From owner-freebsd-bugs@FreeBSD.ORG Mon Apr 13 17:04:56 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A4E2E507 for ; Mon, 13 Apr 2015 17:04:56 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8B9EA81B for ; Mon, 13 Apr 2015 17:04:56 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t3DH4ukQ066858 for ; Mon, 13 Apr 2015 17:04:56 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 199423] NTP stopped peering after FreeBSD-SA-15:07.ntp Date: Mon, 13 Apr 2015 17:04:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.1-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: freebsd@pki2.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Apr 2015 17:04:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199423 Bug ID: 199423 Summary: NTP stopped peering after FreeBSD-SA-15:07.ntp Product: Base System Version: 10.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: freebsd@pki2.com After I applied FreeBSD-SA-15:07.ntp the NTP daemon stopped peering. It still successfully works as a client and server. My peers are authenticated and I found under the following conditions I can return peers to a working state: 1) I restore the unpatched ntp_proto.c file. 2) I applied the patch below, which undoes part of FreeBSD-SA-15:07.ntp. Although I DID NOT step through the code (I looked through some of the code), it isn't clear to me why this works. For a while I suspected an optimizer bug. 3) net/ntp (4.2.8p2) and net/ntp-devel (4.3.14) both work. (FreeBSD is 4.2.4p8.) My systems are: Marvin# uname -a FreeBSD Marvin 10.1-STABLE FreeBSD 10.1-STABLE #0 r281238: Tue Apr 7 19:05:26 CDT 2015 root@Marvin:/usr/obj/usr/src/sys/PENFORD-FreeBSD10-amd64 amd64 My ntp.conf on the host Marvin is the following. My other systems are similar. My keys are MD5, such as: 250 MD5 xxxxxxxx Marvin# more /etc/ntp.conf enable auth ntp monitor stats keys /etc/ntp/keys keysdir /etc/ntp crypto randfile /dev/random crypto leap /etc/ntp/leap-seconds.3629404800 trustedkey 67 68 69 70 71 72 73 74 101 102 104 250 251 252 253 254 255 260 261 requestkey 23 controlkey 27 server tock.usno.navy.mil prefer server time-a.nist.gov prefer server time-b.nist.gov prefer server time.xmission.com prefer server clock.fmt.he.net prefer peer granny.bwa.penx.com key 250 peer tweety-ext.cria.penx.com key 251 peer daffy.penx.com key 252 peer elmer.dco.penx.com key 254 peer bugs.obil.penx.com key 255 # # Back up clock source server 127.127.1.0 fudge 127.127.1.0 stratum 5 Marvin# diff -c ntp_proto.c.orig ntp_proto.c *** ntp_proto.c.orig Sat Apr 11 23:51:43 2015 --- ntp_proto.c Sat Apr 11 23:54:54 2015 *************** *** 948,957 **** peer->flash |= TEST2; /* bogus packet */ } ! /* ! * If unsynchronized or bogus abandon ship. If the crypto machine ! * breaks, light the crypto bit and plaint the log. ! */ if (peer->flash & PKT_TEST_MASK) { #ifdef OPENSSL if (crypto_flags && (peer->flags & FLAG_SKEY)) { --- 948,960 ---- peer->flash |= TEST2; /* bogus packet */ } ! /* ! * Update the origin and destination timestamps. If ! * unsynchronized or bogus abandon ship. If the crypto machine ! * breaks, light the crypto bit and plaint the log. ! */ ! peer->org = p_xmt; ! peer->rec = rbufp->recv_time; if (peer->flash & PKT_TEST_MASK) { #ifdef OPENSSL if (crypto_flags && (peer->flags & FLAG_SKEY)) { *************** *** 994,1005 **** /* * That was hard and I am sweaty, but the packet is squeaky * clean. Get on with real work. - * - * Update the origin and destination timestamps. */ - peer->org = p_xmt; - peer->rec = rbufp->recv_time; - peer->received++; peer->timereceived = current_time; if (is_authentic == AUTH_OK) --- 997,1003 ---- -- You are receiving this mail because: You are the assignee for the bug.