NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

---

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Unit Testing - Allen

• Student: AllenZhong
• Mentors: RahulKumar, HarlanStenn
• GSoC: GSoC Project Page

Summary

Related Items: UnitTestFramework, UnitTestingNotes, OpenNTPD with adjtime/adjfreq tuning

We use adjtime() to set time, this is implemented as adjtimex() in Linux kernel (kernel/time/ntp.c); there's also a function to set frequency as adjfreq() may needed in ntpd (ntp_loopfilter.c), these codes are not covered by our existing unit tests.

Writing tests for adjtime() may be difficult for it is a syscall on many mornden OSes, so the detailed implemention is not part of NTP, this is one of the first problems I need to solve. After writing some unit tests, testing and studying those two method is another major part of this project, some scripts will be writen to collect data from running ntpd clients and servers.

Tasks

• Get to familiar with google test framework
• Write unit test for adjtime() and adjfreq()
• Test mainly adjtime() and adjfreq() as client and server
• Study how those two methods works with NTP and how are the differ from each other
• ...

Timeline

Date	Task	Description	% Done
05-27	Community Bonding	Read documents and set up proper environment, do some sample tests for preparation.
06-17	Coding Begins	Begin coding for the GSoC project, write simple tests for adjtime() and ntp_adjtime(), test as client.
06-28	A Short Travel	A short travel in weekends for a meeting, will be offline for less than 72 hours.
07-05	Server Testing	Write more tests and do them when NTP runs as a server.
07-20	Documetation	Cleanup former work and write documents for them, prepare for midterm evals
07-29	BO Midterm Evals	Mentors and students can begin submitting mid-term evaluations.
08-02	EO Midterm Evals	Mid-term evaluations deadline. Begin testing of adjfreq().
08-09	A Short Travel	A planned short travel for about 1 week, the work will continue during this but not full days.
08-14	More Tests	Testing of adjfreq() as client and server, compare with adjtime() method, study the differences.
08-25	Analysis & Buffer	Analysis the testing results and do more tests if needed, this period is also a buffer for any unexpeted time usage.
09-16	Wrap-up	Suggested "Pencils Down" date. Finishing documents and analysising.
09-23	Firm "Pencils Down"	Mentors, students and organization administrators can begin submitting final evaluations to Google.
09-27	Final Evaluation	Final Evaluations Deadline
09-27	Code Samples	Students begin uploading code samples
10-01	Final Results	Final Results Announced

Discussion and Comments