ntp: minimize data in client mode packets

In basic client mode, set the origin and receive timestamp to zero.
This reduces the amount of information useful for fingerprinting and
improves privacy as the origin timestamp allows a passive observer to
track individual NTP clients as they move across networks. (With chrony
clients that assumes the timestamp wasn't reset by the chronyc offline
and online commands.)

This follows recommendations from the current version of IETF draft on
NTP data minimization [1].

The timestamp could be theoretically useful for enhanced rate limiting
which can limit individual clients behind NAT and better deal with DoS
attacks, but no server implementation is known to do that.

[1] https://tools.ietf.org/html/draft-ietf-ntp-data-minimization-01

diff --git a/ntp_core.c b/ntp_core.c
index 54cdbe5257839e3147b2e5e60e6e45ae30620079..600d6abc73c87b2f55316acfe8da8a459b18ef45 100644 (file)
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -981,17 +981,24 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
 
   UTI_TimespecToNtp64(&our_ref_time, &message.reference_ts, NULL);
 
-  /* Originate - this comes from the last packet the source sent us */
-  message.originate_ts = interleaved ? *remote_ntp_rx : *remote_ntp_tx;
+  /* Don't reveal timestamps which are not necessary for the protocol */
 
-  /* Prepare random bits which will be added to the receive timestamp */
-  UTI_GetNtp64Fuzz(&ts_fuzz, precision);
+  if (my_mode != MODE_CLIENT || interleaved) {
+    /* Originate - this comes from the last packet the source sent us */
+    message.originate_ts = interleaved ? *remote_ntp_rx : *remote_ntp_tx;
 
-  /* Receive - this is when we received the last packet from the source.
-     This timestamp will have been adjusted so that it will now look to
-     the source like we have been running on our latest estimate of
-     frequency all along */
-  UTI_TimespecToNtp64(&local_receive, &message.receive_ts, &ts_fuzz);
+    /* Prepare random bits which will be added to the receive timestamp */
+    UTI_GetNtp64Fuzz(&ts_fuzz, precision);
+
+    /* Receive - this is when we received the last packet from the source.
+       This timestamp will have been adjusted so that it will now look to
+       the source like we have been running on our latest estimate of
+       frequency all along */
+    UTI_TimespecToNtp64(&local_receive, &message.receive_ts, &ts_fuzz);
+  } else {
+    UTI_ZeroNtp64(&message.originate_ts);
+    UTI_ZeroNtp64(&message.receive_ts);
+  }
 
   do {
     /* Prepare random bits which will be added to the transmit timestamp */