[Git][NTPsec/ntpsec][master] First cut at NTS statistics.

Tue Feb 19 15:18:05 UTC 2019

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
e25511e3 by Eric S. Raymond at 2019-02-19T15:17:05Z
First cut at NTS statistics.

- - - - -


5 changed files:

- include/nts.h
- ntpclients/ntpq.py
- ntpd/ntp_control.c
- ntpd/nts.c
- ntpd/nts_client.c


Changes:

=====================================
include/nts.h
=====================================
@@ -193,5 +193,9 @@ uint16_t nts_next_record(BufCtl* buf, int *length);
 uint16_t nts_next_uint16(BufCtl* buf);
 uint16_t nts_next_bytes(BufCtl* buf, uint8_t *data, int length);
 
+/* NTS-related system variables */
+extern int ntskeyfetches;
+extern int ntsvalidations;
+extern int ntsdecorations;
 
 #endif /* GUARD_NTS_H */


=====================================
ntpclients/ntpq.py
=====================================
@@ -1485,6 +1485,24 @@ function: display symmetric authentication counters
 usage: authinfo
 """)
 
+# FIXME: This table should move to ntpd
+#          so the answers track when ntpd is updated
+    def do_ntsinfo(self, _line):
+        "display NTS authentication counters"
+        ntsinfo = (
+            ("ntskeyfetches",      "NTS key fetches:         ", NTP_INT),
+            ("ntsvalidations",     "NTS validations:         ", NTP_INT),
+            ("ntsdecorations",     "NTS decorations:         ", NTP_INT),
+        )
+        self.collect_display(associd=0, variables=ntsinfo, decodestatus=False)
+
+    def help_ntsinfo(self):
+        self.say("""\
+function: display NTS authentication counters
+usage: ntsinfo
+""")
+
+
 # FIXME: This table should move to ntpd
 #          so the answers track when ntpd is updated
     def do_iostats(self, _line):


=====================================
ntpd/ntp_control.c
=====================================
@@ -26,6 +26,7 @@
 #include "lib_strbuf.h"
 #include "ntp_syscall.h"
 #include "ntp_auth.h"
+#include "nts.h"
 #include "timespecops.h"
 
 /* undefine to suppress random tags and get fixed emission order */
@@ -231,7 +232,10 @@ static const struct ctl_proc control_codes[] = {
 #define CS_AUTHCMACFAIL		104
 /* Should be above with other CS_K_xxx, but that requires big renumbering */
 #define CS_K_LOCKCLOCK		105
-#define	CS_MAXCODE		CS_K_LOCKCLOCK
+#define CS_NTSKEYFETCHES	106
+#define	CS_NTSVALIDATIONS	107
+#define	CS_NTSDECORATIONS	108
+#define	CS_MAXCODE		CS_NTSDECORATIONS
 
 /*
  * Peer variables we understand
@@ -416,6 +420,9 @@ static const struct ctl_var sys_var[] = {
 	{ CS_AUTHCMACDECRYPT,	RO, "authcmacdecrypts" },	/* 103 */
 	{ CS_AUTHCMACFAIL,	RO, "authcmacfails" },		/* 104 */
 	{ CS_K_LOCKCLOCK,	RO, "lockclock" },		/* 105 */
+	{ CS_NTSKEYFETCHES,	RO, "ntskeyfetches" },		/* 106 */
+	{ CS_NTSVALIDATIONS,	RO, "ntsvalidations" },		/* 107 */
+	{ CS_NTSDECORATIONS,	RO, "ntsdecoratiuons" },	/* 108 */
 	{ 0,                    EOV, "" }
 };
 
@@ -2024,6 +2031,18 @@ ctl_putsys(
 			   sys_vars.sys_rootdist * MS_PER_S);
 		break;
 
+	case CS_NTSKEYFETCHES:
+		ctl_putuint(sys_var[varid].text, ntskeyfetches);
+		break;
+
+	case CS_NTSVALIDATIONS:
+		ctl_putuint(sys_var[varid].text, ntsvalidations);
+		break;
+
+	case CS_NTSDECORATIONS:
+		ctl_putuint(sys_var[varid].text, ntsdecorations);
+		break;
+
         default:
                 /* huh? */
                 break;


=====================================
ntpd/nts.c
=====================================
@@ -30,6 +30,10 @@ struct ntsconfig_t ntsconfig = {
   .ca = NULL
 };
 
+int ntskeyfetches;
+int ntsvalidations;
+int ntsdecorations;
+
 /* By design, there is no per-client-side state on the server */
 
 /*
@@ -106,6 +110,7 @@ int nts_validate(const struct ntscfg_t *cfg, struct ntsclient_t *state,
 	UNUSED_ARG(cfg);
 	UNUSED_ARG(pkt);
 	UNUSED_ARG(state);
+	ntsvalidations++;
 	return 0;
 }
 
@@ -122,6 +127,7 @@ int nts_decorate(const struct ntscfg_t *cfg, struct ntsclient_t *state,
 	UNUSED_ARG(extdata);
 	UNUSED_ARG(extlen);
 	UNUSED_ARG(state);
+	ntsdecorations++;
 	return 0;
 }
 


=====================================
ntpd/nts_client.c
=====================================
@@ -372,6 +372,7 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
         peer->nts_state.valid[idx] = true;
         peer->nts_state.writeIdx++;
         peer->nts_state.count++;
+	ntskeyfetches++;
         break;
       case nts_end_of_message:
         if ((0 != length) || !critical) {



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/e25511e35302dadc69d43865cf9a900948e6d454

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/e25511e35302dadc69d43865cf9a900948e6d454
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190219/61ac6fcf/attachment-0001.html>
