NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15
was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
Unit Testing (GSoC 2012)
Summary
The goal of this project is to continue with the work done on testing ntpd. The core of the project will be a library created with Packet Construction Set, which will permit thorough testing on ntpd. Various packets will be constructed and automated tests will be run.
Tasks
The work will be structured following the steps below :
Create NTP wrapper in PCS
We need to create a wrapper class for NTP using existing PCS class. The new class,
NTP
, will be derived from
pcs.Packet
and will contain all the filed from the NTP packet structure defined in RFC958.
Create NTPTestPacket class
Using the NTP wrapper class we need to create a new NTPTestPacket class that will be a wrapper for the entire packet that will be sent (ethernet + ip + udp + ntp) on the wire. This class will handle packing, sending, receiving and unpacking NTP messages. The class will support XML serialization and XML deserialization. This will alow for entire NTP packets (from ethernet to ntp) to be stored and created from XML files.
The class will also be responsilble for altering fields in the packet. The information that a field is altered is also saved in the XML file.
Create NTPTest
Using the NTPTestPacket Class we will create a NTP Test.
An NTP test will consist of a list of NTPTestPackets that will be sent and a corresponding list of NTPTestPackets that should be received in response.
All the information for an NTPTest will be read from an XML file.
This approach will give the users the ability to create very complex tests just by adding packets in the test XML file and then chaging values or altering values, depending on the test case.
Create NTPRegression
This will be a python script that will receive a list of test XML files and using the NTPTest class run the test and interpret the results
Timeline
Discussion and Comments
Adrian, thanks for updating this page. What do you plan to have completed by midterm?
--
HarlanStenn - 2012-06-10
Copying the mail from Adrian (FYI)
Hello Amar,
Here is the recup plan you've asked, also with the current issues/status.
1. Create more simple tests and complex tests:
+ With this I've been struggeling. I cannot seem to figure out how to
forge more simple tests. The framework is in place and I can create new
packets with ease but I do not know what values I should put in the NTP
packet fields. As I said before I've been trying to see with wireshark
what NTP packets are being exchanged when an application
is synchronizing using NTP but there are only two packets sent: a
packet sent by the client and a response sent by the server. This test
I have in place right now and here is where I desperately need your
help with some clear examples of NTP packets that I should implement in
my tests. For example, "If you send a NTP packet that has
FiledA set to
X and
FiledB set to y you should receive a response where
FieldC has
value Z". Or can you please send me some documentation from where I can
learn this sequence of packets.
+ If I have the information requested above, I think I will be able to
finish this task in under 1 week ( of course it depedens on the number
of packets that need to be created)
2. Implement man hole in NTP
+ First I will need to create the infrastructure in the current test
frame for this. This will take me 1 day max.
+ Second we need to implement this in NTP. Here is also a part where I
need your guidance.
3. Integrate with debug log emitter :
+ First I will need to create the infrastructure in the current test
frame for this. This will take me 1 day max.
+ Second need get actual information from the emitter
4. Documentation and BCP:
+ This is almost done for the code the existing code. At the end I think
I will need a maximum of one more day to complete this.
Just for the tasks above, it's a maximum of 1.5 weeks of work fully complete
all the tasks which would put us in reach of the deadline of 24 Aug. , but as
you can see I really really need your help on point 1), and also a feedback on
the current plan.
Thank you,
Adrian
--
RahulKumar - 2012-08-22
Amar reply to the mail(FYI)
I would be OK if all we end up with this much:
1. Series of simple tests against an NTP server. (acting as a client)
2. Series of simple tests against an NTP client. (acting as a server)
3. User documentation so developers can create tests.
In order to complete these you'll need information on the NTP protocol and the
process both the client and server go through when communicating. It's up in
the air how far in you will be able to get in 2 weeks though.
You said that you struggled figuring out where to start and how to generate
these packets in order to write the simple tests.
Before we get to that point I'd like you to create a list of possible tests to
create. For example acting as a client you could create tests for various ntpq
commands look at the manpage for suggestions as well as documentation you can
find on
https://support.ntp.org/
For instance if you implement 'ntpq --peers' you would do this twice. Once as a
client querying an NTP server. The second launching a script that acts like an
NTP server where you would run 'ntpq --peers' against. You would start with the
client queries first as these are easier.
--
RahulKumar - 2012-08-22