[Git][NTPsec/ntpsec][master] 7 commits: Add time to debugging log message that scans MRU table
Hal Murray
gitlab at mg.gitlab.com
Thu May 21 18:51:18 UTC 2020
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
54167498 by Hal Murray at 2020-05-21T08:22:25-07:00
Add time to debugging log message that scans MRU table
- - - - -
59246d03 by Hal Murray at 2020-05-21T08:22:25-07:00
Tweak ntpq mru direct mode printout
The 3rd column now contains the time span
- - - - -
425f8480 by Hal Murray at 2020-05-21T08:22:25-07:00
Remove unused CTL_MAXAUTHSIZE
- - - - -
566d655e by Hal Murray at 2020-05-21T08:22:25-07:00
Add comment for time-step clearing MRU info.
- - - - -
2e3b2c95 by Hal Murray at 2020-05-21T08:22:25-07:00
Disable scanning/checking MRU list in mon_timer()
It takes too long - 2 seconds for the case I was interested in.
It hasn't found anything yet. (No surprise.)
- - - - -
892fbb43 by Hal Murray at 2020-05-21T08:32:32-07:00
Defer loading certificate until after drop-root
This checks that file permissions are setup correctly
so ntpd will be able to reload the certificate.
- - - - -
159223e5 by Hal Murray at 2020-05-21T09:37:51-07:00
Fix ntpleapfetch to work with latest leap file. #653
- - - - -
8 changed files:
- docs/includes/ntpleapfetch-body.adoc
- include/ntp_control.h
- ntpclients/ntpleapfetch
- ntpd/ntp_monitor.c
- ntpd/ntp_util.c
- ntpd/nts_server.c
- pylib/util.py
- tests/pylib/test_util.py
Changes:
=====================================
docs/includes/ntpleapfetch-body.adoc
=====================================
@@ -8,12 +8,12 @@
[+-46+] [+-c+ 'command'] [+-e+ 'expiry'] [+-f+ 'config'] [+-F+] [+-h+]
[+-i+ 'interval'] [+-l+] [+L+] [+-p+ {4|6}] [+-P+ 'logfacility'] [+-q+]
[+-r+ 'retries'] [+-s+ 'source-url'] [+-t+ 'path'] [+-v+] [+-z+ 'path']
- [+-Z+] ['leapfile'] [+-V+ | +--version+]
+ [+-Z+] ['leapfile'] [+-V+ | +--version+] [filename]
== DESCRIPTION
`ntpleapfetch` will validate the file currently on the local system and
-if necessary, updates leap second definition file.
+if necessary, update leap second definition file.
Ordinarily, the file is found using the "leapfile" directive in
_{ntpdconfman}_. However, an alternate location can be specified on the
=====================================
include/ntp_control.h
=====================================
@@ -34,12 +34,6 @@ struct ntp_control {
#define CTL_HEADER_LEN (offsetof(struct ntp_control, data))
#define CTL_MAX_DATA_LEN 468
-
-/*
- * Limits and things
- */
-#define CTL_MAXAUTHSIZE 64 /* maximum size of an authen'ed req */
-
/*
* Decoding for the r_m_e_op field
*/
=====================================
ntpclients/ntpleapfetch
=====================================
@@ -310,7 +310,7 @@ verifySHA1() {
# or maybe a space and a tab. remove the tab, wherever it may be. Add some 0x
# so it can be run through printf to restore missing leading zeros.
#
- local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h//' -e's/ / 0x/g'`"
+ local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h/0x/' -e's/ / 0x/g'`"
FSHA1=`printf '%08x%08x%08x%08x%08x' $FSHA1`
if [ -n "$FSHA1" -a \( "$FSHA1" = "$DSHA1" \) ]; then
=====================================
ntpd/ntp_monitor.c
=====================================
@@ -11,6 +11,7 @@
#include "ntp_io.h"
#include "ntp_lists.h"
#include "ntp_stdlib.h"
+#include "timespecops.h"
/*
* Record statistics based on source address, mode and version. The
@@ -481,13 +482,20 @@ ntp_monitor(
* but this code is easy to write.
*
* We may want to do things like log piggy slots.
+ *
+ * model name : Intel(R) Xeon(R) CPU E5-2630 0 @ 2.30GHz
+ * 19 May 11:58:05 ntpd[17475]: MON: Scanned 5439966 slots in 2.303
+ * That's too long for normal usage. (Was #ifdef DEBUG)
*/
void mon_timer(void) {
-#ifdef DEBUG
+#if 0
long int count = 0, hits = 0;
l_fp when = 0;
mon_entry *mon, *slot;
+ struct timespec start, finish;
+ float scan_time;
+ clock_gettime(CLOCK_REALTIME, &start);
for ( mon = TAIL_DLIST(mon_data.mon_mru_list, mru);
mon != NULL;
mon = PREV_DLIST(mon_data.mon_mru_list, mon, mru)) {
@@ -519,8 +527,11 @@ void mon_timer(void) {
}
when = mon->last;
}
+ clock_gettime(CLOCK_REALTIME, &finish);
+ scan_time = tspec_to_d(sub_tspec(finish, start));
if (count == (long)mon_data.mru_entries)
- msyslog(LOG_INFO, "MON: Scanned %ld slots", count);
+ msyslog(LOG_INFO, "MON: Scanned %ld slots in %.3f",
+ count, scan_time);
else
msyslog(LOG_ERR, "MON: Scan found %ld slots, expected %ld",
count, (long)mon_data.mru_entries);
=====================================
ntpd/ntp_util.c
=====================================
@@ -824,6 +824,12 @@ ntpd_time_stepped(void) {
/*
* flush the monitor MRU list which contains l_fp timestamps
* which should not be compared across the step.
+ *
+ * This is evil if you are using the MRU list to get a summary
+ * of all your traffic. But time-steps don't happen often on
+ * servers with enough traffic to be interesting.
+ *
+ * If we get to logging MRU slots, we should log everything here.
*/
if (MON_OFF != mon_data.mon_enabled) {
mon_stop();
=====================================
ntpd/nts_server.c
=====================================
@@ -108,7 +108,6 @@ bool nts_server_init(void) {
ok &= nts_load_versions(server_ctx);
ok &= nts_load_ciphers(server_ctx);
- ok &= nts_load_certificate(server_ctx);
if (!ok) {
msyslog(LOG_ERR, "NTSs: Disabling NTS-KE server");
@@ -132,6 +131,10 @@ bool nts_server_init2(void) {
int rc;
char errbuf[100];
+ if (!nts_load_certificate(server_ctx)) {
+ return false;
+ }
+
sigfillset(&block_mask);
pthread_sigmask(SIG_BLOCK, &block_mask, &saved_sig_mask);
if (listener4_sock != -1) {
=====================================
pylib/util.py
=====================================
@@ -1237,28 +1237,28 @@ class MRUSummary:
header = " lstint avgint rstr r m v count score drop rport remote address"
def summary(self, entry):
+ first = ntp.ntpc.lfptofloat(entry.first)
last = ntp.ntpc.lfptofloat(entry.last)
+ active = float(last - first)
+ count = int(entry.ct)
if self.now:
lstint = int(self.now - last + 0.5)
stats = "%7d" % lstint
+ if count == 1:
+ favgint = 0
+ else:
+ favgint = active / (count-1)
+ avgint = int(favgint + 0.5)
+ if 5.0 < favgint or 1 == count:
+ stats += " %6d" % avgint
+ elif 1.0 <= favgint:
+ stats += " %6.2f" % favgint
+ else:
+ stats += " %6.3f" % favgint
else:
- # direct mode doesn't have a reference time
MJD_1970 = 40587 # MJD for 1 Jan 1970, Unix epoch
days, lstint = divmod(int(last), 86400)
- stats = "%5d %5d" % (days + MJD_1970, lstint)
- first = ntp.ntpc.lfptofloat(entry.first)
- active = float(last - first)
- if entry.ct == 1:
- favgint = 0
- else:
- favgint = active / (entry.ct-1)
- avgint = int(favgint + 0.5)
- if 5.0 < favgint or 1 == entry.ct:
- stats += " %6d" % avgint
- elif 1.0 <= favgint:
- stats += " %6.2f" % favgint
- else:
- stats += " %6.3f" % favgint
+ stats = "%5d %5d %6d" % (days + MJD_1970, lstint, active)
if entry.rs & ntp.magic.RES_KOD:
rscode = 'K'
elif entry.rs & ntp.magic.RES_LIMITED:
=====================================
tests/pylib/test_util.py
=====================================
@@ -952,7 +952,7 @@ class TestPylibUtilMethods(unittest.TestCase):
"foo.bar.com", ("1.2.3.4", 42))]]
cdns_jig_returns = ["foo.com"]
self.assertEqual(cls.summary(ent),
- "64730 23808 4.00 20 L 7 2 65"
+ "64730 23808 256 20 L 7 2 65"
" - - 42 foo.com")
# Test summary, third options
mycache._cache = {}
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/d351a2f23446626bf271f34bda1bd6b0ccbc3ba8...159223e510473141ffc3d52bce6795bc09711d91
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/d351a2f23446626bf271f34bda1bd6b0ccbc3ba8...159223e510473141ffc3d52bce6795bc09711d91
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20200521/22a2799f/attachment-0001.htm>
More information about the vc
mailing list