I know it's a long time, but I'm cleaning up old NTP bugs atm.
Everything other than precise that is still in service has the upstream fix
(>=4.2.4p4).
After that much time it is not worth considering an SRU for the remaining time
of Precise.
Setting fix released for the devel task of this bug.
** Changed in: ntp (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/235793
Title:
Segmentation fault in ntpd when system has more than 1134 interface
addresses
Status in NTP:
Fix Released
Status in ntp package in Ubuntu:
Fix Released
Bug description:
Binary package hint: ntp
$ uname -a
Linux xxxxx 2.6.24-17-generic #1 SMP Thu May 1 13:57:17 UTC 2008 x86_64
GNU/Linux
$ lsb_release -rd
Description: Ubuntu 8.04
Release: 8.04
$ apt-cache policy ntp
ntp:
Installed: 1:4.2.4p4+dfsg-3ubuntu2
Candidate: 1:4.2.4p4+dfsg-3ubuntu2
Version table:
*** 1:4.2.4p4+dfsg-3ubuntu2 0
500 http://gb.archive.ubuntu.com hardy/main Packages
100 /var/lib/dpkg/status
On a system which has any more than 1134 interface addresses (counting
both IPv4 and IPv6 address thus: 'ip addr ls | grep inet | wc -l')
ntpd fails with a segmentation fault.
I run a large network for a university (20,000 people), and we
routinely operate open-source routers with several thousand interface
addresses (every client machine lives in it's own /30 subnet).
Whilst examining the problem I used this script to add interface addresses:
$ cat breakit.sh
#!/bin/sh
set -e
dev="vlan252"
sudo ifdown ${dev} # clears all old addr
naddr=`ip add ls | grep inet | wc -l` # number of addr already on system
echo "Pre-existing addresses on system: ${naddr}"
: ${nbreakit:=1217} # number of addr required to break ntp
sudo ifup ${dev}
total=${naddr}
for I in `seq 1 5` ; do
for J in `seq 0 255` ; do
sudo ip addr add 10.0.${I}.${J}/32 dev ${dev}
total=$((${total}+1))
if [ ${total} -ge ${nbreakit} ]; then break ; fi
done
if [ ${total} -ge ${nbreakit} ]; then break ; fi
done
echo "Added extra addresses: $((${total}-${naddr}))"
echo "Total addresses on system now: $(ip add ls | grep inet | wc -l)"
exit 0
$ grep -B1 -A2 vlan252 /etc/network/interfaces
#auto vlan252
iface vlan252 inet manual
vlan-raw-device eth0
I could then add the desired number of interfaces by doing:
$ nbreakit=1135 ../breakit.sh
and then run ntpd [1][2] under gdb by doing:
sudo sh -c "ulimit -n 8192 ; gdb --args /usr/sbin/ntpd -n -d -D3 -p
/var/run/ntpd.pid -u 115:126 -g"
[1] You can't use '-d -D3' on the standard ubuntu package - debugging is
disabled.
[2] It is necessary to raise the number of open files ulimit of 1024 in order
to run ntpd with this many addresses.
In order to help me understand what was going wrong with the standard
package, I rebuilt it with debugging enabled and symbols not stripped:
$ mkdir work
$ cd work/
$ apt-get source ntp
Reading package lists... Done
Building dependency tree
Reading state information... Done
NOTICE: 'ntp' packaging is maintained in the 'Svn' version control system at:
svn://svn.debian.org/pkg-ntp/ntp/
Need to get 3120kB of source archives.
Get: 1 http://gb.archive.ubuntu.com hardy/main ntp 1:4.2.4p4+dfsg-3ubuntu2
(dsc) [1034B]
Get: 2 http://gb.archive.ubuntu.com hardy/main ntp 1:4.2.4p4+dfsg-3ubuntu2
(tar) [2835kB]
Get: 3 http://gb.archive.ubuntu.com hardy/main ntp 1:4.2.4p4+dfsg-3ubuntu2
(diff) [284kB]
Fetched 3120kB in 0s (7433kB/s)
dpkg-source: extracting ntp in ntp-4.2.4p4+dfsg
dpkg-source: unpacking ntp_4.2.4p4+dfsg.orig.tar.gz
dpkg-source: applying ./ntp_4.2.4p4+dfsg-3ubuntu2.diff.gz
$ cd ntp-4.2.4p4+dfsg/
$ cp -p debian/rules{,.orig}
$ vi debian/rules
$ diff -u debian/rules{.orig,}
--- debian/rules.orig 2008-05-28 17:52:21.000000000 +0100
+++ debian/rules 2008-05-28 17:53:21.000000000 +0100
@@ -21,7 +21,7 @@
./configure CFLAGS='$(CFLAGS)' \
--prefix=/usr \
--enable-all-clocks --enable-parse-clocks --enable-SHM \
- --disable-debugging --sysconfdir=/var/lib/ntp \
+ --enable-debugging --sysconfdir=/var/lib/ntp \
--with-sntp=no \
--enable-linuxcaps \
--disable-dependency-tracking
@@ -104,7 +104,7 @@
dh_installlogcheck -a
dh_installchangelogs -a
dh_perl -a
- dh_strip -a
+ #dh_strip -a
dh_compress -a
dh_fixperms -a
dh_installdeb -a
$ dpkg-buildpackage -us -uc
...
dpkg-buildpackage: binary and diff upload (original source NOT included)
$ sudo dpkg -i ../ntp_4.2.4p4+dfsg-3ubuntu2_amd64.deb
Once one has 1135 interface addresses on the system you get this
segmentation fault:
0x000000000040c9d2 in update_interfaces (port=<value optimized out>,
receiver=0, data=0x0) at ntp_io.c:769
769 ISC_LIST_UNLINK_TYPE(inter_list, interface, link, struct
interface);
If one increases the number of interface addresses to 1215 you get a
different segmentation fault:
update_interfaces (port=<value optimized out>, receiver=0, data=0x0)
at ntp_io.c:1325
1325 if (!(interf->flags &
(INT_WILDCARD|INT_MCASTIF))) {
and if one increases it to 1216 or more you finally get this one:
0x000000000040ba7f in add_interface (interface=0x7d13c0) at ntp_io.c:756
756 ISC_LIST_APPEND(inter_list, interface, link);
I had hoped to work around the problem by renaming the devices to
'vlan252:foo', since in ntpd/ntp_io.c:address_okay() the -L flag causes ntpd to
ignore "virtual addresses" - this turns out to mean addresses on interfaces
which contain a ':' in their name. Unfortunately, since the
segmentation fault occurs during interface enumeration (building a linked
list of all interface+address) this doesn't help.
In the past, earlier versions of ntpd did not use a linked list for
this purpose, but rather a fixed-size array of 512. By simply
increasing the size of the array I was able to run with large numbers
of addresses. It seems to me that, whilst the linked-list code ought
to be made to work correctly, it is in fact an unnecessary precaution
(and overhead) to bind all addresses on a linux system - only the root
user could bind a more specific address than * on port 123, and if one
has root the game is over anyway.
I haven't submitted this bug to the upstream package maintainer
(http://www.ntp.org/bugs.html) partly because firefox won't let me see
their bugs site (invalid SSL certificate), and partly because it might
be better coming via the distribution. I note that ubuntu has the
currently up-to-date version of ntp (4.2.4p4).
I include a full transcript of my tests attached as
ntp_bugreport_v2.txt
To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/235793/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
