ntpMerlin ntpMerlin - NTP Daemon for AsusWRT Merlin

[nephilim]

I would like to use chrony on my N66, too. But

foo@RT-N66U:/tmp/home/root# opkg update
Downloading http://pkg.entware.net/binaries/mipsel/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/entware-ng
foo@RT-N66U:/tmp/home/root# opkg install chrony
Unknown package 'chrony'.

whereas the ipk file can be obtained from https://bin.entware.net/mipselsf-k3.4/ . Is there a reason I should NOT install the ipk manually?

 

[Jack Yaz]

I have re-installed ntpmerlin to experiment further, but I am still getting these 7zip segfaults on my rt-ac86u.
On my most recent install I was initially not generating graphs due to SQLite checksum mismatches, so I sorted that out.
I also switched my data storage to USB instead of jffs in case there were problems writing to that location. I am still getting these segfaults though.

Sep 27 10:04:09 kernel: pgd = ffffffc012ea0000 Sep 27 10:04:09 kernel: [00000008] *pgd=00000000113c2003, *pud=00000000113c2003, *pmd=0000000000000000 Sep 27 10:04:09 kernel: CPU: 0 PID: 23862 Comm: 7z Tainted: P O 4.1.27 #2 Sep 27 10:04:09 kernel: Hardware name: Broadcom-v8A (DT) Sep 27 10:04:09 kernel: task: ffffffc015796b40 ti: ffffffc012ee8000 task.ti: ffffffc012ee8000 Sep 27 10:04:09 kernel: PC is at 0x7f91e298b0 Sep 27 10:04:09 kernel: LR is at 0x7f91e29898 Sep 27 10:04:09 kernel: pc : [<0000007f91e298b0>] lr : [<0000007f91e29898>] pstate: 60000000 Sep 27 10:04:09 kernel: sp : 0000007f8d5f98d0 Sep 27 10:04:09 kernel: x29: 0000007f8d5f98d0 x28: 0000007f92382000 Sep 27 10:04:09 kernel: x27: 000000000bec6560 x26: 0000007f92382000 Sep 27 10:04:09 kernel: x25: 0000007f9237e000 x24: 000000000bec5808 Sep 27 10:04:09 kernel: x23: 0000000000000000 x22: 000000000bec5968 Sep 27 10:04:09 kernel: x21: 000000000bec5b30 x20: 000000000bec6560 Sep 27 10:04:09 kernel: x19: 000000000bec58c0 x18: 000000005f6f8299 Sep 27 10:04:09 kernel: x17: 0000007f9225c750 x16: 0000000000491308 Sep 27 10:04:09 kernel: x15: 0000007f923501a8 x14: 0000000000000002 Sep 27 10:04:09 kernel: x13: 0000000000000150 x12: 0000007f8d5fa1d0 Sep 27 10:04:09 kernel: x11: 00000000003d0f00 x10: 0000007f9235bb80 Sep 27 10:04:09 kernel: x9 : 000000000000270f x8 : 00000000000000de Sep 27 10:04:09 kernel: x7 : 0000000000000069 x6 : 0000000000468940 Sep 27 10:04:09 kernel: x5 : 0000000000000000 x4 : 0000000000000000 Sep 27 10:04:09 kernel: x3 : 000000000000000c x2 : 0000007f8d5fa8c0 Sep 27 10:04:09 kernel: x1 : 0000000000000001 x0 : 0000007f91f02318

When I ran the netpmerlin option 1 "generate graphs" from ssh, I first got:
Segmentation fault

Then on subsequent attempts I got:
ERROR: Can't allocate required memory! mv: can't rename '/tmp/ntpmerlindata.zip': No such file or directory

My router is reporting 199MB RAM free, so I am not sure what it is complaining about. Am I supposed to have swap enabled?

All the graphs appear to actually be getting generated, so I don't know what this error is all about.

7zip is only used to bundle the csv downloads. I'd recommend uninstalling 7z and then checking /opt to ensure all 7z stuff is gone, then reinstalling

 

[Jack Yaz]

Thanks, @Jack Yaz for this powerful addition.

My only question now is, why isn't this available in the stable channel?

thanks! there's webui work to be done for the selection. I'm also still contemplating splitting chrony to have its own database (currently reusing the ntpd one).

i haven't done much script development lately as I'm starting to feel burnt out from work, so some hobbies have had to take a back seat so I can ensure my work levels don't dip

 

[maghuro]

I have re-installed ntpmerlin to experiment further, but I am still getting these 7zip segfaults on my rt-ac86u.
On my most recent install I was initially not generating graphs due to SQLite checksum mismatches, so I sorted that out.
I also switched my data storage to USB instead of jffs in case there were problems writing to that location. I am still getting these segfaults though.

Sep 27 10:04:09 kernel: pgd = ffffffc012ea0000 Sep 27 10:04:09 kernel: [00000008] *pgd=00000000113c2003, *pud=00000000113c2003, *pmd=0000000000000000 Sep 27 10:04:09 kernel: CPU: 0 PID: 23862 Comm: 7z Tainted: P O 4.1.27 #2 Sep 27 10:04:09 kernel: Hardware name: Broadcom-v8A (DT) Sep 27 10:04:09 kernel: task: ffffffc015796b40 ti: ffffffc012ee8000 task.ti: ffffffc012ee8000 Sep 27 10:04:09 kernel: PC is at 0x7f91e298b0 Sep 27 10:04:09 kernel: LR is at 0x7f91e29898 Sep 27 10:04:09 kernel: pc : [<0000007f91e298b0>] lr : [<0000007f91e29898>] pstate: 60000000 Sep 27 10:04:09 kernel: sp : 0000007f8d5f98d0 Sep 27 10:04:09 kernel: x29: 0000007f8d5f98d0 x28: 0000007f92382000 Sep 27 10:04:09 kernel: x27: 000000000bec6560 x26: 0000007f92382000 Sep 27 10:04:09 kernel: x25: 0000007f9237e000 x24: 000000000bec5808 Sep 27 10:04:09 kernel: x23: 0000000000000000 x22: 000000000bec5968 Sep 27 10:04:09 kernel: x21: 000000000bec5b30 x20: 000000000bec6560 Sep 27 10:04:09 kernel: x19: 000000000bec58c0 x18: 000000005f6f8299 Sep 27 10:04:09 kernel: x17: 0000007f9225c750 x16: 0000000000491308 Sep 27 10:04:09 kernel: x15: 0000007f923501a8 x14: 0000000000000002 Sep 27 10:04:09 kernel: x13: 0000000000000150 x12: 0000007f8d5fa1d0 Sep 27 10:04:09 kernel: x11: 00000000003d0f00 x10: 0000007f9235bb80 Sep 27 10:04:09 kernel: x9 : 000000000000270f x8 : 00000000000000de Sep 27 10:04:09 kernel: x7 : 0000000000000069 x6 : 0000000000468940 Sep 27 10:04:09 kernel: x5 : 0000000000000000 x4 : 0000000000000000 Sep 27 10:04:09 kernel: x3 : 000000000000000c x2 : 0000007f8d5fa8c0 Sep 27 10:04:09 kernel: x1 : 0000000000000001 x0 : 0000007f91f02318

When I ran the netpmerlin option 1 "generate graphs" from ssh, I first got:
Segmentation fault

Then on subsequent attempts I got:
ERROR: Can't allocate required memory! mv: can't rename '/tmp/ntpmerlindata.zip': No such file or directory

My router is reporting 199MB RAM free, so I am not sure what it is complaining about. Am I supposed to have swap enabled?

All the graphs appear to actually be getting generated, so I don't know what this error is all about.

It's a problem that ac86u is having with the USB disks. From time to time it is corrupting the disk. It happened to me twice in this last fw version. I had to format the disk and restore backups.

Not related to ntpMerlin.

 

[Linux_Chemist]

Thanks, I will do that.

Also, MyCloudEX2Ultra has the default time server set to windows dot com, and I can add my own, but I wasn't sure what to label it as and if it was even necessary since all clients are forced to use ntpMerlin (I think). Anyone have any suggestions?
thanks,
jts

True, if you've got the feature enabled in ntpmerlin to force redirect ntp requests to the router, any time server you have set on your devices on the LAN doesn't matter.
If you wanna check if that rule is definitely present on your router, you can use

 iptables -t nat -S

and look for something like

-A PREROUTING -i br0 -p udp -m udp --dport 123 -j DNAT --to-destination ROUTER'S_IP

where ROUTER'S_IP is your...well...router's ip lol

Incidentally, I wanted to ask Jack why there is also a tcp version for this rule added. To the best of my knowledge, NTP is udp exclusive (perhaps it isn't now, like DNS can sometimes use it for larger packets)( https://www.speedguide.net/port.php?port=123 claims there's a trojan known for tcp 123 as an aside), however I've redone all my firewall from scratch over the last month and I can confirm that the tcp dnat rule has never been hit, it's always udp. Was the tcp rule added as a 'just incase' or is there a growing movement towards NTP using both protocols?

What I would suggest if this rule isn't present or if you'd prefer to shoot straight for the router and not need it redirected - what I've done is put

bindaddress ROUTER'S_IP

in the chrony.conf config (now /jffs/addons/ntpmerlin.d/chrony.conf) and restart ntpmerlin. Now if you check with netstat -peanut, it should be listening on your router's IP on the LAN, with port 123. I don't know if this is set up by default, I just like to dot the Is.

 

[Jack Yaz]

True, if you've got the feature enabled in ntpmerlin to force redirect ntp requests to the router, any time server you have set on your devices on the LAN doesn't matter.
If you wanna check if that rule is definitely present on your router, you can use

 iptables -t nat -S

and look for

-A PREROUTING -i br0 -p udp -m udp --dport 123 -j DNAT --to-destination ROUTER'S_IP

where ROUTER'S_IP is your...well...router's ip lol

Incidentally, I wanted to ask Jack why there is also a tcp version for this rule added. To the best of my knowledge, NTP is udp exclusive (perhaps it isn't now, like DNS can sometimes use it for larger packets)( https://www.speedguide.net/port.php?port=123 claims there's a trojan known for tcp 123 as an aside), however I've redone all my firewall from scratch over the last month and I can confirm that the tcp dnat rule has never been hit, it's always udp. Was the tcp rule added as a 'just incase' or is there a growing movement towards NTP using both protocols?

What I would suggest if this rule isn't present or if you'd prefer to shoot straight for the router and not need it redirected - what I've done is put

bindaddress ROUTER'S_IP

in the chrony.conf config (now /jffs/addons/ntpmerlin.d/chrony.conf) and restart ntpmerlin. Now if you check with netstat -peanut, it should be listening on your router's IP on the LAN, with port 123. I don't know if this is set up by default, I just like to dot the Is.

iirc some people had issues with TCP not being there causing time lookups to fail on some devices. i don't get why, either, since ntp is udp but *shrug*

 

[Linux_Chemist]

iirc some people had issues with TCP not being there causing time lookups to fail on some devices. i don't get why, either, since ntp is udp but *shrug*

c'est la vie If someone sees this message and can confirm they need TCP 123, post what your device is please, I'd love to remember for future's sake.
Similarly, I noticed the other month that there's a push towards using udp 443 and 80 in addition to regular tcp for QUIC - big on google/android devices/software - chrome?

 

[JGrana]

I would think it quite odd to use TCP since the overhead of TCP pretty much eliminates the accuracy of NTP.

When I run:

netstat -tulpn | grep 123

On my AX88U running 384.19 I only see chronyd listening on UDP

I also would love to know what devices get NTP time via TCP!

As a side, here is my 24 hour graph of Offset. I as well see a few spikes on occasion:

Note the timescale - the largest spike was .5 ms (500 usec). I average around 2-4 uSecs.

Nice having a Stratum 1 server on the network ;-)

 

[SomeWhereOverTheRainBow]

iirc some people had issues with TCP not being there causing time lookups to fail on some devices. i don't get why, either, since ntp is udp but *shrug*

Yea i am not sure which devices overall benefit, but i did notice i was having way less time sync failures between client and router once the tcp rule was added. Maybe some clients default udp but can use tcp as fall back.

 

[Linux_Chemist]

Yea i am not sure which devices overall benefit, but i did notice i was having way less time sync failures between client and router once the tcp rule was added. Maybe some clients default udp but can use tcp as fall back.

I don't understand this at all for several reasons so for my own sanity if nothing else, let's just check my thinking At the end of the day, I've seen the tcp rule is doing nothing on my end so I can remove it, but let's try and make sense of your findings.

udp and tcp are separate protocols. If a client/device on the LAN sends an ntp request out to udp port 123 and it gets redirected as ntpmerlin gives the option to, udp 123 alone on the router will be able to make use of it. (Normal procedure)
If some bizarre client sends out for destination port tcp 123, then only tcp 123 can make use of it on the router - and neither ntpd, ntpmerlin nor chronyd actual listen on tcp 123 - only udp.

By what mechanism do they convert tcp packets from the LAN and then send them out to the internet via UDP? It doesn't happen? If this is even possible, happy to be shown otherwise but I doubt a time server would do this. DNS servers have to resort to falling back to tcp if the packet size becomes too big over udp to send without fragmenting or if the receiving end won't allow such a big size. As JGrana said, using tcp for ntp would add unnecessary overhead?

The only thing known for using tcp 123 according to speedguide.net (good source or not) is a trojan.

How can catching tcp requests have any effect at all on reducing time sync failures when only udp requests can ever be sent out over the net by ntpmerlin/chrony?

For anyone curious to see if they're benefitting and you have ntpmerlin set to redirect local requests to the chrony/ntpmerlin on the router,
could you check whether there's a none zero packet count for the tcp dpt:123 rule when you do:

iptables -t nat -L -v -n | grep DNAT

 

[jsbeddow]

Just to add a data point, you are right, tcp shows zero data count to this instruction:

3865  294K DNAT       udp  --  br0    *       0.0.0.0/0            0.0.0.0/0            udp dpt:123 to:192.168.1.1
    0     0 DNAT       tcp  --  br0    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:123 to:192.168.1.1

 

[dave14305]

Merlin removed tcp from his own NTP redirect rule after starting out with both. Officially, IANA reserved both TCP and UDP ports 123 for NTP. In practice, only UDP is ever seen.

rc: only intercept udp requests to port 123, ntpd does not listen to tcp · RMerl/asuswrt-merlin.ng@2770fa4

Third party firmware for Asus routers (newer codebase) - rc: only intercept udp requests to port 123, ntpd does not listen to tcp · RMerl/asuswrt-merlin.ng@2770fa4

github.com

 

[RMerlin]

Merlin removed tcp from his own NTP redirect rule after starting out with both. Officially, IANA reserved both TCP and UDP ports 123 for NTP. In practice, only UDP is ever seen.

rc: only intercept udp requests to port 123, ntpd does not listen to tcp · RMerl/asuswrt-merlin.ng@2770fa4

Third party firmware for Asus routers (newer codebase) - rc: only intercept udp requests to port 123, ntpd does not listen to tcp · RMerl/asuswrt-merlin.ng@2770fa4

github.com

And busybox's ntpd only binds to UDP, so it won't answer any connection attempts done over tcp.

admin@stargate88ax:/tmp/home/root# netstat -tupln | grep ntp
udp        0      0 :::123                  :::*                                1965/ntp
admin@stargate88ax:/tmp/home/root#

 

[JGrana]

And busybox's ntpd only binds to UDP, so it won't answer any connection attempts done over tcp.

admin@stargate88ax:/tmp/home/root# netstat -tupln | grep ntp
udp        0      0 :::123                  :::*                                1965/ntp
admin@stargate88ax:/tmp/home/root#

Nor will chrony

admin@RT-AX88U-26A8:/tmp/home/root# netstat -tupln | grep 123
udp        0      0 0.0.0.0:123             0.0.0.0:*                           2842/chronyd

Lets move on.

 

[Linux_Chemist]

My sanity is restored (for now) Many thanks.

 

[Wade Coxon]

7zip is only used to bundle the csv downloads. I'd recommend uninstalling 7z and then checking /opt to ensure all 7z stuff is gone, then reinstalling

I can manually run 7zip without any trouble. I have zipped and unzipped files using the same options as those that I spotted in the ntpmerlin script and written to both the jffs and USB partitions without errors.

It's a problem that ac86u is having with the USB disks. From time to time it is corrupting the disk. It happened to me twice in this last fw version. I had to format the disk and restore backups.

Not related to ntpMerlin.

How can I tell? I can run a disk health check from the main page and no error is detected. Unless that health check doesn't work for attached storage that is running active Entware packaged?
I can read and write to the USB drive in other ways without any trouble.

In fact, it doesn't actually matter if I have the data drive set to the USB or jffs, I still get the same segfaults.

 

[ugandy]

i installed ntpMerlin develop version to try chrony.
i then uninstalled it, and installed the regular ntpMerlin version.
but i still see this on my log:
Oct 13 16:44:49 RT-AX88U-8158 chronyd[7852]: Selected source 3.217.79.242

how do i uninstall any chrony leftovers?
thx

 

[Jack Yaz]

i installed ntpMerlin develop version to try chrony.
i then uninstalled it, and installed the regular ntpMerlin version.
but i still see this on my log:
Oct 13 16:44:49 RT-AX88U-8158 chronyd[7852]: Selected source 3.217.79.242

how do i uninstall any chrony leftovers?
thx

the uninstaller should have called

opkg remove --autoremove chrony

 

[ugandy]

the uninstaller should have called

opkg remove --autoremove chrony

the package is indeed gone. could the log message then be coming from some init script? where should i look?

 

[ugandy]

the uninstaller should have called

opkg remove --autoremove chrony

I still see this:

cromo@RT-AX88U-8158:/tmp/home/root# ps|grep chrony
3193 cromo 5432 S grep chrony
7852 nobody 71272 S chronyd -r -u nobody -f /opt/share/ntpmerlin.d/chrony.conf

is it expected after removing chrony ntpmerlin develop?
thx