Recent NTP pool traffic increase
kurt at roeckx.be
Sun Dec 18 11:36:49 UTC 2016
On Sat, Dec 17, 2016 at 07:03:16PM -0800, Gary E. Miller wrote:
> Yo All!
> On Sat, 17 Dec 2016 17:56:32 -0800
> "Gary E. Miller" <gem at rellim.com> wrote:
> > # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
> > And I do indeed get odd results. Some on my local network...
> To follow up on this. The weirdness is just what chronyd has done
> since before version 2.2. Chronyd gets 'clever' when it fills in
> the data fields of an NTP packet.
> The RFC says a clients sends a server a packet with its current time in
> the 'Transmit Timestamp'. Chronyd instead puts in a random number. The
> server does not care, it just parrots back that timestamp back as the
> 'Originator Timestamp', plus the time the server received that packet,
> and the time it replied to the packet.
> The client uses 'Orignator Timestamp' as an index to lookup when it
> really sent the request, and then does the usual math with the real send
> So, red herring, back to the mystery hunt.
> Unless someone thinks this 'cleverness' is worth implementing in ntpsec.
I think openntpd might be doing something like that too.
That of course breaks if you try to do symmetric synchronization.
More information about the devel