[Git][NTPsec/ntpsec][master] 7 commits: Add time to debugging log message that scans MRU table

Hal Murray gitlab at mg.gitlab.com
Thu May 21 18:51:18 UTC 2020



Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
54167498 by Hal Murray at 2020-05-21T08:22:25-07:00
Add time to debugging log message that scans MRU table

- - - - -
59246d03 by Hal Murray at 2020-05-21T08:22:25-07:00
Tweak ntpq mru direct mode printout
The 3rd column now contains the time span

- - - - -
425f8480 by Hal Murray at 2020-05-21T08:22:25-07:00
Remove unused CTL_MAXAUTHSIZE

- - - - -
566d655e by Hal Murray at 2020-05-21T08:22:25-07:00
Add comment for time-step clearing MRU info.

- - - - -
2e3b2c95 by Hal Murray at 2020-05-21T08:22:25-07:00
Disable scanning/checking MRU list in mon_timer()
It takes too long - 2 seconds for the case I was interested in.
It hasn't found anything yet.  (No surprise.)

- - - - -
892fbb43 by Hal Murray at 2020-05-21T08:32:32-07:00
Defer loading certificate until after drop-root
This checks that file permissions are setup correctly
so ntpd will be able to reload the certificate.

- - - - -
159223e5 by Hal Murray at 2020-05-21T09:37:51-07:00
Fix ntpleapfetch to work with latest leap file.  #653

- - - - -


8 changed files:

- docs/includes/ntpleapfetch-body.adoc
- include/ntp_control.h
- ntpclients/ntpleapfetch
- ntpd/ntp_monitor.c
- ntpd/ntp_util.c
- ntpd/nts_server.c
- pylib/util.py
- tests/pylib/test_util.py


Changes:

=====================================
docs/includes/ntpleapfetch-body.adoc
=====================================
@@ -8,12 +8,12 @@
     [+-46+] [+-c+ 'command'] [+-e+ 'expiry'] [+-f+ 'config'] [+-F+] [+-h+]
 	[+-i+ 'interval'] [+-l+] [+L+] [+-p+ {4|6}] [+-P+ 'logfacility'] [+-q+]
 	[+-r+ 'retries'] [+-s+ 'source-url'] [+-t+ 'path'] [+-v+] [+-z+ 'path']
-	[+-Z+] ['leapfile'] [+-V+ | +--version+]
+	[+-Z+] ['leapfile'] [+-V+ | +--version+] [filename]
 
 == DESCRIPTION
 
 `ntpleapfetch` will validate the file currently on the local system and
-if necessary, updates leap second definition file.
+if necessary, update leap second definition file.
 
 Ordinarily, the file is found using the "leapfile" directive in
 _{ntpdconfman}_. However, an alternate location can be specified on the


=====================================
include/ntp_control.h
=====================================
@@ -34,12 +34,6 @@ struct ntp_control {
 #define	CTL_HEADER_LEN		(offsetof(struct ntp_control, data))
 #define	CTL_MAX_DATA_LEN	468
 
-
-/*
- * Limits and things
- */
-#define	CTL_MAXAUTHSIZE	64		/* maximum size of an authen'ed req */
-
 /*
  * Decoding for the r_m_e_op field
  */


=====================================
ntpclients/ntpleapfetch
=====================================
@@ -310,7 +310,7 @@ verifySHA1() {
     # or maybe a space and a tab.  remove the tab, wherever it may be.  Add some 0x
     # so it can be run through printf to restore missing leading zeros.
     #
-    local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h//' -e's/ / 0x/g'`"
+    local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h/0x/' -e's/ / 0x/g'`"
     FSHA1=`printf '%08x%08x%08x%08x%08x' $FSHA1`
 
     if [ -n "$FSHA1" -a \( "$FSHA1" = "$DSHA1" \) ]; then


=====================================
ntpd/ntp_monitor.c
=====================================
@@ -11,6 +11,7 @@
 #include "ntp_io.h"
 #include "ntp_lists.h"
 #include "ntp_stdlib.h"
+#include "timespecops.h"
 
 /*
  * Record statistics based on source address, mode and version. The
@@ -481,13 +482,20 @@ ntp_monitor(
  * but this code is easy to write.
  *
  * We may want to do things like log piggy slots.
+ *
+ * model name      : Intel(R) Xeon(R) CPU E5-2630 0 @ 2.30GHz
+ * 19 May 11:58:05 ntpd[17475]: MON: Scanned 5439966 slots in 2.303
+ * That's too long for normal usage.  (Was #ifdef DEBUG)
  */
 void mon_timer(void) {
-#ifdef DEBUG
+#if 0
 	long int count = 0, hits = 0;
 	l_fp when = 0;
 	mon_entry *mon, *slot;
+	struct timespec start, finish;
+	float scan_time;
 
+	clock_gettime(CLOCK_REALTIME, &start);
 	for (	mon = TAIL_DLIST(mon_data.mon_mru_list, mru);
 		mon != NULL;
 		mon = PREV_DLIST(mon_data.mon_mru_list, mon, mru)) {
@@ -519,8 +527,11 @@ void mon_timer(void) {
 	  }
 	  when = mon->last;
 	}
+	clock_gettime(CLOCK_REALTIME, &finish);
+	scan_time = tspec_to_d(sub_tspec(finish, start));
 	if (count == (long)mon_data.mru_entries)
-	    msyslog(LOG_INFO, "MON: Scanned %ld slots", count);
+	    msyslog(LOG_INFO, "MON: Scanned %ld slots in %.3f",
+		count, scan_time);
 	else
 	    msyslog(LOG_ERR, "MON: Scan found %ld slots, expected %ld",
 		count, (long)mon_data.mru_entries);


=====================================
ntpd/ntp_util.c
=====================================
@@ -824,6 +824,12 @@ ntpd_time_stepped(void) {
 	/*
 	 * flush the monitor MRU list which contains l_fp timestamps
 	 * which should not be compared across the step.
+	 *
+	 * This is evil if you are using the MRU list to get a summary
+	 * of all your traffic.  But time-steps don't happen often on
+	 * servers with enough traffic to be interesting.
+	 *
+	 * If we get to logging MRU slots, we should log everything here.
 	 */
 	if (MON_OFF != mon_data.mon_enabled) {
 		mon_stop();


=====================================
ntpd/nts_server.c
=====================================
@@ -108,7 +108,6 @@ bool nts_server_init(void) {
 
 	ok &= nts_load_versions(server_ctx);
 	ok &= nts_load_ciphers(server_ctx);
-	ok &= nts_load_certificate(server_ctx);
 
 	if (!ok) {
 		msyslog(LOG_ERR, "NTSs: Disabling NTS-KE server");
@@ -132,6 +131,10 @@ bool nts_server_init2(void) {
 	int rc;
 	char errbuf[100];
 
+	if (!nts_load_certificate(server_ctx)) {
+		return false;
+	}
+
 	sigfillset(&block_mask);
 	pthread_sigmask(SIG_BLOCK, &block_mask, &saved_sig_mask);
 	if (listener4_sock != -1) {


=====================================
pylib/util.py
=====================================
@@ -1237,28 +1237,28 @@ class MRUSummary:
     header = " lstint avgint rstr r m v  count    score   drop rport remote address"
 
     def summary(self, entry):
+        first = ntp.ntpc.lfptofloat(entry.first)
         last = ntp.ntpc.lfptofloat(entry.last)
+        active = float(last - first)
+        count = int(entry.ct)
         if self.now:
             lstint = int(self.now - last + 0.5)
             stats = "%7d" % lstint
+            if count == 1:
+                favgint = 0
+            else:
+                favgint = active / (count-1)
+            avgint = int(favgint + 0.5)
+            if 5.0 < favgint or 1 == count:
+                stats += " %6d" % avgint
+            elif 1.0 <= favgint:
+                stats += " %6.2f" % favgint
+            else:
+                stats += " %6.3f" % favgint
         else:
-            # direct mode doesn't have a reference time
             MJD_1970 = 40587     # MJD for 1 Jan 1970, Unix epoch
             days, lstint = divmod(int(last), 86400)
-            stats = "%5d %5d" % (days + MJD_1970, lstint)
-        first = ntp.ntpc.lfptofloat(entry.first)
-        active = float(last - first)
-        if entry.ct == 1:
-            favgint = 0
-        else:
-            favgint = active / (entry.ct-1)
-        avgint = int(favgint + 0.5)
-        if 5.0 < favgint or 1 == entry.ct:
-            stats += " %6d" % avgint
-        elif 1.0 <= favgint:
-            stats += " %6.2f" % favgint
-        else:
-            stats += " %6.3f" % favgint
+            stats = "%5d %5d %6d" % (days + MJD_1970, lstint, active)
         if entry.rs & ntp.magic.RES_KOD:
             rscode = 'K'
         elif entry.rs & ntp.magic.RES_LIMITED:


=====================================
tests/pylib/test_util.py
=====================================
@@ -952,7 +952,7 @@ class TestPylibUtilMethods(unittest.TestCase):
                                          "foo.bar.com", ("1.2.3.4", 42))]]
             cdns_jig_returns = ["foo.com"]
             self.assertEqual(cls.summary(ent),
-                             "64730 23808   4.00   20 L 7 2     65"
+                             "64730 23808    256   20 L 7 2     65"
                              "        -      -    42 foo.com")
             # Test summary, third options
             mycache._cache = {}



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/d351a2f23446626bf271f34bda1bd6b0ccbc3ba8...159223e510473141ffc3d52bce6795bc09711d91

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/d351a2f23446626bf271f34bda1bd6b0ccbc3ba8...159223e510473141ffc3d52bce6795bc09711d91
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20200521/22a2799f/attachment-0001.htm>


More information about the vc mailing list