[Git][NTPsec/ntpsec][master] Start NTS KE listening on new port 4460

Sun May 31 11:47:20 UTC 2020


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
9ffd9467 by Hal Murray at 2020-05-30T17:50:30-07:00
Start NTS KE listening on new port 4460
Still listening on old port 123 too

- - - - -


5 changed files:

- include/ntp.h
- include/nts.h
- ntpd/ntp_dns.c
- ntpd/nts_client.c
- ntpd/nts_server.c


Changes:

=====================================
include/ntp.h
=====================================
@@ -62,6 +62,7 @@ void ntp_RAND_priv_bytes(unsigned char *buf, int num);
 #define	NTP_VERSION	4	/* current version number */
 #define	NTP_OLDVERSION	1 	/* oldest credible version */
 #define	NTP_PORT	123	/* included for non-unix machines */
+#define	NTP_PORTA	"123"	/* or unix without /etc/services */
 
 /* pythonize-header: start ignoring */
 


=====================================
include/nts.h
=====================================
@@ -15,7 +15,10 @@
 #define NTS_KEY_FILE "/etc/ntp/key.pem"
 #define NTS_COOKIE_KEY_FILE "/var/lib/ntp/nts-keys"
 
-#define NTS_KE_PORT		123
+#define NTS_KE_PORT		4460
+#define NTS_KE_PORTA		"4460"
+#define NTS_KE_PORT_OLD		123
+#define NTS_KE_PORTA_OLD	"123"
 
 #define NTS_KE_TIMEOUT		3
 


=====================================
ntpd/ntp_dns.c
=====================================
@@ -190,7 +190,7 @@ static void* dns_lookup(void* arg)
 		hints.ai_protocol = IPPROTO_UDP;
 		hints.ai_socktype = SOCK_DGRAM;
 		hints.ai_family = AF(&pp->srcadr);
-		gai_rc = getaddrinfo(pp->hostname, "123", &hints, &answer);
+		gai_rc = getaddrinfo(pp->hostname, NTP_PORTA, &hints, &answer);
 	}
 
 	kill(getpid(), SIGDNS);


=====================================
ntpd/nts_client.c
=====================================
@@ -267,7 +267,7 @@ int open_TCP_socket(struct peer *peer, const char *hostname) {
 	}
 	if (NULL == tmp) {
 		/* simple case, no : */
-		strlcpy(port, "123", sizeof(port));
+		strlcpy(port, NTS_KE_PORTA_OLD, sizeof(port));
 	} else {
 		/* Complicated case, found a : */
 		*tmp++ = 0;
@@ -747,7 +747,7 @@ bool nts_server_lookup(char *server, sockaddr_u *addr, int af) {
 	hints.ai_socktype = SOCK_DGRAM;
 	hints.ai_family = af;
 
-	gai_rc = getaddrinfo(server, "123", &hints, &answer);
+	gai_rc = getaddrinfo(server, NTS_KE_PORTA_OLD, &hints, &answer);
 	if (0 != gai_rc) {
 		msyslog(LOG_INFO, "NTSc: DNS error trying to lookup %s: %d, %s",
 			server, gai_rc, gai_strerror(gai_rc));


=====================================
ntpd/nts_server.c
=====================================
@@ -42,7 +42,9 @@ static void nts_unlock_certlock(void);
 
 static SSL_CTX *server_ctx = NULL;
 static int listener4_sock = -1;
+static int listener4_sock_old = -1;
 static int listener6_sock = -1;
+static int listener6_sock_old = -1;
 
 /* We need a lock to protect reloading our certificate.
  * This seems like overkill, but it doesn't happen often. */
@@ -119,6 +121,14 @@ bool nts_server_init(void) {
 	msyslog(LOG_INFO, "NTSs: OpenSSL security level is %d",
 		SSL_CTX_get_security_level(server_ctx));
 
+	msyslog(LOG_INFO, "NTSs: starting NTS-KE server listening on old port %d",
+		NTS_KE_PORT_OLD);
+	ok &= create_listener4(NTS_KE_PORT_OLD);
+	ok &= create_listener6(NTS_KE_PORT_OLD);
+	listener4_sock_old = listener4_sock;
+	listener6_sock_old = listener6_sock;
+	msyslog(LOG_INFO, "NTSs: starting NTS-KE server listening on port %d",
+		NTS_KE_PORT);
 	ok &= create_listener4(NTS_KE_PORT);
 	ok &= create_listener6(NTS_KE_PORT);
 
@@ -144,6 +154,13 @@ bool nts_server_init2(void) {
 			msyslog(LOG_ERR, "NTSs: nts_start_server4: error from pthread_create: %s", errbuf);
 		}
 	}
+	if (listener4_sock_old != -1) {
+		rc = pthread_create(&worker, NULL, nts_ke_listener, &listener4_sock_old);
+		if (rc) {
+			ntp_strerror_r(errno, errbuf, sizeof(errbuf));
+			msyslog(LOG_ERR, "NTSs: nts_start_server4: error from pthread_create: %s", errbuf);
+		}
+	}
 	if (listener6_sock != -1) {
 		rc = pthread_create(&worker, NULL, nts_ke_listener, &listener6_sock);
 		if (rc) {
@@ -151,6 +168,13 @@ bool nts_server_init2(void) {
 			msyslog(LOG_ERR, "NTSs: nts_start_server6: error from pthread_create: %s", errbuf);
 		}
 	}
+	if (listener6_sock_old != -1) {
+		rc = pthread_create(&worker, NULL, nts_ke_listener, &listener6_sock_old);
+		if (rc) {
+			ntp_strerror_r(errno, errbuf, sizeof(errbuf));
+			msyslog(LOG_ERR, "NTSs: nts_start_server6: error from pthread_create: %s", errbuf);
+		}
+	}
 	pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
 
 	return true;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/9ffd9467ef89c979a6950e382c239806d551a2fc

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/9ffd9467ef89c979a6950e382c239806d551a2fc
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20200531/5cdb3521/attachment-0001.htm>
