MR 1208

Hal Murray hmurray at megapathdsl.net
Fri Feb 5 10:42:38 UTC 2021


devel at ntpsec.org said:
> 1208. I stripped out all handling of the netlink socket and fixed around the
> breaks I found. This would reduce NTPsec w/ NTS and IPv4/6 to 5 sockets. They
> are UDP4, UPD6, TCP4, TCP6, and netlink which only spuriously trigger DNS
> retries.

I scanned the patch file and didn't see what I was looking for.  But it's 3K 
lines so I could easily have missed it.

How much testing have you done?  I expect the easy cases will work.  Did you 
test anything complicated?

It takes more than one interface to generate the complicated cases.  The 
server side needs to use the dest address from the request as the source 
address on the reply.  The client side needs to check that the packet came to 
the correct dest address.  That's the code I didn't see.  The old code with a 
socket per interface let the kernel do that work.  With only one interface, 
you can't get it wrong.

To test that, you have to do something to make the packet arrive on the wrong 
interface.

-----------

At least on some OSes, you can get one socket that covers both IPv4 and IPv6.  
Maybe that's only for TCP.  Mumble.  I had to set some magic flag in order to 
get both NTS listeners to work.  The second listener on a second thread seemed 
like a simple way to get some multi-threading.

Your "spuriously trigger DNS retries" path is important.  It handles the case 
where ntpd gets started before the link to the outside world is up and all the 
DNS lookups fail.  It doesn't catch all the cases, but it got at least one.  
It won't recover from something like a home router being slow to start after a 
power fail, maybe because the owner didn't poke the power button until late in 
the recovery game.  I think the case it did catch involved WiFi.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list