More cookie keys

Hal Murray halmurray at
Sun Dec 18 07:34:08 UTC 2022

I just pushed code to save 10 NTS keys used to make cookies.

That will let clients that only probe once a day work without
going back to NTS-KE to get new cookies.

I don't expect troubles, but please test.

The old code only saved 2 keys, the current one and the previous one.  Keys 
are rotated every 24 hours.  With one old key, cookies are guaranteed to be 
valid for 24 hours.  With 8 cookies, that works fine with a polling interval 
of up to 24/8 or 3 hours.  That's fine for normal ntpd operations but won't 
work cleanly when a client does something like polling from a daily cron job.

2 new counters have been added to ntpq/ntsinfo

NTS decode cookies:                  6080
NTS decode cookies old:                 0
NTS decode cookies old2:                0
NTS decode cookies older:               0
NTS decode cookies too old:             0

The first slot is used for cookies using the current key -- less than 24 hours 
The second slot is used for cookies that are 0-24 hours old.  It's normal to 
see that.  If you have 8 cookies made with the current key and the server 
makes a new key, then your cookies are now setup to use the previous key which 
is the second slot.

The third slot is for cookies 24-48 hours old.  The 4th slot is for cookies 
that are 2-9 days old.

I've seen a few hits on the 24-48 hour slot in a pool server.

In case anybody is ever working in this area, you can change the #define 
constant for making a new cookie every day to every hour.

These are my opinions.  I hate spam.

More information about the devel mailing list