Allowing upstream servers of ntp being in multiple routing tables is

non-sensical.  The dns lookups happened in the process routing table
(usually '0'), which is very likely to have different results from the
other routing domains.  If you do depend on having this behaviour,
you'll need to use pf to cross the rtable boundary.

"listen on * rtable X" is still supported.

Users of "server * rtable X" will need to switch to launching ntpd with
"route -T X exec /usr/sbin/ntpd"

OK deraadt@

diff --git a/usr.sbin/ntpd/client.c b/usr.sbin/ntpd/client.c
index 93e69ea..9980bbd 100644 (file)
--- a/usr.sbin/ntpd/client.c
+++ b/usr.sbin/ntpd/client.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: client.c,v 1.102 2015/07/18 00:53:44 bcook Exp $ */
+/*     $OpenBSD: client.c,v 1.103 2015/10/23 14:52:20 phessler Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -142,10 +142,6 @@ client_query(struct ntp_peer *p)
                    0)) == -1)
                        fatal("client_query socket");
 
-               if (p->rtable != -1 &&
-                   setsockopt(p->query->fd, SOL_SOCKET, SO_RTABLE,
-                   &p->rtable, sizeof(p->rtable)) == -1)
-                       fatal("client_query setsockopt SO_RTABLE");
                if (connect(p->query->fd, sa, SA_LEN(sa)) == -1) {
                        if (errno == ECONNREFUSED || errno == ENETUNREACH ||
                            errno == EHOSTUNREACH || errno == EADDRNOTAVAIL) {
@@ -248,11 +244,6 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
                return (0);
        }
 
-       if (p->rtable != -1 &&
-           setsockopt(p->query->fd, SOL_SOCKET, SO_RTABLE, &p->rtable,
-           sizeof(p->rtable)) == -1)
-               fatal("client_dispatch setsockopt SO_RTABLE");
-
        for (cmsg = CMSG_FIRSTHDR(&somsg); cmsg != NULL;
            cmsg = CMSG_NXTHDR(&somsg, cmsg)) {
                if (cmsg->cmsg_level == SOL_SOCKET &&
@@ -393,10 +384,10 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
        }
 
        log_debug("reply from %s: offset %f delay %f, "
-           "next query %llds %s",
+           "next query %llds",
            log_sockaddr((struct sockaddr *)&p->addr->ss),
            p->reply[p->shift].offset, p->reply[p->shift].delay,
-           (long long)interval, print_rtable(p->rtable));
+           (long long)interval);
 
        client_update(p);
        if (settime)

diff --git a/usr.sbin/ntpd/control.c b/usr.sbin/ntpd/control.c
index 2dd76d1..08740ba 100644 (file)
--- a/usr.sbin/ntpd/control.c
+++ b/usr.sbin/ntpd/control.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: control.c,v 1.6 2015/07/18 00:53:44 bcook Exp $ */
+/*     $OpenBSD: control.c,v 1.7 2015/10/23 14:52:20 phessler Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -333,8 +333,7 @@ build_show_peer(struct ctl_show_peer *cp, struct ntp_peer *p)
                addr_head_name = p->addr_head.name;
 
        snprintf(cp->peer_desc, sizeof(cp->peer_desc),
-           "%s %s%s %s", a, pool, addr_head_name,
-           print_rtable(p->rtable) );
+           "%s %s%s", a, pool, addr_head_name);
 
        validdelaycnt = best = 0;
        cp->offset = cp->delay = 0.0;

diff --git a/usr.sbin/ntpd/ntp.c b/usr.sbin/ntpd/ntp.c
index da6fc35..b8dbafe 100644 (file)
--- a/usr.sbin/ntpd/ntp.c
+++ b/usr.sbin/ntpd/ntp.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ntp.c,v 1.137 2015/10/12 06:50:08 reyk Exp $ */
+/*     $OpenBSD: ntp.c,v 1.138 2015/10/23 14:52:20 phessler Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -271,9 +271,8 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
                        if (p->deadline > 0 && p->deadline <= getmonotime()) {
                                timeout = 300;
                                log_debug("no reply from %s received in time, "
-                                   "next query %ds %s", log_sockaddr(
-                                   (struct sockaddr *)&p->addr->ss), timeout,
-                                   print_rtable(p->rtable));
+                                   "next query %ds", log_sockaddr(
+                                   (struct sockaddr *)&p->addr->ss), timeout);
                                if (p->trustlevel >= TRUSTLEVEL_BADPEER &&
                                    (p->trustlevel /= 2) < TRUSTLEVEL_BADPEER)
                                        log_info("peer %s now invalid",
@@ -545,7 +544,6 @@ ntp_dispatch_imsg_dns(void)
                                        npeer->addr_head.name =
                                            peer->addr_head.name;
                                        npeer->addr_head.pool = 1;
-                                       npeer->rtable = peer->rtable;
                                        client_peer_init(npeer);
                                        npeer->state = STATE_DNS_DONE;
                                        peer_add(npeer);
@@ -832,9 +830,8 @@ report_peers(int always)
                                            (struct sockaddr *)&p->addr->ss);
                                if (p->addr_head.pool)
                                        pool = "from pool ";
-                               log_warnx("bad peer %s%s (%s) %s",
-                                   pool, p->addr_head.name, a,
-                                   print_rtable(p->rtable));
+                               log_warnx("bad peer %s%s (%s)",
+                                   pool, p->addr_head.name, a);
                        }
                }
        }

diff --git a/usr.sbin/ntpd/ntpd.conf.5 b/usr.sbin/ntpd/ntpd.conf.5
index 70f547f..ef693df 100644 (file)
--- a/usr.sbin/ntpd/ntpd.conf.5
+++ b/usr.sbin/ntpd/ntpd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ntpd.conf.5,v 1.32 2015/08/28 02:59:29 deraadt Exp $
+.\" $OpenBSD: ntpd.conf.5,v 1.33 2015/10/23 14:52:20 phessler Exp $
 .\"
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 .\" OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 28 2015 $
+.Dd $Mdocdate: October 23 2015 $
 .Dt NTPD.CONF 5
 .Os
 .Sh NAME
@@ -130,17 +130,12 @@ A stratum value other than the default of 1 can be assigned using
 the stratum keyword.
 .It Xo Ic server Ar address
 .Op Ic weight Ar weight-value
-.Op Ic rtable Ar table-id
 .Xc
 Specify the IP address or the hostname of an NTP
 server to synchronize to.
 If it appears multiple times,
 .Xr ntpd 8
 will try to synchronize to all of the servers specified.
-The
-.Cm rtable
-option specifies which routing table should be used for connection attempts.
-Hostname resolution will still happen using the default routing table.
 If a hostname resolves to multiple IPv4 and/or IPv6 addresses,
 .Xr ntpd 8
 uses the first address.
@@ -151,7 +146,7 @@ is found.
 For example:
 .Bd -literal -offset indent
 server 10.0.0.2 weight 5
-server ntp.example.org weight 1 rtable 4
+server ntp.example.org weight 1
 .Ed
 .Pp
 To provide redundancy, it is good practice to configure multiple servers.
@@ -159,7 +154,6 @@ In general, best accuracy is obtained by using servers that have a low
 network latency.
 .It Xo Ic servers Ar address
 .Op Ic weight Ar weight-value
-.Op Ic rtable Ar table-id
 .Xc
 As with
 .Cm server ,
@@ -173,7 +167,7 @@ will try to synchronize to all of them.
 For example:
 .Bd -literal -offset indent
 servers pool.ntp.org
-servers pool.ntp.org rtable 5
+servers pool.ntp.org weight 5
 .Ed
 .El
 .Sh CONSTRAINTS
@@ -231,9 +225,3 @@ The
 .Nm
 file format first appeared in
 .Ox 3.6 .
-.Sh CAVEATS
-When using different
-.Cm rtable
-options,
-.Xr ntpd 8
-must be started in rtable 0.

diff --git a/usr.sbin/ntpd/ntpd.h b/usr.sbin/ntpd/ntpd.h
index 9d00818..007fb34 100644 (file)
--- a/usr.sbin/ntpd/ntpd.h
+++ b/usr.sbin/ntpd/ntpd.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ntpd.h,v 1.122 2015/10/12 06:50:08 reyk Exp $ */
+/*     $OpenBSD: ntpd.h,v 1.123 2015/10/23 14:52:20 phessler Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -104,7 +104,6 @@ struct listen_addr {
 struct ntp_addr {
        struct ntp_addr         *next;
        struct sockaddr_storage  ss;
-       int                      rtable;
 };
 
 struct ntp_addr_wrap {
@@ -159,7 +158,6 @@ struct ntp_peer {
        u_int8_t                         weight;
        int                              lasterror;
        int                              senderrors;
-       int                              rtable;
 };
 
 struct ntp_sensor {

diff --git a/usr.sbin/ntpd/parse.y b/usr.sbin/ntpd/parse.y
index 52852f7..4b15df9 100644 (file)
--- a/usr.sbin/ntpd/parse.y
+++ b/usr.sbin/ntpd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.63 2015/07/18 00:53:44 bcook Exp $ */
+/*     $OpenBSD: parse.y,v 1.64 2015/10/23 14:52:20 phessler Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -106,8 +106,6 @@ main                : LISTEN ON address listen_opts {
                        struct listen_addr      *la;
                        struct ntp_addr         *h, *next;
 
-                       if ($3->a)
-                               $3->a->rtable = $4.rtable;
                        if ((h = $3->a) == NULL &&
                            (host_dns($3->name, &h) == -1 || !h)) {
                                yyerror("could not resolve \"%s\"", $3->name);
@@ -155,7 +153,6 @@ main                : LISTEN ON address listen_opts {
 
                                p = new_peer();
                                p->weight = $3.weight;
-                               p->rtable = $3.rtable;
                                p->addr = h;
                                p->addr_head.a = h;
                                p->addr_head.pool = 1;
@@ -164,7 +161,7 @@ main                : LISTEN ON address listen_opts {
                                        fatal(NULL);
                                if (p->addr != NULL)
                                        p->state = STATE_DNS_DONE;
-                               if (!(p->rtable > 0 && p->addr))
+                               if (!(p->addr))
                                        TAILQ_INSERT_TAIL(&conf->ntp_peers,
                                            p, entry);
                                h = next;
@@ -195,7 +192,6 @@ main                : LISTEN ON address listen_opts {
                        }
 
                        p->weight = $3.weight;
-                       p->rtable = $3.rtable;
                        p->addr_head.a = p->addr;
                        p->addr_head.pool = 0;
                        p->addr_head.name = strdup($2->name);
@@ -203,7 +199,7 @@ main                : LISTEN ON address listen_opts {
                                fatal(NULL);
                        if (p->addr != NULL)
                                p->state = STATE_DNS_DONE;
-                       if (!(p->rtable > 0 && p->addr))
+                       if (!(p->addr))
                                TAILQ_INSERT_TAIL(&conf->ntp_peers, p, entry);
                        free($2->name);
                        free($2);
@@ -355,7 +351,6 @@ server_opts_l       : server_opts_l server_opt
                | server_opt
                ;
 server_opt     : weight
-               | rtable
                ;
 
 sensor_opts    :       { opts_default(); }
@@ -428,7 +423,6 @@ opts_default(void)
 {
        memset(&opts, 0, sizeof opts);
        opts.weight = 1;
-       opts.rtable = -1;
        opts.stratum = 1;
 }