diff -urN atmark-dist-20150618/config/config.in atmark-dist-20150618_chrony/config/config.in --- atmark-dist-20150618/config/config.in 2015-06-19 14:02:30.000000000 +0900 +++ atmark-dist-20150618_chrony/config/config.in 2015-07-07 20:54:16.006013223 +0900 @@ -344,6 +344,10 @@ bool ' candump' CONFIG_USER_CANUTILS_CANDUMP bool ' cangen' CONFIG_USER_CANUTILS_CANGEN fi +bool 'chronyd' CONFIG_USER_CHRONY_CHRONYD +if [ "$CONFIG_USER_CHRONY_CHRONYD" = "y" ]; then + bool ' chronyc' CONFIG_USER_CHRONY_CHRONYC +fi bool 'curl' CONFIG_USER_CURL_CURL if [ "$CONFIG_USER_CURL_CURL" = "y" ]; then bool ' enable IDN' CONFIG_USER_CURL_WITH_IDN diff -urN atmark-dist-20150618/user/Makefile atmark-dist-20150618_chrony/user/Makefile --- atmark-dist-20150618/user/Makefile 2015-06-19 14:02:30.000000000 +0900 +++ atmark-dist-20150618_chrony/user/Makefile 2015-07-07 20:57:08.056847733 +0900 @@ -55,6 +55,7 @@ dir_$(CONFIG_USER_CGI_GENERIC) += cgi_generic dir_$(CONFIG_USER_CGIHTML) += cgihtml/examples dir_$(CONFIG_USER_CHAT_CHAT) += pppd/chat +dir_$(CONFIG_USER_CHRONY_CHRONYD) += chrony dir_$(CONFIG_USER_CKSUM_CKSUM) += cksum dir_$(CONFIG_USER_CLOCK_CLOCK) += clock dir_$(CONFIG_USER_CPU_CPU) += cpu diff -urN atmark-dist-20150618/user/chrony/Makefile atmark-dist-20150618_chrony/user/chrony/Makefile --- atmark-dist-20150618/user/chrony/Makefile 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/Makefile 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,48 @@ +SRC_DIR = chrony-1.30 + +BUILD_DIR = builddir + +DEST_DIR = destdir + +CONFIGURE_OPT = --host-system=Linux \ + --host-machine=$(word 1,$(subst -,,$(CROSS))) \ + --mandir=/usr/share/man \ + --without-readline +ifdef CONFIG_USER_FLATFSD_FLATFSD +CONFIGURE_OPT += --sysconfdir=/etc/config +else +CONFIGURE_OPT += --sysconfdir=/etc/chrony +endif + +all: build + +$(BUILD_DIR)/Makefile: $(CONFIG_CONFIG) + rm -rf $(BUILD_DIR) + (cd $(SRC_DIR); \ + find . -type d > ../.dirs; \ + find . ! -type d > ../.files) + while read t; do mkdir -p $(BUILD_DIR)/$$t; done < .dirs + while read t; do ln -s `pwd`/$(SRC_DIR)/$$t $(BUILD_DIR)/$$t; \ + done < .files + rm -f .dirs .files + (cd $(BUILD_DIR); ./configure $(CONFIGURE_OPT)) + +build: $(BUILD_DIR)/Makefile + make -C $(BUILD_DIR) + +romfs: build + $(ROMFSINST) $(BUILD_DIR)/chronyd /usr/sbin/chronyd + mkdir -p $(ROMFSDIR)/etc/chrony + mkdir -p $(ROMFSDIR)/var/lib/chrony +ifdef CONFIG_USER_FLATFSD_FLATFSD + $(ROMFSINST) debian/chrony.conf /etc/default/chrony.conf +else + $(ROMFSINST) debian/chrony.conf /etc/chrony/chrony.conf +endif + $(ROMFSINST) -e CONFIG_USER_CHRONY_CHRONYC \ + $(BUILD_DIR)/chronyc /usr/bin/chronyc + +clean: + rm -rf $(BUILD_DIR) + +distclean: clean diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/COPYING atmark-dist-20150618_chrony/user/chrony/chrony-1.30/COPYING --- atmark-dist-20150618/user/chrony/chrony-1.30/COPYING 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/COPYING 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/FAQ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/FAQ --- atmark-dist-20150618/user/chrony/chrony-1.30/FAQ 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/FAQ 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,290 @@ +1 Administrative issues +======================= + +1.1 Where can I get chrony source code? +--------------------------------------- + +Tarballs are available via the 'Download' link on the chrony web site. +For the current development from the developers' version control system +see the 'Git' link on the web site. + +1.2 Are there any packaged versions of chrony? +---------------------------------------------- + +We are aware of packages for Arch, Debian, Fedora, Gentoo, Mandriva, +Slackware, Ubuntu, FreeBSD and NetBSD. We are not involved with how +these are built or distributed. + +1.3 Where is the home page? +--------------------------- + +It is currently at http://chrony.tuxfamily.org +(http://chrony.tuxfamily.org). + +1.4 Is there a mailing list? +---------------------------- + +Yes, it's currently at . There is a +low-volume list called chrony-announce which is just for announcements +of new releases or similar matters of high importance. You can join the +lists by sending a message with the subject subscribe to + or + respectively. + + For those who want to contribute to the development of chrony, there +is a developers' mailing list. You can subscribe by sending mail with +the subject subscribe to . + +1.5 What licence is applied to chrony? +-------------------------------------- + +Starting from version 1.15, chrony is licensed under the GNU General +Public License, Version 2. Versions prior to 1.15 were licensed under a +custom BSD-like license. + +2 Chrony compared to other programs +=================================== + +2.1 How does chrony compare to ntpd? +------------------------------------ + +Chrony can usually synchronise the system clock faster and with better +time accuracy, but it doesn't implement all NTP features, e.g. +broadcast/multicast mode, or authentication based on public-key +cryptography. For a more detailed comparison, see section 'Comparison +with ntpd' in the manual. + + If your computer connects to the 'net only for few minutes at a time, +you turn your Linux computer off or suspend it frequently, the clock is +not very stable (e.g. it is a virtual machine), or you want to use NTP +on an isolated network with no hardware clocks in sight, chrony will +probably work much better for you. + + The original reason chrony was written was that ntpd (called xntpd at +the time) could not to do anything sensible on a PC which was connected +to the 'net only for about 5 minutes once or twice a day, mainly to +upload/download email and news. The requirements were + + * slew the time to correct it when going online and NTP servers + become visible + * determine the rate at which the computer gains or loses time and + use this information to keep it reasonably correct between connects + to the 'net. This has to be done using a method that does not care + about the intermittent availability of the references or the fact + the computer is turned off between groups of measurements. + * maintain the time across reboots, by working out the error and + drift rate of the computer's real-time clock and using this + information to set the system clock correctly at boot up. + + Also, when working with isolated networks with no true time +references at all ntpd was found to give no help with managing the local +clock's gain/loss rate on the NTP master node (which was set from +watch). Some automated support was added to chrony to deal with this. + +3 Configuration issues +====================== + +3.1 I have several computers on a LAN. Should be all clients of an external server? +----------------------------------------------------------------------------------- + +The best configuration is usually to make one computer the master, with +the others as clients of it. Add a 'local' directive to the master's +chrony.conf file. This configuration will be better because + + * the load on the external connection is less + * the load on the external NTP server(s) is less + * if your external connection goes down, the computers on the LAN + will maintain a common time with each other. + +3.2 Must I specify servers by IP address if DNS is not available on chronyd start? +---------------------------------------------------------------------------------- + +No. Starting from version 1.25, 'chronyd' will keep trying to resolve +the hostnames specified in the 'server' and 'peer' directives in +increasing intervals until it succeeds. The 'online' command can be +issued from 'chronyc' to try to resolve them immediately. + +3.3 How can I make chronyd more secure? +--------------------------------------- + +If you don't need to serve time to NTP clients, you can add 'port 0' to +the 'chrony.conf' file to disable the NTP server/peer sockets and +prevent NTP requests from reaching 'chronyd'. + + If you don't need to use 'chronyc' remotely, you can add the +following directives to the configuration file to bind the command +sockets to the loopback interface + + bindcmdaddress 127.0.0.1 + bindcmdaddress ::1 + + If you don't need to use 'chronyc' at all, you can disable the +command sockets by adding 'cmdport 0' to the configuration file. + +4 Computer is not synchronising +=============================== + +This is the most common problem. There are a number of reasons, see the +following questions. + +4.1 Behind a firewall? +---------------------- + +If there is a firewall between you and the NTP server you're trying to +use, the packets may be blocked. Try using a tool like wireshark or +tcpdump to see if you're getting responses from the server. If you have +an external modem, see if the receive light blinks straight after the +transmit light (when the link is quiet apart from the NTP traffic.) Try +adding 'log measurements' to the 'chrony.conf' file and look in the +measurements.log file after chrony has been running for a short period. +See if any measurements appear. + +4.2 Do you have a non-permanent (i.e. intermittent) Internet connection? +------------------------------------------------------------------------ + +Check that you're using chronyc's 'online' and 'offline' commands +appropriately. Again, check in measurements.log to see if you're +getting any data back from the server. + +4.3 In measurements.log, do the '7' and '8' flag columns always show zero? +-------------------------------------------------------------------------- + +Do you have a 'local stratum X' directive in the 'chrony.conf' file? If +X is lower than the stratum of the server you're trying to use, this +situation will arise. You should always make X quite high (e.g. 10) in +this directive. + +5 Issues with chronyc +===================== + +5.1 I keep getting the error '506 Cannot talk to daemon' +-------------------------------------------------------- + +Make sure that the 'chrony.conf' file (on the computer where 'chronyd' +is running) has a 'cmdallow' entry for the computer you are running +'chronyc' on. This isn't necessary for localhost. + + Perhaps 'chronyd' is not running. Try using the ps command (e.g. on +Linux, 'ps -auxw') to see if it's running. Or try 'netstat -a' and see +if the ports 123/udp and 323/udp are listening. If 'chronyd' is not +running, you may have a problem with the way you are trying to start it +(e.g. at boot time). + + Perhaps you have a firewall set up in a way that blocks packets on +port 323/udp. You need to amend the firewall configuration in this +case. + +5.2 Is the chronyc<->chronyd protocol documented anywhere? +---------------------------------------------------------- + +Only by the source code :-) See cmdmon.c ('chronyd' side) and client.c +('chronyc' side). + +6 Real-time clock issues +======================== + +6.1 What is the real-time clock (RTC)? +-------------------------------------- + +This is the clock which keeps the time even when your computer is turned +off. It works with 1 second resolution. 'chronyd' can monitor the rate +at which the real-time clock gains or loses time, and compensate for it +when you set the system time from it at the next reboot. See the +documentation for details. + +6.2 I want to use chronyd's real-time clock support. Must I disable hwclock? +---------------------------------------------------------------------------- + +The hwclock program is often set-up by default in the boot and shutdown +scripts with many Linux installations. If you want to use chronyd's +real-time clock support, the important thing is to disable hwclock in +the shutdown procedure. If you don't, it will over-write the RTC with a +new value, unknown to 'chronyd'. At the next reboot, 'chronyd' will +compensate this (wrong) time with its estimate of how far the RTC has +drifted whilst the power was off, giving a meaningless initial system +time. + + There is no need to remove hwclock from the boot process, as long as +'chronyd' is started after it has run. + +6.3 I just keep getting the '513 RTC driver not running' message +---------------------------------------------------------------- + +For the real time clock support to work, you need the following three +things + * a kernel that is supported (e.g. 2.2 onwards) + * enhanced RTC support compiled into the kernel + * an 'rtcfile' directive in your chrony.conf file + +7 Microsoft Windows +=================== + +7.1 Does chrony support Windows? +-------------------------------- + +No. The 'chronyc' program (the command-line client used for configuring +'chronyd' while it is running) has been successfully built and run under +Cygwin in the past. 'chronyd' is not portable, because part of it is +very system-dependent. It needs adapting to work with Windows' +equivalent of the adjtimex() call, and it needs to be made to work as an +NT service. + +7.2 Are there any plans to support Windows? +------------------------------------------- + +We have no plans to do this. Anyone is welcome to pick this work up and +contribute it back to the project. + +8 NTP-specific issues +===================== + +8.1 Can chrony be driven from broadcast NTP servers? +---------------------------------------------------- + +No, this NTP mode is not implemented yet. + +8.2 Can chronyd transmit broadcast NTP packets (e.g. to synchronise other computers on a private LAN)? +------------------------------------------------------------------------------------------------------ + +Yes. Starting from version 1.17, chrony has this capability. + +8.3 Can chrony keep the system clock a fixed offset away from real time? +------------------------------------------------------------------------ + +This is not possible as the program currently stands. + +8.4 What happens if the network connection is dropped without using chronyc's 'offline' command first? +------------------------------------------------------------------------------------------------------ + +In this case 'chronyd' will keep trying to access the server(s) that it +thinks are online. Eventually it will decide that they are unreachable +and no longer consider itself synchronised to them. If you have other +computers on your LAN accessing the computer that is affected this way, +they too will become 'unsynchronised', unless you have the 'local' +directive set up on the master computer. + + The 'auto_offline' option to the 'server' entry in the chrony.conf +file may be useful to avoid this situation. + +9 Linux-specific issues +======================= + +9.1 I get "Could not open /dev/rtc, Device or resource busy" in my syslog file +------------------------------------------------------------------------------ + +Some other program running on the system may be using the device. + +10 Solaris-specific issues +========================== + +10.1 On Solaris 2.8, I get an error message about not being able to open kvm to change dosynctodr +------------------------------------------------------------------------------------------------- + +(The dosynctodr variable controls whether Solaris couples the equivalent +of its BIOS clock into its system clock at regular intervals). The +Solaris port of chrony was developed in the Solaris 2.5 era. Some +aspect of the Solaris kernel has changed which prevents the same +technique working. We no longer have root access to any Solaris +machines to work on this, and we are reliant on somebody developing the +patch and testing it. + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/INSTALL atmark-dist-20150618_chrony/user/chrony/chrony-1.30/INSTALL --- atmark-dist-20150618/user/chrony/chrony-1.30/INSTALL 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/INSTALL 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,95 @@ +The software is distributed as source code which has to be compiled. +The source code is supplied in the form of a gzipped tar file, which +unpacks to a subdirectory identifying the name and version of the +program. + + After unpacking the source code, change directory into it, and type + + ./configure + + This is a shell script that automatically determines the system type. +There is a single optional parameter, '--prefix' which indicates the +directory tree where the software should be installed. For example, + + ./configure --prefix=/opt/free + + will install the 'chronyd' daemon into /opt/free/sbin and the +'chronyc' control program into /opt/free/bin. The default value for the +prefix is /usr/local. + + The configure script assumes you want to use gcc as your compiler. +If you want to use a different compiler, you can configure this way: + + CC=cc CFLAGS=-O ./configure --prefix=/opt/free + + for Bourne-family shells, or + + setenv CC cc + setenv CFLAGS -O + ./configure --prefix=/opt/free + + for C-family shells. + + If the software cannot (yet) be built on your system, an error +message will be shown. Otherwise, 'Makefile' will be generated. + + If editline or readline library is available, chronyc will be built +with line editing support. If you don't want this, specify the +-disable-readline flag to configure. Please refer to *note line editing +support:: for more information. + + If a 'timepps.h' header is available (e.g. from the LinuxPPS project +(http://linuxpps.org/)), 'chronyd' will be built with PPS API reference +clock driver. If the header is installed in a location that isn't +normally searched by the compiler, you can add it to the searched +locations by setting 'CPPFLAGS' variable to '-I/path/to/timepps'. + + Now type + + make + + to build the programs. + + If you want to build the manual in plain text, HTML and info +versions, type + + make docs + + Once the programs have been successfully compiled, they need to be +installed in their target locations. This step normally needs to be +performed by the superuser, and requires the following command to be +entered. + + make install + + This will install the binaries, plain text manual and manpages. + + To install the HTML and info versions of the manual as well, enter +the command + + make install-docs + + If you want chrony to appear in the top level info directory listing, +you need to run the 'install-info' command manually after this step. +'install-info' takes 2 arguments. The first is the path to the +'chrony.info' file you have just installed. This will be the argument +you gave to -prefix when you configured ('/usr/local' by default), with +'/share/info/chrony.info' on the end. The second argument is the +location of the file called 'dir'. This will typically be +'/usr/share/info/dir'. So the typical command line would be + + install-info /usr/local/share/info/chrony.info /usr/share/info/dir + + Now that the software is successfully installed, the next step is to +set up a configuration file. The default location of the file is +'/etc/chrony.conf'. Suppose you want to use public NTP servers from the +pool.ntp.org project as your time reference. A minimal useful +configuration file could be + + server 0.pool.ntp.org iburst + server 1.pool.ntp.org iburst + server 2.pool.ntp.org iburst + makestep 10 3 + + Then, 'chronyd' can be run. + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/Makefile.in atmark-dist-20150618_chrony/user/chrony/chrony-1.30/Makefile.in --- atmark-dist-20150618/user/chrony/chrony-1.30/Makefile.in 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/Makefile.in 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,163 @@ +################################################## +# +# chronyd/chronyc - Programs for keeping computer clocks accurate. +# +# Copyright (C) Richard P. Curnow 1997-2003 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# ======================================================================= +# +# Makefile template + +SYSCONFDIR=@SYSCONFDIR@ +BINDIR=@BINDIR@ +SBINDIR=@SBINDIR@ +MANDIR=@MANDIR@ +INFODIR=@INFODIR@ +DOCDIR=@DOCDIR@ +LOCALSTATEDIR=@LOCALSTATEDIR@ +CHRONYVARDIR=@CHRONYVARDIR@ + +CC = @CC@ +CFLAGS = @CFLAGS@ +CPPFLAGS = @CPPFLAGS@ + +DESTDIR= + +HASH_OBJ = @HASH_OBJ@ + +OBJS = util.o sched.o regress.o local.o \ + sys.o main.o ntp_io.o ntp_core.o ntp_sources.o \ + sources.o sourcestats.o reference.o \ + logging.o conf.o cmdmon.o keys.o \ + nameserv.o nameserv_async.o manual.o addrfilt.o \ + cmdparse.o mkdirpp.o rtc.o pktlength.o clientlog.o \ + broadcast.o refclock.o refclock_phc.o refclock_pps.o \ + refclock_shm.o refclock_sock.o tempcomp.o $(HASH_OBJ) + +EXTRA_OBJS=@EXTRA_OBJECTS@ + +CLI_OBJS = client.o nameserv.o getdate.o cmdparse.o \ + pktlength.o util.o $(HASH_OBJ) + +ALL_OBJS = $(OBJS) $(EXTRA_OBJS) $(CLI_OBJS) + +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ + +EXTRA_LIBS=@EXTRA_LIBS@ +EXTRA_CLI_LIBS=@EXTRA_CLI_LIBS@ + +# Until we have a main procedure we can link, just build object files +# to test compilation + +all : chronyd chronyc + +chronyd : $(OBJS) $(EXTRA_OBJS) + $(CC) $(CFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_LIBS) + +chronyc : $(CLI_OBJS) + $(CC) $(CFLAGS) -o chronyc $(CLI_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_CLI_LIBS) + +client.o : client.c + $(CC) $(CFLAGS) $(CPPFLAGS) @READLINE_COMPILE@ -c $< + +$(HASH_OBJ) : $(patsubst %.o,%.c,$(HASH_OBJ)) + $(CC) $(CFLAGS) $(CPPFLAGS) @HASH_COMPILE@ -c $< + +distclean : clean + -rm -f Makefile + -rm -f chrony.conf.5 chrony.texi chronyc.1 chronyd.8 + +clean : + -rm -f *.o *.s chronyc chronyd core getdate.c *~ + -rm -f chrony.info chrony.html chrony.txt + -rm -rf .deps + +getdate.c : + bison -o getdate.c getdate.y + +# For install, don't use the install command, because its switches +# seem to vary between systems. + +install: chronyd chronyc chrony.txt + [ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR) + [ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR) + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) + [ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR) + [ -d $(DESTDIR)$(MANDIR)/man1 ] || mkdir -p $(DESTDIR)$(MANDIR)/man1 + [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5 + [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 + [ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR) + [ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR) + if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi + if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi + cp chronyd $(DESTDIR)$(SBINDIR)/chronyd + chmod 755 $(DESTDIR)$(SBINDIR)/chronyd + cp chronyc $(DESTDIR)$(BINDIR)/chronyc + chmod 755 $(DESTDIR)$(BINDIR)/chronyc + cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt + chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt +# cp COPYING $(DESTDIR)$(DOCDIR)/COPYING +# chmod 644 $(DESTDIR)$(DOCDIR)/COPYING + cp README $(DESTDIR)$(DOCDIR)/README + chmod 644 $(DESTDIR)$(DOCDIR)/README + cp chrony.1 $(DESTDIR)$(MANDIR)/man1 + chmod 644 $(DESTDIR)$(MANDIR)/man1/chrony.1 + cp chronyc.1 $(DESTDIR)$(MANDIR)/man1 + chmod 644 $(DESTDIR)$(MANDIR)/man1/chronyc.1 + cp chronyd.8 $(DESTDIR)$(MANDIR)/man8 + chmod 644 $(DESTDIR)$(MANDIR)/man8/chronyd.8 + cp chrony.conf.5 $(DESTDIR)$(MANDIR)/man5 + chmod 644 $(DESTDIR)$(MANDIR)/man5/chrony.conf.5 + +%.o : %.c + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< + +%.s : %.c + $(CC) $(CFLAGS) $(CPPFLAGS) -S $< + +check : chronyd chronyc + cd test/simulation && ./run + +install-docs : docs + [ -d $(DESTDIR)$(DOCDIR) ] || mkdir -p $(DESTDIR)$(DOCDIR) + cp chrony.txt $(DESTDIR)$(DOCDIR)/chrony.txt + chmod 644 $(DESTDIR)$(DOCDIR)/chrony.txt + cp chrony.html $(DESTDIR)$(DOCDIR)/chrony.html + chmod 644 $(DESTDIR)$(DOCDIR)/chrony.html + [ -d $(DESTDIR)$(INFODIR) ] || mkdir -p $(DESTDIR)$(INFODIR) + cp chrony.info* $(DESTDIR)$(INFODIR) + chmod 644 $(DESTDIR)$(INFODIR)/chrony.info* + +docs : chrony.txt chrony.html chrony.info + +chrony.txt : chrony.texi + makeinfo --no-headers --number-sections -o chrony.txt chrony.texi + +chrony.html : chrony.texi + command -v texi2html > /dev/null 2>&1 && texi2html chrony.texi || \ + makeinfo --no-split --html --number-sections -o chrony.html chrony.texi + +chrony.info : chrony.texi + makeinfo chrony.texi + +.deps: + @mkdir .deps + +.deps/%.d: %.c | .deps + @$(CC) -MM $(CPPFLAGS) -MT '$(<:%.c=%.o) $@' $< -o $@ + +-include $(ALL_OBJS:%.o=.deps/%.d) diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/NEWS atmark-dist-20150618_chrony/user/chrony/chrony-1.30/NEWS --- atmark-dist-20150618/user/chrony/chrony-1.30/NEWS 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/NEWS 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,499 @@ +New in version 1.30 +=================== + +Enhancements +------------ +* Add asynchronous name resolving with POSIX threads +* Add PTP hardware clock (PHC) refclock driver +* Add new generic clock driver to slew by adjusting frequency only + (without kernel PLL or adjtime) and use it on Linux +* Add rtcautotrim directive to trim RTC automatically +* Add hwclockfile directive to share RTC LOCAL/UTC setting with hwclock +* Add maxslewrate directive to set maximum allowed slew rate +* Add maxdispersion option for refclocks +* Add -q/-Q options to set clock/print offset once and exit +* Allow directives to be specified on chronyd command line +* Replace frequency scaling in Linux driver with retaining of tick +* Try to detect unexpected forward time jumps and reset state +* Exit with non-zero code when maxchange limit is reached +* Improve makestep to not start and stop slew unnecessarily +* Change default corrtimeratio to 3.0 to improve frequency accuracy +* Announce leap second only on last day of June and December +* Use separate connected client sockets for each NTP server +* Remove separate NTP implementation used for initstepslew +* Limit maximum minpoll set by KoD RATE to default maxpoll +* Don't send NTP requests with unknown key +* Print warning when source is added with unknown key +* Take leap second in PPS refclock from locked source +* Make reading of RTC for initial trim more reliable +* Don't create cmdmon sockets when cmdport is 0 +* Add configure option to set default user to drop root privileges +* Add configure option to compile with debug messages +* Print debug messages when -d is used more than once +* Change format of messages written to terminal with -d +* Write fatal messages also to stderr with -n +* Use IP_RECVERR socket option in chronyc to not wait unnecessarily +* Shorten default chronyc timeout for localhost +* Change default hostname in chronyc from localhost to 127.0.0.1 +* Print error message on invalid syntax with all chronyc commands +* Include simulation test suite using clknetsim + +Bug fixes +--------- +* Fix crash when selecting with multiple preferred sources +* Fix frequency calculation with large frequency offsets +* Fix code writing drift and RTC files to compile correctly +* Fix -4/-6 options in chronyc to not reset hostname set by -h +* Fix refclock sample validation with sub-second polling interval +* Set stratum correctly with non-PPS SOCK refclock and local stratum +* Modify dispersion accounting in refclocks to prevent PPS getting + stuck with large dispersion and not accepting new samples + +New in version 1.29.1 +===================== + +Security fixes +-------------- +* Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) + (incompatible with previous protocol version, chronyc supports both) + +New in version 1.29 +=================== + +Security fixes +-------------- +* Fix crash when processing crafted commands (CVE-2012-4502) + (possible with IP addresses allowed by cmdallow and localhost) +* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES + replies (CVE-2012-4503) (not used by chronyc) + +Other changes +------------- +* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands + +New in version 1.28 +=================== + +* Combine sources to improve accuracy +* Make config and command parser strict +* Add -a option to chronyc to authenticate automatically +* Add -R option to ignore initstepslew and makestep directives +* Add generatecommandkey, minsamples, maxsamples and user directives +* Improve compatibility with NTPv1 and NTPv2 clients +* Create sockets only in selected family with -4/-6 option +* Treat address bind errors as non-fatal +* Extend tracking log +* Accept float values as initstepslew threshold +* Allow hostnames in offline, online and burst commands +* Fix and improve peer polling +* Fix crash in config parsing with too many servers +* Fix crash with duplicated initstepslew address +* Fix delta calculation with extreme frequency offsets +* Set local stratum correctly +* Remove unnecessary adjtimex calls +* Set paths in documentation by configure +* Update chrony.spec + +New in version 1.27 +=================== + +* Support for stronger keys via NSS or libtomcrypt library +* Support reading leap second data from tz database +* Support for precise clock stepping on Linux +* Support for nanoseconds in SHM refclock +* Make offset corrections smoother on Linux +* Make transmit timestamps random below clock precision +* Add corrtimeratio and maxchange directives +* Extend tracking, sources and activity reports +* Wait in foreground process until daemon is fully initialized +* Fix crash with slow name resolving +* Fix iburst with jittery sources +* Fix offset stored in rtc data right after trimrtc +* Fix crash and hang with RTC or manual samples +* Don't use readonly adjtime on Linux kernels before 2.6.28 +* Changed chronyc protocol, incompatible with older versions + +New in version 1.26 +=================== + +* Add compatibility with Linux 3.0 and later +* Use proper source address in NTP replies on multihomed IPv6 hosts +* Accept NTP packets with versions 4, 3 and 2 +* Cope with unexpected backward time jumps +* Don't reset kernel frequency on start without drift file +* Retry on permanent DNS error by default +* Add waitsync command + +New in version 1.25 +=================== + +* Improve accuracy with NTP sources +* Improve accuracy with reference clocks +* Improve polling interval adjustment +* Improve stability with temporary asymmetric delays +* Improve source selection +* Improve initial synchronisation +* Add delayed server name resolving +* Add temperature compensation +* Add nanosecond slewing to Linux driver +* Add fallback drifts +* Add iburst, minstratum, maxdelaydevratio, polltarget, + prefer, noselect options +* Add rtcsync directive to enable Linux 11-minute mode +* Add reselectdist, stratumweight, logbanner, maxclockerror, + include directives +* Add -n option to not detach daemon from terminal +* Fix pidfile directive +* Fix name resolving with disabled IPv6 support +* Fix reloading sample histories with reference clocks +* Fix crash with auto_offline option +* Fix online command on auto_offline sources +* Fix file descriptor leaks +* Increase burst polling interval and stop on KoD RATE +* Set maxupdateskew to 1000 ppm by default +* Require password for clients command +* Update drift file at most once per hour +* Use system headers for Linux RTC support +* Reduce default chronyc timeout and make it configurable +* Avoid large values in chronyc sources and sourcestats output +* Add reselect command to force reselecting best source +* Add -m option to allow multiple commands on command line + +New in version 1.24 +=================== + +Security fixes +-------------- +* Don't reply to invalid cmdmon packets (CVE-2010-0292) +* Limit client log memory size (CVE-2010-0293) +* Limit rate of syslog messages (CVE-2010-0294) + +Bug fixes/Enhancements +---------------------- +* Support for reference clocks (SHM, SOCK, PPS drivers) +* IPv6 support +* Linux capabilities support (to drop root privileges) +* Memory locking support on Linux +* Real-time scheduler support on Linux +* Leap second support on Linux +* Support for editline library +* Support for new Linux readonly adjtime +* NTP client support for KoD RATE +* Read kernel timestamps for received NTP packets +* Reply to NTP requests with correct address on multihomed hosts +* Retry name resolving after temporary failure +* Fix makestep command, make it available on all systems +* Add makestep directive for automatic clock stepping +* Don't require _bigadj kernel symbol on NetBSD +* Avoid blocking read in Linux RTC driver +* Support for Linux on S/390 and PowerPC +* Fix various bugs on 64-bit systems +* Fix valgrind errors and compiler warnings +* Improve configure to support common options and variables +* Improve status checking and printing in chronyc +* Return non-zero exit code on errors in chronyc +* Reduce request timeout in chronyc +* Print estimated offset in sourcestats +* Changed chronyc protocol, incompatible with older versions + +New in version 1.23 +=================== + +* Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD +* Fix serious sign-extension error in handling IP addresses +* RTC support can be excluded at compile time +* Make sources gcc-4 compatible +* Fix various compiler warnings +* Handle fluctuations in peer distance better. +* Fixed handling of stratum zero. +* Fix various problems for 64-bit systems +* Flush chronyc output streams after each command, to allow it to be driven + through pipes +* Manpage improvements + +Version 1.22 +============ + +This release number was claimed by a release that Mandriva made to patch +important bugs in 1.21. The official numbering has jumped to 1.23 as a +consequence. + +New in version 1.21 +=================== + +* Don't include Linux kernel header files any longer : allows chrony to compile + on recent distros. +* Stop trying to use RTC if continuous streams of error messages would occur + (Linux with HPET). + +New in version 1.20 +=================== + +* Many small tidy-ups and security improvements +* Improve documentation (RTC support in post 2.0 kernels) +* Remove trailing \n from syslog messages +* Syslog messages now include IP and port number when packet cannot be sent. +* Added the "acquisitionport" directive. (Kalle Olavi Niemitalo) +* Use uname(2) instead of /proc/version to get kernel version. +* Merge support for Linux on Alpha +* Merge support for 64bit architectures +* Don't link -lm if it's not needed +* Fix Solaris build (broken by 64bit change) +* Add detection of Linux 2.5 +* Allow arbitrary value of HZ in Linux kernel +* Fix for chrony.spec on SuSE (Paul Elliot) +* Fix handling of initstepslew if no servers are listed (John Hasler) +* Fix install rule in Makefile if chronyd is in use (Juliusz Chroboczek) +* Replace sprintf by snprintf to remove risk of buffer overrun (John Hasler) +* Add --help to configure script + +New in version 1.19 +=================== + +* Auto-detect kernel's timer interrupt rate (so-called 'HZ') when chronyd + starts instead of relying on compiled-in value. +* Fix 2 bugs in function that creates the directory for the log and dump files. +* Amended webpage URL and contact details. +* Generate more informative syslog messages before exiting on failed + assertions. +* Fix bugs in clamping code for the tick value used when slewing a large + offset. +* Don't chown files to root during install (should be pointless, and makes RPM + building awkward as ordinary user.) +* Include chrony.spec file for building RPMs + +New in version 1.18 +=================== +* Amend homepage and mailing list information to chrony.sunsite.dk +* Delete pidfile on exit from chronyd. +* Improvements to readline interface to chronyc +* Only generate syslog message when synchronisation is initially lost (instead + of on every failed synchronisation attempt) +* Use double fork approach when initialising daemon. +* More things in contrib directory. +* New options to help package builders: --infodir/--mandir for configure, and + DESTDIR=xxx for make. (See section 2.2 of chrony.txt for details). +* Changed the wording of the messages generated by mailonchange and logchange + directives. + +New in version 1.17 +=================== +* Port to NetBSD +* Configuration supports Linux on PPC +* Fix compilation warnings +* Several documentation improvements +* Bundled manpages (taken from the 'missing manpages project') +* Cope with lack of bzero function for Solaris 2.3 systems +* Store chronyd's pid in a file (default /var/run/chronyd.pid) and check if + chronyd may already be running when starting up. New pidfile directive in + configuration file. +* Any size subnet is now allowed in allow and deny commands. (Example: + 6.7.8/20 or 6.7.8.x/20 (any x) mean a 20 bit subnet). +* The environment variables CC and CFLAGS passed to configure can now be used + to select the compiler and optimisation/debug options to use +* Write syslog messages when chronyd loses synchronisation. +* Print GPL text when chronyc is run. +* Add NTP broadcast server capability (new broadcast directive). +* Add 'auto_offline' option to server/peer (conf file) or add server/peer (via + chronyc). +* Add 'activity' command to chronyc, to report how many servers/peers are + currently online/offline. +* Fix long-standing bug with how the system time quantum was calculated. +* Include support for systems with HZ!=100 (HZ is the timer interrupt + frequency). +* Include example chrony.conf and chrony.keys files (examples subdirectory). +* Include support for readline in chronyc. + +New in version 1.16.1 +===================== +* Fix compilation problem on Linux 2.4.13 (spinlock.h / spinlock_t) + +New in version 1.16 +=================== +* More informative captions for 'sources' and 'sourcestats' commands in chronyc + (use 'sources -v' and 'sourcestats -v' to get them). +* Correct behaviour for Solaris versions>=2.6 (dosynctodr not required on these + versions.) +* Remove some compiler warnings (Solaris) +* If last line of keys file doesn't have end-of-line, don't truncate final + character of that key. +* Change timestamp format used in logfiles to make it fully numeric (to aid + importing data into spreadsheets etc) +* Minor documentation updates and improvements. + +New in version 1.15 +=================== +* Add contributed change to 'configure' to support Solaris 2.8 on x86 +* Workaround for assertion failure that arises if two received packets occur + close together. (Still need to find out why this happens at all.) +* Hopefully fix problem where fast slewing was incompatible with machines + that have a large background drift rate (=> tick value went out of range + for adjtimex() on Linux.) +* Fix rtc_linux.c compile problems with 2.4.x kernel include files. +* Include support for RTC device not being at /dev/rtc (new rtcdevice directive + in configuration file). +* Include support for restricting network interfaces for commands (new + bindcmdaddress directive in configuration file) +* Fix potential linking fault in pktlength.c (use of CROAK macro replaced by + normal assert). +* Add some material on bug reporting + contributing to the chrony.texi file +* Made the chrony.texi file "Vim6-friendly" (removed xrefs on @node lines, + added folding markers to chapters + sections.) +* Switched over to GPL for the licence + +New in version 1.14 +=================== +* Fix compilation for certain other Linux distributions (including Mandrake + 7.1) + +New in version 1.13 +=================== +* Fixed compilation problems on Redhat/SuSE installations with recent 2.2.x + kernels. +* Minor tidy-ups and documentation enhancements. +* Add support for Linux 2.4 kernels + +New in version 1.12 +=================== + +* Trial fix for long-standing bug in Linux RTC estimator when system time is + slewed. +* Fix bug in chronyc if -h is specified without a hostname +* Fixes to logging various error conditions when operating in daemon mode. +* More stuff under contrib/ +* Changes to README file (e.g. about the new chrony-users mailing list) + +New in version 1.11a +==================== + +* Minor changes to contact details +* Minor changes to installation details (chrony subdirectory under doc/) + +New in version 1.11 +=================== + +* Improve robustness of installation procedure +* Tidy up documenation and contact details +* Distribute manual as .txt rather than as .ps +* Add -n option to chronyc to work with numeric IP addresses rather than + names. +* Add material in contrib subdirectory +* Improve robustness of handling drift file and RTC coefficients file +* Improve robustness of regression algorithm + +New in version 1.1 +================== + +Bug fixes +--------- + +* Made linear regression more resistant to rounding errors (old one + occasionally generated negative variances which made everything go + haywire). Trap infinite or 'not-a-number' values being used to + alter system clock to increase robustness further. + +Other changes/Enhancements +-------------------------- + +* Support for Linux 2.1 and 2.2 kernels + +* New command 'makestep' in chronyc to immediately jump the system + time to match the NTP estimated time (Linux only) - a response to + systems booting an hour wrong after summertime/wintertime changes, + due to RTCs running on local time. Needs extending to Sun driver + files too. + +* New directives 'logchange' and 'mailonchange' to log to syslog or + email to a specific address respectively if chronyd detects a clock + offset exceeding a defined threshold. + +* Added capability to log all client/peer NTP accesses and command + accesses (can be turned off with conf file directive 'noclientlog'). + Added 'clients' command to chronyc to display this data. + +* Improved manual mode to use robust regression rather than 2 point + fit. + +* Added 'manual list' and 'manual delete' commands to chronyc to + allow display of entered timestamps and discretionary deletion of + outliers. + +* If host goes unsynchronised the dummy IP address 0.0.0.0 is detected + to avoid attempting a reverse name lookup (to stop dial on demand IP + links from being started) + +* Changed chronyc/chronyd protocol so messages are now all variable + length. Saves on network bandwidth particularly for large replies + from chronyd to chronyc (to support the clients command). + +* Added bindaddress directive to configuration file, to give + additional control over limiting which hosts can access the local + server. + +* Groundwork done for a port to Windows NT to compile with Cygwin + toolkit. chronyc works (to monitor another host). sys_winnt.c + needs finishing to use NT clock control API. Program structure + needs adapting to use Windows NT service functions, so it can be + started at boot time. Hopefully a Windows NT / Cygwin guru with + some spare time can take this port over :-) + +New in version 1.02 +=================== + +Bug fixes +--------- + +* Fix error messages in chronyc if daemon is not reachable. + +* Fix config file problem for 'allow all' and 'deny all' without a + trailing machine address. + +* Remove fatal failed assertion if command socket cannot be read from + in daemon. + +* Rewrote timezone handling for Linux real time clock, following + various reported problems related to daylight saving. + +Other changes/Enhancements +-------------------------- + +* Configure script recognizes BSD/386 and uses SunOS 4.1 driver for + it. + +* Log files now print date as day-month-year rather than as a day + number. Milliseconds removed from timestamps of logged data. + Banners included in file to give meanings of columns. + +* Only do 1 initial step (followed by a trimming slew) when + initialising from RTC on Linux (previously did 2 steps). + +New in version 1.01 +=================== + +Bug fixes +--------- + +* Handle timezone of RTC correctly with respect to daylight saving + time + +* Syntax check the chronyc 'local' command properly + +* Fixed assertion failed fault in median finder (used by RTC + regression fitting) + +Other changes/Enhancements +-------------------------- + +* Log selection of new NTP reference source to syslog. + +* Don't zero-pad IP address fields + +* Add new command to chronyc to allow logfiles to be cycled. + +* Extend allow/deny directive syntax in configuration file to so + directive can apply to all hosts on the Internet. + +* Tidy up printout of timestamps to make it clear they are in UTC + +* Make 'configure' check the processor type as well as the operating + system. diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/README atmark-dist-20150618_chrony/user/chrony/chrony-1.30/README --- atmark-dist-20150618/user/chrony/chrony-1.30/README 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/README 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,250 @@ +This is the README for chrony. + +What is chrony? +=============== + +Chrony is a pair of programs for maintaining the accuracy of computer +clocks. + +chronyd is a (background) daemon program that can be started at boot +time. This does most of the work. + +chronyc is a command-line interface program which can be used to +monitor chronyd's performance and to change various operating +parameters whilst it is running. + +chronyd's main function is to obtain measurements of the true (UTC) +time from one of several sources, and correct the system clock +accordingly. It also works out the rate at which the system clock +gains or loses time and uses this information to keep it accurate +between measurements from the reference. + +The reference time can be derived from Network Time Protocol (NTP) +servers, reference clocks, or wristwatch-and-keyboard (via chronyc). +The main source of information about the Network Time Protocol is +http://www.ntp.org. + +It is designed so that it can work on computers which only have +intermittent access to reference sources, for example computers which +use a dial-up account to access the Internet or laptops. Of course, it +will work well on computers with permanent connections too. + +In addition, on Linux it can monitor the system's real time clock +performance, so the system can maintain accurate time even across +reboots. + +Typical accuracies available between 2 machines are + +On an ethernet LAN : 100-200 microseconds, often much better +On a V32bis dial-up modem connection : 10's of milliseconds (from one +session to the next) + +With a good reference clock the accuracy can reach one microsecond. + +chronyd can also operate as an RFC1305-compatible NTP server and peer. + + +What will chrony run on? +======================== + +Chrony can be successfully built and run on + +1. Linux 2.2.x, 2.3.x, 2.4.x, 2.6.x, 3.x + +2. Solaris 2.5/2.5.1/2.6/2.7/2.8 (various platforms) + +3. SunOS 4.1.4 (Sparc 2 and Sparc 20) + +4. BSD/386 v1.1 has been reported to work using the SunOS 4.1 driver. + +5. NetBSD. + +Any other system will require a porting exercise. You would need to +start from one of the existing system-specific drivers and look into +the quirks of certain system calls and the kernel on your target +system. + +How do I set it up? +=================== + +The file INSTALL gives instructions. On supported systems the +compilation process should be automatic. + +You will need an ANSI C compiler -- gcc is recommended. + +The manual (in texinfo and text formats) describes how to set the +software up for the less straightforward cases. + +What documentation is there? +============================ + +A manual is supplied in Texinfo format (chrony.texi) and +ready-formatted plain text (chrony.txt) in the distribution. + +There is also information available on the chrony web pages, accessible +through the URL + + http://chrony.tuxfamily.org/ + +Where are new versions announced? +================================= + +There is a low volume mailing list where new versions and other +important news relating to chrony is announced. You can join this list +by sending mail with the subject "subscribe" to + +chrony-announce-request@chrony.tuxfamily.org + +These messages will be copied to chrony-users (see below). + +How can I get support for chrony? +and where can I discuss new features, possible bugs etc? +======================================================== + +There are 3 mailing lists relating to chrony. chrony-announce was +mentioned above. chrony-users is a users' discussion list, e.g. for +general questions and answers about using chrony. chrony-dev is a more +technical list, e.g. for discussing how new features should be +implemented, exchange of information between developers etc. To +subscribe to either of these lists, send a message with the subject +"subscribe" to + +chrony-users-request@chrony.tuxfamily.org +or +chrony-dev-request@chrony.tuxfamily.org + +as applicable. + + +Author +====== + +Richard P. Curnow + + +Maintainers +=========== + +Miroslav Lichvar + + +Acknowledgements +================ + +The following people have provided patches and other major contributions +to the program : + +Benny Lyne Amorsen + Patch to add minstratum option + +Andrew Bishop + Fixes for bugs in logging when in daemon mode + Fixes for compiler warnings + Robustness improvements for drift file + Improve installation (directory checking etc) + Entries in contrib directory + Improvements to 'sources' and 'sourcestats' output from chronyc + Improvements to documentation + Investigation of required dosynctodr behaviour for various Solaris + versions. + +Stephan I. Boettcher + Entries in contrib directory + +Erik Bryer + Entries in contrib directory + +Juliusz Chroboczek + Fix install rule in Makefile if chronyd file is in use. + +Paul Elliott + DNSchrony (in contrib directory), a tool for handling NTP servers + with variable IP addresses. + +Mike Fleetwood + Fixes for compiler warnings + +Alexander Gretencord + Changes to installation directory system to make it easier for + package builders. + +Walter Haidinger + Providing me with login access to a Linux installation where v1.12 + wouldn't compile, so I could develop the fixes for v1.13. Also, for + providing the disc space so I can keep an independent backup of the + sources. + +Juergen Hannken-Illjes + Port to NetBSD + +John Hasler + Project and website at tuxfamily.org + Changes to support 64 bit machines (i.e. those where + sizeof(unsigned long) > 4) + Bug fix to initstepslew directive + Fix to remove potential buffer overrun errors. + Memory locking and real-time scheduler support + Fix fault where chronyd enters an endless loop + +Tjalling Hattink + Fix scheduler to allow stepping clock from timeout handler + Patch to take leap second in PPS refclock from locked source + Patch to make reading of RTC for initial trim more reliable + +Liam Hatton + Advice on configuring for Linux on PPC + +Jachym Holecek + Patch to make Linux real time clock work with devfs + +HÃ¥kan Johansson + Patch to avoid large values in sources and sourcestats output + +Jim Knoble + Fixes for compiler warnings + +Antti Jrvinen + Advice on configuring for BSD/386 + +Miroslav Lichvar + Reference clock support + IPv6 support + Linux capabilities support + Leap second support + Improved source selection + Improved sample history trimming + Improved polling interval adjustment + Improved stability with temporary asymmetric delays + Temperature compensation + Many other bug fixes and improvements + +Victor Moroz + Patch to support Linux with HZ!=100 + +Kalle Olavi Niemitalo + acquisitionport support + +Frank Otto + Handling arbitrary HZ values + +Andreas Piesk + Patch to make chronyc use the readline library if available + +Timo Teras + Patch to reply correctly on multihomed hosts + +Wolfgang Weisselberg + Entries in contrib directory + +Ralf Wildenhues + Many robustness and security improvements + +Ulrich Windl for the + Providing me with information about the Linux 2.2 kernel + functionality compared to 2.0. + +Doug Woodward + Advice on configuring for Solaris 2.8 on x86 + +Many other people have contributed bug reports and suggestions. I'm +sorry I can't identify all of you individually. diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/addressing.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/addressing.h --- atmark-dist-20150618/user/chrony/chrony-1.30/addressing.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/addressing.h 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,58 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Types used for addressing sources etc + */ + +#ifndef GOT_ADDRESSING_H +#define GOT_ADDRESSING_H + +#include "sysincl.h" + +/* This type is used to represent an IPv4 address or IPv6 address. + All parts are in HOST order, NOT network order. */ + +#define IPADDR_UNSPEC 0 +#define IPADDR_INET4 1 +#define IPADDR_INET6 2 + +typedef struct { + union { + uint32_t in4; + uint8_t in6[16]; + } addr; + uint16_t family; +} IPAddr; + +typedef struct { + IPAddr ip_addr; + unsigned short port; +} NTP_Remote_Address; + +typedef struct { + IPAddr ip_addr; + int sock_fd; +} NTP_Local_Address; + +#endif /* GOT_ADDRESSING_H */ + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/addrfilt.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/addrfilt.c --- atmark-dist-20150618/user/chrony/chrony-1.30/addrfilt.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/addrfilt.c 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,479 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997,1998,1999,2000,2001,2002,2005 + * Copyright (C) Miroslav Lichvar 2009 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + This module provides a set of routines for checking IP addresses + against a set of rules and deciding whether they are allowed or + disallowed. + + */ + +#include "config.h" + +#include "sysincl.h" + +#include "addrfilt.h" +#include "memory.h" + +/* Define the number of bits which are stripped off per level of + indirection in the tables */ +#define NBITS 4 + +/* Define the table size */ +#define TABLE_SIZE (1UL<addr.in6[i * 4 + 0] << 24 | + ip->addr.in6[i * 4 + 1] << 16 | + ip->addr.in6[i * 4 + 2] << 8 | + ip->addr.in6[i * 4 + 3]; +} + +/* ================================================== */ + +inline static uint32_t +get_subnet(uint32_t *addr, unsigned int where) +{ + int off; + + off = where / 32; + where %= 32; + + return (addr[off] >> (32 - NBITS - where)) & ((1UL << NBITS) - 1); +} + +/* ================================================== */ + +ADF_AuthTable +ADF_CreateTable(void) +{ + ADF_AuthTable result; + result = MallocNew(struct ADF_AuthTableInst); + + /* Default is that nothing is allowed */ + result->base4.state = DENY; + result->base4.extended = NULL; + result->base6.state = DENY; + result->base6.extended = NULL; + + return result; +} + +/* ================================================== */ +/* This function deletes all definitions of child nodes, in effect + pruning a whole subnet definition back to a single parent + record. */ +static void +close_node(TableNode *node) +{ + int i; + TableNode *child_node; + + if (node->extended != NULL) { + for (i=0; iextended[i]); + close_node(child_node); + } + Free(node->extended); + node->extended = NULL; + } +} + + +/* ================================================== */ +/* Allocate the extension field in a node, and set all the children's + states to default to that of the node being extended */ + +static void +open_node(TableNode *node) +{ + int i; + TableNode *child_node; + + if (node->extended == NULL) { + + node->extended = MallocArray(struct _TableNode, TABLE_SIZE); + + for (i=0; iextended[i]); + child_node->state = AS_PARENT; + child_node->extended = NULL; + } + } +} + +/* ================================================== */ + +static ADF_Status +set_subnet(TableNode *start_node, + uint32_t *ip, + int ip_len, + int subnet_bits, + State new_state, + int delete_children) +{ + int bits_to_go, bits_consumed; + uint32_t subnet; + TableNode *node; + + bits_consumed = 0; + bits_to_go = subnet_bits; + node = start_node; + + if ((subnet_bits < 0) || + (subnet_bits > 32 * ip_len)) { + + return ADF_BADSUBNET; + + } else { + + if ((bits_to_go & (NBITS-1)) == 0) { + + while (bits_to_go > 0) { + subnet = get_subnet(ip, bits_consumed); + if (!(node->extended)) { + open_node(node); + } + node = &(node->extended[subnet]); + bits_to_go -= NBITS; + bits_consumed += NBITS; + } + + if (delete_children) { + close_node(node); + } + node->state = new_state; + + } else { /* Have to set multiple entries */ + int N, i, j; + TableNode *this_node; + + while (bits_to_go >= NBITS) { + subnet = get_subnet(ip, bits_consumed); + if (!(node->extended)) { + open_node(node); + } + node = &(node->extended[subnet]); + bits_to_go -= NBITS; + bits_consumed += NBITS; + } + + /* How many subnet entries to set : 1->8, 2->4, 3->2 */ + N = 1 << (NBITS-bits_to_go); + + subnet = get_subnet(ip, bits_consumed) & ~(N - 1); + assert(subnet + N <= TABLE_SIZE); + + if (!(node->extended)) { + open_node(node); + } + + for (i=subnet, j=0; jextended[i]); + if (delete_children) { + close_node(this_node); + } + this_node->state = new_state; + } + } + + return ADF_SUCCESS; + } + +} + +/* ================================================== */ + +static ADF_Status +set_subnet_(ADF_AuthTable table, + IPAddr *ip_addr, + int subnet_bits, + State new_state, + int delete_children) +{ + uint32_t ip6[4]; + + switch (ip_addr->family) { + case IPADDR_INET4: + return set_subnet(&table->base4, &ip_addr->addr.in4, 1, subnet_bits, new_state, delete_children); + case IPADDR_INET6: + split_ip6(ip_addr, ip6); + return set_subnet(&table->base6, ip6, 4, subnet_bits, new_state, delete_children); + case IPADDR_UNSPEC: + /* Apply to both, subnet_bits has to be 0 */ + if (subnet_bits != 0) + return ADF_BADSUBNET; + memset(ip6, 0, sizeof (ip6)); + if (set_subnet(&table->base4, ip6, 1, 0, new_state, delete_children) == ADF_SUCCESS && + set_subnet(&table->base6, ip6, 4, 0, new_state, delete_children) == ADF_SUCCESS) + return ADF_SUCCESS; + break; + } + + return ADF_BADSUBNET; +} + +ADF_Status +ADF_Allow(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, ALLOW, 0); +} + +/* ================================================== */ + + +ADF_Status +ADF_AllowAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, ALLOW, 1); +} + +/* ================================================== */ + +ADF_Status +ADF_Deny(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, DENY, 0); +} + +/* ================================================== */ + +ADF_Status +ADF_DenyAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, DENY, 1); +} + +/* ================================================== */ + +void +ADF_DestroyTable(ADF_AuthTable table) +{ + close_node(&table->base4); + close_node(&table->base6); + Free(table); +} + +/* ================================================== */ + +static int +check_ip_in_node(TableNode *start_node, uint32_t *ip) +{ + uint32_t subnet; + int bits_consumed = 0; + int result = 0; + int finished = 0; + TableNode *node; + State state=DENY; + + node = start_node; + + do { + if (node->state != AS_PARENT) { + state = node->state; + } + if (node->extended) { + subnet = get_subnet(ip, bits_consumed); + node = &(node->extended[subnet]); + bits_consumed += NBITS; + } else { + /* Make decision on this node */ + finished = 1; + } + } while (!finished); + + switch (state) { + case ALLOW: + result = 1; + break; + case DENY: + result = 0; + break; + case AS_PARENT: + assert(0); + break; + } + + return result; +} + + +/* ================================================== */ + +int +ADF_IsAllowed(ADF_AuthTable table, + IPAddr *ip_addr) +{ + uint32_t ip6[4]; + + switch (ip_addr->family) { + case IPADDR_INET4: + return check_ip_in_node(&table->base4, &ip_addr->addr.in4); + case IPADDR_INET6: + split_ip6(ip_addr, ip6); + return check_ip_in_node(&table->base6, ip6); + } + + return 0; +} + +/* ================================================== */ + +#if defined TEST + +static void print_node(TableNode *node, uint32_t *addr, int ip_len, int shift, int subnet_bits) +{ + uint32_t new_addr[4]; + int i; + TableNode *sub_node; + + for (i=0; i> 24) & 255), + ((addr[0] >> 16) & 255), + ((addr[0] >> 8) & 255), + ((addr[0] ) & 255)); + else { + for (i=0; i<4; i++) { + if (addr[i]) + printf("%d.%d.%d.%d", + ((addr[i] >> 24) & 255), + ((addr[i] >> 16) & 255), + ((addr[i] >> 8) & 255), + ((addr[i] ) & 255)); + putchar(i < 3 ? ':' : '\0'); + } + } + printf("/%d : %s\n", + subnet_bits, + (node->state == ALLOW) ? "allow" : + (node->state == DENY) ? "deny" : "as parent"); + if (node->extended) { + for (i=0; i<16; i++) { + sub_node = &(node->extended[i]); + new_addr[0] = addr[0]; + new_addr[1] = addr[1]; + new_addr[2] = addr[2]; + new_addr[3] = addr[3]; + new_addr[ip_len - 1 - shift / 32] |= ((uint32_t)i << (shift % 32)); + print_node(sub_node, new_addr, ip_len, shift - 4, subnet_bits + 4); + } + } +} + + +static void print_table(ADF_AuthTable table) +{ + uint32_t addr[4]; + + memset(addr, 0, sizeof (addr)); + printf("IPv4 table:\n"); + print_node(&table->base4, addr, 1, 28, 0); + + memset(addr, 0, sizeof (addr)); + printf("IPv6 table:\n"); + print_node(&table->base6, addr, 4, 124, 0); +} + +/* ================================================== */ + +int main (int argc, char **argv) +{ + IPAddr ip; + ADF_AuthTable table; + table = ADF_CreateTable(); + + ip.family = IPADDR_INET4; + + ip.addr.in4 = 0x7e800000; + ADF_Allow(table, &ip, 9); + ip.addr.in4 = 0x7ecc0000; + ADF_Deny(table, &ip, 14); +#if 0 + ip.addr.in4 = 0x7f000001; + ADF_Deny(table, &ip, 32); + ip.addr.in4 = 0x7f000000; + ADF_Allow(table, &ip, 8); +#endif + + printf("allowed: %d\n", ADF_IsAllowed(table, &ip)); + ip.addr.in4 ^= 1; + printf("allowed: %d\n", ADF_IsAllowed(table, &ip)); + + ip.family = IPADDR_INET6; + + memcpy(ip.addr.in6, "abcdefghijklmnop", 16); + ADF_Deny(table, &ip, 66); + ADF_Allow(table, &ip, 59); + + memcpy(ip.addr.in6, "xbcdefghijklmnop", 16); + ADF_Deny(table, &ip, 128); + ip.addr.in6[15] ^= 3; + ADF_Allow(table, &ip, 127); + + printf("allowed: %d\n", ADF_IsAllowed(table, &ip)); + ip.addr.in4 ^= 1; + printf("allowed: %d\n", ADF_IsAllowed(table, &ip)); + + print_table(table); + + ADF_DestroyTable(table); + return 0; +} + + + +#endif /* defined TEST */ + + + + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/addrfilt.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/addrfilt.h --- atmark-dist-20150618/user/chrony/chrony-1.30/addrfilt.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/addrfilt.h 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,75 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Module for providing an authorisation filter on IP addresses + */ + +#ifndef GOT_ADDRFILT_H +#define GOT_ADDRFILT_H + +#include "addressing.h" + +typedef struct ADF_AuthTableInst *ADF_AuthTable; + +typedef enum { + ADF_SUCCESS, + ADF_BADSUBNET +} ADF_Status; + + +/* Create a new table. The default rule is deny for everything */ +extern ADF_AuthTable ADF_CreateTable(void); + +/* Allow anything in the supplied subnet, EXCEPT for any more specific + subnets that are already defined */ +extern ADF_Status ADF_Allow(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Allow anything in the supplied subnet, overwriting existing + definitions for any more specific subnets */ +extern ADF_Status ADF_AllowAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Deny anything in the supplied subnet, EXCEPT for any more specific + subnets that are already defined */ +extern ADF_Status ADF_Deny(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Deny anything in the supplied subnet, overwriting existing + definitions for any more specific subnets */ +extern ADF_Status ADF_DenyAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Clear up the table */ +extern void ADF_DestroyTable(ADF_AuthTable table); + +/* Check whether a given IP address is allowed by the rules in + the table */ +extern int ADF_IsAllowed(ADF_AuthTable table, + IPAddr *ip); + +#endif /* GOT_ADDRFILT_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/broadcast.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/broadcast.c --- atmark-dist-20150618/user/chrony/chrony-1.30/broadcast.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/broadcast.c 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,159 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Deal with broadcast server functions. + */ + +#include "config.h" + +#include "sysincl.h" +#include "memory.h" + +#include "addressing.h" +#include "broadcast.h" +#include "sched.h" +#include "ntp.h" +#include "local.h" +#include "reference.h" +#include "util.h" +#include "ntp_io.h" + +typedef struct { + NTP_Remote_Address addr; + NTP_Local_Address local_addr; + int interval; +} Destination; +static Destination *destinations = 0; +static int n_destinations = 0; +static int max_destinations = 0; + +void +BRD_Initialise(void) +{ +} + +/* ================================================== */ + +void +BRD_Finalise(void) +{ +} + +/* ================================================== */ +/* This is a cut-down version of what transmit_packet in ntp_core.c does */ + +static void +timeout_handler(void *arbitrary) +{ + Destination *d = (Destination *) arbitrary; + NTP_Packet message; + /* Parameters read from reference module */ + int version; + int leap; + int are_we_synchronised, our_stratum; + NTP_Leap leap_status; + uint32_t our_ref_id, ts_fuzz; + struct timeval our_ref_time; + double our_root_delay, our_root_dispersion; + struct timeval local_transmit; + + version = 3; + + LCL_ReadCookedTime(&local_transmit, NULL); + REF_GetReferenceParams(&local_transmit, + &are_we_synchronised, &leap_status, + &our_stratum, + &our_ref_id, &our_ref_time, + &our_root_delay, &our_root_dispersion); + + + if (are_we_synchronised) { + leap = (int) leap_status; + } else { + leap = LEAP_Unsynchronised; + } + + message.lvm = ((leap << 6) &0xc0) | ((version << 3) & 0x38) | (MODE_BROADCAST & 0x07); + message.stratum = our_stratum; + message.poll = 6; /* FIXME: what should this be? */ + message.precision = LCL_GetSysPrecisionAsLog(); + + /* If we're sending a client mode packet and we aren't synchronized yet, + we might have to set up artificial values for some of these parameters */ + message.root_delay = UTI_DoubleToInt32(our_root_delay); + message.root_dispersion = UTI_DoubleToInt32(our_root_dispersion); + + message.reference_id = htonl((NTP_int32) our_ref_id); + + /* Now fill in timestamps */ + UTI_TimevalToInt64(&our_ref_time, &message.reference_ts, 0); + message.originate_ts.hi = 0UL; + message.originate_ts.lo = 0UL; + message.receive_ts.hi = 0UL; + message.receive_ts.lo = 0UL; + + ts_fuzz = UTI_GetNTPTsFuzz(message.precision); + LCL_ReadCookedTime(&local_transmit, NULL); + UTI_TimevalToInt64(&local_transmit, &message.transmit_ts, ts_fuzz); + NIO_SendNormalPacket(&message, &d->addr, &d->local_addr); + + /* Requeue timeout. Don't care if interval drifts gradually, so just do it + * at the end. */ + SCH_AddTimeoutInClass((double) d->interval, 1.0, 0.02, + SCH_NtpBroadcastClass, + timeout_handler, (void *) d); + + +} + +/* ================================================== */ + +void +BRD_AddDestination(IPAddr *addr, unsigned short port, int interval) +{ + if (max_destinations == n_destinations) { + /* Expand array */ + max_destinations += 8; + if (destinations) { + destinations = ReallocArray(Destination, max_destinations, destinations); + } else { + destinations = MallocArray(Destination, max_destinations); + } + } + + destinations[n_destinations].addr.ip_addr = *addr; + destinations[n_destinations].addr.port = port; + destinations[n_destinations].local_addr.ip_addr.family = IPADDR_UNSPEC; + destinations[n_destinations].local_addr.sock_fd = + NIO_GetServerSocket(&destinations[n_destinations].addr); + destinations[n_destinations].interval = interval; + + SCH_AddTimeoutInClass((double) interval, 1.0, 0.0, + SCH_NtpBroadcastClass, + timeout_handler, (void *)(destinations + n_destinations)); + + ++n_destinations; + +} + + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/broadcast.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/broadcast.h --- atmark-dist-20150618/user/chrony/chrony-1.30/broadcast.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/broadcast.h 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,37 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Deal with broadcast server functions. + */ + +#ifndef GOT_BROADCAST_H +#define GOT_BROADCAST_H + +#include "addressing.h" + +extern void BRD_Initialise(void); +extern void BRD_Finalise(void); +extern void BRD_AddDestination(IPAddr *addr, unsigned short port, int interval); + +#endif /* GOT_BROADCAST_H */ + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/candm.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/candm.h --- atmark-dist-20150618/user/chrony/chrony-1.30/candm.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/candm.h 2015-07-07 20:54:16.022013529 +0900 @@ -0,0 +1,668 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Definitions for the network protocol used for command and monitoring + of the timeserver. + + */ + +#ifndef GOT_CANDM_H +#define GOT_CANDM_H + +#include "sysincl.h" +#include "addressing.h" +#include "hash.h" + +/* This is the default port to use for CANDM, if no alternative is + defined */ +#define DEFAULT_CANDM_PORT 323 + +/* Request codes */ +#define REQ_NULL 0 +#define REQ_ONLINE 1 +#define REQ_OFFLINE 2 +#define REQ_BURST 3 +#define REQ_MODIFY_MINPOLL 4 +#define REQ_MODIFY_MAXPOLL 5 +#define REQ_DUMP 6 +#define REQ_MODIFY_MAXDELAY 7 +#define REQ_MODIFY_MAXDELAYRATIO 8 +#define REQ_MODIFY_MAXUPDATESKEW 9 +#define REQ_LOGON 10 +#define REQ_SETTIME 11 +#define REQ_LOCAL 12 +#define REQ_MANUAL 13 +#define REQ_N_SOURCES 14 +#define REQ_SOURCE_DATA 15 +#define REQ_REKEY 16 +#define REQ_ALLOW 17 +#define REQ_ALLOWALL 18 +#define REQ_DENY 19 +#define REQ_DENYALL 20 +#define REQ_CMDALLOW 21 +#define REQ_CMDALLOWALL 22 +#define REQ_CMDDENY 23 +#define REQ_CMDDENYALL 24 +#define REQ_ACCHECK 25 +#define REQ_CMDACCHECK 26 +#define REQ_ADD_SERVER 27 +#define REQ_ADD_PEER 28 +#define REQ_DEL_SOURCE 29 +#define REQ_WRITERTC 30 +#define REQ_DFREQ 31 +#define REQ_DOFFSET 32 +#define REQ_TRACKING 33 +#define REQ_SOURCESTATS 34 +#define REQ_RTCREPORT 35 +#define REQ_TRIMRTC 36 +#define REQ_CYCLELOGS 37 +#define REQ_SUBNETS_ACCESSED 38 +#define REQ_CLIENT_ACCESSES 39 +#define REQ_CLIENT_ACCESSES_BY_INDEX 40 +#define REQ_MANUAL_LIST 41 +#define REQ_MANUAL_DELETE 42 +#define REQ_MAKESTEP 43 +#define REQ_ACTIVITY 44 +#define REQ_MODIFY_MINSTRATUM 45 +#define REQ_MODIFY_POLLTARGET 46 +#define REQ_MODIFY_MAXDELAYDEVRATIO 47 +#define REQ_RESELECT 48 +#define REQ_RESELECTDISTANCE 49 +#define N_REQUEST_TYPES 50 + +/* Special utoken value used to log on with first exchange being the + password. (This time value has long since gone by) */ +#define SPECIAL_UTOKEN 0x10101010 + +/* Structure used to exchange timevals independent on size of time_t */ +typedef struct { + uint32_t tv_sec_high; + uint32_t tv_sec_low; + uint32_t tv_nsec; +} Timeval; + +/* This is used in tv_sec_high for 32-bit timestamps */ +#define TV_NOHIGHSEC 0x7fffffff + +/* 32-bit floating-point format consisting of 7-bit signed exponent + and 25-bit signed coefficient without hidden bit. + The result is calculated as: 2^(exp - 25) * coef */ +typedef struct { + int32_t f; +} Float; + +/* The EOR (end of record) fields are used by the offsetof operator in + pktlength.c, to get the number of bytes that ought to be + transmitted for each packet type. */ + +typedef struct { + IPAddr mask; + IPAddr address; + int32_t EOR; +} REQ_Online; + +typedef struct { + IPAddr mask; + IPAddr address; + int32_t EOR; +} REQ_Offline; + +typedef struct { + IPAddr mask; + IPAddr address; + int32_t n_good_samples; + int32_t n_total_samples; + int32_t EOR; +} REQ_Burst; + +typedef struct { + IPAddr address; + int32_t new_minpoll; + int32_t EOR; +} REQ_Modify_Minpoll; + +typedef struct { + IPAddr address; + int32_t new_maxpoll; + int32_t EOR; +} REQ_Modify_Maxpoll; + +typedef struct { + int32_t pad; + int32_t EOR; +} REQ_Dump; + +typedef struct { + IPAddr address; + Float new_max_delay; + int32_t EOR; +} REQ_Modify_Maxdelay; + +typedef struct { + IPAddr address; + Float new_max_delay_ratio; + int32_t EOR; +} REQ_Modify_Maxdelayratio; + +typedef struct { + IPAddr address; + Float new_max_delay_dev_ratio; + int32_t EOR; +} REQ_Modify_Maxdelaydevratio; + +typedef struct { + IPAddr address; + int32_t new_min_stratum; + int32_t EOR; +} REQ_Modify_Minstratum; + +typedef struct { + IPAddr address; + int32_t new_poll_target; + int32_t EOR; +} REQ_Modify_Polltarget; + +typedef struct { + Float new_max_update_skew; + int32_t EOR; +} REQ_Modify_Maxupdateskew; + +typedef struct { + Timeval ts; + int32_t EOR; +} REQ_Logon; + +typedef struct { + Timeval ts; + int32_t EOR; +} REQ_Settime; + +typedef struct { + int32_t on_off; + int32_t stratum; + int32_t EOR; +} REQ_Local; + +typedef struct { + int32_t option; + int32_t EOR; +} REQ_Manual; + +typedef struct { + int32_t EOR; +} REQ_N_Sources; + +typedef struct { + int32_t index; + int32_t EOR; +} REQ_Source_Data; + +typedef struct { + int32_t EOR; +} REQ_Rekey; + +typedef struct { + IPAddr ip; + int32_t subnet_bits; + int32_t EOR; +} REQ_Allow_Deny; + +typedef struct { + IPAddr ip; + int32_t EOR; +} REQ_Ac_Check; + +/* Flags used in NTP source requests */ +#define REQ_ADDSRC_ONLINE 0x1 +#define REQ_ADDSRC_AUTOOFFLINE 0x2 +#define REQ_ADDSRC_IBURST 0x4 +#define REQ_ADDSRC_PREFER 0x8 +#define REQ_ADDSRC_NOSELECT 0x10 + +typedef struct { + IPAddr ip_addr; + uint32_t port; + int32_t minpoll; + int32_t maxpoll; + int32_t presend_minpoll; + uint32_t authkey; + Float max_delay; + Float max_delay_ratio; + uint32_t flags; + int32_t EOR; +} REQ_NTP_Source; + +typedef struct { + IPAddr ip_addr; + int32_t EOR; +} REQ_Del_Source; + +typedef struct { + int32_t EOR; +} REQ_WriteRtc; + +typedef struct { + Float dfreq; + int32_t EOR; +} REQ_Dfreq; + +typedef struct { + int32_t sec; + int32_t usec; + int32_t EOR; +} REQ_Doffset; + +typedef struct { + int32_t EOR; +} REQ_Tracking; + +typedef struct { + uint32_t index; + int32_t EOR; +} REQ_Sourcestats; + +typedef struct { + int32_t EOR; +} REQ_RTCReport; + +typedef struct { + int32_t EOR; +} REQ_TrimRTC; + +typedef struct { + int32_t EOR; +} REQ_CycleLogs; + +typedef struct { + IPAddr ip; + uint32_t bits_specd; +} REQ_SubnetsAccessed_Subnet; + +/* This is based on the response size rather than the + request size */ +#define MAX_CLIENT_ACCESSES 8 + +typedef struct { + uint32_t first_index; + uint32_t n_indices; + int32_t EOR; +} REQ_ClientAccessesByIndex; + +typedef struct { + int32_t EOR; +} REQ_ManualList; + +typedef struct { + int32_t index; + int32_t EOR; +} REQ_ManualDelete; + +typedef struct { + int32_t EOR; +} REQ_MakeStep; + +typedef struct { + int32_t EOR; +} REQ_Activity; + +typedef struct { + int32_t EOR; +} REQ_Reselect; + +typedef struct { + Float distance; + int32_t EOR; +} REQ_ReselectDistance; + +/* ================================================== */ + +#define PKT_TYPE_CMD_REQUEST 1 +#define PKT_TYPE_CMD_REPLY 2 + +/* This version number needs to be incremented whenever the packet + size and/or the format of any of the existing messages is changed. + Other changes, e.g. new command types, should be handled cleanly by + client.c and cmdmon.c anyway, so the version can stay the same. + + Version 1 : original version with fixed size packets + + Version 2 : both command and reply packet sizes made capable of + being variable length. + + Version 3 : NTP_Source message lengthened (auto_offline) + + Version 4 : IPv6 addressing added, 64-bit time values, sourcestats + and tracking reports extended, added flags to NTP source request, + trimmed source report, replaced fixed-point format with floating-point + and used also instead of integer microseconds, new commands: modify stratum, + modify polltarget, modify maxdelaydevratio, reselect, reselectdistance + + Version 5 : auth data moved to the end of the packet to allow hashes with + different sizes, extended sources, tracking and activity reports, dropped + subnets accessed and client accesses + + Version 6 : added padding to requests to prevent amplification attack, + changed maximum number of samples in manual list to 16 + */ + +#define PROTO_VERSION_NUMBER 6 + +/* The oldest protocol versions that are compatible enough with the current + version to report a version mismatch for the server and the client */ +#define PROTO_VERSION_MISMATCH_COMPAT_SERVER 5 +#define PROTO_VERSION_MISMATCH_COMPAT_CLIENT 4 + +/* The first protocol version using padding in requests */ +#define PROTO_VERSION_PADDING 6 + +/* The maximum length of padding in request packet, currently + defined by CLIENT_ACCESSES_BY_INDEX and MANUAL_LIST */ +#define MAX_PADDING_LENGTH 396 + +/* ================================================== */ + +typedef struct { + uint8_t version; /* Protocol version */ + uint8_t pkt_type; /* What sort of packet this is */ + uint8_t res1; + uint8_t res2; + uint16_t command; /* Which command is being issued */ + uint16_t attempt; /* How many resends the client has done + (count up from zero for same sequence + number) */ + uint32_t sequence; /* Client's sequence number */ + uint32_t utoken; /* Unique token per incarnation of daemon */ + uint32_t token; /* Command token (to prevent replay attack) */ + + union { + REQ_Online online; + REQ_Offline offline; + REQ_Burst burst; + REQ_Modify_Minpoll modify_minpoll; + REQ_Modify_Maxpoll modify_maxpoll; + REQ_Dump dump; + REQ_Modify_Maxdelay modify_maxdelay; + REQ_Modify_Maxdelayratio modify_maxdelayratio; + REQ_Modify_Maxdelaydevratio modify_maxdelaydevratio; + REQ_Modify_Minstratum modify_minstratum; + REQ_Modify_Polltarget modify_polltarget; + REQ_Modify_Maxupdateskew modify_maxupdateskew; + REQ_Logon logon; + REQ_Settime settime; + REQ_Local local; + REQ_Manual manual; + REQ_N_Sources n_sources; + REQ_Source_Data source_data; + REQ_Rekey rekey; + REQ_Allow_Deny allow_deny; + REQ_Ac_Check ac_check; + REQ_NTP_Source ntp_source; + REQ_Del_Source del_source; + REQ_WriteRtc writertc; + REQ_Dfreq dfreq; + REQ_Doffset doffset; + REQ_Tracking tracking; + REQ_Sourcestats sourcestats; + REQ_RTCReport rtcreport; + REQ_TrimRTC trimrtc; + REQ_CycleLogs cyclelogs; + REQ_ClientAccessesByIndex client_accesses_by_index; + REQ_ManualList manual_list; + REQ_ManualDelete manual_delete; + REQ_MakeStep make_step; + REQ_Activity activity; + REQ_Reselect reselect; + REQ_ReselectDistance reselect_distance; + } data; /* Command specific parameters */ + + /* The following fields only set the maximum size of the packet. + There are no holes between them and the actual data. */ + + /* Padding used to prevent traffic amplification */ + uint8_t padding[MAX_PADDING_LENGTH]; + + /* Authentication data */ + uint8_t auth[MAX_HASH_LENGTH]; + +} CMD_Request; + +/* ================================================== */ +/* Authority codes for command types */ + +#define PERMIT_OPEN 0 +#define PERMIT_LOCAL 1 +#define PERMIT_AUTH 2 + +/* ================================================== */ + +/* Reply codes */ +#define RPY_NULL 1 +#define RPY_N_SOURCES 2 +#define RPY_SOURCE_DATA 3 +#define RPY_MANUAL_TIMESTAMP 4 +#define RPY_TRACKING 5 +#define RPY_SOURCESTATS 6 +#define RPY_RTC 7 +#define RPY_SUBNETS_ACCESSED 8 +#define RPY_CLIENT_ACCESSES 9 +#define RPY_CLIENT_ACCESSES_BY_INDEX 10 +#define RPY_MANUAL_LIST 11 +#define RPY_ACTIVITY 12 +#define N_REPLY_TYPES 13 + +/* Status codes */ +#define STT_SUCCESS 0 +#define STT_FAILED 1 +#define STT_UNAUTH 2 +#define STT_INVALID 3 +#define STT_NOSUCHSOURCE 4 +#define STT_INVALIDTS 5 +#define STT_NOTENABLED 6 +#define STT_BADSUBNET 7 +#define STT_ACCESSALLOWED 8 +#define STT_ACCESSDENIED 9 +/* Deprecated */ +#define STT_NOHOSTACCESS 10 +#define STT_SOURCEALREADYKNOWN 11 +#define STT_TOOMANYSOURCES 12 +#define STT_NORTC 13 +#define STT_BADRTCFILE 14 +#define STT_INACTIVE 15 +#define STT_BADSAMPLE 16 +#define STT_INVALIDAF 17 +#define STT_BADPKTVERSION 18 +#define STT_BADPKTLENGTH 19 + +typedef struct { + int32_t EOR; +} RPY_Null; + +typedef struct { + uint32_t n_sources; + int32_t EOR; +} RPY_N_Sources; + +#define RPY_SD_MD_CLIENT 0 +#define RPY_SD_MD_PEER 1 +#define RPY_SD_MD_REF 2 + +#define RPY_SD_ST_SYNC 0 +#define RPY_SD_ST_UNREACH 1 +#define RPY_SD_ST_FALSETICKER 2 +#define RPY_SD_ST_JITTERY 3 +#define RPY_SD_ST_CANDIDATE 4 +#define RPY_SD_ST_OUTLIER 5 + +#define RPY_SD_FLAG_NOSELECT 0x1 +#define RPY_SD_FLAG_PREFER 0x2 + +typedef struct { + IPAddr ip_addr; + int16_t poll; + uint16_t stratum; + uint16_t state; + uint16_t mode; + uint16_t flags; + uint16_t reachability; + uint32_t since_sample; + Float orig_latest_meas; + Float latest_meas; + Float latest_meas_err; + int32_t EOR; +} RPY_Source_Data; + +typedef struct { + uint32_t ref_id; + IPAddr ip_addr; + uint16_t stratum; + uint16_t leap_status; + Timeval ref_time; + Float current_correction; + Float last_offset; + Float rms_offset; + Float freq_ppm; + Float resid_freq_ppm; + Float skew_ppm; + Float root_delay; + Float root_dispersion; + Float last_update_interval; + int32_t EOR; +} RPY_Tracking; + +typedef struct { + uint32_t ref_id; + IPAddr ip_addr; + uint32_t n_samples; + uint32_t n_runs; + uint32_t span_seconds; + Float sd; + Float resid_freq_ppm; + Float skew_ppm; + Float est_offset; + Float est_offset_err; + int32_t EOR; +} RPY_Sourcestats; + +typedef struct { + Timeval ref_time; + uint16_t n_samples; + uint16_t n_runs; + uint32_t span_seconds; + Float rtc_seconds_fast; + Float rtc_gain_rate_ppm; + int32_t EOR; +} RPY_Rtc; + +typedef struct { + uint32_t centiseconds; + Float dfreq_ppm; + Float new_afreq_ppm; + int32_t EOR; +} RPY_ManualTimestamp; + +typedef struct { + IPAddr ip; + uint32_t bits_specd; + uint32_t bitmap[8]; +} RPY_SubnetsAccessed_Subnet; + +typedef struct { + IPAddr ip; + uint32_t client_hits; + uint32_t peer_hits; + uint32_t cmd_hits_auth; + uint32_t cmd_hits_normal; + uint32_t cmd_hits_bad; + uint32_t last_ntp_hit_ago; + uint32_t last_cmd_hit_ago; +} RPY_ClientAccesses_Client; + +typedef struct { + uint32_t n_indices; /* how many indices there are in the server's table */ + uint32_t next_index; /* the index 1 beyond those processed on this call */ + uint32_t n_clients; /* the number of valid entries in the following array */ + RPY_ClientAccesses_Client clients[MAX_CLIENT_ACCESSES]; + int32_t EOR; +} RPY_ClientAccessesByIndex; + +#define MAX_MANUAL_LIST_SAMPLES 16 + +typedef struct { + Timeval when; + Float slewed_offset; + Float orig_offset; + Float residual; +} RPY_ManualListSample; + +typedef struct { + uint32_t n_samples; + RPY_ManualListSample samples[MAX_MANUAL_LIST_SAMPLES]; + int32_t EOR; +} RPY_ManualList; + +typedef struct { + int32_t online; + int32_t offline; + int32_t burst_online; + int32_t burst_offline; + int32_t unresolved; + int32_t EOR; +} RPY_Activity; + +typedef struct { + uint8_t version; + uint8_t pkt_type; + uint8_t res1; + uint8_t res2; + uint16_t command; /* Which command is being replied to */ + uint16_t reply; /* Which format of reply this is */ + uint16_t status; /* Status of command processing */ + uint16_t pad1; /* Padding for compatibility and 4 byte alignment */ + uint16_t pad2; + uint16_t pad3; + uint32_t sequence; /* Echo of client's sequence number */ + uint32_t utoken; /* Unique token per incarnation of daemon */ + uint32_t token; /* New command token (only if command was successfully + authenticated) */ + union { + RPY_Null null; + RPY_N_Sources n_sources; + RPY_Source_Data source_data; + RPY_ManualTimestamp manual_timestamp; + RPY_Tracking tracking; + RPY_Sourcestats sourcestats; + RPY_Rtc rtc; + RPY_ClientAccessesByIndex client_accesses_by_index; + RPY_ManualList manual_list; + RPY_Activity activity; + } data; /* Reply specific parameters */ + + /* authentication of the packet, there is no hole after the actual data + from the data union, this field only sets the maximum auth size */ + uint8_t auth[MAX_HASH_LENGTH]; + +} CMD_Reply; + +/* ================================================== */ + +#endif /* GOT_CANDM_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chrony.1 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.1 --- atmark-dist-20150618/user/chrony/chrony-1.30/chrony.1 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.1 2015-07-07 20:54:16.026013606 +0900 @@ -0,0 +1,71 @@ +.TH CHRONY 1 "July 2014" "chrony 1.30" "User's Manual" +.SH NAME +chrony \- programs for keeping computer clocks accurate + +.SH SYNOPSIS +\fBchronyc\fR [\fIOPTIONS\fR] + +\fBchronyd\fR [\fIOPTIONS\fR] + +.SH DESCRIPTION +\fBchrony\fR is a pair of programs for keeping computer clocks accurate. +\fIchronyd\fR is a background (daemon) program and \fIchronyc\fR is a +command-line interface to it. Time reference sources for chronyd can be +RFC1305 NTP servers, human (via keyboard and \fIchronyc\fR), or the computer's +real-time clock at boot time (Linux only). chronyd can determine the rate at +which the computer gains or loses time and compensate for it while no external +reference is present. Its use of NTP servers can be switched on and off +(through \fIchronyc\fR) to support computers with dial-up/intermittent access +to the Internet, and it can also act as an RFC1305-compatible NTP server. + +.SH USAGE +\fIchronyc\fR is a command-line interface program which can be used to +monitor \fIchronyd\fR's performance and to change various operating +parameters whilst it is running. + +\fIchronyd\fR's main function is to obtain measurements of the true (UTC) +time from one of several sources, and correct the system clock +accordingly. It also works out the rate at which the system clock +gains or loses time and uses this information to keep it accurate +between measurements from the reference. + +The reference time can be derived from either Network Time Protocol +(NTP) servers, reference clocks, or wristwatch-and-keyboard (via \fIchronyc\fR). +The main source of information about the Network Time Protocol is +\fIhttp://www.ntp.org\fR. + +It is designed so that it can work on computers which only have +intermittent access to reference sources, for example computers which +use a dial-up account to access the Internet or laptops. Of course, it +will work well on computers with permanent connections too. + +In addition, on Linux it can monitor the system's real time clock +performance, so the system can maintain accurate time even across +reboots. + +Typical accuracies available between 2 machines are + +On an ethernet LAN : 100-200 microseconds, often much better +On a V32bis dial-up modem connection : 10's of milliseconds (from one +session to the next) + +With a good reference clock the accuracy can reach one microsecond. + +\fIchronyd\fR can also operate as an RFC1305-compatible NTP server and peer. + +.SH "SEE ALSO" +.BR chronyc(1), +.BR chrony.conf(5), +.BR chronyd(8) + +.I http://chrony.tuxfamily.org/ + +.SH AUTHOR +Richard Curnow + +This man-page was written by Jan Schaumann as part +of "The Missing Man Pages Project". Please see +\fIhttp://www.netmeister.org/misc/m2p2/index.html\fR for details. + +The complete chrony documentation is supplied in texinfo format. + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chrony.conf.5.in atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.conf.5.in --- atmark-dist-20150618/user/chrony/chrony-1.30/chrony.conf.5.in 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.conf.5.in 2015-07-07 20:54:16.026013606 +0900 @@ -0,0 +1,55 @@ +.TH chrony.conf 5 "July 2014" "chrony 1.30" "Configuration Files" +.SH NAME +chrony.conf \- chronyd configuration file + +.SH SYNOPSIS +.B @SYSCONFDIR@/chrony.conf + +.SH DESCRIPTION +\fIchrony\fR is a pair of programs for maintaining the accuracy of computer +clocks. \fIchronyd\fR is a background daemon program that can be started at +boot time. + +Assuming that you have found some servers, you need to set up a +configuration file to run \fIchrony\fR. The (compiled-in) default location +for this file is \fB@SYSCONFDIR@/chrony.conf\fR. Assuming that your ntp servers +are called `a.b.c' and `d.e.f', your \fBchrony.conf\fR file could contain +as a minimum + + server a.b.c + server d.e.f + server g.h.i + +However, you will probably want to include some of the other directives +described in detail in the documentation supplied with the distribution +(\fIchrony.txt\fR and \fIchrony.texi\fR). The following directives may be +particularly useful : `driftfile', `generatecommandkey', `keyfile', `makestep'. +Also, the `iburst' server option is useful to speed up the initial +synchronization. The smallest useful configuration file would look something +like + + server a.b.c iburst + server d.e.f iburst + server g.h.i iburst + keyfile @SYSCONFDIR@/chrony.keys + generatecommandkey + driftfile @CHRONYVARDIR@/drift + makestep 10 3 + + +.SH "SEE ALSO" +.BR chrony(1), +.BR chronyc(1), +.BR chronyd(8) + +.I http://chrony.tuxfamily.org/ + +.SH AUTHOR +Richard Curnow + +This man-page was written by Jan Schaumann as part of "The Missing +Man Pages Project". Please see \fIhttp://www.netmeister.org/misc/m2p2/index.html\fR +for details. + +The complete chrony documentation is supplied in texinfo format. + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chrony.spec atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.spec --- atmark-dist-20150618/user/chrony/chrony-1.30/chrony.spec 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.spec 2015-07-07 20:54:16.026013606 +0900 @@ -0,0 +1,57 @@ +%global chrony_version 1.30 +%if 0%(echo %{chrony_version} | grep -q pre && echo 1) +%global prerelease %(echo %{chrony_version} | sed 's/.*-//') +%endif +Summary: An NTP client/server +Name: chrony +Version: %(echo %{chrony_version} | sed 's/-.*//') +Release: %{!?prerelease:1}%{?prerelease:0.1.%{prerelease}} +Source: chrony-%{version}%{?prerelease:-%{prerelease}}.tar.gz +License: GPLv2 +Group: Applications/Utilities +BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(id -u -n) +Requires: info + +%description +chrony is a client and server for the Network Time Protocol (NTP). +This program keeps your computer's clock accurate. It was specially +designed to support systems with intermittent Internet connections, +but it also works well in permanently connected environments. It can +also use hardware reference clocks, the system real-time clock, or +manual input as time references. + +%prep +%setup -q -n %{name}-%{version}%{?prerelease:-%{prerelease}} + +%build +./configure \ + --prefix=%{_prefix} \ + --bindir=%{_bindir} \ + --sbindir=%{_sbindir} \ + --infodir=%{_infodir} \ + --mandir=%{_mandir} +make +make chrony.txt +make chrony.info + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +rm -rf $RPM_BUILD_ROOT%{_docdir} +mkdir -p $RPM_BUILD_ROOT%{_infodir} +cp chrony.info* $RPM_BUILD_ROOT%{_infodir} + +%files +%{_sbindir}/chronyd +%{_bindir}/chronyc +%{_infodir}/chrony.info* +%{_mandir}/man1/chrony.1.gz +%{_mandir}/man1/chronyc.1.gz +%{_mandir}/man5/chrony.conf.5.gz +%{_mandir}/man8/chronyd.8.gz +%doc README +%doc chrony.txt +%doc COPYING +%doc examples/chrony.conf.example* +%doc examples/chrony.keys.example + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chrony.texi.in atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.texi.in --- atmark-dist-20150618/user/chrony/chrony-1.30/chrony.texi.in 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.texi.in 2015-07-07 20:54:16.026013606 +0900 @@ -0,0 +1,5107 @@ +\input texinfo +@c {{{ Main header stuff +@afourwide +@paragraphindent 0 +@setfilename chrony.info +@settitle User guide for the chrony suite +@c @setchapternewpage off + +@ifinfo +@dircategory Net Utilities +@direntry +* chrony: (chrony). How to use chronyd and chronyc +* chronyd: (chrony)Starting chronyd. Reference for chronyd +* chronyc: (chrony)Running chronyc. Reference for chronyc +@end direntry +@end ifinfo + +@titlepage +@sp 10 +@title The chrony suite +@subtitle This manual describes how to use +@subtitle the programs chronyd and chronyc +@author Richard P. Curnow +@page +@vskip 0pt plus 1filll +Copyright @copyright{} 1997-1999 Richard P. Curnow +Copyright @copyright{} 2009-2014 Miroslav Lichvar +@end titlepage +@c }}} +@c {{{ Top node +@node Top +@top +@menu +* Introduction:: What the chrony suite does +* Installation:: How to compile and install the software +* Typical scenarios:: How to configure the software for some common cases +* Usage reference:: Reference manual +* FAQ:: Answers to some common questions about chrony +* GPL:: The GNU General Public License +@end menu +@c }}} +@c {{{ Ch:Introduction +@c {{{ Chapter top +@node Introduction +@chapter Introduction +@menu +* Overview:: What the programs do +* Acknowledgements:: Credit where credit is due +* Availability:: Where to get the software +* Other time synchronisation packages:: Comparision with other software +* Distribution and warranty:: There is no warranty +* Bug reporting:: How to report bugs and make suggestions +* Contributing:: Areas where contributions are particularly welcome +@end menu +@c }}} +@c {{{ S:Overview +@node Overview +@section Overview +Chrony is a software package for maintaining the accuracy of computer +system clocks. It consists of a pair of programs : + +@itemize @bullet +@item @code{chronyd}. This is a daemon which runs in background on the +system. It obtains measurements (e.g. via the network) of the system's +offset relative to other systems, and adjusts the system time +accordingly. For isolated systems, the user can periodically enter the +correct time by hand (using @code{chronyc}). In either case, +@code{chronyd} determines the rate at which the computer gains or loses +time, and compensates for this. + +@code{chronyd} can also act as an NTP server, and provide a time-of-day service +to other computers. A typical set-up is to run @code{chronyd} on a gateway +computer that has a dial-up link to the Internet, and use it to serve time to +computers on a private LAN sitting behind the gateway. The IP addresses that +can act as clients of @code{chronyd} can be tightly controlled. The default is +no client access. + +@item @code{chronyc}. This is a command-line driven control and +monitoring program. An administrator can use this to fine-tune various +parameters within the daemon, add or delete servers etc whilst the +daemon is running. + +The IP addresses from which @code{chronyc} clients may connect can be tightly +controlled. The default is just the computer that @code{chronyd} itself is +running on. +@end itemize +@c }}} +@c {{{ S:Acknowledgments +@node Acknowledgements +@section Acknowledgements + +The @code{chrony} suite makes use of the algorithm known as @emph{RSA +Data Security, Inc. MD5 Message-Digest Algorithm} for authenticating +messages between different machines on the network. + +In writing the @code{chronyd} program, extensive use has been made of +RFC1305, written by David Mills. The @code{ntp} suite's source code has +been occasionally used to check details of the protocol that the RFC did +not make absolutely clear. The core algorithms in @code{chronyd} are +all completely distinct from @code{ntp}, however. +@c }}} +@c {{{ S:Availability +@node Availability +@section Availability +@menu +* Getting the software:: Where can I get the software from? +* Platforms:: Which platforms will it run on? +@end menu + + +@node Getting the software +@subsection Getting the software +Links on @uref{http://chrony.tuxfamily.org, the chrony home page} +describe how to obtain the software. + + +@node Platforms +@subsection Platforms +Although most of the program is portable between +Unix-like systems, there are parts that have to be tailored to each +specific vendor's system. These are the parts that interface with the +operating system's facilities for adjusting the system clock; +different operating systems may provide different function calls to +achieve this, and even where the same function is used it may have +different quirks in its behaviour. + +The software is known to work in the following environments: +@itemize @bullet +@item Linux 2.2 and newer + +@item NetBSD +@item BSD/386 + +@item Solaris 2.3/2.5/2.5.1/2.6/2.7/2.8 on Sparc (Sparc 20, Ultrasparc) and +i386 + +@item SunOS 4.1.4 on Sparc 2 and Sparc20. +@end itemize + +Closely related systems may work too, but they have not been tested. + +Porting the software to other system (particularly to those supporting +an @code{adjtime} system call) should not be difficult, however it +requires access to such systems to test out the driver. +@c }}} +@c {{{ S:Other programs +@node Other time synchronisation packages +@section Relationship to other software packages +@menu +* Comparison with ntpd:: +* Comparison with timed:: +@end menu + +@node Comparison with ntpd +@subsection ntpd +The `reference' implementation of the Network Time Protocol is the +program @code{ntpd}, available via +@uref{http://www.ntp.org/, The NTP home page}. + +One of the main differences between @code{ntpd} and @code{chronyd} is in +the algorithms used to control the computer's clock. Things +@code{chronyd} can do better than @code{ntpd}: + +@itemize @bullet +@item +@code{chronyd} can perform usefully in an environment where access to +the time reference is intermittent. @code{ntpd} needs regular polling +of the reference to work well. +@item +@code{chronyd} can usually synchronise the clock faster and with better +time accuracy. +@item +@code{chronyd} quickly adapts to sudden changes in the rate of the clock +(e.g. due to changes in the temperature of the crystal oscillator). +@code{ntpd} may need a long time to settle down again. +@item +@code{chronyd} can perform well even when the network is congested for +longer periods of time. +@item +@code{chronyd} in the default configuration never steps the time to not +upset other running programs. @code{ntpd} can be configured to never +step the time too, but it has to use a different means of adjusting the +clock, which has some +disadvantages. +@item +@code{chronyd} can adjust the rate of the clock on Linux in a larger +range, which allows it to operate even on machines with broken or +unstable clock (e.g. in some virtual machines). +@end itemize + +Things @code{chronyd} can do that @code{ntpd} can't: + +@itemize @bullet +@item +@code{chronyd} provides support for isolated networks whether the only +method of time correction is manual entry (e.g. by the administrator +looking at a clock). @code{chronyd} can look at the errors corrected at +different updates to work out the rate at which the computer gains or +loses time, and use this estimate to trim the computer clock +subsequently. + +@item +@code{chronyd} provides support to work out the gain or loss rate of the +`real-time clock', i.e. the clock that maintains the time when the +computer is turned off. It can use this data when the system boots to +set the system time from a corrected version of the real-time clock. +These real-time clock facilities are only available on Linux, so far. +@end itemize + +Things @code{ntpd} can do that @code{chronyd} can't: + +@itemize @bullet +@item +@code{ntpd} fully supports NTP version 4 (RFC5905), including broadcast, +multicast, manycast clients / servers and the orphan mode. It also +supports extra authentication schemes based on public-key cryptography +(RFC5906). @code{chronyd} uses NTP version 3 (RFC1305), which is +compatible with version 4. + +@item +@code{ntpd} has been ported to more types of computer / operating +system. + +@item +@code{ntpd} includes drivers for many reference clocks. @code{chronyd} +relies on other programs (e.g. gpsd) to access the data from the +reference clocks. +@end itemize + +@node Comparison with timed +@subsection timed +@code{timed} is a program that is part of the BSD networking suite. It +uses broadcast packets to find all machines running the daemon within a +subnet. The machines elect a master which periodically measures the +system clock offsets of the other computers using ICMP timestamps. +Corrections are sent to each member as a result of this process. + +Problems that may arise with @code{timed} are : + +@itemize @bullet +@item +Because it uses broadcasts, it is not possible to isolate its +functionality to a particular group of computers; there is a risk of +upsetting other computers on the same network (e.g. where a whole +company is on the same subnet but different departments are independent +from the point of view of administering their computers.) +@item +The update period appears to be 10 minutes. Computers can build up +significant offsets relative to each other in that time. If a +computer can estimate its rate of drift it can keep itself closer to +the other computers between updates by adjusting its clock every few +seconds. @code{timed} does not seem to do this. +@item +@code{timed} does not have any integrated capability for feeding +real-time into its estimates, or for estimating the average rate of time +loss/gain of the machines relative to real-time (unless one of the +computers in the group has access to an external reference and is always +appointed as the `master'). +@end itemize + +@code{timed} does have the benefit over @code{chronyd} that for isolated +networks of computers, they will track the `majority vote' time. For +such isolated networks, @code{chronyd} requires one computer to be the +`master' with the others slaved to it. If the master has a particular +defective clock, the whole set of computers will tend to slip relative +to real time (but they @emph{will} stay accurate relative to one +another). +@c }}} +@c {{{ S:Rights + warranty +@node Distribution and warranty +@section Distribution rights and (lack of) warranty + +Chrony may be distributed in accordance with the GNU General Public License +version 2, reproduced in @xref{GPL}. + +@c }}} +@c {{{ S:Bug reporting + suggestions +@node Bug reporting +@section Bug reporting and suggestions + +If you think you've found a bug in chrony, or have a suggestion, please let us +know. You can join chrony users mailing list by sending a message with the +subject subscribe to @email{chrony-users-request@@chrony.tuxfamily.org}. Only +subscribers can post to the list. + +When you are reporting a bug, please send us all the information you can. +Unfortunately, chrony has proven to be one of those programs where it is very +difficult to reproduce bugs in a different environment. So we may have to +interact with you quite a lot to obtain enough extra logging and tracing to +pin-point the problem in some cases. Please be patient and plan for this! + +Of course, if you can debug the problem yourself and send us a source code +patch to fix it, we will be very grateful! + +@c }}} +@c {{{ S:Contributions +@node Contributing +@section Contributions + +Although chrony is now a fairly mature and established project, there are still +areas that could be improved. If you can program in C and have some expertise +in these areas, you might be able to fill the gaps. + +Particular areas that need addressing are : + +@enumerate +@item Porting to other Unices + +This involves creating equivalents of sys_solaris.c, sys_linux.c etc for the +new system. Note, the Linux driver has been reported as working on a range of +different architectures (Alpha, Sparc, MIPS as well as x86 of course). + +@item Porting to Windows NT + +A small amount of work on this was done under Cygwin. Only the sorting +out of the include files has really been achieved so far. The two main +areas still to address are + +@enumerate +@item The system clock driver. +@item How to make chronyd into an NT service (i.e. what to replace fork(), +setsid() etc with so that chronyd can be automatically started in the system +bootstrap. +@end enumerate + +@item More drivers for reference clock support + +@end enumerate +@c }}} +@c }}} +@c {{{ Ch:Installation +@node Installation +@chapter Installation + +@c {{{ main introduction text +The software is distributed as source code which has to be compiled. +The source code is supplied in the form of a gzipped tar file, which +unpacks to a subdirectory identifying the name and version of the +program. + +After unpacking the source code, change directory into it, and type + +@example +./configure +@end example + +This is a shell script that automatically determines the system type. +There is a single optional parameter, @code{--prefix} which indicates +the directory tree where the software should be installed. For example, + +@example +./configure --prefix=/opt/free +@end example + +will install the @code{chronyd} daemon into /opt/free/sbin and the +@code{chronyc} control program into /opt/free/bin. The default value for the +prefix is /usr/local. + +The configure script assumes you want to use gcc as your compiler. +If you want to use a different compiler, you can configure this way: + +@example +CC=cc CFLAGS=-O ./configure --prefix=/opt/free +@end example + +for Bourne-family shells, or + +@example +setenv CC cc +setenv CFLAGS -O +./configure --prefix=/opt/free +@end example + +for C-family shells. + +If the software cannot (yet) be built on your system, an error message +will be shown. Otherwise, @file{Makefile} will be generated. + +If editline or readline library is available, chronyc will be built with line +editing support. If you don't want this, specify the --disable-readline flag +to configure. Please refer to @pxref{line editing support} for more information. + +If a @file{timepps.h} header is available (e.g. from the +@uref{http://linuxpps.org/, LinuxPPS project}), @code{chronyd} will be built with PPS API +reference clock driver. If the header is installed in a location that isn't +normally searched by the compiler, you can add it to the searched locations by +setting @code{CPPFLAGS} variable to @code{-I/path/to/timepps}. + +Now type + +@example +make +@end example + +to build the programs. + +If you want to build the manual in plain text, HTML and info versions, type + +@example +make docs +@end example + +Once the programs have been successfully compiled, they need to be +installed in their target locations. This step normally needs to be +performed by the superuser, and requires the following command to be +entered. + +@example +make install +@end example + +This will install the binaries, plain text manual and manpages. + +To install the HTML and info versions of the manual as well, enter the command + +@example +make install-docs +@end example + +If you want chrony to appear in the top level info directory listing, you need +to run the @command{install-info} command manually after this step. +@command{install-info} takes 2 arguments. The first is the path to the +@file{chrony.info} file you have just installed. This will be the argument you +gave to --prefix when you configured (@file{/usr/local} by default), with +@file{/share/info/chrony.info} on the end. The second argument is the location of +the file called @file{dir}. This will typically be @file{/usr/share/info/dir}. So +the typical command line would be + +@example +install-info /usr/local/share/info/chrony.info /usr/share/info/dir +@end example + +Now that the software is successfully installed, the next step is to +set up a configuration file. The default location of the file +is @file{@SYSCONFDIR@/chrony.conf}. Suppose you want to use public NTP +servers from the pool.ntp.org project as your time reference. A +minimal useful configuration file could be + +@example +server 0.pool.ntp.org iburst +server 1.pool.ntp.org iburst +server 2.pool.ntp.org iburst +makestep 10 3 +@end example + +Then, @code{chronyd} can be run. +@c }}} +@menu +* line editing support:: If libraries are in a non-standard place +* package builders:: Extra options useful to package builders +@end menu +@c {{{ line editing support +@node line editing support +@section Support for line editing libraries +Chronyc can be built with support for line editing, this allows you to use the +cursor keys to replay and edit old commands. Two libraries are supported which +provide such functionality, editline and GNU readline. + +Please note that readline since version 6.0 is licensed under GPLv3+ which is +incompatible with chrony's license GPLv2. You should use editline instead if +you don't want to use older readline versions. + +The configure script will automatically enable the line editing support if one +of the supported libraries is available. If they are both available, the +editline library will be used. + +If you don't want to use it (in which case chronyc will use a minimal command +line interface), invoke configure like this: + +@example +./configure --disable-readline other-options... +@end example + +If you have editline, readline or ncurses installed in locations that aren't +normally searched by the compiler and linker, you need to use extra options: + +@table @samp +@item --with-readline-includes=directory_name +This defines the name of the directory above the one where @file{readline.h} +is. @file{readline.h} is assumed to be in @file{editline} or @file{readline} +subdirectory of the named directory. + +@item --with-readline-library=directory_name +This defines the directory containing the @file{libedit.a} or @file{libedit.so} +file, or @file{libreadline.a} or @file{libreadline.so} file. + +@item --with-ncurses-library=directory_name +This defines the directory containing the @file{libncurses.a} or +@file{libncurses.so} file. +@end table + +@c }}} +@c {{{ +@node package builders +@section Extra options for package builders +The configure and make procedures have some extra options that may be useful if +you are building a distribution package for chrony. + +The --infodir=DIR option to configure specifies an install directory +for the info files. This overrides the @file{info} subdirectory of the +argument to the --prefix option. For example, you might use + +@example +./configure --prefix=/usr --infodir=/usr/share/info +@end example + +The --mandir=DIR option to configure specifies an install directory +for the man pages. This overrides the @file{man} subdirectory of the +argument to the --prefix option. + +@example +./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man +@end example + +to set both options together. + +The final option is the DESTDIR option to the make command. For example, you +could use the commands + +@example +./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man +make all docs +make install DESTDIR=./tmp +cd tmp +tar cvf - . | gzip -9 > chrony.tar.gz +@end example + +to build a package. When untarred within the root directory, this will install +the files to the intended final locations. + +@c }}} + +@c }}} +@c {{{ Ch:Typical operating scenarios +@c {{{ Chapter top +@node Typical scenarios +@chapter Typical operating scenarios +@menu +* Computers on the net:: Your computer is on the Internet most of the time + (or on a private network with NTP servers) +* Infrequent connection:: You connect to the Internet sometimes (e.g. via a modem) +* Isolated networks:: You have an isolated network with no reference clocks +* Dial-up home PCs:: Additional considerations if you turn your computer off + when it's not in use +* Configuration options overview:: Overview of some configuration options +@end menu +@c }}} +@c {{{ S:Permanent connection +@node Computers on the net +@section Computers connected to the internet +In this section we discuss how to configure chrony for computers that +are connected to the Internet (or to any network containing true NTP +servers which ultimately derive their time from a reference clock) +permanently or most of the time. + +To operate in this mode, you will need to know the names of the NTP +server machines you wish to use. You may be able to find names of +suitable servers by one of the following methods: + +@itemize @bullet +@item Your institution may already operate servers on its network. +Contact your system administrator to find out. + +@item Your ISP probably has one or more NTP servers available for its +customers. + +@item Somewhere under the NTP homepage there is a list of public +stratum 1 and stratum 2 servers. You should find one or more servers +that are near to you --- check that their access policy allows you to +use their facilities. + +@item Use public servers from +@uref{http://www.pool.ntp.org/, the pool.ntp.org project}. +@end itemize + +Assuming that you have found some servers, you need to set up a +configuration file to run chrony. The (compiled-in) default location +for this file is @file{@SYSCONFDIR@/chrony.conf}. Assuming that your ntp +servers are called @code{a.b.c} and @code{d.e.f}, your +@file{chrony.conf} file could contain as a minimum + +@example +server a.b.c +server d.e.f +server g.h.i +@end example + +However, you will probably want to include some of the other directives +described later. The @code{driftfile} and @code{makestep} directives may be +particularly useful. Also, the @code{iburst} server option is useful to speed +up the initial synchronization. The smallest useful configuration file would +look something like + +@example +server a.b.c iburst +server d.e.f iburst +server g.h.i iburst +driftfile @CHRONYVARDIR@/drift +makestep 10 3 +@end example +@c }}} +@c {{{ S:Infrequent connection +@node Infrequent connection +@section Infrequent connection to true NTP servers +In this section we discuss how to configure chrony for computers that +have occasional connections to the internet. + +@menu +* Configuration for infrequent connections:: How to set up the @code{@SYSCONFDIR@/chrony.conf} file +* Advising chronyd of internet availability:: How to tell chronyd when the link is available +@end menu + +@node Configuration for infrequent connections +@subsection Setting up the configuration file for infrequent connections +As in the previous section, you will need access to NTP servers on the +internet. The same remarks apply for how to find them. + +In this case, you will need some additional configuration to tell +@code{chronyd} when the connection to the internet goes up and down. +This saves the program from continuously trying to poll the servers when +they are inaccessible. + +Again, assuming that your ntp servers are called @code{a.b.c} and +@code{d.e.f}, your @file{chrony.conf} file would need to contain +something like + +@example +server a.b.c +server d.e.f +server g.h.i +@end example + +However, your computer will keep trying to contact the servers to obtain +timestamps, even whilst offline. If you operate a dial-on-demand +system, things are even worse, because the link to the internet will +keep getting established. + +For this reason, it would be better to specify this part of your +configuration file in the following way: + +@example +server a.b.c offline +server d.e.f offline +server g.h.i offline +@end example + +The @code{offline} keyword indicates that the servers start +in an offline state, and that they should not be contacted until @code{chronyd} +receives notification that the link to the internet is present. + +In order to notify @code{chronyd} of the presence of the link, you will need to +be able to log in to it with the program @code{chronyc}. To do this, +@code{chronyd} needs to be configured with an administrator password. The +password is read from a file specified by the @code{keyfile} directive. The +@code{generatecommandkey} directive can be used to generate a random password +automatically on the first @code{chronyd} start. + +The smallest useful configuration file would look something like + +@example +server a.b.c offline +server d.e.f offline +server g.h.i offline +keyfile @SYSCONFDIR@/chrony.keys +generatecommandkey +driftfile @CHRONYVARDIR@/drift +makestep 10 3 +@end example + +The next section describes how to tell @code{chronyd} when the internet link +goes up and down. + +@node Advising chronyd of internet availability +@subsection How to tell chronyd when the internet link is available. +To use this option, you will need to configure a command key in +@code{chronyd's} configuration file @file{@SYSCONFDIR@/chrony.conf}, as described in +the previous section. + +To tell @code{chronyd} when to start and finish sampling the servers, the +@code{online} and @code{offline} commands of chronyc need to be used. +To give an example of their use, we assume that @code{pppd} is the +program being used to connect to the internet, and that chronyc has been +installed at its default location @file{@BINDIR@/chronyc}. We +also assume that the command key has been set up as described in the +previous section. + +In the file @file{/etc/ppp/ip-up} we add the command sequence + +@example +@BINDIR@/chronyc -a online +@end example + +and in the file @file{/etc/ppp/ip-down} we add the sequence + +@example +@BINDIR@/chronyc -a offline +@end example + +@code{chronyd's} polling of the servers will now only occur whilst the +machine is actually connected to the Internet. +@c }}} +@c {{{ S:Isolated networks +@node Isolated networks +@section Isolated networks +In this section we discuss how to configure chrony for computers that +never have network conectivity to any computer which ultimately derives +its time from a reference clock. + +In this situation, one computer is selected to be the master timeserver. +The other computers are either direct clients of the master, or clients +of clients. + +The rate value in the master's drift file needs to be set to the average +rate at which the master gains or loses time. @code{chronyd} includes +support for this, in the form of the @code{manual} directive in the +configuration file and the @code{settime} command in the @code{chronyc} +program. + +If the master is rebooted, @code{chronyd} can re-read the drift rate +from the drift file. However, the master has no accurate estimate of +the current time. To get around this, the system can be configured so +that the master can initially set itself to a `majority-vote' of +selected clients' times; this allows the clients to `flywheel' the +master across its outage. + +A typical configuration file for the master (called @code{master}) might +be (assuming the clients are in the 192.168.165.x subnet and that the +master's address is 192.168.169.170) + +@example +driftfile @CHRONYVARDIR@/drift +generatecommandkey +keyfile @SYSCONFDIR@/chrony.keys +initstepslew 10 client1 client3 client6 +local stratum 8 +manual +allow 192.168.165 +@end example + +For the clients that have to resynchronise the master when it restarts, +the configuration file might be + +@example +server master +driftfile @CHRONYVARDIR@/drift +logdir /var/log/chrony +log measurements statistics tracking +keyfile @SYSCONFDIR@/chrony.keys +generatecommandkey +local stratum 10 +initstepslew 20 master +allow 192.168.169.170 +@end example + +The rest of the clients would be the same, except that the @code{local} +and @code{allow} directives are not required. +@c }}} +@c {{{ S:Dial-up home PCs +@node Dial-up home PCs +@section The home PC with a dial-up connection + +@menu +* Dial-up overview:: General discussion of how the software operates in this mode +* Dial-up configuration:: Typical configuration files +@end menu + +@node Dial-up overview +@subsection Assumptions/how the software works +This section considers the home computer which has a dial-up connection. +It assumes that Linux is run exclusively on the computer. Dual-boot +systems may work; it depends what (if anything) the other system does to +the system's real-time clock. + +Much of the configuration for this case is discussed earlier +(@pxref{Infrequent connection}). This section addresses specifically +the case of a computer which is turned off between 'sessions'. + +In this case, @code{chronyd} relies on the computer's real-time clock +(RTC) to maintain the time between the periods when it is powered up. +The arrangement is shown in the figure below. + +@example +@group + trim if required PSTN + +---------------------------+ +----------+ + | | | | + v | | | ++---------+ +-------+ +-----+ +---+ +| System's| measure error/ |chronyd| |modem| |ISP| +|real-time|------------------->| |-------| | | | +| clock | drift rate +-------+ +-----+ +---+ ++---------+ ^ | + | | | + +---------------------------+ --o-----o--- + set time at boot up | + +----------+ + |NTP server| + +----------+ +@end group +@end example + +When the computer is connected to the Internet (via the modem), +@code{chronyd} has access to external NTP servers which it makes +measurements from. These measurements are saved, and straight-line fits +are performed on them to provide an estimate of the computer's time +error and rate of gaining/losing time. + +When the computer is taken offline from the Internet, the best estimate +of the gain/loss rate is used to free-run the computer until it next +goes online. + +Whilst the computer is running, @code{chronyd} makes measurements of the +real-time clock (RTC) (via the @file{/dev/rtc} interface, which must be +compiled into the kernel). An estimate is made of the RTC error at a +particular RTC second, and the rate at which the RTC gains or loses time +relative to true time. + +On 2.6 and later kernels, if your motherboard has a HPET, you need to enable the +@samp{HPET_EMULATE_RTC} option in your kernel configuration. Otherwise, chrony +will not be able to interact with the RTC device and will give up using it. + +When the computer is powered down, the measurement histories for all the +NTP servers are saved to files (if the @code{dumponexit} directive is +specified in the configuration file), and the RTC tracking information +is also saved to a file (if the @code{rtcfile} directive has been +specified). These pieces of information are also saved if the +@code{dump} and @code{writertc} commands respectively are issued through +@code{chronyc}. + +When the computer is rebooted, @code{chronyd} reads the current RTC time +and the RTC information saved at the last shutdown. This information is +used to set the system clock to the best estimate of what its time would +have been now, had it been left running continuously. The measurement +histories for the servers are then reloaded. + +The next time the computer goes online, the previous sessions' +measurements can contribute to the line-fitting process, which gives a +much better estimate of the computer's gain/loss rate. + +One problem with saving the measurements and RTC data when the machine +is shut down is what happens if there is a power failure; the most +recent data will not be saved. Although @code{chronyd} is robust enough +to cope with this, some performance may be lost. (The main danger +arises if the RTC has been changed during the session, with the +@code{trimrtc} command in @code{chronyc}. Because of this, +@code{trimrtc} will make sure that a meaningful RTC file is saved out +after the change is completed). + +The easiest protection against power failure is to put the @code{dump} +and @code{writertc} commands in the same place as the @code{offline} +command is issued to take @code{chronyd} offline; because @code{chronyd} +free-runs between online sessions, no parameters will change +significantly between going offline from the Internet and any power +failure. + +A final point regards home computers which are left running for extended +periods and where it is desired to spin down the hard disc when it is +not in use (e.g. when not accessed for 15 minutes). @code{chronyd} has +been planned so it supports such operation; this is the reason why the +RTC tracking parameters are not saved to disc after every update, but +only when the user requests such a write, or during the shutdown +sequence. The only other facility that will generate periodic writes to +the disc is the @code{log rtc} facility in the configuration file; this +option should not be used if you want your disc to spin down. + +@node Dial-up configuration +@subsection Typical configuration files. + +To illustrate how a dial-up home computer might be configured, example +configuration files are shown in this section. + +For the @file{@SYSCONFDIR@/chrony.conf} file, the following can be used as an +example. + +@example +server 0.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline +server 1.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline +server 2.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline +logdir /var/log/chrony +log statistics measurements tracking +driftfile @CHRONYVARDIR@/drift +keyfile @SYSCONFDIR@/chrony.keys +generatecommandkey +makestep 10 3 +maxupdateskew 100.0 +dumponexit +dumpdir @CHRONYVARDIR@ +rtcfile @CHRONYVARDIR@/rtc +@end example + +@code{pppd} is used for connecting to the internet. This runs two scripts +@file{/etc/ppp/ip-up} and @file{/etc/ppp/ip-down} when the link goes +online and offline respectively. + +The relevant part of the @file{/etc/ppp/ip-up} file is + +@example +@BINDIR@/chronyc -a online +@end example + +and the relevant part of the @file{/etc/ppp/ip-down} script is + +@example +@BINDIR@/chronyc -a -m offline dump writertc +@end example + +To start @code{chronyd} during the boot sequence, the following +is in @file{/etc/rc.d/rc.local} (this is a Slackware system) + +@example +if [ -f @SBINDIR@/chronyd -a -f @SYSCONFDIR@/chrony.conf ]; then + @SBINDIR@/chronyd -r -s + echo "Start chronyd" +fi +@end example + +The placement of this command may be important on some systems. In +particular, @code{chronyd} may need to be started before any software +that depends on the system clock not jumping or moving backwards, +depending on the directives in @code{chronyd's} configuration file. + +For the system shutdown, @code{chronyd} should receive a SIGTERM several +seconds before the final SIGKILL; the SIGTERM causes the measurement +histories and RTC information to be saved out. +@c }}} +@c {{{ S:Other config options +@node Configuration options overview +@section Other important configuration options +The most common option to include in the configuration file is the +@code{driftfile} option. One of the major tasks of @code{chronyd} is to +work out how fast or how slow the system clock runs relative to real +time - e.g. in terms of seconds gained or lost per day. Measurements +over a long period are usually required to refine this estimate to an +acceptable degree of accuracy. Therefore, it would be bad if +@code{chronyd} had to work the value out each time it is restarted, +because the system clock would not run so accurately whilst the +determination is taking place. + +To avoid this problem, @code{chronyd} allows the gain or loss rate to be +stored in a file, which can be read back in when the program is +restarted. This file is called the drift file, and might typically be +stored in @file{@CHRONYVARDIR@/drift}. By specifying an option like the +following + +@example +driftfile @CHRONYVARDIR@/drift +@end example + +in the configuration file (@file{@SYSCONFDIR@/chrony.conf}), the drift file +facility will be activated. +@c }}} +@c }}} +@c {{{ Ch:Usage reference +@node Usage reference +@chapter Usage reference + +@c {{{ Chapter top +@menu +* Starting chronyd:: Command line options for the daemon +* Configuration file:: Format of the configuration file +* Running chronyc:: The run-time configuration program +@end menu +@c }}} +@c {{{ S:Starting chronyd +@node Starting chronyd +@section Starting chronyd +If @code{chronyd} has been installed to its default location +@file{@SBINDIR@/chronyd}, starting it is simply a matter of +entering the command + +@example +@SBINDIR@/chronyd +@end example + +Information messages and warnings will be logged to syslog. + +If no configuration commands are specified on the command line, +@code{chronyd} will read the commands from the configuration file +(default @file{@SYSCONFDIR@/chrony.conf}). + +The command line options supported are as follows: + +@table @code +@item -n +When run in this mode, the program will not detach itself from the +terminal. +@item -d +When run in this mode, the program will not detach itself from the +terminal, and all messages will be sent to the terminal instead of to +syslog. When @code{chronyd} was compiled with debugging support, +this option can be used twice to print also debugging messages. +@item -f +This option can be used to specify an alternate location for the +configuration file (default @file{@SYSCONFDIR@/chrony.conf}). +@item -r +This option will reload sample histories for each of the servers and refclocks being +used. These histories are created by using the @code{dump} command in +@code{chronyc}, or by setting the @code{dumponexit} directive in the +configuration file. This option is useful if you want to stop and +restart @code{chronyd} briefly for any reason, e.g. to install a new +version. However, it only makes sense on systems where the kernel can +maintain clock compensation whilst not under @code{chronyd's} control. +The only version where this happens so far is Linux. On systems where +this is not the case, e.g. Solaris and SunOS the option should not be +used. +@item -R +When this option is used, the @code{initstepslew} directive and the +@code{makestep} directive used with a positive limit will be ignored. +This option is useful when restarting @code{chronyd} and can be used +in conjuction with the `-r' option. + +@item -s +This option will set the system clock from the computer's real-time +clock. This is analogous to supplying the `-s' flag to the +@file{/sbin/hwclock} program during the Linux boot sequence. + +Support for real-time clocks is limited at present - the criteria are +described in the section on the @code{rtcfile} directive (@pxref{rtcfile +directive}). + +If @code{chronyd} cannot support the real time clock on your computer, +this option cannot be used and a warning message will be logged to the +syslog. + +If used in conjunction with the `-r' flag, @code{chronyd} will attempt +to preserve the old samples after setting the system clock from the real +time clock. This can be used to allow @code{chronyd} to perform long +term averaging of the gain or loss rate across system reboots, and is +useful for dial-up systems that are shut down when not in use. For this +to work well, it relies on @code{chronyd} having been able to determine +accurate statistics for the difference between the real time clock and +system clock last time the computer was on. +@item -u +This option sets the name of the user to which will @code{chronyd} switch to +drop root privileges if compiled with Linux capabilities support (default +@code{@DEFAULT_USER@}). +@item -q +When run in this mode, @code{chronyd} will set the system clock once +and exit. It will not detach from the terminal. +@item -Q +This option is similar to `-q', but it will only print the offset and +not correct the clock. +@item -v +This option displays @code{chronyd's} version number to the terminal and +exits. +@item -P +This option will select the SCHED_FIFO real-time scheduler at the +specified priority (which must be between 0 and 100). This mode is +supported only on Linux. +@item -m +This option will lock chronyd into RAM so that it will never be paged +out. This mode is only supported on Linux. +@item -4 +With this option hostnames will be resolved only to IPv4 addresses and only +IPv4 sockets will be created. +@item -6 +With this option hostnames will be resolved only to IPv6 addresses and only +IPv6 sockets will be created. +@end table + +On systems that support an @file{/etc/rc.local} file for starting +programs at boot time, @code{chronyd} can be started from there. + +On systems with a System V style initialisation, a +suitable start/stop script might be as shown below. This might be +placed in the file @file{/etc/rc2.d/S83chrony}. + +@example +@group +#!/bin/sh +# This file should have uid root, gid sys and chmod 744 +# + +killproc() @{ # kill the named process(es) + pid=`/usr/bin/ps -e | + /usr/bin/grep -w $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid +@} + +case "$1" in + +'start') + if [ -f /opt/free/sbin/chronyd -a -f @SYSCONFDIR@/chrony.conf ]; then + /opt/free/sbin/chronyd + fi + ;; +'stop') + killproc chronyd + ;; +*) + echo "Usage: /etc/rc2.d/S83chrony @{ start | stop @}" + ;; +esac +@end group +@end example + +(In both cases, you may want to bear in mind that @code{chronyd} can +step the time when it starts. There may be other programs started at +boot time that could be upset by this, so you may need to consider the +ordering carefully. However, @code{chronyd} will need to start after +daemons providing services that it may require, e.g. the domain name +service.) +@c }}} +@c {{{ S:chronyd configuration file +@node Configuration file +@section The chronyd configuration file +@c {{{ section top +The configuration file is normally called @file{@SYSCONFDIR@/chrony.conf}; in +fact, this is the compiled-in default. However, other locations can be +specified with a command line option. + +Each command in the configuration file is placed on a separate line. +The following sections describe each of the commands in turn. The +directives can occur in any order in the file. + +The configuration commands can also be specified directly on the +@code{chronyd} command line, each argument is parsed as a line and +the configuration file is ignored. + +@menu +* comments in config file:: How to write a comment +* acquisitionport directive:: Set NTP client port +* allow directive:: Give access to NTP clients +* bindacqaddress directive:: Limit network interface used by NTP client +* bindaddress directive:: Limit network interface used by NTP server +* bindcmdaddress directive:: Limit network interface used for commands +* broadcast directive:: Make chronyd act as an NTP broadcast server +* clientloglimit directive:: Set client log memory limit +* cmdallow directive:: Give control access to chronyc on other computers +* cmddeny directive:: Deny control access to chronyc on other computers +* cmdport directive:: Set port to use for runtime commanding +* combinelimit directive:: Limit sources included in combining algorithm +* commandkey directive:: Set runtime command key +* corrtimeratio directive:: Set correction time ratio +* deny directive:: Deny access to NTP clients +* driftfile directive:: Specify location of file containing drift data +* dumpdir directive:: Specify directory for dumping measurements +* dumponexit directive:: Dump measurements when daemon exits +* fallbackdrift directive:: Specify fallback drift intervals +* generatecommandkey directive:: Generate command key automatically +* hwclockfile directive:: Specify location of hwclock's adjtime file +* include directive:: Include a configuration file +* initstepslew directive:: Trim the system clock on boot-up +* keyfile directive:: Specify location of file containing keys +* leapsectz directive:: Read leap second data from tz database +* local directive:: Allow unsynchronised machine to act as server +* lock_all directive:: Require that chronyd be locked into RAM +* log directive:: Make daemon log certain sets of information +* logbanner directive:: Specify how often is banner written to log files +* logchange directive:: Generate syslog messages if large offsets occur +* logdir directive:: Specify directory for logging +* mailonchange directive:: Send email if a clock correction above a threshold occurs +* makestep directive:: Step system clock if large correction is needed +* manual directive:: Allow manual entry using chronyc's settime cmd +* maxchange directive:: Set maximum allowed offset +* maxclockerror directive:: Set maximum frequency error of local clock +* maxsamples directive:: Set maximum number of samples per source +* maxslewrate directive:: Set maximum slew rate +* maxupdateskew directive:: Stop bad estimates upsetting machine clock +* minsamples directive:: Set minimum number of samples per source +* noclientlog directive:: Prevent chronyd from gathering data about clients +* peer directive:: Specify an NTP peer +* pidfile directive:: Specify the file where chronyd's pid is written +* port directive:: Set NTP server port +* refclock directive:: Specify a reference clock +* reselectdist directive:: Set improvement in distance needed to reselect a source +* rtcautotrim directive:: Specify threshold at which RTC is trimmed automatically +* rtcdevice directive:: Specify name of enhanced RTC device (if not /dev/rtc) +* rtcfile directive:: Specify the file where real-time clock data is stored +* rtconutc directive:: Specify that the real time clock keeps UTC not local time +* rtcsync directive:: Specify that RTC should be automatically synchronised by kernel +* sched_priority directive:: Require real-time scheduling and specify a priority for it +* server directive:: Specify an NTP server +* stratumweight directive:: Specify how important is stratum when selecting source +* tempcomp directive:: Specify temperature sensor and compensation coefficients +* user directive:: Specify user for dropping root privileges + +@end menu +@c }}} +@c {{{ comments in config file +@node comments in config file +@subsection Comments in the configuration file +The configuration file may contain comment lines. A comment line is any line +that starts with zero or more spaces followed by any one of the following +characters: +@itemize +@item ! +@item ; +@item # +@item % +@end itemize +Any line with this format will be ignored. +@c }}} +@c {{{ acquisitionport directive +@node acquisitionport directive +@subsection acquisitionport +By default, @code{chronyd} uses a separate client socket for each configured +server and their source port is chosen arbitrarily by the operating system. +However, you can use the @code{acquisitionport} directive to explicitly specify +a port and use only one socket (per IPv4/IPv6 address family) for all +configured servers. This may be useful for getting through firewalls. + +It may be set to the same port as used by the NTP server (@pxref{port +directive}) to use only one socket for all NTP packets. + +An example of the @code{acquisitionport} command is + +@example +acquisitionport 1123 +@end example + +This would change the source port used for client requests to udp/1123. You +could then persuade the firewall administrator to let that port through. +@c }}} +@c {{{ allow +@node allow directive +@subsection allow +The @code{allow} command is used to designate a particular subnet from +which NTP clients are allowed to access the computer as an NTP server. + +The default is that no clients are allowed access, i.e. @code{chronyd} +operates purely as an NTP client. If the @code{allow} directive is +used, @code{chronyd} will be both a client of its servers, and a server +to other clients. + +Examples of use of the command are as follows: + +@example +allow foo.bar.com +allow 1.2 +allow 3.4.5 +allow 6.7.8/22 +allow 6.7.8.9/22 +allow 2001:db8::/32 +allow 0/0 +allow ::/0 +allow +@end example + +The first command allows the named node to be an NTP client of this computer. +The second command allows any node with an IPv4 address of the form 1.2.x.y (with +x and y arbitrary) to be an NTP client of this computer. Likewise, the third +command allows any node with an IPv4 address of the form 3.4.5.x to have client +NTP access. The fourth and fifth forms allow access from any node with an IPv4 +address of the form 6.7.8.x, 6.7.9.x, 6.7.10.x or 6.7.11.x (with x arbitrary), +i.e. the value 22 is the number of bits defining the specified subnet. (In the +fifth form, the final byte is ignored). The sixth form is used for IPv6 +addresses. The seventh and eighth forms allow access by any IPv4 and IPv6 node +respectively. The ninth forms allows access by any node (IPv4 or IPv6). + +A second form of the directive, @code{allow all}, has a greater effect, +depending on the ordering of directives in the configuration file. To +illustrate the effect, consider the two examples + +@example +allow 1.2.3.4 +deny 1.2.3 +allow 1.2 +@end example + +and + +@example +allow 1.2.3.4 +deny 1.2.3 +allow all 1.2 +@end example + +In the first example, the effect is the same regardles of what order the +three directives are given in. So the 1.2.x.y subnet is allowed access, +except for the 1.2.3.x subnet, which is denied access, however the host +1.2.3.4 is allowed access. + +In the second example, the @code{allow all 1.2} directives overrides the +effect of @emph{any} previous directive relating to a subnet within the +specified subnet. Within a configuration file this capability is +probably rather moot; however, it is of greater use for reconfiguration +at run-time via @code{chronyc} (@pxref{allow all command}). + +Note, if the @code{initstepslew} directive (@pxref{initstepslew +directive}) is used in the configuration file, each of the computers +listed in that directive must allow client access by this computer for +it to work. +@c }}} +@c {{{ bindacqaddress +@node bindacqaddress directive +@subsection bindacqaddress +The @code{bindacqaddress} directive sets the network interface to which will +@code{chronyd} bind its NTP client sockets. The syntax is similar to the +@code{bindaddress} and @code{bindcmdaddress} directives. + +For each of IPv4 and IPv6 protocols, only one @code{bindacqaddress} +directive can be specified. +@c }}} +@c {{{ bindaddress +@node bindaddress directive +@subsection bindaddress +The @code{bindaddress} directive allows you to restrict the network interface +to which @code{chronyd} will listen for NTP requests. This provides an +additional level of access restriction above that available through the +@code{deny} mechanism. + +Suppose you have a local ethernet with addresses in the 192.168.1.0 +subnet together with an internet connection. The ethernet interface's IP +address is 192.168.1.1. Suppose you want to block all access through the +internet connection. You could add the line + +@example +bindaddress 192.168.1.1 +@end example + +to the configuration file. + +This directive affects NTP (UDP port 123 by default) packets. If no +@code{bindcmdaddress} directive is present, the address supplied by +@code{bindaddress} will be used to control binding of the command socket (UDP +port 323 by default) as well. + +The @code{bindaddress} directive has been found to cause problems when used on +computers that need to pass NTP traffic over multiple network interfaces (e.g. +firewalls). It is, therefore, not particularly useful. Use of the +@code{allow} and @code{deny} directives together with a network firewall is +more likely to be successful. + +For each of IPv4 and IPv6 protocols, only one @code{bindaddress} +directive can be specified. +@c }}} +@c {{{ bindcmdaddress +@node bindcmdaddress directive +@subsection bindcmdaddress +The @code{bindcmdaddress} directive allows you to restrict the network +interface to which @code{chronyd} will listen for command packets (issued by +@code{chronyc}). This provides an additional level of access restriction above +that available through @code{cmddeny} mechanism. + +Suppose you want to block all access except from localhost. You +could add the lines + +@example +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 +@end example + +to the configuration file. + +For each of IPv4 and IPv6 protocols, only one @code{bindcmdaddress} +directive can be specified. + +The default values are set by the @code{bindaddress} directive. + +The @code{bindcmdaddress} directive has been found to cause problems when used +on computers that need to pass command traffic over multiple network +interfaces. Use of the @code{cmdallow} and @code{cmddeny} directives together +with a network firewall is more likely to be successful. +@c }}} +@c {{{ broadcast directive +@node broadcast directive +@subsection broadcast +The @code{broadcast} directive is used to declare a broadcast address to which +chronyd should send packets in NTP broadcast mode (i.e. make chronyd act as a +broadcast server). Broadcast clients on that subnet will be able to +synchronise. + +The syntax is as follows + +@example +broadcast 30 192.168.1.255 +broadcast 60 192.168.2.255 12123 +broadcast 60 ff02::101 +@end example + +In the first example, the destination port defaults to 123/udp (the normal NTP +port). In the second example, the destionation port is specified as 12123. +The first parameter in each case (30 or 60 respectively) is the interval in +seconds between broadcast packets being sent. The second parameter in each +case is the broadcast address to send the packet to. This should correspond to +the broadcast address of one of the network interfaces on the computer where +chronyd is running. + +You can have more than 1 @code{broadcast} directive if you have more than 1 +network interface onto which you wish to send NTP broadcast packets. + +@code{chronyd} itself cannot currently act as a broadcast client; it must always be +configured as a point-to-point client by defining specific NTP servers and +peers. This broadcast server feature is intended for providing a time source +to other NTP software (e.g. various MS Windows clients). + +If ntpd is used as the broadcast client, it will try to use a point-to-point +client/server NTP access to measure the round-trip delay. Thus, the broadcast +subnet should also be the subject of an @code{allow} directive (@pxref{allow +directive}). +@c }}} +@c {{{ clientloglimit +@node clientloglimit directive +@subsection clientloglimit +This directive specifies the maximum size of the memory allocated to +log client accesses. When the limit is reached, only information for +clients that have already been logged will be updated. If 0 is +specified, the memory size will be unlimited. The default is 524288 +bytes. + +An example of the use of this directive is + +@example +clientloglimit 1048576 +@end example +@c }}} +@c {{{ cmdallow +@node cmdallow directive +@subsection cmdallow + +This is similar to the @code{allow} directive (@pxref{allow directive}), except +that it allows control access (rather than NTP client access) to a particular +subnet or host. (By 'control access' is meant that chronyc can be run on those +hosts and successfully connect to chronyd on this computer.) + +The syntax is identical to the @code{allow} directive. + +There is also a @code{cmdallow all} directive with similar behaviour to the +@code{allow all} directive (but applying to control access in this case, of +course). +@c }}} +@c {{{ cmddeny +@node cmddeny directive +@subsection cmddeny + +This is similar to the @code{cmdallow} directive (@pxref{cmdallow directive}), +except that it denies control access to a particular subnet or host, +rather than allowing it. + +The syntax is identical. + +There is also a @code{cmddeny all} directive with similar behaviour to the +@code{cmdallow all} directive. +@c }}} +@c {{{ cmdport +@node cmdport directive +@subsection cmdport + +The @code{cmdport} directive allows the port that is used for run-time +command and monitoring (via the program @code{chronyc}) to be altered +from its default (323/udp). If set to 0, @code{chronyd} will not open the +port, this is useful to disable the @code{chronyc} access completely. + +An example shows the syntax + +@example +cmdport 257 +@end example + +This would make @code{chronyd} use 257/udp as its command port. +(@code{chronyc} would need to be run with the @code{-p 257} switch to +inter-operate correctly). +@c }}} +@c {{{ combinelimit +@node combinelimit directive +@subsection combinelimit +When @code{chronyd} has multiple sources available for synchronization, it has +to select one source as the synchronization source. The measured offsets and +frequencies of the system clock relative to the other sources, however, can be +combined with the selected source to improve the accuracy of the system clock. + +The @code{combinelimit} directive limits which sources are included in the +combining algorithm. Their synchronization distance has to be shorter than the +distance of the selected source multiplied by the value of the limit. Also, +their measured frequencies have to be close to the frequency of the selected +source. + +By default, the limit is 3. Setting the limit to 0 effectively disables the +source combining algorithm and only the selected source will be used to +control the system clock. + +The syntax is + +@example +combinelimit +@end example +@c }}} +@c {{{ commandkey +@node commandkey directive +@subsection commandkey +The commandkey command is used to set the key number used for +authenticating user commands via the chronyc program at run time. +This allows certain actions of the chronyc program to be restricted to +administrators. + +An example of the commandkey command is + +@example +commandkey 20 +@end example + +By default, the key number is 0. + +In the key file (see the keyfile command) there should be a line of +the form + +@example +20 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC +@end example + +When running the chronyc program to perform run-time configuration, +the command + +@example +password HEX:B028F91EA5C38D06C2E140B26C7F41EC +@end example + +must be entered before any commands affecting the operation of the +daemon can be entered, or chronyc must be started with the `-a' option to run +the password command automatically. +@c }}} +@c {{{ corrtimeratio +@node corrtimeratio directive +@subsection corrtimeratio +When @code{chronyd} makes a time correction, it controls how quickly +the system clock is slewed (so far only on Linux). This rate +affects the frequency error of the system clock. + +The @code{corrtimeratio} directive sets the ratio between the +duration in which the clock is slewed for an average correction +according to the source history and the interval in which the +corrections are done (usually the NTP polling interval). Corrections +larger than the average take less time and smaller corrections take +more time, the amount of the correction and the correction time are +inversely proportional. + +Increasing @code{corrtimeratio} improves the overall frequency error +of the system clock, but increases the overall time error as the +corrections take longer. + +By default, the ratio is set to 3, the time accuracy of the clock is +preferred over its frequency accuracy. + +The syntax is + +@example +corrtimeratio 100 +@end example + +The maximum allowed slew rate can be set by the @code{maxslewrate} +directive (@pxref{maxslewrate directive}. The current remaining +correction is shown in the @code{tracking} report (@pxref{tracking +command}) as the @code{System time} value. +@c }}} +@c {{{ deny +@node deny directive +@subsection deny + +This is similar to the @code{allow} directive (@pxref{allow directive}), +except that it denies NTP client access to a particular subnet or host, +rather than allowing it. + +The syntax is identical. + +There is also a @code{deny all} directive with similar behaviour to the +@code{allow all} directive. +@c }}} +@c {{{ driftfile +@node driftfile directive +@subsection driftfile +One of the main activities of the @code{chronyd} program is to work out +the rate at which the system clock gains or loses time relative to real +time. + +Whenever @code{chronyd} computes a new value of the gain/loss rate, it +is desirable to record it somewhere. This allows @code{chronyd} to +begin compensating the system clock at that rate whenever it is +restarted, even before it has had a chance to obtain an equally good +estimate of the rate during the new run. (This process may take many +minutes, at least). + +The driftfile command allows a file to be specified into which +@code{chronyd} can store the rate information. Two parameters are +recorded in the file. The first is the rate at which the system clock +gains or loses time, expressed in parts per million, with gains +positive. Therefore, a value of 100.0 indicates that when the system +clock has advanced by a second, it has gained 100 microseconds on +reality (so the true time has only advanced by 999900 microseconds). +The second is an estimate of the error bound around the first value in +which the true rate actually lies. + +An example of the driftfile command is + +@example +driftfile @CHRONYVARDIR@/drift +@end example +@c }}} +@c {{{ dumpdir +@node dumpdir directive +@subsection dumpdir +To compute the rate of gain or loss of time, @code{chronyd} has to store +a measurement history for each of the time sources it uses. + +Certain systems (so far only Linux) have operating system support for +setting the rate of gain or loss to compensate for known errors. (On +other systems, @code{chronyd} must simulate such a capability by +periodically slewing the system clock forwards or backwards by a +suitable amount to compensate for the error built up since the previous +slew). + +For such systems, it is possible to save the measurement history across +restarts of @code{chronyd} (assuming no changes are made to the system +clock behaviour whilst it is not running). If this capability is to be +used (via the dumponexit command in the configuration file, or the dump +command in chronyc), the dumpdir command should be used to define the +directory where the measurement histories are saved. + +An example of the command is + +@example +dumpdir @CHRONYVARDIR@ +@end example + +A source whose reference id (the IP address for IPv4 sources) is +1.2.3.4 would have its measurement history saved in the file +@file{/var/lib/chrony/1.2.3.4.dat}. +@c }}} +@c {{{ dumponexit +@node dumponexit directive +@subsection dumponexit +If this command is present, it indicates that @code{chronyd} should save +the measurement history for each of its time sources recorded whenever +the program exits. (See the dumpdir command above). +@c }}} +@c {{{ fallbackdrift +@node fallbackdrift directive +@subsection fallbackdrift +Fallback drifts are long-term averages of the system clock drift +calculated over exponentially increasing intervals. They are used +when the clock is unsynchronised to avoid quickly drifting away from +true time if there was a short-term deviation in drift before the +synchronisation was lost. + +The directive specifies the minimum and maximum interval for how long +the system clock has to be unsynchronised to switch between fallback +drifts. They are defined as a power of 2 (in seconds). The syntax is +as follows + +@example +fallbackdrift 16 19 +@end example + +In this example, the minimum interval is 16 (18 hours) and maximum +interval is 19 (6 days). The system clock frequency will be set to +the first fallback 18 hours after the synchronisation was lost, to the +second after 36 hours, etc. This might be a good setting to cover +daily and weekly temperature fluctuations. + +By default (or if the specified maximum or minimum is 0), no fallbacks +will be used and the clock frequency will stay at the last value +calculated before synchronisation was lost. +@c }}} +@c {{{ generatecommandkey +@node generatecommandkey directive +@subsection generatecommandkey +With this directive, if the command key is not found on start in the file +specified by the @code{keyfile} directive, @code{chronyd} will generate a new +command key from the /dev/urandom file and write it to the key file. + +The generated key will use SHA1 if @code{chronyd} is compiled with the support, +otherwise MD5 will be used. +@c }}} +@c {{{ hwclockfile +@node hwclockfile directive +@subsection hwclockfile +The @code{hwclockfile} directive sets the location of the adjtime file which is +used by the @file{/sbin/hwclock} program. With this directive, @code{chronyd} +will parse the file to find out if the RTC keeps local time or UTC. It +overrides the @code{rtconutc} directive (@pxref{rtconutc directive}). + +An example of the command is + +@example +hwclockfile /etc/adjtime +@end example +@c }}} +@c {{{ include +@node include directive +@subsection include +The @code{include} directive includes a specified configuration file. +This is useful when maintaining configuration on multiple hosts to +keep the differences in a separate file. + +@example +include @SYSCONFDIR@/chrony/local.conf +@end example +@c }}} +@c {{{ initstepslew +@node initstepslew directive +@subsection initstepslew +In normal operation, @code{chronyd} slews the time when it needs to +adjust the system clock. For example, to correct a system clock which +is 1 second slow, @code{chronyd} slightly increases the amount by which the +system clock is advanced on each clock interrupt, until the error is +removed. (Actually, this is done by calling the @code{adjtime()} or +similar system function which does it for us.) Note that at no time +does time run backwards with this method. + +On most Unix systems it is not desirable to step the system clock, +because many programs rely on time advancing monotonically forwards. + +When the @code{chronyd} daemon is initially started, it is possible that the +system clock is considerably in error. Attempting to correct such an +error by slewing may not be sensible, since it may take several hours +to correct the error by this means. + +The purpose of the @code{initstepslew} directive is to allow @code{chronyd} to +make a rapid measurement of the system clock error at boot time, and to +correct the system clock by stepping before normal operation begins. +Since this would normally be performed only at an appropriate point in +the system boot sequence, no other software should be adversely affected +by the step. + +If the correction required is less than a specified threshold, a slew is +used instead. This makes it easier to restart @code{chronyd} whilst the +system is in normal operation. + +The @code{initstepslew} directive takes a threshold and a list of NTP +servers as arguments. A maximum of 8 will be used. Each of the servers +is rapidly polled several times, and a majority voting mechanism used to +find the most likely range of system clock error that is present. A +step (or slew) is applied to the system clock to correct this error. +@code{chronyd} then enters its normal operating mode. + +An example of use of the command is + +@example +initstepslew 30 foo.bar.com baz.quz.com +@end example + +where 2 NTP servers are used to make the measurement. The @code{30} +indicates that if the system's error is found to be 30 seconds or less, +a slew will be used to correct it; if the error is above 30 seconds, a +step will be used. + +The @code{initstepslew} directive can also be used in an isolated LAN +environment, where the clocks are set manually. The most stable +computer is chosen as the master, and the other computers are slaved to +it. If each of the slaves is configured with the local option (see +below), the master can be set up with an @code{initstepslew} directive +which references some or all of the slaves. Then, if the master machine +has to be rebooted, the slaves can be relied on to 'flywheel' the time +for the master. + +The @code{initstepslew} directive is functionally similar to a +combination of the @code{makestep} and @code{server} directives with +the @code{iburst} option. The main difference is that the +@code{initstepslew} servers are used only before normal operation +begins and that the foreground @code{chronyd} process waits for +@code{initstepslew} to finish before exiting. This is useful to +prevent programs started in the boot sequence after @code{chronyd} +from reading the clock before it's stepped. +@c }}} +@c {{{ keyfile +@node keyfile directive +@subsection keyfile +This command is used to specify the location of the file containing +ID/key pairs for the following 2 uses: + +@itemize @bullet +@item Authentication of NTP packets. +@item Authentication of administrator commands entered via chronyc. +@end itemize + +The format of the command is shown in the example below + +@example +keyfile @SYSCONFDIR@/chrony.keys +@end example + +The argument is simply the name of the file containing the ID/key +pairs. The format of the file is shown below + +@example +10 tulip +11 hyacinth +20 MD5 ASCII:crocus +25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c + ... +@end example + +Each line consists of an ID, a name of authentication hash function (optional) +and a password. The ID can be any unsigned integer in the range 0 through +2**32-1, but ID of 0 can be used only for the command key and not for the NTP +authentication. The hash function is MD5 by default, depending on how was +@code{chronyd} compiled other allowed hash functions may be SHA1, SHA256, +SHA384, SHA512, RMD128, RMD160, RMD256, RMD320, TIGER and WHIRLPOOL. The +password can be encoded as a string of characters not containing a space with +optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:} +prefix. + +The password is used with the hash function to generate and verify a message +authentication code (MAC) in NTP and command packets. +For maximum security, it's recommended to use SHA1 or stronger hash function. +The passwords should be random and they should be as long as the output size of +the configured hash function, e.g. 160 bits with SHA1. + +The ID for the chronyc authentication key is specified with the commandkey +command (see earlier). The command key can be generated automatically on +start with the @code{generatecommandkey} directive. +@c }}} +@c {{{ leapsectz +@node leapsectz directive +@subsection leapsectz +This directive is used to set the name of the timezone in the system +tz database which @code{chronyd} can use to find out when will the +next leap second occur. It will periodically check if the times +23:59:59 and 23:59:60 are valid on Jun 30 and Dec 31 in the timezone. +A useful timezone is @code{right/UTC}. +This is mainly useful with reference clocks which don't provide the +leap second information. It is not necessary to restart +@code{chronyd} if the tz database is updated with a new leap second at +least 12 hours before the event. + +An example of the command is + +@example +leapsectz right/UTC +@end example + +The following shell command verifies that the timezone contains leap +seconds and can be used with this directive + +@example +$ TZ=right/UTC date -d 'Dec 31 2008 23:59:60' +Wed Dec 31 23:59:60 UTC 2008 +@end example + +@c }}} +@c {{{ local +@node local directive +@subsection local +The local keyword is used to allow @code{chronyd} to appear synchronised +to real time (from the viewpoint of clients polling it), even if it has +no current synchronisation source. + +This option is normally used on computers in an isolated network, +where several computers are required to synchronise to one other, this +being the "master" which is kept vaguely in line with real time by +manual input. + +An example of the command is + +@example +local stratum 10 +@end example + +The value 10 may be substituted with other values in the range 1 +through 15. Stratum 1 indicates a computer that has a true real-time +reference directly connected to it (e.g. GPS, atomic clock etc) +– such computers are expected to be very close to real time. +Stratum 2 computers are those which have a stratum 1 server; stratum 3 +computers have a stratum 2 server and so on. + +A large value of 10 indicates that the clock is so many hops away from +a reference clock that its time is fairly unreliable. Put another +way, if the computer ever has access to another computer which is +ultimately synchronised to a reference clock, it will almost certainly +be at a stratum less than 10. Therefore, the choice of a high value +like 10 for the local command prevents the machine's own time from +ever being confused with real time, were it ever to leak out to +clients that have visibility of real servers. +@c }}} +@c {{{ lock_all +@node lock_all directive +@subsection lock_all + +The @code{lock_all} directive will lock chronyd into RAM so that it +will never be paged out. This mode is only supported on Linux. This +directive uses the Linux mlockall() system call to prevent @code{chronyd} +from ever being swapped out. This should result in lower and more +consistent latency. It should not have significant impact on +performance as @code{chronyd's} memory usage is modest. The mlockall man +page has more details. +@c }}} +@c {{{ log +@node log directive +@subsection log +@c {{{ section top +The log command indicates that certain information is to be logged. + +@table @code +@item measurements +This option logs the raw NTP measurements and related information to a +file called measurements.log. + +@item statistics +This option logs information about the regression processing to a file +called statistics.log. + +@item tracking +This option logs changes to the estimate of the system's gain or loss +rate, and any slews made, to a file called tracking.log. + +@item rtc +This option logs information about the system's real-time clock. + +@item refclocks +This option logs the raw and filtered reference clock measurements to +a file called refclocks.log. +@item tempcomp +This option logs the temperature measurements and system rate +compensations to a file called tempcomp.log. +@end table + +The files are written to the directory specified by the logdir +command. + +An example of the command is + +@example +log measurements statistics tracking +@end example + +@menu +* measurements log:: The format of the measurements log +* statistics log:: The format of the statistics log +* tracking log:: The format of the tracking log +* RTC log:: The format of the RTC log +* refclocks log:: The format of the refclocks log +* tempcomp log:: The format of the tempcomp log +@end menu +@c }}} +@c {{{ measurements.log +@node measurements log +@subsubsection Measurements log file format + +An example line (which actually appears as a single line in the file) +from the measurements log file is shown below. + +@example +2010-12-22 05:40:50 158.152.1.76 N 8 1111 111 1111 10 10 1.0 \ + -4.966e-03 2.296e-01 1.577e-05 1.615e-01 7.446e-03 +@end example + +The columns are as follows (the quantities in square brackets are the +values from the example line above) : + +@enumerate 1 +@item +Date [2010-12-22] +@item +Hour:Minute:Second [05:40:50]. Note that the date/time pair is +expressed in UTC, not the local time zone. +@item +IP address of server/peer from which measurement comes [158.152.1.76] +@item +Leap status (@code{N} means normal, @code{+} means that the last minute +of the current month has 61 seconds, @code{-} means that the last minute +of the month has 59 seconds, @code{?} means the remote computer is not +currently synchronised.) [N] +@item +Stratum of remote computer. [2] +@item +RFC1305 tests 1 through 4 (1=pass, 0=fail) [1111] +@item +Tests for maximum delay, maximum delay ratio and maximum delay dev ratio, +against defined parameters (1=pass, 0=fail) [111] +@item +RFC1305 tests 5 through 8 (1=pass, 0=fail) [1111] +@item +Local poll [10] +@item +Remote poll [10] +@item +`Score' (an internal score within each polling level used to decide when +to increase or decrease the polling level. This is adjusted based on number +of measurements currently being used for the regression algorithm). [1.0] +@item +The estimated local clock error (`theta' in RFC1305). Positive indicates that the local clock is slow. [-4.966e-03]. +@item +The peer delay (`delta' in RFC1305). [2.296e-01] +@item +The peer dispersion (`epsilon' in RFC1305). [1.577e-05] +@item +The root delay (`Delta' in RFC1305). [1.615e-01] +@item +The root dispersion (`E' in RFC1305). [7.446e-03] +@end enumerate + +A banner is periodically written to the log file to indicate the +meanings of the columns. +@c }}} +@c {{{ statistics.log +@node statistics log +@subsubsection Statistics log file format + +An example line (which actually appears as a single line in the file) +from the statistics log file is shown below. + +@example +1998-07-22 05:40:50 158.152.1.76 6.261e-03 -3.247e-03 \ + 2.220e-03 1.874e-06 1.080e-06 7.8e-02 16 0 8 +@end example + +The columns are as follows (the quantities in square brackets are the +values from the example line above) : + +@enumerate 1 +@item +Date [1998-07-22] +@item +Hour:Minute:Second [05:40:50]. Note that the date/time pair is +expressed in UTC, not the local time zone. +@item +IP address of server/peer from which measurement comes [158.152.1.76] +@item +The estimated standard deviation of the measurements from the source (in +seconds). [6.261e-03] +@item +The estimated offset of the source (in seconds, positive means the local +clock is estimated to be fast, in this case). [-3.247e-03] +@item +The estimated standard deviation of the offset estimate (in +seconds). [2.220e-03] +@item +The estimated rate at which the local clock is gaining or losing time +relative to the source (in seconds per second, positive means the local +clock is gaining). This is relative to the compensation currently being +applied to the local clock, @emph{not} to the local clock without any +compensation. [1.874e-06] +@item +The estimated error in the rate value (in seconds per +second). [1.080e-06]. +@item +The ration of |old_rate - new_rate| / old_rate_error. Large values +indicate the statistics are not modelling the source very well. [7.8e-02] +@item +The number of measurements currently being used for the regression +algorithm. [16] +@item +The new starting index (the oldest sample has index 0; this is the +method used to prune old samples when it no longer looks like the +measurements fit a linear model). [0, i.e. no samples discarded this +time] +@item +The number of runs. The number of runs of regression residuals with the +same sign is computed. If this is too small it indicates that the +measurements are no longer represented well by a linear model and that +some older samples need to be discarded. The number of runs for the +data that is being retained is tabulated. Values of approximately half +the number of samples are expected. [8] +@end enumerate + +A banner is periodically written to the log file to indicate the +meanings of the columns. +@c }}} +@c {{{ tracking.log +@node tracking log +@subsubsection Tracking log file format + +An example line (which actually appears as a single line in the file) +from the tracking log file is shown below. + +@example +2012-02-23 05:40:50 158.152.1.76 3 340.529 1.606 1.046e-03 N \ + 4 6.849e-03 -4.670e-04 +@end example + +The columns are as follows (the quantities in square brackets are the +values from the example line above) : + +@enumerate 1 +@item +Date [2012-02-03] +@item +Hour:Minute:Second [05:40:50]. Note that the date/time pair is +expressed in UTC, not the local time zone. +@item +The IP address of the server/peer to which the local system is +synchronised. [158.152.1.76] +@item +The stratum of the local system. [3] +@item +The local system frequency (in ppm, positive means the local system runs +fast of UTC). [340.529] +@item +The error bounds on the frequency (in ppm) [1.606] +@item +The estimated local offset at the epoch (which is rapidly corrected by +slewing the local clock. (In seconds, positive indicates the local +system is fast of UTC). [1.046e-3] +@item +Leap status (@code{N} means normal, @code{+} means that the last minute +of this month has 61 seconds, @code{-} means that the last minute of the month +has 59 seconds, @code{?} means the clock is not currently synchronised.) [N] +@item +The number of combined sources. [4] +@item +The estimated standard deviation of the combined offset (in seconds). +[6.849e-03] +@item +The remaining offset correction from the previous update (in seconds, positive +means the system clock is slow of UTC). [-4.670e-04] +@end enumerate + +A banner is periodically written to the log file to indicate the +meanings of the columns. +@c }}} +@c {{{ rtc.log +@node RTC log +@subsubsection Real-time clock log file format + +An example line (which actually appears as a single line in the file) +from the measurements log file is shown below. + +@example +1998-07-22 05:40:50 -0.037360 1 -0.037434\ + -37.948 12 5 120 +@end example + +The columns are as follows (the quantities in square brackets are the +values from the example line above) : + +@enumerate 1 +@item +Date [1998-07-22] +@item +Hour:Minute:Second [05:40:50]. Note that the date/time pair is +expressed in UTC, not the local time zone. +@item +The measured offset between the system's real time clock and the system +(@code{gettimeofday()}) time. In seconds, positive indicates that the +RTC is fast of the system time. [-0.037360]. +@item +Flag indicating whether the regression has produced valid +coefficients. (1 for yes, 0 for no). [1] +@item +Offset at the current time predicted by the regression process. A large +difference between this value and the measured offset tends to indicate +that the measurement is an outlier with a serious measurement +error. [-0.037434]. +@item +The rate at which the RTC is losing or gaining time relative to the +system clock. In ppm, with positive indicating that the RTC is gaining +time. [-37.948] +@item +The number of measurements used in the regression. [12] +@item +The number of runs of regression residuals of the same sign. Low values +indicate that a straight line is no longer a good model of the measured +data and that older measurements should be discarded. [5] +@item +The measurement interval used prior to the measurement being made (in +seconds). [120] +@end enumerate + +A banner is periodically written to the log file to indicate the +meanings of the columns. +@c }}} +@c {{{ refclocks.log +@node refclocks log +@subsubsection Refclocks log file format + +An example line (which actually appears as a single line in the file) +from the refclocks log file is shown below. + +@example +2009-11-30 14:33:27.000000 PPS2 7 N 1 4.900000e-07 -6.741777e-07 1.000e-06 +@end example + +The columns are as follows (the quantities in square brackets are the +values from the example line above) : + +@enumerate 1 +@item +Date [2009-11-30] +@item +Hour:Minute:Second.Microsecond [14:33:27.000000]. Note that the +date/time pair is expressed in UTC, not the local time zone. +@item +Reference ID of refclock from which measurement comes. [PPS2] +@item +Sequence number of driver poll within one polling interval for raw +samples, or @code{-} for filtered samples. [7] +@item +Leap status (@code{N} means normal, @code{+} means that the last minute +of the current month has 61 seconds, @code{-} means that the last minute +of the month has 59 seconds). [N] +@item +Flag indicating whether the sample comes from PPS source. (1 for yes, +0 for no, or @code{-} for filtered sample). [1] +@item +Local clock error measured by refclock driver, or @code{-} for +filtered sample. [4.900000e-07] +@item +Local clock error with applied corrections. Positive indicates +that the local clock is slow. [-6.741777e-07] +@item +Assumed dispersion of the sample. [1.000e-06] +@end enumerate + +A banner is periodically written to the log file to indicate the +meanings of the columns. +@c }}} +@c {{{ tempcomp.log +@node tempcomp log +@subsubsection Tempcomp log file format + +An example line (which actually appears as a single line in the file) +from the tempcomp log file is shown below. + +@example +2010-04-19 10:39:48 2.8000e+04 3.6600e-01 +@end example + +The columns are as follows (the quantities in square brackets are the +values from the example line above) : + +@enumerate 1 +@item +Date [2010-04-19] +@item +Hour:Minute:Second [10:39:48]. Note that the +date/time pair is expressed in UTC, not the local time zone. +@item +Temperature read from tempcomp file. [2.8000e+04] +@item +Applied compensation in ppm, positive means the system clock is +running faster than it would be without the compensation. [3.6600e-01] +@end enumerate + +A banner is periodically written to the log file to indicate the +meanings of the columns. +@c }}} +@c }}} +@c {{{ logbanner +@node logbanner directive +@subsection logbanner +A banner is periodically written to the log files enabled by the +@code{log} directive to indicate the meanings of the columns. + +The @code{logbanner} directive specifies after how many entries in the +log file should be the banner written. The default is 32, and 0 can be +used to disable it entirely. +@c }}} +@c {{{ logchange +@node logchange directive +@subsection logchange +This directive forces @code{chronyd} to send a message to syslog if it +makes a system clock adjustment larger than a threshold value. An +example of use is + +@example +logchange 0.5 +@end example + +which would cause a syslog message to be generated a system clock error +of over 0.5 seconds starts to be compensated. + +Clock errors detected either via NTP packets or via timestamps entered +via the @code{settime} command of @code{chronyc} are logged. + +This directive assumes that syslog messages are appearing where somebody +can see them. This allows that person to see if a large error has +arisen, e.g. because of a fault, or because of faulty timezone handling, +for example when summer time (daylight saving) starts or ends. +@c }}} +@c {{{ logdir +@node logdir directive +@subsection logdir +This directive allows the directory where log files are written to be +specified. + +An example of the use of this directive is + +@example +logdir /var/log/chrony +@end example +@c }}} +@c {{{ mailonchange +@node mailonchange directive +@subsection mailonchange +This directive defines an email address to which mail should be sent if +chronyd applies a correction exceeding a particular threshold to the +system clock. + +An example of use of this directive is + +@example +mailonchange root@@localhost 0.5 +@end example + +This would send a mail message to root if a change of more than 0.5 +seconds were applied to the system clock. +@c }}} +@c {{{ makestep +@node makestep directive +@subsection makestep +Normally chronyd will cause the system to gradually correct any time +offset, by slowing down or speeding up the clock as required. In +certain situations, the system clock may be so far adrift that this +slewing process would take a very long time to correct the system clock. + +This directive forces @code{chronyd} to step system clock if the +adjustment is larger than a threshold value, but only if there were no +more clock updates since @code{chronyd} was started than a specified +limit (a negative value can be used to disable the limit). + +This is particularly useful when using reference clocks, because the +@code{initstepslew} directive (@pxref{initstepslew directive}) works +only with NTP sources. + +An example of the use of this directive is + +@example +makestep 1000 10 +@end example + +This would step system clock if the adjustment is larger than 1000 +seconds, but only in the first ten clock updates. +@c }}} +@c {{{ manual +@node manual directive +@subsection manual +The @code{manual} directive enables support at run-time for the +@code{settime} command in chronyc (@pxref{settime command}). If no +@code{manual} directive is included, any attempt to use the +@code{settime} command in chronyc will be met with an error message. + +Note that the @code{settime} command can be enabled at run-time using +the @code{manual} command in chronyc (@pxref{manual command}). (The +idea of the two commands is that the @code{manual} command controls the +manual clock driver's behaviour, whereas the @code{settime} command +allows samples of manually entered time to be provided). +@c }}} +@c {{{ maxchange +@node maxchange directive +@subsection maxchange +This directive sets the maximum allowed offset corrected on a clock +update. The check is performed only after the specified number of +updates to allow a large initial adjustment of the system clock. When +an offset larger than the specified maximum occurs, it will be ignored +for the specified number of times and then @code{chronyd} will give up +and exit (a negative value can be used to never exit). In both cases +a message is sent to syslog. + +An example of the use of this directive is + +@example +maxchange 1000 1 2 +@end example + +After the first clock update, @code{chronyd} will check the offset on +every clock update, it will ignore two adjustments larger than 1000 +seconds and exit on another one. +@c }}} +@c {{{ maxclockerror +@node maxclockerror directive +@subsection maxclockerror +The @code{maxclockerror} directive sets the maximum assumed frequency +error of the local clock. This is a frequency stability of the clock, +not an absolute frequency error. + +By default, the maximum assumed error is set to 1 ppm. + +The syntax is + +@example +maxclockerror +@end example + +Typical values for might be 10 for a low quality clock +to 0.1 for a high quality clock using a temperature compensated +crystal oscillator. +@c }}} +@c {{{ maxsamples +@node maxsamples directive +@subsection maxsamples +The @code{maxsamples} directive sets the maximum number of samples +@code{chronyd} should keep for each source. The default is 0, which +disables the configurable limit, and the useful range is 4 to 64. + +The syntax is + +@example +maxsamples +@end example +@c }}} +@c {{{ maxslewrate +@node maxslewrate directive +@subsection maxslewrate +The @code{maxslewrate} directive sets the maximum rate at which @code{chronyd} +is allowed to slew the time. It limits the slew rate controlled by the +correction time ratio (@pxref{corrtimeratio directive}) and is effective +only on systems where @code{chronyd} is able to control the rate (so +far only Linux). + +By default, the maximum slew rate is 83333.333 ppm (one twelfth). + +The syntax is + +@example +maxslewrate +@end example +@c }}} +@c {{{ maxupdateskew +@node maxupdateskew directive +@subsection maxupdateskew +One of @code{chronyd's} tasks is to work out how fast or slow the computer's +clock runs relative to its reference sources. In addition, it computes +an estimate of the error bounds around the estimated value. + +If the range of error is too large, it probably indicates that the +measurements have not settled down yet, and that the estimated gain or +loss rate is not very reliable. + +The @code{maxupdateskew} parameter allows the threshold for determining +whether an estimate may be so unreliable that it should not be used. +By default, the threshold is 1000 ppm. + +The syntax is + +@example +maxupdateskew +@end example + +Typical values for might be 100 for a dial-up connection +to servers over a phone line, and 5 or 10 for a computer on a LAN. + +It should be noted that this is not the only means of protection against +using unreliable estimates. At all times, @code{chronyd} keeps track of +both the estimated gain or loss rate, and the error bound on the +estimate. When a new estimate is generated following another +measurement from one of the sources, a weighted combination algorithm is +used to update the master estimate. So if @code{chronyd} has an existing +highly-reliable master estimate and a new estimate is generated which +has large error bounds, the existing master estimate will dominate in +the new master estimate. +@c }}} +@c {{{ minsamples +@node minsamples directive +@subsection minsamples +The @code{minsamples} directive sets the minimum number of samples +@code{chronyd} should try to keep for each source. The default is 0 and the +useful range is 4 to 64. + +The syntax is + +@example +minsamples +@end example +@c }}} +@c {{{ noclientlog +@node noclientlog directive +@subsection noclientlog +This directive, which takes no arguments, specifies that client accesses +are not to be logged. Normally they are logged, allowing statistics to +be reported using the @code{clients} command in @code{chronyc}. +@c }}} +@c {{{ peer +@node peer directive +@subsection peer +The syntax of this directive is identical to that for the @code{server} +directive (@pxref{server directive}), except that it is used to specify +an NTP peer rather than an NTP server. +@c }}} +@c {{{ pidfile +@node pidfile directive +@subsection pidfile +chronyd always writes its process ID (pid) to a file, and checks this file on startup to see if another chronyd may already be running on the system. By default, the file used is @code{/var/run/chronyd.pid}. The @code{pidfile} directive allows the name to be changed, e.g. + +@example +pidfile /var/tmp/chronyd.pid +@end example +@c }}} +@c {{{ port +@node port directive +@subsection port +This option allows you to configure the port on which @code{chronyd} +will listen for NTP requests. + +The compiled in default is udp/123, the standard NTP port. If set to 0, +@code{chronyd} will not open the server socket and will operate strictly in a +client-only mode. The source port used in NTP client requests can be set by +the @code{acquisitionport} directive. + +An example of the port command is + +@example +port 11123 +@end example + +This would change the NTP port served by @code{chronyd} on the computer to +udp/11123. +@c }}} +@c {{{ refclock +@node refclock directive +@subsection refclock +Reference clocks allows very accurate synchronisation and @code{chronyd} +can function as a stratum 1 server. They are specified by the +@code{refclock} directive. It has two mandatory parameters, a refclock driver +name and a driver specific parameter. + +There are currently four drivers included: + +@table @code +@item PPS +PPSAPI (pulse per second) driver. The parameter is the path to a PPS +device. Assert events are used by default. Driver option @code{:clear} +can be appended to the path if clear events should be used instead. + +As PPS refclock gets only sub-second time information, it needs another +source (NTP or non-PPS refclock) or local directive (@pxref{local +directive}) enabled to work. For example: + +@example +refclock PPS /dev/pps0 lock NMEA +refclock SHM 0 offset 0.5 delay 0.2 refid NMEA noselect +@end example + +@item SHM +NTP shared memory driver. This driver uses a shared memory segment to +receive data from another daemon which communicates with an actual +reference clock. The parameter is the number of a shared memory segment, +usually 0, 1, 2 or 3. For example: + +@example +refclock SHM 1 poll 3 refid GPS1 +@end example + +A driver option in form @code{:perm=NNN} can be appended to the +segment number to create the segment with permissions other than the +default @code{0600}. + +Some examples of applications that can be used as SHM sources are +@uref{http://catb.org/gpsd/, @code{gpsd}}, @code{shmpps} and +@uref{http://www.buzzard.me.uk/jonathan/radioclock.html, @code{radioclk}}. +@item SOCK +Unix domain socket driver. It is similar to the SHM driver, but uses a +different format and uses a socket instead of shared memory. It does not +require polling and it +supports transmitting of PPS data. The parameter is a path to the socket which +will be created by @code{chronyd} and used to receive the messages. The format +of messages sent over the socket is described in the +@code{refclock_sock.c} file. + +Recent versions of the @code{gpsd} daemon include support for the SOCK +protocol. The path where the socket should be created is described in the +@code{gpsd(8)} man page. For example: + +@example +refclock SOCK /var/run/chrony.ttyS0.sock +@end example + +@item PHC +PTP hardware clock (PHC) driver. The parameter is the path to the device of +the PTP clock, which can be synchronised by a PTP daemon (e.g. @code{ptp4l} +from the @uref{http://linuxptp.sourceforge.net/, Linux PTP project}. The PTP +clocks are typically kept in TAI instead of UTC. The @code{offset} option can +be used to compensate for the current UTC/TAI offset. For example: + +@example +refclock PHC /dev/ptp0 poll 3 dpoll -2 offset -35 +@end example + +@end table + +The @code{refclock} command also supports a number of subfields (which +may be defined in any order): + +@table @code +@item poll +Timestamps produced by refclock drivers are not used immediately, but +they are stored and processed by a median filter in the polling interval +specified by this option. This is defined as a power of 2 and may be +negative to specify a sub-second interval. The +default is 4 (16 seconds). A shorter interval allows @code{chronyd} +to react faster to changes in clock frequency, but it may decrease +the accuracy if the source is too noisy. +@item dpoll +Some drivers don't listen for external events and try to produce +samples in their own polling interval. This is defined as a power of +2 and may be negative to specify a sub-second interval. The default +is 0 (1 second). +@item refid +This option is used to specify a reference id of the refclock, as up +to four ASCII characters. By default, first three characters from +driver name and the number of the refclock are used as refid. Each +refclock must have an unique refid. +@item filter +This option sets the length of the median filter which is used to +reduce noise. With each poll about 40 percent of the stored samples is +discarded and one final sample is calculated as average of the +remaining samples. If the length is 4 or above, at least 4 samples +have to be collected between polls. For lengths below 4, the filter +has to be full. The default is 64. +@item rate +PPS signal frequency (in Hz). This option only controls how the +received pulses are aligned. To actually receive more than one +pulse per second, a negative @code{dpoll} has to be specified (-3 for +5Hz signal). The default is 1. +@item lock +This option can be used to lock a PPS refclock to another refclock +whose reference id is specified by this option. In this mode received +pulses are aligned directly to unfiltered samples from the refclock. +By default, pulses are aligned to local clock, but only when it is +well synchronised. +@item offset +This option can be used to compensate a constant error. The specified +offset (in seconds) is applied to all samples produced by the +refclock. The default is 0.0. +@item delay +This option sets the NTP delay of the source (in seconds). Half of +this value is included in the maximum assumed error which is used in the +source selection algorithm. Increasing the delay is useful to avoid +having no majority in the algorithm or to make it prefer other +sources. The default is 1e-9 (1 nanosecond). +@item precision +Refclock precision (in seconds). The default is 1e-6 (1 microsecond) +for SHM refclock, and 1e-9 (1 nanosecond) for SOCK, PPS and PHC refclocks. +@item maxdispersion +Maximum allowed dispersion for filtered samples (in seconds). Samples +with larger estimated dispersion are ignored. By default, this limit +is disabled. +@item prefer +Prefer this source over sources without prefer option. +@item noselect +Never select this source. This is useful for monitoring or with sources +which are not very accurate, but are locked with a PPS refclock. +@end table + +@c }}} +@c {{{ reselectdist +@node reselectdist directive +@subsection reselectdist +When @code{chronyd} selects synchronisation source from available sources, it +will prefer the one with minimum synchronisation distance. However, to +avoid frequent reselecting when there are sources with similar distance, a +fixed distance is added to the distance for sources that are currently not +selected. This can be set with the @code{reselectdist} option. By default, the +distance is 100 microseconds. + +The syntax is + +@example +reselectdist +@end example +@c }}} +@c {{{ rtcautotrim +@node rtcautotrim directive +@subsection rtcautotrim +The @code{rtcautotrim} directive is used to keep the real time clock (RTC) +close to the system clock automatically. When the system clock is synchronized +and the estimated error between the two clocks is larger than the specified +threshold, @code{chronyd} will trim the RTC as if the @code{trimrtc} +(@pxref{trimrtc command}) command was issued. + +This directive is effective only with the @code{rtcfile} directive. + +An example of the use of this directive is + +@example +rtcautotrim 30 +@end example + +This would set the threshold error to 30 seconds. +@c }}} +@c {{{ rtcdevice +@node rtcdevice directive +@subsection rtcdevice +The @code{rtcdevice} directive defines the name of the device file for +accessing the real time clock. By default this is @code{/dev/rtc}, unless the +directive is used to set a different value. This applies to Linux systems with +devfs. An example of use is + +@example +rtcdevice /dev/misc/rtc +@end example +@c }}} +@c {{{ rtcfile +@node rtcfile directive +@subsection rtcfile +The @code{rtcfile} directive defines the name of the file in which +@code{chronyd} can save parameters associated with tracking the accuracy +of the system's real-time clock (RTC). + +The syntax is illustrated in the following example + +@example +rtcfile @CHRONYVARDIR@/rtc +@end example + +@code{chronyd} saves information in this file when it exits and when the +@code{writertc} command is issued in @code{chronyc}. The information +saved is the RTC's error at some epoch, that epoch (in seconds since +January 1 1970), and the rate at which the RTC gains or loses time. + +So far, the support for real-time clocks is limited - their code is even +more system-specific than the rest of the software. You can only use +the real time clock facilities (the @code{rtcfile} directive and the +@code{-s} command line option to @code{chronyd}) if the following three +conditions apply: + +@enumerate 1 +@item +You are running Linux version 2.2.x or later. + +@item +You have compiled the kernel with extended real-time clock support +(i.e. the @file{/dev/rtc} device is capable of doing useful things). + +@item +You don't have other applications that need to make use of +@file{/dev/rtc} at all. + +@end enumerate +@c }}} +@c {{{ rtconutc +@node rtconutc directive +@subsection rtconutc + +@code{chronyd} assumes by default that the real time clock (RTC) keeps +local time (including any daylight saving changes). This is convenient +on PCs running Linux which are dual-booted with DOS or Windows. + +NOTE : IF YOU KEEP THE REAL TIME CLOCK ON LOCAL TIME AND YOUR COMPUTER +IS OFF WHEN DAYLIGHT SAVING (SUMMER TIME) STARTS OR ENDS, THE COMPUTER'S +SYSTEM TIME WILL BE ONE HOUR IN ERROR WHEN YOU NEXT BOOT AND START +CHRONYD. + +An alternative is for the RTC to keep Universal Coordinated Time (UTC). +This does not suffer from the 1 hour problem when daylight saving starts +or ends. + +If the @code{rtconutc} directive appears, it means the RTC is required +to keep UTC. The directive takes no arguments. It is equivalent to +specifying the @code{-u} switch to the Linux @file{/sbin/hwclock} program. + +Note that this setting is overriden when the @code{hwclockfile} directive +(@pxref{hwclockfile directive}) is used. +@c }}} +@c {{{ rtcsync +@node rtcsync directive +@subsection rtcsync + +The @code{rtcsync} directive will enable a kernel mode where the +system time is copied to the real time clock (RTC) every 11 minutes. + +This directive is supported only on Linux and cannot be used when the +normal RTC tracking is enabled, i.e. when the @code{rtcfile} directive +is used. +@c }}} +@c {{{ sched_priority +@node sched_priority directive +@subsection sched_priority + +The @code{sched_priority} directive will select the SCHED_FIFO real-time +scheduler at the specified priority (which must be between 0 and 100). +This mode is supported only on Linux. + +This directive uses the Linux sched_setscheduler() system call to +instruct the kernel to use the SCHED_FIFO first-in, first-out +real-time scheduling policy for @code{chronyd} with the specified priority. +This means that whenever @code{chronyd} is ready to run it will run, +interrupting whatever else is running unless it is a higher priority +real-time process. This should not impact performance as @code{chronyd's} +resource requirements are modest, but it should result in lower and +more consistent latency since @code{chronyd} will not need to wait for the +scheduler to get around to running it. You should not use this unless +you really need it. The sched_setscheduler man page has more details. +@c }}} +@c {{{ server +@node server directive +@subsection server +The @code{server} directive allows NTP servers to be specified. The +client/server relationship is strictly hierarchical : a client may +synchronise its system time to that of the server, but the server's +system time will never be influenced by that of a client. + +The @code{server} directive is immediately followed by either the name +of the server, or its IP address. The server command also supports a +number of subfields (which may be defined in any order): + +@table @code +@item port +This option allows the UDP port on which the server understands NTP +requests to be specified. For normal servers this option should not be +required (the default is 123, the standard NTP port). +@item minpoll +Although @code{chronyd} will trim the rate at which it samples the +server during normal operation, the user may wish to constrain the +minimum polling interval. This is always defined as a power of 2, so + +@end example + +By default, it is 1 second. This usually means that sources with lower stratum +will be preferred to sources with higher stratum even when their distance is +significantly worse. Setting @code{stratumweight} to 0 makes @code{chronyd} +ignore stratum when selecting the source. + +@c }}} +@c {{{ tempcomp +@node tempcomp directive +@subsection tempcomp +Normally, changes in rate of drift of the system clock are caused mainly by +changes in temperature of the crystal oscillator on the mainboard. + +If there are available temperature measurements from a sensor close to the +oscillator, @code{tempcomp} directive can be used to compensate for the changes +in rate and possibly improve clock accuracy. + +Whether it will really help depends on many factors, including resolution of +the sensor, noise in measurements, time source polling interval, compensation +update interval, how good are the temperature coefficients, and how close is +the sensor to the oscillator. The frequency reported in tracking.log should +be more stable and the offsets should be smaller. + +The directive has six parameters: path to the file which contains current +temperature in text format, update interval (in seconds), and temperature +coefficients T0, k0, k1, k2. + +The frequency compensation is calculated (in ppm) as + +@code{k0 + (T - T0) * k1 + (T - T0)^2 * k2} + +The result has to be between -10 ppm and 10 ppm, otherwise the measurement is +considered to be faulty and will be ignored. The k0 coefficient can be used to +get the results in that range. + +Valid measurements and calculated corrections are logged to tempcomp.log file if +enabled with @code{log tempcomp} directive. + +An example of use is + +@example +tempcomp /sys/class/hwmon/hwmon1/device/temp2_input 30 26000 0.0 0.000183 0.0 +@end example + +The measured temperature will be read from the file in Linux sysfs filesystem +every 30 seconds. When the temperature is 26 degress (26000), the system clock +frequency will not be adjusted. When it is 27 degrees (27000), the clock will +be set to run 0.183ppm faster than it would be without the compensation, etc. + +@c }}} +@c {{{ user +@node user directive +@subsection user +The @code{user} directive sets the name of the user to which will +@code{chronyd} switch on initialisation to drop root privileges. +So far, it works only on Linux when compiled with capabilities support. +Setting the name to root will disable it. + +The default value is @code{@DEFAULT_USER@}. +@c }}} +@c }}} +@c {{{ S:Running chronyc +@node Running chronyc +@section Running chronyc +@c {{{ Section top +Chronyc is the program that can be used to reconfigure options within +the @code{chronyd} program whilst it is running. Chronyc can also be +used to generate status reports about the operation of @code{chronyd}. + +@menu +* Chronyc basic use:: How to run chronyc +* Chronyc command line options:: Chrony's command line options +* Security with chronyc:: How chronyd restricts access +* Chronyc command reference:: All the commands chronyc supports +@end menu +@c }}} +@c {{{ SS:Chronyc basic use +@node Chronyc basic use +@subsection Basic use +The program chronyc is run by entering + +@example +chronyc +@end example + +at the command line. The prompt @code{chronyc} is displayed whilst +chronyc is expecting input from the user, when it is being run from a +terminal. If chronyc's input or output are redirected from/to a file, +the prompt is now shown. + +When you are finished entering commands, the commands @code{exit} or +@code{quit} will terminate the program. (Entering @key{Control-D} will +also terminate the program.) +@c }}} +@c {{{ SS:Command line options +@node Chronyc command line options +@subsection Command line options +Chronyc supports the following command line options. + +@table @code +@item -v +Displays the version number of chronyc on the terminal, and exists. +@item -h +This option allows the user to specify which host running the +@code{chronyd} program is to be contacted. This allows for remote +configuration, without having to ssh to the other host first. + +The default is to contact @code{chronyd} running on the same host as +that where chronyc is being run. +@item -p +This option allows the user to specify the UDP port number which the +target @code{chronyd} is using for its command & monitoring connections. +This defaults to the compiled-in default; there would rarely be a need +to change this. +@item -n +This option disables resolving IP addresses to hostnames. +@item -4 +With this option hostnames will be resolved only to IPv4 addresses. +@item -6 +With this option hostnames will be resolved only to IPv6 addresses. +@item -m +With this option multiple commands can be specified on the command line. +Each argument will be interpreted as a whole command. +@item -f +This option can be used to specify an alternate location of the @code{chronyd} +configuration file (default @file{@SYSCONFDIR@/chrony.conf}). The configuration file is +needed for the `-a' option. +@item -a +With this option @code{chronyc} will try to authenticate automatically on +start. It will read the configuration file, read the command key from the +keyfile and run the authhash and password commands. +@end table +@c }}} +@c {{{ SS:Security with chronyc +@node Security with chronyc +@subsection Security with chronyc +Many of the commands available through chronyc have a fair amount of +power to reconfigure the run-time behaviour of @code{chronyd}. Consequently, +@code{chronyc} is quite dangerous for the integrity of the target +system's clock performance. Having access to @code{chronyd} via chronyc is +more or less equivalent to being able to modify @code{chronyd's} configuration +file (typically @file{@SYSCONFDIR@/chrony.conf}) and to restart @code{chronyd}. + +Chronyc also provides a number of monitoring (as opposed to commanding) +commands, which will not affect the behaviour of @code{chronyd}. However, you +may still want to restrict access to these commands. + +In view of this, access to some of the capabilities of chronyc will +usually be tightly controlled. There are two mechanisms supported: + +@enumerate 1 +@item +The set of hosts from which @code{chronyd} will accept commands can be +restricted. By default, commands will only be accepted from the same +host that @code{chronyd} is running on. +@item +Any command that actually reconfigures some aspect of @code{chronyd's} +behaviour requires the user of chronyc to know a password. This +password is specified in @code{chronyd's} keys file (@pxref{keyfile directive}) +and specified via the commandkey option in its configuration file +(@pxref{commandkey directive}). +@end enumerate + +Only the following commands can be used @emph{without} providing a +password: + +@itemize @bullet +@item @code{activity} +@item @code{authhash} +@item @code{dns} +@item @code{exit} +@item @code{help} +@item @code{password} +@item @code{quit} +@item @code{rtcdata} +@item @code{sources} +@item @code{sourcestats} +@item @code{tracking} +@item @code{waitsync} +@end itemize + +All other commands require a password to have been specified previously, +because they affect @code{chronyd's} operation. +@c }}} +@c {{{ SS:Chronyc command reference +@node Chronyc command reference +@subsection Command reference +@c {{{ Top/menu +This section describes each of the commands available within the chronyc +program. Chronyc offers the user a simple command-line driven +interface. + +@menu +* accheck command:: Verifying NTP client access +* activity command:: Check how many NTP servers/peers are online/offline +* add peer command:: Add a new NTP peer +* add server command:: Add a new NTP server +* allow all command:: Allowing NTP client access +* allow command:: Allowing NTP client access +* authhash command:: Set the command authentication hash function +* burst command:: Initiating a rapid set of measurements +* clients command:: Show clients that have accessed the server +* cmdaccheck command:: Verifying command client access +* cmdallow all command:: Allowing command client access +* cmdallow command:: Allowing command client access +* cmddeny all command:: Denying command client access +* cmddeny command:: Denying command client access +* cyclelogs command:: Close and re-open open log files +* delete command:: Remove an NTP server or peer +* deny all command:: Denying NTP client access +* deny command :: Denying NTP client access +* dns command:: Configure how are hostnames and IP addresses resolved +* dump command:: Dump measurement histories to files +* exit command:: Exit from chronyc +* help command:: Generate help summary +* local command:: Let computer be a server when it is unsynchronised +* makestep command:: Immediately correct the system clock instead of slewing +* manual command:: Enable/disable/configure options for settime +* maxdelay command:: Set max measurement delay for a source +* maxdelaydevratio command:: Set max measurement delay for a source as ratio to deviation +* maxdelayratio command:: Set max measurement delay for a source as ratio +* maxpoll command:: Set maximum polling interval for a source +* maxupdateskew command:: Set safety threshold for clock gain/loss rate +* minpoll command:: Set minimum polling interval for a source +* minstratum command:: Set minimum stratum for a source +* offline command:: Warn that connectivity to a source will be lost +* online command:: Warn that connectivity to a source has been restored +* password command:: Provide password needed for most commands +* polltarget command:: Set poll target for a source +* quit command:: Exit from chronyc +* reselect command:: Reselect synchronisation source +* reselectdist command:: Set improvement in distance needed to reselect a source +* retries command:: Set maximum number of retries +* rtcdata command:: Display RTC parameters +* settime command:: Provide a manual input of the current time +* sources command:: Display information about the current set of sources +* sourcestats command:: Display the rate & offset estimation performance of sources +* timeout command:: Set initial response timeout +* tracking command:: Display system clock performance +* trimrtc command:: Correct the RTC time to the current system time +* waitsync command:: Wait until synchronised +* writertc command:: Write the RTC parameters to file +@end menu +@c }}} +@c {{{ accheck +@node accheck command +@subsubsection accheck +This command allows you to check whether client NTP access is allowed +from a particular host. + +Examples of use, showing a named host and a numeric IP address, are as +follows: + +@example +accheck a.b.c +accheck 1.2.3.4 +accheck 2001:db8::1 +@end example + +This command can be used to examine the effect of a series of +@code{allow}, @code{allow all}, @code{deny} and @code{deny all} commands +specified either via chronyc, or in @code{chronyd's} configuration file. +@c }}} +@c {{{ activity command +@node activity command +@subsubsection activity +This command reports the number of servers/peers that are online and offline. +If the auto_offline option is used in specifying some of the servers/peers, the +@code{activity} command may be useful for detecting when all of them have +entered the offline state after the PPP link has been disconnected. + +The report shows the number of servers/peers in 5 states: +@itemize +@item @code{online} : the server/peer is currently online (i.e. assumed by +chronyd to be reachable) +@item @code{offline} : the server/peer is currently offline (i.e. assumed by +chronyd to be unreachable, and no measurements from it will be attempted.) +@item @code{burst_online} : a burst command has been initiated for the +server/peer and is being performed; after the burst is complete, the +server/peer will be returned to the online state. +@item @code{burst_offline} : a burst command has been initiated for the +server/peer and is being performed; after the burst is complete, the +server/peer will be returned to the offline state. +@item @code{unresolved} : the name of the server/peer wasn't resolved to an +address yet; this server is not visible in the @code{sources} and +@code{sourcestats} reports. +@end itemize +@c }}} +@c {{{ add peer +@node add peer command +@subsubsection add peer +The @code{add peer} command allows a new NTP peer to be added whilst +@code{chronyd} is running. + +Following the words @code{add peer}, the syntax of the following +parameters and options is identical to that for the @code{peer} +directive in the configuration file (@pxref{peer directive}). + +An example of using this command is shown below. + +@example +add peer foo.bar.com minpoll 6 maxpoll 10 authkey 25 +@end example +@c }}} +@c {{{ add server +@node add server command +@subsubsection add server +The @code{add server} command allows a new NTP server to be added whilst +@code{chronyd} is running. + +Following the words @code{add server}, the syntax of the following +parameters and options is identical to that for the @code{server} +directive in the configuration file (@pxref{server directive}). + +An example of using this command is shown below. + +@example +add server foo.bar.com minpoll 6 maxpoll 10 authkey 25 +@end example +@c }}} +@c {{{ allow all +@node allow all command +@subsubsection allow all +The effect of the allow command is identical to the @code{allow all} +directive in the configuration file (@pxref{allow directive}). +@c }}} +@c {{{ allow +@node allow command +@subsubsection allow +The effect of the allow command is identical to the @code{allow} directive in +the configuration file (@pxref{allow directive}). + +The syntax is illustrated in the following examples: + +@example +allow foo.bar.com +allow 1.2 +allow 3.4.5 +allow 6.7.8/22 +allow 6.7.8.9/22 +allow 2001:db8:789a::/48 +allow 0/0 +allow ::/0 +allow +@end example + +The effect of each of these examples is the same as that of the @code{allow} +directive in the configuration file. +@c }}} +@c {{{ authhash +@node authhash command +@subsubsection authhash +This command sets the hash function used for authenticating user commands. +For successful authentication the hash function has to be the same as the one +set for the command key in the keys file on the server. It needs to be set +before the @code{password} command is used. The default hash function is MD5. + +An example is + +@example +authhash SHA1 +@end example + +The authhash command is run automatically on start if @code{chronyc} was +started with the `-a' option. +@c }}} +@c {{{ burst +@node burst command +@subsubsection burst +The @code{burst} command tells @code{chronyd} to make a set of measurements to +each of its NTP sources over a short duration (rather than the usual +periodic measurements that it makes). After such a burst, @code{chronyd} will +revert to the previous state for each source. This might be either +online, if the source was being periodically measured in the normal way, +or offline, if the source had been indicated as being offline. +(Switching a source between the online and offline states is described +in @ref{online command}, @ref{offline command}). + +The syntax of the burst command is as follows + +@example +burst / [/] +burst / [/] +burst / [
] +@end example + +The mask and masked-address arguments are optional, in which case +@code{chronyd} will initiate a burst for all of its currently defined sources. + +The arguments have the following meaning and format. + +@table @code +@item n-good-measurements +This defines the number of good measurements that @code{chronyd} will want to +obtain from each source. A measurement is good if it passes certain +tests, for example, the round trip time to the source must be +acceptable. (This allows @code{chronyd} to reject measurements that are likely +to be bogus.) + +@item max-measurements +This defines the maximum number of measurements that @code{chronyd} will +attempt to make, even if the required number of good measurements has +not been obtained. + +@item mask +This is an IP address with which the IP address of each of @code{chronyd}'s +sources is to be masked. + +@item masked-address +This is an IP address. If the masked IP address of a source matches this value +then the burst command is applied to that source. + +@item masked-bits +This can be used with @code{masked-address} for CIDR notation, which is a +shorter alternative to the form with mask. + +@item address +This is an IP address or a hostname. The burst command is applied only to that +source. + +@end table + +If no mask or masked address arguments are provided, every source will +be matched. + +An example of the two-argument form of the command is + +@example +burst 2/10 +@end example + +This will cause @code{chronyd} to attempt to get two good measurements from +each source, stopping after two have been obtained, but in no event will +it try more than ten probes to the source. + +Examples of the four-argument form of the command are + +@example +burst 2/10 255.255.0.0/1.2.0.0 +burst 2/10 2001:db8:789a::/48 +@end example + +In the first case, the two out of ten sampling will only be applied to +sources whose IPv4 addresses are of the form @code{1.2.x.y}, where x and y +are arbitrary. In the second case, the sampling will be applied to sources +whose IPv6 addresses have first 48 bits equal to @code{2001:db8:789a}. + +Example of the three-argument form of the command is + +@example +burst 2/10 foo.bar.com +@end example +@c }}} +@c {{{ clients +@node clients command +@comment node-name, next, previous, up +@subsubsection clients +This command shows a list of all clients that have accessed the server, +through either the NTP or command/monitoring ports. There are no arguments. + +An example of the output is + +@example +Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC +========================= ====== ====== ====== ====== ====== ==== ==== +localhost 0 0 15 1 0 29y 0 +aardvark.xxx 4 0 0 0 0 49 29y +badger.xxx 4 0 0 0 0 6 29y +@end example + +Each row shows the data for a single host. Only hosts that have passed +the host access checks (set with the @code{allow}, @code{deny}, +@code{cmdallow} and @code{cmddeny} commands or configuration file +directives) are logged. + +The columns are as follows: + +@enumerate 1 +@item +The hostname of the client +@item +The number of times the client has accessed the server using an NTP +client mode packet. +@item +The number of times the client has accessed the server using an NTP +symmetric active mode packet. +@item +The number of authenticated command packets that have been processed +from the client (i.e. those following a successful @code{password} +command). +@item +The number of unauthenticated command packets that have been processed +from the client. +@item +The number of bad command packets received from the client (not all +forms of bad packet are logged). +@item +Time since the last NTP packet was received +@item +Time since the last command packet was received +@end enumerate + +The last two entries will be shown as the time since 1970 if no packet +of that type has ever been received. +@c }}} +@c {{{ cmdaccheck +@node cmdaccheck command +@subsubsection cmdaccheck +This command is similar to the @code{accheck} command, except that it is +used to check whether command access is permitted from a named host. + +Examples of use are as follows: + +@example +cmdaccheck a.b.c +cmdaccheck 1.2.3.4 +cmdaccheck 2001:db8::1 +@end example +@c }}} +@c {{{ cmdallow all +@node cmdallow all command +@subsubsection cmdallow all +This is similar to the @code{allow all} command, except that it is used to@c {{{ +allow particular hosts or subnets to use the chronyc program to interact@c }}} +with @code{chronyd} on the current host. +@c }}} +@c {{{ cmdallow +@node cmdallow command +@subsubsection cmdallow +This is similar to the @code{allow} command, except that it is used to +allow particular hosts or subnets to use the chronyc program to interact +with @code{chronyd} on the current host. +@c }}} +@c {{{ cmddeny all +@node cmddeny all command +@subsubsection cmddeny all +This is similar to the @code{deny all} command, except that it is used +to allow particular hosts or subnets to use the chronyc program to +interact with @code{chronyd} on the current host. +@c }}} +@c {{{ cmddeny +@node cmddeny command +@subsubsection cmddeny +This is similar to the @code{deny} command, except that it is used to +allow particular hosts or subnets to use the chronyc program to interact +with @code{chronyd} on the current host. +@c }}} +@c {{{ cyclelogs +@node cyclelogs command +@subsubsection cyclelogs +The @code{cyclelogs} command causes all of @code{chronyd's} open log files to +be closed and re-opened. This allows them to be renamed so that they can be +periodically purged. An example of how to do this is shown below. + +@example +% mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log +% chronyc -a cyclelogs +% ls -l /var/log/chrony +-rw-r--r-- 1 root root 0 Jun 8 18:17 measurements.log +-rw-r--r-- 1 root root 12345 Jun 8 18:17 measurements1.log +% rm -f measurements1.log +@end example +@c }}} +@c {{{ delete +@node delete command +@subsubsection delete +The @code{delete} command allows an NTP server or peer to be removed +from the current set of sources. + +The syntax is illustrated in the examples below. + +@example +delete foo.bar.com +delete 1.2.3.4 +delete 2001:db8::1 +@end example + +There is one parameter, the name or IP address of the server or peer to +be deleted. +@c }}} +@c {{{ deny all +@node deny all command +@subsubsection deny all +The effect of the allow command is identical to the @code{deny all} +directive in the configuration file (@pxref{deny directive}). +@c }}} +@c {{{ deny +@node deny command +@subsubsection deny +The effect of the allow command is identical to the @code{deny} +directive in the configuration file (@pxref{deny directive}). + +The syntax is illustrated in the following examples: + +@example +deny foo.bar.com +deny 1.2 +deny 3.4.5 +deny 6.7.8/22 +deny 6.7.8.9/22 +deny 2001:db8:789a::/48 +deny 0/0 +deny ::/0 +deny +@end example +@c }}} +@c {{{ dns +@node dns command +@subsubsection dns +The @code{dns} command configures how are hostnames and IP addresses resolved in +@code{chronyc}. IP addresses can be resolved to hostnames when printing results +of @code{sources}, @code{sourcestats}, @code{tracking} and @code{clients} +commands. Hostnames are resolved in commands that take an address as argument. + +There are five forms of the command: + +@table @code +@item dns -n +Disables resolving IP addresses to hostnames. Raw IP addresses will be +displayed. +@item dns +n +Enables resolving IP addresses to hostnames. This is the default unless +@code{chronyc} was started with @code{-n} option. +@item dns -4 +Resolves hostnames only to IPv4 addresses. +@item dns -6 +Resolves hostnames only to IPv6 addresses. +@item dns -46 +Resolves hostnames to both address families. This is the default unless +@code{chronyc} was started with @code{-4} or @code{-6} option. +@end table +@c }}} +@c {{{ dump +@node dump command +@subsubsection dump +The @code{dump} command causes @code{chronyd} to write its current history of +measurements for each of its sources to dump files, either for +inspection or to support the @code{-r} option when @code{chronyd} is restarted. + +The @code{dump} command is somewhat equivalent to the @code{dumponexit} +directive in the chrony configuration file. @xref{dumponexit directive}. + +To use the @code{dump}, you probably want to configure the name of the +directory into which the dump files will be written. This can only be +done in the configuration file, see @ref{dumpdir directive}. +@c }}} +@c {{{ exit +@node exit command +@subsubsection exit +The exit command exits from chronyc and returns the user to the shell +(same as the quit command). +@c }}} +@c {{{ help +@node help command +@subsubsection help +The help command displays a summary of the commands and their arguments. +@c }}} +@c {{{ local +@node local command +@subsubsection local +The @code{local} command allows @code{chronyd} to be told that it is to appear +as a reference source, even if it is not itself properly synchronised to +an external source. (This can be used on isolated networks, to allow +one computer to be a master time server with the other computers slaving +to it.) The @code{local} command is somewhat equivalent to the +@code{local} directive in the configuration file, see @ref{local directive}. + +The syntax is as shown in the following examples. + +@example +local stratum 10 +local off +@end example + +The first example enables the local reference mode on the host, and sets +the stratum at which it should claim to be synchronised. + +The second example disables the local reference mode. +@c }}} +@c {{{ makestep +@node makestep command +@subsubsection makestep +Normally chronyd will cause the system to gradually correct any time +offset, by slowing down or speeding up the clock as required. In +certain situations, the system clock may be so far adrift that this +slewing process would take a very long time to correct the system clock. + +The @code{makestep} command can be used in this situation. It cancels +any remaining correction that was being slewed, and jumps the system +clock by the equivalent amount, making it correct immediately. + +BE WARNED - certain software will be seriously affected by such jumps to +the system time. (That is the reason why chronyd uses slewing +normally.) + +The @code{makestep} directive in the configuration file can be used +to step the clock automatically when the adjustment is larger than a +specified threshold, see @ref{makestep directive}. +@c }}} +@c {{{ manual +@node manual command +@subsubsection manual +The manual command enables and disables use of the @code{settime} +command (@pxref{settime command}), and is used to modify the behaviour +of the manual clock driver. + +Examples of the command are shown below. + +@example +manual on +manual off +manual delete 1 +manual list +manual reset +@end example + +The @code{on} form of the command enables use of the @code{settime} +command. + +The @code{off} form of the command disables use of the @code{settime} +command. + +The @code{list} form of the command lists all the samples currently +stored in @code{chronyd}. The output is illustrated below. + +@example +210 n_samples = 1 +# Date Time(UTC) Slewed Original Residual +==================================================== + 0 27Jan99 22:09:20 0.00 0.97 0.00 +@end example + +The columns as as follows : + +@enumerate 1 +@item +The sample index (used for the @code{manual delete} command) +@item +The date and time of the sample +@item +The system clock error when the timestamp was entered, adjusted to allow +for changes made to the system clock since. +@item +The system clock error when the timestamp was entered, as it originally +was (without allowing for changes to the system clock since). +@item +The regression residual at this point, in seconds. This allows +'outliers' to be easily spotted, so that they can be deleted using the +@code{manual delete} command. +@end enumerate + +The @code{delete} form of the command deletes a single sample. The +parameter is the index of the sample, as shown in the first column of +the output from @code{manual list}. Following deletion of the data +point, the current error and drift rate are re-estimated from the +remaining data points and the system clock trimmed if necessary. This +option is intended to allow 'outliers' to be discarded, i.e. samples +where the administrator realises he/she has entered a very poor +timestamp. + +The @code{reset} form of the command deletes all samples at once. The +system clock is left running as it was before the command was entered. +@c }}} +@c {{{ maxdelay +@node maxdelay command +@subsubsection maxdelay +This allows the @code{maxdelay} option for one of the sources to be +modified, in the same way as specifying the @code{maxdelay} option for +the @code{server} directive in the configuration file (@pxref{server +directive}). + +The following examples illustrate the syntax + +@example +maxdelay foo.bar.com 0.3 +maxdelay 1.2.3.4 0.0015 +maxdelay 2001:db8::1 0.0015 +@end example + +The first example sets the maximum network delay allowed for a +measurement to the host @code{foo.bar.com} to 0.3 seconds. The second +and third examples set the maximum network delay for a measurement to +the host with IPv4 address @code{1.2.3.4} and the host with IPv6 address +@code{2001:db8::1} to 1.5 milliseconds. + +(Any measurement whose network delay exceeds the specified value is +discarded.) +@c }}} +@c {{{ maxdelaydevratio +@node maxdelaydevratio command +@subsubsection maxdelaydevratio +This allows the @code{maxdelaydevratio} option for one of the sources to be +modified, in the same way as specifying the @code{maxdelaydevratio} option +for the @code{server} directive in the configuration file (@pxref{server +directive}). + +The following examples illustrate the syntax + +@example +maxdelaydevratio foo.bar.com 0.1 +maxdelaydevratio 1.2.3.4 1.0 +maxdelaydevratio 2001:db8::1 100.0 +@end example +@c }}} +@c {{{ maxdelayratio +@node maxdelayratio command +@subsubsection maxdelayratio +This allows the @code{maxdelayratio} option for one of the sources to be +modified, in the same way as specifying the @code{maxdelayratio} option +for the @code{server} directive in the configuration file (@pxref{server +directive}). + +The following examples illustrate the syntax + +@example +maxdelayratio foo.bar.com 1.5 +maxdelayratio 1.2.3.4 2.0 +maxdelayratio 2001:db8::1 2.0 +@end example + +The first example sets the maximum network delay for a measurement to +the host @code{foo.bar.com} to be 1.5 times the minimum delay found +amongst the previous measurements that have been retained. The second +and third examples set the maximum network delay for a measurement to +the host with IPv4 address @code{1.2.3.4} and the host with IPv6 +address @code{2001:db8::1} to be double the retained minimum. + +As for @code{maxdelay}, any measurement whose network delay is too large +will be discarded. +@c }}} +@c {{{ maxpoll +@node maxpoll command +@subsubsection maxpoll +The @code{maxpoll} command is used to modify the minimum polling +interval for one of the current set of sources. It is equivalent to the +@code{maxpoll} option in the @code{server} directive in the +configuration file (@pxref{server directive}). + +The syntax is as follows + +@example +maxpoll +@end example + +where the host can be specified as either a machine name or +IP address. The new minimum poll is specified as a base-2 logarithm of +the number of seconds between polls (e.g. specify 6 for 64 second +sampling). + +An example is + +@example +maxpoll foo.bar.com 10 +@end example + +which sets the maximum polling interval for the host @code{foo.bar.com} +to 1024 seconds. + +Note that the new maximum polling interval only takes effect after the +next measurement has been made. +@c }}} +@c {{{ maxupdateskew +@node maxupdateskew command +@subsubsection maxupdateskew +This command has the same effect as the @code{maxupdateskew} directive +in the configuration file, see @ref{maxupdateskew directive}. +@c }}} +@c {{{ minpoll +@node minpoll command +@subsubsection minpoll +The @code{minpoll} command is used to modify the minimum polling +interval for one of the current set of sources. It is equivalent to the +@code{minpoll} option in the @code{server} directive in the +configuration file (@pxref{server directive}). + +The syntax is as follows + +@example +minpoll +@end example + +where the host can be specified as either a machine name or +IP address. The new minimum poll is specified as a base-2 logarithm of +the number of seconds between polls (e.g. specify 6 for 64 second +sampling). + +An example is + +@example +minpoll foo.bar.com 5 +@end example + +which sets the minimum polling interval for the host @code{foo.bar.com} +to 32 seconds. + +Note that the new minimum polling interval only takes effect after the +next measurement has been made. +@c }}} +@c {{{ minstratum +@node minstratum command +@subsubsection minstratum +The @code{minstratum} command is used to modify the minimum stratum +for one of the current set of sources. It is equivalent to the +@code{minstratum} option in the @code{server} directive in the +configuration file (@pxref{server directive}). + +The syntax is as follows + +@example +minstratum +@end example + +where the host can be specified as either a machine name or +IP address. + +An example is + +@example +minpoll foo.bar.com 5 +@end example + +which sets the minimum stratum for the host @code{foo.bar.com} +to 5. + +Note that the new minimum stratum only takes effect after the +next measurement has been made. +@c }}} +@c {{{ offline +@node offline command +@subsubsection offline +The @code{offline} command is used to warn @code{chronyd} that the network +connection to a particular host or hosts is about to be lost. It should +be used on computers with a dial-up or similar connection to their time +sources, to warn @code{chronyd} that the connection is about to be broken. + +An example of how to use @code{offline} in this case is shown in +@ref{Advising chronyd of internet availability}. + +Another case where @code{offline} could be used is where a computer +serves time to a local group of computers, and has a permanant +connection to true time servers outside the organisation. However, the +external connection is heavily loaded at certain times of the day and +the measurements obtained are less reliable at those times. In this +case, it is probably most useful to determine the gain/loss rate during +the quiet periods and let the whole network coast through the loaded +periods. The @code{offline} and @code{online} commands can be used to +achieve this. The situation is shown in the figure below. + +@example +@group + +----------+ + |Ext source| + +----------+ + | + | + |/| <-- Link with variable + | reliability + | + +-------------------+ + |Local master server| + +-------------------+ + | + +---+---+-----+-----+----+----+ + | | | | | | | + Local clients +@end group +@end example + + + +If the source to which @code{chronyd} is currently synchronised is indicated +offline in this way, @code{chronyd} will continue to treat it as the +synchronisation source. If the network connection were broken without +the @code{offline} command being used, @code{chronyd} would assume that the +source had failed and would attempt to pick another synchronisation +source. + +There are four forms of the @code{offline} command. The first form is a +wildcard, meaning all sources. The second form allows an IP address mask +and a masked address to be specified. The third form uses the CIDR +notation. The fourth form uses an IP address or a hostname. These forms are +illustrated below. + +@example +offline +offline 255.255.255.0/1.2.3.0 +offline 2001:db8:789a::/48 +offline foo.bar.com +@end example + +The second form means that the @code{offline} command is to be applied +to any source whose IPv4 address is in the @code{1.2.3} subnet. (The host's +address is logically and-ed with the mask, and if the result matches the +masked-address the host is processed). The third form means that the +command is to be applied to all sources whose IPv6 addresses have first +48 bits equal to @code{2001:db8:789a}. The fourth form means that the command +is to be applied only to that one source. + +The wildcard form of the address is actually equivalent to + +@example +offline 0.0.0.0/0.0.0.0 +offline ::/0 +@end example +@c }}} +@c {{{ online +@node online command +@subsubsection online +The @code{online} command is opposite in function to the @code{offline} +command. It is used to advise @code{chronyd} that network connectivity to a +particular source or sources has been restored. + +The syntax is identical to that of the @code{offline} command, see +@ref{offline command}. +@c }}} +@c {{{ password +@node password command +@subsubsection password +The password command is used to allow chronyc to send privileged +commands to @code{chronyd}. The password can either be entered on the command +line, or can be entered without echoing. The syntax for entering the +password on the command line is as follows + +@example +password xyzzy +password ASCII:xyzzy +password HEX:78797a7a79 +@end example + +To enter the password without it being echoed, enter + +@example +password +@end example + +The computer will respond with a @samp{Password:} prompt, at which you +should enter the password and press return. (Note that the no-echo mode +is limited to 8 characters on SunOS 4.1 due to limitations in the system +library. Other systems do not have this restriction.) + +The password can be encoded as a string of characters not containing a space +with optional @code{ASCII:} prefix or as a hexadecimal number with @code{HEX:} +prefix. It has to match @code{chronyd's} currently defined command key +(@pxref{commandkey directive}). + +The password command is run automatically on start if @code{chronyc} was +started with the `-a' option. +@c }}} +@c {{{ polltarget +@node polltarget command +@subsubsection polltarget +The @code{polltarget} command is used to modify the poll target for +one of the current set of sources. It is equivalent to the +@code{polltarget} option in the @code{server} directive in the +configuration file (@pxref{server directive}). + +The syntax is as follows + +@example +polltarget +@end example + +where the host can be specified as either a machine name or +IP address. + +An example is + +@example +polltarget foo.bar.com 12 +@end example + +which sets the poll target for the host @code{foo.bar.com} +to 12. +@c }}} +@c {{{ quit +@node quit command +@subsubsection quit +The quit command exits from chronyc and returns the user to the shell +(same as the exit command). +@c }}} +@c {{{ reselect command +@node reselect command +@subsubsection reselect +To avoid excessive switching between sources, @code{chronyd} may stay +synchronised to a source even when it is not currently the best one among the +available sources. + +The @code{reselect} command can be used to force @code{chronyd} to +reselect the best synchronisation source. +@c }}} +@c {{{ reselectdist command +@node reselectdist command +@subsubsection reselectdist +The @code{reselectdist} command sets the reselect distance. It is equivalent +to the @code{reselectdist} directive in the configuration file +(@pxref{reselectdist directive}). +@c }}} +@c {{{ retries +@node retries command +@subsubsection retries +The @code{retries} command sets the maximum number of retries for +@code{chronyc} requests before giving up. The response timeout is controlled +by @code{timeout} command (@pxref{timeout command}). + +The default is 2. +@c }}} +@c {{{ rtcdata +@node rtcdata command +@subsubsection rtcdata +The @code{rtcdata} command displays the current real time clock RTC parameters. + +An example output is shown below. + +@example +RTC ref time (GMT) : Sat May 30 07:25:56 1998 +Number of samples : 10 +Number of runs : 5 +Sample span period : 549 +RTC is fast by : -1.632736 seconds +RTC gains time at : -107.623 ppm +@end example + +The fields have the following meaning + +@table @code +@item RTC ref time (GMT) +This is the RTC reading the last time its error was measured. +@item Number of samples +This is the number of previous measurements being used to determine the +RTC gain/loss rate. +@item Number of runs +This is the number of runs of residuals of the same sign following the +regression fit for (RTC error) versus (RTC time). A value which is +small indicates that the measurements are not well approximated by a +linear model, and that the algorithm will tend to delete the older +measurements to improve the fit. +@item Sample span period +This is the period that the measurements span (from the oldest to the +newest). Without a unit the value is in seconds; suffixes `m' for +minutes, `h' for hours, `d' for days or `y' for years may be used. +@item RTC is fast by +This is the estimate of how many seconds fast the RTC when it thought +the time was at the reference time (above). If this value is large, you +may (or may not) want to use the @code{trimrtc} command to bring the RTC +into line with the system clock. (Note, a large error will not affect +@code{chronyd's} operation, unless it becomes so big as to start causing +rounding errors. +@item RTC gains time at +This is the amount of time gained (positive) or lost (negative) by the +real time clock for each second that it ticks. It is measured in parts +per million. So if the value shown was +1, suppose the RTC was exactly +right when it crosses a particular second boundary. Then it would be 1 +microsecond fast when it crosses its next second boundary. +@end table +@c }}} +@c {{{ settime +@node settime command +@subsubsection settime +The @code{settime} command allows the current time to be entered +manually, if this option has been configured into @code{chronyd}. (It may be +configured either with the @code{manual} directive in the configuration +file (@pxref{manual directive}), or with the @code{manual} command of +chronyc (@pxref{manual command}). + +It should be noted that the computer's sense of time will only be as +accurate as the reference you use for providing this input (e.g. your +watch), as well as how well you can time the press of the return key. + +Providing your computer's time zone is set up properly, you will be able +to enter a local time (rather than UTC). + +The response to a successful @code{settime} command indicates the amount +that the computer's clock was wrong. It should be apparent from this if +you have entered the time wrongly, e.g. with the wrong time zone. + +The rate of drift of the system clock is estimated by a regression +process using the entered measurement and all previous measurements +entered during the present run of @code{chronyd}. However, the entered +measurement is used for adjusting the current clock offset (rather than +the estimated intercept from the regression, which is ignored). +Contrast what happens with the @code{manual delete} command, where the +intercept is used to set the current offset (since there is no +measurement that has just been typed in in that case). + +The time is parsed by the public domain @file{getdate} algorithm. +Consequently, you can only specify time to the nearest second. + +Examples of inputs that are valid are shown below. + +@example +settime 16:30 +settime 16:30:05 +settime Nov 21, 1997 16:30:05 +@end example + +For a full description of @code{getdate}, get hold of the getdate +documentation (bundled, for example, with the source for GNU tar). +@c }}} +@c {{{ sources +@node sources command +@subsubsection sources +This command displays information about the current time sources that +@code{chronyd} is accessing. + +The optional argument @code{-v} can be specified, meaning @emph{verbose}. In +this case, extra caption lines are shown as a reminder of the meanings of the +columns. + +@example +@group +210 Number of sources = 3 +MS Name/IP address Stratum Poll Reach LastRx Last sample +=============================================================================== +#* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns +^? a.b.c 2 6 377 23 -923us[ -924us] +/- 43ms +^+ d.e.f 1 6 377 21 -2629us[-2619us] +/- 86ms +@end group +@end example + +The columns are as follows: + +@table @code +@item M +This indicates the mode of the source. @code{^} means a server, +@code{=} means a peer and @code{#} indicates a locally connected +reference clock. + +@item S +This column indicates the state of the sources. @code{*} indicates the +source to which @code{chronyd} is currently synchronised. @code{+} +indicates acceptable sources which are combined with the selected +source. @code{-} indicates acceptable sources which are excluded by +the combining algorithm. @code{?} indicates sources to which +connectivity has been lost or whose packets don't pass all tests. +@code{x} indicates a clock which @code{chronyd} +thinks is is a falseticker (i.e. its time is inconsistent with a +majority of other sources). @code{~} indicates a source whose time +appears to have too much variability. The @code{?} condition is also +shown at start-up, until at least 3 samples have been gathered from it. + +@item Name/IP address +This shows the name or the IP address of the source, or refid for +reference clocks. + +@item Stratum +This shows the stratum of the source, as reported in its most recently +received sample. Stratum 1 indicates a computer with a locally attached +reference clock. A computer that is synchronised to a stratum 1 +computer is at stratum 2. A computer that is synchronised to a stratum +2 computer is at stratum 3, and so on. + +@item Poll +This shows the rate at which the source is being polled, as a base-2 +logarithm of the interval in seconds. Thus, a value of 6 would indicate +that a measurement is being made every 64 seconds. + +@code{chronyd} automatically varies the polling rate in response to prevailing +conditions. + +@item Reach +This shows the source's reachability register printed as octal number. The +register has 8 bits and is updated on every received or missed packet from +the source. A value of 377 indicates that a valid reply was received for all +from the last eight transmissions. + +@item LastRx +This column shows how long ago the last sample was received from the +source. This is normally in seconds. The letters @code{m}, @code{h}, +@code{d} or @code{y} indicate minutes, hours, days or years. A value +of 10 years indicates there were no samples received from this source +yet. + +@item Last sample +This column shows the offset between the local clock and the source at +the last measurement. The number in the square brackets shows the +actual measured offset. This may be suffixed by @code{ns} (indicating +nanoseconds), @code{us} (indicating +microseconds), @code{ms} (indicating milliseconds), or @code{s} +(indicating seconds). The number to the left of the square brackets +shows the original measurement, adjusted to allow for any slews applied +to the local clock since. The number following the @code{+/-} indicator +shows the margin of error in the measurement. + +Positive offsets indicate that the local clock is fast of the source. + +@end table +@c }}} +@c {{{ sourcestats +@node sourcestats command +@subsubsection sourcestats + +The @code{sourcestats} command displays information about the drift rate +and offset estimatation process for each of the sources currently being +examined by @code{chronyd}. + +The optional argument @code{-v} can be specified, meaning @emph{verbose}. In +this case, extra caption lines are shown as a reminder of the meanings of the +columns. + +An example report is + +@example +@group +210 Number of sources = 1 +Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev +=============================================================================== +abc.def.ghi 11 5 46m -0.001 0.045 1us 25us +@end group +@end example + +The columns are as follows + +@table @code +@item Name/IP Address +This is the name or IP address of the NTP server (or peer) or refid of +the refclock to which the rest of the line relates. + +@item NP +This is the number of sample points currently being retained for the +server. The drift rate and current offset are estimated by performing a +linear regression through these points. + +@item NR +This is the number of runs of residuals having the same sign following +the last regression. If this number starts to become too small relative +to the number of samples, it indicates that a straight line is no longer +a good fit to the data. If the number of runs is too low, +@code{chronyd} discards older samples and re-runs the regression until +the number of runs becomes acceptable. + +@item Span +This is the interval between the oldest and newest samples. If no unit +is shown the value is in seconds. In the example, the interval is 46 +minutes. + +@item Frequency +This is the estimated residual frequency for the server, in parts per +million. In this case, the computer's clock is estimated to be running +1 part in 10**9 slow relative to the server. + +@item Freq Skew +This is the estimated error bounds on @code{Freq} (again in parts per +million). + +@item Offset +This is the estimated offset of the source. + +@item Std Dev +This is the estimated sample standard deviation. + +@end table +@c }}} +@c {{{ timeout +@node timeout command +@subsubsection timeout +The @code{timeout} command sets the initial timeout for @code{chronyc} requests +in milliseconds. If no response is received from @code{chronyd}, the timeout is +doubled and the request is resent. The maximum number of retries is configured +with the @code{retries} command (@pxref{retries command}). + +By default, the timeout is 1000 milliseconds or 100 milliseconds if +@code{chronyc} is contacting localhost (i.e. the `-h' option wasn't specified) +and @code{chronyd} was compiled with asynchronous name resolving. +@c }}} +@c {{{ tracking +@node tracking command +@subsubsection tracking +The @code{tracking} command displays parameters about the system's clock +performance. An example of the output is shown below. + +@example +Reference ID : 1.2.3.4 (a.b.c) +Stratum : 3 +Ref time (UTC) : Fri Feb 3 15:00:29 2012 +System time : 0.000001501 seconds slow of NTP time +Last offset : -0.000001632 seconds +RMS offset : 0.000002360 seconds +Frequency : 331.898 ppm fast +Residual freq : 0.004 ppm +Skew : 0.154 ppm +Root delay : 0.373169 seconds +Root dispersion : 0.024780 seconds +Update interval : 64.2 seconds +Leap status : Normal + +@end example + +The fields are explained as follows. + +@table @code +@item Reference ID +This is the refid and name (or IP address) if available, of the server to which +the computer is currently synchronised. If this is @code{127.127.1.1} +it means the computer is not synchronised to any external source and +that you have the `local' mode operating (via the @code{local} command +in @code{chronyc} (@pxref{local command}), or the @code{local} directive +in the @file{@SYSCONFDIR@/chrony.conf} file (@pxref{local directive})). + +@item Stratum +The stratum indicates how many hops away from a computer with an +attached reference clock we are. Such a computer is a stratum-1 +computer, so the computer in the example is two hops away +(i.e. @code{a.b.c} is a stratum-2 and is synchronised from a stratum-1). + +@item Ref time +This is the time (UTC) at which the last measurement from the reference +source was processed. + +@item System time +In normal operation, @code{chronyd} @emph{never} steps the system clock, +because any jump in the timescale can have adverse consequences for +certain application programs. Instead, any error in the system clock is +corrected by slightly speeding up or slowing down the system clock until +the error has been removed, and then returning to the system clock's +normal speed. A consequence of this is that there will be a period when +the system clock (as read by other programs using the +@code{gettimeofday()} system call, or by the @code{date} command in the +shell) will be different from @code{chronyd's} estimate of the current +true time (which it reports to NTP clients when it is operating in +server mode). The value reported on this line is the difference due to +this effect. + +On systems such as Solaris and SunOS, @code{chronyd} has no means to +adjust the fundamental rate of the system clock, so keeps the system +time correct by periodically making offsets to it as though an error had +been measured. The build up of these offsets will be observed in this +report. + +@item Last offset +This is the estimated local offset on the last clock update. + +@item RMS offset +This is a long-term average of the offset value. + +@item Frequency +The `frequency' is the rate by which the system's clock would be would +be wrong if @code{chronyd} was not correcting it. It is expressed in +ppm (parts per million). For example, a value of 1ppm would mean that +when the system's clock thinks it has advanced 1 second, it has actually +advanced by 1.000001 seconds relative to true time. + +As you can see in the example, the clock in the computer is not a very +good one - it gains about 30 seconds per day! + +@item Residual freq +This shows the `residual frequency' for the currently selected reference +source. This reflects any difference between what the measurements from +the reference source indicate the frequency should be and the frequency +currently being used. + +The reason this is not always zero is that a smoothing procedure is +applied to the frequency. Each time a measurement from the reference +source is obtained and a new residual frequency computed, the estimated +accuracy of this residual is compared with the estimated accuracy (see +`skew' next) of the existing frequency value. A weighted average is +computed for the new frequency, with weights depending on these +accuracies. If the measurements from the reference source follow a +consistent trend, the residual will be driven to zero over time. + +@item Skew +This is the estimated error bound on the the frequency. + +@item Root delay +This is the total of the network path delays to the stratum-1 computer +from which the computer is ultimately synchronised. + +In certain extreme situations, this value can be negative. (This can +arise in a symmetric peer arrangement where the computers' frequencies +are not tracking each other and the network delay is very short relative +to the turn-around time at each computer.) + +@item Root dispersion +This is the total dispersion accumulated through all the computers back +to the stratum-1 computer from which the computer is ultimately +synchronised. Dispersion is due to system clock resolution, statistical +measurement variations etc. + +An absolute bound on the computer's clock accuracy (assuming the +stratum-1 computer is correct) is given by + +@example +clock_error <= root_dispersion + (0.5 * |root_delay|) +@end example + +@item Update interval +This is the interval between the last two clock updates. + +@item Leap status +This is the leap status, which can be @code{Normal}, @code{Insert second}, +@code{Delete second} or @code{Not synchronised}. + +@end table +@c }}} +@c {{{ trimrtc +@node trimrtc command +@subsubsection trimrtc +The @code{trimrtc} command is used to correct the system's real time +clock (RTC) to the main system clock. It has no effect if the error +between the two clocks is currently estimated at less than a second (the +resolution of the RTC is only 1 second). + +The command takes no arguments. It performs the following steps (if the +RTC is more than 1 second away from the system clock): + +@enumerate 1 +@item +Remember the currently estimated gain/loss rate of the RTC and flush the +previous measurements. +@item +Step the real time clock to bring it within a second of the system clock. +@item +Make several measurements to accurately determine the new offset between +the RTC and the system clock (i.e. the remaining fraction of a second +error) +@item +Save the RTC parameters to the RTC file (specified with the +@code{rtcfile} directive in the configuration file (@pxref{rtcfile +directive}). +@end enumerate + +The last step is done as a precaution against the computer suffering a +power failure before either the daemon exits or the @code{writertc} +command is issued. + +@code{chronyd} will still work perfectly well both whilst operating and +across machine reboots even if the @code{trimrtc} command is never used +(and the RTC is allowed to drift away from true time). The +@code{trimrtc} command is provided as a method by which it can be +corrected, in a manner compatible with @code{chronyd} using it to +maintain accurate time across machine reboots. + +The @code{trimrtc} command can be executed automatically by @code{chronyd} +with the @code{rtcautotrim} directive (@pxref{rtcautotrim directive}). +@c }}} +@c {{{ waitsync +@node waitsync command +@subsubsection waitsync +The @code{waitsync} command waits for @code{chronyd} to synchronise. + +Up to three optional arguments can be specified, the first is the maximum +number of tries in 10 second intervals before giving up and returning a +non-zero error code. When 0 is specified, or there are no arguments, the +number of tries will not be limited. + +The second and third arguments are the maximum allowed remaining correction of +the system clock and the maximum allowed skew (in ppm) as reported by the +@code{tracking} command (@pxref{tracking command}) in the @code{System time} +and @code{Skew} fields. If not specified or zero, the value will not be +checked. + +An example is + +@example +waitsync 60 0.01 +@end example + +which will wait up to about 10 minutes for @code{chronyd} to synchronise to a +source and the remaining correction to be less than 10 milliseconds. +@c }}} +@c {{{ writertc +@node writertc command +@subsubsection writertc +The @code{writertc} command writes the currently estimated error and +gain/loss rate parameters for the RTC to the RTC file (specified with +the @code{rtcfile} directive (@pxref{rtcfile directive})). This +information is also written automatically when @code{chronyd} is killed +(with SIGHUP, SIGINT, SIGQUIT or SIGTERM) or when the @code{trimrtc} +command is issued. +@c }}} +@c }}} +@c }}} +@c }}} +@c {{{ Ch:FAQ +@node FAQ +@chapter Frequently asked questions + +@c {{{ Chapter top +@menu +* Administrative issues:: +* Chrony compared to other programs:: +* Configuration issues:: +* Computer is not synchronising:: +* Issues with chronyc:: +* Real-time clock issues:: +* Microsoft Windows:: +* NTP-specific issues:: +* Linux-specific issues:: +* Solaris-specific issues:: +@end menu +@c }}} +@c {{{ S:Administrative issues +@node Administrative issues +@section Administrative issues + +@subsection Where can I get chrony source code? +Tarballs are available via the @code{Download} link on the chrony web site. +For the current development from the developers' version control system see the +@code{Git} link on the web site. + +@subsection Are there any packaged versions of chrony? +We are aware of packages for Arch, Debian, Fedora, Gentoo, Mandriva, Slackware, +Ubuntu, FreeBSD and NetBSD. We are not involved with how these are built or +distributed. + +@subsection Where is the home page? +It is currently at +@uref{http://chrony.tuxfamily.org, http://chrony.tuxfamily.org}. + +@subsection Is there a mailing list? +Yes, it's currently at @email{chrony-users@@chrony.tuxfamily.org}. There is a +low-volume list called chrony-announce which is just for announcements of new +releases or similar matters of high importance. You can join the lists by +sending a message with the subject subscribe to +@email{chrony-users-request@@chrony.tuxfamily.org} or +@email{chrony-announce-request@@chrony.tuxfamily.org} respectively. + +For those who want to contribute to the development of chrony, there is a +developers' mailing list. You can subscribe by sending mail with the subject +subscribe to @email{chrony-dev-request@@chrony.tuxfamily.org}. + +@subsection What licence is applied to chrony? +Starting from version 1.15, chrony is licensed under the GNU General Public +License, Version 2. Versions prior to 1.15 were licensed under a custom +BSD-like license. +@c }}} +@c {{{ S:Chrony compared to other programs +@node Chrony compared to other programs +@section Chrony compared to other programs +@subsection How does chrony compare to ntpd? +Chrony can usually synchronise the system clock faster and with better time +accuracy, but it doesn't implement all NTP features, e.g. broadcast/multicast +mode, or authentication based on public-key cryptography. For a more detailed +comparison, see section @code{Comparison with ntpd} in the manual. + +If your computer connects to the 'net only for few minutes at a time, you turn +your Linux computer off or suspend it frequently, the clock is not very stable +(e.g. it is a virtual machine), or you want to use NTP on an isolated network +with no hardware clocks in sight, chrony will probably work much better for +you. + +The original reason chrony was written was that ntpd (called xntpd at the +time) could not to do anything sensible on a PC which was connected to +the 'net only for about 5 minutes once or twice a day, mainly to +upload/download email and news. The requirements were + +@itemize @bullet +@item slew the time to correct it when going online and NTP servers become +visible +@item determine the rate at which the computer gains or loses time and use this +information to keep it reasonably correct between connects to the 'net. This +has to be done using a method that does not care about the intermittent +availability of the references or the fact the computer is turned off between +groups of measurements. +@item maintain the time across reboots, by working out the error and drift rate +of the computer's real-time clock and using this information to set the system +clock correctly at boot up. +@end itemize + +Also, when working with isolated networks with no true time references at all +ntpd was found to give no help with managing the local clock's gain/loss rate +on the NTP master node (which was set from watch). Some automated support was +added to chrony to deal with this. + +@c }}} +@c {{{ S:Configuration issues +@node Configuration issues +@section Configuration issues + +@subsection I have several computers on a LAN. Should be all clients of an external server? +The best configuration is usually to make one computer the master, with the +others as clients of it. Add a @code{local} directive to the master's +chrony.conf file. This configuration will be better because + +@itemize @bullet +@item the load on the external connection is less +@item the load on the external NTP server(s) is less +@item if your external connection goes down, the computers on the LAN will +maintain a common time with each other. +@end itemize + +@subsection Must I specify servers by IP address if DNS is not available on chronyd start? +No. Starting from version 1.25, @code{chronyd} will keep trying to resolve the +hostnames specified in the @code{server} and @code{peer} directives in +increasing intervals until it succeeds. The @code{online} command can be +issued from @code{chronyc} to try to resolve them immediately. + +@subsection How can I make chronyd more secure? +If you don't need to serve time to NTP clients, you can add @code{port 0} to +the @file{chrony.conf} file to disable the NTP server/peer sockets and prevent +NTP requests from reaching @code{chronyd}. + +If you don't need to use @code{chronyc} remotely, you can add the following +directives to the configuration file to bind the command sockets to the +loopback interface + +@example +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 +@end example + +If you don't need to use @code{chronyc} at all, you can disable the command +sockets by adding @code{cmdport 0} to the configuration file. +@c }}} +@c {{{ S:Computer is not synchronising +@node Computer is not synchronising +@section Computer is not synchronising + +This is the most common problem. There are a number of reasons, see the +following questions. + +@subsection Behind a firewall? +If there is a firewall between you and the NTP server you're trying to use, +the packets may be blocked. Try using a tool like wireshark or tcpdump to see +if you're getting responses from the server. If you have an external modem, +see if the receive light blinks straight after the transmit light (when the +link is quiet apart from the NTP traffic.) Try adding @code{log measurements} +to the @file{chrony.conf} file and look in the measurements.log file after +chrony has been running for a short period. See if any measurements appear. + +@subsection Do you have a non-permanent (i.e. intermittent) Internet connection? +Check that you're using chronyc's @code{online} and @code{offline} commands +appropriately. Again, check in measurements.log to see if you're getting any +data back from the server. + +@subsection In measurements.log, do the '7' and '8' flag columns always show zero? +Do you have a @code{local stratum X} directive in the @file{chrony.conf} file? If X +is lower than the stratum of the server you're trying to use, this situation +will arise. You should always make X quite high (e.g. 10) in this directive. +@c }}} +@c {{{ S:Issues with chronyc +@node Issues with chronyc +@section Issues with chronyc + +@subsection I keep getting the error @code{506 Cannot talk to daemon} +Make sure that the @file{chrony.conf} file (on the computer where +@code{chronyd} is running) has a @code{cmdallow} entry for the computer you are +running @code{chronyc} on. This isn't necessary for localhost. + +Perhaps @code{chronyd} is not running. Try using the ps command (e.g. on +Linux, 'ps -auxw') to see if it's running. Or try 'netstat -a' and see if the +ports 123/udp and 323/udp are listening. If @code{chronyd} is not running, you +may have a problem with the way you are trying to start it (e.g. at boot time). + +Perhaps you have a firewall set up in a way that blocks packets on port +323/udp. You need to amend the firewall configuration in this case. + +@subsection Is the chronyc<->chronyd protocol documented anywhere? +Only by the source code :-) See cmdmon.c (@code{chronyd} side) and client.c +(@code{chronyc} side). +@c }}} +@c {{{ S:Real-time clock issues +@node Real-time clock issues +@section Real-time clock issues + +@subsection What is the real-time clock (RTC)? +This is the clock which keeps the time even when your computer is turned off. +It works with 1 second resolution. @code{chronyd} can monitor the rate at +which the real-time clock gains or loses time, and compensate for it when you +set the system time from it at the next reboot. See the documentation for +details. + +@subsection I want to use chronyd's real-time clock support. Must I disable hwclock? +The hwclock program is often set-up by default in the boot and shutdown scripts +with many Linux installations. If you want to use chronyd's real-time clock +support, the important thing is to disable hwclock in the shutdown procedure. +If you don't, it will over-write the RTC with a new value, unknown to +@code{chronyd}. At the next reboot, @code{chronyd} will compensate this (wrong) +time with its estimate of how far the RTC has drifted whilst the power was off, +giving a meaningless initial system time. + +There is no need to remove hwclock from the boot process, as long as +@code{chronyd} is started after it has run. + +@subsection I just keep getting the '513 RTC driver not running' message +For the real time clock support to work, you need the following three things +@itemize @bullet +@item a kernel that is supported (e.g. 2.2 onwards) +@item enhanced RTC support compiled into the kernel +@item an @code{rtcfile} directive in your chrony.conf file +@end itemize +@c }}} +@c {{{ S:Microsoft Windows +@node Microsoft Windows +@section Microsoft Windows + +@subsection Does chrony support Windows? +No. The @code{chronyc} program (the command-line client used for configuring +@code{chronyd} while it is running) has been successfully built and run under +Cygwin in the past. @code{chronyd} is not portable, because part of it is very +system-dependent. It needs adapting to work with Windows' equivalent of the +adjtimex() call, and it needs to be made to work as an NT service. + +@subsection Are there any plans to support Windows? +We have no plans to do this. Anyone is welcome to pick this work up and +contribute it back to the project. +@c }}} +@c {{{ S:NTP-specific issues +@node NTP-specific issues +@section NTP-specific issues + +@subsection Can chrony be driven from broadcast NTP servers? +No, this NTP mode is not implemented yet. + +@subsection Can chronyd transmit broadcast NTP packets (e.g. to synchronise other computers on a private LAN)? +Yes. Starting from version 1.17, chrony has this capability. + +@subsection Can chrony keep the system clock a fixed offset away from real time? +This is not possible as the program currently stands. + +@subsection What happens if the network connection is dropped without using chronyc's 'offline' command first? +In this case @code{chronyd} will keep trying to access the server(s) that it +thinks are online. Eventually it will decide that they are unreachable and no +longer consider itself synchronised to them. If you have other computers on +your LAN accessing the computer that is affected this way, they too will become +'unsynchronised', unless you have the 'local' directive set up on the master +computer. + +The 'auto_offline' option to the 'server' entry in the chrony.conf file may be +useful to avoid this situation. +@c }}} +@c {{{ S:Linux-specific issues +@node Linux-specific issues +@section Linux-specific issues + +@subsection I get "Could not open /dev/rtc, Device or resource busy" in my syslog file +Some other program running on the system may be using the device. +@c }}} +@c {{{ S:Solaris-specific issues +@node Solaris-specific issues +@section Solaris-specific issues + +@subsection On Solaris 2.8, I get an error message about not being able to open kvm to change dosynctodr +(The dosynctodr variable controls whether Solaris couples the equivalent of its +BIOS clock into its system clock at regular intervals). The Solaris port of +chrony was developed in the Solaris 2.5 era. Some aspect of the Solaris kernel +has changed which prevents the same technique working. We no longer have root +access to any Solaris machines to work on this, and we are reliant on somebody +developing the patch and testing it. +@c }}} +@c }}} +@c {{{ apx:GNU General Public License +@node GPL +@appendix GNU General Public License + +@center GNU GENERAL PUBLIC LICENSE +@center Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. +@c }}} +@contents +@bye +@c vim:cms=@c\ %s:fdm=marker:fdc=5:syntax=off + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chrony.txt atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.txt --- atmark-dist-20150618/user/chrony/chrony-1.30/chrony.txt 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony.txt 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,4636 @@ +User guide for the chrony suite +******************************* + +1 Introduction +************** + +1.1 Overview +============ + +Chrony is a software package for maintaining the accuracy of computer +system clocks. It consists of a pair of programs : + + * 'chronyd'. This is a daemon which runs in background on the + system. It obtains measurements (e.g. via the network) of the + system's offset relative to other systems, and adjusts the system + time accordingly. For isolated systems, the user can periodically + enter the correct time by hand (using 'chronyc'). In either case, + 'chronyd' determines the rate at which the computer gains or loses + time, and compensates for this. + + 'chronyd' can also act as an NTP server, and provide a time-of-day + service to other computers. A typical set-up is to run 'chronyd' + on a gateway computer that has a dial-up link to the Internet, and + use it to serve time to computers on a private LAN sitting behind + the gateway. The IP addresses that can act as clients of 'chronyd' + can be tightly controlled. The default is no client access. + + * 'chronyc'. This is a command-line driven control and monitoring + program. An administrator can use this to fine-tune various + parameters within the daemon, add or delete servers etc whilst the + daemon is running. + + The IP addresses from which 'chronyc' clients may connect can be + tightly controlled. The default is just the computer that + 'chronyd' itself is running on. + +1.2 Acknowledgements +==================== + +The 'chrony' suite makes use of the algorithm known as _RSA Data +Security, Inc. MD5 Message-Digest Algorithm_ for authenticating +messages between different machines on the network. + + In writing the 'chronyd' program, extensive use has been made of +RFC1305, written by David Mills. The 'ntp' suite's source code has been +occasionally used to check details of the protocol that the RFC did not +make absolutely clear. The core algorithms in 'chronyd' are all +completely distinct from 'ntp', however. + +1.3 Availability +================ + +1.3.1 Getting the software +-------------------------- + +Links on the chrony home page (http://chrony.tuxfamily.org) describe how +to obtain the software. + +1.3.2 Platforms +--------------- + +Although most of the program is portable between Unix-like systems, +there are parts that have to be tailored to each specific vendor's +system. These are the parts that interface with the operating system's +facilities for adjusting the system clock; different operating systems +may provide different function calls to achieve this, and even where the +same function is used it may have different quirks in its behaviour. + + The software is known to work in the following environments: + * Linux 2.2 and newer + + * NetBSD + * BSD/386 + + * Solaris 2.3/2.5/2.5.1/2.6/2.7/2.8 on Sparc (Sparc 20, Ultrasparc) + and i386 + + * SunOS 4.1.4 on Sparc 2 and Sparc20. + + Closely related systems may work too, but they have not been tested. + + Porting the software to other system (particularly to those +supporting an 'adjtime' system call) should not be difficult, however it +requires access to such systems to test out the driver. + +1.4 Relationship to other software packages +=========================================== + +1.4.1 ntpd +---------- + +The 'reference' implementation of the Network Time Protocol is the +program 'ntpd', available via The NTP home page (http://www.ntp.org/). + + One of the main differences between 'ntpd' and 'chronyd' is in the +algorithms used to control the computer's clock. Things 'chronyd' can +do better than 'ntpd': + + * 'chronyd' can perform usefully in an environment where access to + the time reference is intermittent. 'ntpd' needs regular polling + of the reference to work well. + * 'chronyd' can usually synchronise the clock faster and with better + time accuracy. + * 'chronyd' quickly adapts to sudden changes in the rate of the clock + (e.g. due to changes in the temperature of the crystal + oscillator). 'ntpd' may need a long time to settle down again. + * 'chronyd' can perform well even when the network is congested for + longer periods of time. + * 'chronyd' in the default configuration never steps the time to not + upset other running programs. 'ntpd' can be configured to never + step the time too, but it has to use a different means of adjusting + the clock, which has some disadvantages. + * 'chronyd' can adjust the rate of the clock on Linux in a larger + range, which allows it to operate even on machines with broken or + unstable clock (e.g. in some virtual machines). + + Things 'chronyd' can do that 'ntpd' can't: + + * 'chronyd' provides support for isolated networks whether the only + method of time correction is manual entry (e.g. by the + administrator looking at a clock). 'chronyd' can look at the + errors corrected at different updates to work out the rate at which + the computer gains or loses time, and use this estimate to trim the + computer clock subsequently. + + * 'chronyd' provides support to work out the gain or loss rate of the + 'real-time clock', i.e. the clock that maintains the time when the + computer is turned off. It can use this data when the system boots + to set the system time from a corrected version of the real-time + clock. These real-time clock facilities are only available on + Linux, so far. + + Things 'ntpd' can do that 'chronyd' can't: + + * 'ntpd' fully supports NTP version 4 (RFC5905), including broadcast, + multicast, manycast clients / servers and the orphan mode. It also + supports extra authentication schemes based on public-key + cryptography (RFC5906). 'chronyd' uses NTP version 3 (RFC1305), + which is compatible with version 4. + + * 'ntpd' has been ported to more types of computer / operating + system. + + * 'ntpd' includes drivers for many reference clocks. 'chronyd' + relies on other programs (e.g. gpsd) to access the data from the + reference clocks. + +1.4.2 timed +----------- + +'timed' is a program that is part of the BSD networking suite. It uses +broadcast packets to find all machines running the daemon within a +subnet. The machines elect a master which periodically measures the +system clock offsets of the other computers using ICMP timestamps. +Corrections are sent to each member as a result of this process. + + Problems that may arise with 'timed' are : + + * Because it uses broadcasts, it is not possible to isolate its + functionality to a particular group of computers; there is a risk + of upsetting other computers on the same network (e.g. where a + whole company is on the same subnet but different departments are + independent from the point of view of administering their + computers.) + * The update period appears to be 10 minutes. Computers can build up + significant offsets relative to each other in that time. If a + computer can estimate its rate of drift it can keep itself closer + to the other computers between updates by adjusting its clock every + few seconds. 'timed' does not seem to do this. + * 'timed' does not have any integrated capability for feeding + real-time into its estimates, or for estimating the average rate of + time loss/gain of the machines relative to real-time (unless one of + the computers in the group has access to an external reference and + is always appointed as the 'master'). + + 'timed' does have the benefit over 'chronyd' that for isolated +networks of computers, they will track the 'majority vote' time. For +such isolated networks, 'chronyd' requires one computer to be the +'master' with the others slaved to it. If the master has a particular +defective clock, the whole set of computers will tend to slip relative +to real time (but they _will_ stay accurate relative to one another). + +1.5 Distribution rights and (lack of) warranty +============================================== + +Chrony may be distributed in accordance with the GNU General Public +License version 2, reproduced in *Note GPL::. + +1.6 Bug reporting and suggestions +================================= + +If you think you've found a bug in chrony, or have a suggestion, please +let us know. You can join chrony users mailing list by sending a +message with the subject subscribe to +. Only subscribers can post +to the list. + + When you are reporting a bug, please send us all the information you +can. Unfortunately, chrony has proven to be one of those programs where +it is very difficult to reproduce bugs in a different environment. So +we may have to interact with you quite a lot to obtain enough extra +logging and tracing to pin-point the problem in some cases. Please be +patient and plan for this! + + Of course, if you can debug the problem yourself and send us a source +code patch to fix it, we will be very grateful! + +1.7 Contributions +================= + +Although chrony is now a fairly mature and established project, there +are still areas that could be improved. If you can program in C and +have some expertise in these areas, you might be able to fill the gaps. + + Particular areas that need addressing are : + + 1. Porting to other Unices + + This involves creating equivalents of sys_solaris.c, sys_linux.c + etc for the new system. Note, the Linux driver has been reported + as working on a range of different architectures (Alpha, Sparc, + MIPS as well as x86 of course). + + 2. Porting to Windows NT + + A small amount of work on this was done under Cygwin. Only the + sorting out of the include files has really been achieved so far. + The two main areas still to address are + + 1. The system clock driver. + 2. How to make chronyd into an NT service (i.e. what to replace + fork(), setsid() etc with so that chronyd can be automatically + started in the system bootstrap. + + 3. More drivers for reference clock support + +2 Installation +************** + +The software is distributed as source code which has to be compiled. +The source code is supplied in the form of a gzipped tar file, which +unpacks to a subdirectory identifying the name and version of the +program. + + After unpacking the source code, change directory into it, and type + + ./configure + + This is a shell script that automatically determines the system type. +There is a single optional parameter, '--prefix' which indicates the +directory tree where the software should be installed. For example, + + ./configure --prefix=/opt/free + + will install the 'chronyd' daemon into /opt/free/sbin and the +'chronyc' control program into /opt/free/bin. The default value for the +prefix is /usr/local. + + The configure script assumes you want to use gcc as your compiler. +If you want to use a different compiler, you can configure this way: + + CC=cc CFLAGS=-O ./configure --prefix=/opt/free + + for Bourne-family shells, or + + setenv CC cc + setenv CFLAGS -O + ./configure --prefix=/opt/free + + for C-family shells. + + If the software cannot (yet) be built on your system, an error +message will be shown. Otherwise, 'Makefile' will be generated. + + If editline or readline library is available, chronyc will be built +with line editing support. If you don't want this, specify the +-disable-readline flag to configure. Please refer to *note line editing +support:: for more information. + + If a 'timepps.h' header is available (e.g. from the LinuxPPS project +(http://linuxpps.org/)), 'chronyd' will be built with PPS API reference +clock driver. If the header is installed in a location that isn't +normally searched by the compiler, you can add it to the searched +locations by setting 'CPPFLAGS' variable to '-I/path/to/timepps'. + + Now type + + make + + to build the programs. + + If you want to build the manual in plain text, HTML and info +versions, type + + make docs + + Once the programs have been successfully compiled, they need to be +installed in their target locations. This step normally needs to be +performed by the superuser, and requires the following command to be +entered. + + make install + + This will install the binaries, plain text manual and manpages. + + To install the HTML and info versions of the manual as well, enter +the command + + make install-docs + + If you want chrony to appear in the top level info directory listing, +you need to run the 'install-info' command manually after this step. +'install-info' takes 2 arguments. The first is the path to the +'chrony.info' file you have just installed. This will be the argument +you gave to -prefix when you configured ('/usr/local' by default), with +'/share/info/chrony.info' on the end. The second argument is the +location of the file called 'dir'. This will typically be +'/usr/share/info/dir'. So the typical command line would be + + install-info /usr/local/share/info/chrony.info /usr/share/info/dir + + Now that the software is successfully installed, the next step is to +set up a configuration file. The default location of the file is +'/etc/chrony.conf'. Suppose you want to use public NTP servers from the +pool.ntp.org project as your time reference. A minimal useful +configuration file could be + + server 0.pool.ntp.org iburst + server 1.pool.ntp.org iburst + server 2.pool.ntp.org iburst + makestep 10 3 + + Then, 'chronyd' can be run. + +2.1 Support for line editing libraries +====================================== + +Chronyc can be built with support for line editing, this allows you to +use the cursor keys to replay and edit old commands. Two libraries are +supported which provide such functionality, editline and GNU readline. + + Please note that readline since version 6.0 is licensed under GPLv3+ +which is incompatible with chrony's license GPLv2. You should use +editline instead if you don't want to use older readline versions. + + The configure script will automatically enable the line editing +support if one of the supported libraries is available. If they are +both available, the editline library will be used. + + If you don't want to use it (in which case chronyc will use a minimal +command line interface), invoke configure like this: + + ./configure --disable-readline other-options... + + If you have editline, readline or ncurses installed in locations that +aren't normally searched by the compiler and linker, you need to use +extra options: + +'--with-readline-includes=directory_name' + This defines the name of the directory above the one where + 'readline.h' is. 'readline.h' is assumed to be in 'editline' or + 'readline' subdirectory of the named directory. + +'--with-readline-library=directory_name' + This defines the directory containing the 'libedit.a' or + 'libedit.so' file, or 'libreadline.a' or 'libreadline.so' file. + +'--with-ncurses-library=directory_name' + This defines the directory containing the 'libncurses.a' or + 'libncurses.so' file. + +2.2 Extra options for package builders +====================================== + +The configure and make procedures have some extra options that may be +useful if you are building a distribution package for chrony. + + The -infodir=DIR option to configure specifies an install directory +for the info files. This overrides the 'info' subdirectory of the +argument to the -prefix option. For example, you might use + + ./configure --prefix=/usr --infodir=/usr/share/info + + The -mandir=DIR option to configure specifies an install directory +for the man pages. This overrides the 'man' subdirectory of the +argument to the -prefix option. + + ./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man + + to set both options together. + + The final option is the DESTDIR option to the make command. For +example, you could use the commands + + ./configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man + make all docs + make install DESTDIR=./tmp + cd tmp + tar cvf - . | gzip -9 > chrony.tar.gz + + to build a package. When untarred within the root directory, this +will install the files to the intended final locations. + +3 Typical operating scenarios +***************************** + +3.1 Computers connected to the internet +======================================= + +In this section we discuss how to configure chrony for computers that +are connected to the Internet (or to any network containing true NTP +servers which ultimately derive their time from a reference clock) +permanently or most of the time. + + To operate in this mode, you will need to know the names of the NTP +server machines you wish to use. You may be able to find names of +suitable servers by one of the following methods: + + * Your institution may already operate servers on its network. + Contact your system administrator to find out. + + * Your ISP probably has one or more NTP servers available for its + customers. + + * Somewhere under the NTP homepage there is a list of public stratum + 1 and stratum 2 servers. You should find one or more servers that + are near to you -- check that their access policy allows you to use + their facilities. + + * Use public servers from the pool.ntp.org project + (http://www.pool.ntp.org/). + + Assuming that you have found some servers, you need to set up a +configuration file to run chrony. The (compiled-in) default location +for this file is '/etc/chrony.conf'. Assuming that your ntp servers are +called 'a.b.c' and 'd.e.f', your 'chrony.conf' file could contain as a +minimum + + server a.b.c + server d.e.f + server g.h.i + + However, you will probably want to include some of the other +directives described later. The 'driftfile' and 'makestep' directives +may be particularly useful. Also, the 'iburst' server option is useful +to speed up the initial synchronization. The smallest useful +configuration file would look something like + + server a.b.c iburst + server d.e.f iburst + server g.h.i iburst + driftfile /var/lib/chrony/drift + makestep 10 3 + +3.2 Infrequent connection to true NTP servers +============================================= + +In this section we discuss how to configure chrony for computers that +have occasional connections to the internet. + +3.2.1 Setting up the configuration file for infrequent connections +------------------------------------------------------------------ + +As in the previous section, you will need access to NTP servers on the +internet. The same remarks apply for how to find them. + + In this case, you will need some additional configuration to tell +'chronyd' when the connection to the internet goes up and down. This +saves the program from continuously trying to poll the servers when they +are inaccessible. + + Again, assuming that your ntp servers are called 'a.b.c' and 'd.e.f', +your 'chrony.conf' file would need to contain something like + + server a.b.c + server d.e.f + server g.h.i + + However, your computer will keep trying to contact the servers to +obtain timestamps, even whilst offline. If you operate a dial-on-demand +system, things are even worse, because the link to the internet will +keep getting established. + + For this reason, it would be better to specify this part of your +configuration file in the following way: + + server a.b.c offline + server d.e.f offline + server g.h.i offline + + The 'offline' keyword indicates that the servers start in an offline +state, and that they should not be contacted until 'chronyd' receives +notification that the link to the internet is present. + + In order to notify 'chronyd' of the presence of the link, you will +need to be able to log in to it with the program 'chronyc'. To do this, +'chronyd' needs to be configured with an administrator password. The +password is read from a file specified by the 'keyfile' directive. The +'generatecommandkey' directive can be used to generate a random password +automatically on the first 'chronyd' start. + + The smallest useful configuration file would look something like + + server a.b.c offline + server d.e.f offline + server g.h.i offline + keyfile /etc/chrony.keys + generatecommandkey + driftfile /var/lib/chrony/drift + makestep 10 3 + + The next section describes how to tell 'chronyd' when the internet +link goes up and down. + +3.2.2 How to tell chronyd when the internet link is available. +-------------------------------------------------------------- + +To use this option, you will need to configure a command key in +'chronyd's' configuration file '/etc/chrony.conf', as described in the +previous section. + + To tell 'chronyd' when to start and finish sampling the servers, the +'online' and 'offline' commands of chronyc need to be used. To give an +example of their use, we assume that 'pppd' is the program being used to +connect to the internet, and that chronyc has been installed at its +default location '/usr/local/bin/chronyc'. We also assume that the +command key has been set up as described in the previous section. + + In the file '/etc/ppp/ip-up' we add the command sequence + + /usr/local/bin/chronyc -a online + + and in the file '/etc/ppp/ip-down' we add the sequence + + /usr/local/bin/chronyc -a offline + + 'chronyd's' polling of the servers will now only occur whilst the +machine is actually connected to the Internet. + +3.3 Isolated networks +===================== + +In this section we discuss how to configure chrony for computers that +never have network conectivity to any computer which ultimately derives +its time from a reference clock. + + In this situation, one computer is selected to be the master +timeserver. The other computers are either direct clients of the +master, or clients of clients. + + The rate value in the master's drift file needs to be set to the +average rate at which the master gains or loses time. 'chronyd' +includes support for this, in the form of the 'manual' directive in the +configuration file and the 'settime' command in the 'chronyc' program. + + If the master is rebooted, 'chronyd' can re-read the drift rate from +the drift file. However, the master has no accurate estimate of the +current time. To get around this, the system can be configured so that +the master can initially set itself to a 'majority-vote' of selected +clients' times; this allows the clients to 'flywheel' the master across +its outage. + + A typical configuration file for the master (called 'master') might +be (assuming the clients are in the 192.168.165.x subnet and that the +master's address is 192.168.169.170) + + driftfile /var/lib/chrony/drift + generatecommandkey + keyfile /etc/chrony.keys + initstepslew 10 client1 client3 client6 + local stratum 8 + manual + allow 192.168.165 + + For the clients that have to resynchronise the master when it +restarts, the configuration file might be + + server master + driftfile /var/lib/chrony/drift + logdir /var/log/chrony + log measurements statistics tracking + keyfile /etc/chrony.keys + generatecommandkey + local stratum 10 + initstepslew 20 master + allow 192.168.169.170 + + The rest of the clients would be the same, except that the 'local' +and 'allow' directives are not required. + +3.4 The home PC with a dial-up connection +========================================= + +3.4.1 Assumptions/how the software works +---------------------------------------- + +This section considers the home computer which has a dial-up connection. +It assumes that Linux is run exclusively on the computer. Dual-boot +systems may work; it depends what (if anything) the other system does to +the system's real-time clock. + + Much of the configuration for this case is discussed earlier (*note +Infrequent connection::). This section addresses specifically the case +of a computer which is turned off between 'sessions'. + + In this case, 'chronyd' relies on the computer's real-time clock +(RTC) to maintain the time between the periods when it is powered up. +The arrangement is shown in the figure below. + + trim if required PSTN + +---------------------------+ +----------+ + | | | | + v | | | + +---------+ +-------+ +-----+ +---+ + | System's| measure error/ |chronyd| |modem| |ISP| + |real-time|------------------->| |-------| | | | + | clock | drift rate +-------+ +-----+ +---+ + +---------+ ^ | + | | | + +---------------------------+ --o-----o--- + set time at boot up | + +----------+ + |NTP server| + +----------+ + + When the computer is connected to the Internet (via the modem), +'chronyd' has access to external NTP servers which it makes measurements +from. These measurements are saved, and straight-line fits are +performed on them to provide an estimate of the computer's time error +and rate of gaining/losing time. + + When the computer is taken offline from the Internet, the best +estimate of the gain/loss rate is used to free-run the computer until it +next goes online. + + Whilst the computer is running, 'chronyd' makes measurements of the +real-time clock (RTC) (via the '/dev/rtc' interface, which must be +compiled into the kernel). An estimate is made of the RTC error at a +particular RTC second, and the rate at which the RTC gains or loses time +relative to true time. + + On 2.6 and later kernels, if your motherboard has a HPET, you need to +enable the 'HPET_EMULATE_RTC' option in your kernel configuration. +Otherwise, chrony will not be able to interact with the RTC device and +will give up using it. + + When the computer is powered down, the measurement histories for all +the NTP servers are saved to files (if the 'dumponexit' directive is +specified in the configuration file), and the RTC tracking information +is also saved to a file (if the 'rtcfile' directive has been specified). +These pieces of information are also saved if the 'dump' and 'writertc' +commands respectively are issued through 'chronyc'. + + When the computer is rebooted, 'chronyd' reads the current RTC time +and the RTC information saved at the last shutdown. This information is +used to set the system clock to the best estimate of what its time would +have been now, had it been left running continuously. The measurement +histories for the servers are then reloaded. + + The next time the computer goes online, the previous sessions' +measurements can contribute to the line-fitting process, which gives a +much better estimate of the computer's gain/loss rate. + + One problem with saving the measurements and RTC data when the +machine is shut down is what happens if there is a power failure; the +most recent data will not be saved. Although 'chronyd' is robust enough +to cope with this, some performance may be lost. (The main danger +arises if the RTC has been changed during the session, with the +'trimrtc' command in 'chronyc'. Because of this, 'trimrtc' will make +sure that a meaningful RTC file is saved out after the change is +completed). + + The easiest protection against power failure is to put the 'dump' and +'writertc' commands in the same place as the 'offline' command is issued +to take 'chronyd' offline; because 'chronyd' free-runs between online +sessions, no parameters will change significantly between going offline +from the Internet and any power failure. + + A final point regards home computers which are left running for +extended periods and where it is desired to spin down the hard disc when +it is not in use (e.g. when not accessed for 15 minutes). 'chronyd' +has been planned so it supports such operation; this is the reason why +the RTC tracking parameters are not saved to disc after every update, +but only when the user requests such a write, or during the shutdown +sequence. The only other facility that will generate periodic writes to +the disc is the 'log rtc' facility in the configuration file; this +option should not be used if you want your disc to spin down. + +3.4.2 Typical configuration files. +---------------------------------- + +To illustrate how a dial-up home computer might be configured, example +configuration files are shown in this section. + + For the '/etc/chrony.conf' file, the following can be used as an +example. + + server 0.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline + server 1.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline + server 2.pool.ntp.org minpoll 5 maxpoll 10 maxdelay 0.4 offline + logdir /var/log/chrony + log statistics measurements tracking + driftfile /var/lib/chrony/drift + keyfile /etc/chrony.keys + generatecommandkey + makestep 10 3 + maxupdateskew 100.0 + dumponexit + dumpdir /var/lib/chrony + rtcfile /var/lib/chrony/rtc + + 'pppd' is used for connecting to the internet. This runs two scripts +'/etc/ppp/ip-up' and '/etc/ppp/ip-down' when the link goes online and +offline respectively. + + The relevant part of the '/etc/ppp/ip-up' file is + + /usr/local/bin/chronyc -a online + + and the relevant part of the '/etc/ppp/ip-down' script is + + /usr/local/bin/chronyc -a -m offline dump writertc + + To start 'chronyd' during the boot sequence, the following is in +'/etc/rc.d/rc.local' (this is a Slackware system) + + if [ -f /usr/local/sbin/chronyd -a -f /etc/chrony.conf ]; then + /usr/local/sbin/chronyd -r -s + echo "Start chronyd" + fi + + The placement of this command may be important on some systems. In +particular, 'chronyd' may need to be started before any software that +depends on the system clock not jumping or moving backwards, depending +on the directives in 'chronyd's' configuration file. + + For the system shutdown, 'chronyd' should receive a SIGTERM several +seconds before the final SIGKILL; the SIGTERM causes the measurement +histories and RTC information to be saved out. + +3.5 Other important configuration options +========================================= + +The most common option to include in the configuration file is the +'driftfile' option. One of the major tasks of 'chronyd' is to work out +how fast or how slow the system clock runs relative to real time - e.g. +in terms of seconds gained or lost per day. Measurements over a long +period are usually required to refine this estimate to an acceptable +degree of accuracy. Therefore, it would be bad if 'chronyd' had to work +the value out each time it is restarted, because the system clock would +not run so accurately whilst the determination is taking place. + + To avoid this problem, 'chronyd' allows the gain or loss rate to be +stored in a file, which can be read back in when the program is +restarted. This file is called the drift file, and might typically be +stored in '/var/lib/chrony/drift'. By specifying an option like the +following + + driftfile /var/lib/chrony/drift + + in the configuration file ('/etc/chrony.conf'), the drift file +facility will be activated. + +4 Usage reference +***************** + +4.1 Starting chronyd +==================== + +If 'chronyd' has been installed to its default location +'/usr/local/sbin/chronyd', starting it is simply a matter of entering +the command + + /usr/local/sbin/chronyd + + Information messages and warnings will be logged to syslog. + + If no configuration commands are specified on the command line, +'chronyd' will read the commands from the configuration file (default +'/etc/chrony.conf'). + + The command line options supported are as follows: + +'-n' + When run in this mode, the program will not detach itself from the + terminal. +'-d' + When run in this mode, the program will not detach itself from the + terminal, and all messages will be sent to the terminal instead of + to syslog. When 'chronyd' was compiled with debugging support, + this option can be used twice to print also debugging messages. +'-f ' + This option can be used to specify an alternate location for the + configuration file (default '/etc/chrony.conf'). +'-r' + This option will reload sample histories for each of the servers + and refclocks being used. These histories are created by using the + 'dump' command in 'chronyc', or by setting the 'dumponexit' + directive in the configuration file. This option is useful if you + want to stop and restart 'chronyd' briefly for any reason, e.g. to + install a new version. However, it only makes sense on systems + where the kernel can maintain clock compensation whilst not under + 'chronyd's' control. The only version where this happens so far is + Linux. On systems where this is not the case, e.g. Solaris and + SunOS the option should not be used. +'-R' + When this option is used, the 'initstepslew' directive and the + 'makestep' directive used with a positive limit will be ignored. + This option is useful when restarting 'chronyd' and can be used in + conjuction with the '-r' option. + +'-s' + This option will set the system clock from the computer's real-time + clock. This is analogous to supplying the '-s' flag to the + '/sbin/hwclock' program during the Linux boot sequence. + + Support for real-time clocks is limited at present - the criteria + are described in the section on the 'rtcfile' directive (*note + rtcfile directive::). + + If 'chronyd' cannot support the real time clock on your computer, + this option cannot be used and a warning message will be logged to + the syslog. + + If used in conjunction with the '-r' flag, 'chronyd' will attempt + to preserve the old samples after setting the system clock from the + real time clock. This can be used to allow 'chronyd' to perform + long term averaging of the gain or loss rate across system reboots, + and is useful for dial-up systems that are shut down when not in + use. For this to work well, it relies on 'chronyd' having been + able to determine accurate statistics for the difference between + the real time clock and system clock last time the computer was on. +'-u ' + This option sets the name of the user to which will 'chronyd' + switch to drop root privileges if compiled with Linux capabilities + support (default 'root'). +'-q' + When run in this mode, 'chronyd' will set the system clock once and + exit. It will not detach from the terminal. +'-Q' + This option is similar to '-q', but it will only print the offset + and not correct the clock. +'-v' + This option displays 'chronyd's' version number to the terminal and + exits. +'-P ' + This option will select the SCHED_FIFO real-time scheduler at the + specified priority (which must be between 0 and 100). This mode is + supported only on Linux. +'-m' + This option will lock chronyd into RAM so that it will never be + paged out. This mode is only supported on Linux. +'-4' + With this option hostnames will be resolved only to IPv4 addresses + and only IPv4 sockets will be created. +'-6' + With this option hostnames will be resolved only to IPv6 addresses + and only IPv6 sockets will be created. + + On systems that support an '/etc/rc.local' file for starting programs +at boot time, 'chronyd' can be started from there. + + On systems with a System V style initialisation, a suitable +start/stop script might be as shown below. This might be placed in the +file '/etc/rc2.d/S83chrony'. + + #!/bin/sh + # This file should have uid root, gid sys and chmod 744 + # + + killproc() { # kill the named process(es) + pid=`/usr/bin/ps -e | + /usr/bin/grep -w $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid + } + + case "$1" in + + 'start') + if [ -f /opt/free/sbin/chronyd -a -f /etc/chrony.conf ]; then + /opt/free/sbin/chronyd + fi + ;; + 'stop') + killproc chronyd + ;; + *) + echo "Usage: /etc/rc2.d/S83chrony { start | stop }" + ;; + esac + + (In both cases, you may want to bear in mind that 'chronyd' can step +the time when it starts. There may be other programs started at boot +time that could be upset by this, so you may need to consider the +ordering carefully. However, 'chronyd' will need to start after daemons +providing services that it may require, e.g. the domain name service.) + +4.2 The chronyd configuration file +================================== + +The configuration file is normally called '/etc/chrony.conf'; in fact, +this is the compiled-in default. However, other locations can be +specified with a command line option. + + Each command in the configuration file is placed on a separate line. +The following sections describe each of the commands in turn. The +directives can occur in any order in the file. + + The configuration commands can also be specified directly on the +'chronyd' command line, each argument is parsed as a line and the +configuration file is ignored. + +4.2.1 Comments in the configuration file +---------------------------------------- + +The configuration file may contain comment lines. A comment line is any +line that starts with zero or more spaces followed by any one of the +following characters: + * ! + * ; + * # + * % + Any line with this format will be ignored. + +4.2.2 acquisitionport +--------------------- + +By default, 'chronyd' uses a separate client socket for each configured +server and their source port is chosen arbitrarily by the operating +system. However, you can use the 'acquisitionport' directive to +explicitly specify a port and use only one socket (per IPv4/IPv6 address +family) for all configured servers. This may be useful for getting +through firewalls. + + It may be set to the same port as used by the NTP server (*note port +directive::) to use only one socket for all NTP packets. + + An example of the 'acquisitionport' command is + + acquisitionport 1123 + + This would change the source port used for client requests to +udp/1123. You could then persuade the firewall administrator to let +that port through. + +4.2.3 allow +----------- + +The 'allow' command is used to designate a particular subnet from which +NTP clients are allowed to access the computer as an NTP server. + + The default is that no clients are allowed access, i.e. 'chronyd' +operates purely as an NTP client. If the 'allow' directive is used, +'chronyd' will be both a client of its servers, and a server to other +clients. + + Examples of use of the command are as follows: + + allow foo.bar.com + allow 1.2 + allow 3.4.5 + allow 6.7.8/22 + allow 6.7.8.9/22 + allow 2001:db8::/32 + allow 0/0 + allow ::/0 + allow + + The first command allows the named node to be an NTP client of this +computer. The second command allows any node with an IPv4 address of +the form 1.2.x.y (with x and y arbitrary) to be an NTP client of this +computer. Likewise, the third command allows any node with an IPv4 +address of the form 3.4.5.x to have client NTP access. The fourth and +fifth forms allow access from any node with an IPv4 address of the form +6.7.8.x, 6.7.9.x, 6.7.10.x or 6.7.11.x (with x arbitrary), i.e. the +value 22 is the number of bits defining the specified subnet. (In the +fifth form, the final byte is ignored). The sixth form is used for IPv6 +addresses. The seventh and eighth forms allow access by any IPv4 and +IPv6 node respectively. The ninth forms allows access by any node (IPv4 +or IPv6). + + A second form of the directive, 'allow all', has a greater effect, +depending on the ordering of directives in the configuration file. To +illustrate the effect, consider the two examples + + allow 1.2.3.4 + deny 1.2.3 + allow 1.2 + + and + + allow 1.2.3.4 + deny 1.2.3 + allow all 1.2 + + In the first example, the effect is the same regardles of what order +the three directives are given in. So the 1.2.x.y subnet is allowed +access, except for the 1.2.3.x subnet, which is denied access, however +the host 1.2.3.4 is allowed access. + + In the second example, the 'allow all 1.2' directives overrides the +effect of _any_ previous directive relating to a subnet within the +specified subnet. Within a configuration file this capability is +probably rather moot; however, it is of greater use for reconfiguration +at run-time via 'chronyc' (*note allow all command::). + + Note, if the 'initstepslew' directive (*note initstepslew +directive::) is used in the configuration file, each of the computers +listed in that directive must allow client access by this computer for +it to work. + +4.2.4 bindacqaddress +-------------------- + +The 'bindacqaddress' directive sets the network interface to which will +'chronyd' bind its NTP client sockets. The syntax is similar to the +'bindaddress' and 'bindcmdaddress' directives. + + For each of IPv4 and IPv6 protocols, only one 'bindacqaddress' +directive can be specified. + +4.2.5 bindaddress +----------------- + +The 'bindaddress' directive allows you to restrict the network interface +to which 'chronyd' will listen for NTP requests. This provides an +additional level of access restriction above that available through the +'deny' mechanism. + + Suppose you have a local ethernet with addresses in the 192.168.1.0 +subnet together with an internet connection. The ethernet interface's +IP address is 192.168.1.1. Suppose you want to block all access through +the internet connection. You could add the line + + bindaddress 192.168.1.1 + + to the configuration file. + + This directive affects NTP (UDP port 123 by default) packets. If no +'bindcmdaddress' directive is present, the address supplied by +'bindaddress' will be used to control binding of the command socket (UDP +port 323 by default) as well. + + The 'bindaddress' directive has been found to cause problems when +used on computers that need to pass NTP traffic over multiple network +interfaces (e.g. firewalls). It is, therefore, not particularly +useful. Use of the 'allow' and 'deny' directives together with a +network firewall is more likely to be successful. + + For each of IPv4 and IPv6 protocols, only one 'bindaddress' directive +can be specified. + +4.2.6 bindcmdaddress +-------------------- + +The 'bindcmdaddress' directive allows you to restrict the network +interface to which 'chronyd' will listen for command packets (issued by +'chronyc'). This provides an additional level of access restriction +above that available through 'cmddeny' mechanism. + + Suppose you want to block all access except from localhost. You +could add the lines + + bindcmdaddress 127.0.0.1 + bindcmdaddress ::1 + + to the configuration file. + + For each of IPv4 and IPv6 protocols, only one 'bindcmdaddress' +directive can be specified. + + The default values are set by the 'bindaddress' directive. + + The 'bindcmdaddress' directive has been found to cause problems when +used on computers that need to pass command traffic over multiple +network interfaces. Use of the 'cmdallow' and 'cmddeny' directives +together with a network firewall is more likely to be successful. + +4.2.7 broadcast +--------------- + +The 'broadcast' directive is used to declare a broadcast address to +which chronyd should send packets in NTP broadcast mode (i.e. make +chronyd act as a broadcast server). Broadcast clients on that subnet +will be able to synchronise. + + The syntax is as follows + + broadcast 30 192.168.1.255 + broadcast 60 192.168.2.255 12123 + broadcast 60 ff02::101 + + In the first example, the destination port defaults to 123/udp (the +normal NTP port). In the second example, the destionation port is +specified as 12123. The first parameter in each case (30 or 60 +respectively) is the interval in seconds between broadcast packets being +sent. The second parameter in each case is the broadcast address to +send the packet to. This should correspond to the broadcast address of +one of the network interfaces on the computer where chronyd is running. + + You can have more than 1 'broadcast' directive if you have more than +1 network interface onto which you wish to send NTP broadcast packets. + + 'chronyd' itself cannot currently act as a broadcast client; it must +always be configured as a point-to-point client by defining specific NTP +servers and peers. This broadcast server feature is intended for +providing a time source to other NTP software (e.g. various MS Windows +clients). + + If ntpd is used as the broadcast client, it will try to use a +point-to-point client/server NTP access to measure the round-trip delay. +Thus, the broadcast subnet should also be the subject of an 'allow' +directive (*note allow directive::). + +4.2.8 clientloglimit +-------------------- + +This directive specifies the maximum size of the memory allocated to log +client accesses. When the limit is reached, only information for +clients that have already been logged will be updated. If 0 is +specified, the memory size will be unlimited. The default is 524288 +bytes. + + An example of the use of this directive is + + clientloglimit 1048576 + +4.2.9 cmdallow +-------------- + +This is similar to the 'allow' directive (*note allow directive::), +except that it allows control access (rather than NTP client access) to +a particular subnet or host. (By 'control access' is meant that chronyc +can be run on those hosts and successfully connect to chronyd on this +computer.) + + The syntax is identical to the 'allow' directive. + + There is also a 'cmdallow all' directive with similar behaviour to +the 'allow all' directive (but applying to control access in this case, +of course). + +4.2.10 cmddeny +-------------- + +This is similar to the 'cmdallow' directive (*note cmdallow +directive::), except that it denies control access to a particular +subnet or host, rather than allowing it. + + The syntax is identical. + + There is also a 'cmddeny all' directive with similar behaviour to the +'cmdallow all' directive. + +4.2.11 cmdport +-------------- + +The 'cmdport' directive allows the port that is used for run-time +command and monitoring (via the program 'chronyc') to be altered from +its default (323/udp). If set to 0, 'chronyd' will not open the port, +this is useful to disable the 'chronyc' access completely. + + An example shows the syntax + + cmdport 257 + + This would make 'chronyd' use 257/udp as its command port. +('chronyc' would need to be run with the '-p 257' switch to +inter-operate correctly). + +4.2.12 combinelimit +------------------- + +When 'chronyd' has multiple sources available for synchronization, it +has to select one source as the synchronization source. The measured +offsets and frequencies of the system clock relative to the other +sources, however, can be combined with the selected source to improve +the accuracy of the system clock. + + The 'combinelimit' directive limits which sources are included in the +combining algorithm. Their synchronization distance has to be shorter +than the distance of the selected source multiplied by the value of the +limit. Also, their measured frequencies have to be close to the +frequency of the selected source. + + By default, the limit is 3. Setting the limit to 0 effectively +disables the source combining algorithm and only the selected source +will be used to control the system clock. + + The syntax is + + combinelimit + +4.2.13 commandkey +----------------- + +The commandkey command is used to set the key number used for +authenticating user commands via the chronyc program at run time. This +allows certain actions of the chronyc program to be restricted to +administrators. + + An example of the commandkey command is + + commandkey 20 + + By default, the key number is 0. + + In the key file (see the keyfile command) there should be a line of +the form + + 20 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC + + When running the chronyc program to perform run-time configuration, +the command + + password HEX:B028F91EA5C38D06C2E140B26C7F41EC + + must be entered before any commands affecting the operation of the +daemon can be entered, or chronyc must be started with the '-a' option +to run the password command automatically. + +4.2.14 corrtimeratio +-------------------- + +When 'chronyd' makes a time correction, it controls how quickly the +system clock is slewed (so far only on Linux). This rate affects the +frequency error of the system clock. + + The 'corrtimeratio' directive sets the ratio between the duration in +which the clock is slewed for an average correction according to the +source history and the interval in which the corrections are done +(usually the NTP polling interval). Corrections larger than the average +take less time and smaller corrections take more time, the amount of the +correction and the correction time are inversely proportional. + + Increasing 'corrtimeratio' improves the overall frequency error of +the system clock, but increases the overall time error as the +corrections take longer. + + By default, the ratio is set to 3, the time accuracy of the clock is +preferred over its frequency accuracy. + + The syntax is + + corrtimeratio 100 + + The maximum allowed slew rate can be set by the 'maxslewrate' +directive (*note maxslewrate directive::. The current remaining +correction is shown in the 'tracking' report (*note tracking command::) +as the 'System time' value. + +4.2.15 deny +----------- + +This is similar to the 'allow' directive (*note allow directive::), +except that it denies NTP client access to a particular subnet or host, +rather than allowing it. + + The syntax is identical. + + There is also a 'deny all' directive with similar behaviour to the +'allow all' directive. + +4.2.16 driftfile +---------------- + +One of the main activities of the 'chronyd' program is to work out the +rate at which the system clock gains or loses time relative to real +time. + + Whenever 'chronyd' computes a new value of the gain/loss rate, it is +desirable to record it somewhere. This allows 'chronyd' to begin +compensating the system clock at that rate whenever it is restarted, +even before it has had a chance to obtain an equally good estimate of +the rate during the new run. (This process may take many minutes, at +least). + + The driftfile command allows a file to be specified into which +'chronyd' can store the rate information. Two parameters are recorded +in the file. The first is the rate at which the system clock gains or +loses time, expressed in parts per million, with gains positive. +Therefore, a value of 100.0 indicates that when the system clock has +advanced by a second, it has gained 100 microseconds on reality (so the +true time has only advanced by 999900 microseconds). The second is an +estimate of the error bound around the first value in which the true +rate actually lies. + + An example of the driftfile command is + + driftfile /var/lib/chrony/drift + +4.2.17 dumpdir +-------------- + +To compute the rate of gain or loss of time, 'chronyd' has to store a +measurement history for each of the time sources it uses. + + Certain systems (so far only Linux) have operating system support for +setting the rate of gain or loss to compensate for known errors. (On +other systems, 'chronyd' must simulate such a capability by periodically +slewing the system clock forwards or backwards by a suitable amount to +compensate for the error built up since the previous slew). + + For such systems, it is possible to save the measurement history +across restarts of 'chronyd' (assuming no changes are made to the system +clock behaviour whilst it is not running). If this capability is to be +used (via the dumponexit command in the configuration file, or the dump +command in chronyc), the dumpdir command should be used to define the +directory where the measurement histories are saved. + + An example of the command is + + dumpdir /var/lib/chrony + + A source whose reference id (the IP address for IPv4 sources) is +1.2.3.4 would have its measurement history saved in the file +'/var/lib/chrony/1.2.3.4.dat'. + +4.2.18 dumponexit +----------------- + +If this command is present, it indicates that 'chronyd' should save the +measurement history for each of its time sources recorded whenever the +program exits. (See the dumpdir command above). + +4.2.19 fallbackdrift +-------------------- + +Fallback drifts are long-term averages of the system clock drift +calculated over exponentially increasing intervals. They are used when +the clock is unsynchronised to avoid quickly drifting away from true +time if there was a short-term deviation in drift before the +synchronisation was lost. + + The directive specifies the minimum and maximum interval for how long +the system clock has to be unsynchronised to switch between fallback +drifts. They are defined as a power of 2 (in seconds). The syntax is +as follows + + fallbackdrift 16 19 + + In this example, the minimum interval is 16 (18 hours) and maximum +interval is 19 (6 days). The system clock frequency will be set to the +first fallback 18 hours after the synchronisation was lost, to the +second after 36 hours, etc. This might be a good setting to cover daily +and weekly temperature fluctuations. + + By default (or if the specified maximum or minimum is 0), no +fallbacks will be used and the clock frequency will stay at the last +value calculated before synchronisation was lost. + +4.2.20 generatecommandkey +------------------------- + +With this directive, if the command key is not found on start in the +file specified by the 'keyfile' directive, 'chronyd' will generate a new +command key from the /dev/urandom file and write it to the key file. + + The generated key will use SHA1 if 'chronyd' is compiled with the +support, otherwise MD5 will be used. + +4.2.21 hwclockfile +------------------ + +The 'hwclockfile' directive sets the location of the adjtime file which +is used by the '/sbin/hwclock' program. With this directive, 'chronyd' +will parse the file to find out if the RTC keeps local time or UTC. It +overrides the 'rtconutc' directive (*note rtconutc directive::). + + An example of the command is + + hwclockfile /etc/adjtime + +4.2.22 include +-------------- + +The 'include' directive includes a specified configuration file. This +is useful when maintaining configuration on multiple hosts to keep the +differences in a separate file. + + include /etc/chrony/local.conf + +4.2.23 initstepslew +------------------- + +In normal operation, 'chronyd' slews the time when it needs to adjust +the system clock. For example, to correct a system clock which is 1 +second slow, 'chronyd' slightly increases the amount by which the system +clock is advanced on each clock interrupt, until the error is removed. +(Actually, this is done by calling the 'adjtime()' or similar system +function which does it for us.) Note that at no time does time run +backwards with this method. + + On most Unix systems it is not desirable to step the system clock, +because many programs rely on time advancing monotonically forwards. + + When the 'chronyd' daemon is initially started, it is possible that +the system clock is considerably in error. Attempting to correct such +an error by slewing may not be sensible, since it may take several hours +to correct the error by this means. + + The purpose of the 'initstepslew' directive is to allow 'chronyd' to +make a rapid measurement of the system clock error at boot time, and to +correct the system clock by stepping before normal operation begins. +Since this would normally be performed only at an appropriate point in +the system boot sequence, no other software should be adversely affected +by the step. + + If the correction required is less than a specified threshold, a slew +is used instead. This makes it easier to restart 'chronyd' whilst the +system is in normal operation. + + The 'initstepslew' directive takes a threshold and a list of NTP +servers as arguments. A maximum of 8 will be used. Each of the servers +is rapidly polled several times, and a majority voting mechanism used to +find the most likely range of system clock error that is present. A +step (or slew) is applied to the system clock to correct this error. +'chronyd' then enters its normal operating mode. + + An example of use of the command is + + initstepslew 30 foo.bar.com baz.quz.com + + where 2 NTP servers are used to make the measurement. The '30' +indicates that if the system's error is found to be 30 seconds or less, +a slew will be used to correct it; if the error is above 30 seconds, a +step will be used. + + The 'initstepslew' directive can also be used in an isolated LAN +environment, where the clocks are set manually. The most stable +computer is chosen as the master, and the other computers are slaved to +it. If each of the slaves is configured with the local option (see +below), the master can be set up with an 'initstepslew' directive which +references some or all of the slaves. Then, if the master machine has +to be rebooted, the slaves can be relied on to 'flywheel' the time for +the master. + + The 'initstepslew' directive is functionally similar to a combination +of the 'makestep' and 'server' directives with the 'iburst' option. The +main difference is that the 'initstepslew' servers are used only before +normal operation begins and that the foreground 'chronyd' process waits +for 'initstepslew' to finish before exiting. This is useful to prevent +programs started in the boot sequence after 'chronyd' from reading the +clock before it's stepped. + +4.2.24 keyfile +-------------- + +This command is used to specify the location of the file containing +ID/key pairs for the following 2 uses: + + * Authentication of NTP packets. + * Authentication of administrator commands entered via chronyc. + + The format of the command is shown in the example below + + keyfile /etc/chrony.keys + + The argument is simply the name of the file containing the ID/key +pairs. The format of the file is shown below + + 10 tulip + 11 hyacinth + 20 MD5 ASCII:crocus + 25 SHA1 HEX:1dc764e0791b11fa67efc7ecbc4b0d73f68a070c + ... + + Each line consists of an ID, a name of authentication hash function +(optional) and a password. The ID can be any unsigned integer in the +range 0 through 2**32-1, but ID of 0 can be used only for the command +key and not for the NTP authentication. The hash function is MD5 by +default, depending on how was 'chronyd' compiled other allowed hash +functions may be SHA1, SHA256, SHA384, SHA512, RMD128, RMD160, RMD256, +RMD320, TIGER and WHIRLPOOL. The password can be encoded as a string of +characters not containing a space with optional 'ASCII:' prefix or as a +hexadecimal number with 'HEX:' prefix. + + The password is used with the hash function to generate and verify a +message authentication code (MAC) in NTP and command packets. For +maximum security, it's recommended to use SHA1 or stronger hash +function. The passwords should be random and they should be as long as +the output size of the configured hash function, e.g. 160 bits with +SHA1. + + The ID for the chronyc authentication key is specified with the +commandkey command (see earlier). The command key can be generated +automatically on start with the 'generatecommandkey' directive. + +4.2.25 leapsectz +---------------- + +This directive is used to set the name of the timezone in the system tz +database which 'chronyd' can use to find out when will the next leap +second occur. It will periodically check if the times 23:59:59 and +23:59:60 are valid on Jun 30 and Dec 31 in the timezone. A useful +timezone is 'right/UTC'. This is mainly useful with reference clocks +which don't provide the leap second information. It is not necessary to +restart 'chronyd' if the tz database is updated with a new leap second +at least 12 hours before the event. + + An example of the command is + + leapsectz right/UTC + + The following shell command verifies that the timezone contains leap +seconds and can be used with this directive + + $ TZ=right/UTC date -d 'Dec 31 2008 23:59:60' + Wed Dec 31 23:59:60 UTC 2008 + +4.2.26 local +------------ + +The local keyword is used to allow 'chronyd' to appear synchronised to +real time (from the viewpoint of clients polling it), even if it has no +current synchronisation source. + + This option is normally used on computers in an isolated network, +where several computers are required to synchronise to one other, this +being the "master" which is kept vaguely in line with real time by +manual input. + + An example of the command is + + local stratum 10 + + The value 10 may be substituted with other values in the range 1 +through 15. Stratum 1 indicates a computer that has a true real-time +reference directly connected to it (e.g. GPS, atomic clock etc) – +such computers are expected to be very close to real time. Stratum 2 +computers are those which have a stratum 1 server; stratum 3 computers +have a stratum 2 server and so on. + + A large value of 10 indicates that the clock is so many hops away +from a reference clock that its time is fairly unreliable. Put another +way, if the computer ever has access to another computer which is +ultimately synchronised to a reference clock, it will almost certainly +be at a stratum less than 10. Therefore, the choice of a high value +like 10 for the local command prevents the machine's own time from ever +being confused with real time, were it ever to leak out to clients that +have visibility of real servers. + +4.2.27 lock_all +--------------- + +The 'lock_all' directive will lock chronyd into RAM so that it will +never be paged out. This mode is only supported on Linux. This +directive uses the Linux mlockall() system call to prevent 'chronyd' +from ever being swapped out. This should result in lower and more +consistent latency. It should not have significant impact on +performance as 'chronyd's' memory usage is modest. The mlockall man +page has more details. + +4.2.28 log +---------- + +The log command indicates that certain information is to be logged. + +'measurements' + This option logs the raw NTP measurements and related information + to a file called measurements.log. + +'statistics' + This option logs information about the regression processing to a + file called statistics.log. + +'tracking' + This option logs changes to the estimate of the system's gain or + loss rate, and any slews made, to a file called tracking.log. + +'rtc' + This option logs information about the system's real-time clock. + +'refclocks' + This option logs the raw and filtered reference clock measurements + to a file called refclocks.log. +'tempcomp' + This option logs the temperature measurements and system rate + compensations to a file called tempcomp.log. + + The files are written to the directory specified by the logdir +command. + + An example of the command is + + log measurements statistics tracking + +4.2.28.1 Measurements log file format +..................................... + +An example line (which actually appears as a single line in the file) +from the measurements log file is shown below. + + 2010-12-22 05:40:50 158.152.1.76 N 8 1111 111 1111 10 10 1.0 \ + -4.966e-03 2.296e-01 1.577e-05 1.615e-01 7.446e-03 + + The columns are as follows (the quantities in square brackets are the +values from the example line above) : + + 1. Date [2010-12-22] + 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is + expressed in UTC, not the local time zone. + 3. IP address of server/peer from which measurement comes + [158.152.1.76] + 4. Leap status ('N' means normal, '+' means that the last minute of + the current month has 61 seconds, '-' means that the last minute of + the month has 59 seconds, '?' means the remote computer is not + currently synchronised.) [N] + 5. Stratum of remote computer. [2] + 6. RFC1305 tests 1 through 4 (1=pass, 0=fail) [1111] + 7. Tests for maximum delay, maximum delay ratio and maximum delay dev + ratio, against defined parameters (1=pass, 0=fail) [111] + 8. RFC1305 tests 5 through 8 (1=pass, 0=fail) [1111] + 9. Local poll [10] + 10. Remote poll [10] + 11. 'Score' (an internal score within each polling level used to + decide when to increase or decrease the polling level. This is + adjusted based on number of measurements currently being used for + the regression algorithm). [1.0] + 12. The estimated local clock error ('theta' in RFC1305). Positive + indicates that the local clock is slow. [-4.966e-03]. + 13. The peer delay ('delta' in RFC1305). [2.296e-01] + 14. The peer dispersion ('epsilon' in RFC1305). [1.577e-05] + 15. The root delay ('Delta' in RFC1305). [1.615e-01] + 16. The root dispersion ('E' in RFC1305). [7.446e-03] + + A banner is periodically written to the log file to indicate the +meanings of the columns. + +4.2.28.2 Statistics log file format +................................... + +An example line (which actually appears as a single line in the file) +from the statistics log file is shown below. + + 1998-07-22 05:40:50 158.152.1.76 6.261e-03 -3.247e-03 \ + 2.220e-03 1.874e-06 1.080e-06 7.8e-02 16 0 8 + + The columns are as follows (the quantities in square brackets are the +values from the example line above) : + + 1. Date [1998-07-22] + 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is + expressed in UTC, not the local time zone. + 3. IP address of server/peer from which measurement comes + [158.152.1.76] + 4. The estimated standard deviation of the measurements from the + source (in seconds). [6.261e-03] + 5. The estimated offset of the source (in seconds, positive means the + local clock is estimated to be fast, in this case). [-3.247e-03] + 6. The estimated standard deviation of the offset estimate (in + seconds). [2.220e-03] + 7. The estimated rate at which the local clock is gaining or losing + time relative to the source (in seconds per second, positive means + the local clock is gaining). This is relative to the compensation + currently being applied to the local clock, _not_ to the local + clock without any compensation. [1.874e-06] + 8. The estimated error in the rate value (in seconds per second). + [1.080e-06]. + 9. The ration of |old_rate - new_rate| / old_rate_error. Large values + indicate the statistics are not modelling the source very well. + [7.8e-02] + 10. The number of measurements currently being used for the regression + algorithm. [16] + 11. The new starting index (the oldest sample has index 0; this is the + method used to prune old samples when it no longer looks like the + measurements fit a linear model). [0, i.e. no samples discarded + this time] + 12. The number of runs. The number of runs of regression residuals + with the same sign is computed. If this is too small it indicates + that the measurements are no longer represented well by a linear + model and that some older samples need to be discarded. The number + of runs for the data that is being retained is tabulated. Values + of approximately half the number of samples are expected. [8] + + A banner is periodically written to the log file to indicate the +meanings of the columns. + +4.2.28.3 Tracking log file format +................................. + +An example line (which actually appears as a single line in the file) +from the tracking log file is shown below. + + 2012-02-23 05:40:50 158.152.1.76 3 340.529 1.606 1.046e-03 N \ + 4 6.849e-03 -4.670e-04 + + The columns are as follows (the quantities in square brackets are the +values from the example line above) : + + 1. Date [2012-02-03] + 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is + expressed in UTC, not the local time zone. + 3. The IP address of the server/peer to which the local system is + synchronised. [158.152.1.76] + 4. The stratum of the local system. [3] + 5. The local system frequency (in ppm, positive means the local system + runs fast of UTC). [340.529] + 6. The error bounds on the frequency (in ppm) [1.606] + 7. The estimated local offset at the epoch (which is rapidly corrected + by slewing the local clock. (In seconds, positive indicates the + local system is fast of UTC). [1.046e-3] + 8. Leap status ('N' means normal, '+' means that the last minute of + this month has 61 seconds, '-' means that the last minute of the + month has 59 seconds, '?' means the clock is not currently + synchronised.) [N] + 9. The number of combined sources. [4] + 10. The estimated standard deviation of the combined offset (in + seconds). [6.849e-03] + 11. The remaining offset correction from the previous update (in + seconds, positive means the system clock is slow of UTC). + [-4.670e-04] + + A banner is periodically written to the log file to indicate the +meanings of the columns. + +4.2.28.4 Real-time clock log file format +........................................ + +An example line (which actually appears as a single line in the file) +from the measurements log file is shown below. + + 1998-07-22 05:40:50 -0.037360 1 -0.037434\ + -37.948 12 5 120 + + The columns are as follows (the quantities in square brackets are the +values from the example line above) : + + 1. Date [1998-07-22] + 2. Hour:Minute:Second [05:40:50]. Note that the date/time pair is + expressed in UTC, not the local time zone. + 3. The measured offset between the system's real time clock and the + system ('gettimeofday()') time. In seconds, positive indicates + that the RTC is fast of the system time. [-0.037360]. + 4. Flag indicating whether the regression has produced valid + coefficients. (1 for yes, 0 for no). [1] + 5. Offset at the current time predicted by the regression process. A + large difference between this value and the measured offset tends + to indicate that the measurement is an outlier with a serious + measurement error. [-0.037434]. + 6. The rate at which the RTC is losing or gaining time relative to the + system clock. In ppm, with positive indicating that the RTC is + gaining time. [-37.948] + 7. The number of measurements used in the regression. [12] + 8. The number of runs of regression residuals of the same sign. Low + values indicate that a straight line is no longer a good model of + the measured data and that older measurements should be discarded. + [5] + 9. The measurement interval used prior to the measurement being made + (in seconds). [120] + + A banner is periodically written to the log file to indicate the +meanings of the columns. + +4.2.28.5 Refclocks log file format +.................................. + +An example line (which actually appears as a single line in the file) +from the refclocks log file is shown below. + + 2009-11-30 14:33:27.000000 PPS2 7 N 1 4.900000e-07 -6.741777e-07 1.000e-06 + + The columns are as follows (the quantities in square brackets are the +values from the example line above) : + + 1. Date [2009-11-30] + 2. Hour:Minute:Second.Microsecond [14:33:27.000000]. Note that the + date/time pair is expressed in UTC, not the local time zone. + 3. Reference ID of refclock from which measurement comes. [PPS2] + 4. Sequence number of driver poll within one polling interval for raw + samples, or '-' for filtered samples. [7] + 5. Leap status ('N' means normal, '+' means that the last minute of + the current month has 61 seconds, '-' means that the last minute of + the month has 59 seconds). [N] + 6. Flag indicating whether the sample comes from PPS source. (1 for + yes, 0 for no, or '-' for filtered sample). [1] + 7. Local clock error measured by refclock driver, or '-' for filtered + sample. [4.900000e-07] + 8. Local clock error with applied corrections. Positive indicates + that the local clock is slow. [-6.741777e-07] + 9. Assumed dispersion of the sample. [1.000e-06] + + A banner is periodically written to the log file to indicate the +meanings of the columns. + +4.2.28.6 Tempcomp log file format +................................. + +An example line (which actually appears as a single line in the file) +from the tempcomp log file is shown below. + + 2010-04-19 10:39:48 2.8000e+04 3.6600e-01 + + The columns are as follows (the quantities in square brackets are the +values from the example line above) : + + 1. Date [2010-04-19] + 2. Hour:Minute:Second [10:39:48]. Note that the date/time pair is + expressed in UTC, not the local time zone. + 3. Temperature read from tempcomp file. [2.8000e+04] + 4. Applied compensation in ppm, positive means the system clock is + running faster than it would be without the compensation. + [3.6600e-01] + + A banner is periodically written to the log file to indicate the +meanings of the columns. + +4.2.29 logbanner +---------------- + +A banner is periodically written to the log files enabled by the 'log' +directive to indicate the meanings of the columns. + + The 'logbanner' directive specifies after how many entries in the log +file should be the banner written. The default is 32, and 0 can be used +to disable it entirely. + +4.2.30 logchange +---------------- + +This directive forces 'chronyd' to send a message to syslog if it makes +a system clock adjustment larger than a threshold value. An example of +use is + + logchange 0.5 + + which would cause a syslog message to be generated a system clock +error of over 0.5 seconds starts to be compensated. + + Clock errors detected either via NTP packets or via timestamps +entered via the 'settime' command of 'chronyc' are logged. + + This directive assumes that syslog messages are appearing where +somebody can see them. This allows that person to see if a large error +has arisen, e.g. because of a fault, or because of faulty timezone +handling, for example when summer time (daylight saving) starts or ends. + +4.2.31 logdir +------------- + +This directive allows the directory where log files are written to be +specified. + + An example of the use of this directive is + + logdir /var/log/chrony + +4.2.32 mailonchange +------------------- + +This directive defines an email address to which mail should be sent if +chronyd applies a correction exceeding a particular threshold to the +system clock. + + An example of use of this directive is + + mailonchange root@localhost 0.5 + + This would send a mail message to root if a change of more than 0.5 +seconds were applied to the system clock. + +4.2.33 makestep +--------------- + +Normally chronyd will cause the system to gradually correct any time +offset, by slowing down or speeding up the clock as required. In +certain situations, the system clock may be so far adrift that this +slewing process would take a very long time to correct the system clock. + + This directive forces 'chronyd' to step system clock if the +adjustment is larger than a threshold value, but only if there were no +more clock updates since 'chronyd' was started than a specified limit (a +negative value can be used to disable the limit). + + This is particularly useful when using reference clocks, because the +'initstepslew' directive (*note initstepslew directive::) works only +with NTP sources. + + An example of the use of this directive is + + makestep 1000 10 + + This would step system clock if the adjustment is larger than 1000 +seconds, but only in the first ten clock updates. + +4.2.34 manual +------------- + +The 'manual' directive enables support at run-time for the 'settime' +command in chronyc (*note settime command::). If no 'manual' directive +is included, any attempt to use the 'settime' command in chronyc will be +met with an error message. + + Note that the 'settime' command can be enabled at run-time using the +'manual' command in chronyc (*note manual command::). (The idea of the +two commands is that the 'manual' command controls the manual clock +driver's behaviour, whereas the 'settime' command allows samples of +manually entered time to be provided). + +4.2.35 maxchange +---------------- + +This directive sets the maximum allowed offset corrected on a clock +update. The check is performed only after the specified number of +updates to allow a large initial adjustment of the system clock. When +an offset larger than the specified maximum occurs, it will be ignored +for the specified number of times and then 'chronyd' will give up and +exit (a negative value can be used to never exit). In both cases a +message is sent to syslog. + + An example of the use of this directive is + + maxchange 1000 1 2 + + After the first clock update, 'chronyd' will check the offset on +every clock update, it will ignore two adjustments larger than 1000 +seconds and exit on another one. + +4.2.36 maxclockerror +-------------------- + +The 'maxclockerror' directive sets the maximum assumed frequency error +of the local clock. This is a frequency stability of the clock, not an +absolute frequency error. + + By default, the maximum assumed error is set to 1 ppm. + + The syntax is + + maxclockerror + + Typical values for might be 10 for a low quality clock +to 0.1 for a high quality clock using a temperature compensated crystal +oscillator. + +4.2.37 maxsamples +----------------- + +The 'maxsamples' directive sets the maximum number of samples 'chronyd' +should keep for each source. The default is 0, which disables the +configurable limit, and the useful range is 4 to 64. + + The syntax is + + maxsamples + +4.2.38 maxslewrate +------------------ + +The 'maxslewrate' directive sets the maximum rate at which 'chronyd' is +allowed to slew the time. It limits the slew rate controlled by the +correction time ratio (*note corrtimeratio directive::) and is effective +only on systems where 'chronyd' is able to control the rate (so far only +Linux). + + By default, the maximum slew rate is 83333.333 ppm (one twelfth). + + The syntax is + + maxslewrate + +4.2.39 maxupdateskew +-------------------- + +One of 'chronyd's' tasks is to work out how fast or slow the computer's +clock runs relative to its reference sources. In addition, it computes +an estimate of the error bounds around the estimated value. + + If the range of error is too large, it probably indicates that the +measurements have not settled down yet, and that the estimated gain or +loss rate is not very reliable. + + The 'maxupdateskew' parameter allows the threshold for determining +whether an estimate may be so unreliable that it should not be used. By +default, the threshold is 1000 ppm. + + The syntax is + + maxupdateskew + + Typical values for might be 100 for a dial-up +connection to servers over a phone line, and 5 or 10 for a computer on a +LAN. + + It should be noted that this is not the only means of protection +against using unreliable estimates. At all times, 'chronyd' keeps track +of both the estimated gain or loss rate, and the error bound on the +estimate. When a new estimate is generated following another +measurement from one of the sources, a weighted combination algorithm is +used to update the master estimate. So if 'chronyd' has an existing +highly-reliable master estimate and a new estimate is generated which +has large error bounds, the existing master estimate will dominate in +the new master estimate. + +4.2.40 minsamples +----------------- + +The 'minsamples' directive sets the minimum number of samples 'chronyd' +should try to keep for each source. The default is 0 and the useful +range is 4 to 64. + + The syntax is + + minsamples + +4.2.41 noclientlog +------------------ + +This directive, which takes no arguments, specifies that client accesses +are not to be logged. Normally they are logged, allowing statistics to +be reported using the 'clients' command in 'chronyc'. + +4.2.42 peer +----------- + +The syntax of this directive is identical to that for the 'server' +directive (*note server directive::), except that it is used to specify +an NTP peer rather than an NTP server. + +4.2.43 pidfile +-------------- + +chronyd always writes its process ID (pid) to a file, and checks this +file on startup to see if another chronyd may already be running on the +system. By default, the file used is '/var/run/chronyd.pid'. The +'pidfile' directive allows the name to be changed, e.g. + + pidfile /var/tmp/chronyd.pid + +4.2.44 port +----------- + +This option allows you to configure the port on which 'chronyd' will +listen for NTP requests. + + The compiled in default is udp/123, the standard NTP port. If set to +0, 'chronyd' will not open the server socket and will operate strictly +in a client-only mode. The source port used in NTP client requests can +be set by the 'acquisitionport' directive. + + An example of the port command is + + port 11123 + + This would change the NTP port served by 'chronyd' on the computer to +udp/11123. + +4.2.45 refclock +--------------- + +Reference clocks allows very accurate synchronisation and 'chronyd' can +function as a stratum 1 server. They are specified by the 'refclock' +directive. It has two mandatory parameters, a refclock driver name and +a driver specific parameter. + + There are currently four drivers included: + +'PPS' + PPSAPI (pulse per second) driver. The parameter is the path to a + PPS device. Assert events are used by default. Driver option + ':clear' can be appended to the path if clear events should be used + instead. + + As PPS refclock gets only sub-second time information, it needs + another source (NTP or non-PPS refclock) or local directive (*note + local directive::) enabled to work. For example: + + refclock PPS /dev/pps0 lock NMEA + refclock SHM 0 offset 0.5 delay 0.2 refid NMEA noselect + +'SHM' + NTP shared memory driver. This driver uses a shared memory segment + to receive data from another daemon which communicates with an + actual reference clock. The parameter is the number of a shared + memory segment, usually 0, 1, 2 or 3. For example: + + refclock SHM 1 poll 3 refid GPS1 + + A driver option in form ':perm=NNN' can be appended to the segment + number to create the segment with permissions other than the + default '0600'. + + Some examples of applications that can be used as SHM sources are + 'gpsd' (http://catb.org/gpsd/), 'shmpps' and 'radioclk' + (http://www.buzzard.me.uk/jonathan/radioclock.html). +'SOCK' + Unix domain socket driver. It is similar to the SHM driver, but + uses a different format and uses a socket instead of shared memory. + It does not require polling and it supports transmitting of PPS + data. The parameter is a path to the socket which will be created + by 'chronyd' and used to receive the messages. The format of + messages sent over the socket is described in the 'refclock_sock.c' + file. + + Recent versions of the 'gpsd' daemon include support for the SOCK + protocol. The path where the socket should be created is described + in the 'gpsd(8)' man page. For example: + + refclock SOCK /var/run/chrony.ttyS0.sock + +'PHC' + PTP hardware clock (PHC) driver. The parameter is the path to the + device of the PTP clock, which can be synchronised by a PTP daemon + (e.g. 'ptp4l' from the Linux PTP project + (http://linuxptp.sourceforge.net/). The PTP clocks are typically + kept in TAI instead of UTC. The 'offset' option can be used to + compensate for the current UTC/TAI offset. For example: + + refclock PHC /dev/ptp0 poll 3 dpoll -2 offset -35 + + The 'refclock' command also supports a number of subfields (which may +be defined in any order): + +'poll' + Timestamps produced by refclock drivers are not used immediately, + but they are stored and processed by a median filter in the polling + interval specified by this option. This is defined as a power of 2 + and may be negative to specify a sub-second interval. The default + is 4 (16 seconds). A shorter interval allows 'chronyd' to react + faster to changes in clock frequency, but it may decrease the + accuracy if the source is too noisy. +'dpoll' + Some drivers don't listen for external events and try to produce + samples in their own polling interval. This is defined as a power + of 2 and may be negative to specify a sub-second interval. The + default is 0 (1 second). +'refid' + This option is used to specify a reference id of the refclock, as + up to four ASCII characters. By default, first three characters + from driver name and the number of the refclock are used as refid. + Each refclock must have an unique refid. +'filter' + This option sets the length of the median filter which is used to + reduce noise. With each poll about 40 percent of the stored + samples is discarded and one final sample is calculated as average + of the remaining samples. If the length is 4 or above, at least 4 + samples have to be collected between polls. For lengths below 4, + the filter has to be full. The default is 64. +'rate' + PPS signal frequency (in Hz). This option only controls how the + received pulses are aligned. To actually receive more than one + pulse per second, a negative 'dpoll' has to be specified (-3 for + 5Hz signal). The default is 1. +'lock' + This option can be used to lock a PPS refclock to another refclock + whose reference id is specified by this option. In this mode + received pulses are aligned directly to unfiltered samples from the + refclock. By default, pulses are aligned to local clock, but only + when it is well synchronised. +'offset' + This option can be used to compensate a constant error. The + specified offset (in seconds) is applied to all samples produced by + the refclock. The default is 0.0. +'delay' + This option sets the NTP delay of the source (in seconds). Half of + this value is included in the maximum assumed error which is used + in the source selection algorithm. Increasing the delay is useful + to avoid having no majority in the algorithm or to make it prefer + other sources. The default is 1e-9 (1 nanosecond). +'precision' + Refclock precision (in seconds). The default is 1e-6 (1 + microsecond) for SHM refclock, and 1e-9 (1 nanosecond) for SOCK, + PPS and PHC refclocks. +'maxdispersion' + Maximum allowed dispersion for filtered samples (in seconds). + Samples with larger estimated dispersion are ignored. By default, + this limit is disabled. +'prefer' + Prefer this source over sources without prefer option. +'noselect' + Never select this source. This is useful for monitoring or with + sources which are not very accurate, but are locked with a PPS + refclock. + +4.2.46 reselectdist +------------------- + +When 'chronyd' selects synchronisation source from available sources, it +will prefer the one with minimum synchronisation distance. However, to +avoid frequent reselecting when there are sources with similar distance, +a fixed distance is added to the distance for sources that are currently +not selected. This can be set with the 'reselectdist' option. By +default, the distance is 100 microseconds. + + The syntax is + + reselectdist + +4.2.47 rtcautotrim +------------------ + +The 'rtcautotrim' directive is used to keep the real time clock (RTC) +close to the system clock automatically. When the system clock is +synchronized and the estimated error between the two clocks is larger +than the specified threshold, 'chronyd' will trim the RTC as if the +'trimrtc' (*note trimrtc command::) command was issued. + + This directive is effective only with the 'rtcfile' directive. + + An example of the use of this directive is + + rtcautotrim 30 + + This would set the threshold error to 30 seconds. + +4.2.48 rtcdevice +---------------- + +The 'rtcdevice' directive defines the name of the device file for +accessing the real time clock. By default this is '/dev/rtc', unless +the directive is used to set a different value. This applies to Linux +systems with devfs. An example of use is + + rtcdevice /dev/misc/rtc + +4.2.49 rtcfile +-------------- + +The 'rtcfile' directive defines the name of the file in which 'chronyd' +can save parameters associated with tracking the accuracy of the +system's real-time clock (RTC). + + The syntax is illustrated in the following example + + rtcfile /var/lib/chrony/rtc + + 'chronyd' saves information in this file when it exits and when the +'writertc' command is issued in 'chronyc'. The information saved is the +RTC's error at some epoch, that epoch (in seconds since January 1 1970), +and the rate at which the RTC gains or loses time. + + So far, the support for real-time clocks is limited - their code is +even more system-specific than the rest of the software. You can only +use the real time clock facilities (the 'rtcfile' directive and the '-s' +command line option to 'chronyd') if the following three conditions +apply: + + 1. You are running Linux version 2.2.x or later. + + 2. You have compiled the kernel with extended real-time clock support + (i.e. the '/dev/rtc' device is capable of doing useful things). + + 3. You don't have other applications that need to make use of + '/dev/rtc' at all. + +4.2.50 rtconutc +--------------- + +'chronyd' assumes by default that the real time clock (RTC) keeps local +time (including any daylight saving changes). This is convenient on PCs +running Linux which are dual-booted with DOS or Windows. + + NOTE : IF YOU KEEP THE REAL TIME CLOCK ON LOCAL TIME AND YOUR +COMPUTER IS OFF WHEN DAYLIGHT SAVING (SUMMER TIME) STARTS OR ENDS, THE +COMPUTER'S SYSTEM TIME WILL BE ONE HOUR IN ERROR WHEN YOU NEXT BOOT AND +START CHRONYD. + + An alternative is for the RTC to keep Universal Coordinated Time +(UTC). This does not suffer from the 1 hour problem when daylight saving +starts or ends. + + If the 'rtconutc' directive appears, it means the RTC is required to +keep UTC. The directive takes no arguments. It is equivalent to +specifying the '-u' switch to the Linux '/sbin/hwclock' program. + + Note that this setting is overriden when the 'hwclockfile' directive +(*note hwclockfile directive::) is used. + +4.2.51 rtcsync +-------------- + +The 'rtcsync' directive will enable a kernel mode where the system time +is copied to the real time clock (RTC) every 11 minutes. + + This directive is supported only on Linux and cannot be used when the +normal RTC tracking is enabled, i.e. when the 'rtcfile' directive is +used. + +4.2.52 sched_priority +--------------------- + +The 'sched_priority' directive will select the SCHED_FIFO real-time +scheduler at the specified priority (which must be between 0 and 100). +This mode is supported only on Linux. + + This directive uses the Linux sched_setscheduler() system call to +instruct the kernel to use the SCHED_FIFO first-in, first-out real-time +scheduling policy for 'chronyd' with the specified priority. This means +that whenever 'chronyd' is ready to run it will run, interrupting +whatever else is running unless it is a higher priority real-time +process. This should not impact performance as 'chronyd's' resource +requirements are modest, but it should result in lower and more +consistent latency since 'chronyd' will not need to wait for the +scheduler to get around to running it. You should not use this unless +you really need it. The sched_setscheduler man page has more details. + +4.2.53 server +------------- + +The 'server' directive allows NTP servers to be specified. The +client/server relationship is strictly hierarchical : a client may +synchronise its system time to that of the server, but the server's +system time will never be influenced by that of a client. + + The 'server' directive is immediately followed by either the name of +the server, or its IP address. The server command also supports a +number of subfields (which may be defined in any order): + +'port' + This option allows the UDP port on which the server understands NTP + requests to be specified. For normal servers this option should + not be required (the default is 123, the standard NTP port). +'minpoll' + Although 'chronyd' will trim the rate at which it samples the + server during normal operation, the user may wish to constrain the + minimum polling interval. This is always defined as a power of 2, + so + + By default, it is 1 second. This usually means that sources with +lower stratum will be preferred to sources with higher stratum even when +their distance is significantly worse. Setting 'stratumweight' to 0 +makes 'chronyd' ignore stratum when selecting the source. + +4.2.55 tempcomp +--------------- + +Normally, changes in rate of drift of the system clock are caused mainly +by changes in temperature of the crystal oscillator on the mainboard. + + If there are available temperature measurements from a sensor close +to the oscillator, 'tempcomp' directive can be used to compensate for +the changes in rate and possibly improve clock accuracy. + + Whether it will really help depends on many factors, including +resolution of the sensor, noise in measurements, time source polling +interval, compensation update interval, how good are the temperature +coefficients, and how close is the sensor to the oscillator. The +frequency reported in tracking.log should be more stable and the offsets +should be smaller. + + The directive has six parameters: path to the file which contains +current temperature in text format, update interval (in seconds), and +temperature coefficients T0, k0, k1, k2. + + The frequency compensation is calculated (in ppm) as + + 'k0 + (T - T0) * k1 + (T - T0)^2 * k2' + + The result has to be between -10 ppm and 10 ppm, otherwise the +measurement is considered to be faulty and will be ignored. The k0 +coefficient can be used to get the results in that range. + + Valid measurements and calculated corrections are logged to +tempcomp.log file if enabled with 'log tempcomp' directive. + + An example of use is + + tempcomp /sys/class/hwmon/hwmon1/device/temp2_input 30 26000 0.0 0.000183 0.0 + + The measured temperature will be read from the file in Linux sysfs +filesystem every 30 seconds. When the temperature is 26 degress +(26000), the system clock frequency will not be adjusted. When it is 27 +degrees (27000), the clock will be set to run 0.183ppm faster than it +would be without the compensation, etc. + +4.2.56 user +----------- + +The 'user' directive sets the name of the user to which will 'chronyd' +switch on initialisation to drop root privileges. So far, it works only +on Linux when compiled with capabilities support. Setting the name to +root will disable it. + + The default value is 'root'. + +4.3 Running chronyc +=================== + +Chronyc is the program that can be used to reconfigure options within +the 'chronyd' program whilst it is running. Chronyc can also be used to +generate status reports about the operation of 'chronyd'. + +4.3.1 Basic use +--------------- + +The program chronyc is run by entering + + chronyc + + at the command line. The prompt 'chronyc' is displayed whilst +chronyc is expecting input from the user, when it is being run from a +terminal. If chronyc's input or output are redirected from/to a file, +the prompt is now shown. + + When you are finished entering commands, the commands 'exit' or +'quit' will terminate the program. (Entering will also +terminate the program.) + +4.3.2 Command line options +-------------------------- + +Chronyc supports the following command line options. + +'-v' + Displays the version number of chronyc on the terminal, and exists. +'-h ' + This option allows the user to specify which host running the + 'chronyd' program is to be contacted. This allows for remote + configuration, without having to ssh to the other host first. + + The default is to contact 'chronyd' running on the same host as + that where chronyc is being run. +'-p ' + This option allows the user to specify the UDP port number which + the target 'chronyd' is using for its command & monitoring + connections. This defaults to the compiled-in default; there would + rarely be a need to change this. +'-n' + This option disables resolving IP addresses to hostnames. +'-4' + With this option hostnames will be resolved only to IPv4 addresses. +'-6' + With this option hostnames will be resolved only to IPv6 addresses. +'-m' + With this option multiple commands can be specified on the command + line. Each argument will be interpreted as a whole command. +'-f ' + This option can be used to specify an alternate location of the + 'chronyd' configuration file (default '/etc/chrony.conf'). The + configuration file is needed for the '-a' option. +'-a' + With this option 'chronyc' will try to authenticate automatically + on start. It will read the configuration file, read the command + key from the keyfile and run the authhash and password commands. + +4.3.3 Security with chronyc +--------------------------- + +Many of the commands available through chronyc have a fair amount of +power to reconfigure the run-time behaviour of 'chronyd'. Consequently, +'chronyc' is quite dangerous for the integrity of the target system's +clock performance. Having access to 'chronyd' via chronyc is more or +less equivalent to being able to modify 'chronyd's' configuration file +(typically '/etc/chrony.conf') and to restart 'chronyd'. + + Chronyc also provides a number of monitoring (as opposed to +commanding) commands, which will not affect the behaviour of 'chronyd'. +However, you may still want to restrict access to these commands. + + In view of this, access to some of the capabilities of chronyc will +usually be tightly controlled. There are two mechanisms supported: + + 1. The set of hosts from which 'chronyd' will accept commands can be + restricted. By default, commands will only be accepted from the + same host that 'chronyd' is running on. + 2. Any command that actually reconfigures some aspect of 'chronyd's' + behaviour requires the user of chronyc to know a password. This + password is specified in 'chronyd's' keys file (*note keyfile + directive::) and specified via the commandkey option in its + configuration file (*note commandkey directive::). + + Only the following commands can be used _without_ providing a +password: + + * 'activity' + * 'authhash' + * 'dns' + * 'exit' + * 'help' + * 'password' + * 'quit' + * 'rtcdata' + * 'sources' + * 'sourcestats' + * 'tracking' + * 'waitsync' + + All other commands require a password to have been specified +previously, because they affect 'chronyd's' operation. + +4.3.4 Command reference +----------------------- + +This section describes each of the commands available within the chronyc +program. Chronyc offers the user a simple command-line driven +interface. + +4.3.4.1 accheck +............... + +This command allows you to check whether client NTP access is allowed +from a particular host. + + Examples of use, showing a named host and a numeric IP address, are +as follows: + + accheck a.b.c + accheck 1.2.3.4 + accheck 2001:db8::1 + + This command can be used to examine the effect of a series of +'allow', 'allow all', 'deny' and 'deny all' commands specified either +via chronyc, or in 'chronyd's' configuration file. + +4.3.4.2 activity +................ + +This command reports the number of servers/peers that are online and +offline. If the auto_offline option is used in specifying some of the +servers/peers, the 'activity' command may be useful for detecting when +all of them have entered the offline state after the PPP link has been +disconnected. + + The report shows the number of servers/peers in 5 states: + * 'online' : the server/peer is currently online (i.e. assumed by + chronyd to be reachable) + * 'offline' : the server/peer is currently offline (i.e. assumed by + chronyd to be unreachable, and no measurements from it will be + attempted.) + * 'burst_online' : a burst command has been initiated for the + server/peer and is being performed; after the burst is complete, + the server/peer will be returned to the online state. + * 'burst_offline' : a burst command has been initiated for the + server/peer and is being performed; after the burst is complete, + the server/peer will be returned to the offline state. + * 'unresolved' : the name of the server/peer wasn't resolved to an + address yet; this server is not visible in the 'sources' and + 'sourcestats' reports. + +4.3.4.3 add peer +................ + +The 'add peer' command allows a new NTP peer to be added whilst +'chronyd' is running. + + Following the words 'add peer', the syntax of the following +parameters and options is identical to that for the 'peer' directive in +the configuration file (*note peer directive::). + + An example of using this command is shown below. + + add peer foo.bar.com minpoll 6 maxpoll 10 authkey 25 + +4.3.4.4 add server +.................. + +The 'add server' command allows a new NTP server to be added whilst +'chronyd' is running. + + Following the words 'add server', the syntax of the following +parameters and options is identical to that for the 'server' directive +in the configuration file (*note server directive::). + + An example of using this command is shown below. + + add server foo.bar.com minpoll 6 maxpoll 10 authkey 25 + +4.3.4.5 allow all +................. + +The effect of the allow command is identical to the 'allow all' +directive in the configuration file (*note allow directive::). + +4.3.4.6 allow +............. + +The effect of the allow command is identical to the 'allow' directive in +the configuration file (*note allow directive::). + + The syntax is illustrated in the following examples: + + allow foo.bar.com + allow 1.2 + allow 3.4.5 + allow 6.7.8/22 + allow 6.7.8.9/22 + allow 2001:db8:789a::/48 + allow 0/0 + allow ::/0 + allow + + The effect of each of these examples is the same as that of the +'allow' directive in the configuration file. + +4.3.4.7 authhash +................ + +This command sets the hash function used for authenticating user +commands. For successful authentication the hash function has to be the +same as the one set for the command key in the keys file on the server. +It needs to be set before the 'password' command is used. The default +hash function is MD5. + + An example is + + authhash SHA1 + + The authhash command is run automatically on start if 'chronyc' was +started with the '-a' option. + +4.3.4.8 burst +............. + +The 'burst' command tells 'chronyd' to make a set of measurements to +each of its NTP sources over a short duration (rather than the usual +periodic measurements that it makes). After such a burst, 'chronyd' +will revert to the previous state for each source. This might be either +online, if the source was being periodically measured in the normal way, +or offline, if the source had been indicated as being offline. +(Switching a source between the online and offline states is described +in *note online command::, *note offline command::). + + The syntax of the burst command is as follows + + burst / [/] + burst / [/] + burst / [
] + + The mask and masked-address arguments are optional, in which case +'chronyd' will initiate a burst for all of its currently defined +sources. + + The arguments have the following meaning and format. + +'n-good-measurements' + This defines the number of good measurements that 'chronyd' will + want to obtain from each source. A measurement is good if it + passes certain tests, for example, the round trip time to the + source must be acceptable. (This allows 'chronyd' to reject + measurements that are likely to be bogus.) + +'max-measurements' + This defines the maximum number of measurements that 'chronyd' will + attempt to make, even if the required number of good measurements + has not been obtained. + +'mask' + This is an IP address with which the IP address of each of + 'chronyd''s sources is to be masked. + +'masked-address' + This is an IP address. If the masked IP address of a source + matches this value then the burst command is applied to that + source. + +'masked-bits' + This can be used with 'masked-address' for CIDR notation, which is + a shorter alternative to the form with mask. + +'address' + This is an IP address or a hostname. The burst command is applied + only to that source. + + If no mask or masked address arguments are provided, every source +will be matched. + + An example of the two-argument form of the command is + + burst 2/10 + + This will cause 'chronyd' to attempt to get two good measurements +from each source, stopping after two have been obtained, but in no event +will it try more than ten probes to the source. + + Examples of the four-argument form of the command are + + burst 2/10 255.255.0.0/1.2.0.0 + burst 2/10 2001:db8:789a::/48 + + In the first case, the two out of ten sampling will only be applied +to sources whose IPv4 addresses are of the form '1.2.x.y', where x and y +are arbitrary. In the second case, the sampling will be applied to +sources whose IPv6 addresses have first 48 bits equal to +'2001:db8:789a'. + + Example of the three-argument form of the command is + + burst 2/10 foo.bar.com + +4.3.4.9 clients +............... + +This command shows a list of all clients that have accessed the server, +through either the NTP or command/monitoring ports. There are no +arguments. + + An example of the output is + + Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC + ========================= ====== ====== ====== ====== ====== ==== ==== + localhost 0 0 15 1 0 29y 0 + aardvark.xxx 4 0 0 0 0 49 29y + badger.xxx 4 0 0 0 0 6 29y + + Each row shows the data for a single host. Only hosts that have +passed the host access checks (set with the 'allow', 'deny', 'cmdallow' +and 'cmddeny' commands or configuration file directives) are logged. + + The columns are as follows: + + 1. The hostname of the client + 2. The number of times the client has accessed the server using an NTP + client mode packet. + 3. The number of times the client has accessed the server using an NTP + symmetric active mode packet. + 4. The number of authenticated command packets that have been + processed from the client (i.e. those following a successful + 'password' command). + 5. The number of unauthenticated command packets that have been + processed from the client. + 6. The number of bad command packets received from the client (not all + forms of bad packet are logged). + 7. Time since the last NTP packet was received + 8. Time since the last command packet was received + + The last two entries will be shown as the time since 1970 if no +packet of that type has ever been received. + +4.3.4.10 cmdaccheck +................... + +This command is similar to the 'accheck' command, except that it is used +to check whether command access is permitted from a named host. + + Examples of use are as follows: + + cmdaccheck a.b.c + cmdaccheck 1.2.3.4 + cmdaccheck 2001:db8::1 + +4.3.4.11 cmdallow all +..................... + +This is similar to the 'allow all' command, except that it is used +toallow particular hosts or subnets to use the chronyc program to +interactwith 'chronyd' on the current host. + +4.3.4.12 cmdallow +................. + +This is similar to the 'allow' command, except that it is used to allow +particular hosts or subnets to use the chronyc program to interact with +'chronyd' on the current host. + +4.3.4.13 cmddeny all +.................... + +This is similar to the 'deny all' command, except that it is used to +allow particular hosts or subnets to use the chronyc program to interact +with 'chronyd' on the current host. + +4.3.4.14 cmddeny +................ + +This is similar to the 'deny' command, except that it is used to allow +particular hosts or subnets to use the chronyc program to interact with +'chronyd' on the current host. + +4.3.4.15 cyclelogs +.................. + +The 'cyclelogs' command causes all of 'chronyd's' open log files to be +closed and re-opened. This allows them to be renamed so that they can +be periodically purged. An example of how to do this is shown below. + + % mv /var/log/chrony/measurements.log /var/log/chrony/measurements1.log + % chronyc -a cyclelogs + % ls -l /var/log/chrony + -rw-r--r-- 1 root root 0 Jun 8 18:17 measurements.log + -rw-r--r-- 1 root root 12345 Jun 8 18:17 measurements1.log + % rm -f measurements1.log + +4.3.4.16 delete +............... + +The 'delete' command allows an NTP server or peer to be removed from the +current set of sources. + + The syntax is illustrated in the examples below. + + delete foo.bar.com + delete 1.2.3.4 + delete 2001:db8::1 + + There is one parameter, the name or IP address of the server or peer +to be deleted. + +4.3.4.17 deny all +................. + +The effect of the allow command is identical to the 'deny all' directive +in the configuration file (*note deny directive::). + +4.3.4.18 deny +............. + +The effect of the allow command is identical to the 'deny' directive in +the configuration file (*note deny directive::). + + The syntax is illustrated in the following examples: + + deny foo.bar.com + deny 1.2 + deny 3.4.5 + deny 6.7.8/22 + deny 6.7.8.9/22 + deny 2001:db8:789a::/48 + deny 0/0 + deny ::/0 + deny + +4.3.4.19 dns +............ + +The 'dns' command configures how are hostnames and IP addresses resolved +in 'chronyc'. IP addresses can be resolved to hostnames when printing +results of 'sources', 'sourcestats', 'tracking' and 'clients' commands. +Hostnames are resolved in commands that take an address as argument. + + There are five forms of the command: + +'dns -n' + Disables resolving IP addresses to hostnames. Raw IP addresses + will be displayed. +'dns +n' + Enables resolving IP addresses to hostnames. This is the default + unless 'chronyc' was started with '-n' option. +'dns -4' + Resolves hostnames only to IPv4 addresses. +'dns -6' + Resolves hostnames only to IPv6 addresses. +'dns -46' + Resolves hostnames to both address families. This is the default + unless 'chronyc' was started with '-4' or '-6' option. + +4.3.4.20 dump +............. + +The 'dump' command causes 'chronyd' to write its current history of +measurements for each of its sources to dump files, either for +inspection or to support the '-r' option when 'chronyd' is restarted. + + The 'dump' command is somewhat equivalent to the 'dumponexit' +directive in the chrony configuration file. *Note dumponexit +directive::. + + To use the 'dump', you probably want to configure the name of the +directory into which the dump files will be written. This can only be +done in the configuration file, see *note dumpdir directive::. + +4.3.4.21 exit +............. + +The exit command exits from chronyc and returns the user to the shell +(same as the quit command). + +4.3.4.22 help +............. + +The help command displays a summary of the commands and their arguments. + +4.3.4.23 local +.............. + +The 'local' command allows 'chronyd' to be told that it is to appear as +a reference source, even if it is not itself properly synchronised to an +external source. (This can be used on isolated networks, to allow one +computer to be a master time server with the other computers slaving to +it.) The 'local' command is somewhat equivalent to the 'local' +directive in the configuration file, see *note local directive::. + + The syntax is as shown in the following examples. + + local stratum 10 + local off + + The first example enables the local reference mode on the host, and +sets the stratum at which it should claim to be synchronised. + + The second example disables the local reference mode. + +4.3.4.24 makestep +................. + +Normally chronyd will cause the system to gradually correct any time +offset, by slowing down or speeding up the clock as required. In +certain situations, the system clock may be so far adrift that this +slewing process would take a very long time to correct the system clock. + + The 'makestep' command can be used in this situation. It cancels any +remaining correction that was being slewed, and jumps the system clock +by the equivalent amount, making it correct immediately. + + BE WARNED - certain software will be seriously affected by such jumps +to the system time. (That is the reason why chronyd uses slewing +normally.) + + The 'makestep' directive in the configuration file can be used to +step the clock automatically when the adjustment is larger than a +specified threshold, see *note makestep directive::. + +4.3.4.25 manual +............... + +The manual command enables and disables use of the 'settime' command +(*note settime command::), and is used to modify the behaviour of the +manual clock driver. + + Examples of the command are shown below. + + manual on + manual off + manual delete 1 + manual list + manual reset + + The 'on' form of the command enables use of the 'settime' command. + + The 'off' form of the command disables use of the 'settime' command. + + The 'list' form of the command lists all the samples currently stored +in 'chronyd'. The output is illustrated below. + + 210 n_samples = 1 + # Date Time(UTC) Slewed Original Residual + ==================================================== + 0 27Jan99 22:09:20 0.00 0.97 0.00 + + The columns as as follows : + + 1. The sample index (used for the 'manual delete' command) + 2. The date and time of the sample + 3. The system clock error when the timestamp was entered, adjusted to + allow for changes made to the system clock since. + 4. The system clock error when the timestamp was entered, as it + originally was (without allowing for changes to the system clock + since). + 5. The regression residual at this point, in seconds. This allows + 'outliers' to be easily spotted, so that they can be deleted using + the 'manual delete' command. + + The 'delete' form of the command deletes a single sample. The +parameter is the index of the sample, as shown in the first column of +the output from 'manual list'. Following deletion of the data point, +the current error and drift rate are re-estimated from the remaining +data points and the system clock trimmed if necessary. This option is +intended to allow 'outliers' to be discarded, i.e. samples where the +administrator realises he/she has entered a very poor timestamp. + + The 'reset' form of the command deletes all samples at once. The +system clock is left running as it was before the command was entered. + +4.3.4.26 maxdelay +................. + +This allows the 'maxdelay' option for one of the sources to be modified, +in the same way as specifying the 'maxdelay' option for the 'server' +directive in the configuration file (*note server directive::). + + The following examples illustrate the syntax + + maxdelay foo.bar.com 0.3 + maxdelay 1.2.3.4 0.0015 + maxdelay 2001:db8::1 0.0015 + + The first example sets the maximum network delay allowed for a +measurement to the host 'foo.bar.com' to 0.3 seconds. The second and +third examples set the maximum network delay for a measurement to the +host with IPv4 address '1.2.3.4' and the host with IPv6 address +'2001:db8::1' to 1.5 milliseconds. + + (Any measurement whose network delay exceeds the specified value is +discarded.) + +4.3.4.27 maxdelaydevratio +......................... + +This allows the 'maxdelaydevratio' option for one of the sources to be +modified, in the same way as specifying the 'maxdelaydevratio' option +for the 'server' directive in the configuration file (*note server +directive::). + + The following examples illustrate the syntax + + maxdelaydevratio foo.bar.com 0.1 + maxdelaydevratio 1.2.3.4 1.0 + maxdelaydevratio 2001:db8::1 100.0 + +4.3.4.28 maxdelayratio +...................... + +This allows the 'maxdelayratio' option for one of the sources to be +modified, in the same way as specifying the 'maxdelayratio' option for +the 'server' directive in the configuration file (*note server +directive::). + + The following examples illustrate the syntax + + maxdelayratio foo.bar.com 1.5 + maxdelayratio 1.2.3.4 2.0 + maxdelayratio 2001:db8::1 2.0 + + The first example sets the maximum network delay for a measurement to +the host 'foo.bar.com' to be 1.5 times the minimum delay found amongst +the previous measurements that have been retained. The second and third +examples set the maximum network delay for a measurement to the host +with IPv4 address '1.2.3.4' and the host with IPv6 address '2001:db8::1' +to be double the retained minimum. + + As for 'maxdelay', any measurement whose network delay is too large +will be discarded. + +4.3.4.29 maxpoll +................ + +The 'maxpoll' command is used to modify the minimum polling interval for +one of the current set of sources. It is equivalent to the 'maxpoll' +option in the 'server' directive in the configuration file (*note server +directive::). + + The syntax is as follows + + maxpoll + + where the host can be specified as either a machine name or IP +address. The new minimum poll is specified as a base-2 logarithm of the +number of seconds between polls (e.g. specify 6 for 64 second +sampling). + + An example is + + maxpoll foo.bar.com 10 + + which sets the maximum polling interval for the host 'foo.bar.com' to +1024 seconds. + + Note that the new maximum polling interval only takes effect after +the next measurement has been made. + +4.3.4.30 maxupdateskew +...................... + +This command has the same effect as the 'maxupdateskew' directive in the +configuration file, see *note maxupdateskew directive::. + +4.3.4.31 minpoll +................ + +The 'minpoll' command is used to modify the minimum polling interval for +one of the current set of sources. It is equivalent to the 'minpoll' +option in the 'server' directive in the configuration file (*note server +directive::). + + The syntax is as follows + + minpoll + + where the host can be specified as either a machine name or IP +address. The new minimum poll is specified as a base-2 logarithm of the +number of seconds between polls (e.g. specify 6 for 64 second +sampling). + + An example is + + minpoll foo.bar.com 5 + + which sets the minimum polling interval for the host 'foo.bar.com' to +32 seconds. + + Note that the new minimum polling interval only takes effect after +the next measurement has been made. + +4.3.4.32 minstratum +................... + +The 'minstratum' command is used to modify the minimum stratum for one +of the current set of sources. It is equivalent to the 'minstratum' +option in the 'server' directive in the configuration file (*note server +directive::). + + The syntax is as follows + + minstratum + + where the host can be specified as either a machine name or IP +address. + + An example is + + minpoll foo.bar.com 5 + + which sets the minimum stratum for the host 'foo.bar.com' to 5. + + Note that the new minimum stratum only takes effect after the next +measurement has been made. + +4.3.4.33 offline +................ + +The 'offline' command is used to warn 'chronyd' that the network +connection to a particular host or hosts is about to be lost. It should +be used on computers with a dial-up or similar connection to their time +sources, to warn 'chronyd' that the connection is about to be broken. + + An example of how to use 'offline' in this case is shown in *note +Advising chronyd of internet availability::. + + Another case where 'offline' could be used is where a computer serves +time to a local group of computers, and has a permanant connection to +true time servers outside the organisation. However, the external +connection is heavily loaded at certain times of the day and the +measurements obtained are less reliable at those times. In this case, +it is probably most useful to determine the gain/loss rate during the +quiet periods and let the whole network coast through the loaded +periods. The 'offline' and 'online' commands can be used to achieve +this. The situation is shown in the figure below. + + +----------+ + |Ext source| + +----------+ + | + | + |/| <-- Link with variable + | reliability + | + +-------------------+ + |Local master server| + +-------------------+ + | + +---+---+-----+-----+----+----+ + | | | | | | | + Local clients + + If the source to which 'chronyd' is currently synchronised is +indicated offline in this way, 'chronyd' will continue to treat it as +the synchronisation source. If the network connection were broken +without the 'offline' command being used, 'chronyd' would assume that +the source had failed and would attempt to pick another synchronisation +source. + + There are four forms of the 'offline' command. The first form is a +wildcard, meaning all sources. The second form allows an IP address +mask and a masked address to be specified. The third form uses the CIDR +notation. The fourth form uses an IP address or a hostname. These +forms are illustrated below. + + offline + offline 255.255.255.0/1.2.3.0 + offline 2001:db8:789a::/48 + offline foo.bar.com + + The second form means that the 'offline' command is to be applied to +any source whose IPv4 address is in the '1.2.3' subnet. (The host's +address is logically and-ed with the mask, and if the result matches the +masked-address the host is processed). The third form means that the +command is to be applied to all sources whose IPv6 addresses have first +48 bits equal to '2001:db8:789a'. The fourth form means that the +command is to be applied only to that one source. + + The wildcard form of the address is actually equivalent to + + offline 0.0.0.0/0.0.0.0 + offline ::/0 + +4.3.4.34 online +............... + +The 'online' command is opposite in function to the 'offline' command. +It is used to advise 'chronyd' that network connectivity to a particular +source or sources has been restored. + + The syntax is identical to that of the 'offline' command, see *note +offline command::. + +4.3.4.35 password +................. + +The password command is used to allow chronyc to send privileged +commands to 'chronyd'. The password can either be entered on the +command line, or can be entered without echoing. The syntax for +entering the password on the command line is as follows + + password xyzzy + password ASCII:xyzzy + password HEX:78797a7a79 + + To enter the password without it being echoed, enter + + password + + The computer will respond with a 'Password:' prompt, at which you +should enter the password and press return. (Note that the no-echo mode +is limited to 8 characters on SunOS 4.1 due to limitations in the system +library. Other systems do not have this restriction.) + + The password can be encoded as a string of characters not containing +a space with optional 'ASCII:' prefix or as a hexadecimal number with +'HEX:' prefix. It has to match 'chronyd's' currently defined command +key (*note commandkey directive::). + + The password command is run automatically on start if 'chronyc' was +started with the '-a' option. + +4.3.4.36 polltarget +................... + +The 'polltarget' command is used to modify the poll target for one of +the current set of sources. It is equivalent to the 'polltarget' option +in the 'server' directive in the configuration file (*note server +directive::). + + The syntax is as follows + + polltarget + + where the host can be specified as either a machine name or IP +address. + + An example is + + polltarget foo.bar.com 12 + + which sets the poll target for the host 'foo.bar.com' to 12. + +4.3.4.37 quit +............. + +The quit command exits from chronyc and returns the user to the shell +(same as the exit command). + +4.3.4.38 reselect +................. + +To avoid excessive switching between sources, 'chronyd' may stay +synchronised to a source even when it is not currently the best one +among the available sources. + + The 'reselect' command can be used to force 'chronyd' to reselect the +best synchronisation source. + +4.3.4.39 reselectdist +..................... + +The 'reselectdist' command sets the reselect distance. It is equivalent +to the 'reselectdist' directive in the configuration file (*note +reselectdist directive::). + +4.3.4.40 retries +................ + +The 'retries' command sets the maximum number of retries for 'chronyc' +requests before giving up. The response timeout is controlled by +'timeout' command (*note timeout command::). + + The default is 2. + +4.3.4.41 rtcdata +................ + +The 'rtcdata' command displays the current real time clock RTC +parameters. + + An example output is shown below. + + RTC ref time (GMT) : Sat May 30 07:25:56 1998 + Number of samples : 10 + Number of runs : 5 + Sample span period : 549 + RTC is fast by : -1.632736 seconds + RTC gains time at : -107.623 ppm + + The fields have the following meaning + +'RTC ref time (GMT)' + This is the RTC reading the last time its error was measured. +'Number of samples' + This is the number of previous measurements being used to determine + the RTC gain/loss rate. +'Number of runs' + This is the number of runs of residuals of the same sign following + the regression fit for (RTC error) versus (RTC time). A value + which is small indicates that the measurements are not well + approximated by a linear model, and that the algorithm will tend to + delete the older measurements to improve the fit. +'Sample span period' + This is the period that the measurements span (from the oldest to + the newest). Without a unit the value is in seconds; suffixes 'm' + for minutes, 'h' for hours, 'd' for days or 'y' for years may be + used. +'RTC is fast by' + This is the estimate of how many seconds fast the RTC when it + thought the time was at the reference time (above). If this value + is large, you may (or may not) want to use the 'trimrtc' command to + bring the RTC into line with the system clock. (Note, a large + error will not affect 'chronyd's' operation, unless it becomes so + big as to start causing rounding errors. +'RTC gains time at' + This is the amount of time gained (positive) or lost (negative) by + the real time clock for each second that it ticks. It is measured + in parts per million. So if the value shown was +1, suppose the + RTC was exactly right when it crosses a particular second boundary. + Then it would be 1 microsecond fast when it crosses its next second + boundary. + +4.3.4.42 settime +................ + +The 'settime' command allows the current time to be entered manually, if +this option has been configured into 'chronyd'. (It may be configured +either with the 'manual' directive in the configuration file (*note +manual directive::), or with the 'manual' command of chronyc (*note +manual command::). + + It should be noted that the computer's sense of time will only be as +accurate as the reference you use for providing this input (e.g. your +watch), as well as how well you can time the press of the return key. + + Providing your computer's time zone is set up properly, you will be +able to enter a local time (rather than UTC). + + The response to a successful 'settime' command indicates the amount +that the computer's clock was wrong. It should be apparent from this if +you have entered the time wrongly, e.g. with the wrong time zone. + + The rate of drift of the system clock is estimated by a regression +process using the entered measurement and all previous measurements +entered during the present run of 'chronyd'. However, the entered +measurement is used for adjusting the current clock offset (rather than +the estimated intercept from the regression, which is ignored). +Contrast what happens with the 'manual delete' command, where the +intercept is used to set the current offset (since there is no +measurement that has just been typed in in that case). + + The time is parsed by the public domain 'getdate' algorithm. +Consequently, you can only specify time to the nearest second. + + Examples of inputs that are valid are shown below. + + settime 16:30 + settime 16:30:05 + settime Nov 21, 1997 16:30:05 + + For a full description of 'getdate', get hold of the getdate +documentation (bundled, for example, with the source for GNU tar). + +4.3.4.43 sources +................ + +This command displays information about the current time sources that +'chronyd' is accessing. + + The optional argument '-v' can be specified, meaning _verbose_. In +this case, extra caption lines are shown as a reminder of the meanings +of the columns. + + 210 Number of sources = 3 + MS Name/IP address Stratum Poll Reach LastRx Last sample + =============================================================================== + #* GPS0 0 4 377 11 -479ns[ -621ns] +/- 134ns + ^? a.b.c 2 6 377 23 -923us[ -924us] +/- 43ms + ^+ d.e.f 1 6 377 21 -2629us[-2619us] +/- 86ms + + The columns are as follows: + +'M' + This indicates the mode of the source. '^' means a server, '=' + means a peer and '#' indicates a locally connected reference clock. + +'S' + This column indicates the state of the sources. '*' indicates the + source to which 'chronyd' is currently synchronised. '+' indicates + acceptable sources which are combined with the selected source. + '-' indicates acceptable sources which are excluded by the + combining algorithm. '?' indicates sources to which connectivity + has been lost or whose packets don't pass all tests. 'x' indicates + a clock which 'chronyd' thinks is is a falseticker (i.e. its time + is inconsistent with a majority of other sources). '~' indicates a + source whose time appears to have too much variability. The '?' + condition is also shown at start-up, until at least 3 samples have + been gathered from it. + +'Name/IP address' + This shows the name or the IP address of the source, or refid for + reference clocks. + +'Stratum' + This shows the stratum of the source, as reported in its most + recently received sample. Stratum 1 indicates a computer with a + locally attached reference clock. A computer that is synchronised + to a stratum 1 computer is at stratum 2. A computer that is + synchronised to a stratum 2 computer is at stratum 3, and so on. + +'Poll' + This shows the rate at which the source is being polled, as a + base-2 logarithm of the interval in seconds. Thus, a value of 6 + would indicate that a measurement is being made every 64 seconds. + + 'chronyd' automatically varies the polling rate in response to + prevailing conditions. + +'Reach' + This shows the source's reachability register printed as octal + number. The register has 8 bits and is updated on every received + or missed packet from the source. A value of 377 indicates that a + valid reply was received for all from the last eight transmissions. + +'LastRx' + This column shows how long ago the last sample was received from + the source. This is normally in seconds. The letters 'm', 'h', + 'd' or 'y' indicate minutes, hours, days or years. A value of 10 + years indicates there were no samples received from this source + yet. + +'Last sample' + This column shows the offset between the local clock and the source + at the last measurement. The number in the square brackets shows + the actual measured offset. This may be suffixed by 'ns' + (indicating nanoseconds), 'us' (indicating microseconds), 'ms' + (indicating milliseconds), or 's' (indicating seconds). The number + to the left of the square brackets shows the original measurement, + adjusted to allow for any slews applied to the local clock since. + The number following the '+/-' indicator shows the margin of error + in the measurement. + + Positive offsets indicate that the local clock is fast of the + source. + +4.3.4.44 sourcestats +.................... + +The 'sourcestats' command displays information about the drift rate and +offset estimatation process for each of the sources currently being +examined by 'chronyd'. + + The optional argument '-v' can be specified, meaning _verbose_. In +this case, extra caption lines are shown as a reminder of the meanings +of the columns. + + An example report is + + 210 Number of sources = 1 + Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev + =============================================================================== + abc.def.ghi 11 5 46m -0.001 0.045 1us 25us + + The columns are as follows + +'Name/IP Address' + This is the name or IP address of the NTP server (or peer) or refid + of the refclock to which the rest of the line relates. + +'NP' + This is the number of sample points currently being retained for + the server. The drift rate and current offset are estimated by + performing a linear regression through these points. + +'NR' + This is the number of runs of residuals having the same sign + following the last regression. If this number starts to become too + small relative to the number of samples, it indicates that a + straight line is no longer a good fit to the data. If the number + of runs is too low, 'chronyd' discards older samples and re-runs + the regression until the number of runs becomes acceptable. + +'Span' + This is the interval between the oldest and newest samples. If no + unit is shown the value is in seconds. In the example, the + interval is 46 minutes. + +'Frequency' + This is the estimated residual frequency for the server, in parts + per million. In this case, the computer's clock is estimated to be + running 1 part in 10**9 slow relative to the server. + +'Freq Skew' + This is the estimated error bounds on 'Freq' (again in parts per + million). + +'Offset' + This is the estimated offset of the source. + +'Std Dev' + This is the estimated sample standard deviation. + +4.3.4.45 timeout +................ + +The 'timeout' command sets the initial timeout for 'chronyc' requests in +milliseconds. If no response is received from 'chronyd', the timeout is +doubled and the request is resent. The maximum number of retries is +configured with the 'retries' command (*note retries command::). + + By default, the timeout is 1000 milliseconds or 100 milliseconds if +'chronyc' is contacting localhost (i.e. the '-h' option wasn't +specified) and 'chronyd' was compiled with asynchronous name resolving. + +4.3.4.46 tracking +................. + +The 'tracking' command displays parameters about the system's clock +performance. An example of the output is shown below. + + Reference ID : 1.2.3.4 (a.b.c) + Stratum : 3 + Ref time (UTC) : Fri Feb 3 15:00:29 2012 + System time : 0.000001501 seconds slow of NTP time + Last offset : -0.000001632 seconds + RMS offset : 0.000002360 seconds + Frequency : 331.898 ppm fast + Residual freq : 0.004 ppm + Skew : 0.154 ppm + Root delay : 0.373169 seconds + Root dispersion : 0.024780 seconds + Update interval : 64.2 seconds + Leap status : Normal + + The fields are explained as follows. + +'Reference ID' + This is the refid and name (or IP address) if available, of the + server to which the computer is currently synchronised. If this is + '127.127.1.1' it means the computer is not synchronised to any + external source and that you have the 'local' mode operating (via + the 'local' command in 'chronyc' (*note local command::), or the + 'local' directive in the '/etc/chrony.conf' file (*note local + directive::)). + +'Stratum' + The stratum indicates how many hops away from a computer with an + attached reference clock we are. Such a computer is a stratum-1 + computer, so the computer in the example is two hops away (i.e. + 'a.b.c' is a stratum-2 and is synchronised from a stratum-1). + +'Ref time' + This is the time (UTC) at which the last measurement from the + reference source was processed. + +'System time' + In normal operation, 'chronyd' _never_ steps the system clock, + because any jump in the timescale can have adverse consequences for + certain application programs. Instead, any error in the system + clock is corrected by slightly speeding up or slowing down the + system clock until the error has been removed, and then returning + to the system clock's normal speed. A consequence of this is that + there will be a period when the system clock (as read by other + programs using the 'gettimeofday()' system call, or by the 'date' + command in the shell) will be different from 'chronyd's' estimate + of the current true time (which it reports to NTP clients when it + is operating in server mode). The value reported on this line is + the difference due to this effect. + + On systems such as Solaris and SunOS, 'chronyd' has no means to + adjust the fundamental rate of the system clock, so keeps the + system time correct by periodically making offsets to it as though + an error had been measured. The build up of these offsets will be + observed in this report. + +'Last offset' + This is the estimated local offset on the last clock update. + +'RMS offset' + This is a long-term average of the offset value. + +'Frequency' + The 'frequency' is the rate by which the system's clock would be + would be wrong if 'chronyd' was not correcting it. It is expressed + in ppm (parts per million). For example, a value of 1ppm would + mean that when the system's clock thinks it has advanced 1 second, + it has actually advanced by 1.000001 seconds relative to true time. + + As you can see in the example, the clock in the computer is not a + very good one - it gains about 30 seconds per day! + +'Residual freq' + This shows the 'residual frequency' for the currently selected + reference source. This reflects any difference between what the + measurements from the reference source indicate the frequency + should be and the frequency currently being used. + + The reason this is not always zero is that a smoothing procedure is + applied to the frequency. Each time a measurement from the + reference source is obtained and a new residual frequency computed, + the estimated accuracy of this residual is compared with the + estimated accuracy (see 'skew' next) of the existing frequency + value. A weighted average is computed for the new frequency, with + weights depending on these accuracies. If the measurements from + the reference source follow a consistent trend, the residual will + be driven to zero over time. + +'Skew' + This is the estimated error bound on the the frequency. + +'Root delay' + This is the total of the network path delays to the stratum-1 + computer from which the computer is ultimately synchronised. + + In certain extreme situations, this value can be negative. (This + can arise in a symmetric peer arrangement where the computers' + frequencies are not tracking each other and the network delay is + very short relative to the turn-around time at each computer.) + +'Root dispersion' + This is the total dispersion accumulated through all the computers + back to the stratum-1 computer from which the computer is + ultimately synchronised. Dispersion is due to system clock + resolution, statistical measurement variations etc. + + An absolute bound on the computer's clock accuracy (assuming the + stratum-1 computer is correct) is given by + + clock_error <= root_dispersion + (0.5 * |root_delay|) + +'Update interval' + This is the interval between the last two clock updates. + +'Leap status' + This is the leap status, which can be 'Normal', 'Insert second', + 'Delete second' or 'Not synchronised'. + +4.3.4.47 trimrtc +................ + +The 'trimrtc' command is used to correct the system's real time clock +(RTC) to the main system clock. It has no effect if the error between +the two clocks is currently estimated at less than a second (the +resolution of the RTC is only 1 second). + + The command takes no arguments. It performs the following steps (if +the RTC is more than 1 second away from the system clock): + + 1. Remember the currently estimated gain/loss rate of the RTC and + flush the previous measurements. + 2. Step the real time clock to bring it within a second of the system + clock. + 3. Make several measurements to accurately determine the new offset + between the RTC and the system clock (i.e. the remaining fraction + of a second error) + 4. Save the RTC parameters to the RTC file (specified with the + 'rtcfile' directive in the configuration file (*note rtcfile + directive::). + + The last step is done as a precaution against the computer suffering +a power failure before either the daemon exits or the 'writertc' command +is issued. + + 'chronyd' will still work perfectly well both whilst operating and +across machine reboots even if the 'trimrtc' command is never used (and +the RTC is allowed to drift away from true time). The 'trimrtc' command +is provided as a method by which it can be corrected, in a manner +compatible with 'chronyd' using it to maintain accurate time across +machine reboots. + + The 'trimrtc' command can be executed automatically by 'chronyd' with +the 'rtcautotrim' directive (*note rtcautotrim directive::). + +4.3.4.48 waitsync +................. + +The 'waitsync' command waits for 'chronyd' to synchronise. + + Up to three optional arguments can be specified, the first is the +maximum number of tries in 10 second intervals before giving up and +returning a non-zero error code. When 0 is specified, or there are no +arguments, the number of tries will not be limited. + + The second and third arguments are the maximum allowed remaining +correction of the system clock and the maximum allowed skew (in ppm) as +reported by the 'tracking' command (*note tracking command::) in the +'System time' and 'Skew' fields. If not specified or zero, the value +will not be checked. + + An example is + + waitsync 60 0.01 + + which will wait up to about 10 minutes for 'chronyd' to synchronise +to a source and the remaining correction to be less than 10 +milliseconds. + +4.3.4.49 writertc +................. + +The 'writertc' command writes the currently estimated error and +gain/loss rate parameters for the RTC to the RTC file (specified with +the 'rtcfile' directive (*note rtcfile directive::)). This information +is also written automatically when 'chronyd' is killed (with SIGHUP, +SIGINT, SIGQUIT or SIGTERM) or when the 'trimrtc' command is issued. + +5 Frequently asked questions +**************************** + +5.1 Administrative issues +========================= + +5.1.1 Where can I get chrony source code? +----------------------------------------- + +Tarballs are available via the 'Download' link on the chrony web site. +For the current development from the developers' version control system +see the 'Git' link on the web site. + +5.1.2 Are there any packaged versions of chrony? +------------------------------------------------ + +We are aware of packages for Arch, Debian, Fedora, Gentoo, Mandriva, +Slackware, Ubuntu, FreeBSD and NetBSD. We are not involved with how +these are built or distributed. + +5.1.3 Where is the home page? +----------------------------- + +It is currently at http://chrony.tuxfamily.org +(http://chrony.tuxfamily.org). + +5.1.4 Is there a mailing list? +------------------------------ + +Yes, it's currently at . There is a +low-volume list called chrony-announce which is just for announcements +of new releases or similar matters of high importance. You can join the +lists by sending a message with the subject subscribe to + or + respectively. + + For those who want to contribute to the development of chrony, there +is a developers' mailing list. You can subscribe by sending mail with +the subject subscribe to . + +5.1.5 What licence is applied to chrony? +---------------------------------------- + +Starting from version 1.15, chrony is licensed under the GNU General +Public License, Version 2. Versions prior to 1.15 were licensed under a +custom BSD-like license. + +5.2 Chrony compared to other programs +===================================== + +5.2.1 How does chrony compare to ntpd? +-------------------------------------- + +Chrony can usually synchronise the system clock faster and with better +time accuracy, but it doesn't implement all NTP features, e.g. +broadcast/multicast mode, or authentication based on public-key +cryptography. For a more detailed comparison, see section 'Comparison +with ntpd' in the manual. + + If your computer connects to the 'net only for few minutes at a time, +you turn your Linux computer off or suspend it frequently, the clock is +not very stable (e.g. it is a virtual machine), or you want to use NTP +on an isolated network with no hardware clocks in sight, chrony will +probably work much better for you. + + The original reason chrony was written was that ntpd (called xntpd at +the time) could not to do anything sensible on a PC which was connected +to the 'net only for about 5 minutes once or twice a day, mainly to +upload/download email and news. The requirements were + + * slew the time to correct it when going online and NTP servers + become visible + * determine the rate at which the computer gains or loses time and + use this information to keep it reasonably correct between connects + to the 'net. This has to be done using a method that does not care + about the intermittent availability of the references or the fact + the computer is turned off between groups of measurements. + * maintain the time across reboots, by working out the error and + drift rate of the computer's real-time clock and using this + information to set the system clock correctly at boot up. + + Also, when working with isolated networks with no true time +references at all ntpd was found to give no help with managing the local +clock's gain/loss rate on the NTP master node (which was set from +watch). Some automated support was added to chrony to deal with this. + +5.3 Configuration issues +======================== + +5.3.1 I have several computers on a LAN. Should be all clients of an external server? +------------------------------------------------------------------------------------- + +The best configuration is usually to make one computer the master, with +the others as clients of it. Add a 'local' directive to the master's +chrony.conf file. This configuration will be better because + + * the load on the external connection is less + * the load on the external NTP server(s) is less + * if your external connection goes down, the computers on the LAN + will maintain a common time with each other. + +5.3.2 Must I specify servers by IP address if DNS is not available on chronyd start? +------------------------------------------------------------------------------------ + +No. Starting from version 1.25, 'chronyd' will keep trying to resolve +the hostnames specified in the 'server' and 'peer' directives in +increasing intervals until it succeeds. The 'online' command can be +issued from 'chronyc' to try to resolve them immediately. + +5.3.3 How can I make chronyd more secure? +----------------------------------------- + +If you don't need to serve time to NTP clients, you can add 'port 0' to +the 'chrony.conf' file to disable the NTP server/peer sockets and +prevent NTP requests from reaching 'chronyd'. + + If you don't need to use 'chronyc' remotely, you can add the +following directives to the configuration file to bind the command +sockets to the loopback interface + + bindcmdaddress 127.0.0.1 + bindcmdaddress ::1 + + If you don't need to use 'chronyc' at all, you can disable the +command sockets by adding 'cmdport 0' to the configuration file. + +5.4 Computer is not synchronising +================================= + +This is the most common problem. There are a number of reasons, see the +following questions. + +5.4.1 Behind a firewall? +------------------------ + +If there is a firewall between you and the NTP server you're trying to +use, the packets may be blocked. Try using a tool like wireshark or +tcpdump to see if you're getting responses from the server. If you have +an external modem, see if the receive light blinks straight after the +transmit light (when the link is quiet apart from the NTP traffic.) Try +adding 'log measurements' to the 'chrony.conf' file and look in the +measurements.log file after chrony has been running for a short period. +See if any measurements appear. + +5.4.2 Do you have a non-permanent (i.e. intermittent) Internet connection? +-------------------------------------------------------------------------- + +Check that you're using chronyc's 'online' and 'offline' commands +appropriately. Again, check in measurements.log to see if you're +getting any data back from the server. + +5.4.3 In measurements.log, do the '7' and '8' flag columns always show zero? +---------------------------------------------------------------------------- + +Do you have a 'local stratum X' directive in the 'chrony.conf' file? If +X is lower than the stratum of the server you're trying to use, this +situation will arise. You should always make X quite high (e.g. 10) in +this directive. + +5.5 Issues with chronyc +======================= + +5.5.1 I keep getting the error '506 Cannot talk to daemon' +---------------------------------------------------------- + +Make sure that the 'chrony.conf' file (on the computer where 'chronyd' +is running) has a 'cmdallow' entry for the computer you are running +'chronyc' on. This isn't necessary for localhost. + + Perhaps 'chronyd' is not running. Try using the ps command (e.g. on +Linux, 'ps -auxw') to see if it's running. Or try 'netstat -a' and see +if the ports 123/udp and 323/udp are listening. If 'chronyd' is not +running, you may have a problem with the way you are trying to start it +(e.g. at boot time). + + Perhaps you have a firewall set up in a way that blocks packets on +port 323/udp. You need to amend the firewall configuration in this +case. + +5.5.2 Is the chronyc<->chronyd protocol documented anywhere? +------------------------------------------------------------ + +Only by the source code :-) See cmdmon.c ('chronyd' side) and client.c +('chronyc' side). + +5.6 Real-time clock issues +========================== + +5.6.1 What is the real-time clock (RTC)? +---------------------------------------- + +This is the clock which keeps the time even when your computer is turned +off. It works with 1 second resolution. 'chronyd' can monitor the rate +at which the real-time clock gains or loses time, and compensate for it +when you set the system time from it at the next reboot. See the +documentation for details. + +5.6.2 I want to use chronyd's real-time clock support. Must I disable hwclock? +------------------------------------------------------------------------------ + +The hwclock program is often set-up by default in the boot and shutdown +scripts with many Linux installations. If you want to use chronyd's +real-time clock support, the important thing is to disable hwclock in +the shutdown procedure. If you don't, it will over-write the RTC with a +new value, unknown to 'chronyd'. At the next reboot, 'chronyd' will +compensate this (wrong) time with its estimate of how far the RTC has +drifted whilst the power was off, giving a meaningless initial system +time. + + There is no need to remove hwclock from the boot process, as long as +'chronyd' is started after it has run. + +5.6.3 I just keep getting the '513 RTC driver not running' message +------------------------------------------------------------------ + +For the real time clock support to work, you need the following three +things + * a kernel that is supported (e.g. 2.2 onwards) + * enhanced RTC support compiled into the kernel + * an 'rtcfile' directive in your chrony.conf file + +5.7 Microsoft Windows +===================== + +5.7.1 Does chrony support Windows? +---------------------------------- + +No. The 'chronyc' program (the command-line client used for configuring +'chronyd' while it is running) has been successfully built and run under +Cygwin in the past. 'chronyd' is not portable, because part of it is +very system-dependent. It needs adapting to work with Windows' +equivalent of the adjtimex() call, and it needs to be made to work as an +NT service. + +5.7.2 Are there any plans to support Windows? +--------------------------------------------- + +We have no plans to do this. Anyone is welcome to pick this work up and +contribute it back to the project. + +5.8 NTP-specific issues +======================= + +5.8.1 Can chrony be driven from broadcast NTP servers? +------------------------------------------------------ + +No, this NTP mode is not implemented yet. + +5.8.2 Can chronyd transmit broadcast NTP packets (e.g. to synchronise other computers on a private LAN)? +-------------------------------------------------------------------------------------------------------- + +Yes. Starting from version 1.17, chrony has this capability. + +5.8.3 Can chrony keep the system clock a fixed offset away from real time? +-------------------------------------------------------------------------- + +This is not possible as the program currently stands. + +5.8.4 What happens if the network connection is dropped without using chronyc's 'offline' command first? +-------------------------------------------------------------------------------------------------------- + +In this case 'chronyd' will keep trying to access the server(s) that it +thinks are online. Eventually it will decide that they are unreachable +and no longer consider itself synchronised to them. If you have other +computers on your LAN accessing the computer that is affected this way, +they too will become 'unsynchronised', unless you have the 'local' +directive set up on the master computer. + + The 'auto_offline' option to the 'server' entry in the chrony.conf +file may be useful to avoid this situation. + +5.9 Linux-specific issues +========================= + +5.9.1 I get "Could not open /dev/rtc, Device or resource busy" in my syslog file +-------------------------------------------------------------------------------- + +Some other program running on the system may be using the device. + +5.10 Solaris-specific issues +============================ + +5.10.1 On Solaris 2.8, I get an error message about not being able to open kvm to change dosynctodr +--------------------------------------------------------------------------------------------------- + +(The dosynctodr variable controls whether Solaris couples the equivalent +of its BIOS clock into its system clock at regular intervals). The +Solaris port of chrony was developed in the Solaris 2.5 era. Some +aspect of the Solaris kernel has changed which prevents the same +technique working. We no longer have root access to any Solaris +machines to work on this, and we are reliant on somebody developing the +patch and testing it. + +Appendix A GNU General Public License +************************************* + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin +Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to +copy and distribute verbatim copies of this license document, but +changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your freedom +to share and change it. By contrast, the GNU General Public License is +intended to guarantee your freedom to share and change free software-to +make sure the software is free for all its users. This General Public +License applies to most of the Free Software Foundation's software and +to any other program whose authors commit to using it. (Some other Free +Software Foundation software is covered by the GNU Lesser General Public +License instead.) You can apply it to your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it if +you want it, that you can change the software or use pieces of it in new +free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, +and (2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, +DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, either +verbatim or with modifications and/or translated into another language. +(Hereinafter, translation is included without limitation in the term +"modification".) Each licensee is addressed as "you". + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of running +the Program is not restricted, and the output from the Program is +covered only if its contents constitute a work based on the Program +(independent of having been made by running the Program). Whether that +is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the notices +that refer to this License and to the absence of any warranty; and give +any other recipients of the Program a copy of this License along with +the Program. + + You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and distribute +such modifications or work under the terms of Section 1 above, provided +that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices +stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in +whole or in part contains or is derived from the Program or any part +thereof, to be licensed as a whole at no charge to all third parties +under the terms of this License. + + c) If the modified program normally reads commands interactively when +run, you must cause it, when started running for such interactive use in +the most ordinary way, to print or display an announcement including an +appropriate copyright notice and a notice that there is no warranty (or +else, saying that you provide a warranty) and that users may +redistribute the program under these conditions, and telling the user +how to view a copy of this License. (Exception: if the Program itself +is interactive but does not normally print such an announcement, your +work based on the Program is not required to print an announcement.) + + These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, and +can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based on +the Program, the distribution of the whole must be on the terms of this +License, whose permissions for other licensees extend to the entire +whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + + In addition, mere aggregation of another work not based on the +Program with the Program (or with a work based on the Program) on a +volume of a storage or distribution medium does not bring the other work +under the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable +source code, which must be distributed under the terms of Sections 1 and +2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three years, +to give any third party, for a charge no more than your cost of +physically performing source distribution, a complete machine-readable +copy of the corresponding source code, to be distributed under the terms +of Sections 1 and 2 above on a medium customarily used for software +interchange; or, + + c) Accompany it with the information you received as to the offer to +distribute corresponding source code. (This alternative is allowed only +for noncommercial distribution and only if you received the program in +object code or executable form with such an offer, in accord with +Subsection b above.) + + The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to control +compilation and installation of the executable. However, as a special +exception, the source code distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies the +executable. + + If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent access +to copy the source code from the same place counts as distribution of +the source code, even though third parties are not compelled to copy the +source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt otherwise +to copy, modify, sublicense or distribute the Program is void, and will +automatically terminate your rights under this License. However, +parties who have received copies, or rights, from you under this License +will not have their licenses terminated so long as such parties remain +in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and all +its terms and conditions for copying, distributing or modifying the +Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further restrictions +on the recipients' exercise of the rights granted herein. You are not +responsible for enforcing compliance by third parties to this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent license +would not permit royalty-free redistribution of the Program by all those +who receive copies directly or indirectly through you, then the only way +you could satisfy both it and this License would be to refrain entirely +from distribution of the Program. + + If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + + It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is implemented +by public license practices. Many people have made generous +contributions to the wide range of software distributed through that +system in reliance on consistent application of that system; it is up to +the author/donor to decide if he or she is willing to distribute +software through any other system and a licensee cannot impose that +choice. + + This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License may +add an explicit geographical distribution limitation excluding those +countries, so that distribution is permitted only in or among countries +not thus excluded. In such case, this License incorporates the +limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new +versions of the General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies a version number of this License which applies to it +and "any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Program does not specify a version +number of this License, you may choose any version ever published by the +Free Software Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the +author to ask for permission. For software which is copyrighted by the +Free Software Foundation, write to the Free Software Foundation; we +sometimes make exceptions for this. Our decision will be guided by the +two goals of preserving the free status of all derivatives of our free +software and of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, +EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE +ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH +YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL +NECESSARY SERVICING, REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR +DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL +DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM +(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED +INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF +THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR +OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + Copyright (C) + + This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. + + This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +Public License for more details. + + You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software Foundation, +Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Also add information on how to contact you by electronic and paper +mail. + + If the program is interactive, make it output a short notice like +this when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author Gnomovision +comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. This is +free software, and you are welcome to redistribute it under certain +conditions; type 'show c' for details. + + The hypothetical commands 'show w' and 'show c' should show the +appropriate parts of the General Public License. Of course, the +commands you use may be called something other than 'show w' and 'show +c'; they could even be mouse-clicks or menu items-whatever suits your +program. + + You should also get your employer (if you work as a programmer) or +your school, if any, to sign a "copyright disclaimer" for the program, +if necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the +program 'Gnomovision' (which makes passes at compilers) written by James +Hacker. + + , 1 April 1989 Ty Coon, President of Vice + + This General Public License does not permit incorporating your +program into proprietary programs. If your program is a subroutine +library, you may consider it more useful to permit linking proprietary +applications with the library. If this is what you want to do, use the +GNU Lesser General Public License instead of this License. + +1 Introduction + 1.1 Overview + 1.2 Acknowledgements + 1.3 Availability + 1.3.1 Getting the software + 1.3.2 Platforms + 1.4 Relationship to other software packages + 1.4.1 ntpd + 1.4.2 timed + 1.5 Distribution rights and (lack of) warranty + 1.6 Bug reporting and suggestions + 1.7 Contributions +2 Installation + 2.1 Support for line editing libraries + 2.2 Extra options for package builders +3 Typical operating scenarios + 3.1 Computers connected to the internet + 3.2 Infrequent connection to true NTP servers + 3.2.1 Setting up the configuration file for infrequent connections + 3.2.2 How to tell chronyd when the internet link is available. + 3.3 Isolated networks + 3.4 The home PC with a dial-up connection + 3.4.1 Assumptions/how the software works + 3.4.2 Typical configuration files. + 3.5 Other important configuration options +4 Usage reference + 4.1 Starting chronyd + 4.2 The chronyd configuration file + 4.2.1 Comments in the configuration file + 4.2.2 acquisitionport + 4.2.3 allow + 4.2.4 bindacqaddress + 4.2.5 bindaddress + 4.2.6 bindcmdaddress + 4.2.7 broadcast + 4.2.8 clientloglimit + 4.2.9 cmdallow + 4.2.10 cmddeny + 4.2.11 cmdport + 4.2.12 combinelimit + 4.2.13 commandkey + 4.2.14 corrtimeratio + 4.2.15 deny + 4.2.16 driftfile + 4.2.17 dumpdir + 4.2.18 dumponexit + 4.2.19 fallbackdrift + 4.2.20 generatecommandkey + 4.2.21 hwclockfile + 4.2.22 include + 4.2.23 initstepslew + 4.2.24 keyfile + 4.2.25 leapsectz + 4.2.26 local + 4.2.27 lock_all + 4.2.28 log + 4.2.28.1 Measurements log file format + 4.2.28.2 Statistics log file format + 4.2.28.3 Tracking log file format + 4.2.28.4 Real-time clock log file format + 4.2.28.5 Refclocks log file format + 4.2.28.6 Tempcomp log file format + 4.2.29 logbanner + 4.2.30 logchange + 4.2.31 logdir + 4.2.32 mailonchange + 4.2.33 makestep + 4.2.34 manual + 4.2.35 maxchange + 4.2.36 maxclockerror + 4.2.37 maxsamples + 4.2.38 maxslewrate + 4.2.39 maxupdateskew + 4.2.40 minsamples + 4.2.41 noclientlog + 4.2.42 peer + 4.2.43 pidfile + 4.2.44 port + 4.2.45 refclock + 4.2.46 reselectdist + 4.2.47 rtcautotrim + 4.2.48 rtcdevice + 4.2.49 rtcfile + 4.2.50 rtconutc + 4.2.51 rtcsync + 4.2.52 sched_priority + 4.2.53 server + 4.2.54 stratumweight + 4.2.55 tempcomp + 4.2.56 user + 4.3 Running chronyc + 4.3.1 Basic use + 4.3.2 Command line options + 4.3.3 Security with chronyc + 4.3.4 Command reference + 4.3.4.1 accheck + 4.3.4.2 activity + 4.3.4.3 add peer + 4.3.4.4 add server + 4.3.4.5 allow all + 4.3.4.6 allow + 4.3.4.7 authhash + 4.3.4.8 burst + 4.3.4.9 clients + 4.3.4.10 cmdaccheck + 4.3.4.11 cmdallow all + 4.3.4.12 cmdallow + 4.3.4.13 cmddeny all + 4.3.4.14 cmddeny + 4.3.4.15 cyclelogs + 4.3.4.16 delete + 4.3.4.17 deny all + 4.3.4.18 deny + 4.3.4.19 dns + 4.3.4.20 dump + 4.3.4.21 exit + 4.3.4.22 help + 4.3.4.23 local + 4.3.4.24 makestep + 4.3.4.25 manual + 4.3.4.26 maxdelay + 4.3.4.27 maxdelaydevratio + 4.3.4.28 maxdelayratio + 4.3.4.29 maxpoll + 4.3.4.30 maxupdateskew + 4.3.4.31 minpoll + 4.3.4.32 minstratum + 4.3.4.33 offline + 4.3.4.34 online + 4.3.4.35 password + 4.3.4.36 polltarget + 4.3.4.37 quit + 4.3.4.38 reselect + 4.3.4.39 reselectdist + 4.3.4.40 retries + 4.3.4.41 rtcdata + 4.3.4.42 settime + 4.3.4.43 sources + 4.3.4.44 sourcestats + 4.3.4.45 timeout + 4.3.4.46 tracking + 4.3.4.47 trimrtc + 4.3.4.48 waitsync + 4.3.4.49 writertc +5 Frequently asked questions + 5.1 Administrative issues + 5.1.1 Where can I get chrony source code? + 5.1.2 Are there any packaged versions of chrony? + 5.1.3 Where is the home page? + 5.1.4 Is there a mailing list? + 5.1.5 What licence is applied to chrony? + 5.2 Chrony compared to other programs + 5.2.1 How does chrony compare to ntpd? + 5.3 Configuration issues + 5.3.1 I have several computers on a LAN. Should be all clients of an external server? + 5.3.2 Must I specify servers by IP address if DNS is not available on chronyd start? + 5.3.3 How can I make chronyd more secure? + 5.4 Computer is not synchronising + 5.4.1 Behind a firewall? + 5.4.2 Do you have a non-permanent (i.e. intermittent) Internet connection? + 5.4.3 In measurements.log, do the '7' and '8' flag columns always show zero? + 5.5 Issues with chronyc + 5.5.1 I keep getting the error '506 Cannot talk to daemon' + 5.5.2 Is the chronyc<->chronyd protocol documented anywhere? + 5.6 Real-time clock issues + 5.6.1 What is the real-time clock (RTC)? + 5.6.2 I want to use chronyd's real-time clock support. Must I disable hwclock? + 5.6.3 I just keep getting the '513 RTC driver not running' message + 5.7 Microsoft Windows + 5.7.1 Does chrony support Windows? + 5.7.2 Are there any plans to support Windows? + 5.8 NTP-specific issues + 5.8.1 Can chrony be driven from broadcast NTP servers? + 5.8.2 Can chronyd transmit broadcast NTP packets (e.g. to synchronise other computers on a private LAN)? + 5.8.3 Can chrony keep the system clock a fixed offset away from real time? + 5.8.4 What happens if the network connection is dropped without using chronyc's 'offline' command first? + 5.9 Linux-specific issues + 5.9.1 I get "Could not open /dev/rtc, Device or resource busy" in my syslog file + 5.10 Solaris-specific issues + 5.10.1 On Solaris 2.8, I get an error message about not being able to open kvm to change dosynctodr +Appendix A GNU General Public License diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chrony_timex.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony_timex.h --- atmark-dist-20150618/user/chrony/chrony-1.30/chrony_timex.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chrony_timex.h 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,73 @@ +/* Taken from /usr/include/linux/timex.h. Avoids the need to + * include kernel header files. */ + +#ifndef CHRONY_TIMEX_H +#define CHRONY_TIMEX_H + +#include + +struct timex { + unsigned int modes; /* mode selector */ + long offset; /* time offset (usec) */ + long freq; /* frequency offset (scaled ppm) */ + long maxerror; /* maximum error (usec) */ + long esterror; /* estimated error (usec) */ + int status; /* clock command/status */ + long constant; /* pll time constant */ + long precision; /* clock precision (usec) (read only) */ + long tolerance; /* clock frequency tolerance (ppm) + * (read only) + */ + struct timeval time; /* (read only) */ + long tick; /* (modified) usecs between clock ticks */ + + long ppsfreq; /* pps frequency (scaled ppm) (ro) */ + long jitter; /* pps jitter (us) (ro) */ + int shift; /* interval duration (s) (shift) (ro) */ + long stabil; /* pps stability (scaled ppm) (ro) */ + long jitcnt; /* jitter limit exceeded (ro) */ + long calcnt; /* calibration intervals (ro) */ + long errcnt; /* calibration errors (ro) */ + long stbcnt; /* stability limit exceeded (ro) */ + + int :32; int :32; int :32; int :32; + int :32; int :32; int :32; int :32; + int :32; int :32; int :32; int :32; +}; + +#define ADJ_OFFSET 0x0001 /* time offset */ +#define ADJ_FREQUENCY 0x0002 /* frequency offset */ +#define ADJ_MAXERROR 0x0004 /* maximum time error */ +#define ADJ_STATUS 0x0010 /* clock status */ +#define ADJ_TIMECONST 0x0020 /* pll time constant */ +#define ADJ_SETOFFSET 0x0100 /* add 'time' to current time */ +#define ADJ_NANO 0x2000 /* select nanosecond resolution */ +#define ADJ_TICK 0x4000 /* tick value */ +#define ADJ_OFFSET_SINGLESHOT 0x8001 /* old-fashioned adjtime */ +#define ADJ_OFFSET_SS_READ 0xa001 /* read-only adjtime */ + +#define SHIFT_USEC 16 /* frequency offset scale (shift) */ + +#define STA_PLL 0x0001 /* enable PLL updates (rw) */ +#define STA_PPSFREQ 0x0002 /* enable PPS freq discipline (rw) */ +#define STA_PPSTIME 0x0004 /* enable PPS time discipline (rw) */ +#define STA_FLL 0x0008 /* select frequency-lock mode (rw) */ + +#define STA_INS 0x0010 /* insert leap (rw) */ +#define STA_DEL 0x0020 /* delete leap (rw) */ +#define STA_UNSYNC 0x0040 /* clock unsynchronized (rw) */ +#define STA_FREQHOLD 0x0080 /* hold frequency (rw) */ + +#define STA_PPSSIGNAL 0x0100 /* PPS signal present (ro) */ +#define STA_PPSJITTER 0x0200 /* PPS signal jitter exceeded (ro) */ +#define STA_PPSWANDER 0x0400 /* PPS signal wander exceeded (ro) */ +#define STA_PPSERROR 0x0800 /* PPS signal calibration error (ro) */ + +#define STA_CLOCKERR 0x1000 /* clock hardware fault (ro) */ +#define STA_NANO 0x2000 /* resolution (0 = us, 1 = ns) (ro) */ + +/* This doesn't seem to be in any include files !! */ + +extern int adjtimex(struct timex *); + +#endif /* CHRONY_TIMEX_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chronyc.1.in atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chronyc.1.in --- atmark-dist-20150618/user/chrony/chrony-1.30/chronyc.1.in 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chronyc.1.in 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,75 @@ +.TH CHRONYC 1 "July 2014" "chrony 1.30" "User's Manual" +.SH NAME +chronyc \- command-line interface for chronyd + +.SH SYNOPSIS +.B chronyc +[\fIOPTIONS\fR] + +.SH DESCRIPTION +\fIchrony\fR is a pair of programs for maintaining the accuracy of computer +clocks. + +\fBchronyc\fR is a command-line interface program which can be used to +monitor \fIchronyd\fR's performance and to change various operating +parameters whilst it is running. + +.SH USAGE +A detailed description of all commands supported by \fBchronyc\fR is available +via the documentation supplied with the distribution (\fIchrony.txt\fR and +\fIchrony.texi\fR). + +.SH OPTIONS +A summary of the options supported by \fBchronyc\fR is included below. + +.TP +\fB\-h\fR \fIhostname\fR +specify hostname (default 127.0.0.1) +.TP +\fB\-p\fR \fIport-number\fR +specify port-number +.TP +\fB\-n\fR +display raw IP addresses (don't attempt to look up hostnames) +.TP +\fB\-4\fR +resolve hostnames only to IPv4 addresses +.TP +\fB\-6\fR +resolve hostnames only to IPv6 addresses +.TP +\fB\-m\fR +allow multiple commands to be specified on the command line. Each argument +will be interpreted as a whole command. +.TP +\fB\-f\fR \fIconf-file\fR +This option can be used to specify an alternate location for the +configuration file (default \fI@SYSCONFDIR@/chrony.conf\fR). The configuration file is +needed for the \fB-a\fR option. +.TP +\fB\-a\fR +With this option chronyc will try to authenticate automatically on +start. It will read the configuration file, read the command key from the +keyfile and run the authhash and password commands. +.TP +\fIcommand\fR +specify command. If no command is given, chronyc will read commands +interactively. + +.SH BUGS +To report bugs, please visit \fIhttp://chrony.tuxfamily.org\fR + +.SH "SEE ALSO" +.BR chronyd(8), +.BR chrony(1) + +.I http://chrony.tuxfamily.org/ + +.SH AUTHOR +Richard Curnow + +This man-page was written by Jan Schaumann as part of "The Missing +Man Pages Project". Please see \fIhttp://www.netmeister.org/misc/m2p2/index.html\fR +for details. + +The complete chrony documentation is supplied in texinfo format. diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/chronyd.8.in atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chronyd.8.in --- atmark-dist-20150618/user/chrony/chrony-1.30/chronyd.8.in 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/chronyd.8.in 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,153 @@ +.TH CHRONYD 8 "July 2014" "chrony 1.30" "System Administration" +.SH NAME +chronyd \- chrony background daemon + +.SH SYNOPSIS +.B chronyd +[\fIOPTIONS\fR] [\fIconfiguration commands\fR] + +.SH DESCRIPTION +\fIchrony\fR is a pair of programs for maintaining the accuracy of computer +clocks. \fBchronyd\fR is a background daemon program that can be started at boot +time. + +\fBchronyd\fR is a daemon which runs in background on the +system. It obtains measurements (e.g. via the network) of the +system's offset relative to other systems, and adjusts the system +time accordingly. For isolated systems, the user can periodically +enter the correct time by hand (using \fIchronyc\fR). In either case, +\fBchronyd\fR determines the rate at which the computer +gains or loses time, and compensates for this. + +.SH USAGE +\fBchronyd\fR is usually started at boot-time and requires superuser +privileges. + +If \fBchronyd\fR has been installed to its default location +\fI@SBINDIR@/chronyd\fR, starting it is simply a matter of entering the +command: + +\fI@SBINDIR@/chronyd\fR + +Information messages and warnings will be logged to syslog. + +If no configuration commands are specified on the command line, +\fBchronyd\fR will read the commands from the configuration file +(default \fI@SYSCONFDIR@/chrony.conf\fR). + +.SH OPTIONS +A summary of the options supported by \fBchronyd\fR is included below. + +.TP +\fB\-P\fR \fIpriority\fR +This option will select the SCHED_FIFO real-time scheduler at the specified +priority (which must be between 0 and 100). This mode is supported only on +Linux. +.TP +.B \-m +This option will lock chronyd into RAM so that it will never be paged out. +This mode is only supported on Linux. +.TP +.B \-n +When run in this mode, the program will not detach itself from the +terminal. +.TP +.B \-d +When run in this mode, the program will not detach itself from the +terminal, and all messages will be sent to the terminal instead of +to syslog. When \fBchronyd\fR was compiled with debugging support, +this option can be used twice to print also debugging messages. +.TP +\fB\-f\fR \fIconf-file\fR +This option can be used to specify an alternate location for the +configuration file (default \fI@SYSCONFDIR@/chrony.conf\fR). +.TP +.B \-r +This option will reload sample histories for each of the servers being used. +These histories are created by using the \fIdump\fR command in \fIchronyc\fR, +or by setting the \fIdumponexit\fR directive in the configuration file. This +option is useful if you want to stop and restart \fBchronyd\fR briefly for any +reason, e.g. to install a new version. However, it only makes sense on +systems where the kernel can maintain clock compensation whilst not under +\fBchronyd\fR's control. The only version where this happens so far is Linux. +On systems where this is not the case, e.g. Solaris and SunOS the option +should not be used. +.TP +.B \-R +When this option is used, the \fIinitstepslew\fR directive and the +\fImakestep\fR directive used with a positive limit will be ignored. This +option is useful when restarting \fBchronyd\fR and can be used in conjunction +with the \fB-r\fR option. +.TP +.B \-s +This option will set the system clock from the computer's real-time +clock. This is analogous to supplying the \fI-s\fR flag to the +\fI/sbin/hwclock\fR program during the Linux boot sequence. + +Support for real-time clocks is limited at present - the criteria +are described in the section on the \fIrtcfile\fR directive in the +documentation supplied with the distribution. + +If \fBchronyd\fR cannot support the real time clock on your computer, +this option cannot be used and a warning message will be logged to +the syslog. + +If used in conjunction with the \fB-r\fR flag, \fBchronyd\fR will attempt +to preserve the old samples after setting the system clock from +the real time clock. This can be used to allow \fBchronyd\fR to +perform long term averaging of the gain or loss rate across system +reboots, and is useful for dial-up systems that are shut down when +not in use. For this to work well, it relies on \fBchronyd\fR having +been able to determine accurate statistics for the difference +between the real time clock and system clock last time the +computer was on. +.TP +\fB\-u\fR \fIuser\fR +This option sets the name of the user to which will \fBchronyd\fR switch to +drop root privileges if compiled with Linux capabilities support (default +\fB@DEFAULT_USER@\fR). +.TP +.B \-q +When run in this mode, chronyd will set the system clock once +and exit. It will not detach from the terminal. +.TP +.B \-Q +This option is similar to \fB\-q\fR, but it will only print the offset and +not correct the clock. +.TP +.B \-v +This option displays \fBchronyd\fR's version number to the terminal and exits +.TP +.B \-4 +Resolve hostnames only to IPv4 addresses and create only IPv4 sockets. +.TP +.B \-6 +Resolve hostnames only to IPv6 addresses and create only IPv6 sockets. + +.SH FILES +\fI@SYSCONFDIR@/chrony.conf\fR + +.SH BUGS +To report bugs, please visit \fIhttp://chrony.tuxfamily.org/\fR + +.SH "SEE ALSO" +\fBchronyd\fR is documented in detail in the documentation supplied with the +distribution (\fIchrony.txt\fR and \fIchrony.texi\fR). + +.BR chrony(1), +.BR chronyc(1), +.BR chrony.conf(5), +.BR hwclock(8), +.BR ntpd(8) + +.I http://chrony.tuxfamily.org/ + +.SH AUTHOR +Richard Curnow + +This man-page was written by Jan Schaumann as part +of "The Missing Man Pages Project". Please see +\fIhttp://www.netmeister.org/misc/m2p2/index.html\fR for details. + +The complete chrony documentation is supplied in texinfo format. + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/client.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/client.c --- atmark-dist-20150618/user/chrony/chrony-1.30/client.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/client.c 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,2828 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2009-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Command line client for configuring the daemon and obtaining status + from it whilst running. + */ + +#include "config.h" + +#include "sysincl.h" + +#include "candm.h" +#include "nameserv.h" +#include "hash.h" +#include "getdate.h" +#include "cmdparse.h" +#include "pktlength.h" +#include "memory.h" +#include "util.h" + +#ifdef FEAT_READLINE +#ifdef USE_EDITLINE +#include +#else +#include +#include +#endif +#endif + +/* ================================================== */ + +union sockaddr_in46 { + struct sockaddr_in in4; +#ifdef HAVE_IPV6 + struct sockaddr_in6 in6; +#endif + struct sockaddr u; +}; + +static int sock_fd; +union sockaddr_in46 his_addr; +static socklen_t his_addr_len; + +static int on_terminal = 0; + +static int no_dns = 0; + +static int recv_errqueue = 0; + +/* ================================================== */ +/* Ought to extract some code from util.c to make + a new set of utilities that can be linked into either + the daemon or the client. */ + +static char * +time_to_log_form(time_t t) +{ + struct tm stm; + static char buffer[64]; + static const char *months[] = {"Jan", "Feb", "Mar", "Apr", + "May", "Jun", "Jul", "Aug", + "Sep", "Oct", "Nov", "Dec"}; + + + stm = *gmtime(&t); + snprintf(buffer, sizeof(buffer), + "%2d%s%02d %02d:%02d:%02d", + stm.tm_mday, months[stm.tm_mon], stm.tm_year % 100, + stm.tm_hour, stm.tm_min, stm.tm_sec); + + return buffer; +} + +/* ================================================== */ +/* Read a single line of commands from standard input. Eventually we + might want to use the GNU readline library. */ + +static char * +read_line(void) +{ + static char line[2048]; + static const char *prompt = "chronyc> "; + + if (on_terminal) { +#ifdef FEAT_READLINE + char *cmd; + + /* save line only if not empty */ + cmd = readline(prompt); + if( cmd == NULL ) return( NULL ); + + /* user pressed return */ + if( *cmd != '\0' ) { + strncpy(line, cmd, sizeof(line) - 1); + line[sizeof(line) - 1] = '\0'; + add_history(cmd); + /* free the buffer allocated by readline */ + free(cmd); + } else { + /* simulate the user has entered an empty line */ + *line = '\0'; + } + return( line ); +#else + printf("%s", prompt); +#endif + } + if (fgets(line, sizeof(line), stdin)) { + return line; + } else { + return NULL; + } + +} + +/* ================================================== */ +/* Initialise the socket used to talk to the daemon */ + +static void +open_io(const char *hostname, int port) +{ + IPAddr ip; + int on_off = 1; + + /* Note, this call could block for a while */ + if (DNS_Name2IPAddress(hostname, &ip) != DNS_Success) { + fprintf(stderr, "Could not get IP address for %s\n", hostname); + exit(1); + } + + memset(&his_addr, 0, sizeof (his_addr)); + + switch (ip.family) { + case IPADDR_INET4: + sock_fd = socket(AF_INET, SOCK_DGRAM, 0); + + his_addr.in4.sin_family = AF_INET; + his_addr.in4.sin_addr.s_addr = htonl(ip.addr.in4); + his_addr.in4.sin_port = htons(port); + his_addr_len = sizeof (his_addr.in4); + break; +#ifdef HAVE_IPV6 + case IPADDR_INET6: + sock_fd = socket(AF_INET6, SOCK_DGRAM, 0); + + his_addr.in6.sin6_family = AF_INET6; + memcpy(his_addr.in6.sin6_addr.s6_addr, ip.addr.in6, + sizeof (his_addr.in6.sin6_addr.s6_addr)); + his_addr.in6.sin6_port = htons(port); + his_addr_len = sizeof (his_addr.in6); + break; +#endif + default: + assert(0); + } + + if (sock_fd < 0) { + perror("Can't create socket"); + exit(1); + } + + /* Enable extended error reporting (e.g. ECONNREFUSED on ICMP unreachable) */ +#ifdef IP_RECVERR + if (ip.family == IPADDR_INET4 && + !setsockopt(sock_fd, IPPROTO_IP, IP_RECVERR, &on_off, sizeof(on_off))) { + recv_errqueue = 1; + } +#endif +#ifdef HAVE_IPV6 +#ifdef IPV6_RECVERR + if (ip.family == IPADDR_INET6 && + !setsockopt(sock_fd, IPPROTO_IPV6, IPV6_RECVERR, &on_off, sizeof(on_off))) { + recv_errqueue = 1; + } +#endif +#endif +} + +/* ================================================== */ + +static void +close_io(void) +{ + + close(sock_fd); + +} + +/* ================================================== */ + +static void +bits_to_mask(int bits, int family, IPAddr *mask) +{ + int i; + + mask->family = family; + switch (family) { + case IPADDR_INET4: + if (bits < 0) + bits = 32; + if (bits > 0) { + mask->addr.in4 = -1; + mask->addr.in4 <<= 32 - bits; + } else { + mask->addr.in4 = 0; + } + break; + case IPADDR_INET6: + if (bits > 128 || bits < 0) + bits = 128; + for (i = 0; i < bits / 8; i++) + mask->addr.in6[i] = 0xff; + if (i < 16) + mask->addr.in6[i++] = (0xff << (8 - bits % 8)) & 0xff; + for (; i < 16; i++) + mask->addr.in6[i] = 0x0; + break; + default: + assert(0); + } +} + +/* ================================================== */ + +static int +read_mask_address(char *line, IPAddr *mask, IPAddr *address) +{ + unsigned int bits; + char *p, *q; + + p = line; + if (!*p) { + mask->family = address->family = IPADDR_UNSPEC; + return 1; + } else { + q = strchr(p, '/'); + if (q) { + *q++ = 0; + if (UTI_StringToIP(p, mask)) { + p = q; + if (UTI_StringToIP(p, address)) { + if (address->family == mask->family) + return 1; + } else if (sscanf(p, "%u", &bits) == 1) { + *address = *mask; + bits_to_mask(bits, address->family, mask); + return 1; + } + } + } else { + if (DNS_Name2IPAddress(p, address) == DNS_Success) { + bits_to_mask(-1, address->family, mask); + return 1; + } else { + fprintf(stderr, "Could not get address for hostname\n"); + return 0; + } + } + } + + fprintf(stderr, "Invalid syntax for mask/address\n"); + return 0; +} + +/* ================================================== */ + +static int +process_cmd_offline(CMD_Request *msg, char *line) +{ + IPAddr mask, address; + int ok; + + if (read_mask_address(line, &mask, &address)) { + UTI_IPHostToNetwork(&mask, &msg->data.offline.mask); + UTI_IPHostToNetwork(&address, &msg->data.offline.address); + msg->command = htons(REQ_OFFLINE); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + + +static int +process_cmd_online(CMD_Request *msg, char *line) +{ + IPAddr mask, address; + int ok; + + if (read_mask_address(line, &mask, &address)) { + UTI_IPHostToNetwork(&mask, &msg->data.online.mask); + UTI_IPHostToNetwork(&address, &msg->data.online.address); + msg->command = htons(REQ_ONLINE); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +read_address_integer(char *line, IPAddr *address, int *value) +{ + char *hostname; + int ok = 0; + + hostname = line; + line = CPS_SplitWord(line); + + if (sscanf(line, "%d", value) != 1) { + fprintf(stderr, "Invalid syntax for address value\n"); + ok = 0; + } else { + if (DNS_Name2IPAddress(hostname, address) != DNS_Success) { + fprintf(stderr, "Could not get address for hostname\n"); + ok = 0; + } else { + ok = 1; + } + } + + return ok; + +} + + +/* ================================================== */ + +static int +read_address_double(char *line, IPAddr *address, double *value) +{ + char *hostname; + int ok = 0; + + hostname = line; + line = CPS_SplitWord(line); + + if (sscanf(line, "%lf", value) != 1) { + fprintf(stderr, "Invalid syntax for address value\n"); + ok = 0; + } else { + if (DNS_Name2IPAddress(hostname, address) != DNS_Success) { + fprintf(stderr, "Could not get address for hostname\n"); + ok = 0; + } else { + ok = 1; + } + } + + return ok; + +} + + +/* ================================================== */ + +static int +process_cmd_minpoll(CMD_Request *msg, char *line) +{ + IPAddr address; + int minpoll; + int ok; + + if (read_address_integer(line, &address, &minpoll)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_minpoll.address); + msg->data.modify_minpoll.new_minpoll = htonl(minpoll); + msg->command = htons(REQ_MODIFY_MINPOLL); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxpoll(CMD_Request *msg, char *line) +{ + IPAddr address; + int maxpoll; + int ok; + + if (read_address_integer(line, &address, &maxpoll)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxpoll.address); + msg->data.modify_maxpoll.new_maxpoll = htonl(maxpoll); + msg->command = htons(REQ_MODIFY_MAXPOLL); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxdelay(CMD_Request *msg, char *line) +{ + IPAddr address; + double max_delay; + int ok; + + if (read_address_double(line, &address, &max_delay)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxdelay.address); + msg->data.modify_maxdelay.new_max_delay = UTI_FloatHostToNetwork(max_delay); + msg->command = htons(REQ_MODIFY_MAXDELAY); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxdelaydevratio(CMD_Request *msg, char *line) +{ + IPAddr address; + double max_delay_dev_ratio; + int ok; + + if (read_address_double(line, &address, &max_delay_dev_ratio)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxdelaydevratio.address); + msg->data.modify_maxdelayratio.new_max_delay_ratio = UTI_FloatHostToNetwork(max_delay_dev_ratio); + msg->command = htons(REQ_MODIFY_MAXDELAYDEVRATIO); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxdelayratio(CMD_Request *msg, char *line) +{ + IPAddr address; + double max_delay_ratio; + int ok; + + if (read_address_double(line, &address, &max_delay_ratio)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxdelayratio.address); + msg->data.modify_maxdelayratio.new_max_delay_ratio = UTI_FloatHostToNetwork(max_delay_ratio); + msg->command = htons(REQ_MODIFY_MAXDELAYRATIO); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_minstratum(CMD_Request *msg, char *line) +{ + IPAddr address; + int min_stratum; + int ok; + + if (read_address_integer(line, &address, &min_stratum)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_minstratum.address); + msg->data.modify_minstratum.new_min_stratum = htonl(min_stratum); + msg->command = htons(REQ_MODIFY_MINSTRATUM); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_polltarget(CMD_Request *msg, char *line) +{ + IPAddr address; + int poll_target; + int ok; + + if (read_address_integer(line, &address, &poll_target)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_polltarget.address); + msg->data.modify_polltarget.new_poll_target = htonl(poll_target); + msg->command = htons(REQ_MODIFY_POLLTARGET); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxupdateskew(CMD_Request *msg, char *line) +{ + int ok; + double new_max_update_skew; + + if (sscanf(line, "%lf", &new_max_update_skew) == 1) { + msg->data.modify_maxupdateskew.new_max_update_skew = UTI_FloatHostToNetwork(new_max_update_skew); + msg->command = htons(REQ_MODIFY_MAXUPDATESKEW); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static void +process_cmd_dump(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_DUMP); + msg->data.dump.pad = htonl(0); +} + +/* ================================================== */ + +static void +process_cmd_writertc(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_WRITERTC); +} + +/* ================================================== */ + +static void +process_cmd_trimrtc(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_TRIMRTC); +} + +/* ================================================== */ + +static void +process_cmd_cyclelogs(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_CYCLELOGS); +} + +/* ================================================== */ + +static int +process_cmd_burst(CMD_Request *msg, char *line) +{ + int n_good_samples, n_total_samples; + char *s1, *s2; + IPAddr address, mask; + + s1 = line; + s2 = CPS_SplitWord(s1); + CPS_SplitWord(s2); + + if (sscanf(s1, "%d/%d", &n_good_samples, &n_total_samples) != 2) { + fprintf(stderr, "Invalid syntax for burst command\n"); + return 0; + } + + mask.family = address.family = IPADDR_UNSPEC; + if (*s2 && !read_mask_address(s2, &mask, &address)) { + return 0; + } + + msg->command = htons(REQ_BURST); + msg->data.burst.n_good_samples = ntohl(n_good_samples); + msg->data.burst.n_total_samples = ntohl(n_total_samples); + + UTI_IPHostToNetwork(&mask, &msg->data.burst.mask); + UTI_IPHostToNetwork(&address, &msg->data.burst.address); + + return 1; +} + +/* ================================================== */ + +static int +process_cmd_local(CMD_Request *msg, const char *line) +{ + const char *p; + int stratum; + + p = line; + + if (!strcmp(p, "off")) { + msg->data.local.on_off = htonl(0); + msg->data.local.stratum = htonl(0); + } else if (sscanf(p, "stratum%d", &stratum) == 1) { + msg->data.local.on_off = htonl(1); + msg->data.local.stratum = htonl(stratum); + } else { + fprintf(stderr, "Invalid syntax for local command\n"); + return 0; + } + + msg->command = htons(REQ_LOCAL); + return 1; +} + +/* ================================================== */ + +static int +process_cmd_manual(CMD_Request *msg, const char *line) +{ + const char *p; + + p = line; + + if (!strcmp(p, "off")) { + msg->data.manual.option = htonl(0); + } else if (!strcmp(p, "on")) { + msg->data.manual.option = htonl(1); + } else if (!strcmp(p, "reset")) { + msg->data.manual.option = htonl(2); + } else { + fprintf(stderr, "Invalid syntax for manual command\n"); + return 0; + } + msg->command = htons(REQ_MANUAL); + + return 1; +} + +/* ================================================== */ + +static int +parse_allow_deny(CMD_Request *msg, char *line) +{ + unsigned long a, b, c, d, n; + IPAddr ip; + char *p; + + p = line; + if (!*p) { + /* blank line - applies to all addresses */ + ip.family = IPADDR_UNSPEC; + UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); + msg->data.allow_deny.subnet_bits = htonl(0); + } else { + char *slashpos; + slashpos = strchr(p, '/'); + if (slashpos) *slashpos = 0; + + n = 0; + if (!UTI_StringToIP(p, &ip) && + (n = sscanf(p, "%lu.%lu.%lu.%lu", &a, &b, &c, &d)) == 0) { + + /* Try to parse as the name of a machine */ + if (DNS_Name2IPAddress(p, &ip) != DNS_Success) { + fprintf(stderr, "Could not read address\n"); + return 0; + } else { + UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); + if (ip.family == IPADDR_INET6) + msg->data.allow_deny.subnet_bits = htonl(128); + else + msg->data.allow_deny.subnet_bits = htonl(32); + } + } else { + + if (n == 0) { + if (ip.family == IPADDR_INET6) + msg->data.allow_deny.subnet_bits = htonl(128); + else + msg->data.allow_deny.subnet_bits = htonl(32); + } else { + ip.family = IPADDR_INET4; + + a &= 0xff; + b &= 0xff; + c &= 0xff; + d &= 0xff; + + switch (n) { + case 1: + ip.addr.in4 = htonl((a<<24)); + msg->data.allow_deny.subnet_bits = htonl(8); + break; + case 2: + ip.addr.in4 = htonl((a<<24) | (b<<16)); + msg->data.allow_deny.subnet_bits = htonl(16); + break; + case 3: + ip.addr.in4 = htonl((a<<24) | (b<<16) | (c<<8)); + msg->data.allow_deny.subnet_bits = htonl(24); + break; + case 4: + ip.addr.in4 = htonl((a<<24) | (b<<16) | (c<<8) | d); + msg->data.allow_deny.subnet_bits = htonl(32); + break; + default: + assert(0); + } + } + + UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); + + if (slashpos) { + int specified_subnet_bits, n; + n = sscanf(slashpos+1, "%d", &specified_subnet_bits); + if (n == 1) { + msg->data.allow_deny.subnet_bits = htonl(specified_subnet_bits); + } else { + fprintf(stderr, "Warning: badly formatted subnet size, using %ld\n", (long) ntohl(msg->data.allow_deny.subnet_bits)); + } + } + } + } + return 1; +} + +/* ================================================== */ + +static int +process_cmd_allow(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_ALLOW); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_allowall(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_ALLOWALL); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_deny(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_DENY); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_denyall(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_DENYALL); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_cmdallow(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_CMDALLOW); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_cmdallowall(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_CMDALLOWALL); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_cmddeny(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_CMDDENY); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +process_cmd_cmddenyall(CMD_Request *msg, char *line) +{ + int status; + msg->command = htons(REQ_CMDDENYALL); + status = parse_allow_deny(msg, line); + return status; +} + +/* ================================================== */ + +static int +accheck_getaddr(char *line, IPAddr *addr) +{ + unsigned long a, b, c, d; + IPAddr ip; + char *p; + p = line; + if (!*p) { + return 0; + } else { + if (sscanf(p, "%lu.%lu.%lu.%lu", &a, &b, &c, &d) == 4) { + addr->family = IPADDR_INET4; + addr->addr.in4 = (a<<24) | (b<<16) | (c<<8) | d; + return 1; + } else { + if (DNS_Name2IPAddress(p, &ip) != DNS_Success) { + return 0; + } else { + *addr = ip; + return 1; + } + } + } +} + +/* ================================================== */ + +static int +process_cmd_accheck(CMD_Request *msg, char *line) +{ + IPAddr ip; + msg->command = htons(REQ_ACCHECK); + if (accheck_getaddr(line, &ip)) { + UTI_IPHostToNetwork(&ip, &msg->data.ac_check.ip); + return 1; + } else { + fprintf(stderr, "Could not read address\n"); + return 0; + } +} + +/* ================================================== */ + +static int +process_cmd_cmdaccheck(CMD_Request *msg, char *line) +{ + IPAddr ip; + msg->command = htons(REQ_CMDACCHECK); + if (accheck_getaddr(line, &ip)) { + UTI_IPHostToNetwork(&ip, &msg->data.ac_check.ip); + return 1; + } else { + fprintf(stderr, "Could not read address\n"); + return 0; + } +} + +/* ================================================== */ + +static void +process_cmd_dfreq(CMD_Request *msg, char *line) +{ + double dfreq; + msg->command = htons(REQ_DFREQ); + if (sscanf(line, "%lf", &dfreq) == 1) { + msg->data.dfreq.dfreq = UTI_FloatHostToNetwork(dfreq); + } else { + msg->data.dfreq.dfreq = UTI_FloatHostToNetwork(0.0); + } +} + +/* ================================================== */ + +static void +cvt_to_sec_usec(double x, long *sec, long *usec) { + long s, us; + s = (long) x; + us = (long)(0.5 + 1.0e6 * (x - (double) s)); + while (us >= 1000000) { + us -= 1000000; + s += 1; + } + while (us < 0) { + us += 1000000; + s -= 1; + } + + *sec = s; + *usec = us; +} + +/* ================================================== */ + +static void +process_cmd_doffset(CMD_Request *msg, char *line) +{ + double doffset; + long sec, usec; + msg->command = htons(REQ_DOFFSET); + if (sscanf(line, "%lf", &doffset) == 1) { + cvt_to_sec_usec(doffset, &sec, &usec); + msg->data.doffset.sec = htonl(sec); + msg->data.doffset.usec = htonl(usec); + } else { + msg->data.doffset.sec = htonl(0); + msg->data.doffset.usec = htonl(0); + } +} + +/* ================================================== */ + +static int +process_cmd_add_server_or_peer(CMD_Request *msg, char *line) +{ + CPS_NTP_Source data; + CPS_Status status; + IPAddr ip_addr; + int result = 0; + + status = CPS_ParseNTPSourceAdd(line, &data); + switch (status) { + case CPS_Success: + if (DNS_Name2IPAddress(data.name, &ip_addr) != DNS_Success) { + Free(data.name); + fprintf(stderr, "Invalid host/IP address\n"); + break; + } + Free(data.name); + + if (data.params.min_stratum != SRC_DEFAULT_MINSTRATUM) { + fprintf(stderr, "Option minstratum not supported\n"); + break; + } + + if (data.params.poll_target != SRC_DEFAULT_POLLTARGET) { + fprintf(stderr, "Option polltarget not supported\n"); + break; + } + + if (data.params.max_delay_dev_ratio != SRC_DEFAULT_MAXDELAYDEVRATIO) { + fprintf(stderr, "Option maxdelaydevratio not supported\n"); + break; + } + + msg->data.ntp_source.port = htonl((unsigned long) data.port); + UTI_IPHostToNetwork(&ip_addr, &msg->data.ntp_source.ip_addr); + msg->data.ntp_source.minpoll = htonl(data.params.minpoll); + msg->data.ntp_source.maxpoll = htonl(data.params.maxpoll); + msg->data.ntp_source.presend_minpoll = htonl(data.params.presend_minpoll); + msg->data.ntp_source.authkey = htonl(data.params.authkey); + msg->data.ntp_source.max_delay = UTI_FloatHostToNetwork(data.params.max_delay); + msg->data.ntp_source.max_delay_ratio = UTI_FloatHostToNetwork(data.params.max_delay_ratio); + msg->data.ntp_source.flags = htonl( + (data.params.online ? REQ_ADDSRC_ONLINE : 0) | + (data.params.auto_offline ? REQ_ADDSRC_AUTOOFFLINE : 0) | + (data.params.iburst ? REQ_ADDSRC_IBURST : 0) | + (data.params.sel_option == SRC_SelectPrefer ? REQ_ADDSRC_PREFER : 0) | + (data.params.sel_option == SRC_SelectNoselect ? REQ_ADDSRC_NOSELECT : 0)); + result = 1; + + break; + case CPS_BadOption: + fprintf(stderr, "Unrecognized subcommand\n"); + break; + case CPS_BadHost: + fprintf(stderr, "Invalid host/IP address\n"); + break; + case CPS_BadPort: + fprintf(stderr, "Unreadable port number\n"); + break; + case CPS_BadMinpoll: + fprintf(stderr, "Unreadable minpoll value\n"); + break; + case CPS_BadMaxpoll: + fprintf(stderr, "Unreadable maxpoll value\n"); + break; + case CPS_BadPresend: + fprintf(stderr, "Unreadable presend value\n"); + break; + case CPS_BadMaxdelaydevratio: + fprintf(stderr, "Unreadable max delay dev ratio value\n"); + break; + case CPS_BadMaxdelayratio: + fprintf(stderr, "Unreadable max delay ratio value\n"); + break; + case CPS_BadMaxdelay: + fprintf(stderr, "Unreadable max delay value\n"); + break; + case CPS_BadKey: + fprintf(stderr, "Unreadable key value\n"); + break; + case CPS_BadMinstratum: + fprintf(stderr, "Unreadable minstratum value\n"); + break; + case CPS_BadPolltarget: + fprintf(stderr, "Unreadable polltarget value\n"); + break; + } + + return result; +} + +/* ================================================== */ + +static int +process_cmd_add_server(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_ADD_SERVER); + return process_cmd_add_server_or_peer(msg, line); +} + +/* ================================================== */ + +static int +process_cmd_add_peer(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_ADD_PEER); + return process_cmd_add_server_or_peer(msg, line); +} + +/* ================================================== */ + +static int +process_cmd_delete(CMD_Request *msg, char *line) +{ + char *hostname; + int ok = 0; + IPAddr address; + + msg->command = htons(REQ_DEL_SOURCE); + hostname = line; + CPS_SplitWord(line); + + if (!*hostname) { + fprintf(stderr, "Invalid syntax for address\n"); + ok = 0; + } else { + if (DNS_Name2IPAddress(hostname, &address) != DNS_Success) { + fprintf(stderr, "Could not get address for hostname\n"); + ok = 0; + } else { + UTI_IPHostToNetwork(&address, &msg->data.del_source.ip_addr); + ok = 1; + } + } + + return ok; + +} + +/* ================================================== */ + +static char *password = NULL; +static int password_length; +static int auth_hash_id; + +/* ================================================== */ + +static int +process_cmd_password(CMD_Request *msg, char *line) +{ + char *p; + struct timeval now; + int i, len; + + /* Blank and free the old password */ + if (password) { + for (i = 0; i < password_length; i++) + password[i] = 0; + free(password); + password = NULL; + } + + p = line; + + if (!*p) { + /* blank line, prompt for password */ + p = getpass("Password: "); + } + + if (!*p) + return 0; + + len = strlen(p); + password_length = UTI_DecodePasswordFromText(p); + + if (password_length > 0) { + password = malloc(password_length); + memcpy(password, p, password_length); + } + + /* Erase the password from the input or getpass buffer */ + for (i = 0; i < len; i++) + p[i] = 0; + + if (password_length <= 0) { + fprintf(stderr, "Could not decode password\n"); + return 0; + } + + if (gettimeofday(&now, NULL) < 0) { + printf("500 - Could not read time of day\n"); + return 0; + } else { + msg->command = htons(REQ_LOGON); /* Just force a round trip so that we get tokens etc */ + UTI_TimevalHostToNetwork(&now, &msg->data.logon.ts); + return 1; + } +} + +/* ================================================== */ + +static int +generate_auth(CMD_Request *msg) +{ + int data_len; + + data_len = PKL_CommandLength(msg); + + assert(auth_hash_id >= 0); + + return UTI_GenerateNTPAuth(auth_hash_id, (unsigned char *)password, password_length, + (unsigned char *)msg, data_len, ((unsigned char *)msg) + data_len, sizeof (msg->auth)); +} + +/* ================================================== */ + +static int +check_reply_auth(CMD_Reply *msg, int len) +{ + int data_len; + + data_len = PKL_ReplyLength(msg); + + assert(auth_hash_id >= 0); + + return UTI_CheckNTPAuth(auth_hash_id, (unsigned char *)password, password_length, + (unsigned char *)msg, data_len, + ((unsigned char *)msg) + data_len, len - data_len); +} + +/* ================================================== */ + +static void +give_help(void) +{ + printf("Commands:\n"); + printf("accheck
: Check whether NTP access is allowed to
\n"); + printf("activity : Check how many NTP sources are online/offline\n"); + printf("add peer
... : Add a new NTP peer\n"); + printf("add server
... : Add a new NTP server\n"); + printf("allow [] : Allow NTP access to that subnet as a default\n"); + printf("allow all [] : Allow NTP access to that subnet and all children\n"); + printf("burst / [/] : Start a rapid set of measurements\n"); + printf("clients : Report on clients that have accessed the server\n"); + printf("cmdaccheck
: Check whether command access is allowed to
\n"); + printf("cmdallow [] : Allow command access to that subnet as a default\n"); + printf("cmdallow all [] : Allow command access to that subnet and all children\n"); + printf("cmddeny [] : Deny command access to that subnet as a default\n"); + printf("cmddeny all [] : Deny command access to that subnet and all children\n"); + printf("cyclelogs : Close and re-open logs files\n"); + printf("delete
: Remove an NTP server or peer\n"); + printf("deny [] : Deny NTP access to that subnet as a default\n"); + printf("deny all [] : Deny NTP access to that subnet and all children\n"); + printf("dump : Dump all measurements to save files\n"); + printf("local off : Disable server capability for unsynchronised clock\n"); + printf("local stratum : Enable server capability for unsynchronised clock\n"); + printf("makestep : Jump the time to remove any correction being slewed\n"); + printf("manual off|on|reset : Disable/enable/reset settime command and statistics\n"); + printf("manual list : Show previous settime entries\n"); + printf("maxdelay
: Modify maximum round-trip valid sample delay for source\n"); + printf("maxdelayratio
: Modify max round-trip delay ratio for source\n"); + printf("maxdelaydevratio
: Modify max round-trip delay dev ratio for source\n"); + printf("maxpoll
: Modify maximum polling interval of source\n"); + printf("maxupdateskew : Modify maximum skew for a clock frequency update to be made\n"); + printf("minpoll
: Modify minimum polling interval of source\n"); + printf("minstratum
: Modify minimum stratum of source\n"); + printf("offline [/] : Set sources in subnet to offline status\n"); + printf("online [/] : Set sources in subnet to online status\n"); + printf("password [] : Set command authentication password\n"); + printf("polltarget
: Modify poll target of source\n"); + printf("reselect : Reselect synchronisation source\n"); + printf("rtcdata : Print current RTC performance parameters\n"); + printf("settime : Manually set the daemon time\n"); + printf("sources [-v] : Display information about current sources\n"); + printf("sourcestats [-v] : Display estimation information about current sources\n"); + printf("tracking : Display system time information\n"); + printf("trimrtc : Correct RTC relative to system clock\n"); + printf("waitsync [max-tries [max-correction [max-skew]]] : Wait until synchronised\n"); + printf("writertc : Save RTC parameters to file\n"); + printf("\n"); + printf("authhash : Set command authentication hash function\n"); + printf("dns -n|+n : Disable/enable resolving IP addresses to hostnames\n"); + printf("dns -4|-6|-46 : Resolve hostnames only to IPv4/IPv6/both addresses\n"); + printf("timeout : Set initial response timeout\n"); + printf("retries : Set maximum number of retries\n"); + printf("exit|quit : Leave the program\n"); + printf("help : Generate this help\n"); + printf("\n"); +} + +/* ================================================== */ + +static unsigned long sequence = 0; +static unsigned long utoken = 0; +static unsigned long token = 0; + +static int max_retries = 2; +static int initial_timeout = 1000; +static int proto_version = PROTO_VERSION_NUMBER; + +/* This is the core protocol module. Complete particular fields in + the outgoing packet, send it, wait for a response, handle retries, + etc. Returns a Boolean indicating whether the protocol was + successful or not.*/ + +static int +submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok) +{ + unsigned long tx_sequence; + socklen_t where_from_len; + union sockaddr_in46 where_from; + int bad_length, bad_sender, bad_sequence, bad_header; + int select_status; + int recvfrom_status; + int read_length; + int expected_length; + int command_length; + int padding_length; + int auth_length; + struct timeval tv; + int timeout; + int n_attempts; + fd_set rdfd, wrfd, exfd; + + request->pkt_type = PKT_TYPE_CMD_REQUEST; + request->res1 = 0; + request->res2 = 0; + tx_sequence = sequence++; + request->sequence = htonl(tx_sequence); + request->attempt = 0; + request->utoken = htonl(utoken); + request->token = htonl(token); + + timeout = initial_timeout; + + n_attempts = 0; + + do { + request->version = proto_version; + command_length = PKL_CommandLength(request); + padding_length = PKL_CommandPaddingLength(request); + assert(command_length > 0 && command_length > padding_length); + + /* Zero the padding to avoid sending uninitialized data. This needs to be + done before generating auth data as it includes the padding. */ + memset(((char *)request) + command_length - padding_length, 0, padding_length); + + /* Decide whether to authenticate */ + if (password) { + if (!utoken || (request->command == htons(REQ_LOGON))) { + /* Otherwise, the daemon won't bother authenticating our + packet and we won't get a token back */ + request->utoken = htonl(SPECIAL_UTOKEN); + } + auth_length = generate_auth(request); + } else { + auth_length = 0; + } + + /* add empty MD5 auth so older servers will not drop the request + due to bad length */ + if (!auth_length) { + memset(((char *)request) + command_length, 0, 16); + auth_length = 16; + } + +#if 0 + printf("Sent command length=%d bytes auth length=%d bytes\n", command_length, auth_length); +#endif + + if (sendto(sock_fd, (void *) request, command_length + auth_length, 0, + &his_addr.u, his_addr_len) < 0) { + + +#if 0 + perror("Could not send packet"); +#endif + return 0; + } + + /* Increment this for next time */ + ++ request->attempt; + + tv.tv_sec = timeout / 1000; + tv.tv_usec = timeout % 1000 * 1000; + timeout *= 2; + + FD_ZERO(&rdfd); + FD_ZERO(&wrfd); + FD_ZERO(&exfd); + + FD_SET(sock_fd, &rdfd); + + select_status = select(sock_fd + 1, &rdfd, &wrfd, &exfd, &tv); + + if (select_status < 0) { +#if 0 + perror("Select returned negative status"); +#endif + } else if (select_status == 0) { + /* Timeout must have elapsed, try a resend? */ + n_attempts ++; + if (n_attempts > max_retries) { + return 0; + } + + /* Back to top of loop to do resend */ + continue; + + } else { + + where_from_len = sizeof(where_from); + recvfrom_status = recvfrom(sock_fd, (void *) reply, sizeof(CMD_Reply), 0, + &where_from.u, &where_from_len); + + +#if 0 + printf("Received packet, status=%d\n", recvfrom_status); +#endif + + if (recvfrom_status < 0) { + /* If we get connrefused here, it suggests the sendto is + going to a dead port - but only if the daemon machine is + running Linux (Solaris doesn't return anything) */ + +#ifdef IP_RECVERR + /* Fetch the message from the error queue */ + if (recv_errqueue && + recvfrom(sock_fd, (void *)reply, sizeof(CMD_Reply), MSG_ERRQUEUE, + &where_from.u, &where_from_len) < 0) + ; +#endif + + n_attempts++; + if (n_attempts > max_retries) { + return 0; + } + } else { + + read_length = recvfrom_status; + if (read_length >= offsetof(CMD_Reply, data)) { + expected_length = PKL_ReplyLength(reply); + } else { + expected_length = 0; + } + + bad_length = (read_length < expected_length || + expected_length < offsetof(CMD_Reply, data)); + bad_sender = (where_from.u.sa_family != his_addr.u.sa_family || + (where_from.u.sa_family == AF_INET && + (where_from.in4.sin_addr.s_addr != his_addr.in4.sin_addr.s_addr || + where_from.in4.sin_port != his_addr.in4.sin_port)) || +#ifdef HAVE_IPV6 + (where_from.u.sa_family == AF_INET6 && + (memcmp(where_from.in6.sin6_addr.s6_addr, his_addr.in6.sin6_addr.s6_addr, + sizeof (where_from.in6.sin6_addr.s6_addr)) != 0 || + where_from.in6.sin6_port != his_addr.in6.sin6_port)) || +#endif + 0); + + if (!bad_length) { + bad_sequence = (ntohl(reply->sequence) != tx_sequence); + } else { + bad_sequence = 0; + } + + if (bad_length || bad_sender || bad_sequence) { + n_attempts++; + if (n_attempts > max_retries) { + return 0; + } + continue; + } + + bad_header = ((reply->version != proto_version && + !(reply->version >= PROTO_VERSION_MISMATCH_COMPAT_CLIENT && + ntohs(reply->status) == STT_BADPKTVERSION)) || + (reply->pkt_type != PKT_TYPE_CMD_REPLY) || + (reply->res1 != 0) || + (reply->res2 != 0) || + (reply->command != request->command)); + + if (bad_header) { + n_attempts++; + if (n_attempts > max_retries) { + return 0; + } + continue; + } + +#if PROTO_VERSION_NUMBER == 6 + /* Protocol version 5 is similar to 6 except there is no padding. + If a version 5 reply with STT_BADPKTVERSION is received, + switch our version and try again. */ + if (proto_version == PROTO_VERSION_NUMBER && + reply->version == PROTO_VERSION_NUMBER - 1) { + proto_version = PROTO_VERSION_NUMBER - 1; + continue; + } +#else +#error unknown compatibility with PROTO_VERSION - 1 +#endif + + /* Good packet received, print out results */ +#if 0 + printf("Reply cmd=%d reply=%d stat=%d seq=%d utok=%08lx tok=%d\n", + ntohs(reply->command), ntohs(reply->reply), + ntohs(reply->status), + ntohl(reply->sequence), + ntohl(reply->utoken), + ntohl(reply->token)); +#endif + + if (password) { + *reply_auth_ok = check_reply_auth(reply, read_length); + } else { + /* Assume in this case that the reply is always considered + to be authentic */ + *reply_auth_ok = 1; + } + + utoken = ntohl(reply->utoken); + + if (*reply_auth_ok) { + /* If we're in authenticated mode, only acquire the utoken + and new token values if the reply authenticated properly. + This protects against forged packets with bogus tokens + in. We won't accept a repeat of an old message with a + stale token in it, due to bad_sequence processing + earlier. */ + utoken = ntohl(reply->utoken); + token = ntohl(reply->token); + } + + break; + + } + } + } while (1); + + return 1; +} + +/* ================================================== */ + +static int +request_reply(CMD_Request *request, CMD_Reply *reply, int requested_reply, int verbose) +{ + int reply_auth_ok; + int status; + + if (!submit_request(request, reply, &reply_auth_ok)) { + printf("506 Cannot talk to daemon\n"); + return 0; + } + + status = ntohs(reply->status); + + if (verbose || status != STT_SUCCESS) { + switch (status) { + case STT_SUCCESS: + printf("200 OK"); + break; + case STT_ACCESSALLOWED: + printf("208 Access allowed"); + break; + case STT_ACCESSDENIED: + printf("209 Access denied"); + break; + case STT_FAILED: + printf("500 Failure"); + break; + case STT_UNAUTH: + printf("501 Not authorised"); + break; + case STT_INVALID: + printf("502 Invalid command"); + break; + case STT_NOSUCHSOURCE: + printf("503 No such source"); + break; + case STT_INVALIDTS: + printf("504 Duplicate or stale logon detected"); + break; + case STT_NOTENABLED: + printf("505 Facility not enabled in daemon"); + break; + case STT_BADSUBNET: + printf("507 Bad subnet"); + break; + case STT_NOHOSTACCESS: + printf("510 No command access from this host"); + break; + case STT_SOURCEALREADYKNOWN: + printf("511 Source already present"); + break; + case STT_TOOMANYSOURCES: + printf("512 Too many sources present"); + break; + case STT_NORTC: + printf("513 RTC driver not running"); + break; + case STT_BADRTCFILE: + printf("514 Can't write RTC parameters"); + break; + case STT_INVALIDAF: + printf("515 Invalid address family"); + break; + case STT_BADSAMPLE: + printf("516 Sample index out of range"); + break; + case STT_BADPKTVERSION: + printf("517 Protocol version mismatch"); + break; + case STT_BADPKTLENGTH: + printf("518 Packet length mismatch"); + break; + case STT_INACTIVE: + printf("519 Client logging is not active in the daemon"); + break; + default: + printf("520 Got unexpected error from daemon"); + } + if (reply_auth_ok) { + printf("\n"); + } else { + printf(" --- Reply not authenticated\n"); + } + } + + if (status != STT_SUCCESS && + status != STT_ACCESSALLOWED && status != STT_ACCESSDENIED) { + return 0; + } + + if (ntohs(reply->reply) != requested_reply) { + printf("508 Bad reply from daemon\n"); + return 0; + } + + return 1; +} + +/* ================================================== */ + +static void +print_seconds(unsigned long s) +{ + unsigned long d; + if (s <= 1024) { + printf("%4ld", s); + } else if (s < 36000) { + printf("%3ldm", s / 60); + } else if (s < 345600) { + printf("%3ldh", s / 3600); + } else { + d = s / 86400; + if (d > 999) { + printf("%3ldy", d / 365); + } else { + printf("%3ldd", d); + } + } +} + +/* ================================================== */ + +static void +print_nanoseconds(double s) +{ + s = fabs(s); + + if (s < 9999.5e-9) { + printf("%4.0fns", s * 1e9); + } else if (s < 9999.5e-6) { + printf("%4.0fus", s * 1e6); + } else if (s < 9999.5e-3) { + printf("%4.0fms", s * 1e3); + } else if (s < 999.5) { + printf("%5.1fs", s); + } else if (s < 99999.5) { + printf("%5.0fs", s); + } else if (s < 99999.5 * 60) { + printf("%5.0fm", s / 60); + } else if (s < 99999.5 * 3600) { + printf("%5.0fh", s / 3600); + } else if (s < 99999.5 * 3600 * 24) { + printf("%5.0fd", s / (3600 * 24)); + } else { + printf("%5.0fy", s / (3600 * 24 * 365)); + } +} + +/* ================================================== */ + +static void +print_signed_nanoseconds(double s) +{ + double x; + + x = fabs(s); + + if (x < 9999.5e-9) { + printf("%+5.0fns", s * 1e9); + } else if (x < 9999.5e-6) { + printf("%+5.0fus", s * 1e6); + } else if (x < 9999.5e-3) { + printf("%+5.0fms", s * 1e3); + } else if (x < 999.5) { + printf("%+6.1fs", s); + } else if (x < 99999.5) { + printf("%+6.0fs", s); + } else if (x < 99999.5 * 60) { + printf("%+6.0fm", s / 60); + } else if (x < 99999.5 * 3600) { + printf("%+6.0fh", s / 3600); + } else if (x < 99999.5 * 3600 * 24) { + printf("%+6.0fd", s / (3600 * 24)); + } else { + printf("%+6.0fy", s / (3600 * 24 * 365)); + } +} + +/* ================================================== */ + +static void +print_freq_ppm(double f) +{ + if (fabs(f) < 99999.5) { + printf("%10.3f", f); + } else { + printf("%10.0f", f); + } +} + +/* ================================================== */ + +static void +print_signed_freq_ppm(double f) +{ + if (fabs(f) < 99999.5) { + printf("%+10.3f", f); + } else { + printf("%+10.0f", f); + } +} + +/* ================================================== */ + +static int +check_for_verbose_flag(char *line) +{ + char *p = line; + if (!strcmp(p, "-v")) { + return 1; + } else { + return 0; + } +} + +/* ================================================== */ + +static int +process_cmd_sources(char *line) +{ + CMD_Request request; + CMD_Reply reply; + int n_sources, i; + int verbose = 0; + + double orig_latest_meas, latest_meas, latest_meas_err; + IPAddr ip_addr; + uint32_t latest_meas_ago; + int16_t poll; + uint16_t stratum, state, mode, flags, reachability; + char hostname_buf[50]; + + /* Check whether to output verbose headers */ + verbose = check_for_verbose_flag(line); + + request.command = htons(REQ_N_SOURCES); + if (request_reply(&request, &reply, RPY_N_SOURCES, 0)) { + n_sources = ntohl(reply.data.n_sources.n_sources); + printf("210 Number of sources = %d\n", n_sources); + if (verbose) { + printf("\n"); + printf(" .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n"); + printf(" / .- Source state '*' = current synced, '+' = combined , '-' = not combined,\n"); + printf("| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.\n"); + printf("|| .- xxxx [ yyyy ] +/- zzzz\n"); + printf("|| / xxxx = adjusted offset,\n"); + printf("|| Log2(Polling interval) -. | yyyy = measured offset,\n"); + printf("|| \\ | zzzz = estimated error.\n"); + printf("|| | | \n"); + } + + printf("MS Name/IP address Stratum Poll Reach LastRx Last sample\n"); + printf("===============================================================================\n"); + + /* "MS NNNNNNNNNNNNNNNNNNNNNNNNNNN SS PP RRR RRRR SSSSSSS[SSSSSSS] +/- SSSSSS" */ + + for (i=0; i> 24); + b = (ref_id >> 16) & 0xff; + c = (ref_id >> 8) & 0xff; + d = (ref_id) & 0xff; + + UTI_IPNetworkToHost(&reply.data.tracking.ip_addr, &ip_addr); + if (ip_addr.family == IPADDR_UNSPEC) { + ref_ip = UTI_RefidToString(ref_id); + } else if (no_dns) { + ref_ip = UTI_IPToString(&ip_addr); + } else { + DNS_IPAddress2Name(&ip_addr, host, sizeof (host)); + ref_ip = host; + } + + switch (ntohs(reply.data.tracking.leap_status)) { + case LEAP_Normal: + leap_status = "Normal"; + break; + case LEAP_InsertSecond: + leap_status = "Insert second"; + break; + case LEAP_DeleteSecond: + leap_status = "Delete second"; + break; + case LEAP_Unsynchronised: + leap_status = "Not synchronised"; + break; + default: + leap_status = "Unknown"; + break; + } + + printf("Reference ID : %lu.%lu.%lu.%lu (%s)\n", a, b, c, d, ref_ip); + printf("Stratum : %lu\n", (unsigned long) ntohs(reply.data.tracking.stratum)); + UTI_TimevalNetworkToHost(&reply.data.tracking.ref_time, &ref_time); + ref_time_tm = *gmtime((time_t *)&ref_time.tv_sec); + printf("Ref time (UTC) : %s", asctime(&ref_time_tm)); + correction = UTI_FloatNetworkToHost(reply.data.tracking.current_correction); + last_offset = UTI_FloatNetworkToHost(reply.data.tracking.last_offset); + rms_offset = UTI_FloatNetworkToHost(reply.data.tracking.rms_offset); + printf("System time : %.9f seconds %s of NTP time\n", fabs(correction), + (correction > 0.0) ? "slow" : "fast"); + printf("Last offset : %+.9f seconds\n", last_offset); + printf("RMS offset : %.9f seconds\n", rms_offset); + freq_ppm = UTI_FloatNetworkToHost(reply.data.tracking.freq_ppm); + resid_freq_ppm = UTI_FloatNetworkToHost(reply.data.tracking.resid_freq_ppm); + skew_ppm = UTI_FloatNetworkToHost(reply.data.tracking.skew_ppm); + root_delay = UTI_FloatNetworkToHost(reply.data.tracking.root_delay); + root_dispersion = UTI_FloatNetworkToHost(reply.data.tracking.root_dispersion); + last_update_interval = UTI_FloatNetworkToHost(reply.data.tracking.last_update_interval); + printf("Frequency : %.3f ppm %s\n", fabs(freq_ppm), (freq_ppm < 0.0) ? "slow" : "fast"); + printf("Residual freq : %+.3f ppm\n", resid_freq_ppm); + printf("Skew : %.3f ppm\n", skew_ppm); + printf("Root delay : %.6f seconds\n", root_delay); + printf("Root dispersion : %.6f seconds\n", root_dispersion); + printf("Update interval : %.1f seconds\n", last_update_interval); + printf("Leap status : %s\n", leap_status); + return 1; + } + return 0; +} +/* ================================================== */ + +static int +process_cmd_rtcreport(char *line) +{ + CMD_Request request; + CMD_Reply reply; + struct timeval ref_time; + struct tm ref_time_tm; + unsigned short n_samples; + unsigned short n_runs; + unsigned long span_seconds; + double coef_seconds_fast; + double coef_gain_rate_ppm; + + request.command = htons(REQ_RTCREPORT); + if (request_reply(&request, &reply, RPY_RTC, 0)) { + UTI_TimevalNetworkToHost(&reply.data.rtc.ref_time, &ref_time); + ref_time_tm = *gmtime(&ref_time.tv_sec); + n_samples = ntohs(reply.data.rtc.n_samples); + n_runs = ntohs(reply.data.rtc.n_runs); + span_seconds = ntohl(reply.data.rtc.span_seconds); + coef_seconds_fast = UTI_FloatNetworkToHost(reply.data.rtc.rtc_seconds_fast); + coef_gain_rate_ppm = UTI_FloatNetworkToHost(reply.data.rtc.rtc_gain_rate_ppm); + printf("RTC ref time (UTC) : %s", asctime(&ref_time_tm)); + printf("Number of samples : %d\n", n_samples); + printf("Number of runs : %d\n", n_runs); + printf("Sample span period : "); + print_seconds(span_seconds); + printf("\n"); + printf("RTC is fast by : %12.6f seconds\n", coef_seconds_fast); + printf("RTC gains time at : %9.3f ppm\n", coef_gain_rate_ppm); + return 1; + } + return 0; +} + +/* ================================================== */ + +static int +process_cmd_clients(char *line) +{ + CMD_Request request; + CMD_Reply reply; + unsigned long next_index; + int j; + IPAddr ip; + unsigned long client_hits; + unsigned long peer_hits; + unsigned long cmd_hits_auth; + unsigned long cmd_hits_normal; + unsigned long cmd_hits_bad; + unsigned long last_ntp_hit_ago; + unsigned long last_cmd_hit_ago; + char hostname_buf[50]; + + int n_replies; + int n_indices_in_table; + + next_index = 0; + + printf("Hostname Client Peer CmdAuth CmdNorm CmdBad LstN LstC\n" + "========================= ====== ====== ====== ====== ====== ==== ====\n"); + + do { + + request.command = htons(REQ_CLIENT_ACCESSES_BY_INDEX); + request.data.client_accesses_by_index.first_index = htonl(next_index); + request.data.client_accesses_by_index.n_indices = htonl(MAX_CLIENT_ACCESSES); + + if (request_reply(&request, &reply, RPY_CLIENT_ACCESSES_BY_INDEX, 0)) { + n_replies = ntohl(reply.data.client_accesses_by_index.n_clients); + n_indices_in_table = ntohl(reply.data.client_accesses_by_index.n_indices); + if (n_replies == 0) { + goto finished; + } + for (j=0; j= n_indices_in_table) { + goto finished; + } + } else { + return 0; + } + } while (1); /* keep going until all subnets have been expanded, + down to single nodes */ + +finished: + return 1; +} + + +/* ================================================== */ +/* Process the manual list command */ +static int +process_cmd_manual_list(const char *line) +{ + CMD_Request request; + CMD_Reply reply; + int n_samples; + RPY_ManualListSample *sample; + int i; + struct timeval when; + double slewed_offset, orig_offset, residual; + + request.command = htons(REQ_MANUAL_LIST); + if (request_reply(&request, &reply, RPY_MANUAL_LIST, 0)) { + n_samples = ntohl(reply.data.manual_list.n_samples); + printf("210 n_samples = %d\n", n_samples); + printf("# Date Time(UTC) Slewed Original Residual\n" + "====================================================\n"); + for (i=0; iwhen, &when); + slewed_offset = UTI_FloatNetworkToHost(sample->slewed_offset); + orig_offset = UTI_FloatNetworkToHost(sample->orig_offset); + residual = UTI_FloatNetworkToHost(sample->residual); + printf("%2d %s %10.2f %10.2f %10.2f\n", i, time_to_log_form(when.tv_sec), slewed_offset, orig_offset, residual); + } + return 1; + } + return 0; +} + +/* ================================================== */ + +static int +process_cmd_manual_delete(CMD_Request *msg, const char *line) +{ + int index; + + if (sscanf(line, "%d", &index) != 1) { + fprintf(stderr, "Bad syntax for manual delete command\n"); + return 0; + + } + + msg->command = htons(REQ_MANUAL_DELETE); + msg->data.manual_delete.index = htonl(index); + return 1; +} + +/* ================================================== */ + +static int +process_cmd_settime(char *line) +{ + struct timeval ts; + time_t now, new_time; + CMD_Request request; + CMD_Reply reply; + long offset_cs; + double dfreq_ppm, new_afreq_ppm; + double offset; + + now = time(NULL); + new_time = get_date(line, &now); + + if (new_time == -1) { + printf("510 - Could not parse date string\n"); + } else { + ts.tv_sec = new_time; + ts.tv_usec = 0; + UTI_TimevalHostToNetwork(&ts, &request.data.settime.ts); + request.command = htons(REQ_SETTIME); + if (request_reply(&request, &reply, RPY_MANUAL_TIMESTAMP, 1)) { + offset_cs = ntohl(reply.data.manual_timestamp.centiseconds); + offset = 0.01 * (double)(int32_t)offset_cs; + dfreq_ppm = UTI_FloatNetworkToHost(reply.data.manual_timestamp.dfreq_ppm); + new_afreq_ppm = UTI_FloatNetworkToHost(reply.data.manual_timestamp.new_afreq_ppm); + printf("Clock was %.2f seconds fast. Frequency change = %.2fppm, new frequency = %.2fppm\n", + offset, dfreq_ppm, new_afreq_ppm); + return 1; + } + } + return 0; +} + +/* ================================================== */ + +static void +process_cmd_rekey(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_REKEY); +} + +/* ================================================== */ + +static void +process_cmd_makestep(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_MAKESTEP); +} + +/* ================================================== */ + +static int +process_cmd_activity(const char *line) +{ + CMD_Request request; + CMD_Reply reply; + request.command = htons(REQ_ACTIVITY); + if (request_reply(&request, &reply, RPY_ACTIVITY, 1)) { + printf( + "%ld sources online\n" + "%ld sources offline\n" + "%ld sources doing burst (return to online)\n" + "%ld sources doing burst (return to offline)\n" + "%ld sources with unknown address\n", + (long) ntohl(reply.data.activity.online), + (long) ntohl(reply.data.activity.offline), + (long) ntohl(reply.data.activity.burst_online), + (long) ntohl(reply.data.activity.burst_offline), + (long) ntohl(reply.data.activity.unresolved)); + return 1; + } + return 0; +} + +/* ================================================== */ + +static int +process_cmd_reselectdist(CMD_Request *msg, char *line) +{ + double dist; + int ok; + msg->command = htons(REQ_RESELECTDISTANCE); + if (sscanf(line, "%lf", &dist) == 1) { + msg->data.reselect_distance.distance = UTI_FloatHostToNetwork(dist); + ok = 1; + } else { + ok = 0; + } + return ok; +} + +/* ================================================== */ + +static void +process_cmd_reselect(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_RESELECT); +} + +/* ================================================== */ + +static int +process_cmd_waitsync(char *line) +{ + CMD_Request request; + CMD_Reply reply; + uint32_t ref_id, a, b, c, d; + double correction, skew_ppm, max_correction, max_skew_ppm; + int ret = 0, max_tries, i; + + max_tries = 0; + max_correction = 0.0; + max_skew_ppm = 0.0; + + sscanf(line, "%d %lf %lf", &max_tries, &max_correction, &max_skew_ppm); + + request.command = htons(REQ_TRACKING); + + for (i = 1; ; i++) { + if (request_reply(&request, &reply, RPY_TRACKING, 0)) { + ref_id = ntohl(reply.data.tracking.ref_id); + a = (ref_id >> 24); + b = (ref_id >> 16) & 0xff; + c = (ref_id >> 8) & 0xff; + d = (ref_id) & 0xff; + + correction = UTI_FloatNetworkToHost(reply.data.tracking.current_correction); + correction = fabs(correction); + skew_ppm = UTI_FloatNetworkToHost(reply.data.tracking.skew_ppm); + + printf("try: %d, refid: %d.%d.%d.%d, correction: %.9f, skew: %.3f\n", + i, a, b, c, d, correction, skew_ppm); + + if (ref_id != 0 && ref_id != 0x7f7f0101L /* LOCAL refid */ && + (max_correction == 0.0 || correction <= max_correction) && + (max_skew_ppm == 0.0 || skew_ppm <= max_skew_ppm)) { + ret = 1; + } + } + + if (!ret && (!max_tries || i < max_tries)) { + sleep(10); + } else { + break; + } + } + return ret; +} + +/* ================================================== */ + +static int +process_cmd_dns(const char *line) +{ + if (!strcmp(line, "-46")) { + DNS_SetAddressFamily(IPADDR_UNSPEC); + } else if (!strcmp(line, "-4")) { + DNS_SetAddressFamily(IPADDR_INET4); + } else if (!strcmp(line, "-6")) { + DNS_SetAddressFamily(IPADDR_INET6); + } else if (!strcmp(line, "-n")) { + no_dns = 1; + } else if (!strcmp(line, "+n")) { + no_dns = 0; + } else { + fprintf(stderr, "Unrecognized dns command\n"); + return 0; + } + return 1; +} + +/* ================================================== */ + +static int +process_cmd_authhash(const char *line) +{ + const char *hash_name; + int new_hash_id; + + assert(auth_hash_id >= 0); + hash_name = line; + + if (!*hash_name) { + fprintf(stderr, "Could not parse hash name\n"); + return 0; + } + + new_hash_id = HSH_GetHashId(hash_name); + if (new_hash_id < 0) { + fprintf(stderr, "Unknown hash name: %s\n", hash_name); + return 0; + } + + auth_hash_id = new_hash_id; + + return 1; +} + +/* ================================================== */ + +static int +process_cmd_timeout(const char *line) +{ + int timeout; + + timeout = atoi(line); + if (timeout < 100) { + fprintf(stderr, "Timeout %d is too short\n", timeout); + return 0; + } + initial_timeout = timeout; + return 1; +} + +/* ================================================== */ + +static int +process_cmd_retries(const char *line) +{ + int retries; + + retries = atoi(line); + if (retries < 0) { + fprintf(stderr, "Invalid maximum number of retries\n"); + return 0; + } + max_retries = retries; + return 1; +} + +/* ================================================== */ + +static int +process_line(char *line, int *quit) +{ + char *command; + int do_normal_submit; + int ret; + CMD_Request tx_message; + CMD_Reply rx_message; + + *quit = 0; + ret = 0; + + do_normal_submit = 1; + + CPS_NormalizeLine(line); + + if (!*line) { + fflush(stderr); + fflush(stdout); + return 1; + }; + + command = line; + line = CPS_SplitWord(line); + + if (!strcmp(command, "accheck")) { + do_normal_submit = process_cmd_accheck(&tx_message, line); + } else if (!strcmp(command, "activity")) { + do_normal_submit = 0; + ret = process_cmd_activity(line); + } else if (!strcmp(command, "add") && !strncmp(line, "peer", 4)) { + do_normal_submit = process_cmd_add_peer(&tx_message, CPS_SplitWord(line)); + } else if (!strcmp(command, "add") && !strncmp(line, "server", 6)) { + do_normal_submit = process_cmd_add_server(&tx_message, CPS_SplitWord(line)); + } else if (!strcmp(command, "allow")) { + if (!strncmp(line, "all", 3)) { + do_normal_submit = process_cmd_allowall(&tx_message, CPS_SplitWord(line)); + } else { + do_normal_submit = process_cmd_allow(&tx_message, line); + } + } else if (!strcmp(command, "authhash")) { + ret = process_cmd_authhash(line); + do_normal_submit = 0; + } else if (!strcmp(command, "burst")) { + do_normal_submit = process_cmd_burst(&tx_message, line); + } else if (!strcmp(command, "clients")) { + ret = process_cmd_clients(line); + do_normal_submit = 0; + } else if (!strcmp(command, "cmdaccheck")) { + do_normal_submit = process_cmd_cmdaccheck(&tx_message, line); + } else if (!strcmp(command, "cmdallow")) { + if (!strncmp(line, "all", 3)) { + do_normal_submit = process_cmd_cmdallowall(&tx_message, CPS_SplitWord(line)); + } else { + do_normal_submit = process_cmd_cmdallow(&tx_message, line); + } + } else if (!strcmp(command, "cmddeny")) { + if (!strncmp(line, "all", 3)) { + line = CPS_SplitWord(line); + do_normal_submit = process_cmd_cmddenyall(&tx_message, line); + } else { + do_normal_submit = process_cmd_cmddeny(&tx_message, line); + } + } else if (!strcmp(command, "cyclelogs")) { + process_cmd_cyclelogs(&tx_message, line); + } else if (!strcmp(command, "delete")) { + do_normal_submit = process_cmd_delete(&tx_message, line); + } else if (!strcmp(command, "deny")) { + if (!strncmp(line, "all", 3)) { + do_normal_submit = process_cmd_denyall(&tx_message, CPS_SplitWord(line)); + } else { + do_normal_submit = process_cmd_deny(&tx_message, line); + } + } else if (!strcmp(command, "dfreq")) { + process_cmd_dfreq(&tx_message, line); + } else if (!strcmp(command, "dns")) { + ret = process_cmd_dns(line); + do_normal_submit = 0; + } else if (!strcmp(command, "doffset")) { + process_cmd_doffset(&tx_message, line); + } else if (!strcmp(command, "dump")) { + process_cmd_dump(&tx_message, line); + } else if (!strcmp(command, "exit")) { + do_normal_submit = 0; + *quit = 1; + ret = 1; + } else if (!strcmp(command, "help")) { + do_normal_submit = 0; + give_help(); + ret = 1; + } else if (!strcmp(command, "local")) { + do_normal_submit = process_cmd_local(&tx_message, line); + } else if (!strcmp(command, "makestep")) { + process_cmd_makestep(&tx_message, line); + } else if (!strcmp(command, "manual")) { + if (!strncmp(line, "list", 4)) { + do_normal_submit = 0; + ret = process_cmd_manual_list(CPS_SplitWord(line)); + } else if (!strncmp(line, "delete", 6)) { + do_normal_submit = process_cmd_manual_delete(&tx_message, CPS_SplitWord(line)); + } else { + do_normal_submit = process_cmd_manual(&tx_message, line); + } + } else if (!strcmp(command, "maxdelay")) { + do_normal_submit = process_cmd_maxdelay(&tx_message, line); + } else if (!strcmp(command, "maxdelaydevratio")) { + do_normal_submit = process_cmd_maxdelaydevratio(&tx_message, line); + } else if (!strcmp(command, "maxdelayratio")) { + do_normal_submit = process_cmd_maxdelayratio(&tx_message, line); + } else if (!strcmp(command, "maxpoll")) { + do_normal_submit = process_cmd_maxpoll(&tx_message, line); + } else if (!strcmp(command, "maxupdateskew")) { + do_normal_submit = process_cmd_maxupdateskew(&tx_message, line); + } else if (!strcmp(command, "minpoll")) { + do_normal_submit = process_cmd_minpoll(&tx_message, line); + } else if (!strcmp(command, "minstratum")) { + do_normal_submit = process_cmd_minstratum(&tx_message, line); + } else if (!strcmp(command, "offline")) { + do_normal_submit = process_cmd_offline(&tx_message, line); + } else if (!strcmp(command, "online")) { + do_normal_submit = process_cmd_online(&tx_message, line); + } else if (!strcmp(command, "password")) { + do_normal_submit = process_cmd_password(&tx_message, line); + } else if (!strcmp(command, "polltarget")) { + do_normal_submit = process_cmd_polltarget(&tx_message, line); + } else if (!strcmp(command, "quit")) { + do_normal_submit = 0; + *quit = 1; + ret = 1; + } else if (!strcmp(command, "rekey")) { + process_cmd_rekey(&tx_message, line); + } else if (!strcmp(command, "reselect")) { + process_cmd_reselect(&tx_message, line); + } else if (!strcmp(command, "reselectdist")) { + do_normal_submit = process_cmd_reselectdist(&tx_message, line); + } else if (!strcmp(command, "retries")) { + ret = process_cmd_retries(line); + do_normal_submit = 0; + } else if (!strcmp(command, "rtcdata")) { + do_normal_submit = 0; + ret = process_cmd_rtcreport(line); + } else if (!strcmp(command, "settime")) { + do_normal_submit = 0; + ret = process_cmd_settime(line); + } else if (!strcmp(command, "sources")) { + do_normal_submit = 0; + ret = process_cmd_sources(line); + } else if (!strcmp(command, "sourcestats")) { + do_normal_submit = 0; + ret = process_cmd_sourcestats(line); + } else if (!strcmp(command, "timeout")) { + ret = process_cmd_timeout(line); + do_normal_submit = 0; + } else if (!strcmp(command, "tracking")) { + ret = process_cmd_tracking(line); + do_normal_submit = 0; + } else if (!strcmp(command, "trimrtc")) { + process_cmd_trimrtc(&tx_message, line); + } else if (!strcmp(command, "waitsync")) { + ret = process_cmd_waitsync(line); + do_normal_submit = 0; + } else if (!strcmp(command, "writertc")) { + process_cmd_writertc(&tx_message, line); + } else { + fprintf(stderr, "Unrecognized command\n"); + do_normal_submit = 0; + } + + if (do_normal_submit) { + ret = request_reply(&tx_message, &rx_message, RPY_NULL, 1); + } + fflush(stderr); + fflush(stdout); + return ret; +} + +/* ================================================== */ + +static int +authenticate_from_config(const char *filename) +{ + CMD_Request tx_message; + CMD_Reply rx_message; + char line[2048], keyfile[2048], *command, *arg, *password; + const char *hashname; + unsigned long key_id = 0, key_id2 = -1; + int ret; + FILE *in; + + in = fopen(filename, "r"); + if (!in) { + fprintf(stderr, "Could not open file %s\n", filename); + return 0; + } + + *keyfile = '\0'; + while (fgets(line, sizeof (line), in)) { + CPS_NormalizeLine(line); + command = line; + arg = CPS_SplitWord(line); + if (!strcasecmp(command, "keyfile")) { + snprintf(keyfile, sizeof (keyfile), "%s", arg); + } else if (!strcasecmp(command, "commandkey")) { + if (sscanf(arg, "%lu", &key_id) != 1) + key_id = -1; + } + } + fclose(in); + + if (!*keyfile || key_id == -1) { + fprintf(stderr, "Could not read keyfile or commandkey in file %s\n", filename); + return 0; + } + + in = fopen(keyfile, "r"); + if (!in) { + fprintf(stderr, "Could not open keyfile %s\n", keyfile); + return 0; + } + + while (fgets(line, sizeof (line), in)) { + CPS_NormalizeLine(line); + if (!*line || !CPS_ParseKey(line, &key_id2, &hashname, &password)) + continue; + if (key_id == key_id2) + break; + } + fclose(in); + + if (key_id == key_id2) { + if (process_cmd_authhash(hashname) && + process_cmd_password(&tx_message, password)) { + ret = request_reply(&tx_message, &rx_message, RPY_NULL, 1); + } else { + ret = 0; + } + } else { + fprintf(stderr, "Could not find key %lu in keyfile %s\n", key_id, keyfile); + ret = 0; + } + + /* Erase password from stack */ + memset(line, 0, sizeof (line)); + + return ret; +} + +/* ================================================== */ + +static int +process_args(int argc, char **argv, int multi) +{ + int total_length, i, ret, quit; + char *line; + + total_length = 0; + for(i=0; i] [-p ] [-n] [-4|-6] [-m] [-a] [-f ]] [command]\n", progname); + exit(1); + } else { + break; /* And process remainder of line as a command */ + } + } + + if (isatty(0) && isatty(1) && isatty(2)) { + on_terminal = 1; + } + + if (on_terminal && (argc == 0)) { + display_gpl(); + } + + /* MD5 is the default authentication hash */ + auth_hash_id = HSH_GetHashId("MD5"); + if (auth_hash_id < 0) { + fprintf(stderr, "Could not initialize MD5\n"); + return 1; + } + + DNS_SetAddressFamily(family); + + if (!hostname) { + hostname = family == IPADDR_INET6 ? "::1" : "127.0.0.1"; +#ifdef FEAT_ASYNCDNS + initial_timeout /= 10; +#endif + } + + open_io(hostname, port); + + if (auto_auth) { + ret = authenticate_from_config(conf_file); + } + + if (!ret) { + ; + } else if (argc > 0) { + ret = process_args(argc, argv, multi); + } else { + do { + line = read_line(); + if (line) { + ret = process_line(line, &quit); + }else { + /* supply the final '\n' when user exits via ^D */ + if( on_terminal ) printf("\n"); + } + } while (line && !quit); + } + + close_io(); + + free(password); + + return !ret; +} + + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/clientlog.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/clientlog.c --- atmark-dist-20150618/user/chrony/chrony-1.30/clientlog.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/clientlog.c 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,508 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2009 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + This module keeps a count of the number of successful accesses by + clients, and the times of the last accesses. + + This can be used for status reporting, and (in the case of a + server), if it needs to know which clients have made use of its data + recently. + + */ + +#include "config.h" + +#include "sysincl.h" +#include "clientlog.h" +#include "conf.h" +#include "memory.h" +#include "reports.h" +#include "util.h" +#include "logging.h" + +/* Number of bits of address per layer of the table. This value has + been chosen on the basis that a server will predominantly be serving + a lot of hosts in a few subnets, rather than a few hosts scattered + across many subnets. */ + +#define NBITS 8 + +/* Number of entries in each subtable */ +#define TABLE_SIZE (1UL<addr.in6[i * 4 + 0] << 24 | + ip->addr.in6[i * 4 + 1] << 16 | + ip->addr.in6[i * 4 + 2] << 8 | + ip->addr.in6[i * 4 + 3]; +} + +/* ================================================== */ + +inline static uint32_t +get_subnet(uint32_t *addr, unsigned int where) +{ + int off; + + off = where / 32; + where %= 32; + + return (addr[off] >> (32 - NBITS - where)) & ((1UL << NBITS) - 1); +} + +/* ================================================== */ + + +static void +clear_subnet(Subnet *subnet) +{ + int i; + + for (i=0; ientry[i] = NULL; + } +} + +/* ================================================== */ + +static void +clear_node(Node *node) +{ + node->client_hits = 0; + node->peer_hits = 0; + node->cmd_hits_auth = 0; + node->cmd_hits_normal = 0; + node->cmd_hits_bad = 0; + node->last_ntp_hit = (time_t) 0; + node->last_cmd_hit = (time_t) 0; +} + +/* ================================================== */ + +void +CLG_Initialise(void) +{ + clear_subnet(&top_subnet4); + clear_subnet(&top_subnet6); + if (CNF_GetNoClientLog()) { + active = 0; + } else { + active = 1; + } + + nodes = NULL; + max_nodes = 0; + n_nodes = 0; + + alloced = 0; + alloc_limit = CNF_GetClientLogLimit(); + alloc_limit_reached = 0; +} + +/* ================================================== */ + +void +CLG_Finalise(void) +{ +} + +/* ================================================== */ + +static void check_alloc_limit() { + if (alloc_limit_reached) + return; + + if (alloced >= alloc_limit) { + LOG(LOGS_WARN, LOGF_ClientLog, "Client log memory limit reached"); + alloc_limit_reached = 1; + } +} + +/* ================================================== */ + +static void +create_subnet(Subnet *parent_subnet, int the_entry) +{ + parent_subnet->entry[the_entry] = (void *) MallocNew(Subnet); + clear_subnet((Subnet *) parent_subnet->entry[the_entry]); + alloced += sizeof (Subnet); + check_alloc_limit(); +} + +/* ================================================== */ + +static void +create_node(Subnet *parent_subnet, int the_entry) +{ + Node *new_node; + new_node = MallocNew(Node); + parent_subnet->entry[the_entry] = (void *) new_node; + clear_node(new_node); + + alloced += sizeof (Node); + + if (n_nodes == max_nodes) { + if (nodes) { + assert(max_nodes > 0); + max_nodes *= 2; + nodes = ReallocArray(Node *, max_nodes, nodes); + } else { + assert(max_nodes == 0); + max_nodes = 16; + nodes = MallocArray(Node *, max_nodes); + } + alloced += sizeof (Node *) * (max_nodes - n_nodes); + } + nodes[n_nodes++] = (Node *) new_node; + check_alloc_limit(); +} + +/* ================================================== */ +/* Recursively seek out the Node entry for a particular address, + expanding subnet tables and node entries as we go if necessary. */ + +static void * +find_subnet(Subnet *subnet, uint32_t *addr, int addr_len, int bits_consumed) +{ + uint32_t this_subnet; + + this_subnet = get_subnet(addr, bits_consumed); + bits_consumed += NBITS; + + if (bits_consumed < 32 * addr_len) { + if (!subnet->entry[this_subnet]) { + if (alloc_limit_reached) + return NULL; + create_subnet(subnet, this_subnet); + } + return find_subnet((Subnet *) subnet->entry[this_subnet], addr, addr_len, bits_consumed); + } else { + if (!subnet->entry[this_subnet]) { + if (alloc_limit_reached) + return NULL; + create_node(subnet, this_subnet); + } + return subnet->entry[this_subnet]; + } +} + + +/* ================================================== */ +/* Search for the record for a particular subnet, but return NULL if + one of the parents does not exist - never open a node out */ + +static void * +find_subnet_dont_open(Subnet *subnet, uint32_t *addr, int addr_len, int bits_consumed) +{ + uint32_t this_subnet; + + if (bits_consumed >= 32 * addr_len) { + return subnet; + } else { + + this_subnet = get_subnet(addr, bits_consumed); + bits_consumed += NBITS; + + if (!subnet->entry[this_subnet]) { + return NULL; + } else { + return find_subnet_dont_open((Subnet *) subnet->entry[this_subnet], addr, addr_len, bits_consumed); + } + } +} + +/* ================================================== */ + +void +CLG_LogNTPClientAccess (IPAddr *client, time_t now) +{ + uint32_t ip6[4]; + Node *node; + + if (active) { + switch (client->family) { + case IPADDR_INET4: + node = (Node *) find_subnet(&top_subnet4, &client->addr.in4, 1, 0); + break; + case IPADDR_INET6: + split_ip6(client, ip6); + node = (Node *) find_subnet(&top_subnet6, ip6, 4, 0); + break; + default: + assert(0); + } + + if (node == NULL) + return; + + node->ip_addr = *client; + ++node->client_hits; + node->last_ntp_hit = now; + } +} + +/* ================================================== */ + +void +CLG_LogNTPPeerAccess(IPAddr *client, time_t now) +{ + uint32_t ip6[4]; + Node *node; + + if (active) { + switch (client->family) { + case IPADDR_INET4: + node = (Node *) find_subnet(&top_subnet4, &client->addr.in4, 1, 0); + break; + case IPADDR_INET6: + split_ip6(client, ip6); + node = (Node *) find_subnet(&top_subnet6, ip6, 4, 0); + break; + default: + assert(0); + } + + if (node == NULL) + return; + + node->ip_addr = *client; + ++node->peer_hits; + node->last_ntp_hit = now; + } +} + +/* ================================================== */ + +void +CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now) +{ + uint32_t ip6[4]; + Node *node; + + if (active) { + switch (client->family) { + case IPADDR_INET4: + node = (Node *) find_subnet(&top_subnet4, &client->addr.in4, 1, 0); + break; + case IPADDR_INET6: + split_ip6(client, ip6); + node = (Node *) find_subnet(&top_subnet6, ip6, 4, 0); + break; + default: + assert(0); + } + + if (node == NULL) + return; + + node->ip_addr = *client; + node->last_cmd_hit = now; + switch (type) { + case CLG_CMD_AUTH: + ++node->cmd_hits_auth; + break; + case CLG_CMD_NORMAL: + ++node->cmd_hits_normal; + break; + case CLG_CMD_BAD_PKT: + ++node->cmd_hits_bad; + break; + default: + assert(0); + break; + } + } +} + +/* ================================================== */ + +CLG_Status +CLG_GetSubnetBitmap(IPAddr *subnet, int bits, CLG_Bitmap result) +{ + Subnet *s; + uint32_t ip6[4]; + unsigned long i; + unsigned long word, bit, mask; + + if (bits >= 0 && bits % 8 == 0) { + memset (result, 0, TABLE_SIZE/8); + if (active) { + switch (subnet->family) { + case IPADDR_INET4: + if (bits >= 32) + return CLG_BADSUBNET; + s = find_subnet_dont_open(&top_subnet4, &subnet->addr.in4, 1, 32 - bits); + break; + case IPADDR_INET6: + if (bits >= 128) + return CLG_BADSUBNET; + split_ip6(subnet, ip6); + s = find_subnet_dont_open(&top_subnet6, ip6, 4, 128 - bits); + break; + default: + return CLG_BADSUBNET; + } + + if (s) { + for (i=0; i<256; i++) { + if (s->entry[i]) { + word = i / 32; + bit = i % 32; + mask = 1UL << bit; + result[word] |= mask; + } + } + return CLG_SUCCESS; + } else { + return CLG_EMPTYSUBNET; + } + } else { + return CLG_INACTIVE; + } + } else { + return CLG_BADSUBNET; + } +} + +/* ================================================== */ + +CLG_Status +CLG_GetClientAccessReportByIP(IPAddr *ip, RPT_ClientAccess_Report *report, time_t now) +{ + uint32_t ip6[4]; + Node *node; + + if (!active) { + return CLG_INACTIVE; + } else { + switch (ip->family) { + case IPADDR_INET4: + node = (Node *) find_subnet_dont_open(&top_subnet4, &ip->addr.in4, 1, 0); + break; + case IPADDR_INET6: + split_ip6(ip, ip6); + node = (Node *) find_subnet_dont_open(&top_subnet6, ip6, 4, 0); + break; + default: + return CLG_EMPTYSUBNET; + } + + if (!node) { + return CLG_EMPTYSUBNET; + } else { + report->client_hits = node->client_hits; + report->peer_hits = node->peer_hits; + report->cmd_hits_auth = node->cmd_hits_auth; + report->cmd_hits_normal = node->cmd_hits_normal; + report->cmd_hits_bad = node->cmd_hits_bad; + report->last_ntp_hit_ago = now - node->last_ntp_hit; + report->last_cmd_hit_ago = now - node->last_cmd_hit; + + return CLG_SUCCESS; + } + } +} + +/* ================================================== */ + +CLG_Status +CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *report, + time_t now, unsigned long *n_indices) +{ + Node *node; + + *n_indices = n_nodes; + + if (!active) { + return CLG_INACTIVE; + } else { + + if ((index < 0) || (index >= n_nodes)) { + return CLG_INDEXTOOLARGE; + } + + node = nodes[index]; + + report->ip_addr = node->ip_addr; + report->client_hits = node->client_hits; + report->peer_hits = node->peer_hits; + report->cmd_hits_auth = node->cmd_hits_auth; + report->cmd_hits_normal = node->cmd_hits_normal; + report->cmd_hits_bad = node->cmd_hits_bad; + report->last_ntp_hit_ago = now - node->last_ntp_hit; + report->last_cmd_hit_ago = now - node->last_cmd_hit; + + return CLG_SUCCESS; + } + +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/clientlog.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/clientlog.h --- atmark-dist-20150618/user/chrony/chrony-1.30/clientlog.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/clientlog.h 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,85 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + This module contains facilities for logging access by clients. + + */ + +#ifndef GOT_CLIENTLOG_H +#define GOT_CLIENTLOG_H + +#include "sysincl.h" +#include "reports.h" + +/* Enough to hold flags for 256 hosts in a class C */ +typedef uint32_t CLG_Bitmap[8]; + +extern void CLG_Initialise(void); +extern void CLG_Finalise(void); +extern void CLG_LogNTPClientAccess(IPAddr *client, time_t now); +extern void CLG_LogNTPPeerAccess(IPAddr *client, time_t now); + +/* When logging command packets, there are several subtypes */ + +typedef enum { + CLG_CMD_AUTH, /* authenticated */ + CLG_CMD_NORMAL, /* normal */ + CLG_CMD_BAD_PKT /* bad version or packet length */ +} CLG_Command_Type; + +extern void CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now); + +/* And some reporting functions, for use by chronyc. */ +/* TBD */ + +typedef enum { + CLG_SUCCESS, /* All is well */ + CLG_EMPTYSUBNET, /* No hosts logged in requested subnet */ + CLG_BADSUBNET, /* Subnet requested is not 0, 8, 16 or 24 bits */ + CLG_INACTIVE, /* Facility not active */ + CLG_INDEXTOOLARGE /* Node index is higher than number of nodes present */ +} CLG_Status; + +/* For bits=0, 8, 16, flag which immediate subnets of that subnet are + known. For bits=24, flag which hosts in that subnet are known. + Other values, return 0 (failed) */ + +extern CLG_Status CLG_GetSubnetBitmap(IPAddr *subnet, int bits, CLG_Bitmap result); + +extern CLG_Status +CLG_GetClientAccessReportByIP(IPAddr *ip, RPT_ClientAccess_Report *report, time_t now); + +CLG_Status +CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *report, + time_t now, unsigned long *n_indices); + +/* And an iterating function, to call 'fn' for each client or peer + that has accessed us since 'since'. */ + +extern void CLG_IterateNTPClients +(void (*fn)(IPAddr *client, void *arb), + void *arb, + time_t since); + + +#endif /* GOT_CLIENTLOG_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/cmdmon.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdmon.c --- atmark-dist-20150618/user/chrony/chrony-1.30/cmdmon.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdmon.c 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,2193 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2009-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Command and monitoring module in the main program + */ + +#include "config.h" + +#include "sysincl.h" + +#include "cmdmon.h" +#include "candm.h" +#include "sched.h" +#include "util.h" +#include "logging.h" +#include "keys.h" +#include "ntp_sources.h" +#include "ntp_core.h" +#include "sources.h" +#include "sourcestats.h" +#include "reference.h" +#include "manual.h" +#include "memory.h" +#include "local.h" +#include "addrfilt.h" +#include "conf.h" +#include "rtc.h" +#include "pktlength.h" +#include "clientlog.h" +#include "refclock.h" + +/* ================================================== */ + +union sockaddr_in46 { + struct sockaddr_in in4; +#ifdef HAVE_IPV6 + struct sockaddr_in6 in6; +#endif + struct sockaddr u; +}; + +/* File descriptors for command and monitoring sockets */ +static int sock_fd4; +#ifdef HAVE_IPV6 +static int sock_fd6; +#endif + +/* Flag indicating whether this module has been initialised or not */ +static int initialised = 0; + +/* Token which is unique every time the daemon is run */ +static unsigned long utoken; + +/* The register of issued tokens */ +static unsigned long issued_tokens; + +/* The register of received tokens */ +static unsigned long returned_tokens; + +/* The token number corresponding to the base of the registers */ +static unsigned long token_base; + +/* The position of the next free token to issue in the issue register */ +static unsigned long issue_pointer; + +/* Type and linked list for buffering responses */ +typedef struct _ResponseCell { + struct _ResponseCell *next; + unsigned long tok; /* The token that the client sent in the message + to which this was the reply */ + unsigned long next_tok; /* The next token issued to the same client. + If we receive a request with this token, + it implies the reply stored in this cell + was successfully received */ + unsigned long msg_seq; /* Client's sequence number used in request + to which this is the response. */ + unsigned long attempt; /* Attempt number that we saw in the last request + with this sequence number (prevents attacker + firing the same request at us to make us + keep generating the same reply). */ + struct timeval ts; /* Time we saved the reply - allows purging based + on staleness. */ + CMD_Reply rpy; +} ResponseCell; + +static ResponseCell kept_replies; +static ResponseCell *free_replies; + +/* ================================================== */ +/* Array of permission levels for command types */ + +static int permissions[] = { + PERMIT_OPEN, /* NULL */ + PERMIT_AUTH, /* ONLINE */ + PERMIT_AUTH, /* OFFLINE */ + PERMIT_AUTH, /* BURST */ + PERMIT_AUTH, /* MODIFY_MINPOLL */ + PERMIT_AUTH, /* MODIFY_MAXPOLL */ + PERMIT_AUTH, /* DUMP */ + PERMIT_AUTH, /* MODIFY_MAXDELAY */ + PERMIT_AUTH, /* MODIFY_MAXDELAYRATIO */ + PERMIT_AUTH, /* MODIFY_MAXUPDATESKEW */ + PERMIT_OPEN, /* LOGON */ + PERMIT_AUTH, /* SETTIME */ + PERMIT_AUTH, /* LOCAL */ + PERMIT_AUTH, /* MANUAL */ + PERMIT_OPEN, /* N_SOURCES */ + PERMIT_OPEN, /* SOURCE_DATA */ + PERMIT_AUTH, /* REKEY */ + PERMIT_AUTH, /* ALLOW */ + PERMIT_AUTH, /* ALLOWALL */ + PERMIT_AUTH, /* DENY */ + PERMIT_AUTH, /* DENYALL */ + PERMIT_AUTH, /* CMDALLOW */ + PERMIT_AUTH, /* CMDALLOWALL */ + PERMIT_AUTH, /* CMDDENY */ + PERMIT_AUTH, /* CMDDENYALL */ + PERMIT_AUTH, /* ACCHECK */ + PERMIT_AUTH, /* CMDACCHECK */ + PERMIT_AUTH, /* ADD_SERVER */ + PERMIT_AUTH, /* ADD_PEER */ + PERMIT_AUTH, /* DEL_SOURCE */ + PERMIT_AUTH, /* WRITERTC */ + PERMIT_AUTH, /* DFREQ */ + PERMIT_AUTH, /* DOFFSET */ + PERMIT_OPEN, /* TRACKING */ + PERMIT_OPEN, /* SOURCESTATS */ + PERMIT_OPEN, /* RTCREPORT */ + PERMIT_AUTH, /* TRIMRTC */ + PERMIT_AUTH, /* CYCLELOGS */ + PERMIT_AUTH, /* SUBNETS_ACCESSED */ + PERMIT_AUTH, /* CLIENT_ACCESSES (by subnet) */ + PERMIT_AUTH, /* CLIENT_ACCESSES_BY_INDEX */ + PERMIT_OPEN, /* MANUAL_LIST */ + PERMIT_AUTH, /* MANUAL_DELETE */ + PERMIT_AUTH, /* MAKESTEP */ + PERMIT_OPEN, /* ACTIVITY */ + PERMIT_AUTH, /* MODIFY_MINSTRATUM */ + PERMIT_AUTH, /* MODIFY_POLLTARGET */ + PERMIT_AUTH, /* MODIFY_MAXDELAYDEVRATIO */ + PERMIT_AUTH, /* RESELECT */ + PERMIT_AUTH /* RESELECTDISTANCE */ +}; + +/* ================================================== */ + +/* This authorisation table is used for checking whether particular + machines are allowed to make command and monitoring requests. */ +static ADF_AuthTable access_auth_table; + +/* ================================================== */ +/* Forward prototypes */ +static void read_from_cmd_socket(void *anything); + +/* ================================================== */ + +static int +prepare_socket(int family, int port_number) +{ + int sock_fd; + socklen_t my_addr_len; + union sockaddr_in46 my_addr; + IPAddr bind_address; + int on_off = 1; + + sock_fd = socket(family, SOCK_DGRAM, 0); + if (sock_fd < 0) { + LOG(LOGS_ERR, LOGF_CmdMon, "Could not open %s command socket : %s", + family == AF_INET ? "IPv4" : "IPv6", strerror(errno)); + return -1; + } + + /* Close on exec */ + UTI_FdSetCloexec(sock_fd); + + /* Allow reuse of port number */ + if (setsockopt(sock_fd, SOL_SOCKET, SO_REUSEADDR, (char *) &on_off, sizeof(on_off)) < 0) { + LOG(LOGS_ERR, LOGF_CmdMon, "Could not set reuseaddr socket options"); + /* Don't quit - we might survive anyway */ + } +#ifdef HAVE_IPV6 + if (family == AF_INET6) { +#ifdef IPV6_V6ONLY + /* Receive IPv6 packets only */ + if (setsockopt(sock_fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&on_off, sizeof(on_off)) < 0) { + LOG(LOGS_ERR, LOGF_CmdMon, "Could not request IPV6_V6ONLY socket option"); + } +#endif + } +#endif + + memset(&my_addr, 0, sizeof (my_addr)); + + switch (family) { + case AF_INET: + my_addr_len = sizeof (my_addr.in4); + my_addr.in4.sin_family = family; + my_addr.in4.sin_port = htons((unsigned short)port_number); + + CNF_GetBindCommandAddress(IPADDR_INET4, &bind_address); + + if (bind_address.family == IPADDR_INET4) + my_addr.in4.sin_addr.s_addr = htonl(bind_address.addr.in4); + else + my_addr.in4.sin_addr.s_addr = htonl(INADDR_ANY); + break; +#ifdef HAVE_IPV6 + case AF_INET6: + my_addr_len = sizeof (my_addr.in6); + my_addr.in6.sin6_family = family; + my_addr.in6.sin6_port = htons((unsigned short)port_number); + + CNF_GetBindCommandAddress(IPADDR_INET6, &bind_address); + + if (bind_address.family == IPADDR_INET6) + memcpy(my_addr.in6.sin6_addr.s6_addr, bind_address.addr.in6, + sizeof (my_addr.in6.sin6_addr.s6_addr)); + else + my_addr.in6.sin6_addr = in6addr_any; + break; +#endif + default: + assert(0); + } + + if (bind(sock_fd, &my_addr.u, my_addr_len) < 0) { + LOG(LOGS_ERR, LOGF_CmdMon, "Could not bind %s command socket : %s", + family == AF_INET ? "IPv4" : "IPv6", strerror(errno)); + close(sock_fd); + return -1; + } + + /* Register handler for read events on the socket */ + SCH_AddInputFileHandler(sock_fd, read_from_cmd_socket, (void *)(long)sock_fd); + + return sock_fd; +} + +/* ================================================== */ + +void +CAM_Initialise(int family) +{ + int i, port_number; + + assert(!initialised); + initialised = 1; + + assert(sizeof (permissions) / sizeof (permissions[0]) == N_REQUEST_TYPES); + + for (i = 0; i < N_REQUEST_TYPES; i++) { + CMD_Request r; + int command_length, padding_length; + + r.version = PROTO_VERSION_NUMBER; + r.command = htons(i); + command_length = PKL_CommandLength(&r); + padding_length = PKL_CommandPaddingLength(&r); + assert(padding_length <= MAX_PADDING_LENGTH && padding_length <= command_length); + assert(command_length == 0 || command_length >= offsetof(CMD_Reply, data)); + } + + utoken = (unsigned long) time(NULL); + + issued_tokens = returned_tokens = issue_pointer = 0; + token_base = 1; /* zero is the value used when the previous command was + unauthenticated */ + + free_replies = NULL; + kept_replies.next = NULL; + + port_number = CNF_GetCommandPort(); + + if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET4)) + sock_fd4 = prepare_socket(AF_INET, port_number); + else + sock_fd4 = -1; +#ifdef HAVE_IPV6 + if (port_number && (family == IPADDR_UNSPEC || family == IPADDR_INET6)) + sock_fd6 = prepare_socket(AF_INET6, port_number); + else + sock_fd6 = -1; +#endif + + if (port_number && sock_fd4 < 0 +#ifdef HAVE_IPV6 + && sock_fd6 < 0 +#endif + ) { + LOG_FATAL(LOGF_CmdMon, "Could not open any command socket"); + } + + access_auth_table = ADF_CreateTable(); + +} + +/* ================================================== */ + +void +CAM_Finalise(void) +{ + if (sock_fd4 >= 0) { + SCH_RemoveInputFileHandler(sock_fd4); + close(sock_fd4); + } + sock_fd4 = -1; +#ifdef HAVE_IPV6 + if (sock_fd6 >= 0) { + SCH_RemoveInputFileHandler(sock_fd6); + close(sock_fd6); + } + sock_fd6 = -1; +#endif + + ADF_DestroyTable(access_auth_table); + + initialised = 0; +} + +/* ================================================== */ +/* This function checks whether the authenticator field of the packet + checks correctly against what we would compute locally given the + rest of the packet */ + +static int +check_rx_packet_auth(CMD_Request *packet, int packet_len) +{ + int pkt_len, auth_len; + + pkt_len = PKL_CommandLength(packet); + auth_len = packet_len - pkt_len; + + return KEY_CheckAuth(KEY_GetCommandKey(), (unsigned char *)packet, + pkt_len, ((unsigned char *)packet) + pkt_len, auth_len); +} + +/* ================================================== */ + +static int +generate_tx_packet_auth(CMD_Reply *packet) +{ + int pkt_len; + + pkt_len = PKL_ReplyLength(packet); + + return KEY_GenerateAuth(KEY_GetCommandKey(), (unsigned char *)packet, + pkt_len, ((unsigned char *)packet) + pkt_len, sizeof (packet->auth)); +} + +/* ================================================== */ + +static void +shift_tokens(void) +{ + do { + issued_tokens >>= 1; + returned_tokens >>= 1; + token_base++; + issue_pointer--; + } while ((issued_tokens & 1) && (returned_tokens & 1)); +} + +/* ================================================== */ + +static unsigned long +get_token(void) +{ + unsigned long result; + + if (issue_pointer == 32) { + /* The lowest number open token has not been returned - bad luck + to that command client */ + shift_tokens(); + } + + result = token_base + issue_pointer; + issued_tokens |= (1UL << issue_pointer); + issue_pointer++; + + return result; +} + +/* ================================================== */ + +static int +check_token(unsigned long token) +{ + int result; + unsigned long pos; + + if (token < token_base) { + /* Token too old */ + result = 0; + } else { + pos = token - token_base; + if (pos >= issue_pointer) { + /* Token hasn't been issued yet */ + result = 0; + } else { + if (returned_tokens & (1UL << pos)) { + /* Token has already been returned */ + result = 0; + } else { + /* Token is OK */ + result = 1; + returned_tokens |= (1UL << pos); + if (pos == 0) { + shift_tokens(); + } + } + } + } + + return result; + +} + +/* ================================================== */ + +#define TS_MARGIN 20 + +/* ================================================== */ + +typedef struct _TimestampCell { + struct _TimestampCell *next; + struct timeval ts; +} TimestampCell; + +static struct _TimestampCell seen_ts_list={NULL}; +static struct _TimestampCell *free_ts_list=NULL; + +#define EXTEND_QUANTUM 32 + +/* ================================================== */ + +static TimestampCell * +allocate_ts_cell(void) +{ + TimestampCell *result; + int i; + if (free_ts_list == NULL) { + free_ts_list = MallocArray(TimestampCell, EXTEND_QUANTUM); + for (i=0; inext; + return result; +} + +/* ================================================== */ + +static void +release_ts_cell(TimestampCell *node) +{ + node->next = free_ts_list; + free_ts_list = node; +} + +/* ================================================== */ +/* Return 1 if not found, 0 if found (i.e. not unique). Prune out any + stale entries. */ + +static int +check_unique_ts(struct timeval *ts, struct timeval *now) +{ + TimestampCell *last_valid, *cell, *next; + int ok; + + ok = 1; + last_valid = &(seen_ts_list); + cell = last_valid->next; + + while (cell) { + next = cell->next; + /* Check if stale */ + if ((now->tv_sec - cell->ts.tv_sec) > TS_MARGIN) { + release_ts_cell(cell); + last_valid->next = next; + } else { + /* Timestamp in cell is still within window */ + last_valid->next = cell; + last_valid = cell; + if ((cell->ts.tv_sec == ts->tv_sec) && (cell->ts.tv_usec == ts->tv_usec)) { + ok = 0; + } + } + cell = next; + } + + if (ok) { + /* Need to add this timestamp to the list */ + cell = allocate_ts_cell(); + last_valid->next = cell; + cell->next = NULL; + cell->ts = *ts; + } + + return ok; +} + +/* ================================================== */ + +static int +ts_is_unique_and_not_stale(struct timeval *ts, struct timeval *now) +{ + int within_margin=0; + int is_unique=0; + long diff; + + diff = now->tv_sec - ts->tv_sec; + if ((diff < TS_MARGIN) && (diff > -TS_MARGIN)) { + within_margin = 1; + } else { + within_margin = 0; + } + is_unique = check_unique_ts(ts, now); + + return within_margin && is_unique; +} + +/* ================================================== */ + +#define REPLY_EXTEND_QUANTUM 32 + +static void +get_more_replies(void) +{ + ResponseCell *new_replies; + int i; + + if (!free_replies) { + new_replies = MallocArray(ResponseCell, REPLY_EXTEND_QUANTUM); + for (i=1; inext; + return result; +} + +/* ================================================== */ + +static void +free_reply_slot(ResponseCell *cell) +{ + cell->next = free_replies; + free_replies = cell; +} + +/* ================================================== */ + +static void +save_reply(CMD_Reply *msg, + unsigned long tok_reply_to, + unsigned long new_tok_issued, + unsigned long client_msg_seq, + unsigned short attempt, + struct timeval *now) +{ + ResponseCell *cell; + + cell = get_reply_slot(); + + cell->ts = *now; + memcpy(&cell->rpy, msg, sizeof(CMD_Reply)); + cell->tok = tok_reply_to; + cell->next_tok = new_tok_issued; + cell->msg_seq = client_msg_seq; + cell->attempt = (unsigned long) attempt; + + cell->next = kept_replies.next; + kept_replies.next = cell; + +} + +/* ================================================== */ + +static CMD_Reply * +lookup_reply(unsigned long prev_msg_token, unsigned long client_msg_seq, unsigned short attempt) +{ + ResponseCell *ptr; + + ptr = kept_replies.next; + while (ptr) { + if ((ptr->tok == prev_msg_token) && + (ptr->msg_seq == client_msg_seq) && + ((unsigned long) attempt > ptr->attempt)) { + + /* Set the attempt field to remember the highest number we have + had so far */ + ptr->attempt = (unsigned long) attempt; + return &ptr->rpy; + } + ptr = ptr->next; + } + + return NULL; +} + + +/* ================================================== */ + +#define REPLY_MAXAGE 300 + +static void +token_acknowledged(unsigned long token, struct timeval *now) +{ + ResponseCell *last_valid, *cell, *next; + + last_valid = &kept_replies; + cell = kept_replies.next; + + while(cell) { + next = cell->next; + + /* Discard if it's the one or if the reply is stale */ + if ((cell->next_tok == token) || + ((now->tv_sec - cell->ts.tv_sec) > REPLY_MAXAGE)) { + free_reply_slot(cell); + last_valid->next = next; + } else { + last_valid->next = cell; + last_valid = cell; + } + cell = next; + } +} + +/* ================================================== */ + +static void +transmit_reply(CMD_Reply *msg, union sockaddr_in46 *where_to, int auth_len) +{ + int status; + int tx_message_length; + int sock_fd; + socklen_t addrlen; + + switch (where_to->u.sa_family) { + case AF_INET: + sock_fd = sock_fd4; + addrlen = sizeof (where_to->in4); + break; +#ifdef HAVE_IPV6 + case AF_INET6: + sock_fd = sock_fd6; + addrlen = sizeof (where_to->in6); + break; +#endif + default: + assert(0); + } + + tx_message_length = PKL_ReplyLength(msg) + auth_len; + status = sendto(sock_fd, (void *) msg, tx_message_length, 0, + &where_to->u, addrlen); + + if (status < 0) { + unsigned short port; + IPAddr ip; + + switch (where_to->u.sa_family) { + case AF_INET: + ip.family = IPADDR_INET4; + ip.addr.in4 = ntohl(where_to->in4.sin_addr.s_addr); + port = ntohs(where_to->in4.sin_port); + break; +#ifdef HAVE_IPV6 + case AF_INET6: + ip.family = IPADDR_INET6; + memcpy(ip.addr.in6, (where_to->in6.sin6_addr.s6_addr), sizeof(ip.addr.in6)); + port = ntohs(where_to->in6.sin6_port); + break; +#endif + default: + assert(0); + } + + DEBUG_LOG(LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToString(&ip), port); + } +} + + +/* ================================================== */ + +static void +handle_null(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_online(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address, mask; + UTI_IPNetworkToHost(&rx_message->data.online.mask, &mask); + UTI_IPNetworkToHost(&rx_message->data.online.address, &address); + status = NSR_TakeSourcesOnline(&mask, &address); + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_offline(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address, mask; + UTI_IPNetworkToHost(&rx_message->data.offline.mask, &mask); + UTI_IPNetworkToHost(&rx_message->data.offline.address, &address); + status = NSR_TakeSourcesOffline(&mask, &address); + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_burst(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address, mask; + UTI_IPNetworkToHost(&rx_message->data.burst.mask, &mask); + UTI_IPNetworkToHost(&rx_message->data.burst.address, &address); + status = NSR_InitiateSampleBurst(ntohl(rx_message->data.burst.n_good_samples), + ntohl(rx_message->data.burst.n_total_samples), + &mask, &address); + + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_minpoll(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_minpoll.address, &address); + status = NSR_ModifyMinpoll(&address, + ntohl(rx_message->data.modify_minpoll.new_minpoll)); + + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_maxpoll(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_minpoll.address, &address); + status = NSR_ModifyMaxpoll(&address, + ntohl(rx_message->data.modify_minpoll.new_minpoll)); + + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_maxdelay(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_maxdelay.address, &address); + status = NSR_ModifyMaxdelay(&address, + UTI_FloatNetworkToHost(rx_message->data.modify_maxdelay.new_max_delay)); + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_maxdelayratio(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_maxdelayratio.address, &address); + status = NSR_ModifyMaxdelayratio(&address, + UTI_FloatNetworkToHost(rx_message->data.modify_maxdelayratio.new_max_delay_ratio)); + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_maxdelaydevratio(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_maxdelaydevratio.address, &address); + status = NSR_ModifyMaxdelaydevratio(&address, + UTI_FloatNetworkToHost(rx_message->data.modify_maxdelaydevratio.new_max_delay_dev_ratio)); + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_minstratum(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_minpoll.address, &address); + status = NSR_ModifyMinstratum(&address, + ntohl(rx_message->data.modify_minstratum.new_min_stratum)); + + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_polltarget(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + IPAddr address; + UTI_IPNetworkToHost(&rx_message->data.modify_polltarget.address, &address); + status = NSR_ModifyPolltarget(&address, + ntohl(rx_message->data.modify_polltarget.new_poll_target)); + + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_modify_maxupdateskew(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + REF_ModifyMaxupdateskew(UTI_FloatNetworkToHost(rx_message->data.modify_maxupdateskew.new_max_update_skew)); + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_settime(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + struct timeval ts; + long offset_cs; + double dfreq_ppm, new_afreq_ppm; + UTI_TimevalNetworkToHost(&rx_message->data.settime.ts, &ts); + if (MNL_AcceptTimestamp(&ts, &offset_cs, &dfreq_ppm, &new_afreq_ppm)) { + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_MANUAL_TIMESTAMP); + tx_message->data.manual_timestamp.centiseconds = htonl((int32_t)offset_cs); + tx_message->data.manual_timestamp.dfreq_ppm = UTI_FloatHostToNetwork(dfreq_ppm); + tx_message->data.manual_timestamp.new_afreq_ppm = UTI_FloatHostToNetwork(new_afreq_ppm); + } else { + tx_message->status = htons(STT_NOTENABLED); + } +} + +/* ================================================== */ + +static void +handle_local(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int on_off, stratum; + on_off = ntohl(rx_message->data.local.on_off); + if (on_off) { + stratum = ntohl(rx_message->data.local.stratum); + REF_EnableLocal(stratum); + } else { + REF_DisableLocal(); + } + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_manual(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int option; + option = ntohl(rx_message->data.manual.option); + switch (option) { + case 0: + MNL_Disable(); + break; + case 1: + MNL_Enable(); + break; + case 2: + MNL_Reset(); + break; + } + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_n_sources(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int n_sources; + n_sources = SRC_ReadNumberOfSources(); + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_N_SOURCES); + tx_message->data.n_sources.n_sources = htonl(n_sources); +} + +/* ================================================== */ + +static void +handle_source_data(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + RPT_SourceReport report; + struct timeval now_corr; + + /* Get data */ + LCL_ReadCookedTime(&now_corr, NULL); + if (SRC_ReportSource(ntohl(rx_message->data.source_data.index), &report, &now_corr)) { + switch (SRC_GetType(ntohl(rx_message->data.source_data.index))) { + case SRC_NTP: + NSR_ReportSource(&report, &now_corr); + break; + case SRC_REFCLOCK: + RCL_ReportSource(&report, &now_corr); + break; + } + + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_SOURCE_DATA); + + UTI_IPHostToNetwork(&report.ip_addr, &tx_message->data.source_data.ip_addr); + tx_message->data.source_data.stratum = htons(report.stratum); + tx_message->data.source_data.poll = htons(report.poll); + switch (report.state) { + case RPT_SYNC: + tx_message->data.source_data.state = htons(RPY_SD_ST_SYNC); + break; + case RPT_UNREACH: + tx_message->data.source_data.state = htons(RPY_SD_ST_UNREACH); + break; + case RPT_FALSETICKER: + tx_message->data.source_data.state = htons(RPY_SD_ST_FALSETICKER); + break; + case RPT_JITTERY: + tx_message->data.source_data.state = htons(RPY_SD_ST_JITTERY); + break; + case RPT_CANDIDATE: + tx_message->data.source_data.state = htons(RPY_SD_ST_CANDIDATE); + break; + case RPT_OUTLIER: + tx_message->data.source_data.state = htons(RPY_SD_ST_OUTLIER); + break; + } + switch (report.mode) { + case RPT_NTP_CLIENT: + tx_message->data.source_data.mode = htons(RPY_SD_MD_CLIENT); + break; + case RPT_NTP_PEER: + tx_message->data.source_data.mode = htons(RPY_SD_MD_PEER); + break; + case RPT_LOCAL_REFERENCE: + tx_message->data.source_data.mode = htons(RPY_SD_MD_REF); + break; + } + switch (report.sel_option) { + case RPT_NORMAL: + tx_message->data.source_data.flags = htons(0); + break; + case RPT_PREFER: + tx_message->data.source_data.flags = htons(RPY_SD_FLAG_PREFER); + break; + case RPT_NOSELECT: + tx_message->data.source_data.flags = htons(RPY_SD_FLAG_PREFER); + break; + } + tx_message->data.source_data.reachability = htons(report.reachability); + tx_message->data.source_data.since_sample = htonl(report.latest_meas_ago); + tx_message->data.source_data.orig_latest_meas = UTI_FloatHostToNetwork(report.orig_latest_meas); + tx_message->data.source_data.latest_meas = UTI_FloatHostToNetwork(report.latest_meas); + tx_message->data.source_data.latest_meas_err = UTI_FloatHostToNetwork(report.latest_meas_err); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_rekey(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + tx_message->status = htons(STT_SUCCESS); + KEY_Reload(); +} + +/* ================================================== */ + +static void +handle_allow(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (NCR_AddAccessRestriction(&ip, subnet_bits, 1, 0)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_allowall(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (NCR_AddAccessRestriction(&ip, subnet_bits, 1, 1)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_deny(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (NCR_AddAccessRestriction(&ip, subnet_bits, 0, 0)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_denyall(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (NCR_AddAccessRestriction(&ip, subnet_bits, 0, 1)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_cmdallow(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (CAM_AddAccessRestriction(&ip, subnet_bits, 1, 0)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_cmdallowall(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (CAM_AddAccessRestriction(&ip, subnet_bits, 1, 1)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_cmddeny(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (CAM_AddAccessRestriction(&ip, subnet_bits, 0, 0)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_cmddenyall(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + int subnet_bits; + UTI_IPNetworkToHost(&rx_message->data.allow_deny.ip, &ip); + subnet_bits = ntohl(rx_message->data.allow_deny.subnet_bits); + if (CAM_AddAccessRestriction(&ip, subnet_bits, 0, 1)) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_BADSUBNET); + } +} + +/* ================================================== */ + +static void +handle_accheck(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + UTI_IPNetworkToHost(&rx_message->data.ac_check.ip, &ip); + if (NCR_CheckAccessRestriction(&ip)) { + tx_message->status = htons(STT_ACCESSALLOWED); + } else { + tx_message->status = htons(STT_ACCESSDENIED); + } +} + +/* ================================================== */ + +static void +handle_cmdaccheck(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + IPAddr ip; + UTI_IPNetworkToHost(&rx_message->data.ac_check.ip, &ip); + if (CAM_CheckAccessRestriction(&ip)) { + tx_message->status = htons(STT_ACCESSALLOWED); + } else { + tx_message->status = htons(STT_ACCESSDENIED); + } +} + +/* ================================================== */ + +static void +handle_add_source(NTP_Source_Type type, CMD_Request *rx_message, CMD_Reply *tx_message) +{ + NTP_Remote_Address rem_addr; + SourceParameters params; + NSR_Status status; + + UTI_IPNetworkToHost(&rx_message->data.ntp_source.ip_addr, &rem_addr.ip_addr); + rem_addr.port = (unsigned short)(ntohl(rx_message->data.ntp_source.port)); + params.minpoll = ntohl(rx_message->data.ntp_source.minpoll); + params.maxpoll = ntohl(rx_message->data.ntp_source.maxpoll); + params.presend_minpoll = ntohl(rx_message->data.ntp_source.presend_minpoll); + params.authkey = ntohl(rx_message->data.ntp_source.authkey); + params.online = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_ONLINE ? 1 : 0; + params.auto_offline = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_AUTOOFFLINE ? 1 : 0; + params.iburst = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_IBURST ? 1 : 0; + params.sel_option = ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_PREFER ? SRC_SelectPrefer : + ntohl(rx_message->data.ntp_source.flags) & REQ_ADDSRC_NOSELECT ? SRC_SelectNoselect : SRC_SelectNormal; + params.max_delay = UTI_FloatNetworkToHost(rx_message->data.ntp_source.max_delay); + params.max_delay_ratio = UTI_FloatNetworkToHost(rx_message->data.ntp_source.max_delay_ratio); + + /* not transmitted in cmdmon protocol yet */ + params.min_stratum = SRC_DEFAULT_MINSTRATUM; + params.poll_target = SRC_DEFAULT_POLLTARGET; + params.max_delay_dev_ratio = SRC_DEFAULT_MAXDELAYDEVRATIO; + + status = NSR_AddSource(&rem_addr, type, ¶ms); + switch (status) { + case NSR_Success: + tx_message->status = htons(STT_SUCCESS); + break; + case NSR_AlreadyInUse: + tx_message->status = htons(STT_SOURCEALREADYKNOWN); + break; + case NSR_TooManySources: + tx_message->status = htons(STT_TOOMANYSOURCES); + break; + case NSR_InvalidAF: + tx_message->status = htons(STT_INVALIDAF); + break; + case NSR_NoSuchSource: + assert(0); + break; + } +} + +/* ================================================== */ + +static void +handle_del_source(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + NTP_Remote_Address rem_addr; + NSR_Status status; + + UTI_IPNetworkToHost(&rx_message->data.del_source.ip_addr, &rem_addr.ip_addr); + rem_addr.port = 0; + + status = NSR_RemoveSource(&rem_addr); + switch (status) { + case NSR_Success: + tx_message->status = htons(STT_SUCCESS); + break; + case NSR_NoSuchSource: + tx_message->status = htons(STT_NOSUCHSOURCE); + break; + case NSR_TooManySources: + case NSR_AlreadyInUse: + case NSR_InvalidAF: + assert(0); + break; + } +} + +/* ================================================== */ + +static void +handle_writertc(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + switch (RTC_WriteParameters()) { + case RTC_ST_OK: + tx_message->status = htons(STT_SUCCESS); + break; + case RTC_ST_NODRV: + tx_message->status = htons(STT_NORTC); + break; + case RTC_ST_BADFILE: + tx_message->status = htons(STT_BADRTCFILE); + break; + } +} + +/* ================================================== */ + +static void +handle_dfreq(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + double dfreq; + dfreq = UTI_FloatNetworkToHost(rx_message->data.dfreq.dfreq); + LCL_AccumulateDeltaFrequency(dfreq * 1.0e-6); + LOG(LOGS_INFO, LOGF_CmdMon, "Accumulated delta freq of %.3fppm", dfreq); + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_doffset(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + long sec, usec; + double doffset; + sec = (int32_t)ntohl(rx_message->data.doffset.sec); + usec = (int32_t)ntohl(rx_message->data.doffset.usec); + doffset = (double) sec + 1.0e-6 * (double) usec; + LOG(LOGS_INFO, LOGF_CmdMon, "Accumulated delta offset of %.6f seconds", doffset); + LCL_AccumulateOffset(doffset, 0.0); + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_tracking(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + RPT_TrackingReport rpt; + + REF_GetTrackingReport(&rpt); + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_TRACKING); + tx_message->data.tracking.ref_id = htonl(rpt.ref_id); + UTI_IPHostToNetwork(&rpt.ip_addr, &tx_message->data.tracking.ip_addr); + tx_message->data.tracking.stratum = htons(rpt.stratum); + tx_message->data.tracking.leap_status = htons(rpt.leap_status); + UTI_TimevalHostToNetwork(&rpt.ref_time, &tx_message->data.tracking.ref_time); + tx_message->data.tracking.current_correction = UTI_FloatHostToNetwork(rpt.current_correction); + tx_message->data.tracking.last_offset = UTI_FloatHostToNetwork(rpt.last_offset); + tx_message->data.tracking.rms_offset = UTI_FloatHostToNetwork(rpt.rms_offset); + tx_message->data.tracking.freq_ppm = UTI_FloatHostToNetwork(rpt.freq_ppm); + tx_message->data.tracking.resid_freq_ppm = UTI_FloatHostToNetwork(rpt.resid_freq_ppm); + tx_message->data.tracking.skew_ppm = UTI_FloatHostToNetwork(rpt.skew_ppm); + tx_message->data.tracking.root_delay = UTI_FloatHostToNetwork(rpt.root_delay); + tx_message->data.tracking.root_dispersion = UTI_FloatHostToNetwork(rpt.root_dispersion); + tx_message->data.tracking.last_update_interval = UTI_FloatHostToNetwork(rpt.last_update_interval); +} + +/* ================================================== */ + +static void +handle_sourcestats(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + RPT_SourcestatsReport report; + struct timeval now_corr; + + LCL_ReadCookedTime(&now_corr, NULL); + status = SRC_ReportSourcestats(ntohl(rx_message->data.sourcestats.index), + &report, &now_corr); + + if (status) { + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_SOURCESTATS); + tx_message->data.sourcestats.ref_id = htonl(report.ref_id); + UTI_IPHostToNetwork(&report.ip_addr, &tx_message->data.sourcestats.ip_addr); + tx_message->data.sourcestats.n_samples = htonl(report.n_samples); + tx_message->data.sourcestats.n_runs = htonl(report.n_runs); + tx_message->data.sourcestats.span_seconds = htonl(report.span_seconds); + tx_message->data.sourcestats.resid_freq_ppm = UTI_FloatHostToNetwork(report.resid_freq_ppm); + tx_message->data.sourcestats.skew_ppm = UTI_FloatHostToNetwork(report.skew_ppm); + tx_message->data.sourcestats.sd = UTI_FloatHostToNetwork(report.sd); + tx_message->data.sourcestats.est_offset = UTI_FloatHostToNetwork(report.est_offset); + tx_message->data.sourcestats.est_offset_err = UTI_FloatHostToNetwork(report.est_offset_err); + } else { + tx_message->status = htons(STT_NOSUCHSOURCE); + } +} + +/* ================================================== */ + +static void +handle_rtcreport(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + RPT_RTC_Report report; + status = RTC_GetReport(&report); + if (status) { + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_RTC); + UTI_TimevalHostToNetwork(&report.ref_time, &tx_message->data.rtc.ref_time); + tx_message->data.rtc.n_samples = htons(report.n_samples); + tx_message->data.rtc.n_runs = htons(report.n_runs); + tx_message->data.rtc.span_seconds = htonl(report.span_seconds); + tx_message->data.rtc.rtc_seconds_fast = UTI_FloatHostToNetwork(report.rtc_seconds_fast); + tx_message->data.rtc.rtc_gain_rate_ppm = UTI_FloatHostToNetwork(report.rtc_gain_rate_ppm); + } else { + tx_message->status = htons(STT_NORTC); + } +} + +/* ================================================== */ + +static void +handle_trimrtc(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + status = RTC_Trim(); + if (status) { + tx_message->status = htons(STT_SUCCESS); + } else { + tx_message->status = htons(STT_NORTC); + } +} + +/* ================================================== */ + +static void +handle_cyclelogs(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + LOG_CycleLogFiles(); + + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_client_accesses_by_index(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + CLG_Status result; + RPT_ClientAccessByIndex_Report report; + unsigned long first_index, n_indices, last_index, n_indices_in_table; + int i, j; + struct timeval now; + + LCL_ReadCookedTime(&now, NULL); + + first_index = ntohl(rx_message->data.client_accesses_by_index.first_index); + n_indices = ntohl(rx_message->data.client_accesses_by_index.n_indices); + last_index = first_index + n_indices - 1; + + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_CLIENT_ACCESSES_BY_INDEX); + + for (i = first_index, j = 0; + (i <= last_index) && (j < MAX_CLIENT_ACCESSES); + i++) { + + result = CLG_GetClientAccessReportByIndex(i, &report, now.tv_sec, &n_indices_in_table); + tx_message->data.client_accesses_by_index.n_indices = htonl(n_indices_in_table); + + switch (result) { + case CLG_SUCCESS: + UTI_IPHostToNetwork(&report.ip_addr, &tx_message->data.client_accesses_by_index.clients[j].ip); + tx_message->data.client_accesses_by_index.clients[j].client_hits = htonl(report.client_hits); + tx_message->data.client_accesses_by_index.clients[j].peer_hits = htonl(report.peer_hits); + tx_message->data.client_accesses_by_index.clients[j].cmd_hits_auth = htonl(report.cmd_hits_auth); + tx_message->data.client_accesses_by_index.clients[j].cmd_hits_normal = htonl(report.cmd_hits_normal); + tx_message->data.client_accesses_by_index.clients[j].cmd_hits_bad = htonl(report.cmd_hits_bad); + tx_message->data.client_accesses_by_index.clients[j].last_ntp_hit_ago = htonl(report.last_ntp_hit_ago); + tx_message->data.client_accesses_by_index.clients[j].last_cmd_hit_ago = htonl(report.last_cmd_hit_ago); + j++; + break; + case CLG_INDEXTOOLARGE: + break; /* ignore this index */ + case CLG_INACTIVE: + tx_message->status = htons(STT_INACTIVE); + return; + default: + assert(0); + break; + } + } + + tx_message->data.client_accesses_by_index.next_index = htonl(i); + tx_message->data.client_accesses_by_index.n_clients = htonl(j); +} + +/* ================================================== */ + +static void +handle_manual_list(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int n_samples; + int i; + RPY_ManualListSample *sample; + RPT_ManualSamplesReport report[MAX_MANUAL_LIST_SAMPLES]; + + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_MANUAL_LIST); + + MNL_ReportSamples(report, MAX_MANUAL_LIST_SAMPLES, &n_samples); + tx_message->data.manual_list.n_samples = htonl(n_samples); + for (i=0; idata.manual_list.samples[i]; + UTI_TimevalHostToNetwork(&report[i].when, &sample->when); + sample->slewed_offset = UTI_FloatHostToNetwork(report[i].slewed_offset); + sample->orig_offset = UTI_FloatHostToNetwork(report[i].orig_offset); + sample->residual = UTI_FloatHostToNetwork(report[i].residual); + } +} + +/* ================================================== */ + +static void +handle_manual_delete(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + int status; + int index; + + index = ntohl(rx_message->data.manual_delete.index); + status = MNL_DeleteSample(index); + if (!status) { + tx_message->status = htons(STT_BADSAMPLE); + } else { + tx_message->status = htons(STT_SUCCESS); + } +} + +/* ================================================== */ + +static void +handle_make_step(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + LCL_MakeStep(); + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_activity(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + RPT_ActivityReport report; + NSR_GetActivityReport(&report); + tx_message->data.activity.online = htonl(report.online); + tx_message->data.activity.offline = htonl(report.offline); + tx_message->data.activity.burst_online = htonl(report.burst_online); + tx_message->data.activity.burst_offline = htonl(report.burst_offline); + tx_message->data.activity.unresolved = htonl(report.unresolved); + tx_message->status = htons(STT_SUCCESS); + tx_message->reply = htons(RPY_ACTIVITY); +} + +/* ================================================== */ + +static void +handle_reselect_distance(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + double dist; + dist = UTI_FloatNetworkToHost(rx_message->data.reselect_distance.distance); + SRC_SetReselectDistance(dist); + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ + +static void +handle_reselect(CMD_Request *rx_message, CMD_Reply *tx_message) +{ + SRC_ReselectSource(); + tx_message->status = htons(STT_SUCCESS); +} + +/* ================================================== */ +/* Read a packet and process it */ + +static void +read_from_cmd_socket(void *anything) +{ + int status; + int read_length; /* Length of packet read */ + int expected_length; /* Expected length of packet without auth data */ + unsigned long flags; + CMD_Request rx_message; + CMD_Reply tx_message, *prev_tx_message; + int rx_message_length, tx_message_length; + int sock_fd; + union sockaddr_in46 where_from; + socklen_t from_length; + IPAddr remote_ip; + unsigned short remote_port; + int auth_length; + int auth_ok; + int utoken_ok, token_ok; + int issue_token; + int valid_ts; + int authenticated; + int localhost; + int allowed; + unsigned short rx_command; + unsigned long rx_message_token; + unsigned long tx_message_token; + unsigned long rx_message_seq; + unsigned long rx_attempt; + struct timeval now; + struct timeval cooked_now; + + flags = 0; + rx_message_length = sizeof(rx_message); + from_length = sizeof(where_from); + + sock_fd = (long)anything; + status = recvfrom(sock_fd, (char *)&rx_message, rx_message_length, flags, + &where_from.u, &from_length); + + if (status < 0) { + LOG(LOGS_WARN, LOGF_CmdMon, "Error [%s] reading from control socket %d", + strerror(errno), sock_fd); + return; + } + + read_length = status; + + LCL_ReadRawTime(&now); + LCL_CookTime(&now, &cooked_now, NULL); + + switch (where_from.u.sa_family) { + case AF_INET: + remote_ip.family = IPADDR_INET4; + remote_ip.addr.in4 = ntohl(where_from.in4.sin_addr.s_addr); + remote_port = ntohs(where_from.in4.sin_port); + localhost = (remote_ip.addr.in4 == 0x7f000001UL); + break; +#ifdef HAVE_IPV6 + case AF_INET6: + remote_ip.family = IPADDR_INET6; + memcpy(&remote_ip.addr.in6, where_from.in6.sin6_addr.s6_addr, + sizeof (remote_ip.addr.in6)); + remote_port = ntohs(where_from.in6.sin6_port); + /* Check for ::1 */ + for (localhost = 0; localhost < 16; localhost++) + if (remote_ip.addr.in6[localhost] != 0) + break; + localhost = (localhost == 15 && remote_ip.addr.in6[localhost] == 1); + break; +#endif + default: + assert(0); + } + + if (!(localhost || ADF_IsAllowed(access_auth_table, &remote_ip))) { + /* The client is not allowed access, so don't waste any more time + on him. Note that localhost is always allowed access + regardless of the defined access rules - otherwise, we could + shut ourselves out completely! */ + return; + } + + /* Message size sanity check */ + if (read_length >= offsetof(CMD_Request, data)) { + expected_length = PKL_CommandLength(&rx_message); + } else { + expected_length = 0; + } + + if (expected_length < offsetof(CMD_Request, data) || + read_length < offsetof(CMD_Reply, data) || + rx_message.pkt_type != PKT_TYPE_CMD_REQUEST || + rx_message.res1 != 0 || + rx_message.res2 != 0) { + + /* We don't know how to process anything like this */ + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + return; + } + + rx_command = ntohs(rx_message.command); + + tx_message.version = PROTO_VERSION_NUMBER; + tx_message.pkt_type = PKT_TYPE_CMD_REPLY; + tx_message.res1 = 0; + tx_message.res2 = 0; + tx_message.command = rx_message.command; + tx_message.sequence = rx_message.sequence; + tx_message.reply = htons(RPY_NULL); + tx_message.pad1 = 0; + tx_message.pad2 = 0; + tx_message.pad3 = 0; + tx_message.utoken = htonl(utoken); + /* Set this to a default (invalid) value. This protects against the + token field being set to an arbitrary value if we reject the + message, e.g. due to the host failing the access check. */ + tx_message.token = htonl(0xffffffffUL); + memset(&tx_message.auth, 0, sizeof(tx_message.auth)); + + if (rx_message.version != PROTO_VERSION_NUMBER) { + DEBUG_LOG(LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s:%hu", rx_message.version, PROTO_VERSION_NUMBER, UTI_IPToString(&remote_ip), remote_port); + + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT_SERVER) { + tx_message.status = htons(STT_BADPKTVERSION); + transmit_reply(&tx_message, &where_from, 0); + } + return; + } + + if (rx_command >= N_REQUEST_TYPES) { + DEBUG_LOG(LOGF_CmdMon, "Read command packet with invalid command %d from %s:%hu", rx_command, UTI_IPToString(&remote_ip), remote_port); + + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + tx_message.status = htons(STT_INVALID); + transmit_reply(&tx_message, &where_from, 0); + return; + } + + if (read_length < expected_length) { + DEBUG_LOG(LOGF_CmdMon, "Read incorrectly sized command packet from %s:%hu", UTI_IPToString(&remote_ip), remote_port); + + CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec); + + tx_message.status = htons(STT_BADPKTLENGTH); + transmit_reply(&tx_message, &where_from, 0); + return; + } + + /* OK, we have a valid message. Now dispatch on message type and process it. */ + + /* Do authentication stuff and command tokens here. Well-behaved + clients will set their utokens to 0 to save us wasting our time + if the packet is unauthenticatable. */ + if (rx_message.utoken != 0) { + auth_ok = check_rx_packet_auth(&rx_message, read_length); + } else { + auth_ok = 0; + } + + /* All this malarky is to protect the system against various forms + of attack. + + Simple packet forgeries are blocked by requiring the packet to + authenticate properly with MD5 or other crypto hash. (The + assumption is that the command key is in a read-only keys file + read by the daemon, and is known only to administrators.) + + Replay attacks are prevented by 2 fields in the packet. The + 'token' field is where the client plays back to us a token that + he was issued in an earlier reply. Each time we reply to a + suitable packet, we issue a new token. The 'utoken' field is set + to a new (hopefully increasing) value each time the daemon is + run. This prevents packets from a previous incarnation being + played back at us when the same point in the 'token' sequence + comes up. (The token mechanism also prevents a non-idempotent + command from being executed twice from the same client, if the + client fails to receive our reply the first time and tries a + resend.) + + The problem is how a client should get its first token. Our + token handling only remembers a finite number of issued tokens + (actually 32) - if a client replies with a (legitimate) token + older than that, it will be treated as though a duplicate token + has been supplied. If a simple token-request protocol were used, + the whole thing would be vulnerable to a denial of service + attack, where an attacker just replays valid token-request + packets at us, causing us to keep issuing new tokens, + invalidating all the ones we have given out to true clients + already. + + To protect against this, the token-request (REQ_LOGON) packet + includes a timestamp field. To issue a token, we require that + this field is different from any we have processed before. To + bound our storage, we require that the timestamp is within a + certain period of our current time. For clients running on the + same host this will be easily satisfied. + + */ + + utoken_ok = (ntohl(rx_message.utoken) == utoken); + + /* Avoid binning a valid user's token if we merely get a forged + packet */ + rx_message_token = ntohl(rx_message.token); + rx_message_seq = ntohl(rx_message.sequence); + rx_attempt = ntohs(rx_message.attempt); + + if (auth_ok && utoken_ok) { + token_ok = check_token(rx_message_token); + } else { + token_ok = 0; + } + + if (auth_ok && utoken_ok && !token_ok) { + /* This might be a resent message, due to the client not getting + our reply to the first attempt. See if we can find the message. */ + prev_tx_message = lookup_reply(rx_message_token, rx_message_seq, rx_attempt); + if (prev_tx_message) { + /* Just send this message again */ + tx_message_length = PKL_ReplyLength(prev_tx_message); + status = sendto(sock_fd, (void *) prev_tx_message, tx_message_length, 0, + &where_from.u, from_length); + if (status < 0) { + DEBUG_LOG(LOGF_CmdMon, "Could not send response to %s:%hu", UTI_IPToString(&remote_ip), remote_port); + } + return; + } + /* Otherwise, just fall through into normal processing */ + + } + + if (auth_ok && utoken_ok && token_ok) { + /* See whether we can discard the previous reply from storage */ + token_acknowledged(rx_message_token, &now); + } + + valid_ts = 0; + + if (auth_ok) { + struct timeval ts; + + UTI_TimevalNetworkToHost(&rx_message.data.logon.ts, &ts); + if ((utoken_ok && token_ok) || + ((ntohl(rx_message.utoken) == SPECIAL_UTOKEN) && + (rx_command == REQ_LOGON) && + (valid_ts = ts_is_unique_and_not_stale(&ts, &now)))) + issue_token = 1; + else + issue_token = 0; + } else { + issue_token = 0; + } + + authenticated = auth_ok & utoken_ok & token_ok; + + if (authenticated) { + CLG_LogCommandAccess(&remote_ip, CLG_CMD_AUTH, cooked_now.tv_sec); + } else { + CLG_LogCommandAccess(&remote_ip, CLG_CMD_NORMAL, cooked_now.tv_sec); + } + + if (issue_token) { + /* Only command clients where the user has apparently 'logged on' + get a token to allow them to emit an authenticated command next + time */ + tx_message_token = get_token(); + } else { + tx_message_token = 0xffffffffUL; + } + + tx_message.token = htonl(tx_message_token); + + + if (rx_command >= N_REQUEST_TYPES) { + /* This should be already handled */ + assert(0); + } else { + /* Check level of authority required to issue the command */ + switch(permissions[rx_command]) { + case PERMIT_AUTH: + if (authenticated) { + allowed = 1; + } else { + allowed = 0; + } + break; + case PERMIT_LOCAL: + if (authenticated || localhost) { + allowed = 1; + } else { + allowed = 0; + } + break; + case PERMIT_OPEN: + allowed = 1; + break; + default: + assert(0); + allowed = 0; + } + + if (allowed) { + switch(rx_command) { + case REQ_NULL: + handle_null(&rx_message, &tx_message); + break; + + case REQ_ONLINE: + handle_online(&rx_message, &tx_message); + break; + + case REQ_OFFLINE: + handle_offline(&rx_message, &tx_message); + break; + + case REQ_BURST: + handle_burst(&rx_message, &tx_message); + break; + + case REQ_MODIFY_MINPOLL: + handle_modify_minpoll(&rx_message, &tx_message); + break; + + case REQ_MODIFY_MAXPOLL: + handle_modify_maxpoll(&rx_message, &tx_message); + break; + + case REQ_DUMP: + SRC_DumpSources(); + tx_message.status = htons(STT_SUCCESS); + break; + + case REQ_MODIFY_MAXDELAY: + handle_modify_maxdelay(&rx_message, &tx_message); + break; + + case REQ_MODIFY_MAXDELAYRATIO: + handle_modify_maxdelayratio(&rx_message, &tx_message); + break; + + case REQ_MODIFY_MAXDELAYDEVRATIO: + handle_modify_maxdelaydevratio(&rx_message, &tx_message); + break; + + case REQ_MODIFY_MAXUPDATESKEW: + handle_modify_maxupdateskew(&rx_message, &tx_message); + break; + + case REQ_LOGON: + /* If the log-on fails, record the reason why */ + if (!issue_token) { + DEBUG_LOG(LOGF_CmdMon, + "Bad command logon from %s port %d (auth_ok=%d valid_ts=%d)", + UTI_IPToString(&remote_ip), + remote_port, + auth_ok, valid_ts); + } + + if (issue_token == 1) { + tx_message.status = htons(STT_SUCCESS); + } else if (!auth_ok) { + tx_message.status = htons(STT_UNAUTH); + } else if (!valid_ts) { + tx_message.status = htons(STT_INVALIDTS); + } else { + tx_message.status = htons(STT_FAILED); + } + + break; + + case REQ_SETTIME: + handle_settime(&rx_message, &tx_message); + break; + + case REQ_LOCAL: + handle_local(&rx_message, &tx_message); + break; + + case REQ_MANUAL: + handle_manual(&rx_message, &tx_message); + break; + + case REQ_N_SOURCES: + handle_n_sources(&rx_message, &tx_message); + break; + + case REQ_SOURCE_DATA: + handle_source_data(&rx_message, &tx_message); + break; + + case REQ_REKEY: + handle_rekey(&rx_message, &tx_message); + break; + + case REQ_ALLOW: + handle_allow(&rx_message, &tx_message); + break; + + case REQ_ALLOWALL: + handle_allowall(&rx_message, &tx_message); + break; + + case REQ_DENY: + handle_deny(&rx_message, &tx_message); + break; + + case REQ_DENYALL: + handle_denyall(&rx_message, &tx_message); + break; + + case REQ_CMDALLOW: + handle_cmdallow(&rx_message, &tx_message); + break; + + case REQ_CMDALLOWALL: + handle_cmdallowall(&rx_message, &tx_message); + break; + + case REQ_CMDDENY: + handle_cmddeny(&rx_message, &tx_message); + break; + + case REQ_CMDDENYALL: + handle_cmddenyall(&rx_message, &tx_message); + break; + + case REQ_ACCHECK: + handle_accheck(&rx_message, &tx_message); + break; + + case REQ_CMDACCHECK: + handle_cmdaccheck(&rx_message, &tx_message); + break; + + case REQ_ADD_SERVER: + handle_add_source(NTP_SERVER, &rx_message, &tx_message); + break; + + case REQ_ADD_PEER: + handle_add_source(NTP_PEER, &rx_message, &tx_message); + break; + + case REQ_DEL_SOURCE: + handle_del_source(&rx_message, &tx_message); + break; + + case REQ_WRITERTC: + handle_writertc(&rx_message, &tx_message); + break; + + case REQ_DFREQ: + handle_dfreq(&rx_message, &tx_message); + break; + + case REQ_DOFFSET: + handle_doffset(&rx_message, &tx_message); + break; + + case REQ_TRACKING: + handle_tracking(&rx_message, &tx_message); + break; + + case REQ_SOURCESTATS: + handle_sourcestats(&rx_message, &tx_message); + break; + + case REQ_RTCREPORT: + handle_rtcreport(&rx_message, &tx_message); + break; + + case REQ_TRIMRTC: + handle_trimrtc(&rx_message, &tx_message); + break; + + case REQ_CYCLELOGS: + handle_cyclelogs(&rx_message, &tx_message); + break; + + case REQ_CLIENT_ACCESSES_BY_INDEX: + handle_client_accesses_by_index(&rx_message, &tx_message); + break; + + case REQ_MANUAL_LIST: + handle_manual_list(&rx_message, &tx_message); + break; + + case REQ_MANUAL_DELETE: + handle_manual_delete(&rx_message, &tx_message); + break; + + case REQ_MAKESTEP: + handle_make_step(&rx_message, &tx_message); + break; + + case REQ_ACTIVITY: + handle_activity(&rx_message, &tx_message); + break; + + case REQ_RESELECTDISTANCE: + handle_reselect_distance(&rx_message, &tx_message); + break; + + case REQ_RESELECT: + handle_reselect(&rx_message, &tx_message); + break; + + case REQ_MODIFY_MINSTRATUM: + handle_modify_minstratum(&rx_message, &tx_message); + break; + + case REQ_MODIFY_POLLTARGET: + handle_modify_polltarget(&rx_message, &tx_message); + break; + + default: + assert(0); + break; + } + } else { + tx_message.status = htons(STT_UNAUTH); + } + } + + if (auth_ok) { + auth_length = generate_tx_packet_auth(&tx_message); + } else { + auth_length = 0; + } + + if (token_ok) { + save_reply(&tx_message, + rx_message_token, + tx_message_token, + rx_message_seq, + rx_attempt, + &now); + } + + /* Transmit the response */ + { + /* Include a simple way to lose one message in three to test resend */ + + static int do_it=1; + + if (do_it) { + transmit_reply(&tx_message, &where_from, auth_length); + } + +#if 0 + do_it = ((do_it + 1) % 3); +#endif + } +} + +/* ================================================== */ + +int +CAM_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all) + { + ADF_Status status; + + if (allow) { + if (all) { + status = ADF_AllowAll(access_auth_table, ip_addr, subnet_bits); + } else { + status = ADF_Allow(access_auth_table, ip_addr, subnet_bits); + } + } else { + if (all) { + status = ADF_DenyAll(access_auth_table, ip_addr, subnet_bits); + } else { + status = ADF_Deny(access_auth_table, ip_addr, subnet_bits); + } + } + + if (status == ADF_BADSUBNET) { + return 0; + } else if (status == ADF_SUCCESS) { + return 1; + } else { + return 0; + } +} + +/* ================================================== */ + +int +CAM_CheckAccessRestriction(IPAddr *ip_addr) +{ + return ADF_IsAllowed(access_auth_table, ip_addr); +} + + +/* ================================================== */ +/* ================================================== */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/cmdmon.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdmon.h --- atmark-dist-20150618/user/chrony/chrony-1.30/cmdmon.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdmon.h 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,39 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for the control and monitoring module in the software + */ + +#ifndef GOT_CMDMON_H +#define GOT_CMDMON_H + +#include "addressing.h" + +extern void CAM_Initialise(int family); + +extern void CAM_Finalise(void); + +extern int CAM_AddAccessRestriction(IPAddr *ip_addr, int subnet_bits, int allow, int all); +extern int CAM_CheckAccessRestriction(IPAddr *ip_addr); + +#endif /* GOT_CMDMON_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/cmdparse.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdparse.c --- atmark-dist-20150618/user/chrony/chrony-1.30/cmdparse.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdparse.c 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,282 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2013 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Module for parsing various forms of directive and command lines that + are common to the configuration file and to the command client. + + */ + +#include "config.h" + +#include "sysincl.h" + +#include "cmdparse.h" +#include "memory.h" +#include "nameserv.h" +#include "util.h" + +/* ================================================== */ + +CPS_Status +CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src) +{ + char *hostname, *cmd; + int ok, n, done; + CPS_Status result; + + src->port = SRC_DEFAULT_PORT; + src->params.minpoll = SRC_DEFAULT_MINPOLL; + src->params.maxpoll = SRC_DEFAULT_MAXPOLL; + src->params.presend_minpoll = SRC_DEFAULT_PRESEND_MINPOLL; + src->params.authkey = INACTIVE_AUTHKEY; + src->params.max_delay = SRC_DEFAULT_MAXDELAY; + src->params.max_delay_ratio = SRC_DEFAULT_MAXDELAYRATIO; + src->params.max_delay_dev_ratio = SRC_DEFAULT_MAXDELAYDEVRATIO; + src->params.online = 1; + src->params.auto_offline = 0; + src->params.iburst = 0; + src->params.min_stratum = SRC_DEFAULT_MINSTRATUM; + src->params.poll_target = SRC_DEFAULT_POLLTARGET; + src->params.sel_option = SRC_SelectNormal; + + result = CPS_Success; + + hostname = line; + line = CPS_SplitWord(line); + + if (!*hostname) { + result = CPS_BadHost; + ok = 0; + } else { + /* Parse subfields */ + ok = 1; + done = 0; + do { + cmd = line; + line = CPS_SplitWord(line); + + if (*cmd) { + if (!strcasecmp(cmd, "port")) { + if (sscanf(line, "%hu%n", &src->port, &n) != 1) { + result = CPS_BadPort; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "minpoll")) { + if (sscanf(line, "%d%n", &src->params.minpoll, &n) != 1) { + result = CPS_BadMinpoll; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "maxpoll")) { + if (sscanf(line, "%d%n", &src->params.maxpoll, &n) != 1) { + result = CPS_BadMaxpoll; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "presend")) { + if (sscanf(line, "%d%n", &src->params.presend_minpoll, &n) != 1) { + result = CPS_BadPresend; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "maxdelaydevratio")) { + if (sscanf(line, "%lf%n", &src->params.max_delay_dev_ratio, &n) != 1) { + result = CPS_BadMaxdelaydevratio; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "maxdelayratio")) { + if (sscanf(line, "%lf%n", &src->params.max_delay_ratio, &n) != 1) { + result = CPS_BadMaxdelayratio; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "maxdelay")) { + if (sscanf(line, "%lf%n", &src->params.max_delay, &n) != 1) { + result = CPS_BadMaxdelay; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "key")) { + if (sscanf(line, "%lu%n", &src->params.authkey, &n) != 1 || + src->params.authkey == INACTIVE_AUTHKEY) { + result = CPS_BadKey; + ok = 0; + done = 1; + } else { + line += n; + } + } else if (!strcasecmp(cmd, "offline")) { + src->params.online = 0; + + } else if (!strcasecmp(cmd, "auto_offline")) { + src->params.auto_offline = 1; + + } else if (!strcasecmp(cmd, "iburst")) { + src->params.iburst = 1; + + } else if (!strcasecmp(cmd, "minstratum")) { + if (sscanf(line, "%d%n", &src->params.min_stratum, &n) != 1) { + result = CPS_BadMinstratum; + ok = 0; + done = 1; + } else { + line += n; + } + + } else if (!strcasecmp(cmd, "polltarget")) { + if (sscanf(line, "%d%n", &src->params.poll_target, &n) != 1) { + result = CPS_BadPolltarget; + ok = 0; + done = 1; + } else { + line += n; + } + + } else if (!strcasecmp(cmd, "noselect")) { + src->params.sel_option = SRC_SelectNoselect; + + } else if (!strcasecmp(cmd, "prefer")) { + src->params.sel_option = SRC_SelectPrefer; + + } else { + result = CPS_BadOption; + ok = 0; + done = 1; + } + } else { + done = 1; + } + } while (!done); + } + + if (ok) { + src->name = strdup(hostname); + } + + return result; + +} + +/* ================================================== */ + +void +CPS_NormalizeLine(char *line) +{ + char *p, *q; + int space = 1, first = 1; + + /* Remove white-space at beginning and replace white-spaces with space char */ + for (p = q = line; *p; p++) { + if (isspace(*p)) { + if (!space) + *q++ = ' '; + space = 1; + continue; + } + + /* Discard comment lines */ + if (first && strchr("!;#%", *p)) + break; + + *q++ = *p; + space = first = 0; + } + + /* Strip trailing space */ + if (q > line && q[-1] == ' ') + q--; + + *q = '\0'; +} + +/* ================================================== */ + +char * +CPS_SplitWord(char *line) +{ + char *p = line, *q = line; + + /* Skip white-space before the word */ + while (*q && isspace(*q)) + q++; + + /* Move the word to the beginning */ + while (*q && !isspace(*q)) + *p++ = *q++; + + /* Find the next word */ + while (*q && isspace(*q)) + q++; + + *p = '\0'; + + /* Return pointer to the next word or NUL */ + return q; +} + +/* ================================================== */ + +int +CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key) +{ + char *s1, *s2, *s3, *s4; + + s1 = line; + s2 = CPS_SplitWord(s1); + s3 = CPS_SplitWord(s2); + s4 = CPS_SplitWord(s3); + + /* Require two or three words */ + if (!*s2 || *s4) + return 0; + + if (sscanf(s1, "%lu", id) != 1) + return 0; + + if (*s3) { + *hash = s2; + *key = s3; + } else { + *hash = "MD5"; + *key = s2; + } + + return 1; +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/cmdparse.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdparse.h --- atmark-dist-20150618/user/chrony/chrony-1.30/cmdparse.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/cmdparse.h 2015-07-07 20:54:16.030013681 +0900 @@ -0,0 +1,67 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for the command parser + */ + +#ifndef GOT_CMDPARSE_H +#define GOT_CMDPARSE_H + +#include "srcparams.h" +#include "addressing.h" + +typedef enum { + CPS_Success, + CPS_BadOption, + CPS_BadHost, + CPS_BadPort, + CPS_BadMinpoll, + CPS_BadMaxpoll, + CPS_BadPresend, + CPS_BadMaxdelaydevratio, + CPS_BadMaxdelayratio, + CPS_BadMaxdelay, + CPS_BadKey, + CPS_BadMinstratum, + CPS_BadPolltarget +} CPS_Status; + +typedef struct { + char *name; + unsigned short port; + SourceParameters params; +} CPS_NTP_Source; + +/* Parse a command to add an NTP server or peer */ +extern CPS_Status CPS_ParseNTPSourceAdd(char *line, CPS_NTP_Source *src); + +/* Remove extra white-space and comments */ +extern void CPS_NormalizeLine(char *line); + +/* Terminate first word and return pointer to the next word */ +extern char *CPS_SplitWord(char *line); + +/* Parse a key from keyfile */ +extern int CPS_ParseKey(char *line, unsigned long *id, const char **hash, char **key); + +#endif /* GOT_CMDPARSE_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/conf.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/conf.c --- atmark-dist-20150618/user/chrony/chrony-1.30/conf.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/conf.c 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,1687 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2009-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Module that reads and processes the configuration file. + */ + +#include "config.h" + +#include "sysincl.h" + +#include "conf.h" +#include "ntp_sources.h" +#include "ntp_core.h" +#include "refclock.h" +#include "cmdmon.h" +#include "srcparams.h" +#include "logging.h" +#include "nameserv.h" +#include "memory.h" +#include "cmdparse.h" +#include "broadcast.h" +#include "util.h" + +/* ================================================== */ +/* Forward prototypes */ + +static int parse_string(char *line, char **result); +static int parse_int(char *line, int *result); +static int parse_unsignedlong(char *, unsigned long *result); +static int parse_double(char *line, double *result); +static int parse_null(char *line); + +static void parse_allow(char *); +static void parse_bindacqaddress(char *); +static void parse_bindaddress(char *); +static void parse_bindcmdaddress(char *); +static void parse_broadcast(char *); +static void parse_clientloglimit(char *); +static void parse_cmdallow(char *); +static void parse_cmddeny(char *); +static void parse_deny(char *); +static void parse_fallbackdrift(char *); +static void parse_include(char *); +static void parse_initstepslew(char *); +static void parse_local(char *); +static void parse_log(char *); +static void parse_mailonchange(char *); +static void parse_makestep(char *); +static void parse_maxchange(char *); +static void parse_peer(char *); +static void parse_refclock(char *); +static void parse_server(char *); +static void parse_tempcomp(char *); + +/* ================================================== */ +/* Configuration variables */ + +static int restarted = 0; +static int generate_command_key = 0; +static char *rtc_device = "/dev/rtc"; +static int acquisition_port = 0; /* 0 means let kernel choose port */ +static int ntp_port = 123; +static char *keys_file = NULL; +static char *drift_file = NULL; +static char *rtc_file = NULL; +static unsigned long command_key_id; +static double max_update_skew = 1000.0; +static double correction_time_ratio = 3.0; +static double max_clock_error = 1.0; /* in ppm */ +static double max_slew_rate = 1e6 / 12.0; /* in ppm */ + +static double reselect_distance = 1e-4; +static double stratum_weight = 1.0; +static double combine_limit = 3.0; + +static int cmd_port = DEFAULT_CANDM_PORT; + +static int do_log_measurements = 0; +static int do_log_statistics = 0; +static int do_log_tracking = 0; +static int do_log_rtc = 0; +static int do_log_refclocks = 0; +static int do_log_tempcomp = 0; +static int do_dump_on_exit = 0; +static int log_banner = 32; +static char *logdir = "."; +static char *dumpdir = "."; + +static int enable_local=0; +static int local_stratum; + +static int n_init_srcs; + +/* Threshold (in seconds) - if absolute value of initial error is less + than this, slew instead of stepping */ +static double init_slew_threshold; +#define MAX_INIT_SRCS 8 +static IPAddr init_srcs_ip[MAX_INIT_SRCS]; + +static int enable_manual=0; + +/* Flag set if the RTC runs UTC (default is it runs local time + incl. daylight saving). */ +static int rtc_on_utc = 0; + +/* Filename used to read the hwclock(8) LOCAL/UTC setting */ +static char *hwclock_file = NULL; + +/* Flag set if the RTC should be automatically synchronised by kernel */ +static int rtc_sync = 0; + +/* Limit and threshold for clock stepping */ +static int make_step_limit = 0; +static double make_step_threshold = 0.0; + +/* Threshold for automatic RTC trimming */ +static double rtc_autotrim_threshold = 0.0; + +/* Number of updates before offset checking, number of ignored updates + before exiting and the maximum allowed offset */ +static int max_offset_delay = -1; +static int max_offset_ignore; +static double max_offset; + +/* Maximum and minimum number of samples per source */ +static int max_samples = 0; /* no limit */ +static int min_samples = 0; + +/* Flag set if we should log to syslog when a time adjustment + exceeding the threshold is initiated */ +static int do_log_change = 0; +static double log_change_threshold = 0.0; + +static char *mail_user_on_change = NULL; +static double mail_change_threshold = 0.0; + +/* Flag indicating that we don't want to log clients, e.g. to save + memory */ +static int no_client_log = 0; + +/* Limit memory allocated for the clients log */ +static unsigned long client_log_limit = 524288; + +/* Minimum and maximum fallback drift intervals */ +static int fb_drift_min = 0; +static int fb_drift_max = 0; + +/* IP addresses for binding the NTP server sockets to. UNSPEC family means + INADDR_ANY will be used */ +static IPAddr bind_address4, bind_address6; + +/* IP addresses for binding the NTP client sockets to. UNSPEC family means + INADDR_ANY will be used */ +static IPAddr bind_acq_address4, bind_acq_address6; + +/* IP addresses for binding the command socket to. UNSPEC family means + use the value of bind_address */ +static IPAddr bind_cmd_address4, bind_cmd_address6; + +/* Filename to use for storing pid of running chronyd, to prevent multiple + * chronyds being started. */ +static char *pidfile = "/var/run/chronyd.pid"; + +/* Temperature sensor, update interval and compensation coefficients */ +static char *tempcomp_file = NULL; +static double tempcomp_interval; +static double tempcomp_T0, tempcomp_k0, tempcomp_k1, tempcomp_k2; + +static int sched_priority = 0; +static int lock_memory = 0; + +/* Name of a system timezone containing leap seconds occuring at midnight */ +static char *leapsec_tz = NULL; + +/* Name of the user to which will be dropped root privileges. */ +static char *user = DEFAULT_USER; + +typedef struct { + NTP_Source_Type type; + CPS_NTP_Source params; +} NTP_Source; + +#define MAX_NTP_SOURCES 64 + +static NTP_Source ntp_sources[MAX_NTP_SOURCES]; +static int n_ntp_sources = 0; + +#define MAX_RCL_SOURCES 8 + +static RefclockParameters refclock_sources[MAX_RCL_SOURCES]; +static int n_refclock_sources = 0; + +typedef struct _AllowDeny { + struct _AllowDeny *next; + struct _AllowDeny *prev; + IPAddr ip; + int subnet_bits; + int all; /* 1 to override existing more specific defns */ + int allow; /* 0 for deny, 1 for allow */ +} AllowDeny; + +static AllowDeny ntp_auth_list = {&ntp_auth_list, &ntp_auth_list}; +static AllowDeny cmd_auth_list = {&cmd_auth_list, &cmd_auth_list}; + +typedef struct { + /* Both in host (not necessarily network) order */ + IPAddr addr; + unsigned short port; + int interval; +} NTP_Broadcast_Destination; + +static NTP_Broadcast_Destination *broadcasts = NULL; +static int max_broadcasts = 0; +static int n_broadcasts = 0; + +/* ================================================== */ + +/* The line number in the configuration file being processed */ +static int line_number; +static const char *processed_file; +static const char *processed_command; + +/* ================================================== */ + +static void +command_parse_error(void) +{ + LOG_FATAL(LOGF_Configure, "Could not parse %s directive at line %d%s%s", + processed_command, line_number, processed_file ? " in file " : "", + processed_file ? processed_file : ""); +} + +/* ================================================== */ + +static void +other_parse_error(const char *message) +{ + LOG_FATAL(LOGF_Configure, "%s at line %d%s%s", + message, line_number, processed_file ? " in file " : "", + processed_file ? processed_file : ""); +} + +/* ================================================== */ + +static void +check_number_of_args(char *line, int num) +{ + /* The line is normalized, between arguments is just one space */ + if (*line == ' ') + line++; + if (*line) + num--; + for (; *line; line++) { + if (*line == ' ') + num--; + } + if (num) { + LOG_FATAL(LOGF_Configure, "%s arguments for %s directive at line %d%s%s", + num > 0 ? "Missing" : "Too many", + processed_command, line_number, processed_file ? " in file " : "", + processed_file ? processed_file : ""); + } +} + +/* ================================================== */ + +void +CNF_SetRestarted(int r) +{ + restarted = r; +} + +/* ================================================== */ + +/* Read the configuration file */ +void +CNF_ReadFile(const char *filename) +{ + FILE *in; + char line[2048]; + int i; + + in = fopen(filename, "r"); + if (!in) { + LOG_FATAL(LOGF_Configure, "Could not open configuration file %s", filename); + return; + } + + for (i = 1; fgets(line, sizeof(line), in); i++) { + CNF_ParseLine(filename, i, line); + } + + fclose(in); +} + +/* ================================================== */ + +/* Parse one configuration line */ +void +CNF_ParseLine(const char *filename, int number, char *line) +{ + char *p, *command; + + /* Set global variables used in error messages */ + processed_file = filename; + line_number = number; + + /* Remove extra white-space and comments */ + CPS_NormalizeLine(line); + + /* Skip blank lines */ + if (!*line) + return; + + /* We have a real line, now try to match commands */ + processed_command = command = line; + p = CPS_SplitWord(line); + + if (!strcasecmp(command, "acquisitionport")) { + parse_int(p, &acquisition_port); + } else if (!strcasecmp(command, "allow")) { + parse_allow(p); + } else if (!strcasecmp(command, "bindacqaddress")) { + parse_bindacqaddress(p); + } else if (!strcasecmp(command, "bindaddress")) { + parse_bindaddress(p); + } else if (!strcasecmp(command, "bindcmdaddress")) { + parse_bindcmdaddress(p); + } else if (!strcasecmp(command, "broadcast")) { + parse_broadcast(p); + } else if (!strcasecmp(command, "clientloglimit")) { + parse_clientloglimit(p); + } else if (!strcasecmp(command, "cmdallow")) { + parse_cmdallow(p); + } else if (!strcasecmp(command, "cmddeny")) { + parse_cmddeny(p); + } else if (!strcasecmp(command, "cmdport")) { + parse_int(p, &cmd_port); + } else if (!strcasecmp(command, "combinelimit")) { + parse_double(p, &combine_limit); + } else if (!strcasecmp(command, "commandkey")) { + parse_unsignedlong(p, &command_key_id); + } else if (!strcasecmp(command, "corrtimeratio")) { + parse_double(p, &correction_time_ratio); + } else if (!strcasecmp(command, "deny")) { + parse_deny(p); + } else if (!strcasecmp(command, "driftfile")) { + parse_string(p, &drift_file); + } else if (!strcasecmp(command, "dumpdir")) { + parse_string(p, &dumpdir); + } else if (!strcasecmp(command, "dumponexit")) { + do_dump_on_exit = parse_null(p); + } else if (!strcasecmp(command, "fallbackdrift")) { + parse_fallbackdrift(p); + } else if (!strcasecmp(command, "generatecommandkey")) { + generate_command_key = parse_null(p); + } else if (!strcasecmp(command, "hwclockfile")) { + parse_string(p, &hwclock_file); + } else if (!strcasecmp(command, "include")) { + parse_include(p); + } else if (!strcasecmp(command, "initstepslew")) { + parse_initstepslew(p); + } else if (!strcasecmp(command, "keyfile")) { + parse_string(p, &keys_file); + } else if (!strcasecmp(command, "leapsectz")) { + parse_string(p, &leapsec_tz); + } else if (!strcasecmp(command, "linux_freq_scale")) { + LOG(LOGS_WARN, LOGF_Configure, "%s directive is no longer supported", command); + } else if (!strcasecmp(command, "linux_hz")) { + LOG(LOGS_WARN, LOGF_Configure, "%s directive is no longer supported", command); + } else if (!strcasecmp(command, "local")) { + parse_local(p); + } else if (!strcasecmp(command, "lock_all")) { + lock_memory = parse_null(p); + } else if (!strcasecmp(command, "log")) { + parse_log(p); + } else if (!strcasecmp(command, "logbanner")) { + parse_int(p, &log_banner); + } else if (!strcasecmp(command, "logchange")) { + do_log_change = parse_double(p, &log_change_threshold); + } else if (!strcasecmp(command, "logdir")) { + parse_string(p, &logdir); + } else if (!strcasecmp(command, "mailonchange")) { + parse_mailonchange(p); + } else if (!strcasecmp(command, "makestep")) { + parse_makestep(p); + } else if (!strcasecmp(command, "manual")) { + enable_manual = parse_null(p); + } else if (!strcasecmp(command, "maxchange")) { + parse_maxchange(p); + } else if (!strcasecmp(command, "maxclockerror")) { + parse_double(p, &max_clock_error); + } else if (!strcasecmp(command, "maxsamples")) { + parse_int(p, &max_samples); + } else if (!strcasecmp(command, "maxslewrate")) { + parse_double(p, &max_slew_rate); + } else if (!strcasecmp(command, "maxupdateskew")) { + parse_double(p, &max_update_skew); + } else if (!strcasecmp(command, "minsamples")) { + parse_int(p, &min_samples); + } else if (!strcasecmp(command, "noclientlog")) { + no_client_log = parse_null(p); + } else if (!strcasecmp(command, "peer")) { + parse_peer(p); + } else if (!strcasecmp(command, "pidfile")) { + parse_string(p, &pidfile); + } else if (!strcasecmp(command, "port")) { + parse_int(p, &ntp_port); + } else if (!strcasecmp(command, "refclock")) { + parse_refclock(p); + } else if (!strcasecmp(command, "reselectdist")) { + parse_double(p, &reselect_distance); + } else if (!strcasecmp(command, "rtcautotrim")) { + parse_double(p, &rtc_autotrim_threshold); + } else if (!strcasecmp(command, "rtcdevice")) { + parse_string(p, &rtc_device); + } else if (!strcasecmp(command, "rtcfile")) { + parse_string(p, &rtc_file); + } else if (!strcasecmp(command, "rtconutc")) { + rtc_on_utc = parse_null(p); + } else if (!strcasecmp(command, "rtcsync")) { + rtc_sync = parse_null(p); + } else if (!strcasecmp(command, "sched_priority")) { + parse_int(p, &sched_priority); + } else if (!strcasecmp(command, "server")) { + parse_server(p); + } else if (!strcasecmp(command, "stratumweight")) { + parse_double(p, &stratum_weight); + } else if (!strcasecmp(command, "tempcomp")) { + parse_tempcomp(p); + } else if (!strcasecmp(command, "user")) { + parse_string(p, &user); + } else { + other_parse_error("Invalid command"); + } +} + +/* ================================================== */ + +static int +parse_string(char *line, char **result) +{ + check_number_of_args(line, 1); + *result = strdup(line); + return 1; +} + +/* ================================================== */ + +static int +parse_int(char *line, int *result) +{ + check_number_of_args(line, 1); + if (sscanf(line, "%d", result) != 1) { + command_parse_error(); + return 0; + } + return 1; +} + +/* ================================================== */ + +static int +parse_unsignedlong(char *line, unsigned long *result) +{ + check_number_of_args(line, 1); + if (sscanf(line, "%lu", result) != 1) { + command_parse_error(); + return 0; + } + return 1; +} + +/* ================================================== */ + +static int +parse_double(char *line, double *result) +{ + check_number_of_args(line, 1); + if (sscanf(line, "%lf", result) != 1) { + command_parse_error(); + return 0; + } + return 1; +} + +/* ================================================== */ + +static int +parse_null(char *line) +{ + check_number_of_args(line, 0); + return 1; +} + +/* ================================================== */ + +static void +parse_source(char *line, NTP_Source_Type type) +{ + CPS_Status status; + + if (n_ntp_sources >= MAX_NTP_SOURCES) + return; + + ntp_sources[n_ntp_sources].type = type; + status = CPS_ParseNTPSourceAdd(line, &ntp_sources[n_ntp_sources].params); + + switch (status) { + case CPS_Success: + n_ntp_sources++; + break; + case CPS_BadOption: + other_parse_error("Invalid server/peer parameter"); + break; + case CPS_BadHost: + other_parse_error("Invalid host/IP address"); + break; + case CPS_BadPort: + other_parse_error("Unreadable port"); + break; + case CPS_BadMinpoll: + other_parse_error("Unreadable minpoll"); + break; + case CPS_BadMaxpoll: + other_parse_error("Unreadable maxpoll"); + break; + case CPS_BadPresend: + other_parse_error("Unreadable presend"); + break; + case CPS_BadMaxdelaydevratio: + other_parse_error("Unreadable maxdelaydevratio"); + break; + case CPS_BadMaxdelayratio: + other_parse_error("Unreadable maxdelayratio"); + break; + case CPS_BadMaxdelay: + other_parse_error("Unreadable maxdelay"); + break; + case CPS_BadKey: + other_parse_error("Unreadable key"); + break; + case CPS_BadMinstratum: + other_parse_error("Unreadable minstratum"); + break; + case CPS_BadPolltarget: + other_parse_error("Unreadable polltarget"); + break; + } +} + +/* ================================================== */ + +static void +parse_server(char *line) +{ + parse_source(line, NTP_SERVER); +} + +/* ================================================== */ + +static void +parse_peer(char *line) +{ + parse_source(line, NTP_PEER); +} + +/* ================================================== */ + +static void +parse_refclock(char *line) +{ + int i, n, poll, dpoll, filter_length, pps_rate; + uint32_t ref_id, lock_ref_id; + double offset, delay, precision, max_dispersion; + char *p, *cmd, *name, *param; + unsigned char ref[5]; + SRC_SelectOption sel_option; + + i = n_refclock_sources; + if (i >= MAX_RCL_SOURCES) + return; + + poll = 4; + dpoll = 0; + filter_length = 64; + pps_rate = 0; + offset = 0.0; + delay = 1e-9; + precision = 0.0; + max_dispersion = 0.0; + ref_id = 0; + lock_ref_id = 0; + sel_option = SRC_SelectNormal; + + if (!*line) { + command_parse_error(); + return; + } + + p = line; + line = CPS_SplitWord(line); + + if (!*line) { + command_parse_error(); + return; + } + + name = strdup(p); + + p = line; + line = CPS_SplitWord(line); + param = strdup(p); + + while (*line) { + cmd = line; + line = CPS_SplitWord(line); + if (!strcasecmp(cmd, "refid")) { + if (sscanf(line, "%4s%n", (char *)ref, &n) != 1) + break; + ref_id = ref[0] << 24 | ref[1] << 16 | ref[2] << 8 | ref[3]; + } else if (!strcasecmp(cmd, "lock")) { + if (sscanf(line, "%4s%n", (char *)ref, &n) != 1) + break; + lock_ref_id = ref[0] << 24 | ref[1] << 16 | ref[2] << 8 | ref[3]; + } else if (!strcasecmp(cmd, "poll")) { + if (sscanf(line, "%d%n", &poll, &n) != 1) { + break; + } + } else if (!strcasecmp(cmd, "dpoll")) { + if (sscanf(line, "%d%n", &dpoll, &n) != 1) { + break; + } + } else if (!strcasecmp(cmd, "filter")) { + if (sscanf(line, "%d%n", &filter_length, &n) != 1) { + break; + } + } else if (!strcasecmp(cmd, "rate")) { + if (sscanf(line, "%d%n", &pps_rate, &n) != 1) + break; + } else if (!strcasecmp(cmd, "offset")) { + if (sscanf(line, "%lf%n", &offset, &n) != 1) + break; + } else if (!strcasecmp(cmd, "delay")) { + if (sscanf(line, "%lf%n", &delay, &n) != 1) + break; + } else if (!strcasecmp(cmd, "precision")) { + if (sscanf(line, "%lf%n", &precision, &n) != 1) + break; + } else if (!strcasecmp(cmd, "maxdispersion")) { + if (sscanf(line, "%lf%n", &max_dispersion, &n) != 1) + break; + } else if (!strcasecmp(cmd, "noselect")) { + n = 0; + sel_option = SRC_SelectNoselect; + } else if (!strcasecmp(cmd, "prefer")) { + n = 0; + sel_option = SRC_SelectPrefer; + } else { + break; + } + line += n; + } + + if (*line) { + other_parse_error("Invalid/unreadable refclock parameter"); + return; + } + + refclock_sources[i].driver_name = name; + refclock_sources[i].driver_parameter = param; + refclock_sources[i].driver_poll = dpoll; + refclock_sources[i].poll = poll; + refclock_sources[i].filter_length = filter_length; + refclock_sources[i].pps_rate = pps_rate; + refclock_sources[i].offset = offset; + refclock_sources[i].delay = delay; + refclock_sources[i].precision = precision; + refclock_sources[i].max_dispersion = max_dispersion; + refclock_sources[i].sel_option = sel_option; + refclock_sources[i].ref_id = ref_id; + refclock_sources[i].lock_ref_id = lock_ref_id; + + n_refclock_sources++; +} + +/* ================================================== */ + +static void +parse_log(char *line) +{ + char *log_name; + do { + log_name = line; + line = CPS_SplitWord(line); + if (*log_name) { + if (!strcmp(log_name, "measurements")) { + do_log_measurements = 1; + } else if (!strcmp(log_name, "statistics")) { + do_log_statistics = 1; + } else if (!strcmp(log_name, "tracking")) { + do_log_tracking = 1; + } else if (!strcmp(log_name, "rtc")) { + do_log_rtc = 1; + } else if (!strcmp(log_name, "refclocks")) { + do_log_refclocks = 1; + } else if (!strcmp(log_name, "tempcomp")) { + do_log_tempcomp = 1; + } else { + other_parse_error("Invalid log parameter"); + break; + } + } else { + break; + } + } while (1); +} + +/* ================================================== */ + +static void +parse_local(char *line) +{ + int stratum; + if (sscanf(line, "stratum%d", &stratum) == 1) { + local_stratum = stratum; + enable_local = 1; + } else { + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_initstepslew(char *line) +{ + char *p, *hostname; + IPAddr ip_addr; + + /* Ignore the line if chronyd was started with -R. */ + if (restarted) { + return; + } + + n_init_srcs = 0; + p = CPS_SplitWord(line); + + if (sscanf(line, "%lf", &init_slew_threshold) != 1) { + command_parse_error(); + return; + } + + while (*p) { + hostname = p; + p = CPS_SplitWord(p); + if (*hostname) { + if (DNS_Name2IPAddress(hostname, &ip_addr) == DNS_Success) { + init_srcs_ip[n_init_srcs] = ip_addr; + ++n_init_srcs; + } else { + LOG(LOGS_WARN, LOGF_Configure, "Could not resolve address of initstepslew server %s", hostname); + } + + if (n_init_srcs >= MAX_INIT_SRCS) { + other_parse_error("Too many initstepslew servers"); + } + } + } +} + +/* ================================================== */ + +static void +parse_clientloglimit(char *line) +{ + check_number_of_args(line, 1); + if (sscanf(line, "%lu", &client_log_limit) != 1) { + command_parse_error(); + } + + if (client_log_limit == 0) { + /* unlimited */ + client_log_limit = (unsigned long)-1; + } +} + +/* ================================================== */ + +static void +parse_fallbackdrift(char *line) +{ + check_number_of_args(line, 2); + if (sscanf(line, "%d %d", &fb_drift_min, &fb_drift_max) != 2) { + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_makestep(char *line) +{ + check_number_of_args(line, 2); + if (sscanf(line, "%lf %d", &make_step_threshold, &make_step_limit) != 2) { + make_step_limit = 0; + command_parse_error(); + } + + /* Disable limited makestep if chronyd was started with -R. */ + if (restarted && make_step_limit > 0) { + make_step_limit = 0; + } +} + +/* ================================================== */ + +static void +parse_maxchange(char *line) +{ + check_number_of_args(line, 3); + if (sscanf(line, "%lf %d %d", &max_offset, &max_offset_delay, &max_offset_ignore) != 3) { + max_offset_delay = -1; + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_mailonchange(char *line) +{ + char *address; + check_number_of_args(line, 2); + address = line; + line = CPS_SplitWord(line); + if (sscanf(line, "%lf", &mail_change_threshold) == 1) { + mail_user_on_change = strdup(address); + } else { + mail_user_on_change = NULL; + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_allow_deny(char *line, AllowDeny *list, int allow) +{ + char *p; + unsigned long a, b, c, d, n; + int all = 0; + AllowDeny *new_node = NULL; + IPAddr ip_addr; + + p = line; + + if (!strncmp(p, "all", 3)) { + all = 1; + p = CPS_SplitWord(line); + } + + if (!*p) { + /* Empty line applies to all addresses */ + new_node = MallocNew(AllowDeny); + new_node->allow = allow; + new_node->all = all; + new_node->ip.family = IPADDR_UNSPEC; + new_node->subnet_bits = 0; + } else { + char *slashpos; + slashpos = strchr(p, '/'); + if (slashpos) *slashpos = 0; + + check_number_of_args(p, 1); + n = 0; + if (UTI_StringToIP(p, &ip_addr) || + (n = sscanf(p, "%lu.%lu.%lu.%lu", &a, &b, &c, &d)) >= 1) { + new_node = MallocNew(AllowDeny); + new_node->allow = allow; + new_node->all = all; + + if (n == 0) { + new_node->ip = ip_addr; + if (ip_addr.family == IPADDR_INET6) + new_node->subnet_bits = 128; + else + new_node->subnet_bits = 32; + } else { + new_node->ip.family = IPADDR_INET4; + + a &= 0xff; + b &= 0xff; + c &= 0xff; + d &= 0xff; + + switch (n) { + case 1: + new_node->ip.addr.in4 = (a<<24); + new_node->subnet_bits = 8; + break; + case 2: + new_node->ip.addr.in4 = (a<<24) | (b<<16); + new_node->subnet_bits = 16; + break; + case 3: + new_node->ip.addr.in4 = (a<<24) | (b<<16) | (c<<8); + new_node->subnet_bits = 24; + break; + case 4: + new_node->ip.addr.in4 = (a<<24) | (b<<16) | (c<<8) | d; + new_node->subnet_bits = 32; + break; + default: + assert(0); + } + } + + if (slashpos) { + int specified_subnet_bits, n; + n = sscanf(slashpos+1, "%d", &specified_subnet_bits); + if (n == 1) { + new_node->subnet_bits = specified_subnet_bits; + } else { + command_parse_error(); + } + } + + } else { + if (DNS_Name2IPAddress(p, &ip_addr) == DNS_Success) { + new_node = MallocNew(AllowDeny); + new_node->allow = allow; + new_node->all = all; + new_node->ip = ip_addr; + if (ip_addr.family == IPADDR_INET6) + new_node->subnet_bits = 128; + else + new_node->subnet_bits = 32; + } else { + command_parse_error(); + } + } + } + + if (new_node) { + new_node->prev = list->prev; + new_node->next = list; + list->prev->next = new_node; + list->prev = new_node; + } + +} + + +/* ================================================== */ + +static void +parse_allow(char *line) +{ + parse_allow_deny(line, &ntp_auth_list, 1); +} + + +/* ================================================== */ + +static void +parse_deny(char *line) +{ + parse_allow_deny(line, &ntp_auth_list, 0); +} + +/* ================================================== */ + +static void +parse_cmdallow(char *line) +{ + parse_allow_deny(line, &cmd_auth_list, 1); +} + + +/* ================================================== */ + +static void +parse_cmddeny(char *line) +{ + parse_allow_deny(line, &cmd_auth_list, 0); +} + +/* ================================================== */ + +static void +parse_bindacqaddress(char *line) +{ + IPAddr ip; + + check_number_of_args(line, 1); + if (UTI_StringToIP(line, &ip)) { + if (ip.family == IPADDR_INET4) + bind_acq_address4 = ip; + else if (ip.family == IPADDR_INET6) + bind_acq_address6 = ip; + } else { + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_bindaddress(char *line) +{ + IPAddr ip; + + check_number_of_args(line, 1); + if (UTI_StringToIP(line, &ip)) { + if (ip.family == IPADDR_INET4) + bind_address4 = ip; + else if (ip.family == IPADDR_INET6) + bind_address6 = ip; + } else { + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_bindcmdaddress(char *line) +{ + IPAddr ip; + + check_number_of_args(line, 1); + if (UTI_StringToIP(line, &ip)) { + if (ip.family == IPADDR_INET4) + bind_cmd_address4 = ip; + else if (ip.family == IPADDR_INET6) + bind_cmd_address6 = ip; + } else { + command_parse_error(); + } +} + +/* ================================================== */ + +static void +parse_broadcast(char *line) +{ + /* Syntax : broadcast [] */ + int port; + int interval; + char *p; + IPAddr ip; + + p = line; + line = CPS_SplitWord(line); + + if (sscanf(p, "%d", &interval) != 1) { + command_parse_error(); + return; + } + + p = line; + line = CPS_SplitWord(line); + + if (!UTI_StringToIP(p, &ip)) { + command_parse_error(); + return; + } + + p = line; + line = CPS_SplitWord(line); + + if (*p) { + if (sscanf(p, "%d", &port) != 1 || *line) { + command_parse_error(); + return; + } + } else { + /* default port */ + port = 123; + } + + if (max_broadcasts == n_broadcasts) { + /* Expand array */ + max_broadcasts += 8; + if (broadcasts) { + broadcasts = ReallocArray(NTP_Broadcast_Destination, max_broadcasts, broadcasts); + } else { + broadcasts = MallocArray(NTP_Broadcast_Destination, max_broadcasts); + } + } + + broadcasts[n_broadcasts].addr = ip; + broadcasts[n_broadcasts].port = port; + broadcasts[n_broadcasts].interval = interval; + ++n_broadcasts; +} + +/* ================================================== */ + +static void +parse_tempcomp(char *line) +{ + char *p; + + check_number_of_args(line, 6); + p = line; + line = CPS_SplitWord(line); + + if (!*p) { + command_parse_error(); + return; + } + + if (sscanf(line, "%lf %lf %lf %lf %lf", &tempcomp_interval, &tempcomp_T0, &tempcomp_k0, &tempcomp_k1, &tempcomp_k2) != 5) { + command_parse_error(); + return; + } + + tempcomp_file = strdup(p); +} + +/* ================================================== */ + +static void +parse_include(char *line) +{ + check_number_of_args(line, 1); + CNF_ReadFile(line); +} + +/* ================================================== */ + +void +CNF_AddInitSources(void) +{ + CPS_NTP_Source cps_source; + NTP_Remote_Address ntp_addr; + char dummy_hostname[2] = "H"; + int i; + + for (i = 0; i < n_init_srcs; i++) { + /* Get the default NTP params */ + CPS_ParseNTPSourceAdd(dummy_hostname, &cps_source); + + /* Add the address as an offline iburst server */ + ntp_addr.ip_addr = init_srcs_ip[i]; + ntp_addr.port = cps_source.port; + cps_source.params.iburst = 1; + cps_source.params.online = 0; + + NSR_AddSource(&ntp_addr, NTP_SERVER, &cps_source.params); + } +} + +/* ================================================== */ + +void +CNF_AddSources(void) { + int i; + + for (i=0; inext) { + status = NCR_AddAccessRestriction(&node->ip, node->subnet_bits, node->allow, node->all); + if (!status) { + LOG_FATAL(LOGF_Configure, "Bad subnet in %s/%d", UTI_IPToString(&node->ip), node->subnet_bits); + } + } + + for (node = cmd_auth_list.next; node != &cmd_auth_list; node = node->next) { + status = CAM_AddAccessRestriction(&node->ip, node->subnet_bits, node->allow, node->all); + if (!status) { + LOG_FATAL(LOGF_Configure, "Bad subnet in %s/%d", UTI_IPToString(&node->ip), node->subnet_bits); + } + } +} + +/* ================================================== */ + +int +CNF_GetNoClientLog(void) +{ + return no_client_log; +} + +/* ================================================== */ + +unsigned long +CNF_GetClientLogLimit(void) +{ + return client_log_limit; +} + +/* ================================================== */ + +void +CNF_GetFallbackDrifts(int *min, int *max) +{ + *min = fb_drift_min; + *max = fb_drift_max; +} + +/* ================================================== */ + +void +CNF_GetBindAddress(int family, IPAddr *addr) +{ + if (family == IPADDR_INET4) + *addr = bind_address4; + else if (family == IPADDR_INET6) + *addr = bind_address6; + else + addr->family = IPADDR_UNSPEC; +} + +/* ================================================== */ + +void +CNF_GetBindAcquisitionAddress(int family, IPAddr *addr) +{ + if (family == IPADDR_INET4) + *addr = bind_acq_address4; + else if (family == IPADDR_INET6) + *addr = bind_acq_address6; + else + addr->family = IPADDR_UNSPEC; +} + +/* ================================================== */ + +void +CNF_GetBindCommandAddress(int family, IPAddr *addr) +{ + if (family == IPADDR_INET4) + *addr = bind_cmd_address4.family != IPADDR_UNSPEC ? bind_cmd_address4 : bind_address4; + else if (family == IPADDR_INET6) + *addr = bind_cmd_address6.family != IPADDR_UNSPEC ? bind_cmd_address6 : bind_address6; + else + addr->family = IPADDR_UNSPEC; +} + +/* ================================================== */ + +char * +CNF_GetPidFile(void) +{ + return pidfile; +} + +/* ================================================== */ + +char * +CNF_GetLeapSecTimezone(void) +{ + return leapsec_tz; +} + +/* ================================================== */ + +int +CNF_GetSchedPriority(void) +{ + return sched_priority; +} + +/* ================================================== */ + +int +CNF_GetLockMemory(void) +{ + return lock_memory; +} + +/* ================================================== */ + +void +CNF_GetTempComp(char **file, double *interval, double *T0, double *k0, double *k1, double *k2) +{ + *file = tempcomp_file; + *interval = tempcomp_interval; + *T0 = tempcomp_T0; + *k0 = tempcomp_k0; + *k1 = tempcomp_k1; + *k2 = tempcomp_k2; +} + +/* ================================================== */ + +char * +CNF_GetUser(void) +{ + return user; +} + +/* ================================================== */ + +int +CNF_GetMaxSamples(void) +{ + return max_samples; +} + +/* ================================================== */ + +int +CNF_GetMinSamples(void) +{ + return min_samples; +} + +/* ================================================== */ + +char * +CNF_GetHwclockFile(void) +{ + return hwclock_file; +} + +/* ================================================== */ + +int +CNF_GetInitSources(void) +{ + return n_init_srcs; +} + +/* ================================================== */ + +double +CNF_GetInitStepThreshold(void) +{ + return init_slew_threshold; +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/conf.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/conf.h --- atmark-dist-20150618/user/chrony/chrony-1.30/conf.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/conf.h 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,109 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2013-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for configuration module + */ + +#ifndef GOT_CONF_H +#define GOT_CONF_H + +#include "addressing.h" + +extern void CNF_SetRestarted(int); + +extern char *CNF_GetRtcDevice(void); + +extern void CNF_ReadFile(const char *filename); +extern void CNF_ParseLine(const char *filename, int number, char *line); + +extern void CNF_AddInitSources(void); +extern void CNF_AddSources(void); +extern void CNF_AddBroadcasts(void); +extern void CNF_AddRefclocks(void); + +extern unsigned short CNF_GetAcquisitionPort(void); +extern unsigned short CNF_GetNTPPort(void); +extern char *CNF_GetDriftFile(void); +extern char *CNF_GetLogDir(void); +extern char *CNF_GetDumpDir(void); +extern int CNF_GetLogBanner(void); +extern int CNF_GetLogMeasurements(void); +extern int CNF_GetLogStatistics(void); +extern int CNF_GetLogTracking(void); +extern int CNF_GetLogRtc(void); +extern int CNF_GetLogRefclocks(void); +extern int CNF_GetLogTempComp(void); +extern char *CNF_GetKeysFile(void); +extern char *CNF_GetRtcFile(void); +extern unsigned long CNF_GetCommandKey(void); +extern int CNF_GetGenerateCommandKey(void); +extern int CNF_GetDumpOnExit(void); +extern int CNF_GetManualEnabled(void); +extern int CNF_GetCommandPort(void); +extern int CNF_GetRtcOnUtc(void); +extern int CNF_GetRtcSync(void); +extern void CNF_GetMakeStep(int *limit, double *threshold); +extern void CNF_GetMaxChange(int *delay, int *ignore, double *offset); +extern void CNF_GetLogChange(int *enabled, double *threshold); +extern void CNF_GetMailOnChange(int *enabled, double *threshold, char **user); +extern int CNF_GetNoClientLog(void); +extern unsigned long CNF_GetClientLogLimit(void); +extern void CNF_GetFallbackDrifts(int *min, int *max); +extern void CNF_GetBindAddress(int family, IPAddr *addr); +extern void CNF_GetBindAcquisitionAddress(int family, IPAddr *addr); +extern void CNF_GetBindCommandAddress(int family, IPAddr *addr); +extern char *CNF_GetPidFile(void); +extern char *CNF_GetLeapSecTimezone(void); + +/* Value returned in ppm, as read from file */ +extern double CNF_GetMaxUpdateSkew(void); +extern double CNF_GetMaxClockError(void); +extern double CNF_GetCorrectionTimeRatio(void); +extern double CNF_GetMaxSlewRate(void); + +extern double CNF_GetReselectDistance(void); +extern double CNF_GetStratumWeight(void); +extern double CNF_GetCombineLimit(void); + +extern int CNF_AllowLocalReference(int *stratum); + +extern void CNF_SetupAccessRestrictions(void); + +extern int CNF_GetSchedPriority(void); +extern int CNF_GetLockMemory(void); + +extern void CNF_GetTempComp(char **file, double *interval, double *T0, double *k0, double *k1, double *k2); + +extern char *CNF_GetUser(void); + +extern int CNF_GetMaxSamples(void); +extern int CNF_GetMinSamples(void); + +extern double CNF_GetRtcAutotrim(void); +extern char *CNF_GetHwclockFile(void); + +extern int CNF_GetInitSources(void); +extern double CNF_GetInitStepThreshold(void); + +#endif /* GOT_CONF_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/configure atmark-dist-20150618_chrony/user/chrony/chrony-1.30/configure --- atmark-dist-20150618/user/chrony/chrony-1.30/configure 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/configure 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,687 @@ +#!/bin/sh +# ======================================================================= +# +# chronyd/chronyc - Programs for keeping computer clocks accurate. +# +# Copyright (C) Richard P. Curnow 1997-2003 +# Copyright (C) Miroslav Lichvar 2009, 2012-2014 +# +# ======================================================================= + +rm -f config.h config.log + +# This configure script determines the operating system type and version + +if [ "x${CC}" = "x" ]; then + MYCC="gcc" +else + MYCC="${CC}" +fi + +if [ "x${CFLAGS}" = "x" ]; then + MYCFLAGS="-O2 -g" +else + MYCFLAGS="${CFLAGS}" +fi + +MYCPPFLAGS="${CPPFLAGS}" + +if [ "x${MYCC}" = "xgcc" ]; then + MYCFLAGS="${MYCFLAGS} -Wmissing-prototypes -Wall" +fi + +MYLDFLAGS="${LDFLAGS}" + +# ====================================================================== +# FUNCTIONS + +#{{{ test_code +test_code () { + name=$1 + headers=$2 + cflags=$3 + ldflags=$4 + code=$5 + + echo -n "Checking for $name : " + + ( + for h in $headers; do + echo "#include <$h>" + done + echo "int main(int argc, char **argv) {" + echo "$code" + echo "return 0; }" + ) > docheck.c + + echo "docheck.c:" >> config.log + cat docheck.c >> config.log + echo $MYCC $MYCFLAGS $MYCPPFLAGS $cflags -o docheck docheck.c $ldflags \ + $MYLDFLAGS >> config.log + $MYCC $MYCFLAGS $MYCPPFLAGS $cflags -o docheck docheck.c $ldflags \ + $MYLDFLAGS >> config.log 2>&1 + + if [ $? -eq 0 ] + then + echo "Yes" + result=0 + else + echo "No" + result=1 + fi + rm -f docheck.c docheck + echo >> config.log + return $result +} +#}}} +#{{{ usage +usage () { + cat < if you have + headers in a nonstandard directory + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + +Use these variables to override the choices made by \`configure' or to help +it to find libraries and programs with nonstandard names/locations. + +EOF + +} +#}}} +#{{{ +add_def () { + if [ "x$2" = "x" ]; then + echo "#define $1 1" >> config.h + else + echo "#define $1 $2" >> config.h + fi +} +#}}} + +# ====================================================================== + + + +OPERATINGSYSTEM=`uname -s` +VERSION=`uname -r` +MACHINE=`uname -m` + +EXTRA_LIBS="" +EXTRA_CLI_LIBS="" +EXTRA_OBJECTS="" +EXTRA_DEFS="" +SYSDEFS="" + +debug=0 +feat_readline=1 +try_readline=1 +try_editline=1 +try_nss=1 +try_tomcrypt=1 +feat_rtc=1 +try_rtc=0 +feat_linuxcaps=1 +try_linuxcaps=0 +readline_lib="" +readline_inc="" +ncurses_lib="" +feat_ipv6=1 +feat_phc=1 +try_phc=0 +feat_pps=1 +try_setsched=0 +try_lockmem=0 +feat_asyncdns=1 +feat_forcednsretry=1 +default_user="root" +mail_program="/usr/lib/sendmail" + +for option +do + case "$option" in + --enable-debug ) + debug=1 + ;; + --disable-readline ) + feat_readline=0 + ;; + --without-readline ) + try_readline=0 + ;; + --without-editline ) + try_editline=0 + ;; + --with-readline-library=* ) + readline_lib=-L`echo $option | sed -e 's/^.*=//;'` + ;; + --with-readline-includes=* ) + readline_inc=-I`echo $option | sed -e 's/^.*=//;'` + ;; + --with-ncurses-library=* ) + ncurses_lib=-L`echo $option | sed -e 's/^.*=//;'` + ;; + --prefix=* | --install_prefix=* ) + SETPREFIX=`echo $option | sed -e 's/[^=]*=//;'` + ;; + --exec-prefix=* ) + SETEPREFIX=`echo $option | sed -e 's/[^=]*=//;'` + ;; + --sysconfdir=* ) + SETSYSCONFDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --bindir=* ) + SETBINDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --sbindir=* ) + SETSBINDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --datarootdir=* ) + SETDATAROOTDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --infodir=* ) + SETINFODIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --mandir=* ) + SETMANDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --docdir=* ) + SETDOCDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --localstatedir=* ) + SETLOCALSTATEDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --chronyvardir=* ) + SETCHRONYVARDIR=`echo $option | sed -e 's/^.*=//;'` + ;; + --disable-rtc) + feat_rtc=0 + ;; + --disable-ipv6) + feat_ipv6=0 + ;; + --disable-phc) + feat_phc=0 + ;; + --disable-pps) + feat_pps=0 + ;; + --disable-linuxcaps) + feat_linuxcaps=0 + ;; + --disable-asyncdns) + feat_asyncdns=0 + ;; + --disable-forcednsretry) + feat_forcednsretry=0 + ;; + --with-user=* ) + default_user=`echo $option | sed -e 's/^.*=//;'` + ;; + --with-sendmail=* ) + mail_program=`echo $option | sed -e 's/^.*=//;'` + ;; + --without-nss ) + try_nss=0 + ;; + --without-tomcrypt ) + try_tomcrypt=0 + ;; + --host-system=* ) + OPERATINGSYSTEM=`echo $option | sed -e 's/^.*=//;'` + ;; + --host-release=* ) + VERSION=`echo $option | sed -e 's/^.*=//;'` + ;; + --host-machine=* ) + MACHINE=`echo $option | sed -e 's/^.*=//;'` + ;; + --help | -h ) + usage + exit 0 + ;; + * ) + echo "Unrecognized option : " $option + esac +done + +SYSTEM=${OPERATINGSYSTEM}-${MACHINE} + +case $SYSTEM in + SunOS-sun4* ) + case $VERSION in + 4.* ) + EXTRA_OBJECTS="sys_sunos.o strerror.o" + EXTRA_LIBS="-lkvm" + add_def SUNOS + echo "Configuring for SunOS (" $SYSTEM "version" $VERSION ")" + ;; + 5.* ) + EXTRA_OBJECTS="sys_solaris.o" + EXTRA_LIBS="-lsocket -lnsl -lkvm -lelf" + EXTRA_CLI_LIBS="-lsocket -lnsl" + add_def SOLARIS + echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")" + ;; + esac + ;; + Linux* ) + EXTRA_OBJECTS="sys_generic.o sys_linux.o wrap_adjtimex.o" + try_linuxcaps=1 + try_rtc=1 + try_setsched=1 + try_lockmem=1 + try_phc=1 + add_def LINUX + echo "Configuring for " $SYSTEM + if [ "${MACHINE}" = "alpha" ]; then + echo "Enabling -mieee" + # FIXME: Should really test for GCC + MYCFLAGS="$MYCFLAGS -mieee" + fi + ;; + + BSD/386-i[3456]86|FreeBSD-i386|FreeBSD-amd64 ) + # Antti Jrvinen reported that this system can + # be supported with the SunOS 4.x driver files. + EXTRA_OBJECTS="sys_sunos.o strerror.o" + EXTRA_LIBS="-lkvm" + add_def SUNOS + echo "Configuring for $SYSTEM (using SunOS driver)" + ;; + NetBSD-* ) + EXTRA_OBJECTS="sys_netbsd.o" + EXTRA_LIBS="-lkvm" + SYSDEFS="" + echo "Configuring for $SYSTEM" + ;; + SunOS-i86pc* ) + # Doug Woodward reported that this configuration + # works for Solaris 2.8 / SunOS 5.8 on x86 platforms + EXTRA_OBJECTS="sys_solaris.o" + EXTRA_LIBS="-lsocket -lnsl -lkvm -lelf" + EXTRA_CLI_LIBS="-lsocket -lnsl" + add_def SOLARIS + echo "Configuring for Solaris (" $SYSTEM "SunOS version" $VERSION ")" + ;; + CYGWIN32_NT-i[3456]86 ) + EXTRA_OBJECTS="sys_winnt.o" + EXTRA_LIBS="" + add_def WINNT + echo "Configuring for Windows NT (Cygwin32)" + ;; + * ) + echo "Sorry, I don't know how to build this software on your system." + exit 1 + ;; +esac + +MATHCODE='return (int) pow(2.0, log(sqrt((double)argc)));' +if test_code 'math' 'math.h' '' '' "$MATHCODE"; then + LIBS="" +else + if test_code 'math in -lm' 'math.h' '' '-lm' "$MATHCODE"; then + LIBS="-lm" + else + echo "Can't compile/link a program which uses sqrt(), log(), pow(), bailing out" + exit 1 + fi +fi + +if test_code '' 'stdint.h' '' '' ''; then + add_def HAS_STDINT_H +fi + +if test_code '' 'inttypes.h' '' '' ''; then + add_def HAS_INTTYPES_H +fi + +if [ $feat_ipv6 = "1" ] && \ + test_code 'IPv6 support' 'arpa/inet.h sys/socket.h netinet/in.h' '' '' ' + struct sockaddr_in6 n; + char p[100]; + n.sin6_addr = in6addr_any; + return !inet_ntop(AF_INET6, &n.sin6_addr.s6_addr, p, sizeof(p));' +then + add_def HAVE_IPV6 + if test_code 'in6_pktinfo' 'sys/socket.h netinet/in.h' '' '' ' + return sizeof(struct in6_pktinfo);' + then + add_def HAVE_IN6_PKTINFO + else + if test_code 'in6_pktinfo with _GNU_SOURCE' 'sys/socket.h netinet/in.h' \ + '-D_GNU_SOURCE' '' 'return sizeof(struct in6_pktinfo);' + then + add_def _GNU_SOURCE + add_def HAVE_IN6_PKTINFO + fi + fi +fi + +if test_code 'getaddrinfo()' 'sys/types.h sys/socket.h netdb.h' '' '' \ + 'return getaddrinfo(0, 0, 0, 0);' +then + add_def HAVE_GETADDRINFO +fi + +if [ $feat_asyncdns = "1" ] && \ + test_code 'pthread' 'pthread.h' '-pthread' '' \ + 'return pthread_create((void *)1, NULL, (void *)1, NULL);' +then + add_def FEAT_ASYNCDNS + add_def USE_PTHREAD_ASYNCDNS + MYCFLAGS="$MYCFLAGS -pthread" +fi + +timepps_h="" +if [ $feat_pps = "1" ]; then + if test_code '' 'sys/timepps.h' '' '' ''; then + timepps_h="sys/timepps.h" + add_def HAVE_SYS_TIMEPPS_H + else + if test_code '' 'timepps.h' '' '' ''; then + timepps_h="timepps.h" + add_def HAVE_TIMEPPS_H + fi + fi +fi + +if [ "x$timepps_h" != "x" ] && \ + test_code 'PPSAPI' "string.h $timepps_h" '' '' ' + pps_handle_t h = 0; + pps_info_t i; + struct timespec ts; + return time_pps_fetch(h, PPS_TSFMT_TSPEC, &i, &ts);' +then + add_def HAVE_PPSAPI +fi + +if [ $feat_linuxcaps = "1" ] && [ $try_linuxcaps = "1" ] && \ + test_code \ + linuxcaps \ + 'sys/types.h pwd.h sys/prctl.h sys/capability.h grp.h' \ + '' '-lcap' \ + 'prctl(PR_SET_KEEPCAPS, 1);cap_set_proc(cap_from_text("cap_sys_time=ep"));' +then + add_def FEAT_LINUXCAPS + EXTRA_LIBS="$EXTRA_LIBS -lcap" +fi + +if [ $feat_rtc = "1" ] && [ $try_rtc = "1" ] && \ + test_code '' 'sys/ioctl.h linux/rtc.h' '' '' \ + 'ioctl(1, RTC_UIE_ON&RTC_UIE_OFF&RTC_RD_TIME&RTC_SET_TIME, 0&RTC_UF);' +then + EXTRA_OBJECTS="$EXTRA_OBJECTS rtc_linux.o" + add_def FEAT_RTC +fi + +if [ $feat_phc = "1" ] && [ $try_phc = "1" ] && \ + test_code '' 'sys/ioctl.h linux/ptp_clock.h' '' '' \ + 'ioctl(1, PTP_CLOCK_GETCAPS, 0);' +then + if test_code 'clock_gettime()' 'time.h' '' '' 'clock_gettime(0, NULL);'; then + add_def FEAT_PHC + else + if test_code 'clock_gettime() in -lrt' 'time.h' '' '-lrt' \ + 'clock_gettime(0, NULL);' + then + EXTRA_LIBS="$EXTRA_LIBS -lrt" + add_def FEAT_PHC + fi + fi +fi + +if [ $try_setsched = "1" ] && \ + test_code \ + 'sched_setscheduler()' \ + 'sched.h' '' '' ' + struct sched_param sched; + sched_get_priority_max(SCHED_FIFO); + sched_setscheduler(0, SCHED_FIFO, &sched);' +then + add_def HAVE_SCHED_SETSCHEDULER +fi + +if [ $try_lockmem = "1" ] && \ + test_code \ + 'mlockall()' \ + 'sys/mman.h sys/resource.h' '' '' ' + struct rlimit rlim; + setrlimit(RLIMIT_MEMLOCK, &rlim); + mlockall(MCL_CURRENT|MCL_FUTURE);' +then + add_def HAVE_MLOCKALL +fi + +if [ $feat_forcednsretry = "1" ] +then + add_def FORCE_DNSRETRY +fi + +READLINE_COMPILE="" +READLINE_LINK="" +if [ $feat_readline = "1" ]; then + if [ $try_editline = "1" ]; then + if test_code editline 'stdio.h editline/readline.h' \ + "$readline_inc" "$readline_lib -ledit" \ + 'add_history(readline("prompt"));' + then + add_def FEAT_READLINE + add_def USE_EDITLINE + READLINE_COMPILE="$readline_inc" + READLINE_LINK="$readline_lib -ledit" + fi + fi + + if [ "x$READLINE_LINK" = "x" ] && [ $try_readline = "1" ]; then + if test_code readline 'stdio.h readline/readline.h readline/history.h' \ + "$readline_inc" "$readline_lib -lreadline" \ + 'add_history(readline("prompt"));' + then + add_def FEAT_READLINE + READLINE_COMPILE="$readline_inc" + READLINE_LINK="$readline_lib -lreadline" + fi + fi + + if [ "x$READLINE_LINK" = "x" ] && [ $try_readline = "1" ]; then + if test_code 'readline with -lncurses' \ + 'stdio.h readline/readline.h readline/history.h' \ + "$readline_inc" "$readline_lib $ncurses_lib -lreadline -lncurses" \ + 'add_history(readline("prompt"));' + then + add_def FEAT_READLINE + READLINE_COMPILE="$readline_inc" + READLINE_LINK="$readline_lib $ncurses_lib -lreadline -lncurses" + fi + fi + + EXTRA_CLI_LIBS="$EXTRA_CLI_LIBS $READLINE_LINK" +fi + +HASH_OBJ="hash_intmd5.o" +HASH_COMPILE="" +HASH_LINK="" + +if [ $try_nss = "1" ]; then + test_cflags="`pkg-config --cflags nss 2> /dev/null`" + test_link="`pkg-config --libs-only-L nss 2> /dev/null` -lfreebl3" + if test_code 'NSS' 'nss.h hasht.h nsslowhash.h' \ + "$test_cflags" "$test_link" \ + 'NSSLOWHASH_Begin(NSSLOWHASH_NewContext(NSSLOW_Init(), HASH_AlgSHA512));' + then + HASH_OBJ="hash_nss.o" + HASH_COMPILE="$test_cflags" + HASH_LINK="$test_link" + LIBS="$LIBS $HASH_LINK" + add_def GENERATE_SHA1_KEY + fi +fi + +if [ "x$HASH_LINK" = "x" ] && [ $try_tomcrypt = "1" ]; then + if test_code 'tomcrypt' 'tomcrypt.h' '-I/usr/include/tomcrypt' '-ltomcrypt' \ + 'hash_memory_multi(find_hash("md5"), NULL, NULL, NULL, 0, NULL, 0);' + then + HASH_OBJ="hash_tomcrypt.o" + HASH_COMPILE="-I/usr/include/tomcrypt" + HASH_LINK="-ltomcrypt" + LIBS="$LIBS $HASH_LINK" + add_def GENERATE_SHA1_KEY + fi +fi + +SYSCONFDIR=/etc +if [ "x$SETSYSCONFDIR" != "x" ]; then + SYSCONFDIR=$SETSYSCONFDIR +fi + +PREFIX=/usr/local +if [ "x$SETPREFIX" != "x" ]; then + PREFIX=$SETPREFIX +fi + +EPREFIX=${PREFIX} +if [ "x$SETEPREFIX" != "x" ]; then + EPREFIX=$SETEPREFIX +fi + +BINDIR=${EPREFIX}/bin +if [ "x$SETBINDIR" != "x" ]; then + BINDIR=$SETBINDIR +fi + +SBINDIR=${EPREFIX}/sbin +if [ "x$SETSBINDIR" != "x" ]; then + SBINDIR=$SETSBINDIR +fi + +DATAROOTDIR=${PREFIX}/share +if [ "x$SETDATAROOTDIR" != "x" ]; then + DATAROOTDIR=$SETDATAROOTDIR +fi + +INFODIR=${DATAROOTDIR}/info +if [ "x$SETINFODIR" != "x" ]; then + INFODIR=$SETINFODIR +fi + +MANDIR=${DATAROOTDIR}/man +if [ "x$SETMANDIR" != "x" ]; then + MANDIR=$SETMANDIR +fi + +DOCDIR=${DATAROOTDIR}/doc/chrony +if [ "x$SETDOCDIR" != "x" ]; then + DOCDIR=$SETDOCDIR +fi + +LOCALSTATEDIR=/var +if [ "x$SETLOCALSTATEDIR" != "x" ]; then + LOCALSTATEDIR=$SETLOCALSTATEDIR +fi + +CHRONYVARDIR=${LOCALSTATEDIR}/lib/chrony +if [ "x$SETCHRONYVARDIR" != "x" ]; then + CHRONYVARDIR=$SETCHRONYVARDIR +fi + +add_def DEBUG $debug +add_def DEFAULT_CONF_FILE "\"$SYSCONFDIR/chrony.conf\"" +add_def DEFAULT_USER "\"$default_user\"" +add_def MAIL_PROGRAM "\"$mail_program\"" + +if [ -f version.txt ]; then + add_def CHRONY_VERSION "\"`cat version.txt`\"" +else + add_def CHRONY_VERSION "\"DEVELOPMENT\"" +fi + +for f in Makefile chrony.conf.5 chrony.texi chronyc.1 chronyd.8 +do + echo Creating $f + sed -e "s%@EXTRA_OBJECTS@%${EXTRA_OBJECTS}%;\ + s%@CC@%${MYCC}%;\ + s%@CFLAGS@%${MYCFLAGS}%;\ + s%@CPPFLAGS@%${MYCPPFLAGS}%;\ + s%@LIBS@%${LIBS}%;\ + s%@LDFLAGS@%${MYLDFLAGS}%;\ + s%@EXTRA_LIBS@%${EXTRA_LIBS}%;\ + s%@EXTRA_CLI_LIBS@%${EXTRA_CLI_LIBS}%;\ + s%@READLINE_COMPILE@%${READLINE_COMPILE}%;\ + s%@HASH_OBJ@%${HASH_OBJ}%;\ + s%@HASH_COMPILE@%${HASH_COMPILE}%;\ + s%@SYSCONFDIR@%${SYSCONFDIR}%;\ + s%@BINDIR@%${BINDIR}%;\ + s%@SBINDIR@%${SBINDIR}%;\ + s%@DOCDIR@%${DOCDIR}%;\ + s%@MANDIR@%${MANDIR}%;\ + s%@INFODIR@%${INFODIR}%;\ + s%@LOCALSTATEDIR@%${LOCALSTATEDIR}%;\ + s%@CHRONYVARDIR@%${CHRONYVARDIR}%;\ + s%@DEFAULT_USER@%${default_user}%;"\ + < ${f}.in > $f +done + +# ======================================================================= +# vim:et:sw=2:ht=2:sts=2:fdm=marker:cms=#%s + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/COPYING atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/COPYING --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/COPYING 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/COPYING 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchrony.pl atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchrony.pl --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchrony.pl 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchrony.pl 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,583 @@ +#!/usr/bin/perl +# Copyright (C) Paul Elliott 2002 +my($copyrighttext) = <<'EOF'; +# Copyright (C) Paul Elliott 2002 +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# SEE COPYING FOR DETAILS +EOF + +#modules we use. + +use Socket; +use Getopt::Std; +use Net::DNS; +use Tie::Syslog; +use File::Temp qw/ :mktemp /; +use File::Copy; + +local($res) = new Net::DNS::Resolver; + +#dns lookup of IP address. +#returns ip or errorstring. +sub gethostaddr($) #get ip address from host +{ + my($host) = shift; + $query = $res->search($host); + if ($query) { + foreach $rr ($query->answer) { + next unless $rr->type eq "A"; + print $rr->address, "\n" if $pedebug; + return $rr->address; + } + } else { + print "query failed: ", $res->errorstring, "\n" if $pedebug; + return $res->errorstring; + } + +} + +#send messages to syslog + +sub Log($$) + { + if ($log) { + my($level) = shift; + my($mess) =shift; + + tie *MYLOG, 'Tie::Syslog',$level,$0,'pid','unix'; + print MYLOG $mess; + + untie *MYLOG; + } + } + +#send message to output or syslog +#and die. + +sub BadDie($) +{ + my($myerr) =$!; + my($mess)=shift; + + if($log){ + tie *MYLOG, 'Tie::Syslog','local0.err',$0,'pid','unix'; + print MYLOG $mess; + print MYLOG $myerr; + + untie *MYLOG; + + } else { + print "$mess\n$myerr\n"; + } + die $mess; +} + +sub isIpAddr($) #return true if looks like ip address +{ + my($ip) = shift; + return 1 if ( $ip =~ m/$ipOnlyPAT/ ); + return 0; +} +sub isHostname($) #return true if looks like ip address +{ + my($ip) = shift; + return 1 if ( $ip =~ m/$hostnameOnlyPAT/ ); + return 0; +} + +#send commands to chronyc by piping. +sub chronyc($) #send commands to chronyc +{ + my($command) = shift; + my($err) = "/var/tmp/chronyc.log"; + my($chronyP) = "/usr/local/bin/chronyc"; + open(CHRONY, "| $chronyP 1>$err 2>&1"); + + print CHRONY "$passwd$command\n"; + + close(CHRONY); + + Log('local0.info',"chronyc command issued=$command"); + #look at status lines till return bad. + open( IN, "<$err"); + my($status); + while () { + $status = $_; + + unless ( m/\A200 OK/ ) { + last; + } + + } + + $status ="" if ( $status =~ m/\A200 OK/ ); + close(IN); + unlink $err; + Log('local0.info',"chronyc results=$status"); + return $status; + +} + +#common patterns + +# an ip address patern +local($ipPAT) = qr/\d{1,3}(?:\.\d{1,3}){3}/; +# an hostname pattern +local($hostnamePAT) = qr/\w+(?:\.\w+)*/; +#line with hostname only +local($hostnameOnlyPAT) = qr/\A$hostnamePAT\Z/; +#line with ip address only +local($ipOnlyPAT) =qr/\A$ipPAT\Z/; + +#options hash +my(%opts); + + +getopts('nuadslPSC', \%opts); + +local($log) = ( $opts{'l'} ) ? 1 : 0; + +my($offline) = !( $opts{'n'} ) ; +my($offlineS) = ( $opts{'n'} ) ? " " : " offline" ; + +# paul elliotts secret debug var. no one will ever find out about it. +local($pedebug)=( ($ENV{"PAULELLIOTTDEBUG"}) or ($opts{P}) ); + +if ($opts{C}) { + + print $copyrighttext; + exit 0; +} + + +print <<"EOF" unless $opts{'S'}; +$0, Copyright (C) 2002 Paul Elliott +$0 comes with ABSOLUTELY NO WARRANTY; for details +invoke $0 -C. This is free software, and you are welcome +to redistribute it under certain conditions; invoke $0 -C +for details. +EOF + + + +local($passwd); + +# password to send to chronyc +my($pl) = $ENV{"CHRONYPASSWORD"}; + +#password comand to send to chronyc +if ( $pl ) { + $passwd = "password $pl\n"; +} else { + $passwd = ""; +} +print "passwd=$passwd\n" if ($pedebug); + +my(%host2ip); + +# hash of arrays. host2ip{$host}[0] is ip address for this host +# host2ip{$host}[1] is rest of paramenters for this host exc offline. + +#if debuging do chrony.conf in current directory. +my($listfile) =( ($pedebug) ? "./chrony.conf" : "/etc/chrony.conf") ; + +# This section reads in the old data about +# hostnames IP addresses and server parameters +# data is stored as it would be in chrony.conf +# file i.e.: +#># HOSTNAME +#>server IPADDR minpoll 5 maxpoll 10 maxdelay 0.4 offline +# +# the parameter offline is omitted if the -n switch is specified. +# first parameter is the filename of the file usually +# is /etc/DNSchrony.conf +# this is where we store the list of DNS hosts. +# hosts with static IP address shold be kept in chrony.conf + +# this is header that marks dnyamic host section +my($noedithead)=<<'EOF'; +## DNSchrony dynamic dns server section. DO NOT EDIT +## per entry FORMAT: +## |--------------------------------------------| +## |#HOSTNAME | +## |server IP-ADDRESS extra-params [ offline ] | +## |--------------------------------------------| +EOF +#patern that recognizes above. +my($noeditheadPAT) = +qr/\#\#\s+DNSchrony\s+dynamic\s+dns\s+server\s+section\.\s+DO\s+NOT\s+EDIT\s*/; + +#end of header marker. +my($noeditheadend)=<<'EOF'; +## END OF DNSchrony dynamic dns server section. +EOF + +#pattern that matches above. +my($noeditheadendPAT)= +qr/\#\#\s+END\s+OF\s+DNSchrony\s+dynamic\s+dns\s+server\s+section.\s*/; + +#array to hold non dns portion of chrony.conf +my(@chronyDconf); + + +my($ip); +my($rest); +my($host); + +# for each entry in the list of hosts.... +open(READIN, "<$listfile") or BadDie("Can not open $listfile"); + +# read till dynamic patern read save in @chronyDconf + +while ( ) { + + my($line) = $_; + + last if ( m/\A$noeditheadPAT\Z/ ); + + push(@chronyDconf,$line); + +} + +while ( ) { + + #end loop when end of header encountered + last if ( m/\A$noeditheadendPAT/ ); + + # parse the line giving ip address, extra pamamters, and host + #do host comment line first + ($host) = m{ + \A\#\s* + ($hostnamePAT) + \s*\z + }xio; + + #no match skip this line. + next unless ( $host ); + + # read next line + $_ = ; + + # parse out ip address extra parameters. + ($ip,$rest) = + m{ + \A + \s* + server #server comand + \s+ + ($ipPAT) #ip address + (?ixo: \s ) + \s* + ( + (?(?! + (?iox: offline )? #skip to offline # + \s* #or # + \Z + ).)* + ) + (?ixo: + \s* + (?ixo: offline )? #consume to # + \s* + \Z + ) + }xio ; + + #if failure again. + next unless ( $ip ); + + $rest =~ s/\s*\z//; #remove trail blanks + #from parameters + # store the data in the list + # key is host name value is + # array [0] is ip address + # [1] is other parameters + $host2ip{$host} = [$ip,$rest] ; + print "ip=$ip rest=$rest host=$host<\n" if $pedebug; + +} +#read trailing line into @chronyDconf +while ( ) { + + push(@chronyDconf,$_); + +} + +close(READIN) or BadDie("can not close $listfile"); + +#if the add command: +# command can be HOST=IPADDRESS OTHER_PARAMETERS +# means add the server trust the ip address geven with out a dns lookup +# good for when dns is down but we know the ip addres +# or +# HOST OTHER_PARAMETERS +#we lookup the ip address with dns. + +if ($opts{'a'}) { + my($param)= shift; + + + # parse the param is it hostname + if ( ($host,$ip) = $param =~ m/\A($hostnamePAT)=($ipPAT)\Z/ ) { + printf "ip=$ip host=$host\n" if ($pedebug); + } else { + + $host = $param; + + # get the ip address + $ip = gethostaddr($host); + + if ( ! isIpAddr($ip) or ! isHostname($host) ) { + print "query failed: ", $ip, "host=$host\n" if $pedebug; + exit 1; + } + } + printf "ip=$ip host=$host\n" if ($pedebug); + + # add the server using chronyc + my($status) = chronyc("add server $ip $rest"); + if ($status) { #chronyc error + print "chronyc failed, status=$status\n"; + exit 1; + } + + # get rest of arguements + $rest = join( ' ', @ARGV); + print "rest=$rest\n" if ($pedebug); + + #save node in hash + $host2ip{$host} = [$ip,$rest] ; + print "ip=$ip rest=$rest host=$host<\n" if $pedebug; + +} + +#delete command if arguement is ip address +#just delete it +#if a hostname look it up +#then delete it. + +if ($opts{'d'}) { + $host = shift; + + #get host name is it ap address + if ( isIpAddr($host) ) { # if ip address + my($hostIT); + my($found) =0; + foreach $hostIT (keys(%host2ip) ) { #search for match + if ( $host2ip{$hostIT}[0] eq $host) { + $found=1; #record match + } + } #end of search + if ($found) { #if match found + my($status) = chronyc("delete $host"); #chronyc + if ($status) { #chronyc error + print "chronyc failed, status=$status\n"; + exit 1; + } else { #reiterate + foreach $hostIT (keys(%host2ip) ) { + if ( $host2ip{$hostIT}[0] eq $host) { + delete $host2ip{$hostIT}; #deleting match hosts + } + } + + } + + } + } else { #else not ip address + #must be hostname + if ( ! $host2ip{$host} ) { + print "No such host as $host listed\n"; + exit 1; + } + #get ip address + $ip=gethostaddr($host); + if ( ! isIpAddr($ip) ) { #no ip address + print "query failed: ", $ip, "\n" if $pedebug; + exit 1; + } + + printf "ip=$ip host=$host\n" if ($pedebug); + + my($listed_host_ip) = $host2ip{$host}[0]; # get the ip address saved + + if ( $ip ne $listed_host_ip) { + print + "Info: listed host ip=>$listed_host_ip". + "< is different from DNS ip=>$ip<\n"; + $ip = $listed_host_ip; + } + + # delete the server + my($status) = chronyc("delete $listed_host_ip\n"); + + if ($status) { + print "chronyc failed, status=$status\n"; + exit 1; + } + #delete table entry + delete$host2ip{$host}; + } + +} + +#update for each host who's dns ip address has changed +#delete the old server and add the new. update the record. +if ($opts{'u'}) { + my($command); + + my(%prospective); # store new IP address we + #are thinking of changing. + + Log('local0.info', + "Now searching for modified DNS entries."); + + foreach $host (keys(%host2ip)) { #for each listed host + my($old_ip) = $host2ip{$host}[0]; #get old ip + $rest = $host2ip{$host}[1]; #extra params + + $ip = gethostaddr($host); #get new ip from dns + #if error + if ( ! isIpAddr($ip) or ! isHostname($host) ) { + print "query failed: ", $ip, "host=$host\n"; + + Log('local0.err',"query failed: ". $ip . "host=$host"); + + exit 1; + } + + next if($ip eq $old_ip); #if ip not changed, skip + + Log('local0.info',"Ip address for $host has changed. Old IP address=". + "$old_ip, new IP address=$ip"); + # add command to delete old host, add the new. + $command = $command . "delete $old_ip\n" . + "add server $ip $rest\n"; + + # we are now thinking about changing this host ip + $prospective{$host} = [$ip,$rest]; + } + # submit all the accumulated chronyc commands if any. + if ($command) { + $status = chronyc($command); + if ($status) { + print "chronyc failed, status=$status\n"; + Log('local0.err',"query failed: ". $ip . "host=$host"); + exit 1; + } + } else { #if no commands exit + exit 0; #because no rewrite of file needed + } + + #copy prospective modifications back into main table. + #we now know that all these mods were done with chronyc + foreach $host (keys(%prospective)) { + my($ip) = $prospective{$host}[0]; + $rest = $prospective{$host}[1]; + $host2ip{$host} = [$ip,$rest]; + } +} + +#starting for each entry we have read in from the old list +# add the server in chronyc +# this option is seldom used. + +if ($opts{'s'}) { + my($command)=""; + + foreach $host (keys(%host2ip)) { + $command = $command . "add server $host2ip{$host}[0] ". + "$host2ip{$host}[1]\n"; + } + my($status) = chronyc($command); + if ($status) { + print "chronyc failed, status=$status\n"; + exit 1; + } + +} +# write out the data file in format +#># HOSTNAME +#>server IPADDRESS extra parameters [offline] +# offline is omitted if -n switch is specified. + +my(@value); +my($such); +{ + # to start out we write to temporary file. + (my($writeout) , my($outname)) = mkstemp( "${listfile}.outXXXXXXX"); + + $outname or BadDie("can not open for $listfile"); + + + # save the chrony.conf part! + # and write the DYNAMIC header + print $writeout @chronyDconf, $noedithead; + + + # for each entry + foreach $host (keys(%host2ip) ){ + + #write the record + + # write the comment that indicates the hostname + # and the server command. + print $writeout + "\# $host\nserver $host2ip{$host}[0] $host2ip{$host}[1]${offlineS}\n" ; + + print + "server $host2ip{$host}[0] $host2ip{$host}[1]${offlineS}\# $host\n" + if $pedebug; + + } + + #WRITE THE end of dnyamic marker comment + print $writeout $noeditheadend; + + # close the output file which was a temporary file. + close($writeout) or BadDie("can not close $outname"); + + # we now begin a intracate dance to make the the temporary + # the main chrony.conf + # + # if there is a chrony.conf.BAK save it to a temporary. + # rename chrony.conf to chrony.conf.BAK + # rename the temporary to chrony.conf + # if there already was a chrony.conf.BAK, unlink the copy of this. + + my($backname) = "$listfile\.BAK"; + my($backplain) = ( -f $backname ); + my($saveback); + #if chrony.conf.BAK exists rename to a temporary. + if ($backplain ) { + + $saveback = mktemp("${backname}.bakXXXXXXX"); + move($backname,$saveback) or + BadDie "unable to move $backname to $savename"; + + } + + # rename old chrony.conf to chrony.conf.BAK + move($listfile,$backname) or + BadDie "unable to move $listfile to $backname"; + + # rename our output to chrony.conf + move($outname,$listfile) or + BadDie "unable to move $outname to $listfile"; + + #if there was a temporary chrony.conf.BAK that we saved to temp + #unlink it + unlink($saveback) or BadDie "unable to unlink $saveback" if($backplain); + +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyADD atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyADD --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyADD 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyADD 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,21 @@ +#!/usr/bin/bash + +# $1 is chrony password. +# $2 is hostname to add or hostname=ipaddres +# $3-$9 is rest of extra server parameters + +FIRST="$1" +HOST="$2" +shift 2 + +#remaining parameters a the other paramaters to server command +#excluding "offline" +ARGS="$*" + +#if none use default taken from chrony documentation. +DEF="minpoll 5 maxpoll 10 maxdelay 0.4" + +DARGS=${ARGS:-$DEF} + +CHRONYPASSWORD=$FIRST \ +/usr/local/bin/DNSchrony.pl -a "$HOST" "$DARGS" diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyDELETE atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyDELETE --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyDELETE 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyDELETE 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,7 @@ +#!/usr/bin/bash + +# $1 is chrony password. +# $2 host to be deleted if ip nn.n.n.n then no DNS used + +CHRONYPASSWORD=$1 \ +/usr/local/bin/DNSchrony.pl -d $2 diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyUPDATE atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyUPDATE --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyUPDATE 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/DNSchronyUPDATE 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,7 @@ +#!/usr/bin/bash + +# $1 is chrony password. + + +CHRONYPASSWORD=$1 \ +/usr/local/bin/DNSchrony.pl -ulS diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/README atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/README --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/README 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/README 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,166 @@ + Copyright (C) Paul Elliott 2002 + + +DNSchrony.pl version -2.0 + +Problem: If you look at the list of secondary NTP servers: +http://www.eecis.udel.edu/~mills/ntp/clock2.htm + +you will find statements like this: + +"Note: IP addresses are subject to change; please use DNS" + +These servers represent a problem for chrony. Chrony is a program +designed to work on hosts with an intermittent connection to the +internet. Often no DNS is available when chrony starts. As chrony +is currently designed, chronyd never sees a DNS host name. If a +user specifies one when using chronyc's "add server" command, the +DNS lookup is done by chronyc and an IP address is passed to chronyd. + +One can imagine I suppose, a redesign to chrony in which chronyd +keeps track of DNS changes. But this has problems, all the time +chronyd is fooling around with DNS, it would not be keeping track +of its prime function, what the clocks and NTP servers are saying. +This could result in poorer performance. Or perhaps you say that +chronyd should be multi threaded. One thread to fool with DNS +and another to keep track of time. But this introduces a great +deal of complexity, and complexity is the enemy of elegant robust +code. Besides, Richard probably has better things to do. + +I have attempted to address this problem with a humble perl script, +which I now release under the GPL: DNSchrony.pl + +PLEA FOR HELP FROM EXPERIENCED PERL HACKERS. + +Please go thru the code and find errors and improvements. +I am not quite an polished perl hacker. Please fix bugs and +make improvements. It needs better documentation. Someone +who knows how, put in some POD. + +END OF PLEA + +Philosophy of DNSchrony.pl: keep a list of servers that use +DNS. From time to time, hopefully when DNS is up, go thru +the list lookup all the hostnames and see if any ip addresses have +changed. If any have changed, update our list and do chronyc +"delete" and "add server" commands so that chronyd now talks to +the right NTP server. + +Additional nuance: keep the list in /etc/chrony.conf in the +form of comments starting with "#" and "server" commands +legal in a chrony.conf file. Format of a list entry: + +# hostname +server IP-ADDRESS extra server parameters + +These entries are delimited by special comments that allow +DNSchrony.pl to find them and also tell humans not to mess with them. + +Example of such a section of a chrony.conf file: + +dumpdir /var/log/chrony +rtcfile /etc/chrony.rtc + +## DNSchrony dynamic dns server section. DO NOT EDIT +## per entry FORMAT: +## |--------------------------------------------| +## |#HOSTNAME | +## |server IP-ADDRESS extra-params [ offline ] | +## |--------------------------------------------| +# tock.greyware.com +server 208.14.208.44 minpoll 5 maxpoll 10 maxdelay 0.4 offline +# tick.greyware.com +server 208.14.208.19 minpoll 5 maxpoll 10 maxdelay 0.4 offline +# ntppub.tamu.edu +server 128.194.254.9 minpoll 5 maxpoll 10 maxdelay 0.4 offline +## END OF DNSchrony dynamic dns server section. + +This allows the list of dynamic DNS servers to be preserved +when chronyd is stoped/started. + +All servers that do not have ip addresses subject to change +should be put in the regular part of chrony.conf as described +in the chrony documentation. + +Security philosophy: DNSchrony does no security checking but +relies on other security factors. + +Users without the privilege to modify /etc/chrony.conf and the +directory /etc will be unable to use DNSchrony to do so, because +of file protections. DNSchrony passes thru passwords to chronyc. +Users that do not know the correct chronyc password will be +unable to get chronyd do do anything. Thus, DNSchrony passes +the buck to these other security features. + +INSTALLATION: + +copy the files: DNSchronyADD DNSchronyUPDATE DNSchronyDELETE DNSchrony.pl +to /usr/local/bin. Backup the file /etc/chrony.conf leave hosts +with static ip addresses in this file. + +DNSchrony uses the following perl modules. See that they are installed. +Get them from CPAN if needed. + +Net::DNS, Tie::Syslog, Getopt::Std, Socket, File. + +Cause DNSchronyUPDATE bash script to run from time to time when DNS +is working. If you have a dialup, one way to do this would be to +modify your /etc/ppp/ip-up.local file as follows: + +cat </dev/null 2>&1 & + +Since this file contains the chronyc password you will want to set the +file permissions so that just everybody will not be able to read +it. But you already did that when you put in the chronyc command. Any +other way to make DNSchronyUPDATE run perodicly when DNS is up will +also work. + +To add a server with a varying IP address one could run: +/usr/local/bin/DNSchronyADD mysecret tock.greyware.com + +or if you want to specify different server parameters you +could say: + +/usr/local/bin/DNSchronyADD mysecret tock.greyware.com "minpoll 10 maxpoll 20 maxdelay 0.8" + +The DNSchronyADD's default for these parameters is: +"minpoll 5 maxpoll 10 maxdelay 0.4" values that are often shown +as examples in the chrony documentation. + +If DNS is not running now but you know the IP address, you can say: +/usr/local/bin/DNSchronyADD mysecret tock.greyware.com=208.14.208.44 + +Of course, the IP address will be checked next time DNSchronyUPDATE +runs. + +To delete dynamic DNS a server: +/usr/local/bin/DNSchronyDELETE mysecret tock.greyware.com + +To change parameters delete and re-add. + +Of course, in all of the above "mysecret" is your chronyc password +which SHOULD NOT BE "mysecret". +---------------------------------------------- +DNSchrony.pl is covered by the GPL +# Copyright (C) Paul Elliott 2002 +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# SEE COPYING FOR DETAILS diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/ip-up.local atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/ip-up.local --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/DNSchrony/ip-up.local 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/DNSchrony/ip-up.local 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,22 @@ +#example file /etc/ppp/ip-up.local +#originally from SuSE distribution +#modified for chrony +cat </dev/null 2>&1 & +#other stuff who knows? + +# The following lines added for Linux-HA support # Heartbeat +DEVFILE=`echo $DEVICE | sed -e 's!^/dev/!!' -e 's!/!.!g'` # Heartbeat +OUTFILE=/var/run/ppp.d/$DEVFILE # Heartbeat +( # Heartbeat +echo "$IPREMOTE" # Heartbeat +echo "$IFNAME" # Heartbeat +echo "$PPPD_PID" # Heartbeat +echo "$IPLOCAL" # Heartbeat +) > $OUTFILE # Heartbeat diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/andrew_bishop_1 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/andrew_bishop_1 --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/andrew_bishop_1 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/andrew_bishop_1 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,114 @@ +From amb@gedanken.demon.co.uk Tue Aug 17 22:14:00 1999 +Date: Fri, 6 Aug 1999 19:00:24 +0100 +From: Andrew M. Bishop +To: richard@rrbcurnow.freeserve.co.uk +Subject: Re: Chrony and laptop configuration + +Hi, + +Attached is the apmd_proxy script from the apmd-3.0beta9 distribution. + +The changes that I would make are the following: + +Replace the update_clock function (line 122) with + +update_clock () { + +chronyd -f /etc/chrony.conf + +} + +Around line 171 (in the suspend actions section) I would kill chronyd. + +begin 644 apmd_proxy.gz +M'XL("+L@JS<``V%P;61?<')O>'D`I5K[;]M&$OY9^BLV2JZQ6TF.`Q2XUDA1 +MQU8<]>('_&A[.!R,-;D2MR&Y+)?TXZ[WO]\W,\N'%-E)[X08CJ2=V7G/-T,_ +M?[9S8_,=GPR?*_S3119?%Z6[?U`3A=_+4F9R +M$!R4VB[5L2X_WNDRKM161!]D/Z:)T9FVZ73I%]$TUUY/E^YV6[W>Q>$'M?O= +M=]^!^E#?VEB]+=U=;M)4;<4W/Q;.5]-$E[=@-S5QO:V^4S_5N0DD(+I,K%<^ +M(0(?E;:H%-Y'.DU-K&X>5)68GHAJBU3:5G>)R?DK7^G*@(M;*)T_J,+=0:U, +MYWII,I-7:E'G465!F&AP372^-/%4X5*CS+V.*F5N<9X5-C:IL9J:LYR^V2BP) +M3>J*HJS`@Z],IG2Q*NJ*M0(SJ!1[TK-4FA7RL(&-DN;H +MC5&%*>'/#&:K"XC'EH%".O>6"42,GBJ=G>\@F_*%B>S"1DJ7RSIKK0*-25Q< +M0.*RN""P(@1 +M:(;4:ASM37EK(Z.V;JU6.Y`TVH',VQRKF<-9FY.:FG0:DT+P!MA6^J-(J`O0 +M%*4E[<54HO@[T,/E69&:_:P.&:D?JM]!?/B3L-ZMRYC +M-1/$-%D0$BP=1,/OAD'F8A-";<6[X)(A9^ZL3X@LN$W!2V;2^2`X.;50J\Y3 +MIV.*Q;BTMZ:$U8D+$EG?<(B25+FI[ESYD60`1QW1W;^T:=**#(?4%",I[%.. +M0T`\8@HYJW(R=SH:4UQ+T%%4@Z_SC8DI-+M(+`T)B9A@P\\7+,)'4Z(J2"ZS +M%B0-G:/LW)WNOJ(@2.R2ZM)6[<69),T(/$(&D+T6EM*OKK;'_5B.=(YKJ[K, +M$1#*E"6817``AXT$6^,7XH/DR&-4%\G^,8P6VP@A!5NBM%1)*`%TGCXC5ZYI +M^)N)*H[Z3^(J2$0^CN%-R&`78W6C81`E1?;LBG1M'$86O*7DP&?0&W;)$2FU +MV!4L6\$10A6%-=7%$(IDS;?STXM-HK'Q\7KV3)V<7L[HMY)JBW^YJT*VM`+7 +M(B"41<`?FAL+0TK<^&>!U_GL\NK\1/V\_^%J]KUP5Z_06G*'^-9I\,#>$Z96 +ME.TZBDQ1<:FDURXXB-0]9:D*!LJMXZN+2_5^_^<9ZWMX/O]Y=BXAOL34[#IOU"F<)ID4IN%XL!N3'-%;[Y8K<#\LQQZ0JQR"&6LN4(X7/05 +MD9*X*%WVA"`-FW#/9]A\3IJ>EYY@L^ZI55:"9U!:JHIZZB=>*DWA*%I5"J@2 +M3FWD(+!)/<%A_V"GN49H-O+AOO`DG]R0:E23Z6A=Q-2F/PF_P"[2A0[`X1%V +M`KNF#<'6-U('P'`U`ZD8HS;"&^BNTJZYVZ%.H-.T%8)(OV'26X!=-%>JW1LZ +MEZ\+$@"5%!`Y?(:?Z5H?$V$NYL=G'^;OYK-#=7!Z\FY^='6^?SD_/5$JX%_` +M'X``!C0$-OL(D=H:Y(::5>D8JAG+W8ERTTA%D>ZVP-?NCMX#:EL2W?>A4/HP +M)KFH#L>V(6L!=^5-NI"&<6$J=75YP)"JK%G_!U>CF:8N^DB5K&ED@J +M)`]Q!A.\<[!':>,8``27$HH-\L)HN=HQ5;0#9XK_=ICY=`B.;Q8Z]::5Y.+J +MXFQVG*]SS+QUT&H%D+I6V?C34T'7$+;X8&!%24S` +MG],`ZKRESKW0=5IUL,&S+QCMDO*-&T).T!S5T`]7A'Y#5F1]S@Z.#^;[8%,& +M9AR0`G[A+;@+H)MCCE3*)=Z#3JS%5,`4:9[H6S0ZYB50'/RHI=^T90Y*D?-- +MF:*!^AJ@#;5%JXN#BSGA*1`"0%5D%<1PAQY&`3V,`N15AN`DM]$^K`UQ*[I0 +MPZ7+B^3!4['"C8'+GD)8PTYC05-<96A$`$C@'NH6"PZT!#E-<)\A'S&-JE1X +MC!KH-V:_,H!EP,0XB`<=\)&:.1V*B:]G/\T.+LG\P1-=4-&0.GM[=70T/SGB +M=U2IN(RU6@GT0J,_U&B!&[.N7RV +M`ZP'5W((\*H3"`\NN%1196O5(;,)'F[%1*US-?E51NRN\$H):'6>J`]NZ5OP +MG5+:=,/AZESL\O1!KJ?YN??%BZ^I&W1L7S=LP<1"K[+.UUC!BCM55NSTY`); +MRN4H<>KEUVNOE^J''YXB&+UX!2%&?73V*`&WHPVOIV]X.5E[/272O8DV7/#Z +M40*4336Y9\?L4\5");#4K*@0)ZK$)!2J&<(HK6,I9IZ6$_33#MQ->2*.E:[J +ML`Y8-^;_\!H.A\SY&L+1\&ZVMM6_AP,IX//#&4_Y$LB^``@%``X#I".\GZ"1 +M\GLB.>215L(RE&#(.=CQM-5*XD)C4)[\KB87:O>O:B\#^->&'0UK!=(V&X[A$I_YQ`KUIY>C<_Y]'K>]4-:LT$ +MCR88<,7KZ6M.4I[(I;(CU6/>*J"O#@4D74L#;B0/R"FP@"4S6NEU"Q4^/1R@ +M4?Y#318;^ZWZYQXW@.&``G"Z\8Q\AT*=4D]]2(U\P&Q'+PX^G![\[?CT<#92 +M;]31\67'<4"MG#L?GU_8X8!^F.X%`8J1 +M,(`R]TJ,'W107WT5L,G$JQ=T7/WQATKN5C\C7Q"DX`D/U2;3L#_MEDQ%I2%S')8QJX&",HVX+B<"F:0K]!%% +M#ZFTB*`9W\G&=S+,HL=UX.+Y=BFH,M)G]%REC$(_6=9OB9JYAT?O@Q#,'M$RRYJ%I-BP6S*-*6@^T:S#&.`)QIZ3R*-P]^F,4)!IM#RDO]ION*2C: +M+-E/:W@Q^"HLMMK9:O`)6OS$_"W4%;[4]!0M<9#/"Z)G7;NE#'MYM+Y1;#8A +M"\IW>-W&*1<_%"CKJ+GOI]X%4\GRD9ID3N;4Z@.JVWUO)"'";@+9N$RC#LN+ +MM)7UV12434:NPNPF-R=:O7B-=P'.=,D-(I=?Z^A:$-T/7/CR.DW;$P-S#SBS +M2^X\E\W.%N^@@MQA?FK5DRB(MT$92D4CV2[='V*N$X"YOY*2P%G=WS!5#T5` +MH;%C7+ITJM"^DI`HG,VKL;JI&3,3>0B.!@?"-K(9N\$(PY@'K?)/AU8`^V&9 +M[:5DTU9^)6<"D`N'@QO#,HTBBR#=H+>YY"4M0>X`S@D+)S+,K:EFR@HECHC; +M>>.)^0!?06J,B#0>"`7'!TGG&YC?.`LW1V91DX#>+2IJ-Y-N'2H#"NO;0FN6 +MCK:Q8>)@*4H!``CUE9.<"9$KY<%!+`L\,;4`\_/9Q=7Q##<=A/U>,S#T+#7B +M%2=C9:Y<88V)O*:5=3`W!IF:I^22[]3MR$\&)&,ANR::U.M=1B"]1>..8)AE +MY])Y--\,=NDE5M>LPDP30EA)$B&^'YE8$/4\?7-/7Q8\UM$)7OR)B"3DA>$*A +ME/K-+N4-C6_6#H8>3#@,?655:YI6*53>=C,)Q;H?WM[ +M3\*1%I9("C]U;"B=@S6>3J>K.U6**^#JLS%@`CU(D&T_XSV!Q5-""*(J8`&5 +ML;8ET%%IH:&K"1V%#(_OC,`PQ[N(DTI;8!A;]]G^=9& +MV"[L>;%M2ZE?7-D^4\+6*E:ON7,+#QT$+?VQFO1_ER1+T]_C-:D)O7Y)>B17 +M0L1^+E?"L2YEPJ'I>F`_&K3YE\*!.B<=/5A>V1-ODQT9^ +MRD?F?6#?+!`9287V2!]E%-8(C&:F'C7XG[`O,4-@*_4%2.R3V;>9K@:K0[N` +MJ2^WQNG9TX>EHC=?!^_^1H1MSAXLNKBT=/TDW23^@N'L*06S;,KB.^G+ZA +M9+VS]`CDE71EP'K#3JV";?N478I^50D +MI"5+$%`FGU0ZC/P1"#Y?J7@]PB!EH&U"ELIPI4;H"B.5`L^F:DLV'&9!H!EV +M5&:ZG-+>^=M7?Q%:P-"7%>'RC#;2\D<[%2/8VA.F[-_:/?T)%PLWLA_J]5VW +>Z]AB9"M2/=L.+(S7D<0S_V\81H;_`M>*^#$A)0`` +` +end + +-- +Andrew. +---------------------------------------------------------------------- +Andrew M. Bishop amb@gedanken.demon.co.uk + http://www.gedanken.demon.co.uk/ + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/andrew_bishop_2 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/andrew_bishop_2 --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/andrew_bishop_2 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/andrew_bishop_2 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,95 @@ +From amb@gedanken.demon.co.uk Wed Sep 1 22:26:59 1999 +Date: Thu, 19 Aug 1999 17:30:14 +0100 +From: Andrew M. Bishop +To: richard@rrbcurnow.freeserve.co.uk +Subject: [amb@gedanken.demon.co.uk: Chrony and laptop configuration] + +Hi, + +What you need to do is replace 10.0.0.0 with the network of the +freeserve nameservers in the two scripts below. + +Other than that you can use it as is. + +------- Start of forwarded message ------- +From: "Andrew M. Bishop" +To: richard@rrbcurnow.freeserve.co.uk +Subject: Chrony and laptop configuration +Date: Sat, 31 Jul 1999 11:02:04 +0100 + +Attached are the ip-up and ip-down files that I use for chrony. +(Actually because of the way that debian works they are separate file +in the /etc/ppp/ip-up.d directory that are run in a SysV init style). + +They rely on the presence of an 'ipparam demon' or 'ipparam freeserve' +line in the PPP options file. + +-------------------- /etc/ppp/ip-up -------------------- +#!/bin/sh -f +# +# A script to start chrony +# + +PPP_IPPARAM="$6" + +if [ $PPP_IPPARAM = "demon" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +online 255.255.255.0/158.152.1.0 +online 255.255.255.0/194.159.253.0 +EOF + +fi + +if [ $PPP_IPPARAM = "freeserve" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +online 255.255.255.0/10.0.0.0 +EOF + +fi +-------------------- /etc/ppp/ip-up -------------------- + +-------------------- /etc/ppp/ip-down -------------------- +#!/bin/sh -f +# +# A script to stop chrony +# + +PPP_IPPARAM="$6" + +if [ $PPP_IPPARAM = "demon" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +offline 255.255.255.0/158.152.1.0 +offline 255.255.255.0/194.159.253.0 +EOF + +fi + +if [ $PPP_IPPARAM = "freeserve" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +offline 255.255.255.0/10.0.0.0 +EOF + +fi +-------------------- /etc/ppp/ip-down -------------------- + +-- +Andrew. +---------------------------------------------------------------------- +Andrew M. Bishop amb@gedanken.demon.co.uk + http://www.gedanken.demon.co.uk/ +------- End of forwarded message ------- + +-- +Andrew. +---------------------------------------------------------------------- +Andrew M. Bishop amb@gedanken.demon.co.uk + http://www.gedanken.demon.co.uk/ + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/erik_bryer_1 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/erik_bryer_1 --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/erik_bryer_1 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/erik_bryer_1 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,65 @@ +#!/bin/sh +# +# chrony Start time synchronization. This script +# starts chronyd. +# +# Hacked by: Erik Bryer using inet as a template +# +# chkconfig: 2345 02 82 +# description: chronyd helps keep the system time accurate by calculating \ +# and applying correction factors to compensate for the drift \ +# in the clock. chronyd can also correct the hardware clock \ +# (RTC) on some systems. +# processname: chronyd +# config: /etc/chrony.conf + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Set path to include chronyd in /usr/local/sbin +PATH="$PATH:/usr/local/sbin" + +[ -f /usr/local/sbin/chronyd ] || exit 0 + +[ -f /etc/chrony.conf ] || exit 0 + +RETVAL=0 + +# See how we were called. +case "$1" in + start) + # Start daemons. + echo -n "Starting chronyd: " + daemon chronyd + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/chrony + echo + ;; + stop) + # Stop daemons. + echo -n "Shutting down chronyd: " +# If not dead killproc automatically sleeps for 4.1 seconds then does +# kill -9. "chrony.txt" prefers a 5 second delay, but this should be ok. + killproc chronyd -15 + RETVAL=$? + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/chrony + echo + ;; + status) + status chronyd + exit $? + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: named {start|stop|status|restart}" + exit 1 +esac + +exit $RETVAL + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/ken_gillett_1 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/ken_gillett_1 --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/ken_gillett_1 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/ken_gillett_1 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,100 @@ +#!/bin/sh +# +# chronyd This shell script takes care of starting and stopping +# chronyd (NTP daemon). +# +# chkconfig: 45 80 20 +# description: chronyd is the NTP daemon. + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +PREDIR="/usr/local" +CHRONYD=$PREDIR"/sbin/chronyd" +CHRONYC=$PREDIR"/bin/chronyc" + +[ -x $CHRONYD -a -x $CHRONYC -a -f /etc/chrony.conf ] || exit 0 + +dochrony() { + if [ -z "$(pidofproc chronyd)" ]; then + echo -e "\n\tchronyd not running\n\n" + exit 2 + fi + KEY=`awk '$1 == "commandkey" {print $2; exit}' /etc/chrony.conf` + PASSWORD=`awk '$1 == '$KEY' {print $2; exit}' /etc/chrony/keys` + + $CHRONYC <<- EOF + password $PASSWORD + $@ + quit + EOF +} + +# make the first parameter' lower case +set - `echo $1 | awk '{print tolower($1)}';shift;echo "$@"` + +# Expand any shortcuts. +case "$1" in + on|1) + set - "online" + ;; + off|0) + set - "offline" +esac + +# See how we were called. +case "$1" in + start) + # Start daemons. + echo -n "Starting chronyd: " + daemon $CHRONYD + if [ $? -eq 0 ]; then + echo $(pidofproc chronyd) > /var/run/chronyd.pid + touch /var/lock/subsys/chronyd + fi + echo + ;; + stop) + # Stop daemons. + echo -n "Shutting down chronyd: " + killproc chronyd + echo + rm -f /var/lock/subsys/chronyd + ;; + status) + status chronyd + ;; + restart|reload) + $0 stop + $0 start + ;; + condrestart) + if [ -f /var/lock/subsys/chronyd ]; then + $0 stop + $0 start + fi + ;; + "") + echo "Usage: chronyd +{start|stop|restart|reload|condrestart|status|[on|off]line etc}" + exit 1 + ;; + +accheck|cmdaccheck|clients|manual|rtcdata|sources|sourcestats|tracking|clients) + dochrony "$@" + ;; + *) + echo -n "Chrony $1: " + dochrony "$@" > /dev/null + [ $? -eq 0 ] && echo_success || echo_failure + echo +esac + +exit 0 + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/stephan_boettcher_1 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/stephan_boettcher_1 --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/stephan_boettcher_1 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/stephan_boettcher_1 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,162 @@ +From stephan@nevis1.nevis.columbia.edu Mon Jun 7 20:51:57 1999 +Date: 04 Jun 1999 00:17:25 -0400 +From: Stephan I. Boettcher +To: richard@rrbcurnow.freeserve.co.uk +Subject: chrony 1.1 sysV startup script for notebooks + + +Dear Richard, + +I installed chrony on my notebook, running RedHat 5.1 Linux. +It looks like it works. No problems. + +Thank you! + +I like to donate my sysV startup script, appended below. + +Special feature: the `online' command scans the config file to +selectively turn some servers online, depending on the pcmcia SCHEME. + +booting: /etc/rc.d/init.d/chrony start +/etc/ppp/ip-up: /etc/rc.d/init.d/chrony online +/etc/ppp/ip-down: /etc/rc.d/init.d/chrony offline +logrotate cron: /etc/rc.d/init.d/chrony cyclelogs +a user: /etc/rc.d/init.d/chrony status +a sysadmin: /etc/rc.d/init.d/chrony restart +shutdown: /etc/rc.d/init.d/chrony stop + +Best regards +Stephan + +-- + +------------------------------------------------------------------------ +Stephan Boettcher FAX: +1-914-591-4540 +Columbia University, Nevis Labs Tel: +1-914-591-2863 +P.O. Box 137, 136 South Broadway mailto:stephan@nevis1.columbia.edu +Irvington, NY 10533, USA http://www.nevis.columbia.edu/~stephan +------------------------------------------------------------------------ + +########################### cut here ################################### +#! /bin/bash +# +# /etc/rc.d/init.d/chrony +# +# SYS V startup script for +# chrony ntp daemon +# on Linux 2.0.3x notebooks with pcmcia scheme support +# $Id: stephan_boettcher_1,v 1.1 2000/04/24 21:36:04 richard Exp $ +# +# 1999-06-02 SiB +# +# For PCMCIA users: +# In /etc/chrony.conf, precede the server commands for each SCHEME +# with a comment line that contains the word SCHEME and the name of +# the scheme(s) that should use the servers, up to the next line that +# contains the word SCHEME. The servers must be `offline' and +# specified by their IP address. The hostname will not do. +# +# Like: +# +# # SCHEME nevisppp nevislan +# # stephanpc.nevis.columbia.edu +# server 192.12.82.222 offline +# +# # SCHEME desyppp desylan +# +# # dsygw2.desy.de +# server 131.169.30.15 offline +# # dscomsa.desy.de +# server 131.169.197.35 offline + +CONF=/etc/chrony.conf +CHRONYD=/usr/local/sbin/chronyd +CHRONYC=/usr/local/bin/chronyc +KEYS=/etc/chrony.keys + +# See if we got all we need: + +[ -f $CHRONYD -a -f $CHRONYC -a -r $CONF ] || exit + + +[ -r $KEYS ] \ +&& CMDKEY=`awk '/^commandkey/{print $2}' $CONF` \ +&& PASSWORD=`awk -v KEY=$CMDKEY '$1==KEY{print $2}' $KEYS` + + +case "$1" in + + start) + echo -n "Starting chronyd " + $CHRONYD -r -s -f $CONF + echo + ;; + + stop) + echo -n "Shutting down chronyd " + /usr/bin/killall chronyd + echo + ;; + + restart) + $0 stop + $0 start + ;; + + on*) + + [ -f /var/run/pcmcia-scheme ] && SCHEME=`cat /var/run/pcmcia-scheme` + + awk -v SCHEME=${SCHEME:-default} -v PASSWORD=$PASSWORD \ + ' + BEGIN { + SEL=1; + print "password", PASSWORD; + } + /SCHEME/ { + SEL=match($0, SCHEME); + } + SEL && /^server[ \t]*[0-9.]+[ \t].*offline/ { + print "online 255.255.255.255/" $2; + } + ' \ + $CONF \ + | $CHRONYC + + ;; + + off*) + cat <<-EOF | $CHRONYC + password $PASSWORD + offline + trimrtc + dump + EOF + ;; + + *log*) + cat <<-EOF | $CHRONYC + password $PASSWORD + cyclelogs + EOF + ;; + + stat*) + cat <<-EOF | $CHRONYC + sources + sourcestats + tracking + rtcdata + EOF + ;; + + *) + echo "Usage: chronyd {start|stop|restart|status|online|offline|cyclelogs}" + exit 1 + ;; + +esac + +exit 0 + + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/contrib/wolfgang_weisselberg1 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/wolfgang_weisselberg1 --- atmark-dist-20150618/user/chrony/chrony-1.30/contrib/wolfgang_weisselberg1 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/contrib/wolfgang_weisselberg1 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,118 @@ + +> Is it possible to limit chronyc to only those commands that +> are readonly plus those necessary to bring a dialup connection up +> and down? That is: online offline dump writertc and password. + +This is trivial on the same host and workable for non-local +hosts: use a wrapper program or script. An *untested* +sample follows. To use it, best create a special user (say +chronyc) and a special group (say chronyg). Make the script +chronyc:chronyg, and 4750 (suid, rwxr-x---). Add all users +who may run the script to the group chronyg. + +Make a chrony password file e.g. +/usr/local/etc/chrony_password. It should be owned by chronyc +and readable only for the owner, containing only the chrony +password (and maybe a newline) in the first line. + +In this way only the script (call it run_chrony, for example) +can read the password. It will allow only those commands you +explicitely allow. You can add a password check -- especially +if you add an internet port so you can access it over the +internet this is advisable. You really want to add logging +to this untested script as well. + + +BTW, if you use some sort of PPP, you probably can use +/etc/ppp/ip-up and /etc/ppp/ip-down to transparently set chrony +on- and offline as the ip connection goes up and comes down. +This is _far_ more user friendly, IMHO, and a DOS by switching +chrony offline all the time is avoided as well. + + +#! /usr/bin/perl -T +use v5.6.1; +use warnings; +use strict; + +sub laundered_command(); +sub order_chrony($$); +sub read_password(); +sub usage($); + +our $CHRONY = "/usr/local/bin/chronyc"; + +# NOTE: select the file system protection wisely for the +# PASSWORDFILE! +our $PASSWORDFILE = "/usr/local/etc/chrony_password"; + +our @ALLOWED_COMMANDS = ( + 'online', # switch online mode on + 'offline', # switch online mode off + 'dump', # save measurements to file + 'writerc', # save RTC accumulated data + + 'clients', # which clients are served by us? + 'rtcdata', # Quality of RTC measurements + 'sources(?: -v)?', # Show our sources (verbose) + 'sourcestats(?: -v)?', # How good are our sources (verbose)? + 'tracking', # whom do we adjust to? + + # 'burst \d+/\d+', # allow them to send bursts? +); + +usage("No command given.") unless $ARGV[0]; + +%ENV = (); # nuke all environment variables. Rather + # drastic, but better safe than sorry! + # Add whatever you really need to get it + # working (again). +$ENV{'PATH'} = '/usr/local/bin:/bin:/usr/bin'; + +order_chrony(laundered_command(), read_password()); + +exit 0; # command succeeded + +############################################################ + +sub usage($) { + print STDERR "Error: ", shift, "\n"; + + # OK, this eats the -v... + print STDERR "Legal commands are:\n\t", join "\n", + map { $_ =~ m:(\w+):; $1 } @ALLOWED_COMMANDS; + exit 1; # error +} + +############################################################ + +sub laundered_command() { + my $regexp = "^(" . join ( "|", @ALLOWED_COMMANDS ) . ")\$"; + my $parameters = join " ", @ARGV; + $parameters =~ m:$regexp: or usage("Command $parameters not allowed."); + + return $1; # this value, then, is untainted. +}; + +############################################################ + +sub read_password() { + open PASS, $PASSWORDFILE + or die "Could not read protected password file: $!"; + my $password = ; + chomp $password; + return $password; +}; + +############################################################ + +sub order_chrony($$) { + my ($clean_command, $password) = @_; + open CHRONY, "| $CHRONY &> /dev/null" or die "could not run $CHRONY: $!\n"; + print CHRONY "password $password\n"; + print CHRONY "$clean_command\n"; + close CHRONY + or die "Error running command $clean_command\n", "\ton $CHRONY: $!\n"; +} + +############################################################ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/examples/chrony.conf.example atmark-dist-20150618_chrony/user/chrony/chrony-1.30/examples/chrony.conf.example --- atmark-dist-20150618/user/chrony/chrony-1.30/examples/chrony.conf.example 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/examples/chrony.conf.example 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,307 @@ +####################################################################### +# +# This is an example chrony configuration file. You should copy it to +# /etc/chrony.conf after uncommenting and editing the options that you +# want to enable. The more obscure options are not included. Refer +# to the documentation for these. +# +# Copyright 2002 Richard P. Curnow +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# +####################################################################### +### COMMENTS +# Any of the following lines are comments (you have a choice of +# comment start character): +# a comment +% a comment +! a comment +; a comment +# +# Below, the '!' form is used for lines that you might want to +# uncomment and edit to make your own chrony.conf file. +# +####################################################################### +####################################################################### +### SPECIFY YOUR NTP SERVERS +# Most computers using chrony will send measurement requests to one or +# more 'NTP servers'. You will probably find that your Internet Service +# Provider or company have one or more NTP servers that you can specify. +# Failing that, there are a lot of public NTP servers. There is a list +# you can access at http://support.ntp.org/bin/view/Servers/WebHome or +# you can use servers from the pool.ntp.org project. + +! server 0.pool.ntp.org iburst +! server 1.pool.ntp.org iburst +! server 2.pool.ntp.org iburst + +# However, for dial-up use you probably want these instead. The word +# 'offline' means that the server is not visible at boot time. Use +# chronyc's 'online' command to tell chronyd that these servers have +# become visible after you go on-line. + +! server 0.pool.ntp.org offline +! server 1.pool.ntp.org offline +! server 2.pool.ntp.org offline + +# You may want to specify NTP 'peers' instead. If you run a network +# with a lot of computers and want several computers running chrony to +# have the 'front-line' interface to the public NTP servers, you can +# 'peer' these machines together to increase robustness. + +! peer ntp0.my-company.com + +# There are other options to the 'server' and 'peer' directives that you +# might want to use. For example, you can ignore measurements whose +# round-trip-time is too large (indicating that the measurement is +# probably useless, because you don't know which way the measurement +# message got held up.) Consult the full documentation for details. + +####################################################################### +### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK +# +# To avoid changes being made to your computer's gain/loss compensation +# when the measurement history is too erratic, you might want to enable +# one of the following lines. The first seems good for dial-up (or +# other high-latency connections like slow leased lines), the second +# seems OK for a LAN environment. + +! maxupdateskew 100 +! maxupdateskew 5 + +####################################################################### +### FILENAMES ETC +# Chrony likes to keep information about your computer's clock in files. +# The 'driftfile' stores the computer's clock gain/loss rate in parts +# per million. When chronyd starts, the system clock can be tuned +# immediately so that it doesn't gain or lose any more time. You +# generally want this, so it is uncommented. + +driftfile /var/lib/chrony/drift + +# If you want to use the program called chronyc to configure aspects of +# chronyd's operation once it is running (e.g. tell it the Internet link +# has gone up or down), you need a password. This is stored in the +# following keys file. (You also need keys to support authenticated NTP +# exchanges between cooperating machines.) Again, this option is +# assumed by default. + +keyfile /etc/chrony.keys + +# Tell chronyd which numbered key in the file is used as the password +# for chronyc. (You can pick any integer up to 2**32-1. '1' is just a +# default. Using another value will _NOT_ increase security.) + +commandkey 1 + +# With this directive a random password will be generated automatically. +generatecommandkey + +# chronyd can save the measurement history for the servers to files when +# it it exits. This is useful in 2 situations: +# +# 1. On Linux, if you stop chronyd and restart it with '-r' (e.g. after +# an upgrade), the old measurements will still be relevant when chronyd +# is restarted. This will reduce the time needed to get accurate +# gain/loss measurements, especially with a dial-up link. +# +# 2. Again on Linux, if you use the RTC support and start chronyd with +# '-r -s' on bootup, measurements from the last boot will still be +# useful (the real time clock is used to 'flywheel' chronyd between +# boots). +# +# Enable these two options to use this. + +! dumponexit +! dumpdir /var/lib/chrony + +# chronyd writes its process ID to a file. If you try to start a second +# copy of chronyd, it will detect that the process named in the file is +# still running and bail out. If you want to change the path to the PID +# file, uncomment this line and edit it. The default path is shown. + +! pidfile /var/run/chronyd.pid + +####################################################################### +### INITIAL CLOCK CORRECTION +# This option is useful to quickly correct the clock on start if it's +# off by a large amount. The value '10' means that if the error is less +# than 10 seconds, it will be gradually removed by speeding up or +# slowing down your computer's clock until it is correct. If the error +# is above 10 seconds, an immediate time jump will be applied to correct +# it. The value '1' means the step is allowed only on the first update +# of the clock. Some software can get upset if the system clock jumps +# (especially backwards), so be careful! + +! makestep 10 1 + +####################################################################### +### LOGGING +# If you want to log information about the time measurements chronyd has +# gathered, you might want to enable the following lines. You probably +# only need this if you really enjoy looking at the logs, you want to +# produce some graphs of your system's timekeeping performance, or you +# need help in debugging a problem. + +! logdir /var/log/chrony +! log measurements statistics tracking + +# If you have real time clock support enabled (see below), you might want +# this line instead: + +! log measurements statistics tracking rtc + +####################################################################### +### ACTING AS AN NTP SERVER +# You might want the computer to be an NTP server for other computers. +# e.g. you might be running chronyd on a dial-up machine that has a LAN +# sitting behind it with several 'satellite' computers on it. +# +# By default, chronyd does not allow any clients to access it. You need +# to explicitly enable access using 'allow' and 'deny' directives. +# +# e.g. to enable client access from the 192.168.*.* class B subnet, + +! allow 192.168/16 + +# .. but disallow the 192.168.100.* subnet of that, + +! deny 192.168.100/24 + +# You can have as many allow and deny directives as you need. The order +# is unimportant. + +# If you want chronyd to act as an NTP broadcast server, enable and edit +# (and maybe copy) the following line. This means that a broadcast +# packet is sent to the address 192.168.1.255 every 60 seconds. The +# address MUST correspond to the broadcast address of one of the network +# interfaces on your machine. If you have multiple network interfaces, +# add a broadcast line for each. + +! broadcast 60 192.168.1.255 + +# If you want to present your computer's time for others to synchronise +# with, even if you don't seem to be synchronised to any NTP servers +# yourself, enable the following line. The value 10 may be varied +# between 1 and 15. You should avoid small values because you will look +# like a real NTP server. The value 10 means that you appear to be 10 +# NTP 'hops' away from an authoritative source (atomic clock, GPS +# receiver, radio clock etc). + +! local stratum 10 + +# Normally, chronyd will keep track of how many times each client +# machine accesses it. The information can be accessed by the 'clients' +# command of chronyc. You can disable this facility by uncommenting the +# following line. This will save a bit of memory if you have many +# clients. + +! noclientlog + +# The clientlog size is limited to 512KB by default. If you have many +# clients, especially in many different subnets, you might want to +# increase the limit. + +! clientloglimit 4194304 + +####################################################################### +### REPORTING BIG CLOCK CHANGES +# Perhaps you want to know if chronyd suddenly detects any large error +# in your computer's clock. This might indicate a fault or a problem +# with the server(s) you are using, for example. +# +# The next option causes a message to be written to syslog when chronyd +# has to correct an error above 0.5 seconds (you can use any amount you +# like). + +! logchange 0.5 + +# The next option will send email to the named person when chronyd has +# to correct an error above 0.5 seconds. (If you need to send mail to +# several people, you need to set up a mailing list or sendmail alias +# for them and use the address of that.) + +! mailonchange wibble@foobar.org 0.5 + +####################################################################### +### COMMAND ACCESS +# The program chronyc is used to show the current operation of chronyd +# and to change parts of its configuration whilst it is running. + +# Normally, chronyd will only allow connections from chronyc on the same +# machine as itself. This is for security. If you have a subnet +# 192.168.*.* and you want to be able to use chronyc from any machine on +# it, you could uncomment the following line. (Edit this to your own +# situation.) + +! cmdallow 192.168/16 + +# You can add as many 'cmdallow' and 'cmddeny' lines as you like. The +# syntax and meaning is the same as for 'allow' and 'deny', except that +# 'cmdallow' and 'cmddeny' control access to the chronyd's command port. + +# NOTE, even if the host where you run chronyc is granted access, you +# still need a command key set up and you have to know the password to +# put into chronyc to allow you to modify chronyd's parameters. By +# default all you can do is view information about chronyd's operation. + +####################################################################### +### REAL TIME CLOCK +# chronyd can characterise the system's real-time clock. This is the +# clock that keeps running when the power is turned off, so that the +# machine knows the approximate time when it boots again. The error at +# a particular epoch and gain/loss rate can be written to a file and +# used later by chronyd when it is started with the '-s' option. +# +# You need to have 'enhanced RTC support' compiled into your Linux +# kernel. (Note, these options apply only to Linux.) + +! rtcfile /var/lib/chrony/rtc + +# Your RTC can be set to keep Universal Coordinated Time (UTC) or local +# time. (Local time means UTC +/- the effect of your timezone.) If you +# use UTC, chronyd will function correctly even if the computer is off +# at the epoch when you enter or leave summer time (aka daylight saving +# time). However, if you dual boot your system with Microsoft Windows, +# that will work better if your RTC maintains local time. You take your +# pick! + +! rtconutc + +# By default chronyd assumes that the enhanced RTC device is accessed as +# /dev/rtc. If it's accessed somewhere else on your system (e.g. you're +# using devfs), uncomment and edit the following line. + +! rtcdevice /dev/misc/rtc + +####################################################################### +### REAL TIME SCHEDULER +# This directive tells chronyd to use the real-time FIFO scheduler with the +# specified priority (which must be between 0 and 100). This should result +# in reduced latency. You don't need it unless you really have a requirement +# for extreme clock stability. Works only on Linux. Note that the "-P" +# command-line switch will override this. + +! sched_priority 1 + +####################################################################### +### LOCKING CHRONYD INTO RAM +# This directive tells chronyd to use the mlockall() syscall to lock itself +# into RAM so that it will never be paged out. This should result in reduced +# latency. You don't need it unless you really have a requirement +# for extreme clock stability. Works only on Linux. Note that the "-m" +# command-line switch will also enable this feature. + +! lock_all diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/examples/chrony.conf.example2 atmark-dist-20150618_chrony/user/chrony/chrony-1.30/examples/chrony.conf.example2 --- atmark-dist-20150618/user/chrony/chrony-1.30/examples/chrony.conf.example2 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/examples/chrony.conf.example2 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,46 @@ +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +server 0.pool.ntp.org iburst +server 1.pool.ntp.org iburst +server 2.pool.ntp.org iburst +server 3.pool.ntp.org iburst + +# Ignore stratum in source selection. +stratumweight 0 + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Enable kernel RTC synchronization. +rtcsync + +# In first three updates step the system clock instead of slew +# if the adjustment is larger than 10 seconds. +makestep 10 3 + +# Allow NTP client access from local network. +#allow 192.168/16 + +# Listen for commands only on localhost. +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 + +# Serve time even if not synchronized to any NTP server. +#local stratum 10 + +keyfile /etc/chrony.keys + +# Specify the key used as password for chronyc. +commandkey 1 + +# Generate command key if missing. +generatecommandkey + +# Disable logging of client accesses. +noclientlog + +# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. +logchange 0.5 + +logdir /var/log/chrony +#log measurements statistics tracking diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/examples/chrony.keys.example atmark-dist-20150618_chrony/user/chrony/chrony-1.30/examples/chrony.keys.example --- atmark-dist-20150618/user/chrony/chrony-1.30/examples/chrony.keys.example 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/examples/chrony.keys.example 2015-07-07 20:54:16.034013757 +0900 @@ -0,0 +1,29 @@ +####################################################################### +# +# This is an example chrony keys file. You should copy it to /etc/chrony.keys +# after editing it to set up the key(s) you want to use. It should be readable +# only by root or the user chronyd drops the root privileges to. In most +# situations, you will require a single key (the 'commandkey') so that you can +# supply a password to chronyc to enable you to modify chronyd's operation +# whilst it is running. +# +# Copyright 2002 Richard P. Curnow +# +###################################################################### + +# Examples of valid keys: + +#1 ALongAndRandomPassword +#2 MD5 HEX:B028F91EA5C38D06C2E140B26C7F41EC +#3 SHA1 HEX:1DC764E0791B11FA67EFC7ECBC4B0D73F68A070C + +# The keys should be random for maximum security. If you wanted to use a key +# with ID 1 as your commandkey (i.e. chronyc password) you would put +# "commandkey 1" into chrony.conf. If no commandkey is present in the keys +# file and the generatecommandkey directive is specified in chrony.conf, +# a random commandkey will be generated and added to the keys file +# automatically on chronyd start. + +# You might want to define more keys if you use the authentication facility +# in the network time protocol to authenticate request/response packets between +# trusted clients and servers. diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/getdate.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/getdate.c --- atmark-dist-20150618/user/chrony/chrony-1.30/getdate.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/getdate.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,2886 @@ + +/* A Bison parser, made by GNU Bison 2.4.1. */ + +/* Skeleton implementation for Bison's Yacc-like parsers in C + + Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 + Free Software Foundation, Inc. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +/* As a special exception, you may create a larger work that contains + part or all of the Bison parser skeleton and distribute that work + under terms of your choice, so long as that work isn't itself a + parser generator using the skeleton or a modified version thereof + as a parser skeleton. Alternatively, if you modify or redistribute + the parser skeleton itself, you may (at your option) remove this + special exception, which will cause the skeleton and the resulting + Bison output files to be licensed under the GNU General Public + License without this special exception. + + This special exception was added by the Free Software Foundation in + version 2.2 of Bison. */ + +/* C LALR(1) parser skeleton written by Richard Stallman, by + simplifying the original so-called "semantic" parser. */ + +/* All symbols defined below should begin with yy or YY, to avoid + infringing on user name space. This should be done even for local + variables, as they might otherwise be expanded by user macros. + There are some unavoidable exceptions within include files to + define necessary library symbols; they are noted "INFRINGES ON + USER NAME SPACE" below. */ + +/* Identify Bison output. */ +#define YYBISON 1 + +/* Bison version. */ +#define YYBISON_VERSION "2.4.1" + +/* Skeleton name. */ +#define YYSKELETON_NAME "yacc.c" + +/* Pure parsers. */ +#define YYPURE 0 + +/* Push parsers. */ +#define YYPUSH 0 + +/* Pull parsers. */ +#define YYPULL 1 + +/* Using locations. */ +#define YYLSP_NEEDED 0 + + + +/* Copy the first part of user declarations. */ + +/* Line 189 of yacc.c */ +#line 1 "getdate.y" + +/* +** Originally written by Steven M. Bellovin while +** at the University of North Carolina at Chapel Hill. Later tweaked by +** a couple of people on Usenet. Completely overhauled by Rich $alz +** and Jim Berets in August, 1990. +** +** This code is in the public domain and has no copyright. +*/ + +#ifdef HAVE_CONFIG_H +# include +# ifdef HAVE_ALLOCA_H +# include +# endif +#endif + +/* Since the code of getdate.y is not included in the Emacs executable + itself, there is no need to #define static in this file. Even if + the code were included in the Emacs executable, it probably + wouldn't do any harm to #undef it here; this will only cause + problems if we try to write to a static variable, which I don't + think this code needs to do. */ +#ifdef emacs +# undef static +#endif + +#include +#include + +#if HAVE_STDLIB_H +# include /* for `free'; used by Bison 1.27 */ +#endif + +#if defined (STDC_HEADERS) || (!defined (isascii) && !defined (HAVE_ISASCII)) +# define IN_CTYPE_DOMAIN(c) 1 +#else +# define IN_CTYPE_DOMAIN(c) isascii(c) +#endif + +#define ISSPACE(c) (IN_CTYPE_DOMAIN (c) && isspace (c)) +#define ISALPHA(c) (IN_CTYPE_DOMAIN (c) && isalpha (c)) +#define ISUPPER(c) (IN_CTYPE_DOMAIN (c) && isupper (c)) +#define ISDIGIT_LOCALE(c) (IN_CTYPE_DOMAIN (c) && isdigit (c)) + +/* ISDIGIT differs from ISDIGIT_LOCALE, as follows: + - Its arg may be any int or unsigned int; it need not be an unsigned char. + - It's guaranteed to evaluate its argument exactly once. + - It's typically faster. + Posix 1003.2-1992 section 2.5.2.1 page 50 lines 1556-1558 says that + only '0' through '9' are digits. Prefer ISDIGIT to ISDIGIT_LOCALE unless + it's important to use the locale's definition of `digit' even when the + host does not conform to Posix. */ +#define ISDIGIT(c) ((unsigned) (c) - '0' <= 9) + +#if defined (STDC_HEADERS) || defined (USG) +# include +#endif + +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 7) +# define __attribute__(x) +#endif + +#ifndef ATTRIBUTE_UNUSED +# define ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +#endif + +/* Some old versions of bison generate parsers that use bcopy. + That loses on systems that don't provide the function, so we have + to redefine it here. */ +#if !defined (HAVE_BCOPY) && defined (HAVE_MEMCPY) && !defined (bcopy) +# define bcopy(from, to, len) memcpy ((to), (from), (len)) +#endif + +/* Remap normal yacc parser interface names (yyparse, yylex, yyerror, etc), + as well as gratuitiously global symbol names, so we can have multiple + yacc generated parsers in the same program. Note that these are only + the variables produced by yacc. If other parser generators (bison, + byacc, etc) produce additional global names that conflict at link time, + then those parser generators need to be fixed instead of adding those + names to this list. */ + +#define yymaxdepth gd_maxdepth +#define yyparse gd_parse +#define yylex gd_lex +#define yyerror gd_error +#define yylval gd_lval +#define yychar gd_char +#define yydebug gd_debug +#define yypact gd_pact +#define yyr1 gd_r1 +#define yyr2 gd_r2 +#define yydef gd_def +#define yychk gd_chk +#define yypgo gd_pgo +#define yyact gd_act +#define yyexca gd_exca +#define yyerrflag gd_errflag +#define yynerrs gd_nerrs +#define yyps gd_ps +#define yypv gd_pv +#define yys gd_s +#define yy_yys gd_yys +#define yystate gd_state +#define yytmp gd_tmp +#define yyv gd_v +#define yy_yyv gd_yyv +#define yyval gd_val +#define yylloc gd_lloc +#define yyreds gd_reds /* With YYDEBUG defined */ +#define yytoks gd_toks /* With YYDEBUG defined */ +#define yylhs gd_yylhs +#define yylen gd_yylen +#define yydefred gd_yydefred +#define yydgoto gd_yydgoto +#define yysindex gd_yysindex +#define yyrindex gd_yyrindex +#define yygindex gd_yygindex +#define yytable gd_yytable +#define yycheck gd_yycheck + +static int yylex (void); +static int yyerror (char *s); + +#define EPOCH 1970 +#define HOUR(x) ((x) * 60) + +#define MAX_BUFF_LEN 128 /* size of buffer to read the date into */ + +/* +** An entry in the lexical lookup table. +*/ +typedef struct _TABLE { + const char *name; + int type; + int value; +} TABLE; + + +/* +** Meridian: am, pm, or 24-hour style. +*/ +typedef enum _MERIDIAN { + MERam, MERpm, MER24 +} MERIDIAN; + + +/* +** Global variables. We could get rid of most of these by using a good +** union as the yacc stack. (This routine was originally written before +** yacc had the %union construct.) Maybe someday; right now we only use +** the %union very rarely. +*/ +static const char *yyInput; +static int yyDayOrdinal; +static int yyDayNumber; +static int yyHaveDate; +static int yyHaveDay; +static int yyHaveRel; +static int yyHaveTime; +static int yyHaveZone; +static int yyTimezone; +static int yyDay; +static int yyHour; +static int yyMinutes; +static int yyMonth; +static int yySeconds; +static int yyYear; +static MERIDIAN yyMeridian; +static int yyRelDay; +static int yyRelHour; +static int yyRelMinutes; +static int yyRelMonth; +static int yyRelSeconds; +static int yyRelYear; + + + +/* Line 189 of yacc.c */ +#line 252 "getdate.c" + +/* Enabling traces. */ +#ifndef YYDEBUG +# define YYDEBUG 0 +#endif + +/* Enabling verbose error messages. */ +#ifdef YYERROR_VERBOSE +# undef YYERROR_VERBOSE +# define YYERROR_VERBOSE 1 +#else +# define YYERROR_VERBOSE 0 +#endif + +/* Enabling the token table. */ +#ifndef YYTOKEN_TABLE +# define YYTOKEN_TABLE 0 +#endif + + +/* Tokens. */ +#ifndef YYTOKENTYPE +# define YYTOKENTYPE + /* Put the tokens into the symbol table, so that GDB and other debuggers + know about them. */ + enum yytokentype { + tAGO = 258, + tDAY = 259, + tDAY_UNIT = 260, + tDAYZONE = 261, + tDST = 262, + tHOUR_UNIT = 263, + tID = 264, + tMERIDIAN = 265, + tMINUTE_UNIT = 266, + tMONTH = 267, + tMONTH_UNIT = 268, + tSEC_UNIT = 269, + tSNUMBER = 270, + tUNUMBER = 271, + tYEAR_UNIT = 272, + tZONE = 273 + }; +#endif + + + +#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED +typedef union YYSTYPE +{ + +/* Line 214 of yacc.c */ +#line 182 "getdate.y" + + int Number; + enum _MERIDIAN Meridian; + + + +/* Line 214 of yacc.c */ +#line 313 "getdate.c" +} YYSTYPE; +# define YYSTYPE_IS_TRIVIAL 1 +# define yystype YYSTYPE /* obsolescent; will be withdrawn */ +# define YYSTYPE_IS_DECLARED 1 +#endif + + +/* Copy the second part of user declarations. */ + + +/* Line 264 of yacc.c */ +#line 325 "getdate.c" + +#ifdef short +# undef short +#endif + +#ifdef YYTYPE_UINT8 +typedef YYTYPE_UINT8 yytype_uint8; +#else +typedef unsigned char yytype_uint8; +#endif + +#ifdef YYTYPE_INT8 +typedef YYTYPE_INT8 yytype_int8; +#elif (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +typedef signed char yytype_int8; +#else +typedef short int yytype_int8; +#endif + +#ifdef YYTYPE_UINT16 +typedef YYTYPE_UINT16 yytype_uint16; +#else +typedef unsigned short int yytype_uint16; +#endif + +#ifdef YYTYPE_INT16 +typedef YYTYPE_INT16 yytype_int16; +#else +typedef short int yytype_int16; +#endif + +#ifndef YYSIZE_T +# ifdef __SIZE_TYPE__ +# define YYSIZE_T __SIZE_TYPE__ +# elif defined size_t +# define YYSIZE_T size_t +# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include /* INFRINGES ON USER NAME SPACE */ +# define YYSIZE_T size_t +# else +# define YYSIZE_T unsigned int +# endif +#endif + +#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) + +#ifndef YY_ +# if YYENABLE_NLS +# if ENABLE_NLS +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_(msgid) dgettext ("bison-runtime", msgid) +# endif +# endif +# ifndef YY_ +# define YY_(msgid) msgid +# endif +#endif + +/* Suppress unused-variable warnings by "using" E. */ +#if ! defined lint || defined __GNUC__ +# define YYUSE(e) ((void) (e)) +#else +# define YYUSE(e) /* empty */ +#endif + +/* Identity function, used to suppress warnings about constant conditions. */ +#ifndef lint +# define YYID(n) (n) +#else +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static int +YYID (int yyi) +#else +static int +YYID (yyi) + int yyi; +#endif +{ + return yyi; +} +#endif + +#if ! defined yyoverflow || YYERROR_VERBOSE + +/* The parser invokes alloca or malloc; define the necessary symbols. */ + +# ifdef YYSTACK_USE_ALLOCA +# if YYSTACK_USE_ALLOCA +# ifdef __GNUC__ +# define YYSTACK_ALLOC __builtin_alloca +# elif defined __BUILTIN_VA_ARG_INCR +# include /* INFRINGES ON USER NAME SPACE */ +# elif defined _AIX +# define YYSTACK_ALLOC __alloca +# elif defined _MSC_VER +# include /* INFRINGES ON USER NAME SPACE */ +# define alloca _alloca +# else +# define YYSTACK_ALLOC alloca +# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif +# endif +# endif +# endif +# endif + +# ifdef YYSTACK_ALLOC + /* Pacify GCC's `empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) +# ifndef YYSTACK_ALLOC_MAXIMUM + /* The OS might guarantee only one guard page at the bottom of the stack, + and a page size can be as small as 4096 bytes. So we cannot safely + invoke alloca (N) if N exceeds 4096. Use a slightly smaller number + to allow for a few compiler-allocated temporary stack slots. */ +# define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ +# endif +# else +# define YYSTACK_ALLOC YYMALLOC +# define YYSTACK_FREE YYFREE +# ifndef YYSTACK_ALLOC_MAXIMUM +# define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM +# endif +# if (defined __cplusplus && ! defined _STDLIB_H \ + && ! ((defined YYMALLOC || defined malloc) \ + && (defined YYFREE || defined free))) +# include /* INFRINGES ON USER NAME SPACE */ +# ifndef _STDLIB_H +# define _STDLIB_H 1 +# endif +# endif +# ifndef YYMALLOC +# define YYMALLOC malloc +# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# ifndef YYFREE +# define YYFREE free +# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +void free (void *); /* INFRINGES ON USER NAME SPACE */ +# endif +# endif +# endif +#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ + + +#if (! defined yyoverflow \ + && (! defined __cplusplus \ + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + +/* A type that is properly aligned for any stack member. */ +union yyalloc +{ + yytype_int16 yyss_alloc; + YYSTYPE yyvs_alloc; +}; + +/* The size of the maximum gap between one aligned stack and the next. */ +# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) + +/* The size of an array large to enough to hold all stacks, each with + N elements. */ +# define YYSTACK_BYTES(N) \ + ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + + YYSTACK_GAP_MAXIMUM) + +/* Copy COUNT objects from FROM to TO. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(To, From, Count) \ + __builtin_memcpy (To, From, (Count) * sizeof (*(From))) +# else +# define YYCOPY(To, From, Count) \ + do \ + { \ + YYSIZE_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (To)[yyi] = (From)[yyi]; \ + } \ + while (YYID (0)) +# endif +# endif + +/* Relocate STACK from its old location to the new one. The + local variables YYSIZE and YYSTACKSIZE give the old and new number of + elements in the stack, and YYPTR gives the new location of the + stack. Advance YYPTR to a properly aligned location for the next + stack. */ +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYSIZE_T yynewbytes; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / sizeof (*yyptr); \ + } \ + while (YYID (0)) + +#endif + +/* YYFINAL -- State number of the termination state. */ +#define YYFINAL 2 +/* YYLAST -- Last index in YYTABLE. */ +#define YYLAST 50 + +/* YYNTOKENS -- Number of terminals. */ +#define YYNTOKENS 22 +/* YYNNTS -- Number of nonterminals. */ +#define YYNNTS 11 +/* YYNRULES -- Number of rules. */ +#define YYNRULES 51 +/* YYNRULES -- Number of states. */ +#define YYNSTATES 61 + +/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ +#define YYUNDEFTOK 2 +#define YYMAXUTOK 273 + +#define YYTRANSLATE(YYX) \ + ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) + +/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ +static const yytype_uint8 yytranslate[] = +{ + 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 20, 2, 2, 21, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 19, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, + 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18 +}; + +#if YYDEBUG +/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in + YYRHS. */ +static const yytype_uint8 yyprhs[] = +{ + 0, 0, 3, 4, 7, 9, 11, 13, 15, 17, + 19, 22, 27, 32, 39, 46, 48, 50, 53, 55, + 58, 61, 65, 71, 75, 79, 82, 87, 90, 94, + 97, 99, 102, 105, 107, 110, 113, 115, 118, 121, + 123, 126, 129, 131, 134, 137, 139, 142, 145, 147, + 149, 150 +}; + +/* YYRHS -- A `-1'-separated list of the rules' RHS. */ +static const yytype_int8 yyrhs[] = +{ + 23, 0, -1, -1, 23, 24, -1, 25, -1, 26, + -1, 28, -1, 27, -1, 29, -1, 31, -1, 16, + 10, -1, 16, 19, 16, 32, -1, 16, 19, 16, + 15, -1, 16, 19, 16, 19, 16, 32, -1, 16, + 19, 16, 19, 16, 15, -1, 18, -1, 6, -1, + 18, 7, -1, 4, -1, 4, 20, -1, 16, 4, + -1, 16, 21, 16, -1, 16, 21, 16, 21, 16, + -1, 16, 15, 15, -1, 16, 12, 15, -1, 12, + 16, -1, 12, 16, 20, 16, -1, 16, 12, -1, + 16, 12, 16, -1, 30, 3, -1, 30, -1, 16, + 17, -1, 15, 17, -1, 17, -1, 16, 13, -1, + 15, 13, -1, 13, -1, 16, 5, -1, 15, 5, + -1, 5, -1, 16, 8, -1, 15, 8, -1, 8, + -1, 16, 11, -1, 15, 11, -1, 11, -1, 16, + 14, -1, 15, 14, -1, 14, -1, 16, -1, -1, + 10, -1 +}; + +/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ +static const yytype_uint16 yyrline[] = +{ + 0, 198, 198, 199, 202, 205, 208, 211, 214, 217, + 220, 226, 232, 241, 247, 259, 262, 266, 271, 275, + 279, 285, 289, 307, 313, 319, 323, 328, 332, 339, + 347, 350, 353, 356, 359, 362, 365, 368, 371, 374, + 377, 380, 383, 386, 389, 392, 395, 398, 401, 406, + 440, 443 +}; +#endif + +#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. + First, the terminals, then, starting at YYNTOKENS, nonterminals. */ +static const char *const yytname[] = +{ + "$end", "error", "$undefined", "tAGO", "tDAY", "tDAY_UNIT", "tDAYZONE", + "tDST", "tHOUR_UNIT", "tID", "tMERIDIAN", "tMINUTE_UNIT", "tMONTH", + "tMONTH_UNIT", "tSEC_UNIT", "tSNUMBER", "tUNUMBER", "tYEAR_UNIT", + "tZONE", "':'", "','", "'/'", "$accept", "spec", "item", "time", "zone", + "day", "date", "rel", "relunit", "number", "o_merid", 0 +}; +#endif + +# ifdef YYPRINT +/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to + token YYLEX-NUM. */ +static const yytype_uint16 yytoknum[] = +{ + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 58, + 44, 47 +}; +# endif + +/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_uint8 yyr1[] = +{ + 0, 22, 23, 23, 24, 24, 24, 24, 24, 24, + 25, 25, 25, 25, 25, 26, 26, 26, 27, 27, + 27, 28, 28, 28, 28, 28, 28, 28, 28, 29, + 29, 30, 30, 30, 30, 30, 30, 30, 30, 30, + 30, 30, 30, 30, 30, 30, 30, 30, 30, 31, + 32, 32 +}; + +/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ +static const yytype_uint8 yyr2[] = +{ + 0, 2, 0, 2, 1, 1, 1, 1, 1, 1, + 2, 4, 4, 6, 6, 1, 1, 2, 1, 2, + 2, 3, 5, 3, 3, 2, 4, 2, 3, 2, + 1, 2, 2, 1, 2, 2, 1, 2, 2, 1, + 2, 2, 1, 2, 2, 1, 2, 2, 1, 1, + 0, 1 +}; + +/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state + STATE-NUM when YYTABLE doesn't specify something else to do. Zero + means the default is an error. */ +static const yytype_uint8 yydefact[] = +{ + 2, 0, 1, 18, 39, 16, 42, 45, 0, 36, + 48, 0, 49, 33, 15, 3, 4, 5, 7, 6, + 8, 30, 9, 19, 25, 38, 41, 44, 35, 47, + 32, 20, 37, 40, 10, 43, 27, 34, 46, 0, + 31, 0, 0, 17, 29, 0, 24, 28, 23, 50, + 21, 26, 51, 12, 0, 11, 0, 50, 22, 14, + 13 +}; + +/* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int8 yydefgoto[] = +{ + -1, 1, 15, 16, 17, 18, 19, 20, 21, 22, + 55 +}; + +/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ +#define YYPACT_NINF -20 +static const yytype_int8 yypact[] = +{ + -20, 0, -20, -19, -20, -20, -20, -20, -13, -20, + -20, 30, 15, -20, 14, -20, -20, -20, -20, -20, + -20, 19, -20, -20, 4, -20, -20, -20, -20, -20, + -20, -20, -20, -20, -20, -20, -6, -20, -20, 16, + -20, 17, 23, -20, -20, 24, -20, -20, -20, 27, + 28, -20, -20, -20, 29, -20, 32, -8, -20, -20, + -20 +}; + +/* YYPGOTO[NTERM-NUM]. */ +static const yytype_int8 yypgoto[] = +{ + -20, -20, -20, -20, -20, -20, -20, -20, -20, -20, + -7 +}; + +/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule which + number is the opposite. If zero, do what YYDEFACT says. + If YYTABLE_NINF, syntax error. */ +#define YYTABLE_NINF -1 +static const yytype_uint8 yytable[] = +{ + 2, 23, 52, 24, 3, 4, 5, 59, 6, 46, + 47, 7, 8, 9, 10, 11, 12, 13, 14, 31, + 32, 43, 44, 33, 45, 34, 35, 36, 37, 38, + 39, 48, 40, 49, 41, 25, 42, 52, 26, 50, + 51, 27, 53, 28, 29, 57, 54, 30, 58, 56, + 60 +}; + +static const yytype_uint8 yycheck[] = +{ + 0, 20, 10, 16, 4, 5, 6, 15, 8, 15, + 16, 11, 12, 13, 14, 15, 16, 17, 18, 4, + 5, 7, 3, 8, 20, 10, 11, 12, 13, 14, + 15, 15, 17, 16, 19, 5, 21, 10, 8, 16, + 16, 11, 15, 13, 14, 16, 19, 17, 16, 21, + 57 +}; + +/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_uint8 yystos[] = +{ + 0, 23, 0, 4, 5, 6, 8, 11, 12, 13, + 14, 15, 16, 17, 18, 24, 25, 26, 27, 28, + 29, 30, 31, 20, 16, 5, 8, 11, 13, 14, + 17, 4, 5, 8, 10, 11, 12, 13, 14, 15, + 17, 19, 21, 7, 3, 20, 15, 16, 15, 16, + 16, 16, 10, 15, 19, 32, 21, 16, 16, 15, + 32 +}; + +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYEMPTY (-2) +#define YYEOF 0 + +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab + + +/* Like YYERROR except do call yyerror. This remains here temporarily + to ease the transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ + +#define YYFAIL goto yyerrlab + +#define YYRECOVERING() (!!yyerrstatus) + +#define YYBACKUP(Token, Value) \ +do \ + if (yychar == YYEMPTY && yylen == 1) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + yytoken = YYTRANSLATE (yychar); \ + YYPOPSTACK (1); \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ +while (YYID (0)) + + +#define YYTERROR 1 +#define YYERRCODE 256 + + +/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. + If N is 0, then set CURRENT to the empty location which ends + the previous symbol: RHS[0] (always defined). */ + +#define YYRHSLOC(Rhs, K) ((Rhs)[K]) +#ifndef YYLLOC_DEFAULT +# define YYLLOC_DEFAULT(Current, Rhs, N) \ + do \ + if (YYID (N)) \ + { \ + (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ + (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ + (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ + (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ + } \ + else \ + { \ + (Current).first_line = (Current).last_line = \ + YYRHSLOC (Rhs, 0).last_line; \ + (Current).first_column = (Current).last_column = \ + YYRHSLOC (Rhs, 0).last_column; \ + } \ + while (YYID (0)) +#endif + + +/* YY_LOCATION_PRINT -- Print the location on the stream. + This macro was not mandated originally: define only if we know + we won't break user code: when these are the locations we know. */ + +#ifndef YY_LOCATION_PRINT +# if YYLTYPE_IS_TRIVIAL +# define YY_LOCATION_PRINT(File, Loc) \ + fprintf (File, "%d.%d-%d.%d", \ + (Loc).first_line, (Loc).first_column, \ + (Loc).last_line, (Loc).last_column) +# else +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif +#endif + + +/* YYLEX -- calling `yylex' with the right arguments. */ + +#ifdef YYLEX_PARAM +# define YYLEX yylex (YYLEX_PARAM) +#else +# define YYLEX yylex () +#endif + +/* Enable debugging if requested. */ +#if YYDEBUG + +# ifndef YYFPRINTF +# include /* INFRINGES ON USER NAME SPACE */ +# define YYFPRINTF fprintf +# endif + +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (YYID (0)) + +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Type, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (YYID (0)) + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_value_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (!yyvaluep) + return; +# ifdef YYPRINT + if (yytype < YYNTOKENS) + YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); +# else + YYUSE (yyoutput); +# endif + switch (yytype) + { + default: + break; + } +} + + +/*--------------------------------. +| Print this symbol on YYOUTPUT. | +`--------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) +#else +static void +yy_symbol_print (yyoutput, yytype, yyvaluep) + FILE *yyoutput; + int yytype; + YYSTYPE const * const yyvaluep; +#endif +{ + if (yytype < YYNTOKENS) + YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); + else + YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + + yy_symbol_value_print (yyoutput, yytype, yyvaluep); + YYFPRINTF (yyoutput, ")"); +} + +/*------------------------------------------------------------------. +| yy_stack_print -- Print the state stack from its BOTTOM up to its | +| TOP (included). | +`------------------------------------------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) +#else +static void +yy_stack_print (yybottom, yytop) + yytype_int16 *yybottom; + yytype_int16 *yytop; +#endif +{ + YYFPRINTF (stderr, "Stack now"); + for (; yybottom <= yytop; yybottom++) + { + int yybot = *yybottom; + YYFPRINTF (stderr, " %d", yybot); + } + YYFPRINTF (stderr, "\n"); +} + +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (YYID (0)) + + +/*------------------------------------------------. +| Report that the YYRULE is going to be reduced. | +`------------------------------------------------*/ + +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yy_reduce_print (YYSTYPE *yyvsp, int yyrule) +#else +static void +yy_reduce_print (yyvsp, yyrule) + YYSTYPE *yyvsp; + int yyrule; +#endif +{ + int yynrhs = yyr2[yyrule]; + int yyi; + unsigned long int yylno = yyrline[yyrule]; + YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", + yyrule - 1, yylno); + /* The symbols being reduced. */ + for (yyi = 0; yyi < yynrhs; yyi++) + { + YYFPRINTF (stderr, " $%d = ", yyi + 1); + yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], + &(yyvsp[(yyi + 1) - (yynrhs)]) + ); + YYFPRINTF (stderr, "\n"); + } +} + +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyvsp, Rule); \ +} while (YYID (0)) + +/* Nonzero means print parse trace. It is left uninitialized so that + multiple parsers can coexist. */ +int yydebug; +#else /* !YYDEBUG */ +# define YYDPRINTF(Args) +# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YY_STACK_PRINT(Bottom, Top) +# define YY_REDUCE_PRINT(Rule) +#endif /* !YYDEBUG */ + + +/* YYINITDEPTH -- initial size of the parser's stacks. */ +#ifndef YYINITDEPTH +# define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH -- maximum size the stacks can grow to (effective only + if the built-in stack extension method is used). + + Do not make this value too large; the results are undefined if + YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) + evaluated with infinite-precision integer arithmetic. */ + +#ifndef YYMAXDEPTH +# define YYMAXDEPTH 10000 +#endif + + + +#if YYERROR_VERBOSE + +# ifndef yystrlen +# if defined __GLIBC__ && defined _STRING_H +# define yystrlen strlen +# else +/* Return the length of YYSTR. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static YYSIZE_T +yystrlen (const char *yystr) +#else +static YYSIZE_T +yystrlen (yystr) + const char *yystr; +#endif +{ + YYSIZE_T yylen; + for (yylen = 0; yystr[yylen]; yylen++) + continue; + return yylen; +} +# endif +# endif + +# ifndef yystpcpy +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +# define yystpcpy stpcpy +# else +/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in + YYDEST. */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static char * +yystpcpy (char *yydest, const char *yysrc) +#else +static char * +yystpcpy (yydest, yysrc) + char *yydest; + const char *yysrc; +#endif +{ + char *yyd = yydest; + const char *yys = yysrc; + + while ((*yyd++ = *yys++) != '\0') + continue; + + return yyd - 1; +} +# endif +# endif + +# ifndef yytnamerr +/* Copy to YYRES the contents of YYSTR after stripping away unnecessary + quotes and backslashes, so that it's suitable for yyerror. The + heuristic is that double-quoting is unnecessary unless the string + contains an apostrophe, a comma, or backslash (other than + backslash-backslash). YYSTR is taken from yytname. If YYRES is + null, do not copy; instead, return the length of what the result + would have been. */ +static YYSIZE_T +yytnamerr (char *yyres, const char *yystr) +{ + if (*yystr == '"') + { + YYSIZE_T yyn = 0; + char const *yyp = yystr; + + for (;;) + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + /* Fall through. */ + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } + do_not_strip_quotes: ; + } + + if (! yyres) + return yystrlen (yystr); + + return yystpcpy (yyres, yystr) - yyres; +} +# endif + +/* Copy into YYRESULT an error message about the unexpected token + YYCHAR while in state YYSTATE. Return the number of bytes copied, + including the terminating null byte. If YYRESULT is null, do not + copy anything; just return the number of bytes that would be + copied. As a special case, return 0 if an ordinary "syntax error" + message will do. Return YYSIZE_MAXIMUM if overflow occurs during + size calculation. */ +static YYSIZE_T +yysyntax_error (char *yyresult, int yystate, int yychar) +{ + int yyn = yypact[yystate]; + + if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) + return 0; + else + { + int yytype = YYTRANSLATE (yychar); + YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); + YYSIZE_T yysize = yysize0; + YYSIZE_T yysize1; + int yysize_overflow = 0; + enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; + char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; + int yyx; + +# if 0 + /* This is so xgettext sees the translatable formats that are + constructed on the fly. */ + YY_("syntax error, unexpected %s"); + YY_("syntax error, unexpected %s, expecting %s"); + YY_("syntax error, unexpected %s, expecting %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s"); + YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); +# endif + char *yyfmt; + char const *yyf; + static char const yyunexpected[] = "syntax error, unexpected %s"; + static char const yyexpecting[] = ", expecting %s"; + static char const yyor[] = " or %s"; + char yyformat[sizeof yyunexpected + + sizeof yyexpecting - 1 + + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) + * (sizeof yyor - 1))]; + char const *yyprefix = yyexpecting; + + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yycount = 1; + + yyarg[0] = yytname[yytype]; + yyfmt = yystpcpy (yyformat, yyunexpected); + + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) + { + if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) + { + yycount = 1; + yysize = yysize0; + yyformat[sizeof yyunexpected - 1] = '\0'; + break; + } + yyarg[yycount++] = yytname[yyx]; + yysize1 = yysize + yytnamerr (0, yytname[yyx]); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; + yyfmt = yystpcpy (yyfmt, yyprefix); + yyprefix = yyor; + } + + yyf = YY_(yyformat); + yysize1 = yysize + yystrlen (yyf); + yysize_overflow |= (yysize1 < yysize); + yysize = yysize1; + + if (yysize_overflow) + return YYSIZE_MAXIMUM; + + if (yyresult) + { + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + char *yyp = yyresult; + int yyi = 0; + while ((*yyp = *yyf) != '\0') + { + if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yyarg[yyi++]); + yyf += 2; + } + else + { + yyp++; + yyf++; + } + } + } + return yysize; + } +} +#endif /* YYERROR_VERBOSE */ + + +/*-----------------------------------------------. +| Release the memory associated to this symbol. | +`-----------------------------------------------*/ + +/*ARGSUSED*/ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +static void +yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) +#else +static void +yydestruct (yymsg, yytype, yyvaluep) + const char *yymsg; + int yytype; + YYSTYPE *yyvaluep; +#endif +{ + YYUSE (yyvaluep); + + if (!yymsg) + yymsg = "Deleting"; + YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + + switch (yytype) + { + + default: + break; + } +} + +/* Prevent warnings from -Wmissing-prototypes. */ +#ifdef YYPARSE_PARAM +#if defined __STDC__ || defined __cplusplus +int yyparse (void *YYPARSE_PARAM); +#else +int yyparse (); +#endif +#else /* ! YYPARSE_PARAM */ +#if defined __STDC__ || defined __cplusplus +int yyparse (void); +#else +int yyparse (); +#endif +#endif /* ! YYPARSE_PARAM */ + + +/* The lookahead symbol. */ +int yychar; + +/* The semantic value of the lookahead symbol. */ +YYSTYPE yylval; + +/* Number of syntax errors so far. */ +int yynerrs; + + + +/*-------------------------. +| yyparse or yypush_parse. | +`-------------------------*/ + +#ifdef YYPARSE_PARAM +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void *YYPARSE_PARAM) +#else +int +yyparse (YYPARSE_PARAM) + void *YYPARSE_PARAM; +#endif +#else /* ! YYPARSE_PARAM */ +#if (defined __STDC__ || defined __C99__FUNC__ \ + || defined __cplusplus || defined _MSC_VER) +int +yyparse (void) +#else +int +yyparse () + +#endif +#endif +{ + + + int yystate; + /* Number of tokens to shift before error messages enabled. */ + int yyerrstatus; + + /* The stacks and their tools: + `yyss': related to states. + `yyvs': related to semantic values. + + Refer to the stacks thru separate pointers, to allow yyoverflow + to reallocate them elsewhere. */ + + /* The state stack. */ + yytype_int16 yyssa[YYINITDEPTH]; + yytype_int16 *yyss; + yytype_int16 *yyssp; + + /* The semantic value stack. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs; + YYSTYPE *yyvsp; + + YYSIZE_T yystacksize; + + int yyn; + int yyresult; + /* Lookahead token as an internal (translated) token number. */ + int yytoken; + /* The variables used to return semantic value and location from the + action routines. */ + YYSTYPE yyval; + +#if YYERROR_VERBOSE + /* Buffer for error messages, and its allocated size. */ + char yymsgbuf[128]; + char *yymsg = yymsgbuf; + YYSIZE_T yymsg_alloc = sizeof yymsgbuf; +#endif + +#define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) + + /* The number of symbols on the RHS of the reduced rule. + Keep to zero when no symbol should be popped. */ + int yylen = 0; + + yytoken = 0; + yyss = yyssa; + yyvs = yyvsa; + yystacksize = YYINITDEPTH; + + YYDPRINTF ((stderr, "Starting parse\n")); + + yystate = 0; + yyerrstatus = 0; + yynerrs = 0; + yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + yyssp = yyss; + yyvsp = yyvs; + + goto yysetstate; + +/*------------------------------------------------------------. +| yynewstate -- Push a new state, which is found in yystate. | +`------------------------------------------------------------*/ + yynewstate: + /* In all cases, when you get here, the value and location stacks + have just been pushed. So pushing a state here evens the stacks. */ + yyssp++; + + yysetstate: + *yyssp = yystate; + + if (yyss + yystacksize - 1 <= yyssp) + { + /* Get the current used size of the three stacks, in elements. */ + YYSIZE_T yysize = yyssp - yyss + 1; + +#ifdef yyoverflow + { + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + YYSTYPE *yyvs1 = yyvs; + yytype_int16 *yyss1 = yyss; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * sizeof (*yyssp), + &yyvs1, yysize * sizeof (*yyvsp), + &yystacksize); + + yyss = yyss1; + yyvs = yyvs1; + } +#else /* no yyoverflow */ +# ifndef YYSTACK_RELOCATE + goto yyexhaustedlab; +# else + /* Extend the stack our own way. */ + if (YYMAXDEPTH <= yystacksize) + goto yyexhaustedlab; + yystacksize *= 2; + if (YYMAXDEPTH < yystacksize) + yystacksize = YYMAXDEPTH; + + { + yytype_int16 *yyss1 = yyss; + union yyalloc *yyptr = + (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); +# undef YYSTACK_RELOCATE + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); + } +# endif +#endif /* no yyoverflow */ + + yyssp = yyss + yysize - 1; + yyvsp = yyvs + yysize - 1; + + YYDPRINTF ((stderr, "Stack size increased to %lu\n", + (unsigned long int) yystacksize)); + + if (yyss + yystacksize - 1 <= yyssp) + YYABORT; + } + + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + + if (yystate == YYFINAL) + YYACCEPT; + + goto yybackup; + +/*-----------. +| yybackup. | +`-----------*/ +yybackup: + + /* Do appropriate processing given the current state. Read a + lookahead token if we need one and don't already have one. */ + + /* First try to decide what to do without reference to lookahead token. */ + yyn = yypact[yystate]; + if (yyn == YYPACT_NINF) + goto yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + if (yychar == YYEMPTY) + { + YYDPRINTF ((stderr, "Reading a token: ")); + yychar = YYLEX; + } + + if (yychar <= YYEOF) + { + yychar = yytoken = YYEOF; + YYDPRINTF ((stderr, "Now at end of input.\n")); + } + else + { + yytoken = YYTRANSLATE (yychar); + YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); + } + + /* If the proper action on seeing token YYTOKEN is to reduce or to + detect an error, take that action. */ + yyn += yytoken; + if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) + goto yydefault; + yyn = yytable[yyn]; + if (yyn <= 0) + { + if (yyn == 0 || yyn == YYTABLE_NINF) + goto yyerrlab; + yyn = -yyn; + goto yyreduce; + } + + /* Count tokens shifted since error; after three, turn off error + status. */ + if (yyerrstatus) + yyerrstatus--; + + /* Shift the lookahead token. */ + YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); + + /* Discard the shifted token. */ + yychar = YYEMPTY; + + yystate = yyn; + *++yyvsp = yylval; + + goto yynewstate; + + +/*-----------------------------------------------------------. +| yydefault -- do the default action for the current state. | +`-----------------------------------------------------------*/ +yydefault: + yyn = yydefact[yystate]; + if (yyn == 0) + goto yyerrlab; + goto yyreduce; + + +/*-----------------------------. +| yyreduce -- Do a reduction. | +`-----------------------------*/ +yyreduce: + /* yyn is the number of a rule to reduce with. */ + yylen = yyr2[yyn]; + + /* If YYLEN is nonzero, implement the default value of the action: + `$$ = $1'. + + Otherwise, the following line sets YYVAL to garbage. + This behavior is undocumented and Bison + users should not rely upon it. Assigning to YYVAL + unconditionally makes the parser a bit smaller, and it avoids a + GCC warning that YYVAL may be used uninitialized. */ + yyval = yyvsp[1-yylen]; + + + YY_REDUCE_PRINT (yyn); + switch (yyn) + { + case 4: + +/* Line 1455 of yacc.c */ +#line 202 "getdate.y" + { + yyHaveTime++; + ;} + break; + + case 5: + +/* Line 1455 of yacc.c */ +#line 205 "getdate.y" + { + yyHaveZone++; + ;} + break; + + case 6: + +/* Line 1455 of yacc.c */ +#line 208 "getdate.y" + { + yyHaveDate++; + ;} + break; + + case 7: + +/* Line 1455 of yacc.c */ +#line 211 "getdate.y" + { + yyHaveDay++; + ;} + break; + + case 8: + +/* Line 1455 of yacc.c */ +#line 214 "getdate.y" + { + yyHaveRel++; + ;} + break; + + case 10: + +/* Line 1455 of yacc.c */ +#line 220 "getdate.y" + { + yyHour = (yyvsp[(1) - (2)].Number); + yyMinutes = 0; + yySeconds = 0; + yyMeridian = (yyvsp[(2) - (2)].Meridian); + ;} + break; + + case 11: + +/* Line 1455 of yacc.c */ +#line 226 "getdate.y" + { + yyHour = (yyvsp[(1) - (4)].Number); + yyMinutes = (yyvsp[(3) - (4)].Number); + yySeconds = 0; + yyMeridian = (yyvsp[(4) - (4)].Meridian); + ;} + break; + + case 12: + +/* Line 1455 of yacc.c */ +#line 232 "getdate.y" + { + yyHour = (yyvsp[(1) - (4)].Number); + yyMinutes = (yyvsp[(3) - (4)].Number); + yyMeridian = MER24; + yyHaveZone++; + yyTimezone = ((yyvsp[(4) - (4)].Number) < 0 + ? -(yyvsp[(4) - (4)].Number) % 100 + (-(yyvsp[(4) - (4)].Number) / 100) * 60 + : - ((yyvsp[(4) - (4)].Number) % 100 + ((yyvsp[(4) - (4)].Number) / 100) * 60)); + ;} + break; + + case 13: + +/* Line 1455 of yacc.c */ +#line 241 "getdate.y" + { + yyHour = (yyvsp[(1) - (6)].Number); + yyMinutes = (yyvsp[(3) - (6)].Number); + yySeconds = (yyvsp[(5) - (6)].Number); + yyMeridian = (yyvsp[(6) - (6)].Meridian); + ;} + break; + + case 14: + +/* Line 1455 of yacc.c */ +#line 247 "getdate.y" + { + yyHour = (yyvsp[(1) - (6)].Number); + yyMinutes = (yyvsp[(3) - (6)].Number); + yySeconds = (yyvsp[(5) - (6)].Number); + yyMeridian = MER24; + yyHaveZone++; + yyTimezone = ((yyvsp[(6) - (6)].Number) < 0 + ? -(yyvsp[(6) - (6)].Number) % 100 + (-(yyvsp[(6) - (6)].Number) / 100) * 60 + : - ((yyvsp[(6) - (6)].Number) % 100 + ((yyvsp[(6) - (6)].Number) / 100) * 60)); + ;} + break; + + case 15: + +/* Line 1455 of yacc.c */ +#line 259 "getdate.y" + { + yyTimezone = (yyvsp[(1) - (1)].Number); + ;} + break; + + case 16: + +/* Line 1455 of yacc.c */ +#line 262 "getdate.y" + { + yyTimezone = (yyvsp[(1) - (1)].Number) - 60; + ;} + break; + + case 17: + +/* Line 1455 of yacc.c */ +#line 266 "getdate.y" + { + yyTimezone = (yyvsp[(1) - (2)].Number) - 60; + ;} + break; + + case 18: + +/* Line 1455 of yacc.c */ +#line 271 "getdate.y" + { + yyDayOrdinal = 1; + yyDayNumber = (yyvsp[(1) - (1)].Number); + ;} + break; + + case 19: + +/* Line 1455 of yacc.c */ +#line 275 "getdate.y" + { + yyDayOrdinal = 1; + yyDayNumber = (yyvsp[(1) - (2)].Number); + ;} + break; + + case 20: + +/* Line 1455 of yacc.c */ +#line 279 "getdate.y" + { + yyDayOrdinal = (yyvsp[(1) - (2)].Number); + yyDayNumber = (yyvsp[(2) - (2)].Number); + ;} + break; + + case 21: + +/* Line 1455 of yacc.c */ +#line 285 "getdate.y" + { + yyMonth = (yyvsp[(1) - (3)].Number); + yyDay = (yyvsp[(3) - (3)].Number); + ;} + break; + + case 22: + +/* Line 1455 of yacc.c */ +#line 289 "getdate.y" + { + /* Interpret as YYYY/MM/DD if $1 >= 1000, otherwise as MM/DD/YY. + The goal in recognizing YYYY/MM/DD is solely to support legacy + machine-generated dates like those in an RCS log listing. If + you want portability, use the ISO 8601 format. */ + if ((yyvsp[(1) - (5)].Number) >= 1000) + { + yyYear = (yyvsp[(1) - (5)].Number); + yyMonth = (yyvsp[(3) - (5)].Number); + yyDay = (yyvsp[(5) - (5)].Number); + } + else + { + yyMonth = (yyvsp[(1) - (5)].Number); + yyDay = (yyvsp[(3) - (5)].Number); + yyYear = (yyvsp[(5) - (5)].Number); + } + ;} + break; + + case 23: + +/* Line 1455 of yacc.c */ +#line 307 "getdate.y" + { + /* ISO 8601 format. yyyy-mm-dd. */ + yyYear = (yyvsp[(1) - (3)].Number); + yyMonth = -(yyvsp[(2) - (3)].Number); + yyDay = -(yyvsp[(3) - (3)].Number); + ;} + break; + + case 24: + +/* Line 1455 of yacc.c */ +#line 313 "getdate.y" + { + /* e.g. 17-JUN-1992. */ + yyDay = (yyvsp[(1) - (3)].Number); + yyMonth = (yyvsp[(2) - (3)].Number); + yyYear = -(yyvsp[(3) - (3)].Number); + ;} + break; + + case 25: + +/* Line 1455 of yacc.c */ +#line 319 "getdate.y" + { + yyMonth = (yyvsp[(1) - (2)].Number); + yyDay = (yyvsp[(2) - (2)].Number); + ;} + break; + + case 26: + +/* Line 1455 of yacc.c */ +#line 323 "getdate.y" + { + yyMonth = (yyvsp[(1) - (4)].Number); + yyDay = (yyvsp[(2) - (4)].Number); + yyYear = (yyvsp[(4) - (4)].Number); + ;} + break; + + case 27: + +/* Line 1455 of yacc.c */ +#line 328 "getdate.y" + { + yyMonth = (yyvsp[(2) - (2)].Number); + yyDay = (yyvsp[(1) - (2)].Number); + ;} + break; + + case 28: + +/* Line 1455 of yacc.c */ +#line 332 "getdate.y" + { + yyMonth = (yyvsp[(2) - (3)].Number); + yyDay = (yyvsp[(1) - (3)].Number); + yyYear = (yyvsp[(3) - (3)].Number); + ;} + break; + + case 29: + +/* Line 1455 of yacc.c */ +#line 339 "getdate.y" + { + yyRelSeconds = -yyRelSeconds; + yyRelMinutes = -yyRelMinutes; + yyRelHour = -yyRelHour; + yyRelDay = -yyRelDay; + yyRelMonth = -yyRelMonth; + yyRelYear = -yyRelYear; + ;} + break; + + case 31: + +/* Line 1455 of yacc.c */ +#line 350 "getdate.y" + { + yyRelYear += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 32: + +/* Line 1455 of yacc.c */ +#line 353 "getdate.y" + { + yyRelYear += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 33: + +/* Line 1455 of yacc.c */ +#line 356 "getdate.y" + { + yyRelYear += (yyvsp[(1) - (1)].Number); + ;} + break; + + case 34: + +/* Line 1455 of yacc.c */ +#line 359 "getdate.y" + { + yyRelMonth += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 35: + +/* Line 1455 of yacc.c */ +#line 362 "getdate.y" + { + yyRelMonth += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 36: + +/* Line 1455 of yacc.c */ +#line 365 "getdate.y" + { + yyRelMonth += (yyvsp[(1) - (1)].Number); + ;} + break; + + case 37: + +/* Line 1455 of yacc.c */ +#line 368 "getdate.y" + { + yyRelDay += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 38: + +/* Line 1455 of yacc.c */ +#line 371 "getdate.y" + { + yyRelDay += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 39: + +/* Line 1455 of yacc.c */ +#line 374 "getdate.y" + { + yyRelDay += (yyvsp[(1) - (1)].Number); + ;} + break; + + case 40: + +/* Line 1455 of yacc.c */ +#line 377 "getdate.y" + { + yyRelHour += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 41: + +/* Line 1455 of yacc.c */ +#line 380 "getdate.y" + { + yyRelHour += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 42: + +/* Line 1455 of yacc.c */ +#line 383 "getdate.y" + { + yyRelHour += (yyvsp[(1) - (1)].Number); + ;} + break; + + case 43: + +/* Line 1455 of yacc.c */ +#line 386 "getdate.y" + { + yyRelMinutes += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 44: + +/* Line 1455 of yacc.c */ +#line 389 "getdate.y" + { + yyRelMinutes += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 45: + +/* Line 1455 of yacc.c */ +#line 392 "getdate.y" + { + yyRelMinutes += (yyvsp[(1) - (1)].Number); + ;} + break; + + case 46: + +/* Line 1455 of yacc.c */ +#line 395 "getdate.y" + { + yyRelSeconds += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 47: + +/* Line 1455 of yacc.c */ +#line 398 "getdate.y" + { + yyRelSeconds += (yyvsp[(1) - (2)].Number) * (yyvsp[(2) - (2)].Number); + ;} + break; + + case 48: + +/* Line 1455 of yacc.c */ +#line 401 "getdate.y" + { + yyRelSeconds += (yyvsp[(1) - (1)].Number); + ;} + break; + + case 49: + +/* Line 1455 of yacc.c */ +#line 407 "getdate.y" + { + if (yyHaveTime && yyHaveDate && !yyHaveRel) + yyYear = (yyvsp[(1) - (1)].Number); + else + { + if ((yyvsp[(1) - (1)].Number)>10000) + { + yyHaveDate++; + yyDay= ((yyvsp[(1) - (1)].Number))%100; + yyMonth= ((yyvsp[(1) - (1)].Number)/100)%100; + yyYear = (yyvsp[(1) - (1)].Number)/10000; + } + else + { + yyHaveTime++; + if ((yyvsp[(1) - (1)].Number) < 100) + { + yyHour = (yyvsp[(1) - (1)].Number); + yyMinutes = 0; + } + else + { + yyHour = (yyvsp[(1) - (1)].Number) / 100; + yyMinutes = (yyvsp[(1) - (1)].Number) % 100; + } + yySeconds = 0; + yyMeridian = MER24; + } + } + ;} + break; + + case 50: + +/* Line 1455 of yacc.c */ +#line 440 "getdate.y" + { + (yyval.Meridian) = MER24; + ;} + break; + + case 51: + +/* Line 1455 of yacc.c */ +#line 444 "getdate.y" + { + (yyval.Meridian) = (yyvsp[(1) - (1)].Meridian); + ;} + break; + + + +/* Line 1455 of yacc.c */ +#line 2073 "getdate.c" + default: break; + } + YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + + *++yyvsp = yyval; + + /* Now `shift' the result of the reduction. Determine what state + that goes to, based on the state we popped back to and the rule + number reduced by. */ + + yyn = yyr1[yyn]; + + yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; + if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) + yystate = yytable[yystate]; + else + yystate = yydefgoto[yyn - YYNTOKENS]; + + goto yynewstate; + + +/*------------------------------------. +| yyerrlab -- here on detecting error | +`------------------------------------*/ +yyerrlab: + /* If not already recovering from an error, report this error. */ + if (!yyerrstatus) + { + ++yynerrs; +#if ! YYERROR_VERBOSE + yyerror (YY_("syntax error")); +#else + { + YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); + if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) + { + YYSIZE_T yyalloc = 2 * yysize; + if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) + yyalloc = YYSTACK_ALLOC_MAXIMUM; + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = (char *) YYSTACK_ALLOC (yyalloc); + if (yymsg) + yymsg_alloc = yyalloc; + else + { + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; + } + } + + if (0 < yysize && yysize <= yymsg_alloc) + { + (void) yysyntax_error (yymsg, yystate, yychar); + yyerror (yymsg); + } + else + { + yyerror (YY_("syntax error")); + if (yysize != 0) + goto yyexhaustedlab; + } + } +#endif + } + + + + if (yyerrstatus == 3) + { + /* If just tried and failed to reuse lookahead token after an + error, discard it. */ + + if (yychar <= YYEOF) + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } + else + { + yydestruct ("Error: discarding", + yytoken, &yylval); + yychar = YYEMPTY; + } + } + + /* Else will try to reuse lookahead token after shifting the error + token. */ + goto yyerrlab1; + + +/*---------------------------------------------------. +| yyerrorlab -- error raised explicitly by YYERROR. | +`---------------------------------------------------*/ +yyerrorlab: + + /* Pacify compilers like GCC when the user code never invokes + YYERROR and the label yyerrorlab therefore never appears in user + code. */ + if (/*CONSTCOND*/ 0) + goto yyerrorlab; + + /* Do not reclaim the symbols of the rule which action triggered + this YYERROR. */ + YYPOPSTACK (yylen); + yylen = 0; + YY_STACK_PRINT (yyss, yyssp); + yystate = *yyssp; + goto yyerrlab1; + + +/*-------------------------------------------------------------. +| yyerrlab1 -- common code for both syntax error and YYERROR. | +`-------------------------------------------------------------*/ +yyerrlab1: + yyerrstatus = 3; /* Each real token shifted decrements this. */ + + for (;;) + { + yyn = yypact[yystate]; + if (yyn != YYPACT_NINF) + { + yyn += YYTERROR; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } + + /* Pop the current state because it cannot handle the error token. */ + if (yyssp == yyss) + YYABORT; + + + yydestruct ("Error: popping", + yystos[yystate], yyvsp); + YYPOPSTACK (1); + yystate = *yyssp; + YY_STACK_PRINT (yyss, yyssp); + } + + *++yyvsp = yylval; + + + /* Shift the error token. */ + YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + + yystate = yyn; + goto yynewstate; + + +/*-------------------------------------. +| yyacceptlab -- YYACCEPT comes here. | +`-------------------------------------*/ +yyacceptlab: + yyresult = 0; + goto yyreturn; + +/*-----------------------------------. +| yyabortlab -- YYABORT comes here. | +`-----------------------------------*/ +yyabortlab: + yyresult = 1; + goto yyreturn; + +#if !defined(yyoverflow) || YYERROR_VERBOSE +/*-------------------------------------------------. +| yyexhaustedlab -- memory exhaustion comes here. | +`-------------------------------------------------*/ +yyexhaustedlab: + yyerror (YY_("memory exhausted")); + yyresult = 2; + /* Fall through. */ +#endif + +yyreturn: + if (yychar != YYEMPTY) + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + /* Do not reclaim the symbols of the rule which action triggered + this YYABORT or YYACCEPT. */ + YYPOPSTACK (yylen); + YY_STACK_PRINT (yyss, yyssp); + while (yyssp != yyss) + { + yydestruct ("Cleanup: popping", + yystos[*yyssp], yyvsp); + YYPOPSTACK (1); + } +#ifndef yyoverflow + if (yyss != yyssa) + YYSTACK_FREE (yyss); +#endif +#if YYERROR_VERBOSE + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); +#endif + /* Make sure YYID is used. */ + return YYID (yyresult); +} + + + +/* Line 1675 of yacc.c */ +#line 449 "getdate.y" + + +/* Include this file down here because bison inserts code above which + may define-away `const'. We want the prototype for get_date to have + the same signature as the function definition does. */ +#include "getdate.h" + +extern struct tm *gmtime (); +extern struct tm *localtime (); +extern time_t mktime (); + +/* Month and day table. */ +static TABLE const MonthDayTable[] = { + { "january", tMONTH, 1 }, + { "february", tMONTH, 2 }, + { "march", tMONTH, 3 }, + { "april", tMONTH, 4 }, + { "may", tMONTH, 5 }, + { "june", tMONTH, 6 }, + { "july", tMONTH, 7 }, + { "august", tMONTH, 8 }, + { "september", tMONTH, 9 }, + { "sept", tMONTH, 9 }, + { "october", tMONTH, 10 }, + { "november", tMONTH, 11 }, + { "december", tMONTH, 12 }, + { "sunday", tDAY, 0 }, + { "monday", tDAY, 1 }, + { "tuesday", tDAY, 2 }, + { "tues", tDAY, 2 }, + { "wednesday", tDAY, 3 }, + { "wednes", tDAY, 3 }, + { "thursday", tDAY, 4 }, + { "thur", tDAY, 4 }, + { "thurs", tDAY, 4 }, + { "friday", tDAY, 5 }, + { "saturday", tDAY, 6 }, + { NULL, 0, 0 } +}; + +/* Time units table. */ +static TABLE const UnitsTable[] = { + { "year", tYEAR_UNIT, 1 }, + { "month", tMONTH_UNIT, 1 }, + { "fortnight", tDAY_UNIT, 14 }, + { "week", tDAY_UNIT, 7 }, + { "day", tDAY_UNIT, 1 }, + { "hour", tHOUR_UNIT, 1 }, + { "minute", tMINUTE_UNIT, 1 }, + { "min", tMINUTE_UNIT, 1 }, + { "second", tSEC_UNIT, 1 }, + { "sec", tSEC_UNIT, 1 }, + { NULL, 0, 0 } +}; + +/* Assorted relative-time words. */ +static TABLE const OtherTable[] = { + { "tomorrow", tMINUTE_UNIT, 1 * 24 * 60 }, + { "yesterday", tMINUTE_UNIT, -1 * 24 * 60 }, + { "today", tMINUTE_UNIT, 0 }, + { "now", tMINUTE_UNIT, 0 }, + { "last", tUNUMBER, -1 }, + { "this", tMINUTE_UNIT, 0 }, + { "next", tUNUMBER, 1 }, + { "first", tUNUMBER, 1 }, +/* { "second", tUNUMBER, 2 }, */ + { "third", tUNUMBER, 3 }, + { "fourth", tUNUMBER, 4 }, + { "fifth", tUNUMBER, 5 }, + { "sixth", tUNUMBER, 6 }, + { "seventh", tUNUMBER, 7 }, + { "eighth", tUNUMBER, 8 }, + { "ninth", tUNUMBER, 9 }, + { "tenth", tUNUMBER, 10 }, + { "eleventh", tUNUMBER, 11 }, + { "twelfth", tUNUMBER, 12 }, + { "ago", tAGO, 1 }, + { NULL, 0, 0 } +}; + +/* The timezone table. */ +static TABLE const TimezoneTable[] = { + { "gmt", tZONE, HOUR ( 0) }, /* Greenwich Mean */ + { "ut", tZONE, HOUR ( 0) }, /* Universal (Coordinated) */ + { "utc", tZONE, HOUR ( 0) }, + { "wet", tZONE, HOUR ( 0) }, /* Western European */ + { "bst", tDAYZONE, HOUR ( 0) }, /* British Summer */ + { "wat", tZONE, HOUR ( 1) }, /* West Africa */ + { "at", tZONE, HOUR ( 2) }, /* Azores */ +#if 0 + /* For completeness. BST is also British Summer, and GST is + * also Guam Standard. */ + { "bst", tZONE, HOUR ( 3) }, /* Brazil Standard */ + { "gst", tZONE, HOUR ( 3) }, /* Greenland Standard */ +#endif +#if 0 + { "nft", tZONE, HOUR (3.5) }, /* Newfoundland */ + { "nst", tZONE, HOUR (3.5) }, /* Newfoundland Standard */ + { "ndt", tDAYZONE, HOUR (3.5) }, /* Newfoundland Daylight */ +#endif + { "ast", tZONE, HOUR ( 4) }, /* Atlantic Standard */ + { "adt", tDAYZONE, HOUR ( 4) }, /* Atlantic Daylight */ + { "est", tZONE, HOUR ( 5) }, /* Eastern Standard */ + { "edt", tDAYZONE, HOUR ( 5) }, /* Eastern Daylight */ + { "cst", tZONE, HOUR ( 6) }, /* Central Standard */ + { "cdt", tDAYZONE, HOUR ( 6) }, /* Central Daylight */ + { "mst", tZONE, HOUR ( 7) }, /* Mountain Standard */ + { "mdt", tDAYZONE, HOUR ( 7) }, /* Mountain Daylight */ + { "pst", tZONE, HOUR ( 8) }, /* Pacific Standard */ + { "pdt", tDAYZONE, HOUR ( 8) }, /* Pacific Daylight */ + { "yst", tZONE, HOUR ( 9) }, /* Yukon Standard */ + { "ydt", tDAYZONE, HOUR ( 9) }, /* Yukon Daylight */ + { "hst", tZONE, HOUR (10) }, /* Hawaii Standard */ + { "hdt", tDAYZONE, HOUR (10) }, /* Hawaii Daylight */ + { "cat", tZONE, HOUR (10) }, /* Central Alaska */ + { "ahst", tZONE, HOUR (10) }, /* Alaska-Hawaii Standard */ + { "nt", tZONE, HOUR (11) }, /* Nome */ + { "idlw", tZONE, HOUR (12) }, /* International Date Line West */ + { "cet", tZONE, -HOUR (1) }, /* Central European */ + { "met", tZONE, -HOUR (1) }, /* Middle European */ + { "mewt", tZONE, -HOUR (1) }, /* Middle European Winter */ + { "mest", tDAYZONE, -HOUR (1) }, /* Middle European Summer */ + { "mesz", tDAYZONE, -HOUR (1) }, /* Middle European Summer */ + { "swt", tZONE, -HOUR (1) }, /* Swedish Winter */ + { "sst", tDAYZONE, -HOUR (1) }, /* Swedish Summer */ + { "fwt", tZONE, -HOUR (1) }, /* French Winter */ + { "fst", tDAYZONE, -HOUR (1) }, /* French Summer */ + { "eet", tZONE, -HOUR (2) }, /* Eastern Europe, USSR Zone 1 */ + { "bt", tZONE, -HOUR (3) }, /* Baghdad, USSR Zone 2 */ +#if 0 + { "it", tZONE, -HOUR (3.5) },/* Iran */ +#endif + { "zp4", tZONE, -HOUR (4) }, /* USSR Zone 3 */ + { "zp5", tZONE, -HOUR (5) }, /* USSR Zone 4 */ +#if 0 + { "ist", tZONE, -HOUR (5.5) },/* Indian Standard */ +#endif + { "zp6", tZONE, -HOUR (6) }, /* USSR Zone 5 */ +#if 0 + /* For completeness. NST is also Newfoundland Standard, and SST is + * also Swedish Summer. */ + { "nst", tZONE, -HOUR (6.5) },/* North Sumatra */ + { "sst", tZONE, -HOUR (7) }, /* South Sumatra, USSR Zone 6 */ +#endif /* 0 */ + { "wast", tZONE, -HOUR (7) }, /* West Australian Standard */ + { "wadt", tDAYZONE, -HOUR (7) }, /* West Australian Daylight */ +#if 0 + { "jt", tZONE, -HOUR (7.5) },/* Java (3pm in Cronusland!) */ +#endif + { "cct", tZONE, -HOUR (8) }, /* China Coast, USSR Zone 7 */ + { "jst", tZONE, -HOUR (9) }, /* Japan Standard, USSR Zone 8 */ +#if 0 + { "cast", tZONE, -HOUR (9.5) },/* Central Australian Standard */ + { "cadt", tDAYZONE, -HOUR (9.5) },/* Central Australian Daylight */ +#endif + { "east", tZONE, -HOUR (10) }, /* Eastern Australian Standard */ + { "eadt", tDAYZONE, -HOUR (10) }, /* Eastern Australian Daylight */ + { "gst", tZONE, -HOUR (10) }, /* Guam Standard, USSR Zone 9 */ + { "nzt", tZONE, -HOUR (12) }, /* New Zealand */ + { "nzst", tZONE, -HOUR (12) }, /* New Zealand Standard */ + { "nzdt", tDAYZONE, -HOUR (12) }, /* New Zealand Daylight */ + { "idle", tZONE, -HOUR (12) }, /* International Date Line East */ + { NULL, 0, 0 } +}; + +/* Military timezone table. */ +static TABLE const MilitaryTable[] = { + { "a", tZONE, HOUR ( 1) }, + { "b", tZONE, HOUR ( 2) }, + { "c", tZONE, HOUR ( 3) }, + { "d", tZONE, HOUR ( 4) }, + { "e", tZONE, HOUR ( 5) }, + { "f", tZONE, HOUR ( 6) }, + { "g", tZONE, HOUR ( 7) }, + { "h", tZONE, HOUR ( 8) }, + { "i", tZONE, HOUR ( 9) }, + { "k", tZONE, HOUR ( 10) }, + { "l", tZONE, HOUR ( 11) }, + { "m", tZONE, HOUR ( 12) }, + { "n", tZONE, HOUR (- 1) }, + { "o", tZONE, HOUR (- 2) }, + { "p", tZONE, HOUR (- 3) }, + { "q", tZONE, HOUR (- 4) }, + { "r", tZONE, HOUR (- 5) }, + { "s", tZONE, HOUR (- 6) }, + { "t", tZONE, HOUR (- 7) }, + { "u", tZONE, HOUR (- 8) }, + { "v", tZONE, HOUR (- 9) }, + { "w", tZONE, HOUR (-10) }, + { "x", tZONE, HOUR (-11) }, + { "y", tZONE, HOUR (-12) }, + { "z", tZONE, HOUR ( 0) }, + { NULL, 0, 0 } +}; + + + + +/* ARGSUSED */ +static int +yyerror (s) + char *s ATTRIBUTE_UNUSED; +{ + return 0; +} + +static int +ToHour (Hours, Meridian) + int Hours; + MERIDIAN Meridian; +{ + switch (Meridian) + { + case MER24: + if (Hours < 0 || Hours > 23) + return -1; + return Hours; + case MERam: + if (Hours < 1 || Hours > 12) + return -1; + if (Hours == 12) + Hours = 0; + return Hours; + case MERpm: + if (Hours < 1 || Hours > 12) + return -1; + if (Hours == 12) + Hours = 0; + return Hours + 12; + default: + abort (); + } + /* NOTREACHED */ +} + +static int +ToYear (Year) + int Year; +{ + if (Year < 0) + Year = -Year; + + /* XPG4 suggests that years 00-68 map to 2000-2068, and + years 69-99 map to 1969-1999. */ + if (Year < 69) + Year += 2000; + else if (Year < 100) + Year += 1900; + + return Year; +} + +static int +LookupWord (buff) + char *buff; +{ + register char *p; + register char *q; + register const TABLE *tp; + int i; + int abbrev; + + /* Make it lowercase. */ + for (p = buff; *p; p++) + if (ISUPPER ((unsigned char) *p)) + *p = tolower (*p); + + if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0) + { + yylval.Meridian = MERam; + return tMERIDIAN; + } + if (strcmp (buff, "pm") == 0 || strcmp (buff, "p.m.") == 0) + { + yylval.Meridian = MERpm; + return tMERIDIAN; + } + + /* See if we have an abbreviation for a month. */ + if (strlen (buff) == 3) + abbrev = 1; + else if (strlen (buff) == 4 && buff[3] == '.') + { + abbrev = 1; + buff[3] = '\0'; + } + else + abbrev = 0; + + for (tp = MonthDayTable; tp->name; tp++) + { + if (abbrev) + { + if (strncmp (buff, tp->name, 3) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + } + else if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + } + + for (tp = TimezoneTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + if (strcmp (buff, "dst") == 0) + return tDST; + + for (tp = UnitsTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + /* Strip off any plural and try the units table again. */ + i = strlen (buff) - 1; + if (buff[i] == 's') + { + buff[i] = '\0'; + for (tp = UnitsTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + buff[i] = 's'; /* Put back for "this" in OtherTable. */ + } + + for (tp = OtherTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + /* Military timezones. */ + if (buff[1] == '\0' && ISALPHA ((unsigned char) *buff)) + { + for (tp = MilitaryTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + } + + /* Drop out any periods and try the timezone table again. */ + for (i = 0, p = q = buff; *q; q++) + if (*q != '.') + *p++ = *q; + else + i++; + *p = '\0'; + if (i) + for (tp = TimezoneTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + return tID; +} + +static int +yylex () +{ + register unsigned char c; + register char *p; + char buff[20]; + int Count; + int sign; + + for (;;) + { + while (ISSPACE ((unsigned char) *yyInput)) + yyInput++; + + if (ISDIGIT (c = *yyInput) || c == '-' || c == '+') + { + if (c == '-' || c == '+') + { + sign = c == '-' ? -1 : 1; + if (!ISDIGIT (*++yyInput)) + /* skip the '-' sign */ + continue; + } + else + sign = 0; + for (yylval.Number = 0; ISDIGIT (c = *yyInput++);) + yylval.Number = 10 * yylval.Number + c - '0'; + yyInput--; + if (sign < 0) + yylval.Number = -yylval.Number; + return sign ? tSNUMBER : tUNUMBER; + } + if (ISALPHA (c)) + { + for (p = buff; (c = *yyInput++, ISALPHA (c)) || c == '.';) + if (p < &buff[sizeof buff - 1]) + *p++ = c; + *p = '\0'; + yyInput--; + return LookupWord (buff); + } + if (c != '(') + return *yyInput++; + Count = 0; + do + { + c = *yyInput++; + if (c == '\0') + return c; + if (c == '(') + Count++; + else if (c == ')') + Count--; + } + while (Count > 0); + } +} + +#define TM_YEAR_ORIGIN 1900 + +/* Yield A - B, measured in seconds. */ +static long +difftm (struct tm *a, struct tm *b) +{ + int ay = a->tm_year + (TM_YEAR_ORIGIN - 1); + int by = b->tm_year + (TM_YEAR_ORIGIN - 1); + long days = ( + /* difference in day of year */ + a->tm_yday - b->tm_yday + /* + intervening leap days */ + + ((ay >> 2) - (by >> 2)) + - (ay / 100 - by / 100) + + ((ay / 100 >> 2) - (by / 100 >> 2)) + /* + difference in years * 365 */ + + (long) (ay - by) * 365 + ); + return (60 * (60 * (24 * days + (a->tm_hour - b->tm_hour)) + + (a->tm_min - b->tm_min)) + + (a->tm_sec - b->tm_sec)); +} + +time_t +get_date (const char *p, const time_t *now) +{ + struct tm tm, tm0, *tmp; + time_t Start; + + yyInput = p; + Start = now ? *now : time ((time_t *) NULL); + tmp = localtime (&Start); + if (!tmp) + return -1; + yyYear = tmp->tm_year + TM_YEAR_ORIGIN; + yyMonth = tmp->tm_mon + 1; + yyDay = tmp->tm_mday; + yyHour = tmp->tm_hour; + yyMinutes = tmp->tm_min; + yySeconds = tmp->tm_sec; + tm.tm_isdst = tmp->tm_isdst; + yyMeridian = MER24; + yyRelSeconds = 0; + yyRelMinutes = 0; + yyRelHour = 0; + yyRelDay = 0; + yyRelMonth = 0; + yyRelYear = 0; + yyHaveDate = 0; + yyHaveDay = 0; + yyHaveRel = 0; + yyHaveTime = 0; + yyHaveZone = 0; + + if (yyparse () + || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1) + return -1; + + tm.tm_year = ToYear (yyYear) - TM_YEAR_ORIGIN + yyRelYear; + tm.tm_mon = yyMonth - 1 + yyRelMonth; + tm.tm_mday = yyDay + yyRelDay; + if (yyHaveTime || (yyHaveRel && !yyHaveDate && !yyHaveDay)) + { + tm.tm_hour = ToHour (yyHour, yyMeridian); + if (tm.tm_hour < 0) + return -1; + tm.tm_min = yyMinutes; + tm.tm_sec = yySeconds; + } + else + { + tm.tm_hour = tm.tm_min = tm.tm_sec = 0; + } + tm.tm_hour += yyRelHour; + tm.tm_min += yyRelMinutes; + tm.tm_sec += yyRelSeconds; + + /* Let mktime deduce tm_isdst if we have an absolute timestamp, + or if the relative timestamp mentions days, months, or years. */ + if (yyHaveDate | yyHaveDay | yyHaveTime | yyRelDay | yyRelMonth | yyRelYear) + tm.tm_isdst = -1; + + tm0 = tm; + + Start = mktime (&tm); + + if (Start == (time_t) -1) + { + + /* Guard against falsely reporting errors near the time_t boundaries + when parsing times in other time zones. For example, if the min + time_t value is 1970-01-01 00:00:00 UTC and we are 8 hours ahead + of UTC, then the min localtime value is 1970-01-01 08:00:00; if + we apply mktime to 1970-01-01 00:00:00 we will get an error, so + we apply mktime to 1970-01-02 08:00:00 instead and adjust the time + zone by 24 hours to compensate. This algorithm assumes that + there is no DST transition within a day of the time_t boundaries. */ + if (yyHaveZone) + { + tm = tm0; + if (tm.tm_year <= EPOCH - TM_YEAR_ORIGIN) + { + tm.tm_mday++; + yyTimezone -= 24 * 60; + } + else + { + tm.tm_mday--; + yyTimezone += 24 * 60; + } + Start = mktime (&tm); + } + + if (Start == (time_t) -1) + return Start; + } + + if (yyHaveDay && !yyHaveDate) + { + tm.tm_mday += ((yyDayNumber - tm.tm_wday + 7) % 7 + + 7 * (yyDayOrdinal - (0 < yyDayOrdinal))); + Start = mktime (&tm); + if (Start == (time_t) -1) + return Start; + } + + if (yyHaveZone) + { + long delta; + struct tm *gmt = gmtime (&Start); + if (!gmt) + return -1; + delta = yyTimezone * 60L + difftm (&tm, gmt); + if ((Start + delta < Start) != (delta < 0)) + return -1; /* time_t overflow */ + Start += delta; + } + + return Start; +} + +#if defined (TEST) + +/* ARGSUSED */ +int +main (ac, av) + int ac; + char *av[]; +{ + char buff[MAX_BUFF_LEN + 1]; + time_t d; + + (void) printf ("Enter date, or blank line to exit.\n\t> "); + (void) fflush (stdout); + + buff[MAX_BUFF_LEN] = 0; + while (fgets (buff, MAX_BUFF_LEN, stdin) && buff[0]) + { + d = get_date (buff, (time_t *) NULL); + if (d == -1) + (void) printf ("Bad format - couldn't convert.\n"); + else + (void) printf ("%s", ctime (&d)); + (void) printf ("\t> "); + (void) fflush (stdout); + } + exit (0); + /* NOTREACHED */ +} +#endif /* defined (TEST) */ + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/getdate.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/getdate.h --- atmark-dist-20150618/user/chrony/chrony-1.30/getdate.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/getdate.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,28 @@ +/* Copyright (C) 1995 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ + +/* Modified from the original to add stdlib.h and string.h */ + +#ifndef GOT_GETDATE_H +#define GOT_GETDATE_H + +#include +#include +#include + +time_t get_date (const char *p, const time_t *now); + +#endif /* GOT_GETDATE_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/getdate.y atmark-dist-20150618_chrony/user/chrony/chrony-1.30/getdate.y --- atmark-dist-20150618/user/chrony/chrony-1.30/getdate.y 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/getdate.y 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,1049 @@ +%{ +/* +** Originally written by Steven M. Bellovin while +** at the University of North Carolina at Chapel Hill. Later tweaked by +** a couple of people on Usenet. Completely overhauled by Rich $alz +** and Jim Berets in August, 1990. +** +** This code is in the public domain and has no copyright. +*/ + +#ifdef HAVE_CONFIG_H +# include +# ifdef HAVE_ALLOCA_H +# include +# endif +#endif + +/* Since the code of getdate.y is not included in the Emacs executable + itself, there is no need to #define static in this file. Even if + the code were included in the Emacs executable, it probably + wouldn't do any harm to #undef it here; this will only cause + problems if we try to write to a static variable, which I don't + think this code needs to do. */ +#ifdef emacs +# undef static +#endif + +#include +#include + +#if HAVE_STDLIB_H +# include /* for `free'; used by Bison 1.27 */ +#endif + +#if defined (STDC_HEADERS) || (!defined (isascii) && !defined (HAVE_ISASCII)) +# define IN_CTYPE_DOMAIN(c) 1 +#else +# define IN_CTYPE_DOMAIN(c) isascii(c) +#endif + +#define ISSPACE(c) (IN_CTYPE_DOMAIN (c) && isspace (c)) +#define ISALPHA(c) (IN_CTYPE_DOMAIN (c) && isalpha (c)) +#define ISUPPER(c) (IN_CTYPE_DOMAIN (c) && isupper (c)) +#define ISDIGIT_LOCALE(c) (IN_CTYPE_DOMAIN (c) && isdigit (c)) + +/* ISDIGIT differs from ISDIGIT_LOCALE, as follows: + - Its arg may be any int or unsigned int; it need not be an unsigned char. + - It's guaranteed to evaluate its argument exactly once. + - It's typically faster. + Posix 1003.2-1992 section 2.5.2.1 page 50 lines 1556-1558 says that + only '0' through '9' are digits. Prefer ISDIGIT to ISDIGIT_LOCALE unless + it's important to use the locale's definition of `digit' even when the + host does not conform to Posix. */ +#define ISDIGIT(c) ((unsigned) (c) - '0' <= 9) + +#if defined (STDC_HEADERS) || defined (USG) +# include +#endif + +#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 7) +# define __attribute__(x) +#endif + +#ifndef ATTRIBUTE_UNUSED +# define ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +#endif + +/* Some old versions of bison generate parsers that use bcopy. + That loses on systems that don't provide the function, so we have + to redefine it here. */ +#if !defined (HAVE_BCOPY) && defined (HAVE_MEMCPY) && !defined (bcopy) +# define bcopy(from, to, len) memcpy ((to), (from), (len)) +#endif + +/* Remap normal yacc parser interface names (yyparse, yylex, yyerror, etc), + as well as gratuitiously global symbol names, so we can have multiple + yacc generated parsers in the same program. Note that these are only + the variables produced by yacc. If other parser generators (bison, + byacc, etc) produce additional global names that conflict at link time, + then those parser generators need to be fixed instead of adding those + names to this list. */ + +#define yymaxdepth gd_maxdepth +#define yyparse gd_parse +#define yylex gd_lex +#define yyerror gd_error +#define yylval gd_lval +#define yychar gd_char +#define yydebug gd_debug +#define yypact gd_pact +#define yyr1 gd_r1 +#define yyr2 gd_r2 +#define yydef gd_def +#define yychk gd_chk +#define yypgo gd_pgo +#define yyact gd_act +#define yyexca gd_exca +#define yyerrflag gd_errflag +#define yynerrs gd_nerrs +#define yyps gd_ps +#define yypv gd_pv +#define yys gd_s +#define yy_yys gd_yys +#define yystate gd_state +#define yytmp gd_tmp +#define yyv gd_v +#define yy_yyv gd_yyv +#define yyval gd_val +#define yylloc gd_lloc +#define yyreds gd_reds /* With YYDEBUG defined */ +#define yytoks gd_toks /* With YYDEBUG defined */ +#define yylhs gd_yylhs +#define yylen gd_yylen +#define yydefred gd_yydefred +#define yydgoto gd_yydgoto +#define yysindex gd_yysindex +#define yyrindex gd_yyrindex +#define yygindex gd_yygindex +#define yytable gd_yytable +#define yycheck gd_yycheck + +static int yylex (void); +static int yyerror (char *s); + +#define EPOCH 1970 +#define HOUR(x) ((x) * 60) + +#define MAX_BUFF_LEN 128 /* size of buffer to read the date into */ + +/* +** An entry in the lexical lookup table. +*/ +typedef struct _TABLE { + const char *name; + int type; + int value; +} TABLE; + + +/* +** Meridian: am, pm, or 24-hour style. +*/ +typedef enum _MERIDIAN { + MERam, MERpm, MER24 +} MERIDIAN; + + +/* +** Global variables. We could get rid of most of these by using a good +** union as the yacc stack. (This routine was originally written before +** yacc had the %union construct.) Maybe someday; right now we only use +** the %union very rarely. +*/ +static const char *yyInput; +static int yyDayOrdinal; +static int yyDayNumber; +static int yyHaveDate; +static int yyHaveDay; +static int yyHaveRel; +static int yyHaveTime; +static int yyHaveZone; +static int yyTimezone; +static int yyDay; +static int yyHour; +static int yyMinutes; +static int yyMonth; +static int yySeconds; +static int yyYear; +static MERIDIAN yyMeridian; +static int yyRelDay; +static int yyRelHour; +static int yyRelMinutes; +static int yyRelMonth; +static int yyRelSeconds; +static int yyRelYear; + +%} + +/* This grammar has 13 shift/reduce conflicts. */ +%expect 13 + +%union { + int Number; + enum _MERIDIAN Meridian; +} + +%token tAGO tDAY tDAY_UNIT tDAYZONE tDST tHOUR_UNIT tID +%token tMERIDIAN tMINUTE_UNIT tMONTH tMONTH_UNIT +%token tSEC_UNIT tSNUMBER tUNUMBER tYEAR_UNIT tZONE + +%type tDAY tDAY_UNIT tDAYZONE tHOUR_UNIT tMINUTE_UNIT +%type tMONTH tMONTH_UNIT +%type tSEC_UNIT tSNUMBER tUNUMBER tYEAR_UNIT tZONE +%type tMERIDIAN o_merid + +%% + +spec : /* NULL */ + | spec item + ; + +item : time { + yyHaveTime++; + } + | zone { + yyHaveZone++; + } + | date { + yyHaveDate++; + } + | day { + yyHaveDay++; + } + | rel { + yyHaveRel++; + } + | number + ; + +time : tUNUMBER tMERIDIAN { + yyHour = $1; + yyMinutes = 0; + yySeconds = 0; + yyMeridian = $2; + } + | tUNUMBER ':' tUNUMBER o_merid { + yyHour = $1; + yyMinutes = $3; + yySeconds = 0; + yyMeridian = $4; + } + | tUNUMBER ':' tUNUMBER tSNUMBER { + yyHour = $1; + yyMinutes = $3; + yyMeridian = MER24; + yyHaveZone++; + yyTimezone = ($4 < 0 + ? -$4 % 100 + (-$4 / 100) * 60 + : - ($4 % 100 + ($4 / 100) * 60)); + } + | tUNUMBER ':' tUNUMBER ':' tUNUMBER o_merid { + yyHour = $1; + yyMinutes = $3; + yySeconds = $5; + yyMeridian = $6; + } + | tUNUMBER ':' tUNUMBER ':' tUNUMBER tSNUMBER { + yyHour = $1; + yyMinutes = $3; + yySeconds = $5; + yyMeridian = MER24; + yyHaveZone++; + yyTimezone = ($6 < 0 + ? -$6 % 100 + (-$6 / 100) * 60 + : - ($6 % 100 + ($6 / 100) * 60)); + } + ; + +zone : tZONE { + yyTimezone = $1; + } + | tDAYZONE { + yyTimezone = $1 - 60; + } + | + tZONE tDST { + yyTimezone = $1 - 60; + } + ; + +day : tDAY { + yyDayOrdinal = 1; + yyDayNumber = $1; + } + | tDAY ',' { + yyDayOrdinal = 1; + yyDayNumber = $1; + } + | tUNUMBER tDAY { + yyDayOrdinal = $1; + yyDayNumber = $2; + } + ; + +date : tUNUMBER '/' tUNUMBER { + yyMonth = $1; + yyDay = $3; + } + | tUNUMBER '/' tUNUMBER '/' tUNUMBER { + /* Interpret as YYYY/MM/DD if $1 >= 1000, otherwise as MM/DD/YY. + The goal in recognizing YYYY/MM/DD is solely to support legacy + machine-generated dates like those in an RCS log listing. If + you want portability, use the ISO 8601 format. */ + if ($1 >= 1000) + { + yyYear = $1; + yyMonth = $3; + yyDay = $5; + } + else + { + yyMonth = $1; + yyDay = $3; + yyYear = $5; + } + } + | tUNUMBER tSNUMBER tSNUMBER { + /* ISO 8601 format. yyyy-mm-dd. */ + yyYear = $1; + yyMonth = -$2; + yyDay = -$3; + } + | tUNUMBER tMONTH tSNUMBER { + /* e.g. 17-JUN-1992. */ + yyDay = $1; + yyMonth = $2; + yyYear = -$3; + } + | tMONTH tUNUMBER { + yyMonth = $1; + yyDay = $2; + } + | tMONTH tUNUMBER ',' tUNUMBER { + yyMonth = $1; + yyDay = $2; + yyYear = $4; + } + | tUNUMBER tMONTH { + yyMonth = $2; + yyDay = $1; + } + | tUNUMBER tMONTH tUNUMBER { + yyMonth = $2; + yyDay = $1; + yyYear = $3; + } + ; + +rel : relunit tAGO { + yyRelSeconds = -yyRelSeconds; + yyRelMinutes = -yyRelMinutes; + yyRelHour = -yyRelHour; + yyRelDay = -yyRelDay; + yyRelMonth = -yyRelMonth; + yyRelYear = -yyRelYear; + } + | relunit + ; + +relunit : tUNUMBER tYEAR_UNIT { + yyRelYear += $1 * $2; + } + | tSNUMBER tYEAR_UNIT { + yyRelYear += $1 * $2; + } + | tYEAR_UNIT { + yyRelYear += $1; + } + | tUNUMBER tMONTH_UNIT { + yyRelMonth += $1 * $2; + } + | tSNUMBER tMONTH_UNIT { + yyRelMonth += $1 * $2; + } + | tMONTH_UNIT { + yyRelMonth += $1; + } + | tUNUMBER tDAY_UNIT { + yyRelDay += $1 * $2; + } + | tSNUMBER tDAY_UNIT { + yyRelDay += $1 * $2; + } + | tDAY_UNIT { + yyRelDay += $1; + } + | tUNUMBER tHOUR_UNIT { + yyRelHour += $1 * $2; + } + | tSNUMBER tHOUR_UNIT { + yyRelHour += $1 * $2; + } + | tHOUR_UNIT { + yyRelHour += $1; + } + | tUNUMBER tMINUTE_UNIT { + yyRelMinutes += $1 * $2; + } + | tSNUMBER tMINUTE_UNIT { + yyRelMinutes += $1 * $2; + } + | tMINUTE_UNIT { + yyRelMinutes += $1; + } + | tUNUMBER tSEC_UNIT { + yyRelSeconds += $1 * $2; + } + | tSNUMBER tSEC_UNIT { + yyRelSeconds += $1 * $2; + } + | tSEC_UNIT { + yyRelSeconds += $1; + } + ; + +number : tUNUMBER + { + if (yyHaveTime && yyHaveDate && !yyHaveRel) + yyYear = $1; + else + { + if ($1>10000) + { + yyHaveDate++; + yyDay= ($1)%100; + yyMonth= ($1/100)%100; + yyYear = $1/10000; + } + else + { + yyHaveTime++; + if ($1 < 100) + { + yyHour = $1; + yyMinutes = 0; + } + else + { + yyHour = $1 / 100; + yyMinutes = $1 % 100; + } + yySeconds = 0; + yyMeridian = MER24; + } + } + } + ; + +o_merid : /* NULL */ + { + $$ = MER24; + } + | tMERIDIAN + { + $$ = $1; + } + ; + +%% + +/* Include this file down here because bison inserts code above which + may define-away `const'. We want the prototype for get_date to have + the same signature as the function definition does. */ +#include "getdate.h" + +extern struct tm *gmtime (); +extern struct tm *localtime (); +extern time_t mktime (); + +/* Month and day table. */ +static TABLE const MonthDayTable[] = { + { "january", tMONTH, 1 }, + { "february", tMONTH, 2 }, + { "march", tMONTH, 3 }, + { "april", tMONTH, 4 }, + { "may", tMONTH, 5 }, + { "june", tMONTH, 6 }, + { "july", tMONTH, 7 }, + { "august", tMONTH, 8 }, + { "september", tMONTH, 9 }, + { "sept", tMONTH, 9 }, + { "october", tMONTH, 10 }, + { "november", tMONTH, 11 }, + { "december", tMONTH, 12 }, + { "sunday", tDAY, 0 }, + { "monday", tDAY, 1 }, + { "tuesday", tDAY, 2 }, + { "tues", tDAY, 2 }, + { "wednesday", tDAY, 3 }, + { "wednes", tDAY, 3 }, + { "thursday", tDAY, 4 }, + { "thur", tDAY, 4 }, + { "thurs", tDAY, 4 }, + { "friday", tDAY, 5 }, + { "saturday", tDAY, 6 }, + { NULL, 0, 0 } +}; + +/* Time units table. */ +static TABLE const UnitsTable[] = { + { "year", tYEAR_UNIT, 1 }, + { "month", tMONTH_UNIT, 1 }, + { "fortnight", tDAY_UNIT, 14 }, + { "week", tDAY_UNIT, 7 }, + { "day", tDAY_UNIT, 1 }, + { "hour", tHOUR_UNIT, 1 }, + { "minute", tMINUTE_UNIT, 1 }, + { "min", tMINUTE_UNIT, 1 }, + { "second", tSEC_UNIT, 1 }, + { "sec", tSEC_UNIT, 1 }, + { NULL, 0, 0 } +}; + +/* Assorted relative-time words. */ +static TABLE const OtherTable[] = { + { "tomorrow", tMINUTE_UNIT, 1 * 24 * 60 }, + { "yesterday", tMINUTE_UNIT, -1 * 24 * 60 }, + { "today", tMINUTE_UNIT, 0 }, + { "now", tMINUTE_UNIT, 0 }, + { "last", tUNUMBER, -1 }, + { "this", tMINUTE_UNIT, 0 }, + { "next", tUNUMBER, 1 }, + { "first", tUNUMBER, 1 }, +/* { "second", tUNUMBER, 2 }, */ + { "third", tUNUMBER, 3 }, + { "fourth", tUNUMBER, 4 }, + { "fifth", tUNUMBER, 5 }, + { "sixth", tUNUMBER, 6 }, + { "seventh", tUNUMBER, 7 }, + { "eighth", tUNUMBER, 8 }, + { "ninth", tUNUMBER, 9 }, + { "tenth", tUNUMBER, 10 }, + { "eleventh", tUNUMBER, 11 }, + { "twelfth", tUNUMBER, 12 }, + { "ago", tAGO, 1 }, + { NULL, 0, 0 } +}; + +/* The timezone table. */ +static TABLE const TimezoneTable[] = { + { "gmt", tZONE, HOUR ( 0) }, /* Greenwich Mean */ + { "ut", tZONE, HOUR ( 0) }, /* Universal (Coordinated) */ + { "utc", tZONE, HOUR ( 0) }, + { "wet", tZONE, HOUR ( 0) }, /* Western European */ + { "bst", tDAYZONE, HOUR ( 0) }, /* British Summer */ + { "wat", tZONE, HOUR ( 1) }, /* West Africa */ + { "at", tZONE, HOUR ( 2) }, /* Azores */ +#if 0 + /* For completeness. BST is also British Summer, and GST is + * also Guam Standard. */ + { "bst", tZONE, HOUR ( 3) }, /* Brazil Standard */ + { "gst", tZONE, HOUR ( 3) }, /* Greenland Standard */ +#endif +#if 0 + { "nft", tZONE, HOUR (3.5) }, /* Newfoundland */ + { "nst", tZONE, HOUR (3.5) }, /* Newfoundland Standard */ + { "ndt", tDAYZONE, HOUR (3.5) }, /* Newfoundland Daylight */ +#endif + { "ast", tZONE, HOUR ( 4) }, /* Atlantic Standard */ + { "adt", tDAYZONE, HOUR ( 4) }, /* Atlantic Daylight */ + { "est", tZONE, HOUR ( 5) }, /* Eastern Standard */ + { "edt", tDAYZONE, HOUR ( 5) }, /* Eastern Daylight */ + { "cst", tZONE, HOUR ( 6) }, /* Central Standard */ + { "cdt", tDAYZONE, HOUR ( 6) }, /* Central Daylight */ + { "mst", tZONE, HOUR ( 7) }, /* Mountain Standard */ + { "mdt", tDAYZONE, HOUR ( 7) }, /* Mountain Daylight */ + { "pst", tZONE, HOUR ( 8) }, /* Pacific Standard */ + { "pdt", tDAYZONE, HOUR ( 8) }, /* Pacific Daylight */ + { "yst", tZONE, HOUR ( 9) }, /* Yukon Standard */ + { "ydt", tDAYZONE, HOUR ( 9) }, /* Yukon Daylight */ + { "hst", tZONE, HOUR (10) }, /* Hawaii Standard */ + { "hdt", tDAYZONE, HOUR (10) }, /* Hawaii Daylight */ + { "cat", tZONE, HOUR (10) }, /* Central Alaska */ + { "ahst", tZONE, HOUR (10) }, /* Alaska-Hawaii Standard */ + { "nt", tZONE, HOUR (11) }, /* Nome */ + { "idlw", tZONE, HOUR (12) }, /* International Date Line West */ + { "cet", tZONE, -HOUR (1) }, /* Central European */ + { "met", tZONE, -HOUR (1) }, /* Middle European */ + { "mewt", tZONE, -HOUR (1) }, /* Middle European Winter */ + { "mest", tDAYZONE, -HOUR (1) }, /* Middle European Summer */ + { "mesz", tDAYZONE, -HOUR (1) }, /* Middle European Summer */ + { "swt", tZONE, -HOUR (1) }, /* Swedish Winter */ + { "sst", tDAYZONE, -HOUR (1) }, /* Swedish Summer */ + { "fwt", tZONE, -HOUR (1) }, /* French Winter */ + { "fst", tDAYZONE, -HOUR (1) }, /* French Summer */ + { "eet", tZONE, -HOUR (2) }, /* Eastern Europe, USSR Zone 1 */ + { "bt", tZONE, -HOUR (3) }, /* Baghdad, USSR Zone 2 */ +#if 0 + { "it", tZONE, -HOUR (3.5) },/* Iran */ +#endif + { "zp4", tZONE, -HOUR (4) }, /* USSR Zone 3 */ + { "zp5", tZONE, -HOUR (5) }, /* USSR Zone 4 */ +#if 0 + { "ist", tZONE, -HOUR (5.5) },/* Indian Standard */ +#endif + { "zp6", tZONE, -HOUR (6) }, /* USSR Zone 5 */ +#if 0 + /* For completeness. NST is also Newfoundland Standard, and SST is + * also Swedish Summer. */ + { "nst", tZONE, -HOUR (6.5) },/* North Sumatra */ + { "sst", tZONE, -HOUR (7) }, /* South Sumatra, USSR Zone 6 */ +#endif /* 0 */ + { "wast", tZONE, -HOUR (7) }, /* West Australian Standard */ + { "wadt", tDAYZONE, -HOUR (7) }, /* West Australian Daylight */ +#if 0 + { "jt", tZONE, -HOUR (7.5) },/* Java (3pm in Cronusland!) */ +#endif + { "cct", tZONE, -HOUR (8) }, /* China Coast, USSR Zone 7 */ + { "jst", tZONE, -HOUR (9) }, /* Japan Standard, USSR Zone 8 */ +#if 0 + { "cast", tZONE, -HOUR (9.5) },/* Central Australian Standard */ + { "cadt", tDAYZONE, -HOUR (9.5) },/* Central Australian Daylight */ +#endif + { "east", tZONE, -HOUR (10) }, /* Eastern Australian Standard */ + { "eadt", tDAYZONE, -HOUR (10) }, /* Eastern Australian Daylight */ + { "gst", tZONE, -HOUR (10) }, /* Guam Standard, USSR Zone 9 */ + { "nzt", tZONE, -HOUR (12) }, /* New Zealand */ + { "nzst", tZONE, -HOUR (12) }, /* New Zealand Standard */ + { "nzdt", tDAYZONE, -HOUR (12) }, /* New Zealand Daylight */ + { "idle", tZONE, -HOUR (12) }, /* International Date Line East */ + { NULL, 0, 0 } +}; + +/* Military timezone table. */ +static TABLE const MilitaryTable[] = { + { "a", tZONE, HOUR ( 1) }, + { "b", tZONE, HOUR ( 2) }, + { "c", tZONE, HOUR ( 3) }, + { "d", tZONE, HOUR ( 4) }, + { "e", tZONE, HOUR ( 5) }, + { "f", tZONE, HOUR ( 6) }, + { "g", tZONE, HOUR ( 7) }, + { "h", tZONE, HOUR ( 8) }, + { "i", tZONE, HOUR ( 9) }, + { "k", tZONE, HOUR ( 10) }, + { "l", tZONE, HOUR ( 11) }, + { "m", tZONE, HOUR ( 12) }, + { "n", tZONE, HOUR (- 1) }, + { "o", tZONE, HOUR (- 2) }, + { "p", tZONE, HOUR (- 3) }, + { "q", tZONE, HOUR (- 4) }, + { "r", tZONE, HOUR (- 5) }, + { "s", tZONE, HOUR (- 6) }, + { "t", tZONE, HOUR (- 7) }, + { "u", tZONE, HOUR (- 8) }, + { "v", tZONE, HOUR (- 9) }, + { "w", tZONE, HOUR (-10) }, + { "x", tZONE, HOUR (-11) }, + { "y", tZONE, HOUR (-12) }, + { "z", tZONE, HOUR ( 0) }, + { NULL, 0, 0 } +}; + + + + +/* ARGSUSED */ +static int +yyerror (s) + char *s ATTRIBUTE_UNUSED; +{ + return 0; +} + +static int +ToHour (Hours, Meridian) + int Hours; + MERIDIAN Meridian; +{ + switch (Meridian) + { + case MER24: + if (Hours < 0 || Hours > 23) + return -1; + return Hours; + case MERam: + if (Hours < 1 || Hours > 12) + return -1; + if (Hours == 12) + Hours = 0; + return Hours; + case MERpm: + if (Hours < 1 || Hours > 12) + return -1; + if (Hours == 12) + Hours = 0; + return Hours + 12; + default: + abort (); + } + /* NOTREACHED */ +} + +static int +ToYear (Year) + int Year; +{ + if (Year < 0) + Year = -Year; + + /* XPG4 suggests that years 00-68 map to 2000-2068, and + years 69-99 map to 1969-1999. */ + if (Year < 69) + Year += 2000; + else if (Year < 100) + Year += 1900; + + return Year; +} + +static int +LookupWord (buff) + char *buff; +{ + register char *p; + register char *q; + register const TABLE *tp; + int i; + int abbrev; + + /* Make it lowercase. */ + for (p = buff; *p; p++) + if (ISUPPER ((unsigned char) *p)) + *p = tolower (*p); + + if (strcmp (buff, "am") == 0 || strcmp (buff, "a.m.") == 0) + { + yylval.Meridian = MERam; + return tMERIDIAN; + } + if (strcmp (buff, "pm") == 0 || strcmp (buff, "p.m.") == 0) + { + yylval.Meridian = MERpm; + return tMERIDIAN; + } + + /* See if we have an abbreviation for a month. */ + if (strlen (buff) == 3) + abbrev = 1; + else if (strlen (buff) == 4 && buff[3] == '.') + { + abbrev = 1; + buff[3] = '\0'; + } + else + abbrev = 0; + + for (tp = MonthDayTable; tp->name; tp++) + { + if (abbrev) + { + if (strncmp (buff, tp->name, 3) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + } + else if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + } + + for (tp = TimezoneTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + if (strcmp (buff, "dst") == 0) + return tDST; + + for (tp = UnitsTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + /* Strip off any plural and try the units table again. */ + i = strlen (buff) - 1; + if (buff[i] == 's') + { + buff[i] = '\0'; + for (tp = UnitsTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + buff[i] = 's'; /* Put back for "this" in OtherTable. */ + } + + for (tp = OtherTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + /* Military timezones. */ + if (buff[1] == '\0' && ISALPHA ((unsigned char) *buff)) + { + for (tp = MilitaryTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + } + + /* Drop out any periods and try the timezone table again. */ + for (i = 0, p = q = buff; *q; q++) + if (*q != '.') + *p++ = *q; + else + i++; + *p = '\0'; + if (i) + for (tp = TimezoneTable; tp->name; tp++) + if (strcmp (buff, tp->name) == 0) + { + yylval.Number = tp->value; + return tp->type; + } + + return tID; +} + +static int +yylex () +{ + register unsigned char c; + register char *p; + char buff[20]; + int Count; + int sign; + + for (;;) + { + while (ISSPACE ((unsigned char) *yyInput)) + yyInput++; + + if (ISDIGIT (c = *yyInput) || c == '-' || c == '+') + { + if (c == '-' || c == '+') + { + sign = c == '-' ? -1 : 1; + if (!ISDIGIT (*++yyInput)) + /* skip the '-' sign */ + continue; + } + else + sign = 0; + for (yylval.Number = 0; ISDIGIT (c = *yyInput++);) + yylval.Number = 10 * yylval.Number + c - '0'; + yyInput--; + if (sign < 0) + yylval.Number = -yylval.Number; + return sign ? tSNUMBER : tUNUMBER; + } + if (ISALPHA (c)) + { + for (p = buff; (c = *yyInput++, ISALPHA (c)) || c == '.';) + if (p < &buff[sizeof buff - 1]) + *p++ = c; + *p = '\0'; + yyInput--; + return LookupWord (buff); + } + if (c != '(') + return *yyInput++; + Count = 0; + do + { + c = *yyInput++; + if (c == '\0') + return c; + if (c == '(') + Count++; + else if (c == ')') + Count--; + } + while (Count > 0); + } +} + +#define TM_YEAR_ORIGIN 1900 + +/* Yield A - B, measured in seconds. */ +static long +difftm (struct tm *a, struct tm *b) +{ + int ay = a->tm_year + (TM_YEAR_ORIGIN - 1); + int by = b->tm_year + (TM_YEAR_ORIGIN - 1); + long days = ( + /* difference in day of year */ + a->tm_yday - b->tm_yday + /* + intervening leap days */ + + ((ay >> 2) - (by >> 2)) + - (ay / 100 - by / 100) + + ((ay / 100 >> 2) - (by / 100 >> 2)) + /* + difference in years * 365 */ + + (long) (ay - by) * 365 + ); + return (60 * (60 * (24 * days + (a->tm_hour - b->tm_hour)) + + (a->tm_min - b->tm_min)) + + (a->tm_sec - b->tm_sec)); +} + +time_t +get_date (const char *p, const time_t *now) +{ + struct tm tm, tm0, *tmp; + time_t Start; + + yyInput = p; + Start = now ? *now : time ((time_t *) NULL); + tmp = localtime (&Start); + if (!tmp) + return -1; + yyYear = tmp->tm_year + TM_YEAR_ORIGIN; + yyMonth = tmp->tm_mon + 1; + yyDay = tmp->tm_mday; + yyHour = tmp->tm_hour; + yyMinutes = tmp->tm_min; + yySeconds = tmp->tm_sec; + tm.tm_isdst = tmp->tm_isdst; + yyMeridian = MER24; + yyRelSeconds = 0; + yyRelMinutes = 0; + yyRelHour = 0; + yyRelDay = 0; + yyRelMonth = 0; + yyRelYear = 0; + yyHaveDate = 0; + yyHaveDay = 0; + yyHaveRel = 0; + yyHaveTime = 0; + yyHaveZone = 0; + + if (yyparse () + || yyHaveTime > 1 || yyHaveZone > 1 || yyHaveDate > 1 || yyHaveDay > 1) + return -1; + + tm.tm_year = ToYear (yyYear) - TM_YEAR_ORIGIN + yyRelYear; + tm.tm_mon = yyMonth - 1 + yyRelMonth; + tm.tm_mday = yyDay + yyRelDay; + if (yyHaveTime || (yyHaveRel && !yyHaveDate && !yyHaveDay)) + { + tm.tm_hour = ToHour (yyHour, yyMeridian); + if (tm.tm_hour < 0) + return -1; + tm.tm_min = yyMinutes; + tm.tm_sec = yySeconds; + } + else + { + tm.tm_hour = tm.tm_min = tm.tm_sec = 0; + } + tm.tm_hour += yyRelHour; + tm.tm_min += yyRelMinutes; + tm.tm_sec += yyRelSeconds; + + /* Let mktime deduce tm_isdst if we have an absolute timestamp, + or if the relative timestamp mentions days, months, or years. */ + if (yyHaveDate | yyHaveDay | yyHaveTime | yyRelDay | yyRelMonth | yyRelYear) + tm.tm_isdst = -1; + + tm0 = tm; + + Start = mktime (&tm); + + if (Start == (time_t) -1) + { + + /* Guard against falsely reporting errors near the time_t boundaries + when parsing times in other time zones. For example, if the min + time_t value is 1970-01-01 00:00:00 UTC and we are 8 hours ahead + of UTC, then the min localtime value is 1970-01-01 08:00:00; if + we apply mktime to 1970-01-01 00:00:00 we will get an error, so + we apply mktime to 1970-01-02 08:00:00 instead and adjust the time + zone by 24 hours to compensate. This algorithm assumes that + there is no DST transition within a day of the time_t boundaries. */ + if (yyHaveZone) + { + tm = tm0; + if (tm.tm_year <= EPOCH - TM_YEAR_ORIGIN) + { + tm.tm_mday++; + yyTimezone -= 24 * 60; + } + else + { + tm.tm_mday--; + yyTimezone += 24 * 60; + } + Start = mktime (&tm); + } + + if (Start == (time_t) -1) + return Start; + } + + if (yyHaveDay && !yyHaveDate) + { + tm.tm_mday += ((yyDayNumber - tm.tm_wday + 7) % 7 + + 7 * (yyDayOrdinal - (0 < yyDayOrdinal))); + Start = mktime (&tm); + if (Start == (time_t) -1) + return Start; + } + + if (yyHaveZone) + { + long delta; + struct tm *gmt = gmtime (&Start); + if (!gmt) + return -1; + delta = yyTimezone * 60L + difftm (&tm, gmt); + if ((Start + delta < Start) != (delta < 0)) + return -1; /* time_t overflow */ + Start += delta; + } + + return Start; +} + +#if defined (TEST) + +/* ARGSUSED */ +int +main (ac, av) + int ac; + char *av[]; +{ + char buff[MAX_BUFF_LEN + 1]; + time_t d; + + (void) printf ("Enter date, or blank line to exit.\n\t> "); + (void) fflush (stdout); + + buff[MAX_BUFF_LEN] = 0; + while (fgets (buff, MAX_BUFF_LEN, stdin) && buff[0]) + { + d = get_date (buff, (time_t *) NULL); + if (d == -1) + (void) printf ("Bad format - couldn't convert.\n"); + else + (void) printf ("%s", ctime (&d)); + (void) printf ("\t> "); + (void) fflush (stdout); + } + exit (0); + /* NOTREACHED */ +} +#endif /* defined (TEST) */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/hash.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash.h --- atmark-dist-20150618/user/chrony/chrony-1.30/hash.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,41 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2012 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for crypto hashing. + + */ + +#ifndef GOT_HASH_H +#define GOT_HASH_H + +/* length of hash values produced by SHA512 */ +#define MAX_HASH_LENGTH 64 + +extern int HSH_GetHashId(const char *name); + +extern unsigned int HSH_Hash(int id, + const unsigned char *in1, unsigned int in1_len, + const unsigned char *in2, unsigned int in2_len, + unsigned char *out, unsigned int out_len); + +#endif diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/hash_intmd5.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash_intmd5.c --- atmark-dist-20150618/user/chrony/chrony-1.30/hash_intmd5.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash_intmd5.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,64 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2012 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Routines implementing crypto hashing using internal MD5 implementation. + + */ + +#include "config.h" +#include "sysincl.h" +#include "hash.h" +#include "memory.h" + +#include "md5.c" + +static MD5_CTX ctx; + +int +HSH_GetHashId(const char *name) +{ + /* only MD5 is supported */ + if (strcmp(name, "MD5")) + return -1; + + return 0; +} + +unsigned int +HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len, + const unsigned char *in2, unsigned int in2_len, + unsigned char *out, unsigned int out_len) +{ + if (out_len < 16) + return 0; + + MD5Init(&ctx); + MD5Update(&ctx, in1, in1_len); + if (in2) + MD5Update(&ctx, in2, in2_len); + MD5Final(&ctx); + + memcpy(out, ctx.digest, 16); + + return 16; +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/hash_nss.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash_nss.c --- atmark-dist-20150618/user/chrony/chrony-1.30/hash_nss.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash_nss.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,89 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2012 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Routines implementing crypto hashing using NSSLOWHASH API of the NSS library. + + */ + +#include +#include +#include + +/* #include "config.h" */ +#include "hash.h" + +static NSSLOWInitContext *ictx; + +struct hash { + HASH_HashType type; + const char *name; + NSSLOWHASHContext *context; +}; + +static struct hash hashes[] = { + { HASH_AlgMD5, "MD5", NULL }, + { HASH_AlgSHA1, "SHA1", NULL }, + { HASH_AlgSHA256, "SHA256", NULL }, + { HASH_AlgSHA384, "SHA384", NULL }, + { HASH_AlgSHA512, "SHA512", NULL }, + { 0, NULL, NULL } +}; + +int +HSH_GetHashId(const char *name) +{ + int i; + + for (i = 0; hashes[i].name; i++) { + if (!strcmp(name, hashes[i].name)) + break; + } + + if (!hashes[i].name) + return -1; /* not found */ + + if (!ictx && !(ictx = NSSLOW_Init())) + return -1; /* couldn't init NSS */ + + if (!hashes[i].context && + !(hashes[i].context = NSSLOWHASH_NewContext(ictx, hashes[i].type))) + return -1; /* couldn't init hash */ + + return i; +} + +unsigned int +HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len, + const unsigned char *in2, unsigned int in2_len, + unsigned char *out, unsigned int out_len) +{ + unsigned int ret; + + NSSLOWHASH_Begin(hashes[id].context); + NSSLOWHASH_Update(hashes[id].context, in1, in1_len); + if (in2) + NSSLOWHASH_Update(hashes[id].context, in2, in2_len); + NSSLOWHASH_End(hashes[id].context, out, &ret, out_len); + + return ret; +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/hash_tomcrypt.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash_tomcrypt.c --- atmark-dist-20150618/user/chrony/chrony-1.30/hash_tomcrypt.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/hash_tomcrypt.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,116 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2012 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Routines implementing crypto hashing using tomcrypt library. + + */ + +#include + +#include "config.h" +#include "hash.h" + +struct hash { + const char *name; + const char *int_name; + const struct ltc_hash_descriptor *desc; +}; + +static const struct hash hashes[] = { + { "MD5", "md5", &md5_desc }, +#ifdef LTC_RIPEMD128 + { "RMD128", "rmd128", &rmd128_desc }, +#endif +#ifdef LTC_RIPEMD160 + { "RMD160", "rmd160", &rmd160_desc }, +#endif +#ifdef LTC_RIPEMD256 + { "RMD256", "rmd256", &rmd256_desc }, +#endif +#ifdef LTC_RIPEMD320 + { "RMD320", "rmd320", &rmd320_desc }, +#endif +#ifdef LTC_SHA1 + { "SHA1", "sha1", &sha1_desc }, +#endif +#ifdef LTC_SHA256 + { "SHA256", "sha256", &sha256_desc }, +#endif +#ifdef LTC_SHA384 + { "SHA384", "sha384", &sha384_desc }, +#endif +#ifdef LTC_SHA512 + { "SHA512", "sha512", &sha512_desc }, +#endif +#ifdef LTC_TIGER + { "TIGER", "tiger", &tiger_desc }, +#endif +#ifdef LTC_WHIRLPOOL + { "WHIRLPOOL", "whirlpool", &whirlpool_desc }, +#endif + { NULL, NULL, NULL } +}; + +int +HSH_GetHashId(const char *name) +{ + int i, h; + + for (i = 0; hashes[i].name; i++) { + if (!strcmp(name, hashes[i].name)) + break; + } + + if (!hashes[i].name) + return -1; /* not found */ + + h = find_hash(hashes[i].int_name); + if (h >= 0) + return h; /* already registered */ + + /* register and try again */ + register_hash(hashes[i].desc); + + return find_hash(hashes[i].int_name); +} + +unsigned int +HSH_Hash(int id, const unsigned char *in1, unsigned int in1_len, + const unsigned char *in2, unsigned int in2_len, + unsigned char *out, unsigned int out_len) +{ + unsigned long len; + int r; + + len = out_len; + if (in2) + r = hash_memory_multi(id, out, &len, + in1, (unsigned long)in1_len, in2, (unsigned long)in2_len, NULL, 0); + else + r = hash_memory(id, in1, in1_len, out, &len); + + if (r != CRYPT_OK) + return 0; + + return len; +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/keys.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/keys.c --- atmark-dist-20150618/user/chrony/chrony-1.30/keys.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/keys.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,386 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2012-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Module for managing keys used for authenticating NTP packets and commands + + */ + +#include "config.h" + +#include "sysincl.h" + +#include "keys.h" +#include "cmdparse.h" +#include "conf.h" +#include "memory.h" +#include "util.h" +#include "local.h" +#include "logging.h" + + +typedef struct { + unsigned long id; + char *val; + int len; + int hash_id; + int auth_delay; +} Key; + +#define MAX_KEYS 256 + +static int n_keys; +static Key keys[MAX_KEYS]; + +static int command_key_valid; +static int command_key_id; +static int cache_valid; +static unsigned long cache_key_id; +static int cache_key_pos; + +/* ================================================== */ + +static int +generate_key(unsigned long key_id) +{ +#ifdef GENERATE_SHA1_KEY + unsigned char key[20]; + const char *hashname = "SHA1"; +#else + unsigned char key[16]; + const char *hashname = "MD5"; +#endif + const char *key_file, *rand_dev = "/dev/urandom"; + FILE *f; + struct stat st; + int i; + + key_file = CNF_GetKeysFile(); + + if (!key_file) + return 0; + + f = fopen(rand_dev, "r"); + if (!f || fread(key, sizeof (key), 1, f) != 1) { + if (f) + fclose(f); + LOG_FATAL(LOGF_Keys, "Could not read %s", rand_dev); + return 0; + } + fclose(f); + + f = fopen(key_file, "a"); + if (!f) { + LOG_FATAL(LOGF_Keys, "Could not open keyfile %s for writing", key_file); + return 0; + } + + /* Make sure the keyfile is not world-readable */ + if (stat(key_file, &st) || chmod(key_file, st.st_mode & 0770)) { + fclose(f); + LOG_FATAL(LOGF_Keys, "Could not change permissions of keyfile %s", key_file); + return 0; + } + + fprintf(f, "\n%lu %s HEX:", key_id, hashname); + for (i = 0; i < sizeof (key); i++) + fprintf(f, "%02hhX", key[i]); + fprintf(f, "\n"); + fclose(f); + + /* Erase the key from stack */ + memset(key, 0, sizeof (key)); + + LOG(LOGS_INFO, LOGF_Keys, "Generated key %lu", key_id); + + return 1; +} + +/* ================================================== */ + +void +KEY_Initialise(void) +{ + n_keys = 0; + command_key_valid = 0; + cache_valid = 0; + KEY_Reload(); + + if (CNF_GetGenerateCommandKey() && !KEY_KeyKnown(KEY_GetCommandKey())) { + if (generate_key(KEY_GetCommandKey())) + KEY_Reload(); + } +} + +/* ================================================== */ + +void +KEY_Finalise(void) +{ +} + +/* ================================================== */ + +static int +determine_hash_delay(unsigned long key_id) +{ + NTP_Packet pkt; + struct timeval before, after; + unsigned long usecs, min_usecs=0; + int i; + + for (i = 0; i < 10; i++) { + LCL_ReadRawTime(&before); + KEY_GenerateAuth(key_id, (unsigned char *)&pkt, NTP_NORMAL_PACKET_SIZE, + (unsigned char *)&pkt.auth_data, sizeof (pkt.auth_data)); + LCL_ReadRawTime(&after); + + usecs = (after.tv_sec - before.tv_sec) * 1000000 + (after.tv_usec - before.tv_usec); + + if (i == 0 || usecs < min_usecs) { + min_usecs = usecs; + } + } + + /* Add on a bit extra to allow for copying, conversions etc */ + min_usecs += min_usecs >> 4; + + DEBUG_LOG(LOGF_Keys, "authentication delay for key %lu: %ld useconds", key_id, min_usecs); + + return min_usecs; +} + +/* ================================================== */ + +/* Compare two keys */ + +static int +compare_keys_by_id(const void *a, const void *b) +{ + const Key *c = (const Key *) a; + const Key *d = (const Key *) b; + + if (c->id < d->id) { + return -1; + } else if (c->id > d->id) { + return +1; + } else { + return 0; + } + +} + +/* ================================================== */ + +void +KEY_Reload(void) +{ + int i, line_number; + FILE *in; + unsigned long key_id; + char line[2048], *keyval, *key_file; + const char *hashname; + + for (i=0; i= 0) { + cache_valid = 1; + cache_key_pos = position; + cache_key_id = key_id; + } + + return position; +} + +/* ================================================== */ + +unsigned long +KEY_GetCommandKey(void) +{ + if (!command_key_valid) { + command_key_id = CNF_GetCommandKey(); + } + + return command_key_id; +} + +/* ================================================== */ + +int +KEY_KeyKnown(unsigned long key_id) +{ + return get_key_pos(key_id) >= 0; +} + +/* ================================================== */ + +int +KEY_GetAuthDelay(unsigned long key_id) +{ + int key_pos; + + key_pos = get_key_pos(key_id); + + if (key_pos < 0) { + return 0; + } + + return keys[key_pos].auth_delay; +} + +/* ================================================== */ + +int +KEY_GenerateAuth(unsigned long key_id, const unsigned char *data, int data_len, + unsigned char *auth, int auth_len) +{ + int key_pos; + + key_pos = get_key_pos(key_id); + + if (key_pos < 0) { + return 0; + } + + return UTI_GenerateNTPAuth(keys[key_pos].hash_id, + (unsigned char *)keys[key_pos].val, keys[key_pos].len, + data, data_len, auth, auth_len); +} + +/* ================================================== */ + +int +KEY_CheckAuth(unsigned long key_id, const unsigned char *data, int data_len, + const unsigned char *auth, int auth_len) +{ + int key_pos; + + key_pos = get_key_pos(key_id); + + if (key_pos < 0) { + return 0; + } + + return UTI_CheckNTPAuth(keys[key_pos].hash_id, + (unsigned char *)keys[key_pos].val, keys[key_pos].len, + data, data_len, auth, auth_len); +} diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/keys.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/keys.h --- atmark-dist-20150618/user/chrony/chrony-1.30/keys.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/keys.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,46 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header for key management module + */ + +#ifndef GOT_KEYS_H +#define GOT_KEYS_H + +extern void KEY_Initialise(void); +extern void KEY_Finalise(void); + +extern void KEY_Reload(void); + +extern unsigned long KEY_GetCommandKey(void); + +extern int KEY_GetKey(unsigned long key_id, char **key, int *len); +extern int KEY_KeyKnown(unsigned long key_id); +extern int KEY_GetAuthDelay(unsigned long key_id); + +extern int KEY_GenerateAuth(unsigned long key_id, const unsigned char *data, + int data_len, unsigned char *auth, int auth_len); +extern int KEY_CheckAuth(unsigned long key_id, const unsigned char *data, + int data_len, const unsigned char *auth, int auth_len); + +#endif /* GOT_KEYS_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/local.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/local.c --- atmark-dist-20150618/user/chrony/chrony-1.30/local.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/local.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,624 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2011, 2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + The routines in this file present a common local (system) clock + interface to the rest of the software. + + They interface with the system specific driver files in sys_*.c + */ + +#include "config.h" + +#include "sysincl.h" + +#include "conf.h" +#include "local.h" +#include "localp.h" +#include "memory.h" +#include "util.h" +#include "logging.h" + +/* ================================================== */ + +/* Variable to store the current frequency, in ppm */ +static double current_freq_ppm; + +/* Temperature compensation, in ppm */ +static double temp_comp_ppm; + +/* ================================================== */ +/* Store the system dependent drivers */ + +static lcl_ReadFrequencyDriver drv_read_freq; +static lcl_SetFrequencyDriver drv_set_freq; +static lcl_AccrueOffsetDriver drv_accrue_offset; +static lcl_ApplyStepOffsetDriver drv_apply_step_offset; +static lcl_OffsetCorrectionDriver drv_offset_convert; +static lcl_SetLeapDriver drv_set_leap; + +/* ================================================== */ + +/* Types and variables associated with handling the parameter change + list */ + +typedef struct _ChangeListEntry { + struct _ChangeListEntry *next; + struct _ChangeListEntry *prev; + LCL_ParameterChangeHandler handler; + void *anything; +} ChangeListEntry; + +static ChangeListEntry change_list; + +/* ================================================== */ + +/* Types and variables associated with handling the parameter change + list */ + +typedef struct _DispersionNotifyListEntry { + struct _DispersionNotifyListEntry *next; + struct _DispersionNotifyListEntry *prev; + LCL_DispersionNotifyHandler handler; + void *anything; +} DispersionNotifyListEntry; + +static DispersionNotifyListEntry dispersion_notify_list; + +/* ================================================== */ + +static int precision_log; +static double precision_quantum; + +static double max_clock_error; + +/* ================================================== */ + +/* Define the number of increments of the system clock that we want + to see to be fairly sure that we've got something approaching + the minimum increment. Even on a crummy implementation that can't + interpolate between 10ms ticks, we should get this done in + under 1s of busy waiting. */ +#define NITERS 100 + +static void +calculate_sys_precision(void) +{ + struct timeval tv, old_tv; + int dusec, best_dusec; + int iters; + + gettimeofday(&old_tv, NULL); + best_dusec = 1000000; /* Assume we must be better than a second */ + iters = 0; + do { + gettimeofday(&tv, NULL); + dusec = 1000000*(tv.tv_sec - old_tv.tv_sec) + (tv.tv_usec - old_tv.tv_usec); + old_tv = tv; + if (dusec > 0) { + if (dusec < best_dusec) { + best_dusec = dusec; + } + iters++; + } + } while (iters < NITERS); + + assert(best_dusec > 0); + + precision_quantum = best_dusec * 1.0e-6; + + /* Get rounded log2 value of the measured precision */ + precision_log = 0; + while (best_dusec < 707107) { + precision_log--; + best_dusec *= 2; + } + + DEBUG_LOG(LOGF_Local, "Clock precision %.9f (%d)", precision_quantum, precision_log); +} + +/* ================================================== */ + +void +LCL_Initialise(void) +{ + change_list.next = change_list.prev = &change_list; + + dispersion_notify_list.next = dispersion_notify_list.prev = &dispersion_notify_list; + + /* Null out the system drivers, so that we die + if they never get defined before use */ + + drv_read_freq = NULL; + drv_set_freq = NULL; + drv_accrue_offset = NULL; + drv_offset_convert = NULL; + + /* This ought to be set from the system driver layer */ + current_freq_ppm = 0.0; + temp_comp_ppm = 0.0; + + calculate_sys_precision(); + + max_clock_error = CNF_GetMaxClockError() * 1e-6; +} + +/* ================================================== */ + +void +LCL_Finalise(void) +{ +} + +/* ================================================== */ + +/* Routine to read the system precision as a log to base 2 value. */ +int +LCL_GetSysPrecisionAsLog(void) +{ + return precision_log; +} + +/* ================================================== */ +/* Routine to read the system precision in terms of the actual time step */ + +double +LCL_GetSysPrecisionAsQuantum(void) +{ + return precision_quantum; +} + +/* ================================================== */ + +double +LCL_GetMaxClockError(void) +{ + return max_clock_error; +} + +/* ================================================== */ + +void +LCL_AddParameterChangeHandler(LCL_ParameterChangeHandler handler, void *anything) +{ + ChangeListEntry *ptr, *new_entry; + + /* Check that the handler is not already registered */ + for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) { + if (!(ptr->handler != handler || ptr->anything != anything)) { + assert(0); + } + } + + new_entry = MallocNew(ChangeListEntry); + + new_entry->handler = handler; + new_entry->anything = anything; + + /* Chain it into the list */ + new_entry->next = &change_list; + new_entry->prev = change_list.prev; + change_list.prev->next = new_entry; + change_list.prev = new_entry; +} + +/* ================================================== */ + +/* Remove a handler */ +void LCL_RemoveParameterChangeHandler(LCL_ParameterChangeHandler handler, void *anything) +{ + + ChangeListEntry *ptr; + int ok; + + ptr = NULL; + ok = 0; + + for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) { + if (ptr->handler == handler && ptr->anything == anything) { + ok = 1; + break; + } + } + + assert(ok); + + /* Unlink entry from the list */ + ptr->next->prev = ptr->prev; + ptr->prev->next = ptr->next; + + free(ptr); +} + +/* ================================================== */ + +static void +invoke_parameter_change_handlers(struct timeval *raw, struct timeval *cooked, + double dfreq, double doffset, + LCL_ChangeType change_type) +{ + ChangeListEntry *ptr; + + for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) { + (ptr->handler)(raw, cooked, dfreq, doffset, change_type, ptr->anything); + } +} + +/* ================================================== */ + +void +LCL_AddDispersionNotifyHandler(LCL_DispersionNotifyHandler handler, void *anything) +{ + DispersionNotifyListEntry *ptr, *new_entry; + + /* Check that the handler is not already registered */ + for (ptr = dispersion_notify_list.next; ptr != &dispersion_notify_list; ptr = ptr->next) { + if (!(ptr->handler != handler || ptr->anything != anything)) { + assert(0); + } + } + + new_entry = MallocNew(DispersionNotifyListEntry); + + new_entry->handler = handler; + new_entry->anything = anything; + + /* Chain it into the list */ + new_entry->next = &dispersion_notify_list; + new_entry->prev = dispersion_notify_list.prev; + dispersion_notify_list.prev->next = new_entry; + dispersion_notify_list.prev = new_entry; +} + +/* ================================================== */ + +/* Remove a handler */ +extern +void LCL_RemoveDispersionNotifyHandler(LCL_DispersionNotifyHandler handler, void *anything) +{ + + DispersionNotifyListEntry *ptr; + int ok; + + ptr = NULL; + ok = 0; + + for (ptr = dispersion_notify_list.next; ptr != &dispersion_notify_list; ptr = ptr->next) { + if (ptr->handler == handler && ptr->anything == anything) { + ok = 1; + break; + } + } + + assert(ok); + + /* Unlink entry from the list */ + ptr->next->prev = ptr->prev; + ptr->prev->next = ptr->next; + + free(ptr); +} + +/* ================================================== */ +/* At the moment, this is just gettimeofday(), because + I can't think of a Unix system where it would not be */ + +void +LCL_ReadRawTime(struct timeval *result) +{ + if (gettimeofday(result, NULL) < 0) { + LOG_FATAL(LOGF_Local, "gettimeofday() failed"); + } +} + +/* ================================================== */ + +void +LCL_ReadCookedTime(struct timeval *result, double *err) +{ + struct timeval raw; + + LCL_ReadRawTime(&raw); + LCL_CookTime(&raw, result, err); +} + +/* ================================================== */ + +void +LCL_CookTime(struct timeval *raw, struct timeval *cooked, double *err) +{ + double correction; + + LCL_GetOffsetCorrection(raw, &correction, err); + UTI_AddDoubleToTimeval(raw, correction, cooked); +} + +/* ================================================== */ + +void +LCL_GetOffsetCorrection(struct timeval *raw, double *correction, double *err) +{ + /* Call system specific driver to get correction */ + (*drv_offset_convert)(raw, correction, err); +} + +/* ================================================== */ +/* Return current frequency */ + +double +LCL_ReadAbsoluteFrequency(void) +{ + double freq; + + freq = current_freq_ppm; + + /* Undo temperature compensation */ + if (temp_comp_ppm != 0.0) { + freq = (freq + temp_comp_ppm) / (1.0 - 1.0e-6 * temp_comp_ppm); + } + + return freq; +} + +/* ================================================== */ +/* This involves both setting the absolute frequency with the + system-specific driver, as well as calling all notify handlers */ + +void +LCL_SetAbsoluteFrequency(double afreq_ppm) +{ + struct timeval raw, cooked; + double dfreq; + + /* Apply temperature compensation */ + if (temp_comp_ppm != 0.0) { + afreq_ppm = afreq_ppm * (1.0 - 1.0e-6 * temp_comp_ppm) - temp_comp_ppm; + } + + /* Call the system-specific driver for setting the frequency */ + + afreq_ppm = (*drv_set_freq)(afreq_ppm); + + dfreq = (afreq_ppm - current_freq_ppm) / (1.0e6 - current_freq_ppm); + + LCL_ReadRawTime(&raw); + LCL_CookTime(&raw, &cooked, NULL); + + /* Dispatch to all handlers */ + invoke_parameter_change_handlers(&raw, &cooked, dfreq, 0.0, LCL_ChangeAdjust); + + current_freq_ppm = afreq_ppm; + +} + +/* ================================================== */ + +void +LCL_AccumulateDeltaFrequency(double dfreq) +{ + struct timeval raw, cooked; + double old_freq_ppm; + + old_freq_ppm = current_freq_ppm; + + /* Work out new absolute frequency. Note that absolute frequencies + are handled in units of ppm, whereas the 'dfreq' argument is in + terms of the gradient of the (offset) v (local time) function. */ + + current_freq_ppm += dfreq * (1.0e6 - current_freq_ppm); + + /* Call the system-specific driver for setting the frequency */ + current_freq_ppm = (*drv_set_freq)(current_freq_ppm); + dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 - old_freq_ppm); + + LCL_ReadRawTime(&raw); + LCL_CookTime(&raw, &cooked, NULL); + + /* Dispatch to all handlers */ + invoke_parameter_change_handlers(&raw, &cooked, dfreq, 0.0, LCL_ChangeAdjust); +} + +/* ================================================== */ + +void +LCL_AccumulateOffset(double offset, double corr_rate) +{ + struct timeval raw, cooked; + + /* In this case, the cooked time to be passed to the notify clients + has to be the cooked time BEFORE the change was made */ + + LCL_ReadRawTime(&raw); + LCL_CookTime(&raw, &cooked, NULL); + + (*drv_accrue_offset)(offset, corr_rate); + + /* Dispatch to all handlers */ + invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeAdjust); +} + +/* ================================================== */ + +void +LCL_ApplyStepOffset(double offset) +{ + struct timeval raw, cooked; + + /* In this case, the cooked time to be passed to the notify clients + has to be the cooked time BEFORE the change was made */ + + LCL_ReadRawTime(&raw); + LCL_CookTime(&raw, &cooked, NULL); + + (*drv_apply_step_offset)(offset); + + /* Dispatch to all handlers */ + invoke_parameter_change_handlers(&raw, &cooked, 0.0, offset, LCL_ChangeStep); +} + +/* ================================================== */ + +void +LCL_NotifyExternalTimeStep(struct timeval *raw, struct timeval *cooked, + double offset, double dispersion) +{ + /* Dispatch to all handlers */ + invoke_parameter_change_handlers(raw, cooked, 0.0, offset, LCL_ChangeUnknownStep); + + lcl_InvokeDispersionNotifyHandlers(dispersion); +} + +/* ================================================== */ + +void +LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate) +{ + ChangeListEntry *ptr; + struct timeval raw, cooked; + double old_freq_ppm; + + LCL_ReadRawTime(&raw); + /* Due to modifying the offset, this has to be the cooked time prior + to the change we are about to make */ + LCL_CookTime(&raw, &cooked, NULL); + + old_freq_ppm = current_freq_ppm; + + /* Work out new absolute frequency. Note that absolute frequencies + are handled in units of ppm, whereas the 'dfreq' argument is in + terms of the gradient of the (offset) v (local time) function. */ + current_freq_ppm += dfreq * (1.0e6 - current_freq_ppm); + + DEBUG_LOG(LOGF_Local, "old_freq=%.3fppm new_freq=%.3fppm offset=%.6fsec", + old_freq_ppm, current_freq_ppm, doffset); + + /* Call the system-specific driver for setting the frequency */ + current_freq_ppm = (*drv_set_freq)(current_freq_ppm); + dfreq = (current_freq_ppm - old_freq_ppm) / (1.0e6 - old_freq_ppm); + + (*drv_accrue_offset)(doffset, corr_rate); + + /* Dispatch to all handlers */ + for (ptr = change_list.next; ptr != &change_list; ptr = ptr->next) { + (ptr->handler)(&raw, &cooked, dfreq, doffset, 0, ptr->anything); + } + + +} + +/* ================================================== */ + +void +lcl_InvokeDispersionNotifyHandlers(double dispersion) +{ + DispersionNotifyListEntry *ptr; + + for (ptr = dispersion_notify_list.next; ptr != &dispersion_notify_list; ptr = ptr->next) { + (ptr->handler)(dispersion, ptr->anything); + } + +} + +/* ================================================== */ + +void +lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq, + lcl_SetFrequencyDriver set_freq, + lcl_AccrueOffsetDriver accrue_offset, + lcl_ApplyStepOffsetDriver apply_step_offset, + lcl_OffsetCorrectionDriver offset_convert, + lcl_SetLeapDriver set_leap) +{ + drv_read_freq = read_freq; + drv_set_freq = set_freq; + drv_accrue_offset = accrue_offset; + drv_apply_step_offset = apply_step_offset; + drv_offset_convert = offset_convert; + drv_set_leap = set_leap; + + current_freq_ppm = (*drv_read_freq)(); + + DEBUG_LOG(LOGF_Local, "Local freq=%.3fppm", current_freq_ppm); +} + +/* ================================================== */ +/* Look at the current difference between the system time and the NTP + time, and make a step to cancel it. */ + +int +LCL_MakeStep(void) +{ + struct timeval raw; + double correction; + + LCL_ReadRawTime(&raw); + LCL_GetOffsetCorrection(&raw, &correction, NULL); + + /* Cancel remaining slew and make the step */ + LCL_AccumulateOffset(correction, 0.0); + LCL_ApplyStepOffset(-correction); + + LOG(LOGS_WARN, LOGF_Local, "System clock was stepped by %.6f seconds", correction); + + return 1; +} + +/* ================================================== */ + +void +LCL_SetLeap(int leap) +{ + if (drv_set_leap) { + (drv_set_leap)(leap); + } +} + +/* ================================================== */ + +double +LCL_SetTempComp(double comp) +{ + double uncomp_freq_ppm; + + if (temp_comp_ppm == comp) + return comp; + + /* Undo previous compensation */ + current_freq_ppm = (current_freq_ppm + temp_comp_ppm) / + (1.0 - 1.0e-6 * temp_comp_ppm); + + uncomp_freq_ppm = current_freq_ppm; + + /* Apply new compensation */ + current_freq_ppm = current_freq_ppm * (1.0 - 1.0e-6 * comp) - comp; + + /* Call the system-specific driver for setting the frequency */ + current_freq_ppm = (*drv_set_freq)(current_freq_ppm); + + temp_comp_ppm = (uncomp_freq_ppm - current_freq_ppm) / + (1.0e-6 * uncomp_freq_ppm + 1.0); + + return temp_comp_ppm; +} + +/* ================================================== */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/local.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/local.h --- atmark-dist-20150618/user/chrony/chrony-1.30/local.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/local.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,206 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + This module provides an interface to the system time, and + insulates the rest of the program from the different way + that interface has to be done on various operating systems. + */ + +#ifndef GOT_LOCAL_H +#define GOT_LOCAL_H + +#include "sysincl.h" + +/* Read the system clock. This is analogous to gettimeofday(), + but with the timezone information ignored */ +extern void LCL_ReadRawTime(struct timeval *); + +/* Read the system clock, corrected according to all accumulated + drifts and uncompensated offsets. + + In a kernel implementation with vernier frequency control (like + Linux), and if we were to apply offsets by stepping the clock, this + would be identical to raw time. In any other case (use of + adjtime()-like interface to correct offsets, and to adjust the + frequency), we must correct the raw time to get this value */ + +extern void LCL_ReadCookedTime(struct timeval *t, double *err); + +/* Convert raw time to cooked. */ +extern void LCL_CookTime(struct timeval *raw, struct timeval *cooked, double *err); + +/* Read the current offset between the system clock and true time + (i.e. 'cooked' - 'raw') (in seconds). */ + +extern void LCL_GetOffsetCorrection(struct timeval *raw, double *correction, double *err); + +/* Type of routines that may be invoked as callbacks when there is a + change to the frequency or offset. + + raw : raw local clock time at which change occurred + + cooked : cooked local time at which change occurred + + dfreq : delta frequency relative to previous value (in terms of + seconds gained by system clock per unit system clock time) + + doffset : delta offset applied (positive => make local system fast + by that amount, negative => make it slow by that amount) + + change_type : what type of change is being applied + + anything : Passthrough argument from call to registration routine */ + + +typedef enum { + LCL_ChangeAdjust, + LCL_ChangeStep, + LCL_ChangeUnknownStep +} LCL_ChangeType; + +typedef void (*LCL_ParameterChangeHandler) + (struct timeval *raw, struct timeval *cooked, + double dfreq, + double doffset, + LCL_ChangeType change_type, + void *anything + ); + +/* Add a handler. Then handler MUST NOT deregister itself!!! */ +extern void LCL_AddParameterChangeHandler(LCL_ParameterChangeHandler handler, void *anything); + +/* Remove a handler */ +extern void LCL_RemoveParameterChangeHandler(LCL_ParameterChangeHandler, void *anything); + +/* Function type for handlers to be called back when an indeterminate + offset is introduced into the local time. This situation occurs + when the frequency must be adjusted to effect a clock slew and + there is doubt about one of the endpoints of the interval over + which the frequency change was applied.It is expected that such + handlers will add extra dispersion to any existing samples stored + in their registers. + + dispersion : The bound on how much error has been introduced in the + local clock, in seconds. + + anything : passthrough from the registration routine + + */ + +typedef void (*LCL_DispersionNotifyHandler)(double dispersion, void *anything); + +/* Register a handler for being notified of dispersion being added to + the local clock. The handler MUST NOT unregister itself!!! */ + +extern void LCL_AddDispersionNotifyHandler(LCL_DispersionNotifyHandler handler, void *anything); + +/* Delete a handler */ + +extern void LCL_RemoveDispersionNotifyHandler(LCL_DispersionNotifyHandler handler, void *anything); + + +/* Read the absolute system frequency, relative to the uncompensated + system. Returned in units of parts per million. Thus the result of + this is how many seconds fast the uncompensated system would be after + its own time has reached 1 million seconds from the start of the + measurement. */ +extern double LCL_ReadAbsoluteFrequency(void); + +/* Routine to set the absolute frequency. Only expected to be used + when either (i) reading the drift from a file at the start of a + run, or (ii) responsing to a user parameter 'poke'. This is + defined in ppm, as for the absolute frequency reading routine. */ + +extern void LCL_SetAbsoluteFrequency(double afreq); + +/* Routine to apply a change of frequency to the local clock. The + argument is the estimated gain (positive) or loss (negative) of the + local clock relative to true time, per unit time of the PREVIOUS + frequency setting of the local clock. This is assumed to be based + on a regression of y=offset v x=cooked local time. */ + +extern void LCL_AccumulateDeltaFrequency(double dfreq); + +/* Routine to apply an offset (in seconds) to the local clock. The + argument should be positive to move the clock backwards (i.e. the + local clock is currently fast of true time), or negative to move it + forwards (i.e. it is currently slow of true time). Provided is also + a suggested correction rate (correction time * offset). */ + +extern void LCL_AccumulateOffset(double offset, double corr_rate); + +/* Routine to apply an immediate offset by doing a sudden step if + possible. (Intended for use after an initial estimate of offset has + been obtained, so that we don't end up using adjtime to achieve a + slew of an hour or something like that). A positive argument means + the system clock is fast on true time, i.e. it needs to be stepped + backwards. (Same convention as for AccumulateOffset routine). */ + +extern void LCL_ApplyStepOffset(double offset); + +/* Routine to invoke notify handlers on an unexpected time jump + in system clock */ +extern void LCL_NotifyExternalTimeStep(struct timeval *raw, struct timeval *cooked, + double offset, double dispersion); + +/* Perform the combination of modifying the frequency and applying + a slew, in one easy step */ +extern void LCL_AccumulateFrequencyAndOffset(double dfreq, double doffset, double corr_rate); + +/* Routine to read the system precision as a log to base 2 value. */ +extern int LCL_GetSysPrecisionAsLog(void); + +/* Routine to read the system precision in terms of the actual time step */ +extern double LCL_GetSysPrecisionAsQuantum(void); + +/* Routine to read the maximum frequency error of the local clock. This + is a frequency stability, not an absolute error. */ +extern double LCL_GetMaxClockError(void); + +/* Routine to initialise the module (to be called once at program + start-up) */ + +extern void LCL_Initialise(void); + +/* Routine to finalise the module (to be called once at end of + run). */ +extern void LCL_Finalise(void); + +/* Routine to convert the outstanding system clock error to a step and + apply it, e.g. if the system clock has ended up an hour wrong due + to a timezone problem. */ +extern int LCL_MakeStep(void); + +/* Routine to schedule a leap second. Leap second will be inserted + at the end of the day if argument is positive, deleted if negative, + and zero cancels scheduled leap second. */ +extern void LCL_SetLeap(int leap); + +/* Routine to set a frequency correction (in ppm) that should be applied + to local clock to compensate for temperature changes. A positive + argument means that the clock frequency should be increased. Return the + actual compensation (may be different from the requested compensation + due to clamping or rounding). */ +extern double LCL_SetTempComp(double comp); + +#endif /* GOT_LOCAL_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/localp.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/localp.h --- atmark-dist-20150618/user/chrony/chrony-1.30/localp.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/localp.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,70 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Private include file for local.c and all system dependent + driver modules. + */ + + +#ifndef GOT_LOCALP_H +#define GOT_LOCALP_H + +/* System driver to read the current local frequency, in ppm relative + to nominal. A positive value indicates that the local clock runs + fast when uncompensated. */ +typedef double (*lcl_ReadFrequencyDriver)(void); + +/* System driver to set the current local frequency, in ppm relative + to nominal. A positive value indicates that the local clock runs + fast when uncompensated. Return actual frequency (may be different + from the requested frequency due to clamping or rounding). */ +typedef double (*lcl_SetFrequencyDriver)(double freq_ppm); + +/* System driver to accrue an offset. A positive argument means slew + the clock forwards. The suggested correction rate of time to correct the + offset is given in 'corr_rate'. */ +typedef void (*lcl_AccrueOffsetDriver)(double offset, double corr_rate); + +/* System driver to apply a step offset. A positive argument means step + the clock forwards. */ +typedef void (*lcl_ApplyStepOffsetDriver)(double offset); + +/* System driver to convert a raw time to an adjusted (cooked) time. + The number of seconds returned in 'corr' have to be added to the + raw time to get the corrected time */ +typedef void (*lcl_OffsetCorrectionDriver)(struct timeval *raw, double *corr, double *err); + +/* System driver to schedule leap second */ +typedef void (*lcl_SetLeapDriver)(int leap); + +extern void lcl_InvokeDispersionNotifyHandlers(double dispersion); + +extern void +lcl_RegisterSystemDrivers(lcl_ReadFrequencyDriver read_freq, + lcl_SetFrequencyDriver set_freq, + lcl_AccrueOffsetDriver accrue_offset, + lcl_ApplyStepOffsetDriver apply_step_offset, + lcl_OffsetCorrectionDriver offset_convert, + lcl_SetLeapDriver set_leap); + +#endif /* GOT_LOCALP_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/logging.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/logging.c --- atmark-dist-20150618/user/chrony/chrony-1.30/logging.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/logging.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,335 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Miroslav Lichvar 2011-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Module to handle logging of diagnostic information + */ + +#include "config.h" + +#include "sysincl.h" + +#include "conf.h" +#include "logging.h" +#include "mkdirpp.h" +#include "util.h" + +/* This is used by DEBUG_LOG macro */ +int log_debug_enabled = 0; + +/* ================================================== */ +/* Flag indicating we have initialised */ +static int initialised = 0; + +static int system_log = 0; + +static int parent_fd = 0; + +#define DEBUG_LEVEL_PRINT_FUNCTION 2 +#define DEBUG_LEVEL_PRINT_DEBUG 2 +static int debug_level = 0; + +#ifdef WINNT +static FILE *logfile; +#endif + +struct LogFile { + const char *name; + const char *banner; + FILE *file; + unsigned long writes; +}; + +static int n_filelogs = 0; + +/* Increase this when adding a new logfile */ +#define MAX_FILELOGS 6 + +static struct LogFile logfiles[MAX_FILELOGS]; + +/* ================================================== */ +/* Init function */ + +void +LOG_Initialise(void) +{ + initialised = 1; + +#ifdef WINNT + logfile = fopen("./chronyd.err", "a"); +#endif +} + +/* ================================================== */ +/* Fini function */ + +void +LOG_Finalise(void) +{ +#ifdef WINNT + if (logfile) { + fclose(logfile); + } +#else + if (system_log) { + closelog(); + } +#endif + + LOG_CycleLogFiles(); + + initialised = 0; +} + +/* ================================================== */ + +static void log_message(int fatal, LOG_Severity severity, const char *message) +{ +#ifdef WINNT + if (logfile) { + fprintf(logfile, fatal ? "Fatal error : %s\n" : "%s\n", message); + } +#else + if (system_log) { + int priority; + switch (severity) { + case LOGS_DEBUG: + priority = LOG_DEBUG; + break; + case LOGS_INFO: + priority = LOG_INFO; + break; + case LOGS_WARN: + priority = LOG_WARNING; + break; + case LOGS_ERR: + priority = LOG_ERR; + break; + case LOGS_FATAL: + priority = LOG_CRIT; + break; + default: + assert(0); + } + syslog(priority, fatal ? "Fatal error : %s" : "%s", message); + } else { + fprintf(stderr, fatal ? "Fatal error : %s\n" : "%s\n", message); + } +#endif +} + +/* ================================================== */ + +void LOG_Message(LOG_Severity severity, LOG_Facility facility, + int line_number, const char *filename, + const char *function_name, const char *format, ...) +{ + char buf[2048]; + va_list other_args; + time_t t; + struct tm stm; + +#ifdef WINNT +#else + if (!system_log) { + /* Don't clutter up syslog with timestamps and internal debugging info */ + time(&t); + stm = *gmtime(&t); + strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%SZ", &stm); + fprintf(stderr, "%s ", buf); + if (debug_level >= DEBUG_LEVEL_PRINT_FUNCTION) + fprintf(stderr, "%s:%d:(%s) ", filename, line_number, function_name); + } +#endif + + va_start(other_args, format); + vsnprintf(buf, sizeof(buf), format, other_args); + va_end(other_args); + + switch (severity) { + case LOGS_DEBUG: + case LOGS_INFO: + case LOGS_WARN: + case LOGS_ERR: + log_message(0, severity, buf); + break; + case LOGS_FATAL: + log_message(1, severity, buf); + + /* With syslog, send the message also to the grandparent + process or write it to stderr if not detached */ + if (system_log) { + if (parent_fd > 0) { + if (write(parent_fd, buf, strlen(buf) + 1) < 0) + ; /* Not much we can do here */ + } else if (parent_fd == 0) { + system_log = 0; + log_message(1, severity, buf); + } + } + + exit(1); + + break; + default: + assert(0); + } +} + +/* ================================================== */ + +void +LOG_OpenSystemLog(void) +{ +#ifdef WINNT +#else + system_log = 1; + openlog("chronyd", LOG_PID, LOG_DAEMON); +#endif +} + +/* ================================================== */ + +void LOG_SetDebugLevel(int level) +{ + debug_level = level; + if (level >= DEBUG_LEVEL_PRINT_DEBUG) { + if (!DEBUG) + LOG(LOGS_WARN, LOGF_Logging, "Not compiled with full debugging support"); + log_debug_enabled = 1; + } +} + +/* ================================================== */ + +void +LOG_SetParentFd(int fd) +{ + parent_fd = fd; +} + +/* ================================================== */ + +void +LOG_CloseParentFd() +{ + if (parent_fd > 0) + close(parent_fd); + parent_fd = -1; +} + +/* ================================================== */ + +LOG_FileID +LOG_FileOpen(const char *name, const char *banner) +{ + assert(n_filelogs < MAX_FILELOGS); + + logfiles[n_filelogs].name = name; + logfiles[n_filelogs].banner = banner; + logfiles[n_filelogs].file = NULL; + logfiles[n_filelogs].writes = 0; + + return n_filelogs++; +} + +/* ================================================== */ + +void +LOG_FileWrite(LOG_FileID id, const char *format, ...) +{ + va_list other_args; + int banner; + + if (id < 0 || id >= n_filelogs || !logfiles[id].name) + return; + + if (!logfiles[id].file) { + char filename[512]; + + if (snprintf(filename, sizeof(filename), "%s/%s.log", + CNF_GetLogDir(), logfiles[id].name) >= sizeof(filename) || + !(logfiles[id].file = fopen(filename, "a"))) { + LOG(LOGS_WARN, LOGF_Refclock, "Couldn't open logfile %s for update", filename); + logfiles[id].name = NULL; + return; + } + + /* Close on exec */ + UTI_FdSetCloexec(fileno(logfiles[id].file)); + } + + banner = CNF_GetLogBanner(); + if (banner && logfiles[id].writes++ % banner == 0) { + char bannerline[256]; + int i, bannerlen; + + bannerlen = strlen(logfiles[id].banner); + + for (i = 0; i < bannerlen; i++) + bannerline[i] = '='; + bannerline[i] = '\0'; + + fprintf(logfiles[id].file, "%s\n", bannerline); + fprintf(logfiles[id].file, "%s\n", logfiles[id].banner); + fprintf(logfiles[id].file, "%s\n", bannerline); + } + + va_start(other_args, format); + vfprintf(logfiles[id].file, format, other_args); + va_end(other_args); + fprintf(logfiles[id].file, "\n"); + + fflush(logfiles[id].file); +} + +/* ================================================== */ + +void +LOG_CreateLogFileDir(void) +{ + const char *logdir; + + logdir = CNF_GetLogDir(); + + if (!mkdir_and_parents(logdir)) { + LOG(LOGS_ERR, LOGF_Logging, "Could not create directory %s", logdir); + } +} + +/* ================================================== */ + +void +LOG_CycleLogFiles(void) +{ + LOG_FileID i; + + for (i = 0; i < n_filelogs; i++) { + if (logfiles[i].file) + fclose(logfiles[i].file); + logfiles[i].file = NULL; + logfiles[i].writes = 0; + } +} + +/* ================================================== */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/logging.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/logging.h --- atmark-dist-20150618/user/chrony/chrony-1.30/logging.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/logging.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,139 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * Copyright (C) Miroslav Lichvar 2013-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for diagnostic logging module + + */ + +#ifndef GOT_LOGGING_H +#define GOT_LOGGING_H + +/* Flag indicating whether debug messages are logged */ +extern int log_debug_enabled; + +/* Line logging macros. If the compiler is GNU C, we take advantage of + being able to get the function name also. */ + +#ifdef __GNUC__ +#define FUNCTION_NAME __FUNCTION__ +#define FORMAT_ATTRIBUTE_PRINTF(str, first) __attribute__ ((format (printf, str, first))) +#else +#define FUNCTION_NAME "" +#define FORMAT_ATTRIBUTE_PRINTF(str, first) +#endif + +#define DEBUG_LOG(facility, ...) \ + do { \ + if (DEBUG && log_debug_enabled) \ + LOG_Message(LOGS_DEBUG, facility, __LINE__, __FILE__, FUNCTION_NAME, __VA_ARGS__); \ + } while (0) +#define LOG(severity, facility, ...) LOG_Message(severity, facility, __LINE__, __FILE__, FUNCTION_NAME, __VA_ARGS__) +#define LOG_FATAL(facility, ...) LOG_Message(LOGS_FATAL, facility, __LINE__, __FILE__, FUNCTION_NAME, __VA_ARGS__) + +/* Definition of severity */ +typedef enum { + LOGS_INFO, + LOGS_WARN, + LOGS_ERR, + LOGS_FATAL, + LOGS_DEBUG +} LOG_Severity; + +/* Definition of facility. Each message is tagged with who generated + it, so that the user can customise what level of reporting he gets + for each area of the software */ +typedef enum { + LOGF_Reference, + LOGF_NtpIO, + LOGF_NtpCore, + LOGF_NtpSources, + LOGF_Scheduler, + LOGF_SourceStats, + LOGF_Sources, + LOGF_Local, + LOGF_Util, + LOGF_Main, + LOGF_ClientLog, + LOGF_Configure, + LOGF_CmdMon, + LOGF_Acquire, + LOGF_Manual, + LOGF_Keys, + LOGF_Logging, + LOGF_Nameserv, + LOGF_Rtc, + LOGF_Regress, + LOGF_Sys, + LOGF_SysGeneric, + LOGF_SysLinux, + LOGF_SysNetBSD, + LOGF_SysSolaris, + LOGF_SysSunOS, + LOGF_SysWinnt, + LOGF_TempComp, + LOGF_RtcLinux, + LOGF_Refclock +} LOG_Facility; + +/* Init function */ +extern void LOG_Initialise(void); + +/* Fini function */ +extern void LOG_Finalise(void); + +/* Line logging function */ +FORMAT_ATTRIBUTE_PRINTF(6, 7) +extern void LOG_Message(LOG_Severity severity, LOG_Facility facility, + int line_number, const char *filename, + const char *function_name, const char *format, ...); + +/* Set debug level: + 0, 1 - only non-debug messages are logged + 2 - debug messages are logged too, all messages are prefixed with + filename, line, and function name + */ +extern void LOG_SetDebugLevel(int level); + +/* Log messages to syslog instead of stderr */ +extern void LOG_OpenSystemLog(void); + +/* Send fatal message also to the foreground process */ +extern void LOG_SetParentFd(int fd); + +/* Close the pipe to the foreground process so it can exit */ +extern void LOG_CloseParentFd(void); + +/* File logging functions */ + +typedef int LOG_FileID; + +extern LOG_FileID LOG_FileOpen(const char *name, const char *banner); + +FORMAT_ATTRIBUTE_PRINTF(2, 3) +extern void LOG_FileWrite(LOG_FileID id, const char *format, ...); + +extern void LOG_CreateLogFileDir(void); +extern void LOG_CycleLogFiles(void); + +#endif /* GOT_LOGGING_H */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/main.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/main.c --- atmark-dist-20150618/user/chrony/chrony-1.30/main.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/main.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,535 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) John G. Hasler 2009 + * Copyright (C) Miroslav Lichvar 2012-2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + The main program + */ + +#include "config.h" + +#include "sysincl.h" + +#include "main.h" +#include "sched.h" +#include "local.h" +#include "sys.h" +#include "ntp_io.h" +#include "ntp_sources.h" +#include "ntp_core.h" +#include "sources.h" +#include "sourcestats.h" +#include "reference.h" +#include "logging.h" +#include "conf.h" +#include "cmdmon.h" +#include "keys.h" +#include "manual.h" +#include "rtc.h" +#include "refclock.h" +#include "clientlog.h" +#include "broadcast.h" +#include "nameserv.h" +#include "tempcomp.h" + +/* ================================================== */ + +/* Set when the initialisation chain has been completed. Prevents finalisation + * chain being run if a fatal error happened early. */ + +static int initialised = 0; + +static int exit_status = 0; + +static int reload = 0; + +static REF_Mode ref_mode = REF_ModeNormal; + +/* ================================================== */ + +static void +delete_pidfile(void) +{ + const char *pidfile = CNF_GetPidFile(); + /* Don't care if this fails, there's not a lot we can do */ + unlink(pidfile); +} + +/* ================================================== */ + +void +MAI_CleanupAndExit(void) +{ + if (!initialised) exit(exit_status); + + if (CNF_GetDumpOnExit()) { + SRC_DumpSources(); + } + + TMC_Finalise(); + MNL_Finalise(); + CLG_Finalise(); + NSR_Finalise(); + NCR_Finalise(); + BRD_Finalise(); + SST_Finalise(); + REF_Finalise(); + KEY_Finalise(); + RCL_Finalise(); + SRC_Finalise(); + RTC_Finalise(); + CAM_Finalise(); + NIO_Finalise(); + SYS_Finalise(); + SCH_Finalise(); + LCL_Finalise(); + + delete_pidfile(); + + LOG_Finalise(); + + exit(exit_status); +} + +/* ================================================== */ + +static void +signal_cleanup(int x) +{ + if (!initialised) exit(0); + SCH_QuitProgram(); +} + +/* ================================================== */ + +static void +ntp_source_resolving_end(void) +{ + NSR_SetSourceResolvingEndHandler(NULL); + + if (reload) { + /* Note, we want reload to come well after the initialisation from + the real time clock - this gives us a fighting chance that the + system-clock scale for the reloaded samples still has a + semblence of validity about it. */ + SRC_ReloadSources(); + } + + RTC_StartMeasurements(); + RCL_StartRefclocks(); + NSR_StartSources(); + NSR_AutoStartSources(); + + /* Special modes can end only when sources update their reachability. + Give up immediatelly if there are no active sources. */ + if (ref_mode != REF_ModeNormal && !SRC_ActiveSources()) { + REF_SetUnsynchronised(); + } +} + +/* ================================================== */ + +static void +post_init_ntp_hook(void *anything) +{ + if (ref_mode == REF_ModeInitStepSlew) { + /* Remove the initstepslew sources and set normal mode */ + NSR_RemoveAllSources(); + ref_mode = REF_ModeNormal; + REF_SetMode(ref_mode); + } + + /* Close the pipe to the foreground process so it can exit */ + LOG_CloseParentFd(); + + CNF_AddSources(); + CNF_AddBroadcasts(); + + NSR_SetSourceResolvingEndHandler(ntp_source_resolving_end); + NSR_ResolveSources(); +} + +/* ================================================== */ + +static void +reference_mode_end(int result) +{ + switch (ref_mode) { + case REF_ModeNormal: + case REF_ModeUpdateOnce: + case REF_ModePrintOnce: + exit_status = !result; + SCH_QuitProgram(); + break; + case REF_ModeInitStepSlew: + /* Switch to the normal mode, the delay is used to prevent polling + interval shorter than the burst interval if some configured servers + were used also for initstepslew */ + SCH_AddTimeoutByDelay(2.0, post_init_ntp_hook, NULL); + break; + default: + assert(0); + } +} + +/* ================================================== */ + +static void +post_init_rtc_hook(void *anything) +{ + if (CNF_GetInitSources() > 0) { + CNF_AddInitSources(); + NSR_StartSources(); + assert(REF_GetMode() != REF_ModeNormal); + /* Wait for mode end notification */ + } else { + (post_init_ntp_hook)(NULL); + } +} + +/* ================================================== */ +/* Return 1 if the process exists on the system. */ + +static int +does_process_exist(int pid) +{ + int status; + status = getsid(pid); + if (status >= 0) { + return 1; + } else { + return 0; + } +} + +/* ================================================== */ + +static int +maybe_another_chronyd_running(int *other_pid) +{ + const char *pidfile = CNF_GetPidFile(); + FILE *in; + int pid, count; + + *other_pid = 0; + + in = fopen(pidfile, "r"); + if (!in) return 0; + + count = fscanf(in, "%d", &pid); + fclose(in); + + if (count != 1) return 0; + + *other_pid = pid; + return does_process_exist(pid); + +} + +/* ================================================== */ + +static void +write_lockfile(void) +{ + const char *pidfile = CNF_GetPidFile(); + FILE *out; + + out = fopen(pidfile, "w"); + if (!out) { + LOG_FATAL(LOGF_Main, "could not open lockfile %s for writing", pidfile); + } else { + fprintf(out, "%d\n", getpid()); + fclose(out); + } +} + +/* ================================================== */ + +static void +go_daemon(void) +{ +#ifdef WINNT + + +#else + + int pid, fd, pipefd[2]; + + /* Create pipe which will the daemon use to notify the grandparent + when it's initialised or send an error message */ + if (pipe(pipefd)) { + LOG_FATAL(LOGF_Logging, "Could not detach, pipe failed : %s", strerror(errno)); + } + + /* Does this preserve existing signal handlers? */ + pid = fork(); + + if (pid < 0) { + LOG_FATAL(LOGF_Logging, "Could not detach, fork failed : %s", strerror(errno)); + } else if (pid > 0) { + /* In the 'grandparent' */ + char message[1024]; + int r; + + close(pipefd[1]); + r = read(pipefd[0], message, sizeof (message)); + if (r) { + if (r > 0) { + /* Print the error message from the child */ + fprintf(stderr, "%.1024s\n", message); + } + exit(1); + } else + exit(0); + } else { + close(pipefd[0]); + + setsid(); + + /* Do 2nd fork, as-per recommended practice for launching daemons. */ + pid = fork(); + + if (pid < 0) { + LOG_FATAL(LOGF_Logging, "Could not detach, fork failed : %s", strerror(errno)); + } else if (pid > 0) { + exit(0); /* In the 'parent' */ + } else { + /* In the child we want to leave running as the daemon */ + + /* Change current directory to / */ + if (chdir("/") < 0) { + LOG_FATAL(LOGF_Logging, "Could not chdir to / : %s", strerror(errno)); + } + + /* Don't keep stdin/out/err from before. But don't close + the parent pipe yet. */ + for (fd=0; fd<1024; fd++) { + if (fd != pipefd[1]) + close(fd); + } + + LOG_SetParentFd(pipefd[1]); + } + } + +#endif +} + +/* ================================================== */ + +int main +(int argc, char **argv) +{ + const char *conf_file = DEFAULT_CONF_FILE; + char *user = NULL; + int debug = 0, nofork = 0, address_family = IPADDR_UNSPEC; + int do_init_rtc = 0, restarted = 0; + int other_pid; + int lock_memory = 0, sched_priority = 0; + int system_log = 1; + int config_args = 0; + + LOG_Initialise(); + + /* Parse command line options */ + while (++argv, (--argc)>0) { + + if (!strcmp("-f", *argv)) { + ++argv, --argc; + conf_file = *argv; + } else if (!strcmp("-P", *argv)) { + ++argv, --argc; + if (argc == 0 || sscanf(*argv, "%d", &sched_priority) != 1) { + LOG_FATAL(LOGF_Main, "Bad scheduler priority"); + } + } else if (!strcmp("-m", *argv)) { + lock_memory = 1; + } else if (!strcmp("-r", *argv)) { + reload = 1; + } else if (!strcmp("-R", *argv)) { + restarted = 1; + } else if (!strcmp("-u", *argv)) { + ++argv, --argc; + if (argc == 0) { + LOG_FATAL(LOGF_Main, "Missing user name"); + } else { + user = *argv; + } + } else if (!strcmp("-s", *argv)) { + do_init_rtc = 1; + } else if (!strcmp("-v", *argv) || !strcmp("--version",*argv)) { + /* This write to the terminal is OK, it comes before we turn into a daemon */ + printf("chronyd (chrony) version %s\n", CHRONY_VERSION); + exit(0); + } else if (!strcmp("-n", *argv)) { + nofork = 1; + } else if (!strcmp("-d", *argv)) { + debug++; + nofork = 1; + system_log = 0; + } else if (!strcmp("-q", *argv)) { + ref_mode = REF_ModeUpdateOnce; + nofork = 1; + system_log = 0; + } else if (!strcmp("-Q", *argv)) { + ref_mode = REF_ModePrintOnce; + nofork = 1; + system_log = 0; + } else if (!strcmp("-4", *argv)) { + address_family = IPADDR_INET4; + } else if (!strcmp("-6", *argv)) { + address_family = IPADDR_INET6; + } else if (*argv[0] == '-') { + LOG_FATAL(LOGF_Main, "Unrecognized command line option [%s]", *argv); + } else { + /* Process remaining arguments and configuration lines */ + config_args = argc; + break; + } + } + + if (getuid() != 0) { + /* This write to the terminal is OK, it comes before we turn into a daemon */ + fprintf(stderr,"Not superuser\n"); + exit(1); + } + + /* Turn into a daemon */ + if (!nofork) { + go_daemon(); + } + + if (system_log) { + LOG_OpenSystemLog(); + } + + LOG_SetDebugLevel(debug); + + LOG(LOGS_INFO, LOGF_Main, "chronyd version %s starting", CHRONY_VERSION); + + DNS_SetAddressFamily(address_family); + + CNF_SetRestarted(restarted); + + /* Parse the config file or the remaining command line arguments */ + if (!config_args) { + CNF_ReadFile(conf_file); + } else { + do { + CNF_ParseLine(NULL, config_args - argc + 1, *argv); + } while (++argv, --argc); + } + + /* Check whether another chronyd may already be running. Do this after + * forking, so that message logging goes to the right place (i.e. syslog), in + * case this chronyd is being run from a boot script. */ + if (maybe_another_chronyd_running(&other_pid)) { + LOG_FATAL(LOGF_Main, "Another chronyd may already be running (pid=%d), check lockfile (%s)", + other_pid, CNF_GetPidFile()); + } + + /* Write our lockfile to prevent other chronyds running. This has *GOT* to + * be done *AFTER* the daemon-creation fork() */ + write_lockfile(); + + if (do_init_rtc) { + RTC_TimePreInit(); + } + + LCL_Initialise(); + SCH_Initialise(); + SYS_Initialise(); + NIO_Initialise(address_family); + CAM_Initialise(address_family); + RTC_Initialise(); + SRC_Initialise(); + RCL_Initialise(); + KEY_Initialise(); + + /* Command-line switch must have priority */ + if (!sched_priority) { + sched_priority = CNF_GetSchedPriority(); + } + if (sched_priority) { + SYS_SetScheduler(sched_priority); + } + + if (lock_memory || CNF_GetLockMemory()) { + SYS_LockMemory(); + } + + if (!user) { + user = CNF_GetUser(); + } + if (user && strcmp(user, "root")) { + SYS_DropRoot(user); + } + + LOG_CreateLogFileDir(); + + REF_Initialise(); + SST_Initialise(); + BRD_Initialise(); + NCR_Initialise(); + NSR_Initialise(); + CLG_Initialise(); + MNL_Initialise(); + TMC_Initialise(); + + /* From now on, it is safe to do finalisation on exit */ + initialised = 1; + + CNF_SetupAccessRestrictions(); + + if (ref_mode == REF_ModeNormal && CNF_GetInitSources() > 0) { + ref_mode = REF_ModeInitStepSlew; + } + + REF_SetModeEndHandler(reference_mode_end); + REF_SetMode(ref_mode); + + if (do_init_rtc) { + RTC_TimeInit(post_init_rtc_hook, NULL); + } else { + post_init_rtc_hook(NULL); + } + + signal(SIGINT, signal_cleanup); + signal(SIGTERM, signal_cleanup); +#if !defined(WINNT) + signal(SIGQUIT, signal_cleanup); + signal(SIGHUP, signal_cleanup); +#endif /* WINNT */ + + /* The program normally runs under control of the main loop in + the scheduler. */ + SCH_MainLoop(); + + LOG(LOGS_INFO, LOGF_Main, "chronyd exiting"); + + MAI_CleanupAndExit(); + + return 0; +} + +/* ================================================== */ diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/main.h atmark-dist-20150618_chrony/user/chrony/chrony-1.30/main.h --- atmark-dist-20150618/user/chrony/chrony-1.30/main.h 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/main.h 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,35 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for main routine + */ + +#ifndef GOT_MAIN_H +#define GOT_MAIN_H + +/* Function to clean up at end of run */ +extern void MAI_CleanupAndExit(void); + +#endif /* GOT_MAIN_H */ + + diff -urN atmark-dist-20150618/user/chrony/chrony-1.30/manual.c atmark-dist-20150618_chrony/user/chrony/chrony-1.30/manual.c --- atmark-dist-20150618/user/chrony/chrony-1.30/manual.c 1970-01-01 09:00:00.000000000 +0900 +++ atmark-dist-20150618_chrony/user/chrony/chrony-1.30/manual.c 2015-07-07 20:54:16.062014295 +0900 @@ -0,0 +1,317 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Routines for implementing manual input of real time. + + The daemon accepts manual time input over the control connection, + and adjusts the system time to match. Besides this, though, it can + determine the average rate of time loss or gain of the local system + and adjust the frequency accordingly. + + */ + +#include "config.h" + +#include "sysincl.h" + +#include "manual.h" +#include "logging.h" +#include "local.h" +#include "conf.h" +#include "util.h" +#include "ntp.h" +#include "reference.h" +#include "regress.h" + +static int enabled = 0; + +/* More recent samples at highest indices */ +typedef struct { + struct timeval when; /* This is our 'cooked' time */ + double orig_offset; /*+ Not modified by slew samples */ + double offset; /*+ if we are fast of the supplied reference */ + double residual; /*+ regression residual (sign convention given by + (measured-predicted)) */ +} Sample; + +#define MAX_SAMPLES 16 + +static Sample samples[16]; +static int n_samples; + +/* ================================================== */ + +static void +slew_samples(struct timeval *raw, + struct timeval *cooked, + double dfreq, + double doffset, + LCL_ChangeType change_type, + void *not_used); + +/* ================================================== */ + +void +MNL_Initialise(void) +{ + if (CNF_GetManualEnabled()) { + enabled = 1; + } else { + enabled = 0; + } + + n_samples = 0; + + LCL_AddParameterChangeHandler(slew_samples, NULL); +} + +/* ================================================== */ + +void +MNL_Finalise(void) +{ +} + +/* ================================================== */ + +static void +estimate_and_set_system(struct timeval *now, int offset_provided, double offset, long *offset_cs, double *dfreq_ppm, double *new_afreq_ppm) +{ + double agos[MAX_SAMPLES], offsets[MAX_SAMPLES]; + double b0, b1; + int n_runs, best_start; /* Unused results from regression analyser */ + int i; + double freq = 0.0; + double skew = 0.099999999; /* All 9's when printed to log file */ + int found_freq; + double slew_by; + + if (n_samples > 1) { + for (i=0; i