From 61d9dff620de0327b088f1e454831bda7117732f Mon Sep 17 00:00:00 2001 From: reyk <> Date: Tue, 10 Feb 2015 11:36:37 +0000 Subject: [PATCH] After successfully getting a constraint from an HTTPS server, there is no need to request it ever again. The only exception is the escalation of failed constraint checks that might lead into re-requesting the constraint time from all servers. Adjust the states accordingly. OK henning@ --- src/usr.sbin/ntpd/constraint.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/src/usr.sbin/ntpd/constraint.c b/src/usr.sbin/ntpd/constraint.c index 4a6265cf..8868dbf2 100644 --- a/src/usr.sbin/ntpd/constraint.c +++ b/src/usr.sbin/ntpd/constraint.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraint.c,v 1.1 2015/02/10 06:40:08 reyk Exp $ */ +/* $OpenBSD: constraint.c,v 1.2 2015/02/10 11:36:37 reyk Exp $ */ /* * Copyright (c) 2015 Reyk Floeter @@ -129,24 +129,34 @@ constraint_query(struct constraint *cstr) struct iovec iov[2]; now = getmonotime(); - if (cstr->state >= STATE_REPLY_RECEIVED) { - if (cstr->last + CONSTRAINT_SCAN_INTERVAL > now) { - /* Nothing to do */ - return (-1); - } - /* Reset */ - cstr->senderrors = 0; - constraint_close(cstr->fd); - } else if (cstr->state == STATE_QUERY_SENT) { + switch (cstr->state) { + case STATE_DNS_DONE: + /* Proceed and query the time */ + break; + case STATE_QUERY_SENT: if (cstr->last + CONSTRAINT_SCAN_TIMEOUT > now) { /* The caller should expect a reply */ return (0); } - /* Timeout, just kill the process to reset it */ + /* Timeout, just kill the process to reset it. */ kill(cstr->pid, SIGTERM); return (-1); + case STATE_INVALID: + if (cstr->last + CONSTRAINT_SCAN_INTERVAL > now) { + /* Nothing to do */ + return (-1); + } + + /* Reset and retry */ + cstr->senderrors = 0; + constraint_close(cstr->fd); + break; + case STATE_REPLY_RECEIVED: + default: + /* Nothing to do */ + return (-1); } cstr->last = now;