OpenNTPD

Last updated

OpenNTPD (aka OpenBSD NTP Daemon)
Developer(s) The OpenBSD Project
Stable release
6.8p1 / 7 December 2020;2 years ago (2020-12-07) [1]
Repository https://github.com/openntpd-portable
Written in C
Operating system OpenBSD, FreeBSD, NetBSD, Linux, macOS, Solaris [2]
Standard(s) RFC 1305, RFC 5905
Type Time synchronization
License ISC
Website www.openntpd.org

OpenNTPD (also known as OpenBSD NTP Daemon) is a Unix daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

Contents

OpenBSD NTP Daemon was initially developed by Alexander Guy and Henning Brauer as part of the OpenBSD project, with further help by many authors. Its design goals include being secure (non-exploitable), easy to configure, and accurate enough for most purposes. Its portable version, like that of OpenSSH, [3] is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version is developed by Brent Cook. [4] The project developers receive some funding from the OpenBSD Foundation.

History

The development of OpenNTPD was motivated by a combination of issues with current NTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing. [5] OpenNTPD was designed to solve these problems and make time synchronization accessible to a wider userbase. After a period of development, OpenNTPD first appeared in OpenBSD 3.6. [6] Its first release was announced on 2 November 2004. [7]

Goals

OpenNTPD is an attempt by the OpenBSD team to produce an NTP daemon implementation that is secure, simple to audit, trivial to set up and administer, reasonably accurate, and light on system resources. As such, the design goals for OpenNTPD are: security, ease of use, and performance. [8] Security in OpenNTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of NTP, OpenNTPD implements a smaller set of functionalities than those available in other NTP daemons, such as that provided by the Network Time Protocol Project. The objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements. OpenNTPD is configured through the configuration file, ntpd.conf. [9] A minimal number of options are offered: IP address or hostname on which OpenNTPD should listen, a timedelta sensor device to be used, and the set of servers from which the time will be synchronized. The accuracy of OpenNTPD is best-effort; the daemon attempts to be as accurate as possible but no specific accuracy is guaranteed.

Example

OpenNTPD gradually adjusts the system clock, as seen here in the output of OpenNTPD running on a Linux system:

$ grep ntpd /var/log/daemon.log | grep adjusting Aug  4 03:32:20 nikolai ntpd[4784]: adjusting local clock by -1.162333s Aug  4 03:36:08 nikolai ntpd[4784]: adjusting local clock by -1.023899s Aug  4 03:40:02 nikolai ntpd[4784]: adjusting local clock by -0.902637s Aug  4 03:43:43 nikolai ntpd[4784]: adjusting local clock by -0.789431s Aug  4 03:47:35 nikolai ntpd[4784]: adjusting local clock by -0.679320s Aug  4 03:50:45 nikolai ntpd[4784]: adjusting local clock by -0.605858s Aug  4 03:53:31 nikolai ntpd[4784]: adjusting local clock by -0.529821s

Criticism

OpenNTPD has been criticized as being less accurate than the NTP daemon produced by the NTP Project (ntp.org). [10] Internally, OpenNTPD does not maintain millisecond accuracy and can vary 50-200ms from "real" time because it omits a variety of algorithms that increase accuracy in favour of code simplicity. The OpenNTPD project acknowledged the criticism, but stated that the lack of microsecond precision was a design tradeoff that benefited simplicity and security. [10] The OpenNTPD design goals state the project's intent is to "[r]each a reasonable accuracy" without sacrificing "secure design for getting that last nanosecond or obscure edge case." [11]

In September 2004, shortly after the release of OpenNTPD 3.6, ntp.org contributor Brad Knowles published an article entitled OpenNTPd Considered Harmful [12] criticizing various aspects of OpenNTPD's implementation of the NTP protocol, as well as the split development model that the project employs, which is also used in the development of OpenSSH and OpenBGPD. In December 2004, Darren Tucker, the principal developer on the portable branch of OpenNTPD, wrote a detailed response to Knowles, acknowledging some issues as valid, rejecting several others as unwarranted, and considering yet others as misleading. [13] Among the more serious issues raised by Knowles was that OpenNTPD servers claimed to be stratum 1 servers. The issue had however already been fixed by the time of Tucker's response. In March 2005, Knowles acknowledged Tucker's response, and stated that he was "going to do everything [he could] to work with [Tucker] to get any remaining issues resolved". [14] Additionally, the OpenBSD networking FAQ was expanded with a response to Knowles' initial criticism. [15]

The current OpenNTPD accuracy claim is, from the 2004 21C3 presentation, "typically 50 ms". [16]

Leap Seconds

OpenNTPD (and the OpenBSD kernel) ignore leap seconds. [17] Care should be taken when using OpenNTPD as a higher-stratum source for other ntpd servers, or with high-resolution time requirements that reference Coordinated Universal Time. Leap seconds are used in Coordinated Universal Time, but not International Atomic Time or Global Positioning System time signals. The 50-ms accuracy is also not typical of a high-stratum source.

The United States Naval Observatory and the Bureau International des Poids et Mesures recommends that systems not implementing leap seconds be referenced to International Atomic Time, or directly to GPS time signals. [18] However, no current version of NTP (As of 2023) supports non-UTC time scales.

Related Research Articles

<span class="mw-page-title-main">Leap second</span> Extra second inserted to keep civil time in sync with the Earths rotation

A leap second is a one-second adjustment that is occasionally applied to Coordinated Universal Time (UTC), to accommodate the difference between precise time and imprecise observed solar time (UT1), which varies due to irregularities and long-term slowdown in the Earth's rotation. The UTC time standard, widely used for international timekeeping and as the reference for civil time in most countries, uses TAI and consequently would run ahead of observed solar time unless it is reset to UT1 as needed. The leap second facility exists to provide this adjustment. The leap second was introduced in 1972 and since then 27 leap seconds have been added to UTC.

<span class="mw-page-title-main">Network Time Protocol</span> Standard protocol for synchronizing time across devices

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

<span class="mw-page-title-main">Radio clock</span> Type of clock which self-synchronizes its time using dedicated radio transmitters

A radio clock or radio-controlled clock (RCC), and often (incorrectly) referred to as an atomic clock is a type of quartz clock or watch that is automatically synchronized to a time code transmitted by a radio transmitter connected to a time standard such as an atomic clock. Such a clock may be synchronized to the time sent by a single transmitter, such as many national or regional time transmitters, or may use the multiple transmitters used by satellite navigation systems such as Global Positioning System. Such systems may be used to automatically set clocks or for any purpose where accurate time is needed. RC clocks may include any feature available for a clock, such as alarm function, display of ambient temperature and humidity, broadcast radio reception, etc.

PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter.

<span class="mw-page-title-main">Real-time clock</span> Circuit in a computer that maintains accurate time

A real-time clock (RTC) is an electronic device that measures the passage of time.

<span class="mw-page-title-main">Unix time</span> Date and time representation system widely used in computing

Unix time is a date and time representation widely used in computing. It measures time by the number of seconds that have elapsed since 00:00:00 UTC on 1 January 1970, the beginning of the Unix epoch, less adjustments made due to leap seconds.

Clock synchronization is a topic in computer science and engineering that aims to coordinate otherwise independent clocks. Even when initially set accurately, real clocks will differ after some amount of time due to clock drift, caused by clocks counting time at slightly different rates. There are several problems that occur as a result of clock rate differences and several solutions, some being more acceptable than others in certain contexts.

<span class="mw-page-title-main">Poul-Henning Kamp</span> Danish software developer

Poul-Henning Kamp is a Danish computer software developer known for work on various projects including FreeBSD and Varnish. He currently resides in Slagelse, Denmark.

libevent is a software library that provides asynchronous event notification. The libevent API provides a mechanism to execute a callback function when a specific event occurs on a file descriptor or after a timeout has been reached. libevent also supports callbacks triggered by signals and regular timeouts.

The Network Time Protocol daemon (ntpd) is an operating system program that maintains the system time in synchronization with time servers using the Network Time Protocol (NTP).

<span class="mw-page-title-main">OpenBGPD</span>

OpenBGPD, also known as OpenBSD Border Gateway Protocol Daemon, is a server software program that allows general purpose computers to be used as routers. It is a Unix system daemon that provides a free, open-source implementation of the Border Gateway Protocol version 4. This allows a machine to exchange routes with other systems that speak BGP.

NTP server misuse and abuse covers a number of practices which cause damage or degradation to a Network Time Protocol (NTP) server, ranging from flooding it with traffic or violating the server's access policy or the NTP rules of engagement. One incident was branded NTP vandalism in an open letter from Poul-Henning Kamp to the router manufacturer D-Link in 2006. This term has later been extended by others to retroactively include other incidents. There is, however, no evidence that any of these problems are deliberate vandalism. They are more usually caused by shortsighted or poorly chosen default configurations.

There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrating to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8, and Apple Inc.'s iOS and macOS, with its Darwin base including a large amount of code derived from FreeBSD.

A pulse per second is an electrical signal that has a width of less than one second and a sharply rising or abruptly falling edge that accurately repeats once per second. PPS signals are output by radio beacons, frequency standards, other types of precision oscillators and some GPS receivers. Precision clocks are sometimes manufactured by interfacing a PPS signal generator to processing equipment that aligns the PPS signal to the UTC second and converts it to a useful display. Atomic clocks usually have an external PPS output, although internally they may operate at 9,192,631,770 Hz. PPS signals have an accuracy ranging from a 12 picoseconds to a few microseconds per second, or 2.0 nanoseconds to a few milliseconds per day based on the resolution and accuracy of the device generating the signal.

gpsd is a computer software program that collects data from a Global Positioning System (GPS) receiver and provides the data via an Internet Protocol (IP) network to potentially multiple client applications in a server-client application architecture. Gpsd may be run as a daemon to operate transparently as a background task of the server. The network interface provides a standardized data format for multiple concurrent client applications, such as Kismet or GPS navigation software.

<span class="mw-page-title-main">OpenBSD</span> Security-focused Unix-like operating system

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project emphasizes "portability, standardization, correctness, proactive security and integrated cryptography."

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

timed is an operating system program that maintains the system time in synchronization with time servers using the Time Synchronization Protocol (TSP) developed by Riccardo Gusella and Stefano Zatti. Gusella and Zatti had done earlier related work on their TEMPO algorithm. The Time Synchronization Protocol specification refers an election algorithm and a synchronization mechanism specified in other technical reports listed as "to appear".

The hw.sensors framework is a kernel-level hardware sensors framework originating from OpenBSD, which uses the sysctl kernel interface as the transport layer between the kernel and the userland. As of 2019, the framework is used by over a hundred device drivers in OpenBSD to export various environmental sensors, with temperature sensors being the most common type. Consumption and monitoring of sensors is done in the userland with the help of sysctl, systat, sensorsd, ntpd, snmpd, ports/sysutils/symon and GKrellM.

chrony An implementation of the Network Time Protocol

chrony is an implementation of the Network Time Protocol (NTP). It's an alternative to ntpd, which is a reference implementation of NTP. It runs on Unix-like operating systems and is released under the GNU GPL v2. It's the default NTP client and server in Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server 15, and available in many Linux distributions.

References

  1. "OpenNTPD" . Retrieved 9 December 2020.
  2. "OpenNTPD Portable Release". OpenBSD. Retrieved 3 April 2016.
  3. "openssh/openssh-portable". GitHub. Retrieved 13 May 2016.
  4. "openntpd-portable/openntpd-portable". GitHub. Retrieved 13 May 2016.
  5. The OpenNTPD Project. "OpenNTPD Goals". The OpenNTPD Project. Retrieved 3 April 2016.
  6. The OpenBSD Project (1 November 2004). "OpenBSD 3.6". The OpenBSD Project. Retrieved 3 April 2016.
  7. Brauer, Henning (2 November 2004). "OpenNTPD 3.6 released". openbsd-announce (Mailing list). MARC. Retrieved 7 June 2014.
  8. Brauer, Henning (September 2004). "Page 3: OpenNTPD – Design Goals". The OpenBSD Project. Retrieved 16 September 2006.
  9. ntpd.conf(5)    OpenBSD File Formats Manual. 26 May 2006. Retrieved 16 September 2006.
  10. 1 2 The OpenBSD Project (21 August 2006). "FAQ 6.12.1: 'But OpenNTPD isn't as accurate as the ntp.org daemon!'". The OpenBSD Project. Archived from the original on 5 February 2016. Retrieved 14 May 2020.
  11. OpenNTPD authors (2004), "Goals", OpenNTPD, OpenNTPD project.
  12. Knowles, Brad (22 September 2004). "OpenNTPd Considered Harmful". Considered Harmful. Archived from the original on 4 March 2005. Retrieved 16 September 2006.
  13. Tucker, Darren (12 December 2004). "Response to OpenNTPd Considered Harmful". Advogato: Blog for dtucker. Retrieved 16 September 2006.
  14. Knowles, Brad (12 March 2005). "Update: OpenNTPd..." Considered Harmful. Archived from the original on 25 May 2006. Retrieved 16 September 2006.
  15. The OpenBSD Project (21 August 2006). "FAQ: 6.12.2: 'Someone has claimed that OpenNTPD is 'harmful'!'". The OpenBSD Project. Archived from the original on 24 September 2006. Retrieved 16 September 2006.
  16. Brauer, Henning. "OpenBGPD and OpenNTPD". quigon.bsws.de.
  17. "Handling Leap Seconds the OpenBSD Way". OpenBSD Journal. 28 June 2015. Retrieved 9 October 2018.
  18. "Leap Seconds". United States Naval Observatory. Archived from the original on 24 December 2017. Retrieved 27 February 2019.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.