NTP Daemon for ASUSWRT/Merlin

[GoNz0]

Yes, true. That's why I included the request towards @thelonelycoder, as (if I recall correctly) he was writing an install script to simplify things, but it wasn't ready for release.

In the meantime, just bookmark http://router.asus.com/Tools_NtpdStats.asp or https://router.asus.com/Tools_NtpdStats.asp so you can still access the page, it just won't show up at the Tools page.

Edit: Had to check, before I asked the wrong person, as my memory is playing hide and seek, but I found the post a few pages back. Unfortunately, he's probably busy with the latest release of AB-Solution and the user feedback, so this will probably have to wait...

Thanks for the heads up, bookmarked

 

[thelonelycoder]

Yes, true. That's why I included the request towards @thelonelycoder, as (if I recall correctly) he was writing an install script to simplify things, but it wasn't ready for release.

In the meantime, just bookmark http://router.asus.com/Tools_NtpdStats.asp or https://router.asus.com/Tools_NtpdStats.asp so you can still access the page, it just won't show up at the Tools page.

Edit: Had to check, before I asked the wrong person, as my memory is playing hide and seek, but I found the post a few pages back. Unfortunately, he's probably busy with the latest release of AB-Solution and the user feedback, so this will probably have to wait...

I have not had the time to finish that installer but will include the new menu tab when I do.

 

[MarCoMLXXV]

I have not had the time to finish that installer but will include the new menu tab when I do.

Thanks @thelonelycoder, that would be great! Looking forward to it

 

[sbsnb]

I followed the instructions for setting up NTP on AsusWRT Merlin. Everything was working fine until I noticed spikes in the NTP offset graphs happening at regular intervals:

That looked to me like the AsusWRT NTP client was still running on a scheduled basis and interfering with NTPd. Sure enough:

PID USER       VSZ STAT COMMAND
 1323 admin     1376 S    ntpd -c /jffs/etc/ntp.conf
 1324 admin     1376 S    ntpd -c /jffs/etc/ntp.conf
 1376 admin     6316 S    ntp

Hmmm. I check /opt/etc/init.d/S77ntpd-custom:

admin@asuswrt:/tmp/home/root# cat /opt/etc/init.d/S77ntpd-custom
#!/bin/sh

ENABLED=yes
PROCS=ntpd
ARGS="-c /jffs/etc/ntp.conf"
PREARGS=""
PRECMD="killall ntp"
DESC=$PROCS
PATH=/jffs/bin:/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func
admin@asuswrt:/tmp/home/root#

It looks like it should be killing ntp when ntpd starts, but for some reason PRECMD isn't working. Any ideas?

Judging by the log files, it looks like NTP starts after NTPD, so there's nothing to kill when it runs.

Aug 11 20:28:58 ntpd[1285]: ntpd 4.2.8p9-win@1.3728 Sat Mar 18 09:20:25 UTC 2017 (2): Starting
...
Aug 11 20:29:03 ntp: start NTP update

Any ideas how to combat this?

 

[GoNz0]

Mines the same, looks like an ECG all the time!
Once in a blue moon it does settle but this is few and far between considering I use UK servers.

 

[sbsnb]

Kill you NTP process manually. After I killed it my NTPd has been doing really well.

You can see around midnight when I killed NTP.

 

[GoNz0]

Kill you NTP process manually. After I killed it my NTPd has been doing really well.

You can see around midnight when I killed NTP.

I did "service stop_ntp" and it seems to have started up again as I am back to an ECG graph again

 

[sbsnb]

I just used killall ntp

 

[john9527]

If you are running my LTS fork, you can disable the ntp updates in the gui (set update interval to 0)

 

[GoNz0]

I just used killall ntp

That did it

 

[Fitz Mutch]

I did "service stop_ntp" and it seems to have started up again as I am back to an ECG graph again

Here's my general purpose tool to disable almost any program on the router. It's a function, but you could make it a standalone script.

deny_access() {
  local FILEPATH="$1"
  local FILENAME="$(/usr/bin/basename $FILEPATH)"
  local FILEEXT="${FILENAME##*.}"
  if [ "$FILEEXT" == "ko" ]; then
    local MODULENAME="${FILENAME%.*}"
    local FILEPATH="/lib/modules/$(/bin/uname -r)/$(/sbin/modprobe -l $MODULENAME)"
    if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
      /sbin/lsmod | /bin/grep -qF $MODULENAME && /sbin/modprobe -r $MODULENAME && /bin/sleep 1
      /bin/mount -o bind /dev/null "$FILEPATH"
    fi
  else
    if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
      [ -n "$(/bin/pidof $FILENAME)" ] && /usr/bin/killall $FILENAME && /bin/sleep 1
      /bin/mount -o bind /dev/null "$FILEPATH"
    fi
  fi
}

Usage example
deny_access /usr/sbin/ntpclient

 

[sbsnb]

I'm having a hell of a time with the fact that Firefox and Chrome both cache the NTP stats page even though they shouldn't. When viewing from my mobile device it's impossible to do a hard refresh and I can't get the latest stats.

 

[sbsnb]

Usage example
deny_access /usr/sbin/ntpclient

Is /bin/mount -o bind /dev/null "$FILEPATH" destructive? Can it be reversed when/if we uninstall ntpd?

 

[Fitz Mutch]

Is /bin/mount -o bind /dev/null "$FILEPATH" destructive? Can it be reversed when/if we uninstall ntpd?

/bin/umount /usr/sbin/ntpclient

OR, reboot the router.

 

[GoNz0]

Here's my general purpose tool to disable almost any program on the router. It's a function, but you could make it a standalone script.

deny_access() {
  local FILEPATH="$1"
  if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
    /bin/mount -t devtmpfs | /bin/grep -qF "$FILEPATH"
    if [ $? -ne 0 ]; then
      local FILENAME="$(/usr/bin/basename $FILEPATH)"
      local FILEEXT="${FILENAME##*.}"
      if [ "$FILEEXT" == "ko" ]; then
        local MODULENAME="${FILENAME%.*}"
        /sbin/modprobe -r $MODULENAME
        /bin/mount -o bind /dev/null "$FILEPATH"
      else
        [ -n "$(/bin/pidof $FILENAME)" ] && /usr/bin/killall $FILENAME
        /bin/mount -o bind /dev/null "$FILEPATH"
      fi
    fi
  fi
}

Usage example
deny_access /usr/sbin/ntpclient

Thanks again but my usual "am I doing this right" question

I make a new script "deny_access"

#!/bin/sh

deny_access() {
  local FILEPATH="$1"
  if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
    /bin/mount -t devtmpfs | /bin/grep -qF "$FILEPATH"
    if [ $? -ne 0 ]; then
      local FILENAME="$(/usr/bin/basename $FILEPATH)"
      local FILEEXT="${FILENAME##*.}"
      if [ "$FILEEXT" == "ko" ]; then
        local MODULENAME="${FILENAME%.*}"
        /sbin/modprobe -r $MODULENAME
        /bin/mount -o bind /dev/null "$FILEPATH"
      else
        [ -n "$(/bin/pidof $FILENAME)" ] && /usr/bin/killall $FILENAME
        /bin/mount -o bind /dev/null "$FILEPATH"
      fi
    fi
  fi
}

And in post-mount ? (is another better?) add the line

sleep 60 && echo "1 minutes later!" deny_access /usr/sbin/ntpclient

Is that it ?

(*edit
I have this under NTP now * Reminder: The system time has not been synchronized with an NTP server.
Do I need to do anything to sync the internal clock such as pointing it to itself (192.168.1.1) or is that just a warning to ignore due to the daemon running?

 

[Fitz Mutch]

... am I doing this right??? I have this under NTP now * Reminder: The system time has not been synchronized with an NTP server. Do I need to do anything to sync the internal clock such as pointing it to itself (192.168.1.1) or is that just a warning to ignore due to the daemon running?

You also need to set the nvram variable ntp_ready, to tell the router that the clock has been set. Here's an example for how you could do, this has not been tested yet.

/jffs/scripts/set_ntp_ready.sh

#!/bin/sh
wait_for_clock_change() {
  local snooze_secs=2
  local detect_secs=10
  local t_busybox="$(/bin/date -r /bin/busybox +%s)"

  while : ; do
    if [ "$(/usr/sbin/nvram get ntp_ready)" == "1" ]; then
      break
    else
      local t_now=$(/bin/date +%s)
      local t_expected_min=$(($t_now + $snooze_secs - $detect_secs))
      local t_expected_max=$(($t_now + $snooze_secs + $detect_secs))
      /bin/sleep $snooze_secs
      local t_now=$(/bin/date +%s)
      if [ $t_now -le $t_busybox ]; then
        continue
      elif [ $t_now -lt $t_expected_min ] || [ $t_now -gt $t_expected_max ]; then
        (
        # wait for Asus NTP service to start, if the router is booting
        local wait_remaining=120 # seconds
        local wait_interval=2
        while [ $wait_remaining -gt 0 ] && [ -z "$(/bin/pidof ntp)" ] ; do
          /bin/sleep $wait_interval
          let wait_remaining-=$wait_interval
        done

        /bin/sleep 1

        /usr/sbin/nvram set ntp_ready=1
        if [ $wait_remaining -le 0 ]; then
          # if Asus NTP service is not running
          /usr/sbin/nvram set svc_ready=1
        else
          # if Asus NTP service is running
          /usr/bin/killall -TSTP ntp
          /bin/sleep 7
          /usr/bin/killall -TERM ntp
          /bin/sleep 1
        fi

        # prevent Asus NTP service from starting
        /bin/rm -rf /var/run/ntp.pid
        /bin/mkdir -p /var/run/ntp.pid
        ) &
        break
      fi
    fi
  done
}

wait_for_clock_change

/jffs/scripts/init-start

#!/bin/sh
deny_access() {
  local FILEPATH="$1"
  local FILENAME="$(/usr/bin/basename $FILEPATH)"
  local FILEEXT="${FILENAME##*.}"
  if [ "$FILEEXT" == "ko" ]; then
    local MODULENAME="${FILENAME%.*}"
    local FILEPATH="/lib/modules/$(/bin/uname -r)/$(/sbin/modprobe -l $MODULENAME)"
    if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
      /sbin/lsmod | /bin/grep -qF $MODULENAME && /sbin/modprobe -r $MODULENAME && /bin/sleep 1
      /bin/mount -o bind /dev/null "$FILEPATH"
    fi
  else
    if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
      [ -n "$(/bin/pidof $FILENAME)" ] && /usr/bin/killall $FILENAME && /bin/sleep 1
      /bin/mount -o bind /dev/null "$FILEPATH"
    fi
  fi
}

# disable the Asus NTP client so it doesn't cause a bloody mess with our real NTP server
deny_access /usr/sbin/ntpclient

# automatically set ntp_ready: runs in background and waits indefinitely for a clock change then sets ntp_ready and quits
/jffs/scripts/set_ntp_ready.sh &

 

[GoNz0]

You also need to set the nvram variable ntp_ready, to tell the router that the clock has been set. Here's an example for how you could do, this has not been tested yet.

I will let you know, thanks

 

[GoNz0]

You also need to set the nvram variable ntp_ready, to tell the router that the clock has been set. Here's an example for how you could do, this has not been tested yet.

/jffs/scripts/set_ntp_ready.sh

#!/bin/sh
wait_for_clock_change() {
  local snooze_secs=2
  local detect_secs=10
  local t_busybox="$(/bin/date -r /bin/busybox +%s)"

  while : ; do
    if [ "$(/usr/sbin/nvram get ntp_ready)" == "1" ]; then
      break
    else
      local t_now=$(/bin/date +%s)
      local t_expected_min=$(($t_now + $snooze_secs - $detect_secs))
      local t_expected_max=$(($t_now + $snooze_secs + $detect_secs))
      /bin/sleep $snooze_secs
      local t_now=$(/bin/date +%s)
      if [ $t_now -le $t_busybox ]; then
        continue
      elif [ $t_now -lt $t_expected_min ] || [ $t_now -gt $t_expected_max ]; then
        /usr/sbin/nvram set ntp_ready=1
        break
      fi
    fi
  done
}

wait_for_clock_change

/jffs/scripts/init-start

#!/bin/sh
deny_access() {
  local FILEPATH="$1"
  if [ -f "$FILEPATH" ] && [ ! -h "$FILEPATH" ]; then
    /bin/mount -t devtmpfs | /bin/grep -qF "$FILEPATH"
    if [ $? -ne 0 ]; then
      local FILENAME="$(/usr/bin/basename $FILEPATH)"
      local FILEEXT="${FILENAME##*.}"
      if [ "$FILEEXT" == "ko" ]; then
        local MODULENAME="${FILENAME%.*}"
        /sbin/modprobe -r $MODULENAME
        /bin/mount -o bind /dev/null "$FILEPATH"
      else
        [ -n "$(/bin/pidof $FILENAME)" ] && /usr/bin/killall $FILENAME
        /bin/mount -o bind /dev/null "$FILEPATH"
      fi
    fi
  fi
}

# disable the Asus NTP client so it doesn't cause a bloody mess with our real NTP server
deny_access /usr/sbin/ntpclient

# automatically set ntp_ready: runs in background and waits indefinitely for a clock change then sets ntp_ready and quits
/jffs/scripts/set_ntp_ready.sh &

I don't think it worked as it is still saying * Reminder: The system time has not been synchronized with an NTP server.

 

[sbsnb]

/bin/umount /usr/sbin/ntpclient

OR, reboot the router.

Dang. That's my big problem. Any time the router reboots ntpclient is fired up and wrecks all the clock discipline ntpd has built up over the preceding hours/days. So far it seems to help to manually kill ntp and then do an ntpd -gq and then waiting long enough for the clock slew to get the time back to correct before starting ntpd, but that's a pain.

 

[Fitz Mutch]

I don't think it worked as it is still saying * Reminder: The system time has not been synchronized with an NTP server.

Asus may require you to properly kill their NTP service with a TSTP signal, after your clock has been synchronized:

/usr/bin/killall -TSTP ntp


OR, the quick+dirty way to fix your WebUI text:

/usr/sbin/nvram set svc_ready=1


AND, I refer you to the AsusWRT source code

https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/ntp.c#L47