[Git][NTPsec/ntpsec][master] Add stats for MSSNTP

Sat Oct 21 06:07:47 UTC 2023


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
c988a074 by Hal Murray at 2023-10-20T23:07:06-07:00
Add stats for MSSNTP

- - - - -


4 changed files:

- include/ntpd.h
- ntpclients/ntpq.py
- ntpd/ntp_control.c
- ntpd/ntp_signd.c


Changes:

=====================================
include/ntpd.h
=====================================
@@ -445,6 +445,20 @@ extern struct restriction_data rstrct;
 #ifdef ENABLE_MSSNTP
 /* ntp_signd.c */
 extern void send_via_ntp_signd(struct recvbuf *, void *);
+
+struct mssntp_counters {
+  uint64_t serves;		/* packets to send_via_ntp_signd */
+  uint64_t serves_no;		/* can't contact samba */
+  uint64_t serves_err;		/* troubles talking to samba */
+  uint64_t serves_good;
+  l_fp     serves_good_wall;
+  l_fp     serves_good_slowest;
+  uint64_t serves_bad;		/* samba said error */
+  l_fp     serves_bad_wall;
+  l_fp     serves_bad_slowest;
+};
+
+extern struct mssntp_counters mssntp_cnt, old_mssntp_cnt;
 #endif
 
 /* ntp_timer.c */


=====================================
ntpclients/ntpq.py
=====================================
@@ -1689,6 +1689,28 @@ usage: ntsinfo
 """)
 
 
+    def do_mssntpinfo(self, _line):
+        "display MSSNTP authentication counters"
+        mssntpinfo = (
+   ("mssntp_serves",              "MSSNTP requests processed:     ", NTP_UINT),
+   ("mssntp_serves_no",           "MSSNTP rejected by samba:      ", NTP_UINT),
+   ("mssntp_serves_err",          "MSSNTP errors talking to samba:", NTP_UINT),
+   ("mssntp_serves_good",         "MSSNTP requests good:          ", NTP_UINT),
+   ("mssntp_serves_good_wall",    "MSSNTP requests good wall:     ", NTP_FLOAT),
+   ("mssntp_serves_good_slowest", "MSSNTP requests good slowest:  ", NTP_FLOAT),
+   ("mssntp_serves_bad",          "MSSNTP requests bad:           ", NTP_UINT),
+   ("mssntp_serves_bad_wall",     "MSSNTP requests bad wall:      ", NTP_FLOAT),
+   ("mssntp_serves_bad_slowest",  "MSSNTP requests bad slowest:   ", NTP_FLOAT),
+  )
+        self.collect_display(associd=0, variables=mssntpinfo, decodestatus=False)
+
+    def help_mssntpinfo(self):
+        self.say("""\
+function: display MSSNTP authentication counters
+usage: mssntpinfo
+""")
+
+
 # FIXME: This table should move to ntpd
 #          so the answers track when ntpd is updated
     def do_iostats(self, _line):


=====================================
ntpd/ntp_control.c
=====================================
@@ -462,6 +462,27 @@ static const struct var sys_var[] = {
 #undef Var_PairF
 #endif
 
+#ifdef ENABLE_MSSNTP
+#define Var_Pair(name, location) \
+  Var_u64(name, RO, location), \
+  Var_u64_r(name "_r", RO, location)
+#define Var_PairF(name, location) \
+  Var_l_fp_sec(name, RO, location), \
+  Var_l_fp_r(name "_r", RO, location)
+  Var_Pair("mssntp_serves", mssntp_cnt.serves),
+  Var_Pair("mssntp_serves_no", mssntp_cnt.serves_no),
+  Var_Pair("mssntp_serves_err", mssntp_cnt.serves_err),
+  Var_Pair("mssntp_serves_good", mssntp_cnt.serves_good),
+  Var_PairF("mssntp_serves_good_wall", mssntp_cnt.serves_good_wall),
+  Var_PairF("mssntp_serves_good_slowest", mssntp_cnt.serves_good_slowest),
+  Var_Pair("mssntp_serves_bad", mssntp_cnt.serves_bad),
+  Var_PairF("mssntp_serves_bad_wall", mssntp_cnt.serves_bad_wall),
+  Var_PairF("mssntp_serves_bad_slowest", mssntp_cnt.serves_bad_slowest),
+#undef Var_Pair
+#undef Var_PairF
+#endif
+
+
   { .flags=EOV }                  // end marker for scans
 
 };


=====================================
ntpd/ntp_signd.c
=====================================
@@ -12,6 +12,7 @@
 #include "ntpd.h"
 #include "ntp_io.h"
 #include "ntp_stdlib.h"
+#include "timespecops.h"
 
 #include <string.h>
 #include <stdbool.h>
@@ -29,8 +30,9 @@
  * but unextended and MACless packet headers, so it can't be used with NTS.
  */
 
+struct mssntp_counters mssntp_cnt, old_mssntp_cnt;
+
 #define ERR_BUF_LEN 96 // arbitary length for error buffer (6x16) -- JamesB192
-// some tinkering suggests malloc allocates 16n byte chunks with 8byte gaps
 
 static struct do_we_log do_we_log_signd = {
 	.c_decay=2,	// What is the period length in hours
@@ -214,6 +216,9 @@ send_via_ntp_signd(
 	 * https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sntp/8106cb73-ab3a-4542-8bc8-784dd32031cc
 	 */
 
+	struct timespec start, finish;
+	l_fp wall;
+
 	bool quit = false;
 	int fd;
 	size_t sendlen;
@@ -237,6 +242,9 @@ send_via_ntp_signd(
 	char *reply = NULL;
 	uint32_t reply_len;
 
+	mssntp_cnt.serves++;
+	clock_gettime(CLOCK_MONOTONIC, &start);
+
 	ZERO(samba_pkt);
 	samba_pkt.op = 0; /* Sign message */
 	/* This will be echoed into the reply - a different
@@ -256,6 +264,7 @@ send_via_ntp_signd(
 	fd = ux_socket_connect(full_socket);
 	/* Only continue with this if we can talk to Samba */
 	if (fd < 4) {
+		mssntp_cnt.serves_no++;
 		goto signd_cleanup;
 	}
 	
@@ -272,10 +281,12 @@ send_via_ntp_signd(
 
 	if (send_packet(fd, (char *)&samba_pkt, offsetof(struct samba_key_in, pkt) + LEN_PKT_NOMAC) != 0) {
 		/* Huh?  could not talk to Samba... */
+		mssntp_cnt.serves_err++;
 		goto signd_cleanup;
 	}
 
 	if (recv_packet(fd, &reply, &reply_len) != 0) {
+		mssntp_cnt.serves_err++;
 		goto signd_cleanup;
 	}
 	/* Return packet is also simple:
@@ -302,6 +313,12 @@ send_via_ntp_signd(
 			quit = true;
 		}
 		if (quit) {
+			mssntp_cnt.serves_bad++;
+			clock_gettime(CLOCK_MONOTONIC, &finish);
+			wall = tspec_intv_to_lfp(sub_tspec(finish, start));
+			mssntp_cnt.serves_bad_wall += wall;
+			if (wall > mssntp_cnt.serves_bad_slowest)
+			  mssntp_cnt.serves_bad_slowest = wall;
 			goto signd_cleanup;
 		}
 	}
@@ -309,6 +326,14 @@ send_via_ntp_signd(
 	sendlen = reply_len - header_length;
 	xpkt = reply + header_length;
 	sendpkt(&rbufp->recv_srcadr, rbufp->dstadr, xpkt, (uint32_t)sendlen);
+
+	mssntp_cnt.serves_good++;
+	clock_gettime(CLOCK_MONOTONIC, &finish);
+	wall = tspec_intv_to_lfp(sub_tspec(finish, start));
+	mssntp_cnt.serves_good_wall += wall;
+	if (wall > mssntp_cnt.serves_good_slowest)
+	  mssntp_cnt.serves_good_slowest = wall;
+
 	DPRINT(1, ("transmit ntp_signd packet: at %u %s->%s keyid %08x len %zu\n",
 		   current_time, socktoa(&rbufp->dstadr->sin),
 		   socktoa(&rbufp->recv_srcadr), rbufp->keyid, sendlen));



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/c988a07405d8d95d23cc2bce1c06ed56ef66d1cc

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/c988a07405d8d95d23cc2bce1c06ed56ef66d1cc
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20231021/c7d0772a/attachment-0001.htm>
