Do we have a list of user visible changes from ntp classic?

Eric S. Raymond esr at
Thu Jul 7 01:17:31 UTC 2016

Hal Murray <hmurray at>:
> It's probably all in NEWS (or should be), but that's chronological and seems 
> hard to read.  For example, the deleted refclocks are scattered all over the 
> place.
> I think I'm suggesting something like CHANGES-form-ntp-classic

For your convenience, here is the relevant part of the asciidoc master:

== Differences from NTP Classic ==

The design objectives of this distribution, {project-fullname}, are in
many ways a break with NTP's past.  We have deliberately jettisoned
support for ancient legacy hardware and operating systems in order to
ship code that is security-hardened, simpler, drastically less bulky
(the KLOC count of the suite has been cut by more than a factor of
two!), easier to understand, and easier to maintain.

We retain, however, almost full compatibility and interoperation with
NTP Classic.  The qualification "almost" is required because we do not
support the Autokey (RFC5906) public-key encryption scheme. It had
interoperability and exploitable vulnerability issues too severe to
be patched.  We are participating in an IETF effort to develop better
security features.

This project began as an effort to address serious security issues
with NTP Classic, and we intend to keep a particularly strong focus on
code security and code verifiability.

Most of the changes are under the hood, internal to the codebase.  A
few will be user-visible.

=== Security changes ===

* The deprecated ntpdc utility, long since replaced by {ntpq} and a
  chronic locus of security vulnerabilities, has been removed.

* As noted above, Autokey is not supported; that code has been
  removed, as it was chronically prone to security vulnerabilties.

* The deprecated and vulnerability-prone ntpdate program has been
  replaced with a shell wrapper around {ntpdig}.  Its -e and -p
  options are not implemented. It is no longer documented, but can be
  found in the util/ directory of the source distribution.

* A large number of obsolete refclocks have been removed in order to
  reduce attack surface, code bulk, and documentation complexity.

* Various features related to runtime dumping of the configuration
  state have been removed for security reasons.  These include the
  saveconfig command in ntpq, the --saveconfigquit option of ntpd, and
  the implementation of related config declarations in ntp.conf.

* The code has been systematically hardened, with unsafe string
  copy and formatting functions replaced by safe (bounded) ones.

* In toto, around 60% of the NTP Classic code has been outright
  removed, with less than 5% new code added. This is a dramatic
  reduction in attack surface.

=== Time-synchronization improvements ===

* Internally, there is more consistent use of nanosecond precision.
  A visible effect of this is that time stepping with sufficiently
  high-precision time sources could be accurate down to nanoseconds
  rather than microseconds; this might actually matter for GPSDOs
  and high-quality radio clocks.

=== Documentation, Configuration, and Naming ===

* The documentation has been extensively updated and revised.  One
  important change is that manual pages are now generated from the
  same masters as this web documentation, so the two will no longer
  drift out of synchronization.  

* There is a new, simpler syntax for declaring refclocks.  The old
  syntax with the magic 127.127.t.u addresses and fudge command is
  still supported, but no longer documented.  It may be removed in a
  future release.  Relevant examples of the new syntax are included on
  each refclock page.  One major feature of the new syntax is that
  refclock drivers are referred to by names, not numbers.

* The +sntp+ program has been renamed +{ntpdig}+ in order to make
  NTP installables have a uniform name prefix and take up less
  namespace. Also, +ntp-keygen+ is now +{ntpkeygen}+, +ntp-wait+
  is {ntpwait}, and +update-leap+ is now +{ntpleapfetch}+.

* A new utility, +{ntpfrob}+, collects several small diagnostic functions
  for reading and tweaking the local clock hardware, including reading
  the clock tick rate, precision, and jitter. Part of it formerly
  traveled as +tickadj+.

=== Other user-visible changes ===

* The ntpsnmpd daemon, incomplete and not conformant with RFC 5907,
  has been removed.

* Log timestamps look a little different; they are now in ISO8601 format.

* Clock identifiers in log files are normally the driver shortname
  followed by the unit number in parentheses, rather than the magic IP
  addresses formerly used.  The code can be built in a strict NTP
  Classic compatibility mode that restores the old behavior.

* The -!m, ->, and -< options of some Classic commands are not
  supported.  (The argument-parsing framework code that implemented
  them in Classic was overcomplicated and buggy and had to be removed.)

* The shortname of --help options is now -h, not -?

* An instance of {ntpq} built from the {project-shortname} code
  querying a legacy NTP daemons will not automatically display
  peers with 127.127.127.t.u addresses as refclocks; that assumption
  has been removed from the {project-shortname} code as part of
  getting it fully IPv6-ready.

		<a href="">Eric S. Raymond</a>

More information about the devel mailing list