1181834Sroberto/* -*- Mode: Text -*- */ 2181834Sroberto 3181834Srobertoautogen definitions options; 4181834Sroberto 5285612Sdelphij#include autogen-version.def 6285612Sdelphij#include copyright.def 7285612Sdelphij 8181834Srobertoprog-name = "ntpdc"; 9285612Sdelphijprog-title = "vendor-specific NTPD control program"; 10181834Srobertoargument = '[ host ...]'; 11181834Sroberto 12181834Sroberto#include homerc.def 13181834Sroberto 14181834Srobertoflag = { 15181834Sroberto name = ipv4; 16181834Sroberto value = 4; 17285612Sdelphij flags-cant = ipv6; 18181834Sroberto descrip = "Force IPv4 DNS name resolution"; 19181834Sroberto doc = <<- _EndOfDoc_ 20181834Sroberto Force DNS resolution of following host names on the command line 21181834Sroberto to the IPv4 namespace. 22181834Sroberto _EndOfDoc_; 23181834Sroberto}; 24181834Sroberto 25181834Srobertoflag = { 26181834Sroberto name = ipv6; 27181834Sroberto value = 6; 28285612Sdelphij flags-cant = ipv4; 29181834Sroberto descrip = "Force IPv6 DNS name resolution"; 30181834Sroberto doc = <<- _EndOfDoc_ 31181834Sroberto Force DNS resolution of following host names on the command line 32181834Sroberto to the IPv6 namespace. 33181834Sroberto _EndOfDoc_; 34181834Sroberto}; 35181834Sroberto 36181834Srobertoflag = { 37181834Sroberto name = command; 38181834Sroberto value = c; 39181834Sroberto arg-type = string; 40181834Sroberto descrip = "run a command and exit"; 41181834Sroberto max = NOLIMIT; 42181834Sroberto arg-name = cmd; 43181834Sroberto stack-arg; 44181834Sroberto doc = <<- _EndOfDoc_ 45181834Sroberto The following argument is interpreted as an interactive format command 46181834Sroberto and is added to the list of commands to be executed on the specified 47181834Sroberto host(s). 48181834Sroberto _EndOfDoc_; 49181834Sroberto}; 50181834Sroberto 51285612Sdelphij#include debug-opt.def 52285612Sdelphij 53181834Srobertoflag = { 54285612Sdelphij name = interactive; 55285612Sdelphij value = i; 56285612Sdelphij flags-cant = command, listpeers, peers, showpeers; 57285612Sdelphij descrip = "Force ntpq to operate in interactive mode"; 58285612Sdelphij doc = <<- _EndOfDoc_ 59285612Sdelphij Force ntpq to operate in interactive mode. Prompts will be written 60285612Sdelphij to the standard output and commands read from the standard input. 61285612Sdelphij _EndOfDoc_; 62285612Sdelphij}; 63285612Sdelphij 64285612Sdelphijflag = { 65181834Sroberto name = listpeers; 66181834Sroberto value = l; 67181834Sroberto descrip = "Print a list of the peers"; 68181834Sroberto flags-cant = command; 69181834Sroberto doc = <<- _EndOfDoc_ 70181834Sroberto Print a list of the peers known to the server as well as a summary of 71181834Sroberto their state. This is equivalent to the 'listpeers' interactive command. 72181834Sroberto _EndOfDoc_; 73181834Sroberto}; 74181834Sroberto 75181834Srobertoflag = { 76285612Sdelphij name = numeric; 77285612Sdelphij value = n; 78285612Sdelphij descrip = "numeric host addresses"; 79285612Sdelphij doc = <<- _EndOfDoc_ 80285612Sdelphij Output all host addresses in dotted-quad numeric format rather than 81285612Sdelphij converting to the canonical host names. 82285612Sdelphij _EndOfDoc_; 83285612Sdelphij}; 84285612Sdelphij 85285612Sdelphijflag = { 86181834Sroberto name = peers; 87181834Sroberto value = p; 88181834Sroberto descrip = "Print a list of the peers"; 89181834Sroberto flags-cant = command; 90181834Sroberto doc = <<- _EndOfDoc_ 91181834Sroberto Print a list of the peers known to the server as well as a summary 92181834Sroberto of their state. This is equivalent to the 'peers' interactive command. 93181834Sroberto _EndOfDoc_; 94181834Sroberto}; 95181834Sroberto 96181834Srobertoflag = { 97181834Sroberto name = showpeers; 98181834Sroberto value = s; 99181834Sroberto descrip = "Show a list of the peers"; 100181834Sroberto flags-cant = command; 101181834Sroberto doc = <<- _EndOfDoc_ 102181834Sroberto Print a list of the peers known to the server as well as a summary 103181834Sroberto of their state. This is equivalent to the 'dmpeers' interactive command. 104181834Sroberto _EndOfDoc_; 105181834Sroberto}; 106181834Sroberto 107285612Sdelphij/* explain: Additional information whenever the usage routine is invoked */ 108285612Sdelphijexplain = <<- _END_EXPLAIN 109285612Sdelphij _END_EXPLAIN; 110285612Sdelphij 111285612Sdelphijdoc-section = { 112285612Sdelphij ds-type = 'DESCRIPTION'; 113285612Sdelphij ds-format = 'mdoc'; 114285612Sdelphij ds-text = <<- _END_PROG_MDOC_DESCRIP 115285612Sdelphij.Nm 116285612Sdelphijis deprecated. 117285612SdelphijPlease use 118285612Sdelphij.Xr ntpq 1ntpqmdoc instead - it can do everything 119285612Sdelphij.Nm 120285612Sdelphijused to do, and it does so using a much more sane interface. 121285612Sdelphij.Pp 122285612Sdelphij.Nm 123285612Sdelphijis a utility program used to query 124285612Sdelphij.Xr ntpd 1ntpdmdoc 125285612Sdelphijabout its 126285612Sdelphijcurrent state and to request changes in that state. 127285612SdelphijIt uses NTP mode 7 control message formats described in the source code. 128285612SdelphijThe program may 129285612Sdelphijbe run either in interactive mode or controlled using command line 130285612Sdelphijarguments. 131285612SdelphijExtensive state and statistics information is available 132285612Sdelphijthrough the 133285612Sdelphij.Nm 134285612Sdelphijinterface. 135285612SdelphijIn addition, nearly all the 136285612Sdelphijconfiguration options which can be specified at startup using 137285612Sdelphijntpd's configuration file may also be specified at run time using 138285612Sdelphij.Nm . 139285612Sdelphij _END_PROG_MDOC_DESCRIP; 140181834Sroberto}; 141181834Sroberto 142181834Sroberto 143285612Sdelphijdoc-section = { 144285612Sdelphij ds-type = 'USAGE'; 145285612Sdelphij ds-format = 'mdoc'; 146285612Sdelphij ds-text = <<- _END_MDOC_USAGE 147285612SdelphijIf one or more request options are included on the command line 148285612Sdelphijwhen 149285612Sdelphij.Nm 150285612Sdelphijis executed, each of the requests will be sent 151285612Sdelphijto the NTP servers running on each of the hosts given as command 152285612Sdelphijline arguments, or on localhost by default. 153285612SdelphijIf no request options 154285612Sdelphijare given, 155285612Sdelphij.Nm 156285612Sdelphijwill attempt to read commands from the 157285612Sdelphijstandard input and execute these on the NTP server running on the 158285612Sdelphijfirst host given on the command line, again defaulting to localhost 159285612Sdelphijwhen no other host is specified. 160285612SdelphijThe 161285612Sdelphij.Nm 162285612Sdelphijutility will prompt for 163285612Sdelphijcommands if the standard input is a terminal device. 164285612Sdelphij.Pp 165285612SdelphijThe 166285612Sdelphij.Nm 167285612Sdelphijutility uses NTP mode 7 packets to communicate with the 168285612SdelphijNTP server, and hence can be used to query any compatible server on 169285612Sdelphijthe network which permits it. 170285612SdelphijNote that since NTP is a UDP protocol 171285612Sdelphijthis communication will be somewhat unreliable, especially over 172285612Sdelphijlarge distances in terms of network topology. 173285612SdelphijThe 174285612Sdelphij.Nm 175285612Sdelphijutility makes 176285612Sdelphijno attempt to retransmit requests, and will time requests out if 177285612Sdelphijthe remote host is not heard from within a suitable timeout 178285612Sdelphijtime. 179285612Sdelphij.Pp 180285612SdelphijThe operation of 181285612Sdelphij.Nm 182285612Sdelphijare specific to the particular 183285612Sdelphijimplementation of the 184285612Sdelphij.Xr ntpd 1ntpdmdoc 185285612Sdelphijdaemon and can be expected to 186285612Sdelphijwork only with this and maybe some previous versions of the daemon. 187285612SdelphijRequests from a remote 188285612Sdelphij.Nm 189285612Sdelphijutility which affect the 190285612Sdelphijstate of the local server must be authenticated, which requires 191285612Sdelphijboth the remote program and local server share a common key and key 192285612Sdelphijidentifier. 193285612Sdelphij.Pp 194285612SdelphijNote that in contexts where a host name is expected, a 195285612Sdelphij.Fl 4 196285612Sdelphijqualifier preceding the host name forces DNS resolution to the IPv4 namespace, 197285612Sdelphijwhile a 198285612Sdelphij.Fl 6 199285612Sdelphijqualifier forces DNS resolution to the IPv6 namespace. 200285612SdelphijSpecifying a command line option other than 201285612Sdelphij.Fl i 202285612Sdelphijor 203285612Sdelphij.Fl n 204285612Sdelphijwill cause the specified query (queries) to be sent to 205285612Sdelphijthe indicated host(s) immediately. 206285612SdelphijOtherwise, 207285612Sdelphij.Nm 208285612Sdelphijwill 209285612Sdelphijattempt to read interactive format commands from the standard 210285612Sdelphijinput. 211285612Sdelphij.Ss "Interactive Commands" 212285612SdelphijInteractive format commands consist of a keyword followed by zero 213285612Sdelphijto four arguments. 214285612SdelphijOnly enough characters of the full keyword to 215285612Sdelphijuniquely identify the command need be typed. 216285612SdelphijThe output of a 217285612Sdelphijcommand is normally sent to the standard output, but optionally the 218285612Sdelphijoutput of individual commands may be sent to a file by appending a 219285612Sdelphij.Ql \&> , 220285612Sdelphijfollowed by a file name, to the command line. 221285612Sdelphij.Pp 222285612SdelphijA number of interactive format commands are executed entirely 223285612Sdelphijwithin the 224285612Sdelphij.Nm 225285612Sdelphijutility itself and do not result in NTP 226285612Sdelphijmode 7 requests being sent to a server. 227285612SdelphijThese are described 228285612Sdelphijfollowing. 229285612Sdelphij.Bl -tag -width indent 230285612Sdelphij.It Ic \&? Ar command_keyword 231285612Sdelphij.It Ic help Ar command_keyword 232285612SdelphijA 233285612Sdelphij.Sq Ic \&? 234285612Sdelphijwill print a list of all the command 235285612Sdelphijkeywords known to this incarnation of 236285612Sdelphij.Nm . 237285612SdelphijA 238285612Sdelphij.Sq Ic \&? 239285612Sdelphijfollowed by a command keyword will print function and usage 240285612Sdelphijinformation about the command. 241285612SdelphijThis command is probably a better 242285612Sdelphijsource of information about 243285612Sdelphij.Xr ntpq 1ntpqmdoc 244285612Sdelphijthan this manual 245285612Sdelphijpage. 246285612Sdelphij.It Ic delay Ar milliseconds 247285612SdelphijSpecify a time interval to be added to timestamps included in 248285612Sdelphijrequests which require authentication. 249285612SdelphijThis is used to enable 250285612Sdelphij(unreliable) server reconfiguration over long delay network paths 251285612Sdelphijor between machines whose clocks are unsynchronized. 252285612SdelphijActually the 253285612Sdelphijserver does not now require timestamps in authenticated requests, 254285612Sdelphijso this command may be obsolete. 255285612Sdelphij.It Ic host Ar hostname 256285612SdelphijSet the host to which future queries will be sent. 257285612SdelphijHostname may 258285612Sdelphijbe either a host name or a numeric address. 259285612Sdelphij.It Ic hostnames Op Cm yes | Cm no 260285612SdelphijIf 261285612Sdelphij.Cm yes 262285612Sdelphijis specified, host names are printed in 263285612Sdelphijinformation displays. 264285612SdelphijIf 265285612Sdelphij.Cm no 266285612Sdelphijis specified, numeric 267285612Sdelphijaddresses are printed instead. 268285612SdelphijThe default is 269285612Sdelphij.Cm yes , 270285612Sdelphijunless 271285612Sdelphijmodified using the command line 272285612Sdelphij.Fl n 273285612Sdelphijswitch. 274285612Sdelphij.It Ic keyid Ar keyid 275285612SdelphijThis command allows the specification of a key number to be 276285612Sdelphijused to authenticate configuration requests. 277285612SdelphijThis must correspond 278285612Sdelphijto a key number the server has been configured to use for this 279285612Sdelphijpurpose. 280285612Sdelphij.It Ic quit 281285612SdelphijExit 282285612Sdelphij.Nm . 283285612Sdelphij.It Ic passwd 284285612SdelphijThis command prompts you to type in a password (which will not 285285612Sdelphijbe echoed) which will be used to authenticate configuration 286285612Sdelphijrequests. 287285612SdelphijThe password must correspond to the key configured for 288285612Sdelphijuse by the NTP server for this purpose if such requests are to be 289285612Sdelphijsuccessful. 290285612Sdelphij.It Ic timeout Ar milliseconds 291285612SdelphijSpecify a timeout period for responses to server queries. 292285612SdelphijThe 293285612Sdelphijdefault is about 8000 milliseconds. 294285612SdelphijNote that since 295285612Sdelphij.Nm 296285612Sdelphijretries each query once after a timeout, the total waiting time for 297285612Sdelphija timeout will be twice the timeout value set. 298285612Sdelphij.El 299285612Sdelphij.Ss "Control Message Commands" 300285612SdelphijQuery commands result in NTP mode 7 packets containing requests for 301285612Sdelphijinformation being sent to the server. 302285612SdelphijThese are read-only commands 303285612Sdelphijin that they make no modification of the server configuration 304285612Sdelphijstate. 305285612Sdelphij.Bl -tag -width indent 306285612Sdelphij.It Ic listpeers 307285612SdelphijObtains and prints a brief list of the peers for which the 308285612Sdelphijserver is maintaining state. 309285612SdelphijThese should include all configured 310285612Sdelphijpeer associations as well as those peers whose stratum is such that 311285612Sdelphijthey are considered by the server to be possible future 312285612Sdelphijsynchronization candidates. 313285612Sdelphij.It Ic peers 314285612SdelphijObtains a list of peers for which the server is maintaining 315285612Sdelphijstate, along with a summary of that state. 316285612SdelphijSummary information 317285612Sdelphijincludes the address of the remote peer, the local interface 318285612Sdelphijaddress (0.0.0.0 if a local address has yet to be determined), the 319285612Sdelphijstratum of the remote peer (a stratum of 16 indicates the remote 320285612Sdelphijpeer is unsynchronized), the polling interval, in seconds, the 321285612Sdelphijreachability register, in octal, and the current estimated delay, 322285612Sdelphijoffset and dispersion of the peer, all in seconds. 323285612Sdelphij.Pp 324285612SdelphijThe character in the left margin indicates the mode this peer 325285612Sdelphijentry is operating in. 326285612SdelphijA 327285612Sdelphij.Ql \&+ 328285612Sdelphijdenotes symmetric active, a 329285612Sdelphij.Ql \&- 330285612Sdelphijindicates symmetric passive, a 331285612Sdelphij.Ql \&= 332285612Sdelphijmeans the 333285612Sdelphijremote server is being polled in client mode, a 334285612Sdelphij.Ql \&^ 335285612Sdelphijindicates that the server is broadcasting to this address, a 336285612Sdelphij.Ql \&~ 337285612Sdelphijdenotes that the remote peer is sending broadcasts and a 338285612Sdelphij.Ql \&~ 339285612Sdelphijdenotes that the remote peer is sending broadcasts and a 340285612Sdelphij.Ql \&* 341285612Sdelphijmarks the peer the server is currently synchronizing 342285612Sdelphijto. 343285612Sdelphij.Pp 344285612SdelphijThe contents of the host field may be one of four forms. 345285612SdelphijIt may 346285612Sdelphijbe a host name, an IP address, a reference clock implementation 347285612Sdelphijname with its parameter or 348285612Sdelphij.Fn REFCLK "implementation_number" "parameter" . 349285612SdelphijOn 350285612Sdelphij.Ic hostnames 351285612Sdelphij.Cm no 352285612Sdelphijonly IP-addresses 353285612Sdelphijwill be displayed. 354285612Sdelphij.It Ic dmpeers 355285612SdelphijA slightly different peer summary list. 356285612SdelphijIdentical to the output 357285612Sdelphijof the 358285612Sdelphij.Ic peers 359285612Sdelphijcommand, except for the character in the 360285612Sdelphijleftmost column. 361285612SdelphijCharacters only appear beside peers which were 362285612Sdelphijincluded in the final stage of the clock selection algorithm. 363285612SdelphijA 364285612Sdelphij.Ql \&. 365285612Sdelphijindicates that this peer was cast off in the falseticker 366285612Sdelphijdetection, while a 367285612Sdelphij.Ql \&+ 368285612Sdelphijindicates that the peer made it 369285612Sdelphijthrough. 370285612SdelphijA 371285612Sdelphij.Ql \&* 372285612Sdelphijdenotes the peer the server is currently 373285612Sdelphijsynchronizing with. 374285612Sdelphij.It Ic showpeer Ar peer_address Oo Ar ... Oc 375285612SdelphijShows a detailed display of the current peer variables for one 376285612Sdelphijor more peers. 377285612SdelphijMost of these values are described in the NTP 378285612SdelphijVersion 2 specification. 379285612Sdelphij.It Ic pstats Ar peer_address Oo Ar ... Oc 380285612SdelphijShow per-peer statistic counters associated with the specified 381285612Sdelphijpeer(s). 382285612Sdelphij.It Ic clockstat Ar clock_peer_address Oo Ar ... Oc 383285612SdelphijObtain and print information concerning a peer clock. 384285612SdelphijThe 385285612Sdelphijvalues obtained provide information on the setting of fudge factors 386285612Sdelphijand other clock performance information. 387285612Sdelphij.It Ic kerninfo 388285612SdelphijObtain and print kernel phase-lock loop operating parameters. 389285612SdelphijThis information is available only if the kernel has been specially 390285612Sdelphijmodified for a precision timekeeping function. 391285612Sdelphij.It Ic loopinfo Op Cm oneline | Cm multiline 392285612SdelphijPrint the values of selected loop filter variables. 393285612SdelphijThe loop 394285612Sdelphijfilter is the part of NTP which deals with adjusting the local 395285612Sdelphijsystem clock. 396285612SdelphijThe 397285612Sdelphij.Sq offset 398285612Sdelphijis the last offset given to the 399285612Sdelphijloop filter by the packet processing code. 400285612SdelphijThe 401285612Sdelphij.Sq frequency 402285612Sdelphijis the frequency error of the local clock in parts-per-million 403285612Sdelphij(ppm). 404285612SdelphijThe 405285612Sdelphij.Sq time_const 406285612Sdelphijcontrols the stiffness of the 407285612Sdelphijphase-lock loop and thus the speed at which it can adapt to 408285612Sdelphijoscillator drift. 409285612SdelphijThe 410285612Sdelphij.Sq watchdog timer 411285612Sdelphijvalue is the number 412285612Sdelphijof seconds which have elapsed since the last sample offset was 413285612Sdelphijgiven to the loop filter. 414285612SdelphijThe 415285612Sdelphij.Cm oneline 416285612Sdelphijand 417285612Sdelphij.Cm multiline 418285612Sdelphijoptions specify the format in which this 419285612Sdelphijinformation is to be printed, with 420285612Sdelphij.Cm multiline 421285612Sdelphijas the 422285612Sdelphijdefault. 423285612Sdelphij.It Ic sysinfo 424285612SdelphijPrint a variety of system state variables, i.e., state related 425285612Sdelphijto the local server. 426285612SdelphijAll except the last four lines are described 427285612Sdelphijin the NTP Version 3 specification, RFC-1305. 428285612Sdelphij.Pp 429285612SdelphijThe 430285612Sdelphij.Sq system flags 431285612Sdelphijshow various system flags, some of 432285612Sdelphijwhich can be set and cleared by the 433285612Sdelphij.Ic enable 434285612Sdelphijand 435285612Sdelphij.Ic disable 436285612Sdelphijconfiguration commands, respectively. 437285612SdelphijThese are 438285612Sdelphijthe 439285612Sdelphij.Cm auth , 440285612Sdelphij.Cm bclient , 441285612Sdelphij.Cm monitor , 442285612Sdelphij.Cm pll , 443285612Sdelphij.Cm pps 444285612Sdelphijand 445285612Sdelphij.Cm stats 446285612Sdelphijflags. 447285612SdelphijSee the 448285612Sdelphij.Xr ntpd 1ntpdmdoc 449285612Sdelphijdocumentation for the meaning of these flags. 450285612SdelphijThere 451285612Sdelphijare two additional flags which are read only, the 452285612Sdelphij.Cm kernel_pll 453285612Sdelphijand 454285612Sdelphij.Cm kernel_pps . 455285612SdelphijThese flags indicate 456285612Sdelphijthe synchronization status when the precision time kernel 457285612Sdelphijmodifications are in use. 458285612SdelphijThe 459285612Sdelphij.Sq kernel_pll 460285612Sdelphijindicates that 461285612Sdelphijthe local clock is being disciplined by the kernel, while the 462285612Sdelphij.Sq kernel_pps 463285612Sdelphijindicates the kernel discipline is provided by the PPS 464285612Sdelphijsignal. 465285612Sdelphij.Pp 466285612SdelphijThe 467285612Sdelphij.Sq stability 468285612Sdelphijis the residual frequency error remaining 469285612Sdelphijafter the system frequency correction is applied and is intended for 470285612Sdelphijmaintenance and debugging. 471285612SdelphijIn most architectures, this value will 472285612Sdelphijinitially decrease from as high as 500 ppm to a nominal value in 473285612Sdelphijthe range .01 to 0.1 ppm. 474285612SdelphijIf it remains high for some time after 475285612Sdelphijstarting the daemon, something may be wrong with the local clock, 476285612Sdelphijor the value of the kernel variable 477285612Sdelphij.Va kern.clockrate.tick 478285612Sdelphijmay be 479285612Sdelphijincorrect. 480285612Sdelphij.Pp 481285612SdelphijThe 482285612Sdelphij.Sq broadcastdelay 483285612Sdelphijshows the default broadcast delay, 484285612Sdelphijas set by the 485285612Sdelphij.Ic broadcastdelay 486285612Sdelphijconfiguration command. 487285612Sdelphij.Pp 488285612SdelphijThe 489285612Sdelphij.Sq authdelay 490285612Sdelphijshows the default authentication delay, 491285612Sdelphijas set by the 492285612Sdelphij.Ic authdelay 493285612Sdelphijconfiguration command. 494285612Sdelphij.It Ic sysstats 495285612SdelphijPrint statistics counters maintained in the protocol 496285612Sdelphijmodule. 497285612Sdelphij.It Ic memstats 498285612SdelphijPrint statistics counters related to memory allocation 499285612Sdelphijcode. 500285612Sdelphij.It Ic iostats 501285612SdelphijPrint statistics counters maintained in the input-output 502285612Sdelphijmodule. 503285612Sdelphij.It Ic timerstats 504285612SdelphijPrint statistics counters maintained in the timer/event queue 505285612Sdelphijsupport code. 506285612Sdelphij.It Ic reslist 507285612SdelphijObtain and print the server's restriction list. 508285612SdelphijThis list is 509285612Sdelphij(usually) printed in sorted order and may help to understand how 510285612Sdelphijthe restrictions are applied. 511285612Sdelphij.It Ic monlist Op Ar version 512285612SdelphijObtain and print traffic counts collected and maintained by the 513285612Sdelphijmonitor facility. 514285612SdelphijThe version number should not normally need to be 515285612Sdelphijspecified. 516285612Sdelphij.It Ic clkbug Ar clock_peer_address Oo Ar ... Oc 517285612SdelphijObtain debugging information for a reference clock driver. 518285612SdelphijThis 519285612Sdelphijinformation is provided only by some clock drivers and is mostly 520285612Sdelphijundecodable without a copy of the driver source in hand. 521285612Sdelphij.El 522285612Sdelphij.Ss "Runtime Configuration Requests" 523285612SdelphijAll requests which cause state changes in the server are 524285612Sdelphijauthenticated by the server using a configured NTP key (the 525285612Sdelphijfacility can also be disabled by the server by not configuring a 526285612Sdelphijkey). 527285612SdelphijThe key number and the corresponding key must also be made 528285612Sdelphijknown to 529285612Sdelphij.Nm . 530285612SdelphijThis can be done using the 531285612Sdelphij.Ic keyid 532285612Sdelphijand 533285612Sdelphij.Ic passwd 534285612Sdelphijcommands, the latter of which will prompt at the terminal for a 535285612Sdelphijpassword to use as the encryption key. 536285612SdelphijYou will also be prompted 537285612Sdelphijautomatically for both the key number and password the first time a 538285612Sdelphijcommand which would result in an authenticated request to the 539285612Sdelphijserver is given. 540285612SdelphijAuthentication not only provides verification that 541285612Sdelphijthe requester has permission to make such changes, but also gives 542285612Sdelphijan extra degree of protection again transmission errors. 543285612Sdelphij.Pp 544285612SdelphijAuthenticated requests always include a timestamp in the packet 545285612Sdelphijdata, which is included in the computation of the authentication 546285612Sdelphijcode. 547285612SdelphijThis timestamp is compared by the server to its receive time 548285612Sdelphijstamp. 549285612SdelphijIf they differ by more than a small amount the request is 550285612Sdelphijrejected. 551285612SdelphijThis is done for two reasons. 552285612SdelphijFirst, it makes simple 553285612Sdelphijreplay attacks on the server, by someone who might be able to 554285612Sdelphijoverhear traffic on your LAN, much more difficult. 555285612SdelphijSecond, it makes 556285612Sdelphijit more difficult to request configuration changes to your server 557285612Sdelphijfrom topologically remote hosts. 558285612SdelphijWhile the reconfiguration facility 559285612Sdelphijwill work well with a server on the local host, and may work 560285612Sdelphijadequately between time-synchronized hosts on the same LAN, it will 561285612Sdelphijwork very poorly for more distant hosts. 562285612SdelphijAs such, if reasonable 563285612Sdelphijpasswords are chosen, care is taken in the distribution and 564285612Sdelphijprotection of keys and appropriate source address restrictions are 565285612Sdelphijapplied, the run time reconfiguration facility should provide an 566285612Sdelphijadequate level of security. 567285612Sdelphij.Pp 568285612SdelphijThe following commands all make authenticated requests. 569285612Sdelphij.Bl -tag -width indent 570285612Sdelphij.It Xo Ic addpeer Ar peer_address 571285612Sdelphij.Op Ar keyid 572285612Sdelphij.Op Ar version 573285612Sdelphij.Op Cm prefer 574285612Sdelphij.Xc 575285612SdelphijAdd a configured peer association at the given address and 576285612Sdelphijoperating in symmetric active mode. 577285612SdelphijNote that an existing 578285612Sdelphijassociation with the same peer may be deleted when this command is 579285612Sdelphijexecuted, or may simply be converted to conform to the new 580285612Sdelphijconfiguration, as appropriate. 581285612SdelphijIf the optional 582285612Sdelphij.Ar keyid 583285612Sdelphijis a 584285612Sdelphijnonzero integer, all outgoing packets to the remote server will 585285612Sdelphijhave an authentication field attached encrypted with this key. 586285612SdelphijIf 587285612Sdelphijthe value is 0 (or not given) no authentication will be done. 588285612SdelphijThe 589285612Sdelphij.Ar version 590285612Sdelphijcan be 1, 2 or 3 and defaults to 3. 591285612SdelphijThe 592285612Sdelphij.Cm prefer 593285612Sdelphijkeyword indicates a preferred peer (and thus will 594285612Sdelphijbe used primarily for clock synchronisation if possible). 595285612SdelphijThe 596285612Sdelphijpreferred peer also determines the validity of the PPS signal - if 597285612Sdelphijthe preferred peer is suitable for synchronisation so is the PPS 598285612Sdelphijsignal. 599285612Sdelphij.It Xo Ic addserver Ar peer_address 600285612Sdelphij.Op Ar keyid 601285612Sdelphij.Op Ar version 602285612Sdelphij.Op Cm prefer 603285612Sdelphij.Xc 604285612SdelphijIdentical to the addpeer command, except that the operating 605285612Sdelphijmode is client. 606285612Sdelphij.It Xo Ic broadcast Ar peer_address 607285612Sdelphij.Op Ar keyid 608285612Sdelphij.Op Ar version 609285612Sdelphij.Op Cm prefer 610285612Sdelphij.Xc 611285612SdelphijIdentical to the addpeer command, except that the operating 612285612Sdelphijmode is broadcast. 613285612SdelphijIn this case a valid key identifier and key are 614285612Sdelphijrequired. 615285612SdelphijThe 616285612Sdelphij.Ar peer_address 617285612Sdelphijparameter can be the broadcast 618285612Sdelphijaddress of the local network or a multicast group address assigned 619285612Sdelphijto NTP. 620285612SdelphijIf a multicast address, a multicast-capable kernel is 621285612Sdelphijrequired. 622285612Sdelphij.It Ic unconfig Ar peer_address Oo Ar ... Oc 623285612SdelphijThis command causes the configured bit to be removed from the 624285612Sdelphijspecified peer(s). 625285612SdelphijIn many cases this will cause the peer 626285612Sdelphijassociation to be deleted. 627285612SdelphijWhen appropriate, however, the 628285612Sdelphijassociation may persist in an unconfigured mode if the remote peer 629285612Sdelphijis willing to continue on in this fashion. 630285612Sdelphij.It Xo Ic fudge Ar peer_address 631285612Sdelphij.Op Cm time1 632285612Sdelphij.Op Cm time2 633285612Sdelphij.Op Ar stratum 634285612Sdelphij.Op Ar refid 635285612Sdelphij.Xc 636285612SdelphijThis command provides a way to set certain data for a reference 637285612Sdelphijclock. 638285612SdelphijSee the source listing for further information. 639285612Sdelphij.It Xo Ic enable 640285612Sdelphij.Oo 641285612Sdelphij.Cm auth | Cm bclient | 642285612Sdelphij.Cm calibrate | Cm kernel | 643285612Sdelphij.Cm monitor | Cm ntp | 644285612Sdelphij.Cm pps | Cm stats 645285612Sdelphij.Oc 646285612Sdelphij.Xc 647285612Sdelphij.It Xo Ic disable 648285612Sdelphij.Oo 649285612Sdelphij.Cm auth | Cm bclient | 650285612Sdelphij.Cm calibrate | Cm kernel | 651285612Sdelphij.Cm monitor | Cm ntp | 652285612Sdelphij.Cm pps | Cm stats 653285612Sdelphij.Oc 654285612Sdelphij.Xc 655285612SdelphijThese commands operate in the same way as the 656285612Sdelphij.Ic enable 657285612Sdelphijand 658285612Sdelphij.Ic disable 659285612Sdelphijconfiguration file commands of 660285612Sdelphij.Xr ntpd 1ntpdmdoc . 661285612Sdelphij.Bl -tag -width indent 662285612Sdelphij.It Cm auth 663285612SdelphijEnables the server to synchronize with unconfigured peers only 664285612Sdelphijif the peer has been correctly authenticated using either public key 665285612Sdelphijor private key cryptography. 666285612SdelphijThe default for this flag is enable. 667285612Sdelphij.It Cm bclient 668285612SdelphijEnables the server to listen for a message from a broadcast or 669285612Sdelphijmulticast server, as in the multicastclient command with 670285612Sdelphijdefault address. 671285612SdelphijThe default for this flag is disable. 672285612Sdelphij.It Cm calibrate 673285612SdelphijEnables the calibrate feature for reference clocks. 674285612SdelphijThe default for this flag is disable. 675285612Sdelphij.It Cm kernel 676285612SdelphijEnables the kernel time discipline, if available. 677285612SdelphijThe default for this flag is enable if support is available, otherwise disable. 678285612Sdelphij.It Cm monitor 679285612SdelphijEnables the monitoring facility. 680285612SdelphijSee the documentation here about the 681285612Sdelphij.Cm monlist 682285612Sdelphijcommand or further information. 683285612SdelphijThe default for this flag is enable. 684285612Sdelphij.It Cm ntp 685285612SdelphijEnables time and frequency discipline. 686285612SdelphijIn effect, this switch opens and closes the feedback loop, 687285612Sdelphijwhich is useful for testing. 688285612SdelphijThe default for this flag is enable. 689285612Sdelphij.It Cm pps 690285612SdelphijEnables the pulse-per-second (PPS) signal when frequency 691285612Sdelphijand time is disciplined by the precision time kernel modifications. 692285612SdelphijSee the 693285612Sdelphij.Qq A Kernel Model for Precision Timekeeping 694285612Sdelphij(available as part of the HTML documentation 695285612Sdelphijprovided in 696285612Sdelphij.Pa /usr/share/doc/ntp ) 697285612Sdelphijpage for further information. 698285612SdelphijThe default for this flag is disable. 699285612Sdelphij.It Cm stats 700285612SdelphijEnables the statistics facility. 701285612SdelphijSee the 702285612Sdelphij.Sx Monitoring Options 703285612Sdelphijsection of 704285612Sdelphij.Xr ntp.conf 5 705285612Sdelphijfor further information. 706285612SdelphijThe default for this flag is disable. 707285612Sdelphij.El 708285612Sdelphij.It Xo Ic restrict Ar address Ar mask 709285612Sdelphij.Ar flag Oo Ar ... Oc 710285612Sdelphij.Xc 711285612SdelphijThis command operates in the same way as the 712285612Sdelphij.Ic restrict 713285612Sdelphijconfiguration file commands of 714285612Sdelphij.Xr ntpd 1ntpdmdoc . 715285612Sdelphij.It Xo Ic unrestrict Ar address Ar mask 716285612Sdelphij.Ar flag Oo Ar ... Oc 717285612Sdelphij.Xc 718285612SdelphijUnrestrict the matching entry from the restrict list. 719285612Sdelphij.It Xo Ic delrestrict Ar address Ar mask 720285612Sdelphij.Op Cm ntpport 721285612Sdelphij.Xc 722285612SdelphijDelete the matching entry from the restrict list. 723285612Sdelphij.It Ic readkeys 724285612SdelphijCauses the current set of authentication keys to be purged and 725285612Sdelphija new set to be obtained by rereading the keys file (which must 726285612Sdelphijhave been specified in the 727285612Sdelphij.Xr ntpd 1ntpdmdoc 728285612Sdelphijconfiguration file). 729285612SdelphijThis 730285612Sdelphijallows encryption keys to be changed without restarting the 731285612Sdelphijserver. 732285612Sdelphij.It Ic trustedkey Ar keyid Oo Ar ... Oc 733285612Sdelphij.It Ic untrustedkey Ar keyid Oo Ar ... Oc 734285612SdelphijThese commands operate in the same way as the 735285612Sdelphij.Ic trustedkey 736285612Sdelphijand 737285612Sdelphij.Ic untrustedkey 738285612Sdelphijconfiguration file 739285612Sdelphijcommands of 740285612Sdelphij.Xr ntpd 1ntpdmdoc . 741285612Sdelphij.It Ic authinfo 742285612SdelphijReturns information concerning the authentication module, 743285612Sdelphijincluding known keys and counts of encryptions and decryptions 744285612Sdelphijwhich have been done. 745285612Sdelphij.It Ic traps 746285612SdelphijDisplay the traps set in the server. 747285612SdelphijSee the source listing for 748285612Sdelphijfurther information. 749285612Sdelphij.It Xo Ic addtrap Ar address 750285612Sdelphij.Op Ar port 751285612Sdelphij.Op Ar interface 752285612Sdelphij.Xc 753285612SdelphijSet a trap for asynchronous messages. 754285612SdelphijSee the source listing 755285612Sdelphijfor further information. 756285612Sdelphij.It Xo Ic clrtrap Ar address 757285612Sdelphij.Op Ar port 758285612Sdelphij.Op Ar interface 759285612Sdelphij.Xc 760285612SdelphijClear a trap for asynchronous messages. 761285612SdelphijSee the source listing 762285612Sdelphijfor further information. 763285612Sdelphij.It Ic reset 764285612SdelphijClear the statistics counters in various modules of the server. 765285612SdelphijSee the source listing for further information. 766285612Sdelphij.El 767285612Sdelphij _END_MDOC_USAGE; 768181834Sroberto}; 769181834Sroberto 770181834Sroberto 771285612Sdelphijdoc-section = { 772285612Sdelphij ds-type = 'SEE ALSO'; 773285612Sdelphij ds-format = 'mdoc'; 774285612Sdelphij ds-text = <<- _END_MDOC_SEEALSO 775285612Sdelphij.Xr ntp.conf 5 , 776285612Sdelphij.Xr ntpd 1ntpdmdoc 777285612Sdelphij.Rs 778285612Sdelphij.%A David L. Mills 779285612Sdelphij.%T Network Time Protocol (Version 3) 780285612Sdelphij.%O RFC1305 781285612Sdelphij.Re 782285612Sdelphij _END_MDOC_SEEALSO; 783285612Sdelphij}; 784181834Sroberto 785285612Sdelphij 786285612Sdelphijdoc-section = { 787285612Sdelphij ds-type = 'AUTHORS'; 788285612Sdelphij ds-format = 'mdoc'; 789285612Sdelphij ds-text = <<- _END_MDOC_AUTHORS 790285612SdelphijThe formatting directives in this document came from FreeBSD. 791285612Sdelphij _END_MDOC_AUTHORS; 792285612Sdelphij}; 793285612Sdelphij 794285612Sdelphij 795285612Sdelphijdoc-section = { 796285612Sdelphij ds-type = 'BUGS'; 797285612Sdelphij ds-format = 'mdoc'; 798285612Sdelphij ds-text = <<- _END_MDOC_BUGS 799285612SdelphijThe 800285612Sdelphij.Nm 801285612Sdelphijutility is a crude hack. 802285612SdelphijMuch of the information it shows is 803285612Sdelphijdeadly boring and could only be loved by its implementer. 804285612SdelphijThe 805285612Sdelphijprogram was designed so that new (and temporary) features were easy 806285612Sdelphijto hack in, at great expense to the program's ease of use. 807285612SdelphijDespite 808285612Sdelphijthis, the program is occasionally useful. 809285612Sdelphij.Pp 810285612SdelphijPlease report bugs to http://bugs.ntp.org . 811285612Sdelphij _END_MDOC_BUGS; 812285612Sdelphij}; 813