NetBSD/usr.sbin/timed/CHANGES

145 lines
5.7 KiB
Plaintext

# @(#)CHANGES 5.1 (Berkeley) 5/11/93
This new version is almost identical to the timed and timedc code
that has been shipped for years by a workstation vendor.
Among the many changes:
improve `timedc msite` to accept a list of hostnames.
change slave-masters to answer the packets generated by `timedc msite`
with the name of the real master, not their own. This makes it
possible to "chase the chain" of slave servers to the ultimate
master.
much improve the log caused by `timedc trace on`:
-made `timed -t` work.
-suppression of repeated entries, which both slowed down the daemon
(sometimes catastrophically) and tended to make disks fill up
even more quickly.
-better time stamps on log entries
-more messages
-dump information about slaves, master, and so on each time
a message asking the log be turned on is received, and
when the log is turned off.
-fewer CPU cycles
use a hash table to keep track of slaves, instead of the stupid linear
list. This becomes handy with hundreds of slaves, instead of
the original design limit of "a room with a few VAX's."
separate the main protocol timer from that used to look for other networks
to master.
time stamp packets received by the daemon, so that time corrections
are not made (even more) inaccurate by waiting in the internal,
timed queue while the daemon is processing other messages.
made -n and -i work with subnets not named in /etc/networks
compute the median of the measured clocks, instead of the average
of "good" times.
vastly improve the accuracy of the clock difference measure by
`timedc clockdiff`.
use adjtime() when possible, and directly set the clock only when
necessary.
when the requested adjustment is small, perform only part of it, to
damp oscillations and improve the long term accuracy of the
adjustments.
fix uncounted core-dumps on machines that do not allow dereferencing 0
in both the daemon and timedc.
fix "master loop detection".
fix several cases in which multi-homed masters could get into shouting
matches, consuming all available network bandwidth and CPU cycles
(which ever runs out first), and convincing all bystanders to stop
advancing their own clocks.
refuse to behave badly when other machines do. Instead of arguing forever,
go off and sulk when other machines refuse to play by the rules.
increase the maximum number of clients.
add "-F host,host2,..." to "freerun" or "trust" only some hosts. This
is handy both when only some machines should be trusted to let
root use the `date` command to change time in the network.
It is also handy when one machine has some other way of adjusting
its clock, whether NTP or a direct radio or atomic connection.
"-F localhost" causes `timed` to "trust" only itself.
It is also handy to build a hierarchy of timed masters crossing
networks. The TSP protocol has no provision of "goodness of clock",
no natural way to completely heal network partitions. Judicious
use of -F or -G can cause each gateway to trust only itself and
machines closer to a central machine with a radio or atomic clock.
add #ifdef code that supports NIS "netgroups" of trusted hosts, which
can be easier to administer than -F.
add #ifdef code to compute an aged total adjustment. This can be used
in systems that can make long term changes in their system clock
frequency, e.g. "timetrim" in the Silicon Graphics kernel.
Problems observed by others that are unresolved include:
Practically any users can send to the master TSP messages and this
way corrupt the reliability of the system. Authentication
of messages should be provided. Unfortunately, that would
require changing the protocol with all of the implied
compatibility problems. Fortunately, the new -F and -G args
can be used to cause the daemon to ignore time changes from
untrusted machines.
MAN. The limit of 1013 on the number of slaves hosts should be doc'ed.
It should be dynamically allocated with no limit. On a
large network, one host could possibly master over many
more than 30 hosts. Given the timers in the code and
effectively in the protocol, and the time required by each
master to talk to each slave, it is not practical to have
more than 200-300 slaves. The master cannot keep up because
the slave-chatting is single-threaded. when the master
gets behind, slaves start demanding elections. To
significantly increase the number of slaves would require
multi-treading things, and given that a network with more
than 300 directly addressable machines has worse problems
than keep the time of day right, not worth worrying about.
UGLY,CODE. timedc/cmds.c has a lots of repeated code in it.
**** The first thing is that each command is set up as if it
were an individual program taking argc and argv. A more
conventional calling style should be used. I don't think
any of the routines take more than a couple arguments.
UGLY. fxn definition syntax does't follow convention:
has type on same line.
**** It needs to be fixed at least enough that tags
will work on it. An entire cleanup might be nice later, but
is noncritical.
LOBBY(mildly),CODE: Would be very convenient if date(1) took a
+-<number> argument to set the time relatively. With
the advent of timed it is now reasonable to synchronize
with WWV, which is nearly impossible to do "by hand"
with just an absolute date, and scripts are too slow.
format could be +-nn...nn.ss, where the '.' is required
to remove ambiguity.
**** If you want to do it go ahead. It sounds useful. As far as
syntax goes, the normal format for the date should work just
fine for this. If the date is preceded by a plus or minus,
the change is relative, otherwise it is absolute.
Vernon Schryver.
vjs@sgi.com