Bug 233644 - net/chrony: After 3.4 update, chronyd server listener broken when bindaddress set in chrony.conf
Summary: net/chrony: After 3.4 update, chronyd server listener broken when bindaddress...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Bernhard Froehlich
URL:
Keywords: needs-qa, regression
Depends on:
Blocks:
 
Reported: 2018-11-29 18:30 UTC by ddrinnon
Modified: 2018-12-27 20:43 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (yonas)


Attachments
upstream patch (2.83 KB, patch)
2018-12-04 00:38 UTC, Colin T.
koobs: maintainer-approval? (yonas)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description ddrinnon 2018-11-29 18:30:53 UTC
It seems the latest update to net/chrony 3.4 has broken the chronyd server if the chrony.conf option bindaddress is set, such as:

bindaddress 10.0.1.1

If the bindaddress is commented out, then time clients can get time from the chronyd server, but then that opens up the port on all interfaces on a multi-homed server.
Comment 1 Morgan Vandagriff 2018-11-30 18:20:22 UTC
I can confirm. Seeing the same thing. It's a real problem on a host with multiple jails, as chrony on the host is now listening on all jail IPs.
Comment 2 Colin T. 2018-12-04 00:38:26 UTC
Created attachment 199807 [details]
upstream patch

Does this patch fix it for you guys?
Comment 3 ddrinnon 2018-12-04 14:25:59 UTC
The patch fixes it for me.  Thank you!

[root@gateway01 /usr/local/etc]# sockstat -4|more
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
chronyd  chronyd    20582 5  udp4   10.0.1.1:123          *:*

[root@aux01 ~]# ntpdate 10.0.1.1
 4 Dec 07:25:07 ntpdate[19211]: adjust time server 10.0.1.1 offset 0.002788 sec

[root@aux01 ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* gateway01.cdor.net            2   9   377   349   +310us[ +310us] +/-   30ms
....
Comment 4 Morgan Vandagriff 2018-12-05 22:19:36 UTC
(In reply to Colin T. from comment #2)

The patch works great! Thanks so much.
Comment 5 Bernhard Froehlich freebsd_committer 2018-12-27 20:36:17 UTC
I'll take it.
Comment 6 commit-hook freebsd_committer 2018-12-27 20:42:03 UTC
A commit references this bug:

Author: decke
Date: Thu Dec 27 20:41:55 UTC 2018
New revision: 488567
URL: https://svnweb.freebsd.org/changeset/ports/488567

Log:
  net/chrony: Fix chrony running as server and using bindaddress

  On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
  address on a socket that is bound to the address. This prevents a server
  configured with the bindaddress directive from responding to clients.

  Add a new variable to check whether the server IPv4 socket is not bound
  before setting the source address.

  PR:		233644
  Submitted by:	Colin T <bugzilla@nulldir.e4ward.com>
  Reported by:	ddrinnon@cdor.net
  Approved by:	maintainer timeout (> 3 weeks)
  Obtained from:	https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901

Changes:
  head/net/chrony/Makefile
  head/net/chrony/files/patch-ntp__io.c
Comment 7 Bernhard Froehlich freebsd_committer 2018-12-27 20:43:42 UTC
It's committed now. Thanks to all involved people!