[Git][NTPsec/ntpsec][master] 8 commits: Add CPU usage to NTS-KE log message
Hal Murray
gitlab at mg.gitlab.com
Sat Jan 2 00:43:20 UTC 2021
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
2f9cdbb6 by Hal Murray at 2021-01-01T16:36:00-08:00
Add CPU usage to NTS-KE log message
Not supported on NetBSD
- - - - -
c08795af by Hal Murray at 2021-01-01T16:36:00-08:00
Don't build libaes_siv if --disable-nts
It used to build and then get ignored
This means it doesn't have to build on old systems.
- - - - -
9f96d2c4 by Hal Murray at 2021-01-01T16:36:00-08:00
Add OpenSSL version to printout
- - - - -
4810ab4e by Hal Murray at 2021-01-01T16:36:00-08:00
Tweaks to ntsinfo
- - - - -
29d3b3a7 by Hal Murray at 2021-01-01T16:36:00-08:00
Add getpid() and gettiimeofday() to attic/clocks
- - - - -
c0e8ef2d by Hal Murray at 2021-01-01T16:36:00-08:00
Fix typo in subr name: check_aead=>check_alpn
- - - - -
8a0be7dc by Hal Murray at 2021-01-01T16:41:30-08:00
Update HOWTO-OpenSSL to 3.0.0 alpha9
- - - - -
e3557494 by Hal Murray at 2021-01-01T16:42:02-08:00
Add CLOCK_TAI to attic/clocks.c
- - - - -
7 changed files:
- HOWTO-OpenSSL
- attic/clocks.c
- attic/random.c
- ntpclients/ntpq.py
- ntpd/nts_client.c
- ntpd/nts_server.c
- wscript
Changes:
=====================================
HOWTO-OpenSSL
=====================================
@@ -21,10 +21,10 @@ for OpenSSL 1.1.1g
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
tar -xzf openssl-1.1.1g.tar.gz
cd openssl-1.1.1g
-for OpenSSL 3.0.0 alpha6
- wget https://www.openssl.org/source/openssl-3.0.0-alpha6.tar.gz
- tar -xzf openssl-3.0.0-alpha6.tar.gz
- cd openssl-3.0.0-alpha6
+for OpenSSL 3.0.0 alpha9
+ wget https://www.openssl.org/source/openssl-3.0.0-alpha9.tar.gz
+ tar -xzf openssl-3.0.0-alpha9.tar.gz
+ cd openssl-3.0.0-alpha9
# Check NOTES.PERL
# for CentOS, you need
=====================================
attic/clocks.c
=====================================
@@ -4,6 +4,10 @@
#include <stdint.h>
#include <stdio.h>
#include <time.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
struct table {
const int type;
@@ -29,20 +33,69 @@ struct table clocks [] = {
#endif
#ifdef CLOCK_BOOTTIME
{CLOCK_BOOTTIME, "CLOCK_BOOTTIME"},
+#endif
+#ifdef CLOCK_TAI
+ {CLOCK_TAI, "CLOCK_TAI"},
#endif
{0, NULL}
};
+static int getpid_average(void) {
+ int err;
+ struct timespec start, stop;
+ uint64_t sec, nanos;
+
+ err = clock_gettime(CLOCK_REALTIME, &start);
+ if (-1 == err) {
+ printf("clock_gettime(CLOCK_REALTIME) didn't work, err %d\n", errno);
+ return -1;
+ }
+
+ clock_gettime(CLOCK_REALTIME, &start);
+ for (int i = 0; i < BATCHSIZE; i++) {
+ getpid();
+ }
+ clock_gettime(CLOCK_REALTIME, &stop);
+
+ /* Beware of overflowing 32 bits. */
+ sec = (stop.tv_sec-start.tv_sec);
+ nanos = sec*BILLION + (stop.tv_nsec-start.tv_nsec);
+ return nanos/BATCHSIZE;
+
+}
+
+
+static int gettimeofday_average(void) {
+ int err;
+ struct timespec start, stop;
+ uint64_t sec, nanos;
+ struct timeval now;
+
+ err = clock_gettime(CLOCK_REALTIME, &start);
+ if (-1 == err) {
+ printf("clock_gettime(CLOCK_REALTIME) didn't work, err %d\n", errno);
+ return -1;
+ }
+
+ clock_gettime(CLOCK_REALTIME, &start);
+ for (int i = 0; i < BATCHSIZE; i++) {
+ gettimeofday(&now, NULL);
+ }
+ clock_gettime(CLOCK_REALTIME, &stop);
+
+ /* Beware of overflowing 32 bits. */
+ sec = (stop.tv_sec-start.tv_sec);
+ nanos = sec*BILLION + (stop.tv_nsec-start.tv_nsec);
+ return nanos/BATCHSIZE;
+
+}
+
+
/* This is the number of paired reads with no change in time. */
/* Hack: Making this global avoids returning more than one item. */
int dups;
-int do_res(int type, const char* name);
-int do_average(int type, const char* name);
-int do_fastest(int type, const char* name);
-int do_hist(int type, int fastest);
-
-int do_res(int type, const char* name) {
+static int do_res(int type, const char* name) {
int err;
struct timespec ts;
@@ -54,7 +107,7 @@ int do_res(int type, const char* name) {
return ts.tv_nsec;
}
-int do_average(int type, const char* name) {
+static int do_average(int type, const char* name) {
int err;
struct timespec start, stop;
uint64_t sec, nanos;
@@ -78,7 +131,7 @@ int do_average(int type, const char* name) {
}
-int do_fastest(int type, const char* name) {
+static int do_fastest(int type, const char* name) {
struct timespec start, stop;
uint64_t sec, nanos, fastest;
@@ -104,7 +157,7 @@ int do_fastest(int type, const char* name) {
return fastest;
}
-int do_hist(int type, int fastest) {
+static int do_hist(int type, int fastest) {
int nsPerBucket = NSPERBUCKET;
int i;
int delta, lines, toobig, hits, miss;
@@ -195,6 +248,12 @@ int main(int argc, char *argv[]) {
(void)argv;
printf(" res avg min dups CLOCK\n");
+ average = getpid_average();
+ printf(" %5d %s\n",
+ average, "getpid() [kernel call]");
+ average = gettimeofday_average();
+ printf(" 1000 %5d %s\n",
+ average, "gettimeofday() [usec]");
for (int i=0; (NULL != clocks[i].name); i++) {
res = do_res(clocks[i].type, clocks[i].name);
average = do_average(clocks[i].type, clocks[i].name);
=====================================
attic/random.c
=====================================
@@ -250,6 +250,7 @@ int main(int argc, char *argv[]) {
(void)argc; /* Squash unused warnings */
(void)argv;
+ printf("Running on %s\n", OPENSSL_VERSION_TEXT);
printf(" times in ns avg fastest lng\n");
average = getpid_average();
=====================================
ntpclients/ntpq.py
=====================================
@@ -1540,21 +1540,21 @@ usage: authinfo
def do_ntsinfo(self, _line):
"display NTS authentication counters"
ntsinfo = (
- ("nts_client_send", "NTS client sends: ", NTP_INT),
- ("nts_client_recv_good", "NTS client recvs good: ", NTP_INT),
- ("nts_client_recv_bad", "NTS client recvs w error: ", NTP_INT),
- ("nts_server_recv_good", "NTS server recvs good: ", NTP_INT),
- ("nts_server_recv_bad", "NTS server recvs w error: ", NTP_INT),
- ("nts_server_send", "NTS server sends: ", NTP_INT),
- ("nts_cookie_make", "NTS make cookies: ", NTP_INT),
- ("nts_cookie_decode", "NTS decode cookies: ", NTP_INT),
- ("nts_cookie_decode_old", "NTS decode cookies old: ", NTP_INT),
- ("nts_cookie_decode_too_old", "NTS decode cookies too old:", NTP_INT),
- ("nts_cookie_decode_error", "NTS decode cookies error: ", NTP_INT),
- ("nts_ke_probes_good", "NTS KE probes good: ", NTP_INT),
- ("nts_ke_probes_bad", "NTS KE probes_bad: ", NTP_INT),
- ("nts_ke_serves_good", "NTS KE serves good: ", NTP_INT),
- ("nts_ke_serves_bad", "NTS KE serves_bad: ", NTP_INT),
+ ("nts_client_send", "NTS client sends: ", NTP_UINT),
+ ("nts_client_recv_good", "NTS client recvs good: ", NTP_UINT),
+ ("nts_client_recv_bad", "NTS client recvs w error: ", NTP_UINT),
+ ("nts_server_recv_good", "NTS server recvs good: ", NTP_UINT),
+ ("nts_server_recv_bad", "NTS server recvs w error: ", NTP_UINT),
+ ("nts_server_send", "NTS server sends: ", NTP_UINT),
+ ("nts_cookie_make", "NTS make cookies: ", NTP_UINT),
+ ("nts_cookie_decode", "NTS decode cookies: ", NTP_UINT),
+ ("nts_cookie_decode_old", "NTS decode cookies old: ", NTP_UINT),
+ ("nts_cookie_decode_too_old", "NTS decode cookies too old:", NTP_UINT),
+ ("nts_cookie_decode_error", "NTS decode cookies error: ", NTP_UINT),
+ ("nts_ke_probes_good", "NTS KE client probes good: ", NTP_UINT),
+ ("nts_ke_probes_bad", "NTS KE client probes bad: ", NTP_UINT),
+ ("nts_ke_serves_good", "NTS KE serves good: ", NTP_UINT),
+ ("nts_ke_serves_bad", "NTS KE serves bad: ", NTP_UINT),
)
self.collect_display(associd=0, variables=ntsinfo, decodestatus=False)
=====================================
ntpd/nts_client.c
=====================================
@@ -41,7 +41,7 @@ bool connect_TCP_socket(int sockfd, struct addrinfo *addr);
bool nts_set_cert_search(SSL_CTX *ctx, const char *filename);
void set_hostname(SSL *ssl, struct peer *peer, const char *hostname);
bool check_certificate(SSL *ssl, struct peer *peer);
-bool check_aead(SSL *ssl, struct peer *peer, const char *hostname);
+bool check_alpn(SSL *ssl, struct peer *peer, const char *hostname);
bool nts_client_send_request(SSL *ssl, struct peer *peer);
bool nts_client_send_request_core(uint8_t *buff, int buf_size, int *used, struct peer* peer);
bool nts_client_process_response(SSL *ssl, struct peer *peer);
@@ -145,7 +145,7 @@ bool nts_probe(struct peer * peer) {
if (!check_certificate(ssl, peer))
goto bail;
- if (!check_aead(ssl, peer, hostname))
+ if (!check_alpn(ssl, peer, hostname))
goto bail;
if (!nts_client_send_request(ssl, peer))
@@ -443,7 +443,7 @@ bool check_certificate(SSL *ssl, struct peer* peer) {
return true;
}
-bool check_aead(SSL *ssl, struct peer* peer, const char *hostname) {
+bool check_alpn(SSL *ssl, struct peer* peer, const char *hostname) {
UNUSED_ARG(peer);
const unsigned char *data;
unsigned int len;
=====================================
ntpd/nts_server.c
=====================================
@@ -13,6 +13,8 @@
#include <pthread.h>
#include <unistd.h>
#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
@@ -194,16 +196,31 @@ void* nts_ke_listener(void* arg) {
char errbuf[100];
char addrbuf[100];
char usingbuf[100];
+ struct timespec start, finish; /* wall clock */
+#ifdef RUSAGE_THREAD
+ struct timespec start_u, finish_u; /* CPU user */
+ struct timespec start_s, finish_s; /* CPU system */
+ struct rusage usage;
+#endif
#ifdef HAVE_SECCOMP_H
setup_SIGSYS_trap(); /* enable trap for this thread */
#endif
+#ifdef RUSAGE_THREAD
+ /* NB: start_u and start_s are from near the end of the previous cycle.
+ * Thus usage timing includes the TCP accept and
+ * writing the previous msyslog message.
+ */
+ getrusage(RUSAGE_THREAD, &usage);
+ start_u = tval_to_tspec(usage.ru_utime);
+ start_s = tval_to_tspec(usage.ru_stime);
+#endif
+
while(1) {
sockaddr_u addr;
socklen_t len = sizeof(addr);
SSL *ssl;
- struct timespec start, finish;
int client, err;
client = accept(sock, &addr.sa, &len);
@@ -276,10 +293,24 @@ void* nts_ke_listener(void* arg) {
clock_gettime(CLOCK_REALTIME, &finish);
finish = sub_tspec(finish, start);
+#ifdef RUSAGE_THREAD
+ getrusage(RUSAGE_THREAD, &usage);
+ finish_u = tval_to_tspec(usage.ru_utime);
+ finish_s = tval_to_tspec(usage.ru_stime);
+ start_u = sub_tspec(finish_u, start_u);
+ start_s = sub_tspec(finish_s, start_s);
+#endif
nts_ke_serves_good++;
+#ifdef RUSAGE_THREAD
+ msyslog(LOG_INFO, "NTSs: NTS-KE from %s, Using %s, took %.3f sec, CPU: %.3f+%.3f ms",
+ addrbuf, usingbuf, tspec_to_d(finish),
+ tspec_to_d(start_u)*1000, tspec_to_d(start_s)*1000);
+ start_u = finish_u;
+ start_s = finish_s;
+#else
msyslog(LOG_INFO, "NTSs: NTS-KE from %s, Using %s, took %.3f sec",
addrbuf, usingbuf, tspec_to_d(finish));
-
+#endif
}
return NULL;
}
=====================================
wscript
=====================================
@@ -648,7 +648,10 @@ int main(int argc, char **argv) {
# Very old versions of OpenSSL don't have cmac.h
# We could add ifdefs, but old crypto is deprecated in favor of CMAC
# and so far, all the systems that we want to support are new enough.
- ('CMAC_CTX_new', ["openssl/cmac.h"], "CRYPTO", True))
+ ('CMAC_CTX_new', ["openssl/cmac.h"], "CRYPTO", True),
+ # Next should be above, but it needs a library
+ # EVP_PKEY_new_CMAC_key added in OpenSSL 1.1.1
+ ('EVP_PKEY_new_CMAC_key', ["openssl/cmac.h"], "CRYPTO", False))
for ft in required_functions:
probe_function(ctx, function=ft[0],
prerequisites=ft[1], use=ft[2],
@@ -1039,7 +1042,8 @@ def build(ctx):
# required by the generic and Trimble refclocks
ctx.recurse("libparse")
ctx.recurse("libntp")
- ctx.recurse("libaes_siv")
+ if not ctx.env.DISABLE_NTS:
+ ctx.recurse("libaes_siv")
ctx.recurse("ntpd")
ctx.recurse("ntpfrob")
ctx.recurse("ntptime")
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/f6735fecd3edd26e4c8eb5549914d0f844143018...e355749411b053e2cc94890e4777d5d92aba4cac
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/f6735fecd3edd26e4c8eb5549914d0f844143018...e355749411b053e2cc94890e4777d5d92aba4cac
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20210102/4a880527/attachment-0001.htm>
More information about the vc
mailing list