Bug 199423

Summary: NTP stopped peering after FreeBSD-SA-15:07.ntp
Product: Base System Reporter: Dennis Glatting <freebsd>
Component: binAssignee: Xin LI <delphij>
Status: Closed Overcome By Events    
Severity: Affects Some People CC: cy, delphij, roberto
Priority: --- Keywords: patch
Version: 10.1-STABLE   
Hardware: amd64   
OS: Any   

Description Dennis Glatting 2015-04-13 17:04:56 UTC 
After I applied FreeBSD-SA-15:07.ntp the NTP daemon stopped peering. It still successfully works as a client and server.

My peers are authenticated and I found under the following conditions I can return peers to a working state:

1) I restore the unpatched ntp_proto.c file.

2) I applied the patch below, which undoes part of FreeBSD-SA-15:07.ntp. Although I DID NOT step through the code (I looked through some of the code), it isn't clear to me why this works. For a while I suspected an optimizer bug.

3) net/ntp (4.2.8p2) and net/ntp-devel (4.3.14) both work. (FreeBSD is 4.2.4p8.)


My systems are:

Marvin# uname -a
FreeBSD Marvin 10.1-STABLE FreeBSD 10.1-STABLE #0 r281238: Tue Apr  7 19:05:26 CDT 2015     root@Marvin:/usr/obj/usr/src/sys/PENFORD-FreeBSD10-amd64  amd64


My ntp.conf on the host Marvin is the following. My other systems are similar. My keys are MD5, such as:

250     MD5     xxxxxxxx



Marvin# more /etc/ntp.conf 
enable          auth ntp monitor stats
keys            /etc/ntp/keys
keysdir         /etc/ntp
crypto randfile /dev/random
crypto leap     /etc/ntp/leap-seconds.3629404800
trustedkey      67 68 69 70 71 72 73 74 101 102 104 250 251 252 253 254 255 260 261
requestkey      23
controlkey      27


server  tock.usno.navy.mil prefer
server  time-a.nist.gov prefer
server  time-b.nist.gov prefer
server  time.xmission.com prefer
server  clock.fmt.he.net prefer


peer    granny.bwa.penx.com key 250
peer    tweety-ext.cria.penx.com key 251
peer    daffy.penx.com key 252
peer    elmer.dco.penx.com key 254
peer    bugs.obil.penx.com key 255

#
# Back up clock source
server  127.127.1.0
fudge 127.127.1.0 stratum 5





Marvin# diff -c ntp_proto.c.orig ntp_proto.c
*** ntp_proto.c.orig    Sat Apr 11 23:51:43 2015
--- ntp_proto.c Sat Apr 11 23:54:54 2015
***************
*** 948,957 ****
                        peer->flash |= TEST2;   /* bogus packet */
        }
  
!       /*
!        * If unsynchronized or bogus abandon ship. If the crypto machine
!        * breaks, light the crypto bit and plaint the log.
!        */
        if (peer->flash & PKT_TEST_MASK) {
  #ifdef OPENSSL
                if (crypto_flags && (peer->flags & FLAG_SKEY)) {
--- 948,960 ----
                        peer->flash |= TEST2;   /* bogus packet */
        }
  
!       /*
!        * Update the origin and destination timestamps. If
!        * unsynchronized or bogus abandon ship. If the crypto machine
!        * breaks, light the crypto bit and plaint the log.
!        */
!       peer->org = p_xmt;
!       peer->rec = rbufp->recv_time;
        if (peer->flash & PKT_TEST_MASK) {
  #ifdef OPENSSL
                if (crypto_flags && (peer->flags & FLAG_SKEY)) {
***************
*** 994,1005 ****
        /*
         * That was hard and I am sweaty, but the packet is squeaky
         * clean. Get on with real work.
-        *
-        * Update the origin and destination timestamps.
         */
-       peer->org = p_xmt;
-       peer->rec = rbufp->recv_time;
- 
        peer->received++;
        peer->timereceived = current_time;
        if (is_authentic == AUTH_OK)
--- 997,1003 ----
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2015-04-15 17:19:39 UTC 
I'm not sure how to assign this one, so I'll just add to the Cc: delphij, who did the commit, and cy, who did the last ntp import.