ntp: don't send packets with RX/TX timestamp equal to another timestamp

Before sending a new packet, check if the receive/transmit timestamp is not equal to the origin timestamp or the previous receive/transmit timestamp in order to prevent the packet from being its own valid response (in the symmetric mode) and invalidate responses to the previous packet. This improves protection against replay attacks in the symmetric mode.
2025-12-03 16:55:07 -05:00 · 2018-02-20 09:46:08 +01:00
parent f0f18a02a7
commit 2c7ab98370
3 changed files with 49 additions and 13 deletions
--- a/util.c
+++ b/util.c
@@ -726,6 +726,23 @@ UTI_CompareNtp64(NTP_int64 *a, NTP_int64 *b)

 /* ================================================== */

+int
+UTI_IsEqualAnyNtp64(NTP_int64 *a, NTP_int64 *b1, NTP_int64 *b2, NTP_int64 *b3)
+{
+  if (b1 && a->lo == b1->lo && a->hi == b1->hi)
+    return 1;
+
+  if (b2 && a->lo == b2->lo && a->hi == b2->hi)
+    return 1;
+
+  if (b3 && a->lo == b3->lo && a->hi == b3->hi)
+    return 1;
+
+  return 0;
+}
+
+/* ================================================== */
+
 /* Seconds part of NTP timestamp correponding to the origin of the time_t format */
 #define JAN_1970 0x83aa7e80UL