1290001Sglebius.de1 NOP 2290001Sglebius. it 1 an-trap 3290001Sglebius. if \\n[.$] \,\\$*\/ 4290001Sglebius.. 5290001Sglebius.ie t \ 6290001Sglebius.ds B-Font [CB] 7290001Sglebius.ds I-Font [CI] 8290001Sglebius.ds R-Font [CR] 9290001Sglebius.el \ 10290001Sglebius.ds B-Font B 11290001Sglebius.ds I-Font I 12290001Sglebius.ds R-Font R 13310419Sdelphij.TH ntp.conf 5 "21 Nov 2016" "4.2.8p9" "File Formats" 14290001Sglebius.\" 15310419Sdelphij.\" EDIT THIS FILE WITH CAUTION (/tmp/.ag-Q_ai3f/ag-2_aa2f) 16290001Sglebius.\" 17310419Sdelphij.\" It has been AutoGen-ed November 21, 2016 at 08:01:41 AM by AutoGen 5.18.5 18290001Sglebius.\" From the definitions ntp.conf.def 19290001Sglebius.\" and the template file agman-cmd.tpl 20290001Sglebius.SH NAME 21290001Sglebius\f\*[B-Font]ntp.conf\fP 22290001Sglebius\- Network Time Protocol (NTP) daemon configuration file format 23290001Sglebius.SH SYNOPSIS 24290001Sglebius\f\*[B-Font]ntp.conf\fP 25290001Sglebius[\f\*[B-Font]\-\-option-name\f[]] 26290001Sglebius[\f\*[B-Font]\-\-option-name\f[] \f\*[I-Font]value\f[]] 27290001Sglebius.sp \n(Ppu 28290001Sglebius.ne 2 29290001Sglebius 30290001SglebiusAll arguments must be options. 31290001Sglebius.sp \n(Ppu 32290001Sglebius.ne 2 33290001Sglebius 34290001Sglebius.SH DESCRIPTION 35290001SglebiusThe 36290001Sglebius\f\*[B-Font]ntp.conf\fP 37290001Sglebiusconfiguration file is read at initial startup by the 38290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 39290001Sglebiusdaemon in order to specify the synchronization sources, 40290001Sglebiusmodes and other related information. 41290001SglebiusUsually, it is installed in the 42290001Sglebius\fI/etc\f[] 43290001Sglebiusdirectory, 44290001Sglebiusbut could be installed elsewhere 45290001Sglebius(see the daemon's 46290001Sglebius\f\*[B-Font]\-c\f[] 47290001Sglebiuscommand line option). 48290001Sglebius.sp \n(Ppu 49290001Sglebius.ne 2 50290001Sglebius 51290001SglebiusThe file format is similar to other 52290001SglebiusUNIX 53290001Sglebiusconfiguration files. 54290001SglebiusComments begin with a 55290001Sglebius\[oq]#\[cq] 56290001Sglebiuscharacter and extend to the end of the line; 57290001Sglebiusblank lines are ignored. 58290001SglebiusConfiguration commands consist of an initial keyword 59290001Sglebiusfollowed by a list of arguments, 60290001Sglebiussome of which may be optional, separated by whitespace. 61290001SglebiusCommands may not be continued over multiple lines. 62290001SglebiusArguments may be host names, 63290001Sglebiushost addresses written in numeric, dotted-quad form, 64290001Sglebiusintegers, floating point numbers (when specifying times in seconds) 65290001Sglebiusand text strings. 66290001Sglebius.sp \n(Ppu 67290001Sglebius.ne 2 68290001Sglebius 69290001SglebiusThe rest of this page describes the configuration and control options. 70290001SglebiusThe 71290001Sglebius"Notes on Configuring NTP and Setting up an NTP Subnet" 72290001Sglebiuspage 73290001Sglebius(available as part of the HTML documentation 74290001Sglebiusprovided in 75290001Sglebius\fI/usr/share/doc/ntp\f[]) 76290001Sglebiuscontains an extended discussion of these options. 77290001SglebiusIn addition to the discussion of general 78290001Sglebius\fIConfiguration\f[] \fIOptions\f[], 79290001Sglebiusthere are sections describing the following supported functionality 80290001Sglebiusand the options used to control it: 81290001Sglebius.IP \fB\(bu\fP 2 82290001Sglebius\fIAuthentication\f[] \fISupport\f[] 83290001Sglebius.IP \fB\(bu\fP 2 84290001Sglebius\fIMonitoring\f[] \fISupport\f[] 85290001Sglebius.IP \fB\(bu\fP 2 86290001Sglebius\fIAccess\f[] \fIControl\f[] \fISupport\f[] 87290001Sglebius.IP \fB\(bu\fP 2 88290001Sglebius\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[] 89290001Sglebius.IP \fB\(bu\fP 2 90290001Sglebius\fIReference\f[] \fIClock\f[] \fISupport\f[] 91290001Sglebius.IP \fB\(bu\fP 2 92290001Sglebius\fIMiscellaneous\f[] \fIOptions\f[] 93290001Sglebius.PP 94290001Sglebius.sp \n(Ppu 95290001Sglebius.ne 2 96290001Sglebius 97290001SglebiusFollowing these is a section describing 98290001Sglebius\fIMiscellaneous\f[] \fIOptions\f[]. 99290001SglebiusWhile there is a rich set of options available, 100290001Sglebiusthe only required option is one or more 101290001Sglebius\f\*[B-Font]pool\f[], 102290001Sglebius\f\*[B-Font]server\f[], 103290001Sglebius\f\*[B-Font]peer\f[], 104290001Sglebius\f\*[B-Font]broadcast\f[] 105290001Sglebiusor 106290001Sglebius\f\*[B-Font]manycastclient\f[] 107290001Sglebiuscommands. 108290001Sglebius.SH Configuration Support 109290001SglebiusFollowing is a description of the configuration commands in 110290001SglebiusNTPv4. 111290001SglebiusThese commands have the same basic functions as in NTPv3 and 112290001Sglebiusin some cases new functions and new arguments. 113290001SglebiusThere are two 114290001Sglebiusclasses of commands, configuration commands that configure a 115290001Sglebiuspersistent association with a remote server or peer or reference 116290001Sglebiusclock, and auxiliary commands that specify environmental variables 117290001Sglebiusthat control various related operations. 118290001Sglebius.SS Configuration Commands 119290001SglebiusThe various modes are determined by the command keyword and the 120290001Sglebiustype of the required IP address. 121290001SglebiusAddresses are classed by type as 122290001Sglebius(s) a remote server or peer (IPv4 class A, B and C), (b) the 123290001Sglebiusbroadcast address of a local interface, (m) a multicast address (IPv4 124290001Sglebiusclass D), or (r) a reference clock address (127.127.x.x). 125290001SglebiusNote that 126290001Sglebiusonly those options applicable to each command are listed below. 127290001SglebiusUse 128290001Sglebiusof options not listed may not be caught as an error, but may result 129290001Sglebiusin some weird and even destructive behavior. 130290001Sglebius.sp \n(Ppu 131290001Sglebius.ne 2 132290001Sglebius 133290001SglebiusIf the Basic Socket Interface Extensions for IPv6 (RFC-2553) 134290001Sglebiusis detected, support for the IPv6 address family is generated 135290001Sglebiusin addition to the default support of the IPv4 address family. 136298770SdelphijIn a few cases, including the 137298770Sdelphij\f\*[B-Font]reslist\f[] 138298770Sdelphijbillboard generated 139298770Sdelphijby 140298770Sdelphij\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 141298770Sdelphijor 142298770Sdelphij\fCntpdc\f[]\fR(@NTPDC_MS@)\f[], 143298770SdelphijIPv6 addresses are automatically generated. 144290001SglebiusIPv6 addresses can be identified by the presence of colons 145290001Sglebius\*[Lq]\&:\*[Rq] 146290001Sglebiusin the address field. 147290001SglebiusIPv6 addresses can be used almost everywhere where 148290001SglebiusIPv4 addresses can be used, 149290001Sglebiuswith the exception of reference clock addresses, 150290001Sglebiuswhich are always IPv4. 151290001Sglebius.sp \n(Ppu 152290001Sglebius.ne 2 153290001Sglebius 154290001SglebiusNote that in contexts where a host name is expected, a 155290001Sglebius\f\*[B-Font]\-4\f[] 156290001Sglebiusqualifier preceding 157290001Sglebiusthe host name forces DNS resolution to the IPv4 namespace, 158290001Sglebiuswhile a 159290001Sglebius\f\*[B-Font]\-6\f[] 160290001Sglebiusqualifier forces DNS resolution to the IPv6 namespace. 161290001SglebiusSee IPv6 references for the 162290001Sglebiusequivalent classes for that address family. 163290001Sglebius.TP 7 164290001Sglebius.NOP \f\*[B-Font]pool\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] 165290001Sglebius.TP 7 166298770Sdelphij.NOP \f\*[B-Font]server\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]burst\f[]] [\f\*[B-Font]iburst\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]true\f[]] 167290001Sglebius.TP 7 168298770Sdelphij.NOP \f\*[B-Font]peer\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]true\f[]] [\f\*[B-Font]xleave\f[]] 169290001Sglebius.TP 7 170298770Sdelphij.NOP \f\*[B-Font]broadcast\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]] [\f\*[B-Font]xleave\f[]] 171290001Sglebius.TP 7 172290001Sglebius.NOP \f\*[B-Font]manycastclient\f[] \f\*[I-Font]address\f[] [\f\*[B-Font]key\f[] \f\*[I-Font]key\f[] \f\*[I-Font]\&|\f[] \f\*[B-Font]autokey\f[]] [\f\*[B-Font]version\f[] \f\*[I-Font]version\f[]] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[]] [\f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[]] 173290001Sglebius.PP 174290001Sglebius.sp \n(Ppu 175290001Sglebius.ne 2 176290001Sglebius 177290001SglebiusThese five commands specify the time server name or address to 178290001Sglebiusbe used and the mode in which to operate. 179290001SglebiusThe 180290001Sglebius\f\*[I-Font]address\f[] 181290001Sglebiuscan be 182290001Sglebiuseither a DNS name or an IP address in dotted-quad notation. 183290001SglebiusAdditional information on association behavior can be found in the 184290001Sglebius"Association Management" 185290001Sglebiuspage 186290001Sglebius(available as part of the HTML documentation 187290001Sglebiusprovided in 188290001Sglebius\fI/usr/share/doc/ntp\f[]). 189290001Sglebius.TP 7 190290001Sglebius.NOP \f\*[B-Font]pool\f[] 191290001SglebiusFor type s addresses, this command mobilizes a persistent 192290001Sglebiusclient mode association with a number of remote servers. 193290001SglebiusIn this mode the local clock can synchronized to the 194290001Sglebiusremote server, but the remote server can never be synchronized to 195290001Sglebiusthe local clock. 196290001Sglebius.TP 7 197290001Sglebius.NOP \f\*[B-Font]server\f[] 198290001SglebiusFor type s and r addresses, this command mobilizes a persistent 199290001Sglebiusclient mode association with the specified remote server or local 200290001Sglebiusradio clock. 201290001SglebiusIn this mode the local clock can synchronized to the 202290001Sglebiusremote server, but the remote server can never be synchronized to 203290001Sglebiusthe local clock. 204290001SglebiusThis command should 205290001Sglebius\fInot\f[] 206290001Sglebiusbe used for type 207290001Sglebiusb or m addresses. 208290001Sglebius.TP 7 209290001Sglebius.NOP \f\*[B-Font]peer\f[] 210290001SglebiusFor type s addresses (only), this command mobilizes a 211290001Sglebiuspersistent symmetric-active mode association with the specified 212290001Sglebiusremote peer. 213290001SglebiusIn this mode the local clock can be synchronized to 214290001Sglebiusthe remote peer or the remote peer can be synchronized to the local 215290001Sglebiusclock. 216290001SglebiusThis is useful in a network of servers where, depending on 217290001Sglebiusvarious failure scenarios, either the local or remote peer may be 218290001Sglebiusthe better source of time. 219290001SglebiusThis command should NOT be used for type 220290001Sglebiusb, m or r addresses. 221290001Sglebius.TP 7 222290001Sglebius.NOP \f\*[B-Font]broadcast\f[] 223290001SglebiusFor type b and m addresses (only), this 224290001Sglebiuscommand mobilizes a persistent broadcast mode association. 225290001SglebiusMultiple 226290001Sglebiuscommands can be used to specify multiple local broadcast interfaces 227290001Sglebius(subnets) and/or multiple multicast groups. 228290001SglebiusNote that local 229290001Sglebiusbroadcast messages go only to the interface associated with the 230290001Sglebiussubnet specified, but multicast messages go to all interfaces. 231290001SglebiusIn broadcast mode the local server sends periodic broadcast 232290001Sglebiusmessages to a client population at the 233290001Sglebius\f\*[I-Font]address\f[] 234290001Sglebiusspecified, which is usually the broadcast address on (one of) the 235290001Sglebiuslocal network(s) or a multicast address assigned to NTP. 236290001SglebiusThe IANA 237290001Sglebiushas assigned the multicast group address IPv4 224.0.1.1 and 238290001SglebiusIPv6 ff05::101 (site local) exclusively to 239290001SglebiusNTP, but other nonconflicting addresses can be used to contain the 240290001Sglebiusmessages within administrative boundaries. 241290001SglebiusOrdinarily, this 242290001Sglebiusspecification applies only to the local server operating as a 243290001Sglebiussender; for operation as a broadcast client, see the 244290001Sglebius\f\*[B-Font]broadcastclient\f[] 245290001Sglebiusor 246290001Sglebius\f\*[B-Font]multicastclient\f[] 247290001Sglebiuscommands 248290001Sglebiusbelow. 249290001Sglebius.TP 7 250290001Sglebius.NOP \f\*[B-Font]manycastclient\f[] 251290001SglebiusFor type m addresses (only), this command mobilizes a 252290001Sglebiusmanycast client mode association for the multicast address 253290001Sglebiusspecified. 254290001SglebiusIn this case a specific address must be supplied which 255290001Sglebiusmatches the address used on the 256290001Sglebius\f\*[B-Font]manycastserver\f[] 257290001Sglebiuscommand for 258290001Sglebiusthe designated manycast servers. 259290001SglebiusThe NTP multicast address 260290001Sglebius224.0.1.1 assigned by the IANA should NOT be used, unless specific 261290001Sglebiusmeans are taken to avoid spraying large areas of the Internet with 262290001Sglebiusthese messages and causing a possibly massive implosion of replies 263290001Sglebiusat the sender. 264290001SglebiusThe 265290001Sglebius\f\*[B-Font]manycastserver\f[] 266290001Sglebiuscommand specifies that the local server 267290001Sglebiusis to operate in client mode with the remote servers that are 268290001Sglebiusdiscovered as the result of broadcast/multicast messages. 269290001SglebiusThe 270290001Sglebiusclient broadcasts a request message to the group address associated 271290001Sglebiuswith the specified 272290001Sglebius\f\*[I-Font]address\f[] 273290001Sglebiusand specifically enabled 274290001Sglebiusservers respond to these messages. 275290001SglebiusThe client selects the servers 276290001Sglebiusproviding the best time and continues as with the 277290001Sglebius\f\*[B-Font]server\f[] 278290001Sglebiuscommand. 279290001SglebiusThe remaining servers are discarded as if never 280290001Sglebiusheard. 281290001Sglebius.PP 282290001Sglebius.sp \n(Ppu 283290001Sglebius.ne 2 284290001Sglebius 285290001SglebiusOptions: 286290001Sglebius.TP 7 287290001Sglebius.NOP \f\*[B-Font]autokey\f[] 288290001SglebiusAll packets sent to and received from the server or peer are to 289290001Sglebiusinclude authentication fields encrypted using the autokey scheme 290290001Sglebiusdescribed in 291290001Sglebius\fIAuthentication\f[] \fIOptions\f[]. 292290001Sglebius.TP 7 293290001Sglebius.NOP \f\*[B-Font]burst\f[] 294290001Sglebiuswhen the server is reachable, send a burst of eight packets 295290001Sglebiusinstead of the usual one. 296290001SglebiusThe packet spacing is normally 2 s; 297290001Sglebiushowever, the spacing between the first and second packets 298298770Sdelphijcan be changed with the 299298770Sdelphij\f\*[B-Font]calldelay\f[] 300298770Sdelphijcommand to allow 301290001Sglebiusadditional time for a modem or ISDN call to complete. 302290001SglebiusThis is designed to improve timekeeping quality 303290001Sglebiuswith the 304290001Sglebius\f\*[B-Font]server\f[] 305290001Sglebiuscommand and s addresses. 306290001Sglebius.TP 7 307290001Sglebius.NOP \f\*[B-Font]iburst\f[] 308290001SglebiusWhen the server is unreachable, send a burst of eight packets 309290001Sglebiusinstead of the usual one. 310290001SglebiusThe packet spacing is normally 2 s; 311290001Sglebiushowever, the spacing between the first two packets can be 312298770Sdelphijchanged with the 313298770Sdelphij\f\*[B-Font]calldelay\f[] 314298770Sdelphijcommand to allow 315290001Sglebiusadditional time for a modem or ISDN call to complete. 316290001SglebiusThis is designed to speed the initial synchronization 317290001Sglebiusacquisition with the 318290001Sglebius\f\*[B-Font]server\f[] 319290001Sglebiuscommand and s addresses and when 320290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 321290001Sglebiusis started with the 322290001Sglebius\f\*[B-Font]\-q\f[] 323290001Sglebiusoption. 324290001Sglebius.TP 7 325290001Sglebius.NOP \f\*[B-Font]key\f[] \f\*[I-Font]key\f[] 326290001SglebiusAll packets sent to and received from the server or peer are to 327290001Sglebiusinclude authentication fields encrypted using the specified 328290001Sglebius\f\*[I-Font]key\f[] 329290001Sglebiusidentifier with values from 1 to 65534, inclusive. 330290001SglebiusThe 331290001Sglebiusdefault is to include no encryption field. 332290001Sglebius.TP 7 333290001Sglebius.NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]minpoll\f[] 334290001Sglebius.TP 7 335290001Sglebius.NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]maxpoll\f[] 336290001SglebiusThese options specify the minimum and maximum poll intervals 337290001Sglebiusfor NTP messages, as a power of 2 in seconds 338290001SglebiusThe maximum poll 339290001Sglebiusinterval defaults to 10 (1,024 s), but can be increased by the 340290001Sglebius\f\*[B-Font]maxpoll\f[] 341290001Sglebiusoption to an upper limit of 17 (36.4 h). 342290001SglebiusThe 343290001Sglebiusminimum poll interval defaults to 6 (64 s), but can be decreased by 344290001Sglebiusthe 345290001Sglebius\f\*[B-Font]minpoll\f[] 346290001Sglebiusoption to a lower limit of 4 (16 s). 347290001Sglebius.TP 7 348290001Sglebius.NOP \f\*[B-Font]noselect\f[] 349290001SglebiusMarks the server as unused, except for display purposes. 350290001SglebiusThe server is discarded by the selection algroithm. 351290001Sglebius.TP 7 352298770Sdelphij.NOP \f\*[B-Font]preempt\f[] 353298770SdelphijSays the association can be preempted. 354298770Sdelphij.TP 7 355298770Sdelphij.NOP \f\*[B-Font]true\f[] 356298770SdelphijMarks the server as a truechimer. 357298770SdelphijUse this option only for testing. 358298770Sdelphij.TP 7 359290001Sglebius.NOP \f\*[B-Font]prefer\f[] 360290001SglebiusMarks the server as preferred. 361290001SglebiusAll other things being equal, 362290001Sglebiusthis host will be chosen for synchronization among a set of 363290001Sglebiuscorrectly operating hosts. 364290001SglebiusSee the 365290001Sglebius"Mitigation Rules and the prefer Keyword" 366290001Sglebiuspage 367290001Sglebius(available as part of the HTML documentation 368290001Sglebiusprovided in 369290001Sglebius\fI/usr/share/doc/ntp\f[]) 370290001Sglebiusfor further information. 371290001Sglebius.TP 7 372298770Sdelphij.NOP \f\*[B-Font]true\f[] 373298770SdelphijForces the association to always survive the selection and clustering algorithms. 374298770SdelphijThis option should almost certainly 375298770Sdelphij\fIonly\f[] 376298770Sdelphijbe used while testing an association. 377298770Sdelphij.TP 7 378290001Sglebius.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]ttl\f[] 379290001SglebiusThis option is used only with broadcast server and manycast 380290001Sglebiusclient modes. 381290001SglebiusIt specifies the time-to-live 382290001Sglebius\f\*[I-Font]ttl\f[] 383290001Sglebiusto 384290001Sglebiususe on broadcast server and multicast server and the maximum 385290001Sglebius\f\*[I-Font]ttl\f[] 386290001Sglebiusfor the expanding ring search with manycast 387290001Sglebiusclient packets. 388290001SglebiusSelection of the proper value, which defaults to 389290001Sglebius127, is something of a black art and should be coordinated with the 390290001Sglebiusnetwork administrator. 391290001Sglebius.TP 7 392290001Sglebius.NOP \f\*[B-Font]version\f[] \f\*[I-Font]version\f[] 393290001SglebiusSpecifies the version number to be used for outgoing NTP 394290001Sglebiuspackets. 395290001SglebiusVersions 1-4 are the choices, with version 4 the 396290001Sglebiusdefault. 397298770Sdelphij.TP 7 398298770Sdelphij.NOP \f\*[B-Font]xleave\f[] 399298770SdelphijValid in 400298770Sdelphij\f\*[B-Font]peer\f[] 401298770Sdelphijand 402298770Sdelphij\f\*[B-Font]broadcast\f[] 403298770Sdelphijmodes only, this flag enables interleave mode. 404290001Sglebius.PP 405290001Sglebius.SS Auxiliary Commands 406290001Sglebius.TP 7 407290001Sglebius.NOP \f\*[B-Font]broadcastclient\f[] 408290001SglebiusThis command enables reception of broadcast server messages to 409290001Sglebiusany local interface (type b) address. 410290001SglebiusUpon receiving a message for 411290001Sglebiusthe first time, the broadcast client measures the nominal server 412290001Sglebiuspropagation delay using a brief client/server exchange with the 413290001Sglebiusserver, then enters the broadcast client mode, in which it 414290001Sglebiussynchronizes to succeeding broadcast messages. 415290001SglebiusNote that, in order 416290001Sglebiusto avoid accidental or malicious disruption in this mode, both the 417290001Sglebiusserver and client should operate using symmetric-key or public-key 418290001Sglebiusauthentication as described in 419290001Sglebius\fIAuthentication\f[] \fIOptions\f[]. 420290001Sglebius.TP 7 421290001Sglebius.NOP \f\*[B-Font]manycastserver\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[] 422290001SglebiusThis command enables reception of manycast client messages to 423290001Sglebiusthe multicast group address(es) (type m) specified. 424290001SglebiusAt least one 425290001Sglebiusaddress is required, but the NTP multicast address 224.0.1.1 426290001Sglebiusassigned by the IANA should NOT be used, unless specific means are 427290001Sglebiustaken to limit the span of the reply and avoid a possibly massive 428290001Sglebiusimplosion at the original sender. 429290001SglebiusNote that, in order to avoid 430290001Sglebiusaccidental or malicious disruption in this mode, both the server 431290001Sglebiusand client should operate using symmetric-key or public-key 432290001Sglebiusauthentication as described in 433290001Sglebius\fIAuthentication\f[] \fIOptions\f[]. 434290001Sglebius.TP 7 435290001Sglebius.NOP \f\*[B-Font]multicastclient\f[] \f\*[I-Font]address\f[] \f\*[I-Font]...\f[] 436290001SglebiusThis command enables reception of multicast server messages to 437290001Sglebiusthe multicast group address(es) (type m) specified. 438290001SglebiusUpon receiving 439290001Sglebiusa message for the first time, the multicast client measures the 440290001Sglebiusnominal server propagation delay using a brief client/server 441290001Sglebiusexchange with the server, then enters the broadcast client mode, in 442290001Sglebiuswhich it synchronizes to succeeding multicast messages. 443290001SglebiusNote that, 444290001Sglebiusin order to avoid accidental or malicious disruption in this mode, 445290001Sglebiusboth the server and client should operate using symmetric-key or 446290001Sglebiuspublic-key authentication as described in 447290001Sglebius\fIAuthentication\f[] \fIOptions\f[]. 448290001Sglebius.TP 7 449290001Sglebius.NOP \f\*[B-Font]mdnstries\f[] \f\*[I-Font]number\f[] 450290001SglebiusIf we are participating in mDNS, 451290001Sglebiusafter we have synched for the first time 452290001Sglebiuswe attempt to register with the mDNS system. 453290001SglebiusIf that registration attempt fails, 454290001Sglebiuswe try again at one minute intervals for up to 455290001Sglebius\f\*[B-Font]mdnstries\f[] 456290001Sglebiustimes. 457290001SglebiusAfter all, 458290001Sglebius\f\*[B-Font]ntpd\f[] 459290001Sglebiusmay be starting before mDNS. 460290001SglebiusThe default value for 461290001Sglebius\f\*[B-Font]mdnstries\f[] 462290001Sglebiusis 5. 463290001Sglebius.PP 464290001Sglebius.SH Authentication Support 465290001SglebiusAuthentication support allows the NTP client to verify that the 466290001Sglebiusserver is in fact known and trusted and not an intruder intending 467290001Sglebiusaccidentally or on purpose to masquerade as that server. 468290001SglebiusThe NTPv3 469290001Sglebiusspecification RFC-1305 defines a scheme which provides 470290001Sglebiuscryptographic authentication of received NTP packets. 471290001SglebiusOriginally, 472290001Sglebiusthis was done using the Data Encryption Standard (DES) algorithm 473290001Sglebiusoperating in Cipher Block Chaining (CBC) mode, commonly called 474290001SglebiusDES-CBC. 475290001SglebiusSubsequently, this was replaced by the RSA Message Digest 476290001Sglebius5 (MD5) algorithm using a private key, commonly called keyed-MD5. 477290001SglebiusEither algorithm computes a message digest, or one-way hash, which 478290001Sglebiuscan be used to verify the server has the correct private key and 479290001Sglebiuskey identifier. 480290001Sglebius.sp \n(Ppu 481290001Sglebius.ne 2 482290001Sglebius 483290001SglebiusNTPv4 retains the NTPv3 scheme, properly described as symmetric key 484290001Sglebiuscryptography and, in addition, provides a new Autokey scheme 485290001Sglebiusbased on public key cryptography. 486290001SglebiusPublic key cryptography is generally considered more secure 487290001Sglebiusthan symmetric key cryptography, since the security is based 488290001Sglebiuson a private value which is generated by each server and 489290001Sglebiusnever revealed. 490290001SglebiusWith Autokey all key distribution and 491290001Sglebiusmanagement functions involve only public values, which 492290001Sglebiusconsiderably simplifies key distribution and storage. 493290001SglebiusPublic key management is based on X.509 certificates, 494290001Sglebiuswhich can be provided by commercial services or 495290001Sglebiusproduced by utility programs in the OpenSSL software library 496290001Sglebiusor the NTPv4 distribution. 497290001Sglebius.sp \n(Ppu 498290001Sglebius.ne 2 499290001Sglebius 500290001SglebiusWhile the algorithms for symmetric key cryptography are 501290001Sglebiusincluded in the NTPv4 distribution, public key cryptography 502290001Sglebiusrequires the OpenSSL software library to be installed 503290001Sglebiusbefore building the NTP distribution. 504290001SglebiusDirections for doing that 505290001Sglebiusare on the Building and Installing the Distribution page. 506290001Sglebius.sp \n(Ppu 507290001Sglebius.ne 2 508290001Sglebius 509290001SglebiusAuthentication is configured separately for each association 510290001Sglebiususing the 511290001Sglebius\f\*[B-Font]key\f[] 512290001Sglebiusor 513290001Sglebius\f\*[B-Font]autokey\f[] 514290001Sglebiussubcommand on the 515290001Sglebius\f\*[B-Font]peer\f[], 516290001Sglebius\f\*[B-Font]server\f[], 517290001Sglebius\f\*[B-Font]broadcast\f[] 518290001Sglebiusand 519290001Sglebius\f\*[B-Font]manycastclient\f[] 520290001Sglebiusconfiguration commands as described in 521290001Sglebius\fIConfiguration\f[] \fIOptions\f[] 522290001Sglebiuspage. 523290001SglebiusThe authentication 524290001Sglebiusoptions described below specify the locations of the key files, 525290001Sglebiusif other than default, which symmetric keys are trusted 526290001Sglebiusand the interval between various operations, if other than default. 527290001Sglebius.sp \n(Ppu 528290001Sglebius.ne 2 529290001Sglebius 530290001SglebiusAuthentication is always enabled, 531290001Sglebiusalthough ineffective if not configured as 532290001Sglebiusdescribed below. 533290001SglebiusIf a NTP packet arrives 534290001Sglebiusincluding a message authentication 535290001Sglebiuscode (MAC), it is accepted only if it 536290001Sglebiuspasses all cryptographic checks. 537290001SglebiusThe 538290001Sglebiuschecks require correct key ID, key value 539290001Sglebiusand message digest. 540290001SglebiusIf the packet has 541290001Sglebiusbeen modified in any way or replayed 542290001Sglebiusby an intruder, it will fail one or more 543290001Sglebiusof these checks and be discarded. 544290001SglebiusFurthermore, the Autokey scheme requires a 545290001Sglebiuspreliminary protocol exchange to obtain 546290001Sglebiusthe server certificate, verify its 547290001Sglebiuscredentials and initialize the protocol 548290001Sglebius.sp \n(Ppu 549290001Sglebius.ne 2 550290001Sglebius 551290001SglebiusThe 552290001Sglebius\f\*[B-Font]auth\f[] 553290001Sglebiusflag controls whether new associations or 554290001Sglebiusremote configuration commands require cryptographic authentication. 555290001SglebiusThis flag can be set or reset by the 556290001Sglebius\f\*[B-Font]enable\f[] 557290001Sglebiusand 558290001Sglebius\f\*[B-Font]disable\f[] 559290001Sglebiuscommands and also by remote 560290001Sglebiusconfiguration commands sent by a 561290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 562298770Sdelphijprogram running on 563290001Sglebiusanother machine. 564290001SglebiusIf this flag is enabled, which is the default 565290001Sglebiuscase, new broadcast client and symmetric passive associations and 566290001Sglebiusremote configuration commands must be cryptographically 567290001Sglebiusauthenticated using either symmetric key or public key cryptography. 568290001SglebiusIf this 569290001Sglebiusflag is disabled, these operations are effective 570290001Sglebiuseven if not cryptographic 571290001Sglebiusauthenticated. 572290001SglebiusIt should be understood 573290001Sglebiusthat operating with the 574290001Sglebius\f\*[B-Font]auth\f[] 575290001Sglebiusflag disabled invites a significant vulnerability 576290001Sglebiuswhere a rogue hacker can 577290001Sglebiusmasquerade as a falseticker and seriously 578290001Sglebiusdisrupt system timekeeping. 579290001SglebiusIt is 580290001Sglebiusimportant to note that this flag has no purpose 581290001Sglebiusother than to allow or disallow 582290001Sglebiusa new association in response to new broadcast 583290001Sglebiusand symmetric active messages 584290001Sglebiusand remote configuration commands and, in particular, 585290001Sglebiusthe flag has no effect on 586290001Sglebiusthe authentication process itself. 587290001Sglebius.sp \n(Ppu 588290001Sglebius.ne 2 589290001Sglebius 590290001SglebiusAn attractive alternative where multicast support is available 591290001Sglebiusis manycast mode, in which clients periodically troll 592290001Sglebiusfor servers as described in the 593290001Sglebius\fIAutomatic\f[] \fINTP\f[] \fIConfiguration\f[] \fIOptions\f[] 594290001Sglebiuspage. 595290001SglebiusEither symmetric key or public key 596290001Sglebiuscryptographic authentication can be used in this mode. 597290001SglebiusThe principle advantage 598290001Sglebiusof manycast mode is that potential servers need not be 599290001Sglebiusconfigured in advance, 600290001Sglebiussince the client finds them during regular operation, 601290001Sglebiusand the configuration 602290001Sglebiusfiles for all clients can be identical. 603290001Sglebius.sp \n(Ppu 604290001Sglebius.ne 2 605290001Sglebius 606290001SglebiusThe security model and protocol schemes for 607290001Sglebiusboth symmetric key and public key 608290001Sglebiuscryptography are summarized below; 609290001Sglebiusfurther details are in the briefings, papers 610290001Sglebiusand reports at the NTP project page linked from 611290001Sglebius\f[C]http://www.ntp.org/\f[]. 612290001Sglebius.SS Symmetric-Key Cryptography 613290001SglebiusThe original RFC-1305 specification allows any one of possibly 614290001Sglebius65,534 keys, each distinguished by a 32-bit key identifier, to 615290001Sglebiusauthenticate an association. 616290001SglebiusThe servers and clients involved must 617290001Sglebiusagree on the key and key identifier to 618290001Sglebiusauthenticate NTP packets. 619290001SglebiusKeys and 620290001Sglebiusrelated information are specified in a key 621290001Sglebiusfile, usually called 622290001Sglebius\fIntp.keys\f[], 623290001Sglebiuswhich must be distributed and stored using 624290001Sglebiussecure means beyond the scope of the NTP protocol itself. 625290001SglebiusBesides the keys used 626290001Sglebiusfor ordinary NTP associations, 627290001Sglebiusadditional keys can be used as passwords for the 628290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 629290001Sglebiusand 630290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 631290001Sglebiusutility programs. 632290001Sglebius.sp \n(Ppu 633290001Sglebius.ne 2 634290001Sglebius 635290001SglebiusWhen 636290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 637290001Sglebiusis first started, it reads the key file specified in the 638290001Sglebius\f\*[B-Font]keys\f[] 639290001Sglebiusconfiguration command and installs the keys 640290001Sglebiusin the key cache. 641290001SglebiusHowever, 642290001Sglebiusindividual keys must be activated with the 643290001Sglebius\f\*[B-Font]trusted\f[] 644290001Sglebiuscommand before use. 645290001SglebiusThis 646290001Sglebiusallows, for instance, the installation of possibly 647290001Sglebiusseveral batches of keys and 648290001Sglebiusthen activating or deactivating each batch 649290001Sglebiusremotely using 650290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[]. 651290001SglebiusThis also provides a revocation capability that can be used 652290001Sglebiusif a key becomes compromised. 653290001SglebiusThe 654290001Sglebius\f\*[B-Font]requestkey\f[] 655290001Sglebiuscommand selects the key used as the password for the 656290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 657290001Sglebiusutility, while the 658290001Sglebius\f\*[B-Font]controlkey\f[] 659290001Sglebiuscommand selects the key used as the password for the 660290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 661290001Sglebiusutility. 662290001Sglebius.SS Public Key Cryptography 663290001SglebiusNTPv4 supports the original NTPv3 symmetric key scheme 664290001Sglebiusdescribed in RFC-1305 and in addition the Autokey protocol, 665290001Sglebiuswhich is based on public key cryptography. 666290001SglebiusThe Autokey Version 2 protocol described on the Autokey Protocol 667290001Sglebiuspage verifies packet integrity using MD5 message digests 668290001Sglebiusand verifies the source with digital signatures and any of several 669290001Sglebiusdigest/signature schemes. 670290001SglebiusOptional identity schemes described on the Identity Schemes 671290001Sglebiuspage and based on cryptographic challenge/response algorithms 672290001Sglebiusare also available. 673290001SglebiusUsing all of these schemes provides strong security against 674290001Sglebiusreplay with or without modification, spoofing, masquerade 675290001Sglebiusand most forms of clogging attacks. 676290001Sglebius.\" .Pp 677290001Sglebius.\" The cryptographic means necessary for all Autokey operations 678290001Sglebius.\" is provided by the OpenSSL software library. 679290001Sglebius.\" This library is available from http://www.openssl.org/ 680290001Sglebius.\" and can be installed using the procedures outlined 681290001Sglebius.\" in the Building and Installing the Distribution page. 682290001Sglebius.\" Once installed, 683290001Sglebius.\" the configure and build 684290001Sglebius.\" process automatically detects the library and links 685290001Sglebius.\" the library routines required. 686290001Sglebius.sp \n(Ppu 687290001Sglebius.ne 2 688290001Sglebius 689290001SglebiusThe Autokey protocol has several modes of operation 690290001Sglebiuscorresponding to the various NTP modes supported. 691290001SglebiusMost modes use a special cookie which can be 692290001Sglebiuscomputed independently by the client and server, 693290001Sglebiusbut encrypted in transmission. 694290001SglebiusAll modes use in addition a variant of the S-KEY scheme, 695290001Sglebiusin which a pseudo-random key list is generated and used 696290001Sglebiusin reverse order. 697290001SglebiusThese schemes are described along with an executive summary, 698290001Sglebiuscurrent status, briefing slides and reading list on the 699290001Sglebius\fIAutonomous\f[] \fIAuthentication\f[] 700290001Sglebiuspage. 701290001Sglebius.sp \n(Ppu 702290001Sglebius.ne 2 703290001Sglebius 704290001SglebiusThe specific cryptographic environment used by Autokey servers 705290001Sglebiusand clients is determined by a set of files 706290001Sglebiusand soft links generated by the 707290001Sglebius\fCntp-keygen\f[]\fR(1ntpkeygenmdoc)\f[] 708290001Sglebiusprogram. 709290001SglebiusThis includes a required host key file, 710290001Sglebiusrequired certificate file and optional sign key file, 711290001Sglebiusleapsecond file and identity scheme files. 712290001SglebiusThe 713290001Sglebiusdigest/signature scheme is specified in the X.509 certificate 714290001Sglebiusalong with the matching sign key. 715290001SglebiusThere are several schemes 716290001Sglebiusavailable in the OpenSSL software library, each identified 717290001Sglebiusby a specific string such as 718290001Sglebius\f\*[B-Font]md5WithRSAEncryption\f[], 719290001Sglebiuswhich stands for the MD5 message digest with RSA 720290001Sglebiusencryption scheme. 721290001SglebiusThe current NTP distribution supports 722290001Sglebiusall the schemes in the OpenSSL library, including 723290001Sglebiusthose based on RSA and DSA digital signatures. 724290001Sglebius.sp \n(Ppu 725290001Sglebius.ne 2 726290001Sglebius 727290001SglebiusNTP secure groups can be used to define cryptographic compartments 728290001Sglebiusand security hierarchies. 729290001SglebiusIt is important that every host 730290001Sglebiusin the group be able to construct a certificate trail to one 731290001Sglebiusor more trusted hosts in the same group. 732290001SglebiusEach group 733290001Sglebiushost runs the Autokey protocol to obtain the certificates 734290001Sglebiusfor all hosts along the trail to one or more trusted hosts. 735290001SglebiusThis requires the configuration file in all hosts to be 736290001Sglebiusengineered so that, even under anticipated failure conditions, 737290001Sglebiusthe NTP subnet will form such that every group host can find 738290001Sglebiusa trail to at least one trusted host. 739290001Sglebius.SS Naming and Addressing 740290001SglebiusIt is important to note that Autokey does not use DNS to 741290001Sglebiusresolve addresses, since DNS can't be completely trusted 742290001Sglebiusuntil the name servers have synchronized clocks. 743290001SglebiusThe cryptographic name used by Autokey to bind the host identity 744290001Sglebiuscredentials and cryptographic values must be independent 745290001Sglebiusof interface, network and any other naming convention. 746290001SglebiusThe name appears in the host certificate in either or both 747290001Sglebiusthe subject and issuer fields, so protection against 748290001SglebiusDNS compromise is essential. 749290001Sglebius.sp \n(Ppu 750290001Sglebius.ne 2 751290001Sglebius 752290001SglebiusBy convention, the name of an Autokey host is the name returned 753290001Sglebiusby the Unix 754290001Sglebius\fCgethostname\f[]\fR(2)\f[] 755290001Sglebiussystem call or equivalent in other systems. 756290001SglebiusBy the system design 757290001Sglebiusmodel, there are no provisions to allow alternate names or aliases. 758290001SglebiusHowever, this is not to say that DNS aliases, different names 759290001Sglebiusfor each interface, etc., are constrained in any way. 760290001Sglebius.sp \n(Ppu 761290001Sglebius.ne 2 762290001Sglebius 763290001SglebiusIt is also important to note that Autokey verifies authenticity 764290001Sglebiususing the host name, network address and public keys, 765290001Sglebiusall of which are bound together by the protocol specifically 766290001Sglebiusto deflect masquerade attacks. 767290001SglebiusFor this reason Autokey 768298770Sdelphijincludes the source and destination IP addresses in message digest 769290001Sglebiuscomputations and so the same addresses must be available 770290001Sglebiusat both the server and client. 771290001SglebiusFor this reason operation 772290001Sglebiuswith network address translation schemes is not possible. 773290001SglebiusThis reflects the intended robust security model where government 774290001Sglebiusand corporate NTP servers are operated outside firewall perimeters. 775290001Sglebius.SS Operation 776290001SglebiusA specific combination of authentication scheme (none, 777290001Sglebiussymmetric key, public key) and identity scheme is called 778290001Sglebiusa cryptotype, although not all combinations are compatible. 779290001SglebiusThere may be management configurations where the clients, 780290001Sglebiusservers and peers may not all support the same cryptotypes. 781290001SglebiusA secure NTPv4 subnet can be configured in many ways while 782290001Sglebiuskeeping in mind the principles explained above and 783290001Sglebiusin this section. 784290001SglebiusNote however that some cryptotype 785290001Sglebiuscombinations may successfully interoperate with each other, 786290001Sglebiusbut may not represent good security practice. 787290001Sglebius.sp \n(Ppu 788290001Sglebius.ne 2 789290001Sglebius 790290001SglebiusThe cryptotype of an association is determined at the time 791290001Sglebiusof mobilization, either at configuration time or some time 792290001Sglebiuslater when a message of appropriate cryptotype arrives. 793290001SglebiusWhen mobilized by a 794290001Sglebius\f\*[B-Font]server\f[] 795290001Sglebiusor 796290001Sglebius\f\*[B-Font]peer\f[] 797290001Sglebiusconfiguration command and no 798290001Sglebius\f\*[B-Font]key\f[] 799290001Sglebiusor 800290001Sglebius\f\*[B-Font]autokey\f[] 801290001Sglebiussubcommands are present, the association is not 802290001Sglebiusauthenticated; if the 803290001Sglebius\f\*[B-Font]key\f[] 804290001Sglebiussubcommand is present, the association is authenticated 805290001Sglebiususing the symmetric key ID specified; if the 806290001Sglebius\f\*[B-Font]autokey\f[] 807290001Sglebiussubcommand is present, the association is authenticated 808290001Sglebiususing Autokey. 809290001Sglebius.sp \n(Ppu 810290001Sglebius.ne 2 811290001Sglebius 812290001SglebiusWhen multiple identity schemes are supported in the Autokey 813290001Sglebiusprotocol, the first message exchange determines which one is used. 814290001SglebiusThe client request message contains bits corresponding 815290001Sglebiusto which schemes it has available. 816290001SglebiusThe server response message 817290001Sglebiuscontains bits corresponding to which schemes it has available. 818290001SglebiusBoth server and client match the received bits with their own 819290001Sglebiusand select a common scheme. 820290001Sglebius.sp \n(Ppu 821290001Sglebius.ne 2 822290001Sglebius 823290001SglebiusFollowing the principle that time is a public value, 824290001Sglebiusa server responds to any client packet that matches 825290001Sglebiusits cryptotype capabilities. 826290001SglebiusThus, a server receiving 827290001Sglebiusan unauthenticated packet will respond with an unauthenticated 828290001Sglebiuspacket, while the same server receiving a packet of a cryptotype 829290001Sglebiusit supports will respond with packets of that cryptotype. 830290001SglebiusHowever, unconfigured broadcast or manycast client 831290001Sglebiusassociations or symmetric passive associations will not be 832290001Sglebiusmobilized unless the server supports a cryptotype compatible 833290001Sglebiuswith the first packet received. 834290001SglebiusBy default, unauthenticated associations will not be mobilized 835290001Sglebiusunless overridden in a decidedly dangerous way. 836290001Sglebius.sp \n(Ppu 837290001Sglebius.ne 2 838290001Sglebius 839290001SglebiusSome examples may help to reduce confusion. 840290001SglebiusClient Alice has no specific cryptotype selected. 841290001SglebiusServer Bob has both a symmetric key file and minimal Autokey files. 842290001SglebiusAlice's unauthenticated messages arrive at Bob, who replies with 843290001Sglebiusunauthenticated messages. 844290001SglebiusCathy has a copy of Bob's symmetric 845290001Sglebiuskey file and has selected key ID 4 in messages to Bob. 846290001SglebiusBob verifies the message with his key ID 4. 847290001SglebiusIf it's the 848290001Sglebiussame key and the message is verified, Bob sends Cathy a reply 849290001Sglebiusauthenticated with that key. 850290001SglebiusIf verification fails, 851290001SglebiusBob sends Cathy a thing called a crypto-NAK, which tells her 852290001Sglebiussomething broke. 853290001SglebiusShe can see the evidence using the 854290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 855290001Sglebiusprogram. 856290001Sglebius.sp \n(Ppu 857290001Sglebius.ne 2 858290001Sglebius 859290001SglebiusDenise has rolled her own host key and certificate. 860290001SglebiusShe also uses one of the identity schemes as Bob. 861290001SglebiusShe sends the first Autokey message to Bob and they 862290001Sglebiusboth dance the protocol authentication and identity steps. 863290001SglebiusIf all comes out okay, Denise and Bob continue as described above. 864290001Sglebius.sp \n(Ppu 865290001Sglebius.ne 2 866290001Sglebius 867290001SglebiusIt should be clear from the above that Bob can support 868290001Sglebiusall the girls at the same time, as long as he has compatible 869290001Sglebiusauthentication and identity credentials. 870290001SglebiusNow, Bob can act just like the girls in his own choice of servers; 871290001Sglebiushe can run multiple configured associations with multiple different 872290001Sglebiusservers (or the same server, although that might not be useful). 873290001SglebiusBut, wise security policy might preclude some cryptotype 874290001Sglebiuscombinations; for instance, running an identity scheme 875290001Sglebiuswith one server and no authentication with another might not be wise. 876290001Sglebius.SS Key Management 877290001SglebiusThe cryptographic values used by the Autokey protocol are 878290001Sglebiusincorporated as a set of files generated by the 879290001Sglebius\fCntp-keygen\f[]\fR(1ntpkeygenmdoc)\f[] 880290001Sglebiusutility program, including symmetric key, host key and 881290001Sglebiuspublic certificate files, as well as sign key, identity parameters 882290001Sglebiusand leapseconds files. 883290001SglebiusAlternatively, host and sign keys and 884290001Sglebiuscertificate files can be generated by the OpenSSL utilities 885290001Sglebiusand certificates can be imported from public certificate 886290001Sglebiusauthorities. 887290001SglebiusNote that symmetric keys are necessary for the 888290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 889290001Sglebiusand 890290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 891290001Sglebiusutility programs. 892290001SglebiusThe remaining files are necessary only for the 893290001SglebiusAutokey protocol. 894290001Sglebius.sp \n(Ppu 895290001Sglebius.ne 2 896290001Sglebius 897290001SglebiusCertificates imported from OpenSSL or public certificate 898290001Sglebiusauthorities have certian limitations. 899290001SglebiusThe certificate should be in ASN.1 syntax, X.509 Version 3 900290001Sglebiusformat and encoded in PEM, which is the same format 901290001Sglebiusused by OpenSSL. 902290001SglebiusThe overall length of the certificate encoded 903290001Sglebiusin ASN.1 must not exceed 1024 bytes. 904290001SglebiusThe subject distinguished 905290001Sglebiusname field (CN) is the fully qualified name of the host 906290001Sglebiuson which it is used; the remaining subject fields are ignored. 907290001SglebiusThe certificate extension fields must not contain either 908290001Sglebiusa subject key identifier or a issuer key identifier field; 909290001Sglebiushowever, an extended key usage field for a trusted host must 910290001Sglebiuscontain the value 911290001Sglebius\f\*[B-Font]trustRoot\f[];. 912290001SglebiusOther extension fields are ignored. 913290001Sglebius.SS Authentication Commands 914290001Sglebius.TP 7 915290001Sglebius.NOP \f\*[B-Font]autokey\f[] [\f\*[I-Font]logsec\f[]] 916290001SglebiusSpecifies the interval between regenerations of the session key 917290001Sglebiuslist used with the Autokey protocol. 918290001SglebiusNote that the size of the key 919290001Sglebiuslist for each association depends on this interval and the current 920290001Sglebiuspoll interval. 921290001SglebiusThe default value is 12 (4096 s or about 1.1 hours). 922290001SglebiusFor poll intervals above the specified interval, a session key list 923290001Sglebiuswith a single entry will be regenerated for every message 924290001Sglebiussent. 925290001Sglebius.TP 7 926290001Sglebius.NOP \f\*[B-Font]controlkey\f[] \f\*[I-Font]key\f[] 927290001SglebiusSpecifies the key identifier to use with the 928290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 929290001Sglebiusutility, which uses the standard 930290001Sglebiusprotocol defined in RFC-1305. 931290001SglebiusThe 932290001Sglebius\f\*[I-Font]key\f[] 933290001Sglebiusargument is 934290001Sglebiusthe key identifier for a trusted key, where the value can be in the 935290001Sglebiusrange 1 to 65,534, inclusive. 936290001Sglebius.TP 7 937290001Sglebius.NOP \f\*[B-Font]crypto\f[] [\f\*[B-Font]cert\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]leap\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]host\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]sign\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gq\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[]] [\f\*[B-Font]pw\f[] \f\*[I-Font]password\f[]] 938290001SglebiusThis command requires the OpenSSL library. 939290001SglebiusIt activates public key 940290001Sglebiuscryptography, selects the message digest and signature 941290001Sglebiusencryption scheme and loads the required private and public 942290001Sglebiusvalues described above. 943290001SglebiusIf one or more files are left unspecified, 944290001Sglebiusthe default names are used as described above. 945290001SglebiusUnless the complete path and name of the file are specified, the 946290001Sglebiuslocation of a file is relative to the keys directory specified 947290001Sglebiusin the 948290001Sglebius\f\*[B-Font]keysdir\f[] 949290001Sglebiuscommand or default 950290001Sglebius\fI/usr/local/etc\f[]. 951290001SglebiusFollowing are the subcommands: 952290001Sglebius.RS 953290001Sglebius.TP 7 954290001Sglebius.NOP \f\*[B-Font]cert\f[] \f\*[I-Font]file\f[] 955290001SglebiusSpecifies the location of the required host public certificate file. 956290001SglebiusThis overrides the link 957290001Sglebius\fIntpkey_cert_\f[]\f\*[I-Font]hostname\f[] 958290001Sglebiusin the keys directory. 959290001Sglebius.TP 7 960290001Sglebius.NOP \f\*[B-Font]gqpar\f[] \f\*[I-Font]file\f[] 961290001SglebiusSpecifies the location of the optional GQ parameters file. 962290001SglebiusThis 963290001Sglebiusoverrides the link 964290001Sglebius\fIntpkey_gq_\f[]\f\*[I-Font]hostname\f[] 965290001Sglebiusin the keys directory. 966290001Sglebius.TP 7 967290001Sglebius.NOP \f\*[B-Font]host\f[] \f\*[I-Font]file\f[] 968290001SglebiusSpecifies the location of the required host key file. 969290001SglebiusThis overrides 970290001Sglebiusthe link 971290001Sglebius\fIntpkey_key_\f[]\f\*[I-Font]hostname\f[] 972290001Sglebiusin the keys directory. 973290001Sglebius.TP 7 974290001Sglebius.NOP \f\*[B-Font]iffpar\f[] \f\*[I-Font]file\f[] 975298770SdelphijSpecifies the location of the optional IFF parameters file. 976298770SdelphijThis overrides the link 977290001Sglebius\fIntpkey_iff_\f[]\f\*[I-Font]hostname\f[] 978290001Sglebiusin the keys directory. 979290001Sglebius.TP 7 980290001Sglebius.NOP \f\*[B-Font]leap\f[] \f\*[I-Font]file\f[] 981290001SglebiusSpecifies the location of the optional leapsecond file. 982290001SglebiusThis overrides the link 983290001Sglebius\fIntpkey_leap\f[] 984290001Sglebiusin the keys directory. 985290001Sglebius.TP 7 986290001Sglebius.NOP \f\*[B-Font]mvpar\f[] \f\*[I-Font]file\f[] 987290001SglebiusSpecifies the location of the optional MV parameters file. 988298770SdelphijThis overrides the link 989290001Sglebius\fIntpkey_mv_\f[]\f\*[I-Font]hostname\f[] 990290001Sglebiusin the keys directory. 991290001Sglebius.TP 7 992290001Sglebius.NOP \f\*[B-Font]pw\f[] \f\*[I-Font]password\f[] 993290001SglebiusSpecifies the password to decrypt files containing private keys and 994290001Sglebiusidentity parameters. 995290001SglebiusThis is required only if these files have been 996290001Sglebiusencrypted. 997290001Sglebius.TP 7 998290001Sglebius.NOP \f\*[B-Font]randfile\f[] \f\*[I-Font]file\f[] 999290001SglebiusSpecifies the location of the random seed file used by the OpenSSL 1000290001Sglebiuslibrary. 1001290001SglebiusThe defaults are described in the main text above. 1002290001Sglebius.TP 7 1003290001Sglebius.NOP \f\*[B-Font]sign\f[] \f\*[I-Font]file\f[] 1004290001SglebiusSpecifies the location of the optional sign key file. 1005290001SglebiusThis overrides 1006290001Sglebiusthe link 1007290001Sglebius\fIntpkey_sign_\f[]\f\*[I-Font]hostname\f[] 1008290001Sglebiusin the keys directory. 1009290001SglebiusIf this file is 1010290001Sglebiusnot found, the host key is also the sign key. 1011290001Sglebius.RE 1012290001Sglebius.TP 7 1013290001Sglebius.NOP \f\*[B-Font]keys\f[] \f\*[I-Font]keyfile\f[] 1014290001SglebiusSpecifies the complete path and location of the MD5 key file 1015290001Sglebiuscontaining the keys and key identifiers used by 1016290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[], 1017290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1018290001Sglebiusand 1019290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1020290001Sglebiuswhen operating with symmetric key cryptography. 1021290001SglebiusThis is the same operation as the 1022290001Sglebius\f\*[B-Font]\-k\f[] 1023290001Sglebiuscommand line option. 1024290001Sglebius.TP 7 1025290001Sglebius.NOP \f\*[B-Font]keysdir\f[] \f\*[I-Font]path\f[] 1026290001SglebiusThis command specifies the default directory path for 1027290001Sglebiuscryptographic keys, parameters and certificates. 1028290001SglebiusThe default is 1029290001Sglebius\fI/usr/local/etc/\f[]. 1030290001Sglebius.TP 7 1031290001Sglebius.NOP \f\*[B-Font]requestkey\f[] \f\*[I-Font]key\f[] 1032290001SglebiusSpecifies the key identifier to use with the 1033290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1034290001Sglebiusutility program, which uses a 1035290001Sglebiusproprietary protocol specific to this implementation of 1036290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[]. 1037290001SglebiusThe 1038290001Sglebius\f\*[I-Font]key\f[] 1039290001Sglebiusargument is a key identifier 1040290001Sglebiusfor the trusted key, where the value can be in the range 1 to 1041290001Sglebius65,534, inclusive. 1042290001Sglebius.TP 7 1043290001Sglebius.NOP \f\*[B-Font]revoke\f[] \f\*[I-Font]logsec\f[] 1044290001SglebiusSpecifies the interval between re-randomization of certain 1045290001Sglebiuscryptographic values used by the Autokey scheme, as a power of 2 in 1046290001Sglebiusseconds. 1047290001SglebiusThese values need to be updated frequently in order to 1048290001Sglebiusdeflect brute-force attacks on the algorithms of the scheme; 1049290001Sglebiushowever, updating some values is a relatively expensive operation. 1050290001SglebiusThe default interval is 16 (65,536 s or about 18 hours). 1051290001SglebiusFor poll 1052290001Sglebiusintervals above the specified interval, the values will be updated 1053290001Sglebiusfor every message sent. 1054290001Sglebius.TP 7 1055290001Sglebius.NOP \f\*[B-Font]trustedkey\f[] \f\*[I-Font]key\f[] \f\*[I-Font]...\f[] 1056290001SglebiusSpecifies the key identifiers which are trusted for the 1057290001Sglebiuspurposes of authenticating peers with symmetric key cryptography, 1058290001Sglebiusas well as keys used by the 1059290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1060290001Sglebiusand 1061290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1062290001Sglebiusprograms. 1063290001SglebiusThe authentication procedures require that both the local 1064290001Sglebiusand remote servers share the same key and key identifier for this 1065290001Sglebiuspurpose, although different keys can be used with different 1066290001Sglebiusservers. 1067290001SglebiusThe 1068290001Sglebius\f\*[I-Font]key\f[] 1069290001Sglebiusarguments are 32-bit unsigned 1070290001Sglebiusintegers with values from 1 to 65,534. 1071290001Sglebius.PP 1072290001Sglebius.SS Error Codes 1073290001SglebiusThe following error codes are reported via the NTP control 1074290001Sglebiusand monitoring protocol trap mechanism. 1075290001Sglebius.TP 7 1076290001Sglebius.NOP 101 1077290001Sglebius(bad field format or length) 1078290001SglebiusThe packet has invalid version, length or format. 1079290001Sglebius.TP 7 1080290001Sglebius.NOP 102 1081290001Sglebius(bad timestamp) 1082290001SglebiusThe packet timestamp is the same or older than the most recent received. 1083290001SglebiusThis could be due to a replay or a server clock time step. 1084290001Sglebius.TP 7 1085290001Sglebius.NOP 103 1086290001Sglebius(bad filestamp) 1087290001SglebiusThe packet filestamp is the same or older than the most recent received. 1088290001SglebiusThis could be due to a replay or a key file generation error. 1089290001Sglebius.TP 7 1090290001Sglebius.NOP 104 1091290001Sglebius(bad or missing public key) 1092290001SglebiusThe public key is missing, has incorrect format or is an unsupported type. 1093290001Sglebius.TP 7 1094290001Sglebius.NOP 105 1095290001Sglebius(unsupported digest type) 1096290001SglebiusThe server requires an unsupported digest/signature scheme. 1097290001Sglebius.TP 7 1098290001Sglebius.NOP 106 1099290001Sglebius(mismatched digest types) 1100290001SglebiusNot used. 1101290001Sglebius.TP 7 1102290001Sglebius.NOP 107 1103290001Sglebius(bad signature length) 1104290001SglebiusThe signature length does not match the current public key. 1105290001Sglebius.TP 7 1106290001Sglebius.NOP 108 1107290001Sglebius(signature not verified) 1108290001SglebiusThe message fails the signature check. 1109290001SglebiusIt could be bogus or signed by a 1110290001Sglebiusdifferent private key. 1111290001Sglebius.TP 7 1112290001Sglebius.NOP 109 1113290001Sglebius(certificate not verified) 1114290001SglebiusThe certificate is invalid or signed with the wrong key. 1115290001Sglebius.TP 7 1116290001Sglebius.NOP 110 1117290001Sglebius(certificate not verified) 1118290001SglebiusThe certificate is not yet valid or has expired or the signature could not 1119290001Sglebiusbe verified. 1120290001Sglebius.TP 7 1121290001Sglebius.NOP 111 1122290001Sglebius(bad or missing cookie) 1123290001SglebiusThe cookie is missing, corrupted or bogus. 1124290001Sglebius.TP 7 1125290001Sglebius.NOP 112 1126290001Sglebius(bad or missing leapseconds table) 1127290001SglebiusThe leapseconds table is missing, corrupted or bogus. 1128290001Sglebius.TP 7 1129290001Sglebius.NOP 113 1130290001Sglebius(bad or missing certificate) 1131290001SglebiusThe certificate is missing, corrupted or bogus. 1132290001Sglebius.TP 7 1133290001Sglebius.NOP 114 1134290001Sglebius(bad or missing identity) 1135290001SglebiusThe identity key is missing, corrupt or bogus. 1136290001Sglebius.PP 1137290001Sglebius.SH Monitoring Support 1138290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 1139290001Sglebiusincludes a comprehensive monitoring facility suitable 1140290001Sglebiusfor continuous, long term recording of server and client 1141290001Sglebiustimekeeping performance. 1142290001SglebiusSee the 1143290001Sglebius\f\*[B-Font]statistics\f[] 1144290001Sglebiuscommand below 1145290001Sglebiusfor a listing and example of each type of statistics currently 1146290001Sglebiussupported. 1147290001SglebiusStatistic files are managed using file generation sets 1148290001Sglebiusand scripts in the 1149290001Sglebius\fI./scripts\f[] 1150298770Sdelphijdirectory of the source code distribution. 1151290001SglebiusUsing 1152290001Sglebiusthese facilities and 1153290001SglebiusUNIX 1154290001Sglebius\fCcron\f[]\fR(8)\f[] 1155290001Sglebiusjobs, the data can be 1156290001Sglebiusautomatically summarized and archived for retrospective analysis. 1157290001Sglebius.SS Monitoring Commands 1158290001Sglebius.TP 7 1159290001Sglebius.NOP \f\*[B-Font]statistics\f[] \f\*[I-Font]name\f[] \f\*[I-Font]...\f[] 1160290001SglebiusEnables writing of statistics records. 1161290001SglebiusCurrently, eight kinds of 1162290001Sglebius\f\*[I-Font]name\f[] 1163290001Sglebiusstatistics are supported. 1164290001Sglebius.RS 1165290001Sglebius.TP 7 1166290001Sglebius.NOP \f\*[B-Font]clockstats\f[] 1167290001SglebiusEnables recording of clock driver statistics information. 1168290001SglebiusEach update 1169290001Sglebiusreceived from a clock driver appends a line of the following form to 1170290001Sglebiusthe file generation set named 1171290001Sglebius\f\*[B-Font]clockstats\f[]: 1172290001Sglebius.br 1173290001Sglebius.in +4 1174290001Sglebius.nf 1175290001Sglebius49213 525.624 127.127.4.1 93 226 00:08:29.606 D 1176290001Sglebius.in -4 1177290001Sglebius.fi 1178290001Sglebius.sp \n(Ppu 1179290001Sglebius.ne 2 1180290001Sglebius 1181290001SglebiusThe first two fields show the date (Modified Julian Day) and time 1182290001Sglebius(seconds and fraction past UTC midnight). 1183290001SglebiusThe next field shows the 1184290001Sglebiusclock address in dotted-quad notation. 1185290001SglebiusThe final field shows the last 1186290001Sglebiustimecode received from the clock in decoded ASCII format, where 1187290001Sglebiusmeaningful. 1188290001SglebiusIn some clock drivers a good deal of additional information 1189290001Sglebiuscan be gathered and displayed as well. 1190290001SglebiusSee information specific to each 1191290001Sglebiusclock for further details. 1192290001Sglebius.TP 7 1193290001Sglebius.NOP \f\*[B-Font]cryptostats\f[] 1194290001SglebiusThis option requires the OpenSSL cryptographic software library. 1195290001SglebiusIt 1196290001Sglebiusenables recording of cryptographic public key protocol information. 1197290001SglebiusEach message received by the protocol module appends a line of the 1198290001Sglebiusfollowing form to the file generation set named 1199290001Sglebius\f\*[B-Font]cryptostats\f[]: 1200290001Sglebius.br 1201290001Sglebius.in +4 1202290001Sglebius.nf 1203290001Sglebius49213 525.624 127.127.4.1 message 1204290001Sglebius.in -4 1205290001Sglebius.fi 1206290001Sglebius.sp \n(Ppu 1207290001Sglebius.ne 2 1208290001Sglebius 1209290001SglebiusThe first two fields show the date (Modified Julian Day) and time 1210290001Sglebius(seconds and fraction past UTC midnight). 1211290001SglebiusThe next field shows the peer 1212290001Sglebiusaddress in dotted-quad notation, The final message field includes the 1213290001Sglebiusmessage type and certain ancillary information. 1214290001SglebiusSee the 1215290001Sglebius\fIAuthentication\f[] \fIOptions\f[] 1216290001Sglebiussection for further information. 1217290001Sglebius.TP 7 1218290001Sglebius.NOP \f\*[B-Font]loopstats\f[] 1219290001SglebiusEnables recording of loop filter statistics information. 1220290001SglebiusEach 1221290001Sglebiusupdate of the local clock outputs a line of the following form to 1222290001Sglebiusthe file generation set named 1223290001Sglebius\f\*[B-Font]loopstats\f[]: 1224290001Sglebius.br 1225290001Sglebius.in +4 1226290001Sglebius.nf 1227290001Sglebius50935 75440.031 0.000006019 13.778190 0.000351733 0.0133806 1228290001Sglebius.in -4 1229290001Sglebius.fi 1230290001Sglebius.sp \n(Ppu 1231290001Sglebius.ne 2 1232290001Sglebius 1233290001SglebiusThe first two fields show the date (Modified Julian Day) and 1234290001Sglebiustime (seconds and fraction past UTC midnight). 1235290001SglebiusThe next five fields 1236290001Sglebiusshow time offset (seconds), frequency offset (parts per million \- 1237290001SglebiusPPM), RMS jitter (seconds), Allan deviation (PPM) and clock 1238290001Sglebiusdiscipline time constant. 1239290001Sglebius.TP 7 1240290001Sglebius.NOP \f\*[B-Font]peerstats\f[] 1241290001SglebiusEnables recording of peer statistics information. 1242290001SglebiusThis includes 1243290001Sglebiusstatistics records of all peers of a NTP server and of special 1244290001Sglebiussignals, where present and configured. 1245290001SglebiusEach valid update appends a 1246290001Sglebiusline of the following form to the current element of a file 1247290001Sglebiusgeneration set named 1248290001Sglebius\f\*[B-Font]peerstats\f[]: 1249290001Sglebius.br 1250290001Sglebius.in +4 1251290001Sglebius.nf 1252290001Sglebius48773 10847.650 127.127.4.1 9714 \-0.001605376 0.000000000 0.001424877 0.000958674 1253290001Sglebius.in -4 1254290001Sglebius.fi 1255290001Sglebius.sp \n(Ppu 1256290001Sglebius.ne 2 1257290001Sglebius 1258290001SglebiusThe first two fields show the date (Modified Julian Day) and 1259290001Sglebiustime (seconds and fraction past UTC midnight). 1260290001SglebiusThe next two fields 1261290001Sglebiusshow the peer address in dotted-quad notation and status, 1262290001Sglebiusrespectively. 1263290001SglebiusThe status field is encoded in hex in the format 1264290001Sglebiusdescribed in Appendix A of the NTP specification RFC 1305. 1265290001SglebiusThe final four fields show the offset, 1266290001Sglebiusdelay, dispersion and RMS jitter, all in seconds. 1267290001Sglebius.TP 7 1268290001Sglebius.NOP \f\*[B-Font]rawstats\f[] 1269290001SglebiusEnables recording of raw-timestamp statistics information. 1270290001SglebiusThis 1271290001Sglebiusincludes statistics records of all peers of a NTP server and of 1272290001Sglebiusspecial signals, where present and configured. 1273290001SglebiusEach NTP message 1274290001Sglebiusreceived from a peer or clock driver appends a line of the 1275290001Sglebiusfollowing form to the file generation set named 1276290001Sglebius\f\*[B-Font]rawstats\f[]: 1277290001Sglebius.br 1278290001Sglebius.in +4 1279290001Sglebius.nf 1280290001Sglebius50928 2132.543 128.4.1.1 128.4.1.20 3102453281.584327000 3102453281.58622800031 02453332.540806000 3102453332.541458000 1281290001Sglebius.in -4 1282290001Sglebius.fi 1283290001Sglebius.sp \n(Ppu 1284290001Sglebius.ne 2 1285290001Sglebius 1286290001SglebiusThe first two fields show the date (Modified Julian Day) and 1287290001Sglebiustime (seconds and fraction past UTC midnight). 1288290001SglebiusThe next two fields 1289290001Sglebiusshow the remote peer or clock address followed by the local address 1290290001Sglebiusin dotted-quad notation. 1291290001SglebiusThe final four fields show the originate, 1292290001Sglebiusreceive, transmit and final NTP timestamps in order. 1293290001SglebiusThe timestamp 1294290001Sglebiusvalues are as received and before processing by the various data 1295290001Sglebiussmoothing and mitigation algorithms. 1296290001Sglebius.TP 7 1297290001Sglebius.NOP \f\*[B-Font]sysstats\f[] 1298290001SglebiusEnables recording of ntpd statistics counters on a periodic basis. 1299290001SglebiusEach 1300290001Sglebiushour a line of the following form is appended to the file generation 1301290001Sglebiusset named 1302290001Sglebius\f\*[B-Font]sysstats\f[]: 1303290001Sglebius.br 1304290001Sglebius.in +4 1305290001Sglebius.nf 1306290001Sglebius50928 2132.543 36000 81965 0 9546 56 71793 512 540 10 147 1307290001Sglebius.in -4 1308290001Sglebius.fi 1309290001Sglebius.sp \n(Ppu 1310290001Sglebius.ne 2 1311290001Sglebius 1312290001SglebiusThe first two fields show the date (Modified Julian Day) and time 1313290001Sglebius(seconds and fraction past UTC midnight). 1314290001SglebiusThe remaining ten fields show 1315290001Sglebiusthe statistics counter values accumulated since the last generated 1316290001Sglebiusline. 1317290001Sglebius.RS 1318290001Sglebius.TP 7 1319290001Sglebius.NOP Time since restart \f\*[B-Font]36000\f[] 1320290001SglebiusTime in hours since the system was last rebooted. 1321290001Sglebius.TP 7 1322290001Sglebius.NOP Packets received \f\*[B-Font]81965\f[] 1323290001SglebiusTotal number of packets received. 1324290001Sglebius.TP 7 1325290001Sglebius.NOP Packets processed \f\*[B-Font]0\f[] 1326290001SglebiusNumber of packets received in response to previous packets sent 1327290001Sglebius.TP 7 1328290001Sglebius.NOP Current version \f\*[B-Font]9546\f[] 1329290001SglebiusNumber of packets matching the current NTP version. 1330290001Sglebius.TP 7 1331290001Sglebius.NOP Previous version \f\*[B-Font]56\f[] 1332290001SglebiusNumber of packets matching the previous NTP version. 1333290001Sglebius.TP 7 1334290001Sglebius.NOP Bad version \f\*[B-Font]71793\f[] 1335290001SglebiusNumber of packets matching neither NTP version. 1336290001Sglebius.TP 7 1337290001Sglebius.NOP Access denied \f\*[B-Font]512\f[] 1338290001SglebiusNumber of packets denied access for any reason. 1339290001Sglebius.TP 7 1340290001Sglebius.NOP Bad length or format \f\*[B-Font]540\f[] 1341290001SglebiusNumber of packets with invalid length, format or port number. 1342290001Sglebius.TP 7 1343290001Sglebius.NOP Bad authentication \f\*[B-Font]10\f[] 1344290001SglebiusNumber of packets not verified as authentic. 1345290001Sglebius.TP 7 1346290001Sglebius.NOP Rate exceeded \f\*[B-Font]147\f[] 1347290001SglebiusNumber of packets discarded due to rate limitation. 1348290001Sglebius.RE 1349290001Sglebius.TP 7 1350290001Sglebius.NOP \f\*[B-Font]statsdir\f[] \f\*[I-Font]directory_path\f[] 1351290001SglebiusIndicates the full path of a directory where statistics files 1352290001Sglebiusshould be created (see below). 1353290001SglebiusThis keyword allows 1354290001Sglebiusthe (otherwise constant) 1355290001Sglebius\f\*[B-Font]filegen\f[] 1356290001Sglebiusfilename prefix to be modified for file generation sets, which 1357290001Sglebiusis useful for handling statistics logs. 1358290001Sglebius.TP 7 1359290001Sglebius.NOP \f\*[B-Font]filegen\f[] \f\*[I-Font]name\f[] [\f\*[B-Font]file\f[] \f\*[I-Font]filename\f[]] [\f\*[B-Font]type\f[] \f\*[I-Font]typename\f[]] [\f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[]] [\f\*[B-Font]enable\f[] | \f\*[B-Font]disable\f[]] 1360290001SglebiusConfigures setting of generation file set name. 1361290001SglebiusGeneration 1362290001Sglebiusfile sets provide a means for handling files that are 1363290001Sglebiuscontinuously growing during the lifetime of a server. 1364290001SglebiusServer statistics are a typical example for such files. 1365290001SglebiusGeneration file sets provide access to a set of files used 1366290001Sglebiusto store the actual data. 1367290001SglebiusAt any time at most one element 1368290001Sglebiusof the set is being written to. 1369290001SglebiusThe type given specifies 1370290001Sglebiuswhen and how data will be directed to a new element of the set. 1371290001SglebiusThis way, information stored in elements of a file set 1372290001Sglebiusthat are currently unused are available for administrational 1373290001Sglebiusoperations without the risk of disturbing the operation of ntpd. 1374290001Sglebius(Most important: they can be removed to free space for new data 1375290001Sglebiusproduced.) 1376290001Sglebius.sp \n(Ppu 1377290001Sglebius.ne 2 1378290001Sglebius 1379290001SglebiusNote that this command can be sent from the 1380290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1381290001Sglebiusprogram running at a remote location. 1382290001Sglebius.RS 1383290001Sglebius.TP 7 1384290001Sglebius.NOP \f\*[B-Font]name\f[] 1385290001SglebiusThis is the type of the statistics records, as shown in the 1386290001Sglebius\f\*[B-Font]statistics\f[] 1387290001Sglebiuscommand. 1388290001Sglebius.TP 7 1389290001Sglebius.NOP \f\*[B-Font]file\f[] \f\*[I-Font]filename\f[] 1390290001SglebiusThis is the file name for the statistics records. 1391290001SglebiusFilenames of set 1392290001Sglebiusmembers are built from three concatenated elements 1393290001Sglebius\f\*[B-Font]prefix\f[], 1394290001Sglebius\f\*[B-Font]filename\f[] 1395290001Sglebiusand 1396290001Sglebius\f\*[B-Font]suffix\f[]: 1397290001Sglebius.RS 1398290001Sglebius.TP 7 1399290001Sglebius.NOP \f\*[B-Font]prefix\f[] 1400290001SglebiusThis is a constant filename path. 1401290001SglebiusIt is not subject to 1402290001Sglebiusmodifications via the 1403290001Sglebius\f\*[I-Font]filegen\f[] 1404290001Sglebiusoption. 1405290001SglebiusIt is defined by the 1406290001Sglebiusserver, usually specified as a compile-time constant. 1407290001SglebiusIt may, 1408290001Sglebiushowever, be configurable for individual file generation sets 1409290001Sglebiusvia other commands. 1410290001SglebiusFor example, the prefix used with 1411290001Sglebius\f\*[I-Font]loopstats\f[] 1412290001Sglebiusand 1413290001Sglebius\f\*[I-Font]peerstats\f[] 1414290001Sglebiusgeneration can be configured using the 1415290001Sglebius\f\*[I-Font]statsdir\f[] 1416290001Sglebiusoption explained above. 1417290001Sglebius.TP 7 1418290001Sglebius.NOP \f\*[B-Font]filename\f[] 1419290001SglebiusThis string is directly concatenated to the prefix mentioned 1420290001Sglebiusabove (no intervening 1421290001Sglebius\[oq]/\[cq]). 1422290001SglebiusThis can be modified using 1423290001Sglebiusthe file argument to the 1424290001Sglebius\f\*[I-Font]filegen\f[] 1425290001Sglebiusstatement. 1426290001SglebiusNo 1427290001Sglebius\fI..\f[] 1428290001Sglebiuselements are 1429290001Sglebiusallowed in this component to prevent filenames referring to 1430290001Sglebiusparts outside the filesystem hierarchy denoted by 1431290001Sglebius\f\*[I-Font]prefix\f[]. 1432290001Sglebius.TP 7 1433290001Sglebius.NOP \f\*[B-Font]suffix\f[] 1434290001SglebiusThis part is reflects individual elements of a file set. 1435290001SglebiusIt is 1436290001Sglebiusgenerated according to the type of a file set. 1437290001Sglebius.RE 1438290001Sglebius.TP 7 1439290001Sglebius.NOP \f\*[B-Font]type\f[] \f\*[I-Font]typename\f[] 1440290001SglebiusA file generation set is characterized by its type. 1441290001SglebiusThe following 1442290001Sglebiustypes are supported: 1443290001Sglebius.RS 1444290001Sglebius.TP 7 1445290001Sglebius.NOP \f\*[B-Font]none\f[] 1446290001SglebiusThe file set is actually a single plain file. 1447290001Sglebius.TP 7 1448290001Sglebius.NOP \f\*[B-Font]pid\f[] 1449290001SglebiusOne element of file set is used per incarnation of a ntpd 1450290001Sglebiusserver. 1451290001SglebiusThis type does not perform any changes to file set 1452290001Sglebiusmembers during runtime, however it provides an easy way of 1453290001Sglebiusseparating files belonging to different 1454290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 1455290001Sglebiusserver incarnations. 1456290001SglebiusThe set member filename is built by appending a 1457290001Sglebius\[oq]\&.\[cq] 1458290001Sglebiusto concatenated 1459290001Sglebius\f\*[I-Font]prefix\f[] 1460290001Sglebiusand 1461290001Sglebius\f\*[I-Font]filename\f[] 1462290001Sglebiusstrings, and 1463290001Sglebiusappending the decimal representation of the process ID of the 1464290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 1465290001Sglebiusserver process. 1466290001Sglebius.TP 7 1467290001Sglebius.NOP \f\*[B-Font]day\f[] 1468290001SglebiusOne file generation set element is created per day. 1469290001SglebiusA day is 1470290001Sglebiusdefined as the period between 00:00 and 24:00 UTC. 1471290001SglebiusThe file set 1472290001Sglebiusmember suffix consists of a 1473290001Sglebius\[oq]\&.\[cq] 1474290001Sglebiusand a day specification in 1475290001Sglebiusthe form 1476290001Sglebius\f\*[B-Font]YYYYMMdd\f[]. 1477290001Sglebius\f\*[B-Font]YYYY\f[] 1478290001Sglebiusis a 4-digit year number (e.g., 1992). 1479290001Sglebius\f\*[B-Font]MM\f[] 1480290001Sglebiusis a two digit month number. 1481290001Sglebius\f\*[B-Font]dd\f[] 1482290001Sglebiusis a two digit day number. 1483290001SglebiusThus, all information written at 10 December 1992 would end up 1484290001Sglebiusin a file named 1485290001Sglebius\f\*[I-Font]prefix\f[] 1486290001Sglebius\f\*[I-Font]filename\f[].19921210. 1487290001Sglebius.TP 7 1488290001Sglebius.NOP \f\*[B-Font]week\f[] 1489290001SglebiusAny file set member contains data related to a certain week of 1490290001Sglebiusa year. 1491290001SglebiusThe term week is defined by computing day-of-year 1492290001Sglebiusmodulo 7. 1493290001SglebiusElements of such a file generation set are 1494290001Sglebiusdistinguished by appending the following suffix to the file set 1495290001Sglebiusfilename base: A dot, a 4-digit year number, the letter 1496290001Sglebius\f\*[B-Font]W\f[], 1497290001Sglebiusand a 2-digit week number. 1498290001SglebiusFor example, information from January, 1499290001Sglebius10th 1992 would end up in a file with suffix 1500290001Sglebius.NOP. \f\*[I-Font]1992W1\f[]. 1501290001Sglebius.TP 7 1502290001Sglebius.NOP \f\*[B-Font]month\f[] 1503290001SglebiusOne generation file set element is generated per month. 1504290001SglebiusThe 1505290001Sglebiusfile name suffix consists of a dot, a 4-digit year number, and 1506290001Sglebiusa 2-digit month. 1507290001Sglebius.TP 7 1508290001Sglebius.NOP \f\*[B-Font]year\f[] 1509290001SglebiusOne generation file element is generated per year. 1510290001SglebiusThe filename 1511290001Sglebiussuffix consists of a dot and a 4 digit year number. 1512290001Sglebius.TP 7 1513290001Sglebius.NOP \f\*[B-Font]age\f[] 1514290001SglebiusThis type of file generation sets changes to a new element of 1515290001Sglebiusthe file set every 24 hours of server operation. 1516290001SglebiusThe filename 1517290001Sglebiussuffix consists of a dot, the letter 1518290001Sglebius\f\*[B-Font]a\f[], 1519290001Sglebiusand an 8-digit number. 1520290001SglebiusThis number is taken to be the number of seconds the server is 1521290001Sglebiusrunning at the start of the corresponding 24-hour period. 1522290001SglebiusInformation is only written to a file generation by specifying 1523290001Sglebius\f\*[B-Font]enable\f[]; 1524290001Sglebiusoutput is prevented by specifying 1525290001Sglebius\f\*[B-Font]disable\f[]. 1526290001Sglebius.RE 1527290001Sglebius.TP 7 1528290001Sglebius.NOP \f\*[B-Font]link\f[] | \f\*[B-Font]nolink\f[] 1529290001SglebiusIt is convenient to be able to access the current element of a file 1530290001Sglebiusgeneration set by a fixed name. 1531290001SglebiusThis feature is enabled by 1532290001Sglebiusspecifying 1533290001Sglebius\f\*[B-Font]link\f[] 1534290001Sglebiusand disabled using 1535290001Sglebius\f\*[B-Font]nolink\f[]. 1536290001SglebiusIf link is specified, a 1537290001Sglebiushard link from the current file set element to a file without 1538290001Sglebiussuffix is created. 1539290001SglebiusWhen there is already a file with this name and 1540290001Sglebiusthe number of links of this file is one, it is renamed appending a 1541290001Sglebiusdot, the letter 1542290001Sglebius\f\*[B-Font]C\f[], 1543298770Sdelphijand the pid of the 1544298770Sdelphij\fCntpd\f[]\fR(@NTPD_MS@)\f[] 1545298770Sdelphijserver process. 1546290001SglebiusWhen the 1547290001Sglebiusnumber of links is greater than one, the file is unlinked. 1548290001SglebiusThis 1549290001Sglebiusallows the current file to be accessed by a constant name. 1550290001Sglebius.TP 7 1551290001Sglebius.NOP \f\*[B-Font]enable\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]disable\f[] 1552290001SglebiusEnables or disables the recording function. 1553290001Sglebius.RE 1554290001Sglebius.RE 1555290001Sglebius.PP 1556290001Sglebius.SH Access Control Support 1557290001SglebiusThe 1558290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 1559290001Sglebiusdaemon implements a general purpose address/mask based restriction 1560290001Sglebiuslist. 1561290001SglebiusThe list contains address/match entries sorted first 1562290001Sglebiusby increasing address values and and then by increasing mask values. 1563290001SglebiusA match occurs when the bitwise AND of the mask and the packet 1564290001Sglebiussource address is equal to the bitwise AND of the mask and 1565290001Sglebiusaddress in the list. 1566290001SglebiusThe list is searched in order with the 1567290001Sglebiuslast match found defining the restriction flags associated 1568290001Sglebiuswith the entry. 1569290001SglebiusAdditional information and examples can be found in the 1570290001Sglebius"Notes on Configuring NTP and Setting up a NTP Subnet" 1571290001Sglebiuspage 1572290001Sglebius(available as part of the HTML documentation 1573290001Sglebiusprovided in 1574290001Sglebius\fI/usr/share/doc/ntp\f[]). 1575290001Sglebius.sp \n(Ppu 1576290001Sglebius.ne 2 1577290001Sglebius 1578290001SglebiusThe restriction facility was implemented in conformance 1579290001Sglebiuswith the access policies for the original NSFnet backbone 1580290001Sglebiustime servers. 1581290001SglebiusLater the facility was expanded to deflect 1582290001Sglebiuscryptographic and clogging attacks. 1583290001SglebiusWhile this facility may 1584290001Sglebiusbe useful for keeping unwanted or broken or malicious clients 1585290001Sglebiusfrom congesting innocent servers, it should not be considered 1586290001Sglebiusan alternative to the NTP authentication facilities. 1587290001SglebiusSource address based restrictions are easily circumvented 1588290001Sglebiusby a determined cracker. 1589290001Sglebius.sp \n(Ppu 1590290001Sglebius.ne 2 1591290001Sglebius 1592290001SglebiusClients can be denied service because they are explicitly 1593298770Sdelphijincluded in the restrict list created by the 1594298770Sdelphij\f\*[B-Font]restrict\f[] 1595298770Sdelphijcommand 1596290001Sglebiusor implicitly as the result of cryptographic or rate limit 1597290001Sglebiusviolations. 1598290001SglebiusCryptographic violations include certificate 1599290001Sglebiusor identity verification failure; rate limit violations generally 1600290001Sglebiusresult from defective NTP implementations that send packets 1601290001Sglebiusat abusive rates. 1602290001SglebiusSome violations cause denied service 1603290001Sglebiusonly for the offending packet, others cause denied service 1604290001Sglebiusfor a timed period and others cause the denied service for 1605298770Sdelphijan indefinite period. 1606290001SglebiusWhen a client or network is denied access 1607298770Sdelphijfor an indefinite period, the only way at present to remove 1608290001Sglebiusthe restrictions is by restarting the server. 1609290001Sglebius.SS The Kiss-of-Death Packet 1610290001SglebiusOrdinarily, packets denied service are simply dropped with no 1611290001Sglebiusfurther action except incrementing statistics counters. 1612290001SglebiusSometimes a 1613290001Sglebiusmore proactive response is needed, such as a server message that 1614290001Sglebiusexplicitly requests the client to stop sending and leave a message 1615290001Sglebiusfor the system operator. 1616290001SglebiusA special packet format has been created 1617290001Sglebiusfor this purpose called the "kiss-of-death" (KoD) packet. 1618290001SglebiusKoD packets have the leap bits set unsynchronized and stratum set 1619290001Sglebiusto zero and the reference identifier field set to a four-byte 1620290001SglebiusASCII code. 1621290001SglebiusIf the 1622290001Sglebius\f\*[B-Font]noserve\f[] 1623290001Sglebiusor 1624290001Sglebius\f\*[B-Font]notrust\f[] 1625290001Sglebiusflag of the matching restrict list entry is set, 1626290001Sglebiusthe code is "DENY"; if the 1627290001Sglebius\f\*[B-Font]limited\f[] 1628290001Sglebiusflag is set and the rate limit 1629290001Sglebiusis exceeded, the code is "RATE". 1630290001SglebiusFinally, if a cryptographic violation occurs, the code is "CRYP". 1631290001Sglebius.sp \n(Ppu 1632290001Sglebius.ne 2 1633290001Sglebius 1634290001SglebiusA client receiving a KoD performs a set of sanity checks to 1635290001Sglebiusminimize security exposure, then updates the stratum and 1636290001Sglebiusreference identifier peer variables, sets the access 1637290001Sglebiusdenied (TEST4) bit in the peer flash variable and sends 1638290001Sglebiusa message to the log. 1639290001SglebiusAs long as the TEST4 bit is set, 1640290001Sglebiusthe client will send no further packets to the server. 1641290001SglebiusThe only way at present to recover from this condition is 1642290001Sglebiusto restart the protocol at both the client and server. 1643290001SglebiusThis 1644290001Sglebiushappens automatically at the client when the association times out. 1645290001SglebiusIt will happen at the server only if the server operator cooperates. 1646290001Sglebius.SS Access Control Commands 1647290001Sglebius.TP 7 1648290001Sglebius.NOP \f\*[B-Font]discard\f[] [\f\*[B-Font]average\f[] \f\*[I-Font]avg\f[]] [\f\*[B-Font]minimum\f[] \f\*[I-Font]min\f[]] [\f\*[B-Font]monitor\f[] \f\*[I-Font]prob\f[]] 1649290001SglebiusSet the parameters of the 1650290001Sglebius\f\*[B-Font]limited\f[] 1651290001Sglebiusfacility which protects the server from 1652290001Sglebiusclient abuse. 1653290001SglebiusThe 1654290001Sglebius\f\*[B-Font]average\f[] 1655290001Sglebiussubcommand specifies the minimum average packet 1656290001Sglebiusspacing, while the 1657290001Sglebius\f\*[B-Font]minimum\f[] 1658290001Sglebiussubcommand specifies the minimum packet spacing. 1659290001SglebiusPackets that violate these minima are discarded 1660290001Sglebiusand a kiss-o'-death packet returned if enabled. 1661290001SglebiusThe default 1662290001Sglebiusminimum average and minimum are 5 and 2, respectively. 1663298770SdelphijThe 1664298770Sdelphij\f\*[B-Font]monitor\f[] 1665298770Sdelphijsubcommand specifies the probability of discard 1666290001Sglebiusfor packets that overflow the rate-control window. 1667290001Sglebius.TP 7 1668290001Sglebius.NOP \f\*[B-Font]restrict\f[] \f\*[B-Font]address\f[] [\f\*[B-Font]mask\f[] \f\*[I-Font]mask\f[]] [\f\*[I-Font]flag\f[] \f\*[I-Font]...\f[]] 1669290001SglebiusThe 1670290001Sglebius\f\*[I-Font]address\f[] 1671290001Sglebiusargument expressed in 1672290001Sglebiusdotted-quad form is the address of a host or network. 1673290001SglebiusAlternatively, the 1674290001Sglebius\f\*[I-Font]address\f[] 1675290001Sglebiusargument can be a valid host DNS name. 1676290001SglebiusThe 1677290001Sglebius\f\*[I-Font]mask\f[] 1678290001Sglebiusargument expressed in dotted-quad form defaults to 1679290001Sglebius\f\*[B-Font]255.255.255.255\f[], 1680290001Sglebiusmeaning that the 1681290001Sglebius\f\*[I-Font]address\f[] 1682290001Sglebiusis treated as the address of an individual host. 1683290001SglebiusA default entry (address 1684290001Sglebius\f\*[B-Font]0.0.0.0\f[], 1685290001Sglebiusmask 1686290001Sglebius\f\*[B-Font]0.0.0.0\f[]) 1687290001Sglebiusis always included and is always the first entry in the list. 1688290001SglebiusNote that text string 1689290001Sglebius\f\*[B-Font]default\f[], 1690290001Sglebiuswith no mask option, may 1691290001Sglebiusbe used to indicate the default entry. 1692290001SglebiusIn the current implementation, 1693290001Sglebius\f\*[B-Font]flag\f[] 1694290001Sglebiusalways 1695290001Sglebiusrestricts access, i.e., an entry with no flags indicates that free 1696290001Sglebiusaccess to the server is to be given. 1697290001SglebiusThe flags are not orthogonal, 1698290001Sglebiusin that more restrictive flags will often make less restrictive 1699290001Sglebiusones redundant. 1700290001SglebiusThe flags can generally be classed into two 1701290001Sglebiuscategories, those which restrict time service and those which 1702290001Sglebiusrestrict informational queries and attempts to do run-time 1703290001Sglebiusreconfiguration of the server. 1704290001SglebiusOne or more of the following flags 1705290001Sglebiusmay be specified: 1706290001Sglebius.RS 1707290001Sglebius.TP 7 1708290001Sglebius.NOP \f\*[B-Font]ignore\f[] 1709290001SglebiusDeny packets of all kinds, including 1710290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1711290001Sglebiusand 1712290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1713290001Sglebiusqueries. 1714290001Sglebius.TP 7 1715290001Sglebius.NOP \f\*[B-Font]kod\f[] 1716290001SglebiusIf this flag is set when an access violation occurs, a kiss-o'-death 1717290001Sglebius(KoD) packet is sent. 1718290001SglebiusKoD packets are rate limited to no more than one 1719290001Sglebiusper second. 1720290001SglebiusIf another KoD packet occurs within one second after the 1721290001Sglebiuslast one, the packet is dropped. 1722290001Sglebius.TP 7 1723290001Sglebius.NOP \f\*[B-Font]limited\f[] 1724290001SglebiusDeny service if the packet spacing violates the lower limits specified 1725298770Sdelphijin the 1726298770Sdelphij\f\*[B-Font]discard\f[] 1727298770Sdelphijcommand. 1728290001SglebiusA history of clients is kept using the 1729290001Sglebiusmonitoring capability of 1730290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[]. 1731290001SglebiusThus, monitoring is always active as 1732290001Sglebiuslong as there is a restriction entry with the 1733290001Sglebius\f\*[B-Font]limited\f[] 1734290001Sglebiusflag. 1735290001Sglebius.TP 7 1736290001Sglebius.NOP \f\*[B-Font]lowpriotrap\f[] 1737290001SglebiusDeclare traps set by matching hosts to be low priority. 1738290001SglebiusThe 1739290001Sglebiusnumber of traps a server can maintain is limited (the current limit 1740290001Sglebiusis 3). 1741290001SglebiusTraps are usually assigned on a first come, first served 1742290001Sglebiusbasis, with later trap requestors being denied service. 1743290001SglebiusThis flag 1744290001Sglebiusmodifies the assignment algorithm by allowing low priority traps to 1745290001Sglebiusbe overridden by later requests for normal priority traps. 1746290001Sglebius.TP 7 1747290001Sglebius.NOP \f\*[B-Font]nomodify\f[] 1748290001SglebiusDeny 1749290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1750290001Sglebiusand 1751290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1752290001Sglebiusqueries which attempt to modify the state of the 1753290001Sglebiusserver (i.e., run time reconfiguration). 1754290001SglebiusQueries which return 1755290001Sglebiusinformation are permitted. 1756290001Sglebius.TP 7 1757290001Sglebius.NOP \f\*[B-Font]noquery\f[] 1758290001SglebiusDeny 1759290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1760290001Sglebiusand 1761290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1762290001Sglebiusqueries. 1763290001SglebiusTime service is not affected. 1764290001Sglebius.TP 7 1765290001Sglebius.NOP \f\*[B-Font]nopeer\f[] 1766290001SglebiusDeny packets which would result in mobilizing a new association. 1767290001SglebiusThis 1768290001Sglebiusincludes broadcast and symmetric active packets when a configured 1769290001Sglebiusassociation does not exist. 1770290001SglebiusIt also includes 1771290001Sglebius\f\*[B-Font]pool\f[] 1772290001Sglebiusassociations, so if you want to use servers from a 1773290001Sglebius\f\*[B-Font]pool\f[] 1774290001Sglebiusdirective and also want to use 1775290001Sglebius\f\*[B-Font]nopeer\f[] 1776290001Sglebiusby default, you'll want a 1777290001Sglebius\f\*[B-Font]restrict source ...\f[] \f\*[B-Font]line\f[] \f\*[B-Font]as\f[] \f\*[B-Font]well\f[] \f\*[B-Font]that\f[] \f\*[B-Font]does\f[] 1778290001Sglebius.TP 7 1779290001Sglebius.NOP not 1780290001Sglebiusinclude the 1781290001Sglebius\f\*[B-Font]nopeer\f[] 1782290001Sglebiusdirective. 1783290001Sglebius.TP 7 1784290001Sglebius.NOP \f\*[B-Font]noserve\f[] 1785290001SglebiusDeny all packets except 1786290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1787290001Sglebiusand 1788290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 1789290001Sglebiusqueries. 1790290001Sglebius.TP 7 1791290001Sglebius.NOP \f\*[B-Font]notrap\f[] 1792290001SglebiusDecline to provide mode 6 control message trap service to matching 1793290001Sglebiushosts. 1794298770SdelphijThe trap service is a subsystem of the 1795298770Sdelphij\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 1796298770Sdelphijcontrol message 1797290001Sglebiusprotocol which is intended for use by remote event logging programs. 1798290001Sglebius.TP 7 1799290001Sglebius.NOP \f\*[B-Font]notrust\f[] 1800290001SglebiusDeny service unless the packet is cryptographically authenticated. 1801290001Sglebius.TP 7 1802290001Sglebius.NOP \f\*[B-Font]ntpport\f[] 1803290001SglebiusThis is actually a match algorithm modifier, rather than a 1804290001Sglebiusrestriction flag. 1805290001SglebiusIts presence causes the restriction entry to be 1806290001Sglebiusmatched only if the source port in the packet is the standard NTP 1807290001SglebiusUDP port (123). 1808290001SglebiusBoth 1809290001Sglebius\f\*[B-Font]ntpport\f[] 1810290001Sglebiusand 1811290001Sglebius\f\*[B-Font]non-ntpport\f[] 1812290001Sglebiusmay 1813290001Sglebiusbe specified. 1814290001SglebiusThe 1815290001Sglebius\f\*[B-Font]ntpport\f[] 1816290001Sglebiusis considered more specific and 1817290001Sglebiusis sorted later in the list. 1818290001Sglebius.TP 7 1819290001Sglebius.NOP \f\*[B-Font]version\f[] 1820290001SglebiusDeny packets that do not match the current NTP version. 1821290001Sglebius.RE 1822290001Sglebius.sp \n(Ppu 1823290001Sglebius.ne 2 1824290001Sglebius 1825290001SglebiusDefault restriction list entries with the flags ignore, interface, 1826290001Sglebiusntpport, for each of the local host's interface addresses are 1827290001Sglebiusinserted into the table at startup to prevent the server 1828290001Sglebiusfrom attempting to synchronize to its own time. 1829290001SglebiusA default entry is also always present, though if it is 1830290001Sglebiusotherwise unconfigured; no flags are associated 1831290001Sglebiuswith the default entry (i.e., everything besides your own 1832290001SglebiusNTP server is unrestricted). 1833290001Sglebius.PP 1834290001Sglebius.SH Automatic NTP Configuration Options 1835290001Sglebius.SS Manycasting 1836290001SglebiusManycasting is a automatic discovery and configuration paradigm 1837290001Sglebiusnew to NTPv4. 1838290001SglebiusIt is intended as a means for a multicast client 1839290001Sglebiusto troll the nearby network neighborhood to find cooperating 1840290001Sglebiusmanycast servers, validate them using cryptographic means 1841290001Sglebiusand evaluate their time values with respect to other servers 1842290001Sglebiusthat might be lurking in the vicinity. 1843290001SglebiusThe intended result is that each manycast client mobilizes 1844290001Sglebiusclient associations with some number of the "best" 1845290001Sglebiusof the nearby manycast servers, yet automatically reconfigures 1846290001Sglebiusto sustain this number of servers should one or another fail. 1847290001Sglebius.sp \n(Ppu 1848290001Sglebius.ne 2 1849290001Sglebius 1850290001SglebiusNote that the manycasting paradigm does not coincide 1851290001Sglebiuswith the anycast paradigm described in RFC-1546, 1852290001Sglebiuswhich is designed to find a single server from a clique 1853290001Sglebiusof servers providing the same service. 1854290001SglebiusThe manycast paradigm is designed to find a plurality 1855290001Sglebiusof redundant servers satisfying defined optimality criteria. 1856290001Sglebius.sp \n(Ppu 1857290001Sglebius.ne 2 1858290001Sglebius 1859290001SglebiusManycasting can be used with either symmetric key 1860290001Sglebiusor public key cryptography. 1861290001SglebiusThe public key infrastructure (PKI) 1862290001Sglebiusoffers the best protection against compromised keys 1863290001Sglebiusand is generally considered stronger, at least with relatively 1864290001Sglebiuslarge key sizes. 1865290001SglebiusIt is implemented using the Autokey protocol and 1866290001Sglebiusthe OpenSSL cryptographic library available from 1867290001Sglebius\f[C]http://www.openssl.org/\f[]. 1868290001SglebiusThe library can also be used with other NTPv4 modes 1869290001Sglebiusas well and is highly recommended, especially for broadcast modes. 1870290001Sglebius.sp \n(Ppu 1871290001Sglebius.ne 2 1872290001Sglebius 1873290001SglebiusA persistent manycast client association is configured 1874298770Sdelphijusing the 1875298770Sdelphij\f\*[B-Font]manycastclient\f[] 1876298770Sdelphijcommand, which is similar to the 1877298770Sdelphij\f\*[B-Font]server\f[] 1878298770Sdelphijcommand but with a multicast (IPv4 class 1879290001Sglebius\f\*[B-Font]D\f[] 1880290001Sglebiusor IPv6 prefix 1881290001Sglebius\f\*[B-Font]FF\f[]) 1882290001Sglebiusgroup address. 1883290001SglebiusThe IANA has designated IPv4 address 224.1.1.1 1884290001Sglebiusand IPv6 address FF05::101 (site local) for NTP. 1885290001SglebiusWhen more servers are needed, it broadcasts manycast 1886290001Sglebiusclient messages to this address at the minimum feasible rate 1887290001Sglebiusand minimum feasible time-to-live (TTL) hops, depending 1888290001Sglebiuson how many servers have already been found. 1889290001SglebiusThere can be as many manycast client associations 1890290001Sglebiusas different group address, each one serving as a template 1891290001Sglebiusfor a future ephemeral unicast client/server association. 1892290001Sglebius.sp \n(Ppu 1893290001Sglebius.ne 2 1894290001Sglebius 1895290001SglebiusManycast servers configured with the 1896290001Sglebius\f\*[B-Font]manycastserver\f[] 1897290001Sglebiuscommand listen on the specified group address for manycast 1898290001Sglebiusclient messages. 1899290001SglebiusNote the distinction between manycast client, 1900290001Sglebiuswhich actively broadcasts messages, and manycast server, 1901290001Sglebiuswhich passively responds to them. 1902290001SglebiusIf a manycast server is 1903290001Sglebiusin scope of the current TTL and is itself synchronized 1904290001Sglebiusto a valid source and operating at a stratum level equal 1905290001Sglebiusto or lower than the manycast client, it replies to the 1906290001Sglebiusmanycast client message with an ordinary unicast server message. 1907290001Sglebius.sp \n(Ppu 1908290001Sglebius.ne 2 1909290001Sglebius 1910290001SglebiusThe manycast client receiving this message mobilizes 1911290001Sglebiusan ephemeral client/server association according to the 1912290001Sglebiusmatching manycast client template, but only if cryptographically 1913290001Sglebiusauthenticated and the server stratum is less than or equal 1914290001Sglebiusto the client stratum. 1915290001SglebiusAuthentication is explicitly required 1916290001Sglebiusand either symmetric key or public key (Autokey) can be used. 1917290001SglebiusThen, the client polls the server at its unicast address 1918290001Sglebiusin burst mode in order to reliably set the host clock 1919290001Sglebiusand validate the source. 1920290001SglebiusThis normally results 1921290001Sglebiusin a volley of eight client/server at 2-s intervals 1922290001Sglebiusduring which both the synchronization and cryptographic 1923290001Sglebiusprotocols run concurrently. 1924290001SglebiusFollowing the volley, 1925290001Sglebiusthe client runs the NTP intersection and clustering 1926290001Sglebiusalgorithms, which act to discard all but the "best" 1927290001Sglebiusassociations according to stratum and synchronization 1928290001Sglebiusdistance. 1929290001SglebiusThe surviving associations then continue 1930290001Sglebiusin ordinary client/server mode. 1931290001Sglebius.sp \n(Ppu 1932290001Sglebius.ne 2 1933290001Sglebius 1934290001SglebiusThe manycast client polling strategy is designed to reduce 1935290001Sglebiusas much as possible the volume of manycast client messages 1936290001Sglebiusand the effects of implosion due to near-simultaneous 1937290001Sglebiusarrival of manycast server messages. 1938290001SglebiusThe strategy is determined by the 1939290001Sglebius\f\*[B-Font]manycastclient\f[], 1940290001Sglebius\f\*[B-Font]tos\f[] 1941290001Sglebiusand 1942290001Sglebius\f\*[B-Font]ttl\f[] 1943290001Sglebiusconfiguration commands. 1944290001SglebiusThe manycast poll interval is 1945290001Sglebiusnormally eight times the system poll interval, 1946290001Sglebiuswhich starts out at the 1947290001Sglebius\f\*[B-Font]minpoll\f[] 1948290001Sglebiusvalue specified in the 1949290001Sglebius\f\*[B-Font]manycastclient\f[], 1950290001Sglebiuscommand and, under normal circumstances, increments to the 1951290001Sglebius\f\*[B-Font]maxpolll\f[] 1952290001Sglebiusvalue specified in this command. 1953290001SglebiusInitially, the TTL is 1954298770Sdelphijset at the minimum hops specified by the 1955298770Sdelphij\f\*[B-Font]ttl\f[] 1956298770Sdelphijcommand. 1957290001SglebiusAt each retransmission the TTL is increased until reaching 1958290001Sglebiusthe maximum hops specified by this command or a sufficient 1959290001Sglebiusnumber client associations have been found. 1960290001SglebiusFurther retransmissions use the same TTL. 1961290001Sglebius.sp \n(Ppu 1962290001Sglebius.ne 2 1963290001Sglebius 1964290001SglebiusThe quality and reliability of the suite of associations 1965290001Sglebiusdiscovered by the manycast client is determined by the NTP 1966290001Sglebiusmitigation algorithms and the 1967290001Sglebius\f\*[B-Font]minclock\f[] 1968290001Sglebiusand 1969290001Sglebius\f\*[B-Font]minsane\f[] 1970290001Sglebiusvalues specified in the 1971290001Sglebius\f\*[B-Font]tos\f[] 1972290001Sglebiusconfiguration command. 1973290001SglebiusAt least 1974290001Sglebius\f\*[B-Font]minsane\f[] 1975290001Sglebiuscandidate servers must be available and the mitigation 1976290001Sglebiusalgorithms produce at least 1977290001Sglebius\f\*[B-Font]minclock\f[] 1978290001Sglebiussurvivors in order to synchronize the clock. 1979290001SglebiusByzantine agreement principles require at least four 1980290001Sglebiuscandidates in order to correctly discard a single falseticker. 1981290001SglebiusFor legacy purposes, 1982290001Sglebius\f\*[B-Font]minsane\f[] 1983290001Sglebiusdefaults to 1 and 1984290001Sglebius\f\*[B-Font]minclock\f[] 1985290001Sglebiusdefaults to 3. 1986290001SglebiusFor manycast service 1987290001Sglebius\f\*[B-Font]minsane\f[] 1988290001Sglebiusshould be explicitly set to 4, assuming at least that 1989290001Sglebiusnumber of servers are available. 1990290001Sglebius.sp \n(Ppu 1991290001Sglebius.ne 2 1992290001Sglebius 1993290001SglebiusIf at least 1994290001Sglebius\f\*[B-Font]minclock\f[] 1995290001Sglebiusservers are found, the manycast poll interval is immediately 1996290001Sglebiusset to eight times 1997290001Sglebius\f\*[B-Font]maxpoll\f[]. 1998290001SglebiusIf less than 1999290001Sglebius\f\*[B-Font]minclock\f[] 2000290001Sglebiusservers are found when the TTL has reached the maximum hops, 2001290001Sglebiusthe manycast poll interval is doubled. 2002290001SglebiusFor each transmission 2003290001Sglebiusafter that, the poll interval is doubled again until 2004290001Sglebiusreaching the maximum of eight times 2005290001Sglebius\f\*[B-Font]maxpoll\f[]. 2006290001SglebiusFurther transmissions use the same poll interval and 2007290001SglebiusTTL values. 2008290001SglebiusNote that while all this is going on, 2009290001Sglebiuseach client/server association found is operating normally 2010290001Sglebiusit the system poll interval. 2011290001Sglebius.sp \n(Ppu 2012290001Sglebius.ne 2 2013290001Sglebius 2014290001SglebiusAdministratively scoped multicast boundaries are normally 2015290001Sglebiusspecified by the network router configuration and, 2016290001Sglebiusin the case of IPv6, the link/site scope prefix. 2017290001SglebiusBy default, the increment for TTL hops is 32 starting 2018290001Sglebiusfrom 31; however, the 2019290001Sglebius\f\*[B-Font]ttl\f[] 2020290001Sglebiusconfiguration command can be 2021290001Sglebiusused to modify the values to match the scope rules. 2022290001Sglebius.sp \n(Ppu 2023290001Sglebius.ne 2 2024290001Sglebius 2025290001SglebiusIt is often useful to narrow the range of acceptable 2026290001Sglebiusservers which can be found by manycast client associations. 2027290001SglebiusBecause manycast servers respond only when the client 2028290001Sglebiusstratum is equal to or greater than the server stratum, 2029290001Sglebiusprimary (stratum 1) servers fill find only primary servers 2030290001Sglebiusin TTL range, which is probably the most common objective. 2031290001SglebiusHowever, unless configured otherwise, all manycast clients 2032290001Sglebiusin TTL range will eventually find all primary servers 2033290001Sglebiusin TTL range, which is probably not the most common 2034290001Sglebiusobjective in large networks. 2035290001SglebiusThe 2036290001Sglebius\f\*[B-Font]tos\f[] 2037290001Sglebiuscommand can be used to modify this behavior. 2038290001SglebiusServers with stratum below 2039290001Sglebius\f\*[B-Font]floor\f[] 2040290001Sglebiusor above 2041290001Sglebius\f\*[B-Font]ceiling\f[] 2042290001Sglebiusspecified in the 2043290001Sglebius\f\*[B-Font]tos\f[] 2044290001Sglebiuscommand are strongly discouraged during the selection 2045290001Sglebiusprocess; however, these servers may be temporally 2046290001Sglebiusaccepted if the number of servers within TTL range is 2047290001Sglebiusless than 2048290001Sglebius\f\*[B-Font]minclock\f[]. 2049290001Sglebius.sp \n(Ppu 2050290001Sglebius.ne 2 2051290001Sglebius 2052290001SglebiusThe above actions occur for each manycast client message, 2053290001Sglebiuswhich repeats at the designated poll interval. 2054290001SglebiusHowever, once the ephemeral client association is mobilized, 2055290001Sglebiussubsequent manycast server replies are discarded, 2056290001Sglebiussince that would result in a duplicate association. 2057290001SglebiusIf during a poll interval the number of client associations 2058290001Sglebiusfalls below 2059290001Sglebius\f\*[B-Font]minclock\f[], 2060290001Sglebiusall manycast client prototype associations are reset 2061290001Sglebiusto the initial poll interval and TTL hops and operation 2062290001Sglebiusresumes from the beginning. 2063290001SglebiusIt is important to avoid 2064290001Sglebiusfrequent manycast client messages, since each one requires 2065290001Sglebiusall manycast servers in TTL range to respond. 2066290001SglebiusThe result could well be an implosion, either minor or major, 2067290001Sglebiusdepending on the number of servers in range. 2068290001SglebiusThe recommended value for 2069290001Sglebius\f\*[B-Font]maxpoll\f[] 2070290001Sglebiusis 12 (4,096 s). 2071290001Sglebius.sp \n(Ppu 2072290001Sglebius.ne 2 2073290001Sglebius 2074290001SglebiusIt is possible and frequently useful to configure a host 2075290001Sglebiusas both manycast client and manycast server. 2076290001SglebiusA number of hosts configured this way and sharing a common 2077290001Sglebiusgroup address will automatically organize themselves 2078290001Sglebiusin an optimum configuration based on stratum and 2079290001Sglebiussynchronization distance. 2080290001SglebiusFor example, consider an NTP 2081290001Sglebiussubnet of two primary servers and a hundred or more 2082290001Sglebiusdependent clients. 2083290001SglebiusWith two exceptions, all servers 2084290001Sglebiusand clients have identical configuration files including both 2085290001Sglebius\f\*[B-Font]multicastclient\f[] 2086290001Sglebiusand 2087290001Sglebius\f\*[B-Font]multicastserver\f[] 2088290001Sglebiuscommands using, for instance, multicast group address 2089290001Sglebius239.1.1.1. 2090290001SglebiusThe only exception is that each primary server 2091290001Sglebiusconfiguration file must include commands for the primary 2092290001Sglebiusreference source such as a GPS receiver. 2093290001Sglebius.sp \n(Ppu 2094290001Sglebius.ne 2 2095290001Sglebius 2096290001SglebiusThe remaining configuration files for all secondary 2097290001Sglebiusservers and clients have the same contents, except for the 2098290001Sglebius\f\*[B-Font]tos\f[] 2099290001Sglebiuscommand, which is specific for each stratum level. 2100290001SglebiusFor stratum 1 and stratum 2 servers, that command is 2101290001Sglebiusnot necessary. 2102290001SglebiusFor stratum 3 and above servers the 2103290001Sglebius\f\*[B-Font]floor\f[] 2104290001Sglebiusvalue is set to the intended stratum number. 2105290001SglebiusThus, all stratum 3 configuration files are identical, 2106290001Sglebiusall stratum 4 files are identical and so forth. 2107290001Sglebius.sp \n(Ppu 2108290001Sglebius.ne 2 2109290001Sglebius 2110290001SglebiusOnce operations have stabilized in this scenario, 2111290001Sglebiusthe primary servers will find the primary reference source 2112290001Sglebiusand each other, since they both operate at the same 2113290001Sglebiusstratum (1), but not with any secondary server or client, 2114290001Sglebiussince these operate at a higher stratum. 2115290001SglebiusThe secondary 2116290001Sglebiusservers will find the servers at the same stratum level. 2117290001SglebiusIf one of the primary servers loses its GPS receiver, 2118290001Sglebiusit will continue to operate as a client and other clients 2119290001Sglebiuswill time out the corresponding association and 2120290001Sglebiusre-associate accordingly. 2121290001Sglebius.sp \n(Ppu 2122290001Sglebius.ne 2 2123290001Sglebius 2124290001SglebiusSome administrators prefer to avoid running 2125290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2126290001Sglebiuscontinuously and run either 2127290001Sglebius\fCsntp\f[]\fR(@SNTP_MS@)\f[] 2128290001Sglebiusor 2129290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2130290001Sglebius\f\*[B-Font]\-q\f[] 2131290001Sglebiusas a cron job. 2132290001SglebiusIn either case the servers must be 2133290001Sglebiusconfigured in advance and the program fails if none are 2134290001Sglebiusavailable when the cron job runs. 2135290001SglebiusA really slick 2136290001Sglebiusapplication of manycast is with 2137290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2138290001Sglebius\f\*[B-Font]\-q\f[]. 2139290001SglebiusThe program wakes up, scans the local landscape looking 2140290001Sglebiusfor the usual suspects, selects the best from among 2141290001Sglebiusthe rascals, sets the clock and then departs. 2142290001SglebiusServers do not have to be configured in advance and 2143290001Sglebiusall clients throughout the network can have the same 2144290001Sglebiusconfiguration file. 2145290001Sglebius.SS Manycast Interactions with Autokey 2146290001SglebiusEach time a manycast client sends a client mode packet 2147290001Sglebiusto a multicast group address, all manycast servers 2148290001Sglebiusin scope generate a reply including the host name 2149290001Sglebiusand status word. 2150290001SglebiusThe manycast clients then run 2151290001Sglebiusthe Autokey protocol, which collects and verifies 2152290001Sglebiusall certificates involved. 2153290001SglebiusFollowing the burst interval 2154290001Sglebiusall but three survivors are cast off, 2155290001Sglebiusbut the certificates remain in the local cache. 2156290001SglebiusIt often happens that several complete signing trails 2157290001Sglebiusfrom the client to the primary servers are collected in this way. 2158290001Sglebius.sp \n(Ppu 2159290001Sglebius.ne 2 2160290001Sglebius 2161290001SglebiusAbout once an hour or less often if the poll interval 2162290001Sglebiusexceeds this, the client regenerates the Autokey key list. 2163290001SglebiusThis is in general transparent in client/server mode. 2164290001SglebiusHowever, about once per day the server private value 2165290001Sglebiusused to generate cookies is refreshed along with all 2166290001Sglebiusmanycast client associations. 2167290001SglebiusIn this case all 2168290001Sglebiuscryptographic values including certificates is refreshed. 2169290001SglebiusIf a new certificate has been generated since 2170290001Sglebiusthe last refresh epoch, it will automatically revoke 2171290001Sglebiusall prior certificates that happen to be in the 2172290001Sglebiuscertificate cache. 2173290001SglebiusAt the same time, the manycast 2174290001Sglebiusscheme starts all over from the beginning and 2175290001Sglebiusthe expanding ring shrinks to the minimum and increments 2176290001Sglebiusfrom there while collecting all servers in scope. 2177310419Sdelphij.SS Broadcast Options 2178310419Sdelphij.TP 7 2179310419Sdelphij.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]bcpollbstep\f[] \f\*[I-Font]gate\f[]] 2180310419SdelphijThis command provides a way to delay, 2181310419Sdelphijby the specified number of broadcast poll intervals, 2182310419Sdelphijbelieving backward time steps from a broadcast server. 2183310419SdelphijBroadcast time networks are expected to be trusted. 2184310419SdelphijIn the event a broadcast server's time is stepped backwards, 2185310419Sdelphijthere is clear benefit to having the clients notice this change 2186310419Sdelphijas soon as possible. 2187310419SdelphijAttacks such as replay attacks can happen, however, 2188310419Sdelphijand even though there are a number of protections built in to 2189310419Sdelphijbroadcast mode, attempts to perform a replay attack are possible. 2190310419SdelphijThis value defaults to 0, but can be changed 2191310419Sdelphijto any number of poll intervals between 0 and 4. 2192290001Sglebius.SS Manycast Options 2193310419Sdelphij.RS 2194290001Sglebius.TP 7 2195290001Sglebius.NOP \f\*[B-Font]tos\f[] [\f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] | \f\*[B-Font]cohort\f[] { \f\*[B-Font]0\f[] | \f\*[B-Font]1\f[] } | \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] | \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] | \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[]] 2196290001SglebiusThis command affects the clock selection and clustering 2197290001Sglebiusalgorithms. 2198290001SglebiusIt can be used to select the quality and 2199290001Sglebiusquantity of peers used to synchronize the system clock 2200290001Sglebiusand is most useful in manycast mode. 2201290001SglebiusThe variables operate 2202290001Sglebiusas follows: 2203290001Sglebius.RS 2204290001Sglebius.TP 7 2205290001Sglebius.NOP \f\*[B-Font]ceiling\f[] \f\*[I-Font]ceiling\f[] 2206290001SglebiusPeers with strata above 2207290001Sglebius\f\*[B-Font]ceiling\f[] 2208290001Sglebiuswill be discarded if there are at least 2209290001Sglebius\f\*[B-Font]minclock\f[] 2210290001Sglebiuspeers remaining. 2211290001SglebiusThis value defaults to 15, but can be changed 2212290001Sglebiusto any number from 1 to 15. 2213290001Sglebius.TP 7 2214290001Sglebius.NOP \f\*[B-Font]cohort\f[] {0 | 1 } 2215290001SglebiusThis is a binary flag which enables (0) or disables (1) 2216290001Sglebiusmanycast server replies to manycast clients with the same 2217290001Sglebiusstratum level. 2218290001SglebiusThis is useful to reduce implosions where 2219290001Sglebiuslarge numbers of clients with the same stratum level 2220290001Sglebiusare present. 2221290001SglebiusThe default is to enable these replies. 2222290001Sglebius.TP 7 2223290001Sglebius.NOP \f\*[B-Font]floor\f[] \f\*[I-Font]floor\f[] 2224290001SglebiusPeers with strata below 2225290001Sglebius\f\*[B-Font]floor\f[] 2226290001Sglebiuswill be discarded if there are at least 2227290001Sglebius\f\*[B-Font]minclock\f[] 2228290001Sglebiuspeers remaining. 2229290001SglebiusThis value defaults to 1, but can be changed 2230290001Sglebiusto any number from 1 to 15. 2231290001Sglebius.TP 7 2232290001Sglebius.NOP \f\*[B-Font]minclock\f[] \f\*[I-Font]minclock\f[] 2233290001SglebiusThe clustering algorithm repeatedly casts out outlier 2234290001Sglebiusassociations until no more than 2235290001Sglebius\f\*[B-Font]minclock\f[] 2236290001Sglebiusassociations remain. 2237290001SglebiusThis value defaults to 3, 2238290001Sglebiusbut can be changed to any number from 1 to the number of 2239290001Sglebiusconfigured sources. 2240290001Sglebius.TP 7 2241290001Sglebius.NOP \f\*[B-Font]minsane\f[] \f\*[I-Font]minsane\f[] 2242290001SglebiusThis is the minimum number of candidates available 2243290001Sglebiusto the clock selection algorithm in order to produce 2244290001Sglebiusone or more truechimers for the clustering algorithm. 2245290001SglebiusIf fewer than this number are available, the clock is 2246290001Sglebiusundisciplined and allowed to run free. 2247290001SglebiusThe default is 1 2248290001Sglebiusfor legacy purposes. 2249290001SglebiusHowever, according to principles of 2250290001SglebiusByzantine agreement, 2251290001Sglebius\f\*[B-Font]minsane\f[] 2252290001Sglebiusshould be at least 4 in order to detect and discard 2253290001Sglebiusa single falseticker. 2254290001Sglebius.RE 2255290001Sglebius.TP 7 2256290001Sglebius.NOP \f\*[B-Font]ttl\f[] \f\*[I-Font]hop\f[] \f\*[I-Font]...\f[] 2257290001SglebiusThis command specifies a list of TTL values in increasing 2258290001Sglebiusorder, up to 8 values can be specified. 2259290001SglebiusIn manycast mode these values are used in turn 2260290001Sglebiusin an expanding-ring search. 2261290001SglebiusThe default is eight 2262290001Sglebiusmultiples of 32 starting at 31. 2263310419Sdelphij.RE 2264290001Sglebius.SH Reference Clock Support 2265290001SglebiusThe NTP Version 4 daemon supports some three dozen different radio, 2266290001Sglebiussatellite and modem reference clocks plus a special pseudo-clock 2267290001Sglebiusused for backup or when no other clock source is available. 2268290001SglebiusDetailed descriptions of individual device drivers and options can 2269290001Sglebiusbe found in the 2270290001Sglebius"Reference Clock Drivers" 2271290001Sglebiuspage 2272290001Sglebius(available as part of the HTML documentation 2273290001Sglebiusprovided in 2274290001Sglebius\fI/usr/share/doc/ntp\f[]). 2275290001SglebiusAdditional information can be found in the pages linked 2276290001Sglebiusthere, including the 2277290001Sglebius"Debugging Hints for Reference Clock Drivers" 2278290001Sglebiusand 2279290001Sglebius"How To Write a Reference Clock Driver" 2280290001Sglebiuspages 2281290001Sglebius(available as part of the HTML documentation 2282290001Sglebiusprovided in 2283290001Sglebius\fI/usr/share/doc/ntp\f[]). 2284290001SglebiusIn addition, support for a PPS 2285290001Sglebiussignal is available as described in the 2286290001Sglebius"Pulse-per-second (PPS) Signal Interfacing" 2287290001Sglebiuspage 2288290001Sglebius(available as part of the HTML documentation 2289290001Sglebiusprovided in 2290290001Sglebius\fI/usr/share/doc/ntp\f[]). 2291290001SglebiusMany 2292290001Sglebiusdrivers support special line discipline/streams modules which can 2293290001Sglebiussignificantly improve the accuracy using the driver. 2294290001SglebiusThese are 2295290001Sglebiusdescribed in the 2296290001Sglebius"Line Disciplines and Streams Drivers" 2297290001Sglebiuspage 2298290001Sglebius(available as part of the HTML documentation 2299290001Sglebiusprovided in 2300290001Sglebius\fI/usr/share/doc/ntp\f[]). 2301290001Sglebius.sp \n(Ppu 2302290001Sglebius.ne 2 2303290001Sglebius 2304290001SglebiusA reference clock will generally (though not always) be a radio 2305290001Sglebiustimecode receiver which is synchronized to a source of standard 2306290001Sglebiustime such as the services offered by the NRC in Canada and NIST and 2307290001SglebiusUSNO in the US. 2308290001SglebiusThe interface between the computer and the timecode 2309290001Sglebiusreceiver is device dependent, but is usually a serial port. 2310290001SglebiusA 2311290001Sglebiusdevice driver specific to each reference clock must be selected and 2312290001Sglebiuscompiled in the distribution; however, most common radio, satellite 2313290001Sglebiusand modem clocks are included by default. 2314290001SglebiusNote that an attempt to 2315290001Sglebiusconfigure a reference clock when the driver has not been compiled 2316290001Sglebiusor the hardware port has not been appropriately configured results 2317290001Sglebiusin a scalding remark to the system log file, but is otherwise non 2318290001Sglebiushazardous. 2319290001Sglebius.sp \n(Ppu 2320290001Sglebius.ne 2 2321290001Sglebius 2322290001SglebiusFor the purposes of configuration, 2323290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2324290001Sglebiustreats 2325290001Sglebiusreference clocks in a manner analogous to normal NTP peers as much 2326290001Sglebiusas possible. 2327290001SglebiusReference clocks are identified by a syntactically 2328290001Sglebiuscorrect but invalid IP address, in order to distinguish them from 2329290001Sglebiusnormal NTP peers. 2330290001SglebiusReference clock addresses are of the form 2331290001Sglebius\f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[], 2332290001Sglebiuswhere 2333290001Sglebius\f\*[I-Font]t\f[] 2334290001Sglebiusis an integer 2335290001Sglebiusdenoting the clock type and 2336290001Sglebius\f\*[I-Font]u\f[] 2337290001Sglebiusindicates the unit 2338290001Sglebiusnumber in the range 0-3. 2339290001SglebiusWhile it may seem overkill, it is in fact 2340290001Sglebiussometimes useful to configure multiple reference clocks of the same 2341290001Sglebiustype, in which case the unit numbers must be unique. 2342290001Sglebius.sp \n(Ppu 2343290001Sglebius.ne 2 2344290001Sglebius 2345290001SglebiusThe 2346290001Sglebius\f\*[B-Font]server\f[] 2347290001Sglebiuscommand is used to configure a reference 2348290001Sglebiusclock, where the 2349290001Sglebius\f\*[I-Font]address\f[] 2350290001Sglebiusargument in that command 2351290001Sglebiusis the clock address. 2352290001SglebiusThe 2353290001Sglebius\f\*[B-Font]key\f[], 2354290001Sglebius\f\*[B-Font]version\f[] 2355290001Sglebiusand 2356290001Sglebius\f\*[B-Font]ttl\f[] 2357290001Sglebiusoptions are not used for reference clock support. 2358290001SglebiusThe 2359290001Sglebius\f\*[B-Font]mode\f[] 2360290001Sglebiusoption is added for reference clock support, as 2361290001Sglebiusdescribed below. 2362290001SglebiusThe 2363290001Sglebius\f\*[B-Font]prefer\f[] 2364290001Sglebiusoption can be useful to 2365290001Sglebiuspersuade the server to cherish a reference clock with somewhat more 2366290001Sglebiusenthusiasm than other reference clocks or peers. 2367290001SglebiusFurther 2368290001Sglebiusinformation on this option can be found in the 2369290001Sglebius"Mitigation Rules and the prefer Keyword" 2370290001Sglebius(available as part of the HTML documentation 2371290001Sglebiusprovided in 2372290001Sglebius\fI/usr/share/doc/ntp\f[]) 2373290001Sglebiuspage. 2374290001SglebiusThe 2375290001Sglebius\f\*[B-Font]minpoll\f[] 2376290001Sglebiusand 2377290001Sglebius\f\*[B-Font]maxpoll\f[] 2378290001Sglebiusoptions have 2379290001Sglebiusmeaning only for selected clock drivers. 2380290001SglebiusSee the individual clock 2381290001Sglebiusdriver document pages for additional information. 2382290001Sglebius.sp \n(Ppu 2383290001Sglebius.ne 2 2384290001Sglebius 2385290001SglebiusThe 2386290001Sglebius\f\*[B-Font]fudge\f[] 2387290001Sglebiuscommand is used to provide additional 2388290001Sglebiusinformation for individual clock drivers and normally follows 2389290001Sglebiusimmediately after the 2390290001Sglebius\f\*[B-Font]server\f[] 2391290001Sglebiuscommand. 2392290001SglebiusThe 2393290001Sglebius\f\*[I-Font]address\f[] 2394290001Sglebiusargument specifies the clock address. 2395290001SglebiusThe 2396290001Sglebius\f\*[B-Font]refid\f[] 2397290001Sglebiusand 2398290001Sglebius\f\*[B-Font]stratum\f[] 2399290001Sglebiusoptions can be used to 2400290001Sglebiusoverride the defaults for the device. 2401290001SglebiusThere are two optional 2402290001Sglebiusdevice-dependent time offsets and four flags that can be included 2403290001Sglebiusin the 2404290001Sglebius\f\*[B-Font]fudge\f[] 2405290001Sglebiuscommand as well. 2406290001Sglebius.sp \n(Ppu 2407290001Sglebius.ne 2 2408290001Sglebius 2409290001SglebiusThe stratum number of a reference clock is by default zero. 2410290001SglebiusSince the 2411290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2412290001Sglebiusdaemon adds one to the stratum of each 2413290001Sglebiuspeer, a primary server ordinarily displays an external stratum of 2414290001Sglebiusone. 2415290001SglebiusIn order to provide engineered backups, it is often useful to 2416290001Sglebiusspecify the reference clock stratum as greater than zero. 2417290001SglebiusThe 2418290001Sglebius\f\*[B-Font]stratum\f[] 2419290001Sglebiusoption is used for this purpose. 2420290001SglebiusAlso, in cases 2421290001Sglebiusinvolving both a reference clock and a pulse-per-second (PPS) 2422290001Sglebiusdiscipline signal, it is useful to specify the reference clock 2423290001Sglebiusidentifier as other than the default, depending on the driver. 2424290001SglebiusThe 2425290001Sglebius\f\*[B-Font]refid\f[] 2426290001Sglebiusoption is used for this purpose. 2427290001SglebiusExcept where noted, 2428290001Sglebiusthese options apply to all clock drivers. 2429290001Sglebius.SS Reference Clock Commands 2430310419Sdelphij.RS 2431290001Sglebius.TP 7 2432290001Sglebius.NOP \f\*[B-Font]server\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]prefer\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[]] 2433290001SglebiusThis command can be used to configure reference clocks in 2434290001Sglebiusspecial ways. 2435290001SglebiusThe options are interpreted as follows: 2436290001Sglebius.RS 2437290001Sglebius.TP 7 2438290001Sglebius.NOP \f\*[B-Font]prefer\f[] 2439290001SglebiusMarks the reference clock as preferred. 2440290001SglebiusAll other things being 2441290001Sglebiusequal, this host will be chosen for synchronization among a set of 2442290001Sglebiuscorrectly operating hosts. 2443290001SglebiusSee the 2444290001Sglebius"Mitigation Rules and the prefer Keyword" 2445290001Sglebiuspage 2446290001Sglebius(available as part of the HTML documentation 2447290001Sglebiusprovided in 2448290001Sglebius\fI/usr/share/doc/ntp\f[]) 2449290001Sglebiusfor further information. 2450290001Sglebius.TP 7 2451290001Sglebius.NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[] 2452290001SglebiusSpecifies a mode number which is interpreted in a 2453290001Sglebiusdevice-specific fashion. 2454290001SglebiusFor instance, it selects a dialing 2455290001Sglebiusprotocol in the ACTS driver and a device subtype in the 2456290001Sglebiusparse 2457290001Sglebiusdrivers. 2458290001Sglebius.TP 7 2459290001Sglebius.NOP \f\*[B-Font]minpoll\f[] \f\*[I-Font]int\f[] 2460290001Sglebius.TP 7 2461290001Sglebius.NOP \f\*[B-Font]maxpoll\f[] \f\*[I-Font]int\f[] 2462290001SglebiusThese options specify the minimum and maximum polling interval 2463290001Sglebiusfor reference clock messages, as a power of 2 in seconds 2464290001SglebiusFor 2465290001Sglebiusmost directly connected reference clocks, both 2466290001Sglebius\f\*[B-Font]minpoll\f[] 2467290001Sglebiusand 2468290001Sglebius\f\*[B-Font]maxpoll\f[] 2469290001Sglebiusdefault to 6 (64 s). 2470290001SglebiusFor modem reference clocks, 2471290001Sglebius\f\*[B-Font]minpoll\f[] 2472290001Sglebiusdefaults to 10 (17.1 m) and 2473290001Sglebius\f\*[B-Font]maxpoll\f[] 2474290001Sglebiusdefaults to 14 (4.5 h). 2475290001SglebiusThe allowable range is 4 (16 s) to 17 (36.4 h) inclusive. 2476290001Sglebius.RE 2477290001Sglebius.TP 7 2478290001Sglebius.NOP \f\*[B-Font]fudge\f[] \f[C]127.127.\f[]\f\*[I-Font]t\f[].\f\*[I-Font]u\f[] [\f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]time2\f[] \f\*[I-Font]sec\f[]] [\f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]refid\f[] \f\*[I-Font]string\f[]] [\f\*[B-Font]mode\f[] \f\*[I-Font]int\f[]] [\f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] [\f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[]] 2479290001SglebiusThis command can be used to configure reference clocks in 2480290001Sglebiusspecial ways. 2481290001SglebiusIt must immediately follow the 2482290001Sglebius\f\*[B-Font]server\f[] 2483290001Sglebiuscommand which configures the driver. 2484290001SglebiusNote that the same capability 2485290001Sglebiusis possible at run time using the 2486290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2487290001Sglebiusprogram. 2488290001SglebiusThe options are interpreted as 2489290001Sglebiusfollows: 2490290001Sglebius.RS 2491290001Sglebius.TP 7 2492290001Sglebius.NOP \f\*[B-Font]time1\f[] \f\*[I-Font]sec\f[] 2493290001SglebiusSpecifies a constant to be added to the time offset produced by 2494290001Sglebiusthe driver, a fixed-point decimal number in seconds. 2495290001SglebiusThis is used 2496290001Sglebiusas a calibration constant to adjust the nominal time offset of a 2497290001Sglebiusparticular clock to agree with an external standard, such as a 2498290001Sglebiusprecision PPS signal. 2499290001SglebiusIt also provides a way to correct a 2500290001Sglebiussystematic error or bias due to serial port or operating system 2501290001Sglebiuslatencies, different cable lengths or receiver internal delay. 2502290001SglebiusThe 2503290001Sglebiusspecified offset is in addition to the propagation delay provided 2504290001Sglebiusby other means, such as internal DIPswitches. 2505290001SglebiusWhere a calibration 2506290001Sglebiusfor an individual system and driver is available, an approximate 2507290001Sglebiuscorrection is noted in the driver documentation pages. 2508290001SglebiusNote: in order to facilitate calibration when more than one 2509290001Sglebiusradio clock or PPS signal is supported, a special calibration 2510290001Sglebiusfeature is available. 2511290001SglebiusIt takes the form of an argument to the 2512290001Sglebius\f\*[B-Font]enable\f[] 2513290001Sglebiuscommand described in 2514290001Sglebius\fIMiscellaneous\f[] \fIOptions\f[] 2515290001Sglebiuspage and operates as described in the 2516290001Sglebius"Reference Clock Drivers" 2517290001Sglebiuspage 2518290001Sglebius(available as part of the HTML documentation 2519290001Sglebiusprovided in 2520290001Sglebius\fI/usr/share/doc/ntp\f[]). 2521290001Sglebius.TP 7 2522290001Sglebius.NOP \f\*[B-Font]time2\f[] \f\*[I-Font]secs\f[] 2523290001SglebiusSpecifies a fixed-point decimal number in seconds, which is 2524290001Sglebiusinterpreted in a driver-dependent way. 2525290001SglebiusSee the descriptions of 2526290001Sglebiusspecific drivers in the 2527290001Sglebius"Reference Clock Drivers" 2528290001Sglebiuspage 2529290001Sglebius(available as part of the HTML documentation 2530290001Sglebiusprovided in 2531290001Sglebius\fI/usr/share/doc/ntp\f[]). 2532290001Sglebius.TP 7 2533290001Sglebius.NOP \f\*[B-Font]stratum\f[] \f\*[I-Font]int\f[] 2534290001SglebiusSpecifies the stratum number assigned to the driver, an integer 2535290001Sglebiusbetween 0 and 15. 2536290001SglebiusThis number overrides the default stratum number 2537290001Sglebiusordinarily assigned by the driver itself, usually zero. 2538290001Sglebius.TP 7 2539290001Sglebius.NOP \f\*[B-Font]refid\f[] \f\*[I-Font]string\f[] 2540290001SglebiusSpecifies an ASCII string of from one to four characters which 2541290001Sglebiusdefines the reference identifier used by the driver. 2542290001SglebiusThis string 2543290001Sglebiusoverrides the default identifier ordinarily assigned by the driver 2544290001Sglebiusitself. 2545290001Sglebius.TP 7 2546290001Sglebius.NOP \f\*[B-Font]mode\f[] \f\*[I-Font]int\f[] 2547290001SglebiusSpecifies a mode number which is interpreted in a 2548290001Sglebiusdevice-specific fashion. 2549290001SglebiusFor instance, it selects a dialing 2550290001Sglebiusprotocol in the ACTS driver and a device subtype in the 2551290001Sglebiusparse 2552290001Sglebiusdrivers. 2553290001Sglebius.TP 7 2554290001Sglebius.NOP \f\*[B-Font]flag1\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[] 2555290001Sglebius.TP 7 2556290001Sglebius.NOP \f\*[B-Font]flag2\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[] 2557290001Sglebius.TP 7 2558290001Sglebius.NOP \f\*[B-Font]flag3\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[] 2559290001Sglebius.TP 7 2560290001Sglebius.NOP \f\*[B-Font]flag4\f[] \f\*[B-Font]0\f[] \f\*[B-Font]\&|\f[] \f\*[B-Font]1\f[] 2561290001SglebiusThese four flags are used for customizing the clock driver. 2562290001SglebiusThe 2563290001Sglebiusinterpretation of these values, and whether they are used at all, 2564290001Sglebiusis a function of the particular clock driver. 2565290001SglebiusHowever, by 2566290001Sglebiusconvention 2567290001Sglebius\f\*[B-Font]flag4\f[] 2568290001Sglebiusis used to enable recording monitoring 2569290001Sglebiusdata to the 2570290001Sglebius\f\*[B-Font]clockstats\f[] 2571290001Sglebiusfile configured with the 2572290001Sglebius\f\*[B-Font]filegen\f[] 2573290001Sglebiuscommand. 2574290001SglebiusFurther information on the 2575290001Sglebius\f\*[B-Font]filegen\f[] 2576290001Sglebiuscommand can be found in 2577290001Sglebius\fIMonitoring\f[] \fIOptions\f[]. 2578290001Sglebius.RE 2579310419Sdelphij.RE 2580290001Sglebius.SH Miscellaneous Options 2581310419Sdelphij.RS 2582290001Sglebius.TP 7 2583290001Sglebius.NOP \f\*[B-Font]broadcastdelay\f[] \f\*[I-Font]seconds\f[] 2584290001SglebiusThe broadcast and multicast modes require a special calibration 2585290001Sglebiusto determine the network delay between the local and remote 2586290001Sglebiusservers. 2587290001SglebiusOrdinarily, this is done automatically by the initial 2588290001Sglebiusprotocol exchanges between the client and server. 2589290001SglebiusIn some cases, 2590290001Sglebiusthe calibration procedure may fail due to network or server access 2591290001Sglebiuscontrols, for example. 2592290001SglebiusThis command specifies the default delay to 2593290001Sglebiusbe used under these circumstances. 2594290001SglebiusTypically (for Ethernet), a 2595290001Sglebiusnumber between 0.003 and 0.007 seconds is appropriate. 2596290001SglebiusThe default 2597290001Sglebiuswhen this command is not used is 0.004 seconds. 2598290001Sglebius.TP 7 2599290001Sglebius.NOP \f\*[B-Font]calldelay\f[] \f\*[I-Font]delay\f[] 2600290001SglebiusThis option controls the delay in seconds between the first and second 2601290001Sglebiuspackets sent in burst or iburst mode to allow additional time for a modem 2602290001Sglebiusor ISDN call to complete. 2603290001Sglebius.TP 7 2604290001Sglebius.NOP \f\*[B-Font]driftfile\f[] \f\*[I-Font]driftfile\f[] 2605290001SglebiusThis command specifies the complete path and name of the file used to 2606290001Sglebiusrecord the frequency of the local clock oscillator. 2607290001SglebiusThis is the same 2608290001Sglebiusoperation as the 2609290001Sglebius\f\*[B-Font]\-f\f[] 2610290001Sglebiuscommand line option. 2611290001SglebiusIf the file exists, it is read at 2612290001Sglebiusstartup in order to set the initial frequency and then updated once per 2613290001Sglebiushour with the current frequency computed by the daemon. 2614290001SglebiusIf the file name is 2615290001Sglebiusspecified, but the file itself does not exist, the starts with an initial 2616290001Sglebiusfrequency of zero and creates the file when writing it for the first time. 2617290001SglebiusIf this command is not given, the daemon will always start with an initial 2618290001Sglebiusfrequency of zero. 2619290001Sglebius.sp \n(Ppu 2620290001Sglebius.ne 2 2621290001Sglebius 2622290001SglebiusThe file format consists of a single line containing a single 2623290001Sglebiusfloating point number, which records the frequency offset measured 2624290001Sglebiusin parts-per-million (PPM). 2625290001SglebiusThe file is updated by first writing 2626290001Sglebiusthe current drift value into a temporary file and then renaming 2627290001Sglebiusthis file to replace the old version. 2628290001SglebiusThis implies that 2629290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2630290001Sglebiusmust have write permission for the directory the 2631290001Sglebiusdrift file is located in, and that file system links, symbolic or 2632290001Sglebiusotherwise, should be avoided. 2633290001Sglebius.TP 7 2634290001Sglebius.NOP \f\*[B-Font]dscp\f[] \f\*[I-Font]value\f[] 2635290001SglebiusThis option specifies the Differentiated Services Control Point (DSCP) value, 2636298770Sdelphija 6-bit code. 2637298770SdelphijThe default value is 46, signifying Expedited Forwarding. 2638290001Sglebius.TP 7 2639301301Sdelphij.NOP \f\*[B-Font]enable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]peer_clear_digest_early\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] 2640290001Sglebius.TP 7 2641301301Sdelphij.NOP \f\*[B-Font]disable\f[] [\f\*[B-Font]auth\f[] | \f\*[B-Font]bclient\f[] | \f\*[B-Font]calibrate\f[] | \f\*[B-Font]kernel\f[] | \f\*[B-Font]mode7\f[] | \f\*[B-Font]monitor\f[] | \f\*[B-Font]ntp\f[] | \f\*[B-Font]stats\f[] | \f\*[B-Font]peer_clear_digest_early\f[] | \f\*[B-Font]unpeer_crypto_early\f[] | \f\*[B-Font]unpeer_crypto_nak_early\f[] | \f\*[B-Font]unpeer_digest_early\f[]] 2642290001SglebiusProvides a way to enable or disable various server options. 2643290001SglebiusFlags not mentioned are unaffected. 2644290001SglebiusNote that all of these flags 2645290001Sglebiuscan be controlled remotely using the 2646290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2647290001Sglebiusutility program. 2648290001Sglebius.RS 2649290001Sglebius.TP 7 2650290001Sglebius.NOP \f\*[B-Font]auth\f[] 2651290001SglebiusEnables the server to synchronize with unconfigured peers only if the 2652290001Sglebiuspeer has been correctly authenticated using either public key or 2653290001Sglebiusprivate key cryptography. 2654290001SglebiusThe default for this flag is 2655290001Sglebius\f\*[B-Font]enable\f[]. 2656290001Sglebius.TP 7 2657290001Sglebius.NOP \f\*[B-Font]bclient\f[] 2658290001SglebiusEnables the server to listen for a message from a broadcast or 2659290001Sglebiusmulticast server, as in the 2660290001Sglebius\f\*[B-Font]multicastclient\f[] 2661290001Sglebiuscommand with default 2662290001Sglebiusaddress. 2663290001SglebiusThe default for this flag is 2664290001Sglebius\f\*[B-Font]disable\f[]. 2665290001Sglebius.TP 7 2666290001Sglebius.NOP \f\*[B-Font]calibrate\f[] 2667290001SglebiusEnables the calibrate feature for reference clocks. 2668290001SglebiusThe default for 2669290001Sglebiusthis flag is 2670290001Sglebius\f\*[B-Font]disable\f[]. 2671290001Sglebius.TP 7 2672290001Sglebius.NOP \f\*[B-Font]kernel\f[] 2673290001SglebiusEnables the kernel time discipline, if available. 2674290001SglebiusThe default for this 2675290001Sglebiusflag is 2676290001Sglebius\f\*[B-Font]enable\f[] 2677290001Sglebiusif support is available, otherwise 2678290001Sglebius\f\*[B-Font]disable\f[]. 2679290001Sglebius.TP 7 2680290001Sglebius.NOP \f\*[B-Font]mode7\f[] 2681290001SglebiusEnables processing of NTP mode 7 implementation-specific requests 2682290001Sglebiuswhich are used by the deprecated 2683290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2684290001Sglebiusprogram. 2685290001SglebiusThe default for this flag is disable. 2686290001SglebiusThis flag is excluded from runtime configuration using 2687290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[]. 2688290001SglebiusThe 2689290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 2690290001Sglebiusprogram provides the same capabilities as 2691290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2692290001Sglebiususing standard mode 6 requests. 2693290001Sglebius.TP 7 2694290001Sglebius.NOP \f\*[B-Font]monitor\f[] 2695290001SglebiusEnables the monitoring facility. 2696290001SglebiusSee the 2697290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[] 2698290001Sglebiusprogram 2699290001Sglebiusand the 2700290001Sglebius\f\*[B-Font]monlist\f[] 2701290001Sglebiuscommand or further information. 2702290001SglebiusThe 2703290001Sglebiusdefault for this flag is 2704290001Sglebius\f\*[B-Font]enable\f[]. 2705290001Sglebius.TP 7 2706290001Sglebius.NOP \f\*[B-Font]ntp\f[] 2707290001SglebiusEnables time and frequency discipline. 2708290001SglebiusIn effect, this switch opens and 2709290001Sglebiuscloses the feedback loop, which is useful for testing. 2710290001SglebiusThe default for 2711290001Sglebiusthis flag is 2712290001Sglebius\f\*[B-Font]enable\f[]. 2713290001Sglebius.TP 7 2714301301Sdelphij.NOP \f\*[B-Font]peer_clear_digest_early\f[] 2715301301SdelphijBy default, if 2716301301Sdelphij\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2717301301Sdelphijis using autokey and it 2718301301Sdelphijreceives a crypto-NAK packet that 2719301301Sdelphijpasses the duplicate packet and origin timestamp checks 2720301301Sdelphijthe peer variables are immediately cleared. 2721301301SdelphijWhile this is generally a feature 2722301301Sdelphijas it allows for quick recovery if a server key has changed, 2723301301Sdelphija properly forged and appropriately delivered crypto-NAK packet 2724301301Sdelphijcan be used in a DoS attack. 2725301301SdelphijIf you have active noticable problems with this type of DoS attack 2726301301Sdelphijthen you should consider 2727301301Sdelphijdisabling this option. 2728301301SdelphijYou can check your 2729301301Sdelphij\f\*[B-Font]peerstats\f[] 2730301301Sdelphijfile for evidence of any of these attacks. 2731301301SdelphijThe 2732301301Sdelphijdefault for this flag is 2733301301Sdelphij\f\*[B-Font]enable\f[]. 2734301301Sdelphij.TP 7 2735290001Sglebius.NOP \f\*[B-Font]stats\f[] 2736290001SglebiusEnables the statistics facility. 2737290001SglebiusSee the 2738290001Sglebius\fIMonitoring\f[] \fIOptions\f[] 2739290001Sglebiussection for further information. 2740290001SglebiusThe default for this flag is 2741290001Sglebius\f\*[B-Font]disable\f[]. 2742294905Sdelphij.TP 7 2743294905Sdelphij.NOP \f\*[B-Font]unpeer_crypto_early\f[] 2744294905SdelphijBy default, if 2745294905Sdelphij\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2746294905Sdelphijreceives an autokey packet that fails TEST9, 2747294905Sdelphija crypto failure, 2748294905Sdelphijthe association is immediately cleared. 2749294905SdelphijThis is almost certainly a feature, 2750294905Sdelphijbut if, in spite of the current recommendation of not using autokey, 2751294905Sdelphijyou are 2752294905Sdelphij.B still 2753294905Sdelphijusing autokey 2754294905Sdelphij.B and 2755294905Sdelphijyou are seeing this sort of DoS attack 2756294905Sdelphijdisabling this flag will delay 2757294905Sdelphijtearing down the association until the reachability counter 2758294905Sdelphijbecomes zero. 2759294905SdelphijYou can check your 2760294905Sdelphij\f\*[B-Font]peerstats\f[] 2761294905Sdelphijfile for evidence of any of these attacks. 2762294905SdelphijThe 2763294905Sdelphijdefault for this flag is 2764294905Sdelphij\f\*[B-Font]enable\f[]. 2765294905Sdelphij.TP 7 2766294905Sdelphij.NOP \f\*[B-Font]unpeer_crypto_nak_early\f[] 2767294905SdelphijBy default, if 2768294905Sdelphij\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2769294905Sdelphijreceives a crypto-NAK packet that 2770294905Sdelphijpasses the duplicate packet and origin timestamp checks 2771294905Sdelphijthe association is immediately cleared. 2772294905SdelphijWhile this is generally a feature 2773294905Sdelphijas it allows for quick recovery if a server key has changed, 2774294905Sdelphija properly forged and appropriately delivered crypto-NAK packet 2775294905Sdelphijcan be used in a DoS attack. 2776294905SdelphijIf you have active noticable problems with this type of DoS attack 2777294905Sdelphijthen you should consider 2778294905Sdelphijdisabling this option. 2779294905SdelphijYou can check your 2780294905Sdelphij\f\*[B-Font]peerstats\f[] 2781294905Sdelphijfile for evidence of any of these attacks. 2782294905SdelphijThe 2783294905Sdelphijdefault for this flag is 2784294905Sdelphij\f\*[B-Font]enable\f[]. 2785294905Sdelphij.TP 7 2786294905Sdelphij.NOP \f\*[B-Font]unpeer_digest_early\f[] 2787294905SdelphijBy default, if 2788294905Sdelphij\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2789294905Sdelphijreceives what should be an authenticated packet 2790294905Sdelphijthat passes other packet sanity checks but 2791294905Sdelphijcontains an invalid digest 2792294905Sdelphijthe association is immediately cleared. 2793294905SdelphijWhile this is generally a feature 2794294905Sdelphijas it allows for quick recovery, 2795294905Sdelphijif this type of packet is carefully forged and sent 2796294905Sdelphijduring an appropriate window it can be used for a DoS attack. 2797294905SdelphijIf you have active noticable problems with this type of DoS attack 2798294905Sdelphijthen you should consider 2799294905Sdelphijdisabling this option. 2800294905SdelphijYou can check your 2801294905Sdelphij\f\*[B-Font]peerstats\f[] 2802294905Sdelphijfile for evidence of any of these attacks. 2803294905SdelphijThe 2804294905Sdelphijdefault for this flag is 2805294905Sdelphij\f\*[B-Font]enable\f[]. 2806290001Sglebius.RE 2807290001Sglebius.TP 7 2808290001Sglebius.NOP \f\*[B-Font]includefile\f[] \f\*[I-Font]includefile\f[] 2809290001SglebiusThis command allows additional configuration commands 2810290001Sglebiusto be included from a separate file. 2811290001SglebiusInclude files may 2812290001Sglebiusbe nested to a depth of five; upon reaching the end of any 2813290001Sglebiusinclude file, command processing resumes in the previous 2814290001Sglebiusconfiguration file. 2815290001SglebiusThis option is useful for sites that run 2816290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2817290001Sglebiuson multiple hosts, with (mostly) common options (e.g., a 2818290001Sglebiusrestriction list). 2819290001Sglebius.TP 7 2820290001Sglebius.NOP \f\*[B-Font]leapsmearinterval\f[] \f\*[I-Font]seconds\f[] 2821290001SglebiusThis EXPERIMENTAL option is only available if 2822290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2823290001Sglebiuswas built with the 2824290001Sglebius\f\*[B-Font]\--enable-leap-smear\f[] 2825290001Sglebiusoption to the 2826290001Sglebius\f\*[B-Font]configure\f[] 2827290001Sglebiusscript. 2828290001SglebiusIt specifies the interval over which a leap second correction will be applied. 2829290001SglebiusRecommended values for this option are between 2830290001Sglebius7200 (2 hours) and 86400 (24 hours). 2831290001Sglebius.Sy DO NOT USE THIS OPTION ON PUBLIC-ACCESS SERVERS! 2832290001SglebiusSee http://bugs.ntp.org/2855 for more information. 2833290001Sglebius.TP 7 2834290001Sglebius.NOP \f\*[B-Font]logconfig\f[] \f\*[I-Font]configkeyword\f[] 2835290001SglebiusThis command controls the amount and type of output written to 2836290001Sglebiusthe system 2837290001Sglebius\fCsyslog\f[]\fR(3)\f[] 2838290001Sglebiusfacility or the alternate 2839290001Sglebius\f\*[B-Font]logfile\f[] 2840290001Sglebiuslog file. 2841290001SglebiusBy default, all output is turned on. 2842290001SglebiusAll 2843290001Sglebius\f\*[I-Font]configkeyword\f[] 2844290001Sglebiuskeywords can be prefixed with 2845290001Sglebius\[oq]=\[cq], 2846290001Sglebius\[oq]+\[cq] 2847290001Sglebiusand 2848290001Sglebius\[oq]\-\[cq], 2849290001Sglebiuswhere 2850290001Sglebius\[oq]=\[cq] 2851290001Sglebiussets the 2852290001Sglebius\fCsyslog\f[]\fR(3)\f[] 2853290001Sglebiuspriority mask, 2854290001Sglebius\[oq]+\[cq] 2855290001Sglebiusadds and 2856290001Sglebius\[oq]\-\[cq] 2857290001Sglebiusremoves 2858290001Sglebiusmessages. 2859290001Sglebius\fCsyslog\f[]\fR(3)\f[] 2860290001Sglebiusmessages can be controlled in four 2861290001Sglebiusclasses 2862290001Sglebius(\f\*[B-Font]clock\f[], \f\*[B-Font]peer\f[], \f\*[B-Font]sys\f[] and \f\*[B-Font]sync\f[]). 2863290001SglebiusWithin these classes four types of messages can be 2864290001Sglebiuscontrolled: informational messages 2865290001Sglebius(\f\*[B-Font]info\f[]), 2866290001Sglebiusevent messages 2867290001Sglebius(\f\*[B-Font]events\f[]), 2868290001Sglebiusstatistics messages 2869290001Sglebius(\f\*[B-Font]statistics\f[]) 2870290001Sglebiusand 2871290001Sglebiusstatus messages 2872290001Sglebius(\f\*[B-Font]status\f[]). 2873290001Sglebius.sp \n(Ppu 2874290001Sglebius.ne 2 2875290001Sglebius 2876290001SglebiusConfiguration keywords are formed by concatenating the message class with 2877290001Sglebiusthe event class. 2878290001SglebiusThe 2879290001Sglebius\f\*[B-Font]all\f[] 2880290001Sglebiusprefix can be used instead of a message class. 2881290001SglebiusA 2882290001Sglebiusmessage class may also be followed by the 2883290001Sglebius\f\*[B-Font]all\f[] 2884290001Sglebiuskeyword to enable/disable all 2885298770Sdelphijmessages of the respective message class. 2886298770SdelphijThus, a minimal log configuration 2887290001Sglebiuscould look like this: 2888290001Sglebius.br 2889290001Sglebius.in +4 2890290001Sglebius.nf 2891290001Sglebiuslogconfig =syncstatus +sysevents 2892290001Sglebius.in -4 2893290001Sglebius.fi 2894290001Sglebius.sp \n(Ppu 2895290001Sglebius.ne 2 2896290001Sglebius 2897290001SglebiusThis would just list the synchronizations state of 2898290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[] 2899290001Sglebiusand the major system events. 2900290001SglebiusFor a simple reference server, the 2901290001Sglebiusfollowing minimum message configuration could be useful: 2902290001Sglebius.br 2903290001Sglebius.in +4 2904290001Sglebius.nf 2905290001Sglebiuslogconfig =syncall +clockall 2906290001Sglebius.in -4 2907290001Sglebius.fi 2908290001Sglebius.sp \n(Ppu 2909290001Sglebius.ne 2 2910290001Sglebius 2911290001SglebiusThis configuration will list all clock information and 2912290001Sglebiussynchronization information. 2913290001SglebiusAll other events and messages about 2914290001Sglebiuspeers, system events and so on is suppressed. 2915290001Sglebius.TP 7 2916290001Sglebius.NOP \f\*[B-Font]logfile\f[] \f\*[I-Font]logfile\f[] 2917290001SglebiusThis command specifies the location of an alternate log file to 2918290001Sglebiusbe used instead of the default system 2919290001Sglebius\fCsyslog\f[]\fR(3)\f[] 2920290001Sglebiusfacility. 2921298770SdelphijThis is the same operation as the 2922298770Sdelphij\f\*[B-Font]\-l\f[] 2923298770Sdelphijcommand line option. 2924290001Sglebius.TP 7 2925290001Sglebius.NOP \f\*[B-Font]setvar\f[] \f\*[I-Font]variable\f[] [\f\*[B-Font]default\f[]] 2926290001SglebiusThis command adds an additional system variable. 2927290001SglebiusThese 2928290001Sglebiusvariables can be used to distribute additional information such as 2929290001Sglebiusthe access policy. 2930290001SglebiusIf the variable of the form 2931290001Sglebius\fIname\f[]\fI=\f[]\f\*[I-Font]value\f[] 2932290001Sglebiusis followed by the 2933290001Sglebius\f\*[B-Font]default\f[] 2934290001Sglebiuskeyword, the 2935290001Sglebiusvariable will be listed as part of the default system variables 2936290001Sglebius(\fCntpq\f[]\fR(@NTPQ_MS@)\f[] \f\*[B-Font]rv\f[] command)). 2937290001SglebiusThese additional variables serve 2938290001Sglebiusinformational purposes only. 2939290001SglebiusThey are not related to the protocol 2940290001Sglebiusother that they can be listed. 2941290001SglebiusThe known protocol variables will 2942290001Sglebiusalways override any variables defined via the 2943290001Sglebius\f\*[B-Font]setvar\f[] 2944290001Sglebiusmechanism. 2945290001SglebiusThere are three special variables that contain the names 2946290001Sglebiusof all variable of the same group. 2947290001SglebiusThe 2948290001Sglebius\fIsys_var_list\f[] 2949290001Sglebiusholds 2950290001Sglebiusthe names of all system variables. 2951290001SglebiusThe 2952290001Sglebius\fIpeer_var_list\f[] 2953290001Sglebiusholds 2954290001Sglebiusthe names of all peer variables and the 2955290001Sglebius\fIclock_var_list\f[] 2956290001Sglebiusholds the names of the reference clock variables. 2957290001Sglebius.TP 7 2958290001Sglebius.NOP \f\*[B-Font]tinker\f[] [\f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] | \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] | \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] | \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] | \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] | \f\*[B-Font]step\f[] \f\*[I-Font]step\f[] | \f\*[B-Font]stepback\f[] \f\*[I-Font]stepback\f[] | \f\*[B-Font]stepfwd\f[] \f\*[I-Font]stepfwd\f[] | \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[]] 2959290001SglebiusThis command can be used to alter several system variables in 2960290001Sglebiusvery exceptional circumstances. 2961290001SglebiusIt should occur in the 2962290001Sglebiusconfiguration file before any other configuration options. 2963290001SglebiusThe 2964290001Sglebiusdefault values of these variables have been carefully optimized for 2965290001Sglebiusa wide range of network speeds and reliability expectations. 2966290001SglebiusIn 2967290001Sglebiusgeneral, they interact in intricate ways that are hard to predict 2968290001Sglebiusand some combinations can result in some very nasty behavior. 2969290001SglebiusVery 2970290001Sglebiusrarely is it necessary to change the default values; but, some 2971290001Sglebiusfolks cannot resist twisting the knobs anyway and this command is 2972290001Sglebiusfor them. 2973290001SglebiusEmphasis added: twisters are on their own and can expect 2974290001Sglebiusno help from the support group. 2975290001Sglebius.sp \n(Ppu 2976290001Sglebius.ne 2 2977290001Sglebius 2978290001SglebiusThe variables operate as follows: 2979290001Sglebius.RS 2980290001Sglebius.TP 7 2981290001Sglebius.NOP \f\*[B-Font]allan\f[] \f\*[I-Font]allan\f[] 2982290001SglebiusThe argument becomes the new value for the minimum Allan 2983290001Sglebiusintercept, which is a parameter of the PLL/FLL clock discipline 2984290001Sglebiusalgorithm. 2985290001SglebiusThe value in log2 seconds defaults to 7 (1024 s), which is also the lower 2986290001Sglebiuslimit. 2987290001Sglebius.TP 7 2988290001Sglebius.NOP \f\*[B-Font]dispersion\f[] \f\*[I-Font]dispersion\f[] 2989290001SglebiusThe argument becomes the new value for the dispersion increase rate, 2990290001Sglebiusnormally .000015 s/s. 2991290001Sglebius.TP 7 2992290001Sglebius.NOP \f\*[B-Font]freq\f[] \f\*[I-Font]freq\f[] 2993290001SglebiusThe argument becomes the initial value of the frequency offset in 2994290001Sglebiusparts-per-million. 2995290001SglebiusThis overrides the value in the frequency file, if 2996290001Sglebiuspresent, and avoids the initial training state if it is not. 2997290001Sglebius.TP 7 2998290001Sglebius.NOP \f\*[B-Font]huffpuff\f[] \f\*[I-Font]huffpuff\f[] 2999290001SglebiusThe argument becomes the new value for the experimental 3000290001Sglebiushuff-n'-puff filter span, which determines the most recent interval 3001290001Sglebiusthe algorithm will search for a minimum delay. 3002290001SglebiusThe lower limit is 3003290001Sglebius900 s (15 m), but a more reasonable value is 7200 (2 hours). 3004290001SglebiusThere 3005290001Sglebiusis no default, since the filter is not enabled unless this command 3006290001Sglebiusis given. 3007290001Sglebius.TP 7 3008290001Sglebius.NOP \f\*[B-Font]panic\f[] \f\*[I-Font]panic\f[] 3009290001SglebiusThe argument is the panic threshold, normally 1000 s. 3010290001SglebiusIf set to zero, 3011290001Sglebiusthe panic sanity check is disabled and a clock offset of any value will 3012290001Sglebiusbe accepted. 3013290001Sglebius.TP 7 3014290001Sglebius.NOP \f\*[B-Font]step\f[] \f\*[I-Font]step\f[] 3015290001SglebiusThe argument is the step threshold, which by default is 0.128 s. 3016290001SglebiusIt can 3017290001Sglebiusbe set to any positive number in seconds. 3018290001SglebiusIf set to zero, step 3019290001Sglebiusadjustments will never occur. 3020290001SglebiusNote: The kernel time discipline is 3021290001Sglebiusdisabled if the step threshold is set to zero or greater than the 3022290001Sglebiusdefault. 3023290001Sglebius.TP 7 3024290001Sglebius.NOP \f\*[B-Font]stepback\f[] \f\*[I-Font]stepback\f[] 3025290001SglebiusThe argument is the step threshold for the backward direction, 3026290001Sglebiuswhich by default is 0.128 s. 3027290001SglebiusIt can 3028290001Sglebiusbe set to any positive number in seconds. 3029290001SglebiusIf both the forward and backward step thresholds are set to zero, step 3030290001Sglebiusadjustments will never occur. 3031290001SglebiusNote: The kernel time discipline is 3032290001Sglebiusdisabled if 3033290001Sglebiuseach direction of step threshold are either 3034290001Sglebiusset to zero or greater than .5 second. 3035290001Sglebius.TP 7 3036290001Sglebius.NOP \f\*[B-Font]stepfwd\f[] \f\*[I-Font]stepfwd\f[] 3037290001SglebiusAs for stepback, but for the forward direction. 3038290001Sglebius.TP 7 3039290001Sglebius.NOP \f\*[B-Font]stepout\f[] \f\*[I-Font]stepout\f[] 3040290001SglebiusThe argument is the stepout timeout, which by default is 900 s. 3041290001SglebiusIt can 3042290001Sglebiusbe set to any positive number in seconds. 3043290001SglebiusIf set to zero, the stepout 3044290001Sglebiuspulses will not be suppressed. 3045290001Sglebius.RE 3046290001Sglebius.TP 7 3047290001Sglebius.NOP \f\*[B-Font]rlimit\f[] [\f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] | \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[]] 3048290001Sglebius.RS 3049290001Sglebius.TP 7 3050290001Sglebius.NOP \f\*[B-Font]memlock\f[] \f\*[I-Font]Nmegabytes\f[] 3051290001SglebiusSpecify the number of megabytes of memory that should be 3052290001Sglebiusallocated and locked. 3053290001SglebiusProbably only available under Linux, this option may be useful 3054290001Sglebiuswhen dropping root (the 3055290001Sglebius\f\*[B-Font]\-i\f[] 3056290001Sglebiusoption). 3057290001SglebiusThe default is 32 megabytes on non-Linux machines, and \-1 under Linux. 3058290001Sglebius-1 means "do not lock the process into memory". 3059290001Sglebius0 means "lock whatever memory the process wants into memory". 3060290001Sglebius.TP 7 3061290001Sglebius.NOP \f\*[B-Font]stacksize\f[] \f\*[I-Font]N4kPages\f[] 3062290001SglebiusSpecifies the maximum size of the process stack on systems with the 3063290001Sglebius\fBmlockall\f[]\fR()\f[] 3064290001Sglebiusfunction. 3065290001SglebiusDefaults to 50 4k pages (200 4k pages in OpenBSD). 3066290001Sglebius.TP 7 3067290001Sglebius.NOP \f\*[B-Font]filenum\f[] \f\*[I-Font]Nfiledescriptors\f[] 3068298770SdelphijSpecifies the maximum number of file descriptors ntpd may have open at once. 3069298770SdelphijDefaults to the system default. 3070290001Sglebius.RE 3071290001Sglebius.TP 7 3072290001Sglebius.NOP \f\*[B-Font]trap\f[] \f\*[I-Font]host_address\f[] [\f\*[B-Font]port\f[] \f\*[I-Font]port_number\f[]] [\f\*[B-Font]interface\f[] \f\*[I-Font]interface_address\f[]] 3073290001SglebiusThis command configures a trap receiver at the given host 3074290001Sglebiusaddress and port number for sending messages with the specified 3075290001Sglebiuslocal interface address. 3076290001SglebiusIf the port number is unspecified, a value 3077290001Sglebiusof 18447 is used. 3078290001SglebiusIf the interface address is not specified, the 3079290001Sglebiusmessage is sent with a source address of the local interface the 3080290001Sglebiusmessage is sent through. 3081290001SglebiusNote that on a multihomed host the 3082290001Sglebiusinterface used may vary from time to time with routing changes. 3083290001Sglebius.sp \n(Ppu 3084290001Sglebius.ne 2 3085290001Sglebius 3086290001SglebiusThe trap receiver will generally log event messages and other 3087290001Sglebiusinformation from the server in a log file. 3088290001SglebiusWhile such monitor 3089290001Sglebiusprograms may also request their own trap dynamically, configuring a 3090290001Sglebiustrap receiver will ensure that no messages are lost when the server 3091290001Sglebiusis started. 3092290001Sglebius.TP 7 3093290001Sglebius.NOP \f\*[B-Font]hop\f[] \f\*[I-Font]...\f[] 3094290001SglebiusThis command specifies a list of TTL values in increasing order, up to 8 3095290001Sglebiusvalues can be specified. 3096290001SglebiusIn manycast mode these values are used in turn in 3097290001Sglebiusan expanding-ring search. 3098290001SglebiusThe default is eight multiples of 32 starting at 3099290001Sglebius31. 3100310419Sdelphij.RE 3101290001Sglebius.SH "OPTIONS" 3102310419Sdelphij.RS 3103290001Sglebius.TP 3104290001Sglebius.NOP \f\*[B-Font]\-\-help\f[] 3105290001SglebiusDisplay usage information and exit. 3106290001Sglebius.TP 3107290001Sglebius.NOP \f\*[B-Font]\-\-more-help\f[] 3108290001SglebiusPass the extended usage information through a pager. 3109290001Sglebius.TP 3110290001Sglebius.NOP \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}] 3111290001SglebiusOutput version of program and exit. The default mode is `v', a simple 3112290001Sglebiusversion. The `c' mode will print copyright information and `n' will 3113290001Sglebiusprint the full copyright notice. 3114310419Sdelphij.RE 3115290001Sglebius.SH "OPTION PRESETS" 3116290001SglebiusAny option that is not marked as \fInot presettable\fP may be preset 3117290001Sglebiusby loading values from environment variables named: 3118290001Sglebius.nf 3119290001Sglebius \fBNTP_CONF_<option-name>\fP or \fBNTP_CONF\fP 3120290001Sglebius.fi 3121290001Sglebius.ad 3122290001Sglebius.SH "ENVIRONMENT" 3123290001SglebiusSee \fBOPTION PRESETS\fP for configuration environment variables. 3124290001Sglebius.SH FILES 3125310419Sdelphij.RS 3126290001Sglebius.TP 15 3127290001Sglebius.NOP \fI/etc/ntp.conf\f[] 3128290001Sglebiusthe default name of the configuration file 3129290001Sglebius.br 3130290001Sglebius.ns 3131290001Sglebius.TP 15 3132290001Sglebius.NOP \fIntp.keys\f[] 3133290001Sglebiusprivate MD5 keys 3134290001Sglebius.br 3135290001Sglebius.ns 3136290001Sglebius.TP 15 3137290001Sglebius.NOP \fIntpkey\f[] 3138290001SglebiusRSA private key 3139290001Sglebius.br 3140290001Sglebius.ns 3141290001Sglebius.TP 15 3142290001Sglebius.NOP \fIntpkey_\f[]\f\*[I-Font]host\f[] 3143290001SglebiusRSA public key 3144290001Sglebius.br 3145290001Sglebius.ns 3146290001Sglebius.TP 15 3147290001Sglebius.NOP \fIntp_dh\f[] 3148290001SglebiusDiffie-Hellman agreement parameters 3149310419Sdelphij.RE 3150290001Sglebius.SH "EXIT STATUS" 3151290001SglebiusOne of the following exit values will be returned: 3152310419Sdelphij.RS 3153290001Sglebius.TP 3154290001Sglebius.NOP 0 " (EXIT_SUCCESS)" 3155290001SglebiusSuccessful program execution. 3156290001Sglebius.TP 3157290001Sglebius.NOP 1 " (EXIT_FAILURE)" 3158290001SglebiusThe operation failed or the command syntax was not valid. 3159290001Sglebius.TP 3160290001Sglebius.NOP 70 " (EX_SOFTWARE)" 3161290001Sglebiuslibopts had an internal operational error. Please report 3162290001Sglebiusit to autogen-users@lists.sourceforge.net. Thank you. 3163310419Sdelphij.RE 3164290001Sglebius.SH "SEE ALSO" 3165290001Sglebius\fCntpd\f[]\fR(@NTPD_MS@)\f[], 3166290001Sglebius\fCntpdc\f[]\fR(@NTPDC_MS@)\f[], 3167290001Sglebius\fCntpq\f[]\fR(@NTPQ_MS@)\f[] 3168290001Sglebius.sp \n(Ppu 3169290001Sglebius.ne 2 3170290001Sglebius 3171290001SglebiusIn addition to the manual pages provided, 3172290001Sglebiuscomprehensive documentation is available on the world wide web 3173290001Sglebiusat 3174290001Sglebius\f[C]http://www.ntp.org/\f[]. 3175290001SglebiusA snapshot of this documentation is available in HTML format in 3176290001Sglebius\fI/usr/share/doc/ntp\f[]. 3177290001SglebiusDavid L. Mills, 3178290001Sglebius\fINetwork Time Protocol (Version 4)\fR, 3179290001SglebiusRFC5905 3180290001Sglebius.PP 3181290001Sglebius 3182290001Sglebius.SH "AUTHORS" 3183290001SglebiusThe University of Delaware and Network Time Foundation 3184290001Sglebius.SH "COPYRIGHT" 3185294905SdelphijCopyright (C) 1992-2016 The University of Delaware and Network Time Foundation all rights reserved. 3186290001SglebiusThis program is released under the terms of the NTP license, <http://ntp.org/license>. 3187290001Sglebius.SH BUGS 3188290001SglebiusThe syntax checking is not picky; some combinations of 3189290001Sglebiusridiculous and even hilarious options and modes may not be 3190290001Sglebiusdetected. 3191290001Sglebius.sp \n(Ppu 3192290001Sglebius.ne 2 3193290001Sglebius 3194290001SglebiusThe 3195290001Sglebius\fIntpkey_\f[]\f\*[I-Font]host\f[] 3196290001Sglebiusfiles are really digital 3197290001Sglebiuscertificates. 3198290001SglebiusThese should be obtained via secure directory 3199290001Sglebiusservices when they become universally available. 3200290001Sglebius.sp \n(Ppu 3201290001Sglebius.ne 2 3202290001Sglebius 3203290001SglebiusPlease send bug reports to: http://bugs.ntp.org, bugs@ntp.org 3204290001Sglebius.SH NOTES 3205290001SglebiusThis document was derived from FreeBSD. 3206290001Sglebius.sp \n(Ppu 3207290001Sglebius.ne 2 3208290001Sglebius 3209290001SglebiusThis manual page was \fIAutoGen\fP-erated from the \fBntp.conf\fP 3210290001Sglebiusoption definitions. 3211