diff --git a/Changelog-NG.txt b/Changelog-NG.txt index c200c9f7233..89f9bed4ed8 100644 --- a/Changelog-NG.txt +++ b/Changelog-NG.txt @@ -1,6 +1,24 @@ Asuswrt-Merlin 384/NG Changelog =============================== +384.11_2 (18-May-2019) + - NEW: Implemented source/destination IP filtering + for the Netool version of Netstat web page. + - CHANGED: Backported multiple fixes and improvements + for ntpd from upstream, improving handling + of failed server hostname resolution, and better + clock sync discipline. + - FIXED: RT-AC88U/3100/5300 were accidentally compiled + with Netool enabled, which isn't compatible with + these model's kernel. + - FIXED: Movistar stopped working for some users. Re-disabled + udpxy on Movistar profile for now. A more complete + fix will have to come from Asus. + - FIXED: Re-disabled memaccess debugging tool, as it creates + a symlink called "sh" which is a pretty bad + idea from Broadcom. (RT-AC86U, RT-AX88U) + + 384.11 (8-May-2019) - NEW: Added DNS Privacy feature, with support for DNS-over-TLS (also known as DoT). diff --git a/release/src-rt/version.conf b/release/src-rt/version.conf index 9677a2e624c..febebb7296f 100644 --- a/release/src-rt/version.conf +++ b/release/src-rt/version.conf @@ -1,5 +1,5 @@ KERNEL_VER=3.0 FS_VER=0.4 SERIALNO=384.11 -EXTENDNO=0 +EXTENDNO=2 RCNO=0 diff --git a/release/src/router/busybox/networking/ntpd.c b/release/src/router/busybox/networking/ntpd.c index c68872835de..45c0cc7cfb5 100644 --- a/release/src/router/busybox/networking/ntpd.c +++ b/release/src/router/busybox/networking/ntpd.c @@ -68,11 +68,11 @@ #include "libbb.h" #include -#include /* For IPTOS_LOWDELAY definition */ +#include /* For IPTOS_DSCP_AF21 definition */ #include /* setpriority */ #include -#ifndef IPTOS_LOWDELAY -# define IPTOS_LOWDELAY 0x10 +#ifndef IPTOS_DSCP_AF21 +# define IPTOS_DSCP_AF21 0x48 #endif @@ -125,21 +125,27 @@ */ #define INITIAL_SAMPLES 1 /* how many samples do we want for init */ -#define BAD_DELAY_GROWTH 4 /* drop packet if its delay grew by more than this */ +#define MIN_FREQHOLD 12 /* adjust offset, but not freq in this many first adjustments */ +#define BAD_DELAY_GROWTH 4 /* drop packet if its delay grew by more than this factor */ #define RETRY_INTERVAL 32 /* on send/recv error, retry in N secs (need to be power of 2) */ #define NOREPLY_INTERVAL 512 /* sent, but got no reply: cap next query by this many seconds */ #define RESPONSE_INTERVAL 16 /* wait for reply up to N secs */ +#define HOSTNAME_INTERVAL 4 /* hostname lookup failed. Wait N * peer->dns_errors secs for next try */ +#define DNS_ERRORS_CAP 0x3f /* peer->dns_errors is in [0..63] */ /* Step threshold (sec). std ntpd uses 0.128. */ #define STEP_THRESHOLD 1 /* Slew threshold (sec): adjtimex() won't accept offsets larger than this. - * Using exact power of 2 (1/8) results in smaller code + * Using exact power of 2 (1/8, 1/2 etc) results in smaller code */ -#define SLEW_THRESHOLD 0.25 +#define SLEW_THRESHOLD 0.5 +// ^^^^ used to be 0.125. +// Since Linux 2.6.26 (circa 2006), kernel accepts (-0.5s, +0.5s) range + /* Stepout threshold (sec). std ntpd uses 900 (11 mins (!)) */ -#define WATCH_THRESHOLD 128 +//UNUSED: #define WATCH_THRESHOLD 128 /* NB: set WATCH_THRESHOLD to ~60 when debugging to save time) */ //UNUSED: #define PANIC_THRESHOLD 1000 /* panic threshold (sec) */ @@ -275,6 +281,7 @@ typedef struct { uint8_t lastpkt_status; uint8_t lastpkt_stratum; uint8_t reachable_bits; + uint8_t dns_errors; /* when to send new query (if p_fd == -1) * or when receive times out (if p_fd >= 0): */ double next_action_time; @@ -392,6 +399,7 @@ struct globals { uint8_t discipline_state; // doc calls it c.state uint8_t poll_exp; // s.poll int polladj_count; // c.count + int FREQHOLD_cnt; long kernel_freq_drift; peer_t *last_update_peer; double last_update_offset; // c.last @@ -732,7 +740,7 @@ reset_peer_stats(peer_t *p, double offset) * and clear reachable bits, but this proved to be too agressive: * after step (tested with suspending laptop for ~30 secs), * this caused all previous data to be considered invalid, - * making us needing to collect full ~8 datapoins per peer + * making us needing to collect full ~8 datapoints per peer * after step in order to start trusting them. * In turn, this was making poll interval decrease even after * step was done. (Poll interval decreases already before step @@ -766,28 +774,22 @@ reset_peer_stats(peer_t *p, double offset) VERB6 bb_error_msg("%s->lastpkt_recv_time=%f", p->p_dotted, p->lastpkt_recv_time); } -static void -resolve_peer_hostname(peer_t *p, int loop_on_fail) +static len_and_sockaddr* +resolve_peer_hostname(peer_t *p) { - len_and_sockaddr *lsa; - - again: - lsa = host2sockaddr(p->p_hostname, 123); - if (!lsa) { - /* error message already emitted by host2sockaddr() */ - if (!loop_on_fail) - return; -//FIXME: do this to avoid infinite looping on typo in a hostname? -//well... in which case, what is a good value for loop_on_fail? - //if (--loop_on_fail == 0) - // xfunc_die(); - sleep(5); - goto again; + len_and_sockaddr *lsa = host2sockaddr(p->p_hostname, 123); + if (lsa) { + free(p->p_lsa); + free(p->p_dotted); + p->p_lsa = lsa; + p->p_dotted = xmalloc_sockaddr2dotted_noport(&lsa->u.sa); + VERB1 if (strcmp(p->p_hostname, p->p_dotted) != 0) + bb_error_msg("'%s' is %s", p->p_hostname, p->p_dotted); + p->dns_errors = 0; + return lsa; } - free(p->p_lsa); - free(p->p_dotted); - p->p_lsa = lsa; - p->p_dotted = xmalloc_sockaddr2dotted_noport(&lsa->u.sa); + p->dns_errors = ((p->dns_errors << 1) | 1) & DNS_ERRORS_CAP; + return lsa; } static void @@ -798,28 +800,28 @@ add_peers(const char *s) p = xzalloc(sizeof(*p) + strlen(s)); strcpy(p->p_hostname, s); - resolve_peer_hostname(p, /*loop_on_fail=*/ 1); + p->p_fd = -1; + p->p_xmt_msg.m_status = MODE_CLIENT | (NTP_VERSION << 3); + p->next_action_time = G.cur_time; /* = set_next(p, 0); */ + reset_peer_stats(p, STEP_THRESHOLD); /* Names like N..pool.ntp.org are randomly resolved * to a pool of machines. Sometimes different N's resolve to the same IP. * It is not useful to have two peers with same IP. We skip duplicates. */ - for (item = G.ntp_peers; item != NULL; item = item->link) { - peer_t *pp = (peer_t *) item->data; - if (strcmp(p->p_dotted, pp->p_dotted) == 0) { - bb_error_msg("duplicate peer %s (%s)", s, p->p_dotted); - free(p->p_lsa); - free(p->p_dotted); - free(p); - return; + if (resolve_peer_hostname(p)) { + for (item = G.ntp_peers; item != NULL; item = item->link) { + peer_t *pp = (peer_t *) item->data; + if (pp->p_dotted && strcmp(p->p_dotted, pp->p_dotted) == 0) { + bb_error_msg("duplicate peer %s (%s)", s, p->p_dotted); + free(p->p_lsa); + free(p->p_dotted); + free(p); + return; + } } } - p->p_fd = -1; - p->p_xmt_msg.m_status = MODE_CLIENT | (NTP_VERSION << 3); - p->next_action_time = G.cur_time; /* = set_next(p, 0); */ - reset_peer_stats(p, STEP_THRESHOLD); - llist_add_to(&G.ntp_peers, p); G.peer_cnt++; } @@ -847,6 +849,9 @@ do_sendto(int fd, static void send_query_to_peer(peer_t *p) { + if (!p->p_lsa) + return; + /* Why do we need to bind()? * See what happens when we don't bind: * @@ -882,7 +887,7 @@ send_query_to_peer(peer_t *p) #if ENABLE_FEATURE_IPV6 if (family == AF_INET) #endif - setsockopt_int(fd, IPPROTO_IP, IP_TOS, IPTOS_LOWDELAY); + setsockopt_int(fd, IPPROTO_IP, IP_TOS, IPTOS_DSCP_AF21); free(local_lsa); } @@ -1010,6 +1015,7 @@ step_time(double offset) tval = tvn.tv_sec; strftime_YYYYMMDDHHMMSS(buf, sizeof(buf), &tval); bb_error_msg("setting time to %s.%06u (offset %+fs)", buf, (unsigned)tvn.tv_usec, offset); + //maybe? G.FREQHOLD_cnt = 0; /* Correct various fields which contain time-relative values: */ @@ -1086,7 +1092,8 @@ fit(peer_t *p, double rd) { if ((p->reachable_bits & (p->reachable_bits-1)) == 0) { /* One or zero bits in reachable_bits */ - VERB4 bb_error_msg("peer %s unfit for selection: unreachable", p->p_dotted); + VERB4 bb_error_msg("peer %s unfit for selection: " + "unreachable", p->p_dotted); return 0; } if (option_mask32 & OPT_t) /* RFC-4330 check disabled */ @@ -1096,13 +1103,17 @@ fit(peer_t *p, double rd) if ((p->lastpkt_status & LI_ALARM) == LI_ALARM || p->lastpkt_stratum >= MAXSTRAT ) { - VERB4 bb_error_msg("peer %s unfit for selection: bad status/stratum", p->p_dotted); + VERB4 bb_error_msg("peer %s unfit for selection: " + "bad status/stratum", p->p_dotted); return 0; } #endif /* rd is root_distance(p) */ if (rd > MAXDIST + FREQ_TOLERANCE * (1 << G.poll_exp)) { - VERB4 bb_error_msg("peer %s unfit for selection: root distance too high", p->p_dotted); + VERB3 bb_error_msg("peer %s unfit for selection: " + "root distance %f too high, jitter:%f", + p->p_dotted, rd, p->filter_jitter + ); return 0; } //TODO @@ -1688,39 +1699,96 @@ update_local_clock(peer_t *p) tmx.freq = G.discipline_freq_drift * 65536e6; #endif tmx.modes = ADJ_OFFSET | ADJ_STATUS | ADJ_TIMECONST;// | ADJ_MAXERROR | ADJ_ESTERROR; - tmx.constant = (int)G.poll_exp - 4; - /* EXPERIMENTAL. - * The below if statement should be unnecessary, but... - * It looks like Linux kernel's PLL is far too gentle in changing - * tmx.freq in response to clock offset. Offset keeps growing - * and eventually we fall back to smaller poll intervals. - * We can make correction more agressive (about x2) by supplying - * PLL time constant which is one less than the real one. - * To be on a safe side, let's do it only if offset is significantly - * larger than jitter. - */ - if (G.offset_to_jitter_ratio >= TIMECONST_HACK_GATE) - tmx.constant--; + tmx.offset = (long)(offset * 1000000); /* usec */ if (SLEW_THRESHOLD < STEP_THRESHOLD) { if (tmx.offset > (long)(SLEW_THRESHOLD * 1000000)) { tmx.offset = (long)(SLEW_THRESHOLD * 1000000); - tmx.constant--; } if (tmx.offset < -(long)(SLEW_THRESHOLD * 1000000)) { tmx.offset = -(long)(SLEW_THRESHOLD * 1000000); - tmx.constant--; } } - if (tmx.constant < 0) - tmx.constant = 0; tmx.status = STA_PLL; + if (G.FREQHOLD_cnt != 0) { + /* man adjtimex on STA_FREQHOLD: + * "Normally adjustments made via ADJ_OFFSET result in dampened + * frequency adjustments also being made. + * This flag prevents the small frequency adjustment from being + * made when correcting for an ADJ_OFFSET value." + * + * Use this flag for a few first adjustments at the beginning + * of ntpd execution, otherwise even relatively small initial + * offset tend to cause largish changes to in-kernel tmx.freq. + * If ntpd was restarted due to e.g. switch to another network, + * this destroys already well-established tmx.freq value. + */ + if (G.FREQHOLD_cnt < 0) { + /* Initialize it */ +// Example: a laptop whose clock runs slower when hibernated, +// after wake up it still has good tmx.freq, but accumulated ~0.5 sec offset: +// Run with code where initial G.FREQHOLD_cnt was always 8: +//15:17:52.947 no valid datapoints, no peer selected +//15:17:56.515 update from: offset:+0.485133 delay:0.157762 jitter:0.209310 clock drift:-1.393ppm tc:4 +//15:17:57.719 update from: offset:+0.483825 delay:0.158070 jitter:0.181159 clock drift:-1.393ppm tc:4 +//15:17:59.925 update from: offset:+0.479504 delay:0.158147 jitter:0.156657 clock drift:-1.393ppm tc:4 +//15:18:33.322 update from: offset:+0.428119 delay:0.158317 jitter:0.138071 clock drift:-1.393ppm tc:4 +//15:19:06.718 update from: offset:+0.376932 delay:0.158276 jitter:0.122075 clock drift:-1.393ppm tc:4 +//15:19:39.114 update from: offset:+0.327022 delay:0.158384 jitter:0.108538 clock drift:-1.393ppm tc:4 +//15:20:12.715 update from: offset:+0.275596 delay:0.158297 jitter:0.097292 clock drift:-1.393ppm tc:4 +//15:20:45.111 update from: offset:+0.225715 delay:0.158271 jitter:0.087841 clock drift:-1.393ppm tc:4 +// If allowed to continue, it would start increasing tmx.freq now. +// Instead, it was ^Ced, and started anew: +//15:21:15.043 no valid datapoints, no peer selected +//15:21:17.408 update from: offset:+0.175910 delay:0.158314 jitter:0.076683 clock drift:-1.393ppm tc:4 +//15:21:19.774 update from: offset:+0.171784 delay:0.158401 jitter:0.066436 clock drift:-1.393ppm tc:4 +//15:21:22.140 update from: offset:+0.171660 delay:0.158592 jitter:0.057536 clock drift:-1.393ppm tc:4 +//15:21:22.140 update from: offset:+0.167126 delay:0.158507 jitter:0.049792 clock drift:-1.393ppm tc:4 +//15:21:55.696 update from: offset:+0.115223 delay:0.158277 jitter:0.050240 clock drift:-1.393ppm tc:4 +//15:22:29.093 update from: offset:+0.068051 delay:0.158243 jitter:0.049405 clock drift:-1.393ppm tc:5 +//15:23:02.490 update from: offset:+0.051632 delay:0.158215 jitter:0.043545 clock drift:-1.393ppm tc:5 +//15:23:34.726 update from: offset:+0.039984 delay:0.158157 jitter:0.038106 clock drift:-1.393ppm tc:5 +// STA_FREQHOLD no longer set, started increasing tmx.freq now: +//15:24:06.961 update from: offset:+0.030968 delay:0.158190 jitter:0.033306 clock drift:+2.387ppm tc:5 +//15:24:40.357 update from: offset:+0.023648 delay:0.158211 jitter:0.029072 clock drift:+5.454ppm tc:5 +//15:25:13.774 update from: offset:+0.018068 delay:0.157660 jitter:0.025288 clock drift:+7.728ppm tc:5 +//15:26:19.173 update from: offset:+0.010057 delay:0.157969 jitter:0.022255 clock drift:+8.361ppm tc:6 +//15:27:26.602 update from: offset:+0.006737 delay:0.158103 jitter:0.019316 clock drift:+8.792ppm tc:6 +//15:28:33.030 update from: offset:+0.004513 delay:0.158294 jitter:0.016765 clock drift:+9.080ppm tc:6 +//15:29:40.617 update from: offset:+0.002787 delay:0.157745 jitter:0.014543 clock drift:+9.258ppm tc:6 +//15:30:47.045 update from: offset:+0.001324 delay:0.157709 jitter:0.012594 clock drift:+9.342ppm tc:6 +//15:31:53.473 update from: offset:+0.000007 delay:0.158142 jitter:0.010922 clock drift:+9.343ppm tc:6 +//15:32:58.902 update from: offset:-0.000728 delay:0.158222 jitter:0.009454 clock drift:+9.298ppm tc:6 + /* + * This expression would choose MIN_FREQHOLD + 8 in the above example. + */ + G.FREQHOLD_cnt = 1 + MIN_FREQHOLD + ((unsigned)(abs(tmx.offset)) >> 16); + } + G.FREQHOLD_cnt--; + tmx.status |= STA_FREQHOLD; + } if (G.ntp_status & LI_PLUSSEC) tmx.status |= STA_INS; if (G.ntp_status & LI_MINUSSEC) tmx.status |= STA_DEL; + tmx.constant = (int)G.poll_exp - 4; + /* EXPERIMENTAL. + * The below if statement should be unnecessary, but... + * It looks like Linux kernel's PLL is far too gentle in changing + * tmx.freq in response to clock offset. Offset keeps growing + * and eventually we fall back to smaller poll intervals. + * We can make correction more agressive (about x2) by supplying + * PLL time constant which is one less than the real one. + * To be on a safe side, let's do it only if offset is significantly + * larger than jitter. + */ + if (G.offset_to_jitter_ratio >= TIMECONST_HACK_GATE) + tmx.constant--; + if (tmx.constant < 0) + tmx.constant = 0; + //tmx.esterror = (uint32_t)(clock_jitter * 1e6); //tmx.maxerror = (uint32_t)((sys_rootdelay / 2 + sys_rootdisp) * 1e6); rc = adjtimex(&tmx); @@ -1735,7 +1803,7 @@ update_local_clock(peer_t *p) VERB2 bb_error_msg("update from:%s offset:%+f delay:%f jitter:%f clock drift:%+.3fppm tc:%d", p->p_dotted, offset, - p->lastpkt_delay, + p->p_raw_delay, G.discipline_jitter, (double)tmx.freq / 65536, (int)tmx.constant @@ -1893,27 +1961,30 @@ recv_and_process_peer_pkt(peer_t *p) T2 = lfp_to_d(msg.m_rectime); T3 = lfp_to_d(msg.m_xmttime); T4 = G.cur_time; - - /* The delay calculation is a special case. In cases where the - * server and client clocks are running at different rates and - * with very fast networks, the delay can appear negative. In - * order to avoid violating the Principle of Least Astonishment, - * the delay is clamped not less than the system precision. - */ delay = (T4 - T1) - (T3 - T2); - if (delay < G_precision_sec) - delay = G_precision_sec; + /* * If this packet's delay is much bigger than the last one, * it's better to just ignore it than use its much less precise value. */ prev_delay = p->p_raw_delay; - p->p_raw_delay = delay; - if (p->reachable_bits && delay > prev_delay * BAD_DELAY_GROWTH) { + p->p_raw_delay = (delay < 0 ? 0.0 : delay); + if (p->reachable_bits + && delay > prev_delay * BAD_DELAY_GROWTH + && delay > 1.0 / (8 * 1024) /* larger than ~0.000122 */ + ) { bb_error_msg("reply from %s: delay %f is too high, ignoring", p->p_dotted, delay); goto pick_normal_interval; } + /* The delay calculation is a special case. In cases where the + * server and client clocks are running at different rates and + * with very fast networks, the delay can appear negative. In + * order to avoid violating the Principle of Least Astonishment, + * the delay is clamped not less than the system precision. + */ + if (delay < G_precision_sec) + delay = G_precision_sec; p->lastpkt_delay = delay; p->lastpkt_recv_time = T4; VERB6 bb_error_msg("%s->lastpkt_recv_time=%f", p->p_dotted, p->lastpkt_recv_time); @@ -1941,7 +2012,7 @@ recv_and_process_peer_pkt(peer_t *p) bb_error_msg("reply from %s: offset:%+f delay:%f status:0x%02x strat:%d refid:0x%08x rootdelay:%f reach:0x%02x", p->p_dotted, offset, - p->lastpkt_delay, + p->p_raw_delay, p->lastpkt_status, p->lastpkt_stratum, p->lastpkt_refid, @@ -2064,6 +2135,13 @@ recv_and_process_client_pkt(void /*int fd*/) goto bail; } + /* Respond only to client and symmetric active packets */ + if ((msg.m_status & MODE_MASK) != MODE_CLIENT + && (msg.m_status & MODE_MASK) != MODE_SYM_ACT + ) { + goto bail; + } + query_status = msg.m_status; query_xmttime = msg.m_xmttime; @@ -2207,6 +2285,7 @@ static NOINLINE void ntp_init(char **argv) if (BURSTPOLL != 0) G.poll_exp = BURSTPOLL; /* speeds up initial sync */ G.last_script_run = G.reftime = G.last_update_recv_time = gettime1900d(); /* sets G.cur_time too */ + G.FREQHOLD_cnt = -1; /* Parse options */ peers = NULL; @@ -2218,7 +2297,7 @@ static NOINLINE void ntp_init(char **argv) IF_FEATURE_NTPD_SERVER("I:") /* compat */ "d" /* compat */ "46aAbgL", /* compat, ignored */ - &peers,&G.script_name, + &peers, &G.script_name, #if ENABLE_FEATURE_NTPD_SERVER &G.if_name, #endif @@ -2226,6 +2305,28 @@ static NOINLINE void ntp_init(char **argv) // if (opts & OPT_x) /* disable stepping, only slew is allowed */ // G.time_was_stepped = 1; + +#if ENABLE_FEATURE_NTPD_SERVER + G_listen_fd = -1; + if (opts & OPT_l) { + G_listen_fd = create_and_bind_dgram_or_die(NULL, 123); + if (G.if_name) { + if (setsockopt_bindtodevice(G_listen_fd, G.if_name)) + xfunc_die(); + } + socket_want_pktinfo(G_listen_fd); + setsockopt_int(G_listen_fd, IPPROTO_IP, IP_TOS, IPTOS_DSCP_AF21); + } +#endif + /* I hesitate to set -20 prio. -15 should be high enough for timekeeping */ + if (opts & OPT_N) + setpriority(PRIO_PROCESS, 0, -15); + + if (!(opts & OPT_n)) { + bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO, argv); + logmode = LOGMODE_NONE; + } + if (peers) { while (peers) add_peers(llist_pop(&peers)); @@ -2254,26 +2355,6 @@ static NOINLINE void ntp_init(char **argv) /* -l but no peers: "stratum 1 server" mode */ G.stratum = 1; } -#if ENABLE_FEATURE_NTPD_SERVER - G_listen_fd = -1; - if (opts & OPT_l) { - G_listen_fd = create_and_bind_dgram_or_die(NULL, 123); - if (opts & OPT_I) { - if (setsockopt_bindtodevice(G_listen_fd, G.if_name)) - xfunc_die(); - } - socket_want_pktinfo(G_listen_fd); - setsockopt_int(G_listen_fd, IPPROTO_IP, IP_TOS, IPTOS_LOWDELAY); - } -#endif - if (!(opts & OPT_n)) { - bb_daemonize_or_rexec(DAEMON_DEVNULL_STDIO, argv); - logmode = LOGMODE_NONE; - } - /* I hesitate to set -20 prio. -15 should be high enough for timekeeping */ - if (opts & OPT_N) - setpriority(PRIO_PROCESS, 0, -15); - /* If network is up, syncronization occurs in ~10 seconds. * We give "ntpd -q" 10 seconds to get first reply, * then another 50 seconds to finish syncing. @@ -2339,7 +2420,9 @@ int ntpd_main(int argc UNUSED_PARAM, char **argv) /* Nothing between here and poll() blocks for any significant time */ - nextaction = G.cur_time + 3600; + nextaction = G.last_script_run + (11*60); + if (nextaction < G.cur_time + 1) + nextaction = G.cur_time + 1; i = 0; #if ENABLE_FEATURE_NTPD_SERVER @@ -2375,7 +2458,7 @@ int ntpd_main(int argc UNUSED_PARAM, char **argv) /* What if don't see it because it changed its IP? */ if (p->reachable_bits == 0) - resolve_peer_hostname(p, /*loop_on_fail=*/ 0); + resolve_peer_hostname(p); set_next(p, timeout); } @@ -2418,13 +2501,42 @@ int ntpd_main(int argc UNUSED_PARAM, char **argv) did_poll: gettime1900d(); /* sets G.cur_time */ if (nfds <= 0) { - if (!bb_got_signal /* poll wasn't interrupted by a signal */ - && G.cur_time - G.last_script_run > 11*60 - ) { + double ct; + int dns_error; + + if (bb_got_signal) + break; /* poll was interrupted by a signal */ + + if (G.cur_time - G.last_script_run > 11*60) { /* Useful for updating battery-backed RTC and such */ run_script("periodic", G.last_update_offset); gettime1900d(); /* sets G.cur_time */ } + + /* Resolve peer names to IPs, if not resolved yet. + * We do it only when poll timed out: + * this way, we almost never overlap DNS resolution with + * "request-reply" packet round trip. + */ + dns_error = 0; + ct = G.cur_time; + for (item = G.ntp_peers; item != NULL; item = item->link) { + peer_t *p = (peer_t *) item->data; + if (p->next_action_time <= ct && !p->p_lsa) { + /* This can take up to ~10 sec per each DNS query */ + dns_error |= (!resolve_peer_hostname(p)); + } + } + if (!dns_error) + goto check_unsync; + /* Set next time for those which are still not resolved */ + gettime1900d(); /* sets G.cur_time (needed for set_next()) */ + for (item = G.ntp_peers; item != NULL; item = item->link) { + peer_t *p = (peer_t *) item->data; + if (p->next_action_time <= ct && !p->p_lsa) { + set_next(p, HOSTNAME_INTERVAL * p->dns_errors); + } + } goto check_unsync; } diff --git a/release/src/router/rc/ntpd.c b/release/src/router/rc/ntpd.c index 19059291cc7..0a5adb0556f 100644 --- a/release/src/router/rc/ntpd.c +++ b/release/src/router/rc/ntpd.c @@ -81,6 +81,11 @@ void stop_ntpd(void) int ntpd_synced_main(int argc, char *argv[]) { +#if 0 + if (argc == 2 && !strcmp(argv[1], "unsync")) + logmessage("ntp", "Unable to reach ntp server so far, keep trying"); +#endif + if (!nvram_match("ntp_ready", "1") && (argc == 2 && !strcmp(argv[1], "step"))) { nvram_set("ntp_ready", "1"); logmessage("ntp", "Initial clock set"); diff --git a/release/src/router/rc/wan.c b/release/src/router/rc/wan.c index 8ffa7a3a483..e46eb647e43 100644 --- a/release/src/router/rc/wan.c +++ b/release/src/router/rc/wan.c @@ -412,6 +412,13 @@ start_igmpproxy(char *wan_ifname) #endif #endif +#ifdef RTCONFIG_MULTICAST_IPTV + if (nvram_get_int("switch_stb_x") > 6 && + nvram_match("switch_wantag", "movistar") && + !nvram_match("iptv_ifname", wan_ifname)) + return; +#endif + stop_igmpproxy(); if (nvram_get_int("udpxy_enable_x")) { @@ -424,13 +431,6 @@ start_igmpproxy(char *wan_ifname) "-a", nvram_get("lan_ifname") ? : "br0"); } -#ifdef RTCONFIG_MULTICAST_IPTV - if (nvram_get_int("switch_stb_x") > 6 && - nvram_match("switch_wantag", "movistar") && - !nvram_match("iptv_ifname", wan_ifname)) - return; -#endif - #if !defined(HND_ROUTER) if (!nvram_get_int("mr_enable_x")) return; diff --git a/release/src/router/www/Advanced_OpenVPNClient_Content.asp b/release/src/router/www/Advanced_OpenVPNClient_Content.asp index 025809d7d8f..b53e65e5c61 100644 --- a/release/src/router/www/Advanced_OpenVPNClient_Content.asp +++ b/release/src/router/www/Advanced_OpenVPNClient_Content.asp @@ -42,7 +42,7 @@ font-size:14px; z-index:200; position:relative; - background-color:balck: + background-color:black; } .QISform_wireless{ width:600px; diff --git a/release/src/router/www/Advanced_OperationMode_Content.asp b/release/src/router/www/Advanced_OperationMode_Content.asp index f350eb7a4d5..373ed624b0d 100644 --- a/release/src/router/www/Advanced_OperationMode_Content.asp +++ b/release/src/router/www/Advanced_OperationMode_Content.asp @@ -42,7 +42,7 @@ font-size:14px; z-index:200; position:relative; - background-color:balck: + background-color:black; } .QISform_wireless{ width:600px; diff --git a/release/src/router/www/Main_Analysis_Content.asp b/release/src/router/www/Main_Analysis_Content.asp index 6f8d03cf3fc..eeb37b624f8 100644 --- a/release/src/router/www/Main_Analysis_Content.asp +++ b/release/src/router/www/Main_Analysis_Content.asp @@ -313,7 +313,6 @@ function pullLANIPList(obj){ - + diff --git a/release/src/router/www/Main_Netstat_Content.asp b/release/src/router/www/Main_Netstat_Content.asp index 873101efa96..e0ddfb72bf8 100644 --- a/release/src/router/www/Main_Netstat_Content.asp +++ b/release/src/router/www/Main_Netstat_Content.asp @@ -291,7 +291,7 @@ function validForm(){
- +
@@ -311,7 +311,6 @@ function validForm(){ - + diff --git a/release/src/router/www/help_content.js b/release/src/router/www/help_content.js index 46711d8d4cd..922b68bee6d 100644 --- a/release/src/router/www/help_content.js +++ b/release/src/router/www/help_content.js @@ -141,7 +141,7 @@ helpcontent[7] = new Array("", "Presume the peer to be dead if n LCP Echo-Requests are sent without receiving a valid LCP Echo-Reply. Use of this option requires a non-zero value for the Echo Interval parameter.", "If DNS resolution fails or returns the wrong address to n times, then it is assumed that the internet connection is completely unsuccessful", "You can configure your router to use a third party DNS server that supports encryption to prevent snooping on your DNS queries. While this increases privacy, note that it might decrease general DNS performance.", - "In strict mode, only allow the use of a DNS server if the identity of the remote server can be authenticated. In opportunistic mode it will attempt to authetnticate, but will still use that server if it fails to authenticate its identity, allowing name resolution to still work properly.", + "In strict mode, only allow the use of a DNS server if the identity of the remote server can be authenticated. In opportunistic mode it will attempt to authenticate, but will still use that server if it fails to authenticate its identity, allowing name resolution to still work properly.", "The IP address of the nameserver.", "TLS Port (defaults to 853 if left empty).", "Authentication domain name checked against the server certificate.", diff --git a/release/src/router/www/sysdep/RT-AC86U/www/Main_Netstat_Content.asp b/release/src/router/www/sysdep/RT-AC86U/www/Main_Netstat_Content.asp index bdd9330d999..9b91957f67a 100644 --- a/release/src/router/www/sysdep/RT-AC86U/www/Main_Netstat_Content.asp +++ b/release/src/router/www/sysdep/RT-AC86U/www/Main_Netstat_Content.asp @@ -1,201 +1,250 @@ - - - - - - - - - -<#Network_Tools#> - Netstat - - - - - - - - - - -
- - -
- - -"> -"> - - - - - - - - - -
  - - - - - - - - -
- - - - -
-
 
-
<#Network_Tools#> - Netstat
-
-
<#NetworkTools_Info#>
- - - - - - - - - - -
<#NetworkTools_Method#> - -
<#NetworkTools_option#> - <#sockets_listening#> -
- <#sockets_all#> -
- <#sockets_TCP#> -
- <#sockets_UDP#> -
- <#sockets_RAW#> -
- <#sockets_UNIX#> -
- <#Display_routingtable#> -
- <#sockets_not_resolve_names#> -
- -
- - - - -
- -
- -
-
-
- -
-
- - - - - + + + + + + + + + +<#Network_Tools#> - Netstat + + + + + + + + + + + + + +
+ + +
+ + +"> +"> + + + + + + + + + +
  + + + + + + + + +
+ + + + +
+
 
+
<#Network_Tools#> - Netstat
+
+
<#NetworkTools_Info#>
+ + + + + + + + + + + + + + +
<#NetworkTools_Method#> + +
<#NetworkTools_option#> + <#sockets_listening#> +
+ <#sockets_all#> +
+ <#sockets_TCP#> +
+ <#sockets_UDP#> +
+ <#sockets_RAW#> +
+ <#sockets_UNIX#> +
+ <#Display_routingtable#> +
+ <#sockets_not_resolve_names#> +
+ +
+ + + + +
+ +
+ +
+
+
+ +
+
+ + + + +