Date: Thu, 20 Aug 2015 16:34:20 -0600 From: Ian Lepore <ian@freebsd.org> To: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> Cc: freebsd-stable@freebsd.org Subject: Re: Will 10.2 also ship with a very stale NTP? Message-ID: <1440110060.242.252.camel@freebsd.org> In-Reply-To: <55B23B4E.1080400@omnilan.de> References: <20150710235810.GA76134@rwpc16.gfn.riverwillow.net.au> <20150712032256.GB19305@satori.lan> <20150712050443.GA22240@server.rulingia.com> <20150712154416.b9f3713893fe28bfab1dd4d7@dec.sakura.ne.jp> <CAGMYy3vKEUCD=Ssxt%2B2Vny4eQ7CNQHTxNKncyQnRk5dPQU6ZtA@mail.gmail.com> <20150712184910.2d8d5f085ae659d5b9a2aba0@dec.sakura.ne.jp> <1436715703.1334.193.camel@freebsd.org> <55B23B4E.1080400@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2015-07-24 at 15:19 +0200, Harald Schmalzbauer wrote: > Bezglich Ian Lepore's Nachricht vom 12.07.2015 17:41 (localtime): > > And let's all just hope that a week or two of testing is enough when > > jumping a major piece of software forward several years in its > > independent evolution. > … > > I wonder how many other such things could be lurking in 4.2.8, waiting > > to be triggered by other peoples' non-stock configurations? We've > … > > I'd like to report one, most likely an upstream problem: > > 'restrict' definitions in ntp.conf(5) no longer work with unqualified DNS names. > A line like > "restrict time1 nomodify nopeer noquery notrap" > results in: > ntpd[1913]: line 7 column 7 syntax error, unexpected T_Time1 > ntpd[1913]: syntax error in /etc/ntp.conf line 7, column 7 > > I've always been using unqualified hostnames with 'restrict', and since defining 'server' with unqualified hostname still works, this seems to be a significant bug to me. People are forced to change 'restrict' definitions, but not to also change other unqualified definitions, which potentially leads to misconfigurations, since intentionally matching definitions can now differ easily. > > Has anybody already noticed this problem? And any idea if upstream is aware? I had a quick look at this today. It appears that the problem isn't unqualified names exactly, but rather an unqualified name that exactly matches an ntp.conf keyword will be mistaken by the ntpd config parser as a misplaced keyword token. So most unqualified names should work, but there are about 200 words that won't, many of them very sensible names for ntp servers such as "ntp" and "time1" and "time2". When I look at the ntp_parser.y grammar file it's not clear to me why "server time1" works and "restrict time1" doesn't. I couldn't find any way to trick it into taking a keyword as a hostname following restrict (like using quotes). You might be able to work around it using the new "restrict source" syntax that applies the restrictions to every server association that doesn't have a more-explicit matching restrict line. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1440110060.242.252.camel>