[ntp:hackers] Minor twitches and flakes
Danny Mayer
mayer at ntp.isc.org
Mon Apr 7 02:33:27 UTC 2008
David L. Mills wrote:
> Guys,
>
> The ntpq billboards have been changed in very minor ways to agree with
> the names used in the NTPv4 specification. Only the receive timestamp is
> reported, as the other timestamps are either clobbered (to avoid a
> replay vulnerability) or misleading after the on-wire checks.
>
> There is a new restriction bit called flake. When lit, a fraction (10
> percent) of arriving NTP packets are simply dropped. The idea is to make
> sure the on-wire and Autokey protocols operate correctly in case of
> moderate to high packet losss. The on-wire protocol works just fine,
> even in symmetric modes with Autokey, when the packet loss is as high as
> 50 percent.
>
> However, packet loss is more critical in broadcast mode with Autokey. If
> an ordinary packet (ASSOC message) is lost, no problem; however, if an
> autokey values packet (AUTO message) is lost, the autokey sequence is
> broken. When this happens the client eventually times out and restarts
> the protocol. With a packet loss of 10 percent, one AUTO message in ten
> can be dropped. With the current default key list regeneration interval,
> this happens about once or twice a day. I don't think this is
> significant, as broadcast mode would ordinarily not be used over
> moderate to high loss networks.
>
I'm not sure why autokey is more critical in broadcast mode. The autokey
is negotiated in client/server mode and when the server is authenticated
the client will revert back to accepting the broadcast packets and
authenticating the broadcast packet with the autokey obtained. After
that it doesn't matter if it drops some of the packets. Is there
something I missed?
Danny
More information about the hackers
mailing list