[ntp:questions] Re: ntpd and ACTS

Terje Mathisen terje.mathisen at hda.hydro.com
Thu Nov 11 07:13:41 UTC 2004


Brad Knowles wrote:

> At 4:44 PM -0600 2004-11-10, Walter L. Preuninger II wrote:
> 
>>                Our president does not want any of our internal machines
>>  connected to the internet. In fact, I have to go to a completely 
>> different
>>  office just to send this.... Only dedicated computers have internet 
>> access.
> 
> 
>     In those kinds of cases, setting up your own internal time server 
> that is directly connected to a refclock (e.g., GPS, WWV/WWVB/CHU/DCF77, 
> ACTS) is probably the only option you're likely to have available to you.

There is one other option:

Use a serial line as the NTP interface, i.e. write a tiny program that 
goes around in a small loop, waking up for a little while (say up to 10 
ms each second), while running a maximum priority:

   while (1) {
     getcurrenttime(&sec, &ms);
     /* Sleep until we're close to the end of the second: */
     if (ms < 990)
       sleep(990 - ms);

     /* Start a tight loop waiting until the second ticks over: */
     do {
       prev_ms = ms;
       getcurrenttime(&sec, &ms);
     } while (ms >= prev_ms);

     /* We have just ticked over, send the current time as a (fake)
         radio clock signal, any of the PARSE clocks can be used.
      */
     len = format_time(&buf, sec);
     /* Send it out on a serial/tty port: */
     write(ttyfd, buf, len);
   }

I.e. with this approach there is only a one-way serial connection 
between a single externally-connected machine (running full NTPD) and 
one system on the inside of the disconnected/secure network, with no 
possibility of using that connection to take over the internal net. To 
be extra safe, remove all lines from the serial cable except ground and 
transmit. :-)

An optional tweak would be to toggle a modem control line on top of the 
second, so as to emulate a PPS source for the internal systems, but just 
using the serial signal is probably enough.

Terje

-- 
- <Terje.Mathisen at hda.hydro.com>
"almost all programming can be viewed as an exercise in caching"



More information about the questions mailing list