faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

clientlog: reduce amount of logged information

Browse source 
Don't log NTP peer access and auth/bad command access. Also, change
types for logging number of hits from long to uint32_t. This reduces the
size of the node and allows more clients to be monitored in the same
amount of memory.
This commit is contained in:
Miroslav Lichvar 2015-11-23 15:53:45 +01:00
parent f2b82c1e1d
commit 086e886d1e
5 changed files with 24 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
clientlog.c
View file

@ -51,13 +51,10 @@
/* Number of entries in each subtable */
#define TABLE_SIZE (1UL<<NBITS)
typedef struct _Node {
typedef struct {
IPAddr ip_addr;
unsigned long client_hits;
unsigned long peer_hits;
unsigned long cmd_hits_bad;
unsigned long cmd_hits_normal;
unsigned long cmd_hits_auth;
uint32_t ntp_hits;
uint32_t cmd_hits;
time_t last_ntp_hit;
time_t last_cmd_hit;
} Node;
@ -138,11 +135,8 @@ clear_subnet(Subnet *subnet)
static void
clear_node(Node *node)
{
node->client_hits = 0;
node->peer_hits = 0;
node->cmd_hits_auth = 0;
node->cmd_hits_normal = 0;
node->cmd_hits_bad = 0;
node->ntp_hits = 0;
node->cmd_hits = 0;
node->last_ntp_hit = (time_t) 0;
node->last_cmd_hit = (time_t) 0;
}
@ -282,7 +276,7 @@ get_node(IPAddr *ip)
/* ================================================== */
void
CLG_LogNTPClientAccess (IPAddr *client, time_t now)
CLG_LogNTPAccess(IPAddr *client, time_t now)
{
Node *node;
@ -292,33 +286,15 @@ CLG_LogNTPClientAccess (IPAddr *client, time_t now)
return;
node->ip_addr = *client;
++node->client_hits;
node->last_ntp_hit = now;
++node->ntp_hits;
}
}
/* ================================================== */
void
CLG_LogNTPPeerAccess(IPAddr *client, time_t now)
{
Node *node;
if (active) {
node = get_node(client);
if (node == NULL)
return;
node->ip_addr = *client;
++node->peer_hits;
node->last_ntp_hit = now;
}
}
/* ================================================== */
void
CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now)
CLG_LogCommandAccess(IPAddr *client, time_t now)
{
Node *node;
@ -329,20 +305,7 @@ CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now)
node->ip_addr = *client;
node->last_cmd_hit = now;
switch (type) {
case CLG_CMD_AUTH:
++node->cmd_hits_auth;
break;
case CLG_CMD_NORMAL:
++node->cmd_hits_normal;
break;
case CLG_CMD_BAD_PKT:
++node->cmd_hits_bad;
break;
default:
assert(0);
break;
}
++node->cmd_hits;
}
}
@ -367,15 +330,11 @@ CLG_GetClientAccessReportByIndex(int index, RPT_ClientAccessByIndex_Report *repo
node = nodes[index];
report->ip_addr = node->ip_addr;
report->client_hits = node->client_hits;
report->peer_hits = node->peer_hits;
report->cmd_hits_auth = node->cmd_hits_auth;
report->cmd_hits_normal = node->cmd_hits_normal;
report->cmd_hits_bad = node->cmd_hits_bad;
report->ntp_hits = node->ntp_hits;
report->cmd_hits = node->cmd_hits;
report->last_ntp_hit_ago = now - node->last_ntp_hit;
report->last_cmd_hit_ago = now - node->last_cmd_hit;
return CLG_SUCCESS;
}
}

14
clientlog.h
View file

@ -33,18 +33,8 @@
extern void CLG_Initialise(void);
extern void CLG_Finalise(void);
extern void CLG_LogNTPClientAccess(IPAddr *client, time_t now);
extern void CLG_LogNTPPeerAccess(IPAddr *client, time_t now);
/* When logging command packets, there are several subtypes */
typedef enum {
CLG_CMD_AUTH, /* authenticated */
CLG_CMD_NORMAL, /* normal */
CLG_CMD_BAD_PKT /* bad version or packet length */
} CLG_Command_Type;
extern void CLG_LogCommandAccess(IPAddr *client, CLG_Command_Type type, time_t now);
extern void CLG_LogNTPAccess(IPAddr *client, time_t now);
extern void CLG_LogCommandAccess(IPAddr *client, time_t now);
/* And some reporting functions, for use by chronyc. */
/* TBD */

20
cmdmon.c
View file

@ -1040,11 +1040,11 @@ handle_client_accesses_by_index(CMD_Request *rx_message, CMD_Reply *tx_message)
switch (result) {
case CLG_SUCCESS:
UTI_IPHostToNetwork(&report.ip_addr, &tx_message->data.client_accesses_by_index.clients[j].ip);
tx_message->data.client_accesses_by_index.clients[j].client_hits = htonl(report.client_hits);
tx_message->data.client_accesses_by_index.clients[j].peer_hits = htonl(report.peer_hits);
tx_message->data.client_accesses_by_index.clients[j].cmd_hits_auth = htonl(report.cmd_hits_auth);
tx_message->data.client_accesses_by_index.clients[j].cmd_hits_normal = htonl(report.cmd_hits_normal);
tx_message->data.client_accesses_by_index.clients[j].cmd_hits_bad = htonl(report.cmd_hits_bad);
tx_message->data.client_accesses_by_index.clients[j].client_hits = htonl(report.ntp_hits);
tx_message->data.client_accesses_by_index.clients[j].peer_hits = htonl(0);
tx_message->data.client_accesses_by_index.clients[j].cmd_hits_auth = htonl(0);
tx_message->data.client_accesses_by_index.clients[j].cmd_hits_normal = htonl(report.cmd_hits);
tx_message->data.client_accesses_by_index.clients[j].cmd_hits_bad = htonl(0);
tx_message->data.client_accesses_by_index.clients[j].last_ntp_hit_ago = htonl(report.last_ntp_hit_ago);
tx_message->data.client_accesses_by_index.clients[j].last_cmd_hit_ago = htonl(report.last_cmd_hit_ago);
j++;
@ -1240,8 +1240,6 @@ read_from_cmd_socket(void *anything)
rx_message.res2 != 0) {
/* We don't know how to process anything like this */
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
return;
}
@ -1265,8 +1263,6 @@ read_from_cmd_socket(void *anything)
DEBUG_LOG(LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s",
rx_message.version, PROTO_VERSION_NUMBER, UTI_SockaddrToString(&where_from.sa));
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
if (rx_message.version >= PROTO_VERSION_MISMATCH_COMPAT_SERVER) {
tx_message.status = htons(STT_BADPKTVERSION);
transmit_reply(&tx_message, &where_from);
@ -1278,8 +1274,6 @@ read_from_cmd_socket(void *anything)
DEBUG_LOG(LOGF_CmdMon, "Read command packet with invalid command %d from %s",
rx_command, UTI_SockaddrToString(&where_from.sa));
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
tx_message.status = htons(STT_INVALID);
transmit_reply(&tx_message, &where_from);
return;
@ -1289,8 +1283,6 @@ read_from_cmd_socket(void *anything)
DEBUG_LOG(LOGF_CmdMon, "Read incorrectly sized command packet from %s",
UTI_SockaddrToString(&where_from.sa));
CLG_LogCommandAccess(&remote_ip, CLG_CMD_BAD_PKT, cooked_now.tv_sec);
tx_message.status = htons(STT_BADPKTLENGTH);
transmit_reply(&tx_message, &where_from);
return;
@ -1298,7 +1290,7 @@ read_from_cmd_socket(void *anything)
/* OK, we have a valid message. Now dispatch on message type and process it. */
CLG_LogCommandAccess(&remote_ip, CLG_CMD_NORMAL, cooked_now.tv_sec);
CLG_LogCommandAccess(&remote_ip, cooked_now.tv_sec);
if (rx_command >= N_REQUEST_TYPES) {
/* This should be already handled */

12
ntp_core.c
View file

@ -1516,7 +1516,7 @@ NCR_ProcessKnown
int length /* the length of the received packet */
)
{
int pkt_mode, proc_packet, proc_as_unknown, log_peer_access;
int pkt_mode, proc_packet, proc_as_unknown;
if (!check_packet_format(message, length))
return 0;
@ -1524,7 +1524,6 @@ NCR_ProcessKnown
pkt_mode = NTP_LVM_TO_MODE(message->lvm);
proc_packet = 0;
proc_as_unknown = 0;
log_peer_access = 0;
/* Now, depending on the mode we decide what to do */
switch (pkt_mode) {
@ -1532,7 +1531,6 @@ NCR_ProcessKnown
switch (inst->mode) {
case MODE_ACTIVE:
/* Ordinary symmetric peering */
log_peer_access = 1;
proc_packet = 1;
break;
case MODE_PASSIVE:
@ -1555,7 +1553,6 @@ NCR_ProcessKnown
case MODE_ACTIVE:
/* This would arise if we have the remote configured as a peer and
he does not have us configured */
log_peer_access = 1;
proc_packet = 1;
break;
case MODE_PASSIVE:
@ -1609,9 +1606,6 @@ NCR_ProcessKnown
break;
}
if (log_peer_access)
CLG_LogNTPPeerAccess(&inst->remote_addr.ip_addr, now->tv_sec);
if (proc_packet) {
/* Check if the reply was received by the socket that sent the request */
if (local_addr->sock_fd != inst->local_addr.sock_fd) {
@ -1681,12 +1675,10 @@ NCR_ProcessUnknown
case MODE_ACTIVE:
/* We are symmetric passive, even though we don't ever lock to him */
my_mode = MODE_PASSIVE;
CLG_LogNTPPeerAccess(&remote_addr->ip_addr, now->tv_sec);
break;
case MODE_CLIENT:
/* Reply with server packet */
my_mode = MODE_SERVER;
CLG_LogNTPClientAccess(&remote_addr->ip_addr, now->tv_sec);
break;
default:
/* Discard */
@ -1694,6 +1686,8 @@ NCR_ProcessUnknown
return;
}
CLG_LogNTPAccess(&remote_addr->ip_addr, now->tv_sec);
/* Check if the packet includes MAC that authenticates properly */
valid_auth = check_packet_auth(message, length, &has_auth, &key_id);

7
reports.h
View file

@ -88,11 +88,8 @@ typedef struct {
typedef struct {
IPAddr ip_addr;
unsigned long client_hits;
unsigned long peer_hits;
unsigned long cmd_hits_auth;
unsigned long cmd_hits_normal;
unsigned long cmd_hits_bad;
unsigned long ntp_hits;
unsigned long cmd_hits;
unsigned long last_ntp_hit_ago;
unsigned long last_cmd_hit_ago;
} RPT_ClientAccessByIndex_Report;