[ntpsec commit] Update SHM and DDoS

[Hal Murray]

Module:    ntpsec
Branch:    master
Commit:    1536951ae1dff4f8323366fb181e69be3c354362
Changeset: http://git.ntpsec.org/ntpsec/commit/?id=1536951ae1dff4f8323366fb181e69be3c354362

Author:    Hal Murray <hmurray at megapathdsl.net>
Date:      Sun Oct  4 14:37:59 2015 -0700

Update SHM and DDoS

---

 devel-docs/TODO | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/devel-docs/TODO b/devel-docs/TODO
index 4742a20..625b700 100644
--- a/devel-docs/TODO
+++ b/devel-docs/TODO
@@ -35,6 +35,9 @@ None right now. (Sep-22 2015)
 * We need a build time option to disable all dangerous operations
   that ntpq can produce.
 
+* Make sure we do the right thing with KoD and rate limiting.
+  (Forged requests can use rate limiting to block service to a site.)
+
 
 === Porting ===
 
@@ -127,10 +130,6 @@ is not yet tested anywhere but in ntpd itself.
   should be split out.  3 examples: Autokey, contents of log files,
   multicast/broadcase/manycast.
 
-* We need a page on security/DDos issues encountered by NTP, both
-  as applied to attacking our system and using our system to attack
-  other systems.
-
 
 === Remaining procedural issues ===
 
@@ -161,6 +160,10 @@ is not yet tested anywhere but in ntpd itself.
   one, the /etc/resolv.conf reload, would be better handled under Linux
   by asynchronous file-change notifications.
 
+* Take another look at SHM.  I think we can make a version that is
+  read-only and solid.  Maybe write a support package that does all the
+  work if you call it with the date/time.
+
 Hal:
 > I think there is some interaction between when the ACTS driver calls and the 
 > state of other stuff, like the connection to the net.  This is probably a