|[chrony-users] Pros and Cons of acquisitionport directive|
[ Thread Index |
| More chrony.tuxfamily.org/chrony-users Archives
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: [chrony-users] Pros and Cons of acquisitionport directive
- From: Bryan Christianson <bryan@xxxxxxxxxxxxx>
- Date: Wed, 10 Aug 2016 20:04:20 +1200
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smtpcorp.com; s=a0-2; h=Feedback-ID:X-Smtpcorp-Track:To:Date:Message-Id: Subject:From; bh=77tdZt6yN6/OPND2QeG9iKXzepXTXywZcp8JdnkMO64=; b=q4lhPB1VBNh2 TcbMUyXN9qahB9LbJ7r+SBb7OyKw42U0fVudWBabN655c+TYjV7wralW/mw01ALtUgT5HF+D1/2zg MbQfS6e3EXkT1PkT0DcTKF+ouUt5aCW9ZDARATxts6x+7VOeWKFRbYb2ou92UoBNoDBUiJhZMzgYH I3o4OwYBNgWim16fX+W/GkABjsbONHhX7I1ylqtw+KchcUuaYVuOTTs/aO59c/A8PMAPzceF7VYZ3 /jytRtCmNtZj4D/uKbMYD0GZutLb7LgpkkhjglZyppGIvgpL31GOlVnQECdyWreSQEijSZLr/Ntxn +YmsbMoSpUr3XbrRGzTr5A==;
- Feedback-id: 149811m:149811acx33YQ:149811s7hEj1hZRX:SMTPCORP
I have been observing chronyd with a profiler (Apple Instruments - gui to dtrace) and noticed that open/close operations on the client sockets was responsible for 80% of the time used. It seems to take the kernel a while to cleanup a socket on close.
I have specified acquisitionport in the config and resource use is significantly better.
What are the disadvantages of using a non-random port? Security is my first guess (i.e. I have opened up a listening port for use as an attack surface) but are there any other disadvantages?
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.