[ntp:security] NOEPEER patch
Martin Burnicki
martin.burnicki at meinberg.de
Mon Jul 30 08:56:09 UTC 2018
Harlan Stenn wrote:
[...]
> I don't think I was involved in that discussion or coding.
At least you haven't commented in those threads. ;-)
> I'm assuming it's not that important that we find out who was involved,
> it's more important that we fix this ASAP.
Yes.
> Similarly, it's too bad that we didn't know about this before I released
> the proposed tarball. But we're past that now.
Yes.
>> With the latest NOEPEER patch such "symmetric active" requests are
>> simply dropped, but IMO it would be good to get the behavior back that
>> was initially implemented by DLM, i.e. send a "symmetric passive" reply
>> back, but don't mobilize an association, unless authenticated.
>>
>> Do you think we can modify the patch so that we get this behavior back
>> in p12? It shouldn't be too hard to get it.
>
> Yes, I'm happy to find a solution to this and include it in p12.
That would be really good.
> Do you know if the Windows client will be upset if it gets back a mode 4
> (server) response instead of a mode 2 (passive symmetric) response?
I haven't tried this, yet, but I'm going to investigate.
Would this be easier or more straightforward? With sending a passive
symmetric response it should work anyway ...
Martin
--
Martin Burnicki
Senior Software Engineer
MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki at meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/
Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de https://www.meinbergglobal.com
Training: https://www.meinberg.academy
More information about the security
mailing list