<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: <cipe-l,AT,inka,DOT,de>
Subject: Re: More on timestamp errors
From: "Hans Steegers" <J.Steegers,AT,chello,DOT,nl>
Date: Thu, 3 Jul 2003 21:37:02 +0200
Reply-to: "Hans Steegers" <steegers,AT,steegers,DOT,nl>

This looks very much like a (minimal) kernel <-> kernel-module mismatch,
causing all kind of weird and unpredictable behaviour.

Best is to re-compile cipe with the correct source tree of the running
kernel and configured exactly as for that kernel: run 'make oldconfig' with
the correct .config file (the one used to build your kernel) to configure
your linux source tree.

You _cannot_ use the same binaries for kernels of the same version, but
built with (slightly) different configs, or you will experience this kind of

A mismatch between ciped-cb and cipcb.o can also cause errors like this one.

Hans Steegers

-----Original Message-----
From: Josef Drexler <jdrexler,AT,uwo,DOT,ca>
To: cipe-l,AT,inka,DOT,de <cipe-l,AT,inka,DOT,de>
Date: Thursday, July 03, 2003 8:58 PM
Subject: More on timestamp errors

>I keep getting lots of "KX: timestamp error" message in my syslog.  Both
>computers are synched to the same NTP server with an atomic clock, so I'm
>100% certain that the system clocks are accurate to within a few
>milliseconds.  So that can't be it.
>To investigate, I decided to print out what values cipe is getting.  See
>the below diff for 1.5.4.  I'm just printing what values are being
>compared, with a threshold of 30 seconds.
>Here is a random selection of the resulting messages:
>Jul  1 05:11:41 joesbox ciped-cb[637]: KX: timestamp error; our:
1057050701, peer: 751335218, thresh: 30
>Jul  2 10:11:06 joesbox ciped-cb[637]: KX: timestamp error; our:
1057155066, peer: -1574432718, thresh: 30
>Jul  3 14:27:33 joesbox ciped-cb[637]: KX: timestamp error; our:
1057256853, peer: 1056967202, thresh: 30
>As you can see, some of the values in the packets received (shown as
>"peer:") are totally bogus, indicating values back before 1970.  The
>"our:" time is correct and agrees with the syslog timestamp.
>The last entry shown has a peer timestamp from Jun 30 6:00:02 EST, and it
>was received on Jul 3.  No router in the world would cache a packet for 3
>So it looks like there's something funny going on.  At this point, I'm not
>sure what to do next.  Is this a bug in cipe (maybe it's thinking there
>should be a timestamp when there isn't?), or is it packet corruption, or
>is it something totally different?
>Both versions of cipe are identical binaries running on Linux 2.4.20 with
>the above patch applied.  I get the error messages even with the
>unmodified 1.5.4 version, albeit without the additional info of course.
>Does this have any security implications?  Is the timestamp actually
>important, or for information purposes only?
>I'd appreciate any kinds of comment on how to proceed...
>diff -ru cipe-1.5.4/cipe/ciped.c cipe-1.5.4-mod/cipe/ciped.c
>--- cipe-1.5.4/cipe/ciped.c     Sun Feb 11 16:42:39 2001
>+++ cipe-1.5.4-mod/cipe/ciped.c Tue Apr 29 13:13:04 2003
>@@ -746,10 +746,17 @@
>         ctrl(f, LM->kxbuf, x);
>         return 0;
>     }
>-    if (OI(tokxts) && (abs(time(0)-kx_ts)>OI(tokxts))) {
>-        Log(LOG_NOTICE, "KX: timestamp error");
>+    time_t curtime;
>+    curtime = time(0);
>+    if (OI(tokxts) && (abs(curtime-kx_ts)>OI(tokxts))) {
>+       char buf[64];
>+       snprintf(buf,63,"our: %d, peer: %d, thresh: %d",
>+//        Log(LOG_NOTICE, "KX: timestamp error");
>+        Log(LOG_NOTICE, "KX: timestamp error; %s", buf);
>         return 0;
>     }
>     switch(kx_typ) {
>     case NK_RREQ:
>        kx_typ=NK_REQ;
>Josef Drexler
>Message sent by the cipe-l,AT,inka,DOT,de mailing list.
>Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
>Other commands available with "help" in body to the same address.
>CIPE info and list archive:

<< | Thread Index | >> ]    [ << | Date Index | >> ]