OPENSSL +VER_SUFFIX +PKG_CONFIG +LIBNTP_SUBMAKES_FALSE +LIBNTP_SUBMAKES_TRUE LIBOBJS PTHREADS_FALSE PTHREADS_TRUE @@ -724,10 +727,12 @@ LIBM EDITLINE_LIBS LD FGREP -SED +EGREP +GREP LDADD_LIBNTP NTP_CROSSCOMPILE_FALSE NTP_CROSSCOMPILE_TRUE +SED ac_ct_AR AR INSTALL_UPDATE_LEAP_FALSE @@ -820,14 +825,12 @@ WANT_CALC_TICKADJ_MS_TRUE NTP_HARD_LDFLAGS NTP_HARD_CPPFLAGS NTP_HARD_CFLAGS +CPP LDFLAGS_NTP LDADD_NTP CPPFLAGS_NTP CFLAGS_NTP CC_NOFORMAT -EGREP -GREP -CPP am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE @@ -941,6 +944,11 @@ enable_linuxcaps enable_solarisprivs enable_trustedbsd_mac enable_signalled_io +with_crypto +with_openssl_libdir +with_openssl_incdir +enable_verbose_ssl +enable_openssl_random enable_shared enable_static with_pic @@ -959,10 +967,6 @@ with_libregex_cflags with_libregex_libs enable_optional_args enable_local_libevent -with_crypto -with_openssl_libdir -with_openssl_incdir -with_rpath enable_ipv6 with_kame enable_getifaddrs @@ -1526,7 +1530,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sntp 4.2.8p17 to adapt to many kinds of systems. +\`configure' configures sntp 4.2.8p18 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1597,7 +1601,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sntp 4.2.8p17:";; + short | recursive ) echo "Configuration of sntp 4.2.8p18:";; esac cat <<\_ACEOF @@ -1614,13 +1618,15 @@ Optional Features: defaults: + yes, - no, s system-specific --enable-debugging + include ntpd debugging code --enable-thread-support s use threads (+ if available) - --enable-c99-snprintf s force replacement + --enable-c99-snprintf s use replacement printf family --enable-clockctl s Use /dev/clockctl for non-root clock control --enable-linuxcaps + Use Linux capabilities for non-root clock control --enable-solarisprivs + Use Solaris privileges for non-root clock control --enable-trustedbsd-mac s Use TrustedBSD MAC policy for non-root clock control --enable-signalled-io s Use signalled IO if we can + --enable-verbose-ssl - show crypto lib detection details + --enable-openssl-random + Use SSL lib's secure random numbers --enable-shared[=PKGS] build shared libraries [default=no] --enable-static[=PKGS] build static libraries [default=yes] --enable-fast-install[=PKGS] @@ -1646,6 +1652,11 @@ Optional Packages: --with-lineeditlibs edit,editline (readline may be specified if desired) --with-threads with threads [auto] --with-yielding-select with yielding select [auto] + --with-crypto + =openssl,libcrypto + --with-openssl-libdir + =/something/reasonable + + --with-openssl-incdir + =search likely dirs + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use both] --with-aix-soname=aix|svr4|both @@ -1659,14 +1670,6 @@ Optional Packages: --with-libregex libregex installation prefix --with-libregex-cflags libregex compile flags --with-libregex-libs libregex link command arguments - --with-crypto + =openssl,libcrypto - - --with-openssl-libdir + =/something/reasonable - - --with-openssl-incdir + =/something/reasonable - - --without-rpath s Disable auto-added -R linker paths - --with-kame - =/usr/local/v6 Some influential environment variables: @@ -1749,7 +1752,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sntp configure 4.2.8p17 +sntp configure 4.2.8p18 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1835,44 +1838,6 @@ printf "%s\n" "$ac_res" >&6; } } # ac_fn_c_check_header_compile -# ac_fn_c_try_cpp LINENO -# ---------------------- -# Try to preprocess conftest.$ac_ext, and return whether this succeeded. -ac_fn_c_try_cpp () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_cpp conftest.$ac_ext" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -printf "%s\n" "$ac_try_echo"; } >&5 - (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err - ac_status=$? - if test -s conftest.err; then - grep -v '^ *+' conftest.err >conftest.er1 - cat conftest.er1 >&5 - mv -f conftest.er1 conftest.err - fi - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } > conftest.i && { - test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || - test ! -s conftest.err - } -then : - ac_retval=0 -else $as_nop - printf "%s\n" "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=1 -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_cpp - # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. @@ -1963,6 +1928,44 @@ fi } # ac_fn_c_try_run +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache @@ -2406,7 +2409,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sntp $as_me 4.2.8p17, which was +It was created by sntp $as_me 4.2.8p18, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -2999,7 +3002,6 @@ as_fn_append ac_header_c_list " minix/config.h minix_config_h HAVE_MINIX_CONFIG_ as_fn_append ac_header_c_list " vfork.h vfork_h HAVE_VFORK_H" as_fn_append ac_func_c_list " fork HAVE_FORK" as_fn_append ac_func_c_list " vfork HAVE_VFORK" -as_fn_append ac_header_c_list " sys/time.h sys_time_h HAVE_SYS_TIME_H" as_fn_append ac_header_c_list " stdarg.h stdarg_h HAVE_STDARG_H" as_fn_append ac_func_c_list " vprintf HAVE_VPRINTF" @@ -3198,7 +3200,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # the date YYYYMMDD optionally with -HHMM if there is more than one # bump in a day. -sntp_configure_cache_version=20120806 +sntp_configure_cache_version=20240218 # When the version of config.cache and configure do not # match, NTP_CACHEVERSION will flush the cache. @@ -3817,7 +3819,7 @@ fi # Define the identity of the package. PACKAGE='sntp' - VERSION='4.2.8p17' + VERSION='4.2.8p18' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -4993,6 +4995,7 @@ fi + ac_header= ac_cache= for ac_item in $ac_header_c_list do @@ -5164,333 +5167,7 @@ then : fi -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -printf %s "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if test ${ac_cv_prog_CPP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - # Double quotes because $CC needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <limits.h> - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - -else $as_nop - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - # Broken: success on invalid input. -continue -else $as_nop - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok -then : - break -fi - - done - ac_cv_prog_CPP=$CPP - -fi - CPP=$ac_cv_prog_CPP -else - ac_cv_prog_CPP=$CPP -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -printf "%s\n" "$CPP" >&6; } -ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <limits.h> - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : -else $as_nop - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext - - # OK, works on sane cases. Now check whether nonexistent headers - # can be detected and how. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ac_nonexistent.h> -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - # Broken: success on invalid input. -continue -else $as_nop - # Passes both tests. -ac_preproc_ok=: -break -fi -rm -f conftest.err conftest.i conftest.$ac_ext - -done -# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. -rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok -then : - -else $as_nop - { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "C preprocessor \"$CPP\" fails sanity check -See \`config.log' for more details" "$LINENO" 5; } -fi - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -printf %s "checking for grep that handles long lines and -e... " >&6; } -if test ${ac_cv_path_GREP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if test -z "$GREP"; then - ac_path_GREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_prog in grep ggrep - do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_GREP" || continue -# Check for GNU ac_path_GREP and select it if it is found. - # Check for GNU $ac_path_GREP -case `"$ac_path_GREP" --version 2>&1` in -*GNU*) - ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; -*) - ac_count=0 - printf %s 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - printf "%s\n" 'GREP' >> "conftest.nl" - "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_GREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_GREP="$ac_path_GREP" - ac_path_GREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_GREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_GREP"; then - as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_GREP=$GREP -fi - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -printf "%s\n" "$ac_cv_path_GREP" >&6; } - GREP="$ac_cv_path_GREP" - - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -printf %s "checking for egrep... " >&6; } -if test ${ac_cv_path_EGREP+y} -then : - printf %s "(cached) " >&6 -else $as_nop - if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 - then ac_cv_path_EGREP="$GREP -E" - else - if test -z "$EGREP"; then - ac_path_EGREP_found=false - # Loop through the user's path and test for each of PROGNAME-LIST - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_prog in egrep - do - for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" - as_fn_executable_p "$ac_path_EGREP" || continue -# Check for GNU ac_path_EGREP and select it if it is found. - # Check for GNU $ac_path_EGREP -case `"$ac_path_EGREP" --version 2>&1` in -*GNU*) - ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; -*) - ac_count=0 - printf %s 0123456789 >"conftest.in" - while : - do - cat "conftest.in" "conftest.in" >"conftest.tmp" - mv "conftest.tmp" "conftest.in" - cp "conftest.in" "conftest.nl" - printf "%s\n" 'EGREP' >> "conftest.nl" - "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break - diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break - as_fn_arith $ac_count + 1 && ac_count=$as_val - if test $ac_count -gt ${ac_path_EGREP_max-0}; then - # Best one so far, save it but keep looking for a better one - ac_cv_path_EGREP="$ac_path_EGREP" - ac_path_EGREP_max=$ac_count - fi - # 10*(2^10) chars as input seems more than enough - test $ac_count -gt 10 && break - done - rm -f conftest.in conftest.tmp conftest.nl conftest.out;; -esac - - $ac_path_EGREP_found && break 3 - done - done - done -IFS=$as_save_IFS - if test -z "$ac_cv_path_EGREP"; then - as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 - fi -else - ac_cv_path_EGREP=$EGREP -fi - - fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -printf "%s\n" "$ac_cv_path_EGREP" >&6; } - EGREP="$ac_cv_path_EGREP" - - - - - - - -# Ralf Wildenhues: With per-target flags we need CC_C_O -# AM_PROG_CC_C_O supersets AC_PROG_CC_C_O - -if test $ac_cv_c_compiler_gnu = yes; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 -printf %s "checking whether $CC needs -traditional... " >&6; } -if test ${ac_cv_prog_gcc_traditional+y} -then : - printf %s "(cached) " >&6 -else $as_nop - ac_pattern="Autoconf.*'x'" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sgtty.h> -Autoconf TIOCGETP -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1 -then : - ac_cv_prog_gcc_traditional=yes -else $as_nop - ac_cv_prog_gcc_traditional=no -fi -rm -rf conftest* - - - if test $ac_cv_prog_gcc_traditional = no; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <termio.h> -Autoconf TCGETA -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "$ac_pattern" >/dev/null 2>&1 -then : - ac_cv_prog_gcc_traditional=yes -fi -rm -rf conftest* - - fi -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 -printf "%s\n" "$ac_cv_prog_gcc_traditional" >&6; } - if test $ac_cv_prog_gcc_traditional = yes; then - CC="$CC -traditional" - fi -fi @@ -5658,13 +5335,15 @@ fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_Winit_self" >&5 printf "%s\n" "$ntp_cv_gcc_Winit_self" >&6; } # + # $ntp_cv_gcc_Winit_self is tested later to add the + # flag to CFLAGS_NTP. + # # libopts specifically builds a string with embedded NULs. # This causes a bunch of distracting warnings due to -Wformat. - # Let's see if we can figure out how to disable these. # - CFLAGS="$SAVED_CFLAGS -Wno-format" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC can handle -Wno-format" >&5 -printf %s "checking if $CC can handle -Wno-format... " >&6; } + CFLAGS="$SAVED_CFLAGS -Wno-format -Wno-format-security" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC can handle -Wno-format -Wno-format-security" >&5 +printf %s "checking if $CC can handle -Wno-format -Wno-format-security... " >&6; } if test ${ntp_cv_gcc_Wno_format+y} then : printf %s "(cached) " >&6 @@ -5694,21 +5373,50 @@ rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_Wno_format" >&5 printf "%s\n" "$ntp_cv_gcc_Wno_format" >&6; } - case "$ntp_cv_gcc_Wno_format" in + no) ntp_cv_gcc_Wno_format_truncation=no + ;; yes) - CC_NOFORMAT="$CC_NOFORMAT -Wno-format" - ;; - no) - ;; + CC_NOFORMAT="-Wno-format -Wno-format-security" + CFLAGS="$SAVED_CFLAGS -Wformat -Wno-format-truncation -Werror" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC can handle -Wformat -Wno-format-truncation" >&5 +printf %s "checking if $CC can handle -Wformat -Wno-format-truncation... " >&6; } +if test ${ntp_cv_gcc_Wno_format_truncation+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ntp_cv_gcc_Wno_format_truncation=yes +else $as_nop + ntp_cv_gcc_Wno_format_truncation=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_Wno_format_truncation" >&5 +printf "%s\n" "$ntp_cv_gcc_Wno_format_truncation" >&6; } + # + # $ntp_cv_gcc_Wno_format_truncation is tested later to add the + # flag to CFLAGS. + # esac CFLAGS="$SAVED_CFLAGS" { SAVED_CFLAGS=; unset SAVED_CFLAGS;} - # - # $ntp_cv_gcc_Winit_self is tested later to add the - # flag to CFLAGS_NTP. - # + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linker supports omitting unused code and data" >&5 printf %s "checking if linker supports omitting unused code and data... " >&6; } if test ${ntp_cv_gc_sections_runs+y} @@ -5716,7 +5424,17 @@ then : printf %s "(cached) " >&6 else $as_nop - origCFLAGS="$CFLAGS" + # NetBSD will link but likely not run with --gc-sections + # http://bugs.ntp.org/1844 + # http://gnats.netbsd.org/40401 + # --gc-sections causes attempt to load as linux elf, with + # wrong syscalls in place. Test a little gauntlet of + # simple stdio read code checking for errors, expecting + # enough syscall differences that the NetBSD code will + # fail even with Linux emulation working as designed. + # A shorter test could be refined by someone with access + # to a NetBSD host with Linux emulation working. + origCFLAGS="$CFLAGS" CFLAGS="$CFLAGS -Wl,--gc-sections" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5806,6 +5524,10 @@ printf "%s\n" "$ntp_cv_gc_sections_runs" >&6; } yes) CFLAGS_NTP="$CFLAGS_NTP -Wstrict-overflow" esac + case "$ntp_cv_gcc_Wno_format_truncation" in + yes) + CFLAGS_NTP="$CFLAGS_NTP -Wno-format-truncation" + esac # -W[no-]strict-prototypes might be added by NTP_OPENSSL esac @@ -6734,6 +6456,81 @@ unknown) esac +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +printf %s "checking for a sed that does not truncate output... " >&6; } +if test ${ac_cv_path_SED+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in sed gsed + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +printf "%s\n" "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + # Expose a cross-compilation indicator to makefiles @@ -6835,6 +6632,148 @@ Xsed="$SED -e 1s/^X//" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +printf %s "checking for grep that handles long lines and -e... " >&6; } +if test ${ac_cv_path_GREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +printf "%s\n" "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +printf %s "checking for egrep... " >&6; } +if test ${ac_cv_path_EGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + printf %s 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + printf "%s\n" 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +printf "%s\n" "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 printf %s "checking for fgrep... " >&6; } if test ${ac_cv_path_FGREP+y} @@ -7892,12 +7831,154 @@ fi +ntp_pkgconfig_min_version='0.15.0' +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PKG_CONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +printf "%s\n" "$PKG_CONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_ac_pt_PKG_CONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +{ ac_cv_path_PKG_CONFIG=; unset ac_cv_path_PKG_CONFIG;} +{ ac_cv_path_ac_pt_PKG_CONFIG=; unset ac_cv_path_ac_pt_PKG_CONFIG;} + +case "$PKG_CONFIG" in + /*) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if pkg-config is at least version $ntp_pkgconfig_min_version" >&5 +printf %s "checking if pkg-config is at least version $ntp_pkgconfig_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $ntp_pkgconfig_min_version; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + PKG_CONFIG="" + fi + ;; +esac + + + + + +VER_SUFFIX= + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: " >&5 +printf "%s\n" "$as_me: " >&6;} + esac + + + + + # HMS: Save $LIBS and empty it. # any LIBS we add here should go in to LDADD_LIBNTP -__LIBS=$LIBS +SAVED_LIBS=$LIBS LIBS= @@ -9641,14 +9722,6 @@ printf "%s\n" "#define HAVE_INLINE 1" >>confdefs.h esac -# Obsolete code to be removed. -if test $ac_cv_header_sys_time_h = yes; then - -printf "%s\n" "#define TIME_WITH_SYS_TIME 1" >>confdefs.h - -fi -# End of obsolete code. - # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. @@ -15504,100 +15577,6 @@ fi -case "$ac_cv_type_int32::$ac_cv_header_resolv_h" in - no::yes) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for int32 with DNS headers included" >&5 -printf %s "checking for int32 with DNS headers included... " >&6; } -if test ${ntp_cv_type_int32_with_dns+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #ifdef HAVE_ARPA_NAMESER_H - # include <arpa/nameser.h> - #endif - #include <resolv.h> - -int -main (void) -{ - - size_t cb = sizeof(int32); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ntp_cv_type_int32_with_dns=yes -else $as_nop - ntp_cv_type_int32_with_dns=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_type_int32_with_dns" >&5 -printf "%s\n" "$ntp_cv_type_int32_with_dns" >&6; } - case "$ntp_cv_type_int32_with_dns" in - yes) - -printf "%s\n" "#define HAVE_INT32_ONLY_WITH_DNS 1" >>confdefs.h - - esac -esac - -case "$ac_cv_type_u_int32::$ac_cv_header_resolv_h" in - no::yes) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for u_int32 with DNS headers included" >&5 -printf %s "checking for u_int32 with DNS headers included... " >&6; } -if test ${ntp_cv_type_u_int32_with_dns+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #ifdef HAVE_ARPA_NAMESER_H - # include <arpa/nameser.h> - #endif - #include <resolv.h> - -int -main (void) -{ - - size_t cb = sizeof(u_int32); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - ntp_cv_type_u_int32_with_dns=yes -else $as_nop - ntp_cv_type_u_int32_with_dns=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_type_u_int32_with_dns" >&5 -printf "%s\n" "$ntp_cv_type_u_int32_with_dns" >&6; } - case "$ntp_cv_type_u_int32_with_dns" in - yes) - -printf "%s\n" "#define HAVE_U_INT32_ONLY_WITH_DNS 1" >>confdefs.h - - esac -esac - ac_fn_c_check_header_compile "$LINENO" "sys/timepps.h" "ac_cv_header_sys_timepps_h" " #ifdef HAVE_SYS_TIME_H # include <sys/time.h> @@ -16179,42 +16158,1189 @@ printf "%s\n" "$as_me: WARNING: *** $ntp_warning ***" >&2;} ;; esac + if test x"$enable_dependency_tracking" = x"yes"; then + LIBNTP_SUBMAKES_TRUE= + LIBNTP_SUBMAKES_FALSE='#' +else + LIBNTP_SUBMAKES_TRUE='#' + LIBNTP_SUBMAKES_FALSE= +fi -LDADD_LIBNTP="$LDADD_LIBNTP $LIBS" -LIBS=$__LIBS -{ __LIBS=; unset __LIBS;} -# Check whether --enable-shared was given. -if test ${enable_shared+y} + +# Check whether --with-crypto was given. +if test ${with_crypto+y} then : - enableval=$enable_shared; p=${PACKAGE-default} - case $enableval in - yes) enable_shared=yes ;; - no) enable_shared=no ;; - *) - enable_shared=no - # Look at the argument we got. We use all the common list separators. - lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, - for pkg in $enableval; do - IFS=$lt_save_ifs - if test "X$pkg" = "X$p"; then - enable_shared=yes + withval=$with_crypto; case "$with_crypto" in + yes) + with_crypto=openssl,libcrypto + esac + +else $as_nop + with_crypto=openssl,libcrypto +fi + + +# Check whether --with-openssl-libdir was given. +if test ${with_openssl_libdir+y} +then : + withval=$with_openssl_libdir; +fi + + +# Check whether --with-openssl-incdir was given. +if test ${with_openssl_incdir+y} +then : + withval=$with_openssl_incdir; +fi + +# Check whether --enable-verbose-ssl was given. +if test ${enable_verbose_ssl+y} +then : + enableval=$enable_verbose_ssl; +else $as_nop + enable_verbose_ssl=no +fi + + +ntp_openssl=no +ntp_openssl_from_pkg_config=no +ntp_ssl_incdir= +ntp_ssl_cflags= +ntp_ssl_cppflags= +ntp_ssl_libdir= +ntp_ssl_libs_L= +ntp_ssl_libs_l= +ntp_ssl_libs= +ntp_ssl_ldflags= + +NTPSSL_SAVED_CFLAGS="$CFLAGS" +NTPSSL_SAVED_CPPFLAGS="$CPPFLAGS" +NTPSSL_SAVED_LIBS="$LIBS" +NTPSSL_SAVED_LDFLAGS="$LDFLAGS" + +# Extract the first word of "openssl", so it can be a program name with args. +set dummy openssl; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PATH_OPENSSL+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PATH_OPENSSL in + [\\/]* | ?:[\\/]*) + ac_cv_path_PATH_OPENSSL="$PATH_OPENSSL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PATH_OPENSSL="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PATH_OPENSSL=$ac_cv_path_PATH_OPENSSL +if test -n "$PATH_OPENSSL"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PATH_OPENSSL" >&5 +printf "%s\n" "$PATH_OPENSSL" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + + +str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $str" >&5 +printf "%s\n" "$as_me: $str" >&6;} + esac + + +{ str=; unset str;} + +# Make sure neither/both --with_openssl-{inc,lib}dir are given +case "${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in + notgiven:notgiven) ;; + *notgiven*) + as_fn_error $? "only one of --with-openssl-{inc,lib}dir=... given - provide both or neither" "$LINENO" 5 + ;; +esac + +# HMS: Today there are only 2 case options. We probably want a third +# *:*:notgiven:notgiven +# and in that case we would validate the path in PKG_CONFIG_PATH. +# Unless we can do it with 2 cases, where the 2nd case is *:*:... +# and we do a reality check on execpath and the headers/libraries. +# +## +# if $with_crypto is not "no": +# if --with-openssl-{inc,lib}dir are not given: +# we should use pkg-config to find openssl +# if we don't have pkg-config, if openssl is in the base OS, use that. +## +case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in + no:*) ;; + *:notempty:notgiven:notgiven) + # If PKG_CONFIG is notempty and we haven't been given openssl paths, + # then let's make sure that the openssl executable's path corresponds + # to the path in openssl.pc, and 'openssl version' matches the Version + # in openssl.pc. If $PKG_CONFIG tells us an INCPATH and/or a LIBPATH, + # then should we reality check them? + ## INCPATH + # harlan@ntp-testbuild.tal1> openssl version + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> grep 1.1.1t /ntpbuild/include/openssl/* + # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # harlan@ntp-testbuild.tal1> + ## LIBPATH + # harlan@ntp-testbuild.tal1> strings -a /ntpbuild/lib/libcrypto.* | fgrep 1.1.1t + # OpenSSL 1.1.1t 7 Feb 2023 + # OpenSSL 1.1.1t 7 Feb 2023 + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> ls /ntpbuild/lib/libcrypto.* + # /ntpbuild/lib/libcrypto.a /ntpbuild/lib/libcrypto.so.1.1* + # /ntpbuild/lib/libcrypto.so@ + # harlan@ntp-testbuild.tal1> + ## + # Having said this, do we really care if the openssl executable that + # we have found is matched with the INCPATH and LIBPATH? + # One answer: Probably not, but we should complain on a mismatch as + # otherwise runtime differences could easily cause problems/drama. + + ##BO + # ntp_cv_build_framework_help=yes + save_PKG_CONFIG_PATH=${PKG_CONFIG_PATH} + for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do + case "$pkg" in + openssl) + if $PKG_CONFIG --exists $pkg ; then + # Found it - yay + # Do we want to check we found the right one? + # --modver + # --variable={libdir,includedir} (varname) + overf=`openssl version` + overs=`echo $overf | awk '{print }'` + case "$overs" in + 0.*) ;; # Should we squawk? + 1.0.*) ;; # Should we squawk? + 1.1.*) ;; # Should we squawk? + 3.*) + oinc=`openssl --variable=includedir` + olib=`openssl --variable=libdir` + # How should we use these? + ;; + *) ;; # Should we squawk? + esac + # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # grep 1.1.1t /ntpbuild/lib/libcrypto.a + # strings -a /ntpbuild/lib/libcrypto.a | grep 1.1.1t + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> + # which should match $overf + ## + # harlan@ntp-testbuild.tal1> echo '"OpenSSL 1.1.1t 7 Feb 2023"' | cut -f 2 -d\" + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> grep OPENSSL_VERSION_TEXT /ntpbuild/include/openssl/opensslv.h + # # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # harlan@ntp-testbuild.tal1> + ## + + else + # This is a hack, but it's reasonable. + pkgpath="`echo $PATH_OPENSSL | sed -e 's:/bin/openssl$::'`/lib/pkgconfig" + test -d "$pkgpath" || pkgpath= + # echo "pkgpath is <$pkgpath>" + # echo "PKG_CONFIG_PATH is <$PKG_CONFIG_PATH>" + case "$pkgpath" in + '') ;; # Nothing to see here... + *) case ":$PKG_CONFIG_PATH:" in + ::) + PKG_CONFIG_PATH=$pkgpath + export PKG_CONFIG_PATH + ;; + *:$pkgpath:*) + # Already there... + ;; + *) + PKG_CONFIG_PATH="$pkgpath:$PKG_CONFIG_PATH" + export PKG_CONFIG_PATH + ;; + esac + ;; + esac + fi + ;; + esac + done + ##EO + + for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config for $pkg" >&5 +printf %s "checking pkg-config for $pkg... " >&6; } + if $PKG_CONFIG --exists $pkg ; then + ntp_ssl_cppflags="`$PKG_CONFIG --cflags-only-I $pkg`" + case "$ntp_ssl_cppflags" in + '') + ntp_ssl_incdir='not needed' + ;; + *) + ntp_ssl_incdir="`echo $ntp_ssl_cppflags | $SED -e 's/-I//'`" + esac + ntp_ssl_cflags="`$PKG_CONFIG --cflags-only-other $pkg`" + ntp_ssl_libs_L="`$PKG_CONFIG --libs-only-L $pkg`" + case "$ntp_ssl_libs_L" in + '') + ntp_ssl_libdir='not needed' + ;; + *) + ntp_ssl_libdir="`echo $ntp_ssl_libs_L | $SED -e 's/-L//'`" + esac + ntp_ssl_libs_l="`$PKG_CONFIG --libs-only-l $pkg`" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + ntp_ssl_ldflags="`$PKG_CONFIG --libs-only-other $pkg`" + ntp_openssl=yes + ntp_openssl_from_pkg_config=yes + ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" + case "$ntp_openssl_version" in + *.*) ;; + *) ntp_openssl_version='(unknown)' ;; + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 +printf "%s\n" "yes, version $ntp_openssl_version" >&6; } + + break fi - done - IFS=$lt_save_ifs - ;; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + done + { pkg=; unset pkg;} +esac +case "$with_crypto" in + no) ;; + *) + case "$with_openssl_libdir" in + '') ;; + *) + ntp_ssl_libdir="$with_openssl_libdir" + ntp_ssl_libs_L="-L$with_openssl_libdir" + ntp_ssl_libs_l="-lcrypto" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" esac + case "$with_openssl_incdir" in + '') ;; + *) + ntp_ssl_incdir="$with_openssl_incdir" + ntp_ssl_cppflags="-I$with_openssl_incdir" + esac +esac + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL Phase I checks:" >&5 +printf "%s\n" "$as_me: OpenSSL Phase I checks:" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CFLAGS_NTP: ($CFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CFLAGS_NTP: ($CFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDADD_NTP: ($LDADD_NTP)" >&5 +printf "%s\n" "$as_me: LDADD_NTP: ($LDADD_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_openssl_from_pkg_config: $ntp_openssl_from_pkg_config" >&5 +printf "%s\n" "$as_me: ntp_openssl_from_pkg_config: $ntp_openssl_from_pkg_config" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs: ($ntp_ssl_libs)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs: ($ntp_ssl_libs)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&6;} + esac + + + +case "$with_crypto" in + no) + ntp_openssl=no + ;; + *) + ntp_ssl_libs_l="${ntp_ssl_libs_l:--lcrypto}" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + case "$ntp_ssl_libdir" in + '') + + { ac_cv_lib_crypto_EVP_MD_CTX_new=; unset ac_cv_lib_crypto_EVP_MD_CTX_new;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for libcrypto without -L" >&5 +printf "%s\n" "$as_me: Searching for libcrypto without -L" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 +printf %s "checking for EVP_MD_CTX_new in -lcrypto... " >&6; } +if test ${ac_cv_lib_crypto_EVP_MD_CTX_new+y} +then : + printf %s "(cached) " >&6 else $as_nop - enable_shared=no + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char EVP_MD_CTX_new (); +int +main (void) +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_crypto_EVP_MD_CTX_new=yes +else $as_nop + ac_cv_lib_crypto_EVP_MD_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_MD_CTX_new" >&5 +printf "%s\n" "$ac_cv_lib_crypto_EVP_MD_CTX_new" >&6; } +if test "x$ac_cv_lib_crypto_EVP_MD_CTX_new" = xyes +then : + ntp_ssl_libdir='not needed' + +fi + + { ac_cv_lib_crypto_EVP_MD_CTX_new=; unset ac_cv_lib_crypto_EVP_MD_CTX_new;} + esac + case "$ntp_ssl_libdir" in + '') + ntp_ssl_libdir_search="/usr/lib /usr/lib/openssl /usr/sfw/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/ssl/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /opt/local/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /lib /lib64" + ;; + *) + ntp_ssl_libdir_search="$ntp_ssl_libdir" + esac + case $ntp_ssl_libdir_search in + 'not needed') ;; + *) + for i in $ntp_ssl_libdir_search not_found + do + case "$i" in + not_found) ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for libcrypto in $i" >&5 +printf "%s\n" "$as_me: Searching for libcrypto in $i" >&6;} + LIBS="-L$i $NTPSSL_SAVED_LIBS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -lcrypto" >&5 +printf %s "checking for EVP_MD_CTX_new in -lcrypto... " >&6; } +if test ${ac_cv_lib_crypto_EVP_MD_CTX_new+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcrypto $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char EVP_MD_CTX_new (); +int +main (void) +{ +return EVP_MD_CTX_new (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_crypto_EVP_MD_CTX_new=yes +else $as_nop + ac_cv_lib_crypto_EVP_MD_CTX_new=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_EVP_MD_CTX_new" >&5 +printf "%s\n" "$ac_cv_lib_crypto_EVP_MD_CTX_new" >&6; } +if test "x$ac_cv_lib_crypto_EVP_MD_CTX_new" = xyes +then : + break + +fi + + { ac_cv_lib_crypto_EVP_MD_CTX_new=; unset ac_cv_lib_crypto_EVP_MD_CTX_new;} + esac + done + ntp_ssl_libdir="$i" + ntp_ssl_libs_L="-L$i" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + LIBS="$NTPSSL_SAVED_LIBS" + case "$ntp_ssl_libdir" in + not_found) + as_fn_error $? "You may want to use --without-crypto, or add +openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the +--with-openssl-libdir=/some/path option to configure. +libcrypto not found in any of the following directories: +$ntp_ssl_libdir_search + " "$LINENO" 5 + esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: libcrypto found in $ntp_ssl_libdir" >&5 +printf "%s\n" "$as_me: libcrypto found in $ntp_ssl_libdir" >&6;} + esac + + case "$ntp_openssl_from_pkg_config:$ntp_ssl_incdir" in + 'yes:not needed' | no:) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for openssl/evp.h without -I" >&5 +printf "%s\n" "$as_me: Searching for openssl/evp.h without -I" >&6;} + { ac_cv_header_openssl_evp_h=; unset ac_cv_header_openssl_evp_h;} + ac_fn_c_check_header_compile "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_evp_h" = xyes +then : + ntp_ssl_incdir='not needed' + +fi + + esac + case "$ntp_ssl_incdir" in + 'not needed') + ntp_ssl_incdir_search="$ntp_ssl_incdir" + ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for openssl include directory" >&5 +printf "%s\n" "$as_me: Searching for openssl include directory" >&6;} + case "$with_openssl_incdir" in + '') + case "$ntp_ssl_incdir" in + '') + ntp_ssl_incdir_search="/usr/include /usr/sfw/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /opt/local/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/ssl/include" + ;; + *) + esac + ;; + *) + ntp_ssl_incdir_search="$with_openssl_incdir" + esac + case $ntp_ssl_incdir_search in + 'not needed') ;; + *) + for i in $ntp_ssl_incdir_search + do + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Searching for openssl/evp.h in $i" >&5 +printf "%s\n" "$as_me: Searching for openssl/evp.h in $i" >&6;} + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS -I$i" + { ac_cv_header_openssl_evp_h=; unset ac_cv_header_openssl_evp_h;} + ac_fn_c_check_header_compile "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_evp_h" = xyes +then : + ntp_ssl_incdir="$i" ; break + +fi + + done + { ac_cv_header_openssl_evp_h=; unset ac_cv_header_openssl_evp_h;} + { i=; unset i;} + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS" + case "$ntp_ssl_incdir" in + '') + as_fn_error $? "You may want to use --without-crypto, or add +openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the +-with-openssl-incdir=/some/path option to configure. +No usable openssl/evp.h found in any of the following direcotries: +$ntp_ssl_incdir_search + " "$LINENO" 5 + esac + ntp_ssl_cppflags="-I$ntp_ssl_incdir" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Found evp.h in $ntp_ssl_incdir/openssl" >&5 +printf "%s\n" "$as_me: Found evp.h in $ntp_ssl_incdir/openssl" >&6;} + esac + esac + ntp_openssl=yes +esac +case "$ntp_openssl:$ntp_ssl_libdir" in + 'yes:not needed') + ;; + yes:*) + CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if crypto works without runpath" >&5 +printf %s "checking if crypto works without runpath... " >&6; } +if test ${ntp_cv_ssl_without_runpath+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : + ntp_cv_ssl_without_runpath=yes +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + if (!EVP_MD_CTX_new()) { + return 1; + } + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ntp_cv_ssl_without_runpath=yes +else $as_nop + ntp_cv_ssl_without_runpath=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_without_runpath" >&5 +printf "%s\n" "$ntp_cv_ssl_without_runpath" >&6; } + case "$ntp_cv_ssl_without_runpath" in + no) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if crypto needs -Wl,-rpath,$ntp_ssl_libdir" >&5 +printf %s "checking if crypto needs -Wl,-rpath,$ntp_ssl_libdir... " >&6; } +if test ${ntp_cv_ssl_needs_dashWl_rpath+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + LDFLAGS="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir $NTPSSL_SAVED_LDFLAGS" + if test "$cross_compiling" = yes +then : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + if (!EVP_MD_CTX_new()) { + return 1; + } + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ntp_cv_ssl_needs_dashWl_rpath=yes +else $as_nop + ntp_cv_ssl_needs_dashWl_rpath=no + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_needs_dashWl_rpath" >&5 +printf "%s\n" "$ntp_cv_ssl_needs_dashWl_rpath" >&6; } + case "$ntp_cv_ssl_needs_dashWl_rpath" in + yes) + ntp_ssl_ldflags="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir" + ;; + no) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if crypto needs -R$ntp_ssl_libdir" >&5 +printf %s "checking if crypto needs -R$ntp_ssl_libdir... " >&6; } +if test ${ntp_cv_ssl_needs_dashR+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + LDFLAGS="$NTPSSL_SAVED_LDFLAGS $ntp_ssl_ldflags -R$ntp_ssl_libdir" + if test "$cross_compiling" = yes +then : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + if (!EVP_MD_CTX_new()) { + return 1; + } + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO" +then : + ntp_cv_ssl_needs_dashR=yes +else $as_nop + ntp_cv_ssl_needs_dashR=no + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_needs_dashR" >&5 +printf "%s\n" "$ntp_cv_ssl_needs_dashR" >&6; } + case "$ntp_cv_ssl_needs_dashR" in + yes) + ntp_ssl_ldflags="$ntp_ssl_ldflags -R$ntp_ssl_libdir" + esac + case "$build:$ntp_cv_ssl_needs_dashR" in + $host:no) + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Unable to run program using crypto, check openssl.pc +or libcrypto.pc are in PKG_CONFIG_PATH, or provide the + --with-openssl-libdir=/some/path option to configure. + +See \`config.log' for more details" "$LINENO" 5; } + esac + esac + esac +esac + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL Phase II checks:" >&5 +printf "%s\n" "$as_me: OpenSSL Phase II checks:" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_incdir: ($ntp_ssl_incdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libdir: ($ntp_ssl_libdir)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cflags: ($ntp_ssl_cflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_cppflags: ($ntp_ssl_cppflags)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_L: ($ntp_ssl_libs_L)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs_l: ($ntp_ssl_libs_l)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_libs: ($ntp_ssl_libs)" >&5 +printf "%s\n" "$as_me: ntp_ssl_libs: ($ntp_ssl_libs)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&5 +printf "%s\n" "$as_me: ntp_ssl_ldflags: ($ntp_ssl_ldflags)" >&6;} + esac + + + +case "$ntp_openssl:$ntp_openssl_from_pkg_config" in + yes:no) + CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with $ntp_ssl_libs_l alone works" >&5 +printf %s "checking if linking with $ntp_ssl_libs_l alone works... " >&6; } +if test ${ntp_cv_bare_lcrypto+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + EVP_MD_CTX_new(); + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ntp_cv_bare_lcrypto=yes +else $as_nop + ntp_cv_bare_lcrypto=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_bare_lcrypto" >&5 +printf "%s\n" "$ntp_cv_bare_lcrypto" >&6; } + case "$ntp_cv_bare_lcrypto" in + no) + LIBS="-$ntp_ssl_libs -lz $NTPSSL_SAVED_LIBS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with $ntp_ssl_libs_l -lz works" >&5 +printf %s "checking if linking with $ntp_ssl_libs_l -lz works... " >&6; } +if test ${ntp_cv_lcrypto_lz+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/evp.h" + +int +main (void) +{ + + EVP_MD_CTX_new(); + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ntp_cv_lcrypto_lz=yes +else $as_nop + ntp_cv_lcrypto_lz=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_lcrypto_lz" >&5 +printf "%s\n" "$ntp_cv_lcrypto_lz" >&6; } + case "$ntp_cv_lcrypto_lz" in + yes) + ntp_ssl_libs_l="$ntp_ssl_libs_l -lz" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + esac + esac esac +case "$ntp_openssl:$GCC" in + yes:yes) + CFLAGS="$NTP_SAVED_CFLAGS $ntp_ssl_cflags -Werror" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking If $CC supports -Werror" >&5 +printf %s "checking If $CC supports -Werror... " >&6; } +if test ${ntp_cv_gcc_supports_Werror+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ntp_cv_gcc_supports_Werror=yes +else $as_nop + ntp_cv_gcc_supports_Werror=no + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_gcc_supports_Werror" >&5 +printf "%s\n" "$ntp_cv_gcc_supports_Werror" >&6; } + case "ntp_cv_gcc_supports_Werror" in + no) + ntp_use_Wstrict_prototypes=yes + ;; + yes) + CFLAGS="$CFLAGS -Wstrict-prototypes" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if OpenSSL triggers warnings" >&5 +printf %s "checking if OpenSSL triggers warnings... " >&6; } +if test ${ntp_cv_ssl_triggers_warnings+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include "openssl/asn1_mac.h" + #include "openssl/bn.h" + #include "openssl/err.h" + #include "openssl/evp.h" + #include "openssl/pem.h" + #include "openssl/rand.h" + #include "openssl/x509v3.h" + +int +main (void) +{ + + /* empty body */ + + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ntp_cv_ssl_triggers_warnings=no +else $as_nop + ntp_cv_ssl_triggers_warnings=yes + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_ssl_triggers_warnings" >&5 +printf "%s\n" "$ntp_cv_ssl_triggers_warnings" >&6; } + case "$ntp_cv_ssl_triggers_warnings" in + yes) + ntp_use_Wstrict_prototypes=no + ;; + *) + ntp_use_Wstrict_prototypes=yes + esac + esac + case "$ntp_use_Wstrict_prototypes" in + no) + ntp_ssl_cflags="$ntp_ssl_cflags -Wno-strict-prototypes" + ;; + *) + ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" + esac + ;; + no:yes) + ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" +esac +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we will link to ssl library" >&5 +printf %s "checking if we will link to ssl library... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_openssl" >&5 +printf "%s\n" "$ntp_openssl" >&6; } + +case "$ntp_openssl" in + yes) + VER_SUFFIX=o + for ac_header in openssl/cmac.h +do : + ac_fn_c_check_header_compile "$LINENO" "openssl/cmac.h" "ac_cv_header_openssl_cmac_h" "$ac_includes_default" +if test "x$ac_cv_header_openssl_cmac_h" = xyes +then : + printf "%s\n" "#define HAVE_OPENSSL_CMAC_H 1" >>confdefs.h + ntp_enable_cmac=yes +else $as_nop + ntp_enable_cmac=no + +fi + +done + case "$ntp_enable_cmac" in + yes) + +printf "%s\n" "#define ENABLE_CMAC 1" >>confdefs.h + + esac + +printf "%s\n" "#define OPENSSL /**/" >>confdefs.h + + +printf "%s\n" "#define OPENSSL_SUPPRESS_DEPRECATED 1" >>confdefs.h + + CFLAGS="$NTPSSL_SAVED_CFLAGS" + ac_fn_c_check_func "$LINENO" "EVP_MD_do_all_sorted" "ac_cv_func_EVP_MD_do_all_sorted" +if test "x$ac_cv_func_EVP_MD_do_all_sorted" = xyes +then : + printf "%s\n" "#define HAVE_EVP_MD_DO_ALL_SORTED 1" >>confdefs.h + +fi + + CPPFLAGS_NTP="$CPPFLAGS_NTP $ntp_ssl_cppflags" + CFLAGS_NTP="$CFLAGS_NTP $ntp_ssl_cflags" + LDADD_NTP="$ntp_ssl_libs $LDADD_NTP" + LDFLAGS_NTP="$ntp_ssl_ldflags $LDFLAGS_NTP" +esac + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL final checks:" >&5 +printf "%s\n" "$as_me: OpenSSL final checks:" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ntp_openssl: $ntp_openssl" >&5 +printf "%s\n" "$as_me: ntp_openssl: $ntp_openssl" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CPPFLAGS_NTP: ($CPPFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: CFLAGS_NTP: ($CFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: CFLAGS_NTP: ($CFLAGS_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDADD_NTP: ($LDADD_NTP)" >&5 +printf "%s\n" "$as_me: LDADD_NTP: ($LDADD_NTP)" >&6;} + esac + + + case "$enable_verbose_ssl" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&5 +printf "%s\n" "$as_me: LDFLAGS_NTP: ($LDFLAGS_NTP)" >&6;} + esac + + + +CFLAGS="$NTPSSL_SAVED_CFLAGS" +CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS" +LIBS="$NTPSSL_SAVED_LIBS" +LDFLAGS="$NTPSSL_SAVED_LDFLAGS" + +{ NTPSSL_SAVED_CFLAGS=; unset NTPSSL_SAVED_CFLAGS;} +{ NTPSSL_SAVED_CPPFLAGS=; unset NTPSSL_SAVED_CPPFLAGS;} +{ NTPSSL_SAVED_LIBS=; unset NTPSSL_SAVED_LIBS;} +{ NTPSSL_SAVED_LDFLAGS=; unset NTPSSL_SAVED_LDFLAGS;} +{ ntp_enable_cmac=; unset ntp_enable_cmac;} +{ ntp_use_Wstrict_prototypes=; unset ntp_use_Wstrict_prototypes;} +{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;} +{ ntp_openssl_version=; unset ntp_openssl_version;} +{ ntp_ssl_cflags=; unset ntp_ssl_cflags;} +{ ntp_ssl_cppflags=; unset ntp_ssl_cppflags;} +{ ntp_ssl_libdir_search=; unset ntp_ssl_libdir_search;} +{ ntp_ssl_incdir_search=; unset ntp_ssl_incdir_search;} +{ ntp_ssl_libdir=; unset ntp_ssl_libdir;} +{ ntp_ssl_incdir=; unset ntp_ssl_incdir;} +{ ntp_ssl_libs_l=; unset ntp_ssl_libs_l;} +{ ntp_ssl_libs_L=; unset ntp_ssl_libs_L;} +{ ntp_ssl_ldflags=; unset ntp_ssl_ldflags;} + + + + + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we want to use SSL library's secure random numbers" >&5 +printf %s "checking if we want to use SSL library's secure random numbers... " >&6; } +# Check whether --enable-openssl-random was given. +if test ${enable_openssl_random+y} +then : + enableval=$enable_openssl_random; ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval +else $as_nop + ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_use_openssl_random" >&5 +printf "%s\n" "$ntp_use_openssl_random" >&6; } + +# The following might need extra libraries +NTPO_SAVED_LIBS="$LIBS" +LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" +ac_fn_c_check_func "$LINENO" "RAND_bytes" "ac_cv_func_RAND_bytes" +if test "x$ac_cv_func_RAND_bytes" = xyes +then : + printf "%s\n" "#define HAVE_RAND_BYTES 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "RAND_poll" "ac_cv_func_RAND_poll" +if test "x$ac_cv_func_RAND_poll" = xyes +then : + printf "%s\n" "#define HAVE_RAND_POLL 1" >>confdefs.h + fi +LIBS="$NTPO_SAVED_LIBS" +case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in + yesyesyesyes) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Using SSL library's secure random number generator" >&5 +printf "%s\n" "$as_me: Using SSL library's secure random number generator" >&6;} + +printf "%s\n" "#define USE_OPENSSL_CRYPTO_RAND 1" >>confdefs.h + ;; + *) + ntp_use_openssl_random=no + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: SSL library's secure random number generator unavailable." >&5 +printf "%s\n" "$as_me: SSL library's secure random number generator unavailable." >&6;} + case "$ntp_ssl_random_mandatory" in + yes) + as_fn_error $? "No suitable SSL library was found and +--enable-openssl-random was given.. Remove --enable-openssl-random +if you wish to build without a cryptographically secure random number +generator. + +WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable. + " "$LINENO" 5 + ;; + *) + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable. + " >&5 +printf "%s\n" "$as_me: WARNING: WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable. + " >&2;} + esac +esac +{ ntp_ssl_random_mandatory=; unset ntp_ssl_random_mandatory;} +LDADD_LIBNTP="$LDADD_LIBNTP $LIBS" +LIBS=$SAVED_LIBS +{ SAVED_LIBS=; unset SAVED_LIBS;} @@ -19334,6 +20460,36 @@ fi # Set options +# Check whether --enable-shared was given. +if test ${enable_shared+y} +then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else $as_nop + enable_shared=no +fi + + + + + + + @@ -23678,7 +24834,7 @@ esac # Therefore, by default: # - use the version we ship with # - do not install it -# - build a static copy (AC_DISABLE_SHARED - done earlier) +# - build a static copy (disable-shared - done earlier) case "${enable_local_libopts+set}" in set) ;; *) enable_local_libopts=yes ;; @@ -25651,136 +26807,6 @@ printf "%s\n" "#define NO_OPTIONAL_OPT_ARGS 1" >>confdefs.h -ntp_pkgconfig_min_version='0.15.0' -if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_path_PKG_CONFIG+y} -then : - printf %s "(cached) " >&6 -else $as_nop - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -printf "%s\n" "$PKG_CONFIG" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -printf %s "checking for $ac_word... " >&6; } -if test ${ac_cv_path_ac_pt_PKG_CONFIG+y} -then : - printf %s "(cached) " >&6 -else $as_nop - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - case $as_dir in #((( - '') as_dir=./ ;; - */) ;; - *) as_dir=$as_dir/ ;; - esac - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir$ac_word$ac_exec_ext" - printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -printf "%s\n" "$ac_pt_PKG_CONFIG" >&6; } -else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } -fi - - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi - -{ ac_cv_path_PKG_CONFIG=; unset ac_cv_path_PKG_CONFIG;} -{ ac_cv_path_ac_pt_PKG_CONFIG=; unset ac_cv_path_ac_pt_PKG_CONFIG;} - -case "$PKG_CONFIG" in - /*) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if pkg-config is at least version $ntp_pkgconfig_min_version" >&5 -printf %s "checking if pkg-config is at least version $ntp_pkgconfig_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $ntp_pkgconfig_min_version; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } - else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } - PKG_CONFIG="" - fi - ;; -esac - - - - # Check whether --enable-local-libevent was given. if test ${enable_local_libevent+y} then : @@ -25812,8 +26838,6 @@ case "$ntp_use_local_libevent" in *) # If we have (a good enough) pkg-config, see if it can find libevent case "$PKG_CONFIG" in /*) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5 -printf %s "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; } if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent then ntp_use_local_libevent=no @@ -25822,6 +26846,8 @@ printf %s "checking if libevent $ntp_libevent_min_version or later is installed. *.*) ;; *) ntp_libevent_version='(unknown)' ;; esac + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5 +printf %s "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_libevent_version" >&5 printf "%s\n" "yes, version $ntp_libevent_version" >&6; } CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` @@ -25856,6 +26882,8 @@ printf "%s\n" "yes, version $ntp_libevent_version" >&6; } # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS # is "pthreads"? CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libevent $ntp_libevent_min_version or later is installed" >&5 +printf %s "checking if libevent $ntp_libevent_min_version or later is installed... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } fi @@ -25904,14 +26932,15 @@ esac case "$ntp_use_local_libevent" in yes) ac_configure_args=" --disable-openssl${ac_configure_args}" + ac_configure_args=" --disable-samples${ac_configure_args}" ac_configure_args=" --disable-shared${ac_configure_args}" ac_configure_args=" --disable-libevent-regress${ac_configure_args}" ac_configure_args=" --disable-libevent-install${ac_configure_args}" ac_configure_args=" --enable-silent-rules${ac_configure_args}" ac_configure_args=" --enable-function-sections${ac_configure_args}" - ac_configure_args=" LEP_CFLAGS='${NTP_HARD_CFLAGS}'${ac_configure_args}" - ac_configure_args=" LEP_CPPFLAGS='${NTP_HARD_CPPFLAGS}'${ac_configure_args}" - ac_configure_args=" LEP_LDFLAGS='${NTP_HARD_LDFLAGS}'${ac_configure_args}" + ac_configure_args=" LIBEVENT_CFLAGS='${NTP_HARD_CFLAGS}'${ac_configure_args}" + ac_configure_args=" LIBEVENT_CPPFLAGS='${NTP_HARD_CPPFLAGS}'${ac_configure_args}" + ac_configure_args=" LIBEVENT_LDFLAGS='${NTP_HARD_LDFLAGS}'${ac_configure_args}" subdirs="$subdirs libevent" ;; @@ -26041,35 +27070,39 @@ fi done + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for facilitynames in syslog.h" >&5 printf %s "checking for facilitynames in syslog.h... " >&6; } if test ${ac_cv_HAVE_SYSLOG_FACILITYNAMES+y} then : printf %s "(cached) " >&6 else $as_nop - -cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#define SYSLOG_NAMES -#include <stdlib.h> -#include <syslog.h> + #define SYSLOG_NAMES + #include <stdlib.h> + #include <syslog.h> int main (void) { - void *fnames; fnames = facilitynames; + + void *fnames = facilitynames; + + ; return 0; } + ac_cv_HAVE_SYSLOG_FACILITYNAMES=yes _ACEOF if ac_fn_c_try_compile "$LINENO" then : - ac_cv_HAVE_SYSLOG_FACILITYNAMES=yes -else $as_nop ac_cv_HAVE_SYSLOG_FACILITYNAMES=no + fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_HAVE_SYSLOG_FACILITYNAMES" >&5 printf "%s\n" "$ac_cv_HAVE_SYSLOG_FACILITYNAMES" >&6; } @@ -26082,11 +27115,6 @@ printf "%s\n" "#define HAVE_SYSLOG_FACILITYNAMES 1" >>confdefs.h no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: No facilitynames in <syslog.h>" >&5 printf "%s\n" "$as_me: WARNING: No facilitynames in <syslog.h>" >&2;} - ;; - cross) - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: facilitynames in <syslog.h> - cross-compiling" >&5 -printf "%s\n" "$as_me: WARNING: facilitynames in <syslog.h> - cross-compiling" >&2;} - ;; esac @@ -26236,466 +27264,6 @@ fi - -VER_SUFFIX= - - - - -# Check whether --with-crypto was given. -if test ${with_crypto+y} -then : - withval=$with_crypto; -fi - - -# Check whether --with-openssl-libdir was given. -if test ${with_openssl_libdir+y} -then : - withval=$with_openssl_libdir; -fi - - -# Check whether --with-openssl-incdir was given. -if test ${with_openssl_incdir+y} -then : - withval=$with_openssl_incdir; -fi - - -# Check whether --with-rpath was given. -if test ${with_rpath+y} -then : - withval=$with_rpath; -fi - - -ntp_openssl=no -ntp_openssl_from_pkg_config=no - -with_crypto=${with_crypto:-openssl,libcrypto} -case "$with_crypto" in - yes) - with_crypto=openssl,libcrypto -esac - - -case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in - no:*) ;; - *:notempty:notgiven:notgiven) - for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking pkg-config for $pkg" >&5 -printf %s "checking pkg-config for $pkg... " >&6; } - if $PKG_CONFIG --exists $pkg ; then - CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`" - CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`" - LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`" - LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`" - LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`" - VER_SUFFIX=o - ntp_openssl=yes - ntp_openssl_from_pkg_config=yes - ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" - case "$ntp_openssl_version" in - *.*) ;; - *) ntp_openssl_version='(unknown)' ;; - esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes, version $ntp_openssl_version" >&5 -printf "%s\n" "yes, version $ntp_openssl_version" >&6; } - - break - fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } - done -esac -case "$with_crypto:$ntp_openssl" in - no:*) ;; - *:no) - need_dash_r= - need_dash_Wlrpath= - case "${with_rpath-notgiven}" in - yes) - # Lame - what to do if we need -Wl... but not -R? - need_dash_r=1 - ;; - notgiven) - case "$host" in - *-*-linux*) - # This may really only be true for gcc - need_dash_Wlrpath=1 - ;; - *-*-netbsd*) - need_dash_r=1 - ;; - *-*-solaris*) - need_dash_r=1 - ;; - esac - ;; - esac - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openssl library directory" >&5 -printf %s "checking for openssl library directory... " >&6; } - with_openssl_libdir=${with_openssl_libdir-notgiven} - case "$with_openssl_libdir" in - notgiven) - case "$build" in - $host) - with_openssl_libdir=default - ;; - *) - with_openssl_libdir=no - ;; - esac - esac - case "$with_openssl_libdir" in - default) - # Look in: - with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib" - with_openssl_libdir="$with_openssl_libdir /usr/local/lib" - with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib" - esac - case "$with_openssl_libdir" in - no) - ;; - *) # Look for libcrypto.a and libssl.a: - for i in $with_openssl_libdir no - do - case "$host" in - *-*-darwin*) - test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break - ;; - *) - test -f $i/libcrypto.so -a -f $i/libssl.so && break - test -f $i/libcrypto.a -a -f $i/libssl.a && break - ;; - esac - done - openssl_libdir=$i - ;; - esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssl_libdir" >&5 -printf "%s\n" "$openssl_libdir" >&6; } - case "$openssl_libdir" in - no) - openssl_libdir= - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libcrypto and libssl not found in any of $with_openssl_libdir" >&5 -printf "%s\n" "$as_me: WARNING: libcrypto and libssl not found in any of $with_openssl_libdir" >&2;} - esac - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for openssl include directory" >&5 -printf %s "checking for openssl include directory... " >&6; } - with_openssl_incdir=${with_openssl_incdir-notgiven} - case "$with_openssl_incdir" in - notgiven) - # Look in: - with_openssl_incdir="/usr/include /usr/sfw/include" - with_openssl_incdir="$with_openssl_incdir /usr/local/include" - with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include" - esac - case "$with_openssl_incdir" in - no) - ;; - *) # look for openssl/evp.h: - for i in $with_openssl_incdir no - do - test -f $i/openssl/evp.h && break - done - openssl_incdir=$i - ;; - esac - { i=; unset i;} - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssl_incdir" >&5 -printf "%s\n" "$openssl_incdir" >&6; } - case "$openssl_incdir" in - no) - openssl_incdir= - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: did not find openssl/evp.h in any of $with_openssl_incdir" >&5 -printf "%s\n" "$as_me: WARNING: did not find openssl/evp.h in any of $with_openssl_incdir" >&2;} - esac - if test -z "$openssl_libdir" -o -z "$openssl_incdir" - then - ntp_openssl=no - else - ntp_openssl=yes - VER_SUFFIX=o - fi - case "$ntp_openssl" in - yes) - # We have OpenSSL inc/lib dirs - use them. - case "$openssl_incdir" in - /usr/include) - ;; - *) - CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir" - ;; - esac - case "$openssl_libdir" in - /usr/lib) - ;; - *) - LDADD_NTP="$LDADD_NTP -L$openssl_libdir" - case "$need_dash_r" in - 1) - LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir" - esac - case "$need_dash_Wlrpath" in - 1) - LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir" - esac - ;; - esac - LDADD_NTP="$LDADD_NTP -lcrypto" - esac -esac - -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we will use crypto" >&5 -printf %s "checking if we will use crypto... " >&6; } -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_openssl" >&5 -printf "%s\n" "$ntp_openssl" >&6; } - -case "$ntp_openssl" in - yes) - ac_fn_c_check_header_compile "$LINENO" "openssl/cmac.h" "ac_cv_header_openssl_cmac_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_cmac_h" = xyes -then : - printf "%s\n" "#define HAVE_OPENSSL_CMAC_H 1" >>confdefs.h - -fi -ac_fn_c_check_header_compile "$LINENO" "openssl/hmac.h" "ac_cv_header_openssl_hmac_h" "$ac_includes_default" -if test "x$ac_cv_header_openssl_hmac_h" = xyes -then : - printf "%s\n" "#define HAVE_OPENSSL_HMAC_H 1" >>confdefs.h - -fi - - -printf "%s\n" "#define OPENSSL /**/" >>confdefs.h - - case "$VER_SUFFIX" in - *o*) ;; - *) as_fn_error $? "OPENSSL set but no 'o' in VER_SUFFIX!" "$LINENO" 5 ;; - esac - ;; -esac - -NTPO_SAVED_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP" -NTPO_SAVED_LIBS="$LIBS" - -# -# check for linking with -lcrypto failure, and try -lcrypto -lz. -# Helps m68k-atari-mint -# -case "$ntp_openssl:$ntp_openssl_from_pkg_config" in - yes:no) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with -lcrypto alone works" >&5 -printf %s "checking if linking with -lcrypto alone works... " >&6; } -if test ${ntp_cv_bare_lcrypto+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include "openssl/err.h" - #include "openssl/evp.h" - -int -main (void) -{ - - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - ntp_cv_bare_lcrypto=yes -else $as_nop - ntp_cv_bare_lcrypto=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_bare_lcrypto" >&5 -printf "%s\n" "$ntp_cv_bare_lcrypto" >&6; } - case "$ntp_cv_bare_lcrypto" in - no) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if linking with -lcrypto -lz works" >&5 -printf %s "checking if linking with -lcrypto -lz works... " >&6; } -if test ${ntp_cv_lcrypto_lz+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include "openssl/err.h" - #include "openssl/evp.h" - -int -main (void) -{ - - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO" -then : - ntp_cv_lcrypto_lz=yes -else $as_nop - ntp_cv_lcrypto_lz=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ntp_cv_lcrypto_lz" >&5 -printf "%s\n" "$ntp_cv_lcrypto_lz" >&6; } - case "$ntp_cv_lcrypto_lz" in - yes) - LDADD_NTP="$LDADD_NTP -lz" - esac - esac -esac - -# -# Older OpenSSL headers have a number of callback prototypes inside -# other function prototypes which trigger copious warnings with gcc's -# -Wstrict-prototypes, which is included in -Wall. -# -# An example: -# -# int i2d_RSA_NET(const RSA *a, unsigned char **pp, -# int (*cb)(), int sgckey); -# ^^^^^^^^^^^ -# -# -# -openssl_triggers_warnings=unknown -NTPO_SAVED_CFLAGS="$CFLAGS" - -case "$ntp_openssl:$GCC" in - yes:yes) - CFLAGS="$CFLAGS -Werror" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -int -main (void) -{ - - /* see if -Werror breaks gcc */ - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - gcc_handles_Werror=yes -else $as_nop - gcc_handles_Werror=no - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - case "$gcc_handles_Werror" in - no) - # if this gcc doesn't do -Werror go ahead and use - # -Wstrict-prototypes. - openssl_triggers_warnings=yes - ;; - yes) - CFLAGS="$CFLAGS -Wstrict-prototypes" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include "openssl/asn1_mac.h" - #include "openssl/bn.h" - #include "openssl/err.h" - #include "openssl/evp.h" - #include "openssl/pem.h" - #include "openssl/rand.h" - #include "openssl/x509v3.h" - -int -main (void) -{ - - /* empty body */ - - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - openssl_triggers_warnings=no -else $as_nop - openssl_triggers_warnings=yes - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - esac - case "$openssl_triggers_warnings" in - yes) - CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes" - ;; - *) - CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" - esac - ;; - no:yes) - # gcc without OpenSSL - CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" -esac - -# Because we don't want -Werror for the EVP_MD_do_all_sorted check -CFLAGS="$NTPO_SAVED_CFLAGS" - -case "$ntp_openssl" in - yes) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" - ac_fn_c_check_func "$LINENO" "EVP_MD_do_all_sorted" "ac_cv_func_EVP_MD_do_all_sorted" -if test "x$ac_cv_func_EVP_MD_do_all_sorted" = xyes -then : - printf "%s\n" "#define HAVE_EVP_MD_DO_ALL_SORTED 1" >>confdefs.h - -fi - - ;; -esac - - -CPPFLAGS="$NTPO_SAVED_CPPFLAGS" -LIBS="$NTPO_SAVED_LIBS" -{ NTPO_SAVED_CFLAGS=; unset NTPO_SAVED_CFLAGS;} -{ NTPO_SAVED_CPPFLAGS=; unset NTPO_SAVED_CPPFLAGS;} -{ NTPO_SAVED_LIBS=; unset NTPO_SAVED_LIBS;} -{ openssl_triggers_warnings=; unset openssl_triggers_warnings;} -{ ntp_openssl_from_pkg_config=; unset ntp_openssl_from_pkg_config;} - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct sockaddr_storage" >&5 printf %s "checking for struct sockaddr_storage... " >&6; } if test ${ntp_cv_sockaddr_storage+y} @@ -27842,6 +28410,10 @@ if test -z "${PTHREADS_TRUE}" && test -z "${PTHREADS_FALSE}"; then as_fn_error $? "conditional \"PTHREADS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${LIBNTP_SUBMAKES_TRUE}" && test -z "${LIBNTP_SUBMAKES_FALSE}"; then + as_fn_error $? "conditional \"LIBNTP_SUBMAKES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${BUILD_SNTP_TRUE}" && test -z "${BUILD_SNTP_FALSE}"; then as_fn_error $? "conditional \"BUILD_SNTP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -28264,7 +28836,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sntp $as_me 4.2.8p17, which was +This file was extended by sntp $as_me 4.2.8p18, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -28333,7 +28905,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -sntp config.status 4.2.8p17 +sntp config.status 4.2.8p18 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" @@ -28470,9 +29042,9 @@ FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' -enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' @@ -29519,13 +30091,13 @@ SHELL=$lt_SHELL # An echo program that protects backslashes. ECHO=$lt_ECHO -# Whether or not to build shared libraries. -build_libtool_libs=$enable_shared - # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + # Whether or not to build static libraries. build_old_libs=$enable_static diff --git a/sntp/configure.ac b/sntp/configure.ac index 43c2ad6c5828..4fb182bc0ef5 100644 --- a/sntp/configure.ac +++ b/sntp/configure.ac @@ -33,7 +33,7 @@ AC_LANG([C]) # the date YYYYMMDD optionally with -HHMM if there is more than one # bump in a day. -sntp_configure_cache_version=20120806 +sntp_configure_cache_version=20240218 # When the version of config.cache and configure do not # match, NTP_CACHEVERSION will flush the cache. @@ -62,8 +62,7 @@ AM_PROG_AR NTP_LIBNTP -AC_DISABLE_SHARED -AC_PROG_LIBTOOL +LT_INIT([disable-shared]) AC_SUBST([LIBTOOL_DEPS]) NTP_WITHSNTP @@ -82,7 +81,7 @@ esac # Therefore, by default: # - use the version we ship with # - do not install it -# - build a static copy (AC_DISABLE_SHARED - done earlier) +# - build a static copy (disable-shared - done earlier) case "${enable_local_libopts+set}" in set) ;; *) enable_local_libopts=yes ;; @@ -121,7 +120,6 @@ NTP_FACILITYNAMES # Checks for typedefs, structures, and compiler characteristics. AC_HEADER_STDBOOL -NTP_OPENSSL NTP_IPV6 ### diff --git a/sntp/crypto.c b/sntp/crypto.c index 7807ccc00b03..1be2ea3f0c39 100644 --- a/sntp/crypto.c +++ b/sntp/crypto.c @@ -16,14 +16,15 @@ size_t key_cnt = 0; typedef struct key Key_T; -static u_int +static size_t compute_mac( - u_char digest[EVP_MAX_MD_SIZE], + u_char * digest, + size_t dig_sz, char const * macname, void const * pkt_data, - u_int pkt_size, + size_t pkt_len, void const * key_data, - u_int key_size + size_t key_size ) { u_int len = 0; @@ -56,7 +57,7 @@ compute_mac( EVP_aes_128_cbc(), NULL)) { msyslog(LOG_ERR, "make_mac: CMAC %s Init failed.", CMAC); } - else if (!CMAC_Update(ctx, pkt_data, (size_t)pkt_size)) { + else if (!CMAC_Update(ctx, pkt_data, pkt_len)) { msyslog(LOG_ERR, "make_mac: CMAC %s Update failed.", CMAC); } else if (!CMAC_Final(ctx, digest, &slen)) { @@ -95,7 +96,7 @@ compute_mac( macname); goto mac_fail; } - if (!EVP_DigestUpdate(ctx, pkt_data, pkt_size)) { + if (!EVP_DigestUpdate(ctx, pkt_data, pkt_len)) { msyslog(LOG_ERR, "make_mac: MAC %s Digest Update data failed.", macname); goto mac_fail; @@ -112,7 +113,7 @@ compute_mac( goto mac_fail; } EVP_DigestUpdate(ctx, key_data, key_size); - EVP_DigestUpdate(ctx, pkt_data, pkt_size); + EVP_DigestUpdate(ctx, pkt_data, pkt_len); EVP_DigestFinal(ctx, digest, &len); #endif mac_fail: @@ -122,34 +123,28 @@ compute_mac( return len; } -int + +size_t make_mac( const void * pkt_data, - int pkt_size, - int mac_size, + size_t pkt_len, Key_T const * cmp_key, - void * digest + void * digest, + size_t dig_sz ) { u_int len; u_char dbuf[EVP_MAX_MD_SIZE]; - if (cmp_key->key_len > 64 || mac_size <= 0) - return 0; - if (pkt_size % 4 != 0) + if (cmp_key->key_len > 64 || pkt_len % 4 != 0) { return 0; - - len = compute_mac(dbuf, cmp_key->typen, - pkt_data, (u_int)pkt_size, - cmp_key->key_seq, (u_int)cmp_key->key_len); - - - if (len) { - if (len > (u_int)mac_size) - len = (u_int)mac_size; - memcpy(digest, dbuf, len); } - return (int)len; + len = compute_mac(dbuf, sizeof(dbuf), cmp_key->typen, pkt_data, + pkt_len, cmp_key->key_seq, cmp_key->key_len); + INSIST(len <= dig_sz); + memcpy(digest, dbuf, len); + + return len; } @@ -161,8 +156,8 @@ make_mac( int auth_md5( void const * pkt_data, - int pkt_size, - int mac_size, + size_t pkt_len, + size_t mac_len, Key_T const * cmp_key ) { @@ -170,22 +165,20 @@ auth_md5( u_char const * pkt_ptr = pkt_data; u_char dbuf[EVP_MAX_MD_SIZE]; - if (mac_size <= 0 || (size_t)mac_size > sizeof(dbuf)) + if (0 == mac_len || mac_len > sizeof(dbuf)) { return FALSE; + } + len = compute_mac(dbuf, sizeof(dbuf), cmp_key->typen, + pkt_ptr, pkt_len, cmp_key->key_seq, + cmp_key->key_len); - len = compute_mac(dbuf, cmp_key->typen, - pkt_ptr, (u_int)pkt_size, - cmp_key->key_seq, (u_int)cmp_key->key_len); - - pkt_ptr += pkt_size + 4; - if (len > (u_int)mac_size) - len = (u_int)mac_size; + pkt_ptr += pkt_len + sizeof(keyid_t); /* isc_tsmemcmp will be better when its easy to link with. sntp * is a 1-shot program, so snooping for timing attacks is * Harder. */ - return ((u_int)mac_size == len) && !memcmp(dbuf, pkt_ptr, len); + return mac_len == len && !memcmp(dbuf, pkt_ptr, mac_len); } static int @@ -312,14 +305,15 @@ auth_init( */ void get_key( - int key_id, - struct key **d_key + keyid_t key_id, + struct key ** d_key ) { struct key *itr_key; - if (key_cnt == 0) + if (key_cnt == 0) { return; + } for (itr_key = key_ptr; itr_key; itr_key = itr_key->next) { if (itr_key->key_id == key_id) { *d_key = itr_key; diff --git a/sntp/crypto.h b/sntp/crypto.h index 4e75df20a9a3..4afe865e53e5 100644 --- a/sntp/crypto.h +++ b/sntp/crypto.h @@ -17,18 +17,19 @@ struct key { struct key * next; - int key_id; - int key_len; + keyid_t key_id; + size_t key_len; int typei; char typen[20]; char key_seq[64]; }; extern int auth_init(const char *keyfile, struct key **keys); -extern void get_key(int key_id, struct key **d_key); -extern int make_mac(const void *pkt_data, int pkt_size, int mac_size, - const struct key *cmp_key, void *digest); -extern int auth_md5(const void *pkt_data, int pkt_size, int mac_size, - const struct key *cmp_key); +extern void get_key(keyid_t key_id, struct key **d_key); +extern size_t make_mac(const void *pkt_data, size_t pkt_len, + const struct key *cmp_key, void *digest, + size_t dig_sz); +extern int auth_md5(const void *pkt_data, size_t pkt_len, + size_t dig_len, const struct key *cmp_key); #endif diff --git a/sntp/include/Makefile.in b/sntp/include/Makefile.in index c3db03921ec4..4cfad3135b91 100644 --- a/sntp/include/Makefile.in +++ b/sntp/include/Makefile.in @@ -98,6 +98,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ $(top_srcdir)/m4/ntp_cacheversion.m4 \ $(top_srcdir)/m4/ntp_compiler.m4 \ $(top_srcdir)/m4/ntp_crosscompile.m4 \ + $(top_srcdir)/m4/ntp_crypto_rand.m4 \ $(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \ $(top_srcdir)/m4/ntp_facilitynames.m4 \ $(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \ @@ -293,6 +294,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ diff --git a/sntp/include/copyright.def b/sntp/include/copyright.def index c93887e2cdae..137ff6df4664 100644 --- a/sntp/include/copyright.def +++ b/sntp/include/copyright.def @@ -1,7 +1,7 @@ /* -*- Mode: Text -*- */ copyright = { - date = "1992-2023"; + date = "1992-2024"; owner = "The University of Delaware and Network Time Foundation"; eaddr = "https://bugs.ntp.org, bugs@ntp.org"; type = ntp; diff --git a/sntp/include/version.def b/sntp/include/version.def index bba075cfff5f..64683799012a 100644 --- a/sntp/include/version.def +++ b/sntp/include/version.def @@ -1 +1 @@ -version = '4.2.8p17'; +version = '4.2.8p18'; diff --git a/sntp/include/version.texi b/sntp/include/version.texi index eaead228a2d3..be3254dadc0b 100644 --- a/sntp/include/version.texi +++ b/sntp/include/version.texi @@ -1,3 +1,3 @@ -@set UPDATED 06 June 2023 -@set EDITION 4.2.8p17 -@set VERSION 4.2.8p17 +@set UPDATED 25 May 2024 +@set EDITION 4.2.8p18 +@set VERSION 4.2.8p18 diff --git a/sntp/invoke-sntp.texi b/sntp/invoke-sntp.texi index 4c03b3a498f3..4abdd3b00ff2 100644 --- a/sntp/invoke-sntp.texi +++ b/sntp/invoke-sntp.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-sntp.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:36:12 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:02:28 AM by AutoGen 5.18.16 # From the definitions sntp-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -101,7 +101,7 @@ with a status code of 0. @exampleindent 0 @example -sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p17 +sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p18 Usage: sntp [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... \ [ hostname-or-IP ...] Flg Arg Option-Name Description diff --git a/sntp/libevent/Makefile.in b/sntp/libevent/Makefile.in index 6a285613eace..2429f95d355d 100644 --- a/sntp/libevent/Makefile.in +++ b/sntp/libevent/Makefile.in @@ -935,7 +935,10 @@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBEVENT_CFLAGS = @LIBEVENT_CFLAGS@ +LIBEVENT_CPPFLAGS = @LIBEVENT_CPPFLAGS@ LIBEVENT_GC_SECTIONS = @LIBEVENT_GC_SECTIONS@ +LIBEVENT_LDFLAGS = @LIBEVENT_LDFLAGS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ diff --git a/sntp/libevent/configure b/sntp/libevent/configure index c497e6dfd28c..c212b0001057 100755 --- a/sntp/libevent/configure +++ b/sntp/libevent/configure @@ -703,6 +703,9 @@ DX_ENV DX_DOCDIR DX_CONFIG DX_PROJECT +LIBEVENT_LDFLAGS +LIBEVENT_CPPFLAGS +LIBEVENT_CFLAGS INSTALL_LIBEVENT_FALSE INSTALL_LIBEVENT_TRUE LIBEVENT_GC_SECTIONS @@ -15135,7 +15138,6 @@ then : LIBS="-lws2_32 $LIBS" fi -ac_cv_lib_ws2_32=ac_cv_lib_ws2_32_main fi @@ -17811,6 +17813,10 @@ else fi + + + + # Doxygen support diff --git a/sntp/libevent/configure.ac b/sntp/libevent/configure.ac index d00e063a1474..6c2646c219de 100644 --- a/sntp/libevent/configure.ac +++ b/sntp/libevent/configure.ac @@ -348,7 +348,7 @@ AM_CONDITIONAL(BUILD_MIDIPIX, test x$midipix = xtrue) AM_CONDITIONAL(BUILD_WITH_NO_UNDEFINED, test x$bwin32 = xtrue || test x$cygwin = xtrue || test x$midipix = xtrue) if test x$bwin32 = xtrue; then - AC_HAVE_LIBRARY([ws2_32]) + AC_CHECK_LIB([ws2_32], [main]) fi dnl Checks for typedefs, structures, and compiler characteristics. @@ -989,6 +989,11 @@ AC_SUBST([LIBEVENT_GC_SECTIONS]) AM_CONDITIONAL([INSTALL_LIBEVENT], [test "$enable_libevent_install" = "yes"]) +dnl Aloow addtional flags from a containing package such as NTP +AC_SUBST([LIBEVENT_CFLAGS]) +AC_SUBST([LIBEVENT_CPPFLAGS]) +AC_SUBST([LIBEVENT_LDFLAGS]) + # Doxygen support DX_HTML_FEATURE(ON) DX_MAN_FEATURE(OFF) diff --git a/sntp/libevent/kqueue.c b/sntp/libevent/kqueue.c index dfd7751d6497..14a8946fe99d 100644 --- a/sntp/libevent/kqueue.c +++ b/sntp/libevent/kqueue.c @@ -346,7 +346,7 @@ kq_dispatch(struct event_base *base, struct timeval *tv) * on FreeBSD. */ case EINVAL: continue; -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) && defined(ENOTCAPABLE) /* * This currently occurs if an FD is closed * before the EV_DELETE makes it out via kevent(). diff --git a/sntp/libevent/m4/acx_pthread.m4 b/sntp/libevent/m4/acx_pthread.m4 index d2b116945f9f..92ac1089b4ee 100644 --- a/sntp/libevent/m4/acx_pthread.m4 +++ b/sntp/libevent/m4/acx_pthread.m4 @@ -86,7 +86,7 @@ AC_DEFUN([ACX_PTHREAD], [ AC_REQUIRE([AC_CANONICAL_HOST]) AC_LANG_SAVE -AC_LANG_C +AC_LANG([C]) acx_pthread_ok=no # We used to check for pthread.h first, but this fails if pthread.h diff --git a/sntp/libopts/Makefile.am b/sntp/libopts/Makefile.am index 7490a75e6ca5..72e9dc44760e 100644 --- a/sntp/libopts/Makefile.am +++ b/sntp/libopts/Makefile.am @@ -6,7 +6,6 @@ else noinst_LTLIBRARIES = libopts.la endif libopts_la_SOURCES = libopts.c -libopts_la_CPPFLAGS = -I$(srcdir) libopts_la_LDFLAGS = -version-info 42:1:17 EXTRA_DIST = @@ -14,8 +13,7 @@ BUILT_SOURCES = MOSTLYCLEANFILES = AM_CFLAGS = $(NTP_HARD_CFLAGS) $(CC_NOFORMAT) -AM_CPPFLAGS = $(NTP_HARD_CPPFLAGS) -AM_LDFLAGS = $(NTP_HARD_LDFLAGS) +AM_CPPFLAGS = $(NTP_HARD_CPPFLAGS) -I$(top_srcdir)/../include libopts.c: $(BUILT_SOURCES) @: do-nothing rule to avoid default SCCS get diff --git a/sntp/libopts/Makefile.in b/sntp/libopts/Makefile.in index 448142558e46..1bb5ff038b76 100644 --- a/sntp/libopts/Makefile.in +++ b/sntp/libopts/Makefile.in @@ -98,6 +98,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ $(top_srcdir)/m4/ntp_cacheversion.m4 \ $(top_srcdir)/m4/ntp_compiler.m4 \ $(top_srcdir)/m4/ntp_crosscompile.m4 \ + $(top_srcdir)/m4/ntp_crypto_rand.m4 \ $(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \ $(top_srcdir)/m4/ntp_facilitynames.m4 \ $(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \ @@ -153,7 +154,7 @@ am__uninstall_files_from_dir = { \ am__installdirs = "$(DESTDIR)$(libdir)" LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES) libopts_la_LIBADD = -am_libopts_la_OBJECTS = libopts_la-libopts.lo +am_libopts_la_OBJECTS = libopts.lo libopts_la_OBJECTS = $(am_libopts_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -179,7 +180,7 @@ am__v_at_1 = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/libevent/build-aux/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/libopts_la-libopts.Plo +am__depfiles_remade = ./$(DEPDIR)/libopts.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -372,6 +373,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ @@ -464,7 +466,6 @@ MAINTAINERCLEANFILES = Makefile.in @INSTALL_LIBOPTS_TRUE@lib_LTLIBRARIES = libopts.la @INSTALL_LIBOPTS_FALSE@noinst_LTLIBRARIES = libopts.la libopts_la_SOURCES = libopts.c -libopts_la_CPPFLAGS = -I$(srcdir) libopts_la_LDFLAGS = -version-info 42:1:17 EXTRA_DIST = _Noreturn.h stdnoreturn.in.h COPYING.gplv3 COPYING.lgplv3 \ COPYING.mbsd MakeDefs.inc README _Noreturn.h ag-char-map.h \ @@ -484,8 +485,7 @@ EXTRA_DIST = _Noreturn.h stdnoreturn.in.h COPYING.gplv3 COPYING.lgplv3 \ BUILT_SOURCES = $(STDNORETURN_H) MOSTLYCLEANFILES = stdnoreturn.h stdnoreturn.h-t AM_CFLAGS = $(NTP_HARD_CFLAGS) $(CC_NOFORMAT) -AM_CPPFLAGS = $(NTP_HARD_CPPFLAGS) -AM_LDFLAGS = $(NTP_HARD_LDFLAGS) +AM_CPPFLAGS = $(NTP_HARD_CPPFLAGS) -I$(top_srcdir)/../include # Makefile fragment from gnulib-s stdnoreturn module: # @@ -580,7 +580,7 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libopts_la-libopts.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libopts.Plo@am__quote@ # am--include-marker $(am__depfiles_remade): @$(MKDIR_P) $(@D) @@ -612,13 +612,6 @@ am--depfiles: $(am__depfiles_remade) @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -libopts_la-libopts.lo: libopts.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libopts_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libopts_la-libopts.lo -MD -MP -MF $(DEPDIR)/libopts_la-libopts.Tpo -c -o libopts_la-libopts.lo `test -f 'libopts.c' || echo '$(srcdir)/'`libopts.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libopts_la-libopts.Tpo $(DEPDIR)/libopts_la-libopts.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='libopts.c' object='libopts_la-libopts.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libopts_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libopts_la-libopts.lo `test -f 'libopts.c' || echo '$(srcdir)/'`libopts.c - mostlyclean-libtool: -rm -f *.lo @@ -758,7 +751,7 @@ clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ clean-noinstLTLIBRARIES mostlyclean-am distclean: distclean-am - -rm -f ./$(DEPDIR)/libopts_la-libopts.Plo + -rm -f ./$(DEPDIR)/libopts.Plo -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -804,7 +797,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/libopts_la-libopts.Plo + -rm -f ./$(DEPDIR)/libopts.Plo -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/sntp/m4/ntp_compiler.m4 b/sntp/m4/ntp_compiler.m4 index ddce106fe522..7a00e64c8439 100644 --- a/sntp/m4/ntp_compiler.m4 +++ b/sntp/m4/ntp_compiler.m4 @@ -1,17 +1,10 @@ dnl ###################################################################### dnl Common m4sh code for compiler stuff AC_DEFUN([NTP_COMPILER], [ +AC_REQUIRE([AC_PROG_CC_STDC]) AC_USE_SYSTEM_EXTENSIONS -# Ralf Wildenhues: With per-target flags we need CC_C_O -# AM_PROG_CC_C_O supersets AC_PROG_CC_C_O -AM_PROG_CC_C_O -AC_PROG_GCC_TRADITIONAL -AC_REQUIRE([AC_PROG_CC_STDC]) -dnl AC_REQUIRE([AC_PROG_CC_C89]) -dnl AC_REQUIRE([AC_PROG_CC_C99]) - CC_NOFORMAT= CFLAGS_NTP= CPPFLAGS_NTP= @@ -104,13 +97,15 @@ case "$GCC" in ] ) # + # $ntp_cv_gcc_Winit_self is tested later to add the + # flag to CFLAGS_NTP. + # # libopts specifically builds a string with embedded NULs. # This causes a bunch of distracting warnings due to -Wformat. - # Let's see if we can figure out how to disable these. # - CFLAGS="$SAVED_CFLAGS -Wno-format" + CFLAGS="$SAVED_CFLAGS -Wno-format -Wno-format-security" AC_CACHE_CHECK( - [if $CC can handle -Wno-format], + [if $CC can handle -Wno-format -Wno-format-security], [ntp_cv_gcc_Wno_format], [ AC_COMPILE_IFELSE( @@ -120,35 +115,44 @@ case "$GCC" in ) ] ) - case "$ntp_cv_gcc_Wno_format" in + no) ntp_cv_gcc_Wno_format_truncation=no + ;; yes) - CC_NOFORMAT="$CC_NOFORMAT -Wno-format" - ;; - no) - ;; + CC_NOFORMAT="-Wno-format -Wno-format-security" + CFLAGS="$SAVED_CFLAGS -Wformat -Wno-format-truncation -Werror" + AC_CACHE_CHECK( + [if $CC can handle -Wformat -Wno-format-truncation], + [ntp_cv_gcc_Wno_format_truncation], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[]], [[]])], + [ntp_cv_gcc_Wno_format_truncation=yes], + [ntp_cv_gcc_Wno_format_truncation=no] + ) ] + ) + # + # $ntp_cv_gcc_Wno_format_truncation is tested later to add the + # flag to CFLAGS. + # esac CFLAGS="$SAVED_CFLAGS" AS_UNSET([SAVED_CFLAGS]) - # - # $ntp_cv_gcc_Winit_self is tested later to add the - # flag to CFLAGS_NTP. - # + AC_CACHE_CHECK( [if linker supports omitting unused code and data], [ntp_cv_gc_sections_runs], [ - dnl NetBSD will link but likely not run with --gc-sections - dnl http://bugs.ntp.org/1844 - dnl http://gnats.netbsd.org/40401 - dnl --gc-sections causes attempt to load as linux elf, with - dnl wrong syscalls in place. Test a little gauntlet of - dnl simple stdio read code checking for errors, expecting - dnl enough syscall differences that the NetBSD code will - dnl fail even with Linux emulation working as designed. - dnl A shorter test could be refined by someone with access - dnl to a NetBSD host with Linux emulation working. + # NetBSD will link but likely not run with --gc-sections + # http://bugs.ntp.org/1844 + # http://gnats.netbsd.org/40401 + # --gc-sections causes attempt to load as linux elf, with + # wrong syscalls in place. Test a little gauntlet of + # simple stdio read code checking for errors, expecting + # enough syscall differences that the NetBSD code will + # fail even with Linux emulation working as designed. + # A shorter test could be refined by someone with access + # to a NetBSD host with Linux emulation working. origCFLAGS="$CFLAGS" CFLAGS="$CFLAGS -Wl,--gc-sections" AC_LINK_IFELSE( @@ -223,6 +227,10 @@ case "$GCC" in yes) CFLAGS_NTP="$CFLAGS_NTP -Wstrict-overflow" esac + case "$ntp_cv_gcc_Wno_format_truncation" in + yes) + CFLAGS_NTP="$CFLAGS_NTP -Wno-format-truncation" + esac # -W[no-]strict-prototypes might be added by NTP_OPENSSL esac diff --git a/sntp/m4/ntp_crypto_rand.m4 b/sntp/m4/ntp_crypto_rand.m4 index 9d554226f44c..391f1cbd5992 100644 --- a/sntp/m4/ntp_crypto_rand.m4 +++ b/sntp/m4/ntp_crypto_rand.m4 @@ -25,15 +25,15 @@ dnl if that's not specified: dnl - Look for RAND_poll and RAND_bytes dnl - if they exist, define USE_OPENSSL_CRYPTO_RAND -AC_MSG_CHECKING([if we want to use OpenSSL's crypto random (if available)]) +AC_MSG_CHECKING([if we want to use SSL library's secure random numbers]) AC_ARG_ENABLE( [openssl-random], [AS_HELP_STRING( [--enable-openssl-random], - [Use OpenSSL's crypto random number functions, if available (default is yes)] + [+ Use SSL lib's secure random numbers] )], - [ntp_use_openssl_random=$enableval], - [ntp_use_openssl_random=yes] + [ntp_use_openssl_random=$enableval ; ntp_ssl_random_mandatory=$enableval], + [ntp_use_openssl_random=yes ; ntp_ssl_random_mandatory=no] ) AC_MSG_RESULT([$ntp_use_openssl_random]) @@ -45,10 +45,33 @@ AC_CHECK_FUNCS([RAND_bytes RAND_poll]) LIBS="$NTPO_SAVED_LIBS" case "$ntp_openssl$ntp_use_openssl_random$ac_cv_func_RAND_bytes$ac_cv_func_RAND_poll" in yesyesyesyes) - AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) - ;; - *) ntp_use_openssl_random=no ;; + AC_MSG_NOTICE([Using SSL library's secure random number generator]) + AC_DEFINE([USE_OPENSSL_CRYPTO_RAND], [1], [Use OpenSSL's crypto random functions]) + ;; + *) + ntp_use_openssl_random=no + AC_MSG_NOTICE([SSL library's secure random number generator unavailable.]) + case "$ntp_ssl_random_mandatory" in + yes) + AC_MSG_ERROR( +[No suitable SSL library was found and +--enable-openssl-random was given.. Remove --enable-openssl-random +if you wish to build without a cryptographically secure random number +generator. + +WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable.] + ) + ;; + *) + AC_MSG_WARN( +[WARNING: Use of ntp-keygen without a secure RNG may generate +------- keys that are predictable.] + ) + esac esac +AS_UNSET([ntp_ssl_random_mandatory]) + ]) dnl NTP_CRYPTO_RAND diff --git a/sntp/m4/ntp_facilitynames.m4 b/sntp/m4/ntp_facilitynames.m4 index f58f8943890d..5b79fafe363e 100644 --- a/sntp/m4/ntp_facilitynames.m4 +++ b/sntp/m4/ntp_facilitynames.m4 @@ -1,24 +1,31 @@ dnl ###################################################################### dnl Check syslog.h for 'facilitynames' table AC_DEFUN([NTP_FACILITYNAMES], [ -AC_CACHE_CHECK([for facilitynames in syslog.h],ac_cv_HAVE_SYSLOG_FACILITYNAMES,[ -AC_TRY_COMPILE([ -#define SYSLOG_NAMES -#include <stdlib.h> -#include <syslog.h> -], -[ void *fnames; fnames = facilitynames; ], -ac_cv_HAVE_SYSLOG_FACILITYNAMES=yes,ac_cv_HAVE_SYSLOG_FACILITYNAMES=no,ac_cv_HAVE_SYSLOG_FACILITYNAMES=cross)]) + +AC_CACHE_CHECK( + [for facilitynames in syslog.h], + [ac_cv_HAVE_SYSLOG_FACILITYNAMES], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ + #define SYSLOG_NAMES + #include <stdlib.h> + #include <syslog.h> + ]], + [[ + void *fnames = facilitynames; + ]] + )] + [ac_cv_HAVE_SYSLOG_FACILITYNAMES=yes], + [ac_cv_HAVE_SYSLOG_FACILITYNAMES=no] + )] +) case "$ac_cv_HAVE_SYSLOG_FACILITYNAMES" in yes) - AC_DEFINE(HAVE_SYSLOG_FACILITYNAMES,1,[ ]) + AC_DEFINE([HAVE_SYSLOG_FACILITYNAMES], [1], [syslog.h provides facilitynames]) ;; no) AC_MSG_WARN([No facilitynames in <syslog.h>]) - ;; - cross) - AC_MSG_WARN([facilitynames in <syslog.h> - cross-compiling]) - ;; esac ]) dnl ====================================================================== diff --git a/sntp/m4/ntp_libevent.m4 b/sntp/m4/ntp_libevent.m4 index 14b614b465a3..451eac58fb06 100644 --- a/sntp/m4/ntp_libevent.m4 +++ b/sntp/m4/ntp_libevent.m4 @@ -74,7 +74,6 @@ case "$ntp_use_local_libevent" in *) # If we have (a good enough) pkg-config, see if it can find libevent case "$PKG_CONFIG" in /*) - AC_MSG_CHECKING([if libevent $ntp_libevent_min_version or later is installed]) if $PKG_CONFIG --atleast-version=$ntp_libevent_min_version libevent then ntp_use_local_libevent=no @@ -83,6 +82,7 @@ case "$ntp_use_local_libevent" in *.*) ;; *) ntp_libevent_version='(unknown)' ;; esac + AC_MSG_CHECKING([if libevent $ntp_libevent_min_version or later is installed]) AC_MSG_RESULT([yes, version $ntp_libevent_version]) CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` CPPFLAGS_LIBEVENT=`$PKG_CONFIG --cflags-only-I libevent` @@ -116,6 +116,7 @@ case "$ntp_use_local_libevent" in # HMS: do we only need to do this if LIBISC_PTHREADS_NOTHREADS # is "pthreads"? CFLAGS_LIBEVENT=`$PKG_CONFIG --cflags libevent_pthreads` + AC_MSG_CHECKING([if libevent $ntp_libevent_min_version or later is installed]) AC_MSG_RESULT([no]) fi ;; @@ -181,14 +182,15 @@ case "$ntp_use_local_libevent" in dnl User-supplied contradictory choices should prevail thanks to dnl "last wins". ac_configure_args=" --disable-openssl${ac_configure_args}" + ac_configure_args=" --disable-samples${ac_configure_args}" ac_configure_args=" --disable-shared${ac_configure_args}" ac_configure_args=" --disable-libevent-regress${ac_configure_args}" ac_configure_args=" --disable-libevent-install${ac_configure_args}" ac_configure_args=" --enable-silent-rules${ac_configure_args}" ac_configure_args=" --enable-function-sections${ac_configure_args}" - ac_configure_args=" LEP_CFLAGS='${NTP_HARD_CFLAGS}'${ac_configure_args}" - ac_configure_args=" LEP_CPPFLAGS='${NTP_HARD_CPPFLAGS}'${ac_configure_args}" - ac_configure_args=" LEP_LDFLAGS='${NTP_HARD_LDFLAGS}'${ac_configure_args}" + ac_configure_args=" LIBEVENT_CFLAGS='${NTP_HARD_CFLAGS}'${ac_configure_args}" + ac_configure_args=" LIBEVENT_CPPFLAGS='${NTP_HARD_CPPFLAGS}'${ac_configure_args}" + ac_configure_args=" LIBEVENT_LDFLAGS='${NTP_HARD_LDFLAGS}'${ac_configure_args}" AC_CONFIG_SUBDIRS([libevent]) ;; *) diff --git a/sntp/m4/ntp_libntp.m4 b/sntp/m4/ntp_libntp.m4 index 21d0cff82c07..e0cc2169aa59 100644 --- a/sntp/m4/ntp_libntp.m4 +++ b/sntp/m4/ntp_libntp.m4 @@ -8,12 +8,13 @@ dnl subpackage while retaining access to such test results. dnl AC_DEFUN([NTP_LIBNTP], [ +AC_REQUIRE([AC_PROG_SED]) AC_REQUIRE([NTP_CROSSCOMPILE]) # HMS: Save $LIBS and empty it. # any LIBS we add here should go in to LDADD_LIBNTP AC_SUBST([LDADD_LIBNTP]) -__LIBS=$LIBS +SAVED_LIBS=$LIBS LIBS= dnl The contents of NTP_PROG_CC used to be here... @@ -267,7 +268,7 @@ case "$ac_cv_c_inline" in AC_SUBST([HAVE_INLINE]) esac -AC_HEADER_TIME + AC_CHECK_SIZEOF([time_t]) AC_C_CHAR_UNSIGNED dnl CROSS_COMPILE? AC_CHECK_SIZEOF([signed char]) @@ -490,7 +491,10 @@ AC_DEFUN([NTP_BEFORE_HW_FUNC_VSNPRINTF], [ AC_BEFORE([$0], [HW_FUNC_SNPRINTF])dnl AC_ARG_ENABLE( [c99-snprintf], - [AS_HELP_STRING([--enable-c99-snprintf], [s force replacement])], + [AS_HELP_STRING( + [--enable-c99-snprintf], + [s use replacement printf family] + )], [force_c99_snprintf=$enableval], [force_c99_snprintf=no] ) @@ -501,15 +505,8 @@ AC_DEFUN([NTP_BEFORE_HW_FUNC_VSNPRINTF], [ esac AH_VERBATIM( [snprinte],dnl sorted in config.h just before #define snprintf - [ - #if !defined(_KERNEL) && !defined(PARSESTREAM) - /* - * stdio.h must be included after _GNU_SOURCE is defined - * but before #define snprintf rpl_snprintf - */ - # include <stdio.h> - #endif - ]) + [#include "c99_snprintf.h"] + ) AH_BOTTOM([ #if !defined(_KERNEL) && !defined(PARSESTREAM) # if defined(HW_WANT_RPL_VSNPRINTF) @@ -752,62 +749,6 @@ typedef unsigned int uintptr_t; #define HAVE_UINTPTR_T 1 #endif]) -case "$ac_cv_type_int32::$ac_cv_header_resolv_h" in - no::yes) - AC_CACHE_CHECK( - [for int32 with DNS headers included], - [ntp_cv_type_int32_with_dns], - [AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ - #ifdef HAVE_ARPA_NAMESER_H - # include <arpa/nameser.h> - #endif - #include <resolv.h> - ]], - [[ - size_t cb = sizeof(int32); - ]] - )], - [ntp_cv_type_int32_with_dns=yes], - [ntp_cv_type_int32_with_dns=no] - )] - ) - case "$ntp_cv_type_int32_with_dns" in - yes) - AC_DEFINE([HAVE_INT32_ONLY_WITH_DNS], [1], - [int32 type in DNS headers, not others.]) - esac -esac - -case "$ac_cv_type_u_int32::$ac_cv_header_resolv_h" in - no::yes) - AC_CACHE_CHECK( - [for u_int32 with DNS headers included], - [ntp_cv_type_u_int32_with_dns], - [AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ - #ifdef HAVE_ARPA_NAMESER_H - # include <arpa/nameser.h> - #endif - #include <resolv.h> - ]], - [[ - size_t cb = sizeof(u_int32); - ]] - )], - [ntp_cv_type_u_int32_with_dns=yes], - [ntp_cv_type_u_int32_with_dns=no] - )] - ) - case "$ntp_cv_type_u_int32_with_dns" in - yes) - AC_DEFINE([HAVE_U_INT32_ONLY_WITH_DNS], [1], - [u_int32 type in DNS headers, not others.]) - esac -esac - AC_CHECK_HEADERS( [sys/timepps.h], [], @@ -1176,11 +1117,19 @@ case "$ntp_warning" in ;; esac +dnl Do not ensure libntp.a is up to date when building client directories +dnl if --disable-dependency-tracking is used to save build time for one-off +dnl build from tarball. It's only useful when modifying libntp source code +dnl and rebuilding in a client subdir rather than the whole package. +AM_CONDITIONAL([LIBNTP_SUBMAKES], [test x"$enable_dependency_tracking" = x"yes"]) + +NTP_OPENSSL +NTP_CRYPTO_RAND dnl add to LDADD_LIBNTP set by ntp_compiler.m4 LDADD_LIBNTP="$LDADD_LIBNTP $LIBS" -LIBS=$__LIBS -AS_UNSET([__LIBS]) +LIBS=$SAVED_LIBS +AS_UNSET([SAVED_LIBS]) ])dnl dnl ====================================================================== diff --git a/sntp/m4/ntp_openssl.m4 b/sntp/m4/ntp_openssl.m4 index 2f9d6c4318ad..74cfdf08b749 100644 --- a/sntp/m4/ntp_openssl.m4 +++ b/sntp/m4/ntp_openssl.m4 @@ -2,18 +2,22 @@ dnl #################################################################### dnl OpenSSL support shared by top-level and sntp/configure.ac dnl dnl Provides command-line option --with-crypto, as well as deprecated -dnl options --with-openssl-incdir, --with-openssl-libdir, and the -dnl latter's suboption --with-rpath. +dnl options --with-openssl-incdir, --with-openssl-libdir.. dnl -dnl Specifying --with-openssl-libdir or --with-openssl-incdir causes any -dnl pkg-config openssl information to be ignored in favor of the legacy -dnl manual search for directories and specified library names. +dnl Specifying --with-openssl-libdir or --with-openssl-incdir skips +dnl pkg-config search. +dnl +dnl In the past, use of crypto would be silently disabled if the needed +dnl headers and library were not found. Now --without-crypto must be +dnl used or configure will fail with an error. It is now uncommon +dnl to want to build ntpd without crypto, so don't be quiet about it. dnl dnl Output AC_DEFINEs (for config.h) dnl OPENSSL defined only if using OpenSSL dnl dnl Output variables: dnl ntp_openssl yes if using OpenSSL, no otherwise +dnl VER_SUFFIX "o" if using OpenSSL dnl dnl Output substitutions: dnl CFLAGS_NTP OpenSSL-specific flags added as needed, and @@ -22,19 +26,29 @@ dnl trigger a flood of warnings for each file dnl including OpenSSL headers. dnl CPPFLAGS_NTP OpenSSL -Iincludedir flags added as needed. dnl LDADD_NTP OpenSSL -L and -l flags added as needed. -dnl LDFLAGS_NTP Other OpenSSL link flags added as needed. +dnl LDFLAGS_NTP OpenSSL runpath flags as needed. dnl dnl #################################################################### +dnl AC_DEFUN([NTP_OPENSSL], [ +AC_REQUIRE([AC_PROG_SED])dnl AC_REQUIRE([NTP_PKG_CONFIG])dnl AC_REQUIRE([NTP_VER_SUFFIX])dnl +AC_REQUIRE([NTP_OPENSSL_VERBOSE_MSG])dnl AC_ARG_WITH( [crypto], [AS_HELP_STRING( [--with-crypto], [+ =openssl,libcrypto] - )] + )], + [ dnl if given + case "$with_crypto" in + yes) + with_crypto=openssl,libcrypto + esac + ], + [with_crypto=openssl,libcrypto] dnl if not given ) AC_ARG_WITH( [openssl-libdir], @@ -47,42 +61,180 @@ AC_ARG_WITH( [openssl-incdir], [AS_HELP_STRING( [--with-openssl-incdir], - [+ =/something/reasonable] + [+ =search likely dirs] )] ) -AC_ARG_WITH( - [rpath], +AC_ARG_ENABLE( + [verbose-ssl], [AS_HELP_STRING( - [--without-rpath], - [s Disable auto-added -R linker paths] - )] + [--enable-verbose-ssl], + [- show crypto lib detection details] + )], + [], + [enable_verbose_ssl=no] dnl default to quiet ) ntp_openssl=no ntp_openssl_from_pkg_config=no +ntp_ssl_incdir= +ntp_ssl_cflags= +ntp_ssl_cppflags= +ntp_ssl_libdir= +ntp_ssl_libs_L= +ntp_ssl_libs_l= +ntp_ssl_libs= +ntp_ssl_ldflags= -with_crypto=${with_crypto:-openssl,libcrypto} -case "$with_crypto" in - yes) - with_crypto=openssl,libcrypto -esac +NTPSSL_SAVED_CFLAGS="$CFLAGS" +NTPSSL_SAVED_CPPFLAGS="$CPPFLAGS" +NTPSSL_SAVED_LIBS="$LIBS" +NTPSSL_SAVED_LDFLAGS="$LDFLAGS" -dnl AC_MSG_NOTICE(['%with_crypto:%{PKG_CONFIG:+notempty}:%{with_openssl_libdir-notgiven}:%{with_openssl_incdir-notgiven}']) -dnl str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" -dnl AC_MSG_NOTICE([$str]) +AC_PATH_PROG([PATH_OPENSSL], [openssl]) +str="$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" +NTP_OPENSSL_VERBOSE_MSG([$str]) +AS_UNSET([str]) + +# Make sure neither/both --with_openssl-{inc,lib}dir are given +case "${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in + notgiven:notgiven) ;; + *notgiven*) + AC_MSG_ERROR([only one of --with-openssl-{inc,lib}dir=... given - provide both or neither]) + ;; +esac + +# HMS: Today there are only 2 case options. We probably want a third +# *:*:notgiven:notgiven +# and in that case we would validate the path in PKG_CONFIG_PATH. +# Unless we can do it with 2 cases, where the 2nd case is *:*:... +# and we do a reality check on execpath and the headers/libraries. +# +## +# if $with_crypto is not "no": +# if --with-openssl-{inc,lib}dir are not given: +# we should use pkg-config to find openssl +# if we don't have pkg-config, if openssl is in the base OS, use that. +## case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${with_openssl_incdir-notgiven}" in no:*) ;; *:notempty:notgiven:notgiven) - for pkg in `echo $with_crypto | sed -e 's/,/ /'`; do + # If PKG_CONFIG is notempty and we haven't been given openssl paths, + # then let's make sure that the openssl executable's path corresponds + # to the path in openssl.pc, and 'openssl version' matches the Version + # in openssl.pc. If $PKG_CONFIG tells us an INCPATH and/or a LIBPATH, + # then should we reality check them? + ## INCPATH + # harlan@ntp-testbuild.tal1> openssl version + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> grep 1.1.1t /ntpbuild/include/openssl/* + # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # harlan@ntp-testbuild.tal1> + ## LIBPATH + # harlan@ntp-testbuild.tal1> strings -a /ntpbuild/lib/libcrypto.* | fgrep 1.1.1t + # OpenSSL 1.1.1t 7 Feb 2023 + # OpenSSL 1.1.1t 7 Feb 2023 + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> ls /ntpbuild/lib/libcrypto.* + # /ntpbuild/lib/libcrypto.a /ntpbuild/lib/libcrypto.so.1.1* + # /ntpbuild/lib/libcrypto.so@ + # harlan@ntp-testbuild.tal1> + ## + # Having said this, do we really care if the openssl executable that + # we have found is matched with the INCPATH and LIBPATH? + # One answer: Probably not, but we should complain on a mismatch as + # otherwise runtime differences could easily cause problems/drama. + + ##BO + # ntp_cv_build_framework_help=yes + save_PKG_CONFIG_PATH=${PKG_CONFIG_PATH} + for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do + case "$pkg" in + openssl) + if $PKG_CONFIG --exists $pkg ; then + # Found it - yay + # Do we want to check we found the right one? + # --modver + # --variable={libdir,includedir} (varname) + overf=`openssl version` + overs=`echo $overf | awk '{print $2}'` + case "$overs" in + 0.*) ;; # Should we squawk? + 1.0.*) ;; # Should we squawk? + 1.1.*) ;; # Should we squawk? + 3.*) + oinc=`openssl --variable=includedir` + olib=`openssl --variable=libdir` + # How should we use these? + ;; + *) ;; # Should we squawk? + esac + # /ntpbuild/include/openssl/opensslv.h:# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # grep 1.1.1t /ntpbuild/lib/libcrypto.a + # strings -a /ntpbuild/lib/libcrypto.a | grep 1.1.1t + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> + # which should match $overf + ## + # harlan@ntp-testbuild.tal1> echo '"OpenSSL 1.1.1t 7 Feb 2023"' | cut -f 2 -d\" + # OpenSSL 1.1.1t 7 Feb 2023 + # harlan@ntp-testbuild.tal1> grep OPENSSL_VERSION_TEXT /ntpbuild/include/openssl/opensslv.h + # # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" + # harlan@ntp-testbuild.tal1> + ## + + else + # This is a hack, but it's reasonable. + pkgpath="`echo $PATH_OPENSSL | sed -e 's:/bin/openssl$::'`/lib/pkgconfig" + test -d "$pkgpath" || pkgpath= + # echo "pkgpath is <$pkgpath>" + # echo "PKG_CONFIG_PATH is <$PKG_CONFIG_PATH>" + case "$pkgpath" in + '') ;; # Nothing to see here... + *) case ":$PKG_CONFIG_PATH:" in + ::) + PKG_CONFIG_PATH=$pkgpath + export PKG_CONFIG_PATH + ;; + *:$pkgpath:*) + # Already there... + ;; + *) + PKG_CONFIG_PATH="$pkgpath:$PKG_CONFIG_PATH" + export PKG_CONFIG_PATH + ;; + esac + ;; + esac + fi + ;; + esac + done + ##EO + + for pkg in `echo $with_crypto | $SED -e 's/,/ /'`; do AC_MSG_CHECKING([pkg-config for $pkg]) if $PKG_CONFIG --exists $pkg ; then - CPPFLAGS_NTP="$CPPFLAGS_NTP `$PKG_CONFIG --cflags-only-I $pkg`" - CFLAGS_NTP="$CFLAGS_NTP `$PKG_CONFIG --cflags-only-other $pkg`" - LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-L $pkg`" - LDADD_NTP="$LDADD_NTP `$PKG_CONFIG --libs-only-l --static $pkg`" - LDFLAGS_NTP="$LDFLAGS_NTP `$PKG_CONFIG --libs-only-other $pkg`" - VER_SUFFIX=o + ntp_ssl_cppflags="`$PKG_CONFIG --cflags-only-I $pkg`" + case "$ntp_ssl_cppflags" in + '') + ntp_ssl_incdir='not needed' + ;; + *) + ntp_ssl_incdir="`echo $ntp_ssl_cppflags | $SED -e 's/-I//'`" + esac + ntp_ssl_cflags="`$PKG_CONFIG --cflags-only-other $pkg`" + ntp_ssl_libs_L="`$PKG_CONFIG --libs-only-L $pkg`" + case "$ntp_ssl_libs_L" in + '') + ntp_ssl_libdir='not needed' + ;; + *) + ntp_ssl_libdir="`echo $ntp_ssl_libs_L | $SED -e 's/-L//'`" + esac + ntp_ssl_libs_l="`$PKG_CONFIG --libs-only-l $pkg`" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + ntp_ssl_ldflags="`$PKG_CONFIG --libs-only-other $pkg`" ntp_openssl=yes ntp_openssl_from_pkg_config=yes ntp_openssl_version="`$PKG_CONFIG --modversion $pkg`" @@ -96,184 +248,304 @@ case "$with_crypto:${PKG_CONFIG:+notempty}:${with_openssl_libdir-notgiven}:${wit fi AC_MSG_RESULT([no]) done + AS_UNSET([pkg]) esac -dnl AC_MSG_NOTICE([OpenSSL Phase I checks:]) -dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP]) -dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP]) -dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP]) -dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP]) -case "$with_crypto:$ntp_openssl" in - no:*) ;; - *:no) - need_dash_r= - need_dash_Wlrpath= - case "${with_rpath-notgiven}" in - yes) - # Lame - what to do if we need -Wl... but not -R? - need_dash_r=1 - ;; - notgiven) - case "$host" in - *-*-linux*) - # This may really only be true for gcc - need_dash_Wlrpath=1 - ;; - *-*-netbsd*) - need_dash_r=1 - ;; - *-*-solaris*) - need_dash_r=1 - ;; - esac - ;; - esac - - AC_MSG_CHECKING([for openssl library directory]) - with_openssl_libdir=${with_openssl_libdir-notgiven} +case "$with_crypto" in + no) ;; + *) case "$with_openssl_libdir" in - notgiven) - case "$build" in - $host) - with_openssl_libdir=default - ;; - *) - with_openssl_libdir=no - ;; - esac + '') ;; + *) + ntp_ssl_libdir="$with_openssl_libdir" + ntp_ssl_libs_L="-L$with_openssl_libdir" + ntp_ssl_libs_l="-lcrypto" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" esac - case "$with_openssl_libdir" in - default) - # Look in: - with_openssl_libdir="/usr/lib /usr/lib/openssl /usr/sfw/lib" - with_openssl_libdir="$with_openssl_libdir /usr/local/lib" - with_openssl_libdir="$with_openssl_libdir /usr/local/ssl/lib /lib" + case "$with_openssl_incdir" in + '') ;; + *) + ntp_ssl_incdir="$with_openssl_incdir" + ntp_ssl_cppflags="-I$with_openssl_incdir" esac - case "$with_openssl_libdir" in - no) +esac + +NTP_OPENSSL_VERBOSE_MSG([OpenSSL Phase I checks:]) +NTP_OPENSSL_VERBOSE_MSG([CPPFLAGS_NTP: ($CPPFLAGS_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([CFLAGS_NTP: ($CFLAGS_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([LDADD_NTP: ($LDADD_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([LDFLAGS_NTP: ($LDFLAGS_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_openssl_from_pkg_config: $ntp_openssl_from_pkg_config]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_incdir: ($ntp_ssl_incdir)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libdir: ($ntp_ssl_libdir)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cflags: ($ntp_ssl_cflags)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cppflags: ($ntp_ssl_cppflags)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_L: ($ntp_ssl_libs_L)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_l: ($ntp_ssl_libs_l)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs: ($ntp_ssl_libs)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_ldflags: ($ntp_ssl_ldflags)]) + +case "$with_crypto" in + no) + ntp_openssl=no + ;; + *) + ntp_ssl_libs_l="${ntp_ssl_libs_l:--lcrypto}" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + case "$ntp_ssl_libdir" in + '') + dnl ### set ntp_ssl_libdir ### + + dnl unconventional, using AC_CHECK_LIB repeatedly, clear cached result. + AS_UNSET([ac_cv_lib_crypto_EVP_MD_CTX_new]) + AC_MSG_NOTICE([Searching for libcrypto without -L]) + AC_CHECK_LIB( + [crypto], + [EVP_MD_CTX_new], + [ntp_ssl_libdir='not needed'] + ) + dnl unconventional, using AC_CHECK_LIB repeatedly, clear cached result. + AS_UNSET([ac_cv_lib_crypto_EVP_MD_CTX_new]) + esac + case "$ntp_ssl_libdir" in + '') + ntp_ssl_libdir_search="/usr/lib /usr/lib/openssl /usr/sfw/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /usr/local/ssl/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /opt/local/lib" + ntp_ssl_libdir_search="$ntp_ssl_libdir_search /lib /lib64" ;; - *) # Look for libcrypto.a and libssl.a: - for i in $with_openssl_libdir no + *) + ntp_ssl_libdir_search="$ntp_ssl_libdir" + esac + case $ntp_ssl_libdir_search in + 'not needed') ;; + *) + for i in $ntp_ssl_libdir_search not_found do - case "$host" in - *-*-darwin*) - test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break - ;; + case "$i" in + not_found) ;; *) - test -f $i/libcrypto.so -a -f $i/libssl.so && break - test -f $i/libcrypto.a -a -f $i/libssl.a && break - ;; + AC_MSG_NOTICE([Searching for libcrypto in $i]) + LIBS="-L$i $NTPSSL_SAVED_LIBS" + AC_CHECK_LIB( + [crypto], + [EVP_MD_CTX_new], + [break] + ) + dnl unconventional, using AC_CHECK_LIB repeatedly, clear cached result. + AS_UNSET([ac_cv_lib_crypto_EVP_MD_CTX_new]) esac done - openssl_libdir=$i - ;; - esac - AC_MSG_RESULT([$openssl_libdir]) - case "$openssl_libdir" in - no) - openssl_libdir= - AC_MSG_WARN([libcrypto and libssl not found in any of $with_openssl_libdir]) + ntp_ssl_libdir="$i" + ntp_ssl_libs_L="-L$i" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" + LIBS="$NTPSSL_SAVED_LIBS" + case "$ntp_ssl_libdir" in + not_found) + AC_MSG_ERROR( +[You may want to use --without-crypto, or add +openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the +--with-openssl-libdir=/some/path option to configure. +libcrypto not found in any of the following directories: +$ntp_ssl_libdir_search] + ) + esac + AC_MSG_NOTICE([libcrypto found in $ntp_ssl_libdir]) esac - AC_MSG_CHECKING([for openssl include directory]) - with_openssl_incdir=${with_openssl_incdir-notgiven} - case "$with_openssl_incdir" in - notgiven) - # Look in: - with_openssl_incdir="/usr/include /usr/sfw/include" - with_openssl_incdir="$with_openssl_incdir /usr/local/include" - with_openssl_incdir="$with_openssl_incdir /usr/local/ssl/include" + case "$ntp_openssl_from_pkg_config:$ntp_ssl_incdir" in + 'yes:not needed' | no:) + AC_MSG_NOTICE([Searching for openssl/evp.h without -I]) + dnl force uncached AC_CHECK_HEADER + AS_UNSET([ac_cv_header_openssl_evp_h]) + AC_CHECK_HEADER( + [openssl/evp.h], + [ntp_ssl_incdir='not needed'] + ) esac - case "$with_openssl_incdir" in - no) + case "$ntp_ssl_incdir" in + 'not needed') + ntp_ssl_incdir_search="$ntp_ssl_incdir" ;; - *) # look for openssl/evp.h: - for i in $with_openssl_incdir no - do - test -f $i/openssl/evp.h && break - done - openssl_incdir=$i - ;; - esac - AS_UNSET([i]) - AC_MSG_RESULT([$openssl_incdir]) - case "$openssl_incdir" in - no) - openssl_incdir= - AC_MSG_WARN([did not find openssl/evp.h in any of $with_openssl_incdir]) - esac - if test -z "$openssl_libdir" -o -z "$openssl_incdir" - then - ntp_openssl=no - else - ntp_openssl=yes - VER_SUFFIX=o - fi - case "$ntp_openssl" in - yes) - # We have OpenSSL inc/lib dirs - use them. - case "$openssl_incdir" in - /usr/include) + *) + AC_MSG_NOTICE([Searching for openssl include directory]) + case "$with_openssl_incdir" in + '') + case "$ntp_ssl_incdir" in + '') + ntp_ssl_incdir_search="/usr/include /usr/sfw/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /opt/local/include" + ntp_ssl_incdir_search="$ntp_ssl_incdir_search /usr/local/ssl/include" + ;; + *) + esac ;; *) - CPPFLAGS_NTP="$CPPFLAGS_NTP -I$openssl_incdir" - ;; + ntp_ssl_incdir_search="$with_openssl_incdir" esac - case "$openssl_libdir" in - /usr/lib) - ;; + case $ntp_ssl_incdir_search in + 'not needed') ;; *) - LDADD_NTP="$LDADD_NTP -L$openssl_libdir" - case "$need_dash_r" in - 1) - LDFLAGS_NTP="$LDFLAGS_NTP -R$openssl_libdir" + for i in $ntp_ssl_incdir_search + do + AC_MSG_NOTICE([Searching for openssl/evp.h in $i]) + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS -I$i" + dnl force uncached AC_CHECK_HEADER + AS_UNSET([ac_cv_header_openssl_evp_h]) + AC_CHECK_HEADER( + [openssl/evp.h], + [ntp_ssl_incdir="$i" ; break] + ) + done + AS_UNSET([ac_cv_header_openssl_evp_h]) + AS_UNSET([i]) + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS" + case "$ntp_ssl_incdir" in + '') + AC_MSG_ERROR( +[You may want to use --without-crypto, or add +openssl.pc/libcrypto.pc to PKG_CONFIG_PATH, or use the +-with-openssl-incdir=/some/path option to configure. +No usable openssl/evp.h found in any of the following direcotries: +$ntp_ssl_incdir_search] + ) esac - case "$need_dash_Wlrpath" in - 1) - LDFLAGS_NTP="$LDFLAGS_NTP -Wl,-rpath,$openssl_libdir" - esac - ;; + ntp_ssl_cppflags="-I$ntp_ssl_incdir" + AC_MSG_NOTICE([Found evp.h in $ntp_ssl_incdir/openssl]) esac - LDADD_NTP="$LDADD_NTP -lcrypto" esac -esac - -AC_MSG_CHECKING([if we will use crypto]) -AC_MSG_RESULT([$ntp_openssl]) + ntp_openssl=yes +esac dnl building with SSL ($with_crypto not "no") -case "$ntp_openssl" in - yes) - AC_CHECK_HEADERS([openssl/cmac.h openssl/hmac.h]) - AC_DEFINE([OPENSSL], [], [Use OpenSSL?]) - case "$VER_SUFFIX" in - *o*) ;; - *) AC_MSG_ERROR([OPENSSL set but no 'o' in VER_SUFFIX!]) ;; - esac +case "$ntp_openssl:$ntp_ssl_libdir" in + 'yes:not needed') ;; -esac + yes:*) + CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + dnl ### test if runpath is needed for crypto ### + AC_CACHE_CHECK( + [if crypto works without runpath], + [ntp_cv_ssl_without_runpath], + [AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include "openssl/evp.h" + ]], + [[ + if (!EVP_MD_CTX_new()) { + return 1; + } + ]] + )], + [ntp_cv_ssl_without_runpath=yes], + [ntp_cv_ssl_without_runpath=no], + [ntp_cv_ssl_without_runpath=yes] dnl cross-compile + )] + ) + case "$ntp_cv_ssl_without_runpath" in + no) + AC_CACHE_CHECK( + [if crypto needs -Wl,-rpath,$ntp_ssl_libdir], + [ntp_cv_ssl_needs_dashWl_rpath], + [ + LDFLAGS="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir $NTPSSL_SAVED_LDFLAGS" + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include "openssl/evp.h" + ]], + [[ + if (!EVP_MD_CTX_new()) { + return 1; + } + ]] + )], + [ntp_cv_ssl_needs_dashWl_rpath=yes], + [ntp_cv_ssl_needs_dashWl_rpath=no] + ) + ] + ) + case "$ntp_cv_ssl_needs_dashWl_rpath" in + yes) + ntp_ssl_ldflags="$ntp_ssl_ldflags -Wl,-rpath,$ntp_ssl_libdir" + ;; + no) + AC_CACHE_CHECK( + [if crypto needs -R$ntp_ssl_libdir], + [ntp_cv_ssl_needs_dashR], + [ + LDFLAGS="$NTPSSL_SAVED_LDFLAGS $ntp_ssl_ldflags -R$ntp_ssl_libdir" + AC_RUN_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include "openssl/evp.h" + ]], + [[ + if (!EVP_MD_CTX_new()) { + return 1; + } + ]] + )], + [ntp_cv_ssl_needs_dashR=yes], + [ntp_cv_ssl_needs_dashR=no] + ) + ] + ) + case "$ntp_cv_ssl_needs_dashR" in + yes) + ntp_ssl_ldflags="$ntp_ssl_ldflags -R$ntp_ssl_libdir" + esac + case "$build:$ntp_cv_ssl_needs_dashR" in + $host:no) + AC_MSG_FAILURE( +[Unable to run program using crypto, check openssl.pc +or libcrypto.pc are in PKG_CONFIG_PATH, or provide the + --with-openssl-libdir=/some/path option to configure.] + ) + esac + esac + esac +esac dnl ntp_openssl was yes -NTPO_SAVED_CPPFLAGS="$CPPFLAGS" -CPPFLAGS="$CPPFLAGS $CPPFLAGS_NTP" -NTPO_SAVED_LIBS="$LIBS" +NTP_OPENSSL_VERBOSE_MSG([OpenSSL Phase II checks:]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_incdir: ($ntp_ssl_incdir)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libdir: ($ntp_ssl_libdir)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cflags: ($ntp_ssl_cflags)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_cppflags: ($ntp_ssl_cppflags)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_L: ($ntp_ssl_libs_L)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs_l: ($ntp_ssl_libs_l)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_libs: ($ntp_ssl_libs)]) +NTP_OPENSSL_VERBOSE_MSG([ntp_ssl_ldflags: ($ntp_ssl_ldflags)]) -# -# check for linking with -lcrypto failure, and try -lcrypto -lz. -# Helps m68k-atari-mint -# +dnl check for linking with -lcrypto failure, and try -lcrypto -lz. +dnl Helps m68k-atari-mint +dnl +dnl Needs work with the changes to run-test whether runpath is needed. +dnl Probably needs to be moved ahead of runpath testing. +dnl hart@ is reaching out to MiNT users to try to find a tester. +dnl Meanwhile can be forced by passing both ntp_cv_bare_lcrypto=no +dnl and ntp_cv_lcrypto_lz=yes on the configure command line. +dnl case "$ntp_openssl:$ntp_openssl_from_pkg_config" in yes:no) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" + CFLAGS="$NTPSSL_SAVED_CFLAGS $ntp_ssl_cflags" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" AC_CACHE_CHECK( - [if linking with -lcrypto alone works], + [if linking with $ntp_ssl_libs_l alone works], [ntp_cv_bare_lcrypto], [AC_LINK_IFELSE( [AC_LANG_PROGRAM( [[ - #include "openssl/err.h" #include "openssl/evp.h" ]], [[ - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); + EVP_MD_CTX_new(); ]] )], [ntp_cv_bare_lcrypto=yes], @@ -282,19 +554,17 @@ case "$ntp_openssl:$ntp_openssl_from_pkg_config" in ) case "$ntp_cv_bare_lcrypto" in no) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP -lz" + LIBS="-$ntp_ssl_libs -lz $NTPSSL_SAVED_LIBS" AC_CACHE_CHECK( - [if linking with -lcrypto -lz works], + [if linking with $ntp_ssl_libs_l -lz works], [ntp_cv_lcrypto_lz], [AC_LINK_IFELSE( [AC_LANG_PROGRAM( [[ - #include "openssl/err.h" #include "openssl/evp.h" ]], [[ - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); + EVP_MD_CTX_new(); ]] )], [ntp_cv_lcrypto_lz=yes], @@ -303,103 +573,160 @@ case "$ntp_openssl:$ntp_openssl_from_pkg_config" in ) case "$ntp_cv_lcrypto_lz" in yes) - LDADD_NTP="$LDADD_NTP -lz" + ntp_ssl_libs_l="$ntp_ssl_libs_l -lz" + ntp_ssl_libs="$ntp_ssl_libs_L $ntp_ssl_libs_l" esac - esac -esac - -# -# Older OpenSSL headers have a number of callback prototypes inside -# other function prototypes which trigger copious warnings with gcc's -# -Wstrict-prototypes, which is included in -Wall. -# -# An example: -# -# int i2d_RSA_NET(const RSA *a, unsigned char **pp, -# int (*cb)(), int sgckey); -# ^^^^^^^^^^^ -# -# -# -openssl_triggers_warnings=unknown -NTPO_SAVED_CFLAGS="$CFLAGS" + esac dnl linking with -lcrypto alone fails +esac dnl using SSL and not from pkg-config +dnl +dnl Older OpenSSL headers have a number of callback prototypes inside +dnl other function prototypes which trigger copious warnings with gcc's +dnl -Wstrict-prototypes, which is included in -Wall. +dnl +dnl An example: +dnl +dnl int i2d_RSA_NET(const RSA *a, unsigned char **pp, +dnl int (*cb)(), int sgckey); +dnl ^^^^^^^^^^^ +dnl case "$ntp_openssl:$GCC" in yes:yes) - CFLAGS="$CFLAGS -Werror" - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ - ]], - [[ - /* see if -Werror breaks gcc */ - ]] - )], - [gcc_handles_Werror=yes], - [gcc_handles_Werror=no] + CFLAGS="$NTP_SAVED_CFLAGS $ntp_ssl_cflags -Werror" + CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS $ntp_ssl_cppflags" + LIBS="$ntp_ssl_libs $NTPSSL_SAVED_LIBS" + LDFLAGS="$ntp_ssl_ldflags $NTPSSL_SAVED_LDFLAGS" + AC_CACHE_CHECK( + [If $CC supports -Werror], + [ntp_cv_gcc_supports_Werror], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([], [])], + [ntp_cv_gcc_supports_Werror=yes], + [ntp_cv_gcc_supports_Werror=no] + )] ) - case "$gcc_handles_Werror" in + case "ntp_cv_gcc_supports_Werror" in no) - # if this gcc doesn't do -Werror go ahead and use - # -Wstrict-prototypes. - openssl_triggers_warnings=yes + ntp_use_Wstrict_prototypes=yes ;; yes) CFLAGS="$CFLAGS -Wstrict-prototypes" - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [[ - #include "openssl/asn1_mac.h" - #include "openssl/bn.h" - #include "openssl/err.h" - #include "openssl/evp.h" - #include "openssl/pem.h" - #include "openssl/rand.h" - #include "openssl/x509v3.h" - ]], - [[ - /* empty body */ - ]] - )], - [openssl_triggers_warnings=no], - [openssl_triggers_warnings=yes] + AC_CACHE_CHECK( + [if OpenSSL triggers warnings], + [ntp_cv_ssl_triggers_warnings], + [AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM( + [[ + #include "openssl/asn1_mac.h" + #include "openssl/bn.h" + #include "openssl/err.h" + #include "openssl/evp.h" + #include "openssl/pem.h" + #include "openssl/rand.h" + #include "openssl/x509v3.h" + ]], + [[ + /* empty body */ + ]] + )], + [ntp_cv_ssl_triggers_warnings=no], + [ntp_cv_ssl_triggers_warnings=yes] + )] ) + case "$ntp_cv_ssl_triggers_warnings" in + yes) + ntp_use_Wstrict_prototypes=no + ;; + *) + ntp_use_Wstrict_prototypes=yes + esac esac - case "$openssl_triggers_warnings" in - yes) - CFLAGS_NTP="$CFLAGS_NTP -Wno-strict-prototypes" + case "$ntp_use_Wstrict_prototypes" in + no) + ntp_ssl_cflags="$ntp_ssl_cflags -Wno-strict-prototypes" ;; *) - CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" + ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" esac ;; no:yes) - # gcc without OpenSSL - CFLAGS_NTP="$CFLAGS_NTP -Wstrict-prototypes" -esac + dnl gcc without OpenSSL + ntp_ssl_cflags="$ntp_ssl_cflags -Wstrict-prototypes" +esac dnl checking for gcc problems with -Werror and -Wstrict-prototypes -# Because we don't want -Werror for the EVP_MD_do_all_sorted check -CFLAGS="$NTPO_SAVED_CFLAGS" +AC_MSG_CHECKING([if we will link to ssl library]) +AC_MSG_RESULT([$ntp_openssl]) case "$ntp_openssl" in yes) - LIBS="$NTPO_SAVED_LIBS $LDADD_NTP" + VER_SUFFIX=o + AC_CHECK_HEADERS( + [openssl/cmac.h], + [ntp_enable_cmac=yes], + [ntp_enable_cmac=no] + ) + case "$ntp_enable_cmac" in + yes) + AC_DEFINE([ENABLE_CMAC], [1], [Enable CMAC support?]) + esac + AC_DEFINE([OPENSSL], [], [Use OpenSSL?]) + dnl OpenSSL 3 deprecates a bunch of functions used by Autokey. + dnl Adapting our code to the bold new way is not a priority + dnl for us because we do not want to require OpenSSL 3 yet. + dnl The deprecation warnings clutter up the build output + dnl encouraging the habit of ignoring warnings. + dnl So, tell it to the hand, OpenSSL deprecation warnings... + AC_DEFINE([OPENSSL_SUPPRESS_DEPRECATED], [1], + [Suppress OpenSSL 3 deprecation warnings]) + dnl We don't want -Werror for the EVP_MD_do_all_sorted check + CFLAGS="$NTPSSL_SAVED_CFLAGS" AC_CHECK_FUNCS([EVP_MD_do_all_sorted]) - ;; + CPPFLAGS_NTP="$CPPFLAGS_NTP $ntp_ssl_cppflags" + CFLAGS_NTP="$CFLAGS_NTP $ntp_ssl_cflags" + LDADD_NTP="$ntp_ssl_libs $LDADD_NTP" + LDFLAGS_NTP="$ntp_ssl_ldflags $LDFLAGS_NTP" esac -dnl AC_MSG_NOTICE([OpenSSL final checks:]) -dnl AC_MSG_NOTICE([CPPFLAGS_NTP: $CPPFLAGS_NTP]) -dnl AC_MSG_NOTICE([CFLAGS_NTP: $CFLAGS_NTP]) -dnl AC_MSG_NOTICE([LDADD_NTP: $LDADD_NTP]) -dnl AC_MSG_NOTICE([LDFLAGS_NTP: $LDFLAGS_NTP]) +NTP_OPENSSL_VERBOSE_MSG([OpenSSL final checks:]) +NTP_OPENSSL_VERBOSE_MSG([ntp_openssl: $ntp_openssl]) +NTP_OPENSSL_VERBOSE_MSG([CPPFLAGS_NTP: ($CPPFLAGS_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([CFLAGS_NTP: ($CFLAGS_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([LDADD_NTP: ($LDADD_NTP)]) +NTP_OPENSSL_VERBOSE_MSG([LDFLAGS_NTP: ($LDFLAGS_NTP)]) + +CFLAGS="$NTPSSL_SAVED_CFLAGS" +CPPFLAGS="$NTPSSL_SAVED_CPPFLAGS" +LIBS="$NTPSSL_SAVED_LIBS" +LDFLAGS="$NTPSSL_SAVED_LDFLAGS" -CPPFLAGS="$NTPO_SAVED_CPPFLAGS" -LIBS="$NTPO_SAVED_LIBS" -AS_UNSET([NTPO_SAVED_CFLAGS]) -AS_UNSET([NTPO_SAVED_CPPFLAGS]) -AS_UNSET([NTPO_SAVED_LIBS]) -AS_UNSET([openssl_triggers_warnings]) +AS_UNSET([NTPSSL_SAVED_CFLAGS]) +AS_UNSET([NTPSSL_SAVED_CPPFLAGS]) +AS_UNSET([NTPSSL_SAVED_LIBS]) +AS_UNSET([NTPSSL_SAVED_LDFLAGS]) +AS_UNSET([ntp_enable_cmac]) +AS_UNSET([ntp_use_Wstrict_prototypes]) AS_UNSET([ntp_openssl_from_pkg_config]) +AS_UNSET([ntp_openssl_version]) +AS_UNSET([ntp_ssl_cflags]) +AS_UNSET([ntp_ssl_cppflags]) +AS_UNSET([ntp_ssl_libdir_search]) +AS_UNSET([ntp_ssl_incdir_search]) +AS_UNSET([ntp_ssl_libdir]) +AS_UNSET([ntp_ssl_incdir]) +AS_UNSET([ntp_ssl_libs_l]) +AS_UNSET([ntp_ssl_libs_L]) +AS_UNSET([ntp_ssl_ldflags]) + ]) +dnl end of AC_DEFUN([NTP_OPENSSL]) +dnl +AC_DEFUN( + [NTP_OPENSSL_VERBOSE_MSG], + [dnl + case "$enable_verbose_ssl" in + yes) AC_MSG_NOTICE([$1]) + esac + ] +) +dnl dnl ====================================================================== diff --git a/sntp/m4/version.m4 b/sntp/m4/version.m4 index 95deaa41c695..add8fc6018cb 100644 --- a/sntp/m4/version.m4 +++ b/sntp/m4/version.m4 @@ -1 +1 @@ -m4_define([VERSION_NUMBER],[4.2.8p17]) +m4_define([VERSION_NUMBER],[4.2.8p18]) diff --git a/sntp/main.c b/sntp/main.c index 08064a6c0eaa..b1a35b42a431 100644 --- a/sntp/main.c +++ b/sntp/main.c @@ -1010,12 +1010,12 @@ kill_asyncio( sock6 = INVALID_SOCKET; } if (INVALID_SOCKET != bsock4) { - closesocket(sock4); - sock4 = INVALID_SOCKET; + closesocket(bsock4); + bsock4 = INVALID_SOCKET; } if (INVALID_SOCKET != bsock6) { - closesocket(sock6); - sock6 = INVALID_SOCKET; + closesocket(bsock6); + bsock6 = INVALID_SOCKET; } } #endif @@ -1033,9 +1033,9 @@ worker_resp_cb( { blocking_child * c; - DEBUG_INSIST(EV_READ & what); + REQUIRE(EV_READ & what); c = ctx; - DEBUG_INSIST(fd == c->resp_read_pipe); + INSIST(fd == c->resp_read_pipe); process_blocking_resp(c); } @@ -1060,7 +1060,7 @@ intres_timeout_req( ev_worker_timeout = event_new(base, -1, EV_TIMEOUT | EV_PERSIST, &worker_timeout, NULL); - DEBUG_INSIST(NULL != ev_worker_timeout); + INSIST(NULL != ev_worker_timeout); } else { event_del(ev_worker_timeout); } @@ -1082,7 +1082,7 @@ worker_timeout( UNUSED_ARG(fd); UNUSED_ARG(ctx); - DEBUG_REQUIRE(EV_TIMEOUT & what); + REQUIRE(EV_TIMEOUT & what); worker_idle_timer_fired(); } @@ -1144,8 +1144,8 @@ generate_pkt ( } if (pkt_key != NULL) { x_pkt->exten[0] = htonl(key_id); - mac_size = make_mac(x_pkt, pkt_len, MAX_MDG_LEN, - pkt_key, (char *)&x_pkt->exten[1]); + mac_size = make_mac(x_pkt, pkt_len, pkt_key, + (char *)&x_pkt->exten[1], MAX_MDG_LEN); if (mac_size > 0) pkt_len += mac_size + KEY_MAC_LEN; #ifdef DEBUG diff --git a/sntp/scm-rev b/sntp/scm-rev index 5e3d42f5e853..3e354b6addff 100644 --- a/sntp/scm-rev +++ b/sntp/scm-rev @@ -1 +1 @@ -1.4004 +1.4062 diff --git a/sntp/scripts/Makefile.in b/sntp/scripts/Makefile.in index 42d86ecb59d3..4ad3e371b4e1 100644 --- a/sntp/scripts/Makefile.in +++ b/sntp/scripts/Makefile.in @@ -97,6 +97,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ $(top_srcdir)/m4/ntp_cacheversion.m4 \ $(top_srcdir)/m4/ntp_compiler.m4 \ $(top_srcdir)/m4/ntp_crosscompile.m4 \ + $(top_srcdir)/m4/ntp_crypto_rand.m4 \ $(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \ $(top_srcdir)/m4/ntp_facilitynames.m4 \ $(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \ @@ -290,6 +291,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ diff --git a/sntp/scripts/cvo.sh b/sntp/scripts/cvo.sh index ecd80922301f..77a161172499 100755 --- a/sntp/scripts/cvo.sh +++ b/sntp/scripts/cvo.sh @@ -26,7 +26,13 @@ case "$#" in CVO_OS=$4 case "$cvo_KERN" in linux) # Braindamage. We want OS, not kernel info - if lsb_release > /dev/null 2>&1 + if test -f /etc/os-release + then + . /etc/os-release + ID=`echo $ID | tr '-' '_'` + CVO_OS="${ID}${VERSION_ID}" + CVO_KOSVER=`uname -r` + elif lsb_release > /dev/null 2>&1 then CVO_OS=`lsb_release --id --short | tr '[:upper:]' '[:lower:]'` CVO_OS="$CVO_OS`lsb_release --release --short`" diff --git a/sntp/sntp-opts.c b/sntp/sntp-opts.c index 29c726cb5973..d4634aa8d710 100644 --- a/sntp/sntp-opts.c +++ b/sntp/sntp-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (sntp-opts.c) * - * It has been AutoGen-ed June 6, 2023 at 04:35:52 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:02:07 AM by AutoGen 5.18.16 * From the definitions sntp-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The sntp program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -74,8 +74,8 @@ extern FILE * option_usage_fp; * static const strings for sntp options */ static char const sntp_opt_strs[2567] = -/* 0 */ "sntp 4.2.8p17\n" - "Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n" +/* 0 */ "sntp 4.2.8p18\n" + "Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" "can be seen at:\n" @@ -160,7 +160,7 @@ static char const sntp_opt_strs[2567] = /* 2313 */ "LOAD_OPTS\0" /* 2323 */ "no-load-opts\0" /* 2336 */ "SNTP\0" -/* 2341 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p17\n" +/* 2341 */ "sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p18\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n" "\t\t[ hostname-or-IP ...]\n\0" /* 2501 */ "$HOME\0" @@ -168,7 +168,7 @@ static char const sntp_opt_strs[2567] = /* 2509 */ ".ntprc\0" /* 2516 */ "https://bugs.ntp.org, bugs@ntp.org\0" /* 2551 */ "\n\0" -/* 2553 */ "sntp 4.2.8p17"; +/* 2553 */ "sntp 4.2.8p18"; /** * ipv4 option description with @@ -1180,8 +1180,8 @@ static void bogus_function(void) { translate option names. */ /* referenced via sntpOptions.pzCopyright */ - puts(_("sntp 4.2.8p17\n\ -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + puts(_("sntp 4.2.8p18\n\ +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ can be seen at:\n")); @@ -1270,7 +1270,7 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via sntpOptions.pzUsageTitle */ - puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p17\n\ + puts(_("sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p18\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ \t\t[ hostname-or-IP ...]\n")); @@ -1278,7 +1278,7 @@ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \\\n\ puts(_("\n")); /* referenced via sntpOptions.pzFullVersion */ - puts(_("sntp 4.2.8p17")); + puts(_("sntp 4.2.8p18")); /* referenced via sntpOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/sntp/sntp-opts.h b/sntp/sntp-opts.h index a7cff4d550b0..e9efb0c4da62 100644 --- a/sntp/sntp-opts.h +++ b/sntp/sntp-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (sntp-opts.h) * - * It has been AutoGen-ed June 6, 2023 at 04:35:52 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:02:07 AM by AutoGen 5.18.16 * From the definitions sntp-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The sntp program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -99,9 +99,9 @@ typedef enum { /** count of all options for sntp */ #define OPTION_CT 23 /** sntp version */ -#define SNTP_VERSION "4.2.8p17" +#define SNTP_VERSION "4.2.8p18" /** Full sntp version text */ -#define SNTP_FULL_VERSION "sntp 4.2.8p17" +#define SNTP_FULL_VERSION "sntp 4.2.8p18" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/sntp/sntp.1sntpman b/sntp/sntp.1sntpman index 7d532020c280..d10d13cddbbc 100644 --- a/sntp/sntp.1sntpman +++ b/sntp/sntp.1sntpman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH sntp 1sntpman "06 Jun 2023" "4.2.8p17" "User Commands" +.TH sntp 1sntpman "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:36:14 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:02:30 AM by AutoGen 5.18.16 .\" From the definitions sntp-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -353,7 +353,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .NOP "Dave Hart" .br .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/sntp/sntp.1sntpmdoc b/sntp/sntp.1sntpmdoc index 0f58ff4090af..f0b3f4641ea1 100644 --- a/sntp/sntp.1sntpmdoc +++ b/sntp/sntp.1sntpmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt SNTP 1sntpmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:36:10 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:02:26 AM by AutoGen 5.18.16 .\" From the definitions sntp-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -308,7 +308,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .An "Harlan Stenn" .An "Dave Hart" .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/sntp/sntp.html b/sntp/sntp.html index 71d3c35d439c..b5154d115d87 100644 --- a/sntp/sntp.html +++ b/sntp/sntp.html @@ -53,7 +53,7 @@ display the time offset of the system clock relative to the server clock. Run as root, it can correct the system clock to this offset as well. It can be run as an interactive command or from a cron job. </p> -<p>This document applies to version 4.2.8p17 of <code>sntp</code>. +<p>This document applies to version 4.2.8p18 of <code>sntp</code>. </p> <p>The program implements the SNTP protocol as defined by RFC 5905, the NTPv4 IETF specification. @@ -226,7 +226,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p17 +<pre class="example">sntp - standard Simple Network Time Protocol client program - Ver. 4.2.8p18 Usage: sntp [ -<flag> [<val>] | --<name>[{=| }<val>] ]... \ [ hostname-or-IP ...] Flg Arg Option-Name Description diff --git a/sntp/sntp.man.in b/sntp/sntp.man.in index ca4ddea8e35c..050d1e9cd3f0 100644 --- a/sntp/sntp.man.in +++ b/sntp/sntp.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH sntp @SNTP_MS@ "06 Jun 2023" "4.2.8p17" "User Commands" +.TH sntp @SNTP_MS@ "25 May 2024" "4.2.8p18" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:36:14 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:02:30 AM by AutoGen 5.18.16 .\" From the definitions sntp-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -353,7 +353,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .NOP "Dave Hart" .br .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/sntp/sntp.mdoc.in b/sntp/sntp.mdoc.in index 3e5fa337725f..2a3f8cfaa9c9 100644 --- a/sntp/sntp.mdoc.in +++ b/sntp/sntp.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt SNTP @SNTP_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (sntp-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:36:10 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:02:26 AM by AutoGen 5.18.16 .\" From the definitions sntp-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -308,7 +308,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .An "Harlan Stenn" .An "Dave Hart" .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh "BUGS" Please send bug reports to: https://bugs.ntp.org, bugs@ntp.org diff --git a/sntp/tests/Makefile.in b/sntp/tests/Makefile.in index 2e52ab0b27ca..4363ed10d34e 100644 --- a/sntp/tests/Makefile.in +++ b/sntp/tests/Makefile.in @@ -97,6 +97,7 @@ check_PROGRAMS = test-crypto$(EXEEXT) test-keyFile$(EXEEXT) \ @BUILD_TEST_KODDATABASE_TRUE@am__append_1 = test-kodDatabase @BUILD_TEST_KODFILE_TRUE@am__append_2 = test-kodFile @NTP_CROSSCOMPILE_FALSE@am__append_3 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_4 = check-libntp subdir = tests ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ @@ -107,6 +108,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ $(top_srcdir)/m4/ntp_cacheversion.m4 \ $(top_srcdir)/m4/ntp_compiler.m4 \ $(top_srcdir)/m4/ntp_crosscompile.m4 \ + $(top_srcdir)/m4/ntp_crypto_rand.m4 \ $(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \ $(top_srcdir)/m4/ntp_facilitynames.m4 \ $(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \ @@ -675,6 +677,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ @@ -768,7 +771,7 @@ BUILT_SOURCES = $(srcdir)/run-crypto.c $(srcdir)/run-keyFile.c \ $(srcdir)/run-kodDatabase.c $(srcdir)/run-kodFile.c \ $(srcdir)/run-networking.c $(srcdir)/run-packetHandling.c \ $(srcdir)/run-packetProcessing.c $(srcdir)/run-utilities.c \ - $(NULL) check-libntp check-libsntp check-libunity .deps-ver + $(NULL) $(am__append_4) check-libsntp check-libunity .deps-ver # data CLEANFILES down below CLEANFILES = debug-output-lfp-bin debug-output-lfp-dec \ @@ -777,8 +780,7 @@ CLEANFILES = debug-output-lfp-bin debug-output-lfp-dec \ version.c $(NULL) data/kod-output-multiple \ data/kod-output-single data/debug-output-pkt \ data/debug-output-lfp-dec data/kod-output-blank \ - data/debug-output-lfp-bin $(NULL) check-libntp check-libsntp \ - check-libunity .deps-ver + data/debug-output-lfp-bin $(NULL) check-libunity .deps-ver DISTCLEANFILES = kod-output-blank kod-output-single \ kod-output-multiple testLogfile.log testLogfile2.log $(NULL) \ $(DEPDIR)/deps-ver @@ -1614,20 +1616,17 @@ FRC.scm-rev: always out-of-date causing targets which depend on it to also \ be outdated so their rules to fire each time they are built. -check-libntp: $(top_builddir)/../libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/../libntp/libntp.a: - cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/../libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a -check-libsntp: $(top_builddir)/sntp/libsntp.a - @: avoid default SCCS get by some make implementations - -$(top_builddir)/sntp/libsntp.a: +.PHONY: check-libsntp +check-libsntp: cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) libsntp.a check-libunity: $(top_builddir)/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/unity/libunity.a: cd $(top_builddir)/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/sntp/tests/crypto.c b/sntp/tests/crypto.c index 8ecd74368011..509efe79c3a2 100644 --- a/sntp/tests/crypto.c +++ b/sntp/tests/crypto.c @@ -7,15 +7,14 @@ #define CMAC "AES128CMAC" -#define MD5_LENGTH 16 #define SHA1_LENGTH 20 #define CMAC_LENGTH 16 -void test_MakeMd5Mac(void); +void test_MakeSHAKE128Mac(void); void test_MakeSHA1Mac(void); void test_MakeCMac(void); -void test_VerifyCorrectMD5(void); +void test_VerifySHAKE128(void); void test_VerifySHA1(void); void test_VerifyCMAC(void); void test_VerifyFailure(void); @@ -26,26 +25,36 @@ void VerifyOpenSSLCMAC(struct key *cmac); void -test_MakeMd5Mac(void) +test_MakeSHAKE128Mac(void) { - const char* PKT_DATA = "abcdefgh0123"; - const int PKT_LEN = strlen(PKT_DATA); - const char* EXPECTED_DIGEST = - "\x52\x6c\xb8\x38\xaf\x06\x5a\xfb\x6c\x98\xbb\xc0\x9b\x0a\x7a\x1b"; - char actual[MD5_LENGTH]; - - struct key md5; - md5.next = NULL; - md5.key_id = 10; - md5.key_len = 6; - memcpy(&md5.key_seq, "md5seq", md5.key_len); - strlcpy(md5.typen, "MD5", sizeof(md5.typen)); - md5.typei = keytype_from_text(md5.typen, NULL); - - TEST_ASSERT_EQUAL(MD5_LENGTH, - make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual)); - - TEST_ASSERT_TRUE(memcmp(EXPECTED_DIGEST, actual, MD5_LENGTH) == 0); +#ifdef OPENSSL + + const char KEY[] = "SHAKE128 unit test key"; + const u_char PAYLOAD[] = "packettestdata16"; + const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1; + const u_char EXPECTED_DIGEST[] = + "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6" + "\x73\x62\x68\x8D\x11\xB8\x42\xBB"; + u_char actual[sizeof(EXPECTED_DIGEST) - 1]; + struct key sk; + + sk.next = NULL; + sk.key_id = 10; + sk.key_len = sizeof(KEY) - 1; + memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len)); + strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen)); + sk.typei = keytype_from_text(sk.typen, NULL); + + TEST_ASSERT_EQUAL(sizeof(actual), + make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual, + sizeof(actual))); + + TEST_ASSERT_EQUAL_HEX8_ARRAY(EXPECTED_DIGEST, actual, sizeof(actual)); +#else + + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); + +#endif /* OPENSSL */ } @@ -70,14 +79,15 @@ test_MakeSHA1Mac(void) sha1.typei = keytype_from_text(sha1.typen, NULL); TEST_ASSERT_EQUAL(SHA1_LENGTH, - make_mac(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1, actual)); + make_mac(PKT_DATA, PKT_LEN, &sha1, actual, + SHA1_LENGTH)); TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, SHA1_LENGTH); - + #else - + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); - + #endif /* OPENSSL */ } @@ -93,8 +103,8 @@ test_MakeCMac(void) "\xdd\x35\xd5\xf5\x14\x23\xd9\xd6" "\x38\x5d\x29\x80\xfe\x51\xb9\x6b"; char actual[CMAC_LENGTH]; - struct key cmac; + cmac.next = NULL; cmac.key_id = 30; cmac.key_len = CMAC_LENGTH; @@ -102,37 +112,53 @@ test_MakeCMac(void) memcpy(&cmac.typen, CMAC, strlen(CMAC) + 1); TEST_ASSERT_EQUAL(CMAC_LENGTH, - make_mac(PKT_DATA, PKT_LEN, CMAC_LENGTH, &cmac, actual)); + make_mac(PKT_DATA, PKT_LEN, &cmac, actual, CMAC_LENGTH)); TEST_ASSERT_EQUAL_MEMORY(EXPECTED_DIGEST, actual, CMAC_LENGTH); - + #else - - TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); - + + TEST_IGNORE_MESSAGE("CMAC not enabled, skipping..."); + #endif /* OPENSSL */ } void -test_VerifyCorrectMD5(void) +test_VerifySHAKE128(void) { - const char* PKT_DATA = - "sometestdata" /* Data */ - "\0\0\0\0" /* Key-ID (unused) */ - "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */ - "\x2b\x7b\xfe\x4f\xa2\x32\xcf\xac"; - const int PKT_LEN = 12; +#ifdef OPENSSL + const char KEY[] = "SHAKE128 unit test key"; + const u_char PAYLOAD[] = "packettestdata16"; + const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1; + const u_char EXPECTED_DIGEST[] = + "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6" + "\x73\x62\x68\x8D\x11\xB8\x42\xBB"; + const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1; + struct key sk; + u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id) + + DIGEST_LEN]; + u_char *p; + + sk.next = NULL; + sk.key_id = 0; + sk.key_len = sizeof(KEY) - 1; + memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len)); + strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen)); + sk.typei = keytype_from_text(sk.typen, NULL); + + p = PKT_DATA; + memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN; + memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id); + memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN; + TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA); + + TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk)); +#else - struct key md5; - md5.next = NULL; - md5.key_id = 0; - md5.key_len = 6; - memcpy(&md5.key_seq, "md5key", md5.key_len); - strlcpy(md5.typen, "MD5", sizeof(md5.typen)); - md5.typei = keytype_from_text(md5.typen, NULL); + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); - TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5)); +#endif /* OPENSSL */ } @@ -147,21 +173,21 @@ test_VerifySHA1(void) "\xad\x07\xde\x36\x39\xa6\x77\xfa\x5b\xce" /* MAC */ "\x2d\x8a\x7d\x06\x96\xe6\x0c\xbc\xed\xe1"; const int PKT_LEN = 12; - struct key sha1; + sha1.next = NULL; sha1.key_id = 0; sha1.key_len = 7; memcpy(&sha1.key_seq, "sha1key", sha1.key_len); - strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen)); + strlcpy(sha1.typen, "SHA1", sizeof(sha1.typen)); sha1.typei = keytype_from_text(sha1.typen, NULL); TEST_ASSERT_TRUE(auth_md5(PKT_DATA, PKT_LEN, SHA1_LENGTH, &sha1)); - + #else - + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); - + #endif /* OPENSSL */ } @@ -169,12 +195,6 @@ test_VerifySHA1(void) void test_VerifyCMAC(void) { - const char* PKT_DATA = - "sometestdata" /* Data */ - "\0\0\0\0" /* Key-ID (unused) */ - "\x4e\x0c\xf0\xe2\xc7\x8e\xbb\xbf" /* MAC */ - "\x79\xfc\x87\xc7\x8b\xb7\x4a\x0b"; - const int PKT_LEN = 12; struct key cmac; cmac.next = NULL; @@ -198,9 +218,9 @@ VerifyOpenSSLCMAC(struct key *cmac) TEST_IGNORE_MESSAGE("VerifyOpenSSLCMAC needs to be implemented, skipping..."); #else - - TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); - + + TEST_IGNORE_MESSAGE("CMAC not enabled, skipping..."); + #endif /* OPENSSL */ return; } @@ -222,42 +242,77 @@ VerifyLocalCMAC(struct key *cmac) void test_VerifyFailure(void) { - /* We use a copy of the MD5 verification code, but modify the - * last bit to make sure verification fails. + /* + * We use a copy of test_VerifySHAKE128(), but modify the + * last packet octet to make sure verification fails. */ - const char* PKT_DATA = - "sometestdata" /* Data */ - "\0\0\0\0" /* Key-ID (unused) */ - "\xc7\x58\x99\xdd\x99\x32\x0f\x71" /* MAC */ - "\x2b\x7b\xfe\x4f\xa2\x32\xcf\x00"; /* Last byte is wrong! */ - const int PKT_LEN = 12; +#ifdef OPENSSL + const char KEY[] = "SHAKE128 unit test key"; + const u_char PAYLOAD[] = "packettestdata1_"; + /* last packet byte different */ + const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1; + const u_char EXPECTED_DIGEST[] = + "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6" + "\x73\x62\x68\x8D\x11\xB8\x42\xBB"; + const size_t DIGEST_LEN = sizeof(EXPECTED_DIGEST) - 1; + struct key sk; + u_char PKT_DATA[ PAYLOAD_LEN + sizeof(sk.key_id) + + DIGEST_LEN]; + u_char *p; + + sk.next = NULL; + sk.key_id = 0; + sk.key_len = sizeof(KEY) - 1; + memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len)); + strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen)); + sk.typei = keytype_from_text(sk.typen, NULL); + + p = PKT_DATA; + memcpy(p, PAYLOAD, PAYLOAD_LEN); p += PAYLOAD_LEN; + memcpy(p, &sk.key_id, sizeof(sk.key_id)); p += sizeof(sk.key_id); + memcpy(p, EXPECTED_DIGEST, DIGEST_LEN); p += DIGEST_LEN; + TEST_ASSERT_TRUE(sizeof(PKT_DATA) == p - PKT_DATA); + + TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PAYLOAD_LEN, DIGEST_LEN, &sk)); +#else - struct key md5; - md5.next = NULL; - md5.key_id = 0; - md5.key_len = 6; - memcpy(&md5.key_seq, "md5key", md5.key_len); - strlcpy(md5.typen, "MD5", sizeof(md5.typen)); - md5.typei = keytype_from_text(md5.typen, NULL); + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); - TEST_ASSERT_FALSE(auth_md5(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5)); +#endif /* OPENSSL */ } void test_PacketSizeNotMultipleOfFourBytes(void) { - const char* PKT_DATA = "123456"; - const int PKT_LEN = 6; - char actual[MD5_LENGTH]; - - struct key md5; - md5.next = NULL; - md5.key_id = 10; - md5.key_len = 6; - memcpy(&md5.key_seq, "md5seq", md5.key_len); - strlcpy(md5.typen, "MD5", sizeof(md5.typen)); - md5.typei = keytype_from_text(md5.typen, NULL); - - TEST_ASSERT_EQUAL(0, make_mac(PKT_DATA, PKT_LEN, MD5_LENGTH, &md5, actual)); + /* + * We use a copy of test_MakeSHAKE128Mac(), but modify + * the packet length to 17. + */ +#ifdef OPENSSL + + const char KEY[] = "SHAKE128 unit test key"; + const u_char PAYLOAD[] = "packettestdata_17"; + const size_t PAYLOAD_LEN = sizeof(PAYLOAD) - 1; + const u_char EXPECTED_DIGEST[] = + "\x62\x5A\x8F\xE4\x66\xCB\xF3\xA6" + "\x73\x62\x68\x8D\x11\xB8\x42\xBB"; + u_char actual[sizeof(EXPECTED_DIGEST) - 1]; + struct key sk; + + sk.next = NULL; + sk.key_id = 10; + sk.key_len = sizeof(KEY) - 1; + memcpy(&sk.key_seq, KEY, min(sizeof(sk.key_seq), sk.key_len)); + strlcpy(sk.typen, "SHAKE128", sizeof(sk.typen)); + sk.typei = keytype_from_text(sk.typen, NULL); + + TEST_ASSERT_EQUAL(0, + make_mac(PAYLOAD, PAYLOAD_LEN, &sk, actual, + sizeof(actual))); +#else + + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); + +#endif /* OPENSSL */ } diff --git a/sntp/tests/fileHandlingTest.h.in b/sntp/tests/fileHandlingTest.h.in index b93ed9e90293..86c9f2c7cd0e 100644 --- a/sntp/tests/fileHandlingTest.h.in +++ b/sntp/tests/fileHandlingTest.h.in @@ -1,3 +1,9 @@ +/* + * fileHandlingTest.h[.in] + * + * @configure_input@ + */ + #ifndef FILE_HANDLING_TEST_H #define FILE_HANDLING_TEST_H @@ -23,4 +29,4 @@ extern int GetFileSize(FILE *file); extern bool CompareFileContent(FILE* expected, FILE* actual); extern void ClearFile(const char * filename) ; -#endif // FILE_HANDLING_TEST_H +#endif /* FILE_HANDLING_TEST_H */ diff --git a/sntp/tests/packetHandling.c b/sntp/tests/packetHandling.c index 6787eeaa2fe9..cf52ccd60faa 100644 --- a/sntp/tests/packetHandling.c +++ b/sntp/tests/packetHandling.c @@ -72,26 +72,36 @@ test_GenerateUnauthenticatedPacket(void) void test_GenerateAuthenticatedPacket(void) { - static const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_MD5_LEN; - +#ifdef OPENSSL + + const int EXPECTED_PKTLEN = LEN_PKT_NOMAC + MAX_SHAKE128_LEN; + struct key testkey; struct pkt testpkt; struct timeval xmt; l_fp expected_xmt, actual_xmt; - char expected_mac[MAX_MD5_LEN]; - + const char key[] = "123456789"; + size_t mac_sz; + const u_char expected_mac[] = { + 0x46, 0x79, 0x81, 0x6b, + 0x22, 0xe3, 0xa7, 0xaf, + 0x1d, 0x63, 0x20, 0xfb, + 0xc7, 0xd6, 0x87, 0x2c + }; + testkey.next = NULL; testkey.key_id = 30; - testkey.key_len = 9; - memcpy(testkey.key_seq, "123456789", testkey.key_len); - strlcpy(testkey.typen, "MD5", sizeof(testkey.typen)); + strlcpy(testkey.key_seq, key, sizeof(testkey.key_seq)); + testkey.key_len = strlen(testkey.key_seq); + strlcpy(testkey.typen, "SHAKE128", sizeof(testkey.typen)); testkey.typei = keytype_from_text(testkey.typen, NULL); - GETTIMEOFDAY(&xmt, NULL); - xmt.tv_sec += JAN_1970; + xmt.tv_sec = JAN_1970; + xmt.tv_usec = 0; TEST_ASSERT_EQUAL(EXPECTED_PKTLEN, - generate_pkt(&testpkt, &xmt, testkey.key_id, &testkey)); + generate_pkt(&testpkt, &xmt, testkey.key_id, + &testkey)); TEST_ASSERT_EQUAL(LEAP_NOTINSYNC, PKT_LEAP(testpkt.li_vn_mode)); TEST_ASSERT_EQUAL(NTP_VERSION, PKT_VERSION(testpkt.li_vn_mode)); @@ -105,10 +115,20 @@ test_GenerateAuthenticatedPacket(void) TEST_ASSERT_TRUE(LfpEquality(expected_xmt, actual_xmt)); TEST_ASSERT_EQUAL(testkey.key_id, ntohl(testpkt.exten[0])); - - TEST_ASSERT_EQUAL(MAX_MD5_LEN - 4, /* Remove the key_id, only keep the mac. */ - make_mac(&testpkt, LEN_PKT_NOMAC, MAX_MD5_LEN-4, &testkey, expected_mac)); - TEST_ASSERT_EQUAL_MEMORY(expected_mac, (char*)&testpkt.exten[1], MAX_MD5_LEN -4); + + TEST_ASSERT_EQUAL(sizeof(expected_mac), SHAKE128_LENGTH); + mac_sz = make_mac(&testpkt, LEN_PKT_NOMAC, &testkey, + &testpkt.exten[1], MAX_MDG_LEN); + TEST_ASSERT_EQUAL(mac_sz, SHAKE128_LENGTH); + + TEST_ASSERT_EQUAL_MEMORY(expected_mac, (void *)&testpkt.exten[1], + SHAKE128_LENGTH); + +#else /* !OPENSSL follows */ + + TEST_IGNORE_MESSAGE("OpenSSL not found, skipping..."); + +#endif } @@ -169,7 +189,7 @@ test_OffsetCalculationNegativeOffset(void) rpkt.precision = -1; rpkt.rootdelay = HTONS_FP(DTOUFP(0.5)); rpkt.rootdisp = HTONS_FP(DTOUFP(0.5)); - + /* Synch Distance is (0.5+0.5)/2.0, or 0.5 */ get_systime(&reftime); HTONL_FP(&reftime, &rpkt.reftime); diff --git a/sntp/tests/packetProcessing.c b/sntp/tests/packetProcessing.c index 53c454a9f064..0e7fedee271c 100644 --- a/sntp/tests/packetProcessing.c +++ b/sntp/tests/packetProcessing.c @@ -15,7 +15,6 @@ extern int key_cnt; void PrepareAuthenticationTest(int key_id,int key_len,const char* type,const void* key_seq); -void PrepareAuthenticationTestMD5(int key_id,int key_len,const void* key_seq); void setUp(void); void tearDown(void); void test_TooShortLength(void); @@ -35,14 +34,15 @@ void test_RejectWrongResponseServerMode(void); void test_AcceptNoSentPacketBroadcastMode(void); void test_CorrectUnauthenticatedPacket(void); void test_CorrectAuthenticatedPacketMD5(void); +void test_CorrectAuthenticatedPacketSHAKE128(void); void test_CorrectAuthenticatedPacketSHA1(void); void test_CorrectAuthenticatedPacketCMAC(void); /* [Bug 2998] There are some issues whith the definition of 'struct pkt' * when AUTOKEY is undefined -- the formal struct is too small to hold * all the extension fields that are going to be tested. We have to make - * sure we have the extra bytes, or the test yield undefined results due - * to buffer overrun. + * sure we have the extra bytes, or the test yields undefined results due + * to buffer overrun. */ #ifndef AUTOKEY # define EXTRA_BUFSIZE 256 @@ -53,7 +53,7 @@ void test_CorrectAuthenticatedPacketCMAC(void); union tpkt { struct pkt p; u_char b[sizeof(struct pkt) + EXTRA_BUFSIZE]; -}; +}; static union tpkt testpkt; static union tpkt testspkt; @@ -70,35 +70,28 @@ PrepareAuthenticationTest( ) { char str[25]; - snprintf(str, 25, "%d", key_id); + + snprintf(str, sizeof(str), "%d", key_id); ActivateOption("-a", str); key_cnt = 1; - key_ptr = emalloc(sizeof(struct key)); + if (NULL == key_ptr) { + key_ptr = emalloc(sizeof(*key_ptr)); + } key_ptr->next = NULL; key_ptr->key_id = key_id; key_ptr->key_len = key_len; - memcpy(key_ptr->typen, type, strlen(type) + 1); + strncpy(key_ptr->typen, type, sizeof(key_ptr->typen)); TEST_ASSERT_TRUE(key_len < sizeof(key_ptr->key_seq)); - memcpy(key_ptr->key_seq, key_seq, key_ptr->key_len); + memcpy(key_ptr->key_seq, key_seq, + min(key_len, sizeof(key_ptr->key_seq))); restoreKeyDb = true; } void -PrepareAuthenticationTestMD5( - int key_id, - int key_len, - const void * key_seq - ) -{ - PrepareAuthenticationTest(key_id, key_len, "MD5", key_seq); -} - - -void setUp(void) { @@ -109,7 +102,7 @@ setUp(void) * so they contain at least some valid data. */ testpkt.p.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOWARNING, NTP_VERSION, - MODE_SERVER); + MODE_SERVER); testpkt.p.stratum = STRATUM_REFCLOCK; memcpy(&testpkt.p.refid, "GPS\0", 4); @@ -127,7 +120,7 @@ setUp(void) void tearDown(void) -{ +{ if (restoreKeyDb) { key_cnt = 0; free(key_ptr); @@ -171,7 +164,7 @@ test_TooShortExtensionFieldLength(void) * still... */ uint32_t * pe = testpkt.p.exten + 7; - + /* The lower 16-bits are the length of the extension field. * This lengths must be multiples of 4 bytes, which gives * a minimum of 4 byte extension field length. @@ -224,19 +217,20 @@ test_CryptoNAKPacketReject(void) void test_AuthenticatedPacketInvalid(void) { +#ifdef OPENSSL + size_t pkt_len = LEN_PKT_NOMAC; + size_t mac_len; + /* Activate authentication option */ - PrepareAuthenticationTestMD5(50, 9, "123456789"); + PrepareAuthenticationTest(50, 9, "SHAKE128", "123456789"); TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); - - /* Prepare the packet. */ - int pkt_len = LEN_PKT_NOMAC; + /* Prepare the packet. */ testpkt.p.exten[0] = htonl(50); - int mac_len = make_mac(&testpkt.p, pkt_len, - MAX_MD5_LEN - KEY_MAC_LEN, key_ptr, - &testpkt.p.exten[1]); + mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, + &testpkt.p.exten[1], MAX_MDG_LEN); - pkt_len += 4 + mac_len; + pkt_len += KEY_MAC_LEN + mac_len; /* Now, alter the MAC so it becomes invalid. */ testpkt.p.exten[1] += 1; @@ -244,30 +238,43 @@ test_AuthenticatedPacketInvalid(void) TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); + +#endif } void test_AuthenticatedPacketUnknownKey(void) { +#ifdef OPENSSL + size_t pkt_len = LEN_PKT_NOMAC; + size_t mac_len; + /* Activate authentication option */ - PrepareAuthenticationTestMD5(30, 9, "123456789"); + PrepareAuthenticationTest(30, 9, "SHAKE128", "123456789"); TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); - + /* Prepare the packet. Note that the Key-ID expected is 30, but * the packet has a key id of 50. */ - int pkt_len = LEN_PKT_NOMAC; - testpkt.p.exten[0] = htonl(50); - int mac_len = make_mac(&testpkt.p, pkt_len, - MAX_MD5_LEN - KEY_MAC_LEN, key_ptr, - &testpkt.p.exten[1]); + mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, + &testpkt.p.exten[1], MAX_MDG_LEN); pkt_len += KEY_MAC_LEN + mac_len; TEST_ASSERT_EQUAL(SERVER_AUTH_FAIL, process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); + +#endif } @@ -282,7 +289,7 @@ test_ServerVersionTooOld(void) TEST_ASSERT_TRUE(PKT_VERSION(testpkt.p.li_vn_mode) < NTP_OLDVERSION); int pkt_len = LEN_PKT_NOMAC; - + TEST_ASSERT_EQUAL(SERVER_UNUSEABLE, process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); @@ -418,44 +425,96 @@ test_CorrectUnauthenticatedPacket(void) void test_CorrectAuthenticatedPacketMD5(void) { - PrepareAuthenticationTestMD5(10, 15, "123456789abcdef"); +#ifdef OPENSSL + + keyid_t k_id = 10; + int pkt_len = LEN_PKT_NOMAC; + int mac_len; + + PrepareAuthenticationTest(k_id, 15, "MD5", "123456789abcdef"); TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); + /* Prepare the packet. */ + testpkt.p.exten[0] = htonl(k_id); + mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, + &testpkt.p.exten[1], MAX_MDG_LEN); + + /* TODO: Should not expect failure if non-FIPS OpenSSL */ + TEST_EXPECT_FAIL_MESSAGE("FIPS OpenSSL bars MD5"); + + pkt_len += KEY_MAC_LEN + mac_len; + + TEST_ASSERT_EQUAL(pkt_len, + process_pkt(&testpkt.p, &testsock, pkt_len, + MODE_SERVER, &testspkt.p, "UnitTest")); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); + +#endif +} + + +void +test_CorrectAuthenticatedPacketSHAKE128(void) +{ +#ifdef OPENSSL + + keyid_t k_id = 10; int pkt_len = LEN_PKT_NOMAC; + int mac_len; + + PrepareAuthenticationTest(k_id, 15, "SHAKE128", "123456789abcdef"); + TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); /* Prepare the packet. */ - testpkt.p.exten[0] = htonl(10); - int mac_len = make_mac(&testpkt.p, pkt_len, - MAX_MD5_LEN - KEY_MAC_LEN, key_ptr, - &testpkt.p.exten[1]); + testpkt.p.exten[0] = htonl(k_id); + mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1], + SHAKE128_LENGTH); pkt_len += KEY_MAC_LEN + mac_len; TEST_ASSERT_EQUAL(pkt_len, process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); + +#endif } void test_CorrectAuthenticatedPacketSHA1(void) { - PrepareAuthenticationTest(20, 15, "SHA1", "abcdefghijklmno"); - TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); +#ifdef OPENSSL + keyid_t k_id = 20; int pkt_len = LEN_PKT_NOMAC; + int mac_len; + + PrepareAuthenticationTest(k_id, 15, "SHA1", "abcdefghijklmno"); + TEST_ASSERT_TRUE(ENABLED_OPT(AUTHENTICATION)); /* Prepare the packet. */ - testpkt.p.exten[0] = htonl(20); - int mac_len = make_mac(&testpkt.p, pkt_len, - MAX_MDG_LEN, key_ptr, - &testpkt.p.exten[1]); + testpkt.p.exten[0] = htonl(k_id); + mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, &testpkt.p.exten[1], + SHA1_LENGTH); pkt_len += KEY_MAC_LEN + mac_len; TEST_ASSERT_EQUAL(pkt_len, process_pkt(&testpkt.p, &testsock, pkt_len, MODE_SERVER, &testspkt.p, "UnitTest")); + +#else + + TEST_IGNORE_MESSAGE("OpenSSL not enabled, skipping..."); + +#endif } @@ -471,9 +530,8 @@ test_CorrectAuthenticatedPacketCMAC(void) /* Prepare the packet. */ testpkt.p.exten[0] = htonl(30); - int mac_len = make_mac(&testpkt.p, pkt_len, - MAX_MAC_LEN, key_ptr, - &testpkt.p.exten[1]); + int mac_len = make_mac(&testpkt.p, pkt_len, key_ptr, + &testpkt.p.exten[1], MAX_MAC_LEN); pkt_len += 4 + mac_len; @@ -482,9 +540,9 @@ test_CorrectAuthenticatedPacketCMAC(void) MODE_SERVER, &testspkt.p, "UnitTest")); #else - - TEST_IGNORE_MESSAGE("OpenSSL CMAC not used, skipping..."); - + + TEST_IGNORE_MESSAGE("CMAC not enabled, skipping..."); + #endif /* OPENSSL */ } diff --git a/sntp/tests/run-crypto.c b/sntp/tests/run-crypto.c index a486f86c4035..83e8d19434aa 100644 --- a/sntp/tests/run-crypto.c +++ b/sntp/tests/run-crypto.c @@ -30,10 +30,10 @@ //=======External Functions This Runner Calls===== extern void setUp(void); extern void tearDown(void); -extern void test_MakeMd5Mac(void); +extern void test_MakeSHAKE128Mac(void); extern void test_MakeSHA1Mac(void); extern void test_MakeCMac(void); -extern void test_VerifyCorrectMD5(void); +extern void test_VerifySHAKE128(void); extern void test_VerifySHA1(void); extern void test_VerifyCMAC(void); extern void test_VerifyFailure(void); @@ -66,14 +66,14 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("crypto.c"); - RUN_TEST(test_MakeMd5Mac, 15); - RUN_TEST(test_MakeSHA1Mac, 16); - RUN_TEST(test_MakeCMac, 17); - RUN_TEST(test_VerifyCorrectMD5, 18); - RUN_TEST(test_VerifySHA1, 19); - RUN_TEST(test_VerifyCMAC, 20); - RUN_TEST(test_VerifyFailure, 21); - RUN_TEST(test_PacketSizeNotMultipleOfFourBytes, 22); + RUN_TEST(test_MakeSHAKE128Mac, 14); + RUN_TEST(test_MakeSHA1Mac, 15); + RUN_TEST(test_MakeCMac, 16); + RUN_TEST(test_VerifySHAKE128, 17); + RUN_TEST(test_VerifySHA1, 18); + RUN_TEST(test_VerifyCMAC, 19); + RUN_TEST(test_VerifyFailure, 20); + RUN_TEST(test_PacketSizeNotMultipleOfFourBytes, 21); return (UnityEnd()); } diff --git a/sntp/tests/run-packetProcessing.c b/sntp/tests/run-packetProcessing.c index c91a6d340a39..eeeb6f1bf2f6 100644 --- a/sntp/tests/run-packetProcessing.c +++ b/sntp/tests/run-packetProcessing.c @@ -47,6 +47,7 @@ extern void test_RejectWrongResponseServerMode(void); extern void test_AcceptNoSentPacketBroadcastMode(void); extern void test_CorrectUnauthenticatedPacket(void); extern void test_CorrectAuthenticatedPacketMD5(void); +extern void test_CorrectAuthenticatedPacketSHAKE128(void); extern void test_CorrectAuthenticatedPacketSHA1(void); extern void test_CorrectAuthenticatedPacketCMAC(void); @@ -77,25 +78,26 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("packetProcessing.c"); - RUN_TEST(test_TooShortLength, 23); - RUN_TEST(test_LengthNotMultipleOfFour, 24); - RUN_TEST(test_TooShortExtensionFieldLength, 25); - RUN_TEST(test_UnauthenticatedPacketReject, 26); - RUN_TEST(test_CryptoNAKPacketReject, 27); - RUN_TEST(test_AuthenticatedPacketInvalid, 28); - RUN_TEST(test_AuthenticatedPacketUnknownKey, 29); - RUN_TEST(test_ServerVersionTooOld, 30); - RUN_TEST(test_ServerVersionTooNew, 31); - RUN_TEST(test_NonWantedMode, 32); - RUN_TEST(test_KoDRate, 33); - RUN_TEST(test_KoDDeny, 34); - RUN_TEST(test_RejectUnsyncedServer, 35); - RUN_TEST(test_RejectWrongResponseServerMode, 36); - RUN_TEST(test_AcceptNoSentPacketBroadcastMode, 37); - RUN_TEST(test_CorrectUnauthenticatedPacket, 38); - RUN_TEST(test_CorrectAuthenticatedPacketMD5, 39); - RUN_TEST(test_CorrectAuthenticatedPacketSHA1, 40); - RUN_TEST(test_CorrectAuthenticatedPacketCMAC, 41); + RUN_TEST(test_TooShortLength, 20); + RUN_TEST(test_LengthNotMultipleOfFour, 21); + RUN_TEST(test_TooShortExtensionFieldLength, 22); + RUN_TEST(test_UnauthenticatedPacketReject, 23); + RUN_TEST(test_CryptoNAKPacketReject, 24); + RUN_TEST(test_AuthenticatedPacketInvalid, 25); + RUN_TEST(test_AuthenticatedPacketUnknownKey, 26); + RUN_TEST(test_ServerVersionTooOld, 27); + RUN_TEST(test_ServerVersionTooNew, 28); + RUN_TEST(test_NonWantedMode, 29); + RUN_TEST(test_KoDRate, 30); + RUN_TEST(test_KoDDeny, 31); + RUN_TEST(test_RejectUnsyncedServer, 32); + RUN_TEST(test_RejectWrongResponseServerMode, 33); + RUN_TEST(test_AcceptNoSentPacketBroadcastMode, 34); + RUN_TEST(test_CorrectUnauthenticatedPacket, 35); + RUN_TEST(test_CorrectAuthenticatedPacketMD5, 36); + RUN_TEST(test_CorrectAuthenticatedPacketSHAKE128, 37); + RUN_TEST(test_CorrectAuthenticatedPacketSHA1, 38); + RUN_TEST(test_CorrectAuthenticatedPacketCMAC, 39); return (UnityEnd()); } diff --git a/sntp/unity/Makefile.in b/sntp/unity/Makefile.in index 927f648ffea8..424d7ca4497f 100644 --- a/sntp/unity/Makefile.in +++ b/sntp/unity/Makefile.in @@ -98,6 +98,7 @@ am__aclocal_m4_deps = $(top_srcdir)/libopts/m4/libopts.m4 \ $(top_srcdir)/m4/ntp_cacheversion.m4 \ $(top_srcdir)/m4/ntp_compiler.m4 \ $(top_srcdir)/m4/ntp_crosscompile.m4 \ + $(top_srcdir)/m4/ntp_crypto_rand.m4 \ $(top_srcdir)/m4/ntp_debug.m4 $(top_srcdir)/m4/ntp_dir_sep.m4 \ $(top_srcdir)/m4/ntp_facilitynames.m4 \ $(top_srcdir)/m4/ntp_harden.m4 $(top_srcdir)/m4/ntp_ipv6.m4 \ @@ -354,6 +355,7 @@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ diff --git a/sntp/unity/unity_internals.h b/sntp/unity/unity_internals.h index a04f52b478bb..3d22e7aa20e8 100644 --- a/sntp/unity/unity_internals.h +++ b/sntp/unity/unity_internals.h @@ -519,6 +519,9 @@ void UnityAssertDoubleSpecial(const _UD actual, const UNITY_FLOAT_TRAIT_T style); #endif +void UnityExpectFailMessage(const char* msg, + const UNITY_LINE_TYPE line); + //------------------------------------------------------- // Error Strings We Might Need //------------------------------------------------------- @@ -708,8 +711,7 @@ extern const char UnityStrErr64[]; //End of UNITY_INTERNALS_H #endif -//#define TEST_EXPECT_FAIL() Unity.isExpectingFail = 1; -//#define TEST_EXPECT_FAIL_MESSAGE(message) Unity.isExpectingFail = 1; Unity.XFAILMessage = message; //PROBLEM : does this work on all compilers? +// Not part of standard distribution -#define TEST_EXPECT_FAIL() UnityExpectFail(); -#define TEST_EXPECT_FAIL_MESSAGE(message) UnityExpectFailMessage( (message) ); +#define TEST_EXPECT_FAIL() UnityExpectFail(); +#define TEST_EXPECT_FAIL_MESSAGE(message) UnityExpectFailMessage((message), __LINE__); diff --git a/sntp/utilities.h b/sntp/utilities.h index a022c7d49769..4503877bc256 100644 --- a/sntp/utilities.h +++ b/sntp/utilities.h @@ -7,7 +7,6 @@ #include "ntp.h" #include "ntp_stdlib.h" -#include "lib_strbuf.h" #define HLINE "--------------------------------------------------------------------------------\n" #define PHLINE fprintf(output, HLINE); diff --git a/tests/Makefile.in b/tests/Makefile.in index 8fc216f44bf0..bf690ee25716 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -383,6 +383,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ diff --git a/tests/bug-2803/Makefile.in b/tests/bug-2803/Makefile.in index ea7a60b41017..61d426a60594 100644 --- a/tests/bug-2803/Makefile.in +++ b/tests/bug-2803/Makefile.in @@ -89,6 +89,7 @@ build_triplet = @build@ host_triplet = @host@ check_PROGRAMS = bug-2803$(EXEEXT) @NTP_CROSSCOMPILE_FALSE@am__append_1 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_2 = check-libntp subdir = tests/bug-2803 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -592,6 +593,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -691,8 +693,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = -BUILT_SOURCES = check-libntp check-libunity .deps-ver -CLEANFILES = check-libntp .deps-ver +BUILT_SOURCES = $(am__append_2) check-libunity .deps-ver +CLEANFILES = check-libunity .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver std_unity_list = \ $(abs_top_srcdir)/sntp/unity/auto/generate_test_runner.rb \ @@ -1219,14 +1221,13 @@ uninstall-am: $(srcdir)/run-bug-2803.c: $(srcdir)/bug-2803.c $(std_unity_list) $(run_unity) $< $@ -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/tests/bug-2803/bug-2803.c b/tests/bug-2803/bug-2803.c index df9dcdec7774..ba761c43035b 100644 --- a/tests/bug-2803/bug-2803.c +++ b/tests/bug-2803/bug-2803.c @@ -7,7 +7,6 @@ #include <timevalops.h> #include "unity.h" -//#include "bug-2803.h" /* microseconds per second */ #define MICROSECONDS 1000000 @@ -53,10 +52,10 @@ static int do_test( struct timeval timetv, struct timeval tvlast ) if ( failed || verbose ) printf( "timetv %lli|%07li, tvlast %lli|%07li: tvdiff_old: %lli|%07li -> %i, tvdiff_new: %lli|%07li -> %i, same cond: %s\n", - (long long) timetv.tv_sec, timetv.tv_usec, - (long long) tvlast.tv_sec, tvlast.tv_usec, - (long long) tvdiff_old.tv_sec, tvdiff_old.tv_usec, cond_old, - (long long) tvdiff_new.tv_sec, tvdiff_new.tv_usec, cond_new, + (long long) timetv.tv_sec, (u_long)timetv.tv_usec, + (long long) tvlast.tv_sec, (u_long)tvlast.tv_usec, + (long long) tvdiff_old.tv_sec, (u_long)tvdiff_old.tv_usec, cond_old, + (long long) tvdiff_new.tv_sec, (u_long)tvdiff_new.tv_usec, cond_new, failed ? "NO <<" : "yes" ); return failed ? -1 : 0; diff --git a/tests/bug-2803/run-bug-2803.c b/tests/bug-2803/run-bug-2803.c index 0cc2e5f68429..41c976a5d256 100644 --- a/tests/bug-2803/run-bug-2803.c +++ b/tests/bug-2803/run-bug-2803.c @@ -60,7 +60,7 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("bug-2803.c"); - RUN_TEST(test_main, 18); + RUN_TEST(test_main, 17); return (UnityEnd()); } diff --git a/tests/libntp/Makefile.am b/tests/libntp/Makefile.am index def10b301c73..e813a424119f 100644 --- a/tests/libntp/Makefile.am +++ b/tests/libntp/Makefile.am @@ -45,7 +45,6 @@ check_PROGRAMS = \ test-msyslog \ test-netof \ test-numtoa \ - test-numtohost \ test-octtoint \ test-prettydate \ test-realpath \ @@ -112,7 +111,6 @@ BUILT_SOURCES += \ $(srcdir)/run-msyslog.c \ $(srcdir)/run-netof.c \ $(srcdir)/run-numtoa.c \ - $(srcdir)/run-numtohost.c \ $(srcdir)/run-octtoint.c \ $(srcdir)/run-prettydate.c \ $(srcdir)/run-realpath.c \ @@ -382,16 +380,6 @@ $(srcdir)/run-numtoa.c: $(srcdir)/numtoa.c $(std_unity_list) ### -test_numtohost_SOURCES = \ - numtohost.c \ - run-numtohost.c \ - $(NULL) - -$(srcdir)/run-numtohost.c: $(srcdir)/numtohost.c $(std_unity_list) - $(run_unity) $< $@ - -### - test_octtoint_SOURCES = \ octtoint.c \ run-octtoint.c \ diff --git a/tests/libntp/Makefile.in b/tests/libntp/Makefile.in index c982df256def..7dca29d591e5 100644 --- a/tests/libntp/Makefile.in +++ b/tests/libntp/Makefile.in @@ -98,18 +98,18 @@ check_PROGRAMS = test-a_md5encrypt$(EXEEXT) test-atoint$(EXEEXT) \ test-humandate$(EXEEXT) test-lfpfunc$(EXEEXT) \ test-lfptostr$(EXEEXT) test-modetoa$(EXEEXT) \ test-msyslog$(EXEEXT) test-netof$(EXEEXT) test-numtoa$(EXEEXT) \ - test-numtohost$(EXEEXT) test-octtoint$(EXEEXT) \ - test-prettydate$(EXEEXT) test-realpath$(EXEEXT) \ - test-recvbuff$(EXEEXT) test-refidsmear$(EXEEXT) \ - test-refnumtoa$(EXEEXT) test-sbprintf$(EXEEXT) \ - test-sfptostr$(EXEEXT) test-socktoa$(EXEEXT) \ - test-ssl_init$(EXEEXT) test-statestr$(EXEEXT) \ - test-strtolfp$(EXEEXT) test-timespecops$(EXEEXT) \ - test-timevalops$(EXEEXT) test-tsafememcmp$(EXEEXT) \ - test-tstotv$(EXEEXT) test-tvtots$(EXEEXT) \ - test-uglydate$(EXEEXT) test-vi64ops$(EXEEXT) \ - test-ymd2yd$(EXEEXT) $(am__EXEEXT_1) + test-octtoint$(EXEEXT) test-prettydate$(EXEEXT) \ + test-realpath$(EXEEXT) test-recvbuff$(EXEEXT) \ + test-refidsmear$(EXEEXT) test-refnumtoa$(EXEEXT) \ + test-sbprintf$(EXEEXT) test-sfptostr$(EXEEXT) \ + test-socktoa$(EXEEXT) test-ssl_init$(EXEEXT) \ + test-statestr$(EXEEXT) test-strtolfp$(EXEEXT) \ + test-timespecops$(EXEEXT) test-timevalops$(EXEEXT) \ + test-tsafememcmp$(EXEEXT) test-tstotv$(EXEEXT) \ + test-tvtots$(EXEEXT) test-uglydate$(EXEEXT) \ + test-vi64ops$(EXEEXT) test-ymd2yd$(EXEEXT) $(am__EXEEXT_1) @NTP_CROSSCOMPILE_FALSE@am__append_1 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_2 = check-libntp subdir = tests/libntp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -355,14 +355,6 @@ test_numtoa_DEPENDENCIES = $(top_builddir)/sntp/unity/libunity.a \ $(top_builddir)/libntp/libntp.a $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) -am_test_numtohost_OBJECTS = numtohost.$(OBJEXT) \ - run-numtohost.$(OBJEXT) $(am__objects_1) -test_numtohost_OBJECTS = $(am_test_numtohost_OBJECTS) -test_numtohost_LDADD = $(LDADD) -test_numtohost_DEPENDENCIES = $(top_builddir)/sntp/unity/libunity.a \ - $(top_builddir)/libntp/libntp.a $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_test_octtoint_OBJECTS = octtoint.$(OBJEXT) run-octtoint.$(OBJEXT) \ $(am__objects_1) test_octtoint_OBJECTS = $(am_test_octtoint_OBJECTS) @@ -552,19 +544,18 @@ am__depfiles_remade = ./$(DEPDIR)/a_md5encrypt.Po \ ./$(DEPDIR)/lfptest.Po ./$(DEPDIR)/lfptostr.Po \ ./$(DEPDIR)/modetoa.Po ./$(DEPDIR)/msyslog.Po \ ./$(DEPDIR)/netof.Po ./$(DEPDIR)/numtoa.Po \ - ./$(DEPDIR)/numtohost.Po ./$(DEPDIR)/octtoint.Po \ - ./$(DEPDIR)/prettydate.Po ./$(DEPDIR)/realpath.Po \ - ./$(DEPDIR)/recvbuff.Po ./$(DEPDIR)/refidsmear.Po \ - ./$(DEPDIR)/refnumtoa.Po ./$(DEPDIR)/run-a_md5encrypt.Po \ - ./$(DEPDIR)/run-atoint.Po ./$(DEPDIR)/run-atouint.Po \ - ./$(DEPDIR)/run-authkeys.Po ./$(DEPDIR)/run-buftvtots.Po \ - ./$(DEPDIR)/run-calendar.Po ./$(DEPDIR)/run-calyearstart.Po \ - ./$(DEPDIR)/run-clocktime.Po ./$(DEPDIR)/run-digests.Po \ - ./$(DEPDIR)/run-hextoint.Po ./$(DEPDIR)/run-hextolfp.Po \ - ./$(DEPDIR)/run-humandate.Po ./$(DEPDIR)/run-lfpfunc.Po \ - ./$(DEPDIR)/run-lfptostr.Po ./$(DEPDIR)/run-modetoa.Po \ - ./$(DEPDIR)/run-msyslog.Po ./$(DEPDIR)/run-netof.Po \ - ./$(DEPDIR)/run-numtoa.Po ./$(DEPDIR)/run-numtohost.Po \ + ./$(DEPDIR)/octtoint.Po ./$(DEPDIR)/prettydate.Po \ + ./$(DEPDIR)/realpath.Po ./$(DEPDIR)/recvbuff.Po \ + ./$(DEPDIR)/refidsmear.Po ./$(DEPDIR)/refnumtoa.Po \ + ./$(DEPDIR)/run-a_md5encrypt.Po ./$(DEPDIR)/run-atoint.Po \ + ./$(DEPDIR)/run-atouint.Po ./$(DEPDIR)/run-authkeys.Po \ + ./$(DEPDIR)/run-buftvtots.Po ./$(DEPDIR)/run-calendar.Po \ + ./$(DEPDIR)/run-calyearstart.Po ./$(DEPDIR)/run-clocktime.Po \ + ./$(DEPDIR)/run-digests.Po ./$(DEPDIR)/run-hextoint.Po \ + ./$(DEPDIR)/run-hextolfp.Po ./$(DEPDIR)/run-humandate.Po \ + ./$(DEPDIR)/run-lfpfunc.Po ./$(DEPDIR)/run-lfptostr.Po \ + ./$(DEPDIR)/run-modetoa.Po ./$(DEPDIR)/run-msyslog.Po \ + ./$(DEPDIR)/run-netof.Po ./$(DEPDIR)/run-numtoa.Po \ ./$(DEPDIR)/run-octtoint.Po ./$(DEPDIR)/run-prettydate.Po \ ./$(DEPDIR)/run-realpath.Po ./$(DEPDIR)/run-recvbuff.Po \ ./$(DEPDIR)/run-refidsmear.Po ./$(DEPDIR)/run-refnumtoa.Po \ @@ -624,28 +615,6 @@ SOURCES = $(test_a_md5encrypt_SOURCES) $(test_atoint_SOURCES) \ $(test_lfpfunc_SOURCES) $(test_lfptostr_SOURCES) \ $(test_modetoa_SOURCES) $(test_msyslog_SOURCES) \ $(test_netof_SOURCES) $(test_numtoa_SOURCES) \ - $(test_numtohost_SOURCES) $(test_octtoint_SOURCES) \ - $(test_prettydate_SOURCES) $(test_realpath_SOURCES) \ - $(test_recvbuff_SOURCES) $(test_refidsmear_SOURCES) \ - $(test_refnumtoa_SOURCES) $(test_sbprintf_SOURCES) \ - $(test_sfptostr_SOURCES) $(test_socktoa_SOURCES) \ - $(test_ssl_init_SOURCES) $(test_statestr_SOURCES) \ - $(test_strtolfp_SOURCES) $(test_timespecops_SOURCES) \ - $(test_timevalops_SOURCES) $(test_tsafememcmp_SOURCES) \ - $(test_tstotv_SOURCES) $(test_tvtots_SOURCES) \ - $(test_uglydate_SOURCES) $(test_vi64ops_SOURCES) \ - $(test_ymd2yd_SOURCES) -DIST_SOURCES = $(test_a_md5encrypt_SOURCES) $(test_atoint_SOURCES) \ - $(test_atouint_SOURCES) $(test_authkeys_SOURCES) \ - $(test_buftvtots_SOURCES) $(test_calendar_SOURCES) \ - $(test_caljulian_SOURCES) $(test_caltontp_SOURCES) \ - $(test_calyearstart_SOURCES) $(test_clocktime_SOURCES) \ - $(test_decodenetnum_SOURCES) $(test_digests_SOURCES) \ - $(test_hextoint_SOURCES) $(test_hextolfp_SOURCES) \ - $(test_humandate_SOURCES) $(test_lfpfunc_SOURCES) \ - $(test_lfptostr_SOURCES) $(test_modetoa_SOURCES) \ - $(test_msyslog_SOURCES) $(test_netof_SOURCES) \ - $(test_numtoa_SOURCES) $(test_numtohost_SOURCES) \ $(test_octtoint_SOURCES) $(test_prettydate_SOURCES) \ $(test_realpath_SOURCES) $(test_recvbuff_SOURCES) \ $(test_refidsmear_SOURCES) $(test_refnumtoa_SOURCES) \ @@ -656,6 +625,27 @@ DIST_SOURCES = $(test_a_md5encrypt_SOURCES) $(test_atoint_SOURCES) \ $(test_tsafememcmp_SOURCES) $(test_tstotv_SOURCES) \ $(test_tvtots_SOURCES) $(test_uglydate_SOURCES) \ $(test_vi64ops_SOURCES) $(test_ymd2yd_SOURCES) +DIST_SOURCES = $(test_a_md5encrypt_SOURCES) $(test_atoint_SOURCES) \ + $(test_atouint_SOURCES) $(test_authkeys_SOURCES) \ + $(test_buftvtots_SOURCES) $(test_calendar_SOURCES) \ + $(test_caljulian_SOURCES) $(test_caltontp_SOURCES) \ + $(test_calyearstart_SOURCES) $(test_clocktime_SOURCES) \ + $(test_decodenetnum_SOURCES) $(test_digests_SOURCES) \ + $(test_hextoint_SOURCES) $(test_hextolfp_SOURCES) \ + $(test_humandate_SOURCES) $(test_lfpfunc_SOURCES) \ + $(test_lfptostr_SOURCES) $(test_modetoa_SOURCES) \ + $(test_msyslog_SOURCES) $(test_netof_SOURCES) \ + $(test_numtoa_SOURCES) $(test_octtoint_SOURCES) \ + $(test_prettydate_SOURCES) $(test_realpath_SOURCES) \ + $(test_recvbuff_SOURCES) $(test_refidsmear_SOURCES) \ + $(test_refnumtoa_SOURCES) $(test_sbprintf_SOURCES) \ + $(test_sfptostr_SOURCES) $(test_socktoa_SOURCES) \ + $(test_ssl_init_SOURCES) $(test_statestr_SOURCES) \ + $(test_strtolfp_SOURCES) $(test_timespecops_SOURCES) \ + $(test_timevalops_SOURCES) $(test_tsafememcmp_SOURCES) \ + $(test_tstotv_SOURCES) $(test_tvtots_SOURCES) \ + $(test_uglydate_SOURCES) $(test_vi64ops_SOURCES) \ + $(test_ymd2yd_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -1059,6 +1049,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -1168,19 +1159,19 @@ BUILT_SOURCES = $(srcdir)/run-a_md5encrypt.c $(srcdir)/run-atoint.c \ $(srcdir)/run-humandate.c $(srcdir)/run-lfpfunc.c \ $(srcdir)/run-lfptostr.c $(srcdir)/run-modetoa.c \ $(srcdir)/run-msyslog.c $(srcdir)/run-netof.c \ - $(srcdir)/run-numtoa.c $(srcdir)/run-numtohost.c \ - $(srcdir)/run-octtoint.c $(srcdir)/run-prettydate.c \ - $(srcdir)/run-realpath.c $(srcdir)/run-recvbuff.c \ - $(srcdir)/run-refidsmear.c $(srcdir)/run-refnumtoa.c \ - $(srcdir)/run-sbprintf.c $(srcdir)/run-sfptostr.c \ - $(srcdir)/run-socktoa.c $(srcdir)/run-ssl_init.c \ - $(srcdir)/run-statestr.c $(srcdir)/run-strtolfp.c \ - $(srcdir)/run-timevalops.c $(srcdir)/run-timespecops.c \ - $(srcdir)/run-tsafememcmp.c $(srcdir)/run-tstotv.c \ - $(srcdir)/run-tvtots.c $(srcdir)/run-uglydate.c \ - $(srcdir)/run-vi64ops.c $(srcdir)/run-ymd2yd.c $(NULL) \ - check-libntp check-libunity .deps-ver -CLEANFILES = srcdir.c check-libntp .deps-ver + $(srcdir)/run-numtoa.c $(srcdir)/run-octtoint.c \ + $(srcdir)/run-prettydate.c $(srcdir)/run-realpath.c \ + $(srcdir)/run-recvbuff.c $(srcdir)/run-refidsmear.c \ + $(srcdir)/run-refnumtoa.c $(srcdir)/run-sbprintf.c \ + $(srcdir)/run-sfptostr.c $(srcdir)/run-socktoa.c \ + $(srcdir)/run-ssl_init.c $(srcdir)/run-statestr.c \ + $(srcdir)/run-strtolfp.c $(srcdir)/run-timevalops.c \ + $(srcdir)/run-timespecops.c $(srcdir)/run-tsafememcmp.c \ + $(srcdir)/run-tstotv.c $(srcdir)/run-tvtots.c \ + $(srcdir)/run-uglydate.c $(srcdir)/run-vi64ops.c \ + $(srcdir)/run-ymd2yd.c $(NULL) $(am__append_2) check-libunity \ + .deps-ver +CLEANFILES = srcdir.c check-libunity .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver std_unity_list = \ $(abs_top_srcdir)/sntp/unity/auto/generate_test_runner.rb \ @@ -1394,13 +1385,6 @@ test_numtoa_SOURCES = \ ### -test_numtohost_SOURCES = \ - numtohost.c \ - run-numtohost.c \ - $(NULL) - - -### test_octtoint_SOURCES = \ octtoint.c \ run-octtoint.c \ @@ -1683,10 +1667,6 @@ test-numtoa$(EXEEXT): $(test_numtoa_OBJECTS) $(test_numtoa_DEPENDENCIES) $(EXTRA @rm -f test-numtoa$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_numtoa_OBJECTS) $(test_numtoa_LDADD) $(LIBS) -test-numtohost$(EXEEXT): $(test_numtohost_OBJECTS) $(test_numtohost_DEPENDENCIES) $(EXTRA_test_numtohost_DEPENDENCIES) - @rm -f test-numtohost$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(test_numtohost_OBJECTS) $(test_numtohost_LDADD) $(LIBS) - test-octtoint$(EXEEXT): $(test_octtoint_OBJECTS) $(test_octtoint_DEPENDENCIES) $(EXTRA_test_octtoint_DEPENDENCIES) @rm -f test-octtoint$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_octtoint_OBJECTS) $(test_octtoint_LDADD) $(LIBS) @@ -1792,7 +1772,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/msyslog.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netof.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numtoa.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numtohost.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/octtoint.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prettydate.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realpath.Po@am__quote@ # am--include-marker @@ -1817,7 +1796,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-msyslog.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-netof.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-numtoa.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-numtohost.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-octtoint.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-prettydate.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/run-realpath.Po@am__quote@ # am--include-marker @@ -2395,13 +2373,6 @@ test-numtoa.log: test-numtoa$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) -test-numtohost.log: test-numtohost$(EXEEXT) - @p='test-numtohost$(EXEEXT)'; \ - b='test-numtohost'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) test-octtoint.log: test-octtoint$(EXEEXT) @p='test-octtoint$(EXEEXT)'; \ b='test-octtoint'; \ @@ -2659,7 +2630,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/msyslog.Po -rm -f ./$(DEPDIR)/netof.Po -rm -f ./$(DEPDIR)/numtoa.Po - -rm -f ./$(DEPDIR)/numtohost.Po -rm -f ./$(DEPDIR)/octtoint.Po -rm -f ./$(DEPDIR)/prettydate.Po -rm -f ./$(DEPDIR)/realpath.Po @@ -2684,7 +2654,6 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/run-msyslog.Po -rm -f ./$(DEPDIR)/run-netof.Po -rm -f ./$(DEPDIR)/run-numtoa.Po - -rm -f ./$(DEPDIR)/run-numtohost.Po -rm -f ./$(DEPDIR)/run-octtoint.Po -rm -f ./$(DEPDIR)/run-prettydate.Po -rm -f ./$(DEPDIR)/run-realpath.Po @@ -2795,7 +2764,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/msyslog.Po -rm -f ./$(DEPDIR)/netof.Po -rm -f ./$(DEPDIR)/numtoa.Po - -rm -f ./$(DEPDIR)/numtohost.Po -rm -f ./$(DEPDIR)/octtoint.Po -rm -f ./$(DEPDIR)/prettydate.Po -rm -f ./$(DEPDIR)/realpath.Po @@ -2820,7 +2788,6 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/run-msyslog.Po -rm -f ./$(DEPDIR)/run-netof.Po -rm -f ./$(DEPDIR)/run-numtoa.Po - -rm -f ./$(DEPDIR)/run-numtohost.Po -rm -f ./$(DEPDIR)/run-octtoint.Po -rm -f ./$(DEPDIR)/run-prettydate.Po -rm -f ./$(DEPDIR)/run-realpath.Po @@ -2971,9 +2938,6 @@ $(srcdir)/run-netof.c: $(srcdir)/netof.c $(std_unity_list) $(srcdir)/run-numtoa.c: $(srcdir)/numtoa.c $(std_unity_list) $(run_unity) $< $@ -$(srcdir)/run-numtohost.c: $(srcdir)/numtohost.c $(std_unity_list) - $(run_unity) $< $@ - $(srcdir)/run-octtoint.c: $(srcdir)/octtoint.c $(std_unity_list) $(run_unity) $< $@ @@ -3034,14 +2998,13 @@ $(srcdir)/run-vi64ops.c: $(srcdir)/vi64ops.c $(std_unity_list) $(srcdir)/run-ymd2yd.c: $(srcdir)/ymd2yd.c $(std_unity_list) $(run_unity) $< $@ -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/tests/libntp/a_md5encrypt.c b/tests/libntp/a_md5encrypt.c index 212ec8313973..dc722e0643c7 100644 --- a/tests/libntp/a_md5encrypt.c +++ b/tests/libntp/a_md5encrypt.c @@ -9,34 +9,56 @@ #include "ntp.h" #include "ntp_stdlib.h" -u_long current_time = 4; - /* - * Example packet with MD5 hash calculated manually. + * Example packet with SHA1 hash calculated manually: + * echo -n abcdefghijklmnopqrstuvwx | openssl sha1 - */ -const int keytype = KEY_TYPE_MD5; -const u_char *key = (const u_char*)"abcdefgh"; -const u_short keyLength = 8; -const u_char *packet = (const u_char*)"ijklmnopqrstuvwx"; -#define packetLength 16 -#define keyIdLength 4 -#define digestLength 16 -#define totalLength (packetLength + keyIdLength + digestLength) +#ifdef OPENSSL +const keyid_t keyId = 42; +const int keytype = NID_sha1; +const u_char key[] = "abcdefgh"; +const size_t keyLength = sizeof(key) - 1; +const u_char payload[] = "ijklmnopqrstuvwx"; +#define payloadLength (sizeof(payload) - 1) +#define keyIdLength (sizeof(keyid_t)) +#define digestLength SHA1_LENGTH +#define packetLength (payloadLength + keyIdLength + digestLength) union { - u_char u8 [totalLength]; + u_char u8 [packetLength]; uint32_t u32[1]; -} expectedPacket = { - "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x53" +} expectedPacket = +{ + { + 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', + 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', + 0x00, 0x00, 0x00, 0x00, + 0xd7, 0x17, 0xe2, 0x2e, + 0x16, 0x59, 0x30, 0x5f, + 0xad, 0x6e, 0xf0, 0x88, + 0x64, 0x92, 0x3d, 0xb6, + 0x4a, 0xba, 0x9c, 0x08 + } }; union { - u_char u8 [totalLength]; + u_char u8 [packetLength]; uint32_t u32[1]; -} invalidPacket = { - "ijklmnopqrstuvwx\0\0\0\0\x0c\x0e\x84\xcf\x0b\xb7\xa8\x68\x8e\x52\x38\xdb\xbc\x1c\x39\x54" -}; +} invalidPacket = +{ + { + 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', + 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', + 0x00, 0x00, 0x00, 0x00, + 0xd7, 0x17, 0xe2, 0x2e, + 0x16, 0x59, 0x30, 0x5f, + 0xad, 0x6e, 0xf0, 0x88, + 0x64, 0x92, 0x3d, 0xb6, + 0x4a, 0xba, 0x9c, 0xff + } +}; /* same as expectedPacket but with last octet modified */ +#endif /* OPENSSL */ -static const keyid_t keyId = 42; +u_long current_time = 4; void test_Encrypt(void); void test_DecryptValid(void); @@ -46,45 +68,66 @@ void test_IPv6AddressToRefId(void); void -test_Encrypt(void) { +test_Encrypt(void) +{ +#ifndef OPENSSL + TEST_IGNORE_MESSAGE("non-SSL build"); +#else u_int32 *packetPtr; - int length; + size_t length; - packetPtr = emalloc_zero(totalLength * sizeof(*packetPtr)); - memcpy(packetPtr, packet, packetLength); + packetPtr = emalloc_zero(packetLength); + memcpy(packetPtr, payload, payloadLength); - length = MD5authencrypt(keytype, key, keyLength, packetPtr, packetLength); + length = MD5authencrypt(keytype, key, keyLength, + packetPtr, payloadLength); - TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr, packetLength, length, keyId)); + TEST_ASSERT_EQUAL(MAX_SHA1_LEN, length); - TEST_ASSERT_EQUAL(20, length); - TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, totalLength); + TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, packetPtr, + payloadLength, MAX_SHA1_LEN, keyId)); + TEST_ASSERT_EQUAL_MEMORY(expectedPacket.u8, packetPtr, packetLength); free(packetPtr); +#endif /* OPENSSL */ } void -test_DecryptValid(void) { - TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, expectedPacket.u32, packetLength, 20, keyId)); +test_DecryptValid(void) +{ +#ifndef OPENSSL + TEST_IGNORE_MESSAGE("non-SSL build"); +#else + TEST_ASSERT_TRUE(MD5authdecrypt(keytype, key, keyLength, + expectedPacket.u32, payloadLength, + MAX_SHA1_LEN, keyId)); +#endif /* OPENSSL */ } void -test_DecryptInvalid(void) { - TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength, invalidPacket.u32, packetLength, 20, keyId)); +test_DecryptInvalid(void) +{ +#ifndef OPENSSL + TEST_IGNORE_MESSAGE("non-SSL build"); +#else + TEST_ASSERT_FALSE(MD5authdecrypt(keytype, key, keyLength, + invalidPacket.u32, payloadLength, + MAX_SHA1_LEN, keyId)); +#endif /* OPENSSL */ } void -test_IPv4AddressToRefId(void) { - sockaddr_u addr; - addr.sa4.sin_family = AF_INET; - u_int32 address; +test_IPv4AddressToRefId(void) +{ + sockaddr_u addr; + u_int32 addr4n; - addr.sa4.sin_port = htons(80); + AF(&addr) = AF_INET; + SET_PORT(&addr, htons(80)); + addr4n = inet_addr("192.0.2.1"); + NSRCADR(&addr) = addr4n; - address = inet_addr("192.0.2.1"); - addr.sa4.sin_addr.s_addr = address; - - TEST_ASSERT_EQUAL(address, addr2refid(&addr)); + TEST_ASSERT_EQUAL_UINT32(addr4n, addr2refid(&addr)); } void @@ -98,15 +141,8 @@ test_IPv6AddressToRefId(void) { } } }; sockaddr_u addr; - addr.sa6.sin6_family = AF_INET6; - - addr.sa6.sin6_addr = address; + AF(&addr) = AF_INET6; + SOCK_ADDR6(&addr) = address; - -#if 0 TEST_ASSERT_EQUAL(expected, addr2refid(&addr)); -#else - (void)expected; - TEST_IGNORE_MESSAGE("Skipping because of big endian problem?"); -#endif } diff --git a/tests/libntp/calendar.c b/tests/libntp/calendar.c index ea24b3ddd214..f7d4bee7d6ee 100644 --- a/tests/libntp/calendar.c +++ b/tests/libntp/calendar.c @@ -1015,7 +1015,7 @@ test_CalIMod7(void) */ void -test_RellezCentury1_1() +test_RellezCentury1_1(void) { /* 1st day of a century */ TEST_ASSERT_EQUAL(1901, ntpcal_expand_century( 1, 1, 1, CAL_TUESDAY )); @@ -1029,7 +1029,7 @@ test_RellezCentury1_1() } void -test_RellezCentury3_1() +test_RellezCentury3_1(void) { /* 1st day in March of a century (the tricky point) */ TEST_ASSERT_EQUAL(1901, ntpcal_expand_century( 1, 3, 1, CAL_FRIDAY )); @@ -1043,7 +1043,7 @@ test_RellezCentury3_1() } void -test_RellezYearZero() +test_RellezYearZero(void) { /* the infamous year zero */ TEST_ASSERT_EQUAL(1900, ntpcal_expand_century( 0, 1, 1, CAL_MONDAY )); diff --git a/tests/libntp/caljulian.c b/tests/libntp/caljulian.c index 409a4ad14f4d..8c22ef63771a 100644 --- a/tests/libntp/caljulian.c +++ b/tests/libntp/caljulian.c @@ -2,7 +2,6 @@ #include "ntp_calendar.h" #include "ntp_stdlib.h" -#include "lib_strbuf.h" #include "unity.h" #include "test-libntp.h" diff --git a/tests/libntp/clocktime.c b/tests/libntp/clocktime.c index ed2d4b2b187d..50934273f662 100644 --- a/tests/libntp/clocktime.c +++ b/tests/libntp/clocktime.c @@ -28,7 +28,7 @@ void test_AlwaysInLimit(void); */ void -setUp() +setUp(void) { ntpcal_set_timefunc(timefunc); settime(2000, 1, 1, 0, 0, 0); @@ -37,7 +37,7 @@ setUp() } void -tearDown() +tearDown(void) { ntpcal_set_timefunc(NULL); diff --git a/tests/libntp/data/ntp.keys b/tests/libntp/data/ntp.keys index 6c8c743fd7d2..ef634dd00ebd 100644 --- a/tests/libntp/data/ntp.keys +++ b/tests/libntp/data/ntp.keys @@ -1,15 +1,16 @@ -# This unit test ntp.keys file has hard-coded the current set -# of OpenSSL-supported digest algorithms. It needs to be updated -# after newer algorithms are available. The current list can be +# This unit test ntp.keys file has hard-coded the union of sets +# of OpenSSL-supported digest algorithms we've come across. It +# needs to be updated as algorithms are observed. A list can be # obtained with: # # ntpq -c "help keytype" # -# tests/libntp/digest.c similarly hardcodes the list of digests -# to test. +# tests/libntp/digests.c similarly hardcodes the list of digests +# to test. This file must be kept in sync with it. # # Each digest is tested twice with keyids separated by 50 for # plaintext and hex-encoded keys. +# 1 AES128CMAC X~A=%NWlo]p$dGq,S3M9 2 MD4 oV'8?f+J5`_EOvW!B,R` @@ -18,9 +19,9 @@ 5 RIPEMD160 I89p}f6QopwC\LwHBm;e 6 SHA1 A;H=E;.m4N%t%EeJ90[d 7 SHAKE128 |HxLoa,mzG<"y>^TI_(1 - 8 MD5 306+^SHLV5{"v7W`U3aY # unused so far - 9 MD5 lGyKZgsI_Pi"y"8JAT98 # unused -10 MD5 2:VO]Q5u%/b&}.<P?T~9 # unused + 8 DSA 306+^SHLV5{"v7W`U3aY + 9 DSA-SHA lGyKZgsI_Pi"y"8JAT98 +10 SHA 2:VO]Q5u%/b&}.<P?T~9 51 AES128CMAC d0cd9f3ee181769ca7cccaada09f093c5fe8e628 52 MD4 7080bc47eea6b379b2ff841805a144fb4a241a16 @@ -29,6 +30,6 @@ 55 RIPEMD160 6028ec169bfbe55ab61ffa7baa34b482020f0619 56 SHA1 17d96a86eb9b9075f33e1c0a08bb2bb61e916e33 57 SHAKE128 70da1a91030eb91836c1cf76cf67ddfd6b96fa91 -58 SHA1 7ce5deea7569d7423d5e1b497c8eb3bfeff852d5 # unused so far -59 SHA1 9fd568e8f371deae54a65bc50b52bbe1f6529589 # unused -60 SHA1 ce85046978a4df8366e102c4f1267399bbc25737 # unused +58 DSA 7ce5deea7569d7423d5e1b497c8eb3bfeff852d5 +59 DSA-SHA 9fd568e8f371deae54a65bc50b52bbe1f6529589 +60 SHA ce85046978a4df8366e102c4f1267399bbc25737 diff --git a/tests/libntp/digests.c b/tests/libntp/digests.c index 03e9ef1b838e..10b9d2c12ac0 100644 --- a/tests/libntp/digests.c +++ b/tests/libntp/digests.c @@ -110,7 +110,7 @@ do { \ authtrust((key), 1); \ \ res_sz = authencrypt((key), pkt, pkt_sz); \ - if (KEY_MAC_LEN == res_sz) { \ + if (0 == res_sz) { \ TEST_IGNORE_MESSAGE("Likely OpenSSL 3 failed digest " \ "init."); \ return; \ @@ -363,7 +363,7 @@ void test_Digest_SHAKE128(void) 0xaa, 0xa6, 0xcd, 0x76 }; u_char expectedB[MAX_MAC_LEN] = - { + { 0, 0, 0, KEYID_B, 0x07, 0x04, 0x63, 0xcc, 0x46, 0xaf, 0xca, 0x00, @@ -380,6 +380,123 @@ void test_Digest_SHAKE128(void) } +#define DSA_KEYID 8 +#undef KEYID_A +#define KEYID_A DSA_KEYID +#undef DG_SZ +#define DG_SZ 20 +#undef KEYID_B +#define KEYID_B (KEYID_A + HEX_KEYID_OFFSET) +void test_Digest_DSA(void); +void test_Digest_DSA(void) +{ +#ifdef OPENSSL + u_char expectedA[MAX_MAC_LEN] = + { + 0, 0, 0, KEYID_A, + 0xaf, 0xa0, 0x1d, 0x0c, + 0x92, 0xcb, 0xca, 0x95, + 0x0d, 0x57, 0x60, 0x49, + 0xe5, 0x28, 0x03, 0xf2, + 0x7b, 0x5b, 0xb1, 0x4a + }; + u_char expectedB[MAX_MAC_LEN] = + { + 0, 0, 0, KEYID_B, + 0x77, 0xcd, 0x88, 0xc2, + 0xed, 0x5d, 0x57, 0xc5, + 0x28, 0x92, 0xf0, 0x21, + 0x2b, 0xb9, 0x48, 0xac, + 0xfe, 0x9f, 0xf5, 0x1c + }; + + TEST_ASSERT(setup); + TEST_ONE_DIGEST(KEYID_A, DG_SZ, expectedA); + TEST_ONE_DIGEST(KEYID_B, DG_SZ, expectedB); +#else /* ! OPENSSL follows */ + TEST_IGNORE_MESSAGE("Skipping, no OPENSSL"); +#endif +} + + +#define DSA_SHA_KEYID 9 +#undef KEYID_A +#define KEYID_A DSA_SHA_KEYID +#undef DG_SZ +#define DG_SZ 20 +#undef KEYID_B +#define KEYID_B (KEYID_A + HEX_KEYID_OFFSET) +void test_Digest_DSA_SHA(void); +void test_Digest_DSA_SHA(void) +{ +#ifdef OPENSSL + u_char expectedA[MAX_MAC_LEN] = + { + 0, 0, 0, KEYID_A, + 0x7c, 0xb5, 0x79, 0xd0, + 0xf2, 0xcd, 0x47, 0xc0, + 0x21, 0xf3, 0xf5, 0x04, + 0x10, 0xc4, 0x59, 0x5c, + 0xd9, 0xa4, 0x4f, 0x3b + }; + u_char expectedB[MAX_MAC_LEN] = + { + 0, 0, 0, KEYID_B, + 0xb9, 0xca, 0xa6, 0x8e, + 0xd3, 0xcb, 0x94, 0x6a, + 0x6d, 0xae, 0xb4, 0xc8, + 0x0e, 0xc9, 0xf6, 0xed, + 0x58, 0x1a, 0xed, 0x22 + }; + + TEST_ASSERT(setup); + TEST_ONE_DIGEST(KEYID_A, DG_SZ, expectedA); + TEST_ONE_DIGEST(KEYID_B, DG_SZ, expectedB); +#else /* ! OPENSSL follows */ + TEST_IGNORE_MESSAGE("Skipping, no OPENSSL"); +#endif +} + + +#define SHA_KEYID 10 +#undef KEYID_A +#define KEYID_A SHA_KEYID +#undef DG_SZ +#define DG_SZ 20 +#undef KEYID_B +#define KEYID_B (KEYID_A + HEX_KEYID_OFFSET) +void test_Digest_SHA(void); +void test_Digest_SHA(void) +{ +#ifdef OPENSSL + u_char expectedA[MAX_MAC_LEN] = + { + 0, 0, 0, KEYID_A, + 0xd5, 0xbd, 0xb8, 0x55, + 0x9b, 0x9e, 0x5e, 0x8f, + 0x1a, 0x3d, 0x99, 0x60, + 0xbd, 0x70, 0x0c, 0x5c, + 0x68, 0xae, 0xb0, 0xbd + }; + u_char expectedB[MAX_MAC_LEN] = + { + 0, 0, 0, KEYID_B, + 0x63, 0x05, 0x41, 0x45, + 0xe9, 0x61, 0x84, 0xe7, + 0xc6, 0x94, 0x24, 0xa4, + 0x84, 0x76, 0xc7, 0xc9, + 0xdd, 0x80, 0x80, 0x89 + }; + + TEST_ASSERT(setup); + TEST_ONE_DIGEST(KEYID_A, DG_SZ, expectedA); + TEST_ONE_DIGEST(KEYID_B, DG_SZ, expectedB); +#else /* ! OPENSSL follows */ + TEST_IGNORE_MESSAGE("Skipping, no OPENSSL"); +#endif +} + + /* * Dump a MAC in a form easy to cut and paste into the expected declaration. */ @@ -395,8 +512,8 @@ void dump_mac( dc += snprintf(dump + dc, sizeof(dump) - dc, "digest with key %u { ", keyid); - for (idx = 0; idx < octets; idx++) { - if (10 == idx) { + for (idx = 4; idx < octets; idx++) { + if (14 == idx) { msyslog(LOG_DEBUG, "%s", dump); dc = 0; } diff --git a/tests/libntp/netof.c b/tests/libntp/netof.c index be197cf18b8a..c1970097636c 100644 --- a/tests/libntp/netof.c +++ b/tests/libntp/netof.c @@ -9,9 +9,7 @@ void setUp(void); -void test_ClassBAddress(void); void test_ClassCAddress(void); -void test_ClassAAddress(void); void test_IPv6Address(void); @@ -25,20 +23,6 @@ setUp(void) void -test_ClassBAddress(void) -{ - sockaddr_u input = CreateSockaddr4("172.16.2.1", NTP_PORT); - sockaddr_u expected = CreateSockaddr4("172.16.0.0", NTP_PORT); - - sockaddr_u* actual = netof(&input); - - TEST_ASSERT_TRUE(actual != NULL); - TEST_ASSERT_TRUE(IsEqual(expected, *actual)); - - return; -} - -void test_ClassCAddress(void) { sockaddr_u input = CreateSockaddr4("192.0.2.255", NTP_PORT); @@ -54,23 +38,6 @@ test_ClassCAddress(void) void -test_ClassAAddress(void) -{ - /* Class A addresses are assumed to be classless, - * thus the same address should be returned. - */ - sockaddr_u input = CreateSockaddr4("10.20.30.40", NTP_PORT); - sockaddr_u expected = CreateSockaddr4("10.20.30.40", NTP_PORT); - - sockaddr_u* actual = netof(&input); - - TEST_ASSERT_TRUE(actual != NULL); - TEST_ASSERT_TRUE(IsEqual(expected, *actual)); - - return; -} - -void test_IPv6Address(void) { /* IPv6 addresses are assumed to have 64-bit host- and 64-bit network parts. */ diff --git a/tests/libntp/numtohost.c b/tests/libntp/numtohost.c deleted file mode 100644 index 1c095eb55cdd..000000000000 --- a/tests/libntp/numtohost.c +++ /dev/null @@ -1,31 +0,0 @@ -#include "config.h" - -#include "ntp_stdlib.h" -#include "ntp_fp.h" - -#include "unity.h" - -void setUp(void); -void test_LoopbackNetNonResolve(void); - - -void -setUp(void) -{ - init_lib(); - - return; -} - - -void -test_LoopbackNetNonResolve(void) { - /* A loopback address in 127.0.0.0/8 is chosen, and - * numtohost() should not try to resolve it unless - * it is 127.0.0.1 - */ - - const u_int32 input = 127*256*256*256 + 1*256 + 1; // 127.0.1.1 - - TEST_ASSERT_EQUAL_STRING("127.0.1.1", numtohost(htonl(input))); -} diff --git a/tests/libntp/refnumtoa.c b/tests/libntp/refnumtoa.c index 9db5fb11d999..73b9026574d5 100644 --- a/tests/libntp/refnumtoa.c +++ b/tests/libntp/refnumtoa.c @@ -6,9 +6,6 @@ #include "unity.h" -/* Might need to be updated if a new refclock gets this id. */ -static const int UNUSED_REFCLOCK_ID = 250; - void setUp(void); void test_LocalClock(void); void test_UnknownId(void); @@ -27,22 +24,21 @@ void test_LocalClock(void) { #ifdef REFCLOCK /* clockname() is useless otherwise */ /* We test with a refclock address of type LOCALCLOCK. - * with id 8 + * with unit id 8 */ - u_int32 addr = REFCLOCK_ADDR; - addr |= REFCLK_LOCALCLOCK << 8; - addr |= 0x8; - + const u_char unit = 8; + u_int32 addr; + char expected[100]; sockaddr_u address; - address.sa4.sin_family = AF_INET; - address.sa4.sin_addr.s_addr = htonl(addr); - char stringStart[100]= ""; - - strcat(stringStart, clockname(REFCLK_LOCALCLOCK)); - strcat(stringStart, "(8)"); + addr = REFCLOCK_ADDR; + addr |= REFCLK_LOCALCLOCK << 8; + addr |= unit; - char * expected = stringStart; + AF(&address) = AF_INET; + NSRCADR(&address) = htonl(addr); + snprintf(expected, sizeof(expected), "%s(%u)", + clockname(REFCLK_LOCALCLOCK), unit); TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address)); #else @@ -54,20 +50,22 @@ void test_UnknownId(void) { #ifdef REFCLOCK /* refnumtoa() is useless otherwise */ /* We test with a currently unused refclock ID */ - u_int32 addr = REFCLOCK_ADDR; + /* Might need to be updated if a new refclock gets this id. */ + const u_char UNUSED_REFCLOCK_ID = 250; + const u_char unit = 4; + u_int32 addr; + char expected[100]; + sockaddr_u address; + + addr = REFCLOCK_ADDR; addr |= UNUSED_REFCLOCK_ID << 8; - addr |= 0x4; + addr |= unit; - sockaddr_u address; - address.sa4.sin_family = AF_INET; - address.sa4.sin_addr.s_addr = htonl(addr); - - char stringStart[100]= "REFCLK("; - char value[100] ; - snprintf(value, sizeof(value), "%d", UNUSED_REFCLOCK_ID); - strcat(stringStart,value); - strcat(stringStart,",4)"); - char * expected = stringStart; + AF(&address) = AF_INET; + NSRCADR(&address) = htonl(addr); + + snprintf(expected, sizeof(expected), "REFCLK(%u,%u)", + UNUSED_REFCLOCK_ID, unit); TEST_ASSERT_EQUAL_STRING(expected, refnumtoa(&address)); #else diff --git a/tests/libntp/run-a_md5encrypt.c b/tests/libntp/run-a_md5encrypt.c index 06dda63f07ba..14c7f84192d8 100644 --- a/tests/libntp/run-a_md5encrypt.c +++ b/tests/libntp/run-a_md5encrypt.c @@ -62,11 +62,11 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("a_md5encrypt.c"); - RUN_TEST(test_Encrypt, 41); - RUN_TEST(test_DecryptValid, 42); - RUN_TEST(test_DecryptInvalid, 43); - RUN_TEST(test_IPv4AddressToRefId, 44); - RUN_TEST(test_IPv6AddressToRefId, 45); + RUN_TEST(test_Encrypt, 63); + RUN_TEST(test_DecryptValid, 64); + RUN_TEST(test_DecryptInvalid, 65); + RUN_TEST(test_IPv4AddressToRefId, 66); + RUN_TEST(test_IPv6AddressToRefId, 67); return (UnityEnd()); } diff --git a/tests/libntp/run-caljulian.c b/tests/libntp/run-caljulian.c index fff7c0b87939..4fd633920611 100644 --- a/tests/libntp/run-caljulian.c +++ b/tests/libntp/run-caljulian.c @@ -25,7 +25,6 @@ #include "config.h" #include "ntp_calendar.h" #include "ntp_stdlib.h" -#include "lib_strbuf.h" #include "test-libntp.h" #include <string.h> @@ -64,10 +63,10 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("caljulian.c"); - RUN_TEST(test_RegularTime, 15); - RUN_TEST(test_LeapYear, 16); - RUN_TEST(test_uLongBoundary, 17); - RUN_TEST(test_uLongWrapped, 18); + RUN_TEST(test_RegularTime, 14); + RUN_TEST(test_LeapYear, 15); + RUN_TEST(test_uLongBoundary, 16); + RUN_TEST(test_uLongWrapped, 17); return (UnityEnd()); } diff --git a/tests/libntp/run-digests.c b/tests/libntp/run-digests.c index ae574d0e239e..bc56f1cb92e6 100644 --- a/tests/libntp/run-digests.c +++ b/tests/libntp/run-digests.c @@ -40,6 +40,9 @@ extern void test_Digest_MDC2(void); extern void test_Digest_RIPEMD160(void); extern void test_Digest_SHA1(void); extern void test_Digest_SHAKE128(void); +extern void test_Digest_DSA(void); +extern void test_Digest_DSA_SHA(void); +extern void test_Digest_SHA(void); //=======Suite Setup===== @@ -75,6 +78,9 @@ int main(int argc, char *argv[]) RUN_TEST(test_Digest_RIPEMD160, 275); RUN_TEST(test_Digest_SHA1, 314); RUN_TEST(test_Digest_SHAKE128, 353); + RUN_TEST(test_Digest_DSA, 390); + RUN_TEST(test_Digest_DSA_SHA, 429); + RUN_TEST(test_Digest_SHA, 468); return (UnityEnd()); } diff --git a/tests/libntp/run-netof.c b/tests/libntp/run-netof.c index 9c81f38475bb..f753e39a1ad3 100644 --- a/tests/libntp/run-netof.c +++ b/tests/libntp/run-netof.c @@ -30,9 +30,7 @@ //=======External Functions This Runner Calls===== extern void setUp(void); extern void tearDown(void); -extern void test_ClassBAddress(void); extern void test_ClassCAddress(void); -extern void test_ClassAAddress(void); extern void test_IPv6Address(void); @@ -62,10 +60,8 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("netof.c"); - RUN_TEST(test_ClassBAddress, 12); - RUN_TEST(test_ClassCAddress, 13); - RUN_TEST(test_ClassAAddress, 14); - RUN_TEST(test_IPv6Address, 15); + RUN_TEST(test_ClassCAddress, 12); + RUN_TEST(test_IPv6Address, 13); return (UnityEnd()); } diff --git a/tests/libntp/run-numtohost.c b/tests/libntp/run-numtohost.c deleted file mode 100644 index 3129845f7cf9..000000000000 --- a/tests/libntp/run-numtohost.c +++ /dev/null @@ -1,64 +0,0 @@ -/* AUTOGENERATED FILE. DO NOT EDIT. */ - -//=======Test Runner Used To Run Each Test Below===== -#define RUN_TEST(TestFunc, TestLineNum) \ -{ \ - Unity.CurrentTestName = #TestFunc; \ - Unity.CurrentTestLineNumber = TestLineNum; \ - Unity.NumberOfTests++; \ - if (TEST_PROTECT()) \ - { \ - setUp(); \ - TestFunc(); \ - } \ - if (TEST_PROTECT() && !TEST_IS_IGNORED) \ - { \ - tearDown(); \ - } \ - UnityConcludeTest(); \ -} - -//=======Automagically Detected Files To Include===== -#include "unity.h" -#include <setjmp.h> -#include <stdio.h> -#include "config.h" -#include "ntp_stdlib.h" -#include "ntp_fp.h" - -//=======External Functions This Runner Calls===== -extern void setUp(void); -extern void tearDown(void); -extern void test_LoopbackNetNonResolve(void); - - -//=======Suite Setup===== -static void suite_setup(void) -{ -extern int change_iobufs(int); -extern int change_logfile(const char*, int); -change_iobufs(1); -change_logfile("stderr", 0); -} - -//=======Test Reset Option===== -void resetTest(void); -void resetTest(void) -{ - tearDown(); - setUp(); -} - -char const *progname; - - -//=======MAIN===== -int main(int argc, char *argv[]) -{ - progname = argv[0]; - suite_setup(); - UnityBegin("numtohost.c"); - RUN_TEST(test_LoopbackNetNonResolve, 9); - - return (UnityEnd()); -} diff --git a/tests/libntp/run-refnumtoa.c b/tests/libntp/run-refnumtoa.c index e56c9a1158e1..1b48534ecd1f 100644 --- a/tests/libntp/run-refnumtoa.c +++ b/tests/libntp/run-refnumtoa.c @@ -59,8 +59,8 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("refnumtoa.c"); - RUN_TEST(test_LocalClock, 13); - RUN_TEST(test_UnknownId, 14); + RUN_TEST(test_LocalClock, 10); + RUN_TEST(test_UnknownId, 11); return (UnityEnd()); } diff --git a/tests/libntp/run-ssl_init.c b/tests/libntp/run-ssl_init.c index 8450a27c3d9d..0ec84eb1935c 100644 --- a/tests/libntp/run-ssl_init.c +++ b/tests/libntp/run-ssl_init.c @@ -63,13 +63,13 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("ssl_init.c"); - RUN_TEST(test_MD5KeyTypeWithoutDigestLength, 20); - RUN_TEST(test_MD5KeyTypeWithDigestLength, 21); - RUN_TEST(test_SHA1KeyTypeWithDigestLength, 22); - RUN_TEST(test_CMACKeyTypeWithDigestLength, 23); - RUN_TEST(test_MD5KeyName, 24); - RUN_TEST(test_SHA1KeyName, 25); - RUN_TEST(test_CMACKeyName, 26); + RUN_TEST(test_MD5KeyTypeWithoutDigestLength, 16); + RUN_TEST(test_MD5KeyTypeWithDigestLength, 17); + RUN_TEST(test_SHA1KeyTypeWithDigestLength, 18); + RUN_TEST(test_CMACKeyTypeWithDigestLength, 19); + RUN_TEST(test_MD5KeyName, 20); + RUN_TEST(test_SHA1KeyName, 21); + RUN_TEST(test_CMACKeyName, 22); return (UnityEnd()); } diff --git a/tests/libntp/ssl_init.c b/tests/libntp/ssl_init.c index 69b395e051e9..d42b5592e3a8 100644 --- a/tests/libntp/ssl_init.c +++ b/tests/libntp/ssl_init.c @@ -13,10 +13,6 @@ #include "unity.h" -static const size_t TEST_MD5_DIGEST_LENGTH = 16; -static const size_t TEST_SHA1_DIGEST_LENGTH = 20; -static const size_t TEST_CMAC_DIGEST_LENGTH = 16; - void test_MD5KeyTypeWithoutDigestLength(void); void test_MD5KeyTypeWithDigestLength(void); void test_SHA1KeyTypeWithDigestLength(void); @@ -35,7 +31,7 @@ test_MD5KeyTypeWithoutDigestLength(void) { void test_MD5KeyTypeWithDigestLength(void) { size_t digestLength; - size_t expected = TEST_MD5_DIGEST_LENGTH; + size_t expected = MD5_LENGTH; TEST_ASSERT_EQUAL(KEY_TYPE_MD5, keytype_from_text("MD5", &digestLength)); TEST_ASSERT_EQUAL(expected, digestLength); @@ -46,7 +42,7 @@ void test_SHA1KeyTypeWithDigestLength(void) { #ifdef OPENSSL size_t digestLength; - size_t expected = TEST_SHA1_DIGEST_LENGTH; + size_t expected = SHA1_LENGTH; TEST_ASSERT_EQUAL(NID_sha1, keytype_from_text("SHA1", &digestLength)); TEST_ASSERT_EQUAL(expected, digestLength); @@ -61,7 +57,7 @@ void test_CMACKeyTypeWithDigestLength(void) { #if defined(OPENSSL) && defined(ENABLE_CMAC) size_t digestLength; - size_t expected = TEST_CMAC_DIGEST_LENGTH; + size_t expected = CMAC_LENGTH; TEST_ASSERT_EQUAL(NID_cmac, keytype_from_text(CMAC, &digestLength)); TEST_ASSERT_EQUAL(expected, digestLength); diff --git a/tests/libntp/timevalops.c b/tests/libntp/timevalops.c index 0c498ca396b6..4dff90c24df4 100644 --- a/tests/libntp/timevalops.c +++ b/tests/libntp/timevalops.c @@ -119,9 +119,9 @@ AssertTimevalClose(const struct timeval m, const struct timeval n, const struct printf("m_expr which is %lld.%06lu \nand\n" "n_expr which is %lld.%06lu\nare not close; diff=%lld.%06luusec\n", - (long long)m.tv_sec, m.tv_usec, - (long long)n.tv_sec, n.tv_usec, - (long long)diff.tv_sec, diff.tv_usec); + (long long)m.tv_sec, (u_long)m.tv_usec, + (long long)n.tv_sec, (u_long)n.tv_usec, + (long long)diff.tv_sec, (u_long)diff.tv_usec); return FALSE; } diff --git a/tests/libntp/vi64ops.c b/tests/libntp/vi64ops.c index 0891299e52fd..10e04629d6cb 100644 --- a/tests/libntp/vi64ops.c +++ b/tests/libntp/vi64ops.c @@ -38,8 +38,8 @@ IsEqual(const vint64 expected, const vint64 actual) { void test_ParseVUI64_pos(void) { vint64 act, exp; - const char *sp; - char const *ep; + char *sp; + char *ep; sp = "1234x"; exp.D_s.hi = 0; @@ -54,8 +54,8 @@ test_ParseVUI64_pos(void) { void test_ParseVUI64_neg(void) { vint64 act, exp; - const char *sp; - char const *ep; + char *sp; + char *ep; sp = "-1234x"; exp.D_s.hi = ~0; @@ -68,8 +68,8 @@ test_ParseVUI64_neg(void) { void test_ParseVUI64_case(void) { vint64 act, exp; - const char *sp; - char const *ep; + char *sp; + char *ep; sp = "0123456789AbCdEf"; exp.D_s.hi = 0x01234567; diff --git a/tests/ntpd/Makefile.in b/tests/ntpd/Makefile.in index fb0b08a2b548..b96659659b0e 100644 --- a/tests/ntpd/Makefile.in +++ b/tests/ntpd/Makefile.in @@ -96,6 +96,7 @@ check_PROGRAMS = test-leapsec$(EXEEXT) test-ntp_prio_q$(EXEEXT) \ EXTRA_PROGRAMS = test-ntp_restrict$(EXEEXT) test-ntp_scanner$(EXEEXT) \ test-ntp_signd$(EXEEXT) $(am__EXEEXT_1) @NTP_CROSSCOMPILE_FALSE@am__append_4 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_5 = check-libntp subdir = tests/ntpd ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -683,6 +684,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -784,14 +786,9 @@ top_srcdir = @top_srcdir@ NULL = BUILT_SOURCES = $(srcdir)/run-leapsec.c $(srcdir)/run-ntp_prio_q.c \ $(srcdir)/run-ntp_restrict.c $(srcdir)/run-rc_cmdlength.c \ - $(srcdir)/run-t-ntp_signd.c $(NULL) check-libntp check-libntpd \ - check-libunity .deps-ver - -# CLEANFILES addition below won't be needed after a while. -# Leave it in for now for folks tracking the source repo -# who have the file from a former version of the rule. -# DLH Jan 2023 -CLEANFILES = check-libntp check-libntpd .deps-ver + $(srcdir)/run-t-ntp_signd.c $(NULL) $(am__append_5) \ + check-libntpd check-libunity .deps-ver +CLEANFILES = check-libunity .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver std_unity_list = \ $(abs_top_srcdir)/sntp/unity/auto/generate_test_runner.rb \ @@ -1746,20 +1743,17 @@ $(srcdir)/run-t-ntp_signd.c: $(srcdir)/t-ntp_signd.c $(std_unity_list) $(srcdir)/run-t-ntp_scanner.c: $(srcdir)/t-ntp_scanner.c $(std_unity_list) $(run_unity) $< $@ -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a -check-libntpd: $(top_builddir)/ntpd/libntpd.a - @: avoid default SCCS get by some make implementations - -$(top_builddir)/ntpd/libntpd.a: +.PHONY: check-libntpd +check-libntpd: cd $(top_builddir)/ntpd && $(MAKE) $(AM_MAKEFLAGS) libntpd.a check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/tests/ntpd/leapsec.c b/tests/ntpd/leapsec.c index 34a6ed76ee6d..7efae3d2db5d 100644 --- a/tests/ntpd/leapsec.c +++ b/tests/ntpd/leapsec.c @@ -6,7 +6,6 @@ #include "ntp_calendar.h" #include "ntp_stdlib.h" #include "ntp_leapsec.h" -#include "lib_strbuf.h" #include "unity.h" diff --git a/tests/ntpd/run-leapsec.c b/tests/ntpd/run-leapsec.c index 6c9f243d6796..64ebecd5fcdf 100644 --- a/tests/ntpd/run-leapsec.c +++ b/tests/ntpd/run-leapsec.c @@ -27,7 +27,6 @@ #include "ntp_calendar.h" #include "ntp_stdlib.h" #include "ntp_leapsec.h" -#include "lib_strbuf.h" #include "test-libntp.h" #include <string.h> @@ -95,39 +94,39 @@ int main(int argc, char *argv[]) progname = argv[0]; suite_setup(); UnityBegin("leapsec.c"); - RUN_TEST(test_ValidateGood, 329); - RUN_TEST(test_ValidateNoHash, 339); - RUN_TEST(test_ValidateBad, 349); - RUN_TEST(test_ValidateMalformed, 359); - RUN_TEST(test_ValidateMalformedShort, 369); - RUN_TEST(test_ValidateNoLeadZero, 379); - RUN_TEST(test_tableSelect, 394); - RUN_TEST(test_loadFileExpire, 431); - RUN_TEST(test_loadFileTTL, 449); - RUN_TEST(test_lsQueryPristineState, 482); - RUN_TEST(test_ls2009faraway, 496); - RUN_TEST(test_ls2009weekaway, 515); - RUN_TEST(test_ls2009houraway, 534); - RUN_TEST(test_ls2009secaway, 553); - RUN_TEST(test_ls2009onspot, 572); - RUN_TEST(test_ls2009nodata, 591); - RUN_TEST(test_ls2009limdata, 610); - RUN_TEST(test_qryJumpFarAhead, 633); - RUN_TEST(test_qryJumpAheadToTransition, 656); - RUN_TEST(test_qryJumpAheadOverTransition, 679); - RUN_TEST(test_addDynamic, 706); - RUN_TEST(test_taiEmptyTable, 892); - RUN_TEST(test_taiTableFixed, 906); - RUN_TEST(test_taiTableDynamic, 920); - RUN_TEST(test_taiTableDynamicDeadZone, 948); - RUN_TEST(test_ls2009seqInsElectric, 970); - RUN_TEST(test_ls2009seqInsDumb, 1015); - RUN_TEST(test_ls2009seqDelElectric, 1064); - RUN_TEST(test_ls2009seqDelDumb, 1109); - RUN_TEST(test_ls2012seqInsElectric, 1153); - RUN_TEST(test_ls2012seqInsDumb, 1198); - RUN_TEST(test_lsEmptyTableDumb, 1249); - RUN_TEST(test_lsEmptyTableElectric, 1272); + RUN_TEST(test_ValidateGood, 328); + RUN_TEST(test_ValidateNoHash, 338); + RUN_TEST(test_ValidateBad, 348); + RUN_TEST(test_ValidateMalformed, 358); + RUN_TEST(test_ValidateMalformedShort, 368); + RUN_TEST(test_ValidateNoLeadZero, 378); + RUN_TEST(test_tableSelect, 393); + RUN_TEST(test_loadFileExpire, 430); + RUN_TEST(test_loadFileTTL, 448); + RUN_TEST(test_lsQueryPristineState, 481); + RUN_TEST(test_ls2009faraway, 495); + RUN_TEST(test_ls2009weekaway, 514); + RUN_TEST(test_ls2009houraway, 533); + RUN_TEST(test_ls2009secaway, 552); + RUN_TEST(test_ls2009onspot, 571); + RUN_TEST(test_ls2009nodata, 590); + RUN_TEST(test_ls2009limdata, 609); + RUN_TEST(test_qryJumpFarAhead, 632); + RUN_TEST(test_qryJumpAheadToTransition, 655); + RUN_TEST(test_qryJumpAheadOverTransition, 678); + RUN_TEST(test_addDynamic, 705); + RUN_TEST(test_taiEmptyTable, 891); + RUN_TEST(test_taiTableFixed, 905); + RUN_TEST(test_taiTableDynamic, 919); + RUN_TEST(test_taiTableDynamicDeadZone, 947); + RUN_TEST(test_ls2009seqInsElectric, 969); + RUN_TEST(test_ls2009seqInsDumb, 1014); + RUN_TEST(test_ls2009seqDelElectric, 1063); + RUN_TEST(test_ls2009seqDelDumb, 1108); + RUN_TEST(test_ls2012seqInsElectric, 1152); + RUN_TEST(test_ls2012seqInsDumb, 1197); + RUN_TEST(test_lsEmptyTableDumb, 1248); + RUN_TEST(test_lsEmptyTableElectric, 1271); return (UnityEnd()); } diff --git a/tests/ntpq/Makefile.in b/tests/ntpq/Makefile.in index 7678393037aa..83abb41eb2d9 100644 --- a/tests/ntpq/Makefile.in +++ b/tests/ntpq/Makefile.in @@ -90,6 +90,7 @@ build_triplet = @build@ host_triplet = @host@ check_PROGRAMS = test-ntpq$(EXEEXT) $(am__EXEEXT_1) @NTP_CROSSCOMPILE_FALSE@am__append_1 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_2 = check-libntp subdir = tests/ntpq ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -598,6 +599,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -697,9 +699,9 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = -BUILT_SOURCES = $(srcdir)/run-t-ntpq.c $(NULL) check-libntp \ +BUILT_SOURCES = $(srcdir)/run-t-ntpq.c $(NULL) $(am__append_2) \ check-libunity .deps-ver -CLEANFILES = check-libntp .deps-ver +CLEANFILES = check-libunity .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver std_unity_list = \ $(abs_top_srcdir)/sntp/unity/auto/generate_test_runner.rb \ @@ -1231,14 +1233,13 @@ uninstall-am: $(srcdir)/run-t-ntpq.c: $(srcdir)/t-ntpq.c $(std_unity_list) $(run_unity) $< $@ -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/tests/sandbox/Makefile.in b/tests/sandbox/Makefile.in index 5d1376c573a6..3088616298e7 100644 --- a/tests/sandbox/Makefile.in +++ b/tests/sandbox/Makefile.in @@ -92,6 +92,7 @@ check_PROGRAMS = first-test$(EXEEXT) smeartest$(EXEEXT) \ EXTRA_PROGRAMS = bug-2803$(EXEEXT) second-test$(EXEEXT) \ $(am__EXEEXT_1) @NTP_CROSSCOMPILE_FALSE@am__append_1 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_2 = check-libntp subdir = tests/sandbox ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -623,6 +624,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -723,8 +725,8 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ NULL = BUILT_SOURCES = run-ut-2803.c run-uglydate.c run-modetoa.c \ - check-libntp check-libunity .deps-ver -CLEANFILES = check-libntp .deps-ver + $(am__append_2) check-libunity .deps-ver +CLEANFILES = check-libunity .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver std_unity_list = \ $(abs_top_srcdir)/sntp/unity/auto/generate_test_runner.rb \ @@ -1301,14 +1303,13 @@ $(srcdir)/run-uglydate.c: $(srcdir)/uglydate.c $(std_unity_list) $(srcdir)/run-modetoa.c: $(srcdir)/modetoa.c $(std_unity_list) $(run_unity) $< $@ -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/tests/sec-2853/Makefile.in b/tests/sec-2853/Makefile.in index a5615919f718..8c441ce372ed 100644 --- a/tests/sec-2853/Makefile.in +++ b/tests/sec-2853/Makefile.in @@ -89,6 +89,7 @@ build_triplet = @build@ host_triplet = @host@ check_PROGRAMS = sec-2853$(EXEEXT) @NTP_CROSSCOMPILE_FALSE@am__append_1 = $(check_PROGRAMS) +@LIBNTP_SUBMAKES_TRUE@am__append_2 = check-libntp subdir = tests/sec-2853 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -593,6 +594,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -694,14 +696,9 @@ top_srcdir = @top_srcdir@ #AUTOMAKE_OPTIONS = foreign 1.9 subdir-objects NULL = -BUILT_SOURCES = $(srcdir)/run-sec-2853.c check-libntp check-libntpd \ +BUILT_SOURCES = $(srcdir)/run-sec-2853.c $(am__append_2) check-libntpd \ check-libunity .deps-ver - -# CLEANFILES addition below won't be needed after a while. -# Leave it in for now for folks tracking the source repo -# who have the file from a former version of the rule. -# DLH Jan 2023 -CLEANFILES = check-libntp check-libntpd .deps-ver +CLEANFILES = check-libunity .deps-ver DISTCLEANFILES = $(DEPDIR)/deps-ver std_unity_list = \ $(abs_top_srcdir)/sntp/unity/auto/generate_test_runner.rb \ @@ -1229,20 +1226,17 @@ uninstall-am: $(srcdir)/run-sec-2853.c: $(srcdir)/sec-2853.c $(std_unity_list) $(run_unity) $< $@ -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations - -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +.PHONY: check-libntp -check-libntpd: $(top_builddir)/ntpd/libntpd.a - @: avoid default SCCS get by some make implementations +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a -$(top_builddir)/ntpd/libntpd.a: +.PHONY: check-libntpd +check-libntpd: cd $(top_builddir)/ntpd && $(MAKE) $(AM_MAKEFLAGS) libntpd.a check-libunity: $(top_builddir)/sntp/unity/libunity.a - @: avoid default SCCS get by some make implementations + @echo stamp > $@ $(top_builddir)/sntp/unity/libunity.a: cd $(top_builddir)/sntp/unity && $(MAKE) $(AM_MAKEFLAGS) libunity.a diff --git a/util/Makefile.am b/util/Makefile.am index cef623c592d0..db0e8e65d747 100644 --- a/util/Makefile.am +++ b/util/Makefile.am @@ -4,7 +4,8 @@ bin_PROGRAMS= $(NTP_KEYGEN_DB) $(NTPTIME_DB) $(TICKADJ_DB) $(TIMETRIM_DB) libexec_PROGRAMS= $(NTP_KEYGEN_DL) $(NTPTIME_DL) $(TICKADJ_DL) $(TIMETRIM_DL) sbin_PROGRAMS= $(NTP_KEYGEN_DS) $(NTPTIME_DS) $(TICKADJ_DS) $(TIMETRIM_DS) -EXTRA_PROGRAMS= audio-pcm byteorder hist jitter kern longsize ntp-keygen \ +EXTRA_PROGRAMS= audio-pcm byteorder hist jitter kern longsize lsf-times \ + ntp-keygen \ ntptime pps-api precision sht testrs6000 tg tg2 tickadj timetrim AM_CFLAGS = $(CFLAGS_NTP) @@ -32,6 +33,7 @@ tickadj_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) $(LDAD EXTRA_DIST= \ invoke-ntp-keygen.menu \ invoke-ntp-keygen.texi \ + lsf-times.c \ ntp-keygen-opts.def \ ntp-keygen.1ntp-keygenman \ ntp-keygen.1ntp-keygenmdoc \ diff --git a/util/Makefile.in b/util/Makefile.in index bfc308c6cc5f..f98e15193aa4 100644 --- a/util/Makefile.in +++ b/util/Makefile.in @@ -95,9 +95,11 @@ build_triplet = @build@ host_triplet = @host@ EXTRA_PROGRAMS = audio-pcm$(EXEEXT) byteorder$(EXEEXT) hist$(EXEEXT) \ jitter$(EXEEXT) kern$(EXEEXT) longsize$(EXEEXT) \ - ntp-keygen$(EXEEXT) ntptime$(EXEEXT) pps-api$(EXEEXT) \ - precision$(EXEEXT) sht$(EXEEXT) testrs6000$(EXEEXT) \ - tg$(EXEEXT) tg2$(EXEEXT) tickadj$(EXEEXT) timetrim$(EXEEXT) + lsf-times$(EXEEXT) ntp-keygen$(EXEEXT) ntptime$(EXEEXT) \ + pps-api$(EXEEXT) precision$(EXEEXT) sht$(EXEEXT) \ + testrs6000$(EXEEXT) tg$(EXEEXT) tg2$(EXEEXT) tickadj$(EXEEXT) \ + timetrim$(EXEEXT) +@LIBNTP_SUBMAKES_TRUE@am__append_1 = check-libntp subdir = util ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/sntp/libopts/m4/libopts.m4 \ @@ -184,6 +186,11 @@ longsize_OBJECTS = longsize.$(OBJEXT) longsize_LDADD = $(LDADD) longsize_DEPENDENCIES = ../libntp/libntp.a $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +lsf_times_SOURCES = lsf-times.c +lsf_times_OBJECTS = lsf-times.$(OBJEXT) +lsf_times_LDADD = $(LDADD) +lsf_times_DEPENDENCIES = ../libntp/libntp.a $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am_ntp_keygen_OBJECTS = ntp-keygen.$(OBJEXT) ntp-keygen-opts.$(OBJEXT) nodist_ntp_keygen_OBJECTS = version.$(OBJEXT) ntp_keygen_OBJECTS = $(am_ntp_keygen_OBJECTS) \ @@ -254,12 +261,13 @@ am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/audio-pcm.Po \ ./$(DEPDIR)/byteorder.Po ./$(DEPDIR)/hist.Po \ ./$(DEPDIR)/jitter.Po ./$(DEPDIR)/kern.Po \ - ./$(DEPDIR)/longsize.Po ./$(DEPDIR)/ntp-keygen-opts.Po \ - ./$(DEPDIR)/ntp-keygen.Po ./$(DEPDIR)/ntptime.Po \ - ./$(DEPDIR)/pps-api.Po ./$(DEPDIR)/precision.Po \ - ./$(DEPDIR)/sht.Po ./$(DEPDIR)/testrs6000.Po ./$(DEPDIR)/tg.Po \ - ./$(DEPDIR)/tg2.Po ./$(DEPDIR)/tickadj.Po \ - ./$(DEPDIR)/timetrim.Po ./$(DEPDIR)/version.Po + ./$(DEPDIR)/longsize.Po ./$(DEPDIR)/lsf-times.Po \ + ./$(DEPDIR)/ntp-keygen-opts.Po ./$(DEPDIR)/ntp-keygen.Po \ + ./$(DEPDIR)/ntptime.Po ./$(DEPDIR)/pps-api.Po \ + ./$(DEPDIR)/precision.Po ./$(DEPDIR)/sht.Po \ + ./$(DEPDIR)/testrs6000.Po ./$(DEPDIR)/tg.Po ./$(DEPDIR)/tg2.Po \ + ./$(DEPDIR)/tickadj.Po ./$(DEPDIR)/timetrim.Po \ + ./$(DEPDIR)/version.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -280,12 +288,13 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = audio-pcm.c byteorder.c hist.c $(jitter_SOURCES) kern.c \ - longsize.c $(ntp_keygen_SOURCES) $(nodist_ntp_keygen_SOURCES) \ - ntptime.c pps-api.c precision.c sht.c testrs6000.c tg.c tg2.c \ - tickadj.c timetrim.c + longsize.c lsf-times.c $(ntp_keygen_SOURCES) \ + $(nodist_ntp_keygen_SOURCES) ntptime.c pps-api.c precision.c \ + sht.c testrs6000.c tg.c tg2.c tickadj.c timetrim.c DIST_SOURCES = audio-pcm.c byteorder.c hist.c $(jitter_SOURCES) kern.c \ - longsize.c $(ntp_keygen_SOURCES) ntptime.c pps-api.c \ - precision.c sht.c testrs6000.c tg.c tg2.c tickadj.c timetrim.c + longsize.c lsf-times.c $(ntp_keygen_SOURCES) ntptime.c \ + pps-api.c precision.c sht.c testrs6000.c tg.c tg2.c tickadj.c \ + timetrim.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -513,6 +522,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_NET_SNMP_CONFIG = @PATH_NET_SNMP_CONFIG@ +PATH_OPENSSL = @PATH_OPENSSL@ PATH_PERL = @PATH_PERL@ PATH_RUBY = @PATH_RUBY@ PATH_SEPARATOR = @PATH_SEPARATOR@ @@ -632,6 +642,7 @@ tickadj_LDADD = ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) $(LDA EXTRA_DIST = \ invoke-ntp-keygen.menu \ invoke-ntp-keygen.texi \ + lsf-times.c \ ntp-keygen-opts.def \ ntp-keygen.1ntp-keygenman \ ntp-keygen.1ntp-keygenmdoc \ @@ -642,9 +653,9 @@ EXTRA_DIST = \ ntp-keygen.texi \ $(NULL) -BUILT_SOURCES = ntp-keygen-opts.c ntp-keygen-opts.h check-libntp \ +BUILT_SOURCES = ntp-keygen-opts.c ntp-keygen-opts.h $(am__append_1) \ check-libopts .deps-ver -CLEANFILES = .version version.c check-libntp check-libopts .deps-ver +CLEANFILES = .version version.c check-libopts .deps-ver DISTCLEANFILES = config.log $(man_MANS) $(DEPDIR)/deps-ver html_DATA = \ $(srcdir)/ntp-keygen.html \ @@ -886,6 +897,10 @@ longsize$(EXEEXT): $(longsize_OBJECTS) $(longsize_DEPENDENCIES) $(EXTRA_longsize @rm -f longsize$(EXEEXT) $(AM_V_CCLD)$(LINK) $(longsize_OBJECTS) $(longsize_LDADD) $(LIBS) +lsf-times$(EXEEXT): $(lsf_times_OBJECTS) $(lsf_times_DEPENDENCIES) $(EXTRA_lsf_times_DEPENDENCIES) + @rm -f lsf-times$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(lsf_times_OBJECTS) $(lsf_times_LDADD) $(LIBS) + ntp-keygen$(EXEEXT): $(ntp_keygen_OBJECTS) $(ntp_keygen_DEPENDENCIES) $(EXTRA_ntp_keygen_DEPENDENCIES) @rm -f ntp-keygen$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ntp_keygen_OBJECTS) $(ntp_keygen_LDADD) $(LIBS) @@ -938,6 +953,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/jitter.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kern.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/longsize.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lsf-times.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp-keygen-opts.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntp-keygen.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntptime.Po@am__quote@ # am--include-marker @@ -1233,6 +1249,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/jitter.Po -rm -f ./$(DEPDIR)/kern.Po -rm -f ./$(DEPDIR)/longsize.Po + -rm -f ./$(DEPDIR)/lsf-times.Po -rm -f ./$(DEPDIR)/ntp-keygen-opts.Po -rm -f ./$(DEPDIR)/ntp-keygen.Po -rm -f ./$(DEPDIR)/ntptime.Po @@ -1298,6 +1315,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/jitter.Po -rm -f ./$(DEPDIR)/kern.Po -rm -f ./$(DEPDIR)/longsize.Po + -rm -f ./$(DEPDIR)/lsf-times.Po -rm -f ./$(DEPDIR)/ntp-keygen-opts.Po -rm -f ./$(DEPDIR)/ntp-keygen.Po -rm -f ./$(DEPDIR)/ntptime.Po @@ -1418,11 +1436,10 @@ install-exec-hook: # -check-libntp: $(top_builddir)/libntp/libntp.a - @: avoid default SCCS get by some make implementations +.PHONY: check-libntp -$(top_builddir)/libntp/libntp.a: - cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a +@LIBNTP_SUBMAKES_TRUE@check-libntp: +@LIBNTP_SUBMAKES_TRUE@ cd $(top_builddir)/libntp && $(MAKE) $(AM_MAKEFLAGS) libntp.a check-libopts: ../sntp/libopts/libopts.la @echo stamp > $@ @@ -1432,10 +1449,9 @@ check-libopts: ../sntp/libopts/libopts.la $(top_srcdir)/sntp/scm-rev: FRC.scm-rev $(AM_V_GEN)cd $(top_builddir)/sntp && $(MAKE) $(AM_MAKEFLAGS) check-scm-rev +.PHONY: FRC.scm-rev FRC.scm-rev: - @: FRC.scm-rev "force" depends on nothing and is not a file, so is \ - always out-of-date causing targets which depend on it to also \ - be outdated so their rules to fire each time they are built. + @: FRC.scm-rev is always out of date, triggering the check every make invocation. $(DEPDIR)/deps-ver: $(top_srcdir)/deps-ver @[ -f $@ ] || \ cp $(top_srcdir)/deps-ver $@ diff --git a/util/invoke-ntp-keygen.texi b/util/invoke-ntp-keygen.texi index 2ee45b30970c..a4571231a4f6 100644 --- a/util/invoke-ntp-keygen.texi +++ b/util/invoke-ntp-keygen.texi @@ -6,7 +6,7 @@ # # EDIT THIS FILE WITH CAUTION (invoke-ntp-keygen.texi) # -# It has been AutoGen-ed June 6, 2023 at 04:38:29 AM by AutoGen 5.18.16 +# It has been AutoGen-ed May 25, 2024 at 12:04:48 AM by AutoGen 5.18.16 # From the definitions ntp-keygen-opts.def # and the template file agtexi-cmd.tpl @end ignore @@ -1056,7 +1056,7 @@ with a status code of 0. @exampleindent 0 @example -ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p17 +ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p18 Usage: ntp-keygen [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... Flg Arg Option-Name Description -b Num imbits identity modulus bits diff --git a/util/lsf-times.c b/util/lsf-times.c new file mode 100644 index 000000000000..5b719e13360f --- /dev/null +++ b/util/lsf-times.c @@ -0,0 +1,220 @@ +#include "config.h" +#include "ntp_calendar.h" + +#include <stdlib.h> +#include <errno.h> + +#include "ntp_types.h" +#include "ntp_fp.h" +#include "vint64ops.h" + +/* + * If we're called with 1 arg, it's a u_long timestamp. + * If we're called with 3 args, we're expecting YYYY MM DD, + * and MM must be 6 or 12, and DD must be 28, + * If we're called with 2 args, we're expecting YYYY MM, and + * MM mst be 6 or 12, and we assume DD is 28. + */ + +char *progname; +static const char *MONTHS[] = + { "January", "February", "March", "April", "May", "June", + "July", "August", "September", "October", "November", + "December" }; + +void usage(void); + +void +usage(void) +{ + printf("Usage:\n"); + printf(" %s nnnnnn\n", progname); + printf(" %s YYYY [6|12]\n", progname); + printf(" %s YYYY [6|12] 28\n", progname); + + return; +} + + +int +main( + int argc, /* command line options */ + char **argv /* poiniter to list of tokens */ + ) +{ + int err = 0; + vint64 expires; + unsigned int year = 0; + unsigned int mon = 0; + unsigned int dom = 0; + int scount; + char *ep; + struct calendar cal = {0}; + + progname = argv[0]; + + switch(argc) { + case 2: /* 1 arg, must be a string of digits */ + expires = strtouv64(argv[1], &ep, 10); + + if (0 == *ep) { + ntpcal_ntp64_to_date(&cal, &expires); + + printf("%02u %s %04u %02u:%02u:%02u\n" + , cal.monthday + , MONTHS[cal.month - 1] + , cal.year + , cal.hour + , cal.minute + , cal.second + ); + + exit(0); + } else { + printf("1 arg, but not a string of digits: <%s>\n", + argv[1]); + err = 1; + } + break; + ;; + case 3: /* 2 args, must be YY MM, where MM is 6 or 12 */ + dom = 28; + scount = sscanf(argv[1], "%u", &year); + if (1 == scount) { + // printf("2 args: year %u\n", year); + } else { + printf("2 args, but #1 is not a string of digits: <%s>\n", argv[1]); + err = 1; + } + + scount = sscanf(argv[2], "%u", &mon); + if (1 == scount) { + if (6 == mon || 12 == mon) { + // printf("2 args: month %u\n", mon); + } else { + printf("2 arg, but #2 is not 6 or 12: <%d>\n", mon); + err = 1; + } + } else { + printf("2 arg, but #2 is not a string of digits: <%s>\n", argv[2]); + err = 1; + } + + break; + ;; + case 4: /* 3 args, YY MM DD, where MM is 6 or 12, DD is 28 */ + scount = sscanf(argv[1], "%u", &year); + if (1 == scount) { + // printf("3 args: year %u\n", year); + } else { + printf("3 args, but #1 is not a string of digits: <%s>\n", argv[1]); + err = 1; + } + + scount = sscanf(argv[2], "%u", &mon); + if (1 == scount) { + if (6 == mon || 12 == mon) { + // printf("3 args: month %u\n", mon); + } else { + printf("3 arg, but #2 is not 6 or 12: <%d>\n", mon); + err = 1; + } + } else { + printf("3 arg, but #2 is not a string of digits: <%s>\n", argv[2]); + err = 1; + } + + scount = sscanf(argv[3], "%u", &dom); + if (1 == scount) { + if (28 == dom) { + // printf("3 args: dom %u\n", dom); + } else { + printf("3 arg, but #3 is not 28: <%d>\n", dom); + err = 1; + } + } else { + printf("3 arg, but #3 is not a string of digits: <%s>\n", argv[2]); + err = 1; + } + + break; + ;; + default: + err = 1; + break; + ;; + } + + if (err) { + usage(); + exit(err); + } + + cal.year = year; + cal.month = mon; + cal.monthday = dom; + cal.hour = 0; + cal.minute = 0; + cal.second = 0; + + printf("%u ", ntpcal_date_to_ntp(&cal)); + + printf("%02d %s %04d " + , cal.monthday + , MONTHS[cal.month - 1] + , cal.year + ); + printf("\n"); + + exit(err); +} + +#if 0 + + +void +test_DateGivenMonthDay(void) { + // 2010-06-24 12:50:00 + struct calendar input = {2010, 0, 6, 24, 12, 50, 0}; + + u_long expected = 3486372600UL; // This is the timestamp above. + + TEST_ASSERT_EQUAL_UINT(expected, caltontp(&input)); +} + +void +test_DateGivenYearDay(void) { + // 2010-06-24 12:50:00 + // This is the 175th day of 2010. + struct calendar input = {2010, 175, 0, 0, 12, 50, 0}; + + u_long expected = 3486372600UL; // This is the timestamp above. + + TEST_ASSERT_EQUAL_UINT(expected, caltontp(&input)); +} + +void +test_DateLeapYear(void) { + // 2012-06-24 12:00:00 + // This is the 176th day of 2012 (since 2012 is a leap year). + struct calendar inputYd = {2012, 176, 0, 0, 12, 00, 00}; + struct calendar inputMd = {2012, 0, 6, 24, 12, 00, 00}; + + u_long expected = 3549528000UL; + + TEST_ASSERT_EQUAL_UINT(expected, caltontp(&inputYd)); + TEST_ASSERT_EQUAL_UINT(expected, caltontp(&inputMd)); +} + +void +test_WraparoundDateIn2036(void) { + // 2036-02-07 06:28:16 + // This is (one) wrapping boundary where we go from ULONG_MAX to 0. + struct calendar input = {2036, 0, 2, 7, 6, 28, 16}; + + u_long expected = 0UL; + + TEST_ASSERT_EQUAL_UINT(expected, caltontp(&input)); +} + +#endif diff --git a/util/ntp-keygen-opts.c b/util/ntp-keygen-opts.c index fb3c78fdff51..6d532651e3b2 100644 --- a/util/ntp-keygen-opts.c +++ b/util/ntp-keygen-opts.c @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.c) * - * It has been AutoGen-ed June 6, 2023 at 04:38:24 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:43 AM by AutoGen 5.18.16 * From the definitions ntp-keygen-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntp-keygen program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -76,8 +76,8 @@ extern FILE * option_usage_fp; * static const strings for ntp-keygen options */ static char const ntp_keygen_opt_strs[2443] = -/* 0 */ "ntp-keygen (ntp) 4.2.8p17\n" - "Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n" +/* 0 */ "ntp-keygen (ntp) 4.2.8p18\n" + "Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n" "This is free software. It is licensed for use, modification and\n" "redistribution under the terms of the NTP License, copies of which\n" "can be seen at:\n" @@ -169,14 +169,14 @@ static char const ntp_keygen_opt_strs[2443] = /* 2223 */ "no-load-opts\0" /* 2236 */ "no\0" /* 2239 */ "NTP_KEYGEN\0" -/* 2250 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p17\n" +/* 2250 */ "ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p18\n" "Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n\0" /* 2365 */ "$HOME\0" /* 2371 */ ".\0" /* 2373 */ ".ntprc\0" /* 2380 */ "https://bugs.ntp.org, bugs@ntp.org\0" /* 2415 */ "\n\0" -/* 2417 */ "ntp-keygen (ntp) 4.2.8p17"; +/* 2417 */ "ntp-keygen (ntp) 4.2.8p18"; /** * imbits option description: @@ -1314,8 +1314,8 @@ static void bogus_function(void) { translate option names. */ /* referenced via ntp_keygenOptions.pzCopyright */ - puts(_("ntp-keygen (ntp) 4.2.8p17\n\ -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved.\n\ + puts(_("ntp-keygen (ntp) 4.2.8p18\n\ +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved.\n\ This is free software. It is licensed for use, modification and\n\ redistribution under the terms of the NTP License, copies of which\n\ can be seen at:\n")); @@ -1413,14 +1413,14 @@ implied warranty.\n")); puts(_("load options from a config file")); /* referenced via ntp_keygenOptions.pzUsageTitle */ - puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p17\n\ + puts(_("ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p18\n\ Usage: %s [ -<flag> [<val>] | --<name>[{=| }<val>] ]...\n")); /* referenced via ntp_keygenOptions.pzExplain */ puts(_("\n")); /* referenced via ntp_keygenOptions.pzFullVersion */ - puts(_("ntp-keygen (ntp) 4.2.8p17")); + puts(_("ntp-keygen (ntp) 4.2.8p18")); /* referenced via ntp_keygenOptions.pzFullUsage */ puts(_("<<<NOT-FOUND>>>")); diff --git a/util/ntp-keygen-opts.h b/util/ntp-keygen-opts.h index 9e266d2b164f..a2cb606e0af2 100644 --- a/util/ntp-keygen-opts.h +++ b/util/ntp-keygen-opts.h @@ -1,7 +1,7 @@ /* * EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.h) * - * It has been AutoGen-ed June 6, 2023 at 04:38:23 AM by AutoGen 5.18.16 + * It has been AutoGen-ed May 25, 2024 at 12:04:42 AM by AutoGen 5.18.16 * From the definitions ntp-keygen-opts.def * and the template file options * @@ -18,7 +18,7 @@ * The ntp-keygen program is copyrighted and licensed * under the following terms: * - * Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation, all rights reserved. + * Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation, all rights reserved. * This is free software. It is licensed for use, modification and * redistribution under the terms of the NTP License, copies of which * can be seen at: @@ -102,9 +102,9 @@ typedef enum { /** count of all options for ntp-keygen */ #define OPTION_CT 26 /** ntp-keygen version */ -#define NTP_KEYGEN_VERSION "4.2.8p17" +#define NTP_KEYGEN_VERSION "4.2.8p18" /** Full ntp-keygen version text */ -#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.8p17" +#define NTP_KEYGEN_FULL_VERSION "ntp-keygen (ntp) 4.2.8p18" /** * Interface defines for all options. Replace "n" with the UPPER_CASED diff --git a/util/ntp-keygen.1ntp-keygenman b/util/ntp-keygen.1ntp-keygenman index f96a7689b17c..23fb3e1dc5cd 100644 --- a/util/ntp-keygen.1ntp-keygenman +++ b/util/ntp-keygen.1ntp-keygenman @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-keygen 1ntp-keygenman "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntp-keygen 1ntp-keygenman "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:32 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:51 AM by AutoGen 5.18.16 .\" From the definitions ntp-keygen-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -1351,7 +1351,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS It can take quite a while to generate some cryptographic values. diff --git a/util/ntp-keygen.1ntp-keygenmdoc b/util/ntp-keygen.1ntp-keygenmdoc index ce6b988d7670..9ac815e24657 100644 --- a/util/ntp-keygen.1ntp-keygenmdoc +++ b/util/ntp-keygen.1ntp-keygenmdoc @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_KEYGEN 1ntp-keygenmdoc User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:27 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:46 AM by AutoGen 5.18.16 .\" From the definitions ntp-keygen-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1208,7 +1208,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS It can take quite a while to generate some cryptographic values. diff --git a/util/ntp-keygen.c b/util/ntp-keygen.c index ff9d6cad8980..c9c0ff9ef75f 100644 --- a/util/ntp-keygen.c +++ b/util/ntp-keygen.c @@ -409,11 +409,11 @@ main( iffkey++; if (HAVE_OPT( MV_PARAMS )) { - mvkey++; + mvkey++; /* DLH are these two swapped? */ nkeys = OPT_VALUE_MV_PARAMS; } if (HAVE_OPT( MV_KEYS )) { - mvpar++; + mvpar++; /* not used! */ /* DLH are these two swapped? */ nkeys = OPT_VALUE_MV_KEYS; } @@ -642,12 +642,13 @@ main( } } if (pkey_gqkey != NULL) { - RSA *rsa; - const BIGNUM *q; + RSA *rsa; + const BIGNUM *q; - rsa = EVP_PKEY_get0_RSA(pkey_gqkey); + rsa = EVP_PKEY_get1_RSA(pkey_gqkey); RSA_get0_factors(rsa, NULL, &q); grpkey = BN_bn2hex(q); + RSA_free(rsa); } /* @@ -664,17 +665,19 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - /* XXX: This modifies the private key and should probably use a - * copy of it instead. */ - rsa = EVP_PKEY_get0_RSA(pkey_gqkey); + rsa = EVP_PKEY_get1_RSA(pkey_gqkey); RSA_set0_factors(rsa, BN_dup(BN_value_one()), BN_dup(BN_value_one())); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); fflush(stdout); - if (debug) + if (debug) { RSA_print_fp(stderr, rsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + RSA_free(rsa); } /* @@ -689,14 +692,18 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - rsa = EVP_PKEY_get0_RSA(pkey_gqkey); + rsa = EVP_PKEY_get1_RSA(pkey_gqkey); pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, NULL, passwd2); fflush(stdout); - if (debug) + if (debug) { RSA_print_fp(stderr, rsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + RSA_free(rsa); } /* @@ -730,17 +737,19 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - /* XXX: This modifies the private key and should probably use a - * copy of it instead. */ - dsa = EVP_PKEY_get0_DSA(pkey_iffkey); + dsa = EVP_PKEY_get1_DSA(pkey_iffkey); DSA_set0_key(dsa, NULL, BN_dup(BN_value_one())); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, dsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + DSA_free(dsa); } /* @@ -755,14 +764,18 @@ main( filename); fprintf(stdout, "# %s\n# %s\n", filename, ctime(&epoch)); - dsa = EVP_PKEY_get0_DSA(pkey_iffkey); + dsa = EVP_PKEY_get1_DSA(pkey_iffkey); pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, NULL, passwd2); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, dsa, 0); + } + EVP_PKEY_free(pkey); + pkey = NULL; + DSA_free(dsa); } /* @@ -799,8 +812,9 @@ main( PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0); + } } /* @@ -817,8 +831,9 @@ main( PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, NULL, passwd2); fflush(stdout); - if (debug) + if (debug) { DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0); + } } /* @@ -830,7 +845,7 @@ main( fprintf(stderr, "Invalid digest/signature combination %s\n", scheme); - exit (-1); + exit (-1); } x509(pkey_sign, ectx, grpkey, exten, certname); #endif /* AUTOKEY */ diff --git a/util/ntp-keygen.html b/util/ntp-keygen.html index 0d16b09b5b46..4027f108af31 100644 --- a/util/ntp-keygen.html +++ b/util/ntp-keygen.html @@ -84,7 +84,7 @@ All other files are in PEM-encoded printable ASCII format so they can be embedded as MIME attachments in mail to other sites. </p> -<p>This document applies to version 4.2.8p17 of <code>ntp-keygen</code>. +<p>This document applies to version 4.2.8p18 of <code>ntp-keygen</code>. </p> <table class="menu" border="0" cellspacing="0"> <tr><td align="left" valign="top">• <a href="#Description" accesskey="1">Description</a></td><td> </td><td align="left" valign="top"> @@ -1380,7 +1380,7 @@ used to select the program, defaulting to <samp>more</samp>. Both will exit with a status code of 0. </p> <div class="example"> -<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p17 +<pre class="example">ntp-keygen (ntp) - Create a NTP host key - Ver. 4.2.8p18 Usage: ntp-keygen [ -<flag> [<val>] | --<name>[{=| }<val>] ]... Flg Arg Option-Name Description -b Num imbits identity modulus bits diff --git a/util/ntp-keygen.man.in b/util/ntp-keygen.man.in index 1495530155b6..284d52409bcb 100644 --- a/util/ntp-keygen.man.in +++ b/util/ntp-keygen.man.in @@ -10,11 +10,11 @@ .ds B-Font B .ds I-Font I .ds R-Font R -.TH ntp-keygen @NTP_KEYGEN_MS@ "06 Jun 2023" "ntp (4.2.8p17)" "User Commands" +.TH ntp-keygen @NTP_KEYGEN_MS@ "25 May 2024" "ntp (4.2.8p18)" "User Commands" .\" .\" EDIT THIS FILE WITH CAUTION (in-mem file) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:32 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:51 AM by AutoGen 5.18.16 .\" From the definitions ntp-keygen-opts.def .\" and the template file agman-cmd.tpl .SH NAME @@ -1351,7 +1351,7 @@ it to autogen-users@lists.sourceforge.net. Thank you. .SH "AUTHORS" The University of Delaware and Network Time Foundation .SH "COPYRIGHT" -Copyright (C) 1992-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .SH BUGS It can take quite a while to generate some cryptographic values. diff --git a/util/ntp-keygen.mdoc.in b/util/ntp-keygen.mdoc.in index 44b1954cc648..c0feb670e118 100644 --- a/util/ntp-keygen.mdoc.in +++ b/util/ntp-keygen.mdoc.in @@ -1,9 +1,9 @@ -.Dd June 6 2023 +.Dd May 25 2024 .Dt NTP_KEYGEN @NTP_KEYGEN_MS@ User Commands .Os .\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc) .\" -.\" It has been AutoGen-ed June 6, 2023 at 04:38:27 AM by AutoGen 5.18.16 +.\" It has been AutoGen-ed May 25, 2024 at 12:04:46 AM by AutoGen 5.18.16 .\" From the definitions ntp-keygen-opts.def .\" and the template file agmdoc-cmd.tpl .Sh NAME @@ -1208,7 +1208,7 @@ it to autogen\-users@lists.sourceforge.net. Thank you. .Sh "AUTHORS" The University of Delaware and Network Time Foundation .Sh "COPYRIGHT" -Copyright (C) 1992\-2023 The University of Delaware and Network Time Foundation all rights reserved. +Copyright (C) 1992\-2024 The University of Delaware and Network Time Foundation all rights reserved. This program is released under the terms of the NTP license, <http://ntp.org/license>. .Sh BUGS It can take quite a while to generate some cryptographic values. |