[ntp:questions] NTP iff authentication

Giovanni Clemente giovanni.clemente at mail.ing.unibo.it
Mon Jun 27 07:23:42 UTC 2005



Danny Mayer wrote:

> Giovanni Clemente wrote:
>
>>    Anyway, even with an ntpkey_IFFpar_client, autokey protocol fails
>>    showing:
>>       addto_syslog: crypto_iff: invalid filestamp 3328260929
>>       peer 137.204.144.235 event 'bad_filestamp' (0x103) status
>> 'unreach,\
>>       conf, auth, 1 event, event_unreach' (0xe013)
>>       crypto_recv: error 103 opcode 82070000 ts 3328594015 fs 3328260929
>>     [ ... ]
>>       packet: bad data 608 from 137.204.144.235
>>       addto_syslog: receive: fatal error 608 for 137.204.144.235
>>
> This fatal error worries me. What version are you using?
>
> Danny


Hello, on [ campus time server ] runs ntpd 4.2.0 at 1.1161-r, while
on [ client ] ntpd 4.2.0a at 1.1190-r.

Here are output from ntpq -c rv on [ campus time server ]
(hostname qui, ntp1 and ntp2 are stratum1 from Italy's Time Inst. ):

status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0 at 1.1161-r Thu Mar 17 15:43:36 CET 2005 (1)",
processor="i686", system="Linux/2.6.11.10", leap=00, stratum=2,
precision=-17, rootdelay=8.573, rootdispersion=941.677, peer=55604,
refid=193.204.114.232,
reftime=c66a231f.b43aa79b  Mon, Jun 27 2005  9:02:55.704, poll=4,
clock=c66a238a.be691644  Mon, Jun 27 2005  9:04:42.743, state=2,
offset=-0.991, frequency=23.056, jitter=0.042, stability=0.083,
hostname="qui", signature="md5WithRSAEncryption", flags=0x80023,
hostkey=3328598549, refresh=3328844578, leapseconds=135446688, tai=32,
cert="qui ntp1 0x3 3328598549", cert="qui ntp2 0x3 3328598549",
cert="ntp2 ntp2 0x3 3315891222", cert="ntp1 ntp1 0x3 3315891235",
cert="qui qui 0x3 3328598549"

... and on [ client ]
(hostname proxyav.ing.unibo.it)

assID=0 status=c011 sync_alarm, sync_unspec, 1 event, event_restart,
version="ntpd 4.2.0a at 1.1190-r Mon Oct 11 09:10:20 EDT 2004 (1)"?,
processor="i686", system="Linux/2.6.9-1.681_FC3", leap=11, stratum=16,
precision=-19, rootdelay=0.000, rootdispersion=0.375, peer=0,
refid=INIT, reftime=00000000.00000000  Thu, Feb  7 2036  7:28:16.000,
poll=6, clock=0xc66a23d4.210e7792, state=0, offset=0.000,
frequency=0.000, noise=0.002, jitter=0.002, stability=0.000,
hostname="proxyav.ing.unibo.it", signature="md5WithRSAEncryption",
flags=0x80021, hostkey=3328600177, cert="ntp1 ntp1 0x3 3315891235",
cert="qui ntp1 0x3 3328598549",
cert="proxyav.ing.unibo.it proxyav.ing.unibo.it 0x1 3328600177"

... and an excerpt from ntpd -dd -n on [ client ]:

[omissis]
crypto_recv: flags 0x80023 ext offset 48 len 416 code 8202 assocID 0
crypto_recv: verify 100 vallen 328 siglen 64 ts 3328844578 fs 3328598549
cert_parse: X509v3 Extended Key Usage: Trust Root
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: -966122719 (-0x3995dcdf)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=ntp1
        Validity
            Not Before: Jun 27 07:02:57 2005 GMT
            Not After : Jun 27 07:02:57 2006 GMT
        Subject: CN=qui
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (512 bit)

[...public key parameters...]

crypto_xmit: ext offset 48 len 48 code 207 assocID 0
session_key: 137.204.46.138 > 137.204.144.235 62c67bc4 00000000 hash
3e85964c life 2
        MCAST   *****sendpkt(fd=7 dst=137.204.144.235,
src=137.204.46.138, ttl=0, len=116)
transmit: at 7 137.204.46.138->137.204.144.235 mode 3 keyid 62c67bc4 len
96 mac 20 index 95
poll_update: at 7 137.204.144.235 flags 020f poll 6 burst 5 last 1 next 9
receive: at 7 137.204.46.138<-137.204.144.235 restrict 000
session_key: 137.204.144.235 > 137.204.46.138 62c67bc4 00000000 hash
c2d9664b life 2
receive: at 7 137.204.46.138<-137.204.144.235 mode 4 code 1 keyid
62c67bc4 len 184 mac 20 auth 1
crypto_recv: flags 0x80123 ext offset 48 len 136 code 8207 assocID 0
crypto_recv: verify 100 vallen 42 siglen 64 ts 3328844736 fs 3328598549
addto_syslog: crypto_iff: invalid filestamp 3328598549
peer 137.204.144.235 event 'bad_filestamp' (0x103) status 'unreach,
conf, auth, 1 event, event_unreach' (0xe013)
crypto_recv: error 103 opcode 82070000 ts 3328844736 fs 3328598549
key_expire: at 7
peer_clear: at 7 assoc ID 27660 refid CRYP
packet: bad data 608 from 137.204.144.235
addto_syslog: receive: fatal error 608 for 137.204.144.235

Bye, Giovanni




More information about the questions mailing list