[Git][NTPsec/ntpsec][master] 2 commits: NTS: Tweaks to server accept failed message
Hal Murray
gitlab at mg.gitlab.com
Sat Mar 16 22:36:56 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
45f818e7 by Hal Murray at 2019-03-14T07:08:07Z
NTS: Tweaks to server accept failed message
- - - - -
bf3dfbe3 by Hal Murray at 2019-03-16T18:07:41Z
Fix for #577, DNS retry sloth
There is only one thread for DNS (and NTS-KE) work. If an attempt
was made while the thread was busy, it waited for the retry timer
rather than trying again as soon as the previous DNS work finished.
- - - - -
2 changed files:
- ntpd/ntp_proto.c
- ntpd/nts_server.c
Changes:
=====================================
ntpd/ntp_proto.c
=====================================
@@ -771,7 +771,11 @@ transmit(
if ((peer_associations <= 2 * sys_maxclock) &&
(peer_associations < sys_maxclock ||
sys_survivors < sys_minclock))
- if (!dns_probe(peer)) return;
+ if (!dns_probe(peer)) {
+ /* DNS thread busy, try again soon */
+ peer->nextdate = current_time;
+ return;
+ }
poll_update(peer, hpoll);
return;
}
@@ -779,7 +783,10 @@ transmit(
/* Does server need DNS or NTS lookup? */
if (peer->cfg.flags & FLAG_LOOKUP) {
peer->outdate = current_time;
- if (!dns_probe(peer)) return;
+ if (!dns_probe(peer)) {
+ peer->nextdate = current_time;
+ return;
+ }
poll_update(peer, hpoll);
return;
}
@@ -2376,8 +2383,15 @@ void dns_take_status(struct peer* peer, DNS_Status status) {
hpoll = 8;
break;
case DNS_temp:
+ /* DNS not working yet. ??
+ * Want to retry soon,
+ * but also want to avoid log clutter.
+ * Beware, Fedora 29 lies:
+ * What I expect to be temp (no Wifi)
+ * gets EAI_NONAME, Name or service not known
+ */
txt = "temp";
- hpoll += 1;
+ hpoll = 3;
break;
case DNS_error:
txt = "error";
=====================================
ntpd/nts_server.c
=====================================
@@ -132,10 +132,14 @@ void* nts_ke_listener(void* arg) {
SSL_set_fd(ssl, client);
if (SSL_accept(ssl) <= 0) {
- msyslog(LOG_ERR, "NTSs: SSL accept failed");
+ get_systime(&finish);
+ finish -= start;
+ msyslog(LOG_ERR, "NTSs: SSL accept from %s failed, %.3Lf sec",
+ sockporttoa((sockaddr_u *)&addr), lfptod(finish));
nts_log_ssl_error();
+ SSL_free(ssl);
close(client);
- nts_ke_serves_bad++;
+ nts_ke_serves_bad++;
continue;
}
msyslog(LOG_INFO, "NTSs: Using %s, %s (%d)",
@@ -163,6 +167,7 @@ bool nts_ke_request(SSL *ssl) {
/* buff is used for both read and write.
* RFC 4: servers must accept 1024
* cookies can be 104, 136, or 168 for IANA_AEAD_AES_SIV_CMAC_xxx
+ * 8*104 fits in 1K. With 168, we only get 5.
* 8*168 fits comfortably into 2K.
*/
uint8_t buff[2048];
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/b525ad6ad1172ac462aa7a8e69fa3a2b78c9a044...bf3dfbe30ad16b4d345dfe9d6c6d842d9321355f
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/b525ad6ad1172ac462aa7a8e69fa3a2b78c9a044...bf3dfbe30ad16b4d345dfe9d6c6d842d9321355f
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190316/5e6fed7b/attachment-0001.html>
More information about the vc
mailing list