Uploaded image for project: 'SignServer'
  1. SignServer
  2. DSS-881

Honour rate limiting messages in TimeMonitor

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: SignServer 3.6.2
    • Component/s: TimeMonitor
    • Labels:
      None
    • Stakeholder:
      Appliance

      Description

      The SignServer TimeMonitor should be configured (by the user) to use a local NTP server of the user's control. This is important as the TimeMonitor can be configured to query the NTP server more often than what is allowed by the RFCs.

      However, if configured against one of the public NTP servers they could respond with a special packet called "kiss-of-death" to indicate that they are not happy with the rate of the queries. What should be done then is to lower the rate or seize querying.

      Currently the TimeMonitor will most likely treat the response as an UNKNOWN status and try again.

      Instead it would be better if the TimeMonitor recognized this situation and switched to disabled mode. To get started again it could require a configuration change.

      For KISS codes of type "RATE" stop querying NTP and log a failure message. Querying should not be resumed until an administrator has taken an action such as making a configuration change.

        Attachments

          Activity

            People

            Assignee:
            marcus.lundblad@primekey.se Marcus Lundblad
            Reporter:
            markus Markus Kilås
            Verified by:
            Markus Kilås
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: