[Git][NTPsec/ntpsec][master] 2 commits: Break the list of differences out to its own page...

Eric S. Raymond gitlab at mg.gitlab.com
Sat Dec 17 12:02:58 UTC 2016 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
96607e3d by Eric S. Raymond at 2016-12-17T07:02:42-05:00
Break the list of differences out to its own page...

...so it's easier to link to.

- - - - -
abd985c5 by Eric S. Raymond at 2016-12-17T07:02:42-05:00
Documentation polishing.

- - - - -


5 changed files:

- INSTALL
- README
- docs/index.txt
- + docs/ntpsec.txt
- + docs/pic/clocktower128.png


Changes:

=====================================
INSTALL
=====================================
--- a/INSTALL
+++ b/INSTALL
@@ -9,6 +9,10 @@ call. Also, it must support the IPv6 API defined in RFC 2493 and
 RFC 2553. Finally, it must support iterating over active UDP interfaces
 via getifaddrs(3) or some equivalent facility.
 
+You can browse a summary of differences from legacy NTP here:
+
+https://docs.ntpsec.org/latest/ntpsec.html
+
 There are some prerequisites.  Libraries need the binary installed
 to run and in addition, the development headers installed to build.
 


=====================================
README
=====================================
--- a/README
+++ b/README
@@ -2,6 +2,9 @@
 
 This directory and its subdirectories contain NTPSec, a
 security-hardened implementation of Network Time Protocol Version 4.
+You can browse a summary of differences from legacy NTP here:
+
+https://docs.ntpsec.org/latest/ntpsec.html
 
 The contents of the base directory are given in this file. The contents of
 subdirectories are usually given in the README files in each subdirectory.


=====================================
docs/index.txt
=====================================
--- a/docs/index.txt
+++ b/docs/index.txt
@@ -18,7 +18,6 @@ Pleased to meet you.
 == Table of Contents ==
 
 * link:#intro[Introduction]
-* link:#intro[Differences from NTP Classic]
 * link:#platforms[Supported Platforms]
 * link:#build[Building and Installing NTP]
 * link:#man[Manual Pages]
@@ -58,200 +57,8 @@ referring to very old versions and carrying stale information. It's
 best to use only the HTML and manpages that come with your
 distribution.
 
-[[differences]]
-== Differences from NTP Classic ==
-
-The design objectives of this distribution, NTPsec, are in
-many ways a break with NTP's past.  We have deliberately jettisoned
-support for ancient legacy hardware and operating systems in order to
-ship code that is security-hardened, simpler, drastically less bulky
-(the KLOC count of the suite has been cut by more than a factor of
-two!), easier to understand, and easier to maintain.
-
-We retain, however, almost full compatibility and interoperation with
-NTP Classic.  The qualification "almost" is required mainly because we
-do not support the Autokey (RFC 5906) public-key encryption scheme. It
-had interoperability and exploitable vulnerability issues too severe
-to be patched.  We are participating in an IETF effort to develop
-better security features.
-
-This project began as an effort to address serious security issues
-with NTP Classic, and we intend to keep a particularly strong focus on
-code security and code verifiability.
-
-Most of the changes are under the hood, internal to the codebase.  A
-few will be user-visible.
-
-=== Security changes ===
-
-* The deprecated ntpdc utility, long a chronic locus of security
-  vulnerabilities, has been removed.  Its function has been merged
-  into +ntpq+.
-
-* As noted above, Autokey is not supported; that code has been
-  removed, as it was chronically prone to security vulnerabilities.
-
-* peer mode has been removed.  The keyword peer in ntp.conf is now
-  just an alias for keyword server.  Incoming peer packets are ignored.
-
-* Broadcast- and multicast client modes, which are impossible to
-  secure, have been removed. Broadcast (but not multicast) service can still
-  be enabled, though this is a deprecated and unsupported mode of
-  operation and may be entirely removed in a future release.
-
-* The authentication requirement for remote configuration commands
-  (e.g., via +ntpq+) can no longer be disabled.
-
-* The deprecated and vulnerability-prone ntpdate program has been
-  replaced with a shell wrapper around ntpdig.  Its -e and -p
-  options are not implemented. It is no longer documented, but can be
-  found in the attic/ directory of the source distribution.
-
-* A large number of obsolete refclocks have been removed in order to
-  reduce attack surface, code bulk, and documentation complexity.
-
-* Various features related to runtime dumping of the configuration
-  state have been removed for security reasons.  These include the
-  saveconfig command in ntpq, the --saveconfigquit option of ntpd, and
-  the implementation of related config declarations in ntp.conf.
-
-* Likewise, the poorly-documented ntpdsim code has also been removed
-  to gain a significant reduction in code complexity.
-
-* The 'trap' feature has been removed.  It was broken by bit-rot in
-  recent versions of NTP Classic, and if not broken would have been at
-  high risk for bugs that would enable DoS vulnerabilities.
-
-* Interleave mode has been removed.  It didn't work correctly (there
-  was an implementation error in the timestamp handling), so no point
-  in allowing it to increase attack surface.
-
-* The code has been systematically hardened, with unsafe string
-  copy and formatting functions replaced by safe (bounded) ones.
-
-* In toto, more than 65% of the NTP Classic code has been outright
-  removed, with less than 5% new code added. This is a dramatic
-  reduction in attack surface.
-
-=== Time-synchronization improvements ===
-
-* Internally, there is more consistent use of nanosecond precision.
-  A visible effect of this is that time stepping with sufficiently
-  high-precision time sources could be accurate down to nanoseconds
-  rather than microseconds; this might actually matter for GPSDOs
-  and high-quality radio clocks.
-
-=== Documentation, Configuration, and Naming ===
-
-* The documentation has been extensively updated and revised.  One
-  important change is that manual pages are now generated from the
-  same masters as this web documentation, so the two will no longer
-  drift out of synchronization.
-
-* There is a new, simpler syntax for declaring refclocks.  The old
-  syntax with the magic 127.127.t.u addresses and fudge command is
-  still supported, but no longer documented.  It may be removed in a
-  future release.  Relevant examples of the new syntax are included on
-  each refclock page.  One major feature of the new syntax is that
-  refclock drivers are referred to by names, not numbers.
-
-* The includefile directive now evaluates relative pathnames not with
-  respect to the current working directory but with respect to the
-  directory name of the last pushed file in the stack.  This means
-  that you can run ntpd from any directory with "includefile foo"
-  in /etc/ntp.conf finding /etc/foo rather than looking for foo in
-  ypur current directory.
-
-* It is now possible to set the peer maximum dispersion with "tos
-  maxdisp". See RFC 5905 for discussion of this synchronization
-  parameter.
-
-* For the generic (parse) driver only: Using the new refclock syntax,
-  the maximum number of units that can be set up changes from 4
-  (numbers 0-3) to unlimited.  However, the old magic-address syntax
-  will not work correctly - you _must_ use the new syntax to declare
-  generic-driver refclocks.  If the software was compiled with the
-  --enable-classic-mode switch, the foregoing is reversed.
-
-* The +sntp+ program has been renamed +ntpdig+ in order to make
-  NTP installables have a uniform name prefix and take up less
-  namespace. Also, +ntp-keygen+ is now +ntpkeygen+, +ntp-wait+
-  is ntpwait, and +update-leap+ is now +ntpleapfetch+.
-
-* A new utility, +ntpfrob+, collects several small diagnostic functions
-  for reading and tweaking the local clock hardware, including reading
-  the clock tick rate, precision, and jitter. Part of it formerly
-  traveled as +tickadj+.
-
-=== Other user-visible changes ===
-
-* The notorious collision between pool and nopeer in older
-  implementations has been fixed; the pool keyword is now fully
-  usable.
-
-* There is a new data-visualization tool,
-  link:ntpviz.html[+ntpviz+], which can produce various useful and
-  interesting plots from the NTP statistics logs.  These should assist in
-  monitoring a time-server's performance, fixing configuration
-  problems, and identifying noise sources in network weather and
-  elsewhere.
-
-* Because +ntpviz+ exists, a number of ancient and poorly-documented
-  scripts in awk, Perl, and S, formerly used for making statistical
-  summaries, have been removed from the distribution in order to
-  reduce overall maintenance burden and complexity. If you miss any
-  of this cruft, the project team will (a) be quite surprised, and (b)
-  work with you on better analytics using ntpviz and modern tools.
-
-* A new tool, +ntpmon+, performs real-time monitoring of your
-  peer and MRU status with efficient (least-cost) querying.
-
-* The ntpq utility resizes its display to take advantage of wide
-  terminal windows, allowing more space for long peer addresses.
-
-* When running as root, the ntpq utility looks in /etc/ntp.conf and
-  /usr/local/etc/ntp.keys to find credentials for control requests
-  that require authentication. Thus it is not necessary to enter
-  them by hand.
-
-* The ntpsnmpd daemon, incomplete and not conformant with RFC 5907,
-  has been removed.
-
-* Log timestamps look a little different; they are now in ISO 8601 format.
-  The code can be built in a strict NTP Classic compatibility mode
-  that restores the old format.
-
-* Clock identifiers in log files are normally the driver shortname
-  followed by the unit number in parentheses, rather than the magic IP
-  addresses formerly used.  The code can be built in a strict NTP
-  Classic compatibility mode that restores the old behavior.
-
-* The default baudrate of the NMEA driver has been changed to 9600 to
-  match the default speed of almost all modern GPSes.  The code can be
-  built in a strict NTP Classic compatibility mode that restores the
-  old 4800bps default.
-
-* Most refclock drivers now support configuration options to override the
-  default device path, the default PPS device path (if any) and the
-  serial baud rate.
-
-* If you had a refclock on a path of the form /dev/palisadeNNN, that
-  link needs to change to /dev/trimbleNNN.
-
-* If you had a refclock on a path of the form /dev/actsNNN, that
-  link needs to change to /dev/modemNNN.
-
-* The -!m, ->, and -< options of some Classic commands are not
-  supported.  (The argument-parsing framework code that implemented
-  them in Classic was overcomplicated and buggy and had to be removed.)
-
-* The shortname of --help options is now -h, not -?
-
-* An instance of +ntpq+ built from the NTPsec code
-  querying a legacy NTP daemon will not automatically display
-  peers with 127.127.127.t.u addresses as refclocks; that assumption
-  has been removed from the NTPsec code as part of
-  getting it fully IPv6-ready.
+For differences between NTPsec and legacy versions, see
+link:ntpsec.html[this summary].
 
 [[platforms]]
 == Supported platforms ==


=====================================
docs/ntpsec.txt
=====================================
--- /dev/null
+++ b/docs/ntpsec.txt
@@ -0,0 +1,235 @@
+= Differences from NTP Classic =
+
+[cols="10%,90%",frame="none",grid="none",style="verse"]
+|==============================
+|image:pic/clocktower128.png[]|The NTPsec logo
+
+Accept no imitations.
+|==============================
+
+== Related Links ==
+
+* A list of all links is on the link:sitemap.html[Site Map] page.
+
+'''''
+
+== Table of Contents ==
+
+* link:#intro[Introduction]
+* link:#incompatible[Incompatible Changes]
+* link:#security[Security Improvements]
+* link:#timesync[Time Synchronization Improvements]
+* link:#configuration[Configuration Improvements]
+* link:#other[Other user-visible changes]
+
+[intro] 
+== Differences from NTP Classic ==
+
+The design objectives of this distribution, NTPsec, are in
+many ways a break with NTP's past.  We have deliberately jettisoned
+support for ancient legacy hardware and operating systems in order to
+ship code that is security-hardened, simpler, drastically less bulky,
+easier to understand, and easier to maintain.
+
+We retain, however, almost full compatibility and interoperation with
+NTP Classic.  The qualification "almost" is required mainly because we
+do not support the Autokey (RFC 5906) public-key encryption scheme. It
+had interoperability and exploitable vulnerability issues too severe
+to be patched.  We are participating in an IETF effort to develop
+better security features.
+
+This project began as an effort to address serious security issues
+with NTP Classic, and we intend to keep a particularly strong focus on
+code security and code verifiability.
+
+Most of the changes are under the hood, internal to the codebase.  A
+few will be user-visible.
+
+[incompatible]
+== Incompatible Changes ==
+
+Normally NTPsec is a drop-in replacement for legacy versions. We have
+tried to hold incompatible changes to a minimum, but there are a
+few.  Some can be reverted by building the software in strict
+compatibility mode with --enable-classic-mode (note that this is
+a build-time switch, not a run-time one).
+
+* The +sntp+ program has been renamed +ntpdig+ in order to make
+  NTP installables have a uniform name prefix and take up less
+  namespace. Also, +ntp-keygen+ is now +ntpkeygen+, +ntp-wait+
+  is ntpwait, and +update-leap+ is now +ntpleapfetch+.
+
+* Log timestamps look a little different; they are now in ISO 8601 format.
+  Reverted in the --enable-classic-mode build.
+
+* Clock identifiers in log files are normally the driver shortname
+  followed by the unit number in parentheses, rather than the magic IP
+  addresses formerly used.  Reverted in the --enable-classic-mode build.
+
+* The -!m, ->, and -< options of some Classic commands are not
+  supported.  (The argument-parsing framework code that implemented
+  them in Classic was overcomplicated and buggy and had to be removed.)
+
+* The shortname of --help options is now -h, not -?
+
+* If you had a refclock on a path of the form /dev/palisadeNNN, that
+  link needs to change to /dev/trimbleNNN.
+
+* If you had a refclock on a path of the form /dev/actsNNN, that
+  link needs to change to /dev/modemNNN.
+
+* An instance of +ntpq+ built from the NTPsec code
+  querying a legacy NTP daemon will not automatically display
+  peers with 127.127.127.t.u addresses as refclocks; that assumption
+  has been removed from the NTPsec code as part of
+  getting it fully IPv6-ready.
+
+[security]
+== Security Improvements ==
+
+We have spent more effort than anything else on reducing attack
+surface and hardening code.  In toto, more than 70% of the NTP Classic
+codebase has been outright removed, with less than 5% new code added.
+
+* The deprecated ntpdc utility, long a chronic locus of security
+  vulnerabilities, has been removed.  Its function has been merged
+  into +ntpq+.
+
+* Autokey is not supported; that code has been
+  removed, as it was chronically prone to security vulnerabilities.
+
+* peer mode has been removed.  The keyword peer in ntp.conf is now
+  just an alias for keyword server.
+
+* Broadcast- and multicast client modes, which are impossible to
+  secure, have been removed. Broadcast (but not multicast) service can
+  still be enabled, though this is a deprecated and unsupported mode
+  of operation and may be entirely removed in a future release.
+
+* The authentication requirement for remote configuration commands
+  (e.g., via +ntpq+) can no longer be disabled.
+
+* The deprecated and vulnerability-prone ntpdate program has been
+  replaced with a shell wrapper around ntpdig.  Its -e and -p
+  options are not implemented. It is no longer documented, but can be
+  found in the attic/ directory of the source distribution.
+
+* A large number of obsolete refclocks have been removed in order to
+  reduce attack surface, code bulk, and documentation complexity.
+
+* Various features related to runtime dumping of the configuration
+  state have been removed for security reasons.  These include the
+  saveconfig command in ntpq, the --saveconfigquit option of ntpd, and
+  the implementation of related config declarations in ntp.conf.
+
+* Likewise, the poorly-documented ntpdsim code has also been removed
+  to gain a significant reduction in code complexity.
+
+* The ntpsnmpd daemon, incomplete and not conformant with RFC 5907,
+  has been removed.
+
+* The 'trap' feature has been removed.  It was broken by bit-rot in
+  recent versions of NTP Classic, and if not broken would have been at
+  high risk for bugs that would enable DoS vulnerabilities.
+
+* Interleave mode has been removed.  It didn't work correctly (there
+  was an implementation error in the timestamp handling), so no point
+  in allowing it to increase attack surface.
+
+* The code has been systematically hardened, with unsafe string
+  copy and formatting functions replaced by safe (bounded) ones.
+
+[timesync]
+== Time-synchronization improvements ==
+
+* Internally, there is more consistent use of nanosecond precision.
+  A visible effect of this is that time stepping with sufficiently
+  high-precision time sources could be accurate down to nanoseconds
+  rather than microseconds; this might actually matter for GPSDOs
+  and high-quality radio clocks.
+
+[clients]
+== Client Tool Improvements ==
+
+* A new tool, +ntpmon+, performs real-time monitoring of your
+  peer and MRU status with efficient (least-cost) querying.
+
+* There is a new data-visualization tool,
+  link:ntpviz.html[+ntpviz+], which can produce various useful and
+  interesting plots from the NTP statistics logs.  These should assist in
+  monitoring a time-server's performance, fixing configuration
+  problems, and identifying noise sources in network weather and
+  elsewhere.
+
+* Because +ntpviz+ exists, a number of ancient and poorly-documented
+  scripts in awk, Perl, and S, formerly used for making statistical
+  summaries, have been removed from the distribution in order to
+  reduce overall maintenance burden and complexity. If you miss any
+  of this cruft, the project team will (a) be quite surprised, and (b)
+  work with you on better analytics using ntpviz and modern tools.
+
+* The ntpq utility resizes its display to take advantage of wide
+  terminal windows, allowing more space for long peer addresses.
+
+* When running as root, the ntpq utility looks in /etc/ntp.conf and
+  /usr/local/etc/ntp.keys to find credentials for control requests
+  that require authentication. Thus it is not necessary to enter
+  them by hand.
+
+* A new utility, +ntpfrob+, collects several small diagnostic functions
+  for reading and tweaking the local clock hardware, including reading
+  the clock tick rate, precision, and jitter. Part of it formerly
+  traveled as +tickadj+.
+
+[configuration]
+== Configuration Improvements ==
+
+* The notorious collision between pool and nopeer in older
+  implementations has been fixed; the pool keyword is now fully
+  usable.
+
+* There is a new, simpler syntax for declaring refclocks.  The old
+  syntax with the magic 127.127.t.u addresses and fudge command is
+  still supported, but no longer documented.  It may be removed in a
+  future release.  Relevant examples of the new syntax are included on
+  each refclock page.  One major feature of the new syntax is that
+  refclock drivers are referred to by names, not numbers.
+
+* For the generic (parse) driver only: Using the new refclock syntax,
+  the maximum number of units that can be set up changes from 4
+  (numbers 0-3) to unlimited.  However, the old magic-address syntax
+  will not work correctly - you _must_ use the new syntax to declare
+  generic-driver refclocks.  If the software was compiled with the
+  --enable-classic-mode switch, the foregoing is reversed.
+
+* The includefile directive now evaluates relative pathnames not with
+  respect to the current working directory but with respect to the
+  directory name of the last pushed file in the stack.  This means
+  that you can run ntpd from any directory with "includefile foo"
+  in /etc/ntp.conf finding /etc/foo rather than looking for foo in
+  ypur current directory.
+
+* It is now possible to set the peer maximum dispersion with "tos
+  maxdisp". See RFC 5905 for discussion of this synchronization
+  parameter.
+
+* The default baudrate of the NMEA driver has been changed to 9600 to
+  match the default speed of almost all modern GPSes.  The code can be
+  built in a strict NTP Classic compatibility mode that restores the
+  old 4800bps default.
+
+* Most refclock drivers now support configuration options to override the
+  default device path, the default PPS device path (if any) and the
+  serial baud rate.
+
+[other]
+== Other user-visible changes ==
+
+* The documentation has been extensively updated and revised.  One
+  important change is that manual pages are now generated from the
+  same masters as this web documentation, so the two will no longer
+  drift out of synchronization.
+
+'''''
+
+include::includes/footer.txt[]


=====================================
docs/pic/clocktower128.png
=====================================
Binary files /dev/null and b/docs/pic/clocktower128.png differ



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/b5296a61cb98540bf2d0756cac262c5b26142cce...abd985c54a456d0972a5a27205265d79d635096a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20161217/2bcdcc31/attachment.html>

More information about the vc mailing list