Opened 4 years ago

Last modified 4 years ago

#15133 new defect

ntpclient does not check the server status reliably

Reported by: devel@… Owned by: developers
Priority: normal Milestone: Chaos Calmer 15.05
Component: packages Version: Trunk
Keywords: ntpclient Cc: devel@…


Package ntpclient contains /etc/hotplug.d/iface/20-ntpclient, which by default tries to check configured NTP servers one-by-one until one will answer.
It is done in the check_server() function using ntpclient program as a single-shot probing tool:

$NTPC -c 1 -p ${port:-123} -i 2 -h $hostname > /dev/null && { SERVER=$hostname; PORT=${port:-123}; }

Sadly ntpclient does not respond with a non-zero exitcode if the target host does not offer an ntp service. The following example shows this behaviour:

root@AP-1-203:/etc/init.d# ntpclient -c 1 -p 123 -i 2 -h; echo $?
recvfrom: Connection refused

Since ntpclient is designed for repetitive requests it does not emit error codes for singular connection failures.

Currently only a non-routable destination host is detected:

root@AP-1-203:/etc/init.d# ntpclient -c 1 -p 123 -i 2 -h; echo $?
connect: Network is unreachable

After studying ntpclient's source I noticed that its output could be used as an indicator for a valid response. In case of a suitable answer ntpclient will output a status line as defined in RFC 1305 (appendix A). This status line contains only digits, dots and whitespace.

The attached patch extends the check_server function by looking for such an output string. Thus non-working ntp servers can be excluded from operation easily.

Attachments (1)

ntpclient_fix_server_check.patch (1.0 KB) - added by devel@… 3 years ago.
carefully check ntpclient's output

Download all attachments as: .zip

Change History (2)

comment:1 Changed 4 years ago by devel@…

Somehow it seems that I am unable to upload an attachment. Thus I need to put the patch here inline - sorry!

--- a/packages/net/ntpclient/files/ntpclient.hotplug
+++ b/packages/net/ntpclient/files/ntpclient.hotplug
@@ -28,7 +28,9 @@ check_server() {
        [ -z "$hostname" ] && return
-       $NTPC -c 1 -p ${port:-123} -i 2 -h $hostname > /dev/null && { SERVER=$hostname; PORT=${port:-123}; }
+       # successful operation always results in an RFC-1305 Appendix A status message (digits, dots and spaces)
+       # connection failures are not supposed to raise errors (according to ntpclient's source)
+       "$NTPC" -c 1 -p ${port:-123} -i 2 -h "$hostname" | grep -q "^[0-9. \t]\+$" && { SERVER=$hostname; PORT=${port:-123}; }
 set_drift() {

Changed 3 years ago by devel@…

carefully check ntpclient's output

Add Comment

Modify Ticket

as new .

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.