[chrony-dev] [GIT] chrony/chrony.git branch master updated. 2.4-98-gea58a1e

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


This is an automated email from git. It was generated because a ref
change was pushed to the "chrony/chrony.git" repository.

The branch, master has been updated
       via  ea58a1e72c235dc1db9ab15f378a9d62e7ed986d (commit)
       via  5c691a546063f0c57e6af5b8eb49d544f8e64abf (commit)
       via  2c877fa149842087cf24e4494601c71adf2290d5 (commit)
       via  33053a5e149284938d0720a4f28c7518f2dd2e6d (commit)
       via  86626521923f584a91d8c860941d34ae64afce37 (commit)
       via  227c7e60a48f3586f90b16de8093d47dc4240507 (commit)
       via  6e9c04896b06850c846fc20a3f4ced3c820027f4 (commit)
       via  0e273939d26861251244eea053adf0f8225ec221 (commit)
       via  14647032b24d17141e6bd01312531d7c358dfe47 (commit)
       via  14a1059e43d04cb3865fb96ba17b326f2c7bdb88 (commit)
       via  4449259d884ff672fe03d3112b68ba6f4de76e35 (commit)
       via  01e5ea7d31c186c82b91f3a7c8d44b523fcd1b78 (commit)
       via  94522bfed1cf1851ec53c8e34af899d6380eacf0 (commit)
       via  9bdd35c9faa5769f2a0d29574d19f4802bcd152d (commit)
       via  d366530699a6b1af77727c5146e9b9eec267cc36 (commit)
       via  96d652e5bd1cdbebdda14ce7177c168ac9b56486 (commit)
       via  bd736f9234c94b8de69553654544e37e9af3ac9d (commit)
       via  90b25f5b83df35cb679b5bb96a6367da098e7a46 (commit)
       via  997406fe47d8eaa65f29bae25709023c0db66281 (commit)
       via  14c8f07629adb7b574f12e72106c2a24f05a7b22 (commit)
       via  8f6a1b5318795f20fc01503803f612fa2ac5878d (commit)
       via  a8c6bea2d57c83f7ddf02cf80848c4e478ed09ea (commit)
      from  19fde8f49caa505e5f53a893a7a792fe28cef55a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ea58a1e72c235dc1db9ab15f378a9d62e7ed986d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Nov 9 17:33:03 2016 +0100

    ntp: print offset and delay in debug messages in nanosecond resolution

commit 5c691a546063f0c57e6af5b8eb49d544f8e64abf
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Nov 9 17:31:55 2016 +0100

    ntp: fix remote poll in measurements log
    
    Write the poll value from the received packet instead of the saved
    value, which doesn't have to be always updated.

commit 2c877fa149842087cf24e4494601c71adf2290d5
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Nov 9 17:31:34 2016 +0100

    ntp: add new fields to measurements log
    
    Include reference ID, NTP mode and source of the local transmit and
    receive timestamp in the measurements log.

commit 33053a5e149284938d0720a4f28c7518f2dd2e6d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Nov 8 15:53:40 2016 +0100

    ntp: add partial protection against replay attacks on symmetric mode
    
    A recently published paper [1] (section VIII) describes a DoS attack
    on symmetric associations authenticated with a symmetric key where the
    attacker can only observe and replay packets. Although the attacker
    cannot prevent packets from reaching the other peer (not even by
    flooding the network for example), s/he has the same power as a MitM
    attacker.
    
    As the authors explain, this is a fundamental flaw of the protocol,
    which cannot be fixed in the general case. However, we can at least try
    to protect associations in a case where the peers use the same polling
    interval (i.e. for each request is expected one response) and all peers
    that share the symmetric key never start with clocks in future or very
    distant past (i.e. the attacker does not have any packets from future
    that could be replayed).
    
    Require that updates of the NTP state between requests have increasing
    transmit timestamp and when a packet that passed all NTP tests to be
    considered a valid response was received, don't allow any more updates
    of the state from packets that don't pass the tests. This should ensure
    the last update of the state is from the first time the last real
    response was received and still allow the protocol to recover in case
    one of the peers steps its clock back or the attacker does have a packet
    from future and the attack stops.
    
    [1] Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy,
        Jonathan Gardner, and Sharon Goldberg. The Security of NTP's
        Datagram Protocol. https://eprint.iacr.org/2016/1006

commit 86626521923f584a91d8c860941d34ae64afce37
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Nov 3 08:06:26 2016 +0100

    ntp: disable presend in symmetric and interleaved modes
    
    The presend packet can't be used in symmetric and interleaved modes as
    it breaks the protocol with unexpected packets.

commit 227c7e60a48f3586f90b16de8093d47dc4240507
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 24 17:10:28 2016 +0200

    test: add util unit test

commit 6e9c04896b06850c846fc20a3f4ced3c820027f4
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 24 16:46:29 2016 +0200

    util: add functions for zeroing and comparing NTP timestamps

commit 0e273939d26861251244eea053adf0f8225ec221
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 24 14:54:58 2016 +0200

    ntp: fix poll value in broadcast mode packets
    
    Set poll in broadcast mode packets to the rounded log2 value of the
    actual interval instead of a hardcoded value.

commit 14647032b24d17141e6bd01312531d7c358dfe47
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 24 14:34:50 2016 +0200

    doc: update chrony.conf man page for recent changes

commit 14a1059e43d04cb3865fb96ba17b326f2c7bdb88
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 24 12:44:59 2016 +0200

    ntp: add support for HW timestamping on Linux
    
    Add a new directive to specify interfaces which should be used for HW
    timestamping. Extend the Linux ntp_io initialization to enable HW
    timestamping, configure the RX filter using the SIOCSHWTSTAMP ioctl,
    open their PHC devices, and track them as hwclock instances. When
    messages with HW timestamps are received, use the PTP_SYS_OFFSET ioctl
    to make PHC samples for hwclock.

commit 4449259d884ff672fe03d3112b68ba6f4de76e35
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 24 12:35:01 2016 +0200

    ntp: read interface index from control messages

commit 01e5ea7d31c186c82b91f3a7c8d44b523fcd1b78
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Thu Oct 27 10:57:29 2016 +0200

    test: add 122-xleave

commit 94522bfed1cf1851ec53c8e34af899d6380eacf0
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Oct 21 16:51:06 2016 +0200

    test: add hwclock unit test

commit 9bdd35c9faa5769f2a0d29574d19f4802bcd152d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Oct 19 16:57:32 2016 +0200

    hwclock: add support for tracking hardware clocks
    
    Add a general support for tracking independent hardware clocks like PTP
    hardware clocks (PHC) or real-time clocks (RTC).

commit d366530699a6b1af77727c5146e9b9eec267cc36
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Oct 12 10:02:18 2016 +0200

    clientlog: move status check to get_record()

commit 96d652e5bd1cdbebdda14ce7177c168ac9b56486
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Oct 11 17:15:56 2016 +0200

    ntp: add support for interleaved client/server mode
    
    Adapt the interleaved symmetric mode for client/server associations.
    On server, save the state needed for detection and responding in the
    interleaved mode in the client log. On client, enable the interleaved
    mode when the server is specified with the xleave option. Always accept
    responses in basic mode to allow synchronization with servers that
    don't support the interleaved mode, have too many clients, or have
    multiple clients behing the same IP address. This is also necessary to
    prevent DoS attacks on the client by overwriting or flushing the server
    state. Protect the client's state variables against replay attacks as
    the timestamps are now needed when processing the subsequent packet.

commit bd736f9234c94b8de69553654544e37e9af3ac9d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Tue Oct 11 17:06:58 2016 +0200

    ntp: check also NTP receive timestamp when updating TX timestamp

commit 90b25f5b83df35cb679b5bb96a6367da098e7a46
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Mon Oct 10 12:15:34 2016 +0200

    ntp: add support for interleaved symmetric mode
    
    Add xleave option to the peer directive to enable an interleaved mode
    compatible with ntpd. This allows peers to exchange transmit timestamps
    captured after the actual transmission and significantly improve
    the accuracy of the measurements.

commit 997406fe47d8eaa65f29bae25709023c0db66281
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Oct 7 17:03:09 2016 +0200

    ntp: add support for software timestamping on Linux
    
    Enable SCM_TIMESTAMPING control messages and the socket's error queue in
    order to receive our transmitted packets with a more accurate transmit
    timestamp. Add a new file for Linux-specific NTP I/O and implement
    processing of these messages there.

commit 14c8f07629adb7b574f12e72106c2a24f05a7b22
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Oct 7 15:40:49 2016 +0200

    ntp: save source of local timestamps
    
    Introduce a new structure for local timestamps that will hold the
    timestamp with its estimated error and also its source (daemon, kernel
    or HW). While at it, reorder parameters of the functions that accept the
    timestamps.

commit 8f6a1b5318795f20fc01503803f612fa2ac5878d
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Fri Oct 7 14:08:07 2016 +0200

    ntp: add support for processing of transmitted packets
    
    Add new functions for processing of packets after they are actually
    sent by the kernel or HW in order to get a more accurate transmit
    timestamp. Rename old functions for processing of received packets and
    their parameters to make the naming more consistent.

commit a8c6bea2d57c83f7ddf02cf80848c4e478ed09ea
Author: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date:   Wed Oct 26 10:24:49 2016 +0200

    sys_linux: add function for checking kernel version

-----------------------------------------------------------------------

Summary of changes:
 candm.h                       |   1 +
 client.c                      |   1 +
 clientlog.c                   |  41 +++-
 clientlog.h                   |   2 +
 cmdmon.c                      |   1 +
 cmdparse.c                    |   3 +
 conf.c                        |  29 +++
 conf.h                        |   3 +
 configure                     |  21 ++
 doc/chrony.conf.adoc          |  67 +++++-
 hwclock.c                     | 202 ++++++++++++++++++
 ntp_signd.h => hwclock.h      |  30 +--
 logging.h                     |   2 +
 ntp_core.c                    | 446 ++++++++++++++++++++++++++------------
 ntp_core.h                    |  28 ++-
 ntp_io.c                      |  94 +++++---
 ntp_io.h                      |   3 +-
 ntp_io_linux.c                | 486 ++++++++++++++++++++++++++++++++++++++++++
 ntp_signd.h => ntp_io_linux.h |  25 +--
 ntp_signd.c                   |   2 +-
 ntp_sources.c                 |  26 ++-
 ntp_sources.h                 |   8 +-
 srcparams.h                   |   1 +
 sys_linux.c                   |  42 +++-
 sys_linux.h                   |   2 +
 test/compilation/001-features |   2 +
 test/simulation/122-xleave    |  36 ++++
 test/unit/clientlog.c         |   2 +-
 test/unit/hwclock.c           |  72 +++++++
 test/unit/util.c              | 140 ++++++++++++
 util.c                        |  36 ++++
 util.h                        |  12 ++
 32 files changed, 1642 insertions(+), 224 deletions(-)
 create mode 100644 hwclock.c
 copy ntp_signd.h => hwclock.h (55%)
 create mode 100644 ntp_io_linux.c
 copy ntp_signd.h => ntp_io_linux.h (62%)
 create mode 100755 test/simulation/122-xleave
 create mode 100644 test/unit/hwclock.c
 create mode 100644 test/unit/util.c


hooks/post-receive
-- 
chrony/chrony.git

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/