From gitlab at mg.gitlab.com Mon Mar 16 22:43:09 2026 From: gitlab at mg.gitlab.com (Hal Murray (@hal.murray)) Date: Mon, 16 Mar 2026 22:43:09 +0000 Subject: [Git][NTPsec/ntpsec][master] 9 commits: Add logging when dropping extra pool servers Message-ID: <69b8877de0773_3b18c93c2783e@gitlab-sidekiq-low-urgency-cpu-bound-v2-7d5649fc9d-fppsr.mail> Hal Murray pushed to branch master at NTPsec / ntpsec Commits: b9349cda by Hal Murray at 2026-02-15T23:03:44-08:00 Add logging when dropping extra pool servers - - - - - c089c8d9 by Hal Murray at 2026-02-16T00:16:00-08:00 Add listen mode for HPGPS Driver - - - - - 8ee443f6 by Hal Murray at 2026-02-16T10:30:43-08:00 Add config check for valid aead parameters I'm leaving #880 open. Error checking during config is a mess. - - - - - f79e2e6a by Hal Murray at 2026-02-19T00:50:50-08:00 Trim [] and :port from host name passed to NTSKE server - - - - - 59fc56a4 by Hal Murray at 2026-02-19T03:14:28-08:00 Minor tweaks to HOWTO-OpenSSL, mostly updating to 3.6.1 - - - - - c43bc37a by Hal Murray at 2026-03-11T01:27:20-07:00 Fix ahead check in #8ee443f6 to work with --disable-nts - - - - - e208fa54 by Hal Murray at 2026-03-11T01:34:26-07:00 Add a couple of const to fix warnings from strchr gcc 16.0 is now smart enough to figure out that if you pass in a const char* the answer which points into that string should also be a const char*. So it checks for that, even if the man page and prototype say the result is a (without const) char* and gives warnings if you store it into a char*. - - - - - 5505260c by Hal Murray at 2026-03-11T01:40:56-07:00 Fix redefined _XOPEN_SOURCE warning in refclock_gpsd.c - - - - - fd40e4b8 by Hal Murray at 2026-03-14T02:05:19-07:00 Fix const warnings in refclock_oncore from strsch - - - - - 10 changed files: - HOWTO-OpenSSL - docs/driver_hpgps.adoc - libntp/hextolfp.c - ntpd/ntp_config.c - ntpd/ntp_control.c - ntpd/ntp_proto.c - ntpd/nts_client.c - ntpd/refclock_gpsd.c - ntpd/refclock_hpgps.c - ntpd/refclock_oncore.c Changes: ===================================== HOWTO-OpenSSL ===================================== @@ -2,7 +2,7 @@ NTS needs TLS 1.3 or newer. That was first supported in OpenSSL 1.1.1 (1.1.1a is broken) Some OSes/Distros don't support a new enough version of OpenSSL -This file contains notes on how to download, build, and install 3.4.1 +This file contains notes on how to download, build, and install 3.6.1 It should be close for other 3.x.y versions so you can test newer versions than whatever your distro provides. @@ -15,7 +15,7 @@ It also has several newer versions available as packages. You can just install one and ignore the rest of this note. waf will find the pkg version and use it. sudo pkg update - sudo pkg search openssl | grep openssl3 + pkg search openssl | grep openssl3 openssl31-3.1.7_1 TLSv1.3 capable SSL and crypto library openssl31-quictls-3.1.7_1 QUIC capable fork of OpenSSL openssl32-3.2.4 TLSv1.3 capable SSL and crypto library @@ -43,11 +43,11 @@ But check for the latest versions first. cd xxx mkdir OpenSSL cd OpenSSL -for OpenSSL 3.4.1 +for OpenSSL 3.6.1 # https://www.openssl.org/source/ - wget https://github.com/openssl/openssl/releases/download/openssl-3.4.1/openssl-3.4.1.tar.gz - tar -xzf openssl-3.4.1.tar.gz - cd openssl-3.4.1 + wget https://github.com/openssl/openssl/releases/download/openssl-3.6.1/openssl-3.6.1.tar.gz + tar -xzf openssl-3.6.1.tar.gz + cd openssl-3.6.1 # Check NOTES.PERL # Fedora needs @@ -86,7 +86,8 @@ time make -j4 |& tee make.log # ./apps/openssl without the wrapper will use the installed libraries The above check is broken on Fedora (I think Fedora needs some old/weak crypto that default OpenSSL - no longer provides. I haven't gone down this rabbit hole.) + no longer provides. I haven't gone down this rabbit hole. + Worked on 3.6.1, Fedora 43, 2026-Feb-01) It works on Debian, Ubuntu and FreeBSD. time make test -j4 |& tee test.log ===================================== docs/driver_hpgps.adoc ===================================== @@ -106,7 +106,13 @@ your documentation for details. +flag1 {0 | 1}+:: Not used by this driver. +flag2 {0 | 1}+:: - Not used by this driver. + Listen only mode, for use with a line splitter so 2 clients + can listen to the same device. Unlike many GPS devices, the + HP devices do not have a mode that automatically sends the + time each second. The driver has to ask each time. This + mode assumes another dirver is doing the asking and ignores + everything but T2 replies so it won't get confused if that + other driver is using flag3 or flag4. +flag3 {0 | 1}+:: Adds extra stats to the clockstats line +flag4 {0 | 1}+:: ===================================== libntp/hextolfp.c ===================================== @@ -19,7 +19,7 @@ hextolfp( const char *cpstart; unsigned long dec_i; unsigned long dec_f; - char *ind = NULL; + const char *ind = NULL; static const char *digits = "0123456789abcdefABCDEF"; dec_i = dec_f = 0; ===================================== ntpd/ntp_config.c ===================================== @@ -30,6 +30,7 @@ #include "ntp_assert.h" #include "ntp_dns.h" #include "ntp_auth.h" +#include "nts2.h" /* * [Classic Bug 467]: Some linux headers collide with CONFIG_PHONE and @@ -628,6 +629,13 @@ create_peer_node( break; case T_Aead: +#ifndef DISABLE_NTS + if (NO_AEAD == nts_string_to_aead(option->value.s)) { + msyslog(LOG_ERR, + "CONFIG: Invalid AEAD parameter: %s", option->value.s); + break; + } +#endif my_node->ctl.nts_cfg.aead = option->value.s; break; @@ -1955,9 +1963,14 @@ config_nts( INSIST(0); break; case T_Aead: - free((void *)(intptr_t)ntsconfig.aead); - ntsconfig.aead = estrdup(nts->value.s); - break; + if (NO_AEAD == nts_string_to_aead(nts->value.s)) { + msyslog(LOG_ERR, + "CONFIG: Invalid AEAD parameter: %s", nts->value.s); + break; + } + free((void *)(intptr_t)ntsconfig.aead); + ntsconfig.aead = estrdup(nts->value.s); + break; case T_Ca: free((void *)(intptr_t)ntsconfig.ca); ===================================== ntpd/ntp_control.c ===================================== @@ -1839,7 +1839,7 @@ ssize_t CI_VARLIST( bool *first ) { char *start = buffer_lap; - char *string_split; + const char *string_split; size_t string_length; const struct ctl_var *row; if (NULL == table) { ===================================== ntpd/ntp_proto.c ===================================== @@ -977,6 +977,9 @@ transmit( hpoll++; /* ephemeral: no FLAG_CONFIG nor FLAG_PREEMPT */ if (!(peer->cfg.flags & (FLAG_CONFIG | FLAG_PREEMPT))) { +// I don't think this happens. Hal, 2026-Jan-11 + msyslog(LOG_INFO, "Drop ephemeral %s", + socktoa(&peer->srcadr)); report_event(PEVNT_RESTART, peer, "timeout"); peer_clear(peer, "TIME", false); unpeer(peer); @@ -985,6 +988,8 @@ transmit( if ((peer->cfg.flags & FLAG_PREEMPT) && (peer_associations > sys_maxclock) && score_all(peer)) { + msyslog(LOG_INFO, "Drop extra pool server %s", + socktoa(&peer->srcadr)); report_event(PEVNT_RESTART, peer, "timeout"); peer_clear(peer, "TIME", false); unpeer(peer); ===================================== ntpd/nts_client.c ===================================== @@ -460,15 +460,19 @@ bool connect_TCP_socket(int sockfd, struct addrinfo *addr) { void set_hostname(SSL *ssl, const char *hostname) { char host[256], *tmp; - /* chop off trailing :port */ + /* chop off [] and trailing :port */ strlcpy(host, hostname, sizeof(host)); - tmp = strchr(host, ']'); - if (NULL == tmp) { - tmp = host; /* not IPv6 [...] format */ - } - tmp = strchr(tmp, ':'); - if (NULL != tmp) { - *tmp = 0; + if ('[' == host[0]) { + /* IPv6 literal, [...] format */ + strlcpy(host, hostname+1, sizeof(host)); + tmp = strchr(host, ']'); + if (NULL != tmp) *tmp = 0; + } else { + /* not IPv6 [...] format */ + tmp = strchr(host, ':'); + if (NULL != tmp) { + *tmp = 0; + } } /* https://wiki.openssl.org/index.php/Hostname_validation ===================================== ntpd/refclock_gpsd.c ===================================== @@ -107,7 +107,13 @@ typedef unsigned long int json_uint; // _XOPEN_SOURCE needed for strptime() // For OpenBSD, the value must be at least 500 // For FreeBSD, the value must be at least 700 for ldexpl() in ntp_fp.h -#define _XOPEN_SOURCE 700 +#ifdef _XOPEN_SOURCE + #if _XOPEN_SOURCE < 700 + #error "_XOPEN_SOURCE too small" + #endif +#else + #define _XOPEN_SOURCE 700 +#endif #include // for strptime() #include ===================================== ntpd/refclock_hpgps.c ===================================== @@ -375,6 +375,12 @@ if (HPDEBUG) { up->idlesec = 0; + if ((pp->sloppyclockflag & CLK_FLAG2) ) { + /* Watch only mode. Ignore everything except T2. */ + char *tcp = pp->a_lastcode; + if ((*tcp != 'T') || (*(tcp+1) != '2')) return; + } + if (hpgps_receive_T2(peer)) return; if (!up->didpoll) { ===================================== ntpd/refclock_oncore.c ===================================== @@ -2935,6 +2935,7 @@ oncore_msg_Cj_id( { char *cp2, Model[21]; const char *cp, *cp1; + char *cpx; UNUSED_ARG(buf); UNUSED_ARG(len); @@ -2942,14 +2943,14 @@ oncore_msg_Cj_id( /* Write Receiver ID message to clockstats file */ instance->Cj[294] = '\0'; - for (cp= (char *)instance->Cj; cp< (char *) &instance->Cj[294]; ) { - char *cpw = strchr(cp, '\r'); + for (cpx= (char *)instance->Cj; cpx< (char *) &instance->Cj[294]; ) { + char *cpw = strchr(cpx, '\r'); if (!cpw) cpw = (char *)&instance->Cj[294]; *cpw = '\0'; - oncore_log(instance, LOG_NOTICE, cp); + oncore_log(instance, LOG_NOTICE, cpx); *cpw = '\r'; - cp = cpw+2; + cpx = cpw+2; } /* next, the Firmware Version and Revision numbers */ View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/09b2e035cc87473a3103d0526a92e366bd75d91c...fd40e4b8ab0e3a364dff22bdd636f830ba697186 -- View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/09b2e035cc87473a3103d0526a92e366bd75d91c...fd40e4b8ab0e3a364dff22bdd636f830ba697186 You're receiving this email because of your account on gitlab.com. Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help -------------- next part -------------- An HTML attachment was scrubbed... URL: