[SOLVED] adjust time: sntp works, but ntpd does not?

tramni1980 · 06-28-2015, 08:56 AM

Dear all,
I want to synchronise the system time at boot from the local time servers.
sntp works OK:

Code:

sntp -Ss -c bg.pool.ntp.org

The above command adjust the time successfulle within a few seconds.
However, the command:

Code:

ntpd -gqc /dev/null bg.pool.ntp.org

,
which should actually do the same, hangs and never releases the console.
Any clues?

Best regards,
Martin

perbh · 06-28-2015, 09:32 AM

Just off the cuff (and x-ing my fingers hoping its right), one is a daemon (ntpd) and the other is not. You might have to background the daemon with a '&' at the end of your command ...
ntpdate (if it still exists) will do the same as sntp

mancha · 06-28-2015, 10:08 AM

Quote:

Originally Posted by tramni1980

However, the command:

Code:

ntpd -gqc /dev/null bg.pool.ntp.org

,
which should actually do the same, hangs and never releases the console.
Any clues?

Hi. Can't repro - works here. Can you provide a bit more info:

ntp version

pastebin of ntpd.trace generated by:

Code:

strace -o ntpd.trace /usr/sbin/ntpd -gqc /dev/null bg.pool.ntp.org

--mancha

tramni1980 · 06-28-2015, 10:51 AM

Dear mancha,
thank You very much for Your reply.
This is the output strace:

Code:

strace -o ntpd.trace /usr/sbin/ntpd -gqc /dev/null bg.pool.ntp.org
28 Jun 18:21:52 ntpd[29583]: ntpd 4.2.8p2@1.3265-o Fri Apr 10 18:50:36 UTC 2015 (1): Starting
28 Jun 18:21:52 ntpd[29583]: Command line: /usr/sbin/ntpd -gqc /dev/null bg.pool.ntp.org
28 Jun 18:21:52 ntpd[29583]: proto: precision = 0.043 usec (-24)
28 Jun 18:21:52 ntpd[29583]: line 0 column 0 syntax error, unexpected $end
28 Jun 18:21:52 ntpd[29583]: Listen and drop on 0 v6wildcard [::]:123
28 Jun 18:21:52 ntpd[29583]: Listen and drop on 1 v4wildcard 0.0.0.0:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 2 lo 127.0.0.1:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 3 ppp0 193.68.19.128:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 4 lo [::1]:123
28 Jun 18:21:52 ntpd[29583]: Listen normally on 5 eth0 [fe80::3a2c:4aff:feb5:5b1d%2]:123
28 Jun 18:21:52 ntpd[29583]: Listening on routing socket on fd #22 for interface updates

And here is the ntpd version:

Code:

ntpd --version
ntpd 4.2.8p2@1.3265-o Fri Apr 10 18:50:36 UTC 2015 (1)

Best regards,
Martin

mancha · 06-28-2015, 11:00 AM

Quote:

Originally Posted by tramni1980

This is the output strace:

Hi Martin.

The strace output I want to see should be in a newly-created file called ntpd.trace in the directory where you ran the command.

Because it hangs, let the strace command run for 10 seconds or so before exiting to let the trace file fill up with relevant info.

It might be a long file, so rather than paste the contents here directly, use an online bin (e.g. dpaste).

--mancha

tramni1980 · 06-28-2015, 11:53 AM

Hello, Mancha,

Thank You for Your reply. The contents of the ntpd.trace file is viewable from:

https://dpaste.de/2xeT

Best regards,

Martin

mancha · 06-28-2015, 12:39 PM

Hi Martin.

That trace helped a lot. We're indeed not getting a response on the socket (no recvmsg after the sendto on line 422).

Can we look at network traffic while you make the ntp request? For that, open up two terminals.

In terminal #1 run:

Code:

# tcpdump -v -i any udp port 123

Once that's running, in terminal #2 run:

Code:

# /usr/sbin/ntpd -gqc /dev/null bg.pool.ntp.org

In addition to the tcpdump output from above, can you please provide output from:

Code:

# ip a

Code:

# ip r

Code:

# iptables-save

--mancha

tramni1980 · 06-28-2015, 11:23 PM

Dear Mancha,

Thank You very much for Your helpfulness. Here is the output of the commands in the order You suggested them:

Code:

bash-4.2# tcpdump -v -i any udp port 123
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
07:16:59.792303 IP (tos 0xb8, ttl 64, id 14462, offset 0, flags [DF], proto UDP (17), length 76)
    193.68.19.128.ntp > dns2.mnet.bg.ntp: NTPv4, length 48
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 6 (64s), precision -24
        Root Delay: 0.000000, Root dispersion: 0.000045, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 0.000000000
          Receive Timestamp:    0.000000000
          Transmit Timestamp:   3644540219.792285501 (2015/06/29 07:16:59)
            Originator - Receive Timestamp:  0.000000000
            Originator - Transmit Timestamp: 3644540219.792285501 (2015/06/29 07:16:59)
07:16:59.821577 IP (tos 0xc0, ttl 52, id 0, offset 0, flags [DF], proto UDP (17), length 76)
    dns2.mnet.bg.ntp > 193.68.19.128.ntp: NTPv4, length 48
        Server, Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -21
        Root Delay: 0.081512, Root dispersion: 0.116455, Reference-ID: zg2.ntp.CARNet.hr
          Reference Timestamp:  3644539377.212144181 (2015/06/29 07:02:57)
          Originator Timestamp: 3644540219.792285501 (2015/06/29 07:16:59)
          Receive Timestamp:    3644540219.740907728 (2015/06/29 07:16:59)
          Transmit Timestamp:   3644540219.740929722 (2015/06/29 07:16:59)
            Originator - Receive Timestamp:  -0.051377803
            Originator - Transmit Timestamp: -0.051355808
07:18:05.792267 IP (tos 0xb8, ttl 64, id 14463, offset 0, flags [DF], proto UDP (17), length 76)
    193.68.19.128.ntp > dns2.mnet.bg.ntp: NTPv4, length 48
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 6 (64s), precision -24
        Root Delay: 0.000000, Root dispersion: 0.001037, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 0.000000000
          Receive Timestamp:    0.000000000
          Transmit Timestamp:   3644540285.792254745 (2015/06/29 07:18:05)
            Originator - Receive Timestamp:  0.000000000
            Originator - Transmit Timestamp: 3644540285.792254745 (2015/06/29 07:18:05)
07:18:05.818582 IP (tos 0xc0, ttl 52, id 0, offset 0, flags [DF], proto UDP (17), length 76)
    dns2.mnet.bg.ntp > 193.68.19.128.ntp: NTPv4, length 48
        Server, Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -21
        Root Delay: 0.081512, Root dispersion: 0.117446, Reference-ID: zg2.ntp.CARNet.hr                                                                                                                                                     
          Reference Timestamp:  3644539377.212144181 (2015/06/29 07:02:57)                                                                                                                                                                   
          Originator Timestamp: 3644540285.792254745 (2015/06/29 07:18:05)                                                                                                                                                                   
          Receive Timestamp:    3644540285.740996479 (2015/06/29 07:18:05)                                                                                                                                                                   
          Transmit Timestamp:   3644540285.741017401 (2015/06/29 07:18:05)                                                                                                                                                                   
            Originator - Receive Timestamp:  -0.051258269                                                                                                                                                                                    
            Originator - Transmit Timestamp: -0.051237378                                                                                                                                                                                    
07:19:10.792266 IP (tos 0xb8, ttl 64, id 14464, offset 0, flags [DF], proto UDP (17), length 76)                                                                                                                                             
    193.68.19.128.ntp > dns2.mnet.bg.ntp: NTPv4, length 48                                                                                                                                                                                   
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 6 (64s), precision -24                                                                                                                             
        Root Delay: 0.000000, Root dispersion: 0.002014, Reference-ID: (unspec)                                                                                                                                                              
          Reference Timestamp:  0.000000000                                                                                                                                                                                                  
          Originator Timestamp: 0.000000000                                                                                                                                                                                                  
          Receive Timestamp:    0.000000000                                                                                                                                                                                                  
          Transmit Timestamp:   3644540350.792254626 (2015/06/29 07:19:10)                                                                                                                                                                   
            Originator - Receive Timestamp:  0.000000000                                                                                                                                                                                     
            Originator - Transmit Timestamp: 3644540350.792254626 (2015/06/29 07:19:10)                                                                                                                                                      
07:19:10.814428 IP (tos 0xc0, ttl 52, id 0, offset 0, flags [DF], proto UDP (17), length 76)                                                                                                                                                 
    dns2.mnet.bg.ntp > 193.68.19.128.ntp: NTPv4, length 48                                                                                                                                                                                   
        Server, Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -21                                                                                                                                           
        Root Delay: 0.081512, Root dispersion: 0.118423, Reference-ID: zg2.ntp.CARNet.hr                                                                                                                                                     
          Reference Timestamp:  3644539377.212144181 (2015/06/29 07:02:57)                                                                                                                                                                   
          Originator Timestamp: 3644540350.792254626 (2015/06/29 07:19:10)                                                                                                                                                                   
          Receive Timestamp:    3644540350.736711800 (2015/06/29 07:19:10)                                                                                                                                                                   
          Transmit Timestamp:   3644540350.736729979 (2015/06/29 07:19:10)
            Originator - Receive Timestamp:  -0.055542808
            Originator - Transmit Timestamp: -0.055524602
07:20:17.792298 IP (tos 0xb8, ttl 64, id 14465, offset 0, flags [DF], proto UDP (17), length 76)
    193.68.19.128.ntp > dns2.mnet.bg.ntp: NTPv4, length 48
        Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 6 (64s), precision -24
        Root Delay: 0.000000, Root dispersion: 0.003021, Reference-ID: (unspec)
          Reference Timestamp:  0.000000000
          Originator Timestamp: 0.000000000
          Receive Timestamp:    0.000000000
          Transmit Timestamp:   3644540417.792287468 (2015/06/29 07:20:17)
            Originator - Receive Timestamp:  0.000000000
            Originator - Transmit Timestamp: 3644540417.792287468 (2015/06/29 07:20:17)
07:20:17.824595 IP (tos 0xc0, ttl 52, id 0, offset 0, flags [DF], proto UDP (17), length 76)
    dns2.mnet.bg.ntp > 193.68.19.128.ntp: NTPv4, length 48
        Server, Leap indicator:  (0), Stratum 3 (secondary reference), poll 6 (64s), precision -21
        Root Delay: 0.081512, Root dispersion: 0.119430, Reference-ID: zg2.ntp.CARNet.hr
          Reference Timestamp:  3644539377.212144181 (2015/06/29 07:02:57)
          Originator Timestamp: 3644540417.792287468 (2015/06/29 07:20:17)
          Receive Timestamp:    3644540417.736084342 (2015/06/29 07:20:17)
          Transmit Timestamp:   3644540417.736101150 (2015/06/29 07:20:17)
            Originator - Receive Timestamp:  -0.056203156
            Originator - Transmit Timestamp: -0.056186296
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel

Code:

root@marto:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 38:2c:4a:b5:5b:1d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3a2c:4aff:feb5:5b1d/64 scope link 
       valid_lft forever preferred_lft forever
3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1480 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp 
    inet 193.68.19.128 peer 193.68.18.180/32 scope global ppp0
       valid_lft forever preferred_lft forever

Code:

root@marto:~# ip r
default dev ppp0  scope link 
127.0.0.0/8 dev lo  scope link 
193.68.18.180 dev ppp0  proto kernel  scope link  src 193.68.19.128

Code:

root@marto:~# iptables-save
# Generated by iptables-save v1.4.20 on Mon Jun 29 07:19:35 2015
*filter
:INPUT ACCEPT [26909:20598538]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [24830:2937215]
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A INPUT -i ppp+ -p icmp -m icmp --icmp-type 8 -j DROP
COMMIT
# Completed on Mon Jun 29 07:19:35 2015

Best regards,
Martin

mancha · 06-29-2015, 12:16 AM

Hi - thanks for the output.

My hunch was correct, your firewall is blocking the reply.

The reason sntp is working for you is because it uses random high ports. On the other hand, ntpd uses a low port (port 123 locally)
and your firewall blocks incoming packets to low ports (1023 and lower).

Now, though UDP is technically stateless, Linux's netfilter connection tracking system is clever and has ways of determining if an
incoming UDP datagram is part of an existing connection you previously established.

So, a possible solution for your issue is to permit incoming packets on the ppp0 interface that are part of an existing connection
(i.e. replies) while still blocking new incoming connections to ports 1-1023. This can be achieved by inserting the rule in red:

Code:

-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j LOG
-A INPUT -i ppp+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp+ -p udp -m udp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --dport 0:1023 -j DROP
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG
-A INPUT -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A INPUT -i ppp+ -p icmp -m icmp --icmp-type 8 -j DROP

Note: order is important so make sure you insert the rule where I placed it (i.e. as rule #3).

--mancha

PS If you want to only allow established/related packets in to UDP/123 (which is all you will need for ntpd to work as you want it),
you can use this more restrictive rule instead:

Code:

-A INPUT -i ppp+ -p udp -m udp --dport 123 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

tramni1980 · 06-29-2015, 11:42 PM

Dear Mancha,

Thank You very much for Your helpfulness and collaboration. I just corrected the firewall-standalone file
in the ppp directory and now ntpd -gq works. Thank You very much!

Best regards,
Martin

mancha · 06-30-2015, 09:12 PM

Quote:

Originally Posted by tramni1980

Thank You very much for Your helpfulness and collaboration. I just corrected the firewall-standalone file
in the ppp directory and now ntpd -gq works. Thank You very much!

You're welcome Martin - glad you've got it working.

An ancillary benefit is others who've been reading this thread might have learned a thing or two from our exchange.

--mancha