| #
911793fe |
| 12-Apr-2020 |
otto <otto@openbsd.org> |
If all addresses are numeric no use for dns probe; ok florian@ sthen@
|
| #
6a6b450e |
| 07-Jul-2019 |
otto <otto@openbsd.org> |
Sometimes ntp peers are unreliable (looking at you pool.ntp.org!)
and net config can change as well. So if a peer does not respond,
throw it out of the pool if it's a pool member and re-resolve to
fi
Sometimes ntp peers are unreliable (looking at you pool.ntp.org!)
and net config can change as well. So if a peer does not respond,
throw it out of the pool if it's a pool member and re-resolve to
find a replacement. Hold on to good peers so we end up with a good
set of peers. ok benno@
show more ...
|
| #
c9addb91 |
| 12-Jun-2019 |
otto <otto@openbsd.org> |
Fix init of syslog for childs and teach dns process about synced state.
ok benno@
|
| #
b98b0a5c |
| 28-May-2019 |
otto <otto@openbsd.org> |
A step in solving the bootstrap problem in a dnssec environement.
If the time is wrong, we cannot validate dnssec, leading to failed
DNS lookups, so we cannot adjust or set the time. Work around thi
A step in solving the bootstrap problem in a dnssec environement.
If the time is wrong, we cannot validate dnssec, leading to failed
DNS lookups, so we cannot adjust or set the time. Work around this
by repeating a failed DNS lookup with a lookup with the DC (check
disabled) bit set. ok florian@
show more ...
|
| #
f8e1109c |
| 07-Sep-2018 |
kn <kn@openbsd.org> |
Make host_*() AF-agnostic
Merge host_v{4,6}() into much simpler host_ip() using just getaddrinfo().
host_dns() uses the same procedure.
OK naddy
|
| #
a257dd04 |
| 12-Oct-2015 |
reyk <reyk@openbsd.org> |
Move execution of the constraints from the ntp to the parent process.
This helps the ntp process to a) give a better pledge(2) and to b)
keep the promise of "saving the world again... on time" by rem
Move execution of the constraints from the ntp to the parent process.
This helps the ntp process to a) give a better pledge(2) and to b)
keep the promise of "saving the world again... on time" by removing
the delays that have been introduced by expensive constraint forks.
The new design offers better privsep but introduces a few more imsgs
and runs a little bit more code in the privileged parent. The
privileged code is minimal, carefully checked, and does not attempt to
"parse" any contents; the forked constraints instantly drop all
privileges and pledge to "stdio inet".
OK beck@ deraadt@
show more ...
|
| #
842d7e97 |
| 18-Jul-2015 |
bcook <bcook@openbsd.org> |
replace bzero with memset
ok phessler@ deraadt@
|
| #
bc58a738 |
| 10-Feb-2015 |
reyk <reyk@openbsd.org> |
Add support for "constraints": when configured, ntpd(8) will query the
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses.
Add support for "constraints": when configured, ntpd(8) will query the
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
show more ...
|
| #
110a1c68 |
| 08-Feb-2015 |
reyk <reyk@openbsd.org> |
Add a comment that ntpd MUST NOT use AI_ADDRCONFIG in host_dns()
OK henning@
|
| #
a5426be6 |
| 19-Jan-2015 |
bcook <bcook@openbsd.org> |
remove a couple of unused headers.
reported by Jonas 'Sortie' Termansen
|
| #
c0cb3bf1 |
| 13-Jan-2015 |
bcook <bcook@openbsd.org> |
fix some memory leaks in dns handling.
- Nothing seems to free the result of host_dns(), so add host_dns_free() and
call after each query.
- If imsg_add() fails, it frees buf. Avoid subsequentl
fix some memory leaks in dns handling.
- Nothing seems to free the result of host_dns(), so add host_dns_free() and
call after each query.
- If imsg_add() fails, it frees buf. Avoid subsequently dereferencing the
freed buf in imsg_close().
ok millert@ deraadt@
show more ...
|
| #
2388a8b4 |
| 10-Jan-2015 |
tedu <tedu@openbsd.org> |
don't check for a return value that host() doesn't return, so future
generations don't try to change any of the values and break the code.
ok deraadt
|
| #
910f6a33 |
| 10-Jan-2015 |
bcook <bcook@openbsd.org> |
revert host() back to correct behavior.
unbreak config file address parsing
|
| #
406616ca |
| 09-Jan-2015 |
bcook <bcook@openbsd.org> |
return -1 on host() address parsing failure, not 1.
Match what parse.y expects it to return.
ok millert@
|
| #
009f3548 |
| 27-May-2006 |
henning <henning@openbsd.org> |
config file bits for timedelta sensors, so one can specify which devices
to use. "sensors *" just uses all. untested due to lack of hardware.
hacked on the road somewhere between vancouver and calgary
|
| #
6aaaa6e3 |
| 11-May-2005 |
henning <henning@openbsd.org> |
don't touch *hn in failure case. no real change due to the way we use it
but more correct.
from Michael Knudsen <e@molioner.dk>
|
| #
2224caf9 |
| 09-Mar-2005 |
henning <henning@openbsd.org> |
nasty: host_dns used to run before forking and chrooting etc, so it was
guaranteed that its res_init() call was done once before fork etc...
that is no longer the case. call res_init() in main() earl
nasty: host_dns used to run before forking and chrooting etc, so it was
guaranteed that its res_init() call was done once before fork etc...
that is no longer the case. call res_init() in main() early.
show more ...
|
| #
96959c71 |
| 08-Mar-2005 |
henning <henning@openbsd.org> |
from the "shut the fuck up, ntpd" department:
don't whine about temporary dns errors
|
| #
b683bdca |
| 16-Dec-2004 |
dtucker <dtucker@openbsd.org> |
Limit the number of addresses used by the 'servers' directive to 8; ok henning@
|
| #
1b65b24f |
| 30-Aug-2004 |
henning <henning@openbsd.org> |
don't forget to set *hn... theo ok
|
| #
b7de29fd |
| 30-Aug-2004 |
deraadt <deraadt@openbsd.org> |
skip early DNS lookups -- they are deferred to later; ok otto ho henning
|
| #
e908848c |
| 24-Aug-2004 |
henning <henning@openbsd.org> |
don't fatal() if getaddrinfo() returns EAI_NONAME
|
| #
5c35bc7e |
| 12-Aug-2004 |
henning <henning@openbsd.org> |
do not try to getaddrinfo() in the unprivileged process, send an imsg
asking the privileged one to do it. sends back an imsg with the
resulting addresses in a bunch of struct sockaddr_storage in the
do not try to getaddrinfo() in the unprivileged process, send an imsg
asking the privileged one to do it. sends back an imsg with the
resulting addresses in a bunch of struct sockaddr_storage in the data
part.
this should fix all remaining issues with dns (non-)availability at
ntpd startup, be it due to named on localhost or something else.
tested by marco@ and Chris Paul <chris.paul@sentinare.com>
show more ...
|
| #
97c9f460 |
| 10-Aug-2004 |
henning <henning@openbsd.org> |
move memory allocation for new peers into a new function, makes ID allocation
easier
|
| #
547afbf8 |
| 28-Jul-2004 |
henning <henning@openbsd.org> |
when a dns lookup fails at parse time, do not abort but try again
to resolve the hostname every 60 seconds
fixes ntpd invocations before e. g. a dialup link is established and such.
as we want ntpd t
when a dns lookup fails at parse time, do not abort but try again
to resolve the hostname every 60 seconds
fixes ntpd invocations before e. g. a dialup link is established and such.
as we want ntpd to be a "fire and forget" background daemon it should
cope with such situations.
tested by many
show more ...
|