From owner-freebsd-stable@freebsd.org Fri Aug 21 14:04:07 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D94BF9BF65C for ; Fri, 21 Aug 2015 14:04:07 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from pmta2.delivery6.ore.mailhop.org (pmta2.delivery6.ore.mailhop.org [54.200.129.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BA6E013CC for ; Fri, 21 Aug 2015 14:04:07 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from ilsoft.org (unknown [73.34.117.227]) by outbound2.ore.mailhop.org (Halon Mail Gateway) with ESMTPSA; Fri, 21 Aug 2015 14:05:30 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id t7LE3xJ6008939; Fri, 21 Aug 2015 08:03:59 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1440165839.242.260.camel@freebsd.org> Subject: Re: Will 10.2 also ship with a very stale NTP? From: Ian Lepore To: Harald Schmalzbauer Cc: freebsd-stable@freebsd.org Date: Fri, 21 Aug 2015 08:03:59 -0600 In-Reply-To: <55D6CA5C.1090905@omnilan.de> References: <20150710235810.GA76134@rwpc16.gfn.riverwillow.net.au> <20150712032256.GB19305@satori.lan> <20150712050443.GA22240@server.rulingia.com> <20150712154416.b9f3713893fe28bfab1dd4d7@dec.sakura.ne.jp> <20150712184910.2d8d5f085ae659d5b9a2aba0@dec.sakura.ne.jp> <1436715703.1334.193.camel@freebsd.org> <55B23B4E.1080400@omnilan.de> <1440110060.242.252.camel@freebsd.org> <55D6CA5C.1090905@omnilan.de> Content-Type: text/plain; charset="euc-jp" X-Mailer: Evolution 3.12.10 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Aug 2015 14:04:08 -0000 On Fri, 2015-08-21 at 08:51 +0200, Harald Schmalzbauer wrote: > Bez«äglich Ian Lepore's Nachricht vom 21.08.2015 00:34 (localtime): > > On Fri, 2015-07-24 at 15:19 +0200, Harald Schmalzbauer wrote: > >> Bezglich Ian Lepore's Nachricht vom 12.07.2015 17:41 (localtime): > >>> And let's all just hope that a week or two of testing is enough when > >>> jumping a major piece of software forward several years in its > >>> independent evolution. > >> ¡Ä > >>> I wonder how many other such things could be lurking in 4.2.8, waiting > >>> to be triggered by other peoples' non-stock configurations? We've > >> ¡Ä > >> > >> I'd like to report one, most likely an upstream problem: > >> > >> 'restrict' definitions in ntp.conf(5) no longer work with unqualified DNS names. > >> A line like > >> "restrict time1 nomodify nopeer noquery notrap" > >> results in: > >> ntpd[1913]: line 7 column 7 syntax error, unexpected T_Time1 > >> ntpd[1913]: syntax error in /etc/ntp.conf line 7, column 7 > >> > >> I've always been using unqualified hostnames with 'restrict', and since defining 'server' with unqualified hostname still works, this seems to be a significant bug to me. People are forced to change 'restrict' definitions, but not to also change other unqualified definitions, which potentially leads to misconfigurations, since intentionally matching definitions can now differ easily. > >> > >> Has anybody already noticed this problem? And any idea if upstream is aware? > > I had a quick look at this today. It appears that the problem isn't > > unqualified names exactly, but rather an unqualified name that exactly > > matches an ntp.conf keyword will be mistaken by the ntpd config parser > > as a misplaced keyword token. So most unqualified names should work, > > but there are about 200 words that won't, many of them very sensible > > names for ntp servers such as "ntp" and "time1" and "time2". > > > > When I look at the ntp_parser.y grammar file it's not clear to me why > > "server time1" works and "restrict time1" doesn't. I couldn't find any > > way to trick it into taking a keyword as a hostname following restrict > > (like using quotes). > > Thank you very much! This is very interesting and exactly matches my > tested host names. > I wish I had better C skills to find such things myself. Out of > curiosity: How much time took it to find the ntp_parser.y route? (and > with what ¡ÈIDE¡É I'm stuck with vim) > > One additional observation was that the reserved-name-collision only > happens with CNAME records. > I hope I'll find some time to actually do look into sources - which I > didn't at first hand because of my lousy C skills :-( But that's the > place where to find hints :-) > > Thanks, > I started out pretty sure what I was going to discover, based on the error you reported "syntax error, unexpected T_Time1". That 'T_Time1' just said to me "that's a yacc/bison token constant, this is going to be an error in their grammar (.y) file". The tricky part is that the .y file isn't in the base source code, I had to go find it in the vendor branch. I don't think the CNAME part matters. I tried changing my 'ntp' CNAME to a regular A record and the error still happens if I use it as an unqualified name with restrict. The IDE I use is SlickEdit, running on freebsd under the linuxulator. It's a commercial product worth every penny I've paid for various versions since the 90s. It gets the credit for a lot of my productivity. -- Ian