ntp.conf.man.in (293423) | ntp.conf.man.in (294554) |
---|---|
1.de1 NOP 2. it 1 an-trap 3. if \\n[.$] \,\\$*\/ 4.. 5.ie t \ 6.ds B-Font [CB] 7.ds I-Font [CI] 8.ds R-Font [CR] 9.el \ 10.ds B-Font B 11.ds I-Font I 12.ds R-Font R | 1.de1 NOP 2. it 1 an-trap 3. if \\n[.$] \,\\$*\/ 4.. 5.ie t \ 6.ds B-Font [CB] 7.ds I-Font [CI] 8.ds R-Font [CR] 9.el \ 10.ds B-Font B 11.ds I-Font I 12.ds R-Font R |
13.TH ntp.conf 5 "07 Jan 2016" "4.2.8p5" "File Formats" | 13.TH ntp.conf 5 "20 Jan 2016" "4.2.8p6" "File Formats" |
14.\" | 14.\" |
15.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-8qayqp/ag-Vraqpp) | 15.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-gsaOxR/ag-XsaGwR) |
16.\" | 16.\" |
17.\" It has been AutoGen-ed January 7, 2016 at 11:30:35 PM by AutoGen 5.18.5 | 17.\" It has been AutoGen-ed January 20, 2016 at 04:17:45 AM by AutoGen 5.18.5 |
18.\" From the definitions ntp.conf.def 19.\" and the template file agman-cmd.tpl 20.SH NAME 21\f\*[B-Font]ntp.conf\fP 22\- Network Time Protocol (NTP) daemon configuration file format 23.SH SYNOPSIS 24\f\*[B-Font]ntp.conf\fP 25[\f\*[B-Font]\-\-option-name\f[]] --- 2542 unchanged lines hidden (view full) --- 2568must have write permission for the directory the 2569drift file is located in, and that file system links, symbolic or 2570otherwise, should be avoided. 2571.TP 7 2572.NOP \f\*[B-Font]dscp\f[] \f\*[I-Font]value\f[] 2573This option specifies the Differentiated Services Control Point (DSCP) value, 2574a 6-bit code. The default value is 46, signifying Expedited Forwarding. 2575.TP 7 | 18.\" From the definitions ntp.conf.def 19.\" and the template file agman-cmd.tpl 20.SH NAME 21\f\*[B-Font]ntp.conf\fP 22\- Network Time Protocol (NTP) daemon configuration file format 23.SH SYNOPSIS 24\f\*[B-Font]ntp.conf\fP 25[\f\*[B-Font]\-\-option-name\f[]] --- 2542 unchanged lines hidden (view full) --- 2568must have write permission for the directory the 2569drift file is located in, and that file system links, symbolic or 2570otherwise, should be avoided. 2571.TP 7 2572.NOP \f\*[B-Font]dscp\f[] \f\*[I-Font]value\f[] 2573This option specifies the Differentiated Services Control Point (DSCP) value, 2574a 6-bit code. The default value is 46, signifying Expedited Forwarding. 2575.TP 7 |
2576.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] | 2576.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] |
2577.TP 7 | 2577.TP 7 |
2578.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[]] | 2578.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] |
2579Provides a way to enable or disable various server options. 2580Flags not mentioned are unaffected. 2581Note that all of these flags 2582can be controlled remotely using the 2583\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2584utility program. 2585.RS 2586.TP 7 --- 63 unchanged lines hidden (view full) --- 2650.TP 7 2651.NOP \f\*[B-Font]stats\f[] 2652Enables the statistics facility. 2653See the 2654\fIMonitoring\f[] \fIOptions\f[] 2655section for further information. 2656The default for this flag is 2657\f\*[B-Font]disable\f[]. | 2579Provides a way to enable or disable various server options. 2580Flags not mentioned are unaffected. 2581Note that all of these flags 2582can be controlled remotely using the 2583\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2584utility program. 2585.RS 2586.TP 7 --- 63 unchanged lines hidden (view full) --- 2650.TP 7 2651.NOP \f\*[B-Font]stats\f[] 2652Enables the statistics facility. 2653See the 2654\fIMonitoring\f[] \fIOptions\f[] 2655section for further information. 2656The default for this flag is 2657\f\*[B-Font]disable\f[]. |
2658.TP 7 2659.NOP \f\*[B-Font]unpeer_crypto_early\f[] 2660By default, if 2661\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2662receives an autokey packet that fails TEST9, 2663a crypto failure, 2664the association is immediately cleared. 2665This is almost certainly a feature, 2666but if, in spite of the current recommendation of not using autokey, 2667you are 2668.B still 2669using autokey 2670.B and 2671you are seeing this sort of DoS attack 2672disabling this flag will delay 2673tearing down the association until the reachability counter 2674becomes zero. 2675You can check your 2676\f\*[B-Font]peerstats\f[] 2677file for evidence of any of these attacks. 2678The 2679default for this flag is 2680\f\*[B-Font]enable\f[]. 2681.TP 7 2682.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[] 2683By default, if 2684\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2685receives a crypto-NAK packet that 2686passes the duplicate packet and origin timestamp checks 2687the association is immediately cleared. 2688While this is generally a feature 2689as it allows for quick recovery if a server key has changed, 2690a properly forged and appropriately delivered crypto-NAK packet 2691can be used in a DoS attack. 2692If you have active noticable problems with this type of DoS attack 2693then you should consider 2694disabling this option. 2695You can check your 2696\f\*[B-Font]peerstats\f[] 2697file for evidence of any of these attacks. 2698The 2699default for this flag is 2700\f\*[B-Font]enable\f[]. 2701.TP 7 2702.NOP \f\*[B-Font]unpeer_digest_early\f[] 2703By default, if 2704\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2705receives what should be an authenticated packet 2706that passes other packet sanity checks but 2707contains an invalid digest 2708the association is immediately cleared. 2709While this is generally a feature 2710as it allows for quick recovery, 2711if this type of packet is carefully forged and sent 2712during an appropriate window it can be used for a DoS attack. 2713If you have active noticable problems with this type of DoS attack 2714then you should consider 2715disabling this option. 2716You can check your 2717\f\*[B-Font]peerstats\f[] 2718file for evidence of any of these attacks. 2719The 2720default for this flag is 2721\f\*[B-Font]enable\f[]. |
|
2658.RE 2659.TP 7 2660.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] 2661This command allows additional configuration commands 2662to be included from a separate file. 2663Include files may 2664be nested to a depth of five; upon reaching the end of any 2665include file, command processing resumes in the previous --- 356 unchanged lines hidden (view full) --- 3022David L. Mills, 3023\fINetwork Time Protocol (Version 4)\fR, 3024RFC5905 3025.PP 3026 3027.SH "AUTHORS" 3028The University of Delaware and Network Time Foundation 3029.SH "COPYRIGHT" | 2722.RE 2723.TP 7 2724.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] 2725This command allows additional configuration commands 2726to be included from a separate file. 2727Include files may 2728be nested to a depth of five; upon reaching the end of any 2729include file, command processing resumes in the previous --- 356 unchanged lines hidden (view full) --- 3086David L. Mills, 3087\fINetwork Time Protocol (Version 4)\fR, 3088RFC5905 3089.PP 3090 3091.SH "AUTHORS" 3092The University of Delaware and Network Time Foundation 3093.SH "COPYRIGHT" |
3030Copyright (C) 1992-2015 The University of Delaware and Network Time Foundation all rights reserved. | 3094Copyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved. |
3031This program is released under the terms of the NTP license, <http://ntp.org/license>. 3032.SH BUGS 3033The syntax checking is not picky; some combinations of 3034ridiculous and even hilarious options and modes may not be 3035detected. 3036.sp \n(Ppu 3037.ne 2 3038 --- 17 unchanged lines hidden --- | 3095This program is released under the terms of the NTP license, <http://ntp.org/license>. 3096.SH BUGS 3097The syntax checking is not picky; some combinations of 3098ridiculous and even hilarious options and modes may not be 3099detected. 3100.sp \n(Ppu 3101.ne 2 3102 --- 17 unchanged lines hidden --- |