I've now developed a set of changes to get rid of some of those system.log messages that have been bugging me. These are the result of my research (i.e., lots of googling) and suggestions in the reply to my ntpd bug report (bug 2712).
1. /usr/libexec/ntpd-wrapper
Change:
for server in $(awk '/^server/ {print $2}' /etc/ntp.conf); do
if sntp -v -r -P no -l /var/run/sntp.pid ${server} &> ${LOG}; then
to:
for server in $(awk '/^server/ {print $NF}' /etc/ntp.conf); do
if sntp -K /dev/null -s ${server} &> ${LOG}; then
This was discussed earlier to use the proper call to sntp to remove the -v error report in the system.log and to make the call actually work.
2. /private/etc/ntp-restrict.conf
Change:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
to:
restrict default kod limited nomodify notrap nopeer noquery
restrict -6 default kod limited nomodify notrap nopeer noquery
Adding "limited" to the restrict command gets rid of the "restrict default: KOD does nothing without LIMITED" system.log messages.
Add the following line to ntp-restrict.conf (anywhere -- I stuck it at the end):
# Supppres mlockall() use (and resulting system.log messages) since it is not
# implemented in OSX
rlimit memlock 0
Adding rlimit memlock 0 causes ntpd to not try to lock pages. This will cause ntpd to not try to use mlockall() and thus not report "mlockall(): Function not implemented" messages to the system.log.
Alternatively, instead of adding the rlimit line you could edit confg.h in the ntp sources (after the configure is done of course). Either remove the #define HAVE_MLOCKALL or add a #undef HAVE_MLOCKALL after it. With HAVE_MLOCKALL undefined, the ntpd/ntpd.c code using mlockall() is not included and thus again this will avoid the system.log messages.
With these changes, here's what I now see in my system.log when I toggle ntpd off and on via the Date&Time system preferences (I was using ntpd 4.2.8p1-beta2 here, yes, yet another beta):
Dec 29 13:17:10 xxxx ntpd[13300]: ntpd 4.2.8p1-beta2@1.3265-o Mon Dec 29 20:06:09 UTC 2014 (5): Starting
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: ntpd 4.2.8p1-beta2@1.3265-o Mon Dec 29 20:06:09 UTC 2014 (5): Starting
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Command line: /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift
Dec 29 13:17:10 xxxx ntpd[13300]: proto: fuzz beneath 0.077 usec
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: proto: precision = 1.000 usec (-20)
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: proto: fuzz beneath 0.077 usec
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen and drop on 0 v6wildcard [::]:123
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen normally on 2 lo0 [::1]:123
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen normally on 3 lo0 [fe80::1%1]:123
Dec 29 13:17:10 xxxx ntpd[13300]: setsockopt IPV6_MULTICAST_IF 0 for fe80::1%1 fails: Can't assign requested address
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: setsockopt IPV6_MULTICAST_IF 0 for fe80::1%1 fails: Can't assign requested address
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen normally on 4 lo0 127.0.0.1:123
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen normally on 5 en0 192.168.1.68:123
Dec 29 13:17:10 xxxx ntpd[13300]: setsockopt IPV6_MULTICAST_IF 0 for fe80::ea06:88ff:fecd:4ae9%4 fails: Can't assign requested address
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listen normally on 6 en0 [fe80::ea06:88ff:fecd:4ae9%4]:123
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: setsockopt IPV6_MULTICAST_IF 0 for fe80::ea06:88ff:fecd:4ae9%4 fails: Can't assign requested address
Dec 29 13:17:10 xxxx org.ntp.ntpd[13300]: 29 Dec 13:17:10 ntpd[13300]: Listening on routing socket on fd #27 for interface updates
I am still seeing two ntpd processes and I am sure now that the ntpd command in ntpd-wrapper is forking to produce a child ntpd process. The child only "lives" for a few minutes leaving just the parent. What's still bothering me about that is the ntpd call uses a -n argument which means "don't fork". So I submitted another Bugzilla report on that (bug 2718). We'll see what comes of that.
--
I've gotten a lot deeper into this ntp stuff than I ever wanted to. 😠