NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Unit Testing (GSoC 2012)

• Student: AdrianSpiridon
• Mentors: AmarTakhar, RahulKumar
• GSoC: GSoC Project Page

Summary

The goal of this project is to continue with the work done on testing ntpd. The core of the project will be a library created with Packet Construction Set, which will permit thorough testing on ntpd. Various packets will be constructed and automated tests will be run.

Tasks

The work will be structured following the steps below :

Create NTP wrapper in PCS

We need to create a wrapper class for NTP using existing PCS class. The new class, NTP, will be derived from pcs.Packet and will contain all the filed from the NTP packet structure defined in RFC958.

Create NTPTestPacket class

Using the NTP wrapper class we need to create a new NTPTestPacket class that will be a wrapper for the entire packet that will be sent (ethernet + ip + udp + ntp) on the wire. This class will handle packing, sending, receiving and unpacking NTP messages. The class will support XML serialization and XML deserialization. This will alow for entire NTP packets (from ethernet to ntp) to be stored and created from XML files.

The class will also be responsilble for altering fields in the packet. The information that a field is altered is also saved in the XML file.

Create NTPTest

Using the NTPTestPacket Class we will create a NTP Test. An NTP test will consist of a list of NTPTestPackets that will be sent and a corresponding list of NTPTestPackets that should be received in response. All the information for an NTPTest will be read from an XML file. This approach will give the users the ability to create very complex tests just by adding packets in the test XML file and then chaging values or altering values, depending on the test case.

Create NTPRegression

This will be a python script that will receive a list of test XML files and using the NTPTest class run the test and interpret the results

Timeline

Date	Task	Description	% Done
04-23	Community Bonding	Students get to know mentors, read documentation, get up to speed to begin working on their projects.
05-21	Coding Begins	Students begin coding for their GSoC projects
07-09	BO Midterm Evals	Mentors and students can begin submitting mid-term evaluations.
07-13	EO Midterm Evals	Mid-term evaluations deadline.
08-13	Wrap-up	Suggested "Pencils Down" date. Take a week to scrub code, write tests, improve documentation, etc.
08-20	Firm "Pencils Down"	Mentors, students and organization administrators can begin submitting final evaluations to Google.
08-24	Final Evaluation	Final Evaluations Deadline
08-27	Final Results	Final Results Announced
08-31	Code Samples	Students begin uploading code samples

Discussion and Comments

Adrian, thanks for updating this page. What do you plan to have completed by midterm?

-- HarlanStenn - 2012-06-10

Copying the mail from Adrian (FYI)

Hello Amar,

Here is the recup plan you've asked, also with the current issues/status.

1. Create more simple tests and complex tests: + With this I've been struggeling. I cannot seem to figure out how to forge more simple tests. The framework is in place and I can create new packets with ease but I do not know what values I should put in the NTP packet fields. As I said before I've been trying to see with wireshark what NTP packets are being exchanged when an application is synchronizing using NTP but there are only two packets sent: a packet sent by the client and a response sent by the server. This test I have in place right now and here is where I desperately need your help with some clear examples of NTP packets that I should implement in my tests. For example, "If you send a NTP packet that has FiledA set to X and FiledB set to y you should receive a response where FieldC has value Z". Or can you please send me some documentation from where I can learn this sequence of packets. + If I have the information requested above, I think I will be able to finish this task in under 1 week ( of course it depedens on the number of packets that need to be created) 2. Implement man hole in NTP + First I will need to create the infrastructure in the current test frame for this. This will take me 1 day max. + Second we need to implement this in NTP. Here is also a part where I need your guidance. 3. Integrate with debug log emitter : + First I will need to create the infrastructure in the current test frame for this. This will take me 1 day max. + Second need get actual information from the emitter 4. Documentation and BCP: + This is almost done for the code the existing code. At the end I think I will need a maximum of one more day to complete this.

Just for the tasks above, it's a maximum of 1.5 weeks of work fully complete all the tasks which would put us in reach of the deadline of 24 Aug. , but as you can see I really really need your help on point 1), and also a feedback on the current plan.

Thank you, Adrian

-- RahulKumar - 2012-08-22

Amar reply to the mail(FYI) I would be OK if all we end up with this much:

1. Series of simple tests against an NTP server. (acting as a client) 2. Series of simple tests against an NTP client. (acting as a server) 3. User documentation so developers can create tests.

In order to complete these you'll need information on the NTP protocol and the process both the client and server go through when communicating. It's up in the air how far in you will be able to get in 2 weeks though.

You said that you struggled figuring out where to start and how to generate these packets in order to write the simple tests.

Before we get to that point I'd like you to create a list of possible tests to create. For example acting as a client you could create tests for various ntpq commands look at the manpage for suggestions as well as documentation you can find on https://support.ntp.org/

For instance if you implement 'ntpq --peers' you would do this twice. Once as a client querying an NTP server. The second launching a script that acts like an NTP server where you would run 'ntpq --peers' against. You would start with the client queries first as these are easier.

-- RahulKumar - 2012-08-22