Recent NTP pool traffic increase
Gary E. Miller
gem at rellim.com
Sun Dec 18 03:03:16 UTC 2016
Yo All!
On Sat, 17 Dec 2016 17:56:32 -0800
"Gary E. Miller" <gem at rellim.com> wrote:
> # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
>
> And I do indeed get odd results. Some on my local network...
To follow up on this. The weirdness is just what chronyd has done
since before version 2.2. Chronyd gets 'clever' when it fills in
the data fields of an NTP packet.
The RFC says a clients sends a server a packet with its current time in
the 'Transmit Timestamp'. Chronyd instead puts in a random number. The
server does not care, it just parrots back that timestamp back as the
'Originator Timestamp', plus the time the server received that packet,
and the time it replied to the packet.
The client uses 'Orignator Timestamp' as an index to lookup when it
really sent the request, and then does the usual math with the real send
time.
So, red herring, back to the mystery hunt.
Unless someone thinks this 'cleverness' is worth implementing in ntpsec.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20161217/bdf75f8b/attachment.bin>
More information about the devel
mailing list