[Git][NTPsec/ntpsec][master] Fix responding to mode 1 (symmetric active) requests

Sat Jun 28 09:52:33 UTC 2025


Hal Murray pushed to branch master at NTPsec / ntpsec


Commits:
ff5b31c5 by Richard Laager at 2025-06-28T02:49:19-07:00
Fix responding to mode 1 (symmetric active) requests

The packets were being ignored.  Now, they are treated in accordance
with https://docs.ntpsec.org/latest/standards.html which says, "Mode 1
(Symmetric Active) is no longer implemented; such packets are treated
as ordinary client (mode 3) packets."

Windows uses mode 1 by default.

This reverts part of commit 0cd27b56bbf2fffba59a5a3d80e61269073230aa.

- - - - -


1 changed file:

- ntpd/ntp_proto.c


Changes:

=====================================
ntpd/ntp_proto.c
=====================================
@@ -215,7 +215,7 @@ void set_use_stattime(uptime_t stattime) {
 static	void	clock_combine	(peer_select *, int, int);
 static	void	clock_select	(void);
 static	void	clock_update	(struct peer *);
-static	void	fast_xmit	(struct recvbuf *, auth_info*, int);
+static	void	fast_xmit	(struct recvbuf *, int, auth_info*, int);
 static	int	local_refid	(struct peer *);
 static	void	peer_xmit	(struct peer *);
 static	int	peer_unfit	(struct peer *);
@@ -264,7 +264,8 @@ is_packet_not_low_rot(
 	return rbufp->recv_length >= 12 &&
 	    PKT_VERSION(rbufp->recv_buffer[0]) >= NTP_OLDVERSION &&
 	    PKT_VERSION(rbufp->recv_buffer[0]) <= NTP_VERSION &&
-	    ( PKT_MODE(rbufp->recv_buffer[0]) == MODE_CLIENT ||
+	    ( PKT_MODE(rbufp->recv_buffer[0]) == MODE_ACTIVEx ||
+	      PKT_MODE(rbufp->recv_buffer[0]) == MODE_CLIENT ||
 	      PKT_MODE(rbufp->recv_buffer[0]) == MODE_SERVER ||
               PKT_MODE(rbufp->recv_buffer[0]) == MODE_CONTROL);
 }
@@ -659,7 +660,7 @@ receive(
 	struct peer *peer = NULL;
 	unsigned short restrict_mask;
 	auth_info* auth = NULL;  /* !NULL if authenticated */
-	int mode;
+	int mode, xmode;
 
 #ifdef ENABLE_MSSNTP
 	uint8_t zero_key[MSSNTP_QUERY_MAC_LEN];
@@ -814,6 +815,8 @@ receive(
 	}
 
 	switch (mode) {
+	    case MODE_ACTIVEx: /* remote site using "peer" in config file */
+		/* FALLTHROUGH */
 	    case MODE_CLIENT:  /* Request for us as a server. */
 		if (rbufp->extens_present
 #ifndef DISABLE_NTS
@@ -825,7 +828,8 @@ receive(
 			maybe_log_junk("EX-REQ", rbufp);
 			break;
 		}
-		fast_xmit(rbufp, auth, restrict_mask);
+		xmode = (mode == MODE_ACTIVEx) ? MODE_PASSIVEx : MODE_SERVER;
+		fast_xmit(rbufp, xmode, auth, restrict_mask);
 		stat_proto_total.sys_processed++;
 		break;
 	    case MODE_SERVER:  /* Reply to our request to a server. */
@@ -2258,6 +2262,7 @@ leap_smear_add_offs(l_fp *t) {
 static void
 fast_xmit(
 	struct recvbuf *rbufp,	/* receive packet pointer */
+	int	xmode,		/* receive mode */
 	auth_info *auth,	/* !NULL for authentication */
 	int	flags		/* restrict mask */
 	)
@@ -2286,7 +2291,7 @@ fast_xmit(
 	if (flags & RES_KOD) {
 		stat_proto_total.sys_kodsent++;
 		xpkt.li_vn_mode = PKT_LI_VN_MODE(LEAP_NOTINSYNC,
-		    PKT_VERSION(rbufp->pkt.li_vn_mode), MODE_SERVER);
+		    PKT_VERSION(rbufp->pkt.li_vn_mode), xmode);
 		xpkt.stratum = STRATUM_PKT_UNSPEC;
 		xpkt.ppoll = max(rbufp->pkt.ppoll, rstrct.ntp_minpoll);
 		xpkt.precision = rbufp->pkt.precision;
@@ -2322,14 +2327,13 @@ fast_xmit(
 		 * the transmit/receive times.
 		 */
 		/* Note: This returns the same data for all versions.
-		 * Currently, the mode is always Server.
 		 * The version is copied from the request.
 		 * There are minor differences between v3 and v4.
 		 * So far, nobody cares.
 		 * Note: There is significant NTPv1 traffic.  See #707
 		 */
 		xpkt.li_vn_mode = PKT_LI_VN_MODE(xmt_leap,
-		    PKT_VERSION(rbufp->pkt.li_vn_mode), MODE_SERVER);
+		    PKT_VERSION(rbufp->pkt.li_vn_mode), xmode);
 		xpkt.stratum = STRATUM_TO_PKT(sys_vars.sys_stratum);
 		xpkt.ppoll = max(rbufp->pkt.ppoll, rstrct.ntp_minpoll);
 		xpkt.precision = sys_vars.sys_precision;



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/ff5b31c5f0c0a64d2c80a39ba5756ec199eb7ed3

-- 
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/-/commit/ff5b31c5f0c0a64d2c80a39ba5756ec199eb7ed3
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20250628/48333da0/attachment-0001.htm>
