From owner-freebsd-stable@freebsd.org Wed Feb 26 05:39:56 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 551E824C883 for ; Wed, 26 Feb 2020 05:39:56 +0000 (UTC) (envelope-from dewaynegeraghty@gmail.com) Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48S4Pk4PgDz4fxp for ; Wed, 26 Feb 2020 05:39:54 +0000 (UTC) (envelope-from dewaynegeraghty@gmail.com) Received: by mail-wr1-x430.google.com with SMTP id l5so1402103wrx.4 for ; Tue, 25 Feb 2020 21:39:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=MsNo994pKJXOx1NryVFgIIC1ljDhTLy8FYIkUF9SwRk=; b=V+3vMaSb3h1T4FfGg2C1j6SVCQQ5EU7J4Lu+GygDbXUsX9tnU9VWwYJd1qZnwZvZ6t tRb2j/i6TJEY8V1/EyNbPsckEv37LD9yd9ZdBsbzXbHHU4CZrLZ8JFHvTlJXeToQYhiG 3fKs/xOGAJ34RvRn4V82XNZ5KulbOB7wa5ON+8gNPbDbW3xXnlN4RqvpVPubt+qA++aE w0FI8pJxQfKkuMa6eKY8ViY6bJefrnwvDoxJABb/Hr/S3U1JNSq6sviN3UEAaNT7gOZ5 ahCpONNqhm4McsKj1kOc4ipjSgZnYRhirJmXOCl1bGZvuya4L5kkGXwRE8repz2F7hUE b9aw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=MsNo994pKJXOx1NryVFgIIC1ljDhTLy8FYIkUF9SwRk=; b=TUj3R+hevej7TsEYor0FfubwmjB3pXvls7lwlWmkXiPfxuaP6tu18YdrJLCD7wuRGL EEkAzmeGXQEJylNGDEsdMb2/f2IGdML3mROcLnEbsst/LvVxH80/N1nP/0G03heLYM40 z9RSpwZ6fwuWGuJ8Lh+KKruZvOtdlpU3AJAe++iVThq/kugceRWAyFuXSOMcmprvIxU2 kGsiBmrBPryyZ8FWIj4MtbV1Qc/KOUWljz1bYcRb/l13+D03RppGHBDOgBQYCUbEpkT1 rkZBt+yJ+jGQgEQBaMMENLXZwesaO3Jiz4UVCiLzrc0SN780pz/DHgcA9M5wbjH+buVX 1i+A== X-Gm-Message-State: APjAAAXDo7YUndMf9+Oqe6R/CuYZdrMAoOFai3kFPDeebCCIDwZUu2vm GmDghgtBjL+ppGApgiPL5JsTsJUV0ivuwgtY9VO7mK77GHM= X-Google-Smtp-Source: APXvYqx+4vStXeNnFjumghyl/5KS5xDd+PP1ABybgosqFosITiaqQ/5WjO0h0rVPGzDES9xvKcxPeuoVCOVXiSzCVlM= X-Received: by 2002:adf:f70f:: with SMTP id r15mr3153216wrp.269.1582695592440; Tue, 25 Feb 2020 21:39:52 -0800 (PST) MIME-Version: 1.0 From: Dewayne Geraghty Date: Wed, 26 Feb 2020 16:37:43 +1100 Message-ID: Subject: ntp problems stratum 2 to 14? To: freebsd-stable stable X-Rspamd-Queue-Id: 48S4Pk4PgDz4fxp X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=V+3vMaSb; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of dewaynegeraghty@gmail.com designates 2a00:1450:4864:20::430 as permitted sender) smtp.mailfrom=dewaynegeraghty@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE_FREEMAIL(0.00)[]; IP_SCORE(0.00)[ip: (-9.00), ipnet: 2a00:1450::/32(-2.41), asn: 15169(-1.67), country: US(-0.05)]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[0.3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Feb 2020 05:39:56 -0000 I usually run ntpd with both aslr and as user ntpd. While testing I noticed that my server with a direct network cable to my main time keeper, jumped from the expected stratum 2 to 14 as follows (I record the date so I can synch with the debug log, also below): vm.loadavg={ 0.09 0.10 0.18 } Wed 26 Feb 2020 15:16:38 AEDT remote refid st t when poll reach delay offset jitter ============================================================================== 10.0.7.6 203.35.83.242 2 u 44 64 377 0.147 -227.12 33.560 *127.127.1.1 .LOCL. 14 l 59 128 377 0.000 0.000 0.000 Wed 26 Feb 2020 15:18:46 AEDT remote refid st t when poll reach delay offset jitter ============================================================================== 10.0.7.6 LOCAL(1) 14 u 42 64 377 0.147 -227.12 44.529 *127.127.1.1 .LOCL. 14 l 59 128 377 0.000 0.000 0.000 Wed 26 Feb 2020 15:20:54 AEDT remote refid st t when poll reach delay offset jitter ============================================================================== 10.0.7.6 LOCAL(1) 14 u 42 64 377 0.147 -227.12 73.969 *127.127.1.1 .LOCL. 14 l 59 128 377 0.000 0.000 0.000 Wed 26 Feb 2020 15:23:02 AEDT remote refid st t when poll reach delay offset jitter ============================================================================== *10.0.7.6 LOCAL(1) 14 u 37 64 377 0.164 -370.64 74.119 127.127.1.1 .LOCL. 14 l 59 128 377 0.000 0.000 0.000 Time marches on Wed 26 Feb 2020 16:03:35 AEDT remote refid st t when poll reach delay offset jitter ============================================================================== *10.0.7.6 LOCAL(1) 14 u 11 64 177 0.133 -3.148 72.295 127.127.1.1 .LOCL. 14 l 406 128 10 0.000 0.000 0.000 Wed 26 Feb 2020 16:05:43 AEDT remote refid st t when poll reach delay offset jitter ============================================================================== *10.0.7.6 203.35.83.242 2 u 7 64 377 0.164 -42.789 73.762 127.127.1.1 .LOCL. 14 l 534 128 20 0.000 0.000 0.000 The debug for the above is: 26 Feb 14:58:33 ntpd[8772]: Command line: /usr/local/sbin/ntpd -c /etc/ntp.conf -g -g -u ntpd --nofork ... 26 Feb 14:58:34 ntpd[8772]: 10.0.7.6 e014 84 reachable 26 Feb 14:58:35 ntpd[8772]: LOCAL(1) 8014 84 reachable 26 Feb 15:03:40 ntpd[8772]: LOCAL(1) 901a 8a sys_peer <== bad 26 Feb 15:03:40 ntpd[8772]: 0.0.0.0 c515 05 clock_sync 26 Feb 15:22:25 ntpd[8772]: 10.0.7.6 f01a 8a sys_peer <=== Good! 26 Feb 15:22:25 ntpd[8772]: 0.0.0.0 0613 03 spike_detect -0.370644 s 26 Feb 15:30:03 ntpd[8772]: 0.0.0.0 061c 0c clock_step -0.536289 s 26 Feb 15:30:02 ntpd[8772]: 0.0.0.0 0615 05 clock_sync 26 Feb 15:30:03 ntpd[8772]: 0.0.0.0 c618 08 no_sys_peer 26 Feb 15:30:03 ntpd[8772]: 10.0.7.6 e014 84 reachable 26 Feb 15:30:07 ntpd[8772]: LOCAL(1) 8014 84 reachable 26 Feb 15:30:21 ntpd[8772]: 10.0.7.6 f01a 8a sys_peer ... 26 Feb 15:46:49 ntpd[8772]: 0.0.0.0 c618 08 no_sys_peer 26 Feb 15:46:57 ntpd[8772]: 10.0.7.6 f01a 8a sys_peer ... 26 Feb 15:56:58 ntpd[8772]: 10.0.7.6 f01a 8a sys_peer ... 26 Feb 16:24:33 ntpd[8772]: LOCAL(1) 901a 8a sys_peer <== and stays LOCAL which is now normal for this box :( Should the jump to stratum 14 be expected? Anything obviously wrong with the ntp.conf? I've had a few days of testing on what is usually a very stable (time-wise system), seems that running at prio 20 is required. /etc/ntp.conf contains rlimit memlock -1 rlimit filenum 32 driftfile /var/db/ntp/drift disable bclient server 10.0.7.6 iburst minpoll 4 maxpoll 6 version 4 key 23057 prefer server 127.127.1.1 minpoll 7 maxpoll 7 fudge 127.127.1.1 stratum 14 restrict -4 default ignore restrict -6 default ignore restrict 127.0.0.1 nomodify nopeer notrap restrict -6 ::1 nomodify nopeer notrap restrict 0.0.0.0 ignore restrict 10.0.7.6 nomodify nopeer noquery notrap ntpport restrict 10.169.168.91 mask 255.255.255.0 nomodify nopeer noquery notrap ntpport kod limited I'm also very surprised that the jitter on the server (under testing) is so poor. The internet facing time server is *x.y.z.t .ATOM. 1 u 73 512 7 23.776 34.905 95.961 but its very old and not running aslr. Any ideas or pointers would be appreciated. This is very, time consuming. :) I'm using the following command sequence as these are all being changed sysctl kern.elf64.aslr.enable=1 kern.elf64.aslr.stack_gap=1 security.mac.ntpd.enabled=1 && \ /usr/bin/proccontrol -m aslr -s disable /usr/local/sbin/ntpdate -v -a 23057 -k /etc/ntp.keys 10.0.7.6 && sleep 2 && \ /rescue/nice -n -20 /usr/bin/proccontrol -m aslr -s disable /usr/local/sbin/ntpd -c /etc/ntp.conf -g -g -u ntpd --nofork I get similar results with /usr/sbin/ntpd, I've been testing both and happened to record details for the port ntpd. Regards, Dewayne