92b5cad993
<Vernon Schryver> vjs@calcite.rhyolite.com.
145 lines
5.7 KiB
Plaintext
145 lines
5.7 KiB
Plaintext
# @(#)CHANGES 5.1 (Berkeley) 5/11/93
|
|
|
|
This new version is almost identical to the timed and timedc code
|
|
that has been shipped for years by a workstation vendor.
|
|
|
|
Among the many changes:
|
|
|
|
improve `timedc msite` to accept a list of hostnames.
|
|
|
|
change slave-masters to answer the packets generated by `timedc msite`
|
|
with the name of the real master, not their own. This makes it
|
|
possible to "chase the chain" of slave servers to the ultimate
|
|
master.
|
|
|
|
much improve the log caused by `timedc trace on`:
|
|
-made `timed -t` work.
|
|
-suppression of repeated entries, which both slowed down the daemon
|
|
(sometimes catastrophically) and tended to make disks fill up
|
|
even more quickly.
|
|
-better time stamps on log entries
|
|
-more messages
|
|
-dump information about slaves, master, and so on each time
|
|
a message asking the log be turned on is received, and
|
|
when the log is turned off.
|
|
-fewer CPU cycles
|
|
|
|
use a hash table to keep track of slaves, instead of the stupid linear
|
|
list. This becomes handy with hundreds of slaves, instead of
|
|
the original design limit of "a room with a few VAX's."
|
|
|
|
separate the main protocol timer from that used to look for other networks
|
|
to master.
|
|
|
|
time stamp packets received by the daemon, so that time corrections
|
|
are not made (even more) inaccurate by waiting in the internal,
|
|
timed queue while the daemon is processing other messages.
|
|
|
|
made -n and -i work with subnets not named in /etc/networks
|
|
|
|
compute the median of the measured clocks, instead of the average
|
|
of "good" times.
|
|
|
|
vastly improve the accuracy of the clock difference measure by
|
|
`timedc clockdiff`.
|
|
|
|
use adjtime() when possible, and directly set the clock only when
|
|
necessary.
|
|
|
|
when the requested adjustment is small, perform only part of it, to
|
|
damp oscillations and improve the long term accuracy of the
|
|
adjustments.
|
|
|
|
fix uncounted core-dumps on machines that do not allow dereferencing 0
|
|
in both the daemon and timedc.
|
|
|
|
fix "master loop detection".
|
|
|
|
fix several cases in which multi-homed masters could get into shouting
|
|
matches, consuming all available network bandwidth and CPU cycles
|
|
(which ever runs out first), and convincing all bystanders to stop
|
|
advancing their own clocks.
|
|
|
|
refuse to behave badly when other machines do. Instead of arguing forever,
|
|
go off and sulk when other machines refuse to play by the rules.
|
|
|
|
increase the maximum number of clients.
|
|
|
|
add "-F host,host2,..." to "freerun" or "trust" only some hosts. This
|
|
is handy both when only some machines should be trusted to let
|
|
root use the `date` command to change time in the network.
|
|
|
|
It is also handy when one machine has some other way of adjusting
|
|
its clock, whether NTP or a direct radio or atomic connection.
|
|
"-F localhost" causes `timed` to "trust" only itself.
|
|
|
|
It is also handy to build a hierarchy of timed masters crossing
|
|
networks. The TSP protocol has no provision of "goodness of clock",
|
|
no natural way to completely heal network paritions. Judicious
|
|
use of -F or -G can cause each gateway to trust only itself and
|
|
machines closer to a central machine with a radio or atomic clock.
|
|
|
|
add #ifdef code that supports NIS "netgroups" of trusted hosts, which
|
|
can be easier to administer than -F.
|
|
|
|
add #ifdef code to compute an aged total adjustment. This can be used
|
|
in systems that can make long term changes in their system clock
|
|
frequency, e.g. "timetrim" in the Silicon Graphics kernel.
|
|
|
|
|
|
Problems observed by others that are unresolved include:
|
|
|
|
Practically any users can send to the master TSP messages and this
|
|
way corrupt the reliability of the system. Authentication
|
|
of messages should be provided. Unfortunately, that would
|
|
require changing the protocol with all of the implied
|
|
compatiblity problems. Fortunately, the new -F and -G args
|
|
can be used to cause the daemon to ignore time changes from
|
|
untrusted machines.
|
|
|
|
MAN. The limit of 1013 on the number of slaves hosts should be doc'ed.
|
|
|
|
It should be dynamically allocated with no limit. On a
|
|
large network, one host could possibly master over many
|
|
more than 30 hosts. Given the timers in the code and
|
|
effectively in the protocol, and the time required by each
|
|
master to talk to each slave, it is not practical to have
|
|
more than 200-300 slaves. The master cannot keep up because
|
|
the slave-chatting is single-threaded. when the master
|
|
gets behind, slaves start demanding elections. To
|
|
significantly increase the number of slaves would require
|
|
multi-treading things, and given that a network with more
|
|
than 300 directly addressable machines has worse problems
|
|
than keep the time of day right, not worth worrying about.
|
|
|
|
UGLY,CODE. timedc/cmds.c has a lots of repeated code in it.
|
|
|
|
**** The first thing is that each command is set up as if it
|
|
were an individual program taking argc and argv. A more
|
|
conventional calling style should be used. I don't think
|
|
any of the routines take more than a couple arguments.
|
|
|
|
UGLY. fxn definition syntax does't follow convention:
|
|
has type on same line.
|
|
|
|
**** It needs to be fixed at least enough that tags
|
|
will work on it. An entire cleanup might be nice later, but
|
|
is noncritical.
|
|
|
|
LOBBY(mildly),CODE: Would be very convenient if date(1) took a
|
|
+-<number> argument to set the time relatively. With
|
|
the advent of timed it is now reasonable to synchronize
|
|
with WWV, which is nearly impossible to do "by hand"
|
|
with just an absolute date, and scripts are too slow.
|
|
format could be +-nn...nn.ss, where the '.' is required
|
|
to remove ambiguity.
|
|
|
|
**** If you want to do it go ahead. It sounds useful. As far as
|
|
syntax goes, the normal format for the date should work just
|
|
fine for this. If the date is preceeded by a plus or minus,
|
|
the change is relative, otherwise it is absolute.
|
|
|
|
|
|
Vernon Schryver.
|
|
vjs@sgi.com
|