mirror of
https://gitlab.com/chrony/chrony.git
synced 2025-12-04 17:15:07 -05:00
d28d644b04
The meaning of the poll value in KoD RATE packets is not currently defined in the NTP specification (RFC 5905). In the reference NTP implementation it signals the minimum acceptable polling interval to the clients. In chrony the minimum poll is set to the KoD RATE poll if it's larger, but not to a larger value than 10. The problem is that ntpd as a server sets the KoD RATE poll to the maximum of the client's poll and the configured rate limiting interval. An attacker can send a burst of spoofed packets to the server to trigger the client's request rate limit. When the client sends its next request and the server responds with a KoD RATE packet, the client will set its minimum poll to the current poll and it will no longer be able to switch to a shorter poll when needed. ntpd could be fixed to always set the KoD RATE poll to the rate limiting interval. Unfortunately, ntpd as a client seems to depend on the current behavior. It tries to follow the server poll and if the KoD RATE poll was shorter than the current poll, the polling interval would be reduced, defeating the purpose of KoD RATE. The server fix will probably need to wait until clients are fixed and that could take a very long time. For now, ignore the poll value in KoD RATE packets. Just add an extra delay based on the current poll to the next transmit timeout and stop an ongoing burst.
67 KiB
67 KiB