Re: [chrony-users] Peer selecting when NTS enabled |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Peer selecting when NTS enabled
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Mon, 25 Jan 2021 09:42:14 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1611564142; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KQ2ZCte523CrS1GHYGym240IFbnqD3ltyezNDo1Fik0=; b=M3l0owdzeLL83/aPUQ49xcyPF/q5/dFziXNZzrSAqaxliROUyc4IbjlEILy0dnhU6e9fY+ azr+fH7o4GHYzzvJsQQ55MADped58nzD8LC4qJl2ZD4pAVxCX6fVmB35DZILytDnuyqAFT ukfYJNQRuS2pnXyY+kWrb4jcRO4pPKY=
On Sun, Jan 24, 2021 at 01:45:34AM +0100, Kurt Roeckx wrote:
> chronyc> selectdata
> S Name/IP Address Auth COpts EOpts Last Score Interval Leap
> =======================================================================
> T 192.168.0.2 N ----- ----- 28 1.0 -8012us +8034us N
> T 192.168.0.3 N ----- ----- 25 1.0 -7523us +7645us N
> T 192.168.0.6 N ----- ----- 9 1.0 -7278us +7859us N
> T 192.168.0.7 N ----- ----- 26 1.0 -7109us +7295us N
> T 192.168.0.21 N ----- ----- 10 1.0 -7846us +8107us N
> * excelsior.roeckx.be Y ----- --TR- 0 1.0 -6669us +7580us N
The last source is trusted (T in EOpts). That comes from the nts
option. The intervals of the other sources don't fit inside the
interval of the trusted source, so they are not selectable.
> chronyc> selectdata
> S Name/IP Address Auth COpts EOpts Last Score Interval Leap
> =======================================================================
> T 192.168.0.2 N ----- ----- 18 1.0 -8449us +8306us N
> D 192.168.0.3 N ----- ----- 16 1.0 -6972us +7014us N
> D 192.168.0.6 N ----- ----- 0 1.0 -7151us +7432us N
> T 192.168.0.7 N ----- ----- 18 1.0 -8242us +8398us N
> T 192.168.0.21 N ----- ----- 0 1.0 -7279us +7404us N
> * excelsior.roeckx.be Y ----- --TR- 6 1.0 -7161us +7701us N
Here, some sources fit inside that interval, but they don't pass the
selection for having a large root distance.
> I'm not sure if I can get the value of the root distance, but it
> should be almost the same, surely not a factor of 3 difference.
The length of the interval is the root distance at the time of the
selection. The "+/-" value in the sources output is the root distance
at the time of the measurement. That is also reported in the
measurements log. The 'D' state should clear up after 32 updates of
the selected source if the distance doesn't become too large.
> As far as I know, if I disable NTS, I do not see such behaviour.
If you disable nts, that source will not be trusted over the others.
If the sources should be trusted (e.g. they are in a local trusted
network), you might want to use the new "authselmode" directive to
ignore authentication in the selection.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.