r23 - 2013-06-28 - 15:44:59 - YanZhangYou are here: NTP >  Dev Web > GoogleSummerOfCode > GSoC2010UnitTesting > UnitTestingNotes
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

2013 Unit Testing Notes

Related Topics: UnitTestFramework


This section contains notes about problems that have come up when writing tests for libntp.


FindConfig () function don't have a proper way to test, in addition, there are 2 different implementations depending on platform.


humanlogtime() function has no input paramater, just transform the CURRENT time to a given format. No proper way to test.

2011 Unit Testing Notes

Related Topics: UnitTestFramework


This section contains notes about problems that have come up when writing tests for libisc.


Quite hard to test since there are several different implementations depending on platform). Also this file actually =#include='s other =.c=-files which can be confusing at first.

  • isc_interfaceiter_create()
  • isc_interfaceiter_current()
  • isc_interfaceiter_destroy()
  • isc_interfaceiter_first()
  • isc_interfaceiter_next()


  • isc_net_probeipv4()
  • isc_net_probeipv6()
  • isc_net_probe_ipv6only()


This section contains notes about problems that have come up when writing tests for libntp. All these problems are meant to be handled later, but are written here so that they are not forgotten.


Contains platform specific implementations of adjtime() for MPE, HPUX and QNX.


  • audio_config_read(): Reads a configuration file from disk, test the same way as authreadkeys.c. This method is static, which makes it hard to test. Also the paths are hard-coded, which makes it tricky.
  • audio_init(): Opens a file descriptor that are supposed to be a sound device.


  • Contains various functions that allocate memory.


Contains a special code for findconfig() on HPUX, platform specific tests needed.


  • icom_init(): Returns a file descriptor, after it has opened a serial link with some properties.


  • init_clock_sig(): Sends low-level commands with ioctl() to device.
  • init_socket_sig(): Contains various calls to ioctrl() or fcntl().
  • Other functions call different functions in syssignal.c


Tons of machine-specific code (mostly for MPE).


mktime() is available as a system function on some system, but libntp also has an implementation for those systems that don't have this built-in.

  • Later on, try to always test the version in mktime.c, even if the system already provides it.


See ntp_worker.c


NTP implementations of getnameinfo() and getaddrinfo(), used when the system provided functions does not support IPv6.


  • Code moved to libntp from ntpd. Check NtpdFunctionMap for ideas on testing.


  • Needs more tests than currently written.
  • ntp2unix_tm() is not used anywhere in the project.


Unfortunatly, fcntl() can't be mocked since it is required by the testing framework to execute death tests. Both functions in socket.c calls fcntl().


  • strlcpy() and friends. Not tested, but the code is from OpenBSD and probably quite stable.


See mktime.c, this code is also (mostly) from outside NTP (like strlcpy()).


  • adj_systime(): Adjusts the system's clock by calling adjtime().
  • get_systime(): Returns system time as a l_fp. Tests need to mocks for system functions returning the system time (that would be clock_gettime() or getclock()).
  • step_systime(): Steps the clock using the (platform-dependent) code in machines.c. Tests needs a way to mock clock_gettime()=/=getclock(), ntp_set_tod() and functions writing to utmp/utmpx/wtmp/wtmpx.


See ntp_worker.c


See ntp_worker.c

sntp (may be outdated)

Areas to test in sntp

The section contains initial documentation about tests for sntp.


Signing and verification of packets

File handling

Reading of:

  • Keyfile
  • KoD-file

Writing of:

  • KoD-file
  • Log file


The storage and retrieval of KoD-entries in memory.


Formatting functions, converting internal types to a format suitable for printing to file or screen.

Option handling

The retrieval of command line options.


  • Packet sending and reception.
  • Packet processing.

Name lookups and host connectivity

  • Name resolution.
  • Host connectivity.


  • Honour of KoD entries
  • Time calculations

Test coverage description


Test that:

  • Packets can be signed correctly
  • Verfication of signed packets works
  • Packet processing can handle different authentication schemes (DES, MD5, SHA)
  • Packet processing discards packets that have an invalid or unknown signature.

File handling

For key files, test that:

  • Key files with different number of items can be parsed into a linked list of keys.
  • Keys in the key file can be written in different formats, and still be parsed correctly.
  • The loaded keys can be retrived with get_key().

For KoD-files, test that:

  • The current KoD-database in memory can be written to file
  • A KoD-file can be read into memory again
  • Blank lines are ignored when reading.

For log files, test that:

  • Messages gets written to a file, unless syslog-logging is enabled.


Test that:

  • Search of entries works for when there are no, a single, or multiple matches for the given hostname.
  • No duplicate entries are added, instead the timestamp of the current entry should be updated. (Should this happen even if the KoD-type differs? No such check is done atm)
  • Deletion works as expected.


Test that:

  • sockaddr_u and addrinfo can be formatted to a string (both IPv4 and IPv6!)

Option handling

Test that:

  • Option passed on the command-line are parsed. For example, test the KoD-filename parameter (-K, --kod), ensuring that the given filename is stored in the correct variable afterwards.


Test that:

  • resolve_hosts() can resolve multiple addresses in one call, only returning the addresses for those hosts that succeeded. To avoid name resolution, the sent in hostnames could be IPv4/6 addresses.
  • Packet sending and reception works, I think this will be among the last things done, because I'm not sure how to test the code that actually sends/receives the packets.
  • Packet processing error checking works; exercise it with invalid lengths.
  • Packet processing sees KoD-packets, and recognizes if the remote server is out of sync.
  • Packet generation in on_wire() generates good packets. To test this, either the call to sendpkt() should be intercepted, or the generation of the packet moved to a standalone function.


Test that:

  • Upon reception of a KoD-packet, it is added to the KoD-database. (Not sure if this is in the scope of unit testing though).
  • The time offset calculations is done according to the formulas on p. 13 in RFC 4330. The easiest way to do that would be to be move the current code from on_wire() to a separate function, to separate it from the network handling code.

Refactoring to make testing possible/easier



The refactoring should make testing of the follow functionality possible, without having to send or receive packets on the network.

  • Generation of packets (main.c:210-233)
  • Packet parsing (main.c:240-352)
  • Time offset calculations (main.c:290-345)
  • The time offset calculations may be merged with packet processing tests, but I think there is a benifit to be able to test the calculations separetely.

Remaining tests


  • sntp_main(): The real main function, glues everything together. To increase the test coverage, some code should be moved to separate functions. An important test would be to move the code that checks for previous KoD -entries to a separate function.
  • on_wire(): Doesn't contain that much logic, most of the testable/interesting code have already been moved out to new functions. The remaining code mostly creates network stuff.
  • set_time(): The conversion between double offset to timeval might be good to test, there is a bug report about this in Bugzilla. To do this, a refactoring is needed, so that system time is not altered.


* create_socket(): Only creates a socket with the given destination, nothing to test really. * sendpkt(): Calls sendto(), and puts the bytes out on the network. Doesn't really care about what data it sends. * recvdata(): Calls recvfrom(), and gets the bytes frin the network. Doesn't really care about what data it receives. * recv_bcst_data(): This needs to be tested, and some of this code could probably be moved to recv_bcst_pkt(), to get a more uniform design (with recvpkt()). The error checking code (that checks if different addresses are valid for broadcast/multicast) could perhaps be extracted to a new function to simplify testing. * recv_bcst_pkt(): Calls recv_bcst_data(), and process_pkt(), nothing more. * recvpkt(): Tests should try to see what happends when select() get a timeout. * is_reachable(): Test if a host is reachable, could be tested if we have a known host that is reliable, so we can connect to it.


  • tv_to_str(): Uses a call to localtime to print the local time.

-- LinusKarlsson - 2010-06-18

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r26 < r25 < r24 < r23 < r22 | More topic actions...
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback