[Git][NTPsec/ntpsec][master] First statistics for NTS
Hal Murray
gitlab at mg.gitlab.com
Wed Feb 20 13:04:21 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
164e325b by Hal Murray at 2019-02-20T11:39:26Z
First statistics for NTS
- - - - -
7 changed files:
- include/nts.h
- ntpclients/ntpq.py
- ntpd/ntp_control.c
- ntpd/ntp_extens.c
- ntpd/nts.c
- ntpd/nts_client.c
- ntpd/nts_server.c
Changes:
=====================================
include/nts.h
=====================================
@@ -192,8 +192,14 @@ uint16_t nts_next_uint16(BufCtl* buf);
uint16_t nts_next_bytes(BufCtl* buf, uint8_t *data, int length);
/* NTS-related system variables */
-extern int ntskeyfetches;
-extern int ntsvalidations;
-extern int ntsdecorations;
+uint64_t nts_client_send;
+uint64_t nts_client_recv;
+uint64_t nts_client_recv_bad;
+uint64_t nts_server_send;
+uint64_t nts_server_recv;
+uint64_t nts_server_recv_bad;
+uint64_t nts_server_recv_bad;
+uint64_t nts_ke_serves;
+uint64_t nts_ke_probes;
#endif /* GUARD_NTS_H */
=====================================
ntpclients/ntpq.py
=====================================
@@ -1490,9 +1490,14 @@ usage: authinfo
def do_ntsinfo(self, _line):
"display NTS authentication counters"
ntsinfo = (
- ("ntskeyfetches", "NTS key fetches: ", NTP_INT),
- ("ntsvalidations", "NTS validations: ", NTP_INT),
- ("ntsdecorations", "NTS decorations: ", NTP_INT),
+ ("nts_client_send", "NTS client sends: ", NTP_INT),
+ ("nts_client_recv", "NTS client recvs: ", NTP_INT),
+ ("nts_client_recv_bad", "NTS client recvs w error: ", NTP_INT),
+ ("nts_server_send", "NTS server sends: ", NTP_INT),
+ ("nts_server_recv", "NTS server recvs: ", NTP_INT),
+ ("nts_server_recv_bad", "NTS server recvs w error: ", NTP_INT),
+ ("nts_ke_serves", "NTS KE serves: ", NTP_INT),
+ ("nts_ke_probes", "NTS KE probes: ", NTP_INT),
)
self.collect_display(associd=0, variables=ntsinfo, decodestatus=False)
=====================================
ntpd/ntp_control.c
=====================================
@@ -343,13 +343,23 @@ static const struct ctl_var sys_var[] = {
{ CS_AUTHCMACFAIL, RO, "authcmacfails" },
#define CS_K_LOCKCLOCK 105
{ CS_K_LOCKCLOCK, RO, "lockclock" },
-#define CS_NTSKEYFETCHES 106
- { CS_NTSKEYFETCHES, RO, "ntskeyfetches" },
-#define CS_NTSVALIDATIONS 107
- { CS_NTSVALIDATIONS, RO, "ntsvalidations" },
-#define CS_NTSDECORATIONS 108
- { CS_NTSDECORATIONS, RO, "ntsdecorations" },
-#define CS_MAXCODE CS_NTSDECORATIONS
+#define CS_nts_client_send 106
+ { CS_nts_client_send, RO, "nts_client_send" },
+#define CS_nts_client_recv 107
+ { CS_nts_client_recv, RO, "nts_client_recv" },
+#define CS_nts_client_recv_bad 108
+ { CS_nts_client_recv_bad, RO, "nts_client_recv_bad" },
+#define CS_nts_server_send 109
+ { CS_nts_server_send, RO, "nts_server_send" },
+#define CS_nts_server_recv 110
+ { CS_nts_server_recv, RO, "nts_server_recv" },
+#define CS_nts_server_recv_bad 111
+ { CS_nts_server_recv_bad, RO, "nts_server_recv_bad" },
+#define CS_nts_ke_serves 112
+ { CS_nts_ke_serves, RO, "nts_ke_serves" },
+#define CS_nts_ke_probes 113
+ { CS_nts_ke_probes, RO, "nts_ke_probes" },
+#define CS_MAXCODE CS_nts_ke_probes
{ 0, EOV, "" }
};
@@ -1929,16 +1939,36 @@ ctl_putsys(
sys_vars.sys_rootdist * MS_PER_S);
break;
- case CS_NTSKEYFETCHES:
- ctl_putuint(sys_var[varid].text, ntskeyfetches);
+ case CS_nts_client_send:
+ ctl_putuint(sys_var[varid].text, nts_client_send);
break;
- case CS_NTSVALIDATIONS:
- ctl_putuint(sys_var[varid].text, ntsvalidations);
+ case CS_nts_client_recv:
+ ctl_putuint(sys_var[varid].text, nts_client_recv);
break;
- case CS_NTSDECORATIONS:
- ctl_putuint(sys_var[varid].text, ntsdecorations);
+ case CS_nts_client_recv_bad:
+ ctl_putuint(sys_var[varid].text, nts_client_recv_bad);
+ break;
+
+ case CS_nts_server_send:
+ ctl_putuint(sys_var[varid].text, nts_server_send);
+ break;
+
+ case CS_nts_server_recv:
+ ctl_putuint(sys_var[varid].text, nts_server_recv);
+ break;
+
+ case CS_nts_server_recv_bad:
+ ctl_putuint(sys_var[varid].text, nts_server_recv_bad);
+ break;
+
+ case CS_nts_ke_serves:
+ ctl_putuint(sys_var[varid].text, nts_ke_serves);
+ break;
+
+ case CS_nts_ke_probes:
+ ctl_putuint(sys_var[varid].text, nts_ke_probes);
break;
default:
=====================================
ntpd/ntp_extens.c
=====================================
@@ -30,14 +30,14 @@
#define NTP_EX_U16_LNG 2
/* Statistics */
-uint64_t client_extens_sent = 0;
-uint64_t client_extens_xtra = 0;
-uint64_t client_extens_recv = 0;
-uint64_t client_extens_recv_good = 0;
-uint64_t server_extens_sent = 0;
-uint64_t server_extens_xtra = 0;
-uint64_t server_extens_recv = 0;
-uint64_t server_extens_recv_good = 0;
+uint64_t nts_client_send = 0;
+uint64_t nts_client_recv = 0;
+uint64_t nts_client_recv_bad = 0;
+uint64_t nts_server_send = 0;
+uint64_t nts_server_recv = 0;
+uint64_t nts_server_recv_bad = 0;
+uint64_t nts_ke_serves = 0;
+uint64_t nts_ke_probes = 0;
enum NtpExtFieldType {
Unique_Identifier = 10,
@@ -113,7 +113,7 @@ int extens_client_send(struct peer *peer, struct pkt *xpkt) {
buf.left -= left;
used = buf.next-xpkt->exten;
- client_extens_sent++;
+ nts_client_send++;
return used;
}
@@ -123,7 +123,8 @@ bool extens_server_recv(struct ntspacket_t *ntspacket, uint8_t *pkt, int lng) {
int noncelen, cmaclen;
bool sawcookie, sawAEEF;
- server_extens_recv++;
+ nts_server_recv++;
+ nts_server_recv_bad++; /* assume bad, undo if OK */
buf.next = pkt+LEN_PKT_NOMAC;
buf.left = lng-LEN_PKT_NOMAC;
@@ -222,7 +223,7 @@ bool extens_server_recv(struct ntspacket_t *ntspacket, uint8_t *pkt, int lng) {
// printf("ESRx: %d, %d, %d\n",
// lng-LEN_PKT_NOMAC, ntspacket->needed, ntspacket->keylen);
ntspacket->valid = true;
- server_extens_recv_good++;
+ nts_server_recv_bad--;
return true;
}
@@ -303,7 +304,7 @@ int extens_server_send(struct ntspacket_t *ntspacket, struct pkt *xpkt) {
// printf("ESSx: %lu, %d\n", (long unsigned)left, used);
- server_extens_sent++;
+ nts_server_send++;
return used;
}
@@ -312,7 +313,8 @@ bool extens_client_recv(struct peer *peer, uint8_t *pkt, int lng) {
int idx;
bool sawAEEF = false;
- client_extens_recv++;
+ nts_client_recv++;
+ nts_client_recv_bad++; /* assume bad, undo if OK */
buf.next = pkt+LEN_PKT_NOMAC;
buf.left = lng-LEN_PKT_NOMAC;
@@ -394,7 +396,7 @@ bool extens_client_recv(struct peer *peer, uint8_t *pkt, int lng) {
// peer->nts_state.writeIdx, peer->nts_state.readIdx);
if (!sawAEEF)
return false;
- client_extens_recv_good++;
+ nts_client_recv_bad--;
return true;
}
/* end */
=====================================
ntpd/nts.c
=====================================
@@ -30,10 +30,6 @@ struct ntsconfig_t ntsconfig = {
.ca = NULL
};
-int ntskeyfetches;
-int ntsvalidations;
-int ntsdecorations;
-
/* By design, there is no per-client-side state on the server */
/*
@@ -110,7 +106,6 @@ int nts_validate(const struct ntscfg_t *cfg, struct ntsclient_t *state,
UNUSED_ARG(cfg);
UNUSED_ARG(pkt);
UNUSED_ARG(state);
- ntsvalidations++;
return 0;
}
@@ -127,7 +122,6 @@ int nts_decorate(const struct ntscfg_t *cfg, struct ntsclient_t *state,
UNUSED_ARG(extdata);
UNUSED_ARG(extlen);
UNUSED_ARG(state);
- ntsdecorations++;
return 0;
}
=====================================
ntpd/nts_client.c
=====================================
@@ -32,7 +32,6 @@ bool nts_set_cert_search(SSL_CTX *ctx);
bool nts_client_build_request(struct peer* peer, SSL *ssl);
bool nts_client_process_response(struct peer* peer, SSL *ssl);
-
SSL_CTX *client_ctx = NULL;
// Fedora 29: 0x1010101fL 1.1.1a
@@ -98,6 +97,8 @@ bool nts_probe(struct peer * peer) {
if (NULL == client_ctx)
return false;
+ nts_ke_probes++;
+
server = open_TCP_socket(peer->hostname);
if (-1 == server)
return false;
@@ -371,7 +372,6 @@ bool nts_client_process_response(struct peer* peer, SSL *ssl) {
peer->nts_state.writeIdx++;
peer->nts_state.writeIdx = peer->nts_state.writeIdx % NTS_MAX_COOKIES;
peer->nts_state.count++;
- ntskeyfetches++;
break;
case nts_end_of_message:
if ((0 != length) || !critical) {
=====================================
ntpd/nts_server.c
=====================================
@@ -116,6 +116,7 @@ void* nts_ke_listener(void* arg) {
msyslog(LOG_ERR, "NTSs: TCP accept failed: %m");
continue;
}
+ nts_ke_serves++;
msyslog(LOG_INFO, "NTSs: TCP accept-ed from %s",
socktoa((sockaddr_u *)&addr));
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/164e325b246640cd6305776ed5d0f2a826a03ea4
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/164e325b246640cd6305776ed5d0f2a826a03ea4
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190220/5309640c/attachment-0001.html>
More information about the vc
mailing list