[ntp:questions] Re: server's address in ntp payload?

David L. Mills mills at udel.edu
Fri Nov 18 18:43:55 UTC 2005


Guys,

I have no idea what's going on here. The only reason the reference ID is 
in the NTP header in the first place is to detect and avoid timing 
loops. While it was found useful for traceback purposes in IPv4, it 
doesn't work for IPv6, as it is only a hash.

The reference ID is not different for different addresses. It reflects 
the source of timing only, and that is the same for all interfaces on 
the same machine.

The Autokey scheme is bound to the IP addresses only for the cookie 
calculation, which must be the same on the endpoint machines. The 
security flow does not depend on the addresses, only the certificate 
trail and group key. That this doesn't work with NAT is a valuable and 
carefully treasured feature.

Dave

Ulisses wrote:
> Hi Danny
> 
> On Fri, Nov 18, 2005 at 09:24:34AM -0500, Danny Mayer wrote:
> 
>>Ulisses wrote:
> 
> [...]
> 
>>>The usefulness I wanted with it is to try getting the
>>>loopback address of ntp servers running on routers
>>>
>>
>>That's confusing me. Do you really mean the loopback addresss -
>>127.0.0.1 and ::1 or did you mean an address bound to the interface?
> 
> 
> many (all?) routers wich run a routing protocol have an special address
> that's called "loopback address" which is not 127.0.0.1
> 
> I wanted to check what address returned the ntp process on routers 
> (if it was possible) in the ntp header, in hope to obtain the
> loopback address I mention.
> 
> [...]
> 
> 
>>There nearest thing to an identifier is the refid. Unfortunately it's
>>flawed in the NTP reference implmentation since you can get different
>>refid's from different addresses on the machine.
> 
> 
> ok
> 
> Thanks for your comments
> 
> 	Ulisses
> 
> PD: I did not reply the rest of the e-mail because I suposse it is clear now
> 
>                 Debian GNU/Linux: a dream come true
> -----------------------------------------------------------------------------
> "Computers are useless. They can only give answers."            Pablo Picasso
> 
> "Debugging is twice as hard as writing the code in the first place.
> Therefore, if you write the code as cleverly as possible, you are,
> by definition, not smart enough to debug it." - Brian W. Kernighan
> 
> _______________________________________________
> questions mailing list
> questions at lists.ntp.isc.org
> https://lists.ntp.isc.org/mailman/listinfo/questions
> 




More information about the questions mailing list