<html lang='en'>
<head>
<meta content='text/html; charset=utf-8' http-equiv='Content-Type'>
<title>
GitLab
</title>
</meta>
</head>
<style>
img {
max-width: 100%;
height: auto;
}
p.details {
font-style:italic;
color:#777
}
.footer p {
font-size:small;
color:#777
}
pre.commit-message {
white-space: pre-wrap;
}
.file-stats a {
text-decoration: none;
}
.file-stats .new-file {
color: #090;
}
.file-stats .deleted-file {
color: #B00;
}
</style>
<body>
<div class='content'>
<h3>Eric S. Raymond pushed to branch master at <a href="https://gitlab.com/NTPsec/ntpsec">NTPsec / ntpsec</a></h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://gitlab.com/NTPsec/ntpsec/commit/6dc6eb765300ee2cb1d8af4bde0e32dd0f02edb9">6dc6eb76</a></strong>
<div>
<span>by Eric S. Raymond</span>
<i>at 2015-12-15T08:56:31Z</i>
</div>
<pre class='commit-message'>Correct instrumentation for replay mode and back out Hal's shim.
This replaces my previous two non-backout commits.</pre>
</li>
<li>
<strong><a href="https://gitlab.com/NTPsec/ntpsec/commit/36a2c9369ed87553f6b0c1129789827c0cbbd599">36a2c936</a></strong>
<div>
<span>by Eric S. Raymond</span>
<i>at 2015-12-15T09:00:06Z</i>
</div>
<pre class='commit-message'>Randomness reduction intended to help replay mode.</pre>
</li>
</ul>
<h4>3 changed files:</h4>
<ul>
<li class='file-stats'>
<a href='#diff-0'>
ntpd/ntp_intercept.c
</a>
</li>
<li class='file-stats'>
<a href='#diff-1'>
ntpd/ntp_proto.c
</a>
</li>
<li class='file-stats'>
<a href='#diff-2'>
ntpd/ntpd.c
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id='diff-0'>
<a href='https://gitlab.com/NTPsec/ntpsec/compare/92d3680806f8fb226ec91db4d846f816631206ad...36a2c9369ed87553f6b0c1129789827c0cbbd599#diff-0'>
<strong>
ntpd/ntp_intercept.c
</strong>
</a>
<hr>
<pre class="highlight"><code><span style="color: #000000;background-color: #ffdddd">--- a/ntpd/ntp_intercept.c
</span><span style="color: #000000;background-color: #ddffdd">+++ b/ntpd/ntp_intercept.c
</span><span style="color: #aaaaaa">@@ -653,10 +653,7 @@ void intercept_sendpkt(const char *legend,
</span> struct pkt *pkt, int len)
{
char pkt_dump[BUFSIZ], newpacket[BUFSIZ];
<span style="color: #000000;background-color: #ffdddd">-if (1) {
- sendpkt(dest, ep, ttl, pkt, len);
- return;
-};
</span><span style="color: #000000;background-color: #ddffdd">+
</span> packet_dump(pkt_dump, sizeof(pkt_dump), dest, pkt, len);
snprintf(newpacket, sizeof(newpacket), "sendpkt %s %s\n", legend, pkt_dump);
<span style="color: #aaaaaa">@@ -679,10 +676,6 @@ if (1) {
</span> void intercept_receive(struct recvbuf *rbufp)
{
char pkt_dump[BUFSIZ], newpacket[BUFSIZ];
<span style="color: #000000;background-color: #ffdddd">-if (1) {
- receive(rbufp);
- return;
-};
</span>
packet_dump(pkt_dump, sizeof(pkt_dump),
&rbufp->recv_srcadr,
</code></pre>
<br>
</li>
<li id='diff-1'>
<a href='https://gitlab.com/NTPsec/ntpsec/compare/92d3680806f8fb226ec91db4d846f816631206ad...36a2c9369ed87553f6b0c1129789827c0cbbd599#diff-1'>
<strong>
ntpd/ntp_proto.c
</strong>
</a>
<hr>
<pre class="highlight"><code><span style="color: #000000;background-color: #ffdddd">--- a/ntpd/ntp_proto.c
</span><span style="color: #000000;background-color: #ddffdd">+++ b/ntpd/ntp_proto.c
</span><span style="color: #aaaaaa">@@ -2240,7 +2240,19 @@ peer_clear(
</span> } else if (MODE_PASSIVE == peer->hmode) {
peer->nextdate += ntp_minpkt;
} else {
<span style="color: #000000;background-color: #ffdddd">- peer->nextdate += intercept_ntp_random(__func__) % peer->minpoll;
</span><span style="color: #000000;background-color: #ddffdd">+ /*
+ * Randomizing the next poll interval used to be done with
+ * ntp_random(); this leads to replay-mode problems and is
+ * unnecessary, any deterministic but uniformly
+ * distributed function of the peer state would be good
+ * enough. Furthermore, changing the function creates no
+ * interop problems. For security reasons (to prevent
+ * hypothetical timing attacks) we want at least one input
+ * to be invisible from outside ntpd; the internal
+ * association ID fits the bill.
+ */
+ int pseudorandom = peer->associd ^ sock_hash(&peer->srcadr);
+ peer->nextdate += pseudorandom % peer->minpoll;
</span> }
#ifdef ENABLE_AUTOKEY
peer->refresh = current_time + (1 << NTP_REFRESH);
</code></pre>
<br>
</li>
<li id='diff-2'>
<a href='https://gitlab.com/NTPsec/ntpsec/compare/92d3680806f8fb226ec91db4d846f816631206ad...36a2c9369ed87553f6b0c1129789827c0cbbd599#diff-2'>
<strong>
ntpd/ntpd.c
</strong>
</a>
<hr>
<pre class="highlight"><code><span style="color: #000000;background-color: #ffdddd">--- a/ntpd/ntpd.c
</span><span style="color: #000000;background-color: #ddffdd">+++ b/ntpd/ntpd.c
</span><span style="color: #aaaaaa">@@ -622,6 +622,17 @@ ntpdmain(
</span> "must be run as root, not uid %ld", (long)uid);
exit(1);
}
<span style="color: #000000;background-color: #ddffdd">+ switch (intercept_get_mode())
+ {
+ case none:
+ break;
+ case replay:
+ msyslog(LOG_NOTICE, "setting replay mode.");
+ break;
+ case capture:
+ msyslog(LOG_NOTICE, "setting capture mode.");
+ break;
+ }
</span>
# ifdef HAVE_WORKING_FORK
if (wait_sync <= 0)
</code></pre>
<br>
</li>
</div>
<div class='footer' style='margin-top: 10px;'>
<p>
—
<br>
<a href="https://gitlab.com/NTPsec/ntpsec/compare/92d3680806f8fb226ec91db4d846f816631206ad...36a2c9369ed87553f6b0c1129789827c0cbbd599">View it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can adjust your notification settings.
</p>
</div>
</body>
</html>