[ntp:hackers] Minor twitches and flakes

Danny Mayer mayer at ntp.isc.org
Mon Apr 7 02:33:27 UTC 2008


David L. Mills wrote:
> Guys,
> 
> The ntpq billboards have been changed in very minor ways to agree with 
> the names used in the NTPv4 specification. Only the receive timestamp is 
> reported, as the other timestamps are either clobbered (to avoid a 
> replay vulnerability) or misleading after the on-wire checks.
> 
> There is a new restriction bit called flake. When lit, a fraction (10 
> percent) of arriving NTP packets are simply dropped. The idea is to make 
> sure the on-wire and Autokey protocols operate correctly in case of 
> moderate to high packet losss. The on-wire protocol works just fine, 
> even in symmetric modes with Autokey, when the packet loss is as high as 
> 50 percent.
> 
> However, packet loss is more critical in broadcast mode with Autokey. If 
> an ordinary packet (ASSOC message) is lost, no problem; however, if an 
> autokey values packet (AUTO message) is lost, the autokey sequence is 
> broken. When this happens the client eventually times out and restarts 
> the protocol. With a packet loss of 10 percent, one AUTO message in ten 
> can be dropped. With the current default key list regeneration interval, 
> this happens about once or twice a day. I don't think this is 
> significant, as broadcast mode would ordinarily not be used over 
> moderate to high loss networks.
> 

I'm not sure why autokey is more critical in broadcast mode. The autokey 
is negotiated in client/server mode and when the server is authenticated 
the client will revert back to accepting the broadcast packets and 
authenticating the broadcast packet with the autokey obtained. After 
that it doesn't matter if it drops some of the packets. Is there 
something I missed?

Danny


More information about the hackers mailing list