Where is your checklist for a release?
I've added PIVOT.h at the top level. It's only content is a #define for
RELEASE_DATE.
That's the magic constant that's needed for sanity checking and pivoting on
date conversions because using the build date would break repeatable builds.
It should be
hmur...@megapathdsl.net said:
> I'm working on a hack fix.
Fix pushed. CI is happy.
The bug is missing code in a header file. I just put that code inside
ntp_sandbox. Seems obvious in hindsight. The hard part was figuring out when
to do it.
Then I had to debug seccomp on Alpine. I'd be
> Wouldn't it be simpler to ude a base image in the CI that isn't buggy?
Maybe. I don't know that area. If that is the only place we test seccomp,
then yes, we should switch to Fedora or Debian. If that is testing if we can
build on Alpine, then it has found a bug but the bug is in Alpine ra
Hal Murray via devel :
>
> Fedora fixed their problem. seccomp now builds and works on both Fedora and
> Arch.
>
> But now it won't build on Alpine. It looks like the same problem that Fedora
> had. The problem is a bug in a header file. Copying the ppoll bits from a
> Fedora header file f
Fedora fixed their problem. seccomp now builds and works on both Fedora and
Arch.
But now it won't build on Alpine. It looks like the same problem that Fedora
had. The problem is a bug in a header file. Copying the ppoll bits from a
Fedora header file fixes the problem.
The CI checker ha
The old code had several cases where there were 2 counters for things like
received NTS packets, total and bad. I changed that to good and bad.
A mix of old/new ntpq/ntpd won't show the total or good.
--
There is a lot of crap out there on the big bad internet.
NTS KE serves good:
Yo Hal!
On Sun, 24 Mar 2019 21:38:53 -0700
Hal Murray wrote:
> > My slower RasPi have random startup crashes. Goes away when I do
> > not make them NTS clients. Feels like another mysyslog() thing?
>
> I'd expect garbage in the log files rather than crashes.
Then we have a mystery...
> Th
> My slower RasPi have random startup crashes. Goes away when I do not make
> them NTS clients. Feels like another mysyslog() thing?
I'd expect garbage in the log files rather than crashes.
There is a known bug: nts doesn't work with IP Addresses. Gets a segfault.
That case might make sen
Yo Hal!
I updated more of my servers to NTS. A few notes:
The waf install, or runtime, or both, need to make /var/lib/ntp if
missing. Not quite sure...
My slower RasPi have random startup crashes. Goes away when I
do not make them NTS clients. Feels like another mysyslog() thing?
When I set
>
> On 23 Mar 2019, at 16:05, Gary E. Miller wrote:
>
> Yo Hal!
>
> My servers are updated.
>
That’s my server updated
Mike
> On Sat, 23 Mar 2019 08:33:37 -0700
> Hal Murray wrote:
>
>> The server response wasn't setting up the right length for the
>> encrypted part. The client receive s
Yo Hal!
My servers are updated.
On Sat, 23 Mar 2019 08:33:37 -0700
Hal Murray wrote:
> The server response wasn't setting up the right length for the
> encrypted part. The client receive side didn't use that field but
> computed the length another way so it didn't discover the bug.
>
RGDS
Done. Thanks.
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Sat, Mar 23, 2019 at 11:40 PM Hal Murray wrote:
>
> The server response wasn't setting up the right length for the encrypted
> part.
> The client receive side didn't use that field but computed the length
> a
The server response wasn't setting up the right length for the encrypted part.
The client receive side didn't use that field but computed the length another
way so it didn't discover the bug.
--
These are my opinions. I hate spam.
___
devel mai
Yo Matthew!
On Sat, 23 Mar 2019 02:25:02 +
Matthew Selsky wrote:
> In ntpd/wscript, try replacing this:
>
> use="libntpd_obj ntp M parse RT CAP SECCOMP PTHREAD NTPD "
> "SSL CRYPTO DNS_SD %s SOCKET NSL SCF" % use_refclock,
>
> With:
>
> use="M SSL CRYPTO DNS_SD
On Fri, Mar 22, 2019 at 06:32:10PM -0700, Gary E. Miller via devel wrote:
> I think this is what you want:
Perfect.
> I tried to modify the wscript to do that, but failed...
In ntpd/wscript, try replacing this:
use="libntpd_obj ntp M parse RT CAP SECCOMP PTHREAD NTPD "
"SSL
Yo Matthew!
On Sat, 23 Mar 2019 01:08:06 +
Matthew Selsky wrote:
> This sounds like:
> https://ubuntuforums.org/archive/index.php/t-985136.html
Sure does.
> "The solution is simple, for some reason, when linking the library,
> -lssl must be in front of -lcrypto."
Fingers crossed.
> Can y
018
>
> I know I can update the openssl, but many people will not be able to...
>
> How do I disable building with openssl?
>
> The problem starts here:
>
> [137/137] Linking build/main/ntptime/ntptime
> /usr/local/ssl/lib/libssl.a(t1_lib.o): In function `tls1_check_chain&
Yo Hal!
New issue. I have a really old server that has been running NTPsec
git head until recently. Now it fails, the openssl is too old.
# openssl version
OpenSSL 1.0.2o 27 Mar 2018
I know I can update the openssl, but many people will not be able to...
How do I disable building with
Yo Mike!
On Fri, 22 Mar 2019 22:16:43 +
Mike Simpson via devel wrote:
>
> My server khronos.mikieboy.net is also publicly available and running
> current
Cool, I can connect just fine.
> so could be added for the hackathon.
You'll have to context them directly:
NTP WG
"Dieter
> On 22 Mar 2019, at 22:07, Gary E. Miller via devel wrote:
>
> Yo Hal!
>
> On Fri, 22 Mar 2019 14:14:19 -0700
> Hal Murray via devel wrote:
>
> 2019-03-22T12:55:52 ntpd[10362]: DNS: Server skipping:
> 2001:470:e815::23
>>
>>> Looking at this again, when kong connects to pi3, there
Yo Hal!
On Fri, 22 Mar 2019 14:14:19 -0700
Hal Murray via devel wrote:
> > > > 2019-03-22T12:55:52 ntpd[10362]: DNS: Server skipping:
> > > > 2001:470:e815::23
>
> > Looking at this again, when kong connects to pi3, there is no
> > duplicate connection.
>
> Then where did that skipping com
> > > 2019-03-22T12:55:52 ntpd[10362]: DNS: Server skipping:
> > > 2001:470:e815::23
> Looking at this again, when kong connects to pi3, there is no duplicate
> connection.
Then where did that skipping come from? Either there is some other server
slot that has that IP Address, or the NTS path
> Uh, oh. You mean I can't have both an NTS and a non-NTS connection to the
> same address? I want that to compare latency and jitter. That needs a very
> clear error message.
Nope. It might be possible to change, but I doubt if it's worth the effort.
You can compare -4 with -6.
I've adde
Yo Hal!
> > > 2019-03-22T12:55:52 ntpd[10362]: NTSc: Got 8 cookies, length 104,
> > > aead=15. 2019-03-22T12:55:52 ntpd[10362]: NTSc: NTS-KE req to
> > > pi3.rellim.com took 0.028 sec, OK 2019-03-22T12:55:52 ntpd[10362]:
> > > DNS: dns_check: processing pi3.rellim.com, 1, 21801
> > > 2019-03-22T12
Yo Hal!
On Fri, 22 Mar 2019 13:30:48 -0700
Hal Murray via devel wrote:
> >> 2. A way to see both the NTS name/IP and matching NTPD name/IP
>
> 2019-03-22T12:55:52 ntpd[10362]: NTSc: nts_probe connecting to
> pi3.rellim.com:123 => [2001:470:e815::23]:123
>
> Is that enough? (client side)
I
>> I have 1.1.0j (Debian) talking to 1.0.2o (FreeBSD)
>> Works.
> And vice-versa?
Yes.
>> 2. A way to see both the NTS name/IP and matching NTPD name/IP
2019-03-22T12:55:52 ntpd[10362]: NTSc: nts_probe connecting to
pi3.rellim.com:123 => [2001:470:e815::23]:123
Is that enough? (clie
Yo Hal!
On Fri, 22 Mar 2019 01:19:23 -0700
Hal Murray via devel wrote:
> >>> Gentoo unstable is on 1.1.0j. Stable is on 1.0.2r. =20
> >> I'd expect that case to work.
> > Me too.
>
> I have 1.1.0j (Debian) talking to 1.0.2o (FreeBSD)
> Works.
And vice-versa?
> >> Do you get an intere
Yo Hal!
On Fri, 22 Mar 2019 01:22:37 -0700
Hal Murray via devel wrote:
> > I don't care if it is ntpq, ntpmon, log files, whatever. Right now
> > I don't know how to get the info any way.
>
> I still don't know what you want.
As I said before:
> > 2. A way to see both the NTS name/IP and
> I don't care if it is ntpq, ntpmon, log files, whatever. Right now I don't
> know how to get the info any way.
I still don't know what you want.
I've tried hard to make sure that everything interesting is in the log files
while at the same time not making things too verbose. Please look c
>>> Gentoo unstable is on 1.1.0j. Stable is on 1.0.2r. =20
>> I'd expect that case to work.
> Me too.
I have 1.1.0j (Debian) talking to 1.0.2o (FreeBSD)
Works.
>> Do you get an interesting error message?
>Nope. The client gets the 8 cookies, but the NTPD fails, silently.
Does the 8 count dow
Yo Hal!
On Thu, 21 Mar 2019 17:39:07 -0700
Hal Murray via devel wrote:
> > I found why my pi3 can NTS connect to my kong, but not vice versa.
> > My pi3 is running OpenSSL 1.0.2r
> > My kong is running 1.1.0j
> > Gentoo unstable is on 1.1.0j. Stable is on 1.0.2r.
>
> I'd expect that case to
Yo Hal!
On Thu, 21 Mar 2019 18:21:06 -0700
Hal Murray via devel wrote:
> > Feature requests:
> > 1. selectable TCP ports for NTSc and NTSs.
>
> The client side already works. Use
> server ntp.example.com:1234 nts
>
> The server side should be easy to add.
Cool.
> > 2. A way to see both
> Feature requests:
> 1. selectable TCP ports for NTSc and NTSs.
The client side already works. Use
server ntp.example.com:1234 nts
The server side should be easy to add.
> 2. A way to see both the NTS name/IP and matching NTPD name/IP
I'm not sure what you are asking for. It sounds like
> I found why my pi3 can NTS connect to my kong, but not vice versa.
> My pi3 is running OpenSSL 1.0.2r
> My kong is running 1.1.0j
> Gentoo unstable is on 1.1.0j. Stable is on 1.0.2r.
I'd expect that case to work. Do you get an interesting error message?
[I think I can setup something close
Yo Hal!
I found why my pi3 can NTS connect to my kong, but not vice versa.
My pi3 is running OpenSSL 1.0.2r
My kong is running 1.1.0j
Gentoo unstable is on 1.1.0j. Stable is on 1.0.2r.
RGDS
GARY
---
Gary E. Miller Rellim
Yo Hal!
Feature requests:
1. selectable TCP ports for NTSc and NTSs.
We can't depend on others picking TCP 123 for the NTS-KE port.
2. A way to see both the NTS name/IP and matching NTPD name/IP
Currently don't know what the "remote" is saying.
RGDS
GARY
--
>> It was a big/long gpsd log file. Was there something in particular I
>> was supposed to look for?
> Yeah, the munged IPv6 logs that do not tell me the remote IPv6 address.
It's a gpsd log file, not from ntpd.
[IPv6 truncated printout]
> I'll go scan the NTS code.
> Thanks. Funny what yo
Yo Hal!
On Thu, 21 Mar 2019 13:23:53 -0700
Hal Murray via devel wrote:
> >> No, it's the far end IP address and the local interface you use to
> >> get there.
> > Look again:
> > 2019-03-20T18:11:14 ntpd[3117]: NTSs: TCP accept-ed from
> > [2001:470:e815::%3= =3D 589492224]:50860
>
> > What
>> No, it's the far end IP address and the local interface you use to
>> get there.
> Look again:
> 2019-03-20T18:11:14 ntpd[3117]: NTSs: TCP accept-ed from [2001:470:e815::%3=
> =3D 589492224]:50860
> What IPv6 address do you think that is?
Maybe it's truncated?
I haven't figured out what's g
Yo Hal!
On Thu, 21 Mar 2019 12:37:21 -0700
Hal Murray via devel wrote:
> > So it is the near end network, not the far end IP? I'd really like
> > to know the far end IP.
>
> No, it's the far end IP address and the local interface you use to
> get there.
Look again:
2019-03-20T18:11:14 ntp
> So it is the near end network, not the far end IP? I'd really like to know
> the far end IP.
No, it's the far end IP address and the local interface you use to get there.
> And what is the equal sign and the thing after it?
=3D is mail escape stuff. 3D is hex for =. = is the escape chara
Yo Hal!
On Wed, 20 Mar 2019 23:35:17 -0700
Hal Murray via devel wrote:
> > 2019-03-20T18:11:14 ntpd[3117]: NTSs: TCP accept-ed from
> > [2001:470:e815::%3= 589492224]:50860
> > Wow, that is one wacky IPv6 address! Bad format string?
>
> The % stuff is telling you which network interface it
> 2019-03-20T18:11:14 ntpd[3117]: NTSs: TCP accept-ed from [2001:470:e815::%3=
> 589492224]:50860
> Wow, that is one wacky IPv6 address! Bad format string?
The % stuff is telling you which network interface it is associated with. At
the ping level, you can use things like xx%eth0 to tell
> I added nts-ke to: pi3.rellim.com, see how that works for you.
Works.
[-4, -6]
> Ah, there it is right on the man page. I can't try it until the crash bug is
> gone.
It doesn't work yet. That's why I needed testers. Thanks for finding it.
> Odd, I tried it yet again, and this time it wor
Yo Hal!
From my logs:
2019-03-20T18:10:39 ntpd[3117]: NTSs: TCP accept-ed from 64.139.1.69:53013
2019-03-20T18:10:39 ntpd[3117]: NTSs: Using TLSv1.2, AES256-GCM-SHA384 (256)
2019-03-20T18:10:39 ntpd[3117]: NTSs: Returned 880 bytes
2019-03-20T18:10:39 ntpd[3117]: NTSs: NTS-KE server took 0.188 sec
Yo Hal!
On Wed, 20 Mar 2019 17:30:11 -0700
Hal Murray via devel wrote:
> > Uh, no. You can get easily get the FQDN from the IP.
>
> That adds DNS to the security chain. Doesn't sound good to me. It
> might work if you are using DNSSEC. Complicated.
I am using DNSSEC.
> > Also, since the
> Uh, no. You can get easily get the FQDN from the IP.
That adds DNS to the security chain. Doesn't sound good to me. It might work
if you are using DNSSEC. Complicated.
> Also, since there is no way to specify IPv4 or IPv6, the only way I can make
> this work is by IP.
> You need to add a
Yo Hal!
On Wed, 20 Mar 2019 17:01:31 -0700
Hal Murray via devel wrote:
> > server 204.17.205.8 nts maxpoll 5 # spidey
> > Now the server starts as before, then, silently dies...
>
> Usually it logs a useful message before it exits.
First thing I tried.
> If you can't find
> one, please tr
> server 204.17.205.8 nts maxpoll 5 # spidey
> Now the server starts as before, then, silently dies...
Usually it logs a useful message before it exits. If you can't find one,
please try gdb.
It doesn't make sense to use "nts" with an IP Address if you expect to do
certificate checking. Fo
Yo Hal!
On Wed, 20 Mar 2019 16:53:05 -0700
Hal Murray via devel wrote:
> >> As long as the old cookies on the client are used in NTP packets
> >> soon enough and hence traded in for new cookies, there is no need
> >> for a NTS-KE type rekey.
>
> > Yeah, I had missed that. So I agree your con
>> As long as the old cookies on the client are used in NTP packets soon
>> enough and hence traded in for new cookies, there is no need for a
>> NTS-KE type rekey.
> Yeah, I had missed that. So I agree your concept looks good so far.
Not my concept. Straight out of the book. (draft?)
Yo Hal!
On Wed, 20 Mar 2019 16:28:36 -0700
Hal Murray via devel wrote:
> > I added this to my ntp.conf:
> > nts enable
> > cert /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
> > key /etc/letsencrypt/live/kong.rellim.com/privkey.pem
> > Fail.
>
> You need "nts" in front of t
> I added this to my ntp.conf:
> nts enable
> cert /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
> key /etc/letsencrypt/live/kong.rellim.com/privkey.pem
> Fail.
You need "nts" in front of the cert and key. Or else one loong line. There
is no "cert" top level command.
If yo
Yo Hal!
The ntp.conf man page needs a bit of work...
I added this to my ntp.conf:
nts enable
cert /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
key /etc/letsencrypt/live/kong.rellim.com/privkey.pem
Fail.
2019-03-20T16:15:23 ntpd[21595]: NTSs: starting NTS-KE server listening
Yo Hal!
On Wed, 20 Mar 2019 16:00:55 -0700
Hal Murray via devel wrote:
> Gary said:
> >>> Only if you figure out how to not have a huge daily rush to
> >>> rekey.
> >> Under normal conditions, there is never any need to rekey.
> > We've gone around on that many times before. We disagree.
>
Gary said:
>>> Only if you figure out how to not have a huge daily rush to rekey.
>> Under normal conditions, there is never any need to rekey.
> We've gone around on that many times before. We disagree.
> Using the same master key (with a ratchet) will eventually give the attacker
> enought dat
Yo Hal!
On Wed, 20 Mar 2019 15:22:33 -0700
Hal Murray via devel wrote:
> Gary said:
> > Only if you figure out how to not have a huge daily rush to rekey.
>
> Under normal conditions, there is never any need to rekey.
We've gone around on that many times before. We disagree.
Using the same
Gary said:
> Only if you figure out how to not have a huge daily rush to rekey.
Under normal conditions, there is never any need to rekey.
The server holds 2 cookie keys. When it makes a new key, the current key gets
moved to the old key and the previous old key is lost.
Cookies using either t
Yo Hal!
On Wed, 20 Mar 2019 12:10:25 -0700
Hal Murray via devel wrote:
> Gary said:
> > I' waiting for Gentoo to have the required openssl version.
>
> It should work -- unless Gentoo is using something really
> pre-historic.
Ah, Gentoo unstable updated to openssl 1.1.0j on March 6th.
Do I
Gary said:
> I' waiting for Gentoo to have the required openssl version.
It should work -- unless Gentoo is using something really pre-historic. There
are a handful of #ifdef-s to handle old versions. NetBSD 8 ships with 1.0.2k.
I test that. It builds on 1.0.1, but I'd have to check to see
Yo Hal!
On Wed, 20 Mar 2019 03:45:21 -0700
Hal Murray via devel wrote:
> Is anybody else testing things?
I' waiting for Gentoo to have the required openssl version.
> I just fixed the cookie-key timer so that it actually rotates
> cookies. You need to delete your current cookie file
> at /var
Is anybody else testing things?
I just fixed the cookie-key timer so that it actually rotates cookies. You
need to delete your current cookie file at /var/lib/ntp/nts-keys
The timer is set to an hour rather than a day. So if your clients poll
interval gets up to 1024, it will use some old c
> I've tried defaulting ntscookies to -1 and testing for > that - change pushed.
Thanks. Looks good.
That now exposes a subtle detail. If you see NTS in the refid column, look at
the t column. If it is "u", then the NTS-KE level didn't work. If you see a
"0" there, then the NTS-KE worked bu
Hal Murray :
> [0 not showing up in ntpq -p t column for NTS clients.]
>
> Eric said:
> > I'd fix this, but I'm not sure whether you're talking server or client side.
>
> The problem is in ntpq. Somebody returns 0 for slots that don't exist. The
> check for >= 0 needs to do a preliminary check
[0 not showing up in ntpq -p t column for NTS clients.]
Eric said:
> I'd fix this, but I'm not sure whether you're talking server or client side.
The problem is in ntpq. Somebody returns 0 for slots that don't exist. The
check for >= 0 needs to do a preliminary check to see if the slot exists.
Hal Murray :
>
> Eric said:
> > Good. I'm in favor of anything it can do to export more meaningful status
> > information, and this definitely qualifies.
>
> I assume that includes putting a digit in the t column to show the number of
> cookies and hence indicate that a slot is using NTS.
Yes.
Eric said:
> Good. I'm in favor of anything it can do to export more meaningful status
> information, and this definitely qualifies.
I assume that includes putting a digit in the t column to show the number of
cookies and hence indicate that a slot is using NTS.
There is currently a bug in th
Hal Murray :
> Eric said:
> > So this means ntpd is shipping these strings in the refid field?
> Yes
Good. I'm in favor of anything it can do to export more meaningful status
information, and this definitely qualifies.
> > I want to document this. Not sure where it goes.
>
> For things like t
Eric said:
> So this means ntpd is shipping these strings in the refid field?
Yes
> I want to document this. Not sure where it goes.
For things like that, I grep -r docs/
That misses the man pages that are in the directory with program sources.
INIT gets 2 hits. Neither looked like what you
Hal Murray via devel :
> It now talks to Martin Langer's server.
>
> I added another hack to ntpq. (The hack is actually in ntpd, but you see in
> in ntpq -p) Where it used to show INIT in the refid column to indicate that
> it hasn't received any packets yet, it will now show NTS or DNS if it
Argh. I forgot to mention that the bits on the wire have changed. If you are
testing NTS, you will have to update both ends.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo
It now talks to Martin Langer's server.
I added another hack to ntpq. (The hack is actually in ntpd, but you see in
in ntpq -p) Where it used to show INIT in the refid column to indicate that
it hasn't received any packets yet, it will now show NTS or DNS if it is
waiting for NTS/DNS lookup.
Hal Murray via devel :
> I'm starting to pay attention to some of the configuration options.
>
> It seems strange to use "crypto" for the keyword when we are talking about
> NTS
> or NTS-KE.
I've already changed this to "nts".
> The documentation for crypto enable says:
> Enable NTS service.
> Or did you just want "waf configure" to report the version of openssl that it
> found?
I'd be happy with the version of openssl that it found.
If it's easy, check for a version >= 1.0.1
--
These are my opinions. I hate spam.
___
devel mailing
On Sun, Feb 10, 2019 at 05:30:36PM -0800, Hal Murray wrote:
>
> If it's easy for waf, it would be nice to document the version of OpenSSL we
> are using to build.
The version that we built against, or the version that we're currently
dynamically linked with? Eg, we might build with 1.0.2n, but
matthew.sel...@twosigma.com said:
> Per https://en.wikipedia.org/wiki/OpenSSL, OpenSSL added support for tls1.2
> in version 1.0.1. And that version was end of support in December 2016.
The oldest version I have convenient access to is 1.0.1e on CentOS 6.
> We can add a check for TLS1_2_VERSI
Matthew Selsky :
> Per https://en.wikipedia.org/wiki/OpenSSL, OpenSSL added support for tls1.2
> in version 1.0.1. And that version was end of support in December 2016.
>
> So any version of OpenSSL that we encounter on a supported operating system
> will have a "new enough" OpenSSL to support
On Sat, Feb 09, 2019 at 02:19:50PM -0800, Hal Murray via devel wrote:
>
> e...@thyrsus.com said:
> >> Are we ever going to want to use anything older than TLS1.2? Spec says
> >> no,
> >> but it might be interesting for testing.
> > I'm not interested in complicating our lives with a surfeit of
Hal Murray via devel :
> It seems strange to use "crypto" for the keyword when we are talking about
> NTS
> or NTS-KE.
I've changed the keyword to "nts".
--
http://www.catb.org/~esr/";>Eric S. Raymond
My work is funded by the Internet Civil Engineering Institute: https://icei.o
e...@thyrsus.com said:
>> Are we ever going to want to use anything older than TLS1.2? Spec says no,
>> but it might be interesting for testing.
> I'm not interested in complicating our lives with a surfeit of obsolete APIs.
Sounds good. It's probably worth updating our requirements section t
Hal Murray via devel :
> It seems strange to use "crypto" for the keyword when we are talking about
> NTS
> or NTS-KE.
Yes, I was planning to change that. I originally thought there were going to be
crypto options that might someday be be used for something besides NTS and
intended to have bith
I've got the start of the NTS-KE server working. All is does after the TLS
setup is read some data and echo it back.
Logging is verbose for debugging. I'm using NTSc: and NTSs: as the tag for
client and server and NTS: for subroutines that might get called from either
side.
It reads certi
Library for encoding and decoding agentx packets has been merged into
NTPsec (!506).
The code still has some flaws and inconsistencies, but the tests are
solid, the code is way overdue, and further modifications before
commiting run the risk of entering the Rewrite Timeloop.
--
In the end;
I just pushed the next batch of DNS updates. It still prints too much, but
that will be handy in case anybody finds a problem. Please test and keep an
eye out for quirks.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpse
Old mail...
Hal Murray :
>
> e...@thyrsus.com said:
> >> The frags= and limit= on the mru command are only used
> >> for the first batch. I'd like them to stick.
>
> > There's a computation of those for second and later span requests that I
> > transcribed from the C, down around line 1287 in p
https://www.ntpsec.org/white-papers/stratum-1-microserver-howto/
can we update the sample ntp.conf there, with the comments in Gary Miller's
email a few hours ago.
I have seen this advice before, yet people list SHM0 before SHM1 (because
it 0 comes before 1, so there).
(BTW, the white-p
The details of how it works are in the ntpq man page. Search for maxage or
minage.
A server will end up operating in one of several modes, depending on the
ratio of traffic and MRU table size.
If the server has only a few clients, they each get a slot and they will
stick around until ntpd is
Hal Murray :
> My current problem is that I need to fix ntpq to not give up if it asks for a
> slot that that ntpd doesn't support. Can you either fix it, or give me some
> guidance on where the fix should go?
>
> You can test with "rv 0 leap,foo" and/or hacking in a bogus slot in one of
> the
I have an cleaned up version of the allocator mostly working.
My current problem is that I need to fix ntpq to not give up if it asks for a
slot that that ntpd doesn't support. Can you either fix it, or give me some
guidance on where the fix should go?
You can test with "rv 0 leap,foo" and/or
e...@thyrsus.com said:
>> The frags= and limit= on the mru command are only used
>> for the first batch. I'd like them to stick.
> There's a computation of those for second and later span requests that I
> transcribed from the C, down around line 1287 in packet.py. I'm very
> reluctant to mess
Hal Murray :
> I implemented the mru sort=addr
Thanks.
> I fixed the ^C during collection. Only a few lines.
> (Plan B was to mask the signal. There doesn't seem to be any way to do that
> from Python.)
Hm. You're right, there's no sigmask in Python 2. I never noticed that before.
Python 3
I implemented the mru sort=addr
I fixed the ^C during collection. Only a few lines.
(Plan B was to mask the signal. There doesn't seem to be any way to do that
from Python.)
Minor quirks:
The frags= and limit= on the mru command are only used for the first batch.
I'd like them to stick.
T
u're running ntpd on your home router and have RP
filtering turned off, then an adversary on the internet can prevent
you from syncing with time servers on your LAN, and an adversary on
your LAN can prevent you form syncing with time servers on the
internet.
I'm not quite ready for us to tag a
It turns out I was the one who pushed the doc change; it *did* update.
As always, please catch me on #ntpsec or via email to my personal address
if you find any other issues. Thanks.
- JDB
> On October 30, 2016 at 9:28 AM John Bell wrote:
>
>
>
> I belive I've f
I belive I've fixed it. If someone could push another small doc change
and wait 30 min., we'll know for certain.
Gory details available on request.
- John D. Bell
> On October 30, 2016 at 3:32 AM Hal Murray wrote:
>
>
>
> I pushed some changes several hours ago. The web page at
> htt
I pushed some changes several hours ago. The web page at
https://www.ntpsec.org/ hasn't been updated yet.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Yo Mark!
On Sat, 29 Oct 2016 00:41:09 -0400
"Eric S. Raymond" wrote:
> Mark was doing the tarball drops. You probably need to get him to
> regenerate the 0.9.4 one.
Mark, do you have a signed 0.9.4 I can put on ftp.ntpsec.org?
RGDS
GARY
---
e...@thyrsus.com said:
> Somebody had removed my machinery for that. I've restored it. Directions in
> the README.
Thanks. It helped a lot. (aka avoided a blizzard of crap in git logs)
--
These are my opinions. I hate spam.
___
devel mailin
Hal Murray :
>
> e...@thyrsus.com said:
> >> Thanks. Is there any way to preview my changes?
> > Yes. Provided you configured with --enable-docs, you can ./waf and then
> > point a browser at docs/index.html.
>
> Context confusion. I meant my changes to the main web site at
> https://www.ntp
e...@thyrsus.com said:
>> Thanks. Is there any way to preview my changes?
> Yes. Provided you configured with --enable-docs, you can ./waf and then
> point a browser at docs/index.html.
Context confusion. I meant my changes to the main web site at
https://www.ntpsec.org/ rather than the docu
1 - 100 of 110 matches
Mail list logo
