Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Prior to this update, the NTP daemon (ntpd) configured as a multicast client was not able to process multicast messages after an association with a multicast server had been created. As a consequence, the multicast client was repeatedly resetting the association with the server and it processed only unicast messages in the initial exchange. With this update, the described bug has been fixed, and the NTP multicast client now works properly in the described scenario.
Description of problem:
With the latest version of ntp from RHEL 6 and RHEL7 we found that multicastclient will no longer . For RHEL 7, version ntp-4.2.6p5-25.el7.x86_64 works properly, ntp-4.2.6p5-25.el7_3.1.x86_64 does not.
Version-Release number of selected component (if applicable):
ntp-4.2.6p5-25.el7_3.1.x86_64
How reproducible:
Install ntp-4.2.6p5-25.el7_3.1.x86_64. setup client to use
multicastclient 224.0.1.1
Steps to Reproduce:
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
eopal185 134.9.1.98 3 u 240 64 10 8.000 -422.55 0.000
note it is not locked into eopal185
Expected results:
vs a system still running the old version of ntp, ntp-4.2.6p5-25.el7.x86_64
ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*equartz187 134.9.1.98 3 m 7 64 377 8.000 -0.119 0.536
Additional info:
removing patch 7429 from ntp allows ntp multicast to work again on RHEL7.
According to one of LLNL's engineers this is related to: http://support.ntp.org/bin/view/Main/NtpBug3072
This is a regression caused by the update to NTP by:
https://access.redhat.com/errata/RHSA-2017:0252 and in particular:
https://bugzilla.redhat.com/show_bug.cgi?id=1397341
My working hypothesis is the author of the patch for the interface selection didn't understand how multicast works and didn't exempt the multicast addresses when it filtered out the mismatched IP/interface packets. Since multicast gives interfaces a new multicast address (which looks like a different IP address) the logic needs to accept those when NTP is participating on a multicast group.
Comment 11Miroslav Lichvar
2017-02-17 13:49:47 UTC
Created attachment 1252015[details]
Fix regression in multicastclient after CVE-2016-7429
Backported patch to fix multicast client to process both server and broadcast mode packets.
Description of problem: With the latest version of ntp from RHEL 6 and RHEL7 we found that multicastclient will no longer . For RHEL 7, version ntp-4.2.6p5-25.el7.x86_64 works properly, ntp-4.2.6p5-25.el7_3.1.x86_64 does not. Version-Release number of selected component (if applicable): ntp-4.2.6p5-25.el7_3.1.x86_64 How reproducible: Install ntp-4.2.6p5-25.el7_3.1.x86_64. setup client to use multicastclient 224.0.1.1 Steps to Reproduce: ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== eopal185 134.9.1.98 3 u 240 64 10 8.000 -422.55 0.000 note it is not locked into eopal185 Expected results: vs a system still running the old version of ntp, ntp-4.2.6p5-25.el7.x86_64 ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== *equartz187 134.9.1.98 3 m 7 64 377 8.000 -0.119 0.536 Additional info: removing patch 7429 from ntp allows ntp multicast to work again on RHEL7.