Bug 233644

Summary:

net/chrony: After 3.4 update, chronyd server listener broken when bindaddress set in chrony.conf

Product:

Ports & Packages

Reporter:

ddrinnon

Component:

Individual Port(s)

Assignee:

Bernhard Froehlich <decke>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

decke, morgan, yonas

Priority:

---

Keywords:

needs-qa, regression

Version:

Latest

Flags:

bugzilla: maintainer-feedback? (yonas)

Hardware:

Any

OS:

Any

See Also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232823

Attachments:

Description	Flags
upstream patch	koobs: maintainer-approval? (yonas)

Description ddrinnon 2018-11-29 18:30:53 UTC

It seems the latest update to net/chrony 3.4 has broken the chronyd server if the chrony.conf option bindaddress is set, such as:

bindaddress 10.0.1.1

If the bindaddress is commented out, then time clients can get time from the chronyd server, but then that opens up the port on all interfaces on a multi-homed server.

Comment 1 Morgan Vandagriff 2018-11-30 18:20:22 UTC

I can confirm. Seeing the same thing. It's a real problem on a host with multiple jails, as chrony on the host is now listening on all jail IPs.

Comment 2 Colin T. 2018-12-04 00:38:26 UTC

Created attachment 199807 [details]
upstream patch

Does this patch fix it for you guys?

Comment 3 ddrinnon 2018-12-04 14:25:59 UTC

The patch fixes it for me.  Thank you!

[root@gateway01 /usr/local/etc]# sockstat -4|more
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
chronyd  chronyd    20582 5  udp4   10.0.1.1:123          *:*

[root@aux01 ~]# ntpdate 10.0.1.1
 4 Dec 07:25:07 ntpdate[19211]: adjust time server 10.0.1.1 offset 0.002788 sec

[root@aux01 ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* gateway01.cdor.net            2   9   377   349   +310us[ +310us] +/-   30ms
....

Comment 4 Morgan Vandagriff 2018-12-05 22:19:36 UTC

(In reply to Colin T. from comment #2)

The patch works great! Thanks so much.

Comment 5 Bernhard Froehlich freebsd_committer

2018-12-27 20:36:17 UTC

I'll take it.

Comment 6 commit-hook freebsd_committer

2018-12-27 20:42:03 UTC

A commit references this bug:

Author: decke
Date: Thu Dec 27 20:41:55 UTC 2018
New revision: 488567
URL: https://svnweb.freebsd.org/changeset/ports/488567

Log:
  net/chrony: Fix chrony running as server and using bindaddress

  On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
  address on a socket that is bound to the address. This prevents a server
  configured with the bindaddress directive from responding to clients.

  Add a new variable to check whether the server IPv4 socket is not bound
  before setting the source address.

  PR:		233644
  Submitted by:	Colin T <bugzilla@nulldir.e4ward.com>
  Reported by:	ddrinnon@cdor.net
  Approved by:	maintainer timeout (> 3 weeks)
  Obtained from:	https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901

Changes:
  head/net/chrony/Makefile
  head/net/chrony/files/patch-ntp__io.c

Comment 7 Bernhard Froehlich freebsd_committer

2018-12-27 20:43:42 UTC

It's committed now. Thanks to all involved people!