[Git][NTPsec/ntpsec][master] Add cookie count to the peer display for an NTS-secured connection.
Eric S. Raymond
gitlab at mg.gitlab.com
Wed Feb 20 14:39:22 UTC 2019
Eric S. Raymond pushed to branch master at NTPsec / ntpsec
Commits:
f6805de6 by Eric S. Raymond at 2019-02-20T14:25:54Z
Add cookie count to the peer display for an NTS-secured connection.
- - - - -
4 changed files:
- docs/includes/peerfmt.adoc
- ntpclients/ntpq.py
- ntpd/ntp_control.c
- pylib/util.py
Changes:
=====================================
docs/includes/peerfmt.adoc
=====================================
@@ -10,7 +10,8 @@ of the link:decode.html#peer[peer status word]
|+st+ |stratum
|+t+ |
+u+: unicast or manycast client,
-+l+: local (reference clock), +s+: symmetric (peer), server, +B+: broadcast server,
++l+: local (reference clock), +s+: symmetric (peer), server, +B+:
+broadcast server, 1-8 NTS unicast with this number of cookies stored.
|+when+ |sec/min/hr since last received packet
|+poll+ |poll interval (log~2~ s)
|+reach+ |reach shift register (octal)
=====================================
ntpclients/ntpq.py
=====================================
@@ -1064,19 +1064,20 @@ usage: cv [ assocID ] [ name=value[,...] ]
def do_pstats(self, line):
"show statistics for a peer"
pstats = (
- ("srcadr", "remote host: ", NTP_ADD),
- ("dstadr", "local address: ", NTP_ADD),
- ("timerec", "time last received: ", NTP_INT),
- ("timer", "time until next send:", NTP_INT),
- ("timereach", "reachability change: ", NTP_INT),
- ("sent", "packets sent: ", NTP_INT),
- ("received", "packets received: ", NTP_INT),
- ("badauth", "bad authentication: ", NTP_INT),
- ("bogusorg", "bogus origin: ", NTP_INT),
- ("oldpkt", "duplicate: ", NTP_INT),
- ("seldisp", "bad dispersion: ", NTP_INT),
- ("selbroken", "bad reference time: ", NTP_INT),
- ("candidate", "candidate order: ", NTP_INT),
+ ("srcadr", "remote host: ", NTP_ADD),
+ ("dstadr", "local address: ", NTP_ADD),
+ ("timerec", "time last received: ", NTP_INT),
+ ("timer", "time until next send: ", NTP_INT),
+ ("timereach", "reachability change: ", NTP_INT),
+ ("sent", "packets sent: ", NTP_INT),
+ ("received", "packets received: ", NTP_INT),
+ ("badauth", "bad authentication: ", NTP_INT),
+ ("bogusorg", "bogus origin: ", NTP_INT),
+ ("oldpkt", "duplicate: ", NTP_INT),
+ ("seldisp", "bad dispersion: ", NTP_INT),
+ ("selbroken", "bad reference time: ", NTP_INT),
+ ("candidate", "candidate order: ", NTP_INT),
+ ("ntscookies", "count of nts cookies: ", NTP_INT),
)
if not line:
self.warn("usage: pstats assocID\n")
=====================================
ntpd/ntp_control.c
=====================================
@@ -123,7 +123,7 @@ static const struct ctl_proc control_codes[] = {
/*
* System variable values. The array can be indexed by the variable
- * index to find the textual name.
+ * index to find the textual name. Mostly not order-senstive.
*/
static const struct ctl_var sys_var[] = {
{ 0, PADDING, "" },
@@ -329,6 +329,7 @@ static const struct ctl_var sys_var[] = {
#endif
#define CS_TICK 98
{ CS_TICK, RO, "tick" },
+ /* new in NTPsec */
#define CS_NUMCTLREQ 99
{ CS_NUMCTLREQ, RO, "ss_numctlreq" },
#define CS_ROOTDISTANCE 100
@@ -359,18 +360,18 @@ static const struct ctl_var sys_var[] = {
{ CS_nts_ke_serves, RO, "nts_ke_serves" },
#define CS_nts_ke_probes 113
{ CS_nts_ke_probes, RO, "nts_ke_probes" },
-#define CS_MAXCODE CS_nts_ke_probes
+#define CS_MAXCODE ((sizeof(sys_var)/sizeof(sys_var[0])) - 1)
{ 0, EOV, "" }
};
-/* LOCKCLOCK: should be above with other CS_K_xxx, but that requires big renumbering */
+/* This makes sys_vars partially order-sensitive */
#define CS_KERN_FIRST CS_K_OFFSET
#define CS_KERN_LAST CS_K_PPS_STBEXC
static struct ctl_var *ext_sys_var = NULL;
/*
- * Peer variable list
+ * Peer variable list. Not order-sensitive.
*/
static const struct ctl_var peer_var[] = {
{ 0, PADDING, "" },
@@ -472,13 +473,16 @@ static const struct ctl_var peer_var[] = {
{ CP_SELBROKEN, RO, "selbroken" },
#define CP_CANDIDATE 48
{ CP_CANDIDATE, RO, "candidate" },
+ /* new in NTPsec */
+#define CP_NTSCOOKIES 49
+ { CP_NTSCOOKIES, RO|DEF, "ntscookies" },
+#define CP_MAXCODE ((sizeof(peer_var)/sizeof(peer_var[0])) - 1)
{ 0, EOV, "" }
-#define CP_MAXCODE CP_CANDIDATE
};
#ifdef REFCLOCK
/*
- * Clock variable list
+ * Clock variable list. Not order-sensitive.
*/
static const struct ctl_var clock_var[] = {
{ 0, PADDING, "" },
@@ -2249,6 +2253,10 @@ ctl_putpeer(
ctl_putuint(peer_var[id].text, p->status);
break;
+ case CP_NTSCOOKIES:
+ ctl_putuint(peer_var[id].text, p->nts_state.count);
+ break;
+
default:
break;
}
=====================================
pylib/util.py
=====================================
@@ -984,6 +984,7 @@ class PeerSummary:
mode = 0
unreach = 0
xmt = 0
+ ntscookies = 0
now = time.time()
@@ -1085,6 +1086,8 @@ class PeerSummary:
elif name == "xmt":
# FIXME, xmt never used.
xmt = value
+ elif name == "ntscookies":
+ ntscookies = value
else:
# unknown name?
# line = " name=%s " % (name) # debug
@@ -1105,7 +1108,9 @@ class PeerSummary:
elif dstadr_refid == "POOL":
ptype = 'p' # pool
elif srcadr.startswith("224."):
- ptype = 'a' # manycastclient
+ ptype = 'a' # manycastclient (compatibility with Classic)
+ elif ntscookies != 0:
+ ptype = str(ntscookies)
else:
ptype = 'u' # unicast
elif hmode == ntp.magic.MODE_ACTIVE:
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/f6805de68dba3512927d948791dbcda1313c4aca
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/f6805de68dba3512927d948791dbcda1313c4aca
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190220/fb98c990/attachment-0001.html>
More information about the vc
mailing list