+++ /dev/null
---- ntp-4.2.4/ntpd/ntpd.c.groups 2006-12-29 00:02:02.000000000 +0100
-+++ ntp-4.2.4/ntpd/ntpd.c 2007-01-02 16:24:21.000000000 +0100
-@@ -874,10 +874,18 @@
- sw_uid = (uid_t)strtoul(user, &endp, 0);
- if (*endp != '\0')
- goto getuser;
-+
-+ if ((pw = getpwuid(sw_uid)) != NULL) {
-+ user = strdup(pw->pw_name);
-+ } else {
-+ user = (char *)-1;
-+ }
-+
- } else {
- getuser:
- if ((pw = getpwnam(user)) != NULL) {
- sw_uid = pw->pw_uid;
-+ sw_gid = pw->pw_gid;
- } else {
- errno = 0;
- msyslog(LOG_ERR, "Cannot find user `%s'", user);
-@@ -913,6 +921,13 @@
- exit (-1);
- }
- }
-+
-+ if (user && (user != (char *)-1) && initgroups(user, sw_gid)) {
-+ msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
-+ exit (-1);
-+ }
-+
-+
- if (group && setgid(sw_gid)) {
- msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
- exit (-1);
+++ /dev/null
---- ntp-4.2.4/ntpd/refclock_wwv.c.sprintf 2006-12-28 13:03:49.000000000 +0100
-+++ ntp-4.2.4/ntpd/refclock_wwv.c 2007-01-02 17:52:10.000000000 +0100
-@@ -1364,7 +1364,7 @@
- else
- sp->metric = wwv_metric(sp);
- if (pp->sloppyclockflag & CLK_FLAG4) {
-- sprintf(tbuf,
-+ snprintf(tbuf, sizeof (tbuf),
- "wwv8 %04x %3d %s %04x %.0f %.0f/%.1f %4ld %4ld",
- up->status, up->gain, sp->refid,
- sp->reach & 0xffff, sp->metric, sp->synmax,
-@@ -1491,7 +1491,7 @@
- }
- if ((pp->sloppyclockflag & CLK_FLAG4) && !(up->status & MSYNC))
- {
-- sprintf(tbuf,
-+ snprintf(tbuf, sizeof (tbuf),
- "wwv1 %04x %3d %4d %5.0f %5.1f %5d %4d %4d %4d",
- up->status, up->gain, tepoch, up->epomax,
- up->eposnr, tmp2, avgcnt, syncnt,
-@@ -1582,7 +1582,7 @@
- }
- }
- if (pp->sloppyclockflag & CLK_FLAG4) {
-- sprintf(tbuf,
-+ snprintf(tbuf, sizeof (tbuf),
- "wwv2 %04x %5.0f %5.1f %5d %4d %4d %4d %4.0f %7.2f",
- up->status, up->epomax, up->eposnr, mepoch,
- up->avgint, maxrun, mcount - zcount, dtemp,
-@@ -1768,7 +1768,7 @@
- struct wwvunit *up;
- struct chan *cp;
- struct sync *sp, *rp;
-- char tbuf[80]; /* monitor buffer */
-+ char tbuf[128]; /* monitor buffer */
- int sw, arg, nsec;
-
- pp = peer->procptr;
-@@ -1869,7 +1869,7 @@
- }
- rp->metric = wwv_metric(rp);
- if (pp->sloppyclockflag & CLK_FLAG4) {
-- sprintf(tbuf,
-+ snprintf(tbuf, sizeof (tbuf),
- "wwv5 %04x %3d %4d %.0f/%.1f %.0f/%.1f %s %04x %.0f %.0f/%.1f %s %04x %.0f %.0f/%.1f",
- up->status, up->gain, up->yepoch,
- up->epomax, up->eposnr, up->datsig,
-@@ -2041,7 +2041,7 @@
- }
- if ((pp->sloppyclockflag & CLK_FLAG4) && !(up->status &
- DSYNC)) {
-- sprintf(tbuf,
-+ snprintf(tbuf, sizeof (tbuf),
- "wwv3 %2d %04x %3d %4d %5.0f %5.1f %5.0f %5.1f %5.0f",
- nsec, up->status, up->gain, up->yepoch, up->epomax,
- up->eposnr, up->datsig, up->datsnr, bit);
-@@ -2212,7 +2212,7 @@
- }
- if ((pp->sloppyclockflag & CLK_FLAG4) && !(up->status &
- INSYNC)) {
-- sprintf(tbuf,
-+ snprintf(tbuf, sizeof (tbuf),
- "wwv4 %2d %04x %3d %4d %5.0f %2d %d %d %d %5.0f %5.1f",
- up->rsec - 1, up->status, up->gain, up->yepoch,
- up->epomax, vp->radix, vp->digit, vp->mldigit,
+++ /dev/null
-https://ntp.isc.org/bugs/show_bug.cgi?id=759
-
---- ntp-4.2.4p0/ntpd/ntp_proto.c.retcode 2006-12-28 13:03:32.000000000 +0100
-+++ ntp-4.2.4p0/ntpd/ntp_proto.c 2007-05-22 15:20:07.000000000 +0200
-@@ -303,7 +303,7 @@
- if (peer_ntpdate == 0) {
- msyslog(LOG_NOTICE,
- "no reply; clock not set");
-- exit (0);
-+ exit (1);
- }
- }
- }
+++ /dev/null
---- ntp-4.2.4p2/ntpd/ntp_proto.c.clockselect 2007-08-16 16:40:46.000000000 +0200
-+++ ntp-4.2.4p2/ntpd/ntp_proto.c 2007-08-16 16:31:32.000000000 +0200
-@@ -2085,10 +2085,12 @@ clock_select(void)
- typeacts->status = CTL_PST_SEL_DISTSYSPEER;
- peer_list[0] = typeacts;
- nlist = 1;
-+ error[0] = synch[0] = 0.0;
- } else if (typelocal != 0) {
- typelocal->status = CTL_PST_SEL_DISTSYSPEER;
- peer_list[0] = typelocal;
- nlist = 1;
-+ error[0] = synch[0] = 0.0;
- } else {
- if (osys_peer != NULL) {
- NLOG(NLOG_SYNCSTATUS)
+++ /dev/null
---- ntp-4.2.4p2/ntpd/ntp_config.c.filegen 2006-12-28 13:03:27.000000000 +0100
-+++ ntp-4.2.4p2/ntpd/ntp_config.c 2007-07-19 17:09:42.000000000 +0200
-@@ -1733,7 +1733,7 @@ getconfig(
- * peerkey is (ab)used for filegen type
- * peerflags is (ab)used for filegen flags
- */
-- peerversion = 0;
-+ peerversion = 1;
- peerkey = filegen->type;
- peerflags = filegen->flag;
- errflg = 0;
+++ /dev/null
-diff -up ntp-4.2.4p2/libisc/ifiter_sysctl.c.noif ntp-4.2.4p2/libisc/ifiter_sysctl.c
---- ntp-4.2.4p2/libisc/ifiter_sysctl.c.noif 2006-06-06 22:16:23.000000000 +0200
-+++ ntp-4.2.4p2/libisc/ifiter_sysctl.c 2007-09-24 16:08:55.000000000 +0200
-@@ -309,7 +309,10 @@ internal_destroy(isc_interfaceiter_t *it
- */
- }
-
--static
--void internal_first(isc_interfaceiter_t *iter) {
-+static isc_result_t
-+internal_first(isc_interfaceiter_t *iter) {
- iter->pos = 0;
-+ if (iter->pos >= iter->bufused)
-+ return (ISC_R_NOMORE);
-+ return (ISC_R_SUCCESS);
- }
-diff -up ntp-4.2.4p2/libisc/ifiter_ioctl.c.noif ntp-4.2.4p2/libisc/ifiter_ioctl.c
---- ntp-4.2.4p2/libisc/ifiter_ioctl.c.noif 2007-09-24 16:08:55.000000000 +0200
-+++ ntp-4.2.4p2/libisc/ifiter_ioctl.c 2007-09-24 16:08:55.000000000 +0200
-@@ -1098,8 +1098,8 @@ internal_destroy(isc_interfaceiter_t *it
- #endif
- }
-
--static
--void internal_first(isc_interfaceiter_t *iter) {
-+static isc_result_t
-+internal_first(isc_interfaceiter_t *iter) {
- #ifdef HAVE_TRUCLUSTER
- int clua_result;
- #endif
-@@ -1118,5 +1118,10 @@ void internal_first(isc_interfaceiter_t
- #endif
- #ifdef __linux
- linux_if_inet6_first(iter);
-+ if (iter->valid == ISC_R_SUCCESS)
-+ return (iter->valid);
- #endif
-+ if (iter->pos >= (unsigned int) iter->ifc.ifc_len)
-+ return (ISC_R_NOMORE);
-+ return (ISC_R_SUCCESS);
- }
-diff -up ntp-4.2.4p2/libisc/interfaceiter.c.noif ntp-4.2.4p2/libisc/interfaceiter.c
---- ntp-4.2.4p2/libisc/interfaceiter.c.noif 2006-06-06 22:16:24.000000000 +0200
-+++ ntp-4.2.4p2/libisc/interfaceiter.c 2007-09-24 16:08:55.000000000 +0200
-@@ -170,14 +170,11 @@ isc_interfaceiter_first(isc_interfaceite
-
- REQUIRE(VALID_IFITER(iter));
-
-- internal_first(iter);
-- for (;;) {
-+ for (result = internal_first(iter); result == ISC_R_SUCCESS;
-+ result = internal_next(iter)) {
- result = internal_current(iter);
- if (result != ISC_R_IGNORE)
- break;
-- result = internal_next(iter);
-- if (result != ISC_R_SUCCESS)
-- break;
- }
- iter->result = result;
- return (result);
-diff -up ntp-4.2.4p2/libisc/ifiter_getifaddrs.c.noif ntp-4.2.4p2/libisc/ifiter_getifaddrs.c
---- ntp-4.2.4p2/libisc/ifiter_getifaddrs.c.noif 2006-06-06 22:16:22.000000000 +0200
-+++ ntp-4.2.4p2/libisc/ifiter_getifaddrs.c 2007-09-24 16:08:55.000000000 +0200
-@@ -185,7 +185,10 @@ internal_destroy(isc_interfaceiter_t *it
- iter->ifaddrs = NULL;
- }
-
--static
--void internal_first(isc_interfaceiter_t *iter) {
-+static isc_result_t
-+internal_first(isc_interfaceiter_t *iter) {
- iter->pos = iter->ifaddrs;
-+ if (iter->pos == NULL)
-+ return (ISC_R_NOMORE);
-+ return (ISC_R_SUCCESS);
- }
+++ /dev/null
---- ntp-4.2.4p2/html/keygen.html.noseed 2007-07-18 16:03:45.000000000 +0200
-+++ ntp-4.2.4p2/html/keygen.html 2007-07-18 16:03:33.000000000 +0200
-@@ -102,6 +102,7 @@
- <p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the library routines. The OpenSSL library uses a designated random seed file for this purpose. The file must be available when starting the NTP daemon and <tt>ntp-keygen</tt> program. If a site supports OpenSSL or its companion OpenSSH, it is very likely that means to do this are already available.</p>
- <p>It is important to understand that entropy must be evolved for each generation, for otherwise the random number sequence would be predictable. Various means dependent on external events, such as keystroke intervals, can be used to do this and some systems have built-in entropy sources. Suitable means are described in the OpenSSL software documentation, but are outside the scope of this page.</p>
- <p>The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the NTP daemon or the <tt>ntp-keygen</tt> program. The NTP daemon will first look for the file using the path specified by the <tt>randfile</tt> subcommand of the <tt>crypto</tt> configuration command. If not specified in this way, or when starting the <tt>ntp-keygen</tt> program, the OpenSSL library will look for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library will look for the <tt>.rnd</tt> file in the user home directory. If the file is not available or cannot be written, the daemon exits with a message to the system log and the program exits with a suitable error message.</p>
-+ <p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p>
- <h4 id="priv">Cryptographic Data Files</h4>
- <p>All other file formats begin with two lines. The first contains the file name, including the generated host name and filestamp. The second contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are considered comments and ignored by the <i><tt>ntp-keygen </tt></i>program and <tt>ntpd</tt> daemon. Cryptographic values are encoded first using ASN.1 rules, then encrypted if necessary, and finally written PEM-encoded printable ASCII format preceded and followed by MIME content identifier lines.</p>
- <p id="symkey">The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following hte heard the keys are entered one per line in the format</p>
---- ntp-4.2.4p2/util/ntp-keygen.c.noseed 2007-06-20 13:03:23.000000000 +0200
-+++ ntp-4.2.4p2/util/ntp-keygen.c 2007-07-18 16:03:45.000000000 +0200
-@@ -362,20 +362,24 @@ main(
- */
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
-- if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
-- fprintf(stderr, "RAND_file_name %s\n",
-- ERR_error_string(ERR_get_error(), NULL));
-- return (-1);
-- }
-- temp = RAND_load_file(pathbuf, -1);
-- if (temp == 0) {
-+
-+ /* But only if openssl doesn't use /dev/urandom */
-+ if (RAND_status() != 1) {
-+ if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
-+ fprintf(stderr, "RAND_file_name %s\n",
-+ ERR_error_string(ERR_get_error(), NULL));
-+ return (-1);
-+ }
-+ temp = RAND_load_file(pathbuf, -1);
-+ if (temp == 0) {
-+ fprintf(stderr,
-+ "RAND_load_file %s not found or empty\n", pathbuf);
-+ return (-1);
-+ }
- fprintf(stderr,
-- "RAND_load_file %s not found or empty\n", pathbuf);
-- return (-1);
-+ "Random seed file %s %u bytes\n", pathbuf, temp);
-+ RAND_add(&epoch, sizeof(epoch), 4.0);
- }
-- fprintf(stderr,
-- "Random seed file %s %u bytes\n", pathbuf, temp);
-- RAND_add(&epoch, sizeof(epoch), 4.0);
- #endif
-
- /*
---- ntp-4.2.4p2/ntpd/ntp_crypto.c.noseed 2006-12-28 13:03:28.000000000 +0100
-+++ ntp-4.2.4p2/ntpd/ntp_crypto.c 2007-07-18 16:03:45.000000000 +0200
-@@ -3878,6 +3878,9 @@ crypto_setup(void)
- memset(&pubkey, 0, sizeof(pubkey));
- memset(&tai_leap, 0, sizeof(tai_leap));
-
-+ ERR_load_crypto_strings();
-+ OpenSSL_add_all_algorithms();
-+
- /*
- * Load required random seed file and seed the random number
- * generator. Be default, it is found in the user home
-@@ -3885,40 +3888,49 @@ crypto_setup(void)
- * depending on the system. Wiggle the contents a bit and write
- * it back so the sequence does not repeat when we next restart.
- */
-- ERR_load_crypto_strings();
-- if (rand_file == NULL) {
-- if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
-+
-+ /* But only if openssl doesn't use /dev/urandom */
-+ if (RAND_status() != 1) {
-+ if (rand_file == NULL) {
-+ if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
-+ rand_file = emalloc(strlen(filename) + 1);
-+ strcpy(rand_file, filename);
-+ }
-+ } else if (*rand_file != '/') {
-+ snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
-+ rand_file);
-+ free(rand_file);
- rand_file = emalloc(strlen(filename) + 1);
- strcpy(rand_file, filename);
- }
-- } else if (*rand_file != '/') {
-- snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
-- rand_file);
-- free(rand_file);
-- rand_file = emalloc(strlen(filename) + 1);
-- strcpy(rand_file, filename);
-- }
-- if (rand_file == NULL) {
-- msyslog(LOG_ERR,
-- "crypto_setup: random seed file not specified");
-- exit (-1);
-- }
-- if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
-- msyslog(LOG_ERR,
-- "crypto_setup: random seed file %s not found\n",
-- rand_file);
-- exit (-1);
-- }
-- get_systime(&seed);
-- RAND_seed(&seed, sizeof(l_fp));
-- RAND_write_file(rand_file);
-- OpenSSL_add_all_algorithms();
-+ if (rand_file == NULL) {
-+ msyslog(LOG_ERR,
-+ "crypto_setup: random seed file not specified");
-+ exit (-1);
-+ }
-+ if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
-+ msyslog(LOG_ERR,
-+ "crypto_setup: random seed file %s not found\n",
-+ rand_file);
-+ exit (-1);
-+ }
-+ get_systime(&seed);
-+ RAND_seed(&seed, sizeof(l_fp));
-+ RAND_write_file(rand_file);
- #ifdef DEBUG
-- if (debug)
-- printf(
-- "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
-- SSLeay(), rand_file, bytes);
-+ if (debug)
-+ printf(
-+ "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
-+ SSLeay(), rand_file, bytes);
- #endif
-+ } else {
-+#ifdef DEBUG
-+ if (debug)
-+ printf(
-+ "crypto_setup: OpenSSL version %lx seeding not required\n",
-+ SSLeay());
-+#endif
-+ }
-
- /*
- * Load required host key from file "ntpkey_host_<hostname>". It
+++ /dev/null
---- ntp-4.2.4p2/libisc/ifiter_ioctl.c.tentative 2006-12-28 13:03:07.000000000 +0100
-+++ ntp-4.2.4p2/libisc/ifiter_ioctl.c 2007-07-16 13:04:15.000000000 +0200
-@@ -94,6 +94,7 @@ struct isc_interfaceiter {
- #include <sys/socket.h>
- #endif
-
-+#include <linux/rtnetlink.h>
-
- /*
- * Size of buffer for SIOCGLIFCONF, in bytes. We assume no sane system
-@@ -516,6 +517,9 @@ linux_if_inet6_current(isc_interfaceiter
- if ((ifreq.ifr_flags & IFF_MULTICAST) != 0)
- iter->current.flags |= INTERFACE_F_MULTICAST;
- #endif
-+ /* ignore tentative address */
-+ if (flags & IFA_F_TENTATIVE)
-+ iter->current.flags &= ~INTERFACE_F_UP;
-
- /*
- * enable_multicast_if() requires scopeid for setsockopt,
+++ /dev/null
-diff -up ntp-4.2.4p4/ntpd/cmd_args.c.kernel ntp-4.2.4p4/ntpd/cmd_args.c
---- ntp-4.2.4p4/ntpd/cmd_args.c.kernel 2007-08-18 22:24:43.000000000 +0200
-+++ ntp-4.2.4p4/ntpd/cmd_args.c 2008-02-27 16:57:56.000000000 +0100
-@@ -179,8 +179,10 @@ getCmdOpts(
- } while (--ct > 0);
- }
-
-- if (HAVE_OPT( SLEW ))
-+ if (HAVE_OPT( SLEW )) {
- clock_max = 600;
-+ kern_enable = 0;
-+ }
-
- if (HAVE_OPT( UPDATEINTERVAL )) {
- long val = OPT_VALUE_UPDATEINTERVAL;
-diff -up ntp-4.2.4p4/ntpd/ntp_loopfilter.c.kernel ntp-4.2.4p4/ntpd/ntp_loopfilter.c
---- ntp-4.2.4p4/ntpd/ntp_loopfilter.c.kernel 2007-02-24 12:02:05.000000000 +0100
-+++ ntp-4.2.4p4/ntpd/ntp_loopfilter.c 2008-02-27 16:57:56.000000000 +0100
-@@ -337,8 +337,6 @@ local_clock(
- */
- clock_frequency = flladj = plladj = 0;
- mu = peer->epoch - sys_clocktime;
-- if (clock_max == 0 || clock_max > 0.5)
-- kern_enable = 0;
- rval = 1;
- if (fabs(fp_offset) > clock_max && clock_max > 0) {
- switch (state) {
-@@ -893,9 +891,9 @@ loop_config(
- pll_control = 1;
- memset(&ntv, 0, sizeof(ntv));
- #ifdef STA_NANO
-- ntv.modes = MOD_BITS | MOD_NANO;
-+ ntv.modes = MOD_BITS | MOD_FREQUENCY | MOD_NANO;
- #else /* STA_NANO */
-- ntv.modes = MOD_BITS;
-+ ntv.modes = MOD_BITS | MOD_FREQUENCY;
- #endif /* STA_NANO */
- ntv.maxerror = MAXDISPERSE;
- ntv.esterror = MAXDISPERSE;
-@@ -1001,6 +999,8 @@ loop_config(
- */
- case LOOP_MAX: /* step threshold */
- clock_max = freq;
-+ if (clock_max == 0 || clock_max > 0.5)
-+ kern_enable = 0;
- break;
-
- case LOOP_PANIC: /* panic threshold */
+++ /dev/null
-diff -up ntp-4.2.4p4/include/ntpd.h.multilisten ntp-4.2.4p4/include/ntpd.h
---- ntp-4.2.4p4/include/ntpd.h.multilisten 2006-12-28 13:03:06.000000000 +0100
-+++ ntp-4.2.4p4/include/ntpd.h 2007-10-25 14:48:46.000000000 +0200
-@@ -79,6 +79,8 @@ extern void enable_broadcast P((struct
- extern void enable_multicast_if P((struct interface *, struct sockaddr_storage *));
- extern void interface_dump P((struct interface *));
-
-+extern void add_specific_interface P((const char *));
-+extern void init_specific_interface P((void));
- extern void interface_update P((interface_receiver_t, void *));
- extern void init_io P((void));
- extern void input_handler P((l_fp *));
-diff -up ntp-4.2.4p4/ntpd/ntp_io.c.multilisten ntp-4.2.4p4/ntpd/ntp_io.c
---- ntp-4.2.4p4/ntpd/ntp_io.c.multilisten 2007-08-18 22:24:44.000000000 +0200
-+++ ntp-4.2.4p4/ntpd/ntp_io.c 2007-10-25 14:48:46.000000000 +0200
-@@ -66,7 +66,15 @@
- #endif /* IPv6 Support */
-
- extern int listen_to_virtual_ips;
--extern const char *specific_interface;
-+
-+/* interface names to listen on */
-+struct specific_interface {
-+ const char *name;
-+ ISC_LINK(struct specific_interface) link;
-+};
-+
-+ISC_LIST(struct specific_interface) specific_interface_list;
-+
-
- #if defined(SO_TIMESTAMP) && defined(SCM_TIMESTAMP)
- #if defined(CMSG_FIRSTHDR)
-@@ -924,14 +932,15 @@ address_okay(struct interface *iface) {
- /*
- * Check if the interface is specified
- */
-- if (specific_interface != NULL) {
-- if (strcasecmp(iface->name, specific_interface) == 0) {
-- DPRINTF(4, ("address_okay: specific interface name matched - OK\n"));
-- return (ISC_TRUE);
-- } else {
-- DPRINTF(4, ("address_okay: specific interface name NOT matched - FAIL\n"));
-- return (ISC_FALSE);
-- }
-+ if (ISC_LIST_HEAD(specific_interface_list)) {
-+ struct specific_interface *iface_;
-+ for (iface_ = ISC_LIST_HEAD(specific_interface_list); iface_ != NULL; iface_ = ISC_LIST_NEXT(iface_, link))
-+ if (strcasecmp(iface->name, iface_->name) == 0) {
-+ DPRINTF(4, ("address_okay: specific interface name matched - OK\n"));
-+ return (ISC_TRUE);
-+ }
-+ DPRINTF(4, ("address_okay: specific interface name NOT matched - FAIL\n"));
-+ return (ISC_FALSE);
- }
- else {
- if (listen_to_virtual_ips == 0 &&
-@@ -1044,6 +1053,23 @@ refresh_interface(struct interface * int
- #endif /* !OS_MISSES_SPECIFIC_ROUTE_UPDATES */
- }
-
-+void
-+add_specific_interface (const char *if_name)
-+{
-+ struct specific_interface *iface;
-+
-+ iface = (struct specific_interface *)emalloc(sizeof(struct specific_interface));
-+ iface->name = if_name;
-+ ISC_LINK_INIT(iface, link);
-+ ISC_LIST_APPEND(specific_interface_list, iface, link);
-+}
-+
-+void
-+init_specific_interface (void)
-+{
-+ ISC_LIST_INIT(specific_interface_list);
-+}
-+
- /*
- * interface_update - externally callable update function
- */
-diff -up ntp-4.2.4p4/ntpd/cmd_args.c.multilisten ntp-4.2.4p4/ntpd/cmd_args.c
---- ntp-4.2.4p4/ntpd/cmd_args.c.multilisten 2007-08-18 22:24:43.000000000 +0200
-+++ ntp-4.2.4p4/ntpd/cmd_args.c 2007-10-25 14:50:44.000000000 +0200
-@@ -22,7 +22,6 @@
- * Definitions of things either imported from or exported to outside
- */
- extern char const *progname;
--extern const char *specific_interface;
- extern short default_ai_family;
-
- #ifdef HAVE_NETINFO
-diff -up ntp-4.2.4p4/ntpd/ntpd.c.multilisten ntp-4.2.4p4/ntpd/ntpd.c
---- ntp-4.2.4p4/ntpd/ntpd.c.multilisten 2007-10-25 14:48:46.000000000 +0200
-+++ ntp-4.2.4p4/ntpd/ntpd.c 2007-10-25 14:48:46.000000000 +0200
-@@ -156,7 +156,6 @@ volatile int debug = 0; /* No debugging
- #endif
-
- int listen_to_virtual_ips = 1;
--const char *specific_interface = NULL; /* interface name or IP address to bind to */
-
- /*
- * No-fork flag. If set, we do not become a background daemon.
-@@ -537,18 +536,14 @@ ntpdmain(
- if (HAVE_OPT( NOVIRTUALIPS ))
- listen_to_virtual_ips = 0;
-
-+ init_specific_interface();
-+
- if (HAVE_OPT( INTERFACE )) {
--#if 0
- int ifacect = STACKCT_OPT( INTERFACE );
-- char** ifaces = STACKLST_OPT( INTERFACE );
-+ const char** ifaces = STACKLST_OPT( INTERFACE );
-
-- /* malloc space for the array of names */
-- while (ifacect-- > 0) {
-- next_iface = *ifaces++;
-- }
--#else
-- specific_interface = OPT_ARG( INTERFACE );
--#endif
-+ while (ifacect-- > 0)
-+ add_specific_interface(*ifaces++);
- }
-
- if (HAVE_OPT( NICE ))
+++ /dev/null
-diff -up ntp-4.2.4p5/ntpd/ntp_intres.c.resinit ntp-4.2.4p5/ntpd/ntp_intres.c
---- ntp-4.2.4p5/ntpd/ntp_intres.c.resinit 2008-08-10 13:02:43.000000000 +0200
-+++ ntp-4.2.4p5/ntpd/ntp_intres.c 2008-10-07 14:54:20.000000000 +0200
-@@ -39,6 +39,7 @@
- /**/
- #include <netinet/in.h>
- #include <arpa/inet.h>
-+#include <resolv.h>
- /**/
- #ifdef HAVE_SYS_PARAM_H
- # include <sys/param.h> /* MAXHOSTNAMELEN (often) */
-@@ -272,6 +273,7 @@ ntp_intres(void)
- * Sleep a little to make sure the network is completely up
- */
- sleep(SLEEPTIME);
-+ res_init();
- doconfigure(1);
-
- /* prepare retry, in case there's more work to do */
+++ /dev/null
-diff -up ntp-4.2.4p5/ntpd/ntpd.c.driftonexit ntp-4.2.4p5/ntpd/ntpd.c
---- ntp-4.2.4p5/ntpd/ntpd.c.driftonexit 2008-10-07 15:22:27.000000000 +0200
-+++ ntp-4.2.4p5/ntpd/ntpd.c 2008-10-07 16:29:06.000000000 +0200
-@@ -1174,7 +1174,6 @@ finish(
- {
-
- msyslog(LOG_NOTICE, "ntpd exiting on signal %d", sig);
-- write_stats();
- #ifdef HAVE_DNSREGISTRATION
- if (mdns != NULL)
- DNSServiceRefDeallocate(mdns);
+++ /dev/null
-diff -up ntp-4.2.4p5/html/authopt.html.htmldoc ntp-4.2.4p5/html/authopt.html
---- ntp-4.2.4p5/html/authopt.html.htmldoc 2006-12-28 13:02:54.000000000 +0100
-+++ ntp-4.2.4p5/html/authopt.html 2008-08-18 12:31:59.000000000 +0200
-@@ -74,7 +74,7 @@
- <dt><tt>controlkey <i>key</i></tt>
- <dd>Specifies the key identifier to use with the <a href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the standard protocol defined in RFC-1305. The <tt><i>key</i></tt> argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive.
- <dt><tt>crypto [cert <i>file</i>] [leap <i>file</i>] [randfile <i>file</i>] [host <i>file</i>] [sign <i>file</i>] [ident <i>scheme</i>] [iffpar <i>file</i>] [gqpar <i>file</i>] [mvpar <i>file</i>] [pw <i>password</i>]</tt>
-- <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/usr/local/etc</tt>. Following are the subcommands:
-+ <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/etc/ntp/crypto</tt>. Following are the subcommands:
- <dl>
- <dt><tt>cert <i>file</i></tt>
- <dd>Specifies the location of the required host public certificate file. This overrides the link <tt>ntpkey_cert_<i>hostname</i></tt> in the keys directory.
-@@ -103,7 +103,7 @@
- <dt><tt>keys <i>keyfile</i></tt>
- <dd>Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option.
- <dt><tt>keysdir <i>path</i></tt>
-- <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>.
-+ <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>.
- <dt><tt>requestkey <i>key</i></tt>
- <dd>Specifies the key identifier to use with the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>key</i></tt> argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive.
- <dt><tt>revoke [<i>logsec</i>]</tt>
-diff -up ntp-4.2.4p5/html/confopt.html.htmldoc ntp-4.2.4p5/html/confopt.html
---- ntp-4.2.4p5/html/confopt.html.htmldoc 2008-08-10 13:02:43.000000000 +0200
-+++ ntp-4.2.4p5/html/confopt.html 2008-08-18 12:31:59.000000000 +0200
-@@ -32,8 +32,8 @@
- <p>There are three types of associations: persistent, preemptable and ephemeral. Persistent associations are mobilized by a configuration command and never demobilized. Preemptable associations, which are new to NTPv4, are mobilized by a configuration command which includes the <tt>prempt</tt> flag and are demobilized by timeout or error. Ephemeral associations are mobilized upon arrival of designated messages and demobilized by timeout or error.</p>
- <dl>
- <dt><tt>server <i>address</i> [options ...]</tt><br>
-- <tt>peer <i>address</i> [</tt><tt>options ...]<br>
-- broadcast <i>address</i> [options ...]</tt><br>
-+ <tt>peer <i>address</i> [options ...]</tt><br>
-+ <tt>broadcast <i>address</i> [options ...]</tt><br>
- <tt>manycastclient <i>address</i> [options ...]</tt>
- <dd>These four commands specify the time server name or address to be used and the mode in which to operate. The <i>address</i> can be either a DNS name or a IP address in dotted-quad notation. Additional information on association behavior can be found in the <a href="assoc.html">Association Management</a> page.
- <dl>
-diff -up ntp-4.2.4p5/html/keygen.html.htmldoc ntp-4.2.4p5/html/keygen.html
---- ntp-4.2.4p5/html/keygen.html.htmldoc 2008-08-18 12:31:59.000000000 +0200
-+++ ntp-4.2.4p5/html/keygen.html 2008-08-18 12:31:59.000000000 +0200
-@@ -32,17 +32,17 @@
- </ul>
- <hr>
- <h4 id="synop">Synopsis</h4>
-- <p id="intro"><tt>ntp-keygen [ -deGgHIMnPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -p <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ]</tt></p>
-+ <p id="intro"><tt>ntp-keygen [ -deGgHIMPT ] [ -c [RSA-MD2 | RSA-MD5 | RSA-SHA | RSA-SHA1 | RSA-MDC2 | RSA-RIPEMD160 | DSA-SHA | DSA-SHA1 ] ] [ -i <i>name</i> ] [ -m <i>modulus</i> ] [ -p <i>password</i> ] [ -q <i>password</i> ] [ -S [ RSA | DSA ] ] [ -s <i>name</i> ] [ -v <i>nkeys</i> ] [ -V <i>params</i> ]</tt></p>
- <h4 id="descrip">Description</h4>
- <p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
- <p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
- <p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
- <p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
-- <p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
-+ <p>All files are installed by default in the keys directory <tt>/etc/ntp/crypto</tt>. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
- <p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
- <p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
- <h4 id="run">Running the program</h4>
-- <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/ust/local/etc</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
-+ <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/etc/ntp/crypto</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
- <p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. When necessary, a different sign key can be specified and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 and RIPE160 message digest algorithms. However, the scheme specified in the certificate must be compatible with the sign key. Certificates using any digest algorithm are compatible with RSA sign keys; however, only SHA and SHA1 certificates are compatible with DSA sign keys.</p>
- <p>Private/public key files and certificates are compatible with other OpenSSL applications and very likely other libraries as well. Certificates or certificate requests derived from them should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identification parameter files, although encoded as the other files, are probably not compatible with anything other than Autokey.</p>
- <p>Running the program as other than root and using the Unix <tt>su</tt> command to assume root may not work properly, since by default the OpenSSL library looks for the random seed file <tt>.rnd</tt> in the user home directory. However, there should be only one <tt>.rnd</tt>, most conveniently in the root directory, so it is convenient to define the <tt>$RANDFILE</tt> environment variable used by the OpenSSL library as the path to <tt>/.rnd</tt>.</p>
-@@ -81,11 +81,13 @@
- <dd>Set the suject name to <i>name</i>. This is used as the subject field in certificates and in the file name for host and sign keys.
- <dt><tt>-M</tt>
- <dd>Generate MD5 keys, obsoleting any that may exist.
-+ <dt><tt>-m <i>modulus</i></tt>
-+ <dd>Set prime modulus size in bits (256 - 2048). Default size is 512.
- <dt><tt>-P</tt>
- <dd>Generate a private certificate. By default, the program generates public certificates.
- <dt><tt>-p <i>password</i></tt>
- <dd>Encrypt generated files containing private data with <tt><i>password</i></tt> and the DES-CBC algorithm.
-- <dt><tt>-q</tt>
-+ <dt><tt>-q <i>password</i></tt>
- <dd>Set the password for reading files to <tt><i>password</i></tt>.
- <dt><tt>-S [ RSA | DSA ]</tt>
- <dd>Generate a new sign key of the designated type, obsoleting any that may exist. By default, the program uses the host key as the sign key.
-diff -up ntp-4.2.4p5/html/monopt.html.htmldoc ntp-4.2.4p5/html/monopt.html
---- ntp-4.2.4p5/html/monopt.html.htmldoc 2006-12-28 13:02:56.000000000 +0100
-+++ ntp-4.2.4p5/html/monopt.html 2008-08-18 12:31:59.000000000 +0200
-@@ -82,9 +82,7 @@
- <dl>
- <dt><i><tt>name</tt></i>
- <dd>This is the type of the statistics records, as shown in the <tt>statistics</tt> command.
-- </dl>
-- <dd><tt>file <i>filename</i></tt>
-- <dl>
-+ <dt><tt>file <i>filename</i></tt>
- <dd>This is the file name for the statistics records. Filenames of set members are built from three concatenated elements <i><tt>prefix</tt></i>, <i><tt>filename</tt></i> and <i><tt>suffix</tt></i>:
- <dl>
- <dt><i><tt>prefix</tt></i>
-@@ -94,9 +92,7 @@
- <dt><i><tt>suffix</tt></i>
- <dd>This part is reflects individual elements of a file set. It is generated according to the type of a file set.
- </dl>
-- </dl>
-- <dd><tt>type <i>typename</i></tt>
-- <dl>
-+ <dt><tt>type <i>typename</i></tt>
- <dd>A file generation set is characterized by its type. The following types are supported:
- <dl>
- <dt><tt>none</tt>
-@@ -114,13 +110,9 @@
- <dt><tt>age</tt>
- <dd>This type of file generation sets changes to a new element of the file set every 24 hours of server operation. The filename suffix consists of a dot, the letter <tt>a</tt>, and an 8-digit number. This number is taken to be the number of seconds the server is running at the start of the corresponding 24-hour period. Information is only written to a file generation by specifying <tt>enable</tt>; output is prevented by specifying <tt>disable</tt>.
- </dl>
-- </dl>
-- <dd><tt>link | nolink</tt>
-- <dl>
-+ <dt><tt>link | nolink</tt>
- <dd>It is convenient to be able to access the current element of a file generation set by a fixed name. This feature is enabled by specifying <tt>link</tt> and disabled using <tt>nolink</tt>. If <tt>link</tt> is specified, a hard link from the current file set element to a file without suffix is created. When there is already a file with this name and the number of links of this file is one, it is renamed appending a dot, the letter <tt>C</tt>, and the pid of the <tt>ntpd</tt> server process. When the number of links is greater than one, the file is unlinked. This allows the current file to be accessed by a constant name.
-- </dl>
-- <dd><tt>enable | disable</tt>
-- <dl>
-+ <dt><tt>enable | disable</tt>
- <dd>Enables or disables the recording function.
- </dl>
- </dl>
-diff -up ntp-4.2.4p7/html/ntp-wait.html.htmldoc ntp-4.2.4p7/html/ntp-wait.html
---- ntp-4.2.4p7/html/ntp-wait.html.htmldoc 2009-10-21 15:33:41.000000000 +0200
-+++ ntp-4.2.4p7/html/ntp-wait.html 2009-10-21 15:51:18.000000000 +0200
-@@ -0,0 +1,32 @@
-+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-+<html>
-+ <head>
-+ <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
-+ <meta name="generator" content="HTML Tidy, see www.w3.org">
-+ <title>ntp-wait - waits until ntpd is in synchronized state</title>
-+ <link href="scripts/style.css" type="text/css" rel="stylesheet">
-+ </head>
-+ <body>
-+ <h3><tt>ntp-wait</tt> - waits until ntpd is in synchronized state</h3>
-+ <hr>
-+ <h4>Synopsis</h4>
-+ <p><tt>ntp-wait [ -fv ] [ -n <i>tries</i> ] [ -s <i>seconds</i> ]</tt></p>
-+ <h4>Description</h4>
-+ <p>The <tt>ntp-wait</tt> program blocks until ntpd is in synchronized state.
-+ This can be useful at boot time, to delay the boot sequence
-+ until after "ntpd -g" has set the time.
-+ <h4>Command Line Options</h4>
-+ <dl>
-+ <dt><tt>-f</tt>
-+ <dd>Return a non-zero exit code if the state is unknown.
-+ <dt><tt>-n <i>tries</i></tt>
-+ <dd>Number of tries before giving up. The default is 1000.
-+ <dt><tt>-s <i>seconds</i></tt>
-+ <dd>Seconds to sleep between tries. The default is 6 seconds.
-+ <dt><tt>-v</tt>
-+ <dd>Be verbose.
-+ </dl>
-+ <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
-+ </body>
-+
-+</html>
-diff -up ntp-4.2.4p5/html/ntpd.html.htmldoc ntp-4.2.4p5/html/ntpd.html
---- ntp-4.2.4p5/html/ntpd.html.htmldoc 2006-12-28 13:02:57.000000000 +0100
-+++ ntp-4.2.4p5/html/ntpd.html 2008-08-18 12:31:59.000000000 +0200
-@@ -34,7 +34,7 @@
- </ul>
- <hr>
- <h4 id="synop">Synopsis</h4>
-- <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
-+ <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
- <h4 id="descr">Description</h4>
- <p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
- <h4 id="op">How NTP Operates</h4>
-@@ -63,8 +63,13 @@
- <p>In contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
- <p>Various internal <tt>ntpd</tt> variables can be displayed and configuration options altered while the <tt>ntpd</tt> is running using the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
- <p>When <tt>ntpd</tt> starts it looks at the value of <tt>umask</tt>, and if zero <tt>ntpd</tt> will set the <tt>umask</tt> to <tt>022</tt>.</p>
-+ <p>Unless the <tt>-n</tt>, <tt>-d</tt> or <tt>-D</tt> option is used, <tt>ntpd</tt> changes the current working directory to the root directory, so any options or commands specifying paths need to use an absolute path or a path relative to the root.</p>
- <h4 id="cmd">Command Line Options</h4>
- <dl>
-+ <dt><tt>-4</tt>
-+ <dd>Force DNS resolution of host names to the IPv4 namespace.
-+ <dt><tt>-6</tt>
-+ <dd>Force DNS resolution of host names to the IPv6 namespace.
- <dt><tt>-a</tt>
- <dd>Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the default.
- <dt><tt>-A</tt>
-@@ -78,13 +83,15 @@
- <dt><tt>-D <i>level</i></tt>
- <dd>Specify debugging level directly.
- <dt><tt>-f <i>driftfile</i></tt>
-- <dd>Specify the name and path of the frequency file, default <tt>/etc/ntp.drift</tt>. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
-+ <dd>Specify the name and path of the frequency file. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> configuration command.
- <dt><tt>-g</tt>
- <dd>Normally, <tt>ntpd</tt> exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, <tt>ntpd</tt> will exit with a message to the system log. This option can be used with the <tt>-q</tt> and <tt>-x</tt> options. See the <tt>tinker</tt> command for other options.
- <dt><tt>-i <i>jaildir</i></tt>
- <dd>Chroot the server to the directory <i>jaildir</i>. This option also implies that the server attempts to drop root privileges at startup (otherwise, chroot gives very little additional security), and it is only available if the OS supports to run the server without full root privileges. You may need to also specify a <tt>-u</tt> option.
-+ <dt><tt>-I <i>iface</i></tt>
-+ <dd>Listen on interface. This option may appear an unlimited number of times.
- <dt><tt>-k <i>keyfile</i></tt>
-- <dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp.keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
-+ <dd>Specify the name and path of the symmetric key file. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
- <dt><tt>-l <i>logfile</i></tt>
- <dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
- <dt><tt>-L</tt>
-@@ -143,7 +150,7 @@
- </tr>
- <tr>
- <td width="30%">frequency file</td>
-- <td width="30%"><tt>/etc/ntp.drift</tt></td>
-+ <td width="30%"><tt>none</tt></td>
- <td width="20%"><tt>-f</tt></td>
- <td width="20%"><tt>driftfile</tt></td>
- </tr>
-@@ -167,17 +174,20 @@
- </tr>
- <tr>
- <td width="30%">statistics path</td>
-- <td width="30%"><tt>/var/NTP</tt></td>
-+ <td width="30%"><tt>/var/log/ntpstats/</tt></td>
- <td width="20%"><tt>-s</tt></td>
- <td width="20%"><tt>statsdir</tt></td>
- </tr>
- <tr>
- <td width="30%">keys path</td>
-- <td width="30%"><tt>/usr/local/etc</tt></td>
-- <td width="20%"><tt>-k</tt></td>
-+ <td width="30%"><tt>/etc/ntp/crypto</tt></td>
-+ <td width="20%"><tt>none</tt></td>
- <td width="20%"><tt>keysdir</tt></td>
- </tr>
- </table>
-+ <h4 id="codes">Exit Codes</h4>
-+ <p>A non-zero exit code indicates an error. Any error messages are logged to the system log by default.</p>
-+ <p>The exit code is 0 only when <tt>ntpd</tt> is terminated by a signal, or when the <tt>-q</tt> option is used and <tt>ntpd</tt> successfully sets the system clock.</p>
- <hr>
- <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
- </body>
-diff -up ntp-4.2.4p5/html/ntpdate.html.htmldoc ntp-4.2.4p5/html/ntpdate.html
---- ntp-4.2.4p5/html/ntpdate.html.htmldoc 2008-08-18 12:31:59.000000000 +0200
-+++ ntp-4.2.4p5/html/ntpdate.html 2008-08-18 12:31:59.000000000 +0200
-@@ -18,9 +18,9 @@
- <hr>
- <p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
- <h4>Synopsis</h4>
-- <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
-+ <tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
- <h4>Description</h4>
-- <tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
-+ <p><tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.</p>
- <p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
- <p>Time adjustments are made by <tt>ntpdate</tt> in one of two ways. If <tt>ntpdate</tt> determines the clock is in error more than 0.5 second it will simply step the time by calling the system <tt>settimeofday()</tt> routine. If the error is less than 0.5 seconds, it will slew the time by calling the system <tt>adjtime()</tt> routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when <tt>ntpdate</tt> is run by <tt>cron</tt> every hour or two.</p>
- <p><tt>ntpdate</tt> will decline to set the date if an NTP server daemon (e.g., <tt>ntpd</tt>) is running on the same host. When running <tt>ntpdate</tt> on a regular basis from <tt>cron</tt> as an alternative to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.</p>
-@@ -33,9 +33,9 @@
- <dt><tt>-6</tt>
- <dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
- <dt><tt>-a <i>key</i></tt>
-- <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i><tt>ntpdate</tt>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
-+ <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
- <dt><tt>-B</tt>
-- <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-128 ms. The default is to step the time using settimeofday() if the offset is greater than +-128 ms. Note that, if the offset is much greater than +-128 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
-+ <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-500 ms. The default is to step the time using settimeofday() if the offset is greater than +-500 ms. Note that, if the offset is much greater than +-500 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
- <dt><tt>-b</tt>
- <dd>Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
- <dt><tt>-d</tt>
-@@ -43,9 +43,9 @@
- <dt><tt>-e <i>authdelay</i></tt>
- <dd>Specify the processing delay to perform an authentication function as the value <i>authdelay</i>, in seconds and fraction (see <tt>ntpd</tt> for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's.
- <dt><tt>-k <i>keyfile</i></tt>
-- <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
-+ <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp/keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
- <dt><tt>-o <i>version</i></tt>
-- <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 3. This allows <tt>ntpdate</tt> to be used with older NTP versions.
-+ <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions.
- <dt><tt>-p <i>samples</i></tt>
- <dd>Specify the number of samples to be acquired from each server as the integer <i>samples</i>, with values from 1 to 8 inclusive. The default is 4.
- <dt><i><tt>-q</tt></i>
-@@ -55,7 +55,7 @@
- <dt><tt>-t <i>timeout</i></tt>
- <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.
- <dt><tt>-u</tt>
-- <dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
-+ <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
- <dt><tt>-<i>v</i></tt>
- <dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
-
-@@ -67,7 +67,7 @@
- <h4>Diagnostics</h4>
- <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
- <h4>Files</h4>
-- <tt>/etc/ntp.keys</tt> - encryption keys used by <tt>ntpdate</tt>.
-+ <tt>/etc/ntp/keys</tt> - encryption keys used by <tt>ntpdate</tt>.
- <h4>Bugs</h4>
- The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables <tt>tick</tt> and <tt>tickadj</tt>.
- <hr>
-diff -up ntp-4.2.4p5/html/ntpdc.html.htmldoc ntp-4.2.4p5/html/ntpdc.html
---- ntp-4.2.4p5/html/ntpdc.html.htmldoc 2008-08-10 13:02:44.000000000 +0200
-+++ ntp-4.2.4p5/html/ntpdc.html 2008-08-18 12:38:13.000000000 +0200
-@@ -19,9 +19,9 @@
- <script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
- <hr>
- <h4>Synopsis</h4>
-- <tt>ntpdc [ -ilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
-+ <tt>ntpdc [ -46dilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
- <h4>Description</h4>
-- <tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.
-+ <p><tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.</p>
- <p>If one or more request options are included on the command line when <tt>ntpdc</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpdc</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpdc</tt> will prompt for commands if the standard input is a terminal device.</p>
- <p><tt>ntpdc</tt> uses NTP mode 7 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpdc</tt> makes no attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
- <p>The operation of <tt>ntpdc</tt> are specific to the particular implementation of the <tt>ntpd</tt> daemon and can be expected to work only with this and maybe some previous versions of the daemon. Requests from a remote <tt>ntpdc</tt> program which affect the state of the local server must be authenticated, which requires both the remote program and local server share a common key and key identifier.</p>
-@@ -35,6 +35,8 @@
- <dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
- <dt><tt>-c <i>command</i></tt>
- <dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple -c options may be given.
-+ <dt><tt>-d</tt>
-+ <dd>Turn on debugging mode.
- <dt><tt>-i</tt>
- <dd>Force <tt>ntpdc</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
- <dt><tt>-l</tt>
-@@ -134,11 +136,11 @@
- <dt><tt>addpeer <i>peer_address</i> [
- <i>keyid</i> ] [ <i>version</i> ] [
- <tt>minpoll# | prefer | iburst | burst | minpoll
-- <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
-+ <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
- <dt><tt>addpeer <i>peer_address</i> [
- <tt>prefer | iburst | burst | minpoll
- <i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
-- <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
-+ <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
- <dd>Add a configured peer association at the
- given address and operating in symmetric
- active mode. Note that an existing association
-@@ -162,15 +164,15 @@
- <tt>peer</tt> configuration file command of
- ntpd. See the <a href="confopt.html">Server Options</a> page for further information.
- Each flag (or its absence) replaces the
-- previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal.
-+ previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronization if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronization so is the PPS signal.
- <dt><tt>addserver <i>peer_address</i> [
- <i>keyid</i> ] [ <i>version</i> ] [
- <tt>minpoll# | prefer | iburst | burst | minpoll
-- <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
-+ <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
- <dt><tt>addserver <i>peer_address</i> [
- <tt>prefer | iburst | burst | minpoll
- <i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
-- <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
-+ <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
- <dd>Identical to the addpeer command, except that the operating mode is client.
- <dt><tt>broadcast <i>peer_address</i> [
- <i>keyid</i> ] [ <i>version</i> ] [ <i>prefer</i> ]</tt>
-@@ -199,9 +201,9 @@
- <dd>Returns information concerning the authentication module, including known keys and counts of encryptions and decryptions which have been done.
- <dt><tt>traps</tt>
- <dd>Display the traps set in the server. See the source listing for further information.
-- <dt><tt>addtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i> ]</tt>
-+ <dt><tt>addtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i> ]</tt>
- <dd>Set a trap for asynchronous messages. See the source listing for further information.
-- <dt><tt>clrtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i>]</tt>
-+ <dt><tt>clrtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i>]</tt>
- <dd>Clear a trap for asynchronous messages. See the source listing for further information.
- <dt><tt>reset</tt>
- <dd>Clear the statistics counters in various modules of the server. See the source listing for further information.
-diff -up ntp-4.2.4p5/html/ntpq.html.htmldoc ntp-4.2.4p5/html/ntpq.html
---- ntp-4.2.4p5/html/ntpq.html.htmldoc 2006-06-06 22:16:06.000000000 +0200
-+++ ntp-4.2.4p5/html/ntpq.html 2008-08-18 12:31:59.000000000 +0200
-@@ -19,11 +19,11 @@
- <script type="text/javascript" language="javascript" src="scripts/links12.txt"></script>
- <hr>
- <h4>Synopsis</h4>
-- <tt>ntpq [-inp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
-+ <tt>ntpq [-46dinp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
- <h4>Description</h4>
- <p>The <tt>ntpq</tt> utility program is used to monitor NTP daemon <tt>ntpd</tt> operations and determine performance. It uses the standard NTP mode 6 control message formats defined in Appendix B of the NTPv3 specification RFC1305. The same formats are used in NTPv4, although some of the variables have changed and new ones added. The description on this page is for the NTPv4 variables.</p>
- <p>The program can be run either in interactive mode or controlled using command line arguments. Requests to read and write arbitrary variables can be assembled, with raw and pretty-printed output options being available. The <tt>ntpq</tt> can also obtain and print a list of peers in a common format by sending multiple queries to the server.</p>
-- <p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt>will prompt for commands if the standard input is a terminal device.</p>
-+ <p>If one or more request options is included on the command line when <tt>ntpq</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpq</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpq</tt> will prompt for commands if the standard input is a terminal device.</p>
- <p><tt>ntpq</tt> uses NTP mode 6 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpq</tt> makes one attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
- <p>Note that in contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
- <p>For examples and usage, see the <a href="debug.html">NTP Debugging Techniques</a> page.</p>
-@@ -73,7 +73,7 @@
- <dt><tt>quit</tt>
- <dd>Exit <tt>ntpq</tt>.
- <dt><tt>raw</tt>
-- <dd>Causes all output from query commands is printed as received from the remote server. The only formating/interpretation done on the data is to transform nonascii data into a printable (but barely understandable) form.
-+ <dd>Causes all output from query commands is printed as received from the remote server. The only formatting/interpretation done on the data is to transform non-ASCII data into a printable (but barely understandable) form.
- <dt><tt>timeout <i>millseconds</i></tt>
- <dd>Specify a timeout period for responses to server queries. The default is about 5000 milliseconds. Note that since <tt>ntpq</tt> retries each query once after a timeout, the total waiting time for a timeout will be twice the timeout value set.
- </dl>
-@@ -135,7 +135,7 @@
- <dt><tt>* sys.peer</tt>
- <dd>The peer has been declared the system peer and lends its variables to the system variables.
- <dt><tt>o pps.peer</tt>
-- <dd>The peer has been declared the system peer and lends its variables to thesystem variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
-+ <dd>The peer has been declared the system peer and lends its variables to the system variables. However, the actual system synchronization is derived from a pulse-per-second (PPS) signal, either indirectly via the PPS reference clock driver or directly via kernel interface.
- </dl>
- <h4>System Variables</h4>
- <p>The <tt>status, leap, stratum, precision, rootdelay, rootdispersion, refid, reftime, poll, offset, and frequency</tt> variables are described in RFC-1305 specification. Additional NTPv4 system variables include the following.</p>
-@@ -240,14 +240,14 @@
- <dd>Access is denied. See the <a href="accopt.html">Access Control Options</a> page.
- <dt><tt>0x010 TEST5</tt>
- <dd>Cryptographic authentication fails. See the <a href="authopt.html">Authentication Options</a> page.
-- <dt><tt>0x020TEST6</tt>
-+ <dt><tt>0x020 TEST6</tt>
- <dd>The server is unsynchronized. Wind up its clock first.
- <dt><tt>0x040 TEST7</tt>
- <dd>The server stratum is at the maximum than 15. It is probably unsynchronized and its clock needs to be wound up.
- <dt><tt>0x080 TEST8</tt>
- <dd>Either the root delay or dispersion is greater than one second, which is highly unlikely unless the peer is unsynchronized to Mars.
- <dt><tt>0x100 TEST9</tt>
-- <dd>Either the peer delay or dispersion is greater than one second, which is higly unlikely unless the peer is on Mars.
-+ <dd>Either the peer delay or dispersion is greater than one second, which is highly unlikely unless the peer is on Mars.
- <dt><tt>0x200 TEST10</tt>
- <dd>The autokey protocol has detected an authentication failure. See the <a href="authopt.html">Authentication Options</a> page.
- <dt><tt>0x400 TEST11</tt>
-diff -up ntp-4.2.4p5/html/ntptrace.html.htmldoc ntp-4.2.4p5/html/ntptrace.html
---- ntp-4.2.4p5/html/ntptrace.html.htmldoc 2006-06-06 22:16:06.000000000 +0200
-+++ ntp-4.2.4p5/html/ntptrace.html 2008-08-18 12:31:59.000000000 +0200
-@@ -17,7 +17,7 @@
- <br clear="left">
- <hr>
- <h4>Synopsis</h4>
-- <tt>ntptrace [ -vdn ] [ -r <i>retries</i> ] [ -t <i>timeout</i> ] [ <i>server</i> ]</tt>
-+ <tt>ntptrace [ -n ] [ -m <i>maxhosts</i> ] [ <i>server</i> ]</tt>
- <h4>Description</h4>
- <p><tt>ntptrace</tt> determines where a given Network Time Protocol (NTP) server gets its time from, and follows the chain of NTP servers back to their master time source. If given no arguments, it starts with <tt>localhost</tt>. Here is an example of the output from <tt>ntptrace</tt>:</p>
- <pre>
-@@ -29,16 +29,8 @@ usndh.edu: stratum 1, offset 0.0019298,
- <p>On each line, the fields are (left to right): the host name, the host stratum, the time offset between that host and the local host (as measured by <tt>ntptrace</tt>; this is why it is not always zero for "<tt>localhost</tt>"), the host synchronization distance, and (only for stratum-1 servers) the reference clock ID. All times are given in seconds. Note that the stratum is the server hop count to the primary source, while the synchronization distance is the estimated error relative to the primary source. These terms are precisely defined in RFC-1305.</p>
- <h4>Options</h4>
- <dl>
-- <dt><tt>-d</tt>
-- <dd>Turns on some debugging output.
- <dt><tt>-n</tt>
- <dd>Turns off the printing of host names; instead, host IP addresses are given. This may be useful if a nameserver is down.
-- <dt><tt>-r <i>retries</i></tt>
-- <dd>Sets the number of retransmission attempts for each host (default = 5).
-- <dt><tt>-t <i>timeout</i></tt>
-- <dd>Sets the retransmission timeout (in seconds) (default = 2).
-- <dt><tt>-v</tt>
-- <dd>Prints verbose information about the NTP servers.
- </dl>
- <h4>Bugs</h4>
- <p>This program makes no attempt to improve accuracy by doing multiple samples.</p>
-diff -up ntp-4.2.4p7/html/tickadj.html.htmldoc ntp-4.2.4p7/html/tickadj.html
---- ntp-4.2.4p7/html/tickadj.html.htmldoc 2006-06-06 22:16:08.000000000 +0200
-+++ ntp-4.2.4p7/html/tickadj.html 2009-09-29 14:01:40.000000000 +0200
-@@ -14,9 +14,11 @@
- <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:50</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="246">Thursday, July 28, 2005</csobj></p>
- <hr>
- <h4>Synopsis</h4>
-- <tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt>
-+ <p><tt>tickadj [ <i>tick</i> ]</tt></p>
-+ <p><tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt></p>
- <h4>Description</h4>
- <p>The <tt>tickadj</tt> program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel <tt>/dev/kmem</tt>. Newer machines with precision time support, including Solaris, Tru64, FreeBSD and Linux (with PPSkit patch) should NOT use the program. The particular variables that can be changed with <tt>tickadj</tt> include <tt>tick</tt>, which is the number of microseconds added to the system time for a clock interrupt, <tt>tickadj</tt>, which sets the slew rate and resolution used by the <tt>adjtime</tt> system call, and <tt>dosynctodr</tt>, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.</p>
-+ <p>On Linux, only the <tt>tick</tt> variable is supported and the only allowed argument is the tick value.</p>
- <p>By default, with no arguments, <tt>tickadj</tt> reads the variables of interest in the kernel and displays them. At the same time, it determines an "optimal" value for the value of the <tt>tickadj</tt> variable if the intent is to run the <tt>ntpd</tt> Network Time Protocol (NTP) daemon, and prints this as well. Since the operation of <tt>tickadj</tt> when reading the kernel mimics the operation of similar parts of the <tt>ntpd</tt> program fairly closely, this can be useful when debugging problems with <tt>ntpd</tt>.</p>
- <p>Note that <tt>tickadj</tt> should be run with some caution when being used for the first time on different types of machines. The operations which <tt>tickadj</tt> tries to perform are not guaranteed to work on all Unix machines and may in rare cases cause the kernel to crash.</p>
- <h4>Command Line Options</h4>
-@@ -46,4 +48,4 @@
- <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
- </body>
-
--</html>
-\ No newline at end of file
-+</html>
+++ /dev/null
-diff -up ntp-4.2.4p5/ntpd/ntp_io.c.rtnetlink ntp-4.2.4p5/ntpd/ntp_io.c
---- ntp-4.2.4p5/ntpd/ntp_io.c.rtnetlink 2008-08-28 16:02:21.000000000 +0200
-+++ ntp-4.2.4p5/ntpd/ntp_io.c 2008-08-28 16:03:58.000000000 +0200
-@@ -216,6 +216,9 @@ struct vsock {
- ISC_LINK(vsock_t) link;
- };
-
-+#define HAS_ROUTING_SOCKET 1
-+#define HAVE_RTNETLINK 1
-+
- #if !defined(HAVE_IO_COMPLETION_PORT) && defined(HAS_ROUTING_SOCKET)
- /*
- * async notification processing (e. g. routing sockets)
-@@ -3858,6 +3861,10 @@ find_flagged_addr_in_list(struct sockadd
- #ifdef HAS_ROUTING_SOCKET
- #include <net/route.h>
-
-+#ifdef HAVE_RTNETLINK
-+#include <linux/rtnetlink.h>
-+#endif
-+
- #ifndef UPDATE_GRACE
- #define UPDATE_GRACE 2 /* wait UPDATE_GRACE seconds before scanning */
- #endif
-@@ -3866,9 +3873,12 @@ static void
- process_routing_msgs(struct asyncio_reader *reader)
- {
- char buffer[5120];
-- char *p = buffer;
--
-- int cnt;
-+ int cnt, msg_type;
-+#ifdef HAVE_RTNETLINK
-+ struct nlmsghdr *nh;
-+#else
-+ char *p;
-+#endif
-
- if (disable_dynamic_updates) {
- /*
-@@ -3892,8 +3902,11 @@ process_routing_msgs(struct asyncio_read
- /*
- * process routing message
- */
-- while ((p + sizeof(struct rt_msghdr)) <= (buffer + cnt))
-- {
-+#ifdef HAVE_RTNETLINK
-+ for (nh = (struct nlmsghdr *)buffer; NLMSG_OK(nh, cnt); nh = NLMSG_NEXT(nh, cnt)) {
-+ msg_type = nh->nlmsg_type;
-+#else
-+ for (p = buffer; (p + sizeof(struct rt_msghdr)) <= (buffer + cnt); p += rtm->rtm_msglen) {
- struct rt_msghdr *rtm;
-
- rtm = (struct rt_msghdr *)p;
-@@ -3903,8 +3916,9 @@ process_routing_msgs(struct asyncio_read
- delete_asyncio_reader(reader);
- return;
- }
--
-- switch (rtm->rtm_type) {
-+ msg_type = rtm->rtm_type;
-+#endif
-+ switch (msg_type) {
- #ifdef RTM_NEWADDR
- case RTM_NEWADDR:
- #endif
-@@ -3935,17 +3949,21 @@ process_routing_msgs(struct asyncio_read
- /*
- * we are keen on new and deleted addresses and if an interface goes up and down or routing changes
- */
-- DPRINTF(3, ("routing message op = %d: scheduling interface update\n", rtm->rtm_type));
-+ DPRINTF(3, ("routing message op = %d: scheduling interface update\n", msg_type));
- timer_interfacetimeout(current_time + UPDATE_GRACE);
- break;
-+#ifdef HAVE_RTNETLINK
-+ case NLMSG_DONE:
-+ /* end of multipart message */
-+ return;
-+#endif
- default:
- /*
- * the rest doesn't bother us.
- */
-- DPRINTF(4, ("routing message op = %d: ignored\n", rtm->rtm_type));
-+ DPRINTF(4, ("routing message op = %d: ignored\n", msg_type));
- break;
- }
-- p += rtm->rtm_msglen;
- }
- }
-
-@@ -3956,10 +3974,24 @@ static void
- init_async_notifications()
- {
- struct asyncio_reader *reader;
-+#ifdef HAVE_RTNETLINK
-+ int fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
-+ struct sockaddr_nl sa;
-+#else
- int fd = socket(PF_ROUTE, SOCK_RAW, 0);
-+#endif
-
- if (fd >= 0) {
- fd = move_fd(fd);
-+#ifdef HAVE_RTNETLINK
-+ memset(&sa, 0, sizeof(sa));
-+ sa.nl_family = PF_NETLINK;
-+ sa.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR;
-+ if (bind(fd, (struct sockaddr*)&sa, sizeof(sa)) < 0) {
-+ msyslog(LOG_ERR, "bind failed on routing socket (%m) - using polled interface update");
-+ return;
-+ }
-+#endif
- init_nonblocking_io(fd);
- #if defined(HAVE_SIGNALED_IO)
- init_socket_sig(fd);
+++ /dev/null
-diff -up ntp-4.2.4p7/ntpd/ntp_io.c.bcast ntp-4.2.4p7/ntpd/ntp_io.c
---- ntp-4.2.4p7/ntpd/ntp_io.c.bcast 2009-05-18 16:53:05.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_io.c 2009-05-18 16:54:19.000000000 +0200
-@@ -150,6 +150,8 @@ int ninterfaces; /* Total number of in
-
- volatile int disable_dynamic_updates; /* when set to != 0 dynamic updates won't happen */
-
-+static int pktinfo_status = 0; /* is IP_PKTINFO on wildipv4 iface enabled? */
-+
- #ifdef REFCLOCK
- /*
- * Refclock stuff. We keep a chain of structures with data concerning
-@@ -1611,6 +1613,18 @@ set_reuseaddr(int flag) {
- #endif /* ! SO_EXCLUSIVEADDRUSE */
- }
-
-+static void
-+set_pktinfo(int flag)
-+{
-+ if (wildipv4 == NULL)
-+ return;
-+ if (setsockopt(wildipv4->fd, SOL_IP, IP_PKTINFO, &flag, sizeof (flag))) {
-+ if (debug > 1)
-+ printf("setsockopt(IP_PKTINFO) failed: %s\n", strerror(errno));
-+ } else
-+ pktinfo_status = flag;
-+}
-+
- /*
- * This is just a wrapper around an internal function so we can
- * make other changes as necessary later on
-@@ -2027,6 +2041,7 @@ io_setbclient(void)
- #else
- netsyslog(LOG_ERR, "io_setbclient: Broadcast Client disabled by build");
- #endif
-+ set_pktinfo(1);
- }
-
- /*
-@@ -2049,6 +2064,7 @@ io_unsetbclient(void)
- continue;
- lstatus = socket_broadcast_disable(interf, &interf->sin);
- }
-+ set_pktinfo(0);
- }
-
- /*
-@@ -2957,7 +2973,8 @@ read_network_packet(SOCKET fd, struct in
- #ifdef HAVE_TIMESTAMP
- struct msghdr msghdr;
- struct iovec iovec;
-- char control[TIMESTAMP_CTLMSGBUF_SIZE]; /* pick up control messages */
-+ char control[sizeof (struct cmsghdr) * 2 + sizeof (struct timeval) +
-+ sizeof (struct in_pktinfo) + 32]; /* pick up control messages */
- #endif
-
- /*
-@@ -2969,7 +2986,7 @@ read_network_packet(SOCKET fd, struct in
-
- rb = get_free_recv_buffer();
-
-- if (rb == NULL || itf->ignore_packets == ISC_TRUE)
-+ if (rb == NULL || (itf->ignore_packets == ISC_TRUE && !(pktinfo_status && itf == wildipv4)))
- {
- char buf[RX_BUFF_SIZE];
- struct sockaddr_storage from;
-@@ -3031,6 +3048,34 @@ read_network_packet(SOCKET fd, struct in
- return (buflen);
- }
-
-+ if (pktinfo_status && itf->ignore_packets == ISC_TRUE && itf == wildipv4) {
-+ /* check for broadcast on 255.255.255.255, exception allowed on wildipv4 */
-+ struct cmsghdr *cmsg;
-+ struct in_pktinfo *pktinfo = NULL;
-+
-+ if ((cmsg = CMSG_FIRSTHDR(&msghdr)))
-+ do {
-+ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO)
-+ pktinfo = (struct in_pktinfo *) CMSG_DATA(cmsg);
-+ } while ((cmsg = CMSG_NXTHDR(&msghdr, cmsg)));
-+ if (pktinfo && pktinfo->ipi_addr.s_addr == INADDR_BROADCAST) {
-+#ifdef DEBUG
-+ if (debug > 3) {
-+ printf("INADDR_BROADCAST\n");
-+ }
-+#endif
-+ } else {
-+#ifdef DEBUG
-+ if (debug > 3)
-+ printf("%s on (%lu) fd=%d from %s\n", "ignore",
-+ free_recvbuffs(), fd, stoa(&rb->recv_srcadr));
-+#endif
-+ packets_ignored++;
-+ freerecvbuf(rb);
-+ return (buflen);
-+ }
-+ }
-+
- #ifdef DEBUG
- if (debug > 2) {
- if(rb->recv_srcadr.ss_family == AF_INET)
-diff -up ntp-4.2.4p7/ntpd/ntp_peer.c.bcast ntp-4.2.4p7/ntpd/ntp_peer.c
---- ntp-4.2.4p7/ntpd/ntp_peer.c.bcast 2008-08-10 13:02:40.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_peer.c 2009-05-18 16:53:05.000000000 +0200
-@@ -709,7 +709,8 @@ select_peerinterface(struct peer *peer,
- * as our (network) source address would be undefined and
- * crypto will not work without knowing the own transmit address
- */
-- if (interface != NULL && interface->flags & INT_WILDCARD)
-+ if (interface != NULL && interface->flags & INT_WILDCARD &&
-+ !(cast_flags & MDF_BCAST))
- #ifdef SYS_WINNT
- if ( !accept_wildcard_if_for_winnt )
- #endif
+++ /dev/null
-diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.daemonpll ntp-4.2.4p7/ntpd/ntp_loopfilter.c
---- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.daemonpll 2009-05-18 18:13:31.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-18 18:18:13.000000000 +0200
-@@ -489,10 +489,9 @@ local_clock(
- /*
- * For the PLL the integration interval
- * (numerator) is the minimum of the update
-- * interval and poll interval. This allows
-- * oversampling, but not undersampling.
-+ * interval and Allan intercept.
- */
-- etemp = min(mu, (u_long)ULOGTOD(sys_poll));
-+ etemp = min(mu, allan_xpt);
- dtemp = 4 * CLOCK_PLL * ULOGTOD(sys_poll);
- plladj = fp_offset * etemp / (dtemp * dtemp);
- rstclock(S_SYNC, peer->epoch, fp_offset);
-@@ -801,13 +805,10 @@ adj_host_clock(
-
- /*
- * Implement the phase and frequency adjustments. The gain
-- * factor (denominator) is not allowed to increase beyond the
-- * Allan intercept. It doesn't make sense to average phase noise
-- * beyond this point and it helps to damp residual offset at the
-- * longer poll intervals.
-+ * factor (denominator) increases with poll interval, so is
-+ * dominated by the FLL above the Allan intercept.
- */
-- adjustment = clock_offset / (CLOCK_PLL * min(ULOGTOD(sys_poll),
-- allan_xpt));
-+ adjustment = clock_offset / (CLOCK_PLL * ULOGTOD(sys_poll));
- clock_offset -= adjustment;
- adj_systime(adjustment + drift_comp);
- #endif /* LOCKCLOCK */
+++ /dev/null
-diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.freqmode ntp-4.2.4p7/ntpd/ntp_loopfilter.c
---- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.freqmode 2009-05-28 15:19:30.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-28 17:21:30.000000000 +0200
-@@ -133,6 +133,7 @@ u_long sys_clocktime; /* last system cl
- u_long pps_control; /* last pps update */
- u_long sys_tai; /* UTC offset from TAI (s) */
- static void rstclock P((int, u_long, double)); /* transition function */
-+static double direct_freq(double, u_long); /* calculate frequency directly */
-
- #ifdef KERNEL_PLL
- struct timex ntv; /* kernel API parameters */
-@@ -359,8 +360,7 @@ local_clock(
- if (mu < clock_minstep)
- return (0);
-
-- clock_frequency = (fp_offset - clock_offset) /
-- mu;
-+ clock_frequency = direct_freq(fp_offset, mu);
-
- /* fall through to S_SPIK */
-
-@@ -451,16 +451,16 @@ local_clock(
-
- /*
- * In S_FREQ state ignore updates until the stepout
-- * threshold. After that, correct the phase and
-- * frequency and switch to S_SYNC state.
-+ * threshold. After that, compute the new frequency, but
-+ * do not adjust the phase or frequency until the next
-+ * update.
- */
- case S_FREQ:
- if (mu < clock_minstep)
- return (0);
-
-- clock_frequency = (fp_offset - clock_offset) /
-- mu;
-- rstclock(S_SYNC, peer->epoch, fp_offset);
-+ clock_frequency = direct_freq(fp_offset, mu);
-+ rstclock(S_SYNC, peer->epoch, 0);
- break;
-
- /*
-@@ -590,8 +590,7 @@ local_clock(
- */
- if (clock_frequency != 0) {
- ntv.modes |= MOD_FREQUENCY;
-- ntv.freq = (int32)((clock_frequency +
-- drift_comp) * 65536e6);
-+ ntv.freq = (int32)(clock_frequency * 65536e6);
- }
- ntv.esterror = (u_int32)(clock_jitter * 1e6);
- ntv.maxerror = (u_int32)((sys_rootdelay / 2 +
-@@ -837,6 +836,43 @@ rstclock(
- last_offset = clock_offset = offset;
- }
-
-+/*
-+ * calc_freq - calculate frequency directly
-+ *
-+ * This is very carefully done. When the offset is first computed at the
-+ * first update, a residual frequency component results. Subsequently,
-+ * updates are suppresed until the end of the measurement interval while
-+ * the offset is amortized. At the end of the interval the frequency is
-+ * calculated from the current offset, residual offset, length of the
-+ * interval and residual frequency component. At the same time the
-+ * frequenchy file is armed for update at the next hourly stats.
-+ */
-+static double
-+direct_freq(
-+ double fp_offset,
-+ u_long mu
-+ )
-+{
-+
-+#ifdef KERNEL_PLL
-+ /*
-+ * If the kernel is enabled, we need the residual offset to
-+ * calculate the frequency correction.
-+ */
-+ if (pll_control && kern_enable) {
-+ memset(&ntv, 0, sizeof(ntv));
-+ ntp_adjtime(&ntv);
-+#ifdef STA_NANO
-+ clock_offset = ntv.offset / 1e9;
-+#else /* STA_NANO */
-+ clock_offset = ntv.offset / 1e6;
-+#endif /* STA_NANO */
-+ drift_comp = ntv.freq / 65536e6;
-+ }
-+#endif /* KERNEL_PLL */
-+ return (fp_offset - clock_offset) / mu + drift_comp;
-+}
-+
-
- int huffpuff_enabled()
- {
+++ /dev/null
-diff -up ntp-4.2.4p7/html/confopt.html.minpoll ntp-4.2.4p7/html/confopt.html
---- ntp-4.2.4p7/html/confopt.html.minpoll 2009-05-19 14:23:01.000000000 +0200
-+++ ntp-4.2.4p7/html/confopt.html 2009-05-19 14:27:27.000000000 +0200
-@@ -56,7 +56,7 @@
- <dd>When the server is unreachable, send a burst of eight packets instead of the usual one. The packet spacing is normally 2 s; however, the spacing between the first and second packets can be changed with the <a href="miscopt.html"><tt>calldelay</tt></a> command to allow additional time for a modem or ISDN call to complete. This option is valid with only the <tt>server</tt> command and is a recommended option with this command.<dt><tt>key</tt> <i><tt>key</tt></i>
- <dd>All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified <i><tt>key</tt></i> identifier with values from 1 to 65534, inclusive. The default is to include no encryption field. This option is valid with all commands.<dt><tt>minpoll <i>minpoll</i></tt><br>
- <tt>maxpoll <i>maxpoll</i></tt>
-- <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 4 (16 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>noselect</tt>
-+ <dd>These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the <tt>maxpoll</tt> option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the <tt>minpoll</tt> option to a lower limit of 3 (8 s). These option are valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>noselect</tt>
- <dd>Marks the server as unused, except for display purposes. The server is discarded by the selection algorithm. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>preempt</tt>
- <dd>Specifies the association as preemptable rather than the default persistent. This option is valied only with the <tt>server</tt> command.<dt><tt>prefer</tt>
- <dd>Marks the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the <a href="prefer.html">Mitigation Rules and the <tt>prefer</tt> Keyword</a> page for further information. This option is valid only with the <tt>server</tt> and <tt>peer</tt> commands.<dt><tt>true</tt>
-diff -up ntp-4.2.4p7/include/ntp.h.minpoll ntp-4.2.4p7/include/ntp.h
---- ntp-4.2.4p7/include/ntp.h.minpoll 2008-08-10 13:02:42.000000000 +0200
-+++ ntp-4.2.4p7/include/ntp.h 2009-05-19 14:23:01.000000000 +0200
-@@ -104,7 +104,7 @@ typedef char s_char;
- * Poll interval parameters
- */
- #define NTP_UNREACH 24 /* poll unreach threshold */
--#define NTP_MINPOLL 4 /* log2 min poll interval (16 s) */
-+#define NTP_MINPOLL 3 /* log2 min poll interval (8 s) */
- #define NTP_MINDPOLL 6 /* log2 default min poll (64 s) */
- #define NTP_MAXDPOLL 10 /* log2 default max poll (~17 m) */
- #define NTP_MAXPOLL 17 /* log2 max poll interval (~36 h) */
-diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.minpoll ntp-4.2.4p7/ntpd/ntp_loopfilter.c
---- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.minpoll 2009-05-19 14:23:01.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-19 14:23:01.000000000 +0200
-@@ -404,7 +404,7 @@ local_clock(
- fp_offset);
- reinit_timer();
- tc_counter = 0;
-- sys_poll = NTP_MINPOLL;
-+ sys_poll = NTP_MINPOLL + 1;
- sys_tai = 0;
- clock_jitter = LOGTOD(sys_precision);
- rval = 2;
+++ /dev/null
-diff -up ntp-4.2.4p7/include/ntp_refclock.h.sleep ntp-4.2.4p7/include/ntp_refclock.h
---- ntp-4.2.4p7/include/ntp_refclock.h.sleep 2006-06-06 22:16:19.000000000 +0200
-+++ ntp-4.2.4p7/include/ntp_refclock.h 2009-07-21 16:38:47.000000000 +0200
-@@ -260,6 +260,7 @@ extern void refclock_control P((struct s
- struct refclockstat *));
- extern int refclock_open P((char *, u_int, u_int));
- extern int refclock_setup P((int, u_int, u_int));
-+extern int refclock_timer_needed P((struct peer *));
- extern void refclock_timer P((struct peer *));
- extern void refclock_transmit P((struct peer *));
- extern int refclock_ioctl P((int, u_int));
-diff -up ntp-4.2.4p7/include/ntp_stdlib.h.sleep ntp-4.2.4p7/include/ntp_stdlib.h
---- ntp-4.2.4p7/include/ntp_stdlib.h.sleep 2006-12-28 13:03:05.000000000 +0100
-+++ ntp-4.2.4p7/include/ntp_stdlib.h 2009-07-21 16:38:47.000000000 +0200
-@@ -101,6 +101,7 @@ extern const char * FindConfig P((const
- extern void signal_no_reset P((int, RETSIGTYPE (*func)(int)));
-
- extern void getauthkeys P((const char *));
-+extern int auth_agekeys_is_needed P((void));
- extern void auth_agekeys P((void));
- extern void rereadkeys P((void));
-
-diff -up ntp-4.2.4p7/include/ntpd.h.sleep ntp-4.2.4p7/include/ntpd.h
---- ntp-4.2.4p7/include/ntpd.h.sleep 2009-07-21 16:38:47.000000000 +0200
-+++ ntp-4.2.4p7/include/ntpd.h 2009-07-21 16:38:47.000000000 +0200
-@@ -120,8 +120,10 @@ extern int leap_actual P((int));
- /* ntp_loopfilter.c */
- extern void init_loopfilter P((void));
- extern int local_clock P((struct peer *, double));
--extern void adj_host_clock P((void));
-+extern int adj_host_clock_is_needed P((void));
-+extern void adj_host_clock P((int));
- extern void loop_config P((int, double));
-+extern int huffpuff_enabled P((void));
- extern void huffpuff P((void));
- extern u_long sys_clocktime;
- extern u_long sys_tai;
-@@ -221,6 +223,7 @@ extern void hack_restrict P((int, struct
- /* ntp_timer.c */
- extern void init_timer P((void));
- extern void reinit_timer P((void));
-+extern int when_next_event P((void));
- extern void timer P((void));
- extern void timer_clr_stats P((void));
- extern void timer_interfacetimeout P((u_long));
-diff -up ntp-4.2.4p7/libntp/authkeys.c.sleep ntp-4.2.4p7/libntp/authkeys.c
---- ntp-4.2.4p7/libntp/authkeys.c.sleep 2004-02-25 06:58:03.000000000 +0100
-+++ ntp-4.2.4p7/libntp/authkeys.c 2009-07-21 16:38:47.000000000 +0200
-@@ -394,6 +394,24 @@ auth_delkeys(void)
- }
- }
-
-+int auth_agekeys_is_needed() {
-+ struct savekey *sk;
-+ int i;
-+
-+ if (authnumkeys > 20)
-+ return 1;
-+
-+ for (i = 0; i < HASHSIZE; i++) {
-+ sk = key_hash[i];
-+ while (sk != 0) {
-+ if (sk->lifetime > 0)
-+ return 1;
-+ sk = sk->next;
-+ }
-+ }
-+ return 0;
-+}
-+
- /*
- * auth_agekeys - delete keys whose lifetimes have expired
- */
-diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.sleep ntp-4.2.4p7/ntpd/ntp_loopfilter.c
---- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.sleep 2009-07-21 16:38:47.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-07-21 16:38:47.000000000 +0200
-@@ -752,6 +752,10 @@ local_clock(
- #endif /* LOCKCLOCK */
- }
-
-+int adj_host_clock_is_needed() {
-+ return !(!ntp_enable || mode_ntpdate || (pll_control &&
-+ kern_enable));
-+}
-
- /*
- * adj_host_clock - Called once every second to update the local clock.
-@@ -761,7 +765,7 @@ local_clock(
- */
- void
- adj_host_clock(
-- void
-+ int time_elapsed
- )
- {
- double adjustment;
-@@ -776,7 +780,8 @@ adj_host_clock(
- * maximum error and the local clock driver will pick it up and
- * pass to the common refclock routines. Very elegant.
- */
-- sys_rootdispersion += clock_phi;
-+ sys_rootdispersion += clock_phi * time_elapsed;
-+ DPRINTF(2, ("loopfilter: %d\n", time_elapsed));
-
- #ifndef LOCKCLOCK
- /*
-@@ -833,6 +838,11 @@ rstclock(
- }
-
-
-+int huffpuff_enabled()
-+{
-+ return sys_huffpuff != NULL;
-+}
-+
- /*
- * huff-n'-puff filter
- */
-diff -up ntp-4.2.4p7/ntpd/ntp_refclock.c.sleep ntp-4.2.4p7/ntpd/ntp_refclock.c
---- ntp-4.2.4p7/ntpd/ntp_refclock.c.sleep 2006-06-06 22:16:43.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_refclock.c 2009-07-21 16:38:47.000000000 +0200
-@@ -309,6 +309,21 @@ refclock_unpeer(
- }
-
-
-+int
-+refclock_timer_needed(
-+ struct peer *peer /* peer structure pointer */
-+ )
-+{
-+ u_char clktype;
-+ int unit;
-+
-+ clktype = peer->refclktype;
-+ unit = peer->refclkunit;
-+ if (refclock_conf[clktype]->clock_timer != noentry)
-+ return 1;
-+ return 0;
-+}
-+
- /*
- * refclock_timer - called once per second for housekeeping.
- */
-diff -up ntp-4.2.4p7/ntpd/ntp_timer.c.sleep ntp-4.2.4p7/ntpd/ntp_timer.c
---- ntp-4.2.4p7/ntpd/ntp_timer.c.sleep 2009-05-12 07:58:55.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_timer.c 2009-07-21 16:38:47.000000000 +0200
-@@ -63,6 +63,7 @@ volatile u_long alarm_overflow;
- #define HOUR (60*60)
-
- u_long current_time;
-+l_fp timer_base;
-
- /*
- * Stats. Number of overflows and number of calls to transmit().
-@@ -99,6 +100,8 @@ static RETSIGTYPE alarming P((int));
- void
- reinit_timer(void)
- {
-+ get_systime(&timer_base);
-+#if 0
- #if !defined(SYS_WINNT) && !defined(VMS)
- # if defined(HAVE_TIMER_CREATE) && defined(HAVE_TIMER_SETTIME)
- timer_gettime(ntpd_timerid, &itimer);
-@@ -132,6 +135,7 @@ reinit_timer(void)
- setitimer(ITIMER_REAL, &itimer, (struct itimerval *)0);
- # endif
- # endif /* VMS */
-+#endif
- }
-
- /*
-@@ -159,6 +163,8 @@ init_timer(void)
- timer_xmtcalls = 0;
- timer_timereset = 0;
-
-+ get_systime(&timer_base);
-+#if 0
- #if !defined(SYS_WINNT)
- /*
- * Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT
-@@ -242,6 +248,7 @@ init_timer(void)
- }
-
- #endif /* SYS_WINNT */
-+#endif
- }
-
- #if defined(SYS_WINNT)
-@@ -252,6 +259,46 @@ get_timer_handle(void)
- }
- #endif
-
-+int when_next_event() {
-+ register struct peer *peer, *next_peer;
-+ u_int n;
-+ int next = current_time + HOUR;
-+
-+ if (adj_host_clock_is_needed())
-+ return 1;
-+ for (n = 0; n < NTP_HASH_SIZE; n++) {
-+ for (peer = peer_hash[n]; peer != 0; peer = next_peer) {
-+ next_peer = peer->next;
-+#ifdef REFCLOCK
-+ if (peer->flags & FLAG_REFCLOCK && refclock_timer_needed(peer))
-+ return 1;
-+#endif /* REFCLOCK */
-+ if (peer->action && peer->nextaction < next)
-+ next = peer->nextaction;
-+ if (peer->nextdate < next)
-+ next = peer->nextdate;
-+ }
-+ }
-+
-+ if (auth_agekeys_is_needed() && keys_timer < next)
-+ next = keys_timer;
-+ if (huffpuff_enabled() && huffpuff_timer < next)
-+ next = huffpuff_timer;
-+#ifdef OPENSSL
-+ if (revoke_timer < next)
-+ next = revoke_timer;
-+#endif /* OPENSSL */
-+ if (interface_interval && interface_timer < next)
-+ next = interface_timer;
-+ if (stats_timer < next)
-+ next = stats_timer;
-+
-+ next -= current_time;
-+ if (next <= 0)
-+ next = 1;
-+ return next;
-+}
-+
- /*
- * timer - dispatch anyone who needs to be
- */
-@@ -264,14 +311,12 @@ timer(void)
- #endif /* OPENSSL */
- u_int n;
-
-- current_time += (1<<EVENT_TIMEOUT);
--
- /*
- * Adjustment timeout first.
- */
- if (adjust_timer <= current_time) {
-- adjust_timer += 1;
-- adj_host_clock();
-+ adj_host_clock(current_time - adjust_timer + 1);
-+ adjust_timer = current_time + 1;
- kod_proto();
- #ifdef REFCLOCK
- for (n = 0; n < NTP_HASH_SIZE; n++) {
-diff -up ntp-4.2.4p7/ntpd/ntpd.c.sleep ntp-4.2.4p7/ntpd/ntpd.c
---- ntp-4.2.4p7/ntpd/ntpd.c.sleep 2009-07-21 16:38:47.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntpd.c 2009-07-21 16:39:29.000000000 +0200
-@@ -179,8 +179,6 @@ extern const char *Version;
-
- char const *progname;
-
--int was_alarmed;
--
- #ifdef DECL_SYSCALL
- /*
- * We put this here, since the argument profile is syscall-specific
-@@ -434,6 +432,7 @@ set_process_priority(void)
- msyslog(LOG_ERR, "set_process_priority: No way found to improve our priority");
- }
-
-+#define TS_LAST_SIZE 2
-
- /*
- * Main program. Initialize us, disconnect us from the tty if necessary,
-@@ -446,6 +445,9 @@ ntpdmain(
- )
- {
- l_fp now;
-+ l_fp ts_last[TS_LAST_SIZE];
-+ unsigned int ts_last_index;
-+ int time_elapsed;
- struct recvbuf *rbuf;
- #ifdef _AIX /* HMS: ifdef SIGDANGER? */
- struct sigaction sa;
-@@ -998,7 +1000,11 @@ getgroup:
- #else /* normal I/O */
-
- BLOCK_IO_AND_ALARM();
-- was_alarmed = 0;
-+
-+ for (ts_last_index = 0; ts_last_index < TS_LAST_SIZE; ts_last_index++)
-+ L_CLR(&ts_last[ts_last_index]);
-+ time_elapsed = ts_last_index = 0;
-+
- for (;;)
- {
- # if !defined(HAVE_SIGNALED_IO)
-@@ -1009,39 +1015,66 @@ getgroup:
- int nfound;
- # endif
-
-- if (alarm_flag) /* alarmed? */
-- {
-- was_alarmed = 1;
-- alarm_flag = 0;
-- }
--
-- if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE)
-+ if (has_full_recv_buffer() == ISC_FALSE)
- {
- /*
- * Nothing to do. Wait for something.
- */
- # ifndef HAVE_SIGNALED_IO
-+ extern l_fp timer_base;
-+ l_fp ts, ts2, ts3;
-+ double d;
-+
- rdfdes = activefds;
--# if defined(VMS) || defined(SYS_VXWORKS)
-- /* make select() wake up after one second */
-- {
-+ ts2 = timer_base;
-+ get_systime(&ts);
-+ ts3 = ts;
-+ L_SUB(&ts3, &ts_last[ts_last_index]);
-+
-+ /* don't call when_next_event() too often */
-+ if (ts3.l_ui)
-+ ts2.l_ui += when_next_event();
-+ else
-+ ts2.l_ui += 1;
-+
-+ L_SUB(&ts2, &ts);
-+ LFPTOD(&ts2, d);
-+ DPRINTF(2, ("main: scheduled event in %f\n", d));
-+ if (d > 0.0) {
- struct timeval t1;
-
-- t1.tv_sec = 1; t1.tv_usec = 0;
-+ t1.tv_sec = d;
-+ t1.tv_usec = (d - t1.tv_sec) * 1000000;
- nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
- (fd_set *)0, &t1);
-+ get_systime(&ts);
-+ } else
-+ nfound = 0;
-+
-+ ts3 = ts;
-+ L_SUB(&ts3, &timer_base);
-+#ifdef DEBUG
-+ LFPTOD(&ts3, d);
-+ DPRINTF(2, ("main: elapsed %f\n", d));
-+#endif
-+
-+ if (ts3.l_i < 0 || ts3.l_ui > ts2.l_ui + 10) {
-+#ifdef DEBUG
-+ DPRINTF(2, ("main: unexpected time jump\n"));
-+#endif
-+ ts3.l_ui = 0;
-+ reinit_timer();
- }
--# else
-- nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
-- (fd_set *)0, (struct timeval *)0);
--# endif /* VMS */
-- if (nfound > 0)
-- {
-- l_fp ts;
-
-- get_systime(&ts);
-+ time_elapsed += ts3.l_ui;
-+ current_time += ts3.l_ui;
-+ timer_base.l_ui += ts3.l_ui;
-
-+ if (nfound > 0)
-+ {
- (void)input_handler(&ts);
-+ ts_last[ts_last_index] = ts;
-+ ts_last_index = (ts_last_index + 1) % TS_LAST_SIZE;
- }
- else if (nfound == -1 && errno != EINTR)
- netsyslog(LOG_ERR, "select() error: %m");
-@@ -1050,17 +1083,12 @@ getgroup:
- netsyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
- # endif /* DEBUG */
- # else /* HAVE_SIGNALED_IO */
--
-+# error not supported
- wait_for_signal();
- # endif /* HAVE_SIGNALED_IO */
-- if (alarm_flag) /* alarmed? */
-- {
-- was_alarmed = 1;
-- alarm_flag = 0;
-- }
- }
-
-- if (was_alarmed)
-+ if (time_elapsed)
- {
- UNBLOCK_IO_AND_ALARM();
- /*
-@@ -1068,7 +1096,7 @@ getgroup:
- * to process expiry.
- */
- timer();
-- was_alarmed = 0;
-+ time_elapsed = 0;
- BLOCK_IO_AND_ALARM();
- }
-
-@@ -1086,19 +1114,8 @@ getgroup:
- rbuf = get_full_recv_buffer();
- while (rbuf != NULL)
- {
-- if (alarm_flag)
-- {
-- was_alarmed = 1;
-- alarm_flag = 0;
-- }
- UNBLOCK_IO_AND_ALARM();
-
-- if (was_alarmed)
-- { /* avoid timer starvation during lengthy I/O handling */
-- timer();
-- was_alarmed = 0;
-- }
--
- /*
- * Call the data procedure to handle each received
- * packet.
+++ /dev/null
-diff -up ntp-4.2.4p7/include/ntp_syscall.h.stamode ntp-4.2.4p7/include/ntp_syscall.h
---- ntp-4.2.4p7/include/ntp_syscall.h.stamode 2004-02-25 06:57:56.000000000 +0100
-+++ ntp-4.2.4p7/include/ntp_syscall.h 2009-05-19 10:21:34.000000000 +0200
-@@ -14,6 +14,10 @@
- # include <sys/timex.h>
- #endif
-
-+#ifndef STA_MODE
-+#define STA_MODE 0x4000 /* mode (0 = PLL, 1 = FLL) (ro) */
-+#endif
-+
- #ifndef NTP_SYSCALLS_LIBC
- #ifdef NTP_SYSCALLS_STD
- # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t))
-diff -up ntp-4.2.4p7/ntpd/ntp_loopfilter.c.stamode ntp-4.2.4p7/ntpd/ntp_loopfilter.c
---- ntp-4.2.4p7/ntpd/ntp_loopfilter.c.stamode 2009-05-19 10:20:03.000000000 +0200
-+++ ntp-4.2.4p7/ntpd/ntp_loopfilter.c 2009-05-19 10:25:22.000000000 +0200
-@@ -644,7 +644,7 @@ local_clock(
- "kernel time sync error %04x", ntv.status);
- ntv.status &= ~(STA_PPSFREQ | STA_PPSTIME);
- } else {
-- if ((ntv.status ^ pll_status) & ~STA_FLL)
-+ if ((ntv.status ^ pll_status) & ~(STA_FLL | STA_MODE))
- NLOG(NLOG_SYNCEVENT | NLOG_SYSEVENT)
- msyslog(LOG_NOTICE,
- "kernel time sync status change %04x",
+++ /dev/null
-diff -up ntp-4.2.4p8/html/ntpd.html.mlock ntp-4.2.4p8/html/ntpd.html
---- ntp-4.2.4p8/html/ntpd.html.mlock 2009-12-08 17:56:35.000000000 +0100
-+++ ntp-4.2.4p8/html/ntpd.html 2009-12-08 17:56:35.000000000 +0100
-@@ -34,7 +34,7 @@
- </ul>
- <hr>
- <h4 id="synop">Synopsis</h4>
-- <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
-+ <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
- <h4 id="descr">Description</h4>
- <p>The <tt>ntpd</tt> program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. <tt>ntpd</tt> does most computations in 64-bit floating point arithmetic and does relatively clumsy 64-bit fixed point operations only when necessary to preserve the ultimate precision, about 232 picoseconds. While the ultimate precision is not achievable with ordinary workstations and networks of today, it may be required with future gigahertz CPU clocks and gigabit LANs.</p>
- <h4 id="op">How NTP Operates</h4>
-@@ -96,6 +96,8 @@
- <dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
- <dt><tt>-L</tt>
- <dd>Do not listen to virtual IPs. The default is to listen.
-+ <dt><tt>-m</tt>
-+ <dd>Lock memory.
- <dt><tt>-n</tt>
- <dd>Don't fork.
- <dt><tt>-N</tt>
-diff -up ntp-4.2.4p8/ntpd/ntpd-opts.c.mlock ntp-4.2.4p8/ntpd/ntpd-opts.c
---- ntp-4.2.4p8/ntpd/ntpd-opts.c.mlock 2009-12-08 14:13:09.000000000 +0100
-+++ ntp-4.2.4p8/ntpd/ntpd-opts.c 2009-12-08 17:56:35.000000000 +0100
-@@ -264,6 +264,15 @@ tSCC zNice_Name[] = "ni
- #define NICE_FLAGS (OPTST_DISABLED)
-
- /*
-+ * Mlock option description:
-+ */
-+tSCC zMlockText[] =
-+ "Lock memory";
-+tSCC zMlock_NAME[] = "MLOCK";
-+tSCC zMlock_Name[] = "mlock";
-+#define MLOCK_FLAGS (OPTST_DISABLED)
-+
-+/*
- * Pidfile option description:
- */
- tSCC zPidfileText[] =
-@@ -789,6 +798,18 @@ static tOptDesc optDesc[ OPTION_CT ] = {
- OPTST_ARG_OPTIONAL | OPTST_IMM | OPTST_NO_INIT
- #endif
-
-+ { /* entry idx, value */ 29, VALUE_OPT_MLOCK,
-+ /* equiv idx, value */ 29, VALUE_OPT_MLOCK,
-+ /* equivalenced to */ NO_EQUIVALENT,
-+ /* min, max, act ct */ 0, 1, 0,
-+ /* opt state flags */ MLOCK_FLAGS, 0,
-+ /* last opt argumnt */ { NULL },
-+ /* arg list/cookie */ NULL,
-+ /* must/cannot opts */ NULL, NULL,
-+ /* option proc */ NULL,
-+ /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name,
-+ /* disablement strs */ NULL, NULL },
-+
- { /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
- /* equiv idx value */ NO_EQUIVALENT, 0,
- /* equivalenced to */ NO_EQUIVALENT,
-@@ -881,7 +902,7 @@ tOptions ntpdOptions = {
- NO_EQUIVALENT /* index of '-#' option */,
- NO_EQUIVALENT /* index of default opt */
- },
-- 32 /* full option count */, 29 /* user option count */
-+ 33 /* full option count */, 30 /* user option count */
- };
-
- /*
-diff -up ntp-4.2.4p8/ntpd/ntpd-opts.h.mlock ntp-4.2.4p8/ntpd/ntpd-opts.h
---- ntp-4.2.4p8/ntpd/ntpd-opts.h.mlock 2009-12-08 14:13:09.000000000 +0100
-+++ ntp-4.2.4p8/ntpd/ntpd-opts.h 2009-12-08 17:56:35.000000000 +0100
-@@ -81,12 +81,13 @@ typedef enum {
- INDEX_OPT_VAR = 26,
- INDEX_OPT_DVAR = 27,
- INDEX_OPT_SLEW = 28,
-- INDEX_OPT_VERSION = 29,
-- INDEX_OPT_HELP = 30,
-- INDEX_OPT_MORE_HELP = 31
-+ INDEX_OPT_MLOCK = 29,
-+ INDEX_OPT_VERSION = 30,
-+ INDEX_OPT_HELP = 31,
-+ INDEX_OPT_MORE_HELP = 32
- } teOptIndex;
-
--#define OPTION_CT 32
-+#define OPTION_CT 33
- #define NTPD_VERSION "4.2.4p8"
- #define NTPD_FULL_VERSION "ntpd - NTP daemon program - Ver. 4.2.4p8"
-
-@@ -179,6 +180,10 @@ typedef enum {
- # warning undefining MODIFYMMTIMER due to option name conflict
- # undef MODIFYMMTIMER
- # endif
-+# ifdef MLOCK
-+# warning undefining MLOCK due to option name conflict
-+# undef MLOCK
-+# endif
- # ifdef NOFORK
- # warning undefining NOFORK due to option name conflict
- # undef NOFORK
-@@ -248,6 +253,7 @@ typedef enum {
- # undef LOGFILE
- # undef NOVIRTUALIPS
- # undef MODIFYMMTIMER
-+# undef MLOCK
- # undef NOFORK
- # undef NICE
- # undef PIDFILE
-@@ -290,6 +296,7 @@ typedef enum {
- #ifdef SYS_WINNT
- #define VALUE_OPT_MODIFYMMTIMER 'M'
- #endif /* SYS_WINNT */
-+#define VALUE_OPT_MLOCK 'm'
- #define VALUE_OPT_NOFORK 'n'
- #define VALUE_OPT_NICE 'N'
- #define VALUE_OPT_PIDFILE 'p'
-diff -up ntp-4.2.4p8/ntpd/ntpd.c.mlock ntp-4.2.4p8/ntpd/ntpd.c
---- ntp-4.2.4p8/ntpd/ntpd.c.mlock 2009-12-08 17:56:35.000000000 +0100
-+++ ntp-4.2.4p8/ntpd/ntpd.c 2009-12-08 17:56:35.000000000 +0100
-@@ -691,7 +691,8 @@ ntpdmain(
- }
- #endif
-
--#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
-+#if defined(MCL_CURRENT) && defined(MCL_FUTURE)
-+ if (HAVE_OPT( MLOCK )) {
- # ifdef HAVE_SETRLIMIT
- /*
- * Set the stack limit to something smaller, so that we don't lock a lot
-@@ -717,7 +718,7 @@ ntpdmain(
- * fail if we drop root privlege. To be useful the value
- * has to be larger than the largest ntpd resident set size.
- */
-- rl.rlim_cur = rl.rlim_max = 32*1024*1024;
-+ rl.rlim_cur = rl.rlim_max = 64*1024*1024;
- if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) {
- msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m");
- }
-@@ -729,6 +730,7 @@ ntpdmain(
- */
- if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
- msyslog(LOG_ERR, "mlockall(): %m");
-+ }
- #else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
- # ifdef HAVE_PLOCK
- # ifdef PROCLOCK
--- /dev/null
+diff -up ntp-4.2.6p1/ntpd/ntp_io.c.bcast ntp-4.2.6p1/ntpd/ntp_io.c
+--- ntp-4.2.6p1/ntpd/ntp_io.c.bcast 2009-12-09 08:36:37.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_io.c 2010-03-05 14:49:25.000000000 +0100
+@@ -151,6 +151,8 @@ int ninterfaces; /* Total number of in
+
+ int disable_dynamic_updates; /* scan interfaces once only */
+
++static int pktinfo_status = 0; /* is IP_PKTINFO on wildipv4 iface enabled? */
++
+ #ifdef REFCLOCK
+ /*
+ * Refclock stuff. We keep a chain of structures with data concerning
+@@ -1937,6 +1939,17 @@ set_reuseaddr(
+ #endif /* ! SO_EXCLUSIVEADDRUSE */
+ }
+
++static void
++set_pktinfo(int flag)
++{
++ if (wildipv4 == NULL)
++ return;
++ if (setsockopt(wildipv4->fd, SOL_IP, IP_PKTINFO, &flag, sizeof (flag))) {
++ msyslog(LOG_ERR, "set_pktinfo: setsockopt(IP_PKTINFO, %s) failed: %m", flag ? "on" : "off");
++ } else
++ pktinfo_status = flag;
++}
++
+ /*
+ * This is just a wrapper around an internal function so we can
+ * make other changes as necessary later on
+@@ -2374,6 +2387,7 @@ io_setbclient(void)
+ }
+ }
+ set_reuseaddr(0);
++ set_pktinfo(1);
+ if (nif > 0)
+ DPRINTF(1, ("io_setbclient: Opened broadcast clients\n"));
+ else if (!nif)
+@@ -2405,6 +2419,7 @@ io_unsetbclient(void)
+
+ socket_broadcast_disable(interf, &interf->sin);
+ }
++ set_pktinfo(0);
+ }
+
+ /*
+@@ -3130,7 +3145,8 @@ read_network_packet(
+ #ifdef HAVE_TIMESTAMP
+ struct msghdr msghdr;
+ struct iovec iovec;
+- char control[TIMESTAMP_CTLMSGBUF_SIZE];
++ char control[sizeof (struct cmsghdr) * 2 + sizeof (struct timeval) +
++ sizeof (struct in_pktinfo) + 32];
+ #endif
+
+ /*
+@@ -3141,7 +3157,7 @@ read_network_packet(
+ */
+
+ rb = get_free_recv_buffer();
+- if (NULL == rb || itf->ignore_packets) {
++ if (NULL == rb || (itf->ignore_packets && !(pktinfo_status && itf == wildipv4))) {
+ char buf[RX_BUFF_SIZE];
+ sockaddr_u from;
+
+@@ -3201,6 +3217,27 @@ read_network_packet(
+ return (buflen);
+ }
+
++ if (pktinfo_status && itf->ignore_packets && itf == wildipv4) {
++ /* check for broadcast on 255.255.255.255, exception allowed on wildipv4 */
++ struct cmsghdr *cmsg;
++ struct in_pktinfo *pktinfo = NULL;
++
++ if ((cmsg = CMSG_FIRSTHDR(&msghdr)))
++ do {
++ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_PKTINFO)
++ pktinfo = (struct in_pktinfo *) CMSG_DATA(cmsg);
++ } while ((cmsg = CMSG_NXTHDR(&msghdr, cmsg)));
++ if (pktinfo && pktinfo->ipi_addr.s_addr == INADDR_BROADCAST) {
++ DPRINTF(4, ("INADDR_BROADCAST\n"));
++ } else {
++ DPRINTF(4, ("%s on (%lu) fd=%d from %s\n", "ignore",
++ free_recvbuffs(), fd, stoa(&rb->recv_srcadr)));
++ packets_ignored++;
++ freerecvbuf(rb);
++ return (buflen);
++ }
++ }
++
+ DPRINTF(3, ("read_network_packet: fd=%d length %d from %s\n",
+ fd, buflen, stoa(&rb->recv_srcadr)));
+
-diff -up ntp-4.2.4p4/ntpd/ntp_io.c.cmsgalign ntp-4.2.4p4/ntpd/ntp_io.c
---- ntp-4.2.4p4/ntpd/ntp_io.c.cmsgalign 2008-03-10 20:01:21.000000000 +0100
-+++ ntp-4.2.4p4/ntpd/ntp_io.c 2008-03-10 20:04:02.000000000 +0100
-@@ -2933,8 +2933,8 @@ read_network_packet(SOCKET fd, struct in
- msghdr.msg_namelen = sizeof(rb->recv_srcadr);
+diff -up ntp-4.2.6p1/ntpd/ntp_io.c.cmsgalign ntp-4.2.6p1/ntpd/ntp_io.c
+--- ntp-4.2.6p1/ntpd/ntp_io.c.cmsgalign 2010-03-04 18:28:53.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_io.c 2010-03-04 18:30:34.000000000 +0100
+@@ -3194,8 +3194,8 @@ read_network_packet(
+ msghdr.msg_namelen = fromlen;
msghdr.msg_iov = &iovec;
msghdr.msg_iovlen = 1;
- msghdr.msg_control = (void *)&control;
---- ntp-4.2.4p0/ntpdate/ntpdate.c.droproot 2007-02-22 12:02:08.000000000 +0100
-+++ ntp-4.2.4p0/ntpdate/ntpdate.c 2007-03-07 16:06:26.000000000 +0100
-@@ -53,6 +53,12 @@
+diff -up ntp-4.2.6p1/html/ntpdate.html.droproot ntp-4.2.6p1/html/ntpdate.html
+--- ntp-4.2.6p1/html/ntpdate.html.droproot 2006-12-28 13:02:58.000000000 +0100
++++ ntp-4.2.6p1/html/ntpdate.html 2010-03-03 15:32:08.000000000 +0100
+@@ -18,7 +18,7 @@
+ <hr>
+ <p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
+ <h4>Synopsis</h4>
+- <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] <i>server</i> [ ... ]</tt>
++ <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
+ <h4>Description</h4>
+ <tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
+ <p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
+@@ -58,6 +58,11 @@
+ <dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
+ <dt><tt>-<i>v</i></tt>
+ <dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
++
++ <dt><tt>-U <i>user_name</i></tt></dt>
++ <dd>ntpdate process drops root privileges and changes user ID to
++ <i>user_name</i> and group ID to the primary group of
++ <i>server_user</i>.
+ </dl>
+ <h4>Diagnostics</h4>
+ <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
+diff -up ntp-4.2.6p1/ntpdate/ntpdate.c.droproot ntp-4.2.6p1/ntpdate/ntpdate.c
+--- ntp-4.2.6p1/ntpdate/ntpdate.c.droproot 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/ntpdate/ntpdate.c 2010-03-03 15:33:06.000000000 +0100
+@@ -48,6 +48,12 @@
#include <arpa/inet.h>
#ifdef SYS_VXWORKS
# include "ioLib.h"
# include "sockLib.h"
-@@ -159,6 +165,11 @@
+@@ -152,6 +158,11 @@ int simple_query = 0;
int unpriv_port = 0;
/*
* Program name.
*/
char *progname;
-@@ -301,6 +312,88 @@
- static ni_namelist *getnetinfoservers P((void));
+@@ -293,6 +304,88 @@ void clear_globals()
+ static ni_namelist *getnetinfoservers (void);
#endif
+/* This patch is adapted (copied) from Chris Wings drop root patch
/*
* Main program. Initialize us and loop waiting for I/O and/or
* timer expiries.
-@@ -354,7 +447,7 @@
- clear_globals();
- #endif
+@@ -340,6 +433,8 @@ ntpdatemain (
+
+ init_lib(); /* sets up ipv4_works, ipv6_works */
--
+ server_user = NULL;
- /* Check to see if we have IPv6. Otherwise force the -4 flag */
- if (isc_net_probeipv6() != ISC_R_SUCCESS) {
++
+ /* Check to see if we have IPv6. Otherwise default to IPv4 */
+ if (!ipv6_works)
ai_fam_templ = AF_INET;
-@@ -367,7 +460,7 @@
+@@ -351,7 +446,7 @@ ntpdatemain (
/*
* Decode argument list
*/
switch (c)
{
case '4':
-@@ -445,6 +538,14 @@
+@@ -429,6 +524,14 @@ ntpdatemain (
case 'u':
unpriv_port = 1;
break;
case '?':
++errflg;
break;
-@@ -454,7 +555,7 @@
+@@ -438,7 +541,7 @@ ntpdatemain (
if (errflg) {
(void) fprintf(stderr,
progname);
exit(2);
}
-@@ -574,6 +675,24 @@
+@@ -544,6 +647,24 @@ ntpdatemain (
initializing = 0;
was_alarmed = 0;
while (complete_servers < sys_numservers) {
#ifdef HAVE_POLL_H
struct pollfd* rdfdes;
---- ntp-4.2.4p0/html/ntpdate.html.droproot 2006-12-28 13:02:58.000000000 +0100
-+++ ntp-4.2.4p0/html/ntpdate.html 2007-03-07 15:57:33.000000000 +0100
-@@ -18,7 +18,7 @@
- <hr>
- <p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
- <h4>Synopsis</h4>
-- <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] <i>server</i> [ ... ]</tt>
-+ <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
- <h4>Description</h4>
- <tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
- <p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
-@@ -58,6 +58,11 @@
- <dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
- <dt><tt>-<i>v</i></tt>
- <dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
-+
-+ <dt><tt>-U <i>user_name</i></tt></dt>
-+ <dd>ntpdate process drops root privileges and changes user ID to
-+ <i>user_name</i> and group ID to the primary group of
-+ <i>server_user</i>.
- </dl>
- <h4>Diagnostics</h4>
- <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
---- ntp-4.2.4/scripts/html2man.in.html2man 2006-06-06 22:17:10.000000000 +0200
-+++ ntp-4.2.4/scripts/html2man.in 2007-01-08 12:47:31.000000000 +0100
-@@ -23,10 +23,12 @@ $MANDIR = "./man";
+diff -up ntp-4.2.6p1/scripts/html2man.in.html2man ntp-4.2.6p1/scripts/html2man.in
+--- ntp-4.2.6p1/scripts/html2man.in.html2man 2006-06-06 22:17:10.000000000 +0200
++++ ntp-4.2.6p1/scripts/html2man.in 2010-03-12 12:27:32.000000000 +0100
+@@ -23,28 +23,28 @@ $MANDIR = "./man";
'ntpq' => ['ntpq', 8, 'ntpd(8), ntpdc(8)'],
'ntpdate' => ['ntpdate', 8, 'ntpd(8)'],
'ntpdc' => ['ntpdc', 8, 'ntpd(8)'],
'authopt' => ['ntp_auth', 5, 'ntp.conf(5), ntpd(8)'],
'monopt' => ['ntp_mon', 5, 'ntp.conf(5)'],
'accopt' => ['ntp_acc', 5, 'ntp.conf(5)'],
-@@ -34,17 +34,8 @@
+ 'clockopt' => ['ntp_clock', 5, 'ntp.conf(5)'],
'miscopt' => ['ntp_misc', 5, 'ntp.conf(5)']);
++%table_headers = (
++ 'ntpd' => 'l l l l.',
++ 'ntpq' => 'l l.',
++ 'monopt' => 'l l l.',
++ 'authopt' => 'c c c c c c.'
++);
++
# Disclaimer to go in SEE ALSO section of the man page
-$seealso_disclaimer = 'These man pages are automatically hacked from the main NTP ' .
- 'documentation pages, which are maintained in HTML format. These files are ' .
mkdir $MANDIR, 0777;
mkdir "$MANDIR/man8", 0777;
-@@ -64,7 +55,8 @@
+@@ -64,7 +64,8 @@ sub process {
$fileinfo = $manfiles{$filename};
$p = HTML::TokeParser->new("$filename.html") || die "Can't open $filename.html: $!";
|| die "Can't open: $!";
$p->get_tag("title");
-@@ -73,7 +65,6 @@
+@@ -73,7 +74,6 @@ sub process {
# Setup man header
print MANOUT ".TH " . $fileinfo->[0] . " " . $fileinfo->[1] . "\n";
print MANOUT ".SH NAME\n";
$pat = $fileinfo->[0];
if ($name =~ /$pat/) {
-@@ -81,10 +72,12 @@
+@@ -81,10 +81,13 @@ sub process {
# Add the manpage name, if not in the HTML title already
print MANOUT "$fileinfo->[0] - ";
}
+ $deflevel = 0;
+ $pre = 0;
+ $ignore = 0;
++ $first_td = 1;
# Now start scanning. We basically print everything after translating some tags.
# $token->[0] has "T", "S", "E" for Text, Start, End
# $token->[1] has the tag name, or text (for "T" case)
-@@ -92,19 +85,37 @@
+@@ -92,19 +95,37 @@ sub process {
while (my $token = $p->get_token) {
if($token->[0] eq "T") {
my $text = $token->[1];
if($token->[1] eq "h4") {
my $text = uc($p->get_trimmed_text("/h4"));
- print MANOUT ".SH $text\n";
-+ # ignore these two sections in ntpd.html
++ # ignore these sections in ntpd.html
+ if ($filename eq "ntpd" &&
-+ ($text eq "FILES" || $text eq "CONFIGURATION OPTIONS")) {
++ ($text eq "CONFIGURATION OPTIONS")) {
+ $ignore = 1;
+ close(MANOUT);
+ open(MANOUT, ">/dev/null");
}
if($token->[1] eq "tt") {
push @fontstack, "tt";
-@@ -118,22 +129,30 @@
+@@ -118,22 +139,42 @@ sub process {
my $text = $p->get_trimmed_text("/address");
print MANOUT "\n.SH AUTHOR\n$text\n";
}
+ if($token->[1] eq "pre") {
+ print MANOUT "\n.nf";
+ $pre = 1;
++ }
++ if($token->[1] eq "table") {
++ print MANOUT "\n.TS\n";
++ print MANOUT "expand allbox tab(%);\n";
++ print MANOUT $table_headers{$filename};
++ print MANOUT "\n";
++ }
++ if($token->[1] eq "td") {
++ if ($first_td == 0) {
++ print MANOUT " % ";
++ }
++ $first_td = 0;
}
}
elsif($token->[0] eq "E") {
$tag = 1;
}
if($token->[1] eq "tt") {
-@@ -157,15 +176,27 @@
+@@ -157,15 +198,34 @@ sub process {
print MANOUT "$fontswitch";
}
if($token->[1] eq "dl") {
+ if($token->[1] eq "pre") {
+ print MANOUT "\n.fi";
+ $pre = 0;
++ }
++ if($token->[1] eq "table") {
++ print MANOUT ".TE\n";
++ }
++ if($token->[1] eq "tr") {
++ print MANOUT "\n";
++ $first_td = 1;
+ }
}
}
--- /dev/null
+diff -up ntp-4.2.6p1/html/authopt.html.htmldoc ntp-4.2.6p1/html/authopt.html
+--- ntp-4.2.6p1/html/authopt.html.htmldoc 2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p1/html/authopt.html 2010-03-03 18:52:34.000000000 +0100
+@@ -208,11 +208,7 @@ UTC</p>
+ <table width="100%" border="1" cellpadding="4">
+
+ <tr>
+-<td rowspan="2" align="center">Client</td>
+-<td colspan="5" align="center">Server</td>
+-</tr>
+-
+-<tr>
++<td align="center">Client/Server</td>
+ <td align="center">NONE</td>
+ <td align="center">AUTH</td>
+ <td align="center">PC</td>
+@@ -363,7 +363,7 @@ UTC</p>
+ are left unspecified, the default names are used as described below. Unless
+ the complete path and name of the file are specified, the location of a file
+ is relative to the keys directory specified in the <tt>keysdir</tt> configuration
+- command or default <tt>/usr/local/etc</tt>. Following are the options.</dd>
++ command or default <tt>/etc/ntp/crypto</tt>. Following are the options.</dd>
+
+ <dd><dl>
+
+@@ -395,7 +395,7 @@ UTC</p>
+ <dd>Specifies the complete path to the MD5 key file containing the keys and key IDs used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option. Note that the directory path for Autokey media is specified by the <tt>keysdir</tt> command.</dd>
+
+ <dt id="keysdir"><tt>keysdir <i>path</i></tt>K</dt>
+-<dd>This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
++<dd>This command specifies the default directory path for Autokey cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>. Note that the path for the symmetric keys file is specified by the <tt>keys</tt> command.</dd>
+
+ <dt id="requestkey"><tt>requestkey <i>key</i></tt></dt>
+ <dd>Specifies the key ID to use with the <a href="ntpq.html"><tt>ntpq</tt></a> and <a href="ntpdc.html"><tt>ntpdc</tt></a> utility programs, which uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>key</i></tt> argument is a key ID for the trusted key, where the value can be in the range 1 to 65,534, inclusive.</dd>
+@@ -472,4 +472,4 @@ UTC</p>
+
+ </body>
+
+-</html>
+\ No newline at end of file
++</html>
+diff -up ntp-4.2.6p1/html/keygen.html.htmldoc ntp-4.2.6p1/html/keygen.html
+--- ntp-4.2.6p1/html/keygen.html.htmldoc 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/html/keygen.html 2010-03-03 18:52:34.000000000 +0100
+@@ -90,7 +90,7 @@
+
+ <p>The <tt>pw</tt> option of the <tt>crypto</tt> configuration command specifies the read password for previously encrypted files. This must match the local password used by this program. If not specified, the host name is used. Thus, if files are generated by this program without password, they can be read back by <tt>ntpd</tt> without password, but only on the same host.</p>
+
+-<p>All files and links are usually installed in the directory <tt>/usr/local/etc</tt>,
++<p>All files and links are usually installed in the directory <tt>/etc/ntp/crypto</tt>,
+ which is normally in a shared filesystem in NFS-mounted networks and cannot
+ be changed by shared clients. The location of the keys directory can be changed
+ by the <tt>keysdir</tt> configuration command in such cases. Normally, encrypted
+@@ -101,7 +101,7 @@
+
+ <h4 id="run">Running the Program</h4>
+
+-<p>To test and gain experience with Autokey concepts, log in as root and change to the keys directory, usually <tt>/usr/local/etc</tt>. When run for the first time, or if all files with names beginning <tt>ntpkey</tt> have been removed, use the <tt>ntp-keygen </tt>command without arguments to generate a default RSA host key and matching RSA-MD5 certificate with expiration date one year hence. If run again, the program uses the existing keys and parameters and generates only a new certificate with new expiration date one year hence; however, the certificate is not generated if the <tt>-e</tt> or <tt>-q</tt> options are present.</p>
++<p>To test and gain experience with Autokey concepts, log in as root and change to the keys directory, usually <tt>/etc/ntp/crypto</tt>. When run for the first time, or if all files with names beginning <tt>ntpkey</tt> have been removed, use the <tt>ntp-keygen </tt>command without arguments to generate a default RSA host key and matching RSA-MD5 certificate with expiration date one year hence. If run again, the program uses the existing keys and parameters and generates only a new certificate with new expiration date one year hence; however, the certificate is not generated if the <tt>-e</tt> or <tt>-q</tt> options are present.</p>
+
+ <p>Run the command on as many hosts as necessary. Designate one of them as the trusted host (TH) using <tt>ntp-keygen</tt> with the <tt>-T</tt> option and configure it to synchronize from reliable Internet servers. Then configure the other hosts to synchronize to the TH directly or indirectly. A certificate trail is created when Autokey asks the immediately ascendant host towards the TH to sign its certificate, which is then provided to the immediately descendant host on request. All group hosts should have acyclic certificate trails ending on the TH.</p>
+
+@@ -206,6 +206,7 @@
+ <p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the OpenSSL library routines. If a site supports <tt>ssh</tt>, it is very likely that means to do this are already available. The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the <tt>ntp-keygen</tt> program or <tt>ntpd</tt> daemon.</p>
+
+ <p>The OpenSSL library looks for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library looks for the <tt>.rnd</tt> file in the user home directory. Since both the <tt>ntp-keygen</tt> program and <tt>ntpd</tt> daemon must run as root, the logical place to put this file is in <tt>/.rnd</tt> or <tt>/root/.rnd</tt>. If the file is not available or cannot be written, the program exits with a message to the system log.</p>
++<p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p>
+
+ <h4 id="priv">Cryptographic Data Files</h4>
+
+@@ -237,4 +238,4 @@
+
+ </body>
+
+-</html>
+\ No newline at end of file
++</html>
+diff -up ntp-4.2.6p1/html/ntp-wait.html.htmldoc ntp-4.2.6p1/html/ntp-wait.html
+--- ntp-4.2.6p1/html/ntp-wait.html.htmldoc 2010-03-03 18:52:34.000000000 +0100
++++ ntp-4.2.6p1/html/ntp-wait.html 2010-03-03 19:21:11.000000000 +0100
+@@ -0,0 +1,30 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
++<html>
++ <head>
++ <meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
++ <meta name="generator" content="HTML Tidy, see www.w3.org">
++ <title>ntp-wait - waits until ntpd is in synchronized state</title>
++ <link href="scripts/style.css" type="text/css" rel="stylesheet">
++ </head>
++ <body>
++ <h3><tt>ntp-wait</tt> - waits until ntpd is in synchronized state</h3>
++ <hr>
++ <h4>Synopsis</h4>
++ <p><tt>ntp-wait [ -v ] [ -n <i>tries</i> ] [ -s <i>seconds</i> ]</tt></p>
++ <h4>Description</h4>
++ <p>The <tt>ntp-wait</tt> program blocks until ntpd is in synchronized state.
++ This can be useful at boot time, to delay the boot sequence
++ until after "ntpd -g" has set the time.
++ <h4>Command Line Options</h4>
++ <dl>
++ <dt><tt>-n <i>tries</i></tt>
++ <dd>Number of tries before giving up. The default is 1000.
++ <dt><tt>-s <i>seconds</i></tt>
++ <dd>Seconds to sleep between tries. The default is 6 seconds.
++ <dt><tt>-v</tt>
++ <dd>Be verbose.
++ </dl>
++ <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
++ </body>
++
++</html>
+diff -up ntp-4.2.6p1/html/ntpd.html.htmldoc ntp-4.2.6p1/html/ntpd.html
+--- ntp-4.2.6p1/html/ntpd.html.htmldoc 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/html/ntpd.html 2010-03-03 18:52:34.000000000 +0100
+@@ -32,7 +32,7 @@
+ </ul>
+ <hr>
+ <h4 id="synop">Synopsis</h4>
+- <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
++ <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+ <h4 id="descr">Description</h4>
+ <p>The <tt>ntpd</tt> program is an operating system daemon that synchronises the system clock with remote NTP time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the <a href="assoc.html">Association Management</a> page, and with both symmetric key and public key cryptography, as described on the <a href="manyopt.html">Authentication Options</a> page.</p>
+ <p>The <tt>ntpd</tt> program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the <a href="manyopt.html">Automatic Server Discovery</a> page.</p>
+@@ -44,7 +44,7 @@
+ <p>The issues should be carefully considered before using these options. The maximum slew rate possible is limited to 500 parts-per-million (PPM) by the Unix kernel. As a result, the clock can take 2000 s for each second the clock is outside the acceptable range. During this interval the clock will not be consistent with any other network clock and the system cannot be used for distributed applications that require correctly synchronized network time.</p>
+ <p>The frequency file, usually called <tt>ntp.drift</tt>, contains the latest estimate of clock frequency. If this file does not exist when <tt>ntpd</tt> is started, it enters a special mode designed to measure the particular frequency directly. The measurement takes 15 minutes, after which the frequency is set and <tt>ntpd</tt> resumes normal mode where the time and frequency are continuously adjusted. The frequency file is updated at intervals of an hour or more depending on the measured clock stability.</p>
+ <h4 id="modes">Operating Modes</h4>
+- <p>The <tt>ntpd</tt> program normally operates continuously while adjusting the time and frequency, but in some cases it may not be practical to run it continuously. With the <tt>-q</tt> option <tt>ntpd</tt> operates as in continous mode, but exits just after setting the clock for the first time. Most applications will probably want to specify the <tt>iburst</tt> option with the <tt>server</tt> command. With this option a volley of messages is exchanged to groom the data and set the clock in about 10 s. If nothing is heard after a few minutes, the daemon times out and exits.</p>
++ <p>The <tt>ntpd</tt> program normally operates continuously while adjusting the time and frequency, but in some cases it may not be practical to run it continuously. With the <tt>-q</tt> option <tt>ntpd</tt> operates as in continous mode, but exits just after setting the clock for the first time with the configured servers. Most applications will probably want to specify the <tt>iburst</tt> option with the <tt>server</tt> command. With this option a volley of messages is exchanged to groom the data and set the clock in about 10 s. If nothing is heard after a few minutes, the daemon times out and exits.</p>
+ <h4 id="poll">Poll Interval Control</h4>
+ <p>NTP uses an intricate heuristic algorithm to automatically control the poll interval for maximum accuracy consistent with minimum network overhead. The algorithm measures the incidental offset and jitter to determine the best poll interval. When <tt>ntpd</tt> starts, the interval is the default minimum 64 s. Under normal conditions when the clock discipline has stabilized, the interval increases in steps to the default maximum 1024 s. In addition, should a server become unreachable after some time, the interval increases in steps to the maximum in order to reduce network overhead.</p>
+ <p>The default poll interval range is suitable for most conditions, but can be changed using options on the <a href="confopt.html">Server Options</a> and <a href="miscopt.html">Miscellaneous Options</a> pages. However, when using maximum intervals much larger than the default, the residual clock frequency error must be small enough for the discipline loop to capture and correct. The capture range is 500 PPM with a 64-s interval decreasing by a factor of two for each interval doubling. At a 36-hr interval, for example, the capture range is only 0.24 PPM.</p>
+@@ -88,8 +88,13 @@
+ <p>In contexts where a host name is expected, a <tt>-4</tt> qualifier preceding the host name forces DNS resolution to the IPv4 namespace, while a <tt>-6</tt> qualifier forces DNS resolution to the IPv6 namespace.</p>
+ <p>Various internal <tt>ntpd</tt> variables can be displayed and configuration options altered while the <tt>ntpd</tt> is running using the <tt><a href="ntpq.html">ntpq</a></tt> and <tt><a href="ntpdc.html">ntpdc</a></tt> utility programs.</p>
+ <p>When <tt>ntpd</tt> starts it looks at the value of <tt>umask</tt>, and if zero <tt>ntpd</tt> will set the <tt>umask</tt> to <tt>022</tt>.</p>
++ <p>Unless the <tt>-n</tt>, <tt>-d</tt> or <tt>-D</tt> option is used, <tt>ntpd</tt> changes the current working directory to the root directory, so any options or commands specifying paths need to use an absolute path or a path relative to the root.</p>
+ <h4 id="cmd">Command Line Options</h4>
+ <dl>
++ <dt><tt>-4</tt>
++ <dd>Force DNS resolution of host names to the IPv4 namespace.
++ <dt><tt>-6</tt>
++ <dd>Force DNS resolution of host names to the IPv6 namespace.
+ <dt><tt>-a</tt></dt>
+ <dd>Require cryptographic authentication for broadcast client, multicast client and symmetric passive associations. This is the same operation as the <tt>enable auth</tt> command and is the default.</dd>
+ <dt><tt>-A</tt></dt>
+@@ -103,7 +108,7 @@
+ <dt><tt>-D <i>level</i></tt></dt>
+ <dd>Specify debugging level directly.</dd>
+ <dt><tt>-f <i>driftfile</i></tt></dt>
+- <dd>Specify the name and path of the frequency file, default <tt>/etc/ntp.drift</tt>. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> command.</dd>
++ <dd>Specify the name and path of the frequency file. This is the same operation as the <tt>driftfile <i>driftfile</i></tt> command.</dd>
+ <dt><tt>-g</tt></dt>
+ <dd>Normally, <tt>ntpd</tt> exits with a message to the system log if the offset exceeds the panic threshold, which is 1000 s by default. This option allows the time to be set to any value without restriction; however, this can happen only once. If the threshold is exceeded after that, <tt>ntpd</tt> will exit with a message to the system log. This option can be used with the <tt>-q</tt> and <tt>-x</tt> options. See the <tt>tinker</tt> command for other options.</dd>
+ <dt><tt>-i <i>jaildir</i></tt></dt>
+@@ -111,7 +116,7 @@
+ <dt id="--interface"><tt>-I [<i>address</i> | <i>interface name</i>]</tt></dt>
+ <dd>Open the network address given, or all the addresses associated with the given interface name. This option may appear multiple times. This option also implies not opening other addresses, except wildcard and localhost. This option is deprecated. Please consider using the configuration file <a href="miscopt.html#interface">interface</a> command, which is more versatile.</dd>
+ <dt><tt>-k <i>keyfile</i></tt></dt>
+- <dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp.keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> command.</dd>
++ <dd>Specify the name and path of the symmetric key file. This is the same operation as the <tt>keys <i>keyfile</i></tt> command.</dd>
+ <dt><tt>-l <i>logfile</i></tt></dt>
+ <dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> command.</dd>
+ <dt id="--novirtualips"><tt>-L</tt></dt>
+@@ -209,17 +214,20 @@
+ </tr>
+ <tr>
+ <td width="30%">statistics path</td>
+- <td width="30%"><tt>/var/NTP</tt></td>
++ <td width="30%"><tt>/var/log/ntpstats/</tt></td>
+ <td width="20%"><tt>-s</tt></td>
+ <td width="20%"><tt>statsdir</tt></td>
+ </tr>
+ <tr>
+ <td width="30%">keys path</td>
+- <td width="30%"><tt>/usr/local/etc</tt></td>
+- <td width="20%"><tt>-k</tt></td>
++ <td width="30%"><tt>/etc/ntp/crypto</tt></td>
++ <td width="20%"><tt>none</tt></td>
+ <td width="20%"><tt>keysdir</tt></td>
+ </tr>
+ </table>
++ <h4 id="codes">Exit Codes</h4>
++ <p>A non-zero exit code indicates an error. Any error messages are logged to the system log by default.</p>
++ <p>The exit code is 0 only when <tt>ntpd</tt> is terminated by a signal, or when the <tt>-q</tt> option is used and <tt>ntpd</tt> successfully sets the system clock.</p>
+ <hr>
+ <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+ </body>
+diff -up ntp-4.2.6p1/html/ntpdate.html.htmldoc ntp-4.2.6p1/html/ntpdate.html
+--- ntp-4.2.6p1/html/ntpdate.html.htmldoc 2010-03-03 18:52:34.000000000 +0100
++++ ntp-4.2.6p1/html/ntpdate.html 2010-03-03 18:52:34.000000000 +0100
+@@ -18,9 +18,9 @@
+ <hr>
+ <p>Disclaimer: The functionality of this program is now available in the <tt>ntpd</tt> program. See the <tt>-q</tt> command line option in the <a href="ntpd.html"><tt>ntpd</tt> - Network Time Protocol (NTP) daemon</a> page. After a suitable period of mourning, the <tt>ntpdate</tt> program is to be retired from this distribution</p>
+ <h4>Synopsis</h4>
+- <tt>ntpdate [ -bBdoqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
++ <tt>ntpdate [ -46bBdqsuv ] [ -a <i>key</i> ] [ -e <i>authdelay</i> ] [ -k <i>keyfile</i> ] [ -o <i>version</i> ] [ -p <i>samples</i> ] [ -t <i>timeout</i> ] [ -U <i>user_name</i> ] <i>server</i> [ ... ]</tt>
+ <h4>Description</h4>
+- <tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.
++ <p><tt>ntpdate</tt> sets the local date and time by polling the Network Time Protocol (NTP) server(s) given as the <i>server</i> arguments to determine the correct time. It must be run as root on the local host. A number of samples are obtained from each of the servers specified and a subset of the NTP clock filter and selection algorithms are applied to select the best of these. Note that the accuracy and reliability of <tt>ntpdate</tt> depends on the number of servers, the number of polls each time it is run and the interval between runs.</p>
+ <p><tt>ntpdate</tt> can be run manually as necessary to set the host clock, or it can be run from the host startup script to set the clock at boot time. This is useful in some cases to set the clock initially before starting the NTP daemon <tt>ntpd</tt>. It is also possible to run <tt>ntpdate</tt> from a <tt>cron</tt> script. However, it is important to note that <tt>ntpdate</tt> with contrived <tt>cron</tt> scripts is no substitute for the NTP daemon, which uses sophisticated algorithms to maximize accuracy and reliability while minimizing resource use. Finally, since <tt>ntpdate</tt> does not discipline the host clock frequency as does <tt>ntpd</tt>, the accuracy using <tt>ntpdate</tt> is limited.</p>
+ <p>Time adjustments are made by <tt>ntpdate</tt> in one of two ways. If <tt>ntpdate</tt> determines the clock is in error more than 0.5 second it will simply step the time by calling the system <tt>settimeofday()</tt> routine. If the error is less than 0.5 seconds, it will slew the time by calling the system <tt>adjtime()</tt> routine. The latter technique is less disruptive and more accurate when the error is small, and works quite well when <tt>ntpdate</tt> is run by <tt>cron</tt> every hour or two.</p>
+ <p><tt>ntpdate</tt> will decline to set the date if an NTP server daemon (e.g., <tt>ntpd</tt>) is running on the same host. When running <tt>ntpdate</tt> on a regular basis from <tt>cron</tt> as an alternative to running a daemon, doing so once every hour or two will result in precise enough timekeeping to avoid stepping the clock.</p>
+@@ -33,9 +33,9 @@
+ <dt><tt>-6</tt>
+ <dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
+ <dt><tt>-a <i>key</i></tt>
+- <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i><tt>ntpdate</tt>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
++ <dd>Enable the authentication function and specify the key identifier to be used for authentication as the argument <i>key</i>. The keys and key identifiers must match in both the client and server key files. The default is to disable the authentication function.
+ <dt><tt>-B</tt>
+- <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-128 ms. The default is to step the time using settimeofday() if the offset is greater than +-128 ms. Note that, if the offset is much greater than +-128 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
++ <dd>Force the time to always be slewed using the adjtime() system call, even if the measured offset is greater than +-500 ms. The default is to step the time using settimeofday() if the offset is greater than +-500 ms. Note that, if the offset is much greater than +-500 ms in this case, that it can take a long time (hours) to slew the clock to the correct value. During this time. the host should not be used to synchronize clients.
+ <dt><tt>-b</tt>
+ <dd>Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
+ <dt><tt>-d</tt>
+@@ -43,9 +43,9 @@
+ <dt><tt>-e <i>authdelay</i></tt>
+ <dd>Specify the processing delay to perform an authentication function as the value <i>authdelay</i>, in seconds and fraction (see <tt>ntpd</tt> for details). This number is usually small enough to be negligible for most purposes, though specifying a value may improve timekeeping on very slow CPU's.
+ <dt><tt>-k <i>keyfile</i></tt>
+- <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp.keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
++ <dd>Specify the path for the authentication key file as the string <i>keyfile</i>. The default is <tt>/etc/ntp/keys</tt>. This file should be in the format described in <tt>ntpd</tt>.
+ <dt><tt>-o <i>version</i></tt>
+- <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 3. This allows <tt>ntpdate</tt> to be used with older NTP versions.
++ <dd>Specify the NTP version for outgoing packets as the integer <i>version</i>, which can be 1 or 2. The default is 4. This allows <tt>ntpdate</tt> to be used with older NTP versions.
+ <dt><tt>-p <i>samples</i></tt>
+ <dd>Specify the number of samples to be acquired from each server as the integer <i>samples</i>, with values from 1 to 8 inclusive. The default is 4.
+ <dt><i><tt>-q</tt></i>
+@@ -55,7 +55,7 @@
+ <dt><tt>-t <i>timeout</i></tt>
+ <dd>Specify the maximum time waiting for a server response as the value <i>timeout</i>, in seconds and fraction. The value is is rounded to a multiple of 0.2 seconds. The default is 1 second, a value suitable for polling across a LAN.
+ <dt><tt>-u</tt>
+- <dd>Direct <tt>ntpdate</tt> to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
++ <dd>Direct <tt>ntpdate</tt> to use an unprivileged port for outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronize with hosts beyond the firewall. Note that the <tt>-d</tt> option always uses unprivileged ports.
+ <dt><tt>-<i>v</i></tt>
+ <dd>Be verbose. This option will cause <tt>ntpdate</tt>'s version identification string to be logged.
+
+@@ -67,7 +67,7 @@
+ <h4>Diagnostics</h4>
+ <tt>ntpdate</tt>'s exit status is zero if it finds a server and updates the clock, and nonzero otherwise.
+ <h4>Files</h4>
+- <tt>/etc/ntp.keys</tt> - encryption keys used by <tt>ntpdate</tt>.
++ <tt>/etc/ntp/keys</tt> - encryption keys used by <tt>ntpdate</tt>.
+ <h4>Bugs</h4>
+ The slew adjustment is actually 50% larger than the measured offset, since this (it is argued) will tend to keep a badly drifting clock more accurate. This is probably not a good idea and may cause a troubling hunt for some values of the kernel variables <tt>tick</tt> and <tt>tickadj</tt>.
+ <hr>
+diff -up ntp-4.2.6p1/html/ntpdc.html.htmldoc ntp-4.2.6p1/html/ntpdc.html
+--- ntp-4.2.6p1/html/ntpdc.html.htmldoc 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/html/ntpdc.html 2010-03-03 18:52:34.000000000 +0100
+@@ -19,9 +19,9 @@
+ <script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
+ <hr>
+ <h4>Synopsis</h4>
+- <tt>ntpdc [ -ilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
++ <tt>ntpdc [ -46dilnps ] [ -c <i>command</i> ] [ <i>host</i> ] [ ... ]</tt>
+ <h4>Description</h4>
+- <tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.
++ <p><tt>ntpdc</tt> is used to query the <tt>ntpd</tt> daemon about its current state and to request changes in that state. The program may be run either in interactive mode or controlled using command line arguments. Extensive state and statistics information is available through the <tt>ntpdc</tt> interface. In addition, nearly all the configuration options which can be specified at startup using ntpd's configuration file may also be specified at run time using <tt>ntpdc</tt>.</p>
+ <p>If one or more request options are included on the command line when <tt>ntpdc</tt> is executed, each of the requests will be sent to the NTP servers running on each of the hosts given as command line arguments, or on localhost by default. If no request options are given, <tt>ntpdc</tt> will attempt to read commands from the standard input and execute these on the NTP server running on the first host given on the command line, again defaulting to localhost when no other host is specified. <tt>ntpdc</tt> will prompt for commands if the standard input is a terminal device.</p>
+ <p><tt>ntpdc</tt> uses NTP mode 7 packets to communicate with the NTP server, and hence can be used to query any compatible server on the network which permits it. Note that since NTP is a UDP protocol this communication will be somewhat unreliable, especially over large distances in terms of network topology. <tt>ntpdc</tt> makes no attempt to retransmit requests, and will time requests out if the remote host is not heard from within a suitable timeout time.</p>
+ <p>The operation of <tt>ntpdc</tt> are specific to the particular implementation of the <tt>ntpd</tt> daemon and can be expected to work only with this and maybe some previous versions of the daemon. Requests from a remote <tt>ntpdc</tt> program which affect the state of the local server must be authenticated, which requires both the remote program and local server share a common key and key identifier.</p>
+@@ -35,6 +35,8 @@
+ <dd>Force DNS resolution of following host names on the command line to the IPv6 namespace.
+ <dt><tt>-c <i>command</i></tt>
+ <dd>The following argument is interpreted as an interactive format command and is added to the list of commands to be executed on the specified host(s). Multiple -c options may be given.
++ <dt><tt>-d</tt>
++ <dd>Turn on debugging mode.
+ <dt><tt>-i</tt>
+ <dd>Force <tt>ntpdc</tt> to operate in interactive mode. Prompts will be written to the standard output and commands read from the standard input.
+ <dt><tt>-l</tt>
+@@ -134,11 +136,11 @@
+ <dt><tt>addpeer <i>peer_address</i> [
+ <i>keyid</i> ] [ <i>version</i> ] [
+ <tt>minpoll# | prefer | iburst | burst | minpoll
+- <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
++ <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
+ <dt><tt>addpeer <i>peer_address</i> [
+ <tt>prefer | iburst | burst | minpoll
+ <i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
+- <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
++ <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
+ <dd>Add a configured peer association at the
+ given address and operating in symmetric
+ active mode. Note that an existing association
+@@ -162,16 +164,16 @@
+ <tt>peer</tt> configuration file command of
+ ntpd. See the <a href="confopt.html">Server Options</a> page for further information.
+ Each flag (or its absence) replaces the
+- previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal.
++ previous setting. The <tt>prefer</tt> keyword indicates a preferred peer (and thus will be used primarily for clock synchronization if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronization so is the PPS signal.
+ The <tt>dynamic</tt> keyword allows association configuration even when no suitable network interface is found at configuration time. The dynamic interface update mechanism may complete the configuration when new interfaces appear (e.g. WLAN/PPP interfaces) at a later time and thus render the association operable.
+ <dt><tt>addserver <i>peer_address</i> [
+ <i>keyid</i> ] [ <i>version</i> ] [
+ <tt>minpoll# | prefer | iburst | burst | minpoll
+- <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] ]</tt>
++ <i>N</i> | <tt>maxpoll</tt> <i>N</i> [...] </tt> ]</tt>
+ <dt><tt>addserver <i>peer_address</i> [
+ <tt>prefer | iburst | burst | minpoll
+ <i>N</i> | <tt>maxpoll</tt> <i>N</i> | <tt>keyid</tt>
+- <i>N</i> | <tt>version</tt> <i>N</i> [...] ]</tt>
++ <i>N</i> | <tt>version</tt> <i>N</i> [...] </tt> ]</tt>
+ <dd>Identical to the addpeer command, except that the operating mode is client.
+ <dt><tt>broadcast <i>peer_address</i> [
+ <i>keyid</i> ] [ <i>version</i> ] [ <i>prefer</i> ]</tt>
+@@ -200,9 +202,9 @@
+ <dd>Returns information concerning the authentication module, including known keys and counts of encryptions and decryptions which have been done.
+ <dt><tt>traps</tt>
+ <dd>Display the traps set in the server. See the source listing for further information.
+- <dt><tt>addtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i> ]</tt>
++ <dt><tt>addtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i> ]</tt>
+ <dd>Set a trap for asynchronous messages. See the source listing for further information.
+- <dt><tt>clrtrap [ <i>address</i> [ <i>port</i> ] [ <i>interface</i>]</tt>
++ <dt><tt>clrtrap [ <i>address</i> ] [ <i>port</i> ] [ <i>interface</i>]</tt>
+ <dd>Clear a trap for asynchronous messages. See the source listing for further information.
+ <dt><tt>reset</tt>
+ <dd>Clear the statistics counters in various modules of the server. See the source listing for further information.
+diff -up ntp-4.2.6p1/html/ntpq.html.htmldoc ntp-4.2.6p1/html/ntpq.html
+--- ntp-4.2.6p1/html/ntpq.html.htmldoc 2010-02-09 11:01:26.000000000 +0100
++++ ntp-4.2.6p1/html/ntpq.html 2010-03-03 18:52:34.000000000 +0100
+@@ -21,7 +21,7 @@
+ <script type="text/javascript" language="javascript" src="scripts/manual.txt"></script>
+ <hr>
+ <h4>Synopsis</h4>
+- <tt>ntpq [-inp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
++ <tt>ntpq [-46dinp] [-c <i>command</i>] [<i>host</i>] [...]</tt>
+ <h4>Description</h4>
+ <p>The <tt>ntpq</tt> utility program is used to monitor NTP daemon <tt>ntpd</tt> operations
+ and determine performance. It uses the standard NTP mode 6 control
+@@ -591,4 +591,4 @@
+ <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+ </body>
+
+-</html>
+\ No newline at end of file
++</html>
+diff -up ntp-4.2.6p1/html/ntptrace.html.htmldoc ntp-4.2.6p1/html/ntptrace.html
+--- ntp-4.2.6p1/html/ntptrace.html.htmldoc 2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p1/html/ntptrace.html 2010-03-03 18:52:34.000000000 +0100
+@@ -17,7 +17,7 @@
+ <br clear="left">
+ <hr>
+ <h4>Synopsis</h4>
+- <tt>ntptrace [ -vdn ] [ -r <i>retries</i> ] [ -t <i>timeout</i> ] [ <i>server</i> ]</tt>
++ <tt>ntptrace [ -n ] [ -m <i>maxhosts</i> ] [ <i>server</i> ]</tt>
+ <h4>Description</h4>
+ <p><tt>ntptrace</tt> is a <tt>perl</tt> script that uses the <tt>ntpq</tt> utility program to follow the chain of NTP servers from a given host back to the primary time source. For <tt>ntptrace</tt> to work properly, each of these servers must implement the NTP Control and Monitoring Protocol specified in RFC 1305 and enable NTP Mode 6 packets.</p>
+ <p>If given no arguments, <tt>ntptrace</tt> starts with <tt>localhost</tt>. Here is an example of the output from <tt>ntptrace</tt>:</p>
+@@ -30,16 +30,8 @@ usndh.edu: stratum 1, offset 0.0019298,
+ <p>On each line, the fields are (left to right): the host name, the host stratum, the time offset between that host and the local host (as measured by <tt>ntptrace</tt>; this is why it is not always zero for "<tt>localhost</tt>"), the host synchronization distance, and (only for stratum-1 servers) the reference clock ID. All times are given in seconds. Note that the stratum is the server hop count to the primary source, while the synchronization distance is the estimated error relative to the primary source. These terms are precisely defined in RFC-1305.</p>
+ <h4>Options</h4>
+ <dl>
+- <dt><tt>-d</tt>
+- <dd>Turns on some debugging output.
+ <dt><tt>-n</tt>
+ <dd>Turns off the printing of host names; instead, host IP addresses are given. This may be useful if a nameserver is down.
+- <dt><tt>-r <i>retries</i></tt>
+- <dd>Sets the number of retransmission attempts for each host (default = 5).
+- <dt><tt>-t <i>timeout</i></tt>
+- <dd>Sets the retransmission timeout (in seconds) (default = 2).
+- <dt><tt>-v</tt>
+- <dd>Prints verbose information about the NTP servers.
+ </dl>
+ <h4>Bugs</h4>
+ <p>This program makes no attempt to improve accuracy by doing multiple samples.</p>
+@@ -47,4 +39,4 @@ usndh.edu: stratum 1, offset 0.0019298,
+ <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+ </body>
+
+-</html>
+\ No newline at end of file
++</html>
+diff -up ntp-4.2.6p1/html/tickadj.html.htmldoc ntp-4.2.6p1/html/tickadj.html
+--- ntp-4.2.6p1/html/tickadj.html.htmldoc 2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p1/html/tickadj.html 2010-03-03 18:52:34.000000000 +0100
+@@ -14,10 +14,12 @@
+ <p>Last update: <csobj format="ShortTime" h="25" locale="00000409" region="0" t="DateTime" w="61">18:53</csobj> UTC <csobj format="LongDate" h="25" locale="00000409" region="0" t="DateTime" w="308">Wednesday, January 16, 2008</csobj></p>
+ <hr>
+ <h4>Synopsis</h4>
+- <tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt>
++ <p><tt>tickadj [ <i>tick</i> ]</tt></p>
++ <p><tt>tickadj [ -Aqs ] [ -a <i>tickadj</i> ] [ -t <i>tick</i> ]</tt></p>
+ <h4>Description</h4>
+ <p>The <tt>tickadj</tt> program reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision ttimekeeping, including HP-UX, SunOS, Ultrix, SGI and probably others. Those machines provide means to patch the kernel <tt>/dev/kmem</tt>. Newer machines with kernel time support, including Solaris, Tru64, FreeBSD and Linux, should NOT use the program, even if it appears to work, as it will destabilize the kernel time support. Use the <a href="ntptime.html"><tt>ntptime</tt></a> program instead.</p>
+ <p>The particular variables that can be changed with <tt>tickadj</tt> include <tt>tick</tt>, which is the number of microseconds added to the system time for a clock interrupt, <tt>tickadj</tt>, which sets the slew rate and resolution used by the <tt>adjtime</tt> system call, and <tt>dosynctodr</tt>, which indicates to the kernels on some machines whether they should internally adjust the system clock to keep it in line with time-of-day clock or not.</p>
++ <p>On Linux, only the <tt>tick</tt> variable is supported and the only allowed argument is the tick value.</p>
+ <p>By default, with no arguments, <tt>tickadj</tt> reads the variables of interest in the kernel and displays them. At the same time, it determines an "optimal" value for the value of the <tt>tickadj</tt> variable if the intent is to run the <tt>ntpd</tt> Network Time Protocol (NTP) daemon, and prints this as well. Since the operation of <tt>tickadj</tt> when reading the kernel mimics the operation of similar parts of the <tt>ntpd</tt> program fairly closely, this can be useful when debugging problems with <tt>ntpd</tt>.</p>
+ <p>Note that <tt>tickadj</tt> should be run with some caution when being used for the first time on different types of machines. The operations which <tt>tickadj</tt> tries to perform are not guaranteed to work on all Unix machines and may in rare cases cause the kernel to crash.</p>
+ <h4>Command Line Options</h4>
+@@ -43,4 +45,4 @@
+ <script type="text/javascript" language="javascript" src="scripts/footer.txt"></script>
+ </body>
+
+-</html>
+\ No newline at end of file
++</html>
--- /dev/null
+diff -up ntp-4.2.6p1/ntpd/Makefile.in.linkfastmath ntp-4.2.6p1/ntpd/Makefile.in
+--- ntp-4.2.6p1/ntpd/Makefile.in.linkfastmath 2010-02-09 11:19:25.000000000 +0100
++++ ntp-4.2.6p1/ntpd/Makefile.in 2010-03-03 16:57:40.000000000 +0100
+@@ -365,7 +365,7 @@ man_MANS = $(srcdir)/ntpd.1
+ # sqrt ntp_control.o
+ # floor refclock_wwv.o
+ # which are (usually) provided by -lm.
+-ntpd_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntp.a -lm @LCRYPTO@ @LSCF@
++ntpd_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntp.a -lm -ffast-math @LCRYPTO@ @LSCF@
+ ntpdsim_LDADD = $(LDADD) $(LIBOPTS_LDADD) ../libntp/libntpsim.a -lm @LCRYPTO@ @LSCF@
+ ntpdsim_CFLAGS = $(CFLAGS) -DSIM
+ check_y2k_LDADD = $(LDADD) ../libntp/libntp.a
--- /dev/null
+diff -up ntp-4.2.6p1/ntpd/ntp_config.c.logdefault ntp-4.2.6p1/ntpd/ntp_config.c
+--- ntp-4.2.6p1/ntpd/ntp_config.c.logdefault 2010-01-24 11:01:45.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_config.c 2010-03-09 17:44:09.000000000 +0100
+@@ -3794,7 +3794,7 @@ getconfig(
+
+ #endif /* SYS_WINNT */
+ res_fp = NULL;
+- ntp_syslogmask = NLOG_SYNCMASK; /* set more via logconfig */
++ ntp_syslogmask = NLOG_SYNCMASK | NLOG_EVENT | NLOG_STATUS; /* set more via logconfig */
+
+ /*
+ * install a non default variable with this daemon version
--- /dev/null
+diff -up ntp-4.2.6p1/html/ntpd.html.mlock ntp-4.2.6p1/html/ntpd.html
+--- ntp-4.2.6p1/html/ntpd.html.mlock 2010-03-04 16:06:38.000000000 +0100
++++ ntp-4.2.6p1/html/ntpd.html 2010-03-04 16:07:42.000000000 +0100
+@@ -32,7 +32,7 @@
+ </ul>
+ <hr>
+ <h4 id="synop">Synopsis</h4>
+- <tt>ntpd [ -46aAbdDgLnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
++ <tt>ntpd [ -46aAbdDgLmnNqx ] [ -c <i>conffile</i> ] [ -f <i>driftfile</i> ] [ -i <i>jaildir</i> ] [ -I <i>iface</i> ] [ -k <i>keyfile</i> ] [ -l <i>logfile</i> ] [ -p <i>pidfile</i> ] [ -P <i>priority</i> ] [ -r <i>broadcastdelay</i> ] [ -s <i>statsdir</i> ] [ -t <i>key</i> ] [ -u <i>user</i>[:<i>group</i>] ] [ -U <i>interface_update_interval</i> ] [ -v <i>variable</i> ] [ -V <i>variable</i> ]</tt>
+ <h4 id="descr">Description</h4>
+ <p>The <tt>ntpd</tt> program is an operating system daemon that synchronises the system clock with remote NTP time servers or local reference clocks. It is a complete implementation of the Network Time Protocol (NTP) version 4, but also retains compatibility with version 3, as defined by RFC-1305, and version 1 and 2, as defined by RFC-1059 and RFC-1119, respectively. The program can operate in any of several modes, as described on the <a href="assoc.html">Association Management</a> page, and with both symmetric key and public key cryptography, as described on the <a href="manyopt.html">Authentication Options</a> page.</p>
+ <p>The <tt>ntpd</tt> program ordinarily requires a configuration file as desccribe on the Configuration Commands and Options collection above. However a client can discover remote servers and configure them automatically. This makes it possible to deploy a fleet of workstations without specifying configuration details specific to the local environment. Further details are on the <a href="manyopt.html">Automatic Server Discovery</a> page.</p>
+@@ -123,6 +123,8 @@
+ <dd>Do not listen to virtual interfaces, defined as those with names containing a colon. This option is deprecated. Please consider using the configuration file <a href="miscopt.html#interface">interface</a> command, which is more versatile.</dd>
+ <dt><tt>-M</tt></dt>
+ <dd>Raise scheduler precision to its maximum (1 msec) using timeBeginPeriod. (Windows only)</dd>
++ <dt><tt>-m</tt>
++ <dd>Lock memory.
+ <dt><tt>-n</tt></dt>
+ <dd>Don't fork.</dd>
+ <dt><tt>-N</tt></dt>
+diff -up ntp-4.2.6p1/ntpd/ntpd-opts.c.mlock ntp-4.2.6p1/ntpd/ntpd-opts.c
+--- ntp-4.2.6p1/ntpd/ntpd-opts.c.mlock 2010-02-09 11:27:18.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntpd-opts.c 2010-03-04 16:09:12.000000000 +0100
+@@ -9,7 +9,7 @@
+ */
+
+ /*
+- * This file was produced by an AutoOpts template. AutoOpts is a
++ * This file was produced by an AutoOpts template. AutoOpts is
+ * copyrighted work. This source file is not encumbered by AutoOpts
+ * licensing, but is provided under the licensing terms chosen by the
+ * ntpd author or copyright holder. AutoOpts is licensed under
+@@ -284,6 +284,15 @@ tSCC zNice_Name[] = "ni
+ #define NICE_FLAGS (OPTST_DISABLED)
+
+ /*
++ * Mlock option description:
++ */
++tSCC zMlockText[] =
++ "Lock memory";
++tSCC zMlock_NAME[] = "MLOCK";
++tSCC zMlock_Name[] = "mlock";
++#define MLOCK_FLAGS (OPTST_DISABLED)
++
++/*
+ * Pidfile option description:
+ */
+ tSCC zPidfileText[] =
+@@ -911,6 +920,18 @@ static tOptDesc optDesc[ OPTION_CT ] = {
+ /* desc, NAME, name */ zPccfreqText, zPccfreq_NAME, zPccfreq_Name,
+ /* disablement strs */ NULL, NULL },
+
++ { /* entry idx, value */ 32, VALUE_OPT_MLOCK,
++ /* equiv idx, value */ 32, VALUE_OPT_MLOCK,
++ /* equivalenced to */ NO_EQUIVALENT,
++ /* min, max, act ct */ 0, 1, 0,
++ /* opt state flags */ MLOCK_FLAGS, 0,
++ /* last opt argumnt */ { NULL },
++ /* arg list/cookie */ NULL,
++ /* must/cannot opts */ NULL, NULL,
++ /* option proc */ NULL,
++ /* desc, NAME, name */ zMlockText, zMlock_NAME, zMlock_Name,
++ /* disablement strs */ NULL, NULL },
++
+ { /* entry idx, value */ INDEX_OPT_VERSION, VALUE_OPT_VERSION,
+ /* equiv idx value */ NO_EQUIVALENT, 0,
+ /* equivalenced to */ NO_EQUIVALENT,
+@@ -1005,7 +1026,7 @@ tOptions ntpdOptions = {
+ NO_EQUIVALENT, /* '-#' option index */
+ NO_EQUIVALENT /* index of default opt */
+ },
+- 35 /* full option count */, 32 /* user option count */,
++ 36 /* full option count */, 33 /* user option count */,
+ ntpd_full_usage, ntpd_short_usage,
+ NULL, NULL
+ };
+diff -up ntp-4.2.6p1/ntpd/ntpd-opts.h.mlock ntp-4.2.6p1/ntpd/ntpd-opts.h
+--- ntp-4.2.6p1/ntpd/ntpd-opts.h.mlock 2010-02-09 11:27:18.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntpd-opts.h 2010-03-04 16:10:16.000000000 +0100
+@@ -84,12 +84,13 @@ typedef enum {
+ INDEX_OPT_SLEW = 29,
+ INDEX_OPT_USEPCC = 30,
+ INDEX_OPT_PCCFREQ = 31,
+- INDEX_OPT_VERSION = 32,
+- INDEX_OPT_HELP = 33,
+- INDEX_OPT_MORE_HELP = 34
++ INDEX_OPT_MLOCK = 32,
++ INDEX_OPT_VERSION = 33,
++ INDEX_OPT_HELP = 34,
++ INDEX_OPT_MORE_HELP = 35
+ } teOptIndex;
+
+-#define OPTION_CT 35
++#define OPTION_CT 36
+ #define NTPD_VERSION "4.2.6p1"
+ #define NTPD_FULL_VERSION "ntpd - NTP daemon program - Ver. 4.2.6p1"
+
+@@ -182,6 +183,10 @@ typedef enum {
+ # warning undefining MODIFYMMTIMER due to option name conflict
+ # undef MODIFYMMTIMER
+ # endif
++# ifdef MLOCK
++# warning undefining MLOCK due to option name conflict
++# undef MLOCK
++# endif
+ # ifdef NOFORK
+ # warning undefining NOFORK due to option name conflict
+ # undef NOFORK
+@@ -263,6 +268,7 @@ typedef enum {
+ # undef LOGFILE
+ # undef NOVIRTUALIPS
+ # undef MODIFYMMTIMER
++# undef MLOCK
+ # undef NOFORK
+ # undef NICE
+ # undef PIDFILE
+@@ -301,6 +307,7 @@ typedef enum {
+ #define VALUE_OPT_LOGFILE 'l'
+ #define VALUE_OPT_NOVIRTUALIPS 'L'
+ #define VALUE_OPT_MODIFYMMTIMER 'M'
++#define VALUE_OPT_MLOCK 'm'
+ #define VALUE_OPT_NOFORK 'n'
+ #define VALUE_OPT_NICE 'N'
+ #define VALUE_OPT_PIDFILE 'p'
+diff -up ntp-4.2.6p1/ntpd/ntpd.c.mlock ntp-4.2.6p1/ntpd/ntpd.c
+--- ntp-4.2.6p1/ntpd/ntpd.c.mlock 2010-02-09 11:02:27.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntpd.c 2010-03-04 16:11:42.000000000 +0100
+@@ -724,7 +724,8 @@ ntpdmain(
+ }
+ #endif
+
+-#if defined(HAVE_MLOCKALL) && defined(MCL_CURRENT) && defined(MCL_FUTURE)
++#if defined(MCL_CURRENT) && defined(MCL_FUTURE)
++ if (HAVE_OPT( MLOCK )) {
+ # ifdef HAVE_SETRLIMIT
+ /*
+ * Set the stack limit to something smaller, so that we don't lock a lot
+@@ -750,7 +751,7 @@ ntpdmain(
+ * fail if we drop root privlege. To be useful the value
+ * has to be larger than the largest ntpd resident set size.
+ */
+- rl.rlim_cur = rl.rlim_max = 32*1024*1024;
++ rl.rlim_cur = rl.rlim_max = 64*1024*1024;
+ if (setrlimit(RLIMIT_MEMLOCK, &rl) == -1) {
+ msyslog(LOG_ERR, "Cannot set RLIMIT_MEMLOCK: %m");
+ }
+@@ -762,6 +763,7 @@ ntpdmain(
+ */
+ if (mlockall(MCL_CURRENT|MCL_FUTURE) < 0)
+ msyslog(LOG_ERR, "mlockall(): %m");
++ }
+ #else /* not (HAVE_MLOCKALL && MCL_CURRENT && MCL_FUTURE) */
+ # ifdef HAVE_PLOCK
+ # ifdef PROCLOCK
--- /dev/null
+diff -up ntp-4.2.6p1/ntpd/ntp_proto.c.retcode ntp-4.2.6p1/ntpd/ntp_proto.c
+--- ntp-4.2.6p1/ntpd/ntp_proto.c.retcode 2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_proto.c 2010-03-03 16:06:00.000000000 +0100
+@@ -269,7 +269,7 @@ transmit(
+ "ntpd: no servers found");
+ printf(
+ "ntpd: no servers found\n");
+- exit (0);
++ exit (1);
+ }
+ }
+ }
--- /dev/null
+diff -up ntp-4.2.6p1/configure.rtnetlink ntp-4.2.6p1/configure
+--- ntp-4.2.6p1/configure.rtnetlink 2010-02-09 11:19:49.000000000 +0100
++++ ntp-4.2.6p1/configure 2010-03-04 17:11:50.000000000 +0100
+@@ -20579,6 +20579,7 @@ else
+ /* end confdefs.h. */
+
+ #include <stddef.h>
++#include <sys/socket.h>
+ #include <linux/rtnetlink.h>
+ int
+ main ()
+diff -up ntp-4.2.6p1/ntpd/ntp_io.c.rtnetlink ntp-4.2.6p1/ntpd/ntp_io.c
+--- ntp-4.2.6p1/ntpd/ntp_io.c.rtnetlink 2009-12-09 08:36:37.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_io.c 2010-03-04 17:11:32.000000000 +0100
+@@ -4304,10 +4304,7 @@ init_async_notifications()
+ #ifdef HAVE_RTNETLINK
+ memset(&sa, 0, sizeof(sa));
+ sa.nl_family = PF_NETLINK;
+- sa.nl_groups = RTMGRP_LINK | RTMGRP_IPV4_IFADDR
+- | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_ROUTE
+- | RTMGRP_IPV4_MROUTE | RTMGRP_IPV6_ROUTE
+- | RTMGRP_IPV6_MROUTE;
++ sa.nl_groups = RTMGRP_IPV4_IFADDR | RTMGRP_IPV6_IFADDR;
+ if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) {
+ msyslog(LOG_ERR,
+ "bind failed on routing socket (%m) - using polled interface update");
--- /dev/null
+diff -up ntp-4.2.6p1/include/ntp_refclock.h.sleep ntp-4.2.6p1/include/ntp_refclock.h
+--- ntp-4.2.6p1/include/ntp_refclock.h.sleep 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/include/ntp_refclock.h 2010-03-10 19:27:46.000000000 +0100
+@@ -260,6 +260,7 @@ extern void refclock_control (sockaddr_u
+ struct refclockstat *);
+ extern int refclock_open (char *, u_int, u_int);
+ extern int refclock_setup (int, u_int, u_int);
++extern int refclock_timer_needed (struct peer *);
+ extern void refclock_timer (struct peer *);
+ extern void refclock_transmit (struct peer *);
+ extern int refclock_ioctl (int, u_int);
+diff -up ntp-4.2.6p1/include/ntp_stdlib.h.sleep ntp-4.2.6p1/include/ntp_stdlib.h
+--- ntp-4.2.6p1/include/ntp_stdlib.h.sleep 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/include/ntp_stdlib.h 2010-03-10 19:27:46.000000000 +0100
+@@ -116,6 +116,7 @@ extern const char * FindConfig (const ch
+ extern void signal_no_reset (int, RETSIGTYPE (*func)(int));
+
+ extern void getauthkeys (const char *);
++extern int auth_agekeys_needed (void);
+ extern void auth_agekeys (void);
+ extern void rereadkeys (void);
+
+diff -up ntp-4.2.6p1/include/ntpd.h.sleep ntp-4.2.6p1/include/ntpd.h
+--- ntp-4.2.6p1/include/ntpd.h.sleep 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/include/ntpd.h 2010-03-10 19:27:46.000000000 +0100
+@@ -112,8 +112,10 @@ extern void block_io_and_alarm (void);
+ /* ntp_loopfilter.c */
+ extern void init_loopfilter(void);
+ extern int local_clock(struct peer *, double);
+-extern void adj_host_clock(void);
++extern int adj_host_clock_needed(void);
++extern void adj_host_clock(int);
+ extern void loop_config(int, double);
++extern int huffpuff_enabled(void);
+ extern void huffpuff(void);
+ extern u_long sys_clocktime;
+ extern u_int sys_tai;
+@@ -219,6 +221,8 @@ extern void hack_restrict (int, sockaddr
+ /* ntp_timer.c */
+ extern void init_timer (void);
+ extern void reinit_timer (void);
++extern double get_timeout (l_fp *);
++extern int timer_elapsed (l_fp, int);
+ extern void timer (void);
+ extern void timer_clr_stats (void);
+ extern void timer_interfacetimeout (u_long);
+diff -up ntp-4.2.6p1/libntp/authkeys.c.sleep ntp-4.2.6p1/libntp/authkeys.c
+--- ntp-4.2.6p1/libntp/authkeys.c.sleep 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/libntp/authkeys.c 2010-03-10 19:27:46.000000000 +0100
+@@ -445,6 +445,25 @@ auth_delkeys(void)
+ }
+ }
+
++int
++auth_agekeys_needed(void) {
++ struct savekey *sk;
++ int i;
++
++ if (authnumkeys > 20)
++ return 1;
++
++ for (i = 0; i < HASHSIZE; i++) {
++ sk = key_hash[i];
++ while (sk != 0) {
++ if (sk->lifetime > 0)
++ return 1;
++ sk = sk->next;
++ }
++ }
++ return 0;
++}
++
+ /*
+ * auth_agekeys - delete keys whose lifetimes have expired
+ */
+diff -up ntp-4.2.6p1/ntpd/ntp_loopfilter.c.sleep ntp-4.2.6p1/ntpd/ntp_loopfilter.c
+--- ntp-4.2.6p1/ntpd/ntp_loopfilter.c.sleep 2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_loopfilter.c 2010-03-10 19:27:46.000000000 +0100
+@@ -677,6 +677,13 @@ local_clock(
+ #endif /* LOCKCLOCK */
+ }
+
++int
++adj_host_clock_needed(void)
++{
++ return !(!ntp_enable || mode_ntpdate || (pll_control &&
++ kern_enable));
++}
++
+
+ /*
+ * adj_host_clock - Called once every second to update the local clock.
+@@ -686,7 +693,7 @@ local_clock(
+ */
+ void
+ adj_host_clock(
+- void
++ int time_elapsed
+ )
+ {
+ double adjustment;
+@@ -698,7 +705,7 @@ adj_host_clock(
+ * since the poll interval can exceed one day, the old test
+ * would be counterproductive.
+ */
+- sys_rootdisp += clock_phi;
++ sys_rootdisp += clock_phi * time_elapsed;
+
+ #ifndef LOCKCLOCK
+ /*
+@@ -819,6 +826,12 @@ set_freq(
+ #endif /* KERNEL_PLL */
+ }
+
++int
++huffpuff_enabled(void)
++{
++ return sys_huffpuff != NULL;
++}
++
+ /*
+ * huff-n'-puff filter
+ */
+diff -up ntp-4.2.6p1/ntpd/ntp_refclock.c.sleep ntp-4.2.6p1/ntpd/ntp_refclock.c
+--- ntp-4.2.6p1/ntpd/ntp_refclock.c.sleep 2009-12-09 08:36:36.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_refclock.c 2010-03-10 19:27:46.000000000 +0100
+@@ -268,6 +268,21 @@ refclock_unpeer(
+ }
+
+
++int
++refclock_timer_needed(
++ struct peer *peer /* peer structure pointer */
++ )
++{
++ u_char clktype;
++ int unit;
++
++ clktype = peer->refclktype;
++ unit = peer->refclkunit;
++ if (refclock_conf[clktype]->clock_timer != noentry)
++ return 1;
++ return 0;
++}
++
+ /*
+ * refclock_timer - called once per second for housekeeping.
+ */
+diff -up ntp-4.2.6p1/ntpd/ntp_timer.c.sleep ntp-4.2.6p1/ntpd/ntp_timer.c
+--- ntp-4.2.6p1/ntpd/ntp_timer.c.sleep 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntp_timer.c 2010-03-11 15:23:59.000000000 +0100
+@@ -56,7 +56,6 @@ static u_long adjust_timer; /* second ti
+ static u_long stats_timer; /* stats timer */
+ static u_long huffpuff_timer; /* huff-n'-puff timer */
+ u_long leapsec; /* leapseconds countdown */
+-l_fp sys_time; /* current system time */
+ #ifdef OPENSSL
+ static u_long revoke_timer; /* keys revoke timer */
+ static u_long keys_timer; /* session key timer */
+@@ -74,6 +73,12 @@ volatile u_long alarm_overflow;
+ #define DAY (24 * HOUR)
+
+ u_long current_time; /* seconds since startup */
++l_fp timer_base;
++int time_elapsed;
++
++#define TIMEOUT_TS_SIZE 2
++l_fp timeout_ts[TIMEOUT_TS_SIZE];
++unsigned int timeout_ts_index;
+
+ /*
+ * Stats. Number of overflows and number of calls to transmit().
+@@ -110,6 +115,8 @@ static RETSIGTYPE alarming (int);
+ void
+ reinit_timer(void)
+ {
++ get_systime(&timer_base);
++#if 0
+ #if !defined(SYS_WINNT) && !defined(VMS)
+ # if defined(HAVE_TIMER_CREATE) && defined(HAVE_TIMER_SETTIME)
+ timer_gettime(ntpd_timerid, &itimer);
+@@ -143,6 +150,7 @@ reinit_timer(void)
+ setitimer(ITIMER_REAL, &itimer, (struct itimerval *)0);
+ # endif
+ # endif /* VMS */
++#endif
+ }
+
+ /*
+@@ -165,6 +173,12 @@ init_timer(void)
+ timer_xmtcalls = 0;
+ timer_timereset = 0;
+
++ get_systime(&timer_base);
++
++ for (timeout_ts_index = 0; timeout_ts_index < TIMEOUT_TS_SIZE; timeout_ts_index++)
++ L_CLR(&timeout_ts[timeout_ts_index]);
++ timeout_ts_index = 0;
++#if 0
+ #if !defined(SYS_WINNT)
+ /*
+ * Set up the alarm interrupt. The first comes 2**EVENT_TIMEOUT
+@@ -226,6 +240,7 @@ init_timer(void)
+ }
+
+ #endif /* SYS_WINNT */
++#endif
+ }
+
+ #if defined(SYS_WINNT)
+@@ -236,6 +251,104 @@ get_timer_handle(void)
+ }
+ #endif
+
++double
++get_timeout(l_fp *now)
++{
++ register struct peer *peer, *next_peer;
++ u_int n;
++ double r;
++ int next;
++ l_fp ts;
++
++ ts = *now;
++ L_SUB(&ts, &timeout_ts[timeout_ts_index]);
++ timeout_ts[timeout_ts_index] = *now;
++ timeout_ts_index = (timeout_ts_index + 1) % TIMEOUT_TS_SIZE;
++
++ /* don't waste CPU time if called too frequently */
++ if (ts.l_ui == 0) {
++ next = 1;
++ goto finish;
++ }
++
++ next = current_time + HOUR;
++
++ if (adj_host_clock_needed()) {
++ next = 1;
++ goto finish;
++ }
++ for (n = 0; n < NTP_HASH_SIZE; n++) {
++ for (peer = peer_hash[n]; peer != 0; peer = next_peer) {
++ next_peer = peer->next;
++#ifdef REFCLOCK
++ if (peer->flags & FLAG_REFCLOCK && refclock_timer_needed(peer)) {
++ next = 1;
++ goto finish;
++ }
++#endif /* REFCLOCK */
++ if (peer->action)
++ next = min(next, peer->nextaction);
++ next = min(next, peer->nextdate);
++ }
++ }
++
++ if (leapsec > 0)
++ next = min(next, leapsec);
++
++ if (huffpuff_enabled())
++ next = min(next, huffpuff_timer);
++
++#ifdef OPENSSL
++ if (auth_agekeys_needed())
++ next = min(next, keys_timer);
++ if (sys_leap != LEAP_NOTINSYNC)
++ next = min(next, revoke_timer);
++#endif /* OPENSSL */
++
++ if (interface_interval)
++ next = min(next, interface_timer);
++
++ next = min(next, stats_timer);
++
++ next -= current_time;
++ if (next <= 0)
++ next = 1;
++finish:
++ ts = timer_base;
++ ts.l_ui += next;
++ L_SUB(&ts, now);
++ LFPTOD(&ts, r);
++#ifdef DEBUG
++ DPRINTF(2, ("timer: timeout %f\n", r));
++#endif
++
++ return r;
++}
++
++int
++timer_elapsed(l_fp now, int timeout)
++{
++ int elapsed;
++
++ L_SUB(&now, &timer_base);
++ elapsed = now.l_i;
++ if (elapsed < 0 || elapsed > timeout + 10) {
++#ifdef DEBUG
++ DPRINTF(2, ("timer: unexpected time jump\n"));
++#endif
++ elapsed = 0;
++ reinit_timer();
++
++ }
++ timer_base.l_ui += elapsed;
++ time_elapsed += elapsed;
++ current_time += elapsed;
++#ifdef DEBUG
++ DPRINTF(2, ("timer: time elapsed %d\n", time_elapsed));
++#endif
++ return time_elapsed;
++}
++
+ /*
+ * timer - event timer
+ */
+@@ -251,11 +364,9 @@ timer(void)
+ * kiss-o'-deatch function and implement the association
+ * polling function..
+ */
+- current_time++;
+- get_systime(&sys_time);
+ if (adjust_timer <= current_time) {
+- adjust_timer += 1;
+- adj_host_clock();
++ adjust_timer += time_elapsed;
++ adj_host_clock(time_elapsed);
+ #ifdef REFCLOCK
+ for (n = 0; n < NTP_HASH_SIZE; n++) {
+ for (peer = peer_hash[n]; peer != 0; peer = next_peer) {
+@@ -286,7 +397,7 @@ timer(void)
+ * 128 s or less.
+ */
+ if (peer->throttle > 0)
+- peer->throttle--;
++ peer->throttle -= min(peer->throttle, time_elapsed);
+ if (peer->nextdate <= current_time) {
+ #ifdef REFCLOCK
+ if (peer->flags & FLAG_REFCLOCK)
+@@ -333,7 +444,7 @@ timer(void)
+ * set.
+ */
+ if (leapsec > 0) {
+- leapsec--;
++ leapsec -= min(leapsec, time_elapsed);
+ if (leapsec == 0) {
+ sys_leap = LEAP_NOWARNING;
+ sys_tai = leap_tai;
+@@ -398,11 +509,15 @@ timer(void)
+ * Finally, write hourly stats.
+ */
+ if (stats_timer <= current_time) {
++ l_fp sys_time;
++ get_systime(&sys_time);
+ stats_timer += HOUR;
+ write_stats();
+ if (sys_tai != 0 && sys_time.l_ui > leap_expire)
+ report_event(EVNT_LEAPVAL, NULL, NULL);
+ }
++
++ time_elapsed = 0;
+ }
+
+
+diff -up ntp-4.2.6p1/ntpd/ntpd.c.sleep ntp-4.2.6p1/ntpd/ntpd.c
+--- ntp-4.2.6p1/ntpd/ntpd.c.sleep 2010-03-10 19:27:46.000000000 +0100
++++ ntp-4.2.6p1/ntpd/ntpd.c 2010-03-10 19:27:46.000000000 +0100
+@@ -195,8 +195,6 @@ extern const char *Version;
+
+ char const *progname;
+
+-int was_alarmed;
+-
+ #ifdef DECL_SYSCALL
+ /*
+ * We put this here, since the argument profile is syscall-specific
+@@ -1033,7 +1031,7 @@ getgroup:
+ #else /* normal I/O */
+
+ BLOCK_IO_AND_ALARM();
+- was_alarmed = 0;
++
+ for (;;)
+ {
+ # if !defined(HAVE_SIGNALED_IO)
+@@ -1041,42 +1039,39 @@ getgroup:
+ extern int maxactivefd;
+
+ fd_set rdfdes;
+- int nfound;
+-# endif
++ int nfound, time_elapsed;
+
+- if (alarm_flag) /* alarmed? */
+- {
+- was_alarmed = 1;
+- alarm_flag = 0;
+- }
++ time_elapsed = 0;
++# endif
+
+- if (!was_alarmed && has_full_recv_buffer() == ISC_FALSE)
++ if (has_full_recv_buffer() == ISC_FALSE)
+ {
+ /*
+ * Nothing to do. Wait for something.
+ */
+ # ifndef HAVE_SIGNALED_IO
++ double timeout;
++
+ rdfdes = activefds;
+-# if defined(VMS) || defined(SYS_VXWORKS)
+- /* make select() wake up after one second */
+- {
+- struct timeval t1;
++ get_systime(&now);
++ timeout = get_timeout(&now);
+
+- t1.tv_sec = 1; t1.tv_usec = 0;
++ if (timeout > 0.0) {
++ struct timeval t1;
++
++ t1.tv_sec = timeout;
++ t1.tv_usec = (timeout - t1.tv_sec) * 1000000;
+ nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
+ (fd_set *)0, &t1);
+- }
+-# else
+- nfound = select(maxactivefd+1, &rdfdes, (fd_set *)0,
+- (fd_set *)0, (struct timeval *)0);
+-# endif /* VMS */
+- if (nfound > 0)
+- {
+- l_fp ts;
++ get_systime(&now);
++ } else
++ nfound = 0;
+
+- get_systime(&ts);
++ time_elapsed = timer_elapsed(now, timeout);
+
+- (void)input_handler(&ts);
++ if (nfound > 0)
++ {
++ (void)input_handler(&now);
+ }
+ else if (nfound == -1 && errno != EINTR)
+ msyslog(LOG_ERR, "select() error: %m");
+@@ -1085,17 +1080,13 @@ getgroup:
+ msyslog(LOG_DEBUG, "select(): nfound=%d, error: %m", nfound);
+ # endif /* DEBUG */
+ # else /* HAVE_SIGNALED_IO */
++# error not supported by sleep patch
+
+ wait_for_signal();
+ # endif /* HAVE_SIGNALED_IO */
+- if (alarm_flag) /* alarmed? */
+- {
+- was_alarmed = 1;
+- alarm_flag = 0;
+- }
+ }
+
+- if (was_alarmed)
++ if (time_elapsed > 0)
+ {
+ UNBLOCK_IO_AND_ALARM();
+ /*
+@@ -1103,7 +1094,6 @@ getgroup:
+ * to process expiry.
+ */
+ timer();
+- was_alarmed = 0;
+ BLOCK_IO_AND_ALARM();
+ }
+
+@@ -1121,19 +1111,8 @@ getgroup:
+ rbuf = get_full_recv_buffer();
+ while (rbuf != NULL)
+ {
+- if (alarm_flag)
+- {
+- was_alarmed = 1;
+- alarm_flag = 0;
+- }
+ UNBLOCK_IO_AND_ALARM();
+
+- if (was_alarmed)
+- { /* avoid timer starvation during lengthy I/O handling */
+- timer();
+- was_alarmed = 0;
+- }
+-
+ /*
+ * Call the data procedure to handle each received
+ * packet.
--- /dev/null
+diff -up ntp-4.2.6p1/lib/isc/unix/interfaceiter.c.tentative ntp-4.2.6p1/lib/isc/unix/interfaceiter.c
+--- ntp-4.2.6p1/lib/isc/unix/interfaceiter.c.tentative 2009-12-09 08:36:35.000000000 +0100
++++ ntp-4.2.6p1/lib/isc/unix/interfaceiter.c 2010-03-04 17:50:17.000000000 +0100
+@@ -45,6 +45,8 @@
+ #include <isc/types.h>
+ #include <isc/util.h>
+
++#include <linux/rtnetlink.h>
++
+ /* Must follow <isc/net.h>. */
+ #ifdef HAVE_NET_IF6_H
+ #include <net/if6.h>
+@@ -223,6 +225,11 @@ linux_if_inet6_current(isc_interfaceiter
+ }
+ iter->current.af = AF_INET6;
+ iter->current.flags = INTERFACE_F_UP;
++
++ /* ignore tentative address */
++ if (flag4 & IFA_F_TENTATIVE)
++ iter->current.flags &= ~INTERFACE_F_UP;
++
+ isc_netaddr_fromin6(&iter->current.address, &addr6);
+ if (isc_netaddr_islinklocal(&iter->current.address)) {
+ isc_netaddr_setzone(&iter->current.address,
-#
# TODO:
-# - check which of the 'FC patches' are actually needed and update them
-# as needed
# - ntpdseem.1 manual page 'disappeared'
# - warning: Installed (but unpackaged) file(s) found:
+# - package ntpsnmpd - NTP SNMP MIB agent
+# /usr/sbin/ntpsnmpd
# /usr/share/man/man1/ntpsnmpd.1.gz
#
%include /usr/lib/rpm/macros.perl
Patch3: %{name}-openssl_check.patch
Patch4: %{name}-nano.patch
Patch5: %{name}-ntpdc-link_order.patch
-# FC patches
-Patch101: %{name}-4.2.4p4-kernel.patch
-Patch102: %{name}-4.2.4p0-droproot.patch
-Patch103: %{name}-4.2.4-groups.patch
-Patch104: %{name}-4.2.4p7-daemonpll.patch
-Patch106: %{name}-4.2.4p2-tentative.patch
-Patch107: %{name}-4.2.4p2-noseed.patch
-Patch108: %{name}-4.2.4p4-multilisten.patch
-Patch109: %{name}-4.2.4-html2man.patch
-Patch110: %{name}-4.2.4p5-htmldoc.patch
-Patch111: %{name}-4.2.4p2-filegen.patch
-Patch112: %{name}-4.2.4-sprintf.patch
-Patch114: %{name}-4.2.4p8-mlock.patch
-Patch115: %{name}-4.2.4p2-clockselect.patch
-Patch117: %{name}-4.2.4p7-sleep.patch
-Patch118: %{name}-4.2.4p7-bcast.patch
-Patch119: %{name}-4.2.4p0-retcode.patch
-Patch120: %{name}-4.2.4p2-noif.patch
-Patch122: %{name}-4.2.4p4-cmsgalign.patch
-Patch124: %{name}-4.2.4p4-resinit.patch
-Patch125: %{name}-4.2.4p5-rtnetlink.patch
-Patch126: %{name}-4.2.4p7-stamode.patch
-Patch127: %{name}-4.2.4p5-driftonexit.patch
-Patch129: %{name}-4.2.4p7-minpoll.patch
-Patch130: %{name}-4.2.4p7-freqmode.patch
-Patch133: %{name}-4.2.4p7-getprecision.patch
+# FC patches + 100
+Patch101: %{name}-4.2.6p1-sleep.patch
+Patch102: %{name}-4.2.6p1-droproot.patch
+Patch103: %{name}-4.2.6p1-bcast.patch
+Patch104: %{name}-4.2.6p1-cmsgalign.patch
+Patch105: %{name}-4.2.6p1-linkfastmath.patch
+Patch106: %{name}-4.2.6p1-tentative.patch
+Patch107: %{name}-4.2.6p1-retcode.patch
+Patch108: %{name}-4.2.6p1-rtnetlink.patch
+Patch109: %{name}-4.2.6p1-html2man.patch
+Patch110: %{name}-4.2.6p1-htmldoc.patch
+Patch112: %{name}-4.2.4p7-getprecision.patch
+Patch113: %{name}-4.2.6p1-logdefault.patch
+Patch114: %{name}-4.2.6p1-mlock.patch
URL: http://www.ntp.org/
BuildRequires: autoconf
BuildRequires: automake
%patch5 -p1
## FC patches
-%if 0
%patch101 -p1
%patch102 -p1
%patch103 -p1
%patch104 -p1
+%patch105 -p1
%patch106 -p1
%patch107 -p1
%patch108 -p1
%patch109 -p1
%patch110 -p1
-%patch111 -p1
%patch112 -p1
+%patch113 -p1
%patch114 -p1
-%patch115 -p1
-%patch117 -p1
-%patch118 -p1
-%patch119 -p1
-%patch120 -p1
-%patch122 -p1
-%patch124 -p1
-%patch125 -p1
-%patch126 -p1
-%patch127 -p1
-%patch129 -p1
-%patch130 -p1
-%patch133 -p1
-%endif
echo 'AM_CONDITIONAL([NEED_LIBOPTS], false)' >> configure.ac
echo 'AM_CONDITIONAL([NEED_LIBOPTS], false)' >> sntp/configure.ac
projects / packages / ntp.git / commitdiff