| ntp.conf.def (294554) | ntp.conf.def (298695) |
|---|---|
| 1/* -*- Mode: Text -*- */ 2 3autogen definitions options; 4 5#include copyright.def 6 7// We want the synopsis to be "/etc/ntp.conf" but we need the prog-name 8// to be ntp.conf - the latter is also how autogen produces the output --- 99 unchanged lines hidden (view full) --- 108only those options applicable to each command are listed below. 109Use 110of options not listed may not be caught as an error, but may result 111in some weird and even destructive behavior. 112.Pp 113If the Basic Socket Interface Extensions for IPv6 (RFC-2553) 114is detected, support for the IPv6 address family is generated 115in addition to the default support of the IPv4 address family. | 1/* -*- Mode: Text -*- */ 2 3autogen definitions options; 4 5#include copyright.def 6 7// We want the synopsis to be "/etc/ntp.conf" but we need the prog-name 8// to be ntp.conf - the latter is also how autogen produces the output --- 99 unchanged lines hidden (view full) --- 108only those options applicable to each command are listed below. 109Use 110of options not listed may not be caught as an error, but may result 111in some weird and even destructive behavior. 112.Pp 113If the Basic Socket Interface Extensions for IPv6 (RFC-2553) 114is detected, support for the IPv6 address family is generated 115in addition to the default support of the IPv4 address family. |
| 116In a few cases, including the reslist billboard generated 117by ntpdc, IPv6 addresses are automatically generated. | 116In a few cases, including the 117.Cm reslist 118billboard generated 119by 120.Xr ntpq 1ntpqmdoc 121or 122.Xr ntpdc 1ntpdcmdoc , 123IPv6 addresses are automatically generated. |
| 118IPv6 addresses can be identified by the presence of colons 119.Dq \&: 120in the address field. 121IPv6 addresses can be used almost everywhere where 122IPv4 addresses can be used, 123with the exception of reference clock addresses, 124which are always IPv4. 125.Pp --- 18 unchanged lines hidden (view full) --- 144.It Xo Ic server Ar address 145.Op Cm key Ar key \&| Cm autokey 146.Op Cm burst 147.Op Cm iburst 148.Op Cm version Ar version 149.Op Cm prefer 150.Op Cm minpoll Ar minpoll 151.Op Cm maxpoll Ar maxpoll | 124IPv6 addresses can be identified by the presence of colons 125.Dq \&: 126in the address field. 127IPv6 addresses can be used almost everywhere where 128IPv4 addresses can be used, 129with the exception of reference clock addresses, 130which are always IPv4. 131.Pp --- 18 unchanged lines hidden (view full) --- 150.It Xo Ic server Ar address 151.Op Cm key Ar key \&| Cm autokey 152.Op Cm burst 153.Op Cm iburst 154.Op Cm version Ar version 155.Op Cm prefer 156.Op Cm minpoll Ar minpoll 157.Op Cm maxpoll Ar maxpoll |
| 158.Op Cm true |
|
| 152.Xc 153.It Xo Ic peer Ar address 154.Op Cm key Ar key \&| Cm autokey 155.Op Cm version Ar version 156.Op Cm prefer 157.Op Cm minpoll Ar minpoll 158.Op Cm maxpoll Ar maxpoll | 159.Xc 160.It Xo Ic peer Ar address 161.Op Cm key Ar key \&| Cm autokey 162.Op Cm version Ar version 163.Op Cm prefer 164.Op Cm minpoll Ar minpoll 165.Op Cm maxpoll Ar maxpoll |
| 166.Op Cm true 167.Op Cm xleave |
|
| 159.Xc 160.It Xo Ic broadcast Ar address 161.Op Cm key Ar key \&| Cm autokey 162.Op Cm version Ar version 163.Op Cm prefer 164.Op Cm minpoll Ar minpoll 165.Op Cm ttl Ar ttl | 168.Xc 169.It Xo Ic broadcast Ar address 170.Op Cm key Ar key \&| Cm autokey 171.Op Cm version Ar version 172.Op Cm prefer 173.Op Cm minpoll Ar minpoll 174.Op Cm ttl Ar ttl |
| 175.Op Cm xleave |
|
| 166.Xc 167.It Xo Ic manycastclient Ar address 168.Op Cm key Ar key \&| Cm autokey 169.Op Cm version Ar version 170.Op Cm prefer 171.Op Cm minpoll Ar minpoll 172.Op Cm maxpoll Ar maxpoll 173.Op Cm ttl Ar ttl --- 109 unchanged lines hidden (view full) --- 283include authentication fields encrypted using the autokey scheme 284described in 285.Sx Authentication Options . 286.It Cm burst 287when the server is reachable, send a burst of eight packets 288instead of the usual one. 289The packet spacing is normally 2 s; 290however, the spacing between the first and second packets | 176.Xc 177.It Xo Ic manycastclient Ar address 178.Op Cm key Ar key \&| Cm autokey 179.Op Cm version Ar version 180.Op Cm prefer 181.Op Cm minpoll Ar minpoll 182.Op Cm maxpoll Ar maxpoll 183.Op Cm ttl Ar ttl --- 109 unchanged lines hidden (view full) --- 293include authentication fields encrypted using the autokey scheme 294described in 295.Sx Authentication Options . 296.It Cm burst 297when the server is reachable, send a burst of eight packets 298instead of the usual one. 299The packet spacing is normally 2 s; 300however, the spacing between the first and second packets |
| 291can be changed with the calldelay command to allow | 301can be changed with the 302.Ic calldelay 303command to allow |
| 292additional time for a modem or ISDN call to complete. 293This is designed to improve timekeeping quality 294with the 295.Ic server 296command and s addresses. 297.It Cm iburst 298When the server is unreachable, send a burst of eight packets 299instead of the usual one. 300The packet spacing is normally 2 s; 301however, the spacing between the first two packets can be | 304additional time for a modem or ISDN call to complete. 305This is designed to improve timekeeping quality 306with the 307.Ic server 308command and s addresses. 309.It Cm iburst 310When the server is unreachable, send a burst of eight packets 311instead of the usual one. 312The packet spacing is normally 2 s; 313however, the spacing between the first two packets can be |
| 302changed with the calldelay command to allow | 314changed with the 315.Ic calldelay 316command to allow |
| 303additional time for a modem or ISDN call to complete. 304This is designed to speed the initial synchronization 305acquisition with the 306.Ic server 307command and s addresses and when 308.Xr ntpd 1ntpdmdoc 309is started with the 310.Fl q --- 16 unchanged lines hidden (view full) --- 327The 328minimum poll interval defaults to 6 (64 s), but can be decreased by 329the 330.Cm minpoll 331option to a lower limit of 4 (16 s). 332.It Cm noselect 333Marks the server as unused, except for display purposes. 334The server is discarded by the selection algroithm. | 317additional time for a modem or ISDN call to complete. 318This is designed to speed the initial synchronization 319acquisition with the 320.Ic server 321command and s addresses and when 322.Xr ntpd 1ntpdmdoc 323is started with the 324.Fl q --- 16 unchanged lines hidden (view full) --- 341The 342minimum poll interval defaults to 6 (64 s), but can be decreased by 343the 344.Cm minpoll 345option to a lower limit of 4 (16 s). 346.It Cm noselect 347Marks the server as unused, except for display purposes. 348The server is discarded by the selection algroithm. |
| 349.It Cm preempt 350Says the association can be preempted. 351.It Cm true 352Marks the server as a truechimer. 353Use this option only for testing. |
|
| 335.It Cm prefer 336Marks the server as preferred. 337All other things being equal, 338this host will be chosen for synchronization among a set of 339correctly operating hosts. 340See the 341.Qq Mitigation Rules and the prefer Keyword 342page 343(available as part of the HTML documentation 344provided in 345.Pa /usr/share/doc/ntp ) 346for further information. | 354.It Cm prefer 355Marks the server as preferred. 356All other things being equal, 357this host will be chosen for synchronization among a set of 358correctly operating hosts. 359See the 360.Qq Mitigation Rules and the prefer Keyword 361page 362(available as part of the HTML documentation 363provided in 364.Pa /usr/share/doc/ntp ) 365for further information. |
| 366.It Cm true 367Forces the association to always survive the selection and clustering algorithms. 368This option should almost certainly 369.Em only 370be used while testing an association. |
|
| 347.It Cm ttl Ar ttl 348This option is used only with broadcast server and manycast 349client modes. 350It specifies the time-to-live 351.Ar ttl 352to 353use on broadcast server and multicast server and the maximum 354.Ar ttl 355for the expanding ring search with manycast 356client packets. 357Selection of the proper value, which defaults to 358127, is something of a black art and should be coordinated with the 359network administrator. 360.It Cm version Ar version 361Specifies the version number to be used for outgoing NTP 362packets. 363Versions 1-4 are the choices, with version 4 the 364default. | 371.It Cm ttl Ar ttl 372This option is used only with broadcast server and manycast 373client modes. 374It specifies the time-to-live 375.Ar ttl 376to 377use on broadcast server and multicast server and the maximum 378.Ar ttl 379for the expanding ring search with manycast 380client packets. 381Selection of the proper value, which defaults to 382127, is something of a black art and should be coordinated with the 383network administrator. 384.It Cm version Ar version 385Specifies the version number to be used for outgoing NTP 386packets. 387Versions 1-4 are the choices, with version 4 the 388default. |
| 389.It Cm xleave 390Valid in 391.Cm peer 392and 393.Cm broadcast 394modes only, this flag enables interleave mode. |
|
| 365.El 366.Ss Auxiliary Commands 367.Bl -tag -width indent 368.It Ic broadcastclient 369This command enables reception of broadcast server messages to 370any local interface (type b) address. 371Upon receiving a message for 372the first time, the broadcast client measures the nominal server --- 129 unchanged lines hidden (view full) --- 502remote configuration commands require cryptographic authentication. 503This flag can be set or reset by the 504.Ic enable 505and 506.Ic disable 507commands and also by remote 508configuration commands sent by a 509.Xr ntpdc 1ntpdcmdoc | 395.El 396.Ss Auxiliary Commands 397.Bl -tag -width indent 398.It Ic broadcastclient 399This command enables reception of broadcast server messages to 400any local interface (type b) address. 401Upon receiving a message for 402the first time, the broadcast client measures the nominal server --- 129 unchanged lines hidden (view full) --- 532remote configuration commands require cryptographic authentication. 533This flag can be set or reset by the 534.Ic enable 535and 536.Ic disable 537commands and also by remote 538configuration commands sent by a 539.Xr ntpdc 1ntpdcmdoc |
| 510program running in | 540program running on |
| 511another machine. 512If this flag is enabled, which is the default 513case, new broadcast client and symmetric passive associations and 514remote configuration commands must be cryptographically 515authenticated using either symmetric key or public key cryptography. 516If this 517flag is disabled, these operations are effective 518even if not cryptographic --- 173 unchanged lines hidden (view full) --- 692However, this is not to say that DNS aliases, different names 693for each interface, etc., are constrained in any way. 694.Pp 695It is also important to note that Autokey verifies authenticity 696using the host name, network address and public keys, 697all of which are bound together by the protocol specifically 698to deflect masquerade attacks. 699For this reason Autokey | 541another machine. 542If this flag is enabled, which is the default 543case, new broadcast client and symmetric passive associations and 544remote configuration commands must be cryptographically 545authenticated using either symmetric key or public key cryptography. 546If this 547flag is disabled, these operations are effective 548even if not cryptographic --- 173 unchanged lines hidden (view full) --- 722However, this is not to say that DNS aliases, different names 723for each interface, etc., are constrained in any way. 724.Pp 725It is also important to note that Autokey verifies authenticity 726using the host name, network address and public keys, 727all of which are bound together by the protocol specifically 728to deflect masquerade attacks. 729For this reason Autokey |
| 700includes the source and destinatino IP addresses in message digest | 730includes the source and destination IP addresses in message digest |
| 701computations and so the same addresses must be available 702at both the server and client. 703For this reason operation 704with network address translation schemes is not possible. 705This reflects the intended robust security model where government 706and corporate NTP servers are operated outside firewall perimeters. 707.Ss Operation 708A specific combination of authentication scheme (none, --- 181 unchanged lines hidden (view full) --- 890in the keys directory. 891.It Cm host Ar file 892Specifies the location of the required host key file. 893This overrides 894the link 895.Pa ntpkey_key_ Ns Ar hostname 896in the keys directory. 897.It Cm iffpar Ar file | 731computations and so the same addresses must be available 732at both the server and client. 733For this reason operation 734with network address translation schemes is not possible. 735This reflects the intended robust security model where government 736and corporate NTP servers are operated outside firewall perimeters. 737.Ss Operation 738A specific combination of authentication scheme (none, --- 181 unchanged lines hidden (view full) --- 920in the keys directory. 921.It Cm host Ar file 922Specifies the location of the required host key file. 923This overrides 924the link 925.Pa ntpkey_key_ Ns Ar hostname 926in the keys directory. 927.It Cm iffpar Ar file |
| 898Specifies the location of the optional IFF parameters file.This 899overrides the link | 928Specifies the location of the optional IFF parameters file. 929This overrides the link |
| 900.Pa ntpkey_iff_ Ns Ar hostname 901in the keys directory. 902.It Cm leap Ar file 903Specifies the location of the optional leapsecond file. 904This overrides the link 905.Pa ntpkey_leap 906in the keys directory. 907.It Cm mvpar Ar file 908Specifies the location of the optional MV parameters file. | 930.Pa ntpkey_iff_ Ns Ar hostname 931in the keys directory. 932.It Cm leap Ar file 933Specifies the location of the optional leapsecond file. 934This overrides the link 935.Pa ntpkey_leap 936in the keys directory. 937.It Cm mvpar Ar file 938Specifies the location of the optional MV parameters file. |
| 909This 910overrides the link | 939This overrides the link |
| 911.Pa ntpkey_mv_ Ns Ar hostname 912in the keys directory. 913.It Cm pw Ar password 914Specifies the password to decrypt files containing private keys and 915identity parameters. 916This is required only if these files have been 917encrypted. 918.It Cm randfile Ar file --- 124 unchanged lines hidden (view full) --- 1043See the 1044.Ic statistics 1045command below 1046for a listing and example of each type of statistics currently 1047supported. 1048Statistic files are managed using file generation sets 1049and scripts in the 1050.Pa ./scripts | 940.Pa ntpkey_mv_ Ns Ar hostname 941in the keys directory. 942.It Cm pw Ar password 943Specifies the password to decrypt files containing private keys and 944identity parameters. 945This is required only if these files have been 946encrypted. 947.It Cm randfile Ar file --- 124 unchanged lines hidden (view full) --- 1072See the 1073.Ic statistics 1074command below 1075for a listing and example of each type of statistics currently 1076supported. 1077Statistic files are managed using file generation sets 1078and scripts in the 1079.Pa ./scripts |
| 1051directory of this distribution. | 1080directory of the source code distribution. |
| 1052Using 1053these facilities and 1054.Ux 1055.Xr cron 8 1056jobs, the data can be 1057automatically summarized and archived for retrospective analysis. 1058.Ss Monitoring Commands 1059.Bl -tag -width indent --- 317 unchanged lines hidden (view full) --- 1377.Cm nolink . 1378If link is specified, a 1379hard link from the current file set element to a file without 1380suffix is created. 1381When there is already a file with this name and 1382the number of links of this file is one, it is renamed appending a 1383dot, the letter 1384.Cm C , | 1081Using 1082these facilities and 1083.Ux 1084.Xr cron 8 1085jobs, the data can be 1086automatically summarized and archived for retrospective analysis. 1087.Ss Monitoring Commands 1088.Bl -tag -width indent --- 317 unchanged lines hidden (view full) --- 1406.Cm nolink . 1407If link is specified, a 1408hard link from the current file set element to a file without 1409suffix is created. 1410When there is already a file with this name and 1411the number of links of this file is one, it is renamed appending a 1412dot, the letter 1413.Cm C , |
| 1385and the pid of the ntpd server process. | 1414and the pid of the 1415.Xr ntpd 1ntpdmdoc 1416server process. |
| 1386When the 1387number of links is greater than one, the file is unlinked. 1388This 1389allows the current file to be accessed by a constant name. 1390.It Cm enable \&| Cm disable 1391Enables or disables the recording function. 1392.El 1393.El --- 26 unchanged lines hidden (view full) --- 1420While this facility may 1421be useful for keeping unwanted or broken or malicious clients 1422from congesting innocent servers, it should not be considered 1423an alternative to the NTP authentication facilities. 1424Source address based restrictions are easily circumvented 1425by a determined cracker. 1426.Pp 1427Clients can be denied service because they are explicitly | 1417When the 1418number of links is greater than one, the file is unlinked. 1419This 1420allows the current file to be accessed by a constant name. 1421.It Cm enable \&| Cm disable 1422Enables or disables the recording function. 1423.El 1424.El --- 26 unchanged lines hidden (view full) --- 1451While this facility may 1452be useful for keeping unwanted or broken or malicious clients 1453from congesting innocent servers, it should not be considered 1454an alternative to the NTP authentication facilities. 1455Source address based restrictions are easily circumvented 1456by a determined cracker. 1457.Pp 1458Clients can be denied service because they are explicitly |
| 1428included in the restrict list created by the restrict command | 1459included in the restrict list created by the 1460.Ic restrict 1461command |
| 1429or implicitly as the result of cryptographic or rate limit 1430violations. 1431Cryptographic violations include certificate 1432or identity verification failure; rate limit violations generally 1433result from defective NTP implementations that send packets 1434at abusive rates. 1435Some violations cause denied service 1436only for the offending packet, others cause denied service 1437for a timed period and others cause the denied service for | 1462or implicitly as the result of cryptographic or rate limit 1463violations. 1464Cryptographic violations include certificate 1465or identity verification failure; rate limit violations generally 1466result from defective NTP implementations that send packets 1467at abusive rates. 1468Some violations cause denied service 1469only for the offending packet, others cause denied service 1470for a timed period and others cause the denied service for |
| 1438an indefinate period. | 1471an indefinite period. |
| 1439When a client or network is denied access | 1472When a client or network is denied access |
| 1440for an indefinate period, the only way at present to remove | 1473for an indefinite period, the only way at present to remove |
| 1441the restrictions is by restarting the server. 1442.Ss The Kiss-of-Death Packet 1443Ordinarily, packets denied service are simply dropped with no 1444further action except incrementing statistics counters. 1445Sometimes a 1446more proactive response is needed, such as a server message that 1447explicitly requests the client to stop sending and leave a message 1448for the system operator. --- 41 unchanged lines hidden (view full) --- 1490subcommand specifies the minimum average packet 1491spacing, while the 1492.Cm minimum 1493subcommand specifies the minimum packet spacing. 1494Packets that violate these minima are discarded 1495and a kiss-o'-death packet returned if enabled. 1496The default 1497minimum average and minimum are 5 and 2, respectively. | 1474the restrictions is by restarting the server. 1475.Ss The Kiss-of-Death Packet 1476Ordinarily, packets denied service are simply dropped with no 1477further action except incrementing statistics counters. 1478Sometimes a 1479more proactive response is needed, such as a server message that 1480explicitly requests the client to stop sending and leave a message 1481for the system operator. --- 41 unchanged lines hidden (view full) --- 1523subcommand specifies the minimum average packet 1524spacing, while the 1525.Cm minimum 1526subcommand specifies the minimum packet spacing. 1527Packets that violate these minima are discarded 1528and a kiss-o'-death packet returned if enabled. 1529The default 1530minimum average and minimum are 5 and 2, respectively. |
| 1498The monitor subcommand specifies the probability of discard | 1531The 1532.Ic monitor 1533subcommand specifies the probability of discard |
| 1499for packets that overflow the rate-control window. 1500.It Xo Ic restrict address 1501.Op Cm mask Ar mask 1502.Op Ar flag ... 1503.Xc 1504The 1505.Ar address 1506argument expressed in --- 42 unchanged lines hidden (view full) --- 1549If this flag is set when an access violation occurs, a kiss-o'-death 1550(KoD) packet is sent. 1551KoD packets are rate limited to no more than one 1552per second. 1553If another KoD packet occurs within one second after the 1554last one, the packet is dropped. 1555.It Cm limited 1556Deny service if the packet spacing violates the lower limits specified | 1534for packets that overflow the rate-control window. 1535.It Xo Ic restrict address 1536.Op Cm mask Ar mask 1537.Op Ar flag ... 1538.Xc 1539The 1540.Ar address 1541argument expressed in --- 42 unchanged lines hidden (view full) --- 1584If this flag is set when an access violation occurs, a kiss-o'-death 1585(KoD) packet is sent. 1586KoD packets are rate limited to no more than one 1587per second. 1588If another KoD packet occurs within one second after the 1589last one, the packet is dropped. 1590.It Cm limited 1591Deny service if the packet spacing violates the lower limits specified |
| 1557in the discard command. | 1592in the 1593.Ic discard 1594command. |
| 1558A history of clients is kept using the 1559monitoring capability of 1560.Xr ntpd 1ntpdmdoc . 1561Thus, monitoring is always active as 1562long as there is a restriction entry with the 1563.Cm limited 1564flag. 1565.It Cm lowpriotrap --- 43 unchanged lines hidden (view full) --- 1609Deny all packets except 1610.Xr ntpq 1ntpqmdoc 1611and 1612.Xr ntpdc 1ntpdcmdoc 1613queries. 1614.It Cm notrap 1615Decline to provide mode 6 control message trap service to matching 1616hosts. | 1595A history of clients is kept using the 1596monitoring capability of 1597.Xr ntpd 1ntpdmdoc . 1598Thus, monitoring is always active as 1599long as there is a restriction entry with the 1600.Cm limited 1601flag. 1602.It Cm lowpriotrap --- 43 unchanged lines hidden (view full) --- 1646Deny all packets except 1647.Xr ntpq 1ntpqmdoc 1648and 1649.Xr ntpdc 1ntpdcmdoc 1650queries. 1651.It Cm notrap 1652Decline to provide mode 6 control message trap service to matching 1653hosts. |
| 1617The trap service is a subsystem of the ntpdq control message | 1654The trap service is a subsystem of the 1655.Xr ntpq 1ntpqmdoc 1656control message |
| 1618protocol which is intended for use by remote event logging programs. 1619.It Cm notrust 1620Deny service unless the packet is cryptographically authenticated. 1621.It Cm ntpport 1622This is actually a match algorithm modifier, rather than a 1623restriction flag. 1624Its presence causes the restriction entry to be 1625matched only if the source port in the packet is the standard NTP --- 50 unchanged lines hidden (view full) --- 1676large key sizes. 1677It is implemented using the Autokey protocol and 1678the OpenSSL cryptographic library available from 1679.Li http://www.openssl.org/ . 1680The library can also be used with other NTPv4 modes 1681as well and is highly recommended, especially for broadcast modes. 1682.Pp 1683A persistent manycast client association is configured | 1657protocol which is intended for use by remote event logging programs. 1658.It Cm notrust 1659Deny service unless the packet is cryptographically authenticated. 1660.It Cm ntpport 1661This is actually a match algorithm modifier, rather than a 1662restriction flag. 1663Its presence causes the restriction entry to be 1664matched only if the source port in the packet is the standard NTP --- 50 unchanged lines hidden (view full) --- 1715large key sizes. 1716It is implemented using the Autokey protocol and 1717the OpenSSL cryptographic library available from 1718.Li http://www.openssl.org/ . 1719The library can also be used with other NTPv4 modes 1720as well and is highly recommended, especially for broadcast modes. 1721.Pp 1722A persistent manycast client association is configured |
| 1684using the manycastclient command, which is similar to the 1685server command but with a multicast (IPv4 class | 1723using the 1724.Ic manycastclient 1725command, which is similar to the 1726.Ic server 1727command but with a multicast (IPv4 class |
| 1686.Cm D 1687or IPv6 prefix 1688.Cm FF ) 1689group address. 1690The IANA has designated IPv4 address 224.1.1.1 1691and IPv6 address FF05::101 (site local) for NTP. 1692When more servers are needed, it broadcasts manycast 1693client messages to this address at the minimum feasible rate --- 53 unchanged lines hidden (view full) --- 1747which starts out at the 1748.Cm minpoll 1749value specified in the 1750.Ic manycastclient , 1751command and, under normal circumstances, increments to the 1752.Cm maxpolll 1753value specified in this command. 1754Initially, the TTL is | 1728.Cm D 1729or IPv6 prefix 1730.Cm FF ) 1731group address. 1732The IANA has designated IPv4 address 224.1.1.1 1733and IPv6 address FF05::101 (site local) for NTP. 1734When more servers are needed, it broadcasts manycast 1735client messages to this address at the minimum feasible rate --- 53 unchanged lines hidden (view full) --- 1789which starts out at the 1790.Cm minpoll 1791value specified in the 1792.Ic manycastclient , 1793command and, under normal circumstances, increments to the 1794.Cm maxpolll 1795value specified in this command. 1796Initially, the TTL is |
| 1755set at the minimum hops specified by the ttl command. | 1797set at the minimum hops specified by the 1798.Ic ttl 1799command. |
| 1756At each retransmission the TTL is increased until reaching 1757the maximum hops specified by this command or a sufficient 1758number client associations have been found. 1759Further retransmissions use the same TTL. 1760.Pp 1761The quality and reliability of the suite of associations 1762discovered by the manycast client is determined by the NTP 1763mitigation algorithms and the --- 621 unchanged lines hidden (view full) --- 2385this file to replace the old version. 2386This implies that 2387.Xr ntpd 1ntpdmdoc 2388must have write permission for the directory the 2389drift file is located in, and that file system links, symbolic or 2390otherwise, should be avoided. 2391.It Ic dscp Ar value 2392This option specifies the Differentiated Services Control Point (DSCP) value, | 1800At each retransmission the TTL is increased until reaching 1801the maximum hops specified by this command or a sufficient 1802number client associations have been found. 1803Further retransmissions use the same TTL. 1804.Pp 1805The quality and reliability of the suite of associations 1806discovered by the manycast client is determined by the NTP 1807mitigation algorithms and the --- 621 unchanged lines hidden (view full) --- 2429this file to replace the old version. 2430This implies that 2431.Xr ntpd 1ntpdmdoc 2432must have write permission for the directory the 2433drift file is located in, and that file system links, symbolic or 2434otherwise, should be avoided. 2435.It Ic dscp Ar value 2436This option specifies the Differentiated Services Control Point (DSCP) value, |
| 2393a 6-bit code. The default value is 46, signifying Expedited Forwarding. | 2437a 6-bit code. 2438The default value is 46, signifying Expedited Forwarding. |
| 2394.It Xo Ic enable 2395.Oo 2396.Cm auth | Cm bclient | 2397.Cm calibrate | Cm kernel | 2398.Cm mode7 | Cm monitor | 2399.Cm ntp | Cm stats | 2400.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early 2401.Oc --- 222 unchanged lines hidden (view full) --- 2624the event class. 2625The 2626.Cm all 2627prefix can be used instead of a message class. 2628A 2629message class may also be followed by the 2630.Cm all 2631keyword to enable/disable all | 2439.It Xo Ic enable 2440.Oo 2441.Cm auth | Cm bclient | 2442.Cm calibrate | Cm kernel | 2443.Cm mode7 | Cm monitor | 2444.Cm ntp | Cm stats | 2445.Cm unpeer_crypto_early | Cm unpeer_crypto_nak_early | Cm unpeer_digest_early 2446.Oc --- 222 unchanged lines hidden (view full) --- 2669the event class. 2670The 2671.Cm all 2672prefix can be used instead of a message class. 2673A 2674message class may also be followed by the 2675.Cm all 2676keyword to enable/disable all |
| 2632messages of the respective message class.Thus, a minimal log configuration | 2677messages of the respective message class. 2678Thus, a minimal log configuration |
| 2633could look like this: 2634.Bd -literal 2635logconfig =syncstatus +sysevents 2636.Ed 2637.Pp 2638This would just list the synchronizations state of 2639.Xr ntpd 1ntpdmdoc 2640and the major system events. --- 7 unchanged lines hidden (view full) --- 2648synchronization information. 2649All other events and messages about 2650peers, system events and so on is suppressed. 2651.It Ic logfile Ar logfile 2652This command specifies the location of an alternate log file to 2653be used instead of the default system 2654.Xr syslog 3 2655facility. | 2679could look like this: 2680.Bd -literal 2681logconfig =syncstatus +sysevents 2682.Ed 2683.Pp 2684This would just list the synchronizations state of 2685.Xr ntpd 1ntpdmdoc 2686and the major system events. --- 7 unchanged lines hidden (view full) --- 2694synchronization information. 2695All other events and messages about 2696peers, system events and so on is suppressed. 2697.It Ic logfile Ar logfile 2698This command specifies the location of an alternate log file to 2699be used instead of the default system 2700.Xr syslog 3 2701facility. |
| 2656This is the same operation as the -l command line option. | 2702This is the same operation as the 2703.Fl l 2704command line option. |
| 2657.It Ic setvar Ar variable Op Cm default 2658This command adds an additional system variable. 2659These 2660variables can be used to distribute additional information such as 2661the access policy. 2662If the variable of the form 2663.Sm off 2664.Va name = Ar value --- 135 unchanged lines hidden (view full) --- 2800-1 means "do not lock the process into memory". 28010 means "lock whatever memory the process wants into memory". 2802.It Cm stacksize Ar N4kPages 2803Specifies the maximum size of the process stack on systems with the 2804.Fn mlockall 2805function. 2806Defaults to 50 4k pages (200 4k pages in OpenBSD). 2807.It Cm filenum Ar Nfiledescriptors | 2705.It Ic setvar Ar variable Op Cm default 2706This command adds an additional system variable. 2707These 2708variables can be used to distribute additional information such as 2709the access policy. 2710If the variable of the form 2711.Sm off 2712.Va name = Ar value --- 135 unchanged lines hidden (view full) --- 2848-1 means "do not lock the process into memory". 28490 means "lock whatever memory the process wants into memory". 2850.It Cm stacksize Ar N4kPages 2851Specifies the maximum size of the process stack on systems with the 2852.Fn mlockall 2853function. 2854Defaults to 50 4k pages (200 4k pages in OpenBSD). 2855.It Cm filenum Ar Nfiledescriptors |
| 2808Specifies the maximum number of file descriptors ntpd may have open at once. Defaults to the system default. | 2856Specifies the maximum number of file descriptors ntpd may have open at once. 2857Defaults to the system default. |
| 2809.El 2810.It Xo Ic trap Ar host_address 2811.Op Cm port Ar port_number 2812.Op Cm interface Ar interface_address 2813.Xc 2814This command configures a trap receiver at the given host 2815address and port number for sending messages with the specified 2816local interface address. --- 90 unchanged lines hidden --- | 2858.El 2859.It Xo Ic trap Ar host_address 2860.Op Cm port Ar port_number 2861.Op Cm interface Ar interface_address 2862.Xc 2863This command configures a trap receiver at the given host 2864address and port number for sending messages with the specified 2865local interface address. --- 90 unchanged lines hidden --- |