[Git][NTPsec/ntpsec][master] 5 commits: Drop include/timetoa.h -- it wasn't used
Hal Murray (@hal.murray)
gitlab at mg.gitlab.com
Sun Jan 7 21:08:08 UTC 2024
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
5d60f46d by Hal Murray at 2024-01-06T15:24:01-08:00
Drop include/timetoa.h -- it wasn't used
- - - - -
e02c9487 by Hal Murray at 2024-01-06T15:24:01-08:00
Add attic/exp-timing.c
expf() is used for rate limiting.
- - - - -
97fce421 by Hal Murray at 2024-01-06T15:27:57-08:00
Add attic/samba/mssntp-blaster.c
It can generate lots of traffic to measure performance.
- - - - -
73872cd4 by Hal Murray at 2024-01-06T15:28:11-08:00
Use AES-128-CBC rather than MD5 for tests
- - - - -
5db6179d by Hal Murray at 2024-01-06T21:32:20-08:00
Update comments of several attic/*
Mainly to drop out-of-date Last Modified comments.
- - - - -
16 changed files:
- attic/clocks.c
- attic/cmac-timing.c
- attic/digest-timing.c
- + attic/exp-timing.c
- attic/random.c
- attic/samba/Makefile
- attic/samba/README
- attic/samba/fake-ntp-client.c
- attic/samba/fake-ntp-server.c
- attic/samba/fake-samba.c
- + attic/samba/mssntp-blaster.c
- attic/wscript
- − include/timetoa.h
- libntp/timespecops.c
- tests/libntp/authkeys.c
- tests/ntpd/nts_client.c
Changes:
=====================================
attic/clocks.c
=====================================
@@ -4,7 +4,14 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
-/* Last modified on Sat Aug 28 14:30:11 PDT 1999 by murray */
+/* Hack to time reading clocks.
+ *
+ * Some of the kludgy code is to limit printout.
+ *
+ * On systems with a slow clock tick rate (Raspberry Pi)
+ * the histigrom gives enough info to compute the tick rate.
+ *
+ */
#include <errno.h>
#include <stdint.h>
=====================================
attic/cmac-timing.c
=====================================
@@ -4,8 +4,6 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
-/* Last modified on Sat Aug 28 14:30:11 PDT 1999 by murray */
-
/* Hack to time various implementations of CMAC.
*
* Build with: cc cmac-timing.c -o cmac-timing -lcrypto
=====================================
attic/digest-timing.c
=====================================
@@ -4,8 +4,6 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
-/* Last modified on Sat Aug 28 14:30:11 PDT 1999 by murray */
-
/* Hack to time the digest calculations for various algorithms.
*
* This is just the digest timing.
=====================================
attic/exp-timing.c
=====================================
@@ -0,0 +1,66 @@
+/* Hack to time exponential decay calculations.
+ *
+ * exp() and expf() are used to calculate the score for rate limiting.
+ * expf() is used in the mainline path.
+ * exp/expf are used to limit logging.
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <math.h>
+
+#define UNUSED_ARG(arg) ((void)(arg))
+
+int NUM = 1000000;
+int STEPS = 1000;
+
+/*******************************************************************/
+
+static void DoExp(void) {
+ struct timespec start, stop;
+ double average;
+ float x = 0;
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+ for (int i=0; i<NUM; i++) {
+ x = 1000.0;
+ for (int j=0; j<STEPS; j++)
+ x *= exp(-j/64);
+ }
+ clock_gettime(CLOCK_MONOTONIC, &stop);
+ average = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+ average = average/NUM/STEPS;
+ printf("exp: %8d %.6f %.6f %.6f\n", (int)average, x, exp(0.0), exp(-1.0));
+}
+
+static void DoExpf(void) {
+ struct timespec start, stop;
+ double average;
+ float x = 0;
+
+ clock_gettime(CLOCK_MONOTONIC, &start);
+ for (int i=0; i<NUM; i++) {
+ x = 1000.0;
+ for (int j=0; j<STEPS; j++)
+ x *= expf(-j/64);
+ }
+ clock_gettime(CLOCK_MONOTONIC, &stop);
+ average = (stop.tv_sec-start.tv_sec)*1E9 + (stop.tv_nsec-start.tv_nsec);
+ average = average/NUM/STEPS;
+ printf("expf: %8d %.6f %.6f %.6f\n", (int)average, x, exp(0.0), exp(-1.0));
+}
+
+int main (int argc, char *argv[]) {
+
+ UNUSED_ARG(argc);
+ UNUSED_ARG(argv);
+
+ printf(" avg ns\n");
+ DoExp();
+ DoExpf();
+
+ return 0;
+}
=====================================
attic/random.c
=====================================
@@ -4,7 +4,15 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
-/* Last modified on Sat Aug 28 14:30:11 PDT 1999 by murray */
+/* Hack to measure how long it takes to generate randomness.
+ *
+ * The good random generators in OpenSSL are very slow.
+ * Mostly, that's high overhead.
+ *
+ * If generating randomness gets high enough on the list, we
+ * can make a wrapper that gets a big block of randomness and
+ * returns smaller chunks as needed.
+ */
#include <errno.h>
#include <stdint.h>
=====================================
attic/samba/Makefile
=====================================
@@ -5,7 +5,7 @@
# Hi
-PROGS = fake-samba fake-ntp-server fake-ntp-client
+PROGS = fake-samba fake-ntp-server fake-ntp-client mssntp-blaster
# Compiler flags
CFLAGS = -O1 -Wall -Wstrict-prototypes -Wmissing-prototypes
@@ -25,4 +25,7 @@ fake-ntp-server: fake.h fake-ntp-server.c
fake-ntp-client: fake.h fake-ntp-client.c
cc $(CFLAGS) -g -o fake-ntp-client fake-ntp-client.c
+mssntp-blaster: mssntp-blaster.c
+ cc $(CFLAGS) -g -o mssntp-blaster mssntp-blaster.c
+
=====================================
attic/samba/README
=====================================
@@ -39,6 +39,8 @@ Your ntp.conf will need something like this:
Note that ntpd adds "/socket" to the name from the config file.
+mssntp-blaster can send lots of traffic.
+ntpq has an mssntpinfo command to print out ntpd's statistics.
These are simple hacks. Look at the code and fix it to do what you want.
=====================================
attic/samba/fake-ntp-client.c
=====================================
@@ -4,7 +4,9 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
-/* Last modified on Sat Jan 6 00:11:51 PST 2001 by murray */
+ * fake-ntp-client.c: generate NTP packets for ntpd+samba to sign.
+ * See README.
+ */
#include <sys/types.h>
#include <unistd.h>
@@ -22,9 +24,9 @@
#include "fake.h"
-static char* host = "time.example.com";// First arg
-static int packets = 1; // Second arg
-static useconds_t delay = 1000; // Third arg, microseconds after each packet
+static char* host = "time.example.com"; // First arg
+static int packets = 1; // Second arg
+static useconds_t delay = 1000; // Third arg, microseconds after each packet
static int sock;
static struct ntp_packet ntp_send, ntp_recv;
=====================================
attic/samba/fake-ntp-server.c
=====================================
@@ -5,9 +5,10 @@
*/
/* fake-ntp-server.c
- * fake NTP server to exersize fake-samba
+ * fake-ntp-server.c -- generate traffic for fake-samba
* it won't work with real samba since we don't know any key-IDs
* so all it is good for is debugging fake-samba
+ * See README
*/
#include <errno.h>
#include <string.h>
=====================================
attic/samba/fake-samba.c
=====================================
@@ -6,6 +6,7 @@
/*
* fake-samba.c -- fake samba server to exercise MS-SNTP option.
+ * See README
*/
#include <errno.h>
#include <string.h>
=====================================
attic/samba/mssntp-blaster.c
=====================================
@@ -0,0 +1,138 @@
+/*
+ * mssntp-blaster.c:
+ * hack to generate mssntp traffic so you can measure throughput.
+ * ntpq has an mssntpinfo command.
+ */
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <netdb.h>
+
+#include "fake.h"
+
+char* host = "localhost"; // First arg
+int keyid = 6; // Second arg
+int delay = 15; // Third arg
+int packets = 10; // Fourth arg
+
+int sock;
+
+struct ntp_packet ntp_send, ntp_recv;
+
+int ntp_port_number = 123;
+
+/* NTP time starts 1900, unix time starts 1970 */
+int ntp_to_unix = 0x7c558180;
+int unix_to_ntp = 0x83aa7e80;
+
+#define DATELENGTH 100
+static void bailout(char *msg)
+{
+ int saverrr = errno;
+ char timetxt[DATELENGTH];
+ time_t nowbin;
+ struct tm nowstruct;
+ time(&nowbin);
+ localtime_r(&nowbin, &nowstruct);
+ strftime(timetxt, DATELENGTH, "%Y-%b-%d %H:%M", &nowstruct);
+ printf("** %s %s: errno = %d, %s\n",
+ timetxt, msg, saverrr, strerror(saverrr));
+ sleep(10); /* Beware of loops in scripts. */
+ exit(1);
+};
+
+int main (int argc, char *argv[])
+{
+ char *hostname;
+ struct hostent *target;
+ struct sockaddr_in server, client;
+ struct timespec delay_spec, now;
+ float timeout = 5.0;
+ int addr;
+ int i, ec, len, saved_errno;
+
+ if (argc > 4) packets = atoi(argv[4]);
+ if (packets < 0) bailout("Bad packets");
+
+ if (argc > 3) delay = atoi(argv[3]);
+ if (delay < 0) bailout("Bad delay");
+
+ if (argc > 2) keyid = atoi(argv[2]);
+ if (keyid < 0 || keyid > 0xFFFFFFFF) bailout("Bad key_id");
+
+ hostname = "localhost";
+ if (argc > 1) hostname = argv[1];
+ target = gethostbyname(hostname);
+ if (target == NULL) bailout("Bad hostname");
+
+ bcopy((char *)target->h_addr, (char *)&addr, sizeof(addr));
+ addr = ntohl(addr);
+ printf("Connecting to %s=>%d.%d.%d.%d\n",
+ hostname,
+ (addr >> 24) & 0xff,
+ (addr >> 16) & 0xff,
+ (addr >> 8) & 0xff,
+ (addr >> 0) & 0xff);
+
+ if (0) printf("Sending: len = %ld, header=%8x\n",
+ sizeof(ntp_send), ntp_send.header);
+
+ bzero((char *)&server, sizeof(server));
+ bcopy((char *)target->h_addr, (char *)&server.sin_addr, target->h_length);
+ server.sin_family = target->h_addrtype;
+ server.sin_port = htons(ntp_port_number);
+
+ sock = socket(PF_INET, SOCK_DGRAM, 0);
+ if (sock < 0) bailout("socket");
+
+ bzero((char *)&client, sizeof(client));
+ client.sin_family = AF_INET;
+ client.sin_addr.s_addr = htonl(INADDR_ANY);
+ client.sin_port = htons(0);
+
+ ec = bind(sock, (struct sockaddr *)&client, sizeof(client) );
+ if (ec) bailout("bind");
+
+ ec = connect(sock, (struct sockaddr *)&server, sizeof(server) );
+ if (ec) bailout("connect");
+
+ delay_spec.tv_sec = (int)timeout;
+ delay_spec.tv_nsec = (timeout-delay_spec.tv_sec)*1E9;
+ setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, \
+ (char*)&delay_spec, sizeof(delay_spec));
+
+ ntp_send.header = htonl(0x23000000);
+ ntp_send.keyid = keyid;
+
+ for (i = 0; i<packets; i++) {
+ clock_gettime(CLOCK_REALTIME, &now);
+ ntp_send.t3.seconds = htonl(now.tv_sec+unix_to_ntp);
+ ntp_send.t3.fraction = 0;
+ len = send(sock, &ntp_send, sizeof(ntp_send), 0);
+ if (len != sizeof(ntp_send)) bailout("send");
+ printf("Sent one\n");
+ len = recv(sock, &ntp_recv, sizeof(ntp_recv), 0);
+ saved_errno = errno;
+ if (len == -1) {
+ /* probably timeout: EAGIN or EWOULDBLOCK */
+ printf("Error from recv: %s\n", strerror(saved_errno));
+ } else if (len != sizeof(ntp_recv)) {
+ printf("Wrong length from recv: %d\n", len);
+ } else {
+ printf("Got one.\n");
+ }
+ nanosleep(&delay_spec, NULL);
+ }
+ close(sock);
+
+ return 0;
+}
=====================================
attic/wscript
=====================================
@@ -6,7 +6,7 @@ def build(ctx):
util = [ 'sht',
'digest-find', 'cipher-find',
'clocks', "random",
- 'digest-timing', 'cmac-timing',
+ 'digest-timing', 'cmac-timing', 'exp-timing',
'backwards']
if not ctx.env.DISABLE_NTS:
=====================================
include/timetoa.h deleted
=====================================
@@ -1,49 +0,0 @@
-/*
- * timetoa.h -- time_t related string formatting
- *
- * Copyright Juergen Perlinger <perlinger at ntp.org> for the NTP project.
- * Copyright the NTPsec project contributors
- * SPDX-License-Identifier: NTP
- *
- * Printing a 'time_t' has some portability pitfalls, due to it's opaque
- * base type. The only requirement imposed by the standard is that it
- * must be a numeric type. For all practical purposes it's a signed int,
- * and 32 bits are common.
- *
- * Since the UN*X time epoch will cause a signed integer overflow for
- * 32-bit signed int values in the year 2038, implementations slowly
- * move to 64bit base types for time_t, even in 32-bit environments. In
- * such an environment sizeof(time_t) could be bigger than sizeof(long)
- * and the commonly used idiom of casting to long leads to truncation.
- *
- * As the printf() family has no standardised type specifier for time_t,
- * guessing the right output format specifier is a bit troublesome and
- * best done with the help of the preprocessor and "config.h".
- *
- */
-#ifndef GUARD_TIMETOA_H
-#define GUARD_TIMETOA_H
-
-#include "ntp_fp.h"
-#include "ntp_stdlib.h"
-
-/*
- * general fractional time stamp formatting.
- *
- * secs - integral seconds of time stamp
- * frac - fractional units
- * prec - log10 of units per second (3=milliseconds, 6=microseconds,..)
- * or in other words: the count of decimal digits required.
- * If prec is < 0, abs(prec) is taken for the precision and secs
- * is treated as an unsigned value.
- *
- * The function will eventually normalise the fraction and adjust the
- * seconds accordingly.
- *
- * This function uses the string buffer library for the return value,
- * so do not keep the resulting pointers around.
- */
-extern const char *
-format_time_fraction(time_t secs, long frac, int prec);
-
-#endif /* GUARD_TIMETOA_H */
=====================================
libntp/timespecops.c
=====================================
@@ -46,7 +46,6 @@
#include "timespecops.h"
#include "ntp.h"
#include "ntp_calendar.h"
-#include "timetoa.h"
/* make sure nanoseconds are in nominal range */
struct timespec
=====================================
tests/libntp/authkeys.c
=====================================
@@ -9,6 +9,8 @@
#include "ntp.h"
+const unsigned char aes_key[16] = "0123456789abcdef";
+
TEST_GROUP(authkeys);
TEST_SETUP(authkeys) {
@@ -35,7 +37,7 @@ static void AddTrustedKey(keyid_t keyno) {
* We need to add a type and key in addition to setting the
* trust, because authlookup() requires type != AUTH_NONE.
*/
- auth_setkey(keyno, AUTH_DIGEST, "MD5", NULL, 0);
+ auth_setkey(keyno, AUTH_CMAC, "AES-128-CBC", aes_key, sizeof(aes_key));
authtrust(keyno, true);
}
@@ -65,7 +67,7 @@ TEST(authkeys, AddUntrustedKey) {
TEST_ASSERT_NULL(authlookup(KEYNO, true));
TEST_ASSERT_NULL(authlookup(KEYNO, false));
- auth_setkey(KEYNO, AUTH_DIGEST, "MD5", NULL, 0);
+ auth_setkey(KEYNO, AUTH_CMAC, "AES-128-CBC", aes_key, sizeof(aes_key));
TEST_ASSERT_NULL(authlookup(KEYNO, true));
TEST_ASSERT_NOT_NULL(authlookup(KEYNO, false));
=====================================
tests/ntpd/nts_client.c
=====================================
@@ -289,6 +289,8 @@ void dns_take_status(struct peer *a, DNS_Status b) {
return;
}
+struct peer *peer_list = NULL;
+
TEST_GROUP_RUNNER(nts_client) {
RUN_TEST_CASE(nts_client, nts_client_send_request_core);
RUN_TEST_CASE(nts_client, nts_client_process_response_core);
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/a2a01b1e9d8f6967ea56d2f37a02053aeb27f090...5db6179d5cc21d5a2fed326de427806c3793c995
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/compare/a2a01b1e9d8f6967ea56d2f37a02053aeb27f090...5db6179d5cc21d5a2fed326de427806c3793c995
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20240107/8c9e2d1a/attachment-0001.htm>
More information about the vc
mailing list