#
352865 |
|
29-Sep-2019 |
cy |
MFC r352304, r352540
r352304: No longer mlock() ntpd pages by default in memory thus allowing its pages to page as necessary.
To restore historic BSD behaviour add the following to ntp.conf: rlimit memlock 32
Discussed on: freebsd-current@ between Sept 6-9, 2019 Reported by: Users using ASLR with stack gap != 0 Reviewed by: ian, kib, rgrimes (all previous versions) Differential Revision: https://reviews.freebsd.org/D21581
r352540: Follow up on r352304 which disabled default mlockall() at startup. Unfortunately though the original tarball supports this in ./configure (for Linux), to fully support disabling of mlockall() by default requires a little extra help otherwise the following is logged in syslog:
Cannot set RLIMIT_MEMLOCK: Operation not permitted
|
#
335949 |
|
04-Jul-2018 |
ian |
MFC r335595-r335596
r335595: Modernize usage of "restrict" keyword in ntp.conf
It is no longer necessary to specify a -4/-6 flag on any ntp.conf keyword. The address type is inferred from the address itself as necessary. "restrict default" statements always apply to both address families regardless of any -4/-6 flag that may be present.
So this change just tidies up our default config by removing the redundant restrict -6 statement and comment, and by removing the -6 flag from the restrict keyword that allows access from localhost.
This change was inspired by the patches provided in PRs 201803 and 210245, and included some contrib/ntp code inspection to verify that the -4/-6 keywords are basically no-ops in all contexts now.
PR: 201803 210245 Differential Revision: https://reviews.freebsd.org/D15974
r335596: Fix a comment; the ntp leaplist file is updated periodically, but not weekly (it's only updated when a check shows it's within 30 days of expiring).
PR: 207138
|
#
314531 |
|
02-Mar-2017 |
ian |
MFC r311103, r311907:
Update ntp.conf to use the ntpd pool feature.
Our previous ntp.conf file configured 3 servers from freebsd.pool.ntp.org using 3 separate 'server' config lines. That is now replaced with a single 'pool' line which causes ntpd to add multiple servers from the pool.
More than just making the config smaller, the pool feature in ntpd has one major advantage over configuring 3 separate servers from a pool: if a server that was added using a 'pool' statement provides bad time (initially or at some later date), ntpd automatically discards it and configures a new different server from the pool without needing to be restarted.
These changes also add a 'tos' line to control how many pool servers get added, a 'restrict source' line that is required to allow ntpd to add new peers from the pool, and it deletes a 'restrict 127.127.1.0' line that does nothing and should never have been there (127.127.1.0 is not a valid IP address, it's a refclock identifier).
Add "pool" to the keywords that rc.d/ntpdate examines to find a server address in ntp.conf.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
294773 |
|
26-Jan-2016 |
cy |
Add support for automatic leap-second file updates.
The working copy of leapfile resides in /var/dbntpd.leap-seconds.list. /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should automatic leapfile updates be disabled (default).
Automatic leapfile updates are fetched from $ntp_leapfile_sources, defaulting to https://www.ietf.org/timezones/data/leap-seconds.list, within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds file expiry. Automatic updates can be enabled by setting $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting the ntp leapfile source the automatic update randomized by default but can be disabled through daily_ntpd_avoid_congestion="NO" in periodic.conf.
Suggested by: des Reviewed by: des, roberto, dwmalone, ian, cperciva, glebius, gjb MFC after: 1 week X-MFC with: r289421, r293037
|
#
289421 |
|
16-Oct-2015 |
cy |
Add default leap-seconds file. This should help ntp networks get the leap second date correct
Updates to the file can be obtained from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
Suggested by: dwmalone Reviewed by: roberto, dwmalone, delphij Approved by: roberto MFC after: 1 week
|
#
280916 |
|
31-Mar-2015 |
delphij |
Add limited to the default restrictions.
X-MFC-with: r280849
|
#
259973 |
|
27-Dec-2013 |
delphij |
Tighten default restrictions for ntpd(8) server and provide a link to NTP access restriction documentation.
The new default restrictions would allow only time queries from a remote system and will KoD all other requests, but still allow localhost to do make all requests.
These restrictions are also recommended for all Internet-facing public NTP servers.
This changeset is intended for an instant MFC to stable/10 and releng/10.0.
|
#
239464 |
|
20-Aug-2012 |
delphij |
As of r232844 we no longer need the maxpoll 9 workaround.
MFC after: 3 days
|
#
195652 |
|
13-Jul-2009 |
dwmalone |
1) Use our vendor domain at the pool. 2) Point people at the pool website and encourage people to provide a server in the pool (as a courtesy to the pool guys). 3) Fix a spelling. 4) Comment out the local clock and include a link to documentation for use of the local clock on the ntp.org site.
Approved by: re (kib)
|
#
193635 |
|
07-Jun-2009 |
edwin |
Welcome to a default installed /etc/ntp.conf
This NTP configuration file points to the [012].pool.ntp.org servers, which will return a list of geographical local NTP servers. It uses the best-practice options of "iburst" and "maxpoll 9". It gives examples on how to use the "restrict" commands, which are unfortunately not working when you use the pool.ntp.org servers. It sets up a fudge server so any clients syncing against this server will always be synced even if we lose the master.
The idea of this file was briefly discussed on -net.
PR: conf/58595 Submitted by: Chris Stenton <jacs@gnome.co.uk> MFC after: 1 week
|