# $OpenBSD: CHANGES,v 1.3 2002/06/03 12:04:08 deraadt Exp $ # # @(#)CHANGES 5.1 (Berkeley) 5/11/93 This new version is almost identical to the timed and timedc code that has been shipped for years by a workstation vendor. Among the many changes: improve `timedc msite` to accept a list of hostnames. change slave-masters to answer the packets generated by `timedc msite` with the name of the real master, not their own. This makes it possible to "chase the chain" of slave servers to the ultimate master. much improve the log caused by `timedc trace on`: -made `timed -t` work. -suppression of repeated entries, which both slowed down the daemon (sometimes catastrophically) and tended to make disks fill up even more quickly. -better time stamps on log entries -more messages -dump information about slaves, master, and so on each time a message asking the log be turned on is received, and when the log is turned off. -fewer CPU cycles use a hash table to keep track of slaves, instead of the stupid linear list. This becomes handy with hundreds of slaves, instead of the original design limit of "a room with a few VAX's." separate the main protocol timer from that used to look for other networks to master. time stamp packets received by the daemon, so that time corrections are not made (even more) inaccurate by waiting in the internal, timed queue while the daemon is processing other messages. made -n and -i work with subnets not named in /etc/networks compute the median of the measured clocks, instead of the average of "good" times. vastly improve the accuracy of the clock difference measure by `timedc clockdiff`. use adjtime() when possible, and directly set the clock only when necessary. when the requested adjustment is small, perform only part of it, to damp oscillations and improve the long term accuracy of the adjustments. fix uncounted core-dumps on machines that do not allow dereferencing 0 in both the daemon and timedc. fix "master loop detection". fix several cases in which multi-homed masters could get into shouting matches, consuming all available network bandwidth and CPU cycles (which ever runs out first), and convincing all bystanders to stop advancing their own clocks. refuse to behave badly when other machines do. Instead of arguing forever, go off and sulk when other machines refuse to play by the rules. increase the maximum number of clients. add "-F host,host2,..." to "freerun" or "trust" only some hosts. This is handy both when only some machines should be trusted to let root use the `date` command to change time in the network. It is also handy when one machine has some other way of adjusting its clock, whether NTP or a direct radio or atomic connection. "-F localhost" causes `timed` to "trust" only itself. It is also handy to build a hierarchy of timed masters crossing networks. The TSP protocol has no provision of "goodness of clock", no natural way to completely heal network paritions. Judicious use of -F or -G can cause each gateway to trust only itself and machines closer to a central machine with a radio or atomic clock. add #ifdef code that supports NIS "netgroups" of trusted hosts, which can be easier to administer than -F. add #ifdef code to compute an aged total adjustment. This can be used in systems that can make long term changes in their system clock frequency, e.g. "timetrim" in the Silicon Graphics kernel. Problems observed by others that are unresolved include: Practically any users can send to the master TSP messages and this way corrupt the reliability of the system. Authentication of messages should be provided. Unfortunately, that would require changing the protocol with all of the implied compatibility problems. Fortunately, the new -F and -G args can be used to cause the daemon to ignore time changes from untrusted machines. MAN. The limit of 1013 on the number of slaves hosts should be doc'ed. It should be dynamically allocated with no limit. On a large network, one host could possibly master over many more than 30 hosts. Given the timers in the code and effectively in the protocol, and the time required by each master to talk to each slave, it is not practical to have more than 200-300 slaves. The master cannot keep up because the slave-chatting is single-threaded. when the master gets behind, slaves start demanding elections. To significantly increase the number of slaves would require multi-treading things, and given that a network with more than 300 directly addressable machines has worse problems than keep the time of day right, not worth worrying about. UGLY,CODE. timedc/cmds.c has a lots of repeated code in it. **** The first thing is that each command is set up as if it were an individual program taking argc and argv. A more conventional calling style should be used. I don't think any of the routines take more than a couple arguments. UGLY. fxn definition syntax does't follow convention: has type on same line. **** It needs to be fixed at least enough that tags will work on it. An entire cleanup might be nice later, but is noncritical. LOBBY(mildly),CODE: Would be very convenient if date(1) took a +- argument to set the time relatively. With the advent of timed it is now reasonable to synchronize with WWV, which is nearly impossible to do "by hand" with just an absolute date, and scripts are too slow. format could be +-nn...nn.ss, where the '.' is required to remove ambiguity. **** If you want to do it go ahead. It sounds useful. As far as syntax goes, the normal format for the date should work just fine for this. If the date is preceeded by a plus or minus, the change is relative, otherwise it is absolute. Vernon Schryver. vjs@sgi.com