Hello,
We recently discovered a bug in ntpd:
When the '-s' flag is used for ntpd, the first reply received will be
used to set the current time. If this reply also has the shortest round
trip, it will be used to adjust the time later. Since openntpd uses a
circular buffer of 8 replies, this leads to the following behavior:
1. first reply arrives -> settime(2017)
2. 8:t reply arrives -> adjtime(+47 years), offsets in previous replies
gets adjusted by -47 years.
3. 9:t reply arrives and overwrites the first packet -> adjtime(-47
years). Time is now being adjusted towards 1970 again.
4. X replies with worse round trip time arrives -> adjtime(0). X is 1-7.
5. reply X+1 -> adjtime(+47 years). Time is now being adjusted towards
2017 again. All subsequent updates are correct.
This patch will ignore the initial packet used to set the time:
diff --git usr.sbin/ntpd/client.c usr.sbin/ntpd/client.c
index 3de5268..6ac0c77 100644
--- usr.sbin/ntpd/client.c
+++ usr.sbin/ntpd/client.c
@@ -402,8 +402,10 @@ client_dispatch(struct ntp_peer *p, u_int8_t settime)
(long long)interval);
client_update(p);
- if (settime)
+ if (settime) {
priv_settime(p->reply[p->shift].offset);
+ p->reply[p->shift].good = 0;
+ }
if (++p->shift >= OFFSET_ARRAY_SIZE)
p->shift = 0;
Best regards
// Patrik
