r5 - 2013-09-26 - 07:08:18 - HarlanStennYou are here: NTP >  Dev Web > GoogleSummerOfCode > GSoC2013UnitTestingAllen > LeapSecondTest
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p13 was released on 07 March 2019. It addresses 1 medium-severity security issue in ntpd, and provides 17 non-security bugfixes and 1 other improvements over 4.2.8p12.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

Leap Second Testing

This page is a simple description of testing the leap-second implementation in NTP, this is part of my GSoC project as suggested by Harlan and I got many help from Martin.

This page is not completed yet and may contains incorrect information, I'll update it in few more days and any comment about mistakes are welcomed.

Setting up a Test Server

This part is pretty much a tutorial than a documentation, I'll list all the necessary steps of setting up a test server with fake time for the following tests, all the commands are based on Ubuntu 12.04 LTS system and may differ from other distributions and/or systems.

A test server can be simply simulated by setting up a NTP server and a file from NIST that describes all leap seconds. I use a pre-build ntpd from Ubuntu's repo to simplify the commands, if a ntp-dev is needed, you have to compile it by own.


The NTP Public Services Project operates an autobuilder which creates Debian packages (both i386 binary for the current Debian Stable Release and source) for each NTP-Dev snapshot release. The binary packages may be installable on OSes such as Ubuntu which are derived from Debian. The source packages may be used to compile binary packages for non-i386 architectures and when customizations are required.

Information about our NTP-Dev Debian Package Repository is available at http://packages.ntp.org/debian

-- SteveKostecke - 2013-09-26


Firstly, we install a ntp daemon. To install the pre-packaged version NTP shipped with Ubuntu:

sudo apt-get install ntp
To install the NTP Public Service Project's pre-packaged version of NTP-dev first visit the NTP-Dev Debian Package Repository page to learn how to configure apt. Then:
sudo apt-get install ntp-dev

And we get file from a NIST ftp server. This file is available on all the NIST servers, I just used a random one, for more infomation on this file, check Support.ConfiguringNTP#Section_6.14 .

sudo mkdir /var/ntp && cd /var/ntp
sudo wget ftp://nist1-ny2.ustiming.org/pub/leap-seconds.list

Then we need to change settings of ntpd so that it can announce a fake time.

sudo vi /etc/ntp.conf

We just comment all the `server` lines out, and set the server itself as refclock as described in Support.UndisciplinedLocalClock:

server 127.127.1.0
fudge 127.127.1.0 stratum 10
leapfile "/var/ntp/leap-seconds.list"

Now we set the system time to somewhere a little before a leap second took place, e.g, Jun 30, 2012, and then restart the ntpd daemon.

sudo date -s "2012-06-30 23:30"
sudo service ntp restart

Now we just got back to 30 minutes earlier than a leap-second in the past.

The test I write for leap second is very simple, a 50-times loop is executed and check current system time every 100ms (using nanosleep() to set the time step), then out put the data of all the 5 seconds to a file. The test is writen under NTP's unit test framework and can be executed with 'make check' as well as all the other tests, the test code is located at ~zhong/gsoc13/ntp-unit-test/tests/libntp/systime.cpp and the output file is within the same directory at /the/full/path/tests/libntp/data/leap.test.

-- AllenZhong - 2013-09-26

Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r5 < r4 < r3 < r2 < r1 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback