Summary Report: Refactor and Upgrade ntpd’s Extension Field Handling

September 26, 2023 by Harlan Stenn

NTF is pleased to announce the successful completion of its first ARIN Community Grant, which enabled the NTP Project to finish its efforts to refactor ntpd’s extension field handling. This milestone paves the way for Network Time Security, the NTP Project’s most asked-for feature.

The NTP Project’s Software Reference Implementation of the NTP standard has been the gold standard for synchronized time since the 1980s. It is the base from which almost all of the IETF NTP Standards have been codified and is the only complete reference implementation of NTP.

The first release of NTPv4, an alpha release, happened in September of 1997. NTPv4 added support for an additional data field, known as an extension field, to provide a means to associate additional optional data with an NTP packet. The first use of extension fields was for NTP Autokey, an ephemeral authentication system for NTP packets, using public-key authentication. An updated Autokey (V2) was published in August 2001, as part of ntp-4.1.0.

The first draft of the IETF NTPv4 specification was published in July of 2005. The first draft of the IETF NTP Autokey specification was published in September of 2007, ten years after the initial code release. In the summer of 2010 these Standards were finally ratified.

The extension field code that was originally deployed used the “version 1” data structure. The IETF NTP Autokey specification uses the “version 2” data structure. The IETF also drafted an Autokey replacement, Network Time Security (NTS), which has been accepted as an IETF Standard. NTS uses the “version 2” extension field data structure. As part of the Standards process, the committee decided to change the header structure of the NTPv4 extension field.

In the mean time, Autokey was quickly adopted and rapidly saw well-entrenched use. In order to preserve compatibility with the huge number of deployed ntpd instances, and to future-proof the codebase to support NTS and other new use-cases, the reference implementation needed to support both the legacy extension field format and the new header structure. This would require the NTP Project to to reconcile discrepancies between a widely deployed legacy codebase and the updated extension field headers.

The ARIN 2022 Community Grant enabled the completion of the complex task of reconciling extension field formats within the NTP codebase, with rigorous testing to ensure that this integration did not introduce bugs. The effort involved 126 changed files, 1089 lines of code, and 30283 characters.

The NTP Project’s next steps include:

  • Merging this work into the ntp-dev code branch and getting ntp-dev into the hands of our testers
  • Finishing the work needed to release ntp-4.4, which will include NTS

This focus on NTS addresses a crucial industry need, benefiting reference clock vendors, operating system vendors, enterprise users, NTP Pool operators, and the broader NTP community. The improvements coming in ntp-4.4 are expected to incentivize users to upgrade, offering enhanced security and reduced NTP-related DDoS vulnerabilities.

NTF took the ARIN 2022 Community Grant and delivered a significant milestone in the evolution of NTP, driven by a commitment to modernize while honoring legacy users. The grant was pivotal in achieving these outcomes, ensuring that ntp-4.4 will deliver enhanced time synchronization, security, and reliability to the global Internet community.

Share on: