nts

package module

v0.1.0 Latest Latest Go to latest Published: Jul 13, 2023 License: BSD-2-Clause Imports: 16 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/beevik/nts

Links

Open Source Insights

README ¶

nts

The nts package provides a client implementation of Network Time Security (NTS) for the Network Time Protocol (NTP). It enables the secure querying of time-related information that can be used to synchronize the local system clock with a more accurate network clock. See RFC 8915 for further details.

This package is implemented as an extension to the go-based simple ntp client package, but it may be used without directly installing that package.

Creating an NTS session

Before requesting time synchronization data, you must first establish a "session" with an NTS key-exchange server.

session, err := nts.NewSession("time.cloudflare.com")

This is not a session in the typical sense of the word, which often implies a long-running network connection to a server. Rather, it is merely a collection of cryptographic keys and other state used to communicate securely with an NTS-capable NTP server. Once the session has been created, the network connection to the key-exchange server is immediately dropped and all future queries proceed via NTP using the session's query functions.

Querying time synchronization data

After successful establishment of the session, you may issue NTP Query requests for time synchronization data.

if response, err := session.Query(); err != nil {
    accurateTime := time.Now().Add(response.ClockOffset)
    fmt.Printf("The current time is: %s\n", accurateTime)
}

In addition to the clock offset, the Response includes information you can use to tune future queries. For instance, it includes a Poll interval, which describes how long you should wait before querying again. The response also has a Validate function, which you can use to perform additional sanity checks on the data to determine whether it is suitable for time synchronization purposes.

err := response.Validate()
if err == nil {
    // response data is suitable for synchronization purposes
}

If you wish to customize the behavior of the query, you may do so by using QueryWithOptions instead of Query.

opt := &ntp.QueryOptions{ Timeout: 30 * time.Second }
response, err := session.QueryWithOptions(opt)

See the documentation for QueryOptions for a list of available customizations.

Choosing an NTS server

NTS is a relatively new protocol, having become an IETF RFC in September 2020. So there are a limited number of NTS key-exchange servers available for public use. You can find a list here. The NTP pool does not currently support NTS.

If you wish to operate your own NTS-capable NTP server, you may install NTPsec or Chrony.

Documentation ¶

Overview ¶

Package nts provides a client implementation of Network Time Security (NTS) for the Network Time Protocol (NTP). It enables the secure querying of time-related information that can be used to synchronize the local system clock with a more accurate network clock. See RFC 8915 (https://tools.ietf.org/html/rfc8915) for more details.

Index ¶

Variables
type Session
- func NewSession(address string) (*Session, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrAuthFailedOnClient = errors.New("authentication failed on client")
	ErrAuthFailedOnServer = errors.New("authentication failed on server")
	ErrInvalidFormat      = errors.New("invalid packet format")
	ErrNoCookies          = errors.New("no NTS cookies available")
	ErrUniqueIDMismatch   = errors.New("client and server unique ID mismatch")
)

View Source

var ErrKeyExchangeFailed = errors.New("key exchange failure")

Functions ¶

This section is empty.

Types ¶

type Session ¶

type Session struct {
	// contains filtered or unexported fields
}

Session contains the state of an active NTS session. It is initialized by exchanging keys and cookies with an NTS key-exchange server, after which the connection to the key-exchange server is immediately dropped. The session's internal state is updated as NTP queries are made against an NTS-capable NTP server.

func NewSession ¶

func NewSession(address string) (*Session, error)

NewSession creates an NTS session by connecting to an NTS key-exchange server and requesting keys and cookies to be used for future secure NTP queries. Once keys and cookies have been received, the connection is dropped. The address is of the form "host", "host:port", "host%zone:port", "[host]:port" or "[host%zone]:port". If no port is included, NTS default port 4460 is used.

func (*Session) Address ¶

func (s *Session) Address() string

Address returns the NTP server "host:port" pair configured for the session.

func (*Session) Query ¶

func (s *Session) Query() (response *ntp.Response, err error)

Query time data from the session's associated NTP server. The response contains information from which an accurate local time can be determined.

func (*Session) QueryWithOptions ¶

func (s *Session) QueryWithOptions(opt *ntp.QueryOptions) (response *ntp.Response, err error)

QueryWithOptions performs the same function as Query but allows for the customization of certain NTP behaviors.

func (*Session) Refresh ¶

func (s *Session) Refresh() error

Refresh the session by clearing the its current cookies and performing a new key exchange. This should only be done when no queries have been performed with the session for a very long time (i.e., more than 24 hours).

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL