DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-07 21:05:06 -05:00
Code Issues Packages Projects Releases Wiki Activity

ntp: add server support for KoD RATE

Browse Source 
Add "kod" option to the ratelimit directive to respond with the KoD
RATE code to randomly selected requests exceeding the configured limit.
This complements the client support of KoD RATE. It's disabled by
default.

There can be only one KoD code in one response. If both NTS NAK and RATE
codes are triggered, drop the response. The KoD RATE code can be set in
an NTS-authenticated response.
This commit is contained in:
Miroslav Lichvar
2024-04-02 15:25:51 +02:00
parent aac898343e
commit 24d28cd679
6 changed files with 41 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
doc/chrony.conf.adoc
View File

@@ -1861,6 +1861,14 @@ source address from completely blocking responses to that address. The leak
rate is defined as a power of 1/2 and it is 2 by default, i.e. on average at
least every fourth request has a response. The minimum value is 1 and the
maximum value is 4.
*kod* _rate_:::
This option sets the rate at which Kiss-o'-Death (KoD) RATE responses are
randomly sent when the limits specified by the *interval* and *burst* options
are exceeded. It is an additional stream of responses to the *leak* option. A
KoD RATE response is a request for the client to reduce its polling rate. Few
implementations actually support it. The rate is defined as a power of 1/2. The
default value is 0, which means disabled. The minimum value is 0 and the maximu
value is 4.
{blank}::
+
An example use of the directive is:
@@ -1876,7 +1884,7 @@ packets, by up to 75% (with default *leak* of 2).
[[ntsratelimit]]*ntsratelimit* [_option_]...::
This directive enables rate limiting of NTS-KE requests. It is similar to the
<<ratelimit,*ratelimit*>> directive, except the default interval is 6
(1 connection per 64 seconds).
(1 connection per 64 seconds) and the *kod* option is not supported.
+
An example of the use of the directive is:
+
@@ -2024,8 +2032,8 @@ need to be run with the *-p 257* option to inter-operate correctly.)
[[cmdratelimit]]*cmdratelimit* [_option_]...::
This directive enables response rate limiting for command packets. It is
similar to the <<ratelimit,*ratelimit*>> directive, except responses to
localhost are never limited and the default interval is -4 (16 packets per
second).
localhost are never limited, the default interval is -4 (16 packets per
second), and the *kod* option is not supported.
+
An example of the use of the directive is:
+