> ----- Original Message ----- > From: "Rob Pierce" <[email protected]> > To: "tech" <[email protected]> > Sent: Monday, September 7, 2015 1:22:21 PM > Subject: OpenNTP and (continuous) constraint checking > > Good day. > > ntpd currently performs constraints checking on startup, but once the > constraints are > successfully checked cstr->state remains in STATE_REPLY_RECEIVED forever. As > such, the > constraints are never checked again. > > The following patch has resolved this for me, and constraints checking now > proceeds > every CONSTRAINT_SCAN_INTERVAL. > > Regards, > > Index: constraint.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ntpd/constraint.c,v > retrieving revision 1.14 > diff -u -p -r1.14 constraint.c > --- constraint.c 18 Jul 2015 21:50:47 -0000 1.14 > +++ constraint.c 7 Sep 2015 17:11:01 -0000 > @@ -170,6 +170,8 @@ constraint_query(struct constraint *cstr > constraint_close(cstr->fd); > break; > case STATE_REPLY_RECEIVED: > + /* Prepare for the next constraint scan interval */ > + cstr->state = STATE_INVALID; > default: > /* Nothing to do */ > return (-1);
>From the commit below, it looks like this was intentional (didn't see this in >the OpenBSD CVS tree). Please ignore. Revision 1.2 / (download) - annotate - [select for diffs], Tue Feb 10 11:36:37 2015 UTC (6 months, 3 weeks ago) by reyk Branch: MAIN Changes since 1.1: +21 -11 lines Diff to previous 1.1 (colored) After successfully getting a constraint from an HTTPS server, there is no need to request it ever again. The only exception is the escalation of failed constraint checks that might lead into re-requesting the constraint time from all servers. Adjust the states accordingly. OK henning@
