gCNTP/gcntpaserver
gcntpaserver is a standalone simplified CNTP (Civil Network Time Protocol)
server, especially built for intranet environments. In particular 'vmsvc'
(VMware CNTP services) are suited for serving on a basic host, running
eventually in a Windows-based OS.
VNTP (CNTP running as a 'vmsvc' on a host, and a 'gvntpclient' on a guest OS)
is here discussed. It is primarily intended:
* to be simple
* to be robust
* to have low traffic
The simplicity of the protocol should be transposed to the implementation.
The server port is fixedly 1563 (non-privileged).
Two basic variants of the client/server model:
A) Basic VNTP
No forks or threads are required; by default no gettimeofday / settimeofday
are used. The trade-off is the granularity of time adjustment is of a second.
B) Handshaked VNTP
No forks or threads are required; uses gettimeofday / settimeofday.
The granularity of time adjustment is in the order of tenths of a second.
Basic VNTP
++++++++++
The Basic VNTP has no authentication, has a simple format, and uses only a
query and a response. The client makes a one line query with the following
format:
Ab 0123456789 012
'Ab' is one upper-case letter A, followed by a second letter: a lower-case
letter known as basic-request. The basic request is primarily 'b'; in this
case the server does not calculate anything, just responds back with the
current time-of-day. Basic-requests available are:
* b boot (typically used when clients boot)
* c compreensive request
The 10-digits are known as client-sec-reference; 3-digits follow after a blank
with indication of miliseconds.
You can test the server by simulating a client: using telnet, or eventually
issuing 'netcat' (nc), for instance:
% echo "Ab 123456789 567" | nc localhost 1563
The server will respond something like:
Br 1184885532 428
% test_dates stamp2date 1184885533
2007-07-19 22:52:13
Handshaked VNTP
++++++++++
VMware, in particular for Linux guests, has a considerable clock skew. VNTP
implies the use of a state-machine on both ends: the server and client.
VNTP uses TCP to improve robustness and ease of implementation.
The traffic is reduced by using the state-machine on both ends.
Let us see by the use of an example how VNTP works.
The symbols '<=' mean input received on the server, whilst '=>' means a string
output from the server to the client. 'sz' means a two-octet hexadecimal number
representing the size of the following string, excluding the mandatory blank
that follows the two-octet hexadecimal.
[Handshake]
<= sz HELO frog
=> sz 260 Go ahead: no id is requested
[Simple data transaction]
<= TM 20071231 235457 0x08
=> Sr 20071231 235459 0x07
(server closes the connection immediately)
The first 'sz' is 09; the handshake has two basic variants:
* The server requests identified clients, or not.
In this case '260' is returned to indicate that the client is free to proceed.
If 250 was returned a simple identification exchange (SiEx) would occur
instead.
The client announces it's date-time ('TM') and followed by an indication of
the last update time cycle, called How-Often-Power-Cycle (HOPC).
The server makes a call to 'gmtime' (UTC coordinates) and returns:
* a two-letter response: in this case 'ST' (the server time)
* a blank
* a string-date (an 8-octet date, blank, followed by a 6-octet time)
* a blank
* suggested HOPC: four-octet in hexa (two first octets are really '0x')
The suggested HOPC is semi-persistently saved on the server.
The two-letter response is called the server-hint: 'Sr' means a normal
response, whilst 'Sw' means a server-warning. The latter is given when the
polling time exceeds the recommended HOPC; in other words, the client seems
to be making too many polls (not respecting HOPC); the client must behave
correctly the next poll, otherwise it will be banned. Suppose the next time the
client violates the HOPC again: in this case the server-hint will be 'Sb'
(means 'Server responded the client is banned'), in particular the returned
string will be:
=> Sb -------- ------ 0xFF
If this happens, the client will be permanently black-listed: the server will
close any further connection made by this client: with no response back.
HOPC: the units are 2^x-1 seconds; for instance a HOPC=0x03 are 8 seconds.
Note: host public DSA and RSA keys are usually under
/etc/ssh/
ssh_host_{dsa,rsa}_key.pub
No comments:
Post a Comment