File chrony-retry_interval_ke_start.patch of Package chrony.32987

From 1daa40a2f759df30a7afe086c9f001d99fdd14a3 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 23 Feb 2023 13:10:11 +0100
Subject: [PATCH] nts: use shorter NTS-KE retry interval when network is down

When chronyd configured with an NTS source not specified as offline and
resolvable without network was started before the network was up, it was
using an unnecessarily long NTS-KE retry interval, same as if the server
was refusing the connections.

When the network is down, the connect() call made from NKC_Start() on
the non-blocking TCP socket should fail with a different error than
EINPROGRESS and cause NKC_Start() to return with failure. Add a constant
2-second retry interval (matching default iburst) for this case.

The removal of update_next_nke_attempt after inst->nke_attempts++; was
not done in 1daa40a2f759df30a7afe086c9f001d99fdd14a3 but rather in a
follow up commit a1406eded39e3f607f5fbc5fa3a5f8720a1e5bc1.
---
 nts_ntp_client.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/nts_ntp_client.c b/nts_ntp_client.c
index 4b16ffd..b54913a 100644
--- a/nts_ntp_client.c
+++ b/nts_ntp_client.c
@@ -46,6 +46,9 @@
 /* Maximum length of all cookies to avoid IP fragmentation */
 #define MAX_TOTAL_COOKIE_LENGTH (8 * 108)

+/* Retry interval for NTS-KE start (which doesn't generate network traffic) */
+#define RETRY_INTERVAL_KE_START 2.0
+
 /* Magic string of files containing keys and cookies */
 #define DUMP_IDENTIFIER "NNC0\n"

@@ -203,10 +206,15 @@ set_ntp_address(NNC_Instance inst, NTP_Remote_Address *negotiated_address)
 /* ================================================== */

 static void
-update_next_nke_attempt(NNC_Instance inst, double now)
+update_next_nke_attempt(NNC_Instance inst, int failed_start, double now)
 {
   int factor, interval;

+  if (failed_start) {
+    inst->next_nke_attempt = now + RETRY_INTERVAL_KE_START;
+    return;
+  }
+
   if (!inst->nke)
     return;

@@ -221,8 +229,8 @@ static int
 get_cookies(NNC_Instance inst)
 {
   NTP_Remote_Address ntp_address;
+  int got_data, failed_start = 0;
   double now;
-  int got_data;

   assert(inst->num_cookies == 0);

@@ -239,13 +247,12 @@ get_cookies(NNC_Instance inst)
     inst->nke = NKC_CreateInstance(&inst->nts_address, inst->name, inst->cert_set);

     inst->nke_attempts++;
-    update_next_nke_attempt(inst, now);

     if (!NKC_Start(inst->nke))
-      return 0;
+      failed_start = 1;
   }

-  update_next_nke_attempt(inst, now);
+  update_next_nke_attempt(inst, failed_start, now);

   /* Wait until the session stops */
   if (NKC_IsActive(inst->nke))