[Git][NTPsec/ntpsec][master] 2 commits: Correct instrumentation for replay mode and back out Hal's shim.

Tue Dec 15 14:00:35 UTC 2015

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
6dc6eb76 by Eric S. Raymond at 2015-12-15T08:56:31Z
Correct instrumentation for replay mode and back out Hal's shim.

This replaces my previous two non-backout commits.

- - - - -
36a2c936 by Eric S. Raymond at 2015-12-15T09:00:06Z
Randomness reduction intended to help replay mode.

- - - - -


3 changed files:

- ntpd/ntp_intercept.c
- ntpd/ntp_proto.c
- ntpd/ntpd.c


Changes:

=====================================
ntpd/ntp_intercept.c
=====================================

--- a/ntpd/ntp_intercept.c
+++ b/ntpd/ntp_intercept.c
@@ -653,10 +653,7 @@ void intercept_sendpkt(const char *legend,
 		  struct pkt *pkt, int len)
 {
     char pkt_dump[BUFSIZ], newpacket[BUFSIZ];
-if (1) {
-	sendpkt(dest, ep, ttl, pkt, len);
-	return;
-};
+
     packet_dump(pkt_dump, sizeof(pkt_dump), dest, pkt, len);
     snprintf(newpacket, sizeof(newpacket), "sendpkt %s %s\n", legend, pkt_dump);
 
@@ -679,10 +676,6 @@ if (1) {
 void intercept_receive(struct recvbuf *rbufp)
 {
     char pkt_dump[BUFSIZ], newpacket[BUFSIZ];
-if (1) {
-	receive(rbufp);
-	return;
-};
 
     packet_dump(pkt_dump, sizeof(pkt_dump),
 		&rbufp->recv_srcadr,


=====================================
ntpd/ntp_proto.c
=====================================
--- a/ntpd/ntp_proto.c
+++ b/ntpd/ntp_proto.c
@@ -2240,7 +2240,19 @@ peer_clear(
 	} else if (MODE_PASSIVE == peer->hmode) {
 		peer->nextdate += ntp_minpkt;
 	} else {
-		peer->nextdate += intercept_ntp_random(__func__) % peer->minpoll;
+	    /*
+	     * Randomizing the next poll interval used to be done with
+	     * ntp_random(); this leads to replay-mode problems and is
+	     * unnecessary, any deterministic but uniformly
+	     * distributed function of the peer state would be good
+	     * enough.  Furthermore, changing the function creates no
+	     * interop problems. For security reasons (to prevent
+	     * hypothetical timing attacks) we want at least one input
+	     * to be invisible from outside ntpd; the internal
+	     * association ID fits the bill.
+	     */
+	    int pseudorandom = peer->associd ^ sock_hash(&peer->srcadr);
+	    peer->nextdate += pseudorandom % peer->minpoll;
 	}
 #ifdef ENABLE_AUTOKEY
 	peer->refresh = current_time + (1 << NTP_REFRESH);


=====================================
ntpd/ntpd.c
=====================================
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -622,6 +622,17 @@ ntpdmain(
 			"must be run as root, not uid %ld", (long)uid);
 		exit(1);
 	}
+	switch (intercept_get_mode())
+	{
+	case none:
+	    break;
+	case replay:
+	    msyslog(LOG_NOTICE, "setting replay mode.");
+	    break;
+	case capture:
+	    msyslog(LOG_NOTICE, "setting capture mode.");
+	    break;
+	}
 
 # ifdef HAVE_WORKING_FORK
 	if (wait_sync <= 0)



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/92d3680806f8fb226ec91db4d846f816631206ad...36a2c9369ed87553f6b0c1129789827c0cbbd599
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/vc/attachments/20151215/c73ed53c/attachment.html>
