NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
GSoC Project Ideas
Related Topics: NTF:GSoC/GSoCProjectIdeas
Anyone interested in learning advanced techniques in software testing will be interested in this project.
It will cover testing low-level protocols and operational testing of
Existing knowledge of software testing is not required however a successful candidate must have a firm grasp of the C language.
We also need network-level testing, including adding and removing interfaces.
Please be aware this project is more about software testing than it is about the NTP software itself.
You will learn a lot about the NTP protocol and protocols in general.
Learning how to test software is an extremely desirable skill in the software development world any candidate should come in with an eagerness to learn.
We usually have several students participate in writing tests. Students do not work together, although you will be doing code reviews of each other's work.
Improving NTP's logging/debugging system
- Redesign/Change NTP's logging/debugging system.
- Write a common debugging/logging interface for NTP.
While this topic has been worked on 3 times before, we've gotten the API designed and ready to go but we have not yet converted the codebase to use it all. There is a reasonable chance that during the deployment of this project we'll find some problems with the new API that must be corrected, and we may also learn ways to make the new API more lightweight or otherwise better.
Related Topics: GSoC2013LoggingDebugging
, Bug #1408
, Bug #2160
Virtual Refclock Engine/Refclock Definition Language
Analyze the existing refclock drivers. Come up with a language that can be converted into some sort of bytecode or threaded code that will be able to fully implement all of the refclocks we currently support. Harlan thinks this language would need basic math and expression support, execution flow (loop, conditional, exception, etc.) support, and subroutine support (calls to pre-defined subroutines for I/O, logging, etc.) The implemented language should be demonstrably "safe" (bounds checking, etc.), perhaps implemented as a small "virtual refclock machine", either inside NTP or as a separate program that communicates with NTP using, eg, the SHM refclock.
Related Topics: LoadableRefclockDrivers
Study the usefulness of different clock models for NTP
This project is best suited for students in post-doc or doctoral programs who have a good understanding of clock statistics.
It is possible that a graduate student would also be considered for this project.
The rare undergraduate who can demonstrate proficiency will also be considered.
There are two issues that could be considered for study. The first is a parameter that provides an explicit connection between the polling interval and the accuracy of the synchronization process. This is useful because the polling interval can be increased by a large factor if the client system does not require the full accuracy that NTP can typically support. The second issue is a more sophisticated model for the performance of the clock on the local system and for the network delay. The Kalman filter formalism is promising in this respect, because it provides a much more general method for specifying the noise characteristics of a process.
Convert the distribution from a recursive to a non-recursive
The codebase uses a traditional recursive
framework. If the package could be converted to a non-recursive
framework (hopefully one that continued to use
) then after running
cd ntpd && make
and all prerequisite libraries would be built and then
would be produced, as efficiently as possible. A
from the top-level of the build tree would build the entire package, very efficiently. Note that typically a non-recursive project does not allow
anywhere but the top level, yet we would like to preserve that functionality of recursive
builds. The solution should handle "sub-packages" - for example, the sntp/ directory is moving toward being a full tear-off, and the solution should work for a stand-alone sntp package or the complete NTP distribution (that includes sntp). Further, sntp carries a sub-package libevent which uses a recursive Autoconf/Automake build, and there is probably not enough benefit to be had from non-recursive libevent build to justify maintaining separate build infrastructure from upstream. One can install libevent systemwide and avoid building the NTP bundled copy entirely. This would imply a mostly non-recursive framework that nonetheless recurses if building the bundled libevent. Similarly, to preserve the intended ability of sntp to be built from a tearoff tarball containing only the sntp subtree without duplicating logic between the top-level NTP
, it may make sense to retain recursion from the top-level
to build sntp.
Related Topics: NtpVariablesAndNtpq
- Provide real decoding of Authentication Status information and other status bytes / flags. (DaveHart agrees decoded Authentication Status is worthwhile but believes strongly such decoding belongs in ntpd, not ntpq, because ntpq should not be required to exactly match the version of ntpd for management convenience, and these values' interpretation has changed in the past and likely will in the future, if nothing else by adding more defined bits -- potentially this can be done in ntpd by changing the response for peer variable authstatus from a simple numeric value to a string containing the decoded flag values, with or without the simple numeric value -- but this seems to DaveHart to be far too little work to constitute a GSoC project.)
, Bug #820
Access and Authorization levels
supports two levels of access to its information, public and trusted. Finer-grained access would be better. All read-only data is currently considered "public" and some of it should be considered "private". All writable data is currently protected by a single level of access control, and some of this data is safer to modify than other data. For this project, you'd be classifying these data types and implementing some additional authorization levels. If you have worked with parsers and lexers before then you can work on adding the new keywords. If you have not worked with parsers and lexers before, an NTP developer familiar with these areas of the code will take care of these things for you.
Related Topics: ConfigurationAndAuthorizationLevelsForNtpd
Monitoring / Management front end
- cross-platform TUI/GUI front end for
ntpq and the content of the scripts directory
- ncurses, perl/tk, WxWindows
- provide log access tools, graphing, etc.
Update the SHM refclock
- Clean up the protocol
- Possibly offer a "client library"
- include some unit and stress tests to demonstrate that the protocol works and does not have race conditions or mutex problems
- Also see RefclockShmV2
Finish the autogen tag translators
We use GNU autogen to handle our options processing and to produce manual pages in
formats, and also
formats. The "source" format for these pages use
as well), and autogen needs translations scripts to convert from one tag format to the other. Right now, the
scripts are fairly complete, but we need:
Related Topics: Bug #2311
- all of the other combinations finished
- a test suite (this will actually be pretty easy to do)
Create a web-based
ntp.conf file generator
Different versions of NTP support different options in the configuration file.
It would be good to have a web-based service that would ask the user for the version of NTP they are using,
ask them some basic questions,
and generate an
The generated file should contain
the version number of the script that generated the file,
and would ideally include a URL
that would re-generate the configuration file with any newer version of the generation script.
On a related topic, it might be interesting to write a web-based
analyzer that took the version of NTP as a parameter and an
file and produced a report about extraneous or useless lines, as well as a report of "missing" important items.
We had a successful GSoC 2015 project on this topic, and we learned a lot about what needs to happen to finish it. It should be possible to get a working initial prototype with one more GSoC session.
Upgrade NTP's monitoring mechanisms
(mode 6) and
(mode 7) UDP packets to monitor and control
With the recent awareness by black-hats that mis-configured older
instances can be used for significant reflection attacks, the monitoring capabilities of NTP should be re-examined.
This may include TCP options.
Related Topics: ConfigurationAndAuthorizationLevelsForNtpd
Many years ago we imported
into the NTP codebase. It's been a while since anybody has done a comparison to what
looks like today with what we are using. We have made some bugfixes that may not have been "accepted" by
, and there are likely some changes in
that we don't know about. It would be useful to do a reconciliation of the two codebases, accepting improvements in to NTP as needed, and offering any of our patches back to ISC.
tzdist information distribution service and client package
Martin Burnicki suggests:
The server package would pull updates for time zone rules and leap second table from a tzdist server and save updates in formats expected by existing applications.
For example, it could update the TZ files used by glibc to convert UTC to local time, and it could generate a leap second file in NIST format which could be read by ntpd. Eventually it could even update the time zone rules in the Windows registry.
IMO this would be very helpful to provide systems with automatic updates, e.g. when Morocco or Egypt have determine the date of DST changes only very late, which usually causes huge problems to maintainers of the IT infrastructure in such countries.
Terje Mathisen adds:
This seems like a very good idea, the tzdist client would be a small project while the full server, including all the needed hacks to pull into legal info from all over the place, could be as large as you want to. You would require an option for manual input as well.
Personally I would probably make the client use a simple https request with parameters specifying the target area/country/gps coordinates and the return would be in JSON or (shudder) XML.
I would definitely make encryption & secure authentication the default, possibly with plain http as a configurable fallback for a local server.
Implement a "configuration summary" display
runs there is a lot of output generated and it can be pretty hard to go thru all of that output and learn anything useful from it.
If we had a "summary page" of the configuration options that was emitted after the
run it would help a lot of folks.
- whether or not OpenSSL was being used
- a complete list of which refclocks were being built, and which ones were not being build.
- whether or not any given features were being enabled, and if not, why (missing libraries, missing headers)
- directory paths
Under Monitoring Management front end
, what about adding SNMP support for Windows?
Probably no longer interesting ideas:
System clock startup analysis
When NTP starts up there is value in quickly learning the offset to the correct time and the frequency adjustment that is needed to keep the clock sync'd. This can be thought of as
is the actual time,
is the needed frequency adjustment,
is the correct time, and
is the offset between the system time and the correct time.
There are at least two interesting aspects of this perspective.
One is that since the frequency adjustment is usually measured in "parts per million", there is something to be said for calculating
so the slope
correction value is "normalized" relative to 0 instead of relative to 1 and the
provides the most number of significant bits.
The other has to do with how we get the time - we've heard that if we are using a wired LAN we should be able to determine the offset and frequency adjustment in 30-45 seconds' time. It may take a minute or two to get this same level of accuracy using a wireless LAN.
One obvious way to get this is thru a least-squares analysis of the time returned from some number of time servers, external or possibly local refclocks. A good starting point for this is https://www.dragonflybsd.org/cvsweb/src/usr.sbin/dntpd/
If one wanted to use a local GPS refclock for getting time signals,
might be a good way to go.
One should be aware of the rate at which one can send packets to a remote
, and one should study a range of "collection times" to see what the differences are between, say, checking to see how well we can figure out the offset and drift over a useful range of time periods.
Identity Scheme Configuration Tool
- TUI/GUI front end for Identity Scheme Deployment / Management
How is this project different from the "Autokey configuration wizard"?
Autokey configuration wizard
- Lead user through a series of comprehensible questions.
ntp-keygen repeatedly to generate per-trusted-host, per-group, and per-client keysdir files
ntp.conf snippets for each host.
- Verify every supported scheme works as intended by testing all paths through wizard.
How is this project different from the "Identity Scheme Configuration Tool"?