proto: enhance ntp configuration

1. allow to set more than one NTP server 2. allow to make NTP servers from cloud controller exclusively used, i.e. the NTP servers that got announced via DHCP are not used (in certain cases this an attacker might send DHCP responses with a different NTP server set and therefore can control time on EVE) Signed-off-by: Christoph Ostarek <christoph@zededa.com>
lf-edge · Oct 11, 2024 · 57101ef · 57101ef
1 parent 60db108
commit 57101ef
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/proto/config/devconfig.proto b/proto/config/devconfig.proto
@@ -169,6 +169,14 @@ message EdgeDevConfig {
 
   // cluster configuration
   EdgeNodeCluster cluster = 43;
+  DhcpVendorExtensionsOverride dhcp_extensions_override = 44;
+}
+
+// DhcpVendorExtensionsOverride is used to override or add dhcp vendor extensions like f.e.
+// the NTP servers - currently no other options are supported, but DNS servers might be a
+// good candidate in the future
+message DhcpVendorExtensionsOverride {
+  bool ntpServerExclusively = 1; // use exclusively specified NTP servers
 }
 
 message ConfigRequest {

diff --git a/proto/info/info.proto b/proto/info/info.proto
@@ -767,6 +767,7 @@ message DevicePort {
   // domainname - OBSOLETE - obsoleted by dns
   string domainname = 14;
   string ntpServer = 15;
+  repeated string extraNtpServers = 35;
   // dnsServers - OBSOLETE - obsoleted by dns
   repeated string dnsServers = 16;
   string dhcpRangeLow = 17;