From d9a67d5aae28297e4587d070e0100eaa640b1559 Mon Sep 17 00:00:00 2001
From: Christoph Ostarek <christoph@zededa.com>
Date: Mon, 14 Oct 2024 13:48:37 +0200
Subject: [PATCH] proto: enhance ntp configuration

1. allow to set more than one NTP server
2. allow to make NTP servers from cloud controller exclusively used,
   i.e. the NTP servers that got announced via DHCP are not used
   (in certain cases this an attacker might send DHCP responses with
   a different NTP server set and therefore can control time on EVE)

Signed-off-by: Christoph Ostarek <christoph@zededa.com>
---
 proto/config/netcmn.proto | 15 ++++++++++++++-
 proto/info/info.proto     |  2 ++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/proto/config/netcmn.proto b/proto/config/netcmn.proto
index c8b4198..dfb16cf 100644
--- a/proto/config/netcmn.proto
+++ b/proto/config/netcmn.proto
@@ -83,12 +83,25 @@ message ipspec {
   string subnet = 3;
   string gateway = 5;
   string domain = 6;
+  // ntp and more_ntp are used to specify several NTP servers
   string ntp = 7;
+  repeated string more_ntp = 10;
   repeated string dns = 8;
 
   // for IPAM management when dhcp is turned on.
   // If none provided, system will default pool.
   ipRange dhcpRange = 9;
+
+  DhcpOptionsIgnore dhcp_options_ignore = 11;
+}
+
+// DhcpOptionsIgnore is used to ignore dhcp options like f.e. the NTP servers
+// - currently no other options are supported, but DNS servers might be a
+// good candidate in the future
+message DhcpOptionsIgnore {
+  // use exclusively specified NTP servers
+  // if set to true and no NTP server is provided then no NTP servers should be used
+  bool ntp_server_exclusively = 1;
 }
 
 enum NetworkType {
@@ -143,4 +156,4 @@ message ConnectivityProbe {
   // Endpoint to probe using the selected probing mechanism to determine
   // the connectivity status.
   ProbeEndpoint probe_endpoint = 2;
-}
\ No newline at end of file
+}
diff --git a/proto/info/info.proto b/proto/info/info.proto
index 2bd5876..9717291 100644
--- a/proto/info/info.proto
+++ b/proto/info/info.proto
@@ -766,7 +766,9 @@ message DevicePort {
   string gateway = 13;
   // domainname - OBSOLETE - obsoleted by dns
   string domainname = 14;
+  // ntpServer and more_ntp_servers are used to report several NTP servers
   string ntpServer = 15;
+  repeated string more_ntp_servers = 35;
   // dnsServers - OBSOLETE - obsoleted by dns
   repeated string dnsServers = 16;
   string dhcpRangeLow = 17;