NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15
was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
serialpps.sys
driver available, which was based on a copy of the serial port example driver shipped with the Windows SDK, and extended to support the standard PPS API which is also available on many Unix-like systems.
In addition there was a serialpps-ppsapi-provider.dll
which could be used to let ntpd fetch PPS timestamps from the kernel driver:
At least the 64 bit Windows versions which were released thereafter (Vista?) required that kernel drivers need to be signed to be loaded automatically at boot time.
So Meinberg picked up Dave Hart's code, signed the kernel drivers with their key, and put the resulting binaries here:
so folks who want to play with it can do it.
This sys/dll package was never included in the installer/setup program.
The .zip
file contains an install.bat
script which copies the .sys
file to its final location and prints some hints, but it doesn't copy the associated DLL to some predefined directory, so this was probably the original reason why the DLL path has to be specified via an environment variable, or with ntpd 4.2.8p10 or later using a registry key.
Many more hints on using this driver can be found on David J. Taylor's web page
These days PCs and laptops often don't provide a real serial port with a physical UART chip, so eventually this approach can't be used on these machines.
loopback-ppsapi-provider.dll
came into existence as a means to get around the limitations of serialpps.sys
without requiring a kernel mode driver. A kernel mode driver can (but not necessarily will) provide time stamps with less jitter than any user mode application, but loopback-ppsapi-provider.dll
seems to do a very decent job here. In case you wonder about the name: This provider loops back into ntpd to tap into information already there.
This DLL is part of current versions of the normal NTP source code distribution.
instsrv.exe
utility is used to install the NTP service then a registry key with loopback_pps_api_provider.dll
is created automatically.
To set up the key manually, run the Windows regedit.exe
utility, and open this registry path:
HkeyLocalMachine\SYSTEM\CurrentControlSet\services\NTPThen create a new key as multipart string, with the name
PPSProviders
, and set the contents to loopback_pps_api_provider.dll
or whichever PPS API provider you prefer.
PPSAPI_DLLS
is a ';'-separated list of file names that should be tried in sequence to provide a PPS API for a device. For maximum interoperability between different versions of Windows the files should be given with absolute path, using standard Windows conventions (that is, use '\' as path separator).
PPSAPI_HACK
should be a boolean value (Yes/No/True/False/0/1) or be left unset, and controls the the PPS-hack operation.
PPSAPI_DLLS
nor PPSAPI_HACK
is set in the environment, the PPS hack works as it has always done.
PPSAPI_DLLS
is set (and not empty) it disables the PPS hack, assuming that a better way of handling PPS signals is provided. (The interaction between the PPS API and the PPS hack is somewhat tricky. It's better to avoid this area where dragons are roaming unless you feel really adventurous.)
PPSAPI_HACK
takes precedence over PPSAPI_DLLS
: if it is set to Y[es], T[rue] or 1 it enables the PPS hack independently of any setting of PPSAPI_DLLS
; any other value disables the PPS hack unconditionally.
PPSAPI_DLLS=C:\your\path\to\loopback-ppsapi-provider.dll PPSAPI_HACK=NoNotes:
In ntpd 4.2.8p10 and newer the environment variables are only checked for compatibility reasons, if no registry key can be found.
If the DLL name is specified as file name only, without a path, then the DLL is assumed in the same directory as ntpd.exe.
If the Meinberg installer is used then the loopback-ppsapi-provider.dll
is installed in the NTP/bin
directory where also ntpd.exe
and the openSSL DLL normally reside.
Please note there is a bug in ntpd 4.2.8p10 where the DLL name retrieved from the environment variable is not properly terminated, so garbage characters may be appended to the DLL name, and thus the DLL file may not be found. See Bug #3402 for details and a workaround.