IETF Logo Mail Archive

Re: [Ntp] Antwort: Re: Symmetric mode

Danny Mayer <mayer@pdmconsulting.net> Sat, 01 October 2022 00:25 UTC

Return-Path: <mayer@pdmconsulting.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4330DC14CF05 for <ntp@ietfa.amsl.com>; Fri, 30 Sep 2022 17:25:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.097
X-Spam-Level:
X-Spam-Status: No, score=-6.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01, T_SPF_TEMPERROR=0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZgTWfRLF5XW for <ntp@ietfa.amsl.com>; Fri, 30 Sep 2022 17:25:20 -0700 (PDT)
Received: from chessie.everett.org (unknown [IPv6:2001:470:1:205::234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7972AC14CE32 for <ntp@ietf.org>; Fri, 30 Sep 2022 17:25:09 -0700 (PDT)
Received: from [192.168.1.156] (pool-108-26-202-2.bstnma.fios.verizon.net [108.26.202.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4MfSXv6k3rzMPCq; Sat, 1 Oct 2022 00:25:03 +0000 (UTC)
Message-ID: <d667af83-1358-c249-8752-11fadcc918a8@pdmconsulting.net>
Date: Fri, 30 Sep 2022 20:25:00 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.1
Content-Language: en-US
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: kristof.teichel=40ptb.de@dmarc.ietf.org, ntp@ietf.org
References: <mayer@pdmconsulting.net> <796c33e6-02dc-0665-c8a2-a143f9100bdd@pdmconsulting.net> <20220919024614.4AB8328C1E2@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <YygwAeTMeSHXXk6t@localhost> <OF42F0D0F6.E94FA935-ONC12588C3.005225C3-C12588C3.0054DC8B@ptb.de> <d13df0b6-7c47-820e-5dbd-21dd7e2d4801@pdmconsulting.net> <YywRhCmTD4mt8KTy@localhost> <9eac8a08-80d7-0d23-940a-d00c4bb2382f@pdmconsulting.net> <YzGErHj7nkt+Ehd8@localhost> <f28113c5-74ed-43a3-2982-ff9250facfb8@pdmconsulting.net> <YzXNRa2Smcs5UsRb@localhost>
From: Danny Mayer <mayer@pdmconsulting.net>
In-Reply-To: <YzXNRa2Smcs5UsRb@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/VAMjaiYsQsOs1x13TYWMvrPuDG4>
Subject: Re: [Ntp] Antwort: Re: Symmetric mode
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2022 00:25:31 -0000

On 9/29/22 12:52 PM, Miroslav Lichvar wrote:
> On Thu, Sep 29, 2022 at 12:11:51PM -0400, Danny Mayer wrote:
>> On 9/26/22 6:53 AM, Miroslav Lichvar wrote:
>>> The trouble is that the peer is doing both the client and server part
>>> of the protocol at the same time.
>> No, and that's the misunderstanding as explained in another message. It's
>> either acting as a client or as a server but not both at the same time.
> How would they decide which one is a client and which one is server?
The initiator of the request is acting as the client for the packet and 
the other one acts as the server. When the other peer initiates a packet 
it is the client.
> The mode number is the same when both are active peers. That is the
> point a symmetric association that both are client and server at the
> same time and the reason why it is so difficult to implement and
> vulnerable to attacks.
No, since each side know whether it's acting as a client or as a server 
for each packet.
>>> As you can see, there are 4 client/server mode packets per poll, but
>>> only 2 symmetric mode packets per poll.
>> There might be a bug in the code, but you should see the same number of
>> packets.
> It's not a bug. It's by design. If the peers responded immediately, it
> would create a flood of packets between them, saturating the network
> or CPU.
>
> In Figure 15 of the RFC (describing the state of two peers) you can
> clearly see that there are only 2 messages per poll.
>
>
>                  t2      t3                 t6          t7
>          ---------------------------------------------------------
>                   /\         \                 /\            \
>                   /           \                /              \
>                  /             \              /                \
>                 /               \/           /                 \/
>          ---------------------------------------------------------
>               t1                t4         t5                  t8
>

I'm not sure what you are seeing.

Danny

v2.23.0 | Report a Bug | By Email