All hands alert - NTPsec gets bad responses from Amazon NTP servers

Eric S. Raymond esr at thyrsus.com
Sun Dec 3 19:43:04 UTC 2017


All hands alert.  We have our first, or maybe second depending on how
you count, serious bug. About 33% of the time, NTPsec is eliciting bad
packets from Amazon time service. Classic does not have this problem.

https://gitlab.com/NTPsec/ntpsec/issues/420

Everyone with knowledge of the NTP protocol and operations issues
should look at this one and try to come up with diagnostics.

I've asked Matt Nordhoff to bisect so we can identify the commit that
introduced the problem. My suspicion falls on Daniel's big protocol
refactor.  It would fall harder on his plan to eliminate info leakage
by zeroing origin headers, but I don't thinl that has actually been
implemented yet. (I could be wrong.)

Something we're sending clearly ain't right. We need to figure out what.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

"The power to tax involves the power to destroy;...the power to
destroy may defeat and render useless the power to create...."
	-- Chief Justice John Marshall, 1819.


More information about the devel mailing list