r3 - 2012-08-31 - 07:42:07 - HarlanStennYou are here: NTP >  Support Web > ConfiguringNTP > ConfiguringRefclocks > ConfiguringSHMRefclocks > ImprovingTheSHMRefclock
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p10 was released on 21 March 2017. It addresses 6 medium- and 5 low-severity security issues, 4 informational security topics, 15 bugfixes, and contains other improvements over 4.2.8p9.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Improving the SHM Refclock

127.127.28.u where unit (u) values of 0 and 1 are 0600 from NTP's POV, and units 2 and 3 are 0666.


The SHM refclock could stand some improvements. Specifically...

Nanosecond timestamps

Related Topics: bug_small.png Bug #1232

Proposed new behavior

nanoseconds will need to be stored in a long.

Let's decide how many mode bits we need for the actual mode and swipe some leftovers for a version subfield. The default would be version=0, which would be the old behavior. This would let a "consumer" know which interface(s) were supported, and original code would continue to work unchagned. Of course, this will break old code that sees a new implementation. Need another plan. We could put the version in the current dummy[0], for eample...

Harlan thinks we should provide macros that will offer volatile access to the count and valid members. Anybody disagree? I don't see the value in making the actual members volatile, or making the structure volatile.

Let's have a stand-alone compile-time test to validate the size of the shmTime structure does not change.

Do we need to have some sort of API or documentation to help folks:

  • set up the initial SHM segment (which starts first, ntpd or gpsd, for example)
  • see how we expect the "provider" and "consumer" to interact

Do we want support for multiple "consumers"? The current API does not support it (after use the valid flag is cleared).

Should we create a separable libshmrefclock? On the one hand that's cleaner, and on the other hand this API and implementation should change very rarely...

Current behavior

The shared memory-segment is created with owner-only access for unit 0 and 1, and world access for unit 2 and 3

Structure of shared memory-segment

struct shmTime {
  int    mode; /* 0 - if valid set
                *       use values,
                *       clear valid
                * 1 - if valid set
                *       if count before and after read of
                *       values is equal,
                *         use values
                *       clear valid
                */
  int    count;
  time_t clockTimeStampSec;      /* external clock */
  int    clockTimeStampUSec;     /* external clock */
  time_t receiveTimeStampSec;    /* internal clock, when external value was received */
  int    receiveTimeStampUSec;   /* internal clock, when external value was received */
  int    leap;
  int    precision;
  int    nsamples;
  int    valid;
  int    dummy[10];
};

Operation mode=0

Each second, the valid of the shared memory-segment is checked:

If set, the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision ) are passed to ntp, and the valid is cleared and count is bumped.

If not set, count is bumped.

Operation mode=1

Each second, the valid of the shared memory-segment is checked:

If set, the count field of the record is remembered, and the values in the record (clockTimeStampSec, clockTimeStampUSec, receiveTimeStampSec, receiveTimeStampUSec, leap, precision) are read. Then, the remembered count is compared to the count now in the record. If both are equal, the values read from the record are passed to ntp. If they differ, another process has modified the record while it was read out (was not able to produce this case), and failure is reported to ntp. The valid flag is cleared and count is bumped.

If not set, count is bumped.

gpsd

gpsd knows how to talk to many GPS devices. It works with ntpd through the SHM driver.

The gpsd man page suggests setting minpoll and maxpoll to 4. That was an attempt to reduce jitter. The SHM driver was fixed (ntp-4.2.5p138) to collect data each second rather than once per polling interval so that suggestion is no longer reasonable.

Comments

 
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback