[chrony-dev] [Git][chrony/chrony][master] 8 commits: nts: check for NTS NAK specifically when responding

["Miroslav Lichvar (@mlichvar)" <gitlab@xxxxxxxxxxxxx>]

Title: GitLab

Miroslav Lichvar pushed to branch master at chrony / chrony

Commits:

• ce956c99
  by Miroslav Lichvar at 2024-04-02T11:33:04+02:00

  nts: check for NTS NAK specifically when responding
  
  Ignore other KoD codes than NTS NAK when deciding if the server response
  should not be authenticated.
  

• c8c7f518
  by Miroslav Lichvar at 2024-04-02T11:55:02+02:00

  clientlog: return enum from CLG_LimitServiceRate()
  
  Change CLG_LimitServiceRate() to return an enum in preparation for
  adding KoD RATE support.
  

• aac89834
  by Miroslav Lichvar at 2024-04-02T15:23:26+02:00

  clientlog: add support for KoD rate limiting
  
  Add a third return value to CLG_LimitServiceRate() to indicate the
  server should send a response requesting the client to reduce its
  polling rate. It randomly selects from a fraction (configurable to 1/2,
  1/4, 1/8, 1/16, or disabled) of responses which would be dropped
  (after selecting responses for the leak option).
  

• 24d28cd6
  by Miroslav Lichvar at 2024-04-02T15:39:12+02:00

  ntp: add server support for KoD RATE
  
  Add "kod" option to the ratelimit directive to respond with the KoD
  RATE code to randomly selected requests exceeding the configured limit.
  This complements the client support of KoD RATE. It's disabled by
  default.
  
  There can be only one KoD code in one response. If both NTS NAK and RATE
  codes are triggered, drop the response. The KoD RATE code can be set in
  an NTS-authenticated response.
  

• b8ead348
  by Miroslav Lichvar at 2024-04-03T11:01:44+02:00

  leapdb: fix leapsec list processing with 32-bit time_t
  
  A 32-bit time_t value overflows when converted to the Y1900 epoch used
  in the leapsec list. Use a 64-bit variable in get_list_leap() to fix the
  comparisons on systems using 32-bit time_t.
  
  Fixes: 53823b9f1c07 ("leapdb: support leap-seconds.list as second source")
  

• 9397ae2b
  by Andy Fiddaman at 2024-04-04T15:17:05+02:00

  reference: add "local activate" option
  
  This option sets an activating root distance for the local reference. The
  local reference will not be used until the root distance drops below the
  configured value for the first time. This can be used to prevent the local
  reference from being activated on a server which has never been synchronised
  with an upstream server. The default value of 0.0 causes no activating
  distance to be used, such that the local reference is always eligible for
  activation.
  

• 26ea4e35
  by Miroslav Lichvar at 2024-04-04T16:24:02+02:00

  test: add tests of local directive options
  

• 5235c518
  by Miroslav Lichvar at 2024-04-04T16:24:43+02:00

  cmdmon: add reserved fields to local command
  
  Add two reserved fields initialized to zero to the new REQ_LOCAL3
  command to allow adding more options (e.g. delay in activation) without
  changing the command number again.
  

22 changed files:

• candm.h
• client.c
• clientlog.c
• clientlog.h
• cmdmon.c
• cmdparse.c
• cmdparse.h
• conf.c
• conf.h
• doc/chrony.conf.adoc
• leapdb.c
• ntp_core.c
• nts_ke_server.c
• nts_ntp_server.c
• pktlength.c
• reference.c
• reference.h
• test/simulation/110-chronyc
• + test/simulation/121-local
• − test/simulation/121-orphan
• test/simulation/135-ratelimit
• test/unit/clientlog.c

—
View it on GitLab.
You're receiving this email because of your account on gitlab.com. Manage all notifications · Help