[ntp:hackers] autokeyand IPv6?

David L. Mills mills at udel.edu
Thu Aug 14 07:03:55 PDT 2003


John,

This doesn't make sense. The TEST11 you found happens only if one of the
identity schemes failed, if you are using one, or the signature failed
on some message. But that bit got set on the identity exchange, which
doesn't do anything like that. This looks very much like an old version
bug. That particular bit has a long history of anal-retention. Are you
using a recent ntp_crypto.c? The current one in ntp-dev is 26 July, but
things that might affect you settled down a couple of months ago.
Meanwhile, I see your IPv6 Autokey broke, which is not unexpected.

Dave

Dave 

John Hay wrote:
> 
> Dave,
> 
> > If you got that far, the IPv6 Autokey problem I reported does not affect
> > you. Can you send me the cryptostats that led up to that problem? It
> > would also help to hat the trace data. That's a very unlikely event.
> 
> It seems that I was a little too impatient, it actually stops with
> "flash=408 no_access, not_proventic". I stashed yesterday's
> cryptostats and a trace (ntpd.out2) on pogo in my home dir. It might
> be a little busy because the machine is one of my regular time servers.
> The machine itself is called zibbi.icomtek.csir.co.za and the server
> that does not want to play nice with it is orca.cids.org.za and its
> ipv6 addr is 3ffe:2900:fffa:4:260:8ff:fe90:1cb0 If those files are
> too busy for you, I can try to create ones that are a little quieter.
> 
> John
> --
> John Hay -- John.Hay at icomtek.csir.co.za / jhay at FreeBSD.org



More information about the hackers mailing list