Verify roughtime results before accepting time offset (#6556)

* Verify roughtime results before accepting time offset
This commit is contained in:
Preston Van Loon 2020-07-10 21:42:26 -07:00 committed by GitHub
parent 1f35384578
commit fa85d93a19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -36,6 +36,11 @@ var offsetHistogram = promauto.NewHistogram(prometheus.HistogramOpts{
}, },
}) })
var offsetsRejected = promauto.NewCounter(prometheus.CounterOpts{
Name: "roughtime_offsets_rejected",
Help: "The number of times that roughtime results could not be verified and the returned offset was rejected",
})
func init() { func init() {
recalibrateRoughtime() recalibrateRoughtime()
runutil.RunEvery(context.Background(), RecalibrationInterval, recalibrateRoughtime) runutil.RunEvery(context.Background(), RecalibrationInterval, recalibrateRoughtime)
@ -47,15 +52,23 @@ func recalibrateRoughtime() {
// Compute the average difference between the system's time and the // Compute the average difference between the system's time and the
// Roughtime responses from the servers, rejecting responses whose radii // Roughtime responses from the servers, rejecting responses whose radii
// are larger than 2 seconds. // are larger than 2 seconds.
var err error newOffset, err := rt.AvgDeltaWithRadiusThresh(results, t0, 2*time.Second)
offset, err = rt.AvgDeltaWithRadiusThresh(results, t0, 2*time.Second)
if err != nil { if err != nil {
log.WithError(err).Error("Failed to calculate roughtime offset") log.WithError(err).Error("Failed to calculate roughtime offset")
} }
offsetHistogram.Observe(math.Abs(float64(offset))) offsetHistogram.Observe(math.Abs(float64(newOffset)))
if offset > 2*time.Second { if newOffset > 2*time.Second {
log.WithField("offset", offset).Warn("Roughtime reports your clock is off by more than 2 seconds") log.WithField("offset", newOffset).Warn("Roughtime reports your clock is off by more than 2 seconds")
} }
chain := rt.NewChain(results)
ok, err := chain.Verify(nil)
if err != nil || !ok {
log.WithError(err).WithField("offset", newOffset).Error("Could not verify roughtime responses, not accepting roughtime offset")
offsetsRejected.Inc()
return
}
offset = newOffset
} }
// Since returns the duration since t, based on the roughtime response // Since returns the duration since t, based on the roughtime response