IETF Logo Mail Archive

[Ntp] SNTP, Old crufty software

Hal Murray <halmurray@sonic.net> Thu, 11 August 2022 22:25 UTC

Return-Path: <halmurray@sonic.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19DB4C15A725 for <ntp@ietfa.amsl.com>; Thu, 11 Aug 2022 15:25:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mJ9S30senmtz for <ntp@ietfa.amsl.com>; Thu, 11 Aug 2022 15:25:16 -0700 (PDT)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95DE5C157B5E for <ntp@ietf.org>; Thu, 11 Aug 2022 15:25:16 -0700 (PDT)
Received: from 107-137-68-211.lightspeed.sntcca.sbcglobal.net (107-137-68-211.lightspeed.sntcca.sbcglobal.net [107.137.68.211]) (authenticated bits=0) by c.mail.sonic.net (8.16.1/8.16.1) with ESMTPSA id 27BMPFiN022017 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Thu, 11 Aug 2022 15:25:15 -0700
Received: from hgm (localhost [IPv6:::1]) by 107-137-68-211.lightspeed.sntcca.sbcglobal.net (Postfix) with ESMTP id 06CF528C1CA; Thu, 11 Aug 2022 15:25:15 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1
To: ntp@ietf.org
cc: Hal Murray <halmurray@sonic.net>
From: Hal Murray <halmurray@sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 11 Aug 2022 15:25:14 -0700
Message-Id: <20220811222515.06CF528C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
X-Sonic-CAuth: UmFuZG9tSVY2VYDKuWLLllCrbw/zV1up5droLgMa5AB+/l+O3n6OxxCIxPGgp3AVCXlDWBqP/XAWXgBdPx6uBcYwu2lCJ0nhuZnv6FR5SOQ=
X-Sonic-ID: C;Otb0eMQZ7RGEMCdyR+6Zsg== M;IIchecQZ7RGEMCdyR+6Zsg==
X-Sonic-Spam-Details: -1.5/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/eRcoJmoOmkhepJ5i0nS-xf-ZPxM>
Subject: [Ntp] SNTP, Old crufty software
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2022 22:25:22 -0000

There is a lot of NTPv1 traffic out there.  It's ballpark of 1% of the traffic 
to pool servers

I have credible reports that some of the NTPv1 traffic is from reasonably 
modern gear.

Has anybody looked at RFC 4330 (SNTP) lately?  It's 27 pages.  Much of it is 
not useful if you are only intereted in the S part of SNTP.  It's a lot less 
simple than it could be.

------------

I think it's time for another pass at the greater SNTP area.

I'm focused on code that will go into firmware and won't get updated with 
typical distro updates, if ever.

I see three parts.

The first is that we have to agree on what will be supported for a long time.  
I assume that is a simple NTPv4 Client/Server exchange with no MACs or EFs.

The second is the protocol level.  I think we need a simple description of 
what you get from a protocol exchange, how local clocks operate, and the 
choices/benefits between ultra simple and not quite so simple.

I assume we should have sample code.  Can we maintain that off to the side 
rather than frozen in a RFC?

The third is operational. We need a BCP for people writing/distributing 
firmware and those who will be using/supporting that firmware.

We should get some of the firmware writers/users in the review process.

-----

I propose that SNTP requests (Client mode) should (ab)use an otherwise unused 
timestamp field to hold a text string for vendor info.  That will allow 
operational people to identify which gear is causing problems.
 
-----

Is anybody using SNTP interested in security?

-----

Is there any BCP for firmware writers/deployers?  Things like don't hardwire 
in any DNS names (that you don't own).  Or a WG that covers that area?

-----

stenn@nwtime.org said:
> Are they real v1 requests, from software that is about 40 years' old, or is
> it a v3/v4 header where the implementor chose to identify it as v1? 

I have no insight into how the programmers were thinking.

I assume much of it is old code that works so nobody pays attention to it.

Roughly half of the NTPv1 requests have a 0 in what is now the mode field.  
Roughly half have a 3/Client in there.  There is also a small bump on the tail 
with symm-active.

There is also NTPv2 traffic.  It is essentially all Client/request.

Roughly 90% of the NTPv1 requests have 47 bytes of 0 after the 
leap/version/mode byte.
Another 10% have stuff in the last 8 bytes, the transmit timestamp field.  A 
1/2% has other stuff I haven't investigated.


-- 
These are my opinions.  I hate spam.

v2.23.0 | Report a Bug | By Email