[ntp:questions] ntpd 4.2.7p230 defaults to ignoring ntpdc queries

steven Sommars stevesommarsntp at gmail.com
Sat Nov 5 15:45:18 UTC 2011


Dave,

How do you see the ntpdc (/ntpd/ntpdc)  transition happening?      [I
expect most post 4.2.7p230 ntpd builds to use the default options]

http://www.eecis.udel.edu/~mills/ntp/html/ntpdc.html makes no mention of an
upcoming obsolescence/deprecation and likely few ntpdc users have planned
for it.     Was there an announcement or web page?  ntpdate is covered in
https://support.ntp.org/bin/view/Dev/DeprecatingNtpdate .
https://support.ntp.org/bin/view/Dev/DeprecatingNtpdc is only a placeholder.

To query a mix of ntpd server versions will now require use of a new ntpq
and a (deprecated) ntpdc and logic to determine which to use.    Smoother
transition schemes are possible but may run counter to the simplification
goals.

With its smaller user base deprecating ntpdc should be less contentious
than ntpdate was.  I don't object to the changes(mode 7 is ugly), but
believe that some documentation work (e.g,. in DeprecatingNtpdc) may be
worthwhile.

Steve Sommars

On Thu, Nov 3, 2011 at 4:14 PM, Dave Hart <hart at ntp.org> wrote:

> For a long time, ntpq and its mostly text-based mode 6 (control)
> protocol have been preferred over ntpdc and its mode 7 (private
> request) protocol for runtime queries and configuration.  There has
> been a goal of deprecating ntpdc, previously held back by numerous
> capabilities exposed by ntpdc with no ntpq equivalent.  I have been
> adding commands to ntpq to cover these cases, and I believe I've
> covered them all, though I've not compared command-by-command
> recently.
>
> As I've said previously, the binary mode 7 protocol involves a lot of
> hand-rolled structure layout and byte-swapping code in both ntpd and
> ntpdc which is hard to get right.  As ntpd grows and changes, the
> changes are difficult to expose via ntpdc while maintaining forward
> and backward compatibility between ntpdc and ntpd.  In contrast,
> ntpq's text-based, label=value approach involves more code reuse and
> allows compatible changes without extra work in most cases.
>
> Mode 7 has always been defined as vendor/implementation-specific while
> mode 6 is described in RFC 1305 and intended to be open to interop
> with other implementations.  There is an early draft of an updated
> mode 6 description that likely will join the other NTPv4 RFCs
> eventually. [1]
>
> For these reasons, ntpd 4.2.7p230 by default disables processing of
> ntpdc queries, reducing ntpd's attack surface and functionally
> deprecating ntpdc.  If you are in the habit of using ntpdc for certain
> operations, please try the ntpq equivalent.  If there's no equivalent,
> please open a bug report at http://bugs.ntp.org./
>
> Thanks,
> Dave Hart
>
> [1] http://tools.ietf.org/html/draft-odonoghue-ntpv4-control-01
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>


More information about the questions mailing list