faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
chrony/test/simulation/139-nts
Miroslav Lichvar b90d2c084f ntp: randomize replacement interval 
Replacement attempts are globally rate limited to one per 7*2^8 seconds
to limit the rate of DNS requests for public servers like pool.ntp.org.
If multiple sources are repeatedly attempting replacement (at their
polling intervals), one source can be getting all attempts for periods
of time.

Use a randomly generated interval to randomize the order of source
replacements without changing the average rate.
2023-06-08 16:14:48 +02:00

312 lines
8.7 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
. ./test.common
test_start "NTP authentication with NTS"
check_config_h 'FEAT_NTS 1' || test_skip
certtool --help &> /dev/null || test_skip
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s')
for i in 1 2; do
cat > tmp/cert$i.cfg <<-EOF
cn = "node$i.net1.clk"
dns_name = "node$i.net1.clk"
ip_address = "192.168.123.$i"
serial = 001
activation_date = "2010-01-01 00:00:00 UTC"
expiration_date = "2010-01-02 00:00:00 UTC"
signing_key
encryption_key
EOF
certtool --generate-privkey --key-type=ed25519 --outfile tmp/server$i.key &> \
tmp/log.certtool$i
certtool --generate-self-signed --load-privkey tmp/server$i.key \
--template tmp/cert$i.cfg --outfile tmp/server$i.crt &>> tmp/log.certtool$i
done
max_sync_time=400
dns=1
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 66
ntsdumpdir tmp
"
client_server_options="minpoll 6 maxpoll 6 nts"
client_conf="
nosystemcert
ntstrustedcerts /dev/null
ntstrustedcerts tmp/server1.crt
ntstrustedcerts /dev/null
logdir tmp
log rawmeasurements"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 75 80 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 37 39 measurements.log || test_fail
check_file_messages " 2 1 .* 4460 " 260 300 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
rm -f tmp/measurements.log
client_conf+="
ntsrefresh 120
ntsdumpdir tmp"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 99 103 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
check_file_messages " 2 1 .* 4460 " 350 390 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
check_file_messages "." 12 13 192.168.123.1.nts || test_fail
rm -f tmp/measurements.log
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010 + 40000 sec' +'%s')
server_conf+="
ntsrotate 100000"
client_conf+="
ntsrefresh 39500"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages "20.*123\.1.* 111 111 1111" 150 160 measurements.log || test_fail
check_file_messages "20.*123\.1.* 111 001 0000" 0 0 measurements.log || test_fail
check_file_messages " 2 1 .* 4460 " 6 10 log.packets || test_fail
check_file_messages "^9\.......e+03 2 1 .* 4460 " 6 10 log.packets || test_fail
check_file_messages "." 6 6 ntskeys || test_fail
check_file_messages "." 12 13 192.168.123.1.nts || test_fail
rm -f tmp/measurements.log
client_conf="
nosystemcert"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail
export CLKNETSIM_START_DATE=$(date -d 'Jan 2 00:00:01 UTC 2010' +'%s')
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 2 1 .* 4460 " 10 20 log.packets || test_fail
check_log_messages "expired certificate" 4 4 || test_fail
client_conf+="
nocerttimecheck 1"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
export CLKNETSIM_START_DATE=$(date -d 'Jan 1 00:00:00 UTC 2010' +'%s')
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntsrefresh 500"
for dns in 1 0; do
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp"
if [ $dns != 0 ]; then
server_conf+="
ntsntpserver node2.net1.clk"
client_server_conf="server node1.net1.clk $client_server_options"
else
server_conf+="
ntsntpserver 192.168.123.2"
client_server_conf="server 192.168.123.1 $client_server_options"
fi
servers=1
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 2 1 .* 4460 " 50 100 log.packets || test_fail
check_file_messages " 2 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 4 10 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 4 10 || test_fail
servers=2
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 4460 " 100 150 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 1 1 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 0 0 || test_fail
server_conf+="
ntsratelimit interval 12 burst 1 leak 4"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 25 50 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_log_messages "Source 192.168.123.1 changed to 192.168.123.2" 2 6 || test_fail
check_log_messages "Source 192.168.123.2 replaced with 192.168.123.1" 1 6 || test_fail
done
servers=2
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsntpserver node2.net1.clk
port 11123
ntsdumpdir tmp"
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntsdumpdir tmp"
client_server_conf="server 192.168.123.1 $client_server_options"
rm -f tmp/*.nts
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
for dns in 1 0; do
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
done
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsprocesses 0
ntsrotate 0
ntsdumpdir tmp"
head -n 8 tmp/192.168.123.1.nts > tmp/192.168.123.1.nts_
mv tmp/192.168.123.1.nts_ tmp/192.168.123.1.nts
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_log_messages "Could not change" 0 0 || test_fail
check_file_messages " 3 1 .* 4460 1 0 2" 1 1 log.packets || test_fail
check_file_messages " 3 2 .* 4460 " 0 0 log.packets || test_fail
check_file_messages " 3 1 .* 11123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 11123 " 3 3 log.packets || test_fail
dns=1
server_conf="
ntsserverkey tmp/server1.key
ntsservercert tmp/server1.crt
ntsserverkey tmp/server2.key
ntsservercert tmp/server2.crt
ntsprocesses 0"
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntstrustedcerts tmp/server2.crt
minsources 2"
client_server_conf=""
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
client_conf="
nosystemcert
ntstrustedcerts tmp/server1.crt
ntstrustedcerts 1 tmp/server1.crt
ntstrustedcerts 2 tmp/server2.crt
ntstrustedcerts 3 tmp/server2.crt"
client_server_conf="
server node1.net1.clk $client_server_options certset 0
server node2.net1.clk $client_server_options certset 2"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection || test_fail
check_sync || test_fail
check_file_messages " 3 1 .* 123 " 100 200 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 100 200 log.packets || test_fail
client_server_conf="
server node1.net1.clk $client_server_options certset 2
server node2.net1.clk $client_server_options"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
client_conf="
nosystemcert
ntstrustedcerts tmp/nosuch.crt
ntstrustedcerts 2 tmp/nosuch.crt"
run_test || test_fail
check_chronyd_exit || test_fail
check_source_selection && test_fail
check_sync && test_fail
check_file_messages " 3 1 .* 123 " 0 0 log.packets || test_fail
check_file_messages " 3 2 .* 123 " 0 0 log.packets || test_fail
test_pass
Reference in a new issue View git blame Copy permalink