From d75f6830f190037421a66754849571fd0b495e35 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 23 Nov 2016 14:03:12 +0100 Subject: [PATCH] reference: randomize reference time In unauthenticated interleaved symmetric NTP mode we should be now careful with the reference timestamp as it may be useful with the peer delay for estimating the local receive timestamp and increasing the chance of spoofing a valid response from the peer. When updating the reference time, add a random error of up to one second to make it less sensitive when disclosed to NTP and cmdmon clients. --- reference.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/reference.c b/reference.c index f5568f9..3fdcb38 100644 --- a/reference.c +++ b/reference.c @@ -52,7 +52,7 @@ static int our_leap_sec; static int our_stratum; static uint32_t our_ref_id; static IPAddr our_ref_ip; -struct timespec our_ref_time; +static struct timespec our_ref_time; static double our_skew; static double our_residual_freq; static double our_root_delay; @@ -901,6 +901,7 @@ REF_SetReference(int stratum, double correction_rate; double uncorrected_offset, accumulate_offset, step_offset; struct timespec now, raw_now; + NTP_int64 ref_fuzz; assert(initialised); @@ -1041,6 +1042,15 @@ REF_SetReference(int stratum, LCL_SetSyncStatus(are_we_synchronised, offset_sd, offset_sd + root_delay / 2.0 + root_dispersion); + /* Add a random error of up to one second to the reference time to make it + less useful when disclosed to NTP and cmdmon clients for estimating + receive timestamps in the interleaved symmetric NTP mode */ + UTI_GetNtp64Fuzz(&ref_fuzz, 0); + UTI_TimespecToNtp64(&our_ref_time, &ref_fuzz, &ref_fuzz); + UTI_Ntp64ToTimespec(&ref_fuzz, &our_ref_time); + if (UTI_CompareTimespecs(&our_ref_time, ref_time) >= 0) + our_ref_time.tv_sec--; + abs_freq_ppm = LCL_ReadAbsoluteFrequency(); write_log(&now,