From crichmon at protonmail.com  Sat Jun 28 21:30:38 2025
From: crichmon at protonmail.com (crichmon at protonmail.com)
Date: Sat, 28 Jun 2025 21:30:38 +0000
Subject: Issue/bug report
Message-ID: <361901dbe873$e10006c0$a3001440$@protonmail.com>

Hi,

Not new to ntp, but for unrelated reasons I had to migrate one RPi 2 to the current RPi-OS bookworm, which

only offered ntpsec.  There issue is that ntpq -pn fails, so I can?t verify time is synced.

TL,DR; the issue with ntpq and ntpmon failing is that I?d added the -4 option to /etc/default/ntpsec.

If ipv6 is enabled, ntpd -4 will cause these failures.

This was the response initially:

lora2e:/etc/ntpsec# ps uaxw | grep ntp

ntpsec 1822 0.0 1.7 17476 16204 ? SLs 14:18 0:01 /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -4 -g -N -D 3 -u ntpsec:ntpsec

lora2e:/etc/ntpsec# netstat -apn | grep 123

udp 0 0 192.168.2.29:123 0.0.0.0:* 1822/ntpd

udp 0 0 192.168.4.40:123 0.0.0.0:* 1822/ntpd

udp 0 0 127.0.0.1:123 0.0.0.0:* 1822/ntpd

udp 0 0 0.0.0.0:123 0.0.0.0:* 1822/ntpd

But this fails:

# ntpq -pn

***Socket error; probably ntpd is not running

Gary Miller was kind enough to respond when it looked like my subscription requests failed. I ended up downloading

the 1.2.4 source code, which was very informative (docs as we as the code). I found the source of the error message in

pylibs/packet.py and ended up writing a small script to duplicate the parts of class ControlSession that were failing. Along

the way I?d edited the installed packet.py with a few print statements in openhost and __lookuphost. When I re-tried ntpq

I realized that the failure was because of this block:

# C implementation didn't use multiple responses, so we don't either

(family, socktype, protocol, canonname, sockaddr) = res[0]

Turns out, res[0] is the ipv6 info for local host. res[1] has the working ipv4 information.

lora2e_/home/crichmon/bin> ntpq -pn

start of openhost

self.__lookuphost: [(<AddressFamily.AF_INET6: 10>, <SocketKind.SOCK_DGRAM: 2>, 17, '', ('::1', 123, 0, 0)), (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_DGRAM: 2>, 17, '', ('127.0.0.1', 123))]

middle of openhost

end of openhost, return True

***Socket error; probably ntpd is not running

So, the code in openhost processing the return from self.__lookuphost doesn?t loop over the results to try the ipv4 result.  Running ntpd with

ipv6 disabled meant that the socket use/check later on failed (nobody was listening there). Once I re-enabled ipv6, ntpq and ntpmon

were happy again.

lora2e_/home/crichmon/bin> !net

netstat -an | grep 123

udp 0 0 192.168.2.29:123 0.0.0.0:*

udp 0 0 192.168.4.40:123 0.0.0.0:*

udp 0 0 127.0.0.1:123 0.0.0.0:*

udp 0 0 0.0.0.0:123 0.0.0.0:*

udp6 0 0 ::1:123 :::*

udp6 0 0 :::123 :::*

lora2e_/home/crichmon/bin> ntpq -pn

remote refid st t when poll reach delay offset jitter

=======================================================================================================

*192.168.2.17 127.127.20.0 2 u 53 64 17 3.6956 -0.1879 0.6256

In case anyone thinks to ask; At one point I had disabled ipv6 for the whole computer, and that caused other

issues, flooding /var/log/syslog, so I re-enabled it. I may try that again since I know what?s going on with ntpsec now.

Which I did. Restarted the computer with ipv6.disable=1 in /boot/firmware/cmdline.txt, and -4 in the ntpsec args.

Both ntpq and ntpmon start and run as expected, and no message flood in syslog.

ntpd startup looks like this:

2025-06-28T14:17:01.856236-06:00 lora2e systemd[1]: Starting ntpsec.service - Network Time Service...

2025-06-28T14:17:01.927063-06:00 lora2e ntpd[11396]: INIT: ntpd ntpsec-1.2.2: Starting

2025-06-28T14:17:01.928937-06:00 lora2e ntp-systemd-wrapper[11396]: 2025-06-28T14:17:01 ntpd[11396]: INIT: ntpd ntpsec-1.2.2: Starting

2025-06-28T14:17:01.929509-06:00 lora2e ntp-systemd-wrapper[11396]: 2025-06-28T14:17:01 ntpd[11396]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec

2025-06-28T14:17:01.929928-06:00 lora2e ntpd[11396]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec

2025-06-28T14:17:01.931738-06:00 lora2e systemd[1]: Started ntpsec.service - Network Time Service.

2025-06-28T14:17:01.958498-06:00 lora2e ntpd[11398]: INIT: precision = 1.354 usec (-19)

2025-06-28T14:17:01.961133-06:00 lora2e ntpd[11398]: INIT: successfully locked into RAM

2025-06-28T14:17:01.962150-06:00 lora2e ntpd[11398]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf

2025-06-28T14:17:01.963108-06:00 lora2e ntpd[11398]: CONFIG: restrict notrap ignored

2025-06-28T14:17:01.964035-06:00 lora2e ntpd[11398]: CLOCK: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash signature

2025-06-28T14:17:01.964751-06:00 lora2e ntpd[11398]: CLOCK: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, expire=2025-12-28T00:00Z last=2017-01-01T00:00Z ofs=37

2025-06-28T14:17:01.965174-06:00 lora2e ntpd[11398]: INIT: Using SO_TIMESTAMPNS(ns)

2025-06-28T14:17:01.965611-06:00 lora2e ntpd[11398]: IO: Listen and drop on 0 v6wildcard [::]:123

2025-06-28T14:17:01.966061-06:00 lora2e ntpd[11398]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123

2025-06-28T14:17:01.966438-06:00 lora2e ntpd[11398]: IO: Listen normally on 2 lo 127.0.0.1:123

2025-06-28T14:17:01.966841-06:00 lora2e ntpd[11398]: IO: Listen normally on 3 eth0 192.168.4.40:123

2025-06-28T14:17:01.967242-06:00 lora2e ntpd[11398]: IO: Listen normally on 4 wlan0 192.168.2.29:123

2025-06-28T14:17:01.967614-06:00 lora2e ntpd[11398]: IO: Listen normally on 5 lo [::1]:123

2025-06-28T14:17:01.967961-06:00 lora2e ntpd[11398]: IO: Listening on routing socket on fd #22 for interface updates

2025-06-28T14:17:01.968308-06:00 lora2e ntpd[11398]: INIT: This system has a 32-bit time_t.

2025-06-28T14:17:01.968642-06:00 lora2e ntpd[11398]: INIT: This ntpd will fail on 2038-01-19T03:14:07Z.

2025-06-28T14:17:01.968966-06:00 lora2e ntpd[11398]: INIT: MRU 13107 entries, 13 hash bits, 32768 bytes

2025-06-28T14:17:01.969312-06:00 lora2e ntpd[11398]: INIT: Built with OpenSSL 3.0.9 30 May 2023, 30000090

2025-06-28T14:17:01.969774-06:00 lora2e ntpd[11398]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100

2025-06-28T14:17:01.973346-06:00 lora2e ntpd[11398]: NTSc: Using system default root certificates.

Another thing I don?t understand, is that this code in packet.openhost doesn?t seem to fail. You can open and connect to a

socket on an IP that doesn?t exist. I tried a non-existent IP in my test script and none of this failed.

try:

self.sock = socket.socket(family, socktype, protocol)

except socket.error as e:

raise ControlException("Error opening %s: %s [%d]"

% (hname, e.strerror, e.errno))

print(" middle of openhost")

try:

self.sock.connect(sockaddr)

except socket.error as e:

raise ControlException("Error connecting to %s: %s [%d]"

% (hname, e.strerror, e.errno))

print(" end of openhost")

Thx, Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20250628/beae3616/attachment-0001.htm>

From gem at rellim.com  Sun Jun 29 01:35:19 2025
From: gem at rellim.com (Gary E. Miller)
Date: Sat, 28 Jun 2025 18:35:19 -0700
Subject: Issue/bug report
In-Reply-To: <361901dbe873$e10006c0$a3001440$@protonmail.com>
References: <361901dbe873$e10006c0$a3001440$@protonmail.com>
Message-ID: <20250628183519.42eaa463@spidey.rellim.com>

Yo crichmon at protonmail.com!

You signed youe email with a cert that is not publicly know.  Pointless.

On Sat, 28 Jun 2025 21:30:38 +0000
crichmon at protonmail.com wrote:

> Turns out, res[0] is the ipv6 info for local host. res[1] has the
> working ipv4 information.

[....]

> So, the code in openhost processing the return from self.__lookuphost
> doesn't loop over the results to try the ipv4 result.  Running ntpd
> with ipv6 disabled meant that the socket use/check later on failed
> (nobody was listening there).

This is a part of the code I don't understand.  Please file an issue
on this.

Also, you did not provide your ntp.conf.  When  I saw a copy of it earlier
I thought I saw issues with that.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20250628/f57c33b8/attachment.bin>

From halmurray at sonic.net  Sun Jun 29 02:18:07 2025
From: halmurray at sonic.net (Hal Murray)
Date: Sat, 28 Jun 2025 19:18:07 -0700
Subject: Issue/bug report
Message-ID: <20250629021807.B74B5620138@107-137-68-211.lightspeed.sntcca.sbcglobal.net>


> This is a part of the code I don't understand.  Please file an issue on
> this. 

He started ntpd with -4 (or something like that) so it didn't listen on 
IPv6 port 123.

He has localhost ::1 in his /etc/hosts

He didn't start ntpq with -4.
It defaulted to localhost which has 2 addresses.
The first was ::1 which didn't work.
ntpq didn't try the second address which was IPv4 and would have worked.


That's not a bug I'm likely to work on, but I'm fine if somebody else 
wants to fix it.
 

-- 
These are my opinions.  I hate spam.