Question regarding broadcast client - NTP

This is a discussion on Question regarding broadcast client - NTP ; On an isolated network, not connected to the internet, I have a timeserver appliance connected to GPS which is doing NTP broadcast across a UDP one way link to the client system I am trying to configure as a broadcast ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Question regarding broadcast client

  1. Question regarding broadcast client

    On an isolated network, not connected to the internet, I have a
    timeserver appliance connected to GPS which is doing NTP broadcast
    across a UDP one way link to the client system I am trying to
    configure as a broadcast client.

    On the client I have a network interface IPaddr:10.9.2.1 Netmask:
    255.255.255.0 Broadcast:10.9.2.255
    On the NTP server IPaddr:10.9.2.2 Netmask:255.255.255.0 Broadcast:
    10.9.2.255

    Running tcpdump on my client I see regular ntp broadcast packets
    arriving from 10.9.2.2 to addresssort 10.9.2.255:123

    10.9.2.2.123 > 10.9.2.255.123: NTPv4, length 68

    On my client I have the following in the ntp.conf file. Note: novolley
    is used as there is no return network path to the timeserver appliance.

    broadcastclient novolley
    disable auth

    The clock on the client is within 2 minutes of the correct time. I run
    ntpd and it does not set the time to match the timeserver.

    I run ntpd on the client with -D and I get regular messages coinciding
    with the arrival of the udp packets.
    receive: at 1205 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    48 mac 20 auth 2
    receive: at 1270 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    48 mac 20 auth 2
    receive: at 1334 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    48 mac 20 auth 2
    receive: at 1398 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    48 mac 20 auth 2
    receive: at 1461 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    48 mac 20 auth 2

    Any suggestions on what I have to do to get ntpd to set the time on my
    client?

    The client system is an uptodate Red Hat 5.2 system. The ntp.x86_64
    version installed is 4.2.2p1-8.el5

    JZ

  2. Re: Question regarding broadcast client

    On 2008-10-20, John Zornig wrote:

    > On an isolated network, not connected to the internet, I have a
    > timeserver appliance connected to GPS which is doing NTP broadcast
    > across a UDP one way link to the client system I am trying to
    > configure as a broadcast client.


    Good! You have a time source.

    > On my client I have the following in the ntp.conf file. Note: novolley
    > is used as there is no return network path to the timeserver appliance.
    >
    > broadcastclient novolley
    > disable auth


    Since you are using 'novolley' ntpd has no way of calculating the
    broadcast delay. The default broadcast delay is 4.0 ms (see
    http://doc.ntp.org/4.2.2/confopt.html). If the delay across your UDP
    link is different you may set it with the 'broadcastdelay' command.

    ntpd needs to have a driftfile to store the frequency correction. On my
    Debian system it is specified like this:

    driftfile /var/lib/ntp/ntp.drift

    The directory should exist and be writeable by the ntp user.

    > The clock on the client is within 2 minutes of the correct time. I run
    > ntpd and it does not set the time to match the timeserver.
    >
    > I run ntpd on the client with -D and I get regular messages coinciding
    > with the arrival of the udp packets.
    > receive: at 1205 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    > 48 mac 20 auth 2


    That shows that the client is receiving the broadcast packets.

    The broadcast server sends out NTP packets at 64 second intervals. So,
    the maximum delay before the client sees the first broadcast packet is
    64 seconds after startup. After ntpd receives the first broadcast packet
    you will see a 1 in the "reach" column of the ntpq peers billboard
    ('ntpq -p'). Then, at 64 second intervals, you should see the reach
    increase (e.g. 1, 3, 7, 11, 13, 17 ... assuming that it receives every
    broadcast packet) until it reaches 377. The client ntpd should sync to
    the server within 5 minutes. Once the client is synced to the server
    you'll see an asterisk '*' to the left of the server name in the
    client's ntpq peer billboard ('ntpq -p').

    Please check the ntpq peer billboard on the client and paste it here if
    you need further assistance.

    > The client system is an uptodate Red Hat 5.2 system. The ntp.x86_64
    > version installed is 4.2.2p1-8.el5


    FWIW The current stable release is 4.2.4p5.

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

  3. Re: Question regarding broadcast client

    John Zornig wrote:

    >
    > Any suggestions on what I have to do to get ntpd to set the time on my
    > client?
    >


    Please provide the output of the following ntpq sub-commands, run on the
    client:

    peers
    assoc
    rv 0
    rv

    If the peers command shows the server, but at stratum 0 or 16, also
    provide the output of ntpq peers run against the server.

    Current guesses are:

    1) firewall
    2) unsynchronised server.

  4. Re: Question regarding broadcast client

    Thanks Steve and David,


    On 21/10/2008, at 7:28 AM, Steve Kostecke wrote:

    > On 2008-10-20, John Zornig wrote:
    >
    >> On an isolated network, not connected to the internet, I have a
    >> timeserver appliance connected to GPS which is doing NTP broadcast
    >> across a UDP one way link to the client system I am trying to
    >> configure as a broadcast client.

    >
    > Good! You have a time source.
    >
    >> On my client I have the following in the ntp.conf file. Note:
    >> novolley
    >> is used as there is no return network path to the timeserver
    >> appliance.
    >>
    >> broadcastclient novolley
    >> disable auth

    >
    > Since you are using 'novolley' ntpd has no way of calculating the
    > broadcast delay. The default broadcast delay is 4.0 ms (see
    > http://doc.ntp.org/4.2.2/confopt.html). If the delay across your UDP
    > link is different you may set it with the 'broadcastdelay' command.

    Once I have it working I'll set up an equivalent two-way network link
    and calculate the delay accurately.

    >
    >
    > ntpd needs to have a driftfile to store the frequency correction. On
    > my
    > Debian system it is specified like this:
    >
    > driftfile /var/lib/ntp/ntp.drift



    I do have the drift file, writable by the ntp user.
    >
    >
    > The directory should exist and be writeable by the ntp user.
    >
    >> The clock on the client is within 2 minutes of the correct time. I
    >> run
    >> ntpd and it does not set the time to match the timeserver.
    >>
    >> I run ntpd on the client with -D and I get regular messages
    >> coinciding
    >> with the arrival of the udp packets.
    >> receive: at 1205 10.9.2.1<-10.9.2.2 mode 5 code 6 keyid 00000001 len
    >> 48 mac 20 auth 2

    >
    > That shows that the client is receiving the broadcast packets.
    >
    > The broadcast server sends out NTP packets at 64 second intervals. So,
    > the maximum delay before the client sees the first broadcast packet is
    > 64 seconds after startup. After ntpd receives the first broadcast
    > packet
    > you will see a 1 in the "reach" column of the ntpq peers billboard
    > ('ntpq -p'). Then, at 64 second intervals, you should see the reach
    > increase (e.g. 1, 3, 7, 11, 13, 17 ... assuming that it receives every
    > broadcast packet) until it reaches 377. The client ntpd should sync to
    > the server within 5 minutes. Once the client is synced to the server
    > you'll see an asterisk '*' to the left of the server name in the
    > client's ntpq peer billboard ('ntpq -p').


    ntpq reports there are no peers or associations

    >
    >
    > Please check the ntpq peer billboard on the client and paste it here
    > if
    > you need further assistance.
    >>


    Here is some more detailed output.

    ----- tcpdump of three consecutive incoming ntp broadcasts ------------
    tcpdump -vvnnet udp port 123
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
    96 bytes
    00:a0:69:01:9d:6f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length
    110: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17),
    length: 96) 10.10.9.1.123 > 10.10.255.255.123: NTPv4, length 68
    Broadcast, Leap indicator: (0), Stratum 1, poll 6s, precision -18
    Root Delay: 0.000000, Root dispersion: 0.000427, Reference-ID: FREE
    Reference Timestamp: 3433530124.959565401 (2008/10/21 08:22:04)
    Originator Timestamp: 0.000000000
    Receive Timestamp: 0.000000000
    Transmit Timestamp: 3433530136.959934234 (2008/10/21 08:22:16)
    Originator - Receive Timestamp: 0.000000000
    Originator - Transmit Timestamp: 3433530136.959934234 (2008/10/21
    08:22:16)
    00:a0:69:01:9d:6f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length
    110: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17),
    length: 96) 10.10.9.1.123 > 10.10.255.255.123: NTPv4, length 68
    Broadcast, Leap indicator: (0), Stratum 1, poll 6s, precision -18
    Root Delay: 0.000000, Root dispersion: 0.000411, Reference-ID: FREE
    Reference Timestamp: 3433530190.962332248 (2008/10/21 08:23:10)
    Originator Timestamp: 0.000000000
    Receive Timestamp: 0.000000000
    Transmit Timestamp: 3433530202.962812721 (2008/10/21 08:23:22)
    Originator - Receive Timestamp: 0.000000000
    Originator - Transmit Timestamp: 3433530202.962812721 (2008/10/21
    08:23:22)
    00:a0:69:01:9d:6f > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length
    110: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17),
    length: 96) 10.10.9.1.123 > 10.10.255.255.123: NTPv4, length 68
    Broadcast, Leap indicator: (0), Stratum 1, poll 6s, precision -18
    Root Delay: 0.000000, Root dispersion: 0.000335, Reference-ID: FREE
    Reference Timestamp: 3433530258.965310037 (2008/10/21 08:24:18)
    Originator Timestamp: 0.000000000
    Receive Timestamp: 0.000000000
    Transmit Timestamp: 3433530265.965564072 (2008/10/21 08:24:25)
    Originator - Receive Timestamp: 0.000000000
    Originator - Transmit Timestamp: 3433530265.965564072 (2008/10/21
    08:24:25)

    ---- Full ntp.conf file ----------------
    cat /etc/ntp.conf
    logconfig all
    restrict 10.10.9.1
    restrict 127.0.0.1
    disable auth
    broadcastclient novolley
    driftfile /var/lib/ntp/drift

    ---------ntp command and output -------------
    ntpd -u ntp:ntp -p /var/run/ntpd.pid -g -D 2
    Debug1: 2 -> 2 = 2
    ntpd 4.2.2p1@1.1570-o Thu Jan 17 18:14:08 UTC 2008 (1)
    Debug1: 2 -> 2 = 2
    addto_syslog: set_process_priority: Leave priority alone:
    priority_done is <2>
    addto_syslog: precision = 1.000 usec
    create_sockets(123)
    addto_syslog: no IPv6 interfaces found
    addto_syslog: ntp_io: estimated max descriptors: 1024, initial socket
    boundary: 16
    bind() fd 16, family 2, port 123, addr 0.0.0.0, flags=9
    Added addr 0.0.0.0 to list of addresses
    flags for fd 16: 04002
    addto_syslog: Listening on interface wildcard, 0.0.0.0#123 Disabled
    bind() fd 17, family 2, port 123, addr 127.0.0.1, flags=5
    Added addr 127.0.0.1 to list of addresses
    flags for fd 17: 04002
    addto_syslog: Listening on interface lo, 127.0.0.1#123 Enabled
    bind() fd 18, family 2, port 123, addr 10.6.1.9, flags=25
    Added addr 10.6.1.9 to list of addresses
    flags for fd 18: 04002
    addto_syslog: Listening on interface eth2, 10.6.1.9#123 Enabled
    bind() fd 19, family 2, port 123, addr 10.6.2.9, flags=25
    Added addr 10.6.2.9 to list of addresses
    flags for fd 19: 04002
    addto_syslog: Listening on interface eth3, 10.6.2.9#123 Enabled
    bind() fd 20, family 2, port 123, addr 10.10.1.9, flags=25
    Added addr 10.10.1.9 to list of addresses
    flags for fd 20: 04002
    addto_syslog: Listening on interface eth0, 10.10.1.9#123 Enabled
    bind() fd 21, family 2, port 123, addr 172.27.128.254, flags=25
    Added addr 172.27.128.254 to list of addresses
    flags for fd 21: 04002
    addto_syslog: Listening on interface eth4, 172.27.128.254#123 Enabled
    bind() fd 22, family 2, port 123, addr 10.11.1.1, flags=25
    Added addr 10.11.1.1 to list of addresses
    flags for fd 22: 04002
    addto_syslog: Listening on interface eth5, 10.11.1.1#123 Enabled
    bind() fd 23, family 2, port 123, addr 10.1.1.9, flags=25
    Added addr 10.1.1.9 to list of addresses
    flags for fd 23: 04002
    addto_syslog: Listening on interface eth1, 10.1.1.9#123 Enabled
    create_sockets: Total interfaces = 8
    interface 0: fd=16, bfd=-1, name=wildcard, flags=0x9, scope=0
    sin=0.0.0.0 bcast=0.0.0.0, mask=255.255.255.255
    Disabled
    interface 1: fd=17, bfd=-1, name=lo, flags=0x5, scope=0
    sin=127.0.0.1, mask=255.0.0.0 Enabled
    interface 2: fd=18, bfd=-1, name=eth2, flags=0x19, scope=0
    sin=10.6.1.9 bcast=10.6.1.255, mask=255.255.255.0
    Enabled
    interface 3: fd=19, bfd=-1, name=eth3, flags=0x19, scope=0
    sin=10.6.2.9 bcast=10.6.2.255, mask=255.255.255.0
    Enabled
    interface 4: fd=20, bfd=-1, name=eth0, flags=0x19, scope=0
    sin=10.10.1.9 bcast=10.10.255.255, mask=255.255.0.0
    Enabled
    interface 5: fd=21, bfd=-1, name=eth4, flags=0x19, scope=0
    sin=172.27.128.254 bcast=172.27.128.255,
    mask=255.255.255.0 Enabled
    interface 6: fd=22, bfd=-1, name=eth5, flags=0x19, scope=0
    sin=10.11.1.1 bcast=10.11.1.255, mask=255.255.255.0
    Enabled
    interface 7: fd=23, bfd=-1, name=eth1, flags=0x19, scope=0
    sin=10.1.1.9 bcast=10.1.1.255, mask=255.255.255.0
    Enabled
    init_io: maxactivefd 23
    local_clock: time 0 base 0.000000 offset 0.000000 freq 0.000 state 0
    Debug2: 2 -> 2 = 2
    ntp_syslogmask = 0x0000ffff (all)
    getnetnum given 10.10.9.1, got 10.10.9.1
    getnetnum given 127.0.0.1, got 127.0.0.1
    bind() fd 24, family 2, port 123, addr 10.6.1.255, flags=8
    Added addr 10.6.1.255 to list of addresses
    flags for fd 24: 04002
    Broadcast enabled on socket 24 for address 10.6.1.9
    Modifying addr 10.6.1.9 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 2,
    socket: 24
    bind() fd 25, family 2, port 123, addr 10.6.2.255, flags=8
    Added addr 10.6.2.255 to list of addresses
    flags for fd 25: 04002
    Broadcast enabled on socket 25 for address 10.6.2.9
    Modifying addr 10.6.2.9 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 3,
    socket: 25
    bind() fd 26, family 2, port 123, addr 10.10.255.255, flags=8
    Added addr 10.10.255.255 to list of addresses
    flags for fd 26: 04002
    Broadcast enabled on socket 26 for address 10.10.1.9
    Modifying addr 10.10.1.9 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 4,
    socket: 26
    bind() fd 27, family 2, port 123, addr 172.27.128.255, flags=8
    Added addr 172.27.128.255 to list of addresses
    flags for fd 27: 04002
    Broadcast enabled on socket 27 for address 172.27.128.254
    Modifying addr 172.27.128.254 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 5,
    socket: 27
    bind() fd 28, family 2, port 123, addr 10.11.1.255, flags=8
    Added addr 10.11.1.255 to list of addresses
    flags for fd 28: 04002
    Broadcast enabled on socket 28 for address 10.11.1.1
    Modifying addr 10.11.1.1 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 6,
    socket: 28
    bind() fd 29, family 2, port 123, addr 10.1.1.255, flags=8
    Added addr 10.1.1.255 to list of addresses
    flags for fd 29: 04002
    Broadcast enabled on socket 29 for address 10.1.1.9
    Modifying addr 10.1.1.9 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 7,
    socket: 29
    io_setbclient: Opened broadcast clients
    addto_syslog: frequency initialized 0.000 PPM from /var/lib/ntp/drift
    local_clock: time 0 base 0.000000 offset 0.000000 freq 0.000 state 1
    addto_syslog: system event 'event_restart' (0x01) status 'sync_alarm,
    sync_unspec, 1 event, event_unspec' (0xc010)
    report_event: system event 'event_restart' (0x01) status 'sync_alarm,
    sync_unspec, 1 event, event_unspec' (0xc010)
    auth_agekeys: at 1 keys 1 expired 0
    timer: refresh ts 0
    receive: at 35 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 35 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 60 keys 1 expired 0
    receive: at 100 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 100 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 120 keys 1 expired 0
    receive: at 164 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 164 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 180 keys 1 expired 0
    receive: at 227 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 227 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 240 keys 1 expired 0
    receive: at 358 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 358 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 360 keys 1 expired 0
    auth_agekeys: at 420 keys 1 expired 0
    receive: at 423 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 423 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 480 keys 1 expired 0
    receive: at 487 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 487 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 540 keys 1 expired 0
    receive: at 550 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 550 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 600 keys 1 expired 0
    receive: at 613 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 613 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2
    auth_agekeys: at 660 keys 1 expired 0
    receive: at 676 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    receive: at 676 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    48 mac 20 auth 2

    ----------ntpq -p-----------
    ntpq -p
    receive: at 149 127.0.0.1<-127.0.0.1 flags 5 restrict 000
    sendpkt(fd=17 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=12)
    No association ID's returned

    -----------ntpq output requested by David ------
    ntpq -i
    ntpq> peers
    receive: at 313 127.0.0.1<-127.0.0.1 flags 5 restrict 000
    sendpkt(fd=17 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=12)
    No association ID's returned
    ntpq> assoc
    receive: at 317 127.0.0.1<-127.0.0.1 flags 5 restrict 000
    sendpkt(fd=17 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=12)
    No association ID's returned
    ntpq> rv 0
    receive: at 328 127.0.0.1<-127.0.0.1 flags 5 restrict 000
    sendpkt(fd=17 dst=127.0.0.1, src=127.0.0.1, ttl=-6, len=388)
    assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
    version="ntpd 4.2.2p1@1.1570-o Thu Jan 17 18:14:08 UTC 2008 (1)",
    processor="x86_64", system="Linux/2.6.18-92.1.13.el5", leap=11,
    stratum=16, precision=-20, rootdelay=0.000, rootdispersion=4.920,
    peer=0, refid=INIT,
    reftime=00000000.00000000 Thu, Feb 7 2036 16:28:16.000, poll=6,
    clock=cca7853d.2eadbfd0 Tue, Oct 21 2008 8:31:25.182, state=1,
    offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
    stability=0.000, tai=0
    ntpq>



    John Zornig
    Specialist Systems Analyst
    Australian Access Federation

    AusCERT &
    Strategic Technologies Group
    Information Technology Services (ITS)
    The University of Queensland
    Brisbane Qld, 4072

    Ph: +61 7 336 54288
    Mob: +61 434 351 532
    j.zornig@uq.edu.au
    http://www.uq.edu.au/~uqjzorni/

  5. Re: Question regarding broadcast client

    John Zornig wrote:

    > Enabled
    > interface 7: fd=23, bfd=-1, name=eth1, flags=0x19, scope=0
    > sin=10.1.1.9 bcast=10.1.1.255, mask=255.255.255.0


    It's failed to find the interface on which you are listening. Why so
    many? Is the target interface real?

    I seem to remember there are some issues with virtual interfaces on Linux.

  6. Re: Question regarding broadcast client

    John Zornig wrote:

    > The client system is an uptodate Red Hat 5.2 system. The ntp.x86_64
    > version installed is 4.2.2p1-8.el5

    ^^^^^^^^^


    That's relatively old. libisc/ifiter_ioctl.c, the most likely source of
    the problem on Linux, was updated in December 2006, or later.

    Incidentally, the last patch level for 4.2.2 in the 4.2.4p4 ChangeLog is
    4, so there is something funny about this version number. 4.2.2p4 dates
    from October 2006, so is older than the file in question.

  7. Re: Question regarding broadcast client

    Sorry for the confusion David.

    I have two similarly configured situations. The one I posted the
    detailed data from was the easiest to physically get to, but had a
    slightly different network to what I had described in the original
    email. The client machine is connected to a variety of different IP
    subnets including the one with the NTP appliance. It is supporting Xen
    virtual machines, so the networks are virtual in a way.

    It has the following config.

    NTP appliance ip: 10.10.9.1 netmask:255.255.0.0
    Client ip:10.10.1.9 netmask 255.255.0.0
    The broadcast is to 10.10.255.255.

    The excerts from the log relating to the ntp appliance network are:
    ....
    addto_syslog: Listening on interface eth0, 10.10.1.9#123 Enabled
    bind() fd 21, family 2, port 123, addr 172.27.128.254, flags=25
    Added addr 172.27.128.254 to list of addresses
    flags for fd 21: 04002
    ....
    interface 4: fd=20, bfd=-1, name=eth0, flags=0x19, scope=0
    sin=10.10.1.9 bcast=10.10.255.255, mask=255.255.0.0
    Enabled
    ....
    bind() fd 26, family 2, port 123, addr 10.10.255.255, flags=8
    Added addr 10.10.255.255 to list of addresses
    flags for fd 26: 04002
    ....
    Broadcast enabled on socket 26 for address 10.10.1.9
    Modifying addr 10.10.1.9 in list of addresses
    addto_syslog: io_setbclient: Opened broadcast client on interface 4,
    socket: 26
    ....

    I will try running ntpd in a domU virtual machine rather than the dom0
    host and see if this makes a difference.

    Thanks,
    JZ

    On 21/10/2008, at 4:53 PM, David Woolley wrote:

    > John Zornig wrote:
    >
    >> Enabled
    >> interface 7: fd=23, bfd=-1, name=eth1, flags=0x19, scope=0
    >> sin=10.1.1.9 bcast=10.1.1.255, mask=255.255.255.0

    >
    > It's failed to find the interface on which you are listening. Why so
    > many? Is the target interface real?
    >
    > I seem to remember there are some issues with virtual interfaces on
    > Linux.
    >
    > _______________________________________________
    > questions mailing list
    > questions@lists.ntp.org
    > https://lists.ntp.org/mailman/listinfo/questions


    John Zornig
    Specialist Systems Analyst
    Australian Access Federation

    AusCERT &
    Strategic Technologies Group
    Information Technology Services (ITS)
    The University of Queensland
    Brisbane Qld, 4072

    Ph: +61 7 336 54288
    Mob: +61 434 351 532
    j.zornig@uq.edu.au
    http://www.uq.edu.au/~uqjzorni/

  8. Re: Question regarding broadcast client

    On Mon, 20 Oct 2008 22:47:11 GMT, j.zornig@uq.edu.au (John Zornig) wrote:

    > receive: at 35 10.10.1.9<-10.10.9.1 flags 39 restrict 000
    > receive: at 35 10.10.1.9<-10.10.9.1 mode 5 code 6 keyid 00000002 len
    > 48 mac 20 auth 2


    Your server is adding an MD5 key to the time packet but the client isn't
    configured for it: "auth 2" is an authentication error. Fix the client
    to accept the key, or fix the server not to send it.

    On the client, something like this in ntp.conf:

    enable auth
    keys ntp.keys # key file copied from the server
    trustedkey 2 # assumed from "keyid 00000002"

    Adjust as appropriate.

    --
    Ronan Flood

  9. Re: Question regarding broadcast client

    On 2008-10-20, John Zornig wrote:

    > ---- Full ntp.conf file ----------------


    Are you positive there are no other restrict lines?

    > logconfig all
    > restrict 10.10.9.1
    > restrict 127.0.0.1


    These restrict lines drop all restrictions for the listed IP addresses.
    They are meaningless unless you have a 'restrict default ...' line.

    > disable auth
    > broadcastclient novolley
    > driftfile /var/lib/ntp/drift


    What is the ntp.conf for the server?

    [snip]

    > ntpq -p
    > No association ID's returned


    [snip]

    > ntpq -i
    > ntpq> peers
    > No association ID's returned
    > ntpq> assoc
    > No association ID's returned
    > ntpq> rv 0
    > assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
    > version="ntpd 4.2.2p1@1.1570-o Thu Jan 17 18:14:08 UTC 2008 (1)",
    > processor="x86_64", system="Linux/2.6.18-92.1.13.el5", leap=11,
    > stratum=16, precision=-20, rootdelay=0.000, rootdispersion=4.920,
    > peer=0, refid=INIT,
    > reftime=00000000.00000000 Thu, Feb 7 2036 16:28:16.000, poll=6,
    > clock=cca7853d.2eadbfd0 Tue, Oct 21 2008 8:31:25.182, state=1,
    > offset=0.000, frequency=0.000, jitter=0.001, noise=0.001,
    > stability=0.000, tai=0
    > ntpq>


    You've previously shown that the broadcast packets are arriving at the
    client system. This shows the ntpd is ignoring them.

    --
    Steve Kostecke
    NTP Public Services Project - http://support.ntp.org/

+ Reply to Thread