From owner-freebsd-stable@freebsd.org  Fri Jul 24 02:27:33 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7F49A9A8A6B
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Fri, 24 Jul 2015 02:27:33 +0000 (UTC)
 (envelope-from john.marshall@riverwillow.com.au)
Received: from mta1.riverwillow.net.au (mta1.riverwillow.net.au
 [IPv6:2001:8000:1000:1801::3001])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mta1.riverwillow.net.au",
 Issuer "Riverwillow 2014 CA Root Certificate" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id A8F491CB2
 for <freebsd-stable@freebsd.org>; Fri, 24 Jul 2015 02:27:32 +0000 (UTC)
 (envelope-from john.marshall@riverwillow.com.au)
Received: from mail1.riverwillow.net.au (mail1.riverwillow.net.au
 [IPv6:2001:8000:1000:1801:0:0:0:4001])
 by mta1.riverwillow.net.au (8.15.2/8.15.2) with ESMTPS id t6O2RPaW047861
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <freebsd-stable@freebsd.org>; Fri, 24 Jul 2015 12:27:25 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=riverwillow.com.au;
 s=mta1002; t=1437704845;
 bh=P8qJNZDn7gERnkvyl7Z0NDkjsozBs8rOV7SxlfLa5jc=;
 h=Date:From:To:Subject;
 b=ubVrBzC+ftp1DCU7MYzej2fd6iP5PBbW1W2eCL4Wh3HoDpEevPM8dNhmLIPYTfuG/
 V6JyqB4xkE0uceotjiUonrYqB94W0tlVxPhI6oLpzjTbWetXDXl8RW7bXwQNjNDg4H
 EMv3zGbrEUB+65mt08GRi3cjLz082HUPDq3pIvW8=
Received: from rwpc16.gfn.riverwillow.net.au (rwpc16.gfn.riverwillow.net.au
 [IPv6:2001:8000:1000:18e1:ae87:a3ff:fe04:b351])
 (authenticated bits=56)
 by mail1.riverwillow.net.au (8.15.2/8.15.2) with ESMTPSA id t6O2RHwD047859
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <freebsd-stable@freebsd.org>; Fri, 24 Jul 2015 12:27:20 +1000 (AEST)
Date: Fri, 24 Jul 2015 12:27:17 +1000
From: John Marshall <john.marshall@riverwillow.com.au>
To: freebsd-stable@freebsd.org
Subject: 10.2-BETA2 patch etc/ntp.conf to enable ntpd pool client functionality
Message-ID: <20150724022717.GA61649@rwpc16.gfn.riverwillow.net.au>
Mail-Followup-To: freebsd-stable@freebsd.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="MGYHOYXEY6WxJCY8"
Content-Disposition: inline
OpenPGP: id=A29A84A2; url=http://pki.riverwillow.com.au/pgp/johnmarshall.asc
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jul 2015 02:27:33 -0000


--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I have submitted a patch to the distributed ntp.conf to enable ntpd pool
client functionality.  This was not possible in the ancient version of
ntpd shipped with FreeBSD releases over the past several years.

  https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D201803

Essentially this gives you a larger set of DYNAMIC servers from the
pool.  If ntpd decides one of the configured servers has become
unreliable it will drop it and configure a new one.

Also, there is a 'restrict source' command which provides template
access restrictions for upstream servers.  When a server is dynamically
configured, a dynamic restrict entry is created for it from the
'restrict source' template.  When a server is dynamically removed, its
'restrict' entry is also removed.

This is the result on a 10.2-BETA2 (r285783) server.

rwsrv02> ntpq -np
     remote           refid      st t when poll reach   delay   offset  jit=
ter
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
 0.freebsd.pool. .POOL.          16 p    -   64    0    0.000    0.000   0.=
004
 1.freebsd.pool. .POOL.          16 p    -   64    0    0.000    0.000   0.=
004
 2.freebsd.pool. .POOL.          16 p    -   64    0    0.000    0.000   0.=
004
+125.255.139.115 130.194.1.96     2 u   27  128  377   43.168   -5.505   0.=
924
+203.23.237.200  203.35.83.242    2 u   26  128  377   29.877   -4.786   0.=
749
-121.0.0.42      23.31.237.112    3 u  212  256  377   46.560   -2.756   5.=
783
*54.252.165.245  202.21.137.10    2 u   25  128  377   30.060   -4.859   0.=
783
-2001:418:3ff::1 204.123.2.72     2 u  165  256  377  173.324   -1.592   1.=
651
-2001:df0:fe:2:: 130.102.2.123    3 u  106  256  377   44.177    4.080   3.=
690
+130.102.2.123   216.218.254.202  2 u   20  128  377   46.288   -4.332   1.=
416

The same server running an un-patched ntp.conf looks like this.

rwsrv02> ntpq -np
     remote           refid      st t when poll reach   delay   offset  jit=
ter
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
*54.252.165.245  202.21.137.10    2 u   32   64   17   31.100   -7.764   3.=
887
+202.127.210.37  130.102.2.123    3 u   32   64   17   40.181    2.001   2.=
074
+2001:df0:fe:2:: 130.102.2.123    3 u   32   64   17   45.974    2.414   2.=
502

--=20
John Marshall

--MGYHOYXEY6WxJCY8
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlWxooUACgkQw/tAaKKahKJ9DQCfXM+vKBd0uJq1GeMwEdDvx9hV
wd8AoMK1auxlauaFmywQYcQVaw0Sw6sS
=UcVr
-----END PGP SIGNATURE-----

--MGYHOYXEY6WxJCY8--