11553Srgrimes# @(#)CHANGES 5.1 (Berkeley) 5/11/93 272646Sasmodai# $FreeBSD$ 31553Srgrimes 41553SrgrimesThis new version is almost identical to the timed and timedc code 51553Srgrimesthat has been shipped for years by a workstation vendor. 61553Srgrimes 71553SrgrimesAmong the many changes: 81553Srgrimes 91553Srgrimesimprove `timedc msite` to accept a list of hostnames. 101553Srgrimes 111553Srgrimeschange slave-masters to answer the packets generated by `timedc msite` 121553Srgrimes with the name of the real master, not their own. This makes it 131553Srgrimes possible to "chase the chain" of slave servers to the ultimate 141553Srgrimes master. 151553Srgrimes 161553Srgrimesmuch improve the log caused by `timedc trace on`: 171553Srgrimes -made `timed -t` work. 181553Srgrimes -suppression of repeated entries, which both slowed down the daemon 191553Srgrimes (sometimes catastrophically) and tended to make disks fill up 201553Srgrimes even more quickly. 211553Srgrimes -better time stamps on log entries 221553Srgrimes -more messages 231553Srgrimes -dump information about slaves, master, and so on each time 241553Srgrimes a message asking the log be turned on is received, and 251553Srgrimes when the log is turned off. 261553Srgrimes -fewer CPU cycles 271553Srgrimes 281553Srgrimesuse a hash table to keep track of slaves, instead of the stupid linear 291553Srgrimes list. This becomes handy with hundreds of slaves, instead of 301553Srgrimes the original design limit of "a room with a few VAX's." 311553Srgrimes 321553Srgrimesseparate the main protocol timer from that used to look for other networks 331553Srgrimes to master. 341553Srgrimes 351553Srgrimestime stamp packets received by the daemon, so that time corrections 361553Srgrimes are not made (even more) inaccurate by waiting in the internal, 371553Srgrimes timed queue while the daemon is processing other messages. 381553Srgrimes 391553Srgrimesmade -n and -i work with subnets not named in /etc/networks 401553Srgrimes 411553Srgrimescompute the median of the measured clocks, instead of the average 421553Srgrimes of "good" times. 431553Srgrimes 441553Srgrimesvastly improve the accuracy of the clock difference measure by 451553Srgrimes `timedc clockdiff`. 461553Srgrimes 471553Srgrimesuse adjtime() when possible, and directly set the clock only when 481553Srgrimes necessary. 491553Srgrimes 501553Srgrimeswhen the requested adjustment is small, perform only part of it, to 511553Srgrimes damp oscillations and improve the long term accuracy of the 521553Srgrimes adjustments. 531553Srgrimes 541553Srgrimesfix uncounted core-dumps on machines that do not allow dereferencing 0 551553Srgrimes in both the daemon and timedc. 561553Srgrimes 571553Srgrimesfix "master loop detection". 581553Srgrimes 591553Srgrimesfix several cases in which multi-homed masters could get into shouting 601553Srgrimes matches, consuming all available network bandwidth and CPU cycles 611553Srgrimes (which ever runs out first), and convincing all bystanders to stop 621553Srgrimes advancing their own clocks. 631553Srgrimes 641553Srgrimesrefuse to behave badly when other machines do. Instead of arguing forever, 651553Srgrimes go off and sulk when other machines refuse to play by the rules. 661553Srgrimes 671553Srgrimesincrease the maximum number of clients. 681553Srgrimes 691553Srgrimesadd "-F host,host2,..." to "freerun" or "trust" only some hosts. This 701553Srgrimes is handy both when only some machines should be trusted to let 711553Srgrimes root use the `date` command to change time in the network. 721553Srgrimes 731553Srgrimes It is also handy when one machine has some other way of adjusting 741553Srgrimes its clock, whether NTP or a direct radio or atomic connection. 751553Srgrimes "-F localhost" causes `timed` to "trust" only itself. 761553Srgrimes 771553Srgrimes It is also handy to build a hierarchy of timed masters crossing 781553Srgrimes networks. The TSP protocol has no provision of "goodness of clock", 791553Srgrimes no natural way to completely heal network paritions. Judicious 801553Srgrimes use of -F or -G can cause each gateway to trust only itself and 811553Srgrimes machines closer to a central machine with a radio or atomic clock. 821553Srgrimes 831553Srgrimesadd #ifdef code that supports NIS "netgroups" of trusted hosts, which 841553Srgrimes can be easier to administer than -F. 851553Srgrimes 861553Srgrimesadd #ifdef code to compute an aged total adjustment. This can be used 871553Srgrimes in systems that can make long term changes in their system clock 881553Srgrimes frequency, e.g. "timetrim" in the Silicon Graphics kernel. 891553Srgrimes 901553Srgrimes 911553SrgrimesProblems observed by others that are unresolved include: 921553Srgrimes 931553SrgrimesPractically any users can send to the master TSP messages and this 941553Srgrimes way corrupt the reliability of the system. Authentication 951553Srgrimes of messages should be provided. Unfortunately, that would 961553Srgrimes require changing the protocol with all of the implied 971553Srgrimes compatiblity problems. Fortunately, the new -F and -G args 981553Srgrimes can be used to cause the daemon to ignore time changes from 991553Srgrimes untrusted machines. 1001553Srgrimes 1011553SrgrimesMAN. The limit of 1013 on the number of slaves hosts should be doc'ed. 1021553Srgrimes 1031553Srgrimes It should be dynamically allocated with no limit. On a 1041553Srgrimes large network, one host could possibly master over many 1051553Srgrimes more than 30 hosts. Given the timers in the code and 1061553Srgrimes effectively in the protocol, and the time required by each 1071553Srgrimes master to talk to each slave, it is not practical to have 1081553Srgrimes more than 200-300 slaves. The master cannot keep up because 1091553Srgrimes the slave-chatting is single-threaded. when the master 1101553Srgrimes gets behind, slaves start demanding elections. To 1111553Srgrimes significantly increase the number of slaves would require 1121553Srgrimes multi-treading things, and given that a network with more 1131553Srgrimes than 300 directly addressable machines has worse problems 1141553Srgrimes than keep the time of day right, not worth worrying about. 1151553Srgrimes 1161553SrgrimesUGLY,CODE. timedc/cmds.c has a lots of repeated code in it. 1171553Srgrimes 1181553Srgrimes**** The first thing is that each command is set up as if it 1191553Srgrimes were an individual program taking argc and argv. A more 1201553Srgrimes conventional calling style should be used. I don't think 1211553Srgrimes any of the routines take more than a couple arguments. 1221553Srgrimes 1231553SrgrimesUGLY. fxn definition syntax does't follow convention: 1241553Srgrimes has type on same line. 1251553Srgrimes 1261553Srgrimes**** It needs to be fixed at least enough that tags 1271553Srgrimes will work on it. An entire cleanup might be nice later, but 1281553Srgrimes is noncritical. 1291553Srgrimes 1301553SrgrimesLOBBY(mildly),CODE: Would be very convenient if date(1) took a 1311553Srgrimes +-<number> argument to set the time relatively. With 1321553Srgrimes the advent of timed it is now reasonable to synchronize 1331553Srgrimes with WWV, which is nearly impossible to do "by hand" 1341553Srgrimes with just an absolute date, and scripts are too slow. 1351553Srgrimes format could be +-nn...nn.ss, where the '.' is required 1361553Srgrimes to remove ambiguity. 1371553Srgrimes 1381553Srgrimes**** If you want to do it go ahead. It sounds useful. As far as 1391553Srgrimes syntax goes, the normal format for the date should work just 14072646Sasmodai fine for this. If the date is preceded by a plus or minus, 1411553Srgrimes the change is relative, otherwise it is absolute. 1421553Srgrimes 1431553Srgrimes 1441553SrgrimesVernon Schryver. 1451553Srgrimesvjs@sgi.com 146