touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #131247
[Bug 1479652] Re: [patch] ntpd rejects source UDP ports less than 123 as bogus
** Description changed:
[Impact]
If an NTP client sends a request with a source port less than 123, the
packet is silently ignored by ntpd. This is occurring in our environment
due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting
nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
+
+ ## On the client, set to force src port < 123 (without patch)
+
+ $ ntpdate y.y.y.y
+ ntpdate[<PID>]: no server suitable for synchronization found
+
+ ## On the client, set to force src port < 123 (with patch)
+
+ $ ntpdate y.y.y.y
+ ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU
process to bring more confidence for the patch. Positive feedbacks has
been given by the community to confirm the patch addressed the bug
[comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description
below is mine.]
If an NTP client sends a request with a source port less than 123, the
packet is silently ignored by ntpd. This is occurring in our environment
due to NAT.
Attached is the patch already accepted upstream which fixes the issue.
I've verified it fixes the problem. Debian has been ignoring this patch
for almost 3 years. Can we get this in Ubuntu please?
** Description changed:
[Impact]
If an NTP client sends a request with a source port less than 123, the
packet is silently ignored by ntpd. This is occurring in our environment
due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting
nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
- #iptable setup to force src port to be lower than 123
+ #iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream: http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU
process to bring more confidence for the patch. Positive feedbacks has
been given by the community to confirm the patch addressed the bug
[comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description
below is mine.]
If an NTP client sends a request with a source port less than 123, the
packet is silently ignored by ntpd. This is occurring in our environment
due to NAT.
Attached is the patch already accepted upstream which fixes the issue.
I've verified it fixes the problem. Debian has been ignoring this patch
for almost 3 years. Can we get this in Ubuntu please?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1479652
Title:
[patch] ntpd rejects source UDP ports less than 123 as bogus
Status in NTP:
Fix Released
Status in ntp package in Ubuntu:
In Progress
Status in ntp source package in Precise:
In Progress
Status in ntp source package in Trusty:
In Progress
Status in ntp source package in Wily:
In Progress
Status in ntp source package in Xenial:
In Progress
Status in ntp package in Debian:
New
Bug description:
[Impact]
If an NTP client sends a request with a source port less than 123, the
packet is silently ignored by ntpd. This is occurring in our
environment due to NAT.
[Test Case]
The problem can easily be reproduced by having an iptable postrouting
nat forcing the source port to be under 123 set on the client.
Setup:
==> NTP server = y.y.y.y
ntp.conf configured to be a server.
==> NTP client = x.x.x.x
"ntpdate" used to submmit requests
#iptable setup to force src port to be lower than 123
iptables -t nat -A POSTROUTING -p UDP --dport 123 -j SNAT --to-source x.x.x.x:100-122
## On the client, set to force src port < 123 (without patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: no server suitable for synchronization found
## On the client, set to force src port < 123 (with patch)
$ ntpdate y.y.y.y
ntpdate[<PID>]: adjust time server y.y.y.y offset -0.028483 sec
[Regression Potential]
The patch comes from upstream:
http://bugs.ntp.org/show_bug.cgi?id=2174
A testfix[1] package has been provided to the community before the SRU
process to bring more confidence for the patch. Positive feedbacks has
been given by the community to confirm the patch addressed the bug
[comment #7]
[1]- https://launchpad.net/~slashd/+archive/ubuntu/bug1479652
[Original description]
[Title copied from Debian bug, which was not filed by me. Description
below is mine.]
If an NTP client sends a request with a source port less than 123, the
packet is silently ignored by ntpd. This is occurring in our
environment due to NAT.
Attached is the patch already accepted upstream which fixes the issue.
I've verified it fixes the problem. Debian has been ignoring this
patch for almost 3 years. Can we get this in Ubuntu please?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1479652/+subscriptions
References