Issue/bug report

crichmon at protonmail.com crichmon at protonmail.com
Sat Jun 28 21:30:38 UTC 2025 

Hi,

Not new to ntp, but for unrelated reasons I had to migrate one RPi 2 to the current RPi-OS bookworm, which

only offered ntpsec.  There issue is that ntpq -pn fails, so I can’t verify time is synced.

TL,DR; the issue with ntpq and ntpmon failing is that I’d added the -4 option to /etc/default/ntpsec.

If ipv6 is enabled, ntpd -4 will cause these failures.

This was the response initially:

lora2e:/etc/ntpsec# ps uaxw | grep ntp

ntpsec 1822 0.0 1.7 17476 16204 ? SLs 14:18 0:01 /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -4 -g -N -D 3 -u ntpsec:ntpsec

lora2e:/etc/ntpsec# netstat -apn | grep 123

udp 0 0 192.168.2.29:123 0.0.0.0:* 1822/ntpd

udp 0 0 192.168.4.40:123 0.0.0.0:* 1822/ntpd

udp 0 0 127.0.0.1:123 0.0.0.0:* 1822/ntpd

udp 0 0 0.0.0.0:123 0.0.0.0:* 1822/ntpd

But this fails:

# ntpq -pn

***Socket error; probably ntpd is not running

Gary Miller was kind enough to respond when it looked like my subscription requests failed. I ended up downloading

the 1.2.4 source code, which was very informative (docs as we as the code). I found the source of the error message in

pylibs/packet.py and ended up writing a small script to duplicate the parts of class ControlSession that were failing. Along

the way I’d edited the installed packet.py with a few print statements in openhost and __lookuphost. When I re-tried ntpq

I realized that the failure was because of this block:

# C implementation didn't use multiple responses, so we don't either

(family, socktype, protocol, canonname, sockaddr) = res[0]

Turns out, res[0] is the ipv6 info for local host. res[1] has the working ipv4 information.

lora2e_/home/crichmon/bin> ntpq -pn

start of openhost

self.__lookuphost: [(<AddressFamily.AF_INET6: 10>, <SocketKind.SOCK_DGRAM: 2>, 17, '', ('::1', 123, 0, 0)), (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_DGRAM: 2>, 17, '', ('127.0.0.1', 123))]

middle of openhost

end of openhost, return True

***Socket error; probably ntpd is not running

So, the code in openhost processing the return from self.__lookuphost doesn’t loop over the results to try the ipv4 result.  Running ntpd with

ipv6 disabled meant that the socket use/check later on failed (nobody was listening there). Once I re-enabled ipv6, ntpq and ntpmon

were happy again.

lora2e_/home/crichmon/bin> !net

netstat -an | grep 123

udp 0 0 192.168.2.29:123 0.0.0.0:*

udp 0 0 192.168.4.40:123 0.0.0.0:*

udp 0 0 127.0.0.1:123 0.0.0.0:*

udp 0 0 0.0.0.0:123 0.0.0.0:*

udp6 0 0 ::1:123 :::*

udp6 0 0 :::123 :::*

lora2e_/home/crichmon/bin> ntpq -pn

remote refid st t when poll reach delay offset jitter

=======================================================================================================

*192.168.2.17 127.127.20.0 2 u 53 64 17 3.6956 -0.1879 0.6256

In case anyone thinks to ask; At one point I had disabled ipv6 for the whole computer, and that caused other

issues, flooding /var/log/syslog, so I re-enabled it. I may try that again since I know what’s going on with ntpsec now.

Which I did. Restarted the computer with ipv6.disable=1 in /boot/firmware/cmdline.txt, and -4 in the ntpsec args.

Both ntpq and ntpmon start and run as expected, and no message flood in syslog.

ntpd startup looks like this:

2025-06-28T14:17:01.856236-06:00 lora2e systemd[1]: Starting ntpsec.service - Network Time Service...

2025-06-28T14:17:01.927063-06:00 lora2e ntpd[11396]: INIT: ntpd ntpsec-1.2.2: Starting

2025-06-28T14:17:01.928937-06:00 lora2e ntp-systemd-wrapper[11396]: 2025-06-28T14:17:01 ntpd[11396]: INIT: ntpd ntpsec-1.2.2: Starting

2025-06-28T14:17:01.929509-06:00 lora2e ntp-systemd-wrapper[11396]: 2025-06-28T14:17:01 ntpd[11396]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec

2025-06-28T14:17:01.929928-06:00 lora2e ntpd[11396]: INIT: Command line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec

2025-06-28T14:17:01.931738-06:00 lora2e systemd[1]: Started ntpsec.service - Network Time Service.

2025-06-28T14:17:01.958498-06:00 lora2e ntpd[11398]: INIT: precision = 1.354 usec (-19)

2025-06-28T14:17:01.961133-06:00 lora2e ntpd[11398]: INIT: successfully locked into RAM

2025-06-28T14:17:01.962150-06:00 lora2e ntpd[11398]: CONFIG: readconfig: parsing file: /etc/ntpsec/ntp.conf

2025-06-28T14:17:01.963108-06:00 lora2e ntpd[11398]: CONFIG: restrict notrap ignored

2025-06-28T14:17:01.964035-06:00 lora2e ntpd[11398]: CLOCK: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): good hash signature

2025-06-28T14:17:01.964751-06:00 lora2e ntpd[11398]: CLOCK: leapsecond file ('/usr/share/zoneinfo/leap-seconds.list'): loaded, expire=2025-12-28T00:00Z last=2017-01-01T00:00Z ofs=37

2025-06-28T14:17:01.965174-06:00 lora2e ntpd[11398]: INIT: Using SO_TIMESTAMPNS(ns)

2025-06-28T14:17:01.965611-06:00 lora2e ntpd[11398]: IO: Listen and drop on 0 v6wildcard [::]:123

2025-06-28T14:17:01.966061-06:00 lora2e ntpd[11398]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123

2025-06-28T14:17:01.966438-06:00 lora2e ntpd[11398]: IO: Listen normally on 2 lo 127.0.0.1:123

2025-06-28T14:17:01.966841-06:00 lora2e ntpd[11398]: IO: Listen normally on 3 eth0 192.168.4.40:123

2025-06-28T14:17:01.967242-06:00 lora2e ntpd[11398]: IO: Listen normally on 4 wlan0 192.168.2.29:123

2025-06-28T14:17:01.967614-06:00 lora2e ntpd[11398]: IO: Listen normally on 5 lo [::1]:123

2025-06-28T14:17:01.967961-06:00 lora2e ntpd[11398]: IO: Listening on routing socket on fd #22 for interface updates

2025-06-28T14:17:01.968308-06:00 lora2e ntpd[11398]: INIT: This system has a 32-bit time_t.

2025-06-28T14:17:01.968642-06:00 lora2e ntpd[11398]: INIT: This ntpd will fail on 2038-01-19T03:14:07Z.

2025-06-28T14:17:01.968966-06:00 lora2e ntpd[11398]: INIT: MRU 13107 entries, 13 hash bits, 32768 bytes

2025-06-28T14:17:01.969312-06:00 lora2e ntpd[11398]: INIT: Built with OpenSSL 3.0.9 30 May 2023, 30000090

2025-06-28T14:17:01.969774-06:00 lora2e ntpd[11398]: INIT: Running with OpenSSL 3.0.16 11 Feb 2025, 30000100

2025-06-28T14:17:01.973346-06:00 lora2e ntpd[11398]: NTSc: Using system default root certificates.

Another thing I don’t understand, is that this code in packet.openhost doesn’t seem to fail. You can open and connect to a

socket on an IP that doesn’t exist. I tried a non-existent IP in my test script and none of this failed.

try:

self.sock = socket.socket(family, socktype, protocol)

except socket.error as e:

raise ControlException("Error opening %s: %s [%d]"

% (hname, e.strerror, e.errno))

print(" middle of openhost")

try:

self.sock.connect(sockaddr)

except socket.error as e:

raise ControlException("Error connecting to %s: %s [%d]"

% (hname, e.strerror, e.errno))

print(" end of openhost")

Thx, Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20250628/beae3616/attachment-0001.htm>

More information about the users mailing list