NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
2013 Unit Testing Notes
Related Topics: UnitTestFramework
This section contains notes about problems that have come up when writing tests for libntp.
function don't have a proper way to test, in addition, there are 2 different implementations depending on platform.
function has no input paramater, just transform the CURRENT time to a given format. No proper way to test.
2011 Unit Testing Notes
Related Topics: UnitTestFramework
This section contains notes about problems that have come up when writing tests for
Quite hard to test since there are several different implementations depending on platform). Also this file actually =#include='s other =.c=-files which can be confusing at first.
This section contains notes about problems that have come up when writing tests for libntp. All these problems are meant to be handled later, but are written here so that they are not forgotten.
Contains platform specific implementations of
for MPE, HPUX and QNX.
audio_config_read(): Reads a configuration file from disk, test the same way as
authreadkeys.c. This method is static, which makes it hard to test. Also the paths are hard-coded, which makes it tricky.
audio_init(): Opens a file descriptor that are supposed to be a sound device.
- Contains various functions that allocate memory.
Contains a special code for
on HPUX, platform specific tests needed.
icom_init(): Returns a file descriptor, after it has opened a serial link with some properties.
init_clock_sig(): Sends low-level commands with
ioctl() to device.
init_socket_sig(): Contains various calls to
- Other functions call different functions in
Tons of machine-specific code (mostly for MPE).
is available as a system function on some system, but
also has an implementation for those systems that don't have this built-in.
- Later on, try to always test the version in
mktime.c, even if the system already provides it.
NTP implementations of
, used when the system provided functions does not support IPv6.
- Code moved to
ntpd. Check NtpdFunctionMap for ideas on testing.
- Needs more tests than currently written.
ntp2unix_tm() is not used anywhere in the project.
can't be mocked since it is required by the testing framework to execute death tests. Both functions in
strlcpy() and friends. Not tested, but the code is from OpenBSD and probably quite stable.
, this code is also (mostly) from outside NTP (like
adj_systime(): Adjusts the system's clock by calling
get_systime(): Returns system time as a l_fp. Tests need to mocks for system functions returning the system time (that would be
step_systime(): Steps the clock using the (platform-dependent) code in
machines.c. Tests needs a way to mock
ntp_set_tod() and functions writing to utmp/utmpx/wtmp/wtmpx.
sntp (may be outdated)
Areas to test in
The section contains initial documentation about tests for
Signing and verification of packets
The storage and retrieval of KoD-entries in memory.
Formatting functions, converting internal types to a format suitable for printing to file or screen.
The retrieval of command line options.
- Packet sending and reception.
- Packet processing.
Name lookups and host connectivity
- Name resolution.
- Host connectivity.
- Honour of KoD entries
- Time calculations
Test coverage description
- Packets can be signed correctly
- Verfication of signed packets works
- Packet processing can handle different authentication schemes (DES, MD5, SHA)
- Packet processing discards packets that have an invalid or unknown signature.
For key files, test that:
- Key files with different number of items can be parsed into a linked list of keys.
- Keys in the key file can be written in different formats, and still be parsed correctly.
- The loaded keys can be retrived with
For KoD-files, test that:
- The current KoD-database in memory can be written to file
- A KoD-file can be read into memory again
- Blank lines are ignored when reading.
For log files, test that:
- Messages gets written to a file, unless syslog-logging is enabled.
- Search of entries works for when there are no, a single, or multiple matches for the given hostname.
- No duplicate entries are added, instead the timestamp of the current entry should be updated. (Should this happen even if the KoD-type differs? No such check is done atm)
- Deletion works as expected.
- sockaddr_u and addrinfo can be formatted to a string (both IPv4 and IPv6!)
- Option passed on the command-line are parsed. For example, test the KoD-filename parameter (-K, --kod), ensuring that the given filename is stored in the correct variable afterwards.
resolve_hosts() can resolve multiple addresses in one call, only returning the addresses for those hosts that succeeded. To avoid name resolution, the sent in hostnames could be IPv4/6 addresses.
- Packet sending and reception works, I think this will be among the last things done, because I'm not sure how to test the code that actually sends/receives the packets.
- Packet processing error checking works; exercise it with invalid lengths.
- Packet processing sees KoD-packets, and recognizes if the remote server is out of sync.
- Packet generation in
on_wire() generates good packets. To test this, either the call to
sendpkt() should be intercepted, or the generation of the packet moved to a standalone function.
- Upon reception of a KoD-packet, it is added to the KoD-database. (Not sure if this is in the scope of unit testing though).
- The time offset calculations is done according to the formulas on p. 13 in RFC 4330. The easiest way to do that would be to be move the current code from
on_wire() to a separate function, to separate it from the network handling code.
Refactoring to make testing possible/easier
The refactoring should make testing of the follow functionality possible, without having to send or receive packets on the network.
- Generation of packets (main.c:210-233)
- Packet parsing (main.c:240-352)
- Time offset calculations (main.c:290-345)
- The time offset calculations may be merged with packet processing tests, but I think there is a benifit to be able to test the calculations separetely.
sntp_main(): The real main function, glues everything together. To increase the test coverage, some code should be moved to separate functions. An important test would be to move the code that checks for previous KoD -entries to a separate function.
on_wire(): Doesn't contain that much logic, most of the testable/interesting code have already been moved out to new functions. The remaining code mostly creates network stuff.
set_time(): The conversion between double offset to timeval might be good to test, there is a bug report about this in Bugzilla. To do this, a refactoring is needed, so that system time is not altered.
: Only creates a socket with the given destination, nothing to test really. *
, and puts the bytes out on the network. Doesn't really care about what data it sends. *
, and gets the bytes frin the network. Doesn't really care about what data it receives. *
: This needs to be tested, and some of this code could probably be moved to
, to get a more uniform design (with
). The error checking code (that checks if different addresses are valid for broadcast/multicast) could perhaps be extracted to a new function to simplify testing. *
: Calls recv_bcst_data(), and process_pkt(), nothing more. *
: Tests should try to see what happends when select() get a timeout. *
: Test if a host is reachable, could be tested if we have a known host that is reliable, so we can connect to it.
tv_to_str(): Uses a call to localtime to print the local time.