It seems the latest update to net/chrony 3.4 has broken the chronyd server if the chrony.conf option bindaddress is set, such as:
If the bindaddress is commented out, then time clients can get time from the chronyd server, but then that opens up the port on all interfaces on a multi-homed server.
I can confirm. Seeing the same thing. It's a real problem on a host with multiple jails, as chrony on the host is now listening on all jail IPs.
Created attachment 199807 [details]
Does this patch fix it for you guys?
The patch fixes it for me. Thank you!
[root@gateway01 /usr/local/etc]# sockstat -4|more
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
chronyd chronyd 20582 5 udp4 10.0.1.1:123 *:*
[root@aux01 ~]# ntpdate 10.0.1.1
4 Dec 07:25:07 ntpdate: adjust time server 10.0.1.1 offset 0.002788 sec
[root@aux01 ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
^* gateway01.cdor.net 2 9 377 349 +310us[ +310us] +/- 30ms
(In reply to Colin T. from comment #2)
The patch works great! Thanks so much.
I'll take it.
A commit references this bug:
Date: Thu Dec 27 20:41:55 UTC 2018
New revision: 488567
net/chrony: Fix chrony running as server and using bindaddress
On FreeBSD, sendmsg() fails when IP_SENDSRCADDR specifies a source
address on a socket that is bound to the address. This prevents a server
configured with the bindaddress directive from responding to clients.
Add a new variable to check whether the server IPv4 socket is not bound
before setting the source address.
Submitted by: Colin T <email@example.com>
Reported by: firstname.lastname@example.org
Approved by: maintainer timeout (> 3 weeks)
Obtained from: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=6af39d63aa9323b4b8c39efe24ae0c88c949a901
It's committed now. Thanks to all involved people!