More cookie keys
halmurray at sonic.net
Sun Dec 18 07:34:08 UTC 2022
I just pushed code to save 10 NTS keys used to make cookies.
That will let clients that only probe once a day work without
going back to NTS-KE to get new cookies.
I don't expect troubles, but please test.
The old code only saved 2 keys, the current one and the previous one. Keys
are rotated every 24 hours. With one old key, cookies are guaranteed to be
valid for 24 hours. With 8 cookies, that works fine with a polling interval
of up to 24/8 or 3 hours. That's fine for normal ntpd operations but won't
work cleanly when a client does something like polling from a daily cron job.
2 new counters have been added to ntpq/ntsinfo
NTS decode cookies: 6080
NTS decode cookies old: 0
NTS decode cookies old2: 0
NTS decode cookies older: 0
NTS decode cookies too old: 0
The first slot is used for cookies using the current key -- less than 24 hours
The second slot is used for cookies that are 0-24 hours old. It's normal to
see that. If you have 8 cookies made with the current key and the server
makes a new key, then your cookies are now setup to use the previous key which
is the second slot.
The third slot is for cookies 24-48 hours old. The 4th slot is for cookies
that are 2-9 days old.
I've seen a few hits on the 24-48 hour slot in a pool server.
In case anybody is ever working in this area, you can change the #define
constant for making a new cookie every day to every hour.
These are my opinions. I hate spam.
More information about the devel