ntp: minimize data in client mode packets

In basic client mode, set the origin and receive timestamp to zero. This reduces the amount of information useful for fingerprinting and improves privacy as the origin timestamp allows a passive observer to track individual NTP clients as they move across networks. (With chrony clients that assumes the timestamp wasn't reset by the chronyc offline and online commands.) This follows recommendations from the current version of IETF draft on NTP data minimization [1]. The timestamp could be theoretically useful for enhanced rate limiting which can limit individual clients behind NAT and better deal with DoS attacks, but no server implementation is known to do that. [1] https://tools.ietf.org/html/draft-ietf-ntp-data-minimization-01
2017-08-03 17:21:16 +02:00 · 2017-08-03 17:21:16 +02:00 · be8215e181
commit be8215e181
parent ae82bbbace
1 changed files with 16 additions and 9 deletions
--- a/ntp_core.c
+++ b/ntp_core.c
@ -981,6 +981,9 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */

  UTI_TimespecToNtp64(&our_ref_time, &message.reference_ts, NULL);

+  /* Don't reveal timestamps which are not necessary for the protocol */
+
+  if (my_mode != MODE_CLIENT || interleaved) {
    /* Originate - this comes from the last packet the source sent us */
    message.originate_ts = interleaved ? *remote_ntp_rx : *remote_ntp_tx;

@ -992,6 +995,10 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
       the source like we have been running on our latest estimate of
       frequency all along */
    UTI_TimespecToNtp64(&local_receive, &message.receive_ts, &ts_fuzz);
+  } else {
+    UTI_ZeroNtp64(&message.originate_ts);
+    UTI_ZeroNtp64(&message.receive_ts);
+  }

  do {
    /* Prepare random bits which will be added to the transmit timestamp */