OpenNTPD

Last updated

OpenNTPD (aka OpenBSD NTP Daemon)
Developer(s) The OpenBSD Project
Stable release
6.8p1 / 7 December 2020;4 years ago (2020-12-07) [1]
Repository https://github.com/openntpd-portable
Written in C
Operating system OpenBSD, FreeBSD, NetBSD, Linux, macOS, Solaris [2]
Standard(s)RFC 1305, RFC 5905
Type Time synchronization
License ISC
Website www.openntpd.org

OpenNTPD (also known as OpenBSD NTP Daemon) is a Unix daemon implementing the Network Time Protocol to synchronize the local clock of a computer system with remote NTP servers. It is also able to act as an NTP server to NTP-compatible clients.

Contents

OpenBSD NTP Daemon was initially developed by Alexander Guy and Henning Brauer as part of the OpenBSD project, with further help by many authors. Its design goals include being secure (non-exploitable), easy to configure, and accurate enough for most purposes. Its portable version, like that of OpenSSH, [3] is developed as a child project which adds the portability code to the OpenBSD version and releases it separately. The portable version is developed by Brent Cook. [4] The project developers receive some funding from the OpenBSD Foundation.

History

The development of OpenNTPD was motivated by a combination of issues with current NTP daemons: difficult configuration, complicated and difficult to audit code, and unsuitable licensing. [5] OpenNTPD was designed to solve these problems and make time synchronization accessible to a wider userbase. After a period of development, OpenNTPD first appeared in OpenBSD 3.6. [6] Its first release was announced on 2 November 2004. [7]

Goals

OpenNTPD is an attempt by the OpenBSD team to produce an NTP daemon implementation that is secure, simple to audit, trivial to set up and administer, reasonably accurate, and light on system resources. As such, the design goals for OpenNTPD are: security, ease of use, and performance. [8] Security in OpenNTPD is achieved by robust validity check in the network input path, use of bounded buffer operations via strlcpy, and privilege separation to mitigate the effects of possible security bugs exploiting the daemon through privilege escalation. In order to simplify the use of NTP, OpenNTPD implements a smaller set of functionalities than those available in other NTP daemons, such as that provided by the Network Time Protocol Project. The objective is to provide enough features to satisfy typical usage at the risk of unsuitability for esoteric or niche requirements. OpenNTPD is configured through the configuration file, ntpd.conf. [9] A minimal number of options are offered: IP address or hostname on which OpenNTPD should listen, a timedelta sensor device to be used, and the set of servers from which the time will be synchronized. The accuracy of OpenNTPD is best-effort; the daemon attempts to be as accurate as possible but no specific accuracy is guaranteed.

Example

OpenNTPD gradually adjusts the system clock, as seen here in the output of OpenNTPD running on a Linux system:

$ grep ntpd /var/log/daemon.log | grep adjusting Aug  4 03:32:20 nikolai ntpd[4784]: adjusting local clock by -1.162333s Aug  4 03:36:08 nikolai ntpd[4784]: adjusting local clock by -1.023899s Aug  4 03:40:02 nikolai ntpd[4784]: adjusting local clock by -0.902637s Aug  4 03:43:43 nikolai ntpd[4784]: adjusting local clock by -0.789431s Aug  4 03:47:35 nikolai ntpd[4784]: adjusting local clock by -0.679320s Aug  4 03:50:45 nikolai ntpd[4784]: adjusting local clock by -0.605858s Aug  4 03:53:31 nikolai ntpd[4784]: adjusting local clock by -0.529821s

Criticism

OpenNTPD has been criticized as being less accurate than the NTP daemon produced by the NTP Project (ntp.org). [10] Internally, OpenNTPD does not maintain millisecond accuracy and can vary 50-200ms from "real" time because it omits a variety of algorithms that increase accuracy in favour of code simplicity. The OpenNTPD project acknowledged the criticism, but stated that the lack of microsecond precision was a design tradeoff that benefited simplicity and security. [10] The OpenNTPD design goals state the project's intent is to "[r]each a reasonable accuracy" without sacrificing "secure design for getting that last nanosecond or obscure edge case." [11]

In September 2004, shortly after the release of OpenNTPD 3.6, ntp.org contributor Brad Knowles published an article entitled OpenNTPd Considered Harmful [12] criticizing various aspects of OpenNTPD's implementation of the NTP protocol, as well as the split development model that the project employs, which is also used in the development of OpenSSH and OpenBGPD. In December 2004, Darren Tucker, the principal developer on the portable branch of OpenNTPD, wrote a detailed response to Knowles, acknowledging some issues as valid, rejecting several others as unwarranted, and considering yet others as misleading. [13] Among the more serious issues raised by Knowles was that OpenNTPD servers claimed to be stratum 1 servers. The issue had however already been fixed by the time of Tucker's response. In March 2005, Knowles acknowledged Tucker's response, and stated that he was "going to do everything [he could] to work with [Tucker] to get any remaining issues resolved". [14] Additionally, the OpenBSD networking FAQ was expanded with a response to Knowles' initial criticism. [15]

The current OpenNTPD accuracy claim is, from the 2004 21C3 presentation, "typically 50 ms". [16]

Leap Seconds

OpenNTPD (and the OpenBSD kernel) ignore leap seconds. [17] Care should be taken when using OpenNTPD as a higher-stratum source for other ntpd servers, or with high-resolution time requirements that reference Coordinated Universal Time. Leap seconds are used in Coordinated Universal Time, but not International Atomic Time or Global Positioning System time signals. The 50-ms accuracy is also not typical of a high-stratum source.

The United States Naval Observatory and the Bureau International des Poids et Mesures recommends that systems not implementing leap seconds be referenced to International Atomic Time, or directly to GPS time signals. [18] However, no current version of NTP (As of 2023) supports non-UTC time scales.

Related Research Articles

<span class="mw-page-title-main">Leap second</span> Intermittent adjustment to UTC

A leap second is a one-second adjustment that is occasionally applied to Coordinated Universal Time (UTC), to accommodate the difference between precise time and imprecise observed solar time (UT1), which varies due to irregularities and long-term slowdown in the Earth's rotation. The UTC time standard, widely used for international timekeeping and as the reference for civil time in most countries, uses TAI and consequently would run ahead of observed solar time unless it is reset to UT1 as needed. The leap second facility exists to provide this adjustment. The leap second was introduced in 1972. Since then, 27 leap seconds have been added to UTC, with the most recent occurring on December 31, 2016. All have so far been positive leap seconds, adding a second to a UTC day; while it is possible for a negative leap second to be needed, this has not happened yet.

<span class="mw-page-title-main">Network Time Protocol</span> Standard protocol for synchronizing time across devices

The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current use. NTP was designed by David L. Mills of the University of Delaware.

<span class="mw-page-title-main">DCF77</span> German longwave time signal radio station

DCF77 is a German longwave time signal and standard-frequency radio station. It started service as a standard-frequency station on 1 January 1959. In June 1973, date and time information was added. Its primary and backup transmitter are located at 50°0′56″N9°00′39″E in Mainflingen, about 25 km (20 mi) south-east of Frankfurt am Main, Germany. The transmitter generates a nominal power of 50 kW, of which about 30 to 35 kW can be radiated via a T-antenna.

PF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to netfilter (iptables), ipfw, and ipfilter.

<span class="mw-page-title-main">Real-time clock</span> Circuit in a computer that maintains accurate time

A real-time clock (RTC) is an electronic device that measures the passage of time.

<span class="mw-page-title-main">Unix time</span> Date and time representation system widely used in computing

Unix time is a date and time representation widely used in computing. It measures time by the number of non-leap seconds that have elapsed since 00:00:00 UTC on 1 January 1970, the Unix epoch. For example, at midnight on 1 January 2010, Unix time was 1262304000.

Clock synchronization is a topic in computer science and engineering that aims to coordinate otherwise independent clocks. Even when initially set accurately, real clocks will differ after some amount of time due to clock drift, caused by clocks counting time at slightly different rates. There are several problems that occur as a result of clock rate differences and several solutions, some being more acceptable than others in certain contexts.

<span class="mw-page-title-main">Poul-Henning Kamp</span> Danish software developer

Poul-Henning Kamp is a Danish computer software developer known for work on various projects including FreeBSD and Varnish. He currently resides in Slagelse, Denmark.

ntpd Network Time Protocol implementation

The Network Time Protocol daemon (ntpd) is an operating system program that maintains the system time in synchronization with time servers using the Network Time Protocol (NTP).

<span class="mw-page-title-main">OpenBGPD</span> Open-source BGP daemon implementation

OpenBGPD, also known as OpenBSD Border Gateway Protocol Daemon, is a server software program that allows general purpose computers to be used as routers. It is a Unix system daemon that provides a free, open-source implementation of the Border Gateway Protocol version 4. This allows a machine to exchange routes with other systems that speak BGP.

Misuse of a Network Time Protocol (NTP) server ranges from flooding it with traffic or violating the server's access policy or the NTP rules of engagement. One incident was branded NTP vandalism in an open letter from Poul-Henning Kamp to the router manufacturer D-Link in 2006. This term has later been extended by others to retroactively include other incidents. There is, however, no evidence that any of these problems are deliberate vandalism. They are more usually caused by shortsighted or poorly chosen default configurations.

There are a number of Unix-like operating systems based on or descended from the Berkeley Software Distribution (BSD) series of Unix variant options. The three most notable descendants in current use are FreeBSD, OpenBSD, and NetBSD, which are all derived from 386BSD and 4.4BSD-Lite, by various routes. Both NetBSD and FreeBSD started life in 1993, initially derived from 386BSD, but in 1994 migrated to a 4.4BSD-Lite code base. OpenBSD was forked from NetBSD in 1995. Other notable derivatives include DragonFly BSD, which was forked from FreeBSD 4.8.

A pulse per second is an electrical signal that has a width of less than one second and a sharply rising or abruptly falling edge that accurately repeats once per second. PPS signals are output by radio beacons, frequency standards, other types of precision oscillators and some GPS receivers. Precision clocks are sometimes manufactured by interfacing a PPS signal generator to processing equipment that aligns the PPS signal to the UTC second and converts it to a useful display. Atomic clocks usually have an external PPS output, although internally they may operate at 9,192,631,770 Hz. PPS signals have an accuracy ranging from 12 picoseconds to a few microseconds per second, or 2.0 nanoseconds to a few milliseconds per day based on the resolution and accuracy of the device generating the signal.

gpsd GPS daemon for Unix-like systems

gpsd is a computer software program that collects data from a Global Positioning System (GPS) receiver and provides the data via an Internet Protocol (IP) network to potentially multiple client applications in a server-client application architecture. Gpsd may be run as a daemon to operate transparently as a background task of the server. The network interface provides a standardized data format for multiple concurrent client applications, such as Kismet or GPS navigation software.

Cristian's algorithm is a method for clock synchronization which can be used in many fields of distributive computer science but is primarily used in low-latency intranets. Cristian observed that this simple algorithm is probabilistic, in that it only achieves synchronization if the round-trip time (RTT) of the request is short compared to required accuracy. It also suffers in implementations using a single server, making it unsuitable for many distributive applications where redundancy may be crucial.

<span class="mw-page-title-main">OpenBSD</span> Operating system

OpenBSD is a security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.

On Unix-like operating systems, rdate is a tool for querying the current time from a network server and, optionally, setting the system time. Rdate uses the Time Protocol. The Time Protocol is generally considered obsolete and has been replaced by the Network Time Protocol (NTP).

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

The hw.sensors framework is a kernel-level hardware sensors framework originating from OpenBSD, which uses the sysctl kernel interface as the transport layer between the kernel and the userland. As of 2019, the framework is used by over a hundred device drivers in OpenBSD to export various environmental sensors, with temperature sensors being the most common type. Consumption and monitoring of sensors is done in the userland with the help of sysctl, systat, sensorsd, OpenBSD NTP Daemon, Simple Network Management Protocol (snmpd), ports/sysutils/symon and GKrellM.

chrony Network Time Protocol implementation

chrony is an implementation of the Network Time Protocol (NTP). It is an alternative to ntpd, a reference implementation of NTP. It runs on Unix-like operating systems and is released under the GNU GPL v2. It is the default NTP client and server in Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server 15, and available in many Linux distributions.

References

  1. "OpenNTPD" . Retrieved 9 December 2020.
  2. "OpenNTPD Portable Release". OpenBSD. Retrieved 3 April 2016.
  3. "openssh/openssh-portable". GitHub. Retrieved 13 May 2016.
  4. "openntpd-portable/openntpd-portable". GitHub. Retrieved 13 May 2016.
  5. The OpenNTPD Project. "OpenNTPD Goals". The OpenNTPD Project. Retrieved 3 April 2016.
  6. The OpenBSD Project (1 November 2004). "OpenBSD 3.6". The OpenBSD Project. Retrieved 3 April 2016.
  7. Brauer, Henning (2 November 2004). "OpenNTPD 3.6 released". openbsd-announce (Mailing list). MARC. Retrieved 7 June 2014.
  8. Brauer, Henning (September 2004). "Page 3: OpenNTPD – Design Goals". The OpenBSD Project. Retrieved 16 September 2006.
  9. ntpd.conf(5)    OpenBSD File Formats Manual. 26 May 2006. Retrieved 16 September 2006.
  10. 1 2 The OpenBSD Project (21 August 2006). "FAQ 6.12.1: 'But OpenNTPD isn't as accurate as the ntp.org daemon!'". The OpenBSD Project. Archived from the original on 5 February 2016. Retrieved 14 May 2020.
  11. OpenNTPD authors (2004), "Goals", OpenNTPD, OpenNTPD project.
  12. Knowles, Brad (22 September 2004). "OpenNTPd Considered Harmful". Considered Harmful. Archived from the original on 4 March 2005. Retrieved 16 September 2006.
  13. Tucker, Darren (12 December 2004). "Response to OpenNTPd Considered Harmful". Advogato: Blog for dtucker. Retrieved 16 September 2006.
  14. Knowles, Brad (12 March 2005). "Update: OpenNTPd..." Considered Harmful. Archived from the original on 25 May 2006. Retrieved 16 September 2006.
  15. The OpenBSD Project (21 August 2006). "FAQ: 6.12.2: 'Someone has claimed that OpenNTPD is 'harmful'!'". The OpenBSD Project. Archived from the original on 24 September 2006. Retrieved 16 September 2006.
  16. Brauer, Henning. "OpenBGPD and OpenNTPD". quigon.bsws.de.
  17. "Handling Leap Seconds the OpenBSD Way". OpenBSD Journal. 28 June 2015. Retrieved 9 October 2018.
  18. "Leap Seconds". United States Naval Observatory. Archived from the original on 24 December 2017. Retrieved 27 February 2019.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.