chrony: add support for REQ_CLIENT_ACCESSES_BY_INDEX

[luca-seemann]

Summary

Adds the REQ_CLIENT_ACCESSES_BY_INDEX3 codec to ntp/chrony so
Client.Communicate can return decoded per-client statistics — the
data that backs chronyc clients: NTP/NKE/Cmd hit and drop counters
plus last-hit timestamps tracked by chronyd internally.

Motivation: unblocks per-client Prometheus metrics in chrony_exporter
(SuperQ/chrony_exporter#136),
where downstream consumers currently have to hand-roll the wire format
because this library doesn't expose the command.

Constants and struct layouts follow chrony's
candm.h.

Only the v3 codec is implemented because modern chronyd (4.0+) always
replies with RPY_CLIENT_ACCESSES_BY_INDEX3 regardless of the request
version, and chrony 3.x changed the wire layout of reply code 10 without
changing the code itself, which makes v1 decoding ambiguous. chronyd
older than 4.0 returns BADPKTVERSION; this is documented on the
constructor.

Request padding: chronyd's PKL_CommandLength (pktlength.c) enforces an
anti-amplification minimum so the request must be at least as large as
the reply. The v3 'clients' reply is 520 bytes, so the request also
needs to be 520 bytes — the data array on RequestClientAccessesByIndex
is sized accordingly. Smaller requests are rejected with BADPKTLENGTH.

Two constructors are provided: NewClientAccessesByIndexPacket for
normal polling and NewClientAccessesByIndexResetPacket for the
chronyc -r clients equivalent that clears chronyd's accounting after
the reply. Keeping the counter-clearing variant separate avoids
accidentally resetting stats from a polling loop.

Test Plan

• go test ./ntp/chrony/... - all tests pass, including:
  • TestDecodeClientAccessesByIndex3 - real bytes captured from chronyd
    4.6.1 via strace, IPs substituted with RFC 5737/3849 documentation
    ranges
  • TestDecodeClientAccessesByIndex3Empty - NClients == 0 edge case
  • TestEncodeClientAccessesByIndexPacket - asserts exact 520-byte
    wire size
  • TestEncodeClientAccessesByIndexResetPacket - verifies the reset
    variant sets Reset=1
  • TestClientCommunicateClientAccessesByIndex - end-to-end via
    Client.Communicate with a mock connection
• go test ./ntp/chrony/... -fuzz=FuzzDecodePacket -fuzztime=10s - over
  1.4M random inputs with no panics
• go vet ./ntp/chrony/... clean
• Live test against a chronyd 4.6.1 instance over the Unix socket:
  paginated through 4096 clients (513 pages), output matches
  chronyc clients line-for-line.

[meta-cla]

Hi @luca-seemann!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

[meta-cla]

Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks!

[leoleovich]

I am fixing CI sorry about that