From: Harlan Stenn Date: Tue, 28 Jan 2014 09:33:40 +0000 (+0000) Subject: [Bug 2366] ntpdc.html: burst/iburst only work on servers X-Git-Tag: NTP_4_2_7P414~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=342e3222cf531ce447d8bcdda4123be615566609;p=thirdparty%2Fntp.git [Bug 2366] ntpdc.html: burst/iburst only work on servers bk: 52e779745E9vA8HefFx2pZshu4fcPw --- diff --git a/ChangeLog b/ChangeLog index e853fdcc3..1207da9c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,7 @@ In html/comdex.html, remove duplicate footer. * [Bug 1734] Include man page for ntp.conf (fixed in 4.2.7p297). * [Bug 2049] Clarify ntpdate's -d option behavior. +* [Bug 2366] ntpdc.html: burst/iburst only work on servers. * [Bug 2545] Cleanup of scripts/monitoring/ntptrap. (4.2.7p413) 2014/01/27 Released by Harlan Stenn * Require a version string for perl scripts that use autogen. diff --git a/html/confopt.html b/html/confopt.html index 244d4a6f8..62e0edb08 100644 --- a/html/confopt.html +++ b/html/confopt.html @@ -62,7 +62,7 @@ Walt Kelly
burst
When the server is reachable, send a burst of packets instead of the usual one. This option is valid only with the server command and type s addresses. It is a recommended option when the maxpoll option is greater than 10 (1024 s). Additional information about this option is on the Poll Program page.
iburst
-
When the server is unreachable, send a burst of packets instead of the usual one. This option is valid only with the server command and type s addresses. It is a recommended option with this command. Additional information about this option is on the Poll Program page.
+
When the server is unreachable, send a burst of packets instead of the usual one. This option is valid only with the server command and type s addresses. It is a recommended option with this command. Additional information about this option is on the Poll Program page.
ident group
Specify the group name for the association. See the Autokey Public-Key Authentication page for further information.
key key
diff --git a/html/ntpdc.html b/html/ntpdc.html index 06d917848..4056f03e3 100644 --- a/html/ntpdc.html +++ b/html/ntpdc.html @@ -129,11 +129,11 @@

Authenticated requests always include a timestamp in the packet data, which is included in the computation of the authentication code. This timestamp is compared by the server to its receive time stamp. If they differ by more than a small amount the request is rejected. This is done for two reasons. First, it makes simple replay attacks on the server, by someone who might be able to overhear traffic on your LAN, much more difficult. Second, it makes it more difficult to request configuration changes to your server from topologically remote hosts. While the reconfiguration facility will work well with a server on the local host, and may work adequately between time-synchronized hosts on the same LAN, it will work very poorly for more distant hosts. As such, if reasonable passwords are chosen, care is taken in the distribution and protection of keys and appropriate source address restrictions are applied, the run time reconfiguration facility should provide an adequate level of security.

The following commands all make authenticated requests.

-
addpeer peer_address [ keyid ] [ version ] [ minpoll# | prefer | iburst | burst | minpoll N | maxpoll N [...] ]
-
addpeer peer_address [ prefer | iburst | burst | minpoll N | maxpoll N | keyid N | version N [...] ]
+
addpeer peer_address [ keyid ] [ version ] [ minpoll# | prefer | minpoll N | maxpoll N [...] ]
+
addpeer peer_address [ prefer | minpoll N | maxpoll N | keyid N | version N [...] ]
Add a configured peer association at the given address and operating in symmetric active mode. Note that an existing association with the same peer may be deleted when this - command is executed, or may simply be converted to conform to the new configuration, as appropriate. If the keyid is nonzero, all outgoing packets to the remote server will have an authentication field attached encrypted with this key. If the value is 0 (or not given) no authentication will be done. If ntpdc's key number has not yet been set (e.g., by the keyid command), it will be set to this value. The version# can be 1 through 4 and defaults to 3. The remaining options are either a numeric value for minpoll or literals prefer, iburst, burst, minpoll N, keyid N, version N, or maxpoll N (where N is a numeric value), and have the action as specified in the peer configuration file command of + command is executed, or may simply be converted to conform to the new configuration, as appropriate. If the keyid is nonzero, all outgoing packets to the remote server will have an authentication field attached encrypted with this key. If the value is 0 (or not given) no authentication will be done. If ntpdc's key number has not yet been set (e.g., by the keyid command), it will be set to this value. The version# can be 1 through 4 and defaults to 3. The remaining options are either a numeric value for minpoll or literals prefer, burst, minpoll N, keyid N, version N, or maxpoll N (where N is a numeric value), and have the action as specified in the peer configuration file command of ntpd. See the Server Options page for further information. Each flag (or its absence) replaces the previous setting. The prefer keyword indicates a preferred peer (and thus will be used primarily for clock synchronisation if possible). The preferred peer also determines the validity of the PPS signal - if the preferred peer is suitable for synchronisation so is the PPS signal. The dynamic keyword allows association configuration even when no suitable network interface is found at configuration time. The dynamic interface update mechanism may complete the configuration when new interfaces appear (e.g. WLAN/PPP interfaces) at a later time and thus render the association operable.
addserver peer_address [ address [ keyid ] [ version ] [ minpoll | prefer | iburst | burst | minpoll N | maxpoll N [...] ] prefer | iburst | burst | minpoll N | maxpoll N | keyid N | version N [...] ]
Identical to the addpeer command, except that the operating mode is client.