<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: cipe-l,AT,inka,DOT,de
Subject: More on timestamp errors
From: Josef Drexler <jdrexler,AT,uwo,DOT,ca>
Date: Thu, 3 Jul 2003 14:48:52 -0400 (EDT)

I keep getting lots of "KX: timestamp error" message in my syslog.  Both
computers are synched to the same NTP server with an atomic clock, so I'm
100% certain that the system clocks are accurate to within a few
milliseconds.  So that can't be it.

To investigate, I decided to print out what values cipe is getting.  See
the below diff for 1.5.4.  I'm just printing what values are being
compared, with a threshold of 30 seconds.

Here is a random selection of the resulting messages:

Jul  1 05:11:41 joesbox ciped-cb[637]: KX: timestamp error; our: 1057050701, 
peer: 751335218, thresh: 30
Jul  2 10:11:06 joesbox ciped-cb[637]: KX: timestamp error; our: 1057155066, 
peer: -1574432718, thresh: 30
Jul  3 14:27:33 joesbox ciped-cb[637]: KX: timestamp error; our: 1057256853, 
peer: 1056967202, thresh: 30

As you can see, some of the values in the packets received (shown as
"peer:") are totally bogus, indicating values back before 1970.  The
"our:" time is correct and agrees with the syslog timestamp.

The last entry shown has a peer timestamp from Jun 30 6:00:02 EST, and it
was received on Jul 3.  No router in the world would cache a packet for 3
days!

So it looks like there's something funny going on.  At this point, I'm not
sure what to do next.  Is this a bug in cipe (maybe it's thinking there
should be a timestamp when there isn't?), or is it packet corruption, or
is it something totally different?

Both versions of cipe are identical binaries running on Linux 2.4.20 with
the above patch applied.  I get the error messages even with the
unmodified 1.5.4 version, albeit without the additional info of course.

Does this have any security implications?  Is the timestamp actually
important, or for information purposes only?

I'd appreciate any kinds of comment on how to proceed...

-----

diff -ru cipe-1.5.4/cipe/ciped.c cipe-1.5.4-mod/cipe/ciped.c
--- cipe-1.5.4/cipe/ciped.c     Sun Feb 11 16:42:39 2001
+++ cipe-1.5.4-mod/cipe/ciped.c Tue Apr 29 13:13:04 2003
@@ -746,10 +746,17 @@
         ctrl(f, LM->kxbuf, x);
         return 0;
     }
-    if (OI(tokxts) && (abs(time(0)-kx_ts)>OI(tokxts))) {
-        Log(LOG_NOTICE, "KX: timestamp error");
+{
+    time_t curtime;
+    curtime = time(0);
+    if (OI(tokxts) && (abs(curtime-kx_ts)>OI(tokxts))) {
+       char buf[64];
+       snprintf(buf,63,"our: %d, peer: %d, thresh: %d",
curtime,kx_ts,OI(tokxts
+//        Log(LOG_NOTICE, "KX: timestamp error");
+        Log(LOG_NOTICE, "KX: timestamp error; %s", buf);
         return 0;
     }
+}
     switch(kx_typ) {
     case NK_RREQ:
        kx_typ=NK_REQ;

-- 
Josef Drexler


<< | Thread Index | >> ]    [ << | Date Index | >> ]